ChangeLog   [plain text]


2021-01-08  Russell Epstein  <repstein@apple.com>

        Cherry-pick r271337. rdar://problem/72941242

    BlobLoader lifetime cleanup.
    <rdar://problem/70498831> and https://bugs.webkit.org/show_bug.cgi?id=220486
    
    Reviewed by Chris Dumez.
    
    Source/WebCore:
    
    Test: LayoutTests/http/tests/loading/blob-load-fail.html
    
    * fileapi/Blob.cpp:
    (WebCore::Blob::loadBlob):
    (WebCore::Blob::text):
    (WebCore::Blob::arrayBuffer):
    * fileapi/Blob.h:
    
    LayoutTests:
    
    * http/tests/loading/blob-load-fail-expected.txt: Added.
    * http/tests/loading/blob-load-fail.html: Added.
    * http/tests/loading/resources/remote-blob.php: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271337 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2021-01-08  Brady Eidson  <beidson@apple.com>

            BlobLoader lifetime cleanup.
            <rdar://problem/70498831> and https://bugs.webkit.org/show_bug.cgi?id=220486

            Reviewed by Chris Dumez.

            Test: LayoutTests/http/tests/loading/blob-load-fail.html

            * fileapi/Blob.cpp:
            (WebCore::Blob::loadBlob):
            (WebCore::Blob::text):
            (WebCore::Blob::arrayBuffer):
            * fileapi/Blob.h:

2020-12-21  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270580. rdar://problem/72552978

    Multicolumn children becoming in-flow elements should be inserted into the multicolumn flow
    https://bugs.webkit.org/show_bug.cgi?id=218503
    
    Reviewed by Zalan Bujtas.
    
    Out of flow children of a multicolumn container are not really part of the multicolumn flow. Making them in-flow (i.e. setting "position: static;")
    should trigger the code that inserts them into the MultiColumnFlowThread object of the multicolumn container. RenderTreeBuilder was handling this
    in-flow <-> out-of-flow changes just for the cases in which the inline status of an element was affecting the parent.
    
    * rendering/RenderMultiColumnFlow.cpp:
    (WebCore::RenderMultiColumnFlow::normalizeTreeAfterStyleChange): Insert renderer in the multicolumn flow thread whenever it becames in flow.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270580 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-12-02  Sergio Villar Senin  <svillar@igalia.com>

            Multicolumn children becoming in-flow elements should be inserted into the multicolumn flow
            https://bugs.webkit.org/show_bug.cgi?id=218503

            Reviewed by Zalan Bujtas.

            Out of flow children of a multicolumn container are not really part of the multicolumn flow. Making them in-flow (i.e. setting "position: static;")
            should trigger the code that inserts them into the MultiColumnFlowThread object of the multicolumn container. RenderTreeBuilder was handling this
            in-flow <-> out-of-flow changes just for the cases in which the inline status of an element was affecting the parent.

            * rendering/RenderMultiColumnFlow.cpp:
            (WebCore::RenderMultiColumnFlow::normalizeTreeAfterStyleChange): Insert renderer in the multicolumn flow thread whenever it becames in flow.

2020-12-18  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270983. rdar://problem/72484021

    Crash in DOMSelection::getRangeAt()
    https://bugs.webkit.org/show_bug.cgi?id=219804
    
    Patch by Julian Gonzalez <julian_a_gonzalez@apple.com> on 2020-12-18
    Reviewed by Darin Adler.
    
    Add a check in HTMLTextFormControlElement::setSelectionRange()
    that ensures we do not try to move the frame's selection
    if the HTMLTextFormControlElement is no longer connected.
    
    * html/HTMLTextFormControlElement.cpp:
    (WebCore::HTMLTextFormControlElement::setSelectionRange):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270983 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-12-18  Julian Gonzalez  <julian_a_gonzalez@apple.com>

            Crash in DOMSelection::getRangeAt()
            https://bugs.webkit.org/show_bug.cgi?id=219804

            Reviewed by Darin Adler.

            Add a check in HTMLTextFormControlElement::setSelectionRange()
            that ensures we do not try to move the frame's selection
            if the HTMLTextFormControlElement is no longer connected.

            * html/HTMLTextFormControlElement.cpp:
            (WebCore::HTMLTextFormControlElement::setSelectionRange):

2020-12-16  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269900. rdar://problem/72298580

    Build fails on internal simulator builds due to missing enum kCVPixelFormatType_AGX_420YpCbCr8BiPlanarVideoRange
    https://bugs.webkit.org/show_bug.cgi?id=219030
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-11-17
    Reviewed by Antti Koivisto.
    
    Fix compile for simulator builds.
    Rename HAVE_CV_AGX_420_PIXEL_FORMAT_TYPES to
    HAVE_COREVIDEO_COMPRESSED_PIXEL_FORMAT_TYPES to better reflect what the ifdef does.
    
    Source/WebCore:
    
    * platform/graphics/cv/GraphicsContextGLCVANGLE.cpp:
    (WebCore::pixelRangeFromPixelFormat):
    (WebCore::GraphicsContextGLCVANGLE::copyPixelBufferToTexture):
    
    Source/WebCore/PAL:
    
    * pal/spi/cf/CoreVideoSPI.h:
    
    Source/WTF:
    
    * wtf/PlatformHave.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-17  Kimmo Kinnunen  <kkinnunen@apple.com>

            Build fails on internal simulator builds due to missing enum kCVPixelFormatType_AGX_420YpCbCr8BiPlanarVideoRange
            https://bugs.webkit.org/show_bug.cgi?id=219030

            Reviewed by Antti Koivisto.

            Fix compile for simulator builds.
            Rename HAVE_CV_AGX_420_PIXEL_FORMAT_TYPES to
            HAVE_COREVIDEO_COMPRESSED_PIXEL_FORMAT_TYPES to better reflect what the ifdef does.

            * platform/graphics/cv/GraphicsContextGLCVANGLE.cpp:
            (WebCore::pixelRangeFromPixelFormat):
            (WebCore::GraphicsContextGLCVANGLE::copyPixelBufferToTexture):

2020-12-15  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266695. rdar://problem/72356057

    [css-flexbox] min-height: auto not applied to nested flexboxes.
    https://bugs.webkit.org/show_bug.cgi?id=210089
    
    Reviewed by Daniel Bates.
    
    Source/WebCore:
    
    Nested flexboxes with column direction were not computing correctly min-size:auto because
    we were explicitly preventing them from doing so in the code. Implemented the required bits to
    make it work correctly and thus removed the retriction. The idea is to set an indefinite override
    containing block size so that percentages would be resolved to auto as spec'ed. The code which
    decides whether to apply min-size:auto was refactored in the shouldApplyMinSizeAutoForChild() method.
    
    In order not to cause regressions some other two additional changes were also implemented. First we
    had to adjust childHasIntrinsicMainAxisSize() so that it also takes into account the cases where
    shouldApplyMinSizeAutoForChild() is true and return true. Secondly we had to add an additional case
    to mainAxisLengthIsDefinite() so that it returns false for column flows where the flexBasis is intrinsic.
    
    Inspired by Blink's crrev.com/c/1641510, crrev.com/c/1269995 & crrev.com/c/1786297 by <cbiesinger@chromium.org>
    
    * rendering/RenderFlexibleBox.cpp:
    (WebCore::RenderFlexibleBox::shouldApplyMinSizeAutoForChild const): Refactored from
    RenderFlexibleBox::adjustChildSizeForMinAndMax.
    (WebCore::RenderFlexibleBox::mainAxisLengthIsDefinite const): Additional case for column flows.
    (WebCore::RenderFlexibleBox::layoutFlexItems): Reset m_hasDefiniteHeight to Unknown after calling
    constructFlexItem() because the latter might set now an override containing block height which basically
    potentially makes any cached size value incorrect.
    (WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax): Directly call shouldApplyMinSizeAutoForChild().
    (WebCore::RenderFlexibleBox::constructFlexItem): Set an indefinite override containing block size for
    children with percentage sizes so that they're resolved as auto.
    (WebCore::RenderFlexibleBox::childHasIntrinsicMainAxisSize const): Return true for those cases where the
    main axis length is indefinite and also when shouldApplyMinSizeAutoForChild().
    * rendering/RenderFlexibleBox.h:
    
    LayoutTests:
    
    Apart from enabling some tests we're removing a test which is now invalid as it was added
    under the condition that we were not matching the specs wrt percentage height computation in
    column flexboxes.
    
    * TestExpectations: Removed two test cases that are passing now.
    * fast/flexbox/nested-column-intrinsic-min-disabled-expected.html: Removed.
    * fast/flexbox/nested-column-intrinsic-min-disabled.html: Removed.
    * platform/ios/fast/forms/auto-fill-button/input-strong-password-auto-fill-button-expected.txt: Updated.
    * platform/mac/fast/forms/auto-fill-button/input-strong-password-auto-fill-button-expected.txt: Ditto.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266695 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-02  Sergio Villar Senin  <svillar@igalia.com>

            [css-flexbox] min-height: auto not applied to nested flexboxes.
            https://bugs.webkit.org/show_bug.cgi?id=210089

            Reviewed by Daniel Bates.

            Nested flexboxes with column direction were not computing correctly min-size:auto because
            we were explicitly preventing them from doing so in the code. Implemented the required bits to
            make it work correctly and thus removed the retriction. The idea is to set an indefinite override
            containing block size so that percentages would be resolved to auto as spec'ed. The code which
            decides whether to apply min-size:auto was refactored in the shouldApplyMinSizeAutoForChild() method.

            In order not to cause regressions some other two additional changes were also implemented. First we
            had to adjust childHasIntrinsicMainAxisSize() so that it also takes into account the cases where
            shouldApplyMinSizeAutoForChild() is true and return true. Secondly we had to add an additional case
            to mainAxisLengthIsDefinite() so that it returns false for column flows where the flexBasis is intrinsic.

            Inspired by Blink's crrev.com/c/1641510, crrev.com/c/1269995 & crrev.com/c/1786297 by <cbiesinger@chromium.org>

            * rendering/RenderFlexibleBox.cpp:
            (WebCore::RenderFlexibleBox::shouldApplyMinSizeAutoForChild const): Refactored from
            RenderFlexibleBox::adjustChildSizeForMinAndMax.
            (WebCore::RenderFlexibleBox::mainAxisLengthIsDefinite const): Additional case for column flows.
            (WebCore::RenderFlexibleBox::layoutFlexItems): Reset m_hasDefiniteHeight to Unknown after calling
            constructFlexItem() because the latter might set now an override containing block height which basically
            potentially makes any cached size value incorrect.
            (WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax): Directly call shouldApplyMinSizeAutoForChild().
            (WebCore::RenderFlexibleBox::constructFlexItem): Set an indefinite override containing block size for
            children with percentage sizes so that they're resolved as auto.
            (WebCore::RenderFlexibleBox::childHasIntrinsicMainAxisSize const): Return true for those cases where the
            main axis length is indefinite and also when shouldApplyMinSizeAutoForChild().
            * rendering/RenderFlexibleBox.h:

2020-12-15  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270101. rdar://problem/72298523

    Add support for RTCPeerConnection.onicecandidateerror event
    https://bugs.webkit.org/show_bug.cgi?id=169644
    
    Reviewed by Alex Christensen.
    
    LayoutTests/imported/w3c:
    
    * web-platform-tests/webrtc/idlharness.https.window-expected.txt:
    
    Source/WebCore:
    
    Expose RTCPeerConnection.onicecandidateerror and use it for wrong STUN/TURN server URLs.
    For that matter, add RTCPeerConnectionIceErrorEvent as per spec with a slight change to the init directory to keep the same terminology between event and init dictionary.
    
    Covered by updated webrtc/stun-server-filtering.html test.
    
    * CMakeLists.txt:
    * DerivedSources-input.xcfilelist:
    * DerivedSources-output.xcfilelist:
    * DerivedSources.make:
    * Modules/mediastream/RTCPeerConnection.cpp:
    (WebCore::RTCPeerConnection::iceServersFromConfiguration):
    (WebCore::iceServersFromConfiguration): Deleted.
    * Modules/mediastream/RTCPeerConnection.h:
    * Modules/mediastream/RTCPeerConnection.idl:
    * Modules/mediastream/RTCPeerConnectionIceErrorEvent.cpp: Added.
    (WebCore::RTCPeerConnectionIceErrorEvent::create):
    (WebCore::RTCPeerConnectionIceErrorEvent::RTCPeerConnectionIceErrorEvent):
    (WebCore::RTCPeerConnectionIceErrorEvent::eventInterface const):
    * Modules/mediastream/RTCPeerConnectionIceErrorEvent.h: Added.
    * Modules/mediastream/RTCPeerConnectionIceErrorEvent.idl: Added.
    * Sources.txt:
    * WebCore.xcodeproj/project.pbxproj:
    * bindings/js/WebCoreBuiltinNames.h:
    * dom/EventNames.h:
    * dom/EventNames.in:
    
    LayoutTests:
    
    * webrtc/rtcpeerconnection-error-messages-expected.txt:
    * webrtc/stun-server-filtering.html:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270101 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-20  Youenn Fablet  <youenn@apple.com>

            Add support for RTCPeerConnection.onicecandidateerror event
            https://bugs.webkit.org/show_bug.cgi?id=169644

            Reviewed by Alex Christensen.

            Expose RTCPeerConnection.onicecandidateerror and use it for wrong STUN/TURN server URLs.
            For that matter, add RTCPeerConnectionIceErrorEvent as per spec with a slight change to the init directory to keep the same terminology between event and init dictionary.

            Covered by updated webrtc/stun-server-filtering.html test.

            * CMakeLists.txt:
            * DerivedSources-input.xcfilelist:
            * DerivedSources-output.xcfilelist:
            * DerivedSources.make:
            * Modules/mediastream/RTCPeerConnection.cpp:
            (WebCore::RTCPeerConnection::iceServersFromConfiguration):
            (WebCore::iceServersFromConfiguration): Deleted.
            * Modules/mediastream/RTCPeerConnection.h:
            * Modules/mediastream/RTCPeerConnection.idl:
            * Modules/mediastream/RTCPeerConnectionIceErrorEvent.cpp: Added.
            (WebCore::RTCPeerConnectionIceErrorEvent::create):
            (WebCore::RTCPeerConnectionIceErrorEvent::RTCPeerConnectionIceErrorEvent):
            (WebCore::RTCPeerConnectionIceErrorEvent::eventInterface const):
            * Modules/mediastream/RTCPeerConnectionIceErrorEvent.h: Added.
            * Modules/mediastream/RTCPeerConnectionIceErrorEvent.idl: Added.
            * Sources.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * bindings/js/WebCoreBuiltinNames.h:
            * dom/EventNames.h:
            * dom/EventNames.in:

2020-12-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270449. rdar://problem/72298505

    Add safety checks to xsltParamArrayFromParameterMap()
    <https://webkit.org/b/219407>
    <rdar://problem/71853069>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    * xml/XSLTProcessorLibxslt.cpp:
    (WebCore::xsltParamArrayFromParameterMap):
    
    Source/WTF:
    
    * wtf/PlatformHave.h:
    (HAVE_LIBXSLT_FIX_FOR_RADAR_71864140): Add.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-12-04  David Kilzer  <ddkilzer@apple.com>

            Add safety checks to xsltParamArrayFromParameterMap()
            <https://webkit.org/b/219407>
            <rdar://problem/71853069>

            Reviewed by Darin Adler.

            * xml/XSLTProcessorLibxslt.cpp:
            (WebCore::xsltParamArrayFromParameterMap):

2020-12-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270373. rdar://problem/72298666

    iframe with `sandbox=allow-top-navigation-by-user-activation` can navigate top frame when the user interacts with an iframe from another origin
    https://bugs.webkit.org/show_bug.cgi?id=219413
    <rdar://problem/64887657>
    
    Reviewed by Geoffrey Garen.
    
    Source/WebCore:
    
    An iframe with `sandbox=allow-top-navigation-by-user-activation` can navigate the top frame when the user
    interacts with an frame from another origin. This is not strict enough and does not match the behavior of
    Chrome.
    
    In Chrome, the user activation is only valid for the purpose of navigation if the user interacted with either:
    - The iframe triggering the navigation
    - A descendant iframe of the iframe triggering the navigation
    - A frame from the same origin as the iframe triggering the navigation
    
    This patch aligns our behavior with Chrome's.
    
    Test: http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html
    
    * dom/Document.cpp:
    (WebCore::Document::canNavigateInternal):
    * dom/UserGestureIndicator.cpp:
    (WebCore::UserGestureToken::UserGestureToken):
    (WebCore::UserGestureToken::isValidForDocument const):
    (WebCore::UserGestureIndicator::processingUserGesture):
    * dom/UserGestureIndicator.h:
    (WebCore::UserGestureToken::create):
    
    LayoutTests:
    
    Add layout test coverage.
    
    * http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture-expected.txt: Added.
    * http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html: Added.
    * http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-message-handler.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-12-02  Chris Dumez  <cdumez@apple.com>

            iframe with `sandbox=allow-top-navigation-by-user-activation` can navigate top frame when the user interacts with an iframe from another origin
            https://bugs.webkit.org/show_bug.cgi?id=219413
            <rdar://problem/64887657>

            Reviewed by Geoffrey Garen.

            An iframe with `sandbox=allow-top-navigation-by-user-activation` can navigate the top frame when the user
            interacts with an frame from another origin. This is not strict enough and does not match the behavior of
            Chrome.

            In Chrome, the user activation is only valid for the purpose of navigation if the user interacted with either:
            - The iframe triggering the navigation
            - A descendant iframe of the iframe triggering the navigation
            - A frame from the same origin as the iframe triggering the navigation

            This patch aligns our behavior with Chrome's.

            Test: http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html

            * dom/Document.cpp:
            (WebCore::Document::canNavigateInternal):
            * dom/UserGestureIndicator.cpp:
            (WebCore::UserGestureToken::UserGestureToken):
            (WebCore::UserGestureToken::isValidForDocument const):
            (WebCore::UserGestureIndicator::processingUserGesture):
            * dom/UserGestureIndicator.h:
            (WebCore::UserGestureToken::create):

2020-12-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r270367. rdar://problem/72298753

    Block suspicious top level navigations by iframes even if sandbox=allow-top-navigation is specified
    https://bugs.webkit.org/show_bug.cgi?id=219408
    <rdar://problem/71049726>
    
    Reviewed by Geoffrey Garen.
    
    Source/WebCore:
    
    Block suspicious top level navigations by iframes even if sandbox=allow-top-navigation is specified,
    when the parent of the sandboxed iframe is not first-party.
    
    Test: http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html
    
    * dom/Document.cpp:
    (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
    
    LayoutTests:
    
    Add layout test coverage.
    
    * http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe-expected.txt: Added.
    * http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html: Added.
    * http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-sandboxed-iframe.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-12-02  Chris Dumez  <cdumez@apple.com>

            Block suspicious top level navigations by iframes even if sandbox=allow-top-navigation is specified
            https://bugs.webkit.org/show_bug.cgi?id=219408
            <rdar://problem/71049726>

            Reviewed by Geoffrey Garen.

            Block suspicious top level navigations by iframes even if sandbox=allow-top-navigation is specified,
            when the parent of the sandboxed iframe is not first-party.

            Test: http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html

            * dom/Document.cpp:
            (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):

2020-12-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269893. rdar://problem/72298580

    Textures Fail to Render in WebGL from HLS Stream on iPhone 12 [iOS 14.2]
    https://bugs.webkit.org/show_bug.cgi?id=218637
    <rdar://problem/71102126>
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-11-16
    Reviewed by Eric Carlson.
    
    Patch by Jer Noble.
    
    Treat internal compressed YUV pixel formats
    kCVPixelFormatType_AGX_420YpCbCr8BiPlanarVideoRange and
    kCVPixelFormatType_AGX_420YpCbCr8BiPlanarFullRange as
    kCVPixelFormatType_420YpCbCr8BiPlanarVideoRange and
    kCVPixelFormatType_420YpCbCr8BiPlanarFullRange when
    using the OpenGL shader to convert video IOSurface to a WebGL
    texture.
    
    Fixes cases where the decoder outputs the compressed formats.
    
    No new tests, adding more comprehensive test content suite is tracked
    in another bug.
    
    Source/WebCore:
    
    * platform/graphics/cv/GraphicsContextGLCVANGLE.cpp:
    (WebCore::pixelRangeFromPixelFormat):
    (WebCore::GraphicsContextGLCVANGLE::copyPixelBufferToTexture):
    
    Source/WebCore/PAL:
    
    * PAL.xcodeproj/project.pbxproj:
    * pal/spi/cf/CoreVideoSPI.h: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-16  Kimmo Kinnunen  <kkinnunen@apple.com>

            Textures Fail to Render in WebGL from HLS Stream on iPhone 12 [iOS 14.2]
            https://bugs.webkit.org/show_bug.cgi?id=218637
            <rdar://problem/71102126>

            Reviewed by Eric Carlson.

            Patch by Jer Noble.

            Treat internal compressed YUV pixel formats
            kCVPixelFormatType_AGX_420YpCbCr8BiPlanarVideoRange and
            kCVPixelFormatType_AGX_420YpCbCr8BiPlanarFullRange as
            kCVPixelFormatType_420YpCbCr8BiPlanarVideoRange and
            kCVPixelFormatType_420YpCbCr8BiPlanarFullRange when
            using the OpenGL shader to convert video IOSurface to a WebGL
            texture.

            Fixes cases where the decoder outputs the compressed formats.

            No new tests, adding more comprehensive test content suite is tracked
            in another bug.

            * platform/graphics/cv/GraphicsContextGLCVANGLE.cpp:
            (WebCore::pixelRangeFromPixelFormat):
            (WebCore::GraphicsContextGLCVANGLE::copyPixelBufferToTexture):

2020-12-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269535. rdar://problem/72298703

    Empty text runs can't be split any further.
    https://bugs.webkit.org/show_bug.cgi?id=218506
    
    Reviewed by David Kilzer and Ryosuke Niwa.
    
    This patch ensures that when we can't fit an empty text run on the line (available space is negative) we don't
    try to split it even when the style says so.
    
    * layout/inlineformatting/InlineContentBreaker.cpp:
    (WebCore::Layout::InlineContentBreaker::processOverflowingContent const):
    (WebCore::Layout::InlineContentBreaker::tryBreakingTextRun const):
    * layout/inlineformatting/text/TextUtil.cpp:
    (WebCore::Layout::TextUtil::fixedPitchWidth):
    (WebCore::Layout::TextUtil::split):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-06  Zalan Bujtas  <zalan@apple.com>

            Empty text runs can't be split any further.
            https://bugs.webkit.org/show_bug.cgi?id=218506

            Reviewed by David Kilzer and Ryosuke Niwa.

            This patch ensures that when we can't fit an empty text run on the line (available space is negative) we don't
            try to split it even when the style says so.

            * layout/inlineformatting/InlineContentBreaker.cpp:
            (WebCore::Layout::InlineContentBreaker::processOverflowingContent const):
            (WebCore::Layout::InlineContentBreaker::tryBreakingTextRun const):
            * layout/inlineformatting/text/TextUtil.cpp:
            (WebCore::Layout::TextUtil::fixedPitchWidth):
            (WebCore::Layout::TextUtil::split):

2020-12-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269190. rdar://problem/71381759

    Increase camera failing timer to 30 seconds
    https://bugs.webkit.org/show_bug.cgi?id=218389
    
    Reviewed by Eric Carlson.
    
    From testing, 3 seconds is not always enough if getUserMedia is quickly called multiple times.
    Let's increase to 30 seconds to give room for slow systems while still being able to identify failures.
    
    * platform/mediastream/mac/AVVideoCaptureSource.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-30  Youenn Fablet  <youenn@apple.com>

            Increase camera failing timer to 30 seconds
            https://bugs.webkit.org/show_bug.cgi?id=218389

            Reviewed by Eric Carlson.

            From testing, 3 seconds is not always enough if getUserMedia is quickly called multiple times.
            Let's increase to 30 seconds to give room for slow systems while still being able to identify failures.

            * platform/mediastream/mac/AVVideoCaptureSource.h:

2020-12-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269954. rdar://problem/71836563

    RenderTreeBuilderBlock using an incorrect anonymous parent to attach a new renderer
    https://bugs.webkit.org/show_bug.cgi?id=218505
    
    Reviewed by Antti Koivisto.
    
    Let's consider the following simplified render tree:
    
    PARENT
    |___beforeChildAnonymousContainer
        |___hierarchy of anonymous blocks
            |___beforeChild
    
    When RenderTreeBuilderBlock is attaching a new renderer given PARENT and beforeChild, it first tries to attach it to the PARENT
    if beforeChild is a direct child of PARENT. Otherwise it assumes that beforeChild is the direct child of an anonymous block which is
    in between PARENT and beforeChild. However in some cases, as the one presented above, beforeChild might have a whole hierarchy of
    anonymous blocks in between. That's why we cannot assume that beforeChild->parent() is a direct child of PARENT. Instead we should use
    beforeChildAnonymousContainer as the parent of the new renderer.
    
    * rendering/updating/RenderTreeBuilderBlock.cpp:
    (WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation): Use beforeChildAnonymousContainer instead of beforeChild->parent().
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269954 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-17  Sergio Villar Senin  <svillar@igalia.com>

            RenderTreeBuilderBlock using an incorrect anonymous parent to attach a new renderer
            https://bugs.webkit.org/show_bug.cgi?id=218505

            Reviewed by Antti Koivisto.

            Let's consider the following simplified render tree:

            PARENT
            |___beforeChildAnonymousContainer
                |___hierarchy of anonymous blocks
                    |___beforeChild

            When RenderTreeBuilderBlock is attaching a new renderer given PARENT and beforeChild, it first tries to attach it to the PARENT
            if beforeChild is a direct child of PARENT. Otherwise it assumes that beforeChild is the direct child of an anonymous block which is
            in between PARENT and beforeChild. However in some cases, as the one presented above, beforeChild might have a whole hierarchy of
            anonymous blocks in between. That's why we cannot assume that beforeChild->parent() is a direct child of PARENT. Instead we should use
            beforeChildAnonymousContainer as the parent of the new renderer.

            * rendering/updating/RenderTreeBuilderBlock.cpp:
            (WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation): Use beforeChildAnonymousContainer instead of beforeChild->parent().

2020-12-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269695. rdar://problem/71836652

    Protect ScheduledURLNavigation member
    https://bugs.webkit.org/show_bug.cgi?id=218593
    
    Patch by Rob Buis <rbuis@igalia.com> on 2020-11-11
    Reviewed by Alex Christensen.
    
    Protect ScheduledURLNavigation member m_url by using a copy since
    ScheduledURLNavigation itself is not protected and may be cancelled
    (and thus deleted) just at the time it is sending a message to the
    UIProcess which encodes the passed m_url member variable.
    
    * loader/NavigationScheduler.cpp:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269695 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-11  Rob Buis  <rbuis@igalia.com>

            Protect ScheduledURLNavigation member
            https://bugs.webkit.org/show_bug.cgi?id=218593

            Reviewed by Alex Christensen.

            Protect ScheduledURLNavigation member m_url by using a copy since
            ScheduledURLNavigation itself is not protected and may be cancelled
            (and thus deleted) just at the time it is sending a message to the
            UIProcess which encodes the passed m_url member variable.

            * loader/NavigationScheduler.cpp:

2020-11-16  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268979. rdar://problem/71446613

    Use a WeakHashSet for Document::m_captionPreferencesChangedElements
    https://bugs.webkit.org/show_bug.cgi?id=218170
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Refactoring to move from raw pointer to weak pointer.
    For that purpose, we use WeakHashSet and WeakHashSet::forEach for extra safety.
    No observable change of behavior.
    
    * dom/Document.cpp:
    (WebCore::Document::registerForCaptionPreferencesChangedCallbacks):
    (WebCore::Document::unregisterForCaptionPreferencesChangedCallbacks):
    (WebCore::Document::captionPreferencesChanged):
    * dom/Document.h:
    
    Source/WTF:
    
    * wtf/WeakHashSet.h:
    Add a static cast for classes inheriting CanMakeWeakPtr like done for the set iterator.
    Update code to compile in WinCairo.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268979 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-26  Youenn Fablet  <youenn@apple.com>

            Use a WeakHashSet for Document::m_captionPreferencesChangedElements
            https://bugs.webkit.org/show_bug.cgi?id=218170

            Reviewed by Eric Carlson.

            Refactoring to move from raw pointer to weak pointer.
            For that purpose, we use WeakHashSet and WeakHashSet::forEach for extra safety.
            No observable change of behavior.

            * dom/Document.cpp:
            (WebCore::Document::registerForCaptionPreferencesChangedCallbacks):
            (WebCore::Document::unregisterForCaptionPreferencesChangedCallbacks):
            (WebCore::Document::captionPreferencesChanged):
            * dom/Document.h:

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r269384. rdar://problem/71381924

    REGRESSION (r257839): Miscomputed style due to computed 'rem' value in matched declaration cache
    https://bugs.webkit.org/show_bug.cgi?id=218561
    <rdar://problem/70074191>
    
    Reviewed by Zalan Bujtas.
    
    Source/WebCore:
    
    Test: fast/dom/focus-rem-style-update.html
    
    Call to focus() causes computed style update for the element’s ancestor chain before the the document
    has otherwise been styled (using the shortcut mechanism introduced in r257839). This style, which uses ‘rem’
    unit and so depends on root element font size, gets cached in MatchedDeclarationsCache. The root font size
    then changes but during the resulting style update we use this cached value, failing to re-resolve ‘rem’.
    
    * style/StyleTreeResolver.cpp:
    (WebCore::Style::TreeResolver::resolveElement):
    
    Invalidate matched declarations cache also when there is no existing document element style.
    
    LayoutTests:
    
    * fast/dom/focus-rem-style-update-expected.html: Added.
    * fast/dom/focus-rem-style-update.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-04  Antti Koivisto  <antti@apple.com>

            REGRESSION (r257839): Miscomputed style due to computed 'rem' value in matched declaration cache
            https://bugs.webkit.org/show_bug.cgi?id=218561
            <rdar://problem/70074191>

            Reviewed by Zalan Bujtas.

            Test: fast/dom/focus-rem-style-update.html

            Call to focus() causes computed style update for the element’s ancestor chain before the the document
            has otherwise been styled (using the shortcut mechanism introduced in r257839). This style, which uses ‘rem’
            unit and so depends on root element font size, gets cached in MatchedDeclarationsCache. The root font size
            then changes but during the resulting style update we use this cached value, failing to re-resolve ‘rem’.

            * style/StyleTreeResolver.cpp:
            (WebCore::Style::TreeResolver::resolveElement):

            Invalidate matched declarations cache also when there is no existing document element style.

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r269321. rdar://problem/71083861

    Protect against HTMLMediaElement being destroyed during disptachEvent().
    https://bugs.webkit.org/show_bug.cgi?id=218398
    <rdar://problem/67613836>
    
    Reviewed by Chris Dumez.
    
    Make the MainThreadGenericEventQueue protect the target as well as the owner of the queue.
    
    Drive-by fix: Create the scoped `eventFiringScope` object after the `protect` object, to ensure
    that the member variable set by the first scope will safely occur.
    
    Drive-by fix #2: Also null-check the result of document().page() within HTMLMediaElement::dispatchEvent().
    
    * dom/GenericEventQueue.cpp:
    (WebCore::MainThreadGenericEventQueue::dispatchOneEvent):
    * html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::dispatchEvent):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269321 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-11-03  Jer Noble  <jer.noble@apple.com>

            Protect against HTMLMediaElement being destroyed during disptachEvent().
            https://bugs.webkit.org/show_bug.cgi?id=218398
            <rdar://problem/67613836>

            Reviewed by Chris Dumez.

            Make the MainThreadGenericEventQueue protect the target as well as the owner of the queue.

            Drive-by fix: Create the scoped `eventFiringScope` object after the `protect` object, to ensure
            that the member variable set by the first scope will safely occur.

            Drive-by fix #2: Also null-check the result of document().page() within HTMLMediaElement::dispatchEvent().

            * dom/GenericEventQueue.cpp:
            (WebCore::MainThreadGenericEventQueue::dispatchOneEvent):
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::dispatchEvent):

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r269208. rdar://problem/71378171

    AX: Incorrect list of voices being displayed on iOS
    https://bugs.webkit.org/show_bug.cgi?id=218293
    
    Reviewed by Per Arne Vollan.
    
    Source/WebCore:
    
    Limit the voices that we display in WebSpeech to only built-in system voices. This was the intention of the "compact"
    decision, but some mobile assets have compact voices, which are not available WebContent.
    
    * platform/ios/PlatformSpeechSynthesizerIOS.mm:
    (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
    
    Source/WebCore/PAL:
    
    * PAL.xcodeproj/project.pbxproj:
    * pal/PlatformMac.cmake:
    * pal/spi/cocoa/AXSpeechManagerSPI.h: Added.
    
    Source/WTF:
    
    * wtf/PlatformHave.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-30  Chris Fleizach  <cfleizach@apple.com>

            AX: Incorrect list of voices being displayed on iOS
            https://bugs.webkit.org/show_bug.cgi?id=218293

            Reviewed by Per Arne Vollan.

            Limit the voices that we display in WebSpeech to only built-in system voices. This was the intention of the "compact"
            decision, but some mobile assets have compact voices, which are not available WebContent.

            * platform/ios/PlatformSpeechSynthesizerIOS.mm:
            (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r269121. rdar://problem/71381839

    [MSE] Handle trackId changing across Initialization Segments
    https://bugs.webkit.org/show_bug.cgi?id=218294
    <rdar://problem/70771306>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Test: media/media-source/media-source-trackid-change.html
    
    When appending an initialization segment after the receivedFirstInitializationSegment flag is
    true, and when the number of video or audio tracks is 1, the trackId is allowed to change across
    initialiaztion segments. When this occurs, move the TrackBuffer inside the trackBufferMap to
    refer to the new trackId, so that when MediaSamples are parsed, they're put into the correct
    TrackBuffer.
    
    * Modules/mediasource/SourceBuffer.cpp:
    (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
    * html/track/AudioTrack.cpp:
    (WebCore::AudioTrack::setPrivate):
    * html/track/InbandTextTrack.cpp:
    (WebCore::InbandTextTrack::setPrivate):
    * html/track/VideoTrack.cpp:
    (WebCore::VideoTrack::setPrivate):
    
    LayoutTests:
    
    * media/media-source/media-source-trackid-change-expected.txt: Added.
    * media/media-source/media-source-trackid-change.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-28  Jer Noble  <jer.noble@apple.com>

            [MSE] Handle trackId changing across Initialization Segments
            https://bugs.webkit.org/show_bug.cgi?id=218294
            <rdar://problem/70771306>

            Reviewed by Eric Carlson.

            Test: media/media-source/media-source-trackid-change.html

            When appending an initialization segment after the receivedFirstInitializationSegment flag is
            true, and when the number of video or audio tracks is 1, the trackId is allowed to change across
            initialiaztion segments. When this occurs, move the TrackBuffer inside the trackBufferMap to
            refer to the new trackId, so that when MediaSamples are parsed, they're put into the correct
            TrackBuffer.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
            * html/track/AudioTrack.cpp:
            (WebCore::AudioTrack::setPrivate):
            * html/track/InbandTextTrack.cpp:
            (WebCore::InbandTextTrack::setPrivate):
            * html/track/VideoTrack.cpp:
            (WebCore::VideoTrack::setPrivate):

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268782. rdar://problem/71381941

    Release assert in ~Node due to render element of pseudo element not getting removed in time
    https://bugs.webkit.org/show_bug.cgi?id=217996
    
    Patch by Julian Gonzalez <julian_a_gonzalez@apple.com> on 2020-10-20
    Reviewed by Ryosuke Niwa.
    
    When attaching a shadow root to an element, remember to tear down renderers not only if
    one exists on the element, but also if it uses display: contents.
    
    * dom/Element.cpp:
    (WebCore::Element::addShadowRoot):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-20  Julian Gonzalez  <julian_a_gonzalez@apple.com>

            Release assert in ~Node due to render element of pseudo element not getting removed in time
            https://bugs.webkit.org/show_bug.cgi?id=217996

            Reviewed by Ryosuke Niwa.

            When attaching a shadow root to an element, remember to tear down renderers not only if
            one exists on the element, but also if it uses display: contents.

            * dom/Element.cpp:
            (WebCore::Element::addShadowRoot):

2020-11-13  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266052. rdar://problem/71378190

    RTCRtpSynchronizationSource.rtpTimestamp is not present
    https://bugs.webkit.org/show_bug.cgi?id=215722
    
    Patch by Justin Uberti <justin@uberti.name> on 2020-08-24
    Reviewed by Youenn Fablet.
    
    LayoutTests/imported/w3c:
    
    Updated expectations file to indicate that tests checking for .rtpTimestamp now pass.
    
    * LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCRtpReceiver-getSynchronizationSources.https-expected.txt:
    
    Source/WebCore:
    
    Updated expected results in LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCRtpReceiver-getSynchronizationSources.https-expected.txt.
    
    * Modules/mediastream/RTCRtpContributingSource.idl:
    * Modules/mediastream/RTCRtpContributingSource.idl:
    * Modules/mediastream/RTCRtpSynchronizationSource.idl:
    Minor modification to ensure JSRTCRtpSynchronizationSource.cpp gets regenerated.
    * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.cpp:
    (WebCore::fillRTCRtpContributingSource):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-24  Justin Uberti  <justin@uberti.name>

            RTCRtpSynchronizationSource.rtpTimestamp is not present
            https://bugs.webkit.org/show_bug.cgi?id=215722

            Reviewed by Youenn Fablet.

            Updated expected results in LayoutTests/imported/w3c/web-platform-tests/webrtc/RTCRtpReceiver-getSynchronizationSources.https-expected.txt.

            * Modules/mediastream/RTCRtpContributingSource.idl:
            * Modules/mediastream/RTCRtpContributingSource.idl:
            * Modules/mediastream/RTCRtpSynchronizationSource.idl:
            Minor modification to ensure JSRTCRtpSynchronizationSource.cpp gets regenerated.
            * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.cpp:
            (WebCore::fillRTCRtpContributingSource):

2020-11-04  Kocsen Chung  <kocsen_chung@apple.com>

        Revert r269190. rdar://problem/70970247

2020-11-04  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269025. rdar://problem/70970161

    REGRESSION (r268386): Flashes of inverted color when zooming the map on windy.com
    https://bugs.webkit.org/show_bug.cgi?id=218177
    <rdar://problem/70676037>
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-10-27
    Reviewed by Dean Jackson.
    
    Source/WebCore:
    
    Refactoring r268386 changed the behavior so that a new WebGL drawing
    buffer would be created when CA would be using the oldest IOSurface
    display buffer of the WebGL layer. Before r268386 the WebGL would just
    draw on top of the IOSurface even if CA was using it.
    
    This change made the existing bug of using uninitialized IOSurfaces
    visible, since IOSurfaces seem to be initialized with red. The existing
    bug was probably in r262366.
    
    The fix in this commit fixes the case where WebGL context is drawn to
    but the CA does not display the contents. Draw would cause preparation
    of the drawing buffer for display, along with the contract that drawing
    buffer might be uninitialized. However, the clear of the drawing buffer
    was marked needed only during display.
    
    Case that failed at the time of writing was the case where after draw,
    the element would be removed by setting display:none. This would return
    red contents, e.g. uninitialized IOSurface contents. Before r268386 this
    would first return red until 3 buffers had passed and then it would
    start recycling old display buffer contents.
    
    The naming is not fixed in this commit due to just fixing the
    regression. Other ports contain code that makes renaming or
    restructuring the callbacks more confusing for the other ports.
    
    Test: fast/canvas/webgl/webgl-clear-composited-notshowing.html
    
    * WebCore.xcodeproj/project.pbxproj:
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::prepareForDisplay):
    * platform/graphics/cocoa/WebGLLayer.h:
    * platform/graphics/cocoa/WebGLLayer.mm:
    (-[WebGLLayer initWithDevicePixelRatio:contentsOpaque:]):
    (-[WebGLLayer display]):
    (-[WebGLLayer detachClient]):
    * platform/graphics/cocoa/WebGLLayerClient.h: Removed.
    * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
    
    LayoutTests:
    
    Test case for WebGL which is drawn to a canvas that is not visible. This should still
    adhere to preserveDrawingBuffer == false contract of clearing the drawing buffer
    correctly.
    
    Case that failed at the time of writing was the case where after draw, the element
    would be removed by setting display:none.
    
    * fast/canvas/webgl/webgl-clear-composited-notshowing-expected.txt: Added.
    * fast/canvas/webgl/webgl-clear-composited-notshowing.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-27  Kimmo Kinnunen  <kkinnunen@apple.com>

            REGRESSION (r268386): Flashes of inverted color when zooming the map on windy.com
            https://bugs.webkit.org/show_bug.cgi?id=218177
            <rdar://problem/70676037>

            Reviewed by Dean Jackson.

            Refactoring r268386 changed the behavior so that a new WebGL drawing
            buffer would be created when CA would be using the oldest IOSurface
            display buffer of the WebGL layer. Before r268386 the WebGL would just
            draw on top of the IOSurface even if CA was using it.

            This change made the existing bug of using uninitialized IOSurfaces
            visible, since IOSurfaces seem to be initialized with red. The existing
            bug was probably in r262366.

            The fix in this commit fixes the case where WebGL context is drawn to
            but the CA does not display the contents. Draw would cause preparation
            of the drawing buffer for display, along with the contract that drawing
            buffer might be uninitialized. However, the clear of the drawing buffer
            was marked needed only during display.

            Case that failed at the time of writing was the case where after draw,
            the element would be removed by setting display:none. This would return
            red contents, e.g. uninitialized IOSurface contents. Before r268386 this
            would first return red until 3 buffers had passed and then it would
            start recycling old display buffer contents.

            The naming is not fixed in this commit due to just fixing the
            regression. Other ports contain code that makes renaming or
            restructuring the callbacks more confusing for the other ports.

            Test: fast/canvas/webgl/webgl-clear-composited-notshowing.html

            * WebCore.xcodeproj/project.pbxproj:
            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::prepareForDisplay):
            * platform/graphics/cocoa/WebGLLayer.h:
            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithDevicePixelRatio:contentsOpaque:]):
            (-[WebGLLayer display]):
            (-[WebGLLayer detachClient]):
            * platform/graphics/cocoa/WebGLLayerClient.h: Removed.
            * platform/graphics/opengl/GraphicsContextGLOpenGL.h:

2020-11-04  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268446. rdar://problem/70970178

    REGRESSION: fast/canvas/webgl/context-attributes-alpha.html fails
    https://bugs.webkit.org/show_bug.cgi?id=217697
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-10-14
    Reviewed by Antti Koivisto.
    
    The original work in "Cocoa: Make WebGLLayer not dependent on
    GraphicsContextGLOpenGL" was missing the hunk to initialize
    WebGLLayer contentsOpaque. Neither the EWS nor the local testing
    used the test case.
    
    No new tests, tested by
    fast/canvas/webgl/context-attributes-alpha.html.
    
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    * platform/graphics/cocoa/WebGLLayer.h:
    * platform/graphics/cocoa/WebGLLayer.mm:
    (-[WebGLLayer initWithClient:devicePixelRatio:contentsOpaque:]):
    (-[WebGLLayer initWithClient:devicePixelRatio:]): Deleted.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-14  Kimmo Kinnunen  <kkinnunen@apple.com>

            REGRESSION: fast/canvas/webgl/context-attributes-alpha.html fails
            https://bugs.webkit.org/show_bug.cgi?id=217697

            Reviewed by Antti Koivisto.

            The original work in "Cocoa: Make WebGLLayer not dependent on
            GraphicsContextGLOpenGL" was missing the hunk to initialize
            WebGLLayer contentsOpaque. Neither the EWS nor the local testing
            used the test case.

            No new tests, tested by
            fast/canvas/webgl/context-attributes-alpha.html.

            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            * platform/graphics/cocoa/WebGLLayer.h:
            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithClient:devicePixelRatio:contentsOpaque:]):
            (-[WebGLLayer initWithClient:devicePixelRatio:]): Deleted.

2020-11-04  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268386. rdar://problem/70970067

    Cocoa: Make WebGLLayer not dependent on  GraphicsContextGLOpenGL
    https://bugs.webkit.org/show_bug.cgi?id=217212
    <rdar://problem/69876022>
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-10-13
    Reviewed by Dean Jackson.
    
    Source/WebCore:
    
    WebGLLayer was needlessly using GraphicsContextGLOpenGL.
    This is problematic because WebGLLayer should work with
    upcoming remote GraphicsContextGL implementation.
    
    The prepare callgraph was:
        GCGLOpenGL -> WebGLLayer -> GCGLOpenGL
    Refactor it to be:
        GCGLOpenGL -> WebGLLayer
    
    Move the back buffer ownership to the GraphicsContextGLOpenGL.
    Make the front buffer ownership explicit in WebGLLayer.
    Move the EGL bindings ownerships of all buffers to
    GraphicsContextGLOpenGL.
    
    Make the WebGLLayer not use EGL or OpenGL, it does not
    need and cannot use it as not all of its clients use OpenGL
    (i.e. the above mentioned remote use-case).
    
    Improves the memory usage by not allocating front buffers
    unless needed. In case the canvas does not present, will
    not allocate front buffers at all.
    
    Improves error handling of the allocations and EGL bindings.
    
    No new tests, a refactor.
    
    * WebCore.xcodeproj/project.pbxproj:
    * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
    (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
    (WebCore::GraphicsContextGLOpenGL::prepareTexture):
    (WebCore::GraphicsContextGLOpenGL::prepareTextureImpl):
    * platform/graphics/angle/GraphicsContextGLANGLEUtilities.h: Added.
    (WebCore::ScopedRestoreTextureBinding::ScopedRestoreTextureBinding):
    (WebCore::ScopedRestoreTextureBinding::~ScopedRestoreTextureBinding):
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
    (WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking):
    (WebCore::GraphicsContextGLOpenGL::bindDisplayBufferBacking):
    (WebCore::GraphicsContextGLOpenGL::prepareForDisplay):
    (WebCore::GraphicsContextGLOpenGL::didDisplay):
    * platform/graphics/cocoa/WebGLLayer.h:
    * platform/graphics/cocoa/WebGLLayer.mm:
    (-[WebGLLayer initWithClient:devicePixelRatio:]):
    (-[WebGLLayer copyImageSnapshotWithColorSpace:]):
    (-[WebGLLayer recycleBuffer]):
    (-[WebGLLayer prepareForDisplayWithContents:]):
    (-[WebGLLayer display]):
    (-[WebGLLayer detachClient]):
    * platform/graphics/cocoa/WebGLLayerClient.h: Copied from Source/WebCore/platform/graphics/cocoa/WebGLLayer.h.
    (WebCore::WebGLLayerClient::~WebGLLayerClient):
    * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
    * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
    (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
    
    Source/WebKit:
    
    Removed unneeded inclusions of GraphicsContextGLOpenGL.h. The
    file is now using non-public headers.
    
    * WebProcess/WebPage/WebPage.cpp:
    * WebProcess/WebPage/mac/WebPageMac.mm:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-13  Kimmo Kinnunen  <kkinnunen@apple.com>

            Cocoa: Make WebGLLayer not dependent on  GraphicsContextGLOpenGL
            https://bugs.webkit.org/show_bug.cgi?id=217212
            <rdar://problem/69876022>

            Reviewed by Dean Jackson.

            WebGLLayer was needlessly using GraphicsContextGLOpenGL.
            This is problematic because WebGLLayer should work with
            upcoming remote GraphicsContextGL implementation.

            The prepare callgraph was:
                GCGLOpenGL -> WebGLLayer -> GCGLOpenGL
            Refactor it to be:
                GCGLOpenGL -> WebGLLayer

            Move the back buffer ownership to the GraphicsContextGLOpenGL.
            Make the front buffer ownership explicit in WebGLLayer.
            Move the EGL bindings ownerships of all buffers to
            GraphicsContextGLOpenGL.

            Make the WebGLLayer not use EGL or OpenGL, it does not
            need and cannot use it as not all of its clients use OpenGL
            (i.e. the above mentioned remote use-case).

            Improves the memory usage by not allocating front buffers
            unless needed. In case the canvas does not present, will
            not allocate front buffers at all.

            Improves error handling of the allocations and EGL bindings.

            No new tests, a refactor.

            * WebCore.xcodeproj/project.pbxproj:
            * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
            (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
            (WebCore::GraphicsContextGLOpenGL::prepareTexture):
            (WebCore::GraphicsContextGLOpenGL::prepareTextureImpl):
            * platform/graphics/angle/GraphicsContextGLANGLEUtilities.h: Added.
            (WebCore::ScopedRestoreTextureBinding::ScopedRestoreTextureBinding):
            (WebCore::ScopedRestoreTextureBinding::~ScopedRestoreTextureBinding):
            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
            (WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking):
            (WebCore::GraphicsContextGLOpenGL::bindDisplayBufferBacking):
            (WebCore::GraphicsContextGLOpenGL::prepareForDisplay):
            (WebCore::GraphicsContextGLOpenGL::didDisplay):
            * platform/graphics/cocoa/WebGLLayer.h:
            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithClient:devicePixelRatio:]):
            (-[WebGLLayer copyImageSnapshotWithColorSpace:]):
            (-[WebGLLayer recycleBuffer]):
            (-[WebGLLayer prepareForDisplayWithContents:]):
            (-[WebGLLayer display]):
            (-[WebGLLayer detachClient]):
            * platform/graphics/cocoa/WebGLLayerClient.h: Copied from Source/WebCore/platform/graphics/cocoa/WebGLLayer.h.
            (WebCore::WebGLLayerClient::~WebGLLayerClient):
            * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
            * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
            (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):

2020-11-04  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268198. rdar://problem/70970161

    Mac: Remove OpenGL and OpenGL ES backends
    https://bugs.webkit.org/show_bug.cgi?id=217374
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-10-08
    Reviewed by Darin Adler.
    
    Remove macOS OpenGL (CGL) and iOS OpenGL ES (EAGL)
    implementations of GraphicsContextGLOpenGL. These
    are not used anymore and cannot be used for conformant
    WebGL. The two removed backends would just create
    maintainance burden.
    
    Removes TextureCacheCV, this was not implemented for
    ANGLE and in comments it was said to be disabled in
    the platform.
    
    Fixes a bug where iOS apps on Mac Apple Silicon would
    not use correct texture target to convert the video
    frames in VideoTextureCopierCV.
    
    Fixes few instances of using GL types in WebGL implementation
    instead of WebCore defined GCGL types. This is needed
    now that the includes are (a bit) more correct.
    
    No new tests, a refactoring.
    
    * PlatformMac.cmake:
    * SourcesCocoa.txt:
    * WebCore.xcodeproj/project.pbxproj:
    * html/canvas/ANGLEInstancedArrays.cpp:
    (WebCore::ANGLEInstancedArrays::supported):
    * html/canvas/WebGL2RenderingContext.h:
    * html/canvas/WebGLRenderingContextBase.cpp:
    (WebCore::WebGLRenderingContextBase::create):
    (WebCore::WebGLRenderingContextBase::readPixels):
    * platform/graphics/GraphicsContextGL.cpp:
    * platform/graphics/GraphicsContextGL.h:
    * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
    (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
    (WebCore::GraphicsContextGLOpenGL::paintRenderingResultsToCanvas):
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTarget):
    (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTargetQuery):
    (WebCore::GraphicsContextGLOpenGL::EGLIOSurfaceTextureTarget):
    (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
    (WebCore::GraphicsContextGLOpenGL::checkGPUStatus):
    (WebCore::GraphicsContextGLOpenGL::setContextVisibility):
    (WebCore::GraphicsContextGLOpenGL::screenDidChange):
    * platform/graphics/cocoa/WebGLLayer.h:
    * platform/graphics/cocoa/WebGLLayer.mm:
    (-[WebGLLayer initWithGraphicsContextGL:]):
    (-[WebGLLayer setAnchorPoint:]):
    (-[WebGLLayer copyImageSnapshotWithColorSpace:]):
    (-[WebGLLayer prepareForDisplay]):
    (-[WebGLLayer display]):
    (-[WebGLLayer releaseGLResources]):
    (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
    (-[WebGLLayer bindFramebufferToNextAvailableSurface]):
    * platform/graphics/cv/TextureCacheCV.h: Removed.
    * platform/graphics/cv/TextureCacheCV.mm: Removed.
    * platform/graphics/cv/VideoTextureCopierCV.cpp:
    (WebCore::VideoTextureCopierCV::initializeContextObjects):
    (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
    (WebCore::VideoTextureCopierCV::attachIOSurfaceToTexture):
    (WebCore::VideoTextureCopierCV::detachIOSurfaceFromTexture):
    (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
    (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
    * platform/graphics/cv/VideoTextureCopierCV.h:
    * platform/graphics/ios/GraphicsContextGLOpenGLESIOS.h: Removed.
    * platform/graphics/opengl/ExtensionsGLOpenGL.cpp:
    (WebCore::ExtensionsGLOpenGL::blitFramebuffer):
    (WebCore::ExtensionsGLOpenGL::createVertexArrayOES):
    (WebCore::ExtensionsGLOpenGL::deleteVertexArrayOES):
    (WebCore::ExtensionsGLOpenGL::isVertexArrayOES):
    (WebCore::ExtensionsGLOpenGL::bindVertexArrayOES):
    (WebCore::ExtensionsGLOpenGL::supportsExtension):
    (WebCore::ExtensionsGLOpenGL::drawBuffersEXT):
    (WebCore::ExtensionsGLOpenGL::drawArraysInstanced):
    (WebCore::ExtensionsGLOpenGL::drawElementsInstanced):
    (WebCore::ExtensionsGLOpenGL::vertexAttribDivisor):
    * platform/graphics/opengl/ExtensionsGLOpenGL.h:
    * platform/graphics/opengl/ExtensionsGLOpenGLCommon.cpp:
    (WebCore::ExtensionsGLOpenGLCommon::initializeAvailableExtensions):
    * platform/graphics/opengl/GraphicsContextGLOpenGL.cpp:
    (WebCore::GraphicsContextGLOpenGL::setContextVisibility):
    * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
    * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
    (WebCore::GraphicsContextGLOpenGL::readPixelsAndConvertToBGRAIfNecessary):
    (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
    (WebCore::GraphicsContextGLOpenGL::resolveMultisamplingIfNecessary):
    (WebCore::GraphicsContextGLOpenGL::getIntegerv):
    (WebCore::GraphicsContextGLOpenGL::depthRange):
    (WebCore::GraphicsContextGLOpenGL::clearDepth):
    (WebCore::GraphicsContextGLOpenGL::getExtensions):
    (WebCore::GraphicsContextGLOpenGL::readPixels):
    * platform/graphics/opengl/GraphicsContextGLOpenGLCommon.cpp:
    (WebCore::GraphicsContextGLOpenGL::paintRenderingResultsToCanvas):
    (WebCore::GraphicsContextGLOpenGL::copyTexImage2D):
    (WebCore::GraphicsContextGLOpenGL::copyTexSubImage2D):
    (WebCore::GraphicsContextGLOpenGL::finish):
    (WebCore::GraphicsContextGLOpenGL::flush):
    (WebCore::GraphicsContextGLOpenGL::deleteTexture):
    * platform/graphics/opengl/GraphicsContextGLOpenGLES.cpp:
    * platform/graphics/opengl/GraphicsContextGLOpenGLManager.cpp:
    (WebCore::GraphicsContextGLOpenGLManager::updateAllContexts):
    (WebCore::GraphicsContextGLOpenGLManager::updateHighPerformanceState):
    (WebCore::GraphicsContextGLOpenGLManager::disableHighPerformanceGPUTimerFired):
    * platform/graphics/opengl/GraphicsContextGLOpenGLManager.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-08  Kimmo Kinnunen  <kkinnunen@apple.com>

            Mac: Remove OpenGL and OpenGL ES backends
            https://bugs.webkit.org/show_bug.cgi?id=217374

            Reviewed by Darin Adler.

            Remove macOS OpenGL (CGL) and iOS OpenGL ES (EAGL)
            implementations of GraphicsContextGLOpenGL. These
            are not used anymore and cannot be used for conformant
            WebGL. The two removed backends would just create
            maintainance burden.

            Removes TextureCacheCV, this was not implemented for
            ANGLE and in comments it was said to be disabled in
            the platform.

            Fixes a bug where iOS apps on Mac Apple Silicon would
            not use correct texture target to convert the video
            frames in VideoTextureCopierCV.

            Fixes few instances of using GL types in WebGL implementation
            instead of WebCore defined GCGL types. This is needed
            now that the includes are (a bit) more correct.

            No new tests, a refactoring.

            * PlatformMac.cmake:
            * SourcesCocoa.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * html/canvas/ANGLEInstancedArrays.cpp:
            (WebCore::ANGLEInstancedArrays::supported):
            * html/canvas/WebGL2RenderingContext.h:
            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create):
            (WebCore::WebGLRenderingContextBase::readPixels):
            * platform/graphics/GraphicsContextGL.cpp:
            * platform/graphics/GraphicsContextGL.h:
            * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
            (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
            (WebCore::GraphicsContextGLOpenGL::paintRenderingResultsToCanvas):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTarget):
            (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTargetQuery):
            (WebCore::GraphicsContextGLOpenGL::EGLIOSurfaceTextureTarget):
            (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
            (WebCore::GraphicsContextGLOpenGL::checkGPUStatus):
            (WebCore::GraphicsContextGLOpenGL::setContextVisibility):
            (WebCore::GraphicsContextGLOpenGL::screenDidChange):
            * platform/graphics/cocoa/WebGLLayer.h:
            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithGraphicsContextGL:]):
            (-[WebGLLayer setAnchorPoint:]):
            (-[WebGLLayer copyImageSnapshotWithColorSpace:]):
            (-[WebGLLayer prepareForDisplay]):
            (-[WebGLLayer display]):
            (-[WebGLLayer releaseGLResources]):
            (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
            (-[WebGLLayer bindFramebufferToNextAvailableSurface]):
            * platform/graphics/cv/TextureCacheCV.h: Removed.
            * platform/graphics/cv/TextureCacheCV.mm: Removed.
            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::VideoTextureCopierCV::initializeContextObjects):
            (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
            (WebCore::VideoTextureCopierCV::attachIOSurfaceToTexture):
            (WebCore::VideoTextureCopierCV::detachIOSurfaceFromTexture):
            (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
            (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
            * platform/graphics/cv/VideoTextureCopierCV.h:
            * platform/graphics/ios/GraphicsContextGLOpenGLESIOS.h: Removed.
            * platform/graphics/opengl/ExtensionsGLOpenGL.cpp:
            (WebCore::ExtensionsGLOpenGL::blitFramebuffer):
            (WebCore::ExtensionsGLOpenGL::createVertexArrayOES):
            (WebCore::ExtensionsGLOpenGL::deleteVertexArrayOES):
            (WebCore::ExtensionsGLOpenGL::isVertexArrayOES):
            (WebCore::ExtensionsGLOpenGL::bindVertexArrayOES):
            (WebCore::ExtensionsGLOpenGL::supportsExtension):
            (WebCore::ExtensionsGLOpenGL::drawBuffersEXT):
            (WebCore::ExtensionsGLOpenGL::drawArraysInstanced):
            (WebCore::ExtensionsGLOpenGL::drawElementsInstanced):
            (WebCore::ExtensionsGLOpenGL::vertexAttribDivisor):
            * platform/graphics/opengl/ExtensionsGLOpenGL.h:
            * platform/graphics/opengl/ExtensionsGLOpenGLCommon.cpp:
            (WebCore::ExtensionsGLOpenGLCommon::initializeAvailableExtensions):
            * platform/graphics/opengl/GraphicsContextGLOpenGL.cpp:
            (WebCore::GraphicsContextGLOpenGL::setContextVisibility):
            * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
            * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
            (WebCore::GraphicsContextGLOpenGL::readPixelsAndConvertToBGRAIfNecessary):
            (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
            (WebCore::GraphicsContextGLOpenGL::resolveMultisamplingIfNecessary):
            (WebCore::GraphicsContextGLOpenGL::getIntegerv):
            (WebCore::GraphicsContextGLOpenGL::depthRange):
            (WebCore::GraphicsContextGLOpenGL::clearDepth):
            (WebCore::GraphicsContextGLOpenGL::getExtensions):
            (WebCore::GraphicsContextGLOpenGL::readPixels):
            * platform/graphics/opengl/GraphicsContextGLOpenGLCommon.cpp:
            (WebCore::GraphicsContextGLOpenGL::paintRenderingResultsToCanvas):
            (WebCore::GraphicsContextGLOpenGL::copyTexImage2D):
            (WebCore::GraphicsContextGLOpenGL::copyTexSubImage2D):
            (WebCore::GraphicsContextGLOpenGL::finish):
            (WebCore::GraphicsContextGLOpenGL::flush):
            (WebCore::GraphicsContextGLOpenGL::deleteTexture):
            * platform/graphics/opengl/GraphicsContextGLOpenGLES.cpp:
            * platform/graphics/opengl/GraphicsContextGLOpenGLManager.cpp:
            (WebCore::GraphicsContextGLOpenGLManager::updateAllContexts):
            (WebCore::GraphicsContextGLOpenGLManager::updateHighPerformanceState):
            (WebCore::GraphicsContextGLOpenGLManager::disableHighPerformanceGPUTimerFired):
            * platform/graphics/opengl/GraphicsContextGLOpenGLManager.h:

2020-11-04  Alan Coon  <alancoon@apple.com>

Cherry-pick r266840. rdar://70970161

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateTexFuncLayer):
        (WebCore::WebGL2RenderingContext::compressedTexSubImage2D):
        (WebCore::WebGL2RenderingContext::clientWaitSync):
        (WebCore::ValidateTransformFeedbackPrimitiveMode):
        (WebCore::WebGL2RenderingContext::getActiveUniformBlockParameter):
        (WebCore::WebGL2RenderingContext::getParameter):
        (WebCore::WebGL2RenderingContext::validateClearBuffer):
        (WebCore::WebGL2RenderingContext::uniform1fv):
        (WebCore::WebGL2RenderingContext::uniform2fv):
        (WebCore::WebGL2RenderingContext::uniform3fv):
        (WebCore::WebGL2RenderingContext::uniform4fv):
        (WebCore::WebGL2RenderingContext::uniform1iv):
        (WebCore::WebGL2RenderingContext::uniform2iv):
        (WebCore::WebGL2RenderingContext::uniform3iv):
        (WebCore::WebGL2RenderingContext::uniform4iv):
        (WebCore::WebGL2RenderingContext::uniformMatrix2fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix3fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix4fv):
        (WebCore::WebGL2RenderingContext::readPixels):
        * html/canvas/WebGL2RenderingContext.h:
        * platform/graphics/GraphicsContextGL.h:

2020-09-10  Don Olmstead  <don.olmstead@sony.com>

        WebGL2RenderingContext should use Graphics Context types
        https://bugs.webkit.org/show_bug.cgi?id=216310

        Reviewed by Kenneth Russell.

        A number of declarations were using OpenGL types instead of the GCGL types.
        All instances of GL types were replaced with the equivalent GCGL ones. Any
        GL constants were replaced with the listing in GraphicsContext.

        Renamed GraphcsContext::WAIT_FAILED to WAIT_FAILED_WEBGL to remove PLATFORM(WIN)
        defining its own variant WAIT_FAILED_WIN. WAIT_FAILED conflicts with a Windows
        definition.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateTexFuncLayer):
        (WebCore::WebGL2RenderingContext::compressedTexSubImage2D):
        (WebCore::WebGL2RenderingContext::clientWaitSync):
        (WebCore::ValidateTransformFeedbackPrimitiveMode):
        (WebCore::WebGL2RenderingContext::getActiveUniformBlockParameter):
        (WebCore::WebGL2RenderingContext::getParameter):
        (WebCore::WebGL2RenderingContext::validateClearBuffer):
        (WebCore::WebGL2RenderingContext::uniform1fv):
        (WebCore::WebGL2RenderingContext::uniform2fv):
        (WebCore::WebGL2RenderingContext::uniform3fv):
        (WebCore::WebGL2RenderingContext::uniform4fv):
        (WebCore::WebGL2RenderingContext::uniform1iv):
        (WebCore::WebGL2RenderingContext::uniform2iv):
        (WebCore::WebGL2RenderingContext::uniform3iv):
        (WebCore::WebGL2RenderingContext::uniform4iv):
        (WebCore::WebGL2RenderingContext::uniformMatrix2fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix3fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix4fv):
        (WebCore::WebGL2RenderingContext::readPixels):
        * html/canvas/WebGL2RenderingContext.h:
        * platform/graphics/GraphicsContextGL.h:

2020-11-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r269190. rdar://problem/70970247

    Increase camera failing timer to 30 seconds
    https://bugs.webkit.org/show_bug.cgi?id=218389
    
    Reviewed by Eric Carlson.
    
    From testing, 3 seconds is not always enough if getUserMedia is quickly called multiple times.
    Let's increase to 30 seconds to give room for slow systems while still being able to identify failures.
    
    * platform/mediastream/mac/AVVideoCaptureSource.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-30  Youenn Fablet  <youenn@apple.com>

            Increase camera failing timer to 30 seconds
            https://bugs.webkit.org/show_bug.cgi?id=218389

            Reviewed by Eric Carlson.

            From testing, 3 seconds is not always enough if getUserMedia is quickly called multiple times.
            Let's increase to 30 seconds to give room for slow systems while still being able to identify failures.

            * platform/mediastream/mac/AVVideoCaptureSource.h:

2020-11-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266364. rdar://problem/70970205

    Implement WEBGL_compressed_texture_s3tc_srgb extension
    https://bugs.webkit.org/show_bug.cgi?id=215973
    
    Patch by James Darpinian <jdarpinian@chromium.org> on 2020-08-31
    Reviewed by Dean Jackson.
    
    Source/ThirdParty/ANGLE:
    
    * src/libANGLE/renderer/gl/formatutilsgl.cpp:
    (rx::nativegl::ExtAndVersionOrExt):
    (rx::nativegl::BuildInternalFormatInfoMap):
    
    Source/WebCore:
    
    Tested by webgl/2.0.0/conformance/extensions/webgl-compressed-texture-s3tc-srgb.html
    
    * CMakeLists.txt:
    * DerivedSources.make:
    * Sources.txt:
    * WebCore.xcodeproj/project.pbxproj:
    * bindings/js/JSDOMConvertWebGL.cpp:
    (WebCore::convertToJSValue):
    * html/canvas/WebGLCompressedTextureS3TCsRGB.cpp: Added.
    (WebCore::WebGLCompressedTextureS3TCsRGB::WebGLCompressedTextureS3TCsRGB):
    (WebCore::WebGLCompressedTextureS3TCsRGB::getName const):
    (WebCore::WebGLCompressedTextureS3TCsRGB::supported):
    * html/canvas/WebGLCompressedTextureS3TCsRGB.h: Added.
    * html/canvas/WebGLCompressedTextureS3TCsRGB.idl: Added.
    * html/canvas/WebGLExtension.h:
    * html/canvas/WebGLRenderingContext.cpp:
    (WebCore::WebGLRenderingContext::getExtension):
    (WebCore::WebGLRenderingContext::getSupportedExtensions):
    * html/canvas/WebGLRenderingContextBase.cpp:
    (WebCore::WebGLRenderingContextBase::extensionIsEnabled):
    (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
    (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
    (WebCore::WebGLRenderingContextBase::validateCompressedTexSubDimensions):
    * html/canvas/WebGLRenderingContextBase.h:
    * platform/graphics/ExtensionsGL.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-31  James Darpinian  <jdarpinian@chromium.org>

            Implement WEBGL_compressed_texture_s3tc_srgb extension
            https://bugs.webkit.org/show_bug.cgi?id=215973

            Reviewed by Dean Jackson.

            Tested by webgl/2.0.0/conformance/extensions/webgl-compressed-texture-s3tc-srgb.html

            * CMakeLists.txt:
            * DerivedSources.make:
            * Sources.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * bindings/js/JSDOMConvertWebGL.cpp:
            (WebCore::convertToJSValue):
            * html/canvas/WebGLCompressedTextureS3TCsRGB.cpp: Added.
            (WebCore::WebGLCompressedTextureS3TCsRGB::WebGLCompressedTextureS3TCsRGB):
            (WebCore::WebGLCompressedTextureS3TCsRGB::getName const):
            (WebCore::WebGLCompressedTextureS3TCsRGB::supported):
            * html/canvas/WebGLCompressedTextureS3TCsRGB.h: Added.
            * html/canvas/WebGLCompressedTextureS3TCsRGB.idl: Added.
            * html/canvas/WebGLExtension.h:
            * html/canvas/WebGLRenderingContext.cpp:
            (WebCore::WebGLRenderingContext::getExtension):
            (WebCore::WebGLRenderingContext::getSupportedExtensions):
            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::extensionIsEnabled):
            (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
            (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
            (WebCore::WebGLRenderingContextBase::validateCompressedTexSubDimensions):
            * html/canvas/WebGLRenderingContextBase.h:
            * platform/graphics/ExtensionsGL.h:

2020-11-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266362. rdar://problem/70970398

    WebGL goes in a bad state where glContext.createProgram() returns null
    https://bugs.webkit.org/show_bug.cgi?id=215844
    
    Patch by James Darpinian <jdarpinian@chromium.org> on 2020-08-31
    Reviewed by Kenneth Russell.
    
    Added test webgl/2.0.0/conformance/canvas/render-after-resize-test.html
    
    * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
    (WebCore::GraphicsContextGLOpenGL::reshape):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-31  James Darpinian  <jdarpinian@chromium.org>

            WebGL goes in a bad state where glContext.createProgram() returns null
            https://bugs.webkit.org/show_bug.cgi?id=215844

            Reviewed by Kenneth Russell.

            Added test webgl/2.0.0/conformance/canvas/render-after-resize-test.html

            * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
            (WebCore::GraphicsContextGLOpenGL::reshape):

2020-10-29  Russell Epstein  <repstein@apple.com>

        Cherry-pick r269118. rdar://problem/70795320

    macCatalyst WebGL on Apple Silicon devices is using a software renderer
    https://bugs.webkit.org/show_bug.cgi?id=218303
    <rdar://problem/70587571>
    
    Reviewed by Geoffrey Garen.
    
    Source/ThirdParty/ANGLE:
    
    * src/gpu_info_util/SystemInfo.h:
    * src/gpu_info_util/SystemInfo_apple.mm:
    (angle::GetSystemInfo):
    We can just use the macOS version of GetSystemInfo in macCatalyst.
    
    * src/gpu_info_util/SystemInfo_macos.mm:
    (angle::GetSystemInfo_mac):
    * src/libANGLE/Display.cpp:
    * src/libANGLE/formatutils.cpp:
    (gl::BuildInternalFormatInfoMap):
    * src/libANGLE/renderer/gl/renderergl_utils.cpp:
    (rx::nativegl_gl::GenerateCaps):
    It turns out we must use EAGL in macCatalyst on Apple Silicon in all cases,
    not just in-process in iOS apps (the problem is not just about coexistence
    of the two GLs, but actually about our ability to load the accelerated
    renderer /at all/ in macCatalyst processes).
    
    I left the runtime switching in place, because there is a future in which
    we /can/ use CGL in non-iOS-app processes, but that future is not now.
    
    Source/WebCore:
    
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::needsEAGLOnMac):
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTarget):
    (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTargetQuery):
    (WebCore::GraphicsContextGLOpenGL::EGLIOSurfaceTextureTarget):
    (WebCore::isiOSAppOnMac): Deleted.
    See ANGLE ChangeLog.
    
    Source/WebKit:
    
    * UIProcess/mac/HighPerformanceGPUManager.mm:
    (WebKit::HighPerformanceGPUManager::addProcessRequiringHighPerformance):
    (WebKit::HighPerformanceGPUManager::removeProcessRequiringHighPerformance):
    (WebKit::HighPerformanceGPUManager::updateState):
    (WebKit::isiOSAppOnMac): Deleted.
    HighPerformanceGPUManager is PLATFORM(MAC)-only, which is not true
    for MACCATALYST, so delete this dead code.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-28  Tim Horton  <timothy_horton@apple.com>

            macCatalyst WebGL on Apple Silicon devices is using a software renderer
            https://bugs.webkit.org/show_bug.cgi?id=218303
            <rdar://problem/70587571>

            Reviewed by Geoffrey Garen.

            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::needsEAGLOnMac):
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTarget):
            (WebCore::GraphicsContextGLOpenGL::IOSurfaceTextureTargetQuery):
            (WebCore::GraphicsContextGLOpenGL::EGLIOSurfaceTextureTarget):
            (WebCore::isiOSAppOnMac): Deleted.
            See ANGLE ChangeLog.

2020-10-28  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268952. rdar://problem/70795327

    [BigSur] Appending a new WebM init segment between Cluster elements throws an error
    https://bugs.webkit.org/show_bug.cgi?id=218149
    <rdar://problem/70416537>
    
    Reviewed by Eric Carlson.
    
    Source/ThirdParty/libwebrtc:
    
    Add an "OnElementEnd()" callback to libwebm.
    
    * Source/third_party/libwebm/webm_parser/include/webm/callback.h:
    * Source/third_party/libwebm/webm_parser/src/callback.cc:
    * Source/third_party/libwebm/webm_parser/src/master_parser.cc:
    * Source/third_party/libwebm/webm_parser/src/webm_parser.cc:
    
    Source/WebCore:
    
    Test: media/media-source/media-source-webm-init-inside-segment.html
    
    The WebM Byte Stream Format specification states that an "initialization segment" consists
    of both a leading Ebml element and Segment element, and a "media segment" consists of a
    single Cluster element. However, while both Ebml and Segment elements are top-level, Cluster
    elements are contained within a Segment. This means if a client pushes a new "initialization
    segment" after parsing some-but-not-all Clusters within a Segment, the new Ebml and Segment
    elements will  be parsed as children of the preceeding Segment, and the subsquent Segment
    will overflow its "parent's" size.
    
    In order to support appending a new "initialization segment" while still in the middle of
    parsing the previous Segment element, first improve our state tracking in order to determine
    what the current parent element is. Then, when we detect that an Ebml element is parsed
    while still inside a Segment, abort with a simulated error, which when caught, will indicate
    that the parser needs to be reset, and the reader "rewound" to the Ebml's position.
    
    To allow the reader to rewind, we must not throw away appended data as we iterate over them.
    Instead, we will only discard read samples once each parsing pass is fully complete. This
    allows us to "rewind" across appended segment boundaries, if necessary.
    
    Because all WTF::Deque iterators are invalidated whenever any element is removed, and
    because we do not need random-access to the elements in the deque, replace the Deque with a
    StdList to store the incoming data.
    
    * platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.h:
    * platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.mm:
    (WebCore::SourceBufferParserAVFObjC::setLogger):
    * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
    * platform/graphics/cocoa/SourceBufferParser.h:
    * platform/graphics/cocoa/SourceBufferParserWebM.cpp:
    (WTF::LogArgument<webm::Id>::toString):
    (WTF::LogArgument<WebCore::SourceBufferParserWebM::State>::toString):
    (WebCore::logChannel):
    (WebCore::logClassName):
    (WebCore::SourceBufferParserWebM::appendData):
    (WebCore::SourceBufferParserWebM::resetParserState):
    (WebCore::SourceBufferParserWebM::invalidate):
    (WebCore::SourceBufferParserWebM::setLogger):
    (WebCore::SourceBufferParserWebM::OnElementBegin):
    (WebCore::SourceBufferParserWebM::OnElementEnd):
    (WebCore::SourceBufferParserWebM::OnEbml):
    (WebCore::SourceBufferParserWebM::OnSegmentBegin):
    (WebCore::SourceBufferParserWebM::OnInfo):
    (WebCore::SourceBufferParserWebM::OnTrackEntry):
    * platform/graphics/cocoa/SourceBufferParserWebM.h:
    
    LayoutTests:
    
    * media/media-source/content/test-vp9-long-manifest.json: Added.
    * media/media-source/content/test-vp9-long.webm: Added.
    * media/media-source/media-source-webm-init-inside-segment-expected.txt: Added.
    * media/media-source/media-source-webm-init-inside-segment.html: Added.
    * platform/mac/TestExpectations:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268952 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-24  Jer Noble  <jer.noble@apple.com>

            [BigSur] Appending a new WebM init segment between Cluster elements throws an error
            https://bugs.webkit.org/show_bug.cgi?id=218149
            <rdar://problem/70416537>

            Reviewed by Eric Carlson.

            Test: media/media-source/media-source-webm-init-inside-segment.html

            The WebM Byte Stream Format specification states that an "initialization segment" consists
            of both a leading Ebml element and Segment element, and a "media segment" consists of a
            single Cluster element. However, while both Ebml and Segment elements are top-level, Cluster
            elements are contained within a Segment. This means if a client pushes a new "initialization
            segment" after parsing some-but-not-all Clusters within a Segment, the new Ebml and Segment
            elements will  be parsed as children of the preceeding Segment, and the subsquent Segment
            will overflow its "parent's" size.

            In order to support appending a new "initialization segment" while still in the middle of
            parsing the previous Segment element, first improve our state tracking in order to determine
            what the current parent element is. Then, when we detect that an Ebml element is parsed
            while still inside a Segment, abort with a simulated error, which when caught, will indicate
            that the parser needs to be reset, and the reader "rewound" to the Ebml's position.

            To allow the reader to rewind, we must not throw away appended data as we iterate over them.
            Instead, we will only discard read samples once each parsing pass is fully complete. This
            allows us to "rewind" across appended segment boundaries, if necessary.

            Because all WTF::Deque iterators are invalidated whenever any element is removed, and
            because we do not need random-access to the elements in the deque, replace the Deque with a
            StdList to store the incoming data.

            * platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.h:
            * platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.mm:
            (WebCore::SourceBufferParserAVFObjC::setLogger):
            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
            * platform/graphics/cocoa/SourceBufferParser.h:
            * platform/graphics/cocoa/SourceBufferParserWebM.cpp:
            (WTF::LogArgument<webm::Id>::toString):
            (WTF::LogArgument<WebCore::SourceBufferParserWebM::State>::toString):
            (WebCore::logChannel):
            (WebCore::logClassName):
            (WebCore::SourceBufferParserWebM::appendData):
            (WebCore::SourceBufferParserWebM::resetParserState):
            (WebCore::SourceBufferParserWebM::invalidate):
            (WebCore::SourceBufferParserWebM::setLogger):
            (WebCore::SourceBufferParserWebM::OnElementBegin):
            (WebCore::SourceBufferParserWebM::OnElementEnd):
            (WebCore::SourceBufferParserWebM::OnEbml):
            (WebCore::SourceBufferParserWebM::OnSegmentBegin):
            (WebCore::SourceBufferParserWebM::OnInfo):
            (WebCore::SourceBufferParserWebM::OnTrackEntry):
            * platform/graphics/cocoa/SourceBufferParserWebM.h:

2020-10-28  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268791. rdar://problem/70795323

    [iOS] Disable audio capture in the background for non Safari applications
    https://bugs.webkit.org/show_bug.cgi?id=217948
    <rdar://problem/70241557>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    We do not have good OS support when capturing audio in a WebProcess for a backgrounded application.
    Until we have proper support, it seems best to mute audio capture when being backgrounded.
    Manually tested.
    
    * platform/mediastream/mac/RealtimeMediaSourceCenterMac.mm:
    (WebCore::RealtimeMediaSourceCenter::shouldInterruptAudioOnPageVisibilityChange):
    
    LayoutTests:
    
    * platform/ios/mediastream/video-muted-in-background-tab.html:
    By default, audio capture will be muted in WTR if page goes to background.
    Update the test to explicitly request for audio capture to continue while in background.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-21  Youenn Fablet  <youenn@apple.com>

            [iOS] Disable audio capture in the background for non Safari applications
            https://bugs.webkit.org/show_bug.cgi?id=217948
            <rdar://problem/70241557>

            Reviewed by Eric Carlson.

            We do not have good OS support when capturing audio in a WebProcess for a backgrounded application.
            Until we have proper support, it seems best to mute audio capture when being backgrounded.
            Manually tested.

            * platform/mediastream/mac/RealtimeMediaSourceCenterMac.mm:
            (WebCore::RealtimeMediaSourceCenter::shouldInterruptAudioOnPageVisibilityChange):

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268398. rdar://problem/70541902

    Webcam video from navigator.mediaDevices.getUserMedia() to 2D canvas fails on Safari on iPhone
    https://bugs.webkit.org/show_bug.cgi?id=217578
    <rdar://problem/70183875>
    
    Reviewed by Eric Carlson.
    
    It is unneeded for MediaStream video backends to enqueue samples to the display layer if the video element is hidden.
    In iOS, the samples may never be flushed which might cause capture failing after enqueuing too many camera samples.
    To avoid that, we no longer enqueue samples to the display layer when the player is not visible.
    In case of canvas painting, other backends need to be made visible for canvas painting to work.
    For MediaStream backend, we do not need that since we always keep the last sample.
    For that reason, we keep the backend as not visible even if canvas happens.
    We do so by introducing a setVisibleForCanvas that is a no-op for MediaStream backend and similar to setVisible for other backends.
    For good measure, we now flush the MediaStream display layer whenever visibility changed.
    
    Manually tested.
    
    * html/HTMLVideoElement.cpp:
    (WebCore::HTMLVideoElement::paintCurrentFrameInContext):
    * platform/graphics/MediaPlayer.cpp:
    (WebCore::MediaPlayer::setVisibleForCanvas):
    * platform/graphics/MediaPlayer.h:
    * platform/graphics/MediaPlayerPrivate.h:
    (WebCore::MediaPlayerPrivateInterface::setVisibleForCanvas):
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
    (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample):
    (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisible):
    (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisibleForCanvas):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-13  Youenn Fablet  <youenn@apple.com>

            Webcam video from navigator.mediaDevices.getUserMedia() to 2D canvas fails on Safari on iPhone
            https://bugs.webkit.org/show_bug.cgi?id=217578
            <rdar://problem/70183875>

            Reviewed by Eric Carlson.

            It is unneeded for MediaStream video backends to enqueue samples to the display layer if the video element is hidden.
            In iOS, the samples may never be flushed which might cause capture failing after enqueuing too many camera samples.
            To avoid that, we no longer enqueue samples to the display layer when the player is not visible.
            In case of canvas painting, other backends need to be made visible for canvas painting to work.
            For MediaStream backend, we do not need that since we always keep the last sample.
            For that reason, we keep the backend as not visible even if canvas happens.
            We do so by introducing a setVisibleForCanvas that is a no-op for MediaStream backend and similar to setVisible for other backends.
            For good measure, we now flush the MediaStream display layer whenever visibility changed.

            Manually tested.

            * html/HTMLVideoElement.cpp:
            (WebCore::HTMLVideoElement::paintCurrentFrameInContext):
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::setVisibleForCanvas):
            * platform/graphics/MediaPlayer.h:
            * platform/graphics/MediaPlayerPrivate.h:
            (WebCore::MediaPlayerPrivateInterface::setVisibleForCanvas):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample):
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisible):
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisibleForCanvas):

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268712. rdar://problem/70541891

    Fix crash in RenderLayerBacking::updateClippingStackLayerGeometry()
    https://bugs.webkit.org/show_bug.cgi?id=217940
    <rdar://problem/70316952>
    
    Reviewed by Tim Horton.
    
    Crash data suggest that entry.clipData.clippingLayer (which is a WeakRef<RenderLayer>)
    can be null, so check it.
    
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268712 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-19  Simon Fraser  <simon.fraser@apple.com>

            Fix crash in RenderLayerBacking::updateClippingStackLayerGeometry()
            https://bugs.webkit.org/show_bug.cgi?id=217940
            <rdar://problem/70316952>

            Reviewed by Tim Horton.

            Crash data suggest that entry.clipData.clippingLayer (which is a WeakRef<RenderLayer>)
            can be null, so check it.

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268701. rdar://problem/70541911

    Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
    https://bugs.webkit.org/show_bug.cgi?id=217930
    <rdar://problem/70316943>
    
    Reviewed by Tim Horton.
    
    If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
    its layers when tearing down the RenderLayerBacking, and when we determine that we
    longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
    implies that we have a m_ancestorClippingStack).
    
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::destroyGraphicsLayers):
    (WebCore::RenderLayerBacking::updateAncestorClipping):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-19  Simon Fraser  <simon.fraser@apple.com>

            Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
            https://bugs.webkit.org/show_bug.cgi?id=217930
            <rdar://problem/70316943>

            Reviewed by Tim Horton.

            If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
            its layers when tearing down the RenderLayerBacking, and when we determine that we
            longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
            implies that we have a m_ancestorClippingStack).

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::destroyGraphicsLayers):
            (WebCore::RenderLayerBacking::updateAncestorClipping):

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268473. rdar://problem/70541789

    Web Inspector: REGRESSION(r267148): new Big Sur styles are not used
    https://bugs.webkit.org/show_bug.cgi?id=217682
    <rdar://problem/70269030>
    
    Reviewed by Brian Burg.
    
    r267148 changed `navigator.userAgent` from `11_0` to `10_15_7`. This breaks Web Inspector
    styling, which relied on this value to know what OS version it was running on in order to
    know which styles to use.
    
    Source/WebCore:
    
    * inspector/InspectorFrontendHost.idl:
    * inspector/InspectorFrontendHost.h:
    * inspector/InspectorFrontendHost.cpp:
    (WebCore::InspectorFrontendHost::platformVersionName const): Added.
    Derive a lowercased kekab-cased platform version name from `__MAC_OS_X_VERSION_MIN_REQUIRED`.
    
    Source/WebInspectorUI:
    
    * UserInterface/Base/Platform.js:
    * UserInterface/Views/Variables.css:
    (body.mac-platform): Added.
    (body.mac-platform:not(.sierra, .high-sierra)): Deleted.
    Use `InspectorFrontendHost.platformVersionName` instead of `navigator.userAgent`. Remove
    unnecessary platform version names and other unused data.
    
    * UserInterface/Base/Main.js:
    (WI.contentLoaded):
    (WI.undockedTitleAreaHeight): Added.
    * UserInterface/Views/Popover.js:
    (WI.Popover.prototype._update):
    Provide a way to get the undocked title area height for use in JavaScript calculations.
    
    * UserInterface/Controllers/HARBuilder.js:
    (WI.HARBuilder.creator):
    The `WI.Platform.version.build` hasn't changed in a long time, so just remove it.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-14  Devin Rousso  <drousso@apple.com>

            Web Inspector: REGRESSION(r267148): new Big Sur styles are not used
            https://bugs.webkit.org/show_bug.cgi?id=217682
            <rdar://problem/70269030>

            Reviewed by Brian Burg.

            r267148 changed `navigator.userAgent` from `11_0` to `10_15_7`. This breaks Web Inspector
            styling, which relied on this value to know what OS version it was running on in order to
            know which styles to use.

            * inspector/InspectorFrontendHost.idl:
            * inspector/InspectorFrontendHost.h:
            * inspector/InspectorFrontendHost.cpp:
            (WebCore::InspectorFrontendHost::platformVersionName const): Added.
            Derive a lowercased kekab-cased platform version name from `__MAC_OS_X_VERSION_MIN_REQUIRED`.

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268084. rdar://problem/70541921

    AX: Expose lineRangeForPosition for iOS Accessibility code
    https://bugs.webkit.org/show_bug.cgi?id=217256
    <rdar://problem/67478962>
    
    Reviewed by Zalan Bujtas.
    
    Expose the existing lineRangeForPosition method for iOS accessibility.
    
    * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
    (-[WebAccessibilityObjectWrapper lineMarkersForMarker:]):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268084 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-06  Chris Fleizach  <cfleizach@apple.com>

            AX: Expose lineRangeForPosition for iOS Accessibility code
            https://bugs.webkit.org/show_bug.cgi?id=217256
            <rdar://problem/67478962>

            Reviewed by Zalan Bujtas.

            Expose the existing lineRangeForPosition method for iOS accessibility.

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper lineMarkersForMarker:]):

2020-10-21  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266787. rdar://problem/70541715

    AccessibilityMenuList and MenuListPopup notifications need to be posted asynchronously.
    https://bugs.webkit.org/show_bug.cgi?id=216309
    <rdar://problem/68108824>
    
    Reviewed by Chris Fleizach.
    
    MenuList notifications were posted synchronously which triggers a DOM
    layout and style update in the middle of an ongoing DOM mutation update.
    This is unnecessary and, furthermore, causes crashes since the DOM
    layout update cannot be re-entrant. This change makes these
    notifications asynchronous.
    
    * accessibility/AccessibilityMenuList.cpp:
    (WebCore::AccessibilityMenuList::didUpdateActiveOption):
    * accessibility/AccessibilityMenuListPopup.cpp:
    (WebCore::AccessibilityMenuListPopup::didUpdateActiveOption):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-09  Andres Gonzalez  <andresg_22@apple.com>

            AccessibilityMenuList and MenuListPopup notifications need to be posted asynchronously.
            https://bugs.webkit.org/show_bug.cgi?id=216309
            <rdar://problem/68108824>

            Reviewed by Chris Fleizach.

            MenuList notifications were posted synchronously which triggers a DOM
            layout and style update in the middle of an ongoing DOM mutation update.
            This is unnecessary and, furthermore, causes crashes since the DOM
            layout update cannot be re-entrant. This change makes these
            notifications asynchronous.

            * accessibility/AccessibilityMenuList.cpp:
            (WebCore::AccessibilityMenuList::didUpdateActiveOption):
            * accessibility/AccessibilityMenuListPopup.cpp:
            (WebCore::AccessibilityMenuListPopup::didUpdateActiveOption):

2020-10-15  Russell Epstein  <repstein@apple.com>

        Apply patch. rdar://problem/70321689

    2020-10-15  Youenn Fablet  <youennf@gmail.com>

            Improve computation of default audio input and output devices
            https://bugs.webkit.org/show_bug.cgi?id=217652
            <rdar://problem/69857857>

            Previously, we were ensuring the default device is the first in the list if the list was not empty.
            For the first enumeration of devices, we were expecting the default device to be the first in kAudioHardwarePropertyDevices list.
            But this is not guaranteed, so we should make sure to prepend the default device in the list even for the first enumeration.
            Manually tested.

            * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp:
            (WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices):

2020-10-15  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268308. rdar://problem/70321629

    [Mac] AirPlay menu does not show up when AirPlay button is clicked
    https://bugs.webkit.org/show_bug.cgi?id=217536
    <rdar://problem/69973777>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    PAL tries to soft-link the AVRoutePickerView from the AVFoundation framework, rather than the (correct)
    AVKit framework. Remove AVRoutePickerView from AVFoundationSoftLink.h and use the already declared version
    inside AVRoutePickerViewTargetPicker.mm.
    
    * platform/graphics/avfoundation/objc/AVRoutePickerViewTargetPicker.mm:
    (WebCore::AVRoutePickerViewTargetPicker::isAvailable):
    
    Source/WebCore/PAL:
    
    * pal/cocoa/AVFoundationSoftLink.h:
    * pal/cocoa/AVFoundationSoftLink.mm:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-09  Jer Noble  <jer.noble@apple.com>

            [Mac] AirPlay menu does not show up when AirPlay button is clicked
            https://bugs.webkit.org/show_bug.cgi?id=217536
            <rdar://problem/69973777>

            Reviewed by Eric Carlson.

            PAL tries to soft-link the AVRoutePickerView from the AVFoundation framework, rather than the (correct)
            AVKit framework. Remove AVRoutePickerView from AVFoundationSoftLink.h and use the already declared version
            inside AVRoutePickerViewTargetPicker.mm.

            * platform/graphics/avfoundation/objc/AVRoutePickerViewTargetPicker.mm:
            (WebCore::AVRoutePickerViewTargetPicker::isAvailable):

2020-10-08  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266909. rdar://problem/69101091

    Source/WebCore:
    Text replacements at the beginning of a second line are replaced too early
    https://bugs.webkit.org/show_bug.cgi?id=216327
    <rdar://problem/68170353>
    
    Reviewed by Darin Adler.
    
    In the changes in r258871, using SimpleRanges instead of Range causing some side effects
    when the replacements at the beginning of lines. The ranges that we are counting are backwards
    and the return characters are being counted instead of being ignored. There is almost
    certainly a better fix than this, but this patch restores the original logic that
    was present when Range was being used, until a better fix can be worked out.
    
    Test: editing/spelling/text-replacement-first-word-second-line.html
    
    * editing/Editor.cpp:
    (WebCore::Editor::markAndReplaceFor):
    * editing/TextCheckingHelper.cpp:
    (WebCore::TextCheckingParagraph::automaticReplacementStart const):
    (WebCore::TextCheckingParagraph::automaticReplacementLength const):
    * editing/TextCheckingHelper.h:
    
    LayoutTests:
    Overlapping text replacements at the beginning of a line are replaced too early
    https://bugs.webkit.org/show_bug.cgi?id=216327
    
    Reviewed by Darin Adler.
    
    * editing/spelling/text-replacement-first-word-second-line-expected.txt: Added.
    * editing/spelling/text-replacement-first-word-second-line.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266909 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Megan Gardner  <megan_gardner@apple.com>

            Text replacements at the beginning of a second line are replaced too early
            https://bugs.webkit.org/show_bug.cgi?id=216327
            <rdar://problem/68170353>

            Reviewed by Darin Adler.

            In the changes in r258871, using SimpleRanges instead of Range causing some side effects
            when the replacements at the beginning of lines. The ranges that we are counting are backwards
            and the return characters are being counted instead of being ignored. There is almost
            certainly a better fix than this, but this patch restores the original logic that
            was present when Range was being used, until a better fix can be worked out.

            Test: editing/spelling/text-replacement-first-word-second-line.html

            * editing/Editor.cpp:
            (WebCore::Editor::markAndReplaceFor):
            * editing/TextCheckingHelper.cpp:
            (WebCore::TextCheckingParagraph::automaticReplacementStart const):
            (WebCore::TextCheckingParagraph::automaticReplacementLength const):
            * editing/TextCheckingHelper.h:

2020-10-14  Russell Epstein  <repstein@apple.com>

        Cherry-pick r267203. rdar://problem/70310545

    Rename ShouldAllowExternalSchemes to ShouldAllowExternalSchemesButNotAppLinks to clarify what this enum value is for.
    https://bugs.webkit.org/show_bug.cgi?id=216651
    
    Patch by Hoa Dinh <dvh@apple.com> on 2020-09-17
    Reviewed by Alex Christensen.
    
    Rename ShouldAllowExternalSchemes to ShouldAllowExternalSchemesButNotAppLinks and reflects the change where it's used.
    
    Source/WebCore:
    
    Source/WebCore:
    * loader/FrameLoaderTypes.h:
    * page/ContextMenuController.cpp:
    (WebCore::ContextMenuController::contextMenuItemSelected):
    
    Source/WebKit:
    
    Source/WebKit:
    * Shared/SessionState.cpp:
    (WebKit::isValidEnum):
    * UIProcess/API/APINavigationAction.h:
    * UIProcess/API/glib/WebKitWebViewSessionState.cpp:
    (toExternalURLsPolicy):
    (toWebCoreExternalURLsPolicy):
    * UIProcess/WebPageProxy.h:
    * UIProcess/mac/LegacySessionStateCoding.cpp:
    (WebKit::decodeSessionHistoryEntry):
    * WebProcess/InjectedBundle/InjectedBundleNavigationAction.cpp:
    (WebKit::InjectedBundleNavigationAction::InjectedBundleNavigationAction):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267203 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-17  Hoa Dinh  <dvh@apple.com>

            Rename ShouldAllowExternalSchemes to ShouldAllowExternalSchemesButNotAppLinks to clarify what this enum value is for.
            https://bugs.webkit.org/show_bug.cgi?id=216651

            Reviewed by Alex Christensen.

            Rename ShouldAllowExternalSchemes to ShouldAllowExternalSchemesButNotAppLinks and reflects the change where it's used.

            Source/WebCore:
            * loader/FrameLoaderTypes.h:
            * page/ContextMenuController.cpp:
            (WebCore::ContextMenuController::contextMenuItemSelected):

2020-10-14  Russell Epstein  <repstein@apple.com>

        Cherry-pick r268003. rdar://problem/70267725

    Make NetscapePlugInStreamLoaderClient a weak pointer on NetscapePlugInStreamLoader
    <https://webkit.org/b/217237>
    <rdar://problem/69776714>
    
    Reviewed by Alex Christensen.
    
    Source/WebCore:
    
    Could not write a test since reproducing a crash requires
    rapidly reloading a URL to a PDF at random points during the
    previous load.
    
    Make NetscapePlugInStreamLoaderClient a WeakPtr on
    NetscapePlugInStreamLoader, and add nullptr checks for
    NetscapePlugInStreamLoader.m_client as needed.
    
    * loader/NetscapePlugInStreamLoader.cpp:
    (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
    (WebCore::NetscapePlugInStreamLoader::willSendRequest):
    (WebCore::NetscapePlugInStreamLoader::didReceiveResponse):
    (WebCore::NetscapePlugInStreamLoader::didReceiveDataOrBuffer):
    (WebCore::NetscapePlugInStreamLoader::didFinishLoading):
    (WebCore::NetscapePlugInStreamLoader::didFail):
    (WebCore::NetscapePlugInStreamLoader::willCancel):
    * loader/NetscapePlugInStreamLoader.h:
    
    Source/WebKit:
    
    Making NetscapePlugInStreamLoaderClient inherit from
    CanMakeWeakPtr<> caused PDFPlugin to fail to compile because one
    of its parent classes already inherited from CanMakeWeakPtr<>.
    To fix this, extract a PDFPluginStreamLoaderClient class from
    PDFPlugin and link the lifetime of PDFPluginStreamLoaderClient
    to PDFPlugin.
    
    After moving the NetscapePlugInStreamLoaderClient virtual
    methods from PDFPlugin to PDFPluginStreamLoaderClient, add some
    simple methods to PDFPlugin so that PDFPluginStreamLoaderClient
    doesn't access the instance variables directly.  Also make use
    of these new methods in other parts of PDFPlugin.
    
    * WebProcess/Plugins/PDF/PDFPlugin.h:
    (WebKit::PDFPlugin::documentFinishedLoading): Add.
    (WebKit::PDFPlugin::identifierForLoader): Add.
    (WebKit::PDFPlugin::removeOutstandingByteRangeRequest): Add.
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient): Add class.
    * WebProcess/Plugins/PDF/PDFPlugin.mm:
    (WebKit::PDFPlugin::PDFPlugin):
    (WebKit::PDFPlugin::receivedNonLinearizedPDFSentinel):
    (WebKit::PDFPlugin::getResourceBytesAtPosition):
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient::willSendRequest): Move from PDFPlugin.
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient::didReceiveResponse): Ditto.
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient::didReceiveData): Ditto.
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient::didFail): Ditto.
    (WebKit::PDFPlugin::PDFPluginStreamLoaderClient::didFinishLoading): Ditto.
    (WebKit::PDFPlugin::byteRangeRequestForLoader):
    (WebKit::PDFPlugin::forgetLoader):
    (WebKit::PDFPlugin::willSendRequest): Move to PDFPluginStreamLoaderClient.
    (WebKit::PDFPlugin::didReceiveResponse): Ditto.
    (WebKit::PDFPlugin::didReceiveData): Ditto.
    (WebKit::PDFPlugin::didFail): Ditto.
    (WebKit::PDFPlugin::didFinishLoading): Ditto.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-05  David Kilzer  <ddkilzer@apple.com>

            Make NetscapePlugInStreamLoaderClient a weak pointer on NetscapePlugInStreamLoader
            <https://webkit.org/b/217237>
            <rdar://problem/69776714>

            Reviewed by Alex Christensen.

            Could not write a test since reproducing a crash requires
            rapidly reloading a URL to a PDF at random points during the
            previous load.

            Make NetscapePlugInStreamLoaderClient a WeakPtr on
            NetscapePlugInStreamLoader, and add nullptr checks for
            NetscapePlugInStreamLoader.m_client as needed.

            * loader/NetscapePlugInStreamLoader.cpp:
            (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
            (WebCore::NetscapePlugInStreamLoader::willSendRequest):
            (WebCore::NetscapePlugInStreamLoader::didReceiveResponse):
            (WebCore::NetscapePlugInStreamLoader::didReceiveDataOrBuffer):
            (WebCore::NetscapePlugInStreamLoader::didFinishLoading):
            (WebCore::NetscapePlugInStreamLoader::didFail):
            (WebCore::NetscapePlugInStreamLoader::willCancel):
            * loader/NetscapePlugInStreamLoader.h:

2020-10-14  Russell Epstein  <repstein@apple.com>

        Cherry-pick r267116. rdar://problem/70267318

    [macOS Big Sur] CGFontRenderingGetFontSmoothingDisabled() is no longer useful
    https://bugs.webkit.org/show_bug.cgi?id=216588
    <rdar://problem/68657748>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    No new tests because there is no behavior change.
    
    * platform/graphics/coretext/FontCascadeCoreText.cpp:
    (WebCore::FontCascade::isSubpixelAntialiasingAvailable):
    
    Source/WTF:
    
    We can eliminate WebKit's use of it to eventually phase it out entirely.
    
    * wtf/PlatformHave.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-15  Myles C. Maxfield  <mmaxfield@apple.com>

            [macOS Big Sur] CGFontRenderingGetFontSmoothingDisabled() is no longer useful
            https://bugs.webkit.org/show_bug.cgi?id=216588
            <rdar://problem/68657748>

            Reviewed by Simon Fraser.

            No new tests because there is no behavior change.

            * platform/graphics/coretext/FontCascadeCoreText.cpp:
            (WebCore::FontCascade::isSubpixelAntialiasingAvailable):

2020-10-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268371. rdar://problem/70267767

    [macOS] Workaround for MAC_OS_X_VERSION_MAJOR incorrectly including minor version when building
    with Xcode 12 on macOS Big Sur SUs
    https://bugs.webkit.org/show_bug.cgi?id=217602
    rdar://70194453
    
    Patch by Luming Yin <luming_yin@apple.com> on 2020-10-12
    Reviewed by Darin Adler.
    
    The previous workaround turns out to be ineffective because we can't set the value of
    TARGET_MAC_OS_X_VERSION_MAJOR based on a previous value of itself. Introduce a new
    variable TARGET_MAC_OS_X_VERSION_MAJOR to determine whether we need to explicitly
    adjust MAC_OS_X_VERSION_MAJOR to 110000.
    
    PerformanceTests:
    
    * DecoderTest/Configurations/DebugRelease.xcconfig:
    * MediaTime/Configurations/DebugRelease.xcconfig:
    
    Source/bmalloc:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/JavaScriptCore:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/ThirdParty:
    
    * gtest/xcode/Config/General.xcconfig:
    
    Source/ThirdParty/ANGLE:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/ThirdParty/libwebrtc:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebCore:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebCore/PAL:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebInspectorUI:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebKit:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebKitLegacy/mac:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WTF:
    
    * Configurations/DebugRelease.xcconfig:
    
    Tools:
    
    * ContentExtensionTester/Configurations/DebugRelease.xcconfig:
    * DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
    * ImageDiff/cg/Configurations/DebugRelease.xcconfig:
    * MiniBrowser/Configurations/DebugRelease.xcconfig:
    * TestWebKitAPI/Configurations/DebugRelease.xcconfig:
    * WebEditingTester/Configurations/DebugRelease.xcconfig:
    * WebKitTestRunner/Configurations/DebugRelease.xcconfig:
    * lldb/lldbWebKitTester/Configurations/DebugRelease.xcconfig:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-12  Luming Yin  <luming_yin@apple.com>

            [macOS] Workaround for MAC_OS_X_VERSION_MAJOR incorrectly including minor version when building
            with Xcode 12 on macOS Big Sur SUs
            https://bugs.webkit.org/show_bug.cgi?id=217602
            rdar://70194453

            Reviewed by Darin Adler.

            The previous workaround turns out to be ineffective because we can't set the value of
            TARGET_MAC_OS_X_VERSION_MAJOR based on a previous value of itself. Introduce a new
            variable TARGET_MAC_OS_X_VERSION_MAJOR to determine whether we need to explicitly
            adjust MAC_OS_X_VERSION_MAJOR to 110000.

            * Configurations/DebugRelease.xcconfig:

2020-10-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268353. rdar://problem/70267767

    [macOS] Workaround for MAC_OS_X_VERSION_MAJOR incorrectly including minor version when building
    with Xcode 12 on macOS Big Sur SUs
    https://bugs.webkit.org/show_bug.cgi?id=217602
    rdar://70194453
    
    Patch by Luming Yin <luming_yin@apple.com> on 2020-10-12
    Reviewed by Darin Adler.
    
    Due to a bug in Xcode (rdar://70185899), Xcode 12.0 and Xcode 12.1 Beta incorrectly includes the
    minor release number in MAC_OS_X_VERSION_MAJOR, which causes Debug and Release builds of WebKit
    to be misconfigured when building on macOS Big Sur SUs, leading to webpages failing to load.
    
    To work around the Xcode bug, when the MAC_OS_X_VERSION_MAJOR includes the minor version number,
    drop the minor version number by explicitly setting TARGET_MAC_OS_X_VERSION_MAJOR to 110000.
    
    Note: This change should be reverted after <rdar://70185899> is resolved.
    
    PerformanceTests:
    
    * DecoderTest/Configurations/DebugRelease.xcconfig:
    * MediaTime/Configurations/DebugRelease.xcconfig:
    
    Source/bmalloc:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/JavaScriptCore:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/ThirdParty:
    
    * gtest/xcode/Config/General.xcconfig:
    
    Source/ThirdParty/ANGLE:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/ThirdParty/libwebrtc:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebCore:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebCore/PAL:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebInspectorUI:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebKit:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WebKitLegacy/mac:
    
    * Configurations/DebugRelease.xcconfig:
    
    Source/WTF:
    
    * Configurations/DebugRelease.xcconfig:
    
    Tools:
    
    * ContentExtensionTester/Configurations/DebugRelease.xcconfig:
    * DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
    * ImageDiff/cg/Configurations/DebugRelease.xcconfig:
    * MiniBrowser/Configurations/DebugRelease.xcconfig:
    * TestWebKitAPI/Configurations/DebugRelease.xcconfig:
    * WebEditingTester/Configurations/DebugRelease.xcconfig:
    * WebKitTestRunner/Configurations/DebugRelease.xcconfig:
    * lldb/lldbWebKitTester/Configurations/DebugRelease.xcconfig:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-12  Luming Yin  <luming_yin@apple.com>

            [macOS] Workaround for MAC_OS_X_VERSION_MAJOR incorrectly including minor version when building
            with Xcode 12 on macOS Big Sur SUs
            https://bugs.webkit.org/show_bug.cgi?id=217602
            rdar://70194453

            Reviewed by Darin Adler.

            Due to a bug in Xcode (rdar://70185899), Xcode 12.0 and Xcode 12.1 Beta incorrectly includes the
            minor release number in MAC_OS_X_VERSION_MAJOR, which causes Debug and Release builds of WebKit
            to be misconfigured when building on macOS Big Sur SUs, leading to webpages failing to load.

            To work around the Xcode bug, when the MAC_OS_X_VERSION_MAJOR includes the minor version number,
            drop the minor version number by explicitly setting TARGET_MAC_OS_X_VERSION_MAJOR to 110000.

            Note: This change should be reverted after <rdar://70185899> is resolved.

            * Configurations/DebugRelease.xcconfig:

2020-10-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268206. rdar://problem/70267322

    Presidential Executive Order pages not accessible with Safari.
    https://bugs.webkit.org/show_bug.cgi?id=217415
    <rdar://problem/69922416>
    
    Reviewed by Chris Fleizach and Simon Fraser.
    
    Follow up to the previous change for this bug per Simon Fraser's comment.
    Check not only the visibility and opacity of the object in question but
    also of its ancestors.
    Expanded the test accessibility/aria-modal.html to include the case
    where the visibility of the modal dialog is determined by the opacity of
    its parent object.
    
    * accessibility/AXObjectCache.cpp:
    (WebCore::AXObjectCache::isNodeVisible const):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-08  Andres Gonzalez  <andresg_22@apple.com>

            Presidential Executive Order pages not accessible with Safari.
            https://bugs.webkit.org/show_bug.cgi?id=217415
            <rdar://problem/69922416>

            Reviewed by Chris Fleizach and Simon Fraser.

            Follow up to the previous change for this bug per Simon Fraser's comment.
            Check not only the visibility and opacity of the object in question but
            also of its ancestors.
            Expanded the test accessibility/aria-modal.html to include the case
            where the visibility of the modal dialog is determined by the opacity of
            its parent object.

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::isNodeVisible const):

2020-10-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268162. rdar://problem/70267741

    REGRESSION: Safari unable to load PDF in <embed> (docs.legalconnect.com)
    https://bugs.webkit.org/show_bug.cgi?id=217451
    <rdar://problem/69767043>
    
    Reviewed by Alex Christensen.
    
    Source/WebCore:
    
    Test: fast/replaced/pdf-as-embed-with-no-mime-type-is-not-blank.html
    
    If plugins are enabled, we'll always let the request go through, and WebKit will
    guess that files with PDFPlugin-handled extensions should instantiate PDFPlugin,
    even if no other plugins are available.
    
    However, if plugins are disabled, requestPlugin() will early return if the explicitly
    specified MIME type is not handled by an application plugin (even though the downstream
    WebKit code would have happily instantiated an application plugin for us).
    
    Application plugins shouldn't depend on the plugin enablement setting.
    To fix this, have SubframeLoader guess the MIME type if not explicitly specified
    (matching WebKit's behavior), and allow the request if it matches an application plugin.
    
    * loader/SubframeLoader.cpp:
    (WebCore::findPluginMIMETypeFromURL):
    Improve this previously logging-only function to use the lastPathComponent
    of the URL instead of randomly looking at the end of the URL, to ignore
    query strings and fragments when looking for the file extension.
    
    (WebCore::FrameLoader::SubframeLoader::requestPlugin):
    Make use of findPluginMIMETypeFromURL to guess the MIME type if it's not
    explicitly specified. If the guessed MIME type is one that is handled
    by application plugins, allow the request to go out to WebKit (which
    may then instantiate a PDFPlugin, for example).
    
    (WebCore::logPluginRequest):
    (WebCore::FrameLoader::SubframeLoader::requestObject):
    (WebCore::FrameLoader::SubframeLoader::createJavaAppletWidget):
    Pass the URL instead of stringifying it, so we can lastPathComponent as above.
    
    LayoutTests:
    
    * fast/replaced/pdf-as-embed-with-no-mime-type-is-not-blank-expected-mismatch.html: Added.
    * fast/replaced/pdf-as-embed-with-no-mime-type-is-not-blank.html: Added.
    Add a test ensuring that <embed> with no specified MIME type still renders the PDF.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-07  Tim Horton  <timothy_horton@apple.com>

            REGRESSION: Safari unable to load PDF in <embed> (docs.legalconnect.com)
            https://bugs.webkit.org/show_bug.cgi?id=217451
            <rdar://problem/69767043>

            Reviewed by Alex Christensen.

            Test: fast/replaced/pdf-as-embed-with-no-mime-type-is-not-blank.html

            If plugins are enabled, we'll always let the request go through, and WebKit will
            guess that files with PDFPlugin-handled extensions should instantiate PDFPlugin,
            even if no other plugins are available.

            However, if plugins are disabled, requestPlugin() will early return if the explicitly
            specified MIME type is not handled by an application plugin (even though the downstream
            WebKit code would have happily instantiated an application plugin for us).

            Application plugins shouldn't depend on the plugin enablement setting.
            To fix this, have SubframeLoader guess the MIME type if not explicitly specified
            (matching WebKit's behavior), and allow the request if it matches an application plugin.

            * loader/SubframeLoader.cpp:
            (WebCore::findPluginMIMETypeFromURL):
            Improve this previously logging-only function to use the lastPathComponent
            of the URL instead of randomly looking at the end of the URL, to ignore
            query strings and fragments when looking for the file extension.

            (WebCore::FrameLoader::SubframeLoader::requestPlugin):
            Make use of findPluginMIMETypeFromURL to guess the MIME type if it's not
            explicitly specified. If the guessed MIME type is one that is handled
            by application plugins, allow the request to go out to WebKit (which
            may then instantiate a PDFPlugin, for example).

            (WebCore::logPluginRequest):
            (WebCore::FrameLoader::SubframeLoader::requestObject):
            (WebCore::FrameLoader::SubframeLoader::createJavaAppletWidget):
            Pass the URL instead of stringifying it, so we can lastPathComponent as above.

2020-10-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r268117. rdar://problem/70267698

    Presidential Executive Order pages not accessible with Safari.
    https://bugs.webkit.org/show_bug.cgi?id=217415
    
    Reviewed by Chris Fleizach.
    
    Source/WebCore:
    
    Test: accessibility/aria-modal.html.
    
    These pages have a dialog modal element of the form
    
    <div class="popover" role="dialog" aria-modal="true">
    
    with style visible and a display value different from none. This makes
    WebCore/accessibility to treat it as if the dialog were always visible,
    and thus do not convey the content of the page outside the dialog to
    VoiceOver. The author controls the visibility of the dialog using the
    style opacity. This patch adds the check for the opacity to determine
    whether an element is visible or not.
    
    * accessibility/AXObjectCache.cpp:
    (WebCore::AXObjectCache::isNodeVisible const):
    
    LayoutTests:
    
    Expanded this test to cover the case whether the modal dialog visibility
    is controlled by its opacity. Cleaned up JS code and made it work in
    isolated tree mode.
    
    * accessibility/aria-modal-expected.txt:
    * accessibility/aria-modal.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268117 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-06  Andres Gonzalez  <andresg_22@apple.com>

            Presidential Executive Order pages not accessible with Safari.
            https://bugs.webkit.org/show_bug.cgi?id=217415

            Reviewed by Chris Fleizach.

            Test: accessibility/aria-modal.html.

            These pages have a dialog modal element of the form

            <div class="popover" role="dialog" aria-modal="true">

            with style visible and a display value different from none. This makes
            WebCore/accessibility to treat it as if the dialog were always visible,
            and thus do not convey the content of the page outside the dialog to
            VoiceOver. The author controls the visibility of the dialog using the
            style opacity. This patch adds the check for the opacity to determine
            whether an element is visible or not.

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::isNodeVisible const):

2020-10-11  Kocsen Chung  <kocsen_chung@apple.com>

        Cherry-pick r268330. rdar://problem/70189394

    Strip patch version from TARGET_MAC_OS_X_VERSION_MAJOR when building for macOS Big Sur
    or later
    https://bugs.webkit.org/show_bug.cgi?id=217594
    rdar://70188497
    
    Patch by Luming Yin <luming_yin@apple.com> on 2020-10-11
    Reviewed by Darin Adler.
    
    To ensure successful Mac Catalyst WebKit builds, strip the patch version from
    TARGET_MAC_OS_X_VERSION_MAJOR by using two `base:`s on MACOSX_DEPLOYMENT_TARGET.
    
    * Configurations/Base.xcconfig:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-11  Luming Yin  <luming_yin@apple.com>

            Strip patch version from TARGET_MAC_OS_X_VERSION_MAJOR when building for macOS Big Sur
            or later
            https://bugs.webkit.org/show_bug.cgi?id=217594
            rdar://70188497

            Reviewed by Darin Adler.

            To ensure successful Mac Catalyst WebKit builds, strip the patch version from
            TARGET_MAC_OS_X_VERSION_MAJOR by using two `base:`s on MACOSX_DEPLOYMENT_TARGET.

            * Configurations/Base.xcconfig:

2020-10-11  Kocsen Chung  <kocsen_chung@apple.com>

        Cherry-pick r268327. rdar://problem/70189401

    Ignore deployment suffix and identifier when computing major OS version for macOS
    Big Sur and newer
    https://bugs.webkit.org/show_bug.cgi?id=217584
    rdar://70168426
    
    Patch by Luming Yin <luming_yin@apple.com> on 2020-10-11
    Reviewed by Darin Adler.
    
    Stop using MACOSX_DEPLOYMENT_TARGET:suffix:identifier to compute major OS versions.
    Only use the deployment target base for macOS Big Sur and newer. Keep the manual
    definitions for legacy versions of macOS.
    
    * Configurations/Base.xcconfig:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-11  Luming Yin  <luming_yin@apple.com>

            Ignore deployment suffix and identifier when computing major OS version for macOS
            Big Sur and newer
            https://bugs.webkit.org/show_bug.cgi?id=217584
            rdar://70168426

            Reviewed by Darin Adler.

            Stop using MACOSX_DEPLOYMENT_TARGET:suffix:identifier to compute major OS versions.
            Only use the deployment target base for macOS Big Sur and newer. Keep the manual
            definitions for legacy versions of macOS.

            * Configurations/Base.xcconfig:

2020-10-07  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267081. rdar://problem/70056594

    End of media capture should not be reported before 3 seconds of the start of capture
    https://bugs.webkit.org/show_bug.cgi?id=216415
    Source/WebCore:
    
    Reviewed by Eric Carlson.
    
    Add a timer that allows taking a function and a delay as parameter.
    Covered by added API test.
    
    * platform/Timer.h:
    (WebCore::DeferrableTaskTimer::fired):
    (WebCore::DeferrableTaskTimer::doTask):
    (WebCore::DeferrableTaskTimer::cancel):
    
    Source/WebKit:
    
    <rdar://problem/68512358>
    
    Reviewed by Eric Carlson.
    
    Add support for delaying of end of capture notification to the application.
    This allows to ensure that a capture indicator stays for long enough for the user to notice it.
    A capture indicator should be visible to the user for at least three seconds.
    
    A timer is scheduled when starting a capture and there is no ongoing capture.
    As long as the timer is active, the capture state cannot be transitioned to no capture.
    Other transitions are allowed.
    Once the timer kicks in, any capture state update is done synchronously.
    Ensure to update the capture state when the timer kicks in.
    
    Note that even navigations will not allow transitioning the capture state sooner.
    This is done to ensure a page does not try to capture one frame before navigating to another page.
    In practice, very few pages should navigate quickly after starting capture.
    
    * UIProcess/API/C/WKPage.cpp:
    (WKPageGetMediaState):
    (WKPageSetMediaCaptureReportingDelayForTesting):
    * UIProcess/API/C/WKPagePrivate.h:
    * UIProcess/API/Cocoa/WKWebView.mm:
    (-[WKWebView _mediaCaptureState]):
    * UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
    * UIProcess/API/Cocoa/WKWebViewTesting.mm:
    (-[WKWebView _mediaCaptureReportingDelayForTesting]):
    (-[WKWebView _setMediaCaptureReportingDelayForTesting:]):
    * UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::updatePlayingMediaDidChange):
    (WebKit::WebPageProxy::updateReportedMediaCaptureState):
    * UIProcess/WebPageProxy.h:
    (WebKit::WebPageProxy::reportedMediaCaptureState const):
    (WebKit::WebPageProxy::mediaCaptureReportingDelay const):
    (WebKit::WebPageProxy::setMediaCaptureReportingDelay):
    
    Tools:
    
    Reviewed by Eric Carlson.
    
    * TestWebKitAPI/Tests/WebKit/GetUserMedia.mm:
    (TestWebKitAPI::TEST):
    * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
    (-[GetUserMediaUIDelegate _webView:mediaCaptureStateDidChange:]):
    Add a notCapturing boolean and wait for the notification before going back to the capturing page.
    Decrease delay to 1 second to make the test run faster.
    * WebKitTestRunner/TestController.cpp:
    (WTR::TestController::resetStateToConsistentValues):
    Make sure to set media capture state delay to zero.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-15  Youenn Fablet  <youenn@apple.com>

            End of media capture should not be reported before 3 seconds of the start of capture
            https://bugs.webkit.org/show_bug.cgi?id=216415

            Reviewed by Eric Carlson.

            Add a timer that allows taking a function and a delay as parameter.
            Covered by added API test.

            * platform/Timer.h:
            (WebCore::DeferrableTaskTimer::fired):
            (WebCore::DeferrableTaskTimer::doTask):
            (WebCore::DeferrableTaskTimer::cancel):

2020-10-07  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267838. rdar://problem/70056580

    getUserMedia with sampleRate constraints may fail
    https://bugs.webkit.org/show_bug.cgi?id=217147
    <rdar://problem/69831144>
    
    Reviewed by Eric Carlson.
    
    In case of new capture, make sure to reset sample rate and volume to default values.
    This ensures that a sample rate that will fail the capture will not stick for other pages.
    Manually tested.
    
    * platform/mediastream/mac/BaseAudioSharedUnit.cpp:
    (WebCore::BaseAudioSharedUnit::prepareForNewCapture):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-01  Youenn Fablet  <youenn@apple.com>

            getUserMedia with sampleRate constraints may fail
            https://bugs.webkit.org/show_bug.cgi?id=217147
            <rdar://problem/69831144>

            Reviewed by Eric Carlson.

            In case of new capture, make sure to reset sample rate and volume to default values.
            This ensures that a sample rate that will fail the capture will not stick for other pages.
            Manually tested.

            * platform/mediastream/mac/BaseAudioSharedUnit.cpp:
            (WebCore::BaseAudioSharedUnit::prepareForNewCapture):

2020-10-07  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267414. rdar://problem/70056613

    Implement a default prompt for getUserMedia
    https://bugs.webkit.org/show_bug.cgi?id=216821
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Manually tested by running Minibrowser.
    
    * en.lproj/Localizable.strings:
    
    Source/WebKit:
    
    Move preferences used by WebRTC develop menu to internals.
    This allows having them in MiniBrowser.
    
    Enable video capture in UIProcess by default for non Safari applications.
    Add support for a getUserMedia prompt, very similar to iOS current prompt.
    Use the prompt in case the application does not implement any of the two delegates.
    
    * Shared/WebPreferences.yaml:
    * Shared/WebPreferencesDefaultValues.cpp:
    (WebKit::defaultCaptureVideoInUIProcessEnabled):
    * Shared/WebPreferencesDefaultValues.h:
    * Shared/WebPreferencesExperimental.yaml:
    * Shared/WebPreferencesInternal.yaml:
    * UIProcess/Cocoa/UIDelegate.h:
    * UIProcess/Cocoa/UIDelegate.mm:
    (WebKit::UIDelegate::setDelegate):
    (WebKit::requestUserMediaAuthorizationForFrame):
    (WebKit::UIDelegate::UIClient::decidePolicyForUserMediaPermissionRequest):
    * UIProcess/Cocoa/WKUserMediaCaptureAccessAlert.h: Added.
    * UIProcess/Cocoa/WKUserMediaCaptureAccessAlert.mm: Added.
    (WebKit::visibleDomain):
    (WebKit::alertMessageText):
    (WebKit::presentUserMediaCaptureAccessAlert):
    * WebKit.xcodeproj/project.pbxproj:
    
    Tools:
    
    Remove getUserMedia delegate implementations to use WebKit built-in prompt.
    Add camera and microphone entitlements to allow using real cameras and microphones.
    Keep using mock devices as the default.
    
    * MiniBrowser/MiniBrowser.entitlements:
    * MiniBrowser/mac/WK2BrowserWindowController.m:
    (-[WK2BrowserWindowController _webView:requestMediaCaptureAuthorization:decisionHandler:]): Deleted.
    (-[WK2BrowserWindowController _webView:includeSensitiveMediaDeviceDetails:]): Deleted.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-22  Youenn Fablet  <youenn@apple.com>

            Implement a default prompt for getUserMedia
            https://bugs.webkit.org/show_bug.cgi?id=216821

            Reviewed by Eric Carlson.

            Manually tested by running Minibrowser.

            * en.lproj/Localizable.strings:

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267987. rdar://problem/70025699

    MediaRecorder should respect enabled and muted tracks
    https://bugs.webkit.org/show_bug.cgi?id=217312
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    If track is muted, replace it by either silence (audio buffer filled with zeros) or black frames.
    MediaRecorderPrivate will keep track of whether the selected track should be muted.
    It is then the responsibility of the specialization to do the appropriate processing.
    
    Test: http/wpt/mediarecorder/mute-tracks.html
    
    * Modules/mediarecorder/MediaRecorder.cpp:
    (WebCore::MediaRecorder::trackMutedChanged):
    (WebCore::MediaRecorder::trackEnabledChanged):
    * Modules/mediarecorder/MediaRecorder.h:
    * platform/audio/cocoa/WebAudioBufferList.cpp:
    (WebCore::WebAudioBufferList::zeroFlatBuffer):
    * platform/audio/cocoa/WebAudioBufferList.h:
    * platform/mediarecorder/MediaRecorderPrivate.cpp:
    (WebCore::MediaRecorderPrivate::selectTracks):
    (WebCore::MediaRecorderPrivate::checkTrackState):
    * platform/mediarecorder/MediaRecorderPrivate.h:
    (WebCore::MediaRecorderPrivate::trackMutedChanged):
    (WebCore::MediaRecorderPrivate::trackEnabledChanged):
    (WebCore::MediaRecorderPrivate::shouldMuteAudio const):
    (WebCore::MediaRecorderPrivate::shouldMuteVideo const):
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
    (WebCore::MediaRecorderPrivateAVFImpl::create):
    (WebCore::MediaRecorderPrivateAVFImpl::videoSampleAvailable):
    (WebCore::MediaRecorderPrivateAVFImpl::audioSamplesAvailable):
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
    
    LayoutTests:
    
    * http/wpt/mediarecorder/mute-tracks-expected.txt: Added.
    * http/wpt/mediarecorder/mute-tracks.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267987 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-05  Youenn Fablet  <youenn@apple.com>

            MediaRecorder should respect enabled and muted tracks
            https://bugs.webkit.org/show_bug.cgi?id=217312

            Reviewed by Eric Carlson.

            If track is muted, replace it by either silence (audio buffer filled with zeros) or black frames.
            MediaRecorderPrivate will keep track of whether the selected track should be muted.
            It is then the responsibility of the specialization to do the appropriate processing.

            Test: http/wpt/mediarecorder/mute-tracks.html

            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::trackMutedChanged):
            (WebCore::MediaRecorder::trackEnabledChanged):
            * Modules/mediarecorder/MediaRecorder.h:
            * platform/audio/cocoa/WebAudioBufferList.cpp:
            (WebCore::WebAudioBufferList::zeroFlatBuffer):
            * platform/audio/cocoa/WebAudioBufferList.h:
            * platform/mediarecorder/MediaRecorderPrivate.cpp:
            (WebCore::MediaRecorderPrivate::selectTracks):
            (WebCore::MediaRecorderPrivate::checkTrackState):
            * platform/mediarecorder/MediaRecorderPrivate.h:
            (WebCore::MediaRecorderPrivate::trackMutedChanged):
            (WebCore::MediaRecorderPrivate::trackEnabledChanged):
            (WebCore::MediaRecorderPrivate::shouldMuteAudio const):
            (WebCore::MediaRecorderPrivate::shouldMuteVideo const):
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
            (WebCore::MediaRecorderPrivateAVFImpl::create):
            (WebCore::MediaRecorderPrivateAVFImpl::videoSampleAvailable):
            (WebCore::MediaRecorderPrivateAVFImpl::audioSamplesAvailable):
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267870. rdar://problem/70025703

    Add AVAssetWriter SPI header
    https://bugs.webkit.org/show_bug.cgi?id=217169
    <rdar://problem/69793050>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    No change of behavior, include SPI header instead of private SDK header.
    
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    
    Source/WebCore/PAL:
    
    * PAL.xcodeproj/project.pbxproj:
    * pal/spi/cocoa/AVAssetWriterSPI.h: Added.
    
    Source/WTF:
    
    * wtf/PlatformHave.h:
    Remove dependency on AVAssetWriter_private.h.
    Introduce HAVE_AVASSETWRITERDELEGATE_API for older OSes that only have delegate as SPI.
    
    LayoutTests:
    
    Enable tests by default on Catalina+, disable them on Mojave and WK1.
    Disable tests for iOS13.
    
    * TestExpectations:
    * platform/ios-13/TestExpectations:
    * platform/mac/TestExpectations:
    * platform/mac-wk1/TestExpectations:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-02  Youenn Fablet  <youenn@apple.com>

            Add AVAssetWriter SPI header
            https://bugs.webkit.org/show_bug.cgi?id=217169
            <rdar://problem/69793050>

            Reviewed by Eric Carlson.

            No change of behavior, include SPI header instead of private SDK header.

            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267941. rdar://problem/70024420

    Make sure MediaRecorder does not call fetchData until the last fetchData is completed
    https://bugs.webkit.org/show_bug.cgi?id=217276
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    When fetchData is called while an existing fetchData is inflight, enqueue the callback in a deque.
    When the inflight fetchData completes, call the enqueued callbacks in order with a null blob.
    
    Add ASSERT in MediaRecorderPrivateWriter to make sure we do not call requestMediaDataWhenReadyOnQueue too many times.
    
    Covered by updated http/wpt/mediarecorder/MediaRecorder-dataavailable.html.
    
    * Modules/mediarecorder/MediaRecorder.cpp:
    (WebCore::MediaRecorder::stopRecording):
    (WebCore::MediaRecorder::requestData):
    Do not enable the timer if MediaRecorder is not active as a small optimization.
    (WebCore::MediaRecorder::fetchData):
    * Modules/mediarecorder/MediaRecorder.h:
    * platform/mediarecorder/MediaRecorderPrivateMock.cpp:
    (WebCore::MediaRecorderPrivateMock::fetchData):
    * platform/mediarecorder/MediaRecorderPrivateMock.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    (WebCore::MediaRecorderPrivateWriter::flushCompressedSampleBuffers):
    
    LayoutTests:
    
    Add test to cover patch
    Update some test expectations according bot results.
    
    * http/wpt/mediarecorder/MediaRecorder-dataavailable-expected.txt:
    * http/wpt/mediarecorder/MediaRecorder-dataavailable.html:
    * platform/mac/TestExpectations:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267941 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-04  Youenn Fablet  <youenn@apple.com>

            Make sure MediaRecorder does not call fetchData until the last fetchData is completed
            https://bugs.webkit.org/show_bug.cgi?id=217276

            Reviewed by Darin Adler.

            When fetchData is called while an existing fetchData is inflight, enqueue the callback in a deque.
            When the inflight fetchData completes, call the enqueued callbacks in order with a null blob.

            Add ASSERT in MediaRecorderPrivateWriter to make sure we do not call requestMediaDataWhenReadyOnQueue too many times.

            Covered by updated http/wpt/mediarecorder/MediaRecorder-dataavailable.html.

            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::stopRecording):
            (WebCore::MediaRecorder::requestData):
            Do not enable the timer if MediaRecorder is not active as a small optimization.
            (WebCore::MediaRecorder::fetchData):
            * Modules/mediarecorder/MediaRecorder.h:
            * platform/mediarecorder/MediaRecorderPrivateMock.cpp:
            (WebCore::MediaRecorderPrivateMock::fetchData):
            * platform/mediarecorder/MediaRecorderPrivateMock.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::flushCompressedSampleBuffers):

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267833. rdar://problem/70024626

    MediaRecorder should support MediaRecorderOptions.mimeType
    https://bugs.webkit.org/show_bug.cgi?id=215018
    <rdar://problem/66681508>
    
    Reviewed by Eric Carlson.
    
    LayoutTests/imported/w3c:
    
    * web-platform-tests/mediacapture-record/MediaRecorder-mimetype-expected.txt:
    
    Source/WebCore:
    
    Instead of setting mime type right away, set it just before firing start event as per spec.
    This will allow in the future to populate exact codec parameters if proven useful.
    
    Covered by rebased and updated tests.
    
    * Modules/mediarecorder/MediaRecorder.cpp:
    (WebCore::MediaRecorder::create):
    (WebCore::MediaRecorder::startRecording):
    * platform/mediarecorder/MediaRecorderPrivate.h:
    (WebCore::MediaRecorderPrivate::startRecording):
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
    
    Source/WebKit:
    
    Update code to pass mimeType as part of startRecording callback.
    
    * GPUProcess/webrtc/RemoteMediaRecorder.h:
    (WebKit::RemoteMediaRecorder::mimeType const):
    * GPUProcess/webrtc/RemoteMediaRecorderManager.cpp:
    (WebKit::RemoteMediaRecorderManager::createRecorder):
    * GPUProcess/webrtc/RemoteMediaRecorderManager.h:
    * GPUProcess/webrtc/RemoteMediaRecorderManager.messages.in:
    * WebProcess/GPU/webrtc/MediaRecorderPrivate.cpp:
    (WebKit::MediaRecorderPrivate::startRecording):
    * WebProcess/GPU/webrtc/MediaRecorderPrivate.h:
    
    LayoutTests:
    
    Update test to expect setting of the mime type after start event.
    
    * http/wpt/mediarecorder/mimeType.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-01  Youenn Fablet  <youenn@apple.com>

            MediaRecorder should support MediaRecorderOptions.mimeType
            https://bugs.webkit.org/show_bug.cgi?id=215018
            <rdar://problem/66681508>

            Reviewed by Eric Carlson.

            Instead of setting mime type right away, set it just before firing start event as per spec.
            This will allow in the future to populate exact codec parameters if proven useful.

            Covered by rebased and updated tests.

            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::create):
            (WebCore::MediaRecorder::startRecording):
            * platform/mediarecorder/MediaRecorderPrivate.h:
            (WebCore::MediaRecorderPrivate::startRecording):
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267822. rdar://problem/70024621

    MediaRecorder should allow setting low bit rates for audio
    https://bugs.webkit.org/show_bug.cgi?id=216688
    <rdar://problem/69129142>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    When setting the bitrate provided by the web app fails, we now use default bit rate values that are expected to work properly.
    Covered by updated tests.
    
    * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.h:
    * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.mm:
    (WebCore::AudioSampleBufferCompressor::setBitsPerSecond):
    (WebCore::AudioSampleBufferCompressor::defaultOutputBitRate const):
    (WebCore::AudioSampleBufferCompressor::initAudioConverterForSourceFormatDescription):
    
    LayoutTests:
    
    Add more bitrate tests.
    
    * http/wpt/mediarecorder/MediaRecorder-audio-bitrate.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-01  Youenn Fablet  <youenn@apple.com>

            MediaRecorder should allow setting low bit rates for audio
            https://bugs.webkit.org/show_bug.cgi?id=216688
            <rdar://problem/69129142>

            Reviewed by Eric Carlson.

            When setting the bitrate provided by the web app fails, we now use default bit rate values that are expected to work properly.
            Covered by updated tests.

            * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.h:
            * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.mm:
            (WebCore::AudioSampleBufferCompressor::setBitsPerSecond):
            (WebCore::AudioSampleBufferCompressor::defaultOutputBitRate const):
            (WebCore::AudioSampleBufferCompressor::initAudioConverterForSourceFormatDescription):

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267825. rdar://problem/70024248

    MediaRecorder should support isTypeSupported
    https://bugs.webkit.org/show_bug.cgi?id=216856
    LayoutTests/imported/w3c:
    
    Reviewed by Darin Adler.
    
    * web-platform-tests/mediacapture-record/MediaRecorder-mimetype-expected.txt:
    * web-platform-tests/mediacapture-record/MediaRecorder-peerconnection.https-expected.txt:
    * web-platform-tests/mediacapture-record/idlharness.window-expected.txt:
    * web-platform-tests/mediacapture-record/passthrough/MediaRecorder-passthrough.https-expected.txt:
    * web-platform-tests/mediacapture-record/passthrough/MediaRecorder-passthrough.https.html:
    Remove JS console log error line.
    
    Source/WebCore:
    
    <rdar://problem/69767695>
    
    Reviewed by Darin Adler.
    
    Introduce MediaRecorder::isMimeTypeSupported whose result is exposed as MediaRecoder.isTypeSupported.
    Cocoa port allows mp4 audio and video mime types, with H264 and AAC codecs.
    Add a routine to get the mime type from the MediaRecorderPrivate.
    Store it in MediaRecorder and add a mimeType getter.
    
    Test: http/wpt/mediarecorder/mimeType.html
    
    * Modules/mediarecorder/MediaRecorder.cpp:
    (WebCore::MediaRecorder::isTypeSupported):
    (WebCore::MediaRecorder::create):
    * Modules/mediarecorder/MediaRecorder.h:
    * Modules/mediarecorder/MediaRecorder.idl:
    * Modules/mediarecorder/MediaRecorderProvider.cpp:
    (WebCore::MediaRecorderProvider::isSupported):
    * Modules/mediarecorder/MediaRecorderProvider.h:
    * platform/mediarecorder/MediaRecorderPrivate.h:
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
    (WebCore::MediaRecorderPrivateAVFImpl::mimeType const):
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
    * platform/mediarecorder/MediaRecorderPrivateMock.cpp:
    (WebCore::MediaRecorderPrivateMock::mimeType const):
    * platform/mediarecorder/MediaRecorderPrivateMock.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    (WebCore::MediaRecorderPrivateWriter::mimeType const):
    * platform/mediastream/MediaStreamPrivate.h:
    
    Source/WebKit:
    
    <rdar://problem/69767695>
    
    Reviewed by Darin Adler.
    
    Stop passing mimeType for each data blob.
    Instead, compute it on WebProcess side.
    
    * GPUProcess/webrtc/RemoteMediaRecorder.cpp:
    (WebKit::RemoteMediaRecorder::fetchData):
    * GPUProcess/webrtc/RemoteMediaRecorder.h:
    * GPUProcess/webrtc/RemoteMediaRecorder.messages.in:
    * WebProcess/GPU/webrtc/MediaRecorderPrivate.cpp:
    (WebKit::MediaRecorderPrivate::MediaRecorderPrivate):
    (WebKit::MediaRecorderPrivate::fetchData):
    (WebKit::MediaRecorderPrivate::mimeType const):
    * WebProcess/GPU/webrtc/MediaRecorderPrivate.h:
    
    LayoutTests:
    
    Reviewed by Darin Adler.
    
    * http/wpt/mediarecorder/mimeType-expected.txt: Added.
    * http/wpt/mediarecorder/mimeType.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-01  Youenn Fablet  <youenn@apple.com>

            MediaRecorder should support isTypeSupported
            https://bugs.webkit.org/show_bug.cgi?id=216856
            <rdar://problem/69767695>

            Reviewed by Darin Adler.

            Introduce MediaRecorder::isMimeTypeSupported whose result is exposed as MediaRecoder.isTypeSupported.
            Cocoa port allows mp4 audio and video mime types, with H264 and AAC codecs.
            Add a routine to get the mime type from the MediaRecorderPrivate.
            Store it in MediaRecorder and add a mimeType getter.

            Test: http/wpt/mediarecorder/mimeType.html

            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::isTypeSupported):
            (WebCore::MediaRecorder::create):
            * Modules/mediarecorder/MediaRecorder.h:
            * Modules/mediarecorder/MediaRecorder.idl:
            * Modules/mediarecorder/MediaRecorderProvider.cpp:
            (WebCore::MediaRecorderProvider::isSupported):
            * Modules/mediarecorder/MediaRecorderProvider.h:
            * platform/mediarecorder/MediaRecorderPrivate.h:
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
            (WebCore::MediaRecorderPrivateAVFImpl::mimeType const):
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
            * platform/mediarecorder/MediaRecorderPrivateMock.cpp:
            (WebCore::MediaRecorderPrivateMock::mimeType const):
            * platform/mediarecorder/MediaRecorderPrivateMock.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::mimeType const):
            * platform/mediastream/MediaStreamPrivate.h:

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267828. rdar://problem/70023908

    [iOS] MediaRecorder incorrect screen orientation handling
    https://bugs.webkit.org/show_bug.cgi?id=198912
    <rdar://problem/51802521>
    
    Reviewed by Eric Carlson.
    
    We were setting the transform to the writer input too soon.
    Buffer the transform when receiving the first frame and set it at creation of the writer input.
    
    Covered by http/wpt/mediarecorder/video-rotation.html now actually passing.
    
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    (WebCore::MediaRecorderPrivateWriter::startAssetWriter):
    (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267828 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-01  Youenn Fablet  <youenn@apple.com>

            [iOS] MediaRecorder incorrect screen orientation handling
            https://bugs.webkit.org/show_bug.cgi?id=198912
            <rdar://problem/51802521>

            Reviewed by Eric Carlson.

            We were setting the transform to the writer input too soon.
            Buffer the transform when receiving the first frame and set it at creation of the writer input.

            Covered by http/wpt/mediarecorder/video-rotation.html now actually passing.

            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::startAssetWriter):
            (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267521. rdar://problem/70023915

    REGRESSION (iOS/Safari 14): MediaRecorder produces invalid video files
    https://bugs.webkit.org/show_bug.cgi?id=216832
    <rdar://problem/69377550>
    
    Reviewed by Eric Carlson.
    
    Start the audio and video timestamps at zero.
    Compute the audio timestamp based on the sample count and the video timestamp based
    on the time at which the video sample is received.
    
    Covered by manually testing Safari generated videos on VLC, Chrome and Firefox.
    
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    (WebCore::MediaRecorderPrivateWriter::initialize):
    (WebCore::MediaRecorderPrivateWriter::startAssetWriter):
    (WebCore::copySampleBufferWithCurrentTimeStamp):
    (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):
    (WebCore::createAudioSampleBuffer):
    (WebCore::MediaRecorderPrivateWriter::appendAudioSampleBuffer):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-24  Youenn Fablet  <youenn@apple.com>

            REGRESSION (iOS/Safari 14): MediaRecorder produces invalid video files
            https://bugs.webkit.org/show_bug.cgi?id=216832
            <rdar://problem/69377550>

            Reviewed by Eric Carlson.

            Start the audio and video timestamps at zero.
            Compute the audio timestamp based on the sample count and the video timestamp based
            on the time at which the video sample is received.

            Covered by manually testing Safari generated videos on VLC, Chrome and Firefox.

            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::initialize):
            (WebCore::MediaRecorderPrivateWriter::startAssetWriter):
            (WebCore::copySampleBufferWithCurrentTimeStamp):
            (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):
            (WebCore::createAudioSampleBuffer):
            (WebCore::MediaRecorderPrivateWriter::appendAudioSampleBuffer):

2020-10-06  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267366. rdar://problem/70023908

    [iOS] MediaRecorder incorrect screen orientation handling
    https://bugs.webkit.org/show_bug.cgi?id=198912
    <rdar://problem/51802521>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Update MediaRecorderPrivateWriterCocoa to pass a MediaSample down to handle rotation.
    Set AVAssetWriterInput transform according the first MediaSample rotation value.
    
    Test: http/wpt/mediarecorder/video-rotation.html
    
    * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
    (WebCore::MediaRecorderPrivateAVFImpl::videoSampleAvailable):
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
    * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
    (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):
    
    Source/WebKit:
    
    * GPUProcess/webrtc/RemoteMediaRecorder.cpp:
    (WebKit::RemoteMediaRecorder::videoSampleAvailable):
    
    LayoutTests:
    
    * http/wpt/mediarecorder/video-rotation-expected.txt: Added.
    * http/wpt/mediarecorder/video-rotation.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-21  Youenn Fablet  <youenn@apple.com>

            [iOS] MediaRecorder incorrect screen orientation handling
            https://bugs.webkit.org/show_bug.cgi?id=198912
            <rdar://problem/51802521>

            Reviewed by Eric Carlson.

            Update MediaRecorderPrivateWriterCocoa to pass a MediaSample down to handle rotation.
            Set AVAssetWriterInput transform according the first MediaSample rotation value.

            Test: http/wpt/mediarecorder/video-rotation.html

            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
            (WebCore::MediaRecorderPrivateAVFImpl::videoSampleAvailable):
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::appendVideoSampleBuffer):

2020-10-06  Alan Coon  <alancoon@apple.com>

        Apply patch. rdar://problem/70010322

    2020-10-06  Youenn Fablet  <youenn@apple.com>

            Add support for MediaRecorder bitrate options
            https://bugs.webkit.org/show_bug.cgi?id=214973

            Reviewed by Eric Carlson.

            Pipe options to MediaRecorderPrivate constructor.
            For the actual implementation, pass it down to VideoSampleBufferCompressor and AudioSampleBufferCompressor.
            For AudioSampleBufferCompressor, we do not handle well some bit rates, so for now, we limit to specific values.

            Tests: http/wpt/mediarecorder/MediaRecorder-audio-bitrate.html
                   http/wpt/mediarecorder/MediaRecorder-video-bitrate.html

            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::create):
            (WebCore::MediaRecorder::createMediaRecorderPrivate):
            (WebCore::MediaRecorder::MediaRecorder):
            (WebCore::MediaRecorder::startRecording):
            * Modules/mediarecorder/MediaRecorder.h:
            * Modules/mediarecorder/MediaRecorderProvider.cpp:
            (WebCore::MediaRecorderProvider::createMediaRecorderPrivate):
            * Modules/mediarecorder/MediaRecorderProvider.h:
            * WebCore.xcodeproj/project.pbxproj:
            * loader/EmptyClients.cpp:
            * platform/mediarecorder/MediaRecorderPrivate.h:
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
            (WebCore::MediaRecorderPrivateAVFImpl::create):
            * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
            * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.h:
            * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.mm:
            (WebCore::AudioSampleBufferCompressor::setBitsPerSecond):
            (WebCore::AudioSampleBufferCompressor::outputBitRate const):
            (WebCore::AudioSampleBufferCompressor::initAudioConverterForSourceFormatDescription):
            Do not exit when not able to set bitrate as we still want to set m_maxOutputPacketSize.
            In case of error in setting up the converter, clean it up so that we do not use a partially set up converter.
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
            * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
            (WebCore::MediaRecorderPrivateWriter::create):
            (WebCore::MediaRecorderPrivateWriter::setOptions):
            * platform/mediarecorder/cocoa/VideoSampleBufferCompressor.h:
            * platform/mediarecorder/cocoa/VideoSampleBufferCompressor.mm:
            (WebCore::VideoSampleBufferCompressor::setBitsPerSecond):
            (WebCore::setCompressionSessionProperty):
            (WebCore::VideoSampleBufferCompressor::initCompressionSession):
            * testing/Internals.cpp:
            (WebCore::createRecorderMockSource):

2020-10-05  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267869. rdar://problem/69904332

    [iOS WK1] Crashes when using ANGLE WebGL from another thread
    https://bugs.webkit.org/show_bug.cgi?id=216106
    <rdar://problem/68602452>
    
    Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2020-10-02
    Reviewed by Kenneth Russell.
    
    Source/ThirdParty/ANGLE:
    
    Add two extensions for EAGL and CGL backends to declare the
    underlying platform context being "volatile". It means that
    the thread-global current context is being modified behind
    ANGLE. If ANGLE context is marked volatile for a particular
    API, it will sync the underlying context for every EGL
    function that needs the context. Most intuitive use is
    for the client to call eglMakeCurrent before calling any
    gl function if the client knowns the platform state might
    be dirty.
    
    Implement eglReleaseThread for EAGL and CGL backends.
    Releasing thread will unset the platform current context.
    
    Fix a bug of omitting EGL_ANGLE_device_eagl from being
    advertised.
    
    * extensions/EGL_ANGLE_platform_angle_device_context_volatile_cgl.txt: Added.
    * extensions/EGL_ANGLE_platform_angle_device_context_volatile_eagl.txt: Added.
    * include/EGL/eglext_angle.h:
    * src/libANGLE/Caps.cpp:
    (egl::DeviceExtensions::getStrings const):
    (egl::ClientExtensions::getStrings const):
    * src/libANGLE/Caps.h:
    * src/libANGLE/Display.cpp:
    (egl::Display::prepareForCall):
    (egl::Display::releaseThread):
    (egl::GenerateClientExtensions):
    * src/libANGLE/Display.h:
    * src/libANGLE/renderer/DisplayImpl.cpp:
    (rx::DisplayImpl::prepareForCall):
    (rx::DisplayImpl::releaseThread):
    * src/libANGLE/renderer/DisplayImpl.h:
    * src/libANGLE/renderer/gl/cgl/DisplayCGL.h:
    * src/libANGLE/renderer/gl/cgl/DisplayCGL.mm:
    (rx::DisplayCGL::initialize):
    (rx::DisplayCGL::terminate):
    (rx::DisplayCGL::prepareForCall):
    (rx::DisplayCGL::releaseThread):
    (rx::DisplayCGL::makeCurrent):
    * src/libANGLE/renderer/gl/eagl/DisplayEAGL.h:
    * src/libANGLE/renderer/gl/eagl/DisplayEAGL.mm:
    (rx::DisplayEAGL::initialize):
    (rx::DisplayEAGL::terminate):
    (rx::DisplayEAGL::prepareForCall):
    (rx::DisplayEAGL::releaseThread):
    * src/libANGLE/validationEGL.cpp:
    * src/libGLESv2/entry_points_egl.cpp:
    * src/libGLESv2/entry_points_egl_ext.cpp:
    
    Source/WebCore:
    
    Source of the bug comes from following:
      - WK1 might run WebKit code in client main thread.
      - WK1 might run Webkit code in web thread.
      - WebKit code might run WebGL payload, notably access
        GraphicsContextGL classes.
        Client is able to modify EAGL/CGL current context.
    
    The change to ANGLE incurred two distinct behavior changes
    compared to raw EAGL / CGL:
    1) Before: context was set current before any GL call
    After: context was set current only if EGL current context
    had been changed. (Explicit code as well as ANGLE implementation
    optimization.)
    
    2) Before: context being used was able to be current in
    multiple threads at the same time. (EAGL/CGL feature)
    After: context cannot be current in multiple threads
    at the same time. (EGL feature)
    
    Change in behavior 1) caused ANGLE to sometimes use
    the EAGL/CGL context of the client instead of
    the real context that ANGLE created.
    Fix this by introducing
    EGL_ANGLE_platform_angle_device_context_volatile_eagl
    and
    EGL_ANGLE_platform_angle_device_context_volatile_cgl
    which make ANGLE sync the context on each eglMakeCurrent
    eglReleaseThread and eglTerminate.
    
    Change in behavior 2) caused ANGLE to use uninitialized
    context object from one thread, if the real context object
    was current in another thread.
    Fix this by considering "GraphicsContextGLOpenGL current context"
    as part of "data that is owned by WebCoreThread lock".
    The current context is set with lock held, implicitly.
    The current context is released when lock is released.
    When the lock is not held, GraphicsContextGLOpenGL current context
    is nullptr.
    
    Adds soft linking for EAGL for the purpose of testing this in
    TestWebKitAPI. The case of Apple Silicon Mac may sometimes
    use CGL and sometimes EAGL, and the test should test that
    client overriding both contexts will not cause problems.
    
    Fix ANGLE header include path:
     - Do not include ANGLE in the path, as files are included with ANGLE/
     - Add WK_ALTERNATE_FRAMEWORKS_DIR so that SDK_VARIANT=iosmac
       e.g. maccatalyst builds work
    Previously the ANGLE was not included from ThirdParty/ANGLE, rather
    "WebKit SDK".
    
    * Configurations/WebCore.xcconfig:
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
    (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
    (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
    (WebCore::GraphicsContextGLOpenGL::releaseCurrentContext):
    (WebCore::GraphicsContextGLOpenGL::checkGPUStatus):
    (WebCore::GraphicsContextGLOpenGL::allowOfflineRenderers const):
    * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
    * platform/ios/wak/WebCoreThread.mm:
    (WebThreadUnlockFromAnyThread):
    (_WebThreadUnlock):
    
    Tools:
    
    Add a WK1 test which runs WebGL code both in
    client main thread and in web thread.
    This tests the case where ANGLE EGL context is
    not being held current in one thread while the
    other thread runs WebGL and thus ANGLE EGL code.
    
    * TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig:
    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
    * TestWebKitAPI/Tests/WebKitLegacy/ios/WebGLNoCrashOnOtherThreadAccess.mm: Added.
    (-[WebGLNoCrashOnOtherThreadAccessWebViewDelegate webViewDidFinishLoad:]):
    (-[WebGLNoCrashOnOtherThreadAccessWebViewDelegate webView:shouldStartLoadWithRequest:navigationType:]):
    (TestWebKitAPI::TEST):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-10-02  Kimmo Kinnunen  <kkinnunen@apple.com>

            [iOS WK1] Crashes when using ANGLE WebGL from another thread
            https://bugs.webkit.org/show_bug.cgi?id=216106
            <rdar://problem/68602452>

            Reviewed by Kenneth Russell.

            Source of the bug comes from following:
              - WK1 might run WebKit code in client main thread.
              - WK1 might run Webkit code in web thread.
              - WebKit code might run WebGL payload, notably access
                GraphicsContextGL classes.
                Client is able to modify EAGL/CGL current context.

            The change to ANGLE incurred two distinct behavior changes
            compared to raw EAGL / CGL:
            1) Before: context was set current before any GL call
            After: context was set current only if EGL current context
            had been changed. (Explicit code as well as ANGLE implementation
            optimization.)

            2) Before: context being used was able to be current in
            multiple threads at the same time. (EAGL/CGL feature)
            After: context cannot be current in multiple threads
            at the same time. (EGL feature)

            Change in behavior 1) caused ANGLE to sometimes use
            the EAGL/CGL context of the client instead of
            the real context that ANGLE created.
            Fix this by introducing
            EGL_ANGLE_platform_angle_device_context_volatile_eagl
            and
            EGL_ANGLE_platform_angle_device_context_volatile_cgl
            which make ANGLE sync the context on each eglMakeCurrent
            eglReleaseThread and eglTerminate.

            Change in behavior 2) caused ANGLE to use uninitialized
            context object from one thread, if the real context object
            was current in another thread.
            Fix this by considering "GraphicsContextGLOpenGL current context"
            as part of "data that is owned by WebCoreThread lock".
            The current context is set with lock held, implicitly.
            The current context is released when lock is released.
            When the lock is not held, GraphicsContextGLOpenGL current context
            is nullptr.

            Adds soft linking for EAGL for the purpose of testing this in
            TestWebKitAPI. The case of Apple Silicon Mac may sometimes
            use CGL and sometimes EAGL, and the test should test that
            client overriding both contexts will not cause problems.

            Fix ANGLE header include path:
             - Do not include ANGLE in the path, as files are included with ANGLE/
             - Add WK_ALTERNATE_FRAMEWORKS_DIR so that SDK_VARIANT=iosmac
               e.g. maccatalyst builds work
            Previously the ANGLE was not included from ThirdParty/ANGLE, rather
            "WebKit SDK".

            * Configurations/WebCore.xcconfig:
            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
            (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::~GraphicsContextGLOpenGL):
            (WebCore::GraphicsContextGLOpenGL::makeContextCurrent):
            (WebCore::GraphicsContextGLOpenGL::releaseCurrentContext):
            (WebCore::GraphicsContextGLOpenGL::checkGPUStatus):
            (WebCore::GraphicsContextGLOpenGL::allowOfflineRenderers const):
            * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
            * platform/ios/wak/WebCoreThread.mm:
            (WebThreadUnlockFromAnyThread):
            (_WebThreadUnlock):

2020-10-05  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267602. rdar://problem/69904386

    WebGL should use GLES in iOS apps running on Apple Silicon
    https://bugs.webkit.org/show_bug.cgi?id=216722
    <rdar://problem/68976337>
    
    Reviewed by Tim Horton and Ken Russell.
    
    Source/ThirdParty/ANGLE:
    
    Change ANGLE to dynamically load either EAGL (OpenGLES) or CGL (OpenGL) depending
    on both compile and runtime configurations.
        Intel Mac -> CGL
        Intel Mac Catalyst -> CGL
        Intel iOS Simulator -> EAGL
        iOS Device -> EAGL
        Apple Silicon Mac -> CGL
        Apple Silicon Mac Catalyst (with Mac app) -> CGL
        Apple Silicon Mac Catalyst (with iOS app) -> EAGL
    
    The trickiest bit is Apple Silicon Mac Catalyst, which depends on the
    type of the application it is attempting to run. In that case ANGLE must compile
    both the CGL and EAGL interfaces and then pick one to use after launch.
    
    * ANGLE.xcodeproj/project.pbxproj: Add new files.
    
    * Configurations/ANGLE-dynamic.xcconfig: Remove all the OpenGL* linking.
    * Configurations/ANGLE-static.xcconfig:
    
    * GLESv2.cmake: New files.
    
    * src/common/platform.h: New definitions for CPU type on Apple Systems.
    
    * src/gpu_info_util/SystemInfo.h: Split SystemInfo for Apple into two
    files, for iOS and Mac. Added a field for isiOSAppOnMac that will only
    be true when running an iOS binary on Apple Silicon.
    * src/gpu_info_util/SystemInfo_apple.mm: Added. Decides which SystemInfo
    to call.
    (angle::GetSystemInfo):
    * src/gpu_info_util/SystemInfo_ios.cpp:
    (angle::GetSystemInfo_ios):
    (angle::GetSystemInfo): Deleted.
    * src/gpu_info_util/SystemInfo_macos.mm:
    (angle::GetSystemInfo_mac):
    (angle::GetSystemInfo): Deleted.
    
    * src/libANGLE/Caps.cpp: Can no longer just check for PLATFORM_IOS. This
    might still need a runtime check.
    (gl::DetermineDepthTextureANGLESupport):
    (gl::DetermineDepthTextureOESSupport):
    
    * src/libANGLE/Display.cpp: This is the main initialization point for
    ANGLE, which decides at compile/runtime which variant of Display to
    create.
    
    * src/libANGLE/formatutils.cpp: Add the correct formats.
    (gl::BuildInternalFormatInfoMap):
    
    * src/libANGLE/renderer/gl/SoftLinking_apple.h: Added. Macros to help soft-link
    functions and ObjC classes.
    * src/libANGLE/renderer/gl/cgl/CGLFunctions.cpp: Added. Where we soft-link all
    the OpenGL/CGL API.
    * src/libANGLE/renderer/gl/cgl/CGLFunctions.h: Added.
    
    * src/libANGLE/renderer/gl/cgl/DisplayCGL.mm: Use the soft-linked methods.
    * src/libANGLE/renderer/gl/cgl/IOSurfaceSurfaceCGL.cpp:
    * src/libANGLE/renderer/gl/cgl/WindowSurfaceCGL.h:
    * src/libANGLE/renderer/gl/cgl/WindowSurfaceCGL.mm: Rename WebSwapLayer to WebSwapLayerCGL
    otherwise it clashes with the EAGL version.
    (rx::WindowSurfaceCGL::initialize):
    (-[WebSwapLayer initWithSharedState:withContext:withFunctions:]): Deleted.
    (-[WebSwapLayer copyCGLPixelFormatForDisplayMask:]): Deleted.
    (-[WebSwapLayer copyCGLContextForPixelFormat:]): Deleted.
    (-[WebSwapLayer canDrawInCGLContext:pixelFormat:forLayerTime:displayTime:]): Deleted.
    (-[WebSwapLayer drawInCGLContext:pixelFormat:forLayerTime:displayTime:]): Deleted.
    
    * src/libANGLE/renderer/gl/eagl/DeviceEAGL.cpp: Similar changes to the CGL implementation.
    * src/libANGLE/renderer/gl/eagl/DeviceEAGL.h:
    * src/libANGLE/renderer/gl/eagl/DisplayEAGL.h:
    * src/libANGLE/renderer/gl/eagl/DisplayEAGL.mm:
    (rx::DisplayEAGL::initialize):
    (rx::DisplayEAGL::terminate):
    (rx::WorkerContextEAGL::~WorkerContextEAGL):
    (rx::WorkerContextEAGL::makeCurrent):
    (rx::WorkerContextEAGL::unmakeCurrent):
    (rx::DisplayEAGL::createWorkerContext):
    * src/libANGLE/renderer/gl/eagl/EAGLFunctions.h: Added.
    * src/libANGLE/renderer/gl/eagl/EAGLFunctions.mm: Added.
    * src/libANGLE/renderer/gl/eagl/IOSurfaceSurfaceEAGL.mm:
    * src/libANGLE/renderer/gl/eagl/PbufferSurfaceEAGL.cpp:
    * src/libANGLE/renderer/gl/eagl/RendererEAGL.cpp:
    * src/libANGLE/renderer/gl/eagl/WindowSurfaceEAGL.h:
    * src/libANGLE/renderer/gl/eagl/WindowSurfaceEAGL.mm:
    (-[WebSwapLayerEAGL display]):
    (rx::WindowSurfaceEAGL::initialize):
    (-[WebSwapLayer initWithSharedState:withContext:withFunctions:]): Deleted.
    (-[WebSwapLayer display]): Deleted.
    
    * src/libANGLE/renderer/gl/renderergl_utils.cpp: Runtime check.
    (rx::nativegl_gl::GenerateCaps):
    
    Source/WebCore:
    
    * Configurations/WebCore.xcconfig: Remove all OpenGL/OpenGLES linking.
    * WebCore.xcodeproj/project.pbxproj:
    
    * platform/graphics/GraphicsContextGL.h: Change the ANGLE IOSurface texture binding
    enums into functions, because they have to be calculated at run-time.
    * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm: Use the new soft-linked
    functions from PAL. Also implement the IOSurface texture binding helpers that were
    previously enums.
    * platform/mac/PlatformScreenMac.mm:
    * platform/mac/WebGLBlocklist.mm:
    
    Source/WebCore/PAL:
    
    Add soft-linking content for OpenGL/OpenGLES.
    
    * PAL.xcodeproj/project.pbxproj:
    * pal/PlatformMac.cmake:
    * pal/cocoa/OpenGLSoftLinkCocoa.h: Added.
    * pal/cocoa/OpenGLSoftLinkCocoa.mm: Added.
    
    Source/WebKit:
    
    * Configurations/WebKit.xcconfig: Remove OpenGL linking.
    * UIProcess/mac/HighPerformanceGPUManager.mm: Renamed to .mm. Use the PAL soft-linked OpenGL API.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267602 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-24  Dean Jackson  <dino@apple.com>

            WebGL should use GLES in iOS apps running on Apple Silicon
            https://bugs.webkit.org/show_bug.cgi?id=216722
            <rdar://problem/68976337>

            Reviewed by Tim Horton.

            * Configurations/WebCore.xcconfig: Remove all OpenGL/OpenGLES linking.
            * WebCore.xcodeproj/project.pbxproj:

            * platform/graphics/GraphicsContextGL.h: Change the ANGLE IOSurface texture binding
            enums into functions, because they have to be calculated at run-time.
            * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm: Use the new soft-linked
            functions from PAL. Also implement the IOSurface texture binding helpers that were
            previously enums.
            * platform/mac/PlatformScreenMac.mm:
            * platform/mac/WebGLBlocklist.mm:

2020-10-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267753. rdar://problem/69904353

    IndexedDB Index Corruption after upgrade from iOS 13 to iOS 14
    https://bugs.webkit.org/show_bug.cgi?id=216962
    <rdar://problem/69587004>
    
    Reviewed by Brady Eidson.
    
    Source/WebCore:
    
    There is an implementation error in r255318, which updated index ID in database IndexInfo and IndexRecords
    tables: it made changes to original table while iterating records of it. This means modified records can
    be modified again, which leads to that two indices have the same index ID. As index ID is supposed to be unique,
    some indices and index records cannot be populated and clients will find some indices are missing.
    
    To fix this, we need to change the implementation of ID update and deal with already corrupted tables. For index
    ID update, now we create a temporary table for storing the updated records, and replace the original table with
    temporary table at the end of iteration. For the corruption issue, we check if IndexInfo table has duplicate
    index IDs. If it has, we try recovering IndexInfo and IndexRecords table by removing records with duplicate
    index IDs, assigning new IDs to duplicate indices, and adding records with updated index IDs.
    
    API tests: IndexedDB.IndexUpgradeToV2WithMultipleIndices
               IndexedDB.IndexUpgradeToV2WithMultipleIndicesHaveSameID
    
    * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
    (WebCore::IDBServer::indexInfoTableSchema):
    (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
    (WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexInfoTableForIDUpdate):
    (WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexRecordsTableForIDUpdate):
    (WebCore::IDBServer::SQLiteIDBBackingStore::removeExistingIndex):
    (WebCore::IDBServer::SQLiteIDBBackingStore::addExistingIndex):
    (WebCore::IDBServer::SQLiteIDBBackingStore::handleDuplicateIndexIDs):
    (WebCore::IDBServer::SQLiteIDBBackingStore::extractExistingDatabaseInfo):
    (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
    (WebCore::IDBServer::SQLiteIDBBackingStore::updateOneIndexForAddRecord):
    * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
    * Modules/indexeddb/shared/IDBIndexInfo.h:
    (WebCore::IDBIndexInfo::setIdentifier):
    * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
    (WebCore::IDBObjectStoreInfo::addExistingIndex):
    
    Tools:
    
    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
    * TestWebKitAPI/Tests/WebKitCocoa/IDBIndexUpgradeToV2.mm:
    (runMultipleIndicesTestWithDatabase):
    (TEST):
    * TestWebKitAPI/Tests/WebKitCocoa/IDBIndexUpgradeToV2WithMultipleIndices.html: Added.
    * TestWebKitAPI/Tests/WebKitCocoa/IndexUpgradeWithMultipleIndices.sqlite3: Added.
    * TestWebKitAPI/Tests/WebKitCocoa/IndexUpgradeWithMultipleIndicesHaveSameID.sqlite3: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-29  Sihui Liu  <sihui_liu@apple.com>

            IndexedDB Index Corruption after upgrade from iOS 13 to iOS 14
            https://bugs.webkit.org/show_bug.cgi?id=216962
            <rdar://problem/69587004>

            Reviewed by Brady Eidson.

            There is an implementation error in r255318, which updated index ID in database IndexInfo and IndexRecords
            tables: it made changes to original table while iterating records of it. This means modified records can
            be modified again, which leads to that two indices have the same index ID. As index ID is supposed to be unique,
            some indices and index records cannot be populated and clients will find some indices are missing.

            To fix this, we need to change the implementation of ID update and deal with already corrupted tables. For index
            ID update, now we create a temporary table for storing the updated records, and replace the original table with
            temporary table at the end of iteration. For the corruption issue, we check if IndexInfo table has duplicate
            index IDs. If it has, we try recovering IndexInfo and IndexRecords table by removing records with duplicate
            index IDs, assigning new IDs to duplicate indices, and adding records with updated index IDs.

            API tests: IndexedDB.IndexUpgradeToV2WithMultipleIndices
                       IndexedDB.IndexUpgradeToV2WithMultipleIndicesHaveSameID

            * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
            (WebCore::IDBServer::indexInfoTableSchema):
            (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
            (WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexInfoTableForIDUpdate):
            (WebCore::IDBServer::SQLiteIDBBackingStore::migrateIndexRecordsTableForIDUpdate):
            (WebCore::IDBServer::SQLiteIDBBackingStore::removeExistingIndex):
            (WebCore::IDBServer::SQLiteIDBBackingStore::addExistingIndex):
            (WebCore::IDBServer::SQLiteIDBBackingStore::handleDuplicateIndexIDs):
            (WebCore::IDBServer::SQLiteIDBBackingStore::extractExistingDatabaseInfo):
            (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
            (WebCore::IDBServer::SQLiteIDBBackingStore::updateOneIndexForAddRecord):
            * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
            * Modules/indexeddb/shared/IDBIndexInfo.h:
            (WebCore::IDBIndexInfo::setIdentifier):
            * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
            (WebCore::IDBObjectStoreInfo::addExistingIndex):

2020-10-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267612. rdar://problem/69904365

    Crunchyroll playback controls do not work on iPad with trackpad
    https://bugs.webkit.org/show_bug.cgi?id=217000
    <rdar://problem/66362029>
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    * platform/RuntimeApplicationChecks.h:
    * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
    (WebCore::IOSApplication::isCrunchyroll):
    
    Source/WebKit:
    
    * UIProcess/ios/WKContentViewInteraction.mm:
    (applicationIsKnownToIgnoreMouseEvents):
    Add it to the list.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267612 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-25  Tim Horton  <timothy_horton@apple.com>

            Crunchyroll playback controls do not work on iPad with trackpad
            https://bugs.webkit.org/show_bug.cgi?id=217000
            <rdar://problem/66362029>

            Reviewed by Wenson Hsieh.

            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isCrunchyroll):

2020-10-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266028. rdar://problem/69904377

    Move node geometry functions from Range to RenderObject
    https://bugs.webkit.org/show_bug.cgi?id=215677
    
    Reviewed by Zalan Bujtas.
    
    Source/WebCore:
    
    Moved functions that return quads and rectangles out of Range into RenderObject.
    We could find another home for them, but for now they make sense as static member
    functions there since RenderObject has the non-static member functions that they
    call on multiple nodes. Mostly did not change the design of these functions much,
    and was careful not to change behavior at all. But did change a few things:
    
    - Got rid of the functions that return a single unioned rectangle.
      Instead callers call unionRect at each call site.
    - Changed the "use selection height" boolean to a BoundingRectBehavior flag.
    
    * accessibility/AccessibilityRenderObject.cpp:
    (WebCore::boundsForRects): Call unionRect(RenderObject::absoluteTextRects) instead
    of Range::absoluteBoundingBox.
    
    * dom/DocumentMarkerController.cpp:
    (WebCore::updateRenderedRectsForMarker): Instead of passing "true", pass
    "RenderObject::BoundingRectBehavior::UseSelectionHeight".
    
    * dom/Range.cpp:
    (WebCore::Range::absoluteBoundingBox const): Deleted.
    (WebCore::Range::absoluteRectsForRangeInText const): Deleted.
    (WebCore::Range::absoluteTextRects const): Deleted.
    (WebCore::Range::getClientRects const): Call RenderObject::clientBorderAndTextRects.
    (WebCore::Range::getBoundingClientRect const): Call
    unionRect(RenderObject::clientBorderAndTextRects).
    (WebCore::Range::borderAndTextRects const): Deleted.
    (WebCore::Range::boundingRect const): Deleted.
    (WebCore::Range::absoluteBoundingRect const): Deleted.
    * dom/Range.h: Updated for above.
    
    * dom/SimpleRange.cpp:
    (WebCore::IntersectingNodeIterator::IntersectingNodeIterator): Fix bug affecting
    empty ranges by calling enforceEndInvariant.
    (WebCore::IntersectingNodeIterator::advance): Refactor to call enforceEndInvariant.
    (WebCore::IntersectingNodeIterator::advanceSkippingChildren): Ditto.
    (WebCore::IntersectingNodeIterator::enforceEndInvariant): Added.
    * dom/SimpleRange.h: Added enforceEndInvariant.
    
    * editing/FrameSelection.cpp:
    (WebCore::FrameSelection::getClippedVisibleTextRectangles const): Instead of
    passing a useSelectionHeight boolean, pass BoundingRectBehavior.
    
    * page/TextIndicator.cpp:
    (WebCore::absoluteBoundingRectForRange): Call
    unionRectIgnoringZeroRects(RenderObject::absoluteBorderAndTextRects).
    (WebCore::initializeIndicator): Call RenderObject::absoluteTextRects.
    
    * platform/graphics/GeometryUtilities.cpp:
    (WebCore::unionRectIgnoringZeroRects): Added.
    * platform/graphics/GeometryUtilities.h: Updated for above.
    
    * rendering/RenderLineBreak.h: Marked a lot of functions final.
    Added a default value for the absoluteQuads out argument.
    
    * rendering/RenderObject.cpp:
    (WebCore::RenderObject::addPDFURLRect): Tweaked code style a bit.
    (WebCore::RenderObject::absoluteTextQuads): Replaced boolean useSelectionHeight
    argument with a BoundingRectBehavior argument. Also added a downcast so the
    call to RenderLineBreak::absoluteQuads is a non-virtual function call.
    (WebCore::absoluteRectsForRangeInText): Added.
    (WebCore::RenderObject::absoluteTextRects): Replaced boolean useSelectionHeight
    argument with a BoundingRectBehavior argument.
    (WebCore::nodeBefore): Added.
    (WebCore::borderAndTextRects): Added.
    (WebCore::RenderObject::absoluteBorderAndTextRects): Added.
    (WebCore::RenderObject::clientBorderAndTextRects): Added.
    * rendering/RenderObject.h: Updated for above.
    
    Source/WebKit:
    
    * WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
    (WebKit::InjectedBundleRangeHandle::boundingRectInWindowCoordinates const):
    Call unionRectIgnoringZeroRects(RenderObject::absoluteBorderAndTextRects).
    (WebKit::InjectedBundleRangeHandle::renderedImage): Call
    unionRectIgnoringZeroRects(RenderObject::absoluteBorderAndTextRects).
    
    * WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::requestEvasionRectsAboveSelection): Call
    unionRect(RenderObject::absoluteTextRects).
    (WebKit::WebPage::requestDocumentEditingContext): Call
    unionRect(RenderObject::absoluteTextRects).
    
    Source/WebKitLegacy/mac:
    
    * DOM/DOM.mm:
    (-[DOMRange boundingBox]): Call unionRect(RenderObject::absoluteTextRects).
    
    Source/WebKitLegacy/win:
    
    * AccessibleTextImpl.cpp:
    (AccessibleText::scrollSubstringTo): Call
    unionRect(RenderObject::absoluteTextRects) instead of
    Range::absoluteBoundingBox.
    
    LayoutTests:
    
    * fast/dom/Range/scale-page-bounding-client-rect.html: Fix this test that accidentally
    depended on getting rects for an empty range (the contents of a div element with no
    text inside it) to instead get rects for a non-empty element (the div element, not
    just its contents). Test now works correctly, but results don't need to change.
    * fast/dom/Range/scale-page-client-rects.html: Ditto.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266028 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-20  Darin Adler  <darin@apple.com>

            Move node geometry functions from Range to RenderObject
            https://bugs.webkit.org/show_bug.cgi?id=215677

            Reviewed by Zalan Bujtas.

            Moved functions that return quads and rectangles out of Range into RenderObject.
            We could find another home for them, but for now they make sense as static member
            functions there since RenderObject has the non-static member functions that they
            call on multiple nodes. Mostly did not change the design of these functions much,
            and was careful not to change behavior at all. But did change a few things:

            - Got rid of the functions that return a single unioned rectangle.
              Instead callers call unionRect at each call site.
            - Changed the "use selection height" boolean to a BoundingRectBehavior flag.

            * accessibility/AccessibilityRenderObject.cpp:
            (WebCore::boundsForRects): Call unionRect(RenderObject::absoluteTextRects) instead
            of Range::absoluteBoundingBox.

            * dom/DocumentMarkerController.cpp:
            (WebCore::updateRenderedRectsForMarker): Instead of passing "true", pass
            "RenderObject::BoundingRectBehavior::UseSelectionHeight".

            * dom/Range.cpp:
            (WebCore::Range::absoluteBoundingBox const): Deleted.
            (WebCore::Range::absoluteRectsForRangeInText const): Deleted.
            (WebCore::Range::absoluteTextRects const): Deleted.
            (WebCore::Range::getClientRects const): Call RenderObject::clientBorderAndTextRects.
            (WebCore::Range::getBoundingClientRect const): Call
            unionRect(RenderObject::clientBorderAndTextRects).
            (WebCore::Range::borderAndTextRects const): Deleted.
            (WebCore::Range::boundingRect const): Deleted.
            (WebCore::Range::absoluteBoundingRect const): Deleted.
            * dom/Range.h: Updated for above.

            * dom/SimpleRange.cpp:
            (WebCore::IntersectingNodeIterator::IntersectingNodeIterator): Fix bug affecting
            empty ranges by calling enforceEndInvariant.
            (WebCore::IntersectingNodeIterator::advance): Refactor to call enforceEndInvariant.
            (WebCore::IntersectingNodeIterator::advanceSkippingChildren): Ditto.
            (WebCore::IntersectingNodeIterator::enforceEndInvariant): Added.
            * dom/SimpleRange.h: Added enforceEndInvariant.

            * editing/FrameSelection.cpp:
            (WebCore::FrameSelection::getClippedVisibleTextRectangles const): Instead of
            passing a useSelectionHeight boolean, pass BoundingRectBehavior.

            * page/TextIndicator.cpp:
            (WebCore::absoluteBoundingRectForRange): Call
            unionRectIgnoringZeroRects(RenderObject::absoluteBorderAndTextRects).
            (WebCore::initializeIndicator): Call RenderObject::absoluteTextRects.

            * platform/graphics/GeometryUtilities.cpp:
            (WebCore::unionRectIgnoringZeroRects): Added.
            * platform/graphics/GeometryUtilities.h: Updated for above.

            * rendering/RenderLineBreak.h: Marked a lot of functions final.
            Added a default value for the absoluteQuads out argument.

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::addPDFURLRect): Tweaked code style a bit.
            (WebCore::RenderObject::absoluteTextQuads): Replaced boolean useSelectionHeight
            argument with a BoundingRectBehavior argument. Also added a downcast so the
            call to RenderLineBreak::absoluteQuads is a non-virtual function call.
            (WebCore::absoluteRectsForRangeInText): Added.
            (WebCore::RenderObject::absoluteTextRects): Replaced boolean useSelectionHeight
            argument with a BoundingRectBehavior argument.
            (WebCore::nodeBefore): Added.
            (WebCore::borderAndTextRects): Added.
            (WebCore::RenderObject::absoluteBorderAndTextRects): Added.
            (WebCore::RenderObject::clientBorderAndTextRects): Added.
            * rendering/RenderObject.h: Updated for above.

2020-09-29  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267722. rdar://problem/69586659

    Cherry-pick r266899. rdar://problem/69586659
    
        Integrator's note: as some of the symbols present on trunk are not available on branch, special modifications had to be made to this cherry-pick to build.
    
        Address a post-commit review comment after r266887
        https://bugs.webkit.org/show_bug.cgi?id=216257
    
        Reviewed by Darin Adler.
    
        Remove a check that currently makes us conditionally set `IsComputedStyleInvalidFlag` if there is a computed
        style in rare data. There should be no change in behavior; this just makes the code a bit simpler.
    
        * dom/Element.cpp:
        (WebCore::Element::invalidateStyle):
        (WebCore::Element::storeDisplayContentsStyle):
    
        git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266899 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    
    git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-610-branch@267722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-28  Alan Coon  <alancoon@apple.com>

            Cherry-pick r266899. rdar://problem/69586659

        Integrator's note: as some of the symbols present on trunk are not available on branch, special modifications had to be made to this cherry-pick to build.

        Address a post-commit review comment after r266887
        https://bugs.webkit.org/show_bug.cgi?id=216257

        Reviewed by Darin Adler.

        Remove a check that currently makes us conditionally set `IsComputedStyleInvalidFlag` if there is a computed
        style in rare data. There should be no change in behavior; this just makes the code a bit simpler.

        * dom/Element.cpp:
        (WebCore::Element::invalidateStyle):
        (WebCore::Element::storeDisplayContentsStyle):

        git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        2020-09-10  Wenson Hsieh  <wenson_hsieh@apple.com>

                Integrator's note: as some of the symbols present on trunk are not available on branch, special modifications
                had to be made to this cherry-pick.

                Address a post-commit review comment after r266887
                https://bugs.webkit.org/show_bug.cgi?id=216257

                Reviewed by Darin Adler.

                Remove a check that currently makes us conditionally set `IsComputedStyleInvalidFlag` if there is a computed
                style in rare data. There should be no change in behavior; this just makes the code a bit simpler.

                * dom/Element.cpp:
                (WebCore::Element::invalidateStyle):
                (WebCore::Element::storeDisplayContentsStyle):

2020-09-29  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267721. rdar://problem/69586659

    Cherry-pick r266887. rdar://problem/69586659
    
        Integrator's note: as some of the symbols present on trunk are not available on branch, special modifications had to be made to this cherry-pick to build.
    
        REGRESSION (r257839): clickpay.com - password placeholder text cannot be replaced
        https://bugs.webkit.org/show_bug.cgi?id=216257
        <rdar://problem/68150686>
    
        Reviewed by Antti Koivisto.
    
        Source/WebCore:
    
        On clickpay.com, the field in the login form that contains the text "Password" is actually a plain text input,
        referred to by the site's script as the "null text input". The page adds a focus event listener to this null
        text input, and inside of this focus event listener, it reveals a hidden password field by removing an inline
        `display: none;` style rule on the real password input element, programmatically focuses it, and then hides the
        null text input by setting it to `display: none;` via inline style.
    
        However, after the changes in r257839, we no longer attempt to do a style update upon programmatic focus in the
        case where the programmatically focused element does not have a renderer yet (this applies to the password field
        in this scenario, because it previously had `display: none;`). When we determine whether the newly displayed
        password field is focusable using `Element::isVisibleWithoutResolvingFullStyle`, we then attempt to use either
        the existing computed `RenderStyle` on the element, or perform a partial computed style resolution using the
        `ResolveComputedStyleMode::RenderedOnly` flag.
    
        But in the case where `ElementRareData`'s computed style exists, it is not guaranteed to be up to date if the
        inline style changed since the computed style was last set. In the context of this bug, it's actually Safari's
        AutoFill logic (embedded in the injected bundle) that ends up asking for the computed style of the password
        input, forcing it to be created and set (though, as demonstrated in the layout test, simply grabbing the
        computed style is sufficient to replicate the bug outside of Safari).
    
        The end result is that we'll use this stale computed style, which still believes that the password input is not
        displayed, and we end up not focusing the element due to believing that the password input is hidden. To fix
        this, we would need to either check whether the element has an invalid style (i.e. `needsStyleRecalc()`) before
        attempting to use the existing computed style, or clear out the `ElementRareData` computed style anytime the
        element's style is invalidated. However, both of these approaches will cause us to perform partial style
        resolution much more aggressively, leading to a 2-3% regression in Speedometer.
    
        To address the bug without hampering our performance wins from r257839, we add a new node flag so that we can
        remember when computed styles are no longer valid due to style invalidation, and consult this flag in
        `Element::isVisibleWithoutResolvingFullStyle` to avoid using the existing computed style.
    
        Test: fast/forms/programmatic-focus-after-display.html
    
        * dom/Element.cpp:
        (WebCore::Element::invalidateStyle):
        (WebCore::Element::resolveComputedStyle):
        (WebCore::Element::isVisibleWithoutResolvingFullStyle const):
        * dom/Node.h:
        (WebCore::Node::setHasValidStyle):
    
        LayoutTests:
    
        Add a new layout test to verify that the bug does not occur. See WebCore/ChangeLog for more details.
    
        * fast/forms/programmatic-focus-after-display-expected.txt: Added.
        * fast/forms/programmatic-focus-after-display.html: Added.
    
        git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266887 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    
    git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-610-branch@267721 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-28  Alan Coon  <alancoon@apple.com>

            Cherry-pick r266887. rdar://problem/69586659

        Integrator's note: as some of the symbols present on trunk are not available on branch, special modifications had to be made to this cherry-pick to build.

        REGRESSION (r257839): clickpay.com - password placeholder text cannot be replaced
        https://bugs.webkit.org/show_bug.cgi?id=216257
        <rdar://problem/68150686>

        Reviewed by Antti Koivisto.

        Source/WebCore:

        On clickpay.com, the field in the login form that contains the text "Password" is actually a plain text input,
        referred to by the site's script as the "null text input". The page adds a focus event listener to this null
        text input, and inside of this focus event listener, it reveals a hidden password field by removing an inline
        `display: none;` style rule on the real password input element, programmatically focuses it, and then hides the
        null text input by setting it to `display: none;` via inline style.

        However, after the changes in r257839, we no longer attempt to do a style update upon programmatic focus in the
        case where the programmatically focused element does not have a renderer yet (this applies to the password field
        in this scenario, because it previously had `display: none;`). When we determine whether the newly displayed
        password field is focusable using `Element::isVisibleWithoutResolvingFullStyle`, we then attempt to use either
        the existing computed `RenderStyle` on the element, or perform a partial computed style resolution using the
        `ResolveComputedStyleMode::RenderedOnly` flag.

        But in the case where `ElementRareData`'s computed style exists, it is not guaranteed to be up to date if the
        inline style changed since the computed style was last set. In the context of this bug, it's actually Safari's
        AutoFill logic (embedded in the injected bundle) that ends up asking for the computed style of the password
        input, forcing it to be created and set (though, as demonstrated in the layout test, simply grabbing the
        computed style is sufficient to replicate the bug outside of Safari).

        The end result is that we'll use this stale computed style, which still believes that the password input is not
        displayed, and we end up not focusing the element due to believing that the password input is hidden. To fix
        this, we would need to either check whether the element has an invalid style (i.e. `needsStyleRecalc()`) before
        attempting to use the existing computed style, or clear out the `ElementRareData` computed style anytime the
        element's style is invalidated. However, both of these approaches will cause us to perform partial style
        resolution much more aggressively, leading to a 2-3% regression in Speedometer.

        To address the bug without hampering our performance wins from r257839, we add a new node flag so that we can
        remember when computed styles are no longer valid due to style invalidation, and consult this flag in
        `Element::isVisibleWithoutResolvingFullStyle` to avoid using the existing computed style.

        Test: fast/forms/programmatic-focus-after-display.html

        * dom/Element.cpp:
        (WebCore::Element::invalidateStyle):
        (WebCore::Element::resolveComputedStyle):
        (WebCore::Element::isVisibleWithoutResolvingFullStyle const):
        * dom/Node.h:
        (WebCore::Node::setHasValidStyle):

        LayoutTests:

        Add a new layout test to verify that the bug does not occur. See WebCore/ChangeLog for more details.

        * fast/forms/programmatic-focus-after-display-expected.txt: Added.
        * fast/forms/programmatic-focus-after-display.html: Added.

        git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266887 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        2020-09-10  Wenson Hsieh  <wenson_hsieh@apple.com>

                REGRESSION (r257839): clickpay.com - password placeholder text cannot be replaced
                https://bugs.webkit.org/show_bug.cgi?id=216257
                <rdar://problem/68150686>

                Reviewed by Antti Koivisto.

                On clickpay.com, the field in the login form that contains the text "Password" is actually a plain text input,
                referred to by the site's script as the "null text input". The page adds a focus event listener to this null
                text input, and inside of this focus event listener, it reveals a hidden password field by removing an inline
                `display: none;` style rule on the real password input element, programmatically focuses it, and then hides the
                null text input by setting it to `display: none;` via inline style.

                However, after the changes in r257839, we no longer attempt to do a style update upon programmatic focus in the
                case where the programmatically focused element does not have a renderer yet (this applies to the password field
                in this scenario, because it previously had `display: none;`). When we determine whether the newly displayed
                password field is focusable using `Element::isVisibleWithoutResolvingFullStyle`, we then attempt to use either
                the existing computed `RenderStyle` on the element, or perform a partial computed style resolution using the
                `ResolveComputedStyleMode::RenderedOnly` flag.

                But in the case where `ElementRareData`'s computed style exists, it is not guaranteed to be up to date if the
                inline style changed since the computed style was last set. In the context of this bug, it's actually Safari's
                AutoFill logic (embedded in the injected bundle) that ends up asking for the computed style of the password
                input, forcing it to be created and set (though, as demonstrated in the layout test, simply grabbing the
                computed style is sufficient to replicate the bug outside of Safari).

                The end result is that we'll use this stale computed style, which still believes that the password input is not
                displayed, and we end up not focusing the element due to believing that the password input is hidden. To fix
                this, we would need to either check whether the element has an invalid style (i.e. `needsStyleRecalc()`) before
                attempting to use the existing computed style, or clear out the `ElementRareData` computed style anytime the
                element's style is invalidated. However, both of these approaches will cause us to perform partial style
                resolution much more aggressively, leading to a 2-3% regression in Speedometer.

                To address the bug without hampering our performance wins from r257839, we add a new node flag so that we can
                remember when computed styles are no longer valid due to style invalidation, and consult this flag in
                `Element::isVisibleWithoutResolvingFullStyle` to avoid using the existing computed style.

                Test: fast/forms/programmatic-focus-after-display.html

                * dom/Element.cpp:
                (WebCore::Element::invalidateStyle):
                (WebCore::Element::resolveComputedStyle):
                (WebCore::Element::isVisibleWithoutResolvingFullStyle const):
                * dom/Node.h:
                (WebCore::Node::setHasValidStyle):

2020-09-28  Alan Coon  <alancoon@apple.com>

        Apply patch. rdar://problem/69594082

    2020-09-28  Dean Jackson  <dino@apple.com>

            Cherry-pick r266809. rdar://problem/68421590

        2020-09-09  Dean Jackson  <dino@apple.com>

                CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::WebGLRenderingContext::getExtension
                https://bugs.webkit.org/show_bug.cgi?id=216337
                <rdar://problem/68421590>

                Reviewed by Sam Weinig.

                Bug 215599 added IsoHeap storage to WebGLExtension, but didn't add it
                to any of the subclasses. This causes a crash in ::getExtension because
                allocation of the new instance fails.

                Add WTF_MAKE_ISO_ALLOCATED_IMPL to the .cpp files, and
                WTF_MAKE_ISO_ALLOCATED to the .h files.

                This should have been detected by on-device testing, since a debug
                build would have asserted because the size passed into the constructor
                was different from the actual size of the class.

                * html/canvas/ANGLEInstancedArrays.cpp:
                * html/canvas/ANGLEInstancedArrays.h:
                * html/canvas/EXTBlendMinMax.cpp:
                * html/canvas/EXTBlendMinMax.h:
                * html/canvas/EXTColorBufferFloat.cpp:
                * html/canvas/EXTColorBufferFloat.h:
                * html/canvas/EXTColorBufferHalfFloat.cpp:
                * html/canvas/EXTColorBufferHalfFloat.h:
                * html/canvas/EXTFragDepth.cpp:
                * html/canvas/EXTFragDepth.h:
                * html/canvas/EXTShaderTextureLOD.cpp:
                * html/canvas/EXTShaderTextureLOD.h:
                * html/canvas/EXTTextureFilterAnisotropic.cpp:
                * html/canvas/EXTTextureFilterAnisotropic.h:
                * html/canvas/EXTsRGB.cpp:
                * html/canvas/EXTsRGB.h:
                * html/canvas/OESElementIndexUint.cpp:
                * html/canvas/OESElementIndexUint.h:
                * html/canvas/OESStandardDerivatives.cpp:
                * html/canvas/OESStandardDerivatives.h:
                * html/canvas/OESTextureFloat.cpp:
                * html/canvas/OESTextureFloat.h:
                * html/canvas/OESTextureFloatLinear.cpp:
                * html/canvas/OESTextureFloatLinear.h:
                * html/canvas/OESTextureHalfFloat.cpp:
                * html/canvas/OESTextureHalfFloat.h:
                * html/canvas/OESTextureHalfFloatLinear.cpp:
                * html/canvas/OESTextureHalfFloatLinear.h:
                * html/canvas/OESVertexArrayObject.cpp:
                * html/canvas/OESVertexArrayObject.h:
                * html/canvas/WebGLColorBufferFloat.cpp:
                * html/canvas/WebGLColorBufferFloat.h:
                * html/canvas/WebGLCompressedTextureASTC.cpp:
                * html/canvas/WebGLCompressedTextureASTC.h:
                * html/canvas/WebGLCompressedTextureATC.cpp:
                * html/canvas/WebGLCompressedTextureATC.h:
                * html/canvas/WebGLCompressedTextureETC.cpp:
                * html/canvas/WebGLCompressedTextureETC.h:
                * html/canvas/WebGLCompressedTextureETC1.cpp:
                * html/canvas/WebGLCompressedTextureETC1.h:
                * html/canvas/WebGLCompressedTexturePVRTC.cpp:
                * html/canvas/WebGLCompressedTexturePVRTC.h:
                * html/canvas/WebGLCompressedTextureS3TC.cpp:
                * html/canvas/WebGLCompressedTextureS3TC.h:
                * html/canvas/WebGLCompressedTextureS3TCsRGB.cpp:
                * html/canvas/WebGLCompressedTextureS3TCsRGB.h:
                * html/canvas/WebGLDebugRendererInfo.cpp:
                * html/canvas/WebGLDebugRendererInfo.h:
                * html/canvas/WebGLDebugShaders.cpp:
                * html/canvas/WebGLDebugShaders.h:
                * html/canvas/WebGLDepthTexture.cpp:
                * html/canvas/WebGLDepthTexture.h:
                * html/canvas/WebGLDrawBuffers.cpp:
                * html/canvas/WebGLDrawBuffers.h:
                * html/canvas/WebGLLoseContext.cpp:
                * html/canvas/WebGLLoseContext.h:

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267530. rdar://problem/69594070

    Regression(r265280) Web Audio sources malfunction when disconnected from the audio graph
    https://bugs.webkit.org/show_bug.cgi?id=216703
    <rdar://problem/69158436>
    
    Reviewed by Eric Carlson.
    
    In case of an audio source that stops producing data, but does not end or mute the track,
    we would continuously try to read the data until getting to the end of the data.
    When reaching the end of the data, we would return silence and go back in time a little bit
    to restart playing with some margin. This allows to read just one chunk of audio until we are back to the end of data.
    
    We fix this by storing the end of the data counter when reaching it.
    When trying to pull some more data, we will go back in time a little bit only if some more data was added in the meantime.
    Otherwise, we just output silence.
    
    Covered by manual test.
    
    * platform/audio/mac/AudioSampleDataSource.h:
    * platform/audio/mac/AudioSampleDataSource.mm:
    (WebCore::AudioSampleDataSource::pullSamplesInternal):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-24  Youenn Fablet  <youenn@apple.com>

            Regression(r265280) Web Audio sources malfunction when disconnected from the audio graph
            https://bugs.webkit.org/show_bug.cgi?id=216703
            <rdar://problem/69158436>

            Reviewed by Eric Carlson.

            In case of an audio source that stops producing data, but does not end or mute the track,
            we would continuously try to read the data until getting to the end of the data.
            When reaching the end of the data, we would return silence and go back in time a little bit
            to restart playing with some margin. This allows to read just one chunk of audio until we are back to the end of data.

            We fix this by storing the end of the data counter when reaching it.
            When trying to pull some more data, we will go back in time a little bit only if some more data was added in the meantime.
            Otherwise, we just output silence.

            Covered by manual test.

            * platform/audio/mac/AudioSampleDataSource.h:
            * platform/audio/mac/AudioSampleDataSource.mm:
            (WebCore::AudioSampleDataSource::pullSamplesInternal):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267394. rdar://problem/69593980

    paper.io ad close buttons cannot be iteracted with via trackpad on iPad
    https://bugs.webkit.org/show_bug.cgi?id=216812
    <rdar://problem/68738585>
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    * platform/RuntimeApplicationChecks.h:
    * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
    (WebCore::IOSApplication::isPaperIO):
    
    Source/WebKit:
    
    * UIProcess/ios/WKContentViewInteraction.mm:
    (applicationIsKnownToIgnoreMouseEvents):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-21  Tim Horton  <timothy_horton@apple.com>

            paper.io ad close buttons cannot be iteracted with via trackpad on iPad
            https://bugs.webkit.org/show_bug.cgi?id=216812
            <rdar://problem/68738585>

            Reviewed by Wenson Hsieh.

            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isPaperIO):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267369. rdar://problem/69594300

    [WebAuthn] Don't set the UV option if the authenticator doesn't support it
    https://bugs.webkit.org/show_bug.cgi?id=215836
    <rdar://problem/67817359>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    Covered by new API tests.
    
    UV in the the CTAP 2.0 spec only means internal UV:
    https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo
    
    If an authenticator supports ClientPin, it can set the uv bit in the responses to true but it
    will not advertise itself supporting internal UV, which is the uv in the options.
    https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential
    
    Hence, setting it to true could result in error if the authenticator doesn't support internal UV even if it supports ClientPin.
    It's not a way to ask the authenticator to set the uv bit in the response.
    
    * Modules/webauthn/fido/DeviceRequestConverter.cpp:
    (fido::encodeMakeCredenitalRequestAsCBOR):
    (fido::encodeGetAssertionRequestAsCBOR):
    
    Tools:
    
    * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
    (TestWebKitAPI::TEST):
    
    LayoutTests:
    
    * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html:
    * http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
    * http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html:
    * http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-21  Jiewen Tan  <jiewen_tan@apple.com>

            [WebAuthn] Don't set the UV option if the authenticator doesn't support it
            https://bugs.webkit.org/show_bug.cgi?id=215836
            <rdar://problem/67817359>

            Reviewed by Darin Adler.

            Covered by new API tests.

            UV in the the CTAP 2.0 spec only means internal UV:
            https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo

            If an authenticator supports ClientPin, it can set the uv bit in the responses to true but it
            will not advertise itself supporting internal UV, which is the uv in the options.
            https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential

            Hence, setting it to true could result in error if the authenticator doesn't support internal UV even if it supports ClientPin.
            It's not a way to ask the authenticator to set the uv bit in the response.

            * Modules/webauthn/fido/DeviceRequestConverter.cpp:
            (fido::encodeMakeCredenitalRequestAsCBOR):
            (fido::encodeGetAssertionRequestAsCBOR):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267287. rdar://problem/69594243

    Crash under WebCore::shouldResetFocusNavigationStartingNode()
    https://bugs.webkit.org/show_bug.cgi?id=216714
    <rdar://problem/68132047>
    
    Reviewed by Darin Adler.
    
    Protect anchorElement in FrameView::scrollToFragmentInternal() to make sure
    it stays alive until the time we pass it to setFocusNavigationStartingNode().
    
    * page/FrameView.cpp:
    (WebCore::FrameView::scrollToFragmentInternal):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-18  Chris Dumez  <cdumez@apple.com>

            Crash under WebCore::shouldResetFocusNavigationStartingNode()
            https://bugs.webkit.org/show_bug.cgi?id=216714
            <rdar://problem/68132047>

            Reviewed by Darin Adler.

            Protect anchorElement in FrameView::scrollToFragmentInternal() to make sure
            it stays alive until the time we pass it to setFocusNavigationStartingNode().

            * page/FrameView.cpp:
            (WebCore::FrameView::scrollToFragmentInternal):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267198. rdar://problem/69594065

    [iOS] YouTube does not route video to AirPlay the first time
    https://bugs.webkit.org/show_bug.cgi?id=216626
    <rdar://problem/62222846>
    
    Reviewed by Eric Carlson.
    
    Difficult to test this, since it requires an live AppleTV device.
    
    During a refactor, the order of a couple calls changed. A MediaPlaybackTarget needs to be in place before the MediaPlayer can
    be told to start playing to that target. Once the target is in-place, subsequent requests to start playing to that target succeed,
    which explains the "only initial AirPlay fails" behavior.
    
    * platform/audio/ios/MediaSessionManagerIOS.mm:
    (WebCore::MediaSessionManageriOS::activeVideoRouteDidChange):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-17  Jer Noble  <jer.noble@apple.com>

            [iOS] YouTube does not route video to AirPlay the first time
            https://bugs.webkit.org/show_bug.cgi?id=216626
            <rdar://problem/62222846>

            Reviewed by Eric Carlson.

            Difficult to test this, since it requires an live AppleTV device.

            During a refactor, the order of a couple calls changed. A MediaPlaybackTarget needs to be in place before the MediaPlayer can
            be told to start playing to that target. Once the target is in-place, subsequent requests to start playing to that target succeed,
            which explains the "only initial AirPlay fails" behavior.

            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (WebCore::MediaSessionManageriOS::activeVideoRouteDidChange):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267148. rdar://problem/69594002

    [macOS] Limit reported macOS release to 10.15 series
    https://bugs.webkit.org/show_bug.cgi?id=216593
    <rdar://problem/68937905>
    
    Reviewed by Maciej Stachowiak.
    
    If the reported system OS is 11.0 (or beyond) report the last stable release
    of macOS.
    
    * platform/mac/UserAgentMac.mm:
    (WebCore::standardUserAgentWithApplicationName):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-16  Brent Fulgham  <bfulgham@apple.com>

            [macOS] Limit reported macOS release to 10.15 series
            https://bugs.webkit.org/show_bug.cgi?id=216593
            <rdar://problem/68937905>

            Reviewed by Maciej Stachowiak.

            If the reported system OS is 11.0 (or beyond) report the last stable release
            of macOS.

            * platform/mac/UserAgentMac.mm:
            (WebCore::standardUserAgentWithApplicationName):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267002. rdar://problem/69594199

    Overflow:scroll rubberbanding is interrupted by post-layout scrolling
    https://bugs.webkit.org/show_bug.cgi?id=216463
    <rdar://problem/67095741>
    
    Reviewed by Darin Adler.
    
    When rubberbanding overflow:scroll RenderLayer has an overscrolled scroll offset.
    If RenderLayer::updateScrollInfoAfterLayout() happens when in this state, it can
    clamp the scroll offset, causing the rubberband to collapse which interferes with
    the user interaction. This happend on Gmail when composing a reply.
    
    Fix by tracking the rubberbanding state in the scrolling tree, and having RenderLayer
    query this state via the ScrollingCoordinator. RenderLayer::updateScrollInfoAfterLayout()
    already tested isRubberBandInProgress(). This is similar to how isUserScrollInProgress()
    and isScrollSnapInProgress() work.
    
    This patch also fixes the tracking of rubberbanding state. Previously setMainFrameIsRubberBanding()
    was just based on when the timer was started and stopped, which did not match the
    implementation of ScrollController::isRubberBandInProgress(). Now ScrollController
    correctly notifies its clients when the rubberbanding state changes by updating that
    state whenever any of the conditions consulted in isRubberBandInProgressInternal() change.
    
    Source/WebCore:
    
    I tried to make tests for this, but the timing of wheel and scroll event delivery makes
    reliable detection of interrupted rubberbands impossible in WebKitTestRunner.
    
    * page/FrameView.cpp:
    (WebCore::FrameView::isRubberBandInProgress const):
    * page/scrolling/AsyncScrollingCoordinator.cpp:
    (WebCore::AsyncScrollingCoordinator::isRubberBandInProgress const):
    * page/scrolling/AsyncScrollingCoordinator.h:
    * page/scrolling/ScrollingCoordinator.h:
    (WebCore::ScrollingCoordinator::isRubberBandInProgress const):
    * page/scrolling/ScrollingTree.cpp:
    (WebCore::ScrollingTree::isRubberBandInProgressForNode):
    (WebCore::ScrollingTree::setRubberBandingInProgressForNode):
    (WebCore::ScrollingTree::isRubberBandInProgress): Deleted.
    (WebCore::ScrollingTree::setMainFrameIsRubberBanding): Deleted.
    * page/scrolling/ScrollingTree.h:
    * page/scrolling/ScrollingTreeScrollingNode.cpp:
    (WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren):
    * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
    (WebCore::ScrollingTreeFrameScrollingNodeMac::currentScrollPositionChanged):
    (WebCore::ScrollingTreeFrameScrollingNodeMac::updateMainFramePinAndRubberbandState):
    * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.h:
    * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm:
    (WebCore::ScrollingTreeOverflowScrollingNodeMac::currentScrollPositionChanged):
    * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.h:
    * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm:
    (WebCore::ScrollingTreeScrollingNodeDelegateMac::currentScrollPositionChanged):
    (WebCore::ScrollingTreeScrollingNodeDelegateMac::isRubberBandInProgress const):
    (WebCore::ScrollingTreeScrollingNodeDelegateMac::didStopRubberbandSnapAnimation):
    (WebCore::ScrollingTreeScrollingNodeDelegateMac::rubberBandingStateChanged):
    * platform/ScrollAnimator.cpp:
    (WebCore::ScrollAnimator::notifyPositionChanged):
    * platform/cocoa/ScrollController.h:
    (WebCore::ScrollControllerClient::rubberBandingStateChanged):
    * platform/cocoa/ScrollController.mm:
    (WebCore::ScrollController::handleWheelEvent):
    (WebCore::ScrollController::snapRubberBandTimerFired):
    (WebCore::ScrollController::scrollPositionChanged):
    (WebCore::ScrollController::isRubberBandInProgress const):
    (WebCore::ScrollController::stopSnapRubberbandTimer):
    (WebCore::ScrollController::isRubberBandInProgressInternal const):
    (WebCore::ScrollController::updateRubberBandingState):
    (WebCore::ScrollController::updateGestureInProgressState):
    * rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::isRubberBandInProgress const):
    (WebCore::RenderLayer::updateScrollInfoAfterLayout):
    
    Source/WebKit:
    
    * WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.h:
    * WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.mm:
    (WebKit::RemoteScrollingCoordinator::isRubberBandInProgress const):
    (WebKit::RemoteScrollingCoordinator::scrollingStateInUIProcessChanged):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267002 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-13  Simon Fraser  <simon.fraser@apple.com>

            Overflow:scroll rubberbanding is interrupted by post-layout scrolling
            https://bugs.webkit.org/show_bug.cgi?id=216463
            <rdar://problem/67095741>

            Reviewed by Darin Adler.

            When rubberbanding overflow:scroll RenderLayer has an overscrolled scroll offset.
            If RenderLayer::updateScrollInfoAfterLayout() happens when in this state, it can
            clamp the scroll offset, causing the rubberband to collapse which interferes with
            the user interaction. This happend on Gmail when composing a reply.

            Fix by tracking the rubberbanding state in the scrolling tree, and having RenderLayer
            query this state via the ScrollingCoordinator. RenderLayer::updateScrollInfoAfterLayout()
            already tested isRubberBandInProgress(). This is similar to how isUserScrollInProgress()
            and isScrollSnapInProgress() work.

            This patch also fixes the tracking of rubberbanding state. Previously setMainFrameIsRubberBanding()
            was just based on when the timer was started and stopped, which did not match the
            implementation of ScrollController::isRubberBandInProgress(). Now ScrollController
            correctly notifies its clients when the rubberbanding state changes by updating that
            state whenever any of the conditions consulted in isRubberBandInProgressInternal() change.

            I tried to make tests for this, but the timing of wheel and scroll event delivery makes
            reliable detection of interrupted rubberbands impossible in WebKitTestRunner.

            * page/FrameView.cpp:
            (WebCore::FrameView::isRubberBandInProgress const):
            * page/scrolling/AsyncScrollingCoordinator.cpp:
            (WebCore::AsyncScrollingCoordinator::isRubberBandInProgress const):
            * page/scrolling/AsyncScrollingCoordinator.h:
            * page/scrolling/ScrollingCoordinator.h:
            (WebCore::ScrollingCoordinator::isRubberBandInProgress const):
            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::isRubberBandInProgressForNode):
            (WebCore::ScrollingTree::setRubberBandingInProgressForNode):
            (WebCore::ScrollingTree::isRubberBandInProgress): Deleted.
            (WebCore::ScrollingTree::setMainFrameIsRubberBanding): Deleted.
            * page/scrolling/ScrollingTree.h:
            * page/scrolling/ScrollingTreeScrollingNode.cpp:
            (WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren):
            * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
            (WebCore::ScrollingTreeFrameScrollingNodeMac::currentScrollPositionChanged):
            (WebCore::ScrollingTreeFrameScrollingNodeMac::updateMainFramePinAndRubberbandState):
            * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.h:
            * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm:
            (WebCore::ScrollingTreeOverflowScrollingNodeMac::currentScrollPositionChanged):
            * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.h:
            * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm:
            (WebCore::ScrollingTreeScrollingNodeDelegateMac::currentScrollPositionChanged):
            (WebCore::ScrollingTreeScrollingNodeDelegateMac::isRubberBandInProgress const):
            (WebCore::ScrollingTreeScrollingNodeDelegateMac::didStopRubberbandSnapAnimation):
            (WebCore::ScrollingTreeScrollingNodeDelegateMac::rubberBandingStateChanged):
            * platform/ScrollAnimator.cpp:
            (WebCore::ScrollAnimator::notifyPositionChanged):
            * platform/cocoa/ScrollController.h:
            (WebCore::ScrollControllerClient::rubberBandingStateChanged):
            * platform/cocoa/ScrollController.mm:
            (WebCore::ScrollController::handleWheelEvent):
            (WebCore::ScrollController::snapRubberBandTimerFired):
            (WebCore::ScrollController::scrollPositionChanged):
            (WebCore::ScrollController::isRubberBandInProgress const):
            (WebCore::ScrollController::stopSnapRubberbandTimer):
            (WebCore::ScrollController::isRubberBandInProgressInternal const):
            (WebCore::ScrollController::updateRubberBandingState):
            (WebCore::ScrollController::updateGestureInProgressState):
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::isRubberBandInProgress const):
            (WebCore::RenderLayer::updateScrollInfoAfterLayout):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266611. rdar://problem/69594191

    MediaRecorder timeslice parameter causing internal error on longer videos
    https://bugs.webkit.org/show_bug.cgi?id=216076
    <rdar://problem/68209422>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Test: http/wpt/fetch/blob-range.html
    
    * platform/network/BlobResourceHandle.cpp:
    (WebCore::BlobResourceHandle::readDataAsync):
    
    Source/WebKit:
    
    Test: http/wpt/fetch/blob-range.html
    
    * NetworkProcess/NetworkDataTaskBlob.cpp:
    (WebKit::NetworkDataTaskBlob::readData):
    readData can be re-entrant so we need to reset m_currentItemReadSize before consuming data.
    
    LayoutTests:
    
    * http/wpt/fetch/blob-range-expected.txt: Added.
    * http/wpt/fetch/blob-range.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266611 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-04  Youenn Fablet  <youenn@apple.com>

            MediaRecorder timeslice parameter causing internal error on longer videos
            https://bugs.webkit.org/show_bug.cgi?id=216076
            <rdar://problem/68209422>

            Reviewed by Eric Carlson.

            Test: http/wpt/fetch/blob-range.html

            * platform/network/BlobResourceHandle.cpp:
            (WebCore::BlobResourceHandle::readDataAsync):

2020-09-27  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266312. rdar://problem/69594218

    [macOS] AirPlay device name is wrong when playing to multiple devices
    https://bugs.webkit.org/show_bug.cgi?id=215952
    <rdar://problem/66930799>
    
    Reviewed by Jer Noble.
    
    Tested manually because this requires a specific hardware setup.
    
    * platform/graphics/avfoundation/MediaPlaybackTargetCocoa.mm:
    (WebCore::MediaPlaybackTargetCocoa::deviceName const): If the AVOutputContext
    supports multiple output devices, create the device name by concatenating the names
    of all of the active output devices.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-28  Eric Carlson  <eric.carlson@apple.com>

            [macOS] AirPlay device name is wrong when playing to multiple devices
            https://bugs.webkit.org/show_bug.cgi?id=215952
            <rdar://problem/66930799>

            Reviewed by Jer Noble.

            Tested manually because this requires a specific hardware setup.

            * platform/graphics/avfoundation/MediaPlaybackTargetCocoa.mm:
            (WebCore::MediaPlaybackTargetCocoa::deviceName const): If the AVOutputContext
            supports multiple output devices, create the device name by concatenating the names
            of all of the active output devices.

2020-09-25  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267067. rdar://problem/69586680

    REGRESSION (Async overflow scroll): Code snippets on getkirby.com appear and disappear as content is scrolled
    https://bugs.webkit.org/show_bug.cgi?id=216490
    <rdar://problem/67018073>
    
    Reviewed by Zalan Bujtas.
    Source/WebCore:
    
    The content in question had a z-order layer tree like this:
    
        A (0,0) width=997 height=829 (layerID 20) {sc 2} RenderView
          + B (0,0) width=997 height=8 RenderBlock  HTML  class='no-js'
            + C (0,0) width=997 height=829 RenderFlexibleBox  MAIN
              n D (0,0) width=256 height=829 RenderFlexibleBox  NAV  class='left panel'
                n E (0,0) width=256 height=829 (layerID 25) {sc 3} RenderBlock  DIV  class='scroller'
              n F (256,0) width=741 height=829 RenderFlexibleBox  ARTICLE  class='main panel'
                n G (0,0) width=741 height=829 (layerID 26) {sc 4} RenderBlock  DIV  class='scroller'
                  n H (0,-816) width=741 height=2810 RenderBlock  DIV  class='article-content'
            + I (0,0) width=256 height=1000 (layerID 27) overlap RenderBlock (relative positioned)  DIV  class='content'
            + J (10,300) width=721 height=202 (layerID 28) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
            + K (10,802) width=721 height=202 (layerID 29) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
            + L (10,1304) width=721 height=202 (layerID 30) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
            + M (10,1806) width=721 height=202 (layerID 31) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
            + M (10,2308) width=721 height=202 (layerID 32) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
    
    When layer 'G' is scrolled, the code would find the paint-order parent, F, which is normal-flow because it has overflow:hidden,
    and would call setDescendantsNeedUpdateBackingAndHierarchyTraversal() on it. However, that doesn't go high enough, because
    we need to update J-M since their ancestor clipping stacks have geometry that relies on the scroll position of G. If we don't
    update that geometry, GraphicsLayers have an incorrect notion of what's visible, and we don't attach backing store.
    
    The fix is to climb up to the stacking context B and call setDescendantsNeedUpdateBackingAndHierarchyTraversal() on it.
    
    Test: compositing/scrolling/async-overflow-scrolling/nested-scrollers-backing-attachment.html
    
    * rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::scrollTo):
    
    LayoutTests:
    
    * compositing/scrolling/async-overflow-scrolling/nested-scrollers-backing-attachment-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/nested-scrollers-backing-attachment.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267067 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-14  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (Async overflow scroll): Code snippets on getkirby.com appear and disappear as content is scrolled
            https://bugs.webkit.org/show_bug.cgi?id=216490
            <rdar://problem/67018073>

            Reviewed by Zalan Bujtas.

            The content in question had a z-order layer tree like this:

                A (0,0) width=997 height=829 (layerID 20) {sc 2} RenderView
                  + B (0,0) width=997 height=8 RenderBlock  HTML  class='no-js'
                    + C (0,0) width=997 height=829 RenderFlexibleBox  MAIN
                      n D (0,0) width=256 height=829 RenderFlexibleBox  NAV  class='left panel'
                        n E (0,0) width=256 height=829 (layerID 25) {sc 3} RenderBlock  DIV  class='scroller'
                      n F (256,0) width=741 height=829 RenderFlexibleBox  ARTICLE  class='main panel'
                        n G (0,0) width=741 height=829 (layerID 26) {sc 4} RenderBlock  DIV  class='scroller'
                          n H (0,-816) width=741 height=2810 RenderBlock  DIV  class='article-content'
                    + I (0,0) width=256 height=1000 (layerID 27) overlap RenderBlock (relative positioned)  DIV  class='content'
                    + J (10,300) width=721 height=202 (layerID 28) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
                    + K (10,802) width=721 height=202 (layerID 29) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
                    + L (10,1304) width=721 height=202 (layerID 30) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
                    + M (10,1806) width=721 height=202 (layerID 31) overlap RenderBlock (relative positioned)  DIV  class='relative-box'
                    + M (10,2308) width=721 height=202 (layerID 32) overlap RenderBlock (relative positioned)  DIV  class='relative-box'

            When layer 'G' is scrolled, the code would find the paint-order parent, F, which is normal-flow because it has overflow:hidden,
            and would call setDescendantsNeedUpdateBackingAndHierarchyTraversal() on it. However, that doesn't go high enough, because
            we need to update J-M since their ancestor clipping stacks have geometry that relies on the scroll position of G. If we don't
            update that geometry, GraphicsLayers have an incorrect notion of what's visible, and we don't attach backing store.

            The fix is to climb up to the stacking context B and call setDescendantsNeedUpdateBackingAndHierarchyTraversal() on it.

            Test: compositing/scrolling/async-overflow-scrolling/nested-scrollers-backing-attachment.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::scrollTo):

2020-09-25  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266923. rdar://problem/69586712

    REGRESSION (Async overflow scroll): Mouse wheel scrolling over an "always-on" overflow scrollbar doesn't work
    https://bugs.webkit.org/show_bug.cgi?id=216381
    <rdar://problem/68593743>
    
    Reviewed by Antti Koivisto.
    
    Source/WebCore:
    
    The scrollbar and scroll corner layers need event regions and scrollingNodeIDs so that
    we hit-test them via CA layers and find the right scrolling node.
    
    Test: fast/scrolling/mac/mousewheel-over-scrollbar.html
    
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::updateAfterDescendants):
    (WebCore::RenderLayerBacking::updateEventRegion):
    (WebCore::RenderLayerBacking::detachFromScrollingCoordinator):
    (WebCore::RenderLayerBacking::setScrollingNodeIDForRole):
    
    LayoutTests:
    
    * fast/scrolling/mac/border-radius-event-region-expected.txt:
    * fast/scrolling/mac/event-region-scrolled-contents-layer-expected.txt:
    * fast/scrolling/mac/event-region-subscroller-overflow-expected.txt:
    * fast/scrolling/mac/event-region-visibility-hidden-expected.txt:
    * fast/scrolling/mac/mousewheel-over-scrollbar-expected.txt: Added.
    * fast/scrolling/mac/mousewheel-over-scrollbar.html: Added.
    * fast/scrolling/mac/negative-z-index-overflow-scroll-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266923 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-11  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (Async overflow scroll): Mouse wheel scrolling over an "always-on" overflow scrollbar doesn't work
            https://bugs.webkit.org/show_bug.cgi?id=216381
            <rdar://problem/68593743>

            Reviewed by Antti Koivisto.

            The scrollbar and scroll corner layers need event regions and scrollingNodeIDs so that
            we hit-test them via CA layers and find the right scrolling node.

            Test: fast/scrolling/mac/mousewheel-over-scrollbar.html

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateAfterDescendants):
            (WebCore::RenderLayerBacking::updateEventRegion):
            (WebCore::RenderLayerBacking::detachFromScrollingCoordinator):
            (WebCore::RenderLayerBacking::setScrollingNodeIDForRole):

2020-09-25  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266884. rdar://problem/69583178

    Revert accidental hard-coding of compositing logging from r266825.
    
    * platform/Logging.cpp:
    (WebCore::initializeLogChannelsIfNecessary):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Simon Fraser  <simon.fraser@apple.com>

            Revert accidental hard-coding of compositing logging from r266825.

            * platform/Logging.cpp:
            (WebCore::initializeLogChannelsIfNecessary):

2020-09-25  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266825. rdar://problem/69583178

    REGRESSION (Async overflow scroll): Truncated scrollbars in facebook chat
    https://bugs.webkit.org/show_bug.cgi?id=216294
    <rdar://problem/61918702>
    
    Reviewed by Antti Koivisto.
    
    Source/WebCore:
    
    When both async overflow scroll and overlay scrollbars are enabled, it's possible for
    composited layers that are later in z-order than the overflow to overlap the scrollbars
    (overflow does not create stacking context, so they are later siblings to the overflow).
    
    To fix this we have to hoist the layer that hosts the overflow controls above all later layers
    which belong to contents scrolled by this overflow. We know which layers these are; they have
    ancestor clippings stacks that reference the overflow layer.
    
    This overflow controls layer hoisting happens in the context of the enclosing composited layer.
    
    So to fix this RenderLayerCompositor::updateBackingAndHierarchy() tracks these layers that belong to
    an overflow scroll. RenderLayerCompositor::adjustOverflowScrollbarContainerLayers() uses them to find
    the overflow scroll layers whose controls need hoisting, and where to insert those overflow controls
    hosting layers in the sublayers list of the enclosing composited layer.
    
    An additional source of complexity occurs with overflow scroll nested inside another scroller or
    overflow:hidden (in the same composited stacking context): the overflow controls reparenting is hoisting
    that layer up, so that layer itself needs additional layers to clip it (essentially the overflow control
    layer behaves like a later sibling that needs its own ancestor clipping stack). When this occurs,
    RenderLayerBacking creates an additional "ancestor clipping stack" in m_overflowControlsHostLayerAncestorClippingStack
    which is a parallel stack to m_ancestorClippingStack, but with its own set of clipping layers. At some point
    this will also need scrolling tree nodes created for it. Some minor refactoring helps share code for
    the two LayerAncestorClippingStacks.
    
    This new code all runs late in the compositing update for a given layer, which is not ideal; we replicate
    some code from updateGeometry() and updateInternalHierarchy(). Ideally we'd be able to know at
    computeCompositingRequirements() time if we need to do layer hoisting and ancestor clipping stack duplication,
    but that proves hard because of ordering dependencies.
    
    Tests: compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-dynamic.html
           compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-inside-hidden.html
           compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-nested.html
           compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar.html
           compositing/scrolling/async-overflow-scrolling/transform-change-scrollbar-position.html
    
    * rendering/LayerAncestorClippingStack.cpp:
    (WebCore::LayerAncestorClippingStack::compositedClipData const):
    * rendering/LayerAncestorClippingStack.h:
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::updateConfiguration):
    (WebCore::RenderLayerBacking::updateGeometry):
    (WebCore::RenderLayerBacking::adjustOverflowControlsPositionRelativeToAncestor):
    (WebCore::RenderLayerBacking::updateInternalHierarchy):
    (WebCore::RenderLayerBacking::updateAncestorClippingStack):
    (WebCore::RenderLayerBacking::ensureOverflowControlsHostLayerAncestorClippingStack):
    (WebCore::RenderLayerBacking::ensureClippingStackLayers):
    (WebCore::RenderLayerBacking::removeClippingStackLayers):
    (WebCore::RenderLayerBacking::connectClippingStackLayers):
    (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
    (WebCore::RenderLayerBacking::updateAncestorClipping):
    (WebCore::RenderLayerBacking::offsetRelativeToRendererOriginForDescendantLayers const):
    * rendering/RenderLayerBacking.h:
    * rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::UpdateBackingTraversalState::UpdateBackingTraversalState):
    (WebCore::RenderLayerCompositor::UpdateBackingTraversalState::stateForDescendants const):
    (WebCore::RenderLayerCompositor::updateBackingAndHierarchy):
    (WebCore::RenderLayerCompositor::adjustOverflowScrollbarContainerLayers):
    (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole):
    * rendering/RenderLayerCompositor.h:
    
    LayoutTests:
    
    Some new tests, and new baselines for tests that have different layer trees now.
    
    * compositing/layer-creation/clipping-scope/nested-scroller-overlap-expected.txt:
    * compositing/layer-creation/clipping-scope/overlap-constrained-inside-scroller-expected.txt:
    * compositing/layer-creation/clipping-scope/scroller-with-negative-z-children-expected.txt:
    * compositing/overflow/scrolling-content-clip-to-viewport-expected.txt:
    * compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow-clipped-by-scroll-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/clipped-layer-in-overflow-nested-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-for-negative-z-in-scroller-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-clip-to-hidden-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-clip-to-visible-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-gain-clipping-layer-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-in-clipped-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/layer-in-overflow-lose-clipping-layer-expected.txt:
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-dynamic-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-dynamic.html: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-inside-hidden-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-inside-hidden.html: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-nested-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-nested.html: Added.
    * compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar.html: Added.
    * compositing/scrolling/async-overflow-scrolling/transform-change-scrollbar-position-expected.txt: Added.
    * compositing/scrolling/async-overflow-scrolling/transform-change-scrollbar-position.html: Added.
    * compositing/shared-backing/overflow-scroll/composited-absolute-in-absolute-in-relative-in-scroller-expected.txt:
    * compositing/shared-backing/overflow-scroll/previous-sibling-prevents-inclusiveness-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (Async overflow scroll): Truncated scrollbars in facebook chat
            https://bugs.webkit.org/show_bug.cgi?id=216294
            <rdar://problem/61918702>

            Reviewed by Antti Koivisto.

            When both async overflow scroll and overlay scrollbars are enabled, it's possible for
            composited layers that are later in z-order than the overflow to overlap the scrollbars
            (overflow does not create stacking context, so they are later siblings to the overflow).

            To fix this we have to hoist the layer that hosts the overflow controls above all later layers
            which belong to contents scrolled by this overflow. We know which layers these are; they have
            ancestor clippings stacks that reference the overflow layer.

            This overflow controls layer hoisting happens in the context of the enclosing composited layer.

            So to fix this RenderLayerCompositor::updateBackingAndHierarchy() tracks these layers that belong to
            an overflow scroll. RenderLayerCompositor::adjustOverflowScrollbarContainerLayers() uses them to find
            the overflow scroll layers whose controls need hoisting, and where to insert those overflow controls
            hosting layers in the sublayers list of the enclosing composited layer.

            An additional source of complexity occurs with overflow scroll nested inside another scroller or
            overflow:hidden (in the same composited stacking context): the overflow controls reparenting is hoisting
            that layer up, so that layer itself needs additional layers to clip it (essentially the overflow control
            layer behaves like a later sibling that needs its own ancestor clipping stack). When this occurs,
            RenderLayerBacking creates an additional "ancestor clipping stack" in m_overflowControlsHostLayerAncestorClippingStack
            which is a parallel stack to m_ancestorClippingStack, but with its own set of clipping layers. At some point
            this will also need scrolling tree nodes created for it. Some minor refactoring helps share code for
            the two LayerAncestorClippingStacks.

            This new code all runs late in the compositing update for a given layer, which is not ideal; we replicate
            some code from updateGeometry() and updateInternalHierarchy(). Ideally we'd be able to know at
            computeCompositingRequirements() time if we need to do layer hoisting and ancestor clipping stack duplication,
            but that proves hard because of ordering dependencies.

            Tests: compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-dynamic.html
                   compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-inside-hidden.html
                   compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar-nested.html
                   compositing/scrolling/async-overflow-scrolling/overlapped-overlay-scrollbar.html
                   compositing/scrolling/async-overflow-scrolling/transform-change-scrollbar-position.html

            * rendering/LayerAncestorClippingStack.cpp:
            (WebCore::LayerAncestorClippingStack::compositedClipData const):
            * rendering/LayerAncestorClippingStack.h:
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateConfiguration):
            (WebCore::RenderLayerBacking::updateGeometry):
            (WebCore::RenderLayerBacking::adjustOverflowControlsPositionRelativeToAncestor):
            (WebCore::RenderLayerBacking::updateInternalHierarchy):
            (WebCore::RenderLayerBacking::updateAncestorClippingStack):
            (WebCore::RenderLayerBacking::ensureOverflowControlsHostLayerAncestorClippingStack):
            (WebCore::RenderLayerBacking::ensureClippingStackLayers):
            (WebCore::RenderLayerBacking::removeClippingStackLayers):
            (WebCore::RenderLayerBacking::connectClippingStackLayers):
            (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
            (WebCore::RenderLayerBacking::updateAncestorClipping):
            (WebCore::RenderLayerBacking::offsetRelativeToRendererOriginForDescendantLayers const):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::UpdateBackingTraversalState::UpdateBackingTraversalState):
            (WebCore::RenderLayerCompositor::UpdateBackingTraversalState::stateForDescendants const):
            (WebCore::RenderLayerCompositor::updateBackingAndHierarchy):
            (WebCore::RenderLayerCompositor::adjustOverflowScrollbarContainerLayers):
            (WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole):
            * rendering/RenderLayerCompositor.h:

2020-09-25  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266148. rdar://problem/69583151

    Font loads quickly followed by navigations may fail indefinitely
    <rdar://problem/65560550> and https://bugs.webkit.org/show_bug.cgi?id=215435
    
    Reviewed by Myles C. Maxfield.
    
    Source/WebCore:
    
    Second take at this.
    
    Myles took the first swipe at this, but a conflict with SuspendableTimer caused issues
    in the form of layout test asserts with
    http/tests/security/navigate-when-restoring-cached-page.html
    
    His original ChangeLog entry:
    
    Font loads are coalesced using a zero-delay timer. However, that zero-delay timer
    can fire while the page is in the middle of a navigation, which will cause the font
    loads to fail. Then, the second page can request those same fonts, which are marked
    as failed, and as such will never actually load/use the desired web font.
    
    This patch just stops the zero-delay timer during navigations, and resumes it
    when resuming the document. This means:
    
    1. The second page in the above story will not see that the font has failed, or
    even started, and will then re-request the font and load it successfully
    2. If the user goes "back" to the previous page, the zero-delay timer is restarted,
    the CachedFont realizes it's already succeeded, and the previous page is rendered
    as expected.
    
    Test: fast/loader/font-load-timer.html
    
    ---
    
    Now the explanation of the failure it caused:
    The font loading timer was a SuspendableTimer, which is an ActiveDOMObject.
    
    An ActiveDOMObject was used to make sure the delayed font loads play well with the
    page cache, which is still necessary.
    
    But we also still need to suspend the timer manually when "stopLoading()" is called,
    which doesn't play well with ActiveDOMObject's automatic suspend/resume.
    
    My solution:
    - Make the timer "just a normal timer"
    - Make CSSFontSelector itself the ActiveDOMObject
    - Let DocumentLoader explicitly pause the font load timer
    - Rely on ActiveDOMObject to resume the timer
    
    These keep the bug fixed and resolve the layout test ASSERT seen with
    http/tests/security/navigate-when-restoring-cached-page.html
    
    * css/CSSFontSelector.cpp:
    (WebCore::CSSFontSelector::CSSFontSelector):
    (WebCore::CSSFontSelector::clearDocument):
    (WebCore::CSSFontSelector::beginLoadingFontSoon):
    (WebCore::CSSFontSelector::suspendFontLoadingTimer):
    (WebCore::CSSFontSelector::fontLoadingTimerFired):
    (WebCore::CSSFontSelector::stop):
    (WebCore::CSSFontSelector::suspend):
    (WebCore::CSSFontSelector::resume):
    (WebCore::CSSFontSelector::beginLoadTimerFired): Deleted.
    * css/CSSFontSelector.h:
    * loader/DocumentLoader.cpp:
    (WebCore::DocumentLoader::stopLoading):
    
    LayoutTests:
    
    1) The page has some content that has “font-family: WebFont” but there are no @font-face blocks on the page
    2) In script, after the page has loaded, add an @font-face rule to the page with “font-family: WebFont” and some valid font URL
    3) Synchronously, within the same turn of the run loop, trigger a synchronous layout of the element (using offsetWidth or something). This will add the font to the 0-delay time work list.
    4) Synchronously, within the same turn of the run loop, navigate to a second page that doesn’t use the web font.
    5) The second page waits some small-but-positive amount of time. This will cause the 0-delay timer to fire, but because the page is in the middle of navigating, the font load should fail.
    6) The second page adds the same @font-face rule to itself using script. This should pull the same (failed) CachedResource object out of the memory cache.
    7) Use the CSS Font Loading API to wait for the font load to complete
    8) Make sure that the font is used on the second page (as a reference test). Today, the second page’s font load will fail because it pulled the failed font out of the memory cache. The test makes sure the second page’s font load succeeds.
    
    * fast/loader/font-load-timer-expected.html: Added.
    * fast/loader/font-load-timer.html: Added.
    * fast/loader/resources/font-load-timer-navigation-destination.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Brady Eidson  <beidson@apple.com>

            Font loads quickly followed by navigations may fail indefinitely
            <rdar://problem/65560550> and https://bugs.webkit.org/show_bug.cgi?id=215435

            Reviewed by Myles C. Maxfield.

            Second take at this.

            Myles took the first swipe at this, but a conflict with SuspendableTimer caused issues
            in the form of layout test asserts with
            http/tests/security/navigate-when-restoring-cached-page.html

            His original ChangeLog entry:

            Font loads are coalesced using a zero-delay timer. However, that zero-delay timer
            can fire while the page is in the middle of a navigation, which will cause the font
            loads to fail. Then, the second page can request those same fonts, which are marked
            as failed, and as such will never actually load/use the desired web font.

            This patch just stops the zero-delay timer during navigations, and resumes it
            when resuming the document. This means:

            1. The second page in the above story will not see that the font has failed, or
            even started, and will then re-request the font and load it successfully
            2. If the user goes "back" to the previous page, the zero-delay timer is restarted,
            the CachedFont realizes it's already succeeded, and the previous page is rendered
            as expected.

            Test: fast/loader/font-load-timer.html

            ---

            Now the explanation of the failure it caused:
            The font loading timer was a SuspendableTimer, which is an ActiveDOMObject.

            An ActiveDOMObject was used to make sure the delayed font loads play well with the
            page cache, which is still necessary.

            But we also still need to suspend the timer manually when "stopLoading()" is called,
            which doesn't play well with ActiveDOMObject's automatic suspend/resume.

            My solution:
            - Make the timer "just a normal timer"
            - Make CSSFontSelector itself the ActiveDOMObject
            - Let DocumentLoader explicitly pause the font load timer
            - Rely on ActiveDOMObject to resume the timer

            These keep the bug fixed and resolve the layout test ASSERT seen with
            http/tests/security/navigate-when-restoring-cached-page.html

            * css/CSSFontSelector.cpp:
            (WebCore::CSSFontSelector::CSSFontSelector):
            (WebCore::CSSFontSelector::clearDocument):
            (WebCore::CSSFontSelector::beginLoadingFontSoon):
            (WebCore::CSSFontSelector::suspendFontLoadingTimer):
            (WebCore::CSSFontSelector::fontLoadingTimerFired):
            (WebCore::CSSFontSelector::stop):
            (WebCore::CSSFontSelector::suspend):
            (WebCore::CSSFontSelector::resume):
            (WebCore::CSSFontSelector::beginLoadTimerFired): Deleted.
            * css/CSSFontSelector.h:
            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::stopLoading):

2020-09-22  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267106. rdar://problem/69381319

    CRASH: Exception thrown from -[AVContentKeyRequest makeStreamingContentKeyRequestDataForApp:contentIdentifier:options:completionHandler:]
    https://bugs.webkit.org/show_bug.cgi?id=216580
    <rdar://problem/68866834>
    
    Reviewed by Eric Carlson.
    
    Protect against undocumented exceptions thrown from AVContentKeySession (and related) APIs by wrapping in @try/@catch blocks and firing
    the correct failure callbacks if an exception is encountered.
    
    * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRequest):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRequests):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRenewingRequest):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267106 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-15  Jer Noble  <jer.noble@apple.com>

            CRASH: Exception thrown from -[AVContentKeyRequest makeStreamingContentKeyRequestDataForApp:contentIdentifier:options:completionHandler:]
            https://bugs.webkit.org/show_bug.cgi?id=216580
            <rdar://problem/68866834>

            Reviewed by Eric Carlson.

            Protect against undocumented exceptions thrown from AVContentKeySession (and related) APIs by wrapping in @try/@catch blocks and firing
            the correct failure callbacks if an exception is encountered.

            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRequest):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRequests):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRenewingRequest):

2020-09-22  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266689. rdar://problem/69382883

    [MotionMark - Multiply] Web process spends ~1% of total samples in PropertyCascade::resolveDirectionAndWritingMode
    https://bugs.webkit.org/show_bug.cgi?id=216223
    
    Reviewed by Darin Adler.
    
    A few subtests in MotionMark (Leaves, Focus, Design, and especially Multiply) spend large amounts of time in
    style resolution (`Document::resolveStyle`) due to constant style changes across many elements during every
    frame. In Multiply, ~3-4% of the time underneath `Document::resolveStyle` is spent resolving direction and
    writing modes inside `PropertyCascade::resolveDirectionAndWritingMode` (i.e., ~2.3 million invocations). This
    helper function is responsible for computing the text direction and CSS writing mode that is used to resolve
    direction-aware CSS properties (which are enumerated in `CSSProperty::isDirectionAwareProperty`). Resolving the
    direction and writing mode involves iterating over all of the matched CSS properties (`m_matchResult`) in the
    property cascade in search of CSS properties for writing and direction, which can be relatively expensive when
    there are lots of properties in the cascade.
    
    However, if there are no direction-aware CSS properties in the cascade, this work can actually be elided; to
    achieve this, we can store the inherited `Direction` in `m_direction`, and then lazily resolve it if needed.
    
    I measured this locally to yield a little under ~1% in the Multiply subtest in MotionMark. Otherwise, there is
    no change in behavior; see below for more details.
    
    * style/PropertyCascade.cpp:
    (WebCore::Style::PropertyCascade::PropertyCascade):
    (WebCore::Style::PropertyCascade::set):
    
    If we encounter a direction-aware CSS property, then use `direction()` to ensure that the direction and writing
    mode are resolved.
    
    (WebCore::Style::PropertyCascade::direction const):
    
    Make this getter call `resolveDirectionAndWritingMode` if needed.
    
    * style/PropertyCascade.h:
    
    Add a new `bool` member to keep track of whether or not the CSS direction has not yet been resolved. Note that
    since this member variable fits within the padding after `Direction m_direction;`, this class is still the same
    size.
    
    (WebCore::Style::PropertyCascade::direction const): Deleted.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266689 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-06  Wenson Hsieh  <wenson_hsieh@apple.com>

            [MotionMark - Multiply] Web process spends ~1% of total samples in PropertyCascade::resolveDirectionAndWritingMode
            https://bugs.webkit.org/show_bug.cgi?id=216223

            Reviewed by Darin Adler.

            A few subtests in MotionMark (Leaves, Focus, Design, and especially Multiply) spend large amounts of time in
            style resolution (`Document::resolveStyle`) due to constant style changes across many elements during every
            frame. In Multiply, ~3-4% of the time underneath `Document::resolveStyle` is spent resolving direction and
            writing modes inside `PropertyCascade::resolveDirectionAndWritingMode` (i.e., ~2.3 million invocations). This
            helper function is responsible for computing the text direction and CSS writing mode that is used to resolve
            direction-aware CSS properties (which are enumerated in `CSSProperty::isDirectionAwareProperty`). Resolving the
            direction and writing mode involves iterating over all of the matched CSS properties (`m_matchResult`) in the
            property cascade in search of CSS properties for writing and direction, which can be relatively expensive when
            there are lots of properties in the cascade.

            However, if there are no direction-aware CSS properties in the cascade, this work can actually be elided; to
            achieve this, we can store the inherited `Direction` in `m_direction`, and then lazily resolve it if needed.

            I measured this locally to yield a little under ~1% in the Multiply subtest in MotionMark. Otherwise, there is
            no change in behavior; see below for more details.

            * style/PropertyCascade.cpp:
            (WebCore::Style::PropertyCascade::PropertyCascade):
            (WebCore::Style::PropertyCascade::set):

            If we encounter a direction-aware CSS property, then use `direction()` to ensure that the direction and writing
            mode are resolved.

            (WebCore::Style::PropertyCascade::direction const):

            Make this getter call `resolveDirectionAndWritingMode` if needed.

            * style/PropertyCascade.h:

            Add a new `bool` member to keep track of whether or not the CSS direction has not yet been resolved. Note that
            since this member variable fits within the padding after `Direction m_direction;`, this class is still the same
            size.

            (WebCore::Style::PropertyCascade::direction const): Deleted.

2020-09-22  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266353. rdar://problem/69382920

    Optimize the implementation of TransformationMatrix::rotate(double)
    https://bugs.webkit.org/show_bug.cgi?id=215994
    
    Reviewed by Tim Horton.
    
    TransformationMatrix::rotate(angle) currently just calls TransformationMatrix::rotate3d(0, 0, 1, angle), which
    has a fast path for the case where we're rotating about the z-axis. However, we can make this *slightly* faster
    by omitting the hypotenuse computation, several floating point comparisons, and several assignments in this case
    because we already know that we're just rotating about the z-axis.
    
    This is a small (but measurable) improvement on the Multiply subtest of MotionMark, which applies a little over
    3 million rotation transformations over the course of 30 seconds.
    
    * platform/graphics/transforms/RotateTransformOperation.h:
    
    Instead of calling `rotate3d`, just have `rotate` directly call `multiply` with the following
    `TransformationMatrix`:
    ```
    [[  cos(z)  sin(z)  0   0 ]
     [  -sin(z) cos(z)  0   0 ]
     [  0       0       1   0 ]
     [  0       0       0   1 ]]
    ```
    ...where `z` is the angle of rotation, in radians.
    
    * platform/graphics/transforms/TransformationMatrix.cpp:
    (WebCore::TransformationMatrix::rotate):
    * platform/graphics/transforms/TransformationMatrix.h:
    (WebCore::TransformationMatrix::rotate): Deleted.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-31  Wenson Hsieh  <wenson_hsieh@apple.com>

            Optimize the implementation of TransformationMatrix::rotate(double)
            https://bugs.webkit.org/show_bug.cgi?id=215994

            Reviewed by Tim Horton.

            TransformationMatrix::rotate(angle) currently just calls TransformationMatrix::rotate3d(0, 0, 1, angle), which
            has a fast path for the case where we're rotating about the z-axis. However, we can make this *slightly* faster
            by omitting the hypotenuse computation, several floating point comparisons, and several assignments in this case
            because we already know that we're just rotating about the z-axis.

            This is a small (but measurable) improvement on the Multiply subtest of MotionMark, which applies a little over
            3 million rotation transformations over the course of 30 seconds.

            * platform/graphics/transforms/RotateTransformOperation.h:

            Instead of calling `rotate3d`, just have `rotate` directly call `multiply` with the following
            `TransformationMatrix`:
            ```
            [[  cos(z)  sin(z)  0   0 ]
             [  -sin(z) cos(z)  0   0 ]
             [  0       0       1   0 ]
             [  0       0       0   1 ]]
            ```
            ...where `z` is the angle of rotation, in radians.

            * platform/graphics/transforms/TransformationMatrix.cpp:
            (WebCore::TransformationMatrix::rotate):
            * platform/graphics/transforms/TransformationMatrix.h:
            (WebCore::TransformationMatrix::rotate): Deleted.

2020-09-22  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266198. rdar://problem/69382901

    Avoid unnecessarily copying a Vector in WebCore::transformsForValue
    https://bugs.webkit.org/show_bug.cgi?id=215858
    
    Reviewed by Tim Horton.
    
    Avoid copying the `Vector` of `TransformOperation`s in this helper function by directly appending newly created
    transform operations to the given `TransformOperations`. This does, however, mean that we need to clear these
    items in the case where conversion fails and we return false.
    
    * css/TransformFunctions.cpp:
    (WebCore::transformsForValue):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Wenson Hsieh  <wenson_hsieh@apple.com>

            Avoid unnecessarily copying a Vector in WebCore::transformsForValue
            https://bugs.webkit.org/show_bug.cgi?id=215858

            Reviewed by Tim Horton.

            Avoid copying the `Vector` of `TransformOperation`s in this helper function by directly appending newly created
            transform operations to the given `TransformOperations`. This does, however, mean that we need to clear these
            items in the case where conversion fails and we return false.

            * css/TransformFunctions.cpp:
            (WebCore::transformsForValue):

2020-09-18  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266619. rdar://problem/69101154

    Add a fast path in TransformationMatrix::mapRect(const FloatRect&) for affine transformations
    https://bugs.webkit.org/show_bug.cgi?id=216139
    
    Reviewed by Tim Horton.
    
    Add a fast path when mapping 2D points through affine transformation matrices that takes advantage of both:
    1.  The predetermined 0 and 1 values in affine transformation matrices.
    2.  The fact that points in the FloatRect are aligned with x and y axes (as opposed to a FloatQuad of 4 arbitrary
        points), which allows us to avoid mapping all 4 corners of the rect through the matrix.
    
    The current implementation of this method maps each of the 4 corners through the transformation matrix, creates
    a FloatQuad using these 4 transformed points, and then asks the FloatQuad for its bounding box. This requires
    a total of 26 floating point additions, 24 multiplications and 20 comparisons, as well as a small (but
    measurable) amount of overhead when creating the FloatPoints and FloatQuad and asking for the bounding rect.
    
    We can pare this down to just 8 additions, 8 multiplications, and 4 comparisons by using a different strategy
    that instead branches on the 4 relevant matrix coefficients `a, b, c, d` (rather than the each of the final x
    and y coordinates) to determine which of the min or max x and y values to multiply in order to compute the min
    and max x and y coordinates in the final bounding rect.
    
    In a quick microbenchmark that maps FloatRects through an affine TransformationMatrix, this roughly halves the
    time spent in `TransformationMatrix::mapRect`; on the Multiply subtest of MotionMark (which invokes this method
    ~17 million times, almost entirely with affine transformation matrices), I measured a ~1% improvement.
    
    * platform/graphics/transforms/TransformationMatrix.cpp:
    (WebCore::TransformationMatrix::mapRect const):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266619 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-04  Wenson Hsieh  <wenson_hsieh@apple.com>

            Add a fast path in TransformationMatrix::mapRect(const FloatRect&) for affine transformations
            https://bugs.webkit.org/show_bug.cgi?id=216139

            Reviewed by Tim Horton.

            Add a fast path when mapping 2D points through affine transformation matrices that takes advantage of both:
            1.  The predetermined 0 and 1 values in affine transformation matrices.
            2.  The fact that points in the FloatRect are aligned with x and y axes (as opposed to a FloatQuad of 4 arbitrary
                points), which allows us to avoid mapping all 4 corners of the rect through the matrix.

            The current implementation of this method maps each of the 4 corners through the transformation matrix, creates
            a FloatQuad using these 4 transformed points, and then asks the FloatQuad for its bounding box. This requires
            a total of 26 floating point additions, 24 multiplications and 20 comparisons, as well as a small (but
            measurable) amount of overhead when creating the FloatPoints and FloatQuad and asking for the bounding rect.

            We can pare this down to just 8 additions, 8 multiplications, and 4 comparisons by using a different strategy
            that instead branches on the 4 relevant matrix coefficients `a, b, c, d` (rather than the each of the final x
            and y coordinates) to determine which of the min or max x and y values to multiply in order to compute the min
            and max x and y coordinates in the final bounding rect.

            In a quick microbenchmark that maps FloatRects through an affine TransformationMatrix, this roughly halves the
            time spent in `TransformationMatrix::mapRect`; on the Multiply subtest of MotionMark (which invokes this method
            ~17 million times, almost entirely with affine transformation matrices), I measured a ~1% improvement.

            * platform/graphics/transforms/TransformationMatrix.cpp:
            (WebCore::TransformationMatrix::mapRect const):

2020-09-18  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266513. rdar://problem/69153717

    Make TransformationMatrix::inverse() faster in the case of affine transformation matrices
    https://bugs.webkit.org/show_bug.cgi?id=216101
    
    Reviewed by Tim Horton.
    
    The Multiply subtest of MotionMark places a large number of elements that are all rotated by some angle; when
    painting these, we currently spend about 7% of the time under `RenderLayer::paintLayerByApplyingTransform` just
    inverting the transformation matrix (underneath `TransformationMatrix::inverse()`) so that we can map the bounds
    of the dirty rect through this inverse.
    
    `TransformationMatrix::inverse()` currently has a fast path for identity and translation matrices that avoids
    having to fall back to the generalized 4-by-4 matrix inverse equation; this generalized algorithm works by
    dividing the entire adjoint matrix by the determinant, a process that involves nearly 1000 floating point
    additions and multiplications.
    
    However, in this case, all of the matrices are a combination of translations and rotations, which all result in
    affine transformations. As such, there's no need to fall back to the generalized algorithm for computing the
    inverse; instead, we can bail early with simpler strategy that only requires 15 floating point additions and
    multiplications.
    
    We can also take advantange of the fact that we currently go through most of the entries in the 4x4 matrix to
    determine whether the matrix is an identity or translation matrix, by introducing a new helper method that
    returns not only whether the matrix is the identity matrix or translation, but also whether the matrix is affine
    (by the definition of `TransformationMatrix::isAffine()`). Since most of the entries that need to be 1 or 0 in
    order for a matrix to be a translation matrix vs. just an affine transformation matrix are the same, this helps
    avoid some redundant checks in `TransformationMatrix::inverse()`.
    
    We also apply a similar optimization to `TransformationMatrix::isInvertible()`, reducing the multiplications and
    additions from roughly 200 to just 3.
    
    I measured this locally to be a (statistically significant) 2% improvement on Multiply.
    
    * platform/graphics/transforms/TransformationMatrix.cpp:
    (WebCore::TransformationMatrix::isInvertible const):
    (WebCore::TransformationMatrix::inverse const):
    * platform/graphics/transforms/TransformationMatrix.h:
    (WebCore::TransformationMatrix::type const):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-03  Wenson Hsieh  <wenson_hsieh@apple.com>

            Make TransformationMatrix::inverse() faster in the case of affine transformation matrices
            https://bugs.webkit.org/show_bug.cgi?id=216101

            Reviewed by Tim Horton.

            The Multiply subtest of MotionMark places a large number of elements that are all rotated by some angle; when
            painting these, we currently spend about 7% of the time under `RenderLayer::paintLayerByApplyingTransform` just
            inverting the transformation matrix (underneath `TransformationMatrix::inverse()`) so that we can map the bounds
            of the dirty rect through this inverse.

            `TransformationMatrix::inverse()` currently has a fast path for identity and translation matrices that avoids
            having to fall back to the generalized 4-by-4 matrix inverse equation; this generalized algorithm works by
            dividing the entire adjoint matrix by the determinant, a process that involves nearly 1000 floating point
            additions and multiplications.

            However, in this case, all of the matrices are a combination of translations and rotations, which all result in
            affine transformations. As such, there's no need to fall back to the generalized algorithm for computing the
            inverse; instead, we can bail early with simpler strategy that only requires 15 floating point additions and
            multiplications.

            We can also take advantange of the fact that we currently go through most of the entries in the 4x4 matrix to
            determine whether the matrix is an identity or translation matrix, by introducing a new helper method that
            returns not only whether the matrix is the identity matrix or translation, but also whether the matrix is affine
            (by the definition of `TransformationMatrix::isAffine()`). Since most of the entries that need to be 1 or 0 in
            order for a matrix to be a translation matrix vs. just an affine transformation matrix are the same, this helps
            avoid some redundant checks in `TransformationMatrix::inverse()`.

            We also apply a similar optimization to `TransformationMatrix::isInvertible()`, reducing the multiplications and
            additions from roughly 200 to just 3.

            I measured this locally to be a (statistically significant) 2% improvement on Multiply.

            * platform/graphics/transforms/TransformationMatrix.cpp:
            (WebCore::TransformationMatrix::isInvertible const):
            (WebCore::TransformationMatrix::inverse const):
            * platform/graphics/transforms/TransformationMatrix.h:
            (WebCore::TransformationMatrix::type const):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266834. rdar://problem/69101124

    REGRESSION (r260360): Ionic modal dialog doesn't animate correctly when dragged and released
    https://bugs.webkit.org/show_bug.cgi?id=216308
    <rdar://problem/68567444>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    We fixed seeking for animations with a reversed playback rate in r261637, the fix for bug 204717,
    but only looked at the animation's playback rate. However, an animation can also play in reverse
    using the "direction" property of the timing object passed to updateTiming(), so we should also
    check that it's playing forwards in order to be seeked.
    
    Test: webanimations/accelerated-animation-easing-and-direction-update.html
    
    * platform/graphics/ca/GraphicsLayerCA.cpp:
    (WebCore::GraphicsLayerCA::animationCanBeAccelerated const):
    
    LayoutTests:
    
    Add a new test that updates the "easing" and "direction" timing properties of a playing animation
    and checks that it matches the display of another animation with similar timing properties from
    the start.
    
    * platform/win/TestExpectations:
    * webanimations/accelerated-animation-easing-and-direction-update-expected.html: Added.
    * webanimations/accelerated-animation-easing-and-direction-update.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Antoine Quint  <graouts@webkit.org>

            REGRESSION (r260360): Ionic modal dialog doesn't animate correctly when dragged and released
            https://bugs.webkit.org/show_bug.cgi?id=216308
            <rdar://problem/68567444>

            Reviewed by Simon Fraser.

            We fixed seeking for animations with a reversed playback rate in r261637, the fix for bug 204717,
            but only looked at the animation's playback rate. However, an animation can also play in reverse
            using the "direction" property of the timing object passed to updateTiming(), so we should also
            check that it's playing forwards in order to be seeked.

            Test: webanimations/accelerated-animation-easing-and-direction-update.html

            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::animationCanBeAccelerated const):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266789. rdar://problem/69101080

    REGRESSION (r264856): updating easing on accelerated animation results in incorrect playback
    https://bugs.webkit.org/show_bug.cgi?id=215853
    <rdar://problem/67815853>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Stop accelerated animations if the timing function has changed in a way that makes it so that it should
    no longer play accelerated, but otherwise simply update their timing properties such that may keep
    playing.
    
    Test: webanimations/accelerated-animation-easing-update-after-pause.html
          webanimations/accelerated-animation-easing-update-steps-after-pause.html
    
    * animation/KeyframeEffect.cpp:
    (WebCore::KeyframeEffect::canBeAccelerated const):
    (WebCore::KeyframeEffect::updateAcceleratedActions):
    (WebCore::KeyframeEffect::animationDidChangeTimingProperties):
    * animation/KeyframeEffect.h:
    
    LayoutTests:
    
    Add new tests that check that updating an animation's easing does not stop it.
    
    * platform/win/TestExpectations:
    * webanimations/accelerated-animation-easing-update-after-pause-expected.html: Added.
    * webanimations/accelerated-animation-easing-update-after-pause.html: Added.
    * webanimations/accelerated-animation-easing-update-steps-after-pause-expected.html: Addded.
    * webanimations/accelerated-animation-easing-update-steps-after-pause.html: Addded.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-09  Antoine Quint  <graouts@webkit.org>

            REGRESSION (r264856): updating easing on accelerated animation results in incorrect playback
            https://bugs.webkit.org/show_bug.cgi?id=215853
            <rdar://problem/67815853>

            Reviewed by Simon Fraser.

            Stop accelerated animations if the timing function has changed in a way that makes it so that it should
            no longer play accelerated, but otherwise simply update their timing properties such that may keep
            playing.

            Test: webanimations/accelerated-animation-easing-update-after-pause.html
                  webanimations/accelerated-animation-easing-update-steps-after-pause.html

            * animation/KeyframeEffect.cpp:
            (WebCore::KeyframeEffect::canBeAccelerated const):
            (WebCore::KeyframeEffect::updateAcceleratedActions):
            (WebCore::KeyframeEffect::animationDidChangeTimingProperties):
            * animation/KeyframeEffect.h:

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266846. rdar://problem/68740511

    Don't create event regions when the page has no subscrollers
    https://bugs.webkit.org/show_bug.cgi?id=216355
    <rdar://problem/67900642>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Tests: fast/scrolling/mac/event-region-subscroller-frame.html
           fast/scrolling/mac/event-region-subscroller-overflow.html
    
    Unless the page uses features like touch-action we don't need event regions for plain main frame scrolling.
    
    * page/scrolling/AsyncScrollingCoordinator.cpp:
    (WebCore::AsyncScrollingCoordinator::hasSubscrollers const):
    * page/scrolling/AsyncScrollingCoordinator.h:
    * page/scrolling/ScrollingCoordinator.h:
    (WebCore::ScrollingCoordinator::hasSubscrollers const):
    * page/scrolling/ScrollingStateScrollingNode.cpp:
    (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
    (WebCore::ScrollingStateScrollingNode::~ScrollingStateScrollingNode):
    * page/scrolling/ScrollingStateTree.h:
    (WebCore::ScrollingStateTree::scrollingNodeCount const):
    (WebCore::ScrollingStateTree::scrollingNodeAdded):
    (WebCore::ScrollingStateTree::scrollingNodeRemoved):
    
    Count scrolling nodes in the state tree. It is updated during updateCompositingLayers, before event region generation.
    
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::maintainsEventRegion const):
    
    Don't maintain event region if there are no subscrollers and none of the other reasons were hit.
    
    * rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::updateCompositingLayers):
    
    Invalidate event regions if a subscroller appears.
    
    (WebCore::RenderLayerCompositor::invalidateEventRegionForAllFrames):
    * rendering/RenderLayerCompositor.h:
    
    LayoutTests:
    
    Add overflow scrollers to some existing tests so they still generate event regions.
    
    * fast/scrolling/ios/border-radius-event-region-expected.txt:
    * fast/scrolling/ios/border-radius-event-region.html:
    * fast/scrolling/ios/event-region-float-expected.txt:
    * fast/scrolling/ios/event-region-float.html:
    * fast/scrolling/ios/event-region-pointer-events-expected.txt:
    * fast/scrolling/ios/event-region-pointer-events.html:
    * fast/scrolling/ios/event-region-scale-transform-shared-expected.txt:
    * fast/scrolling/ios/event-region-scale-transform-shared.html:
    * fast/scrolling/ios/event-region-translate-transform-shared-expected.txt:
    * fast/scrolling/ios/event-region-translate-transform-shared.html:
    * fast/scrolling/ios/event-region-visibility-hidden-expected.txt:
    * fast/scrolling/ios/event-region-visibility-hidden.html:
    * fast/scrolling/mac/border-radius-event-region-expected.txt:
    * fast/scrolling/mac/border-radius-event-region.html:
    * fast/scrolling/mac/event-region-subscroller-frame-expected.txt: Added.
    * fast/scrolling/mac/event-region-subscroller-frame.html: Added.
    * fast/scrolling/mac/event-region-subscroller-overflow-expected.txt: Added.
    * fast/scrolling/mac/event-region-subscroller-overflow.html: Copied from LayoutTests/fast/scrolling/ios/event-region-visibility-hidden.html.
    * fast/scrolling/mac/event-region-visibility-hidden-expected.txt:
    * fast/scrolling/mac/event-region-visibility-hidden.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266846 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Antti Koivisto  <antti@apple.com>

            Don't create event regions when the page has no subscrollers
            https://bugs.webkit.org/show_bug.cgi?id=216355
            <rdar://problem/67900642>

            Reviewed by Simon Fraser.

            Tests: fast/scrolling/mac/event-region-subscroller-frame.html
                   fast/scrolling/mac/event-region-subscroller-overflow.html

            Unless the page uses features like touch-action we don't need event regions for plain main frame scrolling.

            * page/scrolling/AsyncScrollingCoordinator.cpp:
            (WebCore::AsyncScrollingCoordinator::hasSubscrollers const):
            * page/scrolling/AsyncScrollingCoordinator.h:
            * page/scrolling/ScrollingCoordinator.h:
            (WebCore::ScrollingCoordinator::hasSubscrollers const):
            * page/scrolling/ScrollingStateScrollingNode.cpp:
            (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
            (WebCore::ScrollingStateScrollingNode::~ScrollingStateScrollingNode):
            * page/scrolling/ScrollingStateTree.h:
            (WebCore::ScrollingStateTree::scrollingNodeCount const):
            (WebCore::ScrollingStateTree::scrollingNodeAdded):
            (WebCore::ScrollingStateTree::scrollingNodeRemoved):

            Count scrolling nodes in the state tree. It is updated during updateCompositingLayers, before event region generation.

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::maintainsEventRegion const):

            Don't maintain event region if there are no subscrollers and none of the other reasons were hit.

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::updateCompositingLayers):

            Invalidate event regions if a subscroller appears.

            (WebCore::RenderLayerCompositor::invalidateEventRegionForAllFrames):
            * rendering/RenderLayerCompositor.h:

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266677. rdar://problem/68740521

    [MotionMark] RenderLayer::paintLayerContents spends ~5% of the time in MonotonicTime::now() in Multiply
    https://bugs.webkit.org/show_bug.cgi?id=216190
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    In several of MotionMark's subtests (for instance, Multiply), we spent a large amount of time underneath
    `RenderLayer::paintLayerContents` due to both the large number of layers and the need to frequently repaint
    each layer (all of which are constantly being animated). Underneath this method, a nontrivial amount of time
    (~5%) is then spent grabbing the system time via `MonotonicTime::now()`.
    
    We can avoid this extra work by instead using the timestamp of the last rendering update (before we started
    painting), which we keep track of using a new member variable on `Page`. See below for more details, as well as
    the WebKit2 ChangeLog.
    
    * page/ChromeClient.h:
    (WebCore::ChromeClient::timestampForPaintFrequencyTracking const):
    
    Add a client hook to fetch the timestamp to use when tracking painting frequency. See the WebKit2 ChangeLog for
    more details.
    
    * page/Page.cpp:
    (WebCore::Page::updateRendering):
    
    Update `m_lastRenderingUpdateTimestamp`.
    
    * page/Page.h:
    (WebCore::Page::lastRenderingUpdateTimestamp const):
    * rendering/PaintFrequencyTracker.h:
    
    Drive-by cleanup: narrow the `PaintFrequency` enum to `bool` width.
    
    (WebCore::PaintFrequencyTracker::begin):
    (WebCore::SinglePaintFrequencyTracking::SinglePaintFrequencyTracking):
    * rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::paintLayerContents):
    
    Call out to the client layer to return a timestamp for tracking painting frequency. By default, this is simply
    the current time (`MonotonicTime::now()`), but ports (namely, WebKit2) may opt for a coarser granularity.
    
    (WebCore::RenderLayer::simulateFrequentPaint):
    * rendering/RenderLayer.h:
    
    Source/WebKit:
    
    * WebProcess/WebCoreSupport/WebChromeClient.cpp:
    (WebKit::WebChromeClient::timestampForPaintFrequencyTracking const):
    
    In WebKit2, we can assume (with the exception of SVG pages) that we must've performed a rendering update prior
    to tracking painting frequencies. As such, we can use the page's rendering update timestamp instead of the real
    current time (`MonotonicTime::now()`).
    
    Note that in WebKit1, it is possible for any client to force a synchronous paint of the page before the page has
    performed a rendering update, which triggers assertions in `SinglePaintFrequencyTracking::end()`. As such, we
    stick with `MonotonicTime::now()` in WebKit1.
    
    * WebProcess/WebCoreSupport/WebChromeClient.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-05  Wenson Hsieh  <wenson_hsieh@apple.com>

            [MotionMark] RenderLayer::paintLayerContents spends ~5% of the time in MonotonicTime::now() in Multiply
            https://bugs.webkit.org/show_bug.cgi?id=216190

            Reviewed by Darin Adler.

            In several of MotionMark's subtests (for instance, Multiply), we spent a large amount of time underneath
            `RenderLayer::paintLayerContents` due to both the large number of layers and the need to frequently repaint
            each layer (all of which are constantly being animated). Underneath this method, a nontrivial amount of time
            (~5%) is then spent grabbing the system time via `MonotonicTime::now()`.

            We can avoid this extra work by instead using the timestamp of the last rendering update (before we started
            painting), which we keep track of using a new member variable on `Page`. See below for more details, as well as
            the WebKit2 ChangeLog.

            * page/ChromeClient.h:
            (WebCore::ChromeClient::timestampForPaintFrequencyTracking const):

            Add a client hook to fetch the timestamp to use when tracking painting frequency. See the WebKit2 ChangeLog for
            more details.

            * page/Page.cpp:
            (WebCore::Page::updateRendering):

            Update `m_lastRenderingUpdateTimestamp`.

            * page/Page.h:
            (WebCore::Page::lastRenderingUpdateTimestamp const):
            * rendering/PaintFrequencyTracker.h:

            Drive-by cleanup: narrow the `PaintFrequency` enum to `bool` width.

            (WebCore::PaintFrequencyTracker::begin):
            (WebCore::SinglePaintFrequencyTracking::SinglePaintFrequencyTracking):
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::paintLayerContents):

            Call out to the client layer to return a timestamp for tracking painting frequency. By default, this is simply
            the current time (`MonotonicTime::now()`), but ports (namely, WebKit2) may opt for a coarser granularity.

            (WebCore::RenderLayer::simulateFrequentPaint):
            * rendering/RenderLayer.h:

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266232. rdar://problem/68178664

    Step animations invalidate style on every rendering update whether or not they need to
    https://bugs.webkit.org/show_bug.cgi?id=215229
    <rdar://problem/66636153>
    
    Reviewed by Antoine Quint.
    
    Source/WebCore:
    
    Step timing functions with transforms try and fail to start accelerated which causes them to repeatedly schedule unnecessary rendering updates.
    
    * animation/KeyframeEffect.cpp:
    (WebCore::KeyframeEffect::updateAcceleratedActions):
    
    Step timing functions are never accelerated so don't bother trying to start them in accelerated state.
    This is similar to treatmeant of unaccelerated properties.
    
    LayoutTests:
    
    * animations/steps-transform-rendering-updates-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266232 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Antti Koivisto  <antti@apple.com>

            Step animations invalidate style on every rendering update whether or not they need to
            https://bugs.webkit.org/show_bug.cgi?id=215229
            <rdar://problem/66636153>

            Reviewed by Antoine Quint.

            Step timing functions with transforms try and fail to start accelerated which causes them to repeatedly schedule unnecessary rendering updates.

            * animation/KeyframeEffect.cpp:
            (WebCore::KeyframeEffect::updateAcceleratedActions):

            Step timing functions are never accelerated so don't bother trying to start them in accelerated state.
            This is similar to treatmeant of unaccelerated properties.

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r267057. rdar://problem/69101182

    [Cocoa,HDR] HLS streams with HDR variants will not select HDR.
    https://bugs.webkit.org/show_bug.cgi?id=216203
    <rdar://problem/67438626>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    Test: http/tests/media/hls/hls-hdr-switch.html
    
    In r264710, we adopted a new API to set the preferred HDR mode for every AVPlayer created by an HTMLMediaElement. The
    MediaPlayerPrivateAVFoundationObjC object will query its parent when it creates an AVPlayer, or the MediaPlayer will
    tell the MediaPlayerPrivate... that the HDR mode changes if the AVPlayer is already created. However, in r264710, we
    neglected to cache the new value of the preferred HDR mode, so subsequent queries will just return "Standard". This means
    HDR mode will correctly be applied if it changes after the AVPlayer has been created, but not initially.
    
    * platform/graphics/MediaPlayer.cpp:
    (WebCore::MediaPlayer::setPreferredDynamicRangeMode):
    
    LayoutTests:
    
    * http/tests/media/hls/hls-hdr-switch-expected.txt: Added.
    * http/tests/media/hls/hls-hdr-switch.html: Added.
    * http/tests/media/resources/hls/green-bip.ts: Added.
    * http/tests/media/resources/hls/hdr.m3u8: Added.
    * http/tests/media/resources/hls/red-bip.ts: Added.
    * http/tests/media/resources/hls/test-live.php:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267057 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-14  Jer Noble  <jer.noble@apple.com>

            [Cocoa,HDR] HLS streams with HDR variants will not select HDR.
            https://bugs.webkit.org/show_bug.cgi?id=216203
            <rdar://problem/67438626>

            Reviewed by Darin Adler.

            Test: http/tests/media/hls/hls-hdr-switch.html

            In r264710, we adopted a new API to set the preferred HDR mode for every AVPlayer created by an HTMLMediaElement. The
            MediaPlayerPrivateAVFoundationObjC object will query its parent when it creates an AVPlayer, or the MediaPlayer will
            tell the MediaPlayerPrivate... that the HDR mode changes if the AVPlayer is already created. However, in r264710, we
            neglected to cache the new value of the preferred HDR mode, so subsequent queries will just return "Standard". This means
            HDR mode will correctly be applied if it changes after the AVPlayer has been created, but not initially.

            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::setPreferredDynamicRangeMode):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266972. rdar://problem/69101020

    REGRESSION (r255383): Transition from email to password field on login.live.com stutters after going back and forth
    https://bugs.webkit.org/show_bug.cgi?id=216368
    <rdar://problem/67019460>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Ensure we repaint before disconnecting from the backing provider layer.
    
    Test: compositing/animation/repaint-after-clearing-shared-backing.html
    
    * rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::updateBacking):
    
    LayoutTests:
    
    * compositing/animation/repaint-after-clearing-shared-backing-expected.html: Added.
    * compositing/animation/repaint-after-clearing-shared-backing.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266972 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-11  Antoine Quint  <graouts@webkit.org>

            REGRESSION (r255383): Transition from email to password field on login.live.com stutters after going back and forth
            https://bugs.webkit.org/show_bug.cgi?id=216368
            <rdar://problem/67019460>

            Reviewed by Simon Fraser.

            Ensure we repaint before disconnecting from the backing provider layer.

            Test: compositing/animation/repaint-after-clearing-shared-backing.html

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::updateBacking):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266827. rdar://problem/69101047

    [CG] REGRESSION (Big Sur): A GIF image with a finite loopCount loops an extra cycle
    https://bugs.webkit.org/show_bug.cgi?id=216018
    <rdar://problem/68304035>
    
    Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2020-09-10
    Reviewed by Tim Horton.
    
    Source/WebCore:
    
    Remove the extra 'one' we used to add to the GIF loopCount since it is
    now added by the underlying frameworks. But make sure we are compatible
    with the older versions of macOS and iOS.
    
    * platform/graphics/cg/ImageDecoderCG.cpp:
    (WebCore::ImageDecoderCG::repetitionCount const):
    
    Source/WTF:
    
    Add a new macro for the new accurate behavior of CGImageSource.
    
    Unrelated change: Fix the conditions for enabling the WebP images.
    
    * wtf/PlatformHave.h:
    
    LayoutTests:
    
    * platform/mac/TestExpectations:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266827 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Said Abou-Hallawa  <sabouhallawa@apple.com>

            [CG] REGRESSION (Big Sur): A GIF image with a finite loopCount loops an extra cycle
            https://bugs.webkit.org/show_bug.cgi?id=216018
            <rdar://problem/68304035>

            Reviewed by Tim Horton.

            Remove the extra 'one' we used to add to the GIF loopCount since it is
            now added by the underlying frameworks. But make sure we are compatible
            with the older versions of macOS and iOS.

            * platform/graphics/cg/ImageDecoderCG.cpp:
            (WebCore::ImageDecoderCG::repetitionCount const):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266752. rdar://problem/69101201

    Web process crashes at WebCore::HTMLMediaElement::prepareForVideoFullscreenStandby
    https://bugs.webkit.org/show_bug.cgi?id=216283
    
    Reviewed by Alex Christensen.
    
    * html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::prepareForVideoFullscreenStandby):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-08  Peng Liu  <peng.liu6@apple.com>

            Web process crashes at WebCore::HTMLMediaElement::prepareForVideoFullscreenStandby
            https://bugs.webkit.org/show_bug.cgi?id=216283

            Reviewed by Alex Christensen.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::prepareForVideoFullscreenStandby):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266745. rdar://problem/69100985

    Tighten checks when creating an audio buffer list
    https://bugs.webkit.org/show_bug.cgi?id=216237
    <rdar://problem/68271376>
    
    Reviewed by Geoffrey Garen.
    
    Source/WebCore:
    
    Add a routine to check there is no multiplication integer overflow.
    
    * platform/audio/cocoa/WebAudioBufferList.cpp:
    (WebCore::computeBufferSize):
    (WebCore::WebAudioBufferList::isSupportedDescription):
    (WebCore::WebAudioBufferList::setSampleCount):
    * platform/audio/cocoa/WebAudioBufferList.h:
    
    Source/WebKit:
    
    Add message checks to verify that no message integer overflows happen when processing audio buffer list messages.
    
    * GPUProcess/GPUConnectionToWebProcess.cpp:
    (WebKit::GPUConnectionToWebProcess::audioTrackRendererManager):
    * GPUProcess/webrtc/RemoteAudioMediaStreamTrackRenderer.cpp:
    (WebKit::RemoteAudioMediaStreamTrackRenderer::RemoteAudioMediaStreamTrackRenderer):
    (WebKit::RemoteAudioMediaStreamTrackRenderer::audioSamplesStorageChanged):
    (WebKit::RemoteAudioMediaStreamTrackRenderer::audioSamplesAvailable):
    * GPUProcess/webrtc/RemoteAudioMediaStreamTrackRenderer.h:
    * GPUProcess/webrtc/RemoteAudioMediaStreamTrackRendererManager.cpp:
    (WebKit::RemoteAudioMediaStreamTrackRendererManager::RemoteAudioMediaStreamTrackRendererManager):
    (WebKit::RemoteAudioMediaStreamTrackRendererManager::createRenderer):
    * GPUProcess/webrtc/RemoteAudioMediaStreamTrackRendererManager.h:
    * GPUProcess/webrtc/RemoteMediaRecorder.cpp:
    (WebKit::RemoteMediaRecorder::audioSamplesStorageChanged):
    (WebKit::RemoteMediaRecorder::audioSamplesAvailable):
    * GPUProcess/webrtc/RemoteMediaRecorder.h:
    * WebProcess/cocoa/RemoteCaptureSampleManager.cpp:
    (WebKit::RemoteCaptureSampleManager::RemoteAudio::audioSamplesAvailable):
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266745 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-08  Youenn Fablet  <youenn@apple.com>

            Tighten checks when creating an audio buffer list
            https://bugs.webkit.org/show_bug.cgi?id=216237
            <rdar://problem/68271376>

            Reviewed by Geoffrey Garen.

            Add a routine to check there is no multiplication integer overflow.

            * platform/audio/cocoa/WebAudioBufferList.cpp:
            (WebCore::computeBufferSize):
            (WebCore::WebAudioBufferList::isSupportedDescription):
            (WebCore::WebAudioBufferList::setSampleCount):
            * platform/audio/cocoa/WebAudioBufferList.h:

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266375. rdar://problem/69101035

    Avoid computing metadata for idempotent text autosizing on macOS
    https://bugs.webkit.org/show_bug.cgi?id=216011
    
    Reviewed by Darin Adler.
    
    Avoids an unnecessary call to `adjustForTextAutosizing` during style resolution on macOS, where idempotent text
    autosizing is disabled. This function call populates the `AutosizeStatus` fields on `RenderStyle` that are used
    by the idempotent text autosizing heuristic. This function call appears consistently in traces taken while
    running the Multiply subtest of MotionMark, if only for a relatively small number of samples. While
    `AutosizeStatus::computeStatus` is designed to be very cheap, it ends up being called around 1.6 million times
    over the course of the subtest.
    
    * style/StyleAdjuster.cpp:
    (WebCore::Style::Adjuster::adjust const):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-31  Wenson Hsieh  <wenson_hsieh@apple.com>

            Avoid computing metadata for idempotent text autosizing on macOS
            https://bugs.webkit.org/show_bug.cgi?id=216011

            Reviewed by Darin Adler.

            Avoids an unnecessary call to `adjustForTextAutosizing` during style resolution on macOS, where idempotent text
            autosizing is disabled. This function call populates the `AutosizeStatus` fields on `RenderStyle` that are used
            by the idempotent text autosizing heuristic. This function call appears consistently in traces taken while
            running the Multiply subtest of MotionMark, if only for a relatively small number of samples. While
            `AutosizeStatus::computeStatus` is designed to be very cheap, it ends up being called around 1.6 million times
            over the course of the subtest.

            * style/StyleAdjuster.cpp:
            (WebCore::Style::Adjuster::adjust const):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266344. rdar://problem/69101085

    Make StyleRareNonInheritedData::mask and StyleBackgroundData::background DataRefs
    https://bugs.webkit.org/show_bug.cgi?id=215942
    
    Reviewed by Darin Adler.
    
    A significant amount of time in MotionMark's Multiply subtest is spent underneath the copy constructor
    `StyleRareNonInheritedData`, and a significant amount of time underneath this copy constructor is spent copying
    the rare non-inherited data's mask (a `FillLayer`).
    
    This `FillLayer` is currently inline data in `StyleRareNonInheritedData`; to reduce the cost of copying rare
    non-inherited data, we can instead make this a `DataRef<FillLayer>`, such that copying rare data will only copy
    the reference to the `FillLayer` rather than the `FillLayer` itself.
    
    Upon mutating the `FillLayer`, we now use `DataRef::access()` to ensure that these `FillLayer`s are copied
    before writing. See below for more details.
    
    * css/makeprop.pl:
    (generateFillLayerPropertyInheritValueSetter):
    (generateFillLayerPropertyValueSetter):
    * rendering/style/FillLayer.cpp:
    (WebCore::FillLayer::create):
    (WebCore::FillLayer::FillLayer):
    
    Deeply copy the `FillLayer`'s linked list of `FillLayer`s. This preserves existing behavior, which currently
    uses `std::unique_ptr` to store the pointer to the next `FillLayer` (and therefore, requires a deep copy of the
    linked list when copying `FillLayer`).
    
    In a future patch, we could probably further optimize this as well to behave in a copy-on-write way, by turning
    the `RefPtr<FillLayer> m_next;` into an `Optional<DataRef<FillLayer>>` instead (and then use `access()` to copy
    the next `FillLayer` prior to writing).
    
    (WebCore::FillLayer::~FillLayer):
    (WebCore::FillLayer::operator=):
    * rendering/style/FillLayer.h:
    
    Make `FillLayer` ref-counted, and introduce new `create` methods for constructing `FillLayer`s. Use these
    methods in several places where we currently call the constructors directly, via `makeUnique`.
    
    (WebCore::FillLayer::copy const):
    (WebCore::FillLayer::setNext):
    * rendering/style/RenderStyle.h:
    (WebCore::RenderStyle::hasBackgroundImage const):
    (WebCore::RenderStyle::hasFixedBackgroundImage const):
    (WebCore::RenderStyle::backgroundRepeatX const):
    (WebCore::RenderStyle::backgroundRepeatY const):
    (WebCore::RenderStyle::backgroundComposite const):
    (WebCore::RenderStyle::backgroundAttachment const):
    (WebCore::RenderStyle::backgroundClip const):
    (WebCore::RenderStyle::backgroundOrigin const):
    (WebCore::RenderStyle::backgroundXPosition const):
    (WebCore::RenderStyle::backgroundYPosition const):
    (WebCore::RenderStyle::backgroundSizeType const):
    (WebCore::RenderStyle::backgroundSizeLength const):
    (WebCore::RenderStyle::ensureBackgroundLayers):
    (WebCore::RenderStyle::maskImage const):
    (WebCore::RenderStyle::maskRepeatX const):
    (WebCore::RenderStyle::maskRepeatY const):
    (WebCore::RenderStyle::maskComposite const):
    (WebCore::RenderStyle::maskClip const):
    (WebCore::RenderStyle::maskOrigin const):
    (WebCore::RenderStyle::maskXPosition const):
    (WebCore::RenderStyle::maskYPosition const):
    (WebCore::RenderStyle::maskSizeType const):
    (WebCore::RenderStyle::maskSizeLength const):
    (WebCore::RenderStyle::ensureMaskLayers):
    (WebCore::RenderStyle::hasMask const):
    (WebCore::RenderStyle::setBackgroundXPosition):
    (WebCore::RenderStyle::setBackgroundYPosition):
    (WebCore::RenderStyle::setBackgroundSize):
    (WebCore::RenderStyle::setBackgroundSizeLength):
    (WebCore::RenderStyle::clearBackgroundLayers):
    (WebCore::RenderStyle::inheritBackgroundLayers):
    (WebCore::RenderStyle::clearMaskLayers):
    (WebCore::RenderStyle::inheritMaskLayers):
    (WebCore::RenderStyle::setMaskImage):
    (WebCore::RenderStyle::setMaskXPosition):
    (WebCore::RenderStyle::setMaskYPosition):
    (WebCore::RenderStyle::setMaskSize):
    * rendering/style/StyleBackgroundData.cpp:
    (WebCore::StyleBackgroundData::StyleBackgroundData):
    (WebCore::StyleBackgroundData::dump const):
    * rendering/style/StyleBackgroundData.h:
    
    Since `FillLayer` is now ref-counted, `StyleBackgroundData::background` needs to be a `DataRef` as well.
    
    * rendering/style/StyleRareNonInheritedData.cpp:
    (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
    * rendering/style/StyleRareNonInheritedData.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-30  Wenson Hsieh  <wenson_hsieh@apple.com>

            Make StyleRareNonInheritedData::mask and StyleBackgroundData::background DataRefs
            https://bugs.webkit.org/show_bug.cgi?id=215942

            Reviewed by Darin Adler.

            A significant amount of time in MotionMark's Multiply subtest is spent underneath the copy constructor
            `StyleRareNonInheritedData`, and a significant amount of time underneath this copy constructor is spent copying
            the rare non-inherited data's mask (a `FillLayer`).

            This `FillLayer` is currently inline data in `StyleRareNonInheritedData`; to reduce the cost of copying rare
            non-inherited data, we can instead make this a `DataRef<FillLayer>`, such that copying rare data will only copy
            the reference to the `FillLayer` rather than the `FillLayer` itself.

            Upon mutating the `FillLayer`, we now use `DataRef::access()` to ensure that these `FillLayer`s are copied
            before writing. See below for more details.

            * css/makeprop.pl:
            (generateFillLayerPropertyInheritValueSetter):
            (generateFillLayerPropertyValueSetter):
            * rendering/style/FillLayer.cpp:
            (WebCore::FillLayer::create):
            (WebCore::FillLayer::FillLayer):

            Deeply copy the `FillLayer`'s linked list of `FillLayer`s. This preserves existing behavior, which currently
            uses `std::unique_ptr` to store the pointer to the next `FillLayer` (and therefore, requires a deep copy of the
            linked list when copying `FillLayer`).

            In a future patch, we could probably further optimize this as well to behave in a copy-on-write way, by turning
            the `RefPtr<FillLayer> m_next;` into an `Optional<DataRef<FillLayer>>` instead (and then use `access()` to copy
            the next `FillLayer` prior to writing).

            (WebCore::FillLayer::~FillLayer):
            (WebCore::FillLayer::operator=):
            * rendering/style/FillLayer.h:

            Make `FillLayer` ref-counted, and introduce new `create` methods for constructing `FillLayer`s. Use these
            methods in several places where we currently call the constructors directly, via `makeUnique`.

            (WebCore::FillLayer::copy const):
            (WebCore::FillLayer::setNext):
            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::hasBackgroundImage const):
            (WebCore::RenderStyle::hasFixedBackgroundImage const):
            (WebCore::RenderStyle::backgroundRepeatX const):
            (WebCore::RenderStyle::backgroundRepeatY const):
            (WebCore::RenderStyle::backgroundComposite const):
            (WebCore::RenderStyle::backgroundAttachment const):
            (WebCore::RenderStyle::backgroundClip const):
            (WebCore::RenderStyle::backgroundOrigin const):
            (WebCore::RenderStyle::backgroundXPosition const):
            (WebCore::RenderStyle::backgroundYPosition const):
            (WebCore::RenderStyle::backgroundSizeType const):
            (WebCore::RenderStyle::backgroundSizeLength const):
            (WebCore::RenderStyle::ensureBackgroundLayers):
            (WebCore::RenderStyle::maskImage const):
            (WebCore::RenderStyle::maskRepeatX const):
            (WebCore::RenderStyle::maskRepeatY const):
            (WebCore::RenderStyle::maskComposite const):
            (WebCore::RenderStyle::maskClip const):
            (WebCore::RenderStyle::maskOrigin const):
            (WebCore::RenderStyle::maskXPosition const):
            (WebCore::RenderStyle::maskYPosition const):
            (WebCore::RenderStyle::maskSizeType const):
            (WebCore::RenderStyle::maskSizeLength const):
            (WebCore::RenderStyle::ensureMaskLayers):
            (WebCore::RenderStyle::hasMask const):
            (WebCore::RenderStyle::setBackgroundXPosition):
            (WebCore::RenderStyle::setBackgroundYPosition):
            (WebCore::RenderStyle::setBackgroundSize):
            (WebCore::RenderStyle::setBackgroundSizeLength):
            (WebCore::RenderStyle::clearBackgroundLayers):
            (WebCore::RenderStyle::inheritBackgroundLayers):
            (WebCore::RenderStyle::clearMaskLayers):
            (WebCore::RenderStyle::inheritMaskLayers):
            (WebCore::RenderStyle::setMaskImage):
            (WebCore::RenderStyle::setMaskXPosition):
            (WebCore::RenderStyle::setMaskYPosition):
            (WebCore::RenderStyle::setMaskSize):
            * rendering/style/StyleBackgroundData.cpp:
            (WebCore::StyleBackgroundData::StyleBackgroundData):
            (WebCore::StyleBackgroundData::dump const):
            * rendering/style/StyleBackgroundData.h:

            Since `FillLayer` is now ref-counted, `StyleBackgroundData::background` needs to be a `DataRef` as well.

            * rendering/style/StyleRareNonInheritedData.cpp:
            (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
            * rendering/style/StyleRareNonInheritedData.h:

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266290. rdar://problem/69101142

    [iOS] Vertical text's logical width calculation is stale from the previous height of the WKWebView
    https://bugs.webkit.org/show_bug.cgi?id=215910
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    When there is vertical text (really: orthogonal flows) in the content, the available width of the vertical
    text is the height of its containing block. However, the height of the containing block (indeed: all ancestors)
    may be "auto", in which case the CSS spec says the available width of the element should be "the initial
    containing block's size."[1]
    
    Previously, we were using the FrameView's visibleHeight as this metric. However, the visibleHeight is calculated
    asynchronously, after layout, after a round-trip from the Web Process to the UI Process and back to the Web
    Process. Therefore, if content changes the WKWebView's size and the web view immediatey re-lays-out, this
    visibleHeight metric is stale from whatever the previous height of the WKWebView was. In addition, the
    visibleHeight metric isn't even supposed to be used inside layout; it's instead only supposed to be used for
    things like position: fixed elements.
    
    Instead, we should use FrameView::layoutSize(), which is set before layout to the size of the WKWebView. The
    name even indicates that it should be used for layout purposes.
    
    [1] https://drafts.csswg.org/css-writing-modes-4/#orthogonal-auto
    
    Test: WebKit.OrthogonalFlowAvailableSize
    
    * rendering/RenderBox.cpp:
    (WebCore::RenderBox::perpendicularContainingBlockLogicalHeight const):
    * rendering/RenderView.cpp:
    (WebCore::RenderView::availableLogicalHeight const):
    
    Tools:
    
    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
    * TestWebKitAPI/Tests/WebKit/OrthogonalFlowAvailableSize.mm: Added.
    (TEST):
    * TestWebKitAPI/Tests/WebKit/orthogonal-flow-available-size.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-28  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] Vertical text's logical width calculation is stale from the previous height of the WKWebView
            https://bugs.webkit.org/show_bug.cgi?id=215910

            Reviewed by Simon Fraser.

            When there is vertical text (really: orthogonal flows) in the content, the available width of the vertical
            text is the height of its containing block. However, the height of the containing block (indeed: all ancestors)
            may be "auto", in which case the CSS spec says the available width of the element should be "the initial
            containing block's size."[1]

            Previously, we were using the FrameView's visibleHeight as this metric. However, the visibleHeight is calculated
            asynchronously, after layout, after a round-trip from the Web Process to the UI Process and back to the Web
            Process. Therefore, if content changes the WKWebView's size and the web view immediatey re-lays-out, this
            visibleHeight metric is stale from whatever the previous height of the WKWebView was. In addition, the
            visibleHeight metric isn't even supposed to be used inside layout; it's instead only supposed to be used for
            things like position: fixed elements.

            Instead, we should use FrameView::layoutSize(), which is set before layout to the size of the WKWebView. The
            name even indicates that it should be used for layout purposes.

            [1] https://drafts.csswg.org/css-writing-modes-4/#orthogonal-auto

            Test: WebKit.OrthogonalFlowAvailableSize

            * rendering/RenderBox.cpp:
            (WebCore::RenderBox::perpendicularContainingBlockLogicalHeight const):
            * rendering/RenderView.cpp:
            (WebCore::RenderView::availableLogicalHeight const):

2020-09-17  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266244. rdar://problem/69101147

    REGRESSION (r264790): IndexedDB may abort transactions of in-memory databases
    https://bugs.webkit.org/show_bug.cgi?id=215855
    <rdar://problem/67418574>
    
    Reviewed by Youenn Fablet.
    
    Source/WebCore:
    
    We don't abort transactions on in-memory database before process suspension because they don't hold database
    file lock. Before r264790, only ephemeral session would use in-memory databases, so we only checked session. Now
    persistent session also uses in-memory databases for third-party storage, so we need to add another check.
    
    API test: IndexedDB.SuspendImminentlyForThirdPartyDatabases
    
    * Modules/indexeddb/server/IDBServer.cpp:
    (WebCore::IDBServer::IDBServer::stopDatabaseActivitiesOnMainThread):
    
    Tools:
    
    * TestWebKitAPI/Tests/WebKitCocoa/IndexedDBSuspendImminently.mm:
    (postResult):
    (catch):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Sihui Liu  <sihui_liu@apple.com>

            REGRESSION (r264790): IndexedDB may abort transactions of in-memory databases
            https://bugs.webkit.org/show_bug.cgi?id=215855
            <rdar://problem/67418574>

            Reviewed by Youenn Fablet.

            We don't abort transactions on in-memory database before process suspension because they don't hold database
            file lock. Before r264790, only ephemeral session would use in-memory databases, so we only checked session. Now
            persistent session also uses in-memory databases for third-party storage, so we need to add another check.

            API test: IndexedDB.SuspendImminentlyForThirdPartyDatabases

            * Modules/indexeddb/server/IDBServer.cpp:
            (WebCore::IDBServer::IDBServer::stopDatabaseActivitiesOnMainThread):

2020-09-15  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266121. rdar://problem/68949237

    [macOS] Update audio arbitration manager when audio transport changes
    https://bugs.webkit.org/show_bug.cgi?id=215781
    <rdar://problem/65920613>
    
    Reviewed by Jer Noble.
    
    Source/WebCore:
    
    No new tests, updated AudioRoutingArbitration API test.
    
    * platform/audio/AudioSession.cpp:
    (WebCore::AudioSession::audioOutputDeviceChanged): Add empty method.
    (WebCore::setIsPlayingToBluetoothOverride): Ditto.
    * platform/audio/AudioSession.h:
    
    * platform/audio/cocoa/MediaSessionManagerCocoa.h:
    * platform/audio/cocoa/MediaSessionManagerCocoa.mm:
    (WebCore::MediaSessionManagerCocoa::audioOutputDeviceChanged): Call AudioSession::audioOutputDeviceChanged.
    
    * platform/audio/mac/AudioSessionMac.mm:
    (WebCore::defaultDeviceTransportIsBluetooth): New.
    (WebCore::AudioSession::audioOutputDeviceChanged): Clear m_private->playingToBluetooth
    if bluetooth transport has changed since the last arbitration update.
    (WebCore::AudioSession::setIsPlayingToBluetoothOverride): Allow override of bluetooth
    transport for testing.
    (WebCore::AudioSession::setCategory): Update routing arbitration if audio session category
    or bluetooth transport changes.
    
    * testing/Internals.cpp:
    (WebCore::Internals::setIsPlayingToBluetoothOverride):
    * testing/Internals.h:
    * testing/Internals.idl:
    
    Source/WebKit:
    
    * UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
    * UIProcess/API/Cocoa/WKWebViewTesting.mm:
    (-[WKWebView _audioRoutingArbitrationUpdateTime]):
    
    * UIProcess/Media/AudioSessionRoutingArbitratorProxy.h:
    (WebKit::AudioSessionRoutingArbitratorProxy::arbitrationUpdateTime const):
    
    * UIProcess/Media/cocoa/AudioSessionRoutingArbitratorProxyCocoa.mm:
    (WebKit::AudioSessionRoutingArbitratorProxy::beginRoutingArbitrationWithCategory):
    
    Tools:
    
    * TestWebKitAPI/Tests/WebKitCocoa/AudioRoutingArbitration.mm:
    (AudioRoutingArbitration::statusShouldBecomeEqualTo): Add message string to help
    debugging when the test fails.
    * TestWebKitAPI/Tests/WebKitLegacy/ios/video-with-audio.html:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Eric Carlson  <eric.carlson@apple.com>

            [macOS] Update audio arbitration manager when audio transport changes
            https://bugs.webkit.org/show_bug.cgi?id=215781
            <rdar://problem/65920613>

            Reviewed by Jer Noble.

            No new tests, updated AudioRoutingArbitration API test.

            * platform/audio/AudioSession.cpp:
            (WebCore::AudioSession::audioOutputDeviceChanged): Add empty method.
            (WebCore::setIsPlayingToBluetoothOverride): Ditto.
            * platform/audio/AudioSession.h:

            * platform/audio/cocoa/MediaSessionManagerCocoa.h:
            * platform/audio/cocoa/MediaSessionManagerCocoa.mm:
            (WebCore::MediaSessionManagerCocoa::audioOutputDeviceChanged): Call AudioSession::audioOutputDeviceChanged.

            * platform/audio/mac/AudioSessionMac.mm:
            (WebCore::defaultDeviceTransportIsBluetooth): New.
            (WebCore::AudioSession::audioOutputDeviceChanged): Clear m_private->playingToBluetooth
            if bluetooth transport has changed since the last arbitration update.
            (WebCore::AudioSession::setIsPlayingToBluetoothOverride): Allow override of bluetooth
            transport for testing.
            (WebCore::AudioSession::setCategory): Update routing arbitration if audio session category
            or bluetooth transport changes.

            * testing/Internals.cpp:
            (WebCore::Internals::setIsPlayingToBluetoothOverride):
            * testing/Internals.h:
            * testing/Internals.idl:

2020-09-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266901. rdar://problem/68881000

    [Repaint] RenderLayerModelObject::styleWillChange may issue redundant repaint
    https://bugs.webkit.org/show_bug.cgi?id=216374
    <rdar://problem/68657490>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Move the repaintIncludingDescendants() calls to repaintBeforeStyleChange() to avoid redundant repaints on the same renderer.
    
    * rendering/RenderElement.cpp:
    (WebCore::RenderElement::repaintBeforeStyleChange):
    * rendering/RenderLayerModelObject.cpp:
    (WebCore::RenderLayerModelObject::styleWillChange):
    
    LayoutTests:
    
    * css3/blending/repaint/blend-mode-isolate-stacking-context-expected.txt:
    * platform/ios/css3/blending/repaint/blend-mode-isolate-stacking-context-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Zalan Bujtas  <zalan@apple.com>

            [Repaint] RenderLayerModelObject::styleWillChange may issue redundant repaint
            https://bugs.webkit.org/show_bug.cgi?id=216374
            <rdar://problem/68657490>

            Reviewed by Simon Fraser.

            Move the repaintIncludingDescendants() calls to repaintBeforeStyleChange() to avoid redundant repaints on the same renderer.

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::repaintBeforeStyleChange):
            * rendering/RenderLayerModelObject.cpp:
            (WebCore::RenderLayerModelObject::styleWillChange):

2020-09-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266844. rdar://problem/68880990

    [Cocoa] PERF: Don't instantiate AVPlayer-based audio decoders or renderers if an element is initially muted.
    https://bugs.webkit.org/show_bug.cgi?id=216299
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    When an AVPlayer is created, even if muted, it will still instantiate an audio decoder and renderer if the
    AVAsset in the current player item has an audio track. Ostensibly, this is so that an unmute operation is
    instantaneous, as it's merely applying a zero gain to the decoded audio. However for web content, there's
    many autoplaying, muted <video> elements which may never be un-muted before being destroyed.
    
    Implement a policy where, if an AVPlayer is initially muted, we adopt AVFoundation SPI to forcibly prevent
    audio decoding and rendering until the first time the AVPlayer is unmuted. This means the first un-mute may
    not be instantaneous, as an audio decoder will have to be created and fed before any audio is rendered.
    
    There's some incorrect caching of mute state at the MediaPlayer level; so MediaPlayer and MPPAVFoundationObjC
    can get their respective m_muted states out of sync. Make sure that HTMLMediaElement always sets muted state
    after creating a MediaPlayer and that, respectively, MPPAVFoundationObjC always queries it's parent MediaPlayer's
    mute state when it in turn is created.
    
    * html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::createMediaPlayer):
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted):
    
    Source/WebCore/PAL:
    
    * pal/spi/cocoa/AVFoundationSPI.h:
    
    Source/WTF:
    
    * wtf/PlatformHave.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266844 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Jer Noble  <jer.noble@apple.com>

            [Cocoa] PERF: Don't instantiate AVPlayer-based audio decoders or renderers if an element is initially muted.
            https://bugs.webkit.org/show_bug.cgi?id=216299

            Reviewed by Eric Carlson.

            When an AVPlayer is created, even if muted, it will still instantiate an audio decoder and renderer if the
            AVAsset in the current player item has an audio track. Ostensibly, this is so that an unmute operation is
            instantaneous, as it's merely applying a zero gain to the decoded audio. However for web content, there's
            many autoplaying, muted <video> elements which may never be un-muted before being destroyed.

            Implement a policy where, if an AVPlayer is initially muted, we adopt AVFoundation SPI to forcibly prevent
            audio decoding and rendering until the first time the AVPlayer is unmuted. This means the first un-mute may
            not be instantaneous, as an audio decoder will have to be created and fed before any audio is rendered.

            There's some incorrect caching of mute state at the MediaPlayer level; so MediaPlayer and MPPAVFoundationObjC
            can get their respective m_muted states out of sync. Make sure that HTMLMediaElement always sets muted state
            after creating a MediaPlayer and that, respectively, MPPAVFoundationObjC always queries it's parent MediaPlayer's
            mute state when it in turn is created.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::createMediaPlayer):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted):

2020-09-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266818. rdar://problem/68881035

    [Repaint] RenderElement::setStyle may issue redundant repaint
    https://bugs.webkit.org/show_bug.cgi?id=216324
    <rdar://problem/68595896>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    If we issue a repaint in ::styleWillChange, we should not need to re-issue it again in RenderElement::setStyle (see r266803 for details).
    
    * rendering/RenderElement.cpp:
    (WebCore::RenderElement::repaintBeforeStyleChange):
    (WebCore::RenderElement::setStyle):
    * rendering/RenderElement.h:
    
    LayoutTests:
    
    * compositing/masks/compositing-clip-path-change-no-repaint-expected.txt:
    * compositing/shared-backing/overflow-scroll/shared-layer-repaint-expected.txt:
    * fast/css-custom-paint/delay-repaint-expected.txt:
    * fast/images/async-image-multiple-clients-repaint-expected.txt:
    * fast/repaint/horizontal-bt-overflow-child-expected.txt:
    * fast/repaint/horizontal-bt-overflow-parent-expected.txt:
    * fast/repaint/horizontal-bt-overflow-same-expected.txt:
    * fast/repaint/mutate-non-visible-expected.txt:
    * fast/repaint/negative-text-indent-with-overflow-hidden-expected.txt:
    * fast/repaint/overflow-flipped-writing-mode-table-expected.txt:
    * fast/repaint/spanner-with-margin-expected.txt:
    * fast/repaint/table-row-repaint-expected.txt:
    * fast/repaint/vertical-overflow-child-expected.txt:
    * fast/repaint/vertical-overflow-parent-expected.txt:
    * fast/repaint/vertical-overflow-same-expected.txt:
    * svg/transforms/svg-transform-foreign-object-repaint-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266818 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-10  Zalan Bujtas  <zalan@apple.com>

            [Repaint] RenderElement::setStyle may issue redundant repaint
            https://bugs.webkit.org/show_bug.cgi?id=216324
            <rdar://problem/68595896>

            Reviewed by Simon Fraser.

            If we issue a repaint in ::styleWillChange, we should not need to re-issue it again in RenderElement::setStyle (see r266803 for details).

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::repaintBeforeStyleChange):
            (WebCore::RenderElement::setStyle):
            * rendering/RenderElement.h:

2020-09-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266803. rdar://problem/68881014

    [Repaint] styleWillChange may call repaint on the same renderer multiple times.
    https://bugs.webkit.org/show_bug.cgi?id=216295
    <rdar://problem/68538666>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    RenderElement::styleWillChange is a virtual function. This function is called whenever the associated RenderStyle changes.
    The subclass implementation (e.g. RenderBox::styleWillChange) calls the parent class to make sure the style change is covered properly.
    Now in certain cases,
    1. this may trigger multiple calls to repaint() (e.g one in each ::styleWillChange implementation)
    2. paint invalidation requires absolute coordinates
    3. geometry does not change during styleWillChange
    it could end up being redundant/unnecessarily expensive.
    
    This patch moves all the style-will-change-requires-repaint logic to one single function so that we can limit the number of repaints.
    
    * rendering/RenderBox.cpp:
    (WebCore::RenderBox::styleWillChange):
    * rendering/RenderElement.cpp:
    (WebCore::RenderElement::issueRepaintBeforeStyleChange):
    (WebCore::RenderElement::initializeStyle):
    (WebCore::RenderElement::setStyle):
    (WebCore::RenderElement::styleWillChange):
    * rendering/RenderElement.h:
    * rendering/RenderLayerModelObject.cpp:
    (WebCore::RenderLayerModelObject::styleWillChange):
    
    LayoutTests:
    
    * compositing/masks/compositing-clip-path-change-no-repaint-expected.txt:
    * compositing/shared-backing/overflow-scroll/shared-layer-repaint-expected.txt:
    * fast/css-custom-paint/delay-repaint-expected.txt:
    * fast/images/async-image-multiple-clients-repaint-expected.txt:
    * fast/repaint/focus-ring-repaint-expected.txt:
    * fast/repaint/horizontal-bt-overflow-child-expected.txt:
    * fast/repaint/horizontal-bt-overflow-parent-expected.txt:
    * fast/repaint/horizontal-bt-overflow-same-expected.txt:
    * fast/repaint/mutate-non-visible-expected.txt:
    * fast/repaint/negative-text-indent-with-overflow-hidden-expected.txt:
    * fast/repaint/overflow-flipped-writing-mode-table-expected.txt:
    * fast/repaint/table-row-repaint-expected.txt:
    * fast/repaint/vertical-overflow-child-expected.txt:
    * fast/repaint/vertical-overflow-parent-expected.txt:
    * fast/repaint/vertical-overflow-same-expected.txt:
    * svg/transforms/svg-transform-foreign-object-repaint-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-09  Zalan Bujtas  <zalan@apple.com>

            [Repaint] styleWillChange may call repaint on the same renderer multiple times.
            https://bugs.webkit.org/show_bug.cgi?id=216295
            <rdar://problem/68538666>

            Reviewed by Simon Fraser.

            RenderElement::styleWillChange is a virtual function. This function is called whenever the associated RenderStyle changes.
            The subclass implementation (e.g. RenderBox::styleWillChange) calls the parent class to make sure the style change is covered properly.
            Now in certain cases,
            1. this may trigger multiple calls to repaint() (e.g one in each ::styleWillChange implementation)
            2. paint invalidation requires absolute coordinates
            3. geometry does not change during styleWillChange
            it could end up being redundant/unnecessarily expensive.

            This patch moves all the style-will-change-requires-repaint logic to one single function so that we can limit the number of repaints.

            * rendering/RenderBox.cpp:
            (WebCore::RenderBox::styleWillChange):
            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::issueRepaintBeforeStyleChange):
            (WebCore::RenderElement::initializeStyle):
            (WebCore::RenderElement::setStyle):
            (WebCore::RenderElement::styleWillChange):
            * rendering/RenderElement.h:
            * rendering/RenderLayerModelObject.cpp:
            (WebCore::RenderLayerModelObject::styleWillChange):

2020-09-14  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266797. rdar://problem/68881018

    Move lazy DisplayLink tear down logic from the WebProcess to the UIProcess
    https://bugs.webkit.org/show_bug.cgi?id=216195
    
    Reviewed by Simon Fraser.
    
    Move lazy DisplayLink tear down logic from the WebProcess to the UIProcess, now that the
    DisplayLink has been moved to the UIProcess due to sandboxing.
    
    After a DisplayLink no longer has any clients, we keep it firing up to 20 times without
    any clients in case a new client gets added shortly after. The idea was to avoid killing
    and respawning too many threads when adding and removing clients in quick succession.
    However, now that the DisplayLink lives in the UIProcess side and sends IPC to the
    WebProcesses every time it fires, it makes a lot more sense to implement this logic in
    the UIProcess side, to avoid sending unnecessary IPC to processes that do not care about
    it.
    
    Source/WebCore:
    
    * platform/graphics/DisplayRefreshMonitor.cpp:
    (WebCore::DisplayRefreshMonitor::displayDidRefresh):
    * platform/graphics/DisplayRefreshMonitor.h:
    (WebCore::DisplayRefreshMonitor::shouldBeTerminated const):
    
    Source/WebKit:
    
    * UIProcess/mac/DisplayLink.cpp:
    (WebKit::DisplayLink::addObserver):
    (WebKit::DisplayLink::removeObserver):
    (WebKit::DisplayLink::removeObservers):
    (WebKit::DisplayLink::displayLinkCallback):
    (WebKit::DisplayLink::hasObservers const): Deleted.
    * UIProcess/mac/DisplayLink.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-09  Chris Dumez  <cdumez@apple.com>

            Move lazy DisplayLink tear down logic from the WebProcess to the UIProcess
            https://bugs.webkit.org/show_bug.cgi?id=216195

            Reviewed by Simon Fraser.

            Move lazy DisplayLink tear down logic from the WebProcess to the UIProcess, now that the
            DisplayLink has been moved to the UIProcess due to sandboxing.

            After a DisplayLink no longer has any clients, we keep it firing up to 20 times without
            any clients in case a new client gets added shortly after. The idea was to avoid killing
            and respawning too many threads when adding and removing clients in quick succession.
            However, now that the DisplayLink lives in the UIProcess side and sends IPC to the
            WebProcesses every time it fires, it makes a lot more sense to implement this logic in
            the UIProcess side, to avoid sending unnecessary IPC to processes that do not care about
            it.

            * platform/graphics/DisplayRefreshMonitor.cpp:
            (WebCore::DisplayRefreshMonitor::displayDidRefresh):
            * platform/graphics/DisplayRefreshMonitor.h:
            (WebCore::DisplayRefreshMonitor::shouldBeTerminated const):

2020-09-11  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266743. rdar://problem/68652752

    iOS: <attachment>'s QuickLook thumbnails can appear squished
    https://bugs.webkit.org/show_bug.cgi?id=216209
    <rdar://problem/67817706>
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    Test: fast/attachment/attachment-thumbnail-preserves-aspect-ratio.html
    
    * html/HTMLAttachmentElement.idl:
    * testing/Internals.cpp:
    (WebCore::Internals::attachmentThumbnailInfo):
    * testing/Internals.h:
    * testing/Internals.idl:
    Expose the attachment thumbnail size via Internals.
    
    * rendering/RenderThemeIOS.mm:
    (WebCore::RenderAttachmentInfo::RenderAttachmentInfo):
    Allow the thumbnail aspect ratio to vary, instead of assuming it is always square.
    
    Source/WebKit:
    
    * UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::convertPlatformImageToBitmap):
    Propagate an image of the same aspect ratio that QuickLook provided,
    instead of squishing it to square.
    
    * UIProcess/QuickLookThumbnailLoader.mm:
    (-[WKQLThumbnailLoadOperation start]):
    Only request full thumbnails; we do not want the icon form, since <attachment>
    already has one without QuickLook's help; if we can't get a full thumbnail,
    we'll just leave it alone.
    
    Tools:
    
    * TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
    * TestRunnerShared/UIScriptContext/UIScriptController.h:
    (WTR::UIScriptController::insertAttachmentForFilePath):
    * WebKitTestRunner/TestController.cpp:
    (WTR::TestController::currentTestURL const):
    * WebKitTestRunner/TestController.h:
    * WebKitTestRunner/cocoa/UIScriptControllerCocoa.h:
    * WebKitTestRunner/cocoa/UIScriptControllerCocoa.mm:
    (WTR::UIScriptControllerCocoa::insertAttachmentForFilePath):
    Make it possible to insert an attachment wrapping a file on disk
    via UIScriptController.
    
    LayoutTests:
    
    * fast/attachment/attachment-thumbnail-preserves-aspect-ratio-expected.txt: Added.
    * fast/attachment/attachment-thumbnail-preserves-aspect-ratio.html: Added.
    * fast/attachment/resources/400x200-circle.png: Added.
    * platform/ios/fast/attachment/attachment-thumbnail-preserves-aspect-ratio-expected.txt: Added.
    * resources/ui-helper.js:
    (window.UIHelper.insertAttachmentForFilePath):
    Add a test that dumps the thumbnail size for a 400x200 attachment.
    We only run it on iOS, because on macOS, QuickLook always returns
    an image of the size we ask for (400x400), padded with whitespace,
    so the problem does not reproduce and the test doesn't work right there.
    On iOS, the result used to be 400x400 and now is 400x200.
    
    I tried and failed to make a more useful test (a ref test, actually
    testing the presentation) because it's quite hard to match the
    native <attachment> painting.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266743 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-08  Tim Horton  <timothy_horton@apple.com>

            iOS: <attachment>'s QuickLook thumbnails can appear squished
            https://bugs.webkit.org/show_bug.cgi?id=216209
            <rdar://problem/67817706>

            Reviewed by Wenson Hsieh.

            Test: fast/attachment/attachment-thumbnail-preserves-aspect-ratio.html

            * html/HTMLAttachmentElement.idl:
            * testing/Internals.cpp:
            (WebCore::Internals::attachmentThumbnailInfo):
            * testing/Internals.h:
            * testing/Internals.idl:
            Expose the attachment thumbnail size via Internals.

            * rendering/RenderThemeIOS.mm:
            (WebCore::RenderAttachmentInfo::RenderAttachmentInfo):
            Allow the thumbnail aspect ratio to vary, instead of assuming it is always square.

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266717. rdar://problem/68652576

    Comparing styles with large but identical custom property maps is slow
    https://bugs.webkit.org/show_bug.cgi?id=216241
    <rdar://problem/67946605>
    
    Reviewed by Darin Adler.
    
    In a full style rebuild we lose sharing of equal StyleCustomPropertyDatas between the old and the new style.
    Custom properties are usually defined in document element and this lack of sharing inherits to all elements.
    Without sharing equality comparisons end up requiring deep comparisons, which can be slow if there are thousands of properties.
    
    Fix by deduplicating identical property maps between the old the new style. All the descendants that inherit the properties will
    now be cheap to compare.
    
    The patch also contains some other basic custom property optimizations.
    
    Going to full screen and back on youtube, this patch reduces time in the longest style update from ~460ms to ~90ms.
    
    * css/CSSCustomPropertyValue.cpp:
    (WebCore::CSSCustomPropertyValue::equals const):
    
    Check for pointer equality first.
    
    * rendering/style/RenderStyle.cpp:
    (WebCore::RenderStyle::deduplicateInheritedCustomProperties):
    
    Deduplicate if the properties are equal but not shared.
    
    (WebCore::RenderStyle::setInheritedCustomPropertyValue):
    (WebCore::RenderStyle::setNonInheritedCustomPropertyValue):
    
    Check if the value is already in the map before triggering copy-on-write.
    
    * rendering/style/RenderStyle.h:
    (WebCore::RenderStyle::setInheritedCustomPropertyValue): Deleted.
    (WebCore::RenderStyle::setNonInheritedCustomPropertyValue): Deleted.
    * style/StyleBuilder.cpp:
    (WebCore::Style::Builder::applyCustomProperty):
    
    Don't create unnecesary copies of CSSCustomPropertyValue.
    
    * style/StyleTreeResolver.cpp:
    (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
    
    Try to deduplicate before comparing the styles.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266717 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-08  Antti Koivisto  <antti@apple.com>

            Comparing styles with large but identical custom property maps is slow
            https://bugs.webkit.org/show_bug.cgi?id=216241
            <rdar://problem/67946605>

            Reviewed by Darin Adler.

            In a full style rebuild we lose sharing of equal StyleCustomPropertyDatas between the old and the new style.
            Custom properties are usually defined in document element and this lack of sharing inherits to all elements.
            Without sharing equality comparisons end up requiring deep comparisons, which can be slow if there are thousands of properties.

            Fix by deduplicating identical property maps between the old the new style. All the descendants that inherit the properties will
            now be cheap to compare.

            The patch also contains some other basic custom property optimizations.

            Going to full screen and back on youtube, this patch reduces time in the longest style update from ~460ms to ~90ms.

            * css/CSSCustomPropertyValue.cpp:
            (WebCore::CSSCustomPropertyValue::equals const):

            Check for pointer equality first.

            * rendering/style/RenderStyle.cpp:
            (WebCore::RenderStyle::deduplicateInheritedCustomProperties):

            Deduplicate if the properties are equal but not shared.

            (WebCore::RenderStyle::setInheritedCustomPropertyValue):
            (WebCore::RenderStyle::setNonInheritedCustomPropertyValue):

            Check if the value is already in the map before triggering copy-on-write.

            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::setInheritedCustomPropertyValue): Deleted.
            (WebCore::RenderStyle::setNonInheritedCustomPropertyValue): Deleted.
            * style/StyleBuilder.cpp:
            (WebCore::Style::Builder::applyCustomProperty):

            Don't create unnecesary copies of CSSCustomPropertyValue.

            * style/StyleTreeResolver.cpp:
            (WebCore::Style::TreeResolver::createAnimatedElementUpdate):

            Try to deduplicate before comparing the styles.

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266705. rdar://problem/68652668

    Add memory cache with/without validation to logResourceResponseSource
    https://bugs.webkit.org/show_bug.cgi?id=216244
    <rdar://problem/64184239>
    
    Patch by Alex Christensen <achristensen@webkit.org> on 2020-09-07
    Reviewed by Darin Adler.
    
    * loader/ResourceLoader.cpp:
    (WebCore::logResourceResponseSource):
    * page/DiagnosticLoggingKeys.cpp:
    (WebCore::DiagnosticLoggingKeys::memoryCacheKey):
    (WebCore::DiagnosticLoggingKeys::memoryCacheAfterValidationKey):
    * page/DiagnosticLoggingKeys.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266705 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-07  Alex Christensen  <achristensen@webkit.org>

            Add memory cache with/without validation to logResourceResponseSource
            https://bugs.webkit.org/show_bug.cgi?id=216244
            <rdar://problem/64184239>

            Reviewed by Darin Adler.

            * loader/ResourceLoader.cpp:
            (WebCore::logResourceResponseSource):
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::memoryCacheKey):
            (WebCore::DiagnosticLoggingKeys::memoryCacheAfterValidationKey):
            * page/DiagnosticLoggingKeys.h:

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266664. rdar://problem/68652524

    REGRESSION (r260571): Scrolling on weather.com in Safari causes the gradient background to flicker (fixed backgrounds)
    https://bugs.webkit.org/show_bug.cgi?id=216192
    <rdar://problem/68192010>
    
    Reviewed by Tim Horton.
    
    If a page has slow-scrolling reasons, like background-attachment:fixed on a non-root element,
    then we should never update layer positions on the scrolling thread, since this results
    in scroll position being out of sync with the painted background position.
    
    * page/scrolling/ThreadedScrollingTree.cpp:
    (WebCore::ThreadedScrollingTree::canUpdateLayersOnScrollingThread const):
    (WebCore::ThreadedScrollingTree::waitForRenderingUpdateCompletionOrTimeout):
    (WebCore::ThreadedScrollingTree::delayedRenderingUpdateDetectionTimerFired):
    (WebCore::ThreadedScrollingTree::displayDidRefreshOnScrollingThread):
    * page/scrolling/ThreadedScrollingTree.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266664 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-04  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r260571): Scrolling on weather.com in Safari causes the gradient background to flicker (fixed backgrounds)
            https://bugs.webkit.org/show_bug.cgi?id=216192
            <rdar://problem/68192010>

            Reviewed by Tim Horton.

            If a page has slow-scrolling reasons, like background-attachment:fixed on a non-root element,
            then we should never update layer positions on the scrolling thread, since this results
            in scroll position being out of sync with the painted background position.

            * page/scrolling/ThreadedScrollingTree.cpp:
            (WebCore::ThreadedScrollingTree::canUpdateLayersOnScrollingThread const):
            (WebCore::ThreadedScrollingTree::waitForRenderingUpdateCompletionOrTimeout):
            (WebCore::ThreadedScrollingTree::delayedRenderingUpdateDetectionTimerFired):
            (WebCore::ThreadedScrollingTree::displayDidRefreshOnScrollingThread):
            * page/scrolling/ThreadedScrollingTree.h:

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266635. rdar://problem/68652685

    [Cocoa,EME] -outputObscuredDueToInsufficientExternalProtection KVO will set OutputObscured for all attached MediaKeySessions.
    https://bugs.webkit.org/show_bug.cgi?id=216185
    
    Reviewed by Eric Carlson.
    
    When EME clients add licenses that have, for instance, different HDCP level requirements, the keyStatus for
    each key in the Session (and indeed all attached MediaKeySessions) will be marked as OutputRestricted, since
    it is impossible to tell from that KVO which key or session was responsible for creating the violation.
    
    On platforms where the more granular -willOutputBeObscuredDueToInsufficientExternalProtectionForDisplays: query
    is available, ignore the KVO from AVSampleBufferDisplayLayer, and rely entirely on the per-request query to
    determine key status.
    
    Drive-by fix: add logging when we receive the -outputObscuredDueToInsufficientExternalProtection KVO notification, and
    include keyIDs in the keyStatus logging.
    
    * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WTF::LogArgument<WebCore::CDMInstanceFairPlayStreamingAVFObjC::Keys>::toString):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyStatuses const):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::outputObscuredDueToInsufficientExternalProtectionChanged):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyRequestHasInsufficientProtectionForDisplayID const):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266635 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-04  Jer Noble  <jer.noble@apple.com>

            [Cocoa,EME] -outputObscuredDueToInsufficientExternalProtection KVO will set OutputObscured for all attached MediaKeySessions.
            https://bugs.webkit.org/show_bug.cgi?id=216185

            Reviewed by Eric Carlson.

            When EME clients add licenses that have, for instance, different HDCP level requirements, the keyStatus for
            each key in the Session (and indeed all attached MediaKeySessions) will be marked as OutputRestricted, since
            it is impossible to tell from that KVO which key or session was responsible for creating the violation.

            On platforms where the more granular -willOutputBeObscuredDueToInsufficientExternalProtectionForDisplays: query
            is available, ignore the KVO from AVSampleBufferDisplayLayer, and rely entirely on the per-request query to
            determine key status.

            Drive-by fix: add logging when we receive the -outputObscuredDueToInsufficientExternalProtection KVO notification, and
            include keyIDs in the keyStatus logging.

            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
            (WTF::LogArgument<WebCore::CDMInstanceFairPlayStreamingAVFObjC::Keys>::toString):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyStatuses const):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::outputObscuredDueToInsufficientExternalProtectionChanged):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyRequestHasInsufficientProtectionForDisplayID const):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266526. rdar://problem/68652615

    Consecutive requestAnimationFrame callbacks may be passed the same timestamp
    https://bugs.webkit.org/show_bug.cgi?id=216122
    <rdar://problem/68269445>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Test: fast/animation/request-animation-frame-unique-timestamp.html
    
    Ensure that the page only sees increasing timestamps in requestAnimationFrame() callbacks.
    
    * dom/ScriptedAnimationController.cpp:
    (WebCore::ScriptedAnimationController::shouldRescheduleRequestAnimationFrame const):
    
    LayoutTests:
    
    Add a test that two subsequent animation frames as identified via requestAnimationFrame() callbacks
    are provided increasing timestamps.
    
    Also removing flaky expectation for two WPT animations tests which pass reliably after this fix.
    
    * fast/animation/request-animation-frame-unique-timestamp-expected.txt: Added.
    * fast/animation/request-animation-frame-unique-timestamp.html: Added.
    * platform/mac-wk2/TestExpectations:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-03  Antoine Quint  <graouts@webkit.org>

            Consecutive requestAnimationFrame callbacks may be passed the same timestamp
            https://bugs.webkit.org/show_bug.cgi?id=216122
            <rdar://problem/68269445>

            Reviewed by Simon Fraser.

            Test: fast/animation/request-animation-frame-unique-timestamp.html

            Ensure that the page only sees increasing timestamps in requestAnimationFrame() callbacks.

            * dom/ScriptedAnimationController.cpp:
            (WebCore::ScriptedAnimationController::shouldRescheduleRequestAnimationFrame const):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266485. rdar://problem/68652729

    iPad + Trackpad: JW Library highlighting and edit menus don't appear
    https://bugs.webkit.org/show_bug.cgi?id=216086
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    * platform/RuntimeApplicationChecks.h:
    * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
    (WebCore::IOSApplication::isJWLibrary):
    
    Source/WebKit:
    
    * UIProcess/ios/WKContentViewInteraction.mm:
    (applicationIsKnownToIgnoreMouseEvents):
    Add JW Library to the list.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-02  Timothy Horton  <timothy_horton@apple.com>

            iPad + Trackpad: JW Library highlighting and edit menus don't appear
            https://bugs.webkit.org/show_bug.cgi?id=216086

            Reviewed by Wenson Hsieh.

            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isJWLibrary):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266470. rdar://problem/68652453

    REGRESSION (r264661): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeserializer
    https://bugs.webkit.org/show_bug.cgi?id=215835
    
    Reviewed by Youenn Fablet.
    
    Partially revert r264661 as there are cases, other than our previous IDB, where we may not use JSDOMGlobalObject
    for serialization and deserialization, like the one showed in the crashlog. Therefore, we still need the check
    for JSDOMGlobalObject.
    
    API Test: WebKit.EvaluateJavaScriptThatCreatesBlob
    
    * bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneDeserializer::CloneDeserializer):
    (WebCore::CloneDeserializer::readFile):
    (WebCore::CloneDeserializer::readRTCCertificate):
    (WebCore::CloneDeserializer::readTerminal):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-02  Sihui Liu  <sihui_liu@apple.com>

            REGRESSION (r264661): Crashes in WebCore::wrap<WebCore::Blob> in CloneDeserializer
            https://bugs.webkit.org/show_bug.cgi?id=215835

            Reviewed by Youenn Fablet.

            Partially revert r264661 as there are cases, other than our previous IDB, where we may not use JSDOMGlobalObject
            for serialization and deserialization, like the one showed in the crashlog. Therefore, we still need the check
            for JSDOMGlobalObject.

            API Test: WebKit.EvaluateJavaScriptThatCreatesBlob

            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneDeserializer::CloneDeserializer):
            (WebCore::CloneDeserializer::readFile):
            (WebCore::CloneDeserializer::readRTCCertificate):
            (WebCore::CloneDeserializer::readTerminal):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266454. rdar://problem/68652810

    Safari is not able to hear audio when using WebRTC in multiple tabs
    https://bugs.webkit.org/show_bug.cgi?id=215270
    <rdar://problem/66736746>
    
    Reviewed by Eric Carlson.
    
    Covered by manually testing that audio continues when two pages in the same process create a peer connection,
    one plays audio with WebRTC and the second one is closed.
    Before the patch, the closing page would stop the audio device module, even though the first page would like the module to continue playing.
    Fix this by creating an audio module per page instead of process wide.
    
    * platform/mediastream/libwebrtc/LibWebRTCAudioModule.h:
    * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
    (WebCore::initializePeerConnectionFactoryAndThreads):
    (WebCore::LibWebRTCProvider::factory):
    (WebCore::LibWebRTCProvider::createPeerConnectionFactory):
    * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-02  Youenn Fablet  <youenn@apple.com>

            Safari is not able to hear audio when using WebRTC in multiple tabs
            https://bugs.webkit.org/show_bug.cgi?id=215270
            <rdar://problem/66736746>

            Reviewed by Eric Carlson.

            Covered by manually testing that audio continues when two pages in the same process create a peer connection,
            one plays audio with WebRTC and the second one is closed.
            Before the patch, the closing page would stop the audio device module, even though the first page would like the module to continue playing.
            Fix this by creating an audio module per page instead of process wide.

            * platform/mediastream/libwebrtc/LibWebRTCAudioModule.h:
            * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
            (WebCore::initializePeerConnectionFactoryAndThreads):
            (WebCore::LibWebRTCProvider::factory):
            (WebCore::LibWebRTCProvider::createPeerConnectionFactory):
            * platform/mediastream/libwebrtc/LibWebRTCProvider.h:

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266443. rdar://problem/68652756

    REGRESSION(r262366): MotionMark1.1 | macOS | Some devices | 1-3% overall regression
    https://bugs.webkit.org/show_bug.cgi?id=215989
    <rdar://problem/66845937>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    The new approach to compositing WebGL caused a slowdown in some
    canvas performance tests. They were notifying the Document
    of all drawing commands, even on 2d canvases that didn't need
    to prepare before compositing.
    
    The solution is to only add the Document as an observer
    when necessary. This recovers the performance hit - measured
    using the Canvas Lines MotionMark test.
    
    Tests: fast/canvas/webgl/move-canvas-in-document-while-clean.html
           fast/canvas/webgl/move-canvas-in-document.html
    
    * dom/Document.cpp:
    (WebCore::Document::prepareCanvasesForDisplayIfNeeded): Leave a FIXME
    indicating that we should try to avoid the copyToVector if we
    can ensure that the prepareForDisplay call will not mutate the HashSet.
    
    * html/CanvasBase.cpp: Remove some copyToVector calls. It should be
    fine to iterate over the HashSet for these notification functions.
    (WebCore::CanvasBase::notifyObserversCanvasChanged):
    (WebCore::CanvasBase::notifyObserversCanvasResized):
    
    * html/HTMLCanvasElement.cpp:
    (WebCore::HTMLCanvasElement::HTMLCanvasElement): Don't add the Document as
    a canvas observer. Wait until we know it is a context that needs observing.
    (WebCore::HTMLCanvasElement::createContextWebGL): Now we can add it as an
    observer.
    (WebCore::HTMLCanvasElement::didMoveToNewDocument): Swap observation to the new
    Document.
    (WebCore::HTMLCanvasElement::insertedIntoAncestor): Ditto, but also be aware that
    we might be in a "dirty" state, and thus need to immediately tell the new
    document that the canvas needs preparation.
    (WebCore::HTMLCanvasElement::removedFromAncestor): Remove the observer.
    (WebCore::HTMLCanvasElement::needsPreparationForDisplay): Use a virtual function
    on the context instead of checking the type.
    (WebCore::HTMLCanvasElement::prepareForDisplay): Ditto.
    
    * html/canvas/CanvasRenderingContext.h: New virtual functions to avoid type checking
    in HTMLCanvasElement.
    (WebCore::CanvasRenderingContext::compositingResultsNeedUpdating const):
    (WebCore::CanvasRenderingContext::needsPreparationForDisplay const):
    (WebCore::CanvasRenderingContext::prepareForDisplay):
    
    * html/canvas/WebGLRenderingContextBase.cpp: Implementations of the virtual functions
    that tell HTMLCanvasElement that it needs to prepareForDisplay.
    (WebCore::WebGLRenderingContextBase::markContextChanged):
    (WebCore::WebGLRenderingContextBase::markContextChangedAndNotifyCanvasObserver):
    (WebCore::WebGLRenderingContextBase::didComposite):
    * html/canvas/WebGLRenderingContextBase.h:
    
    LayoutTests:
    
    * fast/canvas/webgl/move-canvas-in-document-expected.html: Added.
    * fast/canvas/webgl/move-canvas-in-document-while-clean-expected.html: Added.
    * fast/canvas/webgl/move-canvas-in-document-while-clean.html: Added.
    * fast/canvas/webgl/move-canvas-in-document.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-01  Dean Jackson  <dino@apple.com>

            REGRESSION(r262366): MotionMark1.1 | macOS | Some devices | 1-3% overall regression
            https://bugs.webkit.org/show_bug.cgi?id=215989
            <rdar://problem/66845937>

            Reviewed by Darin Adler.

            The new approach to compositing WebGL caused a slowdown in some
            canvas performance tests. They were notifying the Document
            of all drawing commands, even on 2d canvases that didn't need
            to prepare before compositing.

            The solution is to only add the Document as an observer
            when necessary. This recovers the performance hit - measured
            using the Canvas Lines MotionMark test.

            Tests: fast/canvas/webgl/move-canvas-in-document-while-clean.html
                   fast/canvas/webgl/move-canvas-in-document.html

            * dom/Document.cpp:
            (WebCore::Document::prepareCanvasesForDisplayIfNeeded): Leave a FIXME
            indicating that we should try to avoid the copyToVector if we
            can ensure that the prepareForDisplay call will not mutate the HashSet.

            * html/CanvasBase.cpp: Remove some copyToVector calls. It should be
            fine to iterate over the HashSet for these notification functions.
            (WebCore::CanvasBase::notifyObserversCanvasChanged):
            (WebCore::CanvasBase::notifyObserversCanvasResized):

            * html/HTMLCanvasElement.cpp:
            (WebCore::HTMLCanvasElement::HTMLCanvasElement): Don't add the Document as
            a canvas observer. Wait until we know it is a context that needs observing.
            (WebCore::HTMLCanvasElement::createContextWebGL): Now we can add it as an
            observer.
            (WebCore::HTMLCanvasElement::didMoveToNewDocument): Swap observation to the new
            Document.
            (WebCore::HTMLCanvasElement::insertedIntoAncestor): Ditto, but also be aware that
            we might be in a "dirty" state, and thus need to immediately tell the new
            document that the canvas needs preparation.
            (WebCore::HTMLCanvasElement::removedFromAncestor): Remove the observer.
            (WebCore::HTMLCanvasElement::needsPreparationForDisplay): Use a virtual function
            on the context instead of checking the type.
            (WebCore::HTMLCanvasElement::prepareForDisplay): Ditto.

            * html/canvas/CanvasRenderingContext.h: New virtual functions to avoid type checking
            in HTMLCanvasElement.
            (WebCore::CanvasRenderingContext::compositingResultsNeedUpdating const):
            (WebCore::CanvasRenderingContext::needsPreparationForDisplay const):
            (WebCore::CanvasRenderingContext::prepareForDisplay):

            * html/canvas/WebGLRenderingContextBase.cpp: Implementations of the virtual functions
            that tell HTMLCanvasElement that it needs to prepareForDisplay.
            (WebCore::WebGLRenderingContextBase::markContextChanged):
            (WebCore::WebGLRenderingContextBase::markContextChangedAndNotifyCanvasObserver):
            (WebCore::WebGLRenderingContextBase::didComposite):
            * html/canvas/WebGLRenderingContextBase.h:

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266410. rdar://problem/68652625

    <video> element prevents screen from sleeping even after playback finishes
    https://bugs.webkit.org/show_bug.cgi?id=216017
    <rdar://problem/66665846>
    
    Reviewed by Darin Adler.
    
    When video playback would finish (due to reaching end of file), HTMLMediaElement::mediaPlayerRateChanged()
    would get called, which would call updateSleepDisabling(). The idea was that updateSleepDisabling() would
    destroy the SleepDisabler to allow the display to sleep again. However, updateSleepDisabling() would not
    destroy the SleepDisabler because it does not know yet that the media has been paused. We only learned
    about it later on, when MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange() gets called.
    To address the problem, we now call updateSleepDisabling() when
    MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange() is called too.
    
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-01  Chris Dumez  <cdumez@apple.com>

            <video> element prevents screen from sleeping even after playback finishes
            https://bugs.webkit.org/show_bug.cgi?id=216017
            <rdar://problem/66665846>

            Reviewed by Darin Adler.

            When video playback would finish (due to reaching end of file), HTMLMediaElement::mediaPlayerRateChanged()
            would get called, which would call updateSleepDisabling(). The idea was that updateSleepDisabling() would
            destroy the SleepDisabler to allow the display to sleep again. However, updateSleepDisabling() would not
            destroy the SleepDisabler because it does not know yet that the media has been paused. We only learned
            about it later on, when MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange() gets called.
            To address the problem, we now call updateSleepDisabling() when
            MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange() is called too.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::timeControlStatusDidChange):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266407. rdar://problem/68652645

    Some apps linked beyond iOS 13.4 don't respect mouse events, only touch events
    https://bugs.webkit.org/show_bug.cgi?id=216021
    <rdar://problem/64830335>
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    * platform/RuntimeApplicationChecks.h:
    * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
    (WebCore::IOSApplication::isFIFACompanion):
    (WebCore::IOSApplication::isNoggin):
    (WebCore::IOSApplication::isOKCupid):
    Add some more bundle checks.
    
    Source/WebKit:
    
    * UIProcess/Cocoa/VersionChecks.h:
    * UIProcess/ios/WKContentViewInteraction.mm:
    (applicationIsKnownToIgnoreMouseEvents):
    (-[WKContentView shouldUseMouseGestureRecognizer]):
    Remove Feedly from the list, they are no longer affected.
    Add a once-per-app-launch error-level log message to warn developers
    of the impending behavior change.
    Add three new apps with a later linked-on target.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-01  Tim Horton  <timothy_horton@apple.com>

            Some apps linked beyond iOS 13.4 don't respect mouse events, only touch events
            https://bugs.webkit.org/show_bug.cgi?id=216021
            <rdar://problem/64830335>

            Reviewed by Wenson Hsieh.

            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isFIFACompanion):
            (WebCore::IOSApplication::isNoggin):
            (WebCore::IOSApplication::isOKCupid):
            Add some more bundle checks.

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266405. rdar://problem/68652679

    Crashtracer in SubresourceLoader::didCancel.
    <rdar://problem/32831629> and https://bugs.webkit.org/show_bug.cgi?id=216020
    
    Reviewed by Alex Christensen.
    
    No new tests (Despite spotting theoretical ways this is possible, unable to construct a reproduction)
    
    It's possible for a newly created SubresourceLoader to be cancelled right after creation.
    In this case, m_resource will be null inside of SubresourceLoader::didCancel.
    
    Other parts of SubresourceLoader null check m_resource, so it's reasonable to state ::didCancel should as well.
    
    * loader/SubresourceLoader.cpp:
    (WebCore::SubresourceLoader::didCancel): Early return if reachedTerminalState(), and ASSERT(m_resource) after.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-01  Brady Eidson  <beidson@apple.com>

            Crashtracer in SubresourceLoader::didCancel.
            <rdar://problem/32831629> and https://bugs.webkit.org/show_bug.cgi?id=216020

            Reviewed by Alex Christensen.

            No new tests (Despite spotting theoretical ways this is possible, unable to construct a reproduction)

            It's possible for a newly created SubresourceLoader to be cancelled right after creation.
            In this case, m_resource will be null inside of SubresourceLoader::didCancel.

            Other parts of SubresourceLoader null check m_resource, so it's reasonable to state ::didCancel should as well.

            * loader/SubresourceLoader.cpp:
            (WebCore::SubresourceLoader::didCancel): Early return if reachedTerminalState(), and ASSERT(m_resource) after.

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266403. rdar://problem/68652439

    EventRegion paint should respect layer's foreground and background painting phases
    https://bugs.webkit.org/show_bug.cgi?id=216031
    <rdar://problem/67282372>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    We are currently painting event region for the box background to the foreground layer, which can cause
    foreground layer to wrongly catch scroll events. Similarly we are unnecessarily painting foreground for
    layers that don't need it.
    
    Test: fast/scrolling/mac/negative-z-index-overflow-scroll.html
    
    * rendering/PaintPhase.h:
    
    Add two new event region specific PaintBehaviors for foreground and background paint. This essentially duplicates
    foreground/background PaintPhases but since event region paint is itself a paint phase we can't use those.
    This should be reconciled at some point.
    
    * rendering/RenderBlock.cpp:
    (WebCore::RenderBlock::paintContents):
    
    Add the background flag when painting contents as the descendant backgrounds are part of the layer foreground.
    
    (WebCore::RenderBlock::paintObject):
    
    Respect the new flags.
    
    * rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::paintLayerContents):
    
    Setup the flags based on what we are supposed to be painting on this layer.
    
    (WebCore::RenderLayer::collectEventRegionForFragments):
    
    Flag filtering moves to paintLayerContents.
    
    LayoutTests:
    
    * editing/editable-region/text-field-inside-composited-negative-z-index-layer-expected.txt:
    * fast/scrolling/mac/negative-z-index-overflow-scroll-expected.txt: Added.
    * fast/scrolling/mac/negative-z-index-overflow-scroll.html: Added.
    * pointerevents/ios/touch-action-none-relative-inside-composited-negative-z-index-layer-expected.txt:
    * pointerevents/ios/touch-action-region-backing-sharing-expected.txt:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-01  Antti Koivisto  <antti@apple.com>

            EventRegion paint should respect layer's foreground and background painting phases
            https://bugs.webkit.org/show_bug.cgi?id=216031
            <rdar://problem/67282372>

            Reviewed by Simon Fraser.

            We are currently painting event region for the box background to the foreground layer, which can cause
            foreground layer to wrongly catch scroll events. Similarly we are unnecessarily painting foreground for
            layers that don't need it.

            Test: fast/scrolling/mac/negative-z-index-overflow-scroll.html

            * rendering/PaintPhase.h:

            Add two new event region specific PaintBehaviors for foreground and background paint. This essentially duplicates
            foreground/background PaintPhases but since event region paint is itself a paint phase we can't use those.
            This should be reconciled at some point.

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::paintContents):

            Add the background flag when painting contents as the descendant backgrounds are part of the layer foreground.

            (WebCore::RenderBlock::paintObject):

            Respect the new flags.

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::paintLayerContents):

            Setup the flags based on what we are supposed to be painting on this layer.

            (WebCore::RenderLayer::collectEventRegionForFragments):

            Flag filtering moves to paintLayerContents.

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266336. rdar://problem/68652585

    REGRESSION (r266262): Scroll latching fails when scrolling into a preventDefault() region
    https://bugs.webkit.org/show_bug.cgi?id=215988
    <rdar://problem/68034716>
    
    Reviewed by Tim Horton.
    Source/WebCore:
    
    In r266262 ScrollingTreeLatchingController started to consult the "last handled wheel event"
    time when deciding whether to use the latched node, but we didn't update this timestamp when
    handling an event on the latched node, on the scrolling thread. So fix that.
    
    Test: fast/scrolling/latching/latched-scroll-into-nonfast-region.html
    
    * page/scrolling/ScrollingTree.cpp:
    (WebCore::ScrollingTree::handleWheelEvent):
    
    LayoutTests:
    
    * fast/scrolling/latching/latched-scroll-into-nonfast-region-expected.txt: Added.
    * fast/scrolling/latching/latched-scroll-into-nonfast-region.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-30  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r266262): Scroll latching fails when scrolling into a preventDefault() region
            https://bugs.webkit.org/show_bug.cgi?id=215988
            <rdar://problem/68034716>

            Reviewed by Tim Horton.

            In r266262 ScrollingTreeLatchingController started to consult the "last handled wheel event"
            time when deciding whether to use the latched node, but we didn't update this timestamp when
            handling an event on the latched node, on the scrolling thread. So fix that.

            Test: fast/scrolling/latching/latched-scroll-into-nonfast-region.html

            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::handleWheelEvent):

2020-09-10  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266329. rdar://problem/68652477

    [Cocoa] MediaSample JSON strings are created for logging to disabled channels
    https://bugs.webkit.org/show_bug.cgi?id=215980
    <rdar://problem/68004132>
    
    Reviewed by Simon Fraser.
    
    On platforms that USE(OS_LOG), DEBUG_LOG() evaluates its arguments even in production
    builds. In SourceBufferPrivateAVFObjC::didProvideMediaDataForTrackID(), one DEBUG_LOG() call
    involved creating a non-trivial JSON object describing a MediaSample then converting that to
    a JSON string. This string was created even when debug logging was disabled at runtime.
    Profiles showed this cost half a millisecond per second of video playback on netflix.com in
    Safari on a MacBook Pro.
    
    * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::didProvideMediaDataForTrackID): Rather than calling
    MediaSample::toJSONString() directly, let the LogArgument<MediaSample> specialization call
    toJSONString() iff the log channel is enabled.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-29  Andy Estes  <aestes@apple.com>

            [Cocoa] MediaSample JSON strings are created for logging to disabled channels
            https://bugs.webkit.org/show_bug.cgi?id=215980
            <rdar://problem/68004132>

            Reviewed by Simon Fraser.

            On platforms that USE(OS_LOG), DEBUG_LOG() evaluates its arguments even in production
            builds. In SourceBufferPrivateAVFObjC::didProvideMediaDataForTrackID(), one DEBUG_LOG() call
            involved creating a non-trivial JSON object describing a MediaSample then converting that to
            a JSON string. This string was created even when debug logging was disabled at runtime.
            Profiles showed this cost half a millisecond per second of video playback on netflix.com in
            Safari on a MacBook Pro.

            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::didProvideMediaDataForTrackID): Rather than calling
            MediaSample::toJSONString() directly, let the LogArgument<MediaSample> specialization call
            toJSONString() iff the log channel is enabled.

2020-09-09  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266616. rdar://problem/68584190

    REGRESSION(macOS Big Sur) https://magenta.github.io/lofi-player/ is broken
    https://bugs.webkit.org/show_bug.cgi?id=216163
    <rdar://problem/68198173>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Address a crash and a backward-compatibility issue on https://magenta.github.io/lofi-player/.
    
    Test: webaudio/webkitofflineaudiocontext-startRendering-crash.html
    
    * Modules/webaudio/AudioBufferSourceNode.idl:
    * Modules/webaudio/AudioListener.idl:
    * Modules/webaudio/OscillatorNode.idl:
    Even after fixing the crash, the game would fail to load because it expected
    window.OscillatorNode to exist. When we started working on modern Web Audio,
    we renamed the non-standard oscillator node to WebKitOscillatorNode and
    added a new standards compliant OscillatorNode behind a runtime flag (off
    by default). As a result, window.OscillatorNode no longer existed on Big Sur,
    which is not backward compatible. To address the issue, we now expose
    window.OscillatorNode even if modern unprefixed WebAudio is not enabled and
    we merely disable its constructor at runtime. The same policy applies to
    AudioBufferSourceNode & AudioListener because we did the exact same thing
    for these interfaces.
    
    * Modules/webaudio/BaseAudioContext.cpp:
    (WebCore::BaseAudioContext::startRendering):
    Make sure we call lazyInitialize() before we start offline rendering.
    The context may not be initialized yet if no audio nodes were created
    for this context. This is similar to what is done in our modern Web
    Audio code in OfflineAudioContext::startOfflineRendering(), which is
    why the crash was not reproducible when enabling the Modern Web Audio
    experimental feature.
    
    LayoutTests:
    
    Add layout test that was reproducing the crash on https://magenta.github.io/lofi-player/.
    
    * webaudio/webkitofflineaudiocontext-startRendering-crash-expected.txt: Added.
    * webaudio/webkitofflineaudiocontext-startRendering-crash.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266616 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-09-04  Chris Dumez  <cdumez@apple.com>

            REGRESSION(macOS Big Sur) https://magenta.github.io/lofi-player/ is broken
            https://bugs.webkit.org/show_bug.cgi?id=216163
            <rdar://problem/68198173>

            Reviewed by Eric Carlson.

            Address a crash and a backward-compatibility issue on https://magenta.github.io/lofi-player/.

            Test: webaudio/webkitofflineaudiocontext-startRendering-crash.html

            * Modules/webaudio/AudioBufferSourceNode.idl:
            * Modules/webaudio/AudioListener.idl:
            * Modules/webaudio/OscillatorNode.idl:
            Even after fixing the crash, the game would fail to load because it expected
            window.OscillatorNode to exist. When we started working on modern Web Audio,
            we renamed the non-standard oscillator node to WebKitOscillatorNode and
            added a new standards compliant OscillatorNode behind a runtime flag (off
            by default). As a result, window.OscillatorNode no longer existed on Big Sur,
            which is not backward compatible. To address the issue, we now expose
            window.OscillatorNode even if modern unprefixed WebAudio is not enabled and
            we merely disable its constructor at runtime. The same policy applies to
            AudioBufferSourceNode & AudioListener because we did the exact same thing
            for these interfaces.

            * Modules/webaudio/BaseAudioContext.cpp:
            (WebCore::BaseAudioContext::startRendering):
            Make sure we call lazyInitialize() before we start offline rendering.
            The context may not be initialized yet if no audio nodes were created
            for this context. This is similar to what is done in our modern Web
            Audio code in OfflineAudioContext::startOfflineRendering(), which is
            why the crash was not reproducible when enabling the Modern Web Audio
            experimental feature.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266265. rdar://problem/68168939

    [iOS] provide a way to get previously inserted alternatives for the selected text
    https://bugs.webkit.org/show_bug.cgi?id=215816
    <rdar://problem/66646042>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    * editing/cocoa/AlternativeTextUIController.h:
    * editing/cocoa/AlternativeTextUIController.mm:
    (WebCore::AlternativeTextUIController::alternativesForContext):
    Return the raw `NSTextAlternatives *` and let the caller create the `Vector<String>` if they
    need to so that callers that don't can use the actual `NSTextAlternatives *`.
    
    * editing/Editor.h:
    * editing/Editor.cpp:
    (WebCore::Editor::applyDictationAlternative): Added.
    (WebCore::Editor::applyDictationAlternativelternative): Deleted.
    * page/ContextMenuController.cpp:
    (WebCore::ContextMenuController::contextMenuItemSelected):
    Drive-by: fix typo.
    
    Source/WebKit:
    
    * UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView alternativesForSelectedText]):
    
    * UIProcess/WebPageProxy.h:
    * UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::platformDictationAlternatives): Added.
    * UIProcess/PageClient.h:
    * UIProcess/Cocoa/PageClientImplCocoa.h:
    * UIProcess/Cocoa/PageClientImplCocoa.mm:
    (WebKit::PageClientImplCocoa::dictationAlternatives):
    (WebKit::PageClientImplCocoa::platformDictationAlternatives): Added.
    Provide a way to get the raw `NSTextAlternatives *` for a given `WebCore::DictationContext`.
    
    * Shared/EditorState.h:
    * Shared/EditorState.cpp:
    (WebKit::EditorState::PostLayoutData::encode const):
    (WebKit::EditorState::PostLayoutData::decode):
    * WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::getPlatformEditorState const):
    Include a `Vector<WebCore::DictationContext>` as part of the `EditorState` that contains all
    of the `WebCore::DictationContext` that exist in the currently selected range (or the range
    of the word containing the cursor if nothing is selected).
    
    * Platform/spi/ios/UIKitSPI.h:
    
    Source/WebKitLegacy/mac:
    
    * WebView/WebView.mm:
    (-[WebView _dictationAlternatives:]):
    Create a `Vector<String>` from the returned `NSTextAlternatives *` now that the member
    `WebCore::AlternativeTextUIController::alternativesForContext` returns it.
    
    Tools:
    
    * TestWebKitAPI/Tests/WebKitCocoa/InsertTextAlternatives.mm:
    (InsertTextAlternatives.Simple):
    
    * TestWebKitAPI/ios/UIKitSPI.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Devin Rousso  <drousso@apple.com>

            [iOS] provide a way to get previously inserted alternatives for the selected text
            https://bugs.webkit.org/show_bug.cgi?id=215816
            <rdar://problem/66646042>

            Reviewed by Darin Adler.

            * editing/cocoa/AlternativeTextUIController.h:
            * editing/cocoa/AlternativeTextUIController.mm:
            (WebCore::AlternativeTextUIController::alternativesForContext):
            Return the raw `NSTextAlternatives *` and let the caller create the `Vector<String>` if they
            need to so that callers that don't can use the actual `NSTextAlternatives *`.

            * editing/Editor.h:
            * editing/Editor.cpp:
            (WebCore::Editor::applyDictationAlternative): Added.
            (WebCore::Editor::applyDictationAlternativelternative): Deleted.
            * page/ContextMenuController.cpp:
            (WebCore::ContextMenuController::contextMenuItemSelected):
            Drive-by: fix typo.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266218. rdar://problem/68168930

    REGRESSION: touchbar controls don't reflect video state in fullscreen
    https://bugs.webkit.org/show_bug.cgi?id=215873
    <rdar://problem/66723354>
    
    Reviewed by Eric Carlson.
    
    * platform/mac/WebPlaybackControlsManager.h:
    * platform/mac/WebPlaybackControlsManager.mm:
    (-[WebPlaybackControlsManager setPlaying:]):
    (-[WebPlaybackControlsManager isPlaying]):
    Create an actual ivar `_playing` for holding the play/pause state. This is needed because
    `AVTouchBarScrubber` uses KVO to update the state of the play/pause button whenever the
    related video controller (in this case `AVTouchBarPlaybackControlsControlling`) changes
    using an `NSValueBinding`. KVO needs an actual ivar in order to function properly.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Devin Rousso  <drousso@apple.com>

            REGRESSION: touchbar controls don't reflect video state in fullscreen
            https://bugs.webkit.org/show_bug.cgi?id=215873
            <rdar://problem/66723354>

            Reviewed by Eric Carlson.

            * platform/mac/WebPlaybackControlsManager.h:
            * platform/mac/WebPlaybackControlsManager.mm:
            (-[WebPlaybackControlsManager setPlaying:]):
            (-[WebPlaybackControlsManager isPlaying]):
            Create an actual ivar `_playing` for holding the play/pause state. This is needed because
            `AVTouchBarScrubber` uses KVO to update the state of the play/pause button whenever the
            related video controller (in this case `AVTouchBarPlaybackControlsControlling`) changes
            using an `NSValueBinding`. KVO needs an actual ivar in order to function properly.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266156. rdar://problem/68168945

    Facebook post with lots of comments has cut off scrollbar, and can't scroll fully to the bottom (sticky)
    https://bugs.webkit.org/show_bug.cgi?id=215719
    <rdar://problem/66411757>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    While computing the scrollable overflow for inflow positioned (or transformed) renderers, we need to take their paint geometry into
    account so that scrolling matches their final positions.
    e.g.
    
    <div style="width: 100px; height: 100px;"></div>
    <div style="position: relative; top: -20; width: 50px; height: 50px;"></div>
    
    While the inflow positioned block box is placed right below the previous sibling div, visually they overlap each other.
    If these boxes happen to be in a scrollable container, the scrolling should be driven by the overlapping state (paint geometry) and not
    by the layout geometry (where the 2 boxes are placed vertically after each other).
    
    While stickily positioned boxes are also considered inflow positioned, their initial inflow layout positions contribute to the scrollable overflow
    as they are not stationary boxes.
    
    Test: fast/css/scrollable-overflow-with-sticky-positioning.html
    
    * rendering/RenderBox.cpp:
    (WebCore::RenderBox::layoutOverflowRectForPropagation const):
    
    LayoutTests:
    
    * fast/css/scrollable-overflow-with-sticky-positioning-expected.html: Added.
    * fast/css/scrollable-overflow-with-sticky-positioning.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Zalan Bujtas  <zalan@apple.com>

            Facebook post with lots of comments has cut off scrollbar, and can't scroll fully to the bottom (sticky)
            https://bugs.webkit.org/show_bug.cgi?id=215719
            <rdar://problem/66411757>

            Reviewed by Simon Fraser.

            While computing the scrollable overflow for inflow positioned (or transformed) renderers, we need to take their paint geometry into
            account so that scrolling matches their final positions.
            e.g.

            <div style="width: 100px; height: 100px;"></div>
            <div style="position: relative; top: -20; width: 50px; height: 50px;"></div>

            While the inflow positioned block box is placed right below the previous sibling div, visually they overlap each other.
            If these boxes happen to be in a scrollable container, the scrolling should be driven by the overlapping state (paint geometry) and not
            by the layout geometry (where the 2 boxes are placed vertically after each other).

            While stickily positioned boxes are also considered inflow positioned, their initial inflow layout positions contribute to the scrollable overflow
            as they are not stationary boxes.

            Test: fast/css/scrollable-overflow-with-sticky-positioning.html

            * rendering/RenderBox.cpp:
            (WebCore::RenderBox::layoutOverflowRectForPropagation const):

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266144. rdar://problem/68168942

    When using airplay with Youtube, the Youtube tab becomes completely empty and is unresponsive for an extended period of time if we switch the tab
    https://bugs.webkit.org/show_bug.cgi?id=215821
    
    Reviewed by Eric Carlson.
    
    We should ignore the request to paint the current video frame when we are using airplay.
    It is not necessary to do so, and -[AVAssetImageGenerator copyCGImageAtTime:actualTime:error:]
    will block the web process for a long time if the video is airplaying.
    
    * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::paintCurrentFrameInContext):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Peng Liu  <peng.liu6@apple.com>

            When using airplay with Youtube, the Youtube tab becomes completely empty and is unresponsive for an extended period of time if we switch the tab
            https://bugs.webkit.org/show_bug.cgi?id=215821

            Reviewed by Eric Carlson.

            We should ignore the request to paint the current video frame when we are using airplay.
            It is not necessary to do so, and -[AVAssetImageGenerator copyCGImageAtTime:actualTime:error:]
            will block the web process for a long time if the video is airplaying.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::paintCurrentFrameInContext):

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266158. rdar://problem/67812825

    Web Share API Level 2 functions even when its experimental feature flag is disabled
    https://bugs.webkit.org/show_bug.cgi?id=215831
    <rdar://problem/67760687>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    Tests: fast/web-share/canShare-with-files-feature-disabled.html
           fast/web-share/share-with-files-feature-disabled.html
    
    We had a feature flag for Web Share API Level 2, but it isn't actually
    consulted anywhere in the implementation.
    
    * page/Navigator.cpp:
    (WebCore::Navigator::canShare):
    Rewrite canShare to be a bit more readable, and also to consult the Level 2 feature flag.
    
    (WebCore::Navigator::share):
    Since canShare (per the spec) will return true if we have files and other content,
    even if files are not shareable, check the feature flag again before loading the files.
    
    Source/WebKit:
    
    * UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::showShareSheet):
    If the Web Content process sends us files, but the Level 2 feature flag is disabled,
    something fishy is happening, so fire a MESSAGE_CHECK.
    
    LayoutTests:
    
    * fast/web-share/canShare-with-files-feature-disabled-expected.txt: Added.
    * fast/web-share/canShare-with-files-feature-disabled.html: Added.
    * fast/web-share/share-with-files-feature-disabled-expected.txt: Added.
    * fast/web-share/share-with-files-feature-disabled.html: Added.
    Add some tests that ensure that disabling the feature actually works.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Tim Horton  <timothy_horton@apple.com>

            Web Share API Level 2 functions even when its experimental feature flag is disabled
            https://bugs.webkit.org/show_bug.cgi?id=215831
            <rdar://problem/67760687>

            Reviewed by Darin Adler.

            Tests: fast/web-share/canShare-with-files-feature-disabled.html
                   fast/web-share/share-with-files-feature-disabled.html

            We had a feature flag for Web Share API Level 2, but it isn't actually
            consulted anywhere in the implementation.

            * page/Navigator.cpp:
            (WebCore::Navigator::canShare):
            Rewrite canShare to be a bit more readable, and also to consult the Level 2 feature flag.

            (WebCore::Navigator::share):
            Since canShare (per the spec) will return true if we have files and other content,
            even if files are not shareable, check the feature flag again before loading the files.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266151. rdar://problem/67812825

    Web Share API can share non-HTTP(S) URLs
    https://bugs.webkit.org/show_bug.cgi?id=215823
    <rdar://problem/62083130>
    
    Reviewed by Wenson Hsieh.
    
    Source/WebCore:
    
    Test: fast/web-share/share-disallows-file-urls.html
    
    * page/Navigator.cpp:
    (WebCore::shareableURLForShareData):
    (WebCore::Navigator::canShare):
    (WebCore::Navigator::share):
    Factor out the code to complete and check the scheme of the URL.
    Make canShare() return NO and share() fail for non-HTTP(S) or data: URLs.
    
    Source/WebKit:
    
    * UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::showShareSheet):
    Ensure that only HTTP family or data: URLs are shared.
    
    LayoutTests:
    
    * fast/web-share/share-disallows-file-urls-expected.txt: Added.
    * fast/web-share/share-disallows-file-urls.html: Added.
    * fast/web-share/share-transient-activation-expired.html:
    * fast/web-share/share-transient-activation.html:
    * fast/web-share/share.html:
    Add a test that ensures that sharing a non-HTTP-family URL fails,
    and fix the existing tests to share HTTP-family URLs.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Tim Horton  <timothy_horton@apple.com>

            Web Share API can share non-HTTP(S) URLs
            https://bugs.webkit.org/show_bug.cgi?id=215823
            <rdar://problem/62083130>

            Reviewed by Wenson Hsieh.

            Test: fast/web-share/share-disallows-file-urls.html

            * page/Navigator.cpp:
            (WebCore::shareableURLForShareData):
            (WebCore::Navigator::canShare):
            (WebCore::Navigator::share):
            Factor out the code to complete and check the scheme of the URL.
            Make canShare() return NO and share() fail for non-HTTP(S) or data: URLs.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266292. rdar://problem/67963525

    Vertical scrolling gets stuck when a horizontal scroller is under the mouse (google search results)
    https://bugs.webkit.org/show_bug.cgi?id=215641
    <rdar://problem/67430532>
    
    Reviewed by Tim Horton.
    Source/WebCore:
    
    There are two parts to this fix. First, findEnclosingScrollableContainer() needs
    to use the same vertical-biasing delta fixup that we use in other places, to bias towards
    vertical scrolling.
    
    Second, when we've determined that the main frame should perform the scroll and dispatch
    the wheel event to the scrolling thread, we used to hit-test from scratch on the scrolling
    thread and and try to send the event to a scroller which we already know should not handle
    it. So pass along a target ScrollingNodeID, and start the scrolling thread handling from
    that node.
    
    Test: fast/scrolling/mac/horizontal-overflow-trapping-small-deltas.html
    
    * page/FrameView.cpp:
    (WebCore::FrameView::wheelEvent):
    * page/mac/EventHandlerMac.mm:
    (WebCore::findEnclosingScrollableContainer):
    * page/scrolling/ScrollingCoordinator.h:
    (WebCore::ScrollingCoordinator::handleWheelEvent):
    * page/scrolling/ScrollingTree.cpp:
    (WebCore::ScrollingTree::handleWheelEvent):
    (WebCore::ScrollingTree::handleWheelEventWithNode):
    * page/scrolling/ScrollingTree.h:
    * page/scrolling/ThreadedScrollingTree.cpp:
    (WebCore::ThreadedScrollingTree::handleWheelEventAfterMainThread):
    * page/scrolling/ThreadedScrollingTree.h:
    * page/scrolling/mac/ScrollingCoordinatorMac.h:
    * page/scrolling/mac/ScrollingCoordinatorMac.mm:
    (WebCore::ScrollingCoordinatorMac::handleWheelEvent):
    * page/scrolling/nicosia/ScrollingCoordinatorNicosia.cpp:
    (WebCore::ScrollingCoordinatorNicosia::handleWheelEvent):
    * page/scrolling/nicosia/ScrollingCoordinatorNicosia.h:
    
    LayoutTests:
    
    After this change iframe-latch-small-deltas.html would time-out because WheelEventTestMonitor
    would get stuck with a "content scrolling" defer region, due to begin/end wheel
    events not getting both sent to the iframe. But the test was actually broken; logging shows
    that it reset latching state anyway, and it's not testing the shipping configuration of
    async iframe scrolling. So fix the test to use async iframe scrolling, and to avoid
    rubber-banding, so that latching is not cleared due to elapsed time.
    
    * fast/scrolling/latching/iframe-latch-small-deltas-expected.txt:
    * fast/scrolling/latching/iframe-latch-small-deltas.html:
    * fast/scrolling/mac/horizontal-overflow-trapping-small-deltas-expected.txt: Added.
    * fast/scrolling/mac/horizontal-overflow-trapping-small-deltas.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Simon Fraser  <simon.fraser@apple.com>

            Vertical scrolling gets stuck when a horizontal scroller is under the mouse (google search results)
            https://bugs.webkit.org/show_bug.cgi?id=215641
            <rdar://problem/67430532>

            Reviewed by Tim Horton.

            There are two parts to this fix. First, findEnclosingScrollableContainer() needs
            to use the same vertical-biasing delta fixup that we use in other places, to bias towards
            vertical scrolling.

            Second, when we've determined that the main frame should perform the scroll and dispatch
            the wheel event to the scrolling thread, we used to hit-test from scratch on the scrolling
            thread and and try to send the event to a scroller which we already know should not handle
            it. So pass along a target ScrollingNodeID, and start the scrolling thread handling from
            that node.

            Test: fast/scrolling/mac/horizontal-overflow-trapping-small-deltas.html

            * page/FrameView.cpp:
            (WebCore::FrameView::wheelEvent):
            * page/mac/EventHandlerMac.mm:
            (WebCore::findEnclosingScrollableContainer):
            * page/scrolling/ScrollingCoordinator.h:
            (WebCore::ScrollingCoordinator::handleWheelEvent):
            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::handleWheelEvent):
            (WebCore::ScrollingTree::handleWheelEventWithNode):
            * page/scrolling/ScrollingTree.h:
            * page/scrolling/ThreadedScrollingTree.cpp:
            (WebCore::ThreadedScrollingTree::handleWheelEventAfterMainThread):
            * page/scrolling/ThreadedScrollingTree.h:
            * page/scrolling/mac/ScrollingCoordinatorMac.h:
            * page/scrolling/mac/ScrollingCoordinatorMac.mm:
            (WebCore::ScrollingCoordinatorMac::handleWheelEvent):
            * page/scrolling/nicosia/ScrollingCoordinatorNicosia.cpp:
            (WebCore::ScrollingCoordinatorNicosia::handleWheelEvent):
            * page/scrolling/nicosia/ScrollingCoordinatorNicosia.h:

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266262. rdar://problem/67963581

    Scrolling on select element doesn't work after scrolling the page
    https://bugs.webkit.org/show_bug.cgi?id=215900
    Source/WebCore:
    
    <rdar://problem/67766032>
    
    Reviewed by Tim Horton.
    
    The scrolling thread could use a node that was latched some time ago; we need to
    check the freshness of the latched node before using it.
    
    Test: fast/scrolling/latching/latching-stuck-to-main-page.html
    
    * page/scrolling/ScrollingTreeLatchingController.cpp:
    (WebCore::ScrollingTreeLatchingController::receivedWheelEvent):
    (WebCore::ScrollingTreeLatchingController::latchedNodeForEvent const):
    (WebCore::ScrollingTreeLatchingController::latchedNodeIsRelevant const):
    * page/scrolling/ScrollingTreeLatchingController.h:
    
    LayoutTests:
    
    Reviewed by Tim Horton.
    
    * fast/scrolling/latching/latching-stuck-to-main-page-expected.txt: Added.
    * fast/scrolling/latching/latching-stuck-to-main-page.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Simon Fraser  <simon.fraser@apple.com>

            Scrolling on select element doesn't work after scrolling the page
            https://bugs.webkit.org/show_bug.cgi?id=215900
            <rdar://problem/67766032>

            Reviewed by Tim Horton.

            The scrolling thread could use a node that was latched some time ago; we need to
            check the freshness of the latched node before using it.

            Test: fast/scrolling/latching/latching-stuck-to-main-page.html

            * page/scrolling/ScrollingTreeLatchingController.cpp:
            (WebCore::ScrollingTreeLatchingController::receivedWheelEvent):
            (WebCore::ScrollingTreeLatchingController::latchedNodeForEvent const):
            (WebCore::ScrollingTreeLatchingController::latchedNodeIsRelevant const):
            * page/scrolling/ScrollingTreeLatchingController.h:

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266248. rdar://problem/67963541

    Occasional crashes when restoring replaced text under Editor::changeBackToReplacedString
    https://bugs.webkit.org/show_bug.cgi?id=215892
    <rdar://problem/67731156>
    
    Reviewed by Tim Horton.
    
    Source/WebCore:
    
    While reverting the replaced string in `Editor::changeBackToReplacedString`, it's possible for text replacement
    (`Editor::replaceSelectionWithText`) to cause the text checking paragraph range to become orphaned (if for no
    reason other than the fact that arbitrary script can run in between). If this happens, then our attempts to
    expand the checking range to paragraph boundaries underneath `TextCheckingParagraph::paragraphRange` will result
    in a null dereference, since the boundary points computed underneath the `expandToParagraphBoundary` helper will
    be `nullopt`.
    
    Mitigate this (and any other potentially similar crashes) by making `expandToParagraphBoundary` robust in the
    case where expanding to the start and end fails, and just fall back to returning the original text checking
    range instead.
    
    Test: editing/mac/input/change-back-to-replaced-string.html
    
    * editing/Editor.h:
    * editing/TextCheckingHelper.cpp:
    (WebCore::expandToParagraphBoundary):
    
    See above for more details.
    
    * testing/Internals.cpp:
    (WebCore::Internals::changeBackToReplacedString):
    * testing/Internals.h:
    * testing/Internals.idl:
    
    Add a simple internal testing hook to change the currently selected text back to the given replaced string.
    
    LayoutTests:
    
    Add a layout test to exercise the crash.
    
    * editing/mac/input/change-back-to-replaced-string-expected.txt: Added.
    * editing/mac/input/change-back-to-replaced-string.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266248 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Wenson Hsieh  <wenson_hsieh@apple.com>

            Occasional crashes when restoring replaced text under Editor::changeBackToReplacedString
            https://bugs.webkit.org/show_bug.cgi?id=215892
            <rdar://problem/67731156>

            Reviewed by Tim Horton.

            While reverting the replaced string in `Editor::changeBackToReplacedString`, it's possible for text replacement
            (`Editor::replaceSelectionWithText`) to cause the text checking paragraph range to become orphaned (if for no
            reason other than the fact that arbitrary script can run in between). If this happens, then our attempts to
            expand the checking range to paragraph boundaries underneath `TextCheckingParagraph::paragraphRange` will result
            in a null dereference, since the boundary points computed underneath the `expandToParagraphBoundary` helper will
            be `nullopt`.

            Mitigate this (and any other potentially similar crashes) by making `expandToParagraphBoundary` robust in the
            case where expanding to the start and end fails, and just fall back to returning the original text checking
            range instead.

            Test: editing/mac/input/change-back-to-replaced-string.html

            * editing/Editor.h:
            * editing/TextCheckingHelper.cpp:
            (WebCore::expandToParagraphBoundary):

            See above for more details.

            * testing/Internals.cpp:
            (WebCore::Internals::changeBackToReplacedString):
            * testing/Internals.h:
            * testing/Internals.idl:

            Add a simple internal testing hook to change the currently selected text back to the given replaced string.

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266239. rdar://problem/67963562

    REGRESSION (r258215): Title preview movie isn't displayed at www.thismmalife.com
    https://bugs.webkit.org/show_bug.cgi?id=215774
    <rdar://problem/67707957>
    
    Reviewed by Eric Carlson.
    
    Source/WebCore:
    
    Test: media/video-as-img-output-pts.html
    
    Use CMSampleBufferGetOutputPresentationTimeStamp() for sample PTS.
    
    * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
    (WebCore::ImageDecoderAVFObjC::storeSampleBuffer):
    
    LayoutTests:
    
    * media/content/video-as-img.mp4: Added.
    * media/video-as-img-output-pts-expected.txt: Added.
    * media/video-as-img-output-pts.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Jer Noble  <jer.noble@apple.com>

            REGRESSION (r258215): Title preview movie isn't displayed at www.thismmalife.com
            https://bugs.webkit.org/show_bug.cgi?id=215774
            <rdar://problem/67707957>

            Reviewed by Eric Carlson.

            Test: media/video-as-img-output-pts.html

            Use CMSampleBufferGetOutputPresentationTimeStamp() for sample PTS.

            * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
            (WebCore::ImageDecoderAVFObjC::storeSampleBuffer):

2020-09-03  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266189. rdar://problem/68145721

    Flickering on sedona.dev
    https://bugs.webkit.org/show_bug.cgi?id=215141
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    Test: fast/canvas/webgl/compositing-without-drawing.html
    
    Our logic to determine if a canvas needs to be "repainted"
    was over-zealous for WebGL. We were marking any context
    that called draw commands as dirty, but they could in fact
    be rendering to an offscreen texture/framebuffer. Then, when
    it came time to composite, we'd happily swap buffers and
    show something that had never been rendered to.
    
    The fix is simply to ignore any of the dirtying notifications
    when we are not bound to the default (canvas) framebuffer.
    
    * html/canvas/WebGLRenderingContextBase.cpp:
    (WebCore::WebGLRenderingContextBase::markContextChangedAndNotifyCanvasObserver): Only
    mark if we're rendering to the default framebuffer.
    
    LayoutTests:
    
    Test that serves an animation frame that touches
    WebGL, but not in a way that requires a recomposite.
    
    * fast/canvas/webgl/compositing-without-drawing-expected.html: Added.
    * fast/canvas/webgl/compositing-without-drawing.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Dean Jackson  <dino@apple.com>

            Flickering on sedona.dev
            https://bugs.webkit.org/show_bug.cgi?id=215141

            Reviewed by Darin Adler.

            Test: fast/canvas/webgl/compositing-without-drawing.html

            Our logic to determine if a canvas needs to be "repainted"
            was over-zealous for WebGL. We were marking any context
            that called draw commands as dirty, but they could in fact
            be rendering to an offscreen texture/framebuffer. Then, when
            it came time to composite, we'd happily swap buffers and
            show something that had never been rendered to.

            The fix is simply to ignore any of the dirtying notifications
            when we are not bound to the default (canvas) framebuffer.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::markContextChangedAndNotifyCanvasObserver): Only
            mark if we're rendering to the default framebuffer.

2020-09-02  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266363. rdar://problem/68229370

    Wheel event region code is not fully disabled
    https://bugs.webkit.org/show_bug.cgi?id=216008
    <rdar://problem/68086333>
    
    Reviewed by Simon Fraser.
    
    * rendering/RenderBlock.cpp:
    (WebCore::RenderBlock::paintObject):
    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::maintainsEventRegion const):
    
    Use the relevant ENABLE flag rather than !PLATFORM_IOS to compile out the code.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-31  Antti Koivisto  <antti@apple.com>

            Wheel event region code is not fully disabled
            https://bugs.webkit.org/show_bug.cgi?id=216008
            <rdar://problem/68086333>

            Reviewed by Simon Fraser.

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::paintObject):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::maintainsEventRegion const):

            Use the relevant ENABLE flag rather than !PLATFORM_IOS to compile out the code.

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266280. rdar://problem/68177624

    REGRESSION (r263506): scale transform transitions won't overshoot
    https://bugs.webkit.org/show_bug.cgi?id=215826
    <rdar://problem/67759310>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Test: webanimations/accelerated-css-transition-with-easing-y-axis-above-1.html
    
    In r263506 we made a change where accelerated animations would set their animation-wide
    timing functions using PlatformCAAnimation::setTimingFunction() instead of setting it
    on individual keyframes. This change was required to support the unique ability of
    JS-originated animations to specify both an animation-wide timing function as well as
    per-keyframe timing functions.
    
    In the case of CSS Transitions, this meant that instead of setting a per-keyframe timing
    function, this change would set the animation-wide timing function since CSS Transitions
    should map the transition-timing-function property to the "easing" property of the Animation
    object exposed by the Web Animations API, not as the timing function of the single keyframe
    interval.
    
    However, this change surfaced a bug in Core Animation on macOS and iOS where a cubic-bezier()
    timing function with y values above 1 get clipped when applied to a CAKeyframeAnimation using
    the timingFunction property (singular) instead of the timingFunctions property (plural).
    
    To work around this issue, we set Animation::property() on the generated Animation object passed
    to GraphicsLayerCA to make it possible to detect when we're dealing with a CSS Transition and
    set the timing function on the keyframe interval rather than on the animation itself.
    
    Alas, this does not fix the case where a JS-originated animation will specify an animation-wide
    timing function with a cubic-bezier() timing function with y values above 1. There is no known
    workaround at this time for this case and this is covered by bug 215918.
    
    * animation/KeyframeEffect.cpp:
    (WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const):
    * platform/graphics/ca/GraphicsLayerCA.cpp:
    (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
    
    LayoutTests:
    
    Add a new test that checks that a CSS Transition using a cubic-bezier() timing function with
    a y value beyond 1 does not get clipped.
    
    * platform/win/TestExpectations:
    * webanimations/accelerated-css-transition-with-easing-y-axis-above-1-expected.html: Added.
    * webanimations/accelerated-css-transition-with-easing-y-axis-above-1.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-28  Antoine Quint  <graouts@webkit.org>

            REGRESSION (r263506): scale transform transitions won't overshoot
            https://bugs.webkit.org/show_bug.cgi?id=215826
            <rdar://problem/67759310>

            Reviewed by Simon Fraser.

            Test: webanimations/accelerated-css-transition-with-easing-y-axis-above-1.html

            In r263506 we made a change where accelerated animations would set their animation-wide
            timing functions using PlatformCAAnimation::setTimingFunction() instead of setting it
            on individual keyframes. This change was required to support the unique ability of
            JS-originated animations to specify both an animation-wide timing function as well as
            per-keyframe timing functions.

            In the case of CSS Transitions, this meant that instead of setting a per-keyframe timing
            function, this change would set the animation-wide timing function since CSS Transitions
            should map the transition-timing-function property to the "easing" property of the Animation
            object exposed by the Web Animations API, not as the timing function of the single keyframe
            interval.

            However, this change surfaced a bug in Core Animation on macOS and iOS where a cubic-bezier()
            timing function with y values above 1 get clipped when applied to a CAKeyframeAnimation using
            the timingFunction property (singular) instead of the timingFunctions property (plural).

            To work around this issue, we set Animation::property() on the generated Animation object passed
            to GraphicsLayerCA to make it possible to detect when we're dealing with a CSS Transition and
            set the timing function on the keyframe interval rather than on the animation itself.

            Alas, this does not fix the case where a JS-originated animation will specify an animation-wide
            timing function with a cubic-bezier() timing function with y values above 1. There is no known
            workaround at this time for this case and this is covered by bug 215918.

            * animation/KeyframeEffect.cpp:
            (WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266241. rdar://problem/68177624

    REGRESSION (r263506): timing of CSS Animation on https://animate.style is incorrect
    https://bugs.webkit.org/show_bug.cgi?id=215807
    <rdar://problem/66770136>
    
    Reviewed by Simon Fraser.
    
    Source/WebCore:
    
    Test: webanimations/accelerated-css-animation-with-easing.html
    
    In r263506, we added a way for accelerated animations to adhere to both a timing function set on the
    animation, affecting the timing of the entire animation, as well as a timing function set on individual
    keyframes, affecting the timing of the animation in a given interval. Alas, this change broke handling
    of timing functions with implicit animation-timing-function on keyframes.
    
    That code change assumed that the Animation object ultimately passed to GraphicsLayerCA::setupAnimation()
    would return the animation-wide timing function through Animation::timingFunction(). This was correct for
    JS-originated animations, but not for CSS Animations, since that value was set based on the computed CSS
    property animation-timing-function for the target element. However, that CSS property does not specify
    the animation-wide timing function, but rather the default timing function to use for keyframes should
    they fail to specify an explicit timing function.
    
    To fix this, first, we ensure that the animation-wide timing function is set on the Animation object,
    changing KeyframeEffect::backingAnimationForCompositedRenderer() to always generate an Animation object
    based on the effect, divorcing itself from the Animation object created through CSS.
    
    Then, we add a new member to Animation to specify the default timing function for keyframes, allowing
    GraphicsLayerCA to use it to determine the timing function when building keyframes.
    
    * animation/KeyframeEffect.cpp:
    (WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const): Always generate an Animation
    object based on the effect's properties, also setting the new defaultTimingFunctionForKeyframes in the
    case of a CSS Animation object.
    * platform/animation/Animation.h:
    (WebCore::Animation::defaultTimingFunctionForKeyframes const):
    (WebCore::Animation::setDefaultTimingFunctionForKeyframes):
    * platform/graphics/ca/GraphicsLayerCA.cpp:
    (WebCore::animationHasStepsTimingFunction): Use the optional defaultTimingFunctionForKeyframes to determine
    whether a keyframe uses a steps timing function.
    (WebCore::GraphicsLayerCA::timingFunctionForAnimationValue): Use the optional defaultTimingFunctionForKeyframes
    to determine the timing function for a keyframe.
    
    LayoutTests:
    
    Add a new test that checks that a CSS Animation with implicit and explicit animation-timing-function
    values behave the same when running accelerated.
    
    * webanimations/accelerated-css-animation-with-easing-expected.html: Added.
    * webanimations/accelerated-css-animation-with-easing.html: Added.
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Antoine Quint  <graouts@webkit.org>

            REGRESSION (r263506): timing of CSS Animation on https://animate.style is incorrect
            https://bugs.webkit.org/show_bug.cgi?id=215807
            <rdar://problem/66770136>

            Reviewed by Simon Fraser.

            Test: webanimations/accelerated-css-animation-with-easing.html

            In r263506, we added a way for accelerated animations to adhere to both a timing function set on the
            animation, affecting the timing of the entire animation, as well as a timing function set on individual
            keyframes, affecting the timing of the animation in a given interval. Alas, this change broke handling
            of timing functions with implicit animation-timing-function on keyframes.

            That code change assumed that the Animation object ultimately passed to GraphicsLayerCA::setupAnimation()
            would return the animation-wide timing function through Animation::timingFunction(). This was correct for
            JS-originated animations, but not for CSS Animations, since that value was set based on the computed CSS
            property animation-timing-function for the target element. However, that CSS property does not specify
            the animation-wide timing function, but rather the default timing function to use for keyframes should
            they fail to specify an explicit timing function.

            To fix this, first, we ensure that the animation-wide timing function is set on the Animation object,
            changing KeyframeEffect::backingAnimationForCompositedRenderer() to always generate an Animation object
            based on the effect, divorcing itself from the Animation object created through CSS.

            Then, we add a new member to Animation to specify the default timing function for keyframes, allowing
            GraphicsLayerCA to use it to determine the timing function when building keyframes.

            * animation/KeyframeEffect.cpp:
            (WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const): Always generate an Animation
            object based on the effect's properties, also setting the new defaultTimingFunctionForKeyframes in the
            case of a CSS Animation object.
            * platform/animation/Animation.h:
            (WebCore::Animation::defaultTimingFunctionForKeyframes const):
            (WebCore::Animation::setDefaultTimingFunctionForKeyframes):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::animationHasStepsTimingFunction): Use the optional defaultTimingFunctionForKeyframes to determine
            whether a keyframe uses a steps timing function.
            (WebCore::GraphicsLayerCA::timingFunctionForAnimationValue): Use the optional defaultTimingFunctionForKeyframes
            to determine the timing function for a keyframe.

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266291. rdar://problem/68177666

    No need to run full can-use-for (fast inline layout codepath) check on every style change.
    https://bugs.webkit.org/show_bug.cgi?id=215937
    <rdar://problem/67951360>
    
    Reviewed by Antti Koivisto.
    
    Let's use the StyleDifference to figure out how extensive the can-use-for check should be.
    We can certainly skip some relatively expensive content checks when we know that the style change only triggers repaint or positioned-movement-only changes.
    
    * layout/integration/LayoutIntegrationLineLayout.cpp:
    (WebCore::LayoutIntegration::LineLayout::canUseForAfterStyleChange):
    * layout/integration/LayoutIntegrationLineLayout.h:
    * rendering/RenderBlockFlow.cpp:
    (WebCore::RenderBlockFlow::styleDidChange):
    * rendering/SimpleLineLayout.cpp:
    (WebCore::SimpleLineLayout::canUseForAfterStyleChange):
    * rendering/SimpleLineLayout.h:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-28  Zalan Bujtas  <zalan@apple.com>

            No need to run full can-use-for (fast inline layout codepath) check on every style change.
            https://bugs.webkit.org/show_bug.cgi?id=215937
            <rdar://problem/67951360>

            Reviewed by Antti Koivisto.

            Let's use the StyleDifference to figure out how extensive the can-use-for check should be.
            We can certainly skip some relatively expensive content checks when we know that the style change only triggers repaint or positioned-movement-only changes.

            * layout/integration/LayoutIntegrationLineLayout.cpp:
            (WebCore::LayoutIntegration::LineLayout::canUseForAfterStyleChange):
            * layout/integration/LayoutIntegrationLineLayout.h:
            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::styleDidChange):
            * rendering/SimpleLineLayout.cpp:
            (WebCore::SimpleLineLayout::canUseForAfterStyleChange):
            * rendering/SimpleLineLayout.h:

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266281. rdar://problem/68177575

    Remove adopted node from TextManipulationController
    https://bugs.webkit.org/show_bug.cgi?id=215914
    
    Reviewed by Wenson Hsieh.
    
    Remove Node from TextManipulationController when it gets adopted to a new document.
    
    * dom/Node.cpp:
    (WebCore::Node::moveNodeToNewDocument):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-28  Ryosuke Niwa  <rniwa@webkit.org>

            Remove adopted node from TextManipulationController
            https://bugs.webkit.org/show_bug.cgi?id=215914

            Reviewed by Wenson Hsieh.

            Remove Node from TextManipulationController when it gets adopted to a new document.

            * dom/Node.cpp:
            (WebCore::Node::moveNodeToNewDocument):

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266214. rdar://problem/68164557

    Resource Load Statistics data summary does not report data which is held up in the web content process.
    https://bugs.webkit.org/show_bug.cgi?id=215822
    <rdar://problem/66682044>
    
    Reviewed by Chris Dumez.
    
    Source/WebCore:
    
    Send empty lambda when calling updateCentralStatisticsStore() because
    in these cases we don't care about timing.
    
    * loader/ResourceLoadObserver.h:
    (WebCore::ResourceLoadObserver::updateCentralStatisticsStore):
    * page/DOMWindow.cpp:
    (WebCore::DOMWindow::close):
    * testing/Internals.cpp:
    (WebCore::Internals::notifyResourceLoadObserver):
    
    Source/WebKit:
    
    No new tests, this fixes a timing bug that is flaky to reproduce, so I
    was unable to write a test case. Non-regressed behavior is confirmed
    with existing API testing.
    
    * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
    (WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated):
    Most of the time, the completion handler will be an empty function,
    but we should handle it in the network process so we fix the
    case where we wait to send the full data summary until the update has
    finished.
    
    (WebKit::WebResourceLoadStatisticsStore::aggregatedThirdPartyData):
    Delete extra space.
    
    * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
    * NetworkProcess/NetworkConnectionToWebProcess.cpp:
    (WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated):
    * NetworkProcess/NetworkConnectionToWebProcess.h:
    * NetworkProcess/NetworkConnectionToWebProcess.messages.in:
    * UIProcess/WebProcessPool.cpp:
    (WebKit::WebProcessPool::sendResourceLoadStatisticsDataImmediately):
    * UIProcess/WebProcessPool.h:
    * UIProcess/WebsiteData/WebsiteDataStore.cpp:
    (WebKit::WebsiteDataStore::getResourceLoadStatisticsDataSummary):
    Don't ask the network process for data until any lingering data
    in the web content process has been sent first.
    
    * WebProcess/InjectedBundle/API/c/WKBundle.cpp:
    (WKBundleResourceLoadStatisticsNotifyObserver):
    * WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp:
    (WebKit::WebResourceLoadObserver::WebResourceLoadObserver):
    (WebKit::WebResourceLoadObserver::~WebResourceLoadObserver):
    (WebKit::WebResourceLoadObserver::updateCentralStatisticsStore):
    * WebProcess/WebCoreSupport/WebResourceLoadObserver.h:
    * WebProcess/WebProcess.cpp:
    (WebKit::WebProcess::flushResourceLoadStatistics):
    (WebKit::WebProcess::sendResourceLoadStatisticsDataImmediately):
    * WebProcess/WebProcess.h:
    * WebProcess/WebProcess.messages.in:
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266214 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Kate Cheney  <katherine_cheney@apple.com>

            Resource Load Statistics data summary does not report data which is held up in the web content process.
            https://bugs.webkit.org/show_bug.cgi?id=215822
            <rdar://problem/66682044>

            Reviewed by Chris Dumez.

            Send empty lambda when calling updateCentralStatisticsStore() because
            in these cases we don't care about timing.

            * loader/ResourceLoadObserver.h:
            (WebCore::ResourceLoadObserver::updateCentralStatisticsStore):
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::close):
            * testing/Internals.cpp:
            (WebCore::Internals::notifyResourceLoadObserver):

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266140. rdar://problem/68164582

    Fix read-after-free introduced in r266087
    https://bugs.webkit.org/show_bug.cgi?id=215671
    
    * Modules/fetch/FetchBodyConsumer.cpp:
    (WebCore::packageFormData):
    Keep the CString in scope while we are using it.
    
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Alex Christensen  <achristensen@webkit.org>

            Fix read-after-free introduced in r266087
            https://bugs.webkit.org/show_bug.cgi?id=215671

            * Modules/fetch/FetchBodyConsumer.cpp:
            (WebCore::packageFormData):
            Keep the CString in scope while we are using it.

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266268. rdar://problem/68107183

    Remove the feature flag for capped cookies set in 3rd-party CNAME cloaked HTTP responses and add ITP debug logging
    https://bugs.webkit.org/show_bug.cgi?id=215902
    <rdar://problem/66699731>
    
    Reviewed by Brent Fulgham.
    
    This change removes the feature flag, effectively turning the feature on.
    It also adds log output of cookie names that have been capped when ITP
    Debug Mode is enabled.
    
    Source/WebCore:
    
    WebCore::NetworkStorageSession now has a member flag for ITP debug logging.
    
    No new tests. This feature already has tests.
    
    * page/Settings.yaml:
    * platform/network/NetworkStorageSession.cpp:
    (WebCore::NetworkStorageSession::setResourceLoadStatisticsDebugLoggingEnabled):
    (WebCore::NetworkStorageSession::resourceLoadStatisticsDebugLoggingEnabled const):
        New function to be able to conditionalize log output in the new feature.
    * platform/network/NetworkStorageSession.h:
    
    Source/WebKit:
    
    * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
    (WebKit::WebResourceLoadStatisticsStore::setResourceLoadStatisticsDebugMode):
        Now sets the flag in WebCore::NetworkStorageSession through the new function
        WebCore::NetworkStorageSession::setResourceLoadStatisticsDebugLoggingEnabled().
    * NetworkProcess/NetworkProcess.cpp:
    (WebKit::NetworkProcess::resetParametersToDefaultValues):
    (WebKit::NetworkProcess::setIsRunningResourceLoadStatisticsTest):
    * NetworkProcess/NetworkSession.cpp:
    (WebKit::NetworkSession::NetworkSession):
    (WebKit::NetworkSession::setFirstPartyHostCNAMEDomain):
    (WebKit::NetworkSession::firstPartyHostCNAMEDomain):
    * NetworkProcess/NetworkSession.h:
    (WebKit::NetworkSession::setCNAMECloakingMitigationEnabled): Deleted.
    (WebKit::NetworkSession::cnameCloakingMitigationEnabled const): Deleted.
    * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
    (WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):
    (WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking):
    * Shared/ResourceLoadStatisticsParameters.h:
    (WebKit::ResourceLoadStatisticsParameters::encode const):
    (WebKit::ResourceLoadStatisticsParameters::decode):
    * Shared/WebPreferences.yaml:
    * UIProcess/WebProcessPool.cpp:
    (WebKit::WebProcessPool::ensureNetworkProcess):
    * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
    (WebKit::WebsiteDataStore::platformSetNetworkParameters):
    * UIProcess/WebsiteData/WebsiteDataStore.cpp:
    (WebKit::WebsiteDataStore::parameters):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  John Wilander  <wilander@apple.com>

            Remove the feature flag for capped cookies set in 3rd-party CNAME cloaked HTTP responses and add ITP debug logging
            https://bugs.webkit.org/show_bug.cgi?id=215902
            <rdar://problem/66699731>

            Reviewed by Brent Fulgham.

            This change removes the feature flag, effectively turning the feature on.
            It also adds log output of cookie names that have been capped when ITP
            Debug Mode is enabled.

            WebCore::NetworkStorageSession now has a member flag for ITP debug logging.

            No new tests. This feature already has tests.

            * page/Settings.yaml:
            * platform/network/NetworkStorageSession.cpp:
            (WebCore::NetworkStorageSession::setResourceLoadStatisticsDebugLoggingEnabled):
            (WebCore::NetworkStorageSession::resourceLoadStatisticsDebugLoggingEnabled const):
                New function to be able to conditionalize log output in the new feature.
            * platform/network/NetworkStorageSession.h:

2020-09-01  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266229. rdar://problem/68161195

    Animation are invalidating too much
    https://bugs.webkit.org/show_bug.cgi?id=215849
    
    Reviewed by Antoine Quint.
    
    * animation/KeyframeEffect.cpp:
    (WebCore::invalidateElement):
    
    Changes due to animations can't affect sibling elements so we can use internal invalidation.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266229 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-27  Antti Koivisto  <antti@apple.com>

            Animation are invalidating too much
            https://bugs.webkit.org/show_bug.cgi?id=215849

            Reviewed by Antoine Quint.

            * animation/KeyframeEffect.cpp:
            (WebCore::invalidateElement):

            Changes due to animations can't affect sibling elements so we can use internal invalidation.

2020-09-01  Russell Epstein  <repstein@apple.com>

        Cherry-pick r266118. rdar://problem/68160083

    Fonts lie about being monospaced
    https://bugs.webkit.org/show_bug.cgi?id=162546
    <rdar://problem/28494654>
    
    Reviewed by Darin Adler.
    
    Source/WebCore:
    
    When a font reports itself to be monospace, we use this as a
    signal that we can perform width computations by assuming all
    characters have the same width as the space character. However,
    some fonts erroneously claim to be monospaced. We can't know
    this ahead of time without measuring a bunch of characters at
    font load time, which would be too slow, so even though the
    optimization would be nice there is no practical way to do it
    correctly. Firefox and Chrome both do not use this signal, so
    therefore they both correctly render these fonts. We should
    ignore this bit in the font as well. Also, CJK fonts generally
    do not have this bit set (because they usually have at least
    one character which is not fullwidth) so this isn't a concern
    there.
    
    Our Page Load Test shows this is not a performance regression.
    
    Tests: fast/text/font-erroneous-monospace.html
           fast/text/font-monospaced-lie.html
    
    * rendering/RenderText.cpp:
    (WebCore::RenderText::widthFromCache const):
    
    LayoutTests:
    
    Add two tests for fonts which claim to be monospaced but actually aren't.
    
    * fast/text/font-erroneous-monospace-expected.html: Added.
    * fast/text/font-erroneous-monospace.html: Added.
    * fast/text/font-monospaced-lie-expected.txt: Added.
    * fast/text/font-monospaced-lie.html: Added.
    * fast/text/line-break-after-question-mark-expected.txt:
    * fast/text/line-break-after-question-mark.html:
    * fast/text/resources/Ahem-fixed-pitch.ttf: Added.
    * fast/text/resources/AhemErroneousMonospace.ttf: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-25  Myles C. Maxfield  <mmaxfield@apple.com>

            Fonts lie about being monospaced
            https://bugs.webkit.org/show_bug.cgi?id=162546
            <rdar://problem/28494654>

            Reviewed by Darin Adler.

            When a font reports itself to be monospace, we use this as a
            signal that we can perform width computations by assuming all
            characters have the same width as the space character. However,
            some fonts erroneously claim to be monospaced. We can't know
            this ahead of time without measuring a bunch of characters at
            font load time, which would be too slow, so even though the
            optimization would be nice there is no practical way to do it
            correctly. Firefox and Chrome both do not use this signal, so
            therefore they both correctly render these fonts. We should
            ignore this bit in the font as well. Also, CJK fonts generally
            do not have this bit set (because they usually have at least
            one character which is not fullwidth) so this isn't a concern
            there.

            Our Page Load Test shows this is not a performance regression.

            Tests: fast/text/font-erroneous-monospace.html
                   fast/text/font-monospaced-lie.html

            * rendering/RenderText.cpp:
            (WebCore::RenderText::widthFromCache const):

2020-08-26  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266168. rdar://problem/67836301

    REGRESSION (r265908): Crash under Blob::arrayBuffer() / Blob::text() in stress GC
    https://bugs.webkit.org/show_bug.cgi?id=215832
    <rdar://problem/67741677>
    
    Reviewed by Ryosuke Niwa.
    
    Source/WebCore:
    
    r265908 added support for Blob::arrayBuffer() / Blob::text() which are asynchronous operations
    returning promises. The crash is due to the fact that the Blob's JS wrapper may get garbage
    collected before the promise is settled.
    
    To address the issue, this patch makes Blob an ActiveDOMObject and creates an
    ActiveDOMObject::pendingActivity whenever there is a pending promise so that the JS wrapper
    does not get garbage collected too early.
    
    Test: fast/files/blob-text-gc.html
    
    * Modules/async-clipboard/Clipboard.cpp:
    (WebCore::Clipboard::getType):
    * Modules/async-clipboard/ClipboardImageReader.h:
    (WebCore::ClipboardImageReader::ClipboardImageReader):
    * Modules/async-clipboard/ClipboardItem.cpp:
    (WebCore::ClipboardItem::blobFromString):
    * Modules/async-clipboard/ClipboardItem.h:
    * Modules/async-clipboard/ClipboardItemBindingsDataSource.cpp:
    (WebCore::ClipboardItemBindingsDataSource::getType):
    * Modules/async-clipboard/ios/ClipboardImageReaderIOS.mm:
    (WebCore::ClipboardImageReader::readBuffer):
    * Modules/async-clipboard/mac/ClipboardImageReaderMac.mm:
    (WebCore::ClipboardImageReader::readBuffer):
    * Modules/entriesapi/DOMFileSystem.cpp:
    (WebCore::DOMFileSystem::getFile):
    * Modules/entriesapi/DOMFileSystem.h:
    * Modules/entriesapi/FileSystemFileEntry.cpp:
    (WebCore::FileSystemFileEntry::file):
    * Modules/entriesapi/FileSystemFileEntry.h:
    * Modules/entriesapi/FileSystemFileEntry.idl:
    * Modules/fetch/FetchBody.cpp:
    (WebCore::FetchBody::fromFormData):
    * Modules/fetch/FetchBody.h:
    * Modules/fetch/FetchBodyConsumer.cpp:
    (WebCore::blobFromData):
    (WebCore::packageFormData):
    (WebCore::resolveWithTypeAndData):
    (WebCore::FetchBodyConsumer::resolve):
    (WebCore::FetchBodyConsumer::takeAsBlob):
    * Modules/fetch/FetchBodyConsumer.h:
    * Modules/fetch/FetchBodyOwner.cpp:
    (WebCore::FetchBodyOwner::blob):
    * Modules/mediarecorder/MediaRecorder.cpp:
    (WebCore::MediaRecorder::stopRecording):
    (WebCore::MediaRecorder::requestData):
    * Modules/mediastream/RTCDataChannel.cpp:
    (WebCore::RTCDataChannel::didReceiveRawData):
    * Modules/websockets/WebSocket.cpp:
    (WebCore::WebSocket::didReceiveBinaryData):
    * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
    (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
    * bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneDeserializer::readFile):
    (WebCore::CloneDeserializer::readTerminal):
    * dom/DataTransfer.cpp:
    (WebCore::DataTransfer::updateFileList):
    (WebCore::DataTransfer::items):
    (WebCore::DataTransfer::filesFromPasteboardAndItemList const):
    (WebCore::DataTransfer::files const):
    * dom/DataTransfer.h:
    * dom/DataTransfer.idl:
    * dom/DataTransferItemList.cpp:
    (WebCore::DataTransferItemList::DataTransferItemList):
    (WebCore::DataTransferItemList::remove):
    (WebCore::DataTransferItemList::clear):
    (WebCore::DataTransferItemList::ensureItems const):
    (WebCore::DataTransferItemList::document const):
    * dom/DataTransferItemList.h:
    * dom/DataTransferItemList.idl:
    * editing/WebCorePasteboardFileReader.cpp:
    (WebCore::WebCorePasteboardFileReader::readFilename):
    (WebCore::WebCorePasteboardFileReader::readBuffer):
    * editing/WebCorePasteboardFileReader.h:
    * editing/cocoa/WebContentReaderCocoa.mm:
    (WebCore::createFragmentForImageAttachment):
    (WebCore::replaceRichContentWithAttachments):
    (WebCore::createFragmentAndAddResources):
    (WebCore::sanitizeMarkupWithArchive):
    (WebCore::WebContentReader::readImage):
    (WebCore::attachmentForFilePath):
    (WebCore::attachmentForData):
    * editing/markup.cpp:
    (WebCore::restoreAttachmentElementsInFragment):
    * fileapi/Blob.cpp:
    (WebCore::Blob::Blob):
    (WebCore::Blob::loadBlob):
    (WebCore::Blob::activeDOMObjectName const):
    * fileapi/Blob.h:
    (WebCore::Blob::create):
    (WebCore::Blob::deserialize):
    (WebCore::Blob::slice const):
    * fileapi/Blob.idl:
    * fileapi/File.cpp:
    (WebCore::File::createWithRelativePath):
    (WebCore::File::create):
    (WebCore::File::File):
    (WebCore::File::activeDOMObjectName const):
    * fileapi/File.h:
    * fileapi/File.idl:
    * html/DOMFormData.cpp:
    (WebCore::DOMFormData::createFileEntry):
    * html/DirectoryFileListCreator.cpp:
    (WebCore::FileInformation::isolatedCopy const):
    (WebCore::appendDirectoryFiles):
    (WebCore::gatherFileInformation):
    (WebCore::toFileList):
    (WebCore::DirectoryFileListCreator::start):
    * html/DirectoryFileListCreator.h:
    * html/FileInputType.cpp:
    (WebCore::FileInputType::appendFormData const):
    (WebCore::FileInputType::filesChosen):
    * html/HTMLAttachmentElement.cpp:
    (WebCore::HTMLAttachmentElement::updateEnclosingImageWithData):
    * html/HTMLCanvasElement.cpp:
    (WebCore::HTMLCanvasElement::toBlob):
    * testing/Internals.cpp:
    (WebCore::Internals::createFile):
    * testing/ServiceWorkerInternals.cpp:
    (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
    * workers/service/context/ServiceWorkerFetch.cpp:
    (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
    * xml/XMLHttpRequest.cpp:
    (WebCore::XMLHttpRequest::createResponseBlob):
    
    Source/WebKit:
    
    * WebProcess/Automation/WebAutomationSessionProxy.cpp:
    (WebKit::WebAutomationSessionProxy::setFilesForInputFileUpload):
    
    LayoutTests:
    
    Add better test coverage.
    
    * fast/files/blob-text-gc-expected.txt: Added.
    * fast/files/blob-text-gc.html: Added.
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Chris Dumez  <cdumez@apple.com>

            REGRESSION (r265908): Crash under Blob::arrayBuffer() / Blob::text() in stress GC
            https://bugs.webkit.org/show_bug.cgi?id=215832
            <rdar://problem/67741677>

            Reviewed by Ryosuke Niwa.

            r265908 added support for Blob::arrayBuffer() / Blob::text() which are asynchronous operations
            returning promises. The crash is due to the fact that the Blob's JS wrapper may get garbage
            collected before the promise is settled.

            To address the issue, this patch makes Blob an ActiveDOMObject and creates an
            ActiveDOMObject::pendingActivity whenever there is a pending promise so that the JS wrapper
            does not get garbage collected too early.

            Test: fast/files/blob-text-gc.html

            * Modules/async-clipboard/Clipboard.cpp:
            (WebCore::Clipboard::getType):
            * Modules/async-clipboard/ClipboardImageReader.h:
            (WebCore::ClipboardImageReader::ClipboardImageReader):
            * Modules/async-clipboard/ClipboardItem.cpp:
            (WebCore::ClipboardItem::blobFromString):
            * Modules/async-clipboard/ClipboardItem.h:
            * Modules/async-clipboard/ClipboardItemBindingsDataSource.cpp:
            (WebCore::ClipboardItemBindingsDataSource::getType):
            * Modules/async-clipboard/ios/ClipboardImageReaderIOS.mm:
            (WebCore::ClipboardImageReader::readBuffer):
            * Modules/async-clipboard/mac/ClipboardImageReaderMac.mm:
            (WebCore::ClipboardImageReader::readBuffer):
            * Modules/entriesapi/DOMFileSystem.cpp:
            (WebCore::DOMFileSystem::getFile):
            * Modules/entriesapi/DOMFileSystem.h:
            * Modules/entriesapi/FileSystemFileEntry.cpp:
            (WebCore::FileSystemFileEntry::file):
            * Modules/entriesapi/FileSystemFileEntry.h:
            * Modules/entriesapi/FileSystemFileEntry.idl:
            * Modules/fetch/FetchBody.cpp:
            (WebCore::FetchBody::fromFormData):
            * Modules/fetch/FetchBody.h:
            * Modules/fetch/FetchBodyConsumer.cpp:
            (WebCore::blobFromData):
            (WebCore::packageFormData):
            (WebCore::resolveWithTypeAndData):
            (WebCore::FetchBodyConsumer::resolve):
            (WebCore::FetchBodyConsumer::takeAsBlob):
            * Modules/fetch/FetchBodyConsumer.h:
            * Modules/fetch/FetchBodyOwner.cpp:
            (WebCore::FetchBodyOwner::blob):
            * Modules/mediarecorder/MediaRecorder.cpp:
            (WebCore::MediaRecorder::stopRecording):
            (WebCore::MediaRecorder::requestData):
            * Modules/mediastream/RTCDataChannel.cpp:
            (WebCore::RTCDataChannel::didReceiveRawData):
            * Modules/websockets/WebSocket.cpp:
            (WebCore::WebSocket::didReceiveBinaryData):
            * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
            (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneDeserializer::readFile):
            (WebCore::CloneDeserializer::readTerminal):
            * dom/DataTransfer.cpp:
            (WebCore::DataTransfer::updateFileList):
            (WebCore::DataTransfer::items):
            (WebCore::DataTransfer::filesFromPasteboardAndItemList const):
            (WebCore::DataTransfer::files const):
            * dom/DataTransfer.h:
            * dom/DataTransfer.idl:
            * dom/DataTransferItemList.cpp:
            (WebCore::DataTransferItemList::DataTransferItemList):
            (WebCore::DataTransferItemList::remove):
            (WebCore::DataTransferItemList::clear):
            (WebCore::DataTransferItemList::ensureItems const):
            (WebCore::DataTransferItemList::document const):
            * dom/DataTransferItemList.h:
            * dom/DataTransferItemList.idl:
            * editing/WebCorePasteboardFileReader.cpp:
            (WebCore::WebCorePasteboardFileReader::readFilename):
            (WebCore::WebCorePasteboardFileReader::readBuffer):
            * editing/WebCorePasteboardFileReader.h:
            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::createFragmentForImageAttachment):
            (WebCore::replaceRichContentWithAttachments):
            (WebCore::createFragmentAndAddResources):
            (WebCore::sanitizeMarkupWithArchive):
            (WebCore::WebContentReader::readImage):
            (WebCore::attachmentForFilePath):
            (WebCore::attachmentForData):
            * editing/markup.cpp:
            (WebCore::restoreAttachmentElementsInFragment):
            * fileapi/Blob.cpp:
            (WebCore::Blob::Blob):
            (WebCore::Blob::loadBlob):
            (WebCore::Blob::activeDOMObjectName const):
            * fileapi/Blob.h:
            (WebCore::Blob::create):
            (WebCore::Blob::deserialize):
            (WebCore::Blob::slice const):
            * fileapi/Blob.idl:
            * fileapi/File.cpp:
            (WebCore::File::createWithRelativePath):
            (WebCore::File::create):
            (WebCore::File::File):
            (WebCore::File::activeDOMObjectName const):
            * fileapi/File.h:
            * fileapi/File.idl:
            * html/DOMFormData.cpp:
            (WebCore::DOMFormData::createFileEntry):
            * html/DirectoryFileListCreator.cpp:
            (WebCore::FileInformation::isolatedCopy const):
            (WebCore::appendDirectoryFiles):
            (WebCore::gatherFileInformation):
            (WebCore::toFileList):
            (WebCore::DirectoryFileListCreator::start):
            * html/DirectoryFileListCreator.h:
            * html/FileInputType.cpp:
            (WebCore::FileInputType::appendFormData const):
            (WebCore::FileInputType::filesChosen):
            * html/HTMLAttachmentElement.cpp:
            (WebCore::HTMLAttachmentElement::updateEnclosingImageWithData):
            * html/HTMLCanvasElement.cpp:
            (WebCore::HTMLCanvasElement::toBlob):
            * testing/Internals.cpp:
            (WebCore::Internals::createFile):
            * testing/ServiceWorkerInternals.cpp:
            (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
            * workers/service/context/ServiceWorkerFetch.cpp:
            (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
            * xml/XMLHttpRequest.cpp:
            (WebCore::XMLHttpRequest::createResponseBlob):

2020-08-26  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266087. rdar://problem/67836301

    Implement Request/Response consuming as FormData
    https://bugs.webkit.org/show_bug.cgi?id=215671
    
    Patch by Alex Christensen <achristensen@webkit.org> on 2020-08-24
    Reviewed by Darin Adler.
    
    LayoutTests/imported/w3c:
    
    * web-platform-tests/fetch/api/abort/general.any-expected.txt:
    * web-platform-tests/fetch/api/abort/general.any.worker-expected.txt:
    * web-platform-tests/fetch/api/request/request-consume-empty-expected.txt:
    This remaining failing test now fails similarly in all browsers.
    * web-platform-tests/fetch/api/request/request-consume-expected.txt:
    * web-platform-tests/fetch/api/request/request-init-002-expected.txt:
    * web-platform-tests/fetch/api/response/response-consume-empty-expected.txt:
    This remaining failing test now fails similarly in all browsers.
    * web-platform-tests/fetch/api/response/response-consume-expected.txt:
    * web-platform-tests/fetch/api/response/response-error-from-stream-expected.txt:
    This change makes the formData failures in this file look like all the other failures in this file,
    which should be fixed together in a separate patch.
    * web-platform-tests/fetch/api/response/response-init-002-expected.txt:
    * web-platform-tests/url/urlencoded-parser.any-expected.txt:
    * web-platform-tests/url/urlencoded-parser.any.worker-expected.txt:
    * web-platform-tests/service-workers/service-worker/fetch-event-respond-with-custom-response.https-expected.txt:
    
    Source/WebCore:
    
    Covered by many newly passing WPT tests, for most of which Safari was the only failing browser.
    
    * Modules/fetch/FetchBody.cpp:
    (WebCore::FetchBody::formData):
    (WebCore::FetchBody::consume):
    (WebCore::FetchBody::consumeFormData):
    * Modules/fetch/FetchBody.h:
    * Modules/fetch/FetchBodyConsumer.cpp:
    (WebCore::formDataFromData):
    (WebCore::resolveWithTypeAndData):
    (WebCore::FetchBodyConsumer::resolve):
    * Modules/fetch/FetchBodyConsumer.h:
    
    Source/WebKit:
    
    * WebProcess/Storage/WebServiceWorkerFetchTaskClient.cpp:
    (WebKit::WebServiceWorkerFetchTaskClient::didReceiveFormDataAndFinish):
    Add a fast path that allows non-blob FormData responses from service workers to not hang.
    This part is covered by this layout test:
    imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-respond-with-custom-response.https.html
    
    Source/WTF:
    
    In order to be compatible with other browsers, we need a verson of String::fromUTF8 that
    uses U8_NEXT_OR_FFFD instead of U8_NEXT, but changing that across the board will break other things.
    Leave everything else as it is, use templates and constexpr to not add any branches, but add
    String::fromUTF8ReplacingInvalidSequences to allow me to make our FormData consuming compatible with other browsers.
    
    * wtf/text/WTFString.cpp:
    (WTF::fromUTF8Helper):
    (WTF::String::fromUTF8):
    (WTF::String::fromUTF8ReplacingInvalidSequences):
    * wtf/text/WTFString.h:
    * wtf/unicode/UTF8Conversion.cpp:
    (WTF::Unicode::convertUTF8ToUTF16Impl):
    (WTF::Unicode::convertUTF8ToUTF16):
    (WTF::Unicode::convertUTF8ToUTF16ReplacingInvalidSequences):
    * wtf/unicode/UTF8Conversion.h:
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-24  Alex Christensen  <achristensen@webkit.org>

            Implement Request/Response consuming as FormData
            https://bugs.webkit.org/show_bug.cgi?id=215671

            Reviewed by Darin Adler.

            Covered by many newly passing WPT tests, for most of which Safari was the only failing browser.

            * Modules/fetch/FetchBody.cpp:
            (WebCore::FetchBody::formData):
            (WebCore::FetchBody::consume):
            (WebCore::FetchBody::consumeFormData):
            * Modules/fetch/FetchBody.h:
            * Modules/fetch/FetchBodyConsumer.cpp:
            (WebCore::formDataFromData):
            (WebCore::resolveWithTypeAndData):
            (WebCore::FetchBodyConsumer::resolve):
            * Modules/fetch/FetchBodyConsumer.h:

2020-08-26  Alan Coon  <alancoon@apple.com>

        Cherry-pick r266176. rdar://problem/67836292

    [Mac,EME] Netflix.com shows HDCP error for all streams
    https://bugs.webkit.org/show_bug.cgi?id=215825
    
    Reviewed by Eric Carlson.
    
    New API added to AVContentKeySession hits a sandbox restriction when run in the WebContent process, and the default
    behavior when an error checking HDCP status is to report that the output is restricted, regardless of the displays
    actual capabilities. To work around this behavior for now, pass in an empty displayID array, rather than the actual
    displayID. This causes AVFoundation to do a "lowest common level of support" rather than a specific display check.
    The upside is that this call no longer requires a connection to the WindowServer. The downside is that the
    AVContentKeyRequest will report that its output is restricted if any non-HDCP compliant display is attached.
    
    * WebCore.xcodeproj/project.pbxproj:
    * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
    * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyStatuses const):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyRequestHasInsufficientProtectionForDisplayID const):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::updateProtectionStatusForDisplayID):
    
    
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@266176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

    2020-08-26  Jer Noble  <jer.noble@apple.com>

            [Mac,EME] Netflix.com shows HDCP error for all streams
            https://bugs.webkit.org/show_bug.cgi?id=215825

            Reviewed by Eric Carlson.

            New API added to AVContentKeySession hits a sandbox restriction when run in the WebContent process, and the default
            behavior when an error checking HDCP status is to report that the output is restricted, regardless of the displays
            actual capabilities. To work around this behavior for now, pass in an empty displayID array, rather than the actual
            displayID. This causes AVFoundation to do a "lowest common level of support" rather than a specific display check.
            The upside is that this call no longer requires a connection to the WindowServer. The downside is that the
            AVContentKeyRequest will report that its output is restricted if any non-HDCP compliant display is attached.

            * WebCore.xcodeproj/project.pbxproj:
            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyStatuses const):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::keyRequestHasInsufficientProtectionForDisplayID const):
            (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::updateProtectionStatusForDisplayID):

2020-08-21  Simon Fraser  <simon.fraser@apple.com>

        Add some FIXMEs in the EventHandler wheel event handling code for all the things that are wrong
        https://bugs.webkit.org/show_bug.cgi?id=215741

        Reviewed by Wenson Hsieh.

        There is much confusing code here. Trying to document the issues I've found.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent):
        * page/mac/EventHandlerMac.mm:
        (WebCore::findEnclosingScrollableContainer):
        (WebCore::EventHandler::determineWheelEventTarget):
        (WebCore::EventHandler::processWheelEventForScrolling):
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::handleWheelEvent):

2020-08-21  Rob Buis  <rbuis@igalia.com>

        Merge two DOMURL constructors
        https://bugs.webkit.org/show_bug.cgi?id=215734

        Reviewed by Darin Adler.

        Merge two DOMURL constructors to make it match the relevant WebIDL:
        https://url.spec.whatwg.org/#dom-url-url-url-base-base

        * html/DOMURL.cpp:
        (WebCore::DOMURL::create):
        * html/DOMURL.h:
        * html/DOMURL.idl:

2020-08-21  Kimmo Kinnunen  <kkinnunen@apple.com>

        Fix USE_ANGLE=0 build after "WebGLLayer clobbers TEXTURE_2D binding on iOS"
        https://bugs.webkit.org/show_bug.cgi?id=211758

        Reviewed by Kenneth Russell.

        No new tests, build fix.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getUniformIndices): Mark parameters unused
        when USE_ANGLE=0
        * platform/graphics/cocoa/WebGLLayer.mm: Define scoped binding restorer
        only for USE_ANGLE=1, since it's not used otherwise and it is implemented
        in terms of ANGLE gl::... API.
        * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
        Include Logging.h to make RELEASE_LOG(WebGL, ...) work.
        Presumably this file is not compiled with USE_ANGLE=1 or
        the unified build mechanism hides the error.

2020-08-21  Andres Gonzalez  <andresg_22@apple.com>

        Range::contains does not work correctly when the common ancestor node is a Document.
        https://bugs.webkit.org/show_bug.cgi?id=215714

        Reviewed by Darin Adler.

        Test: accessibility/mac/selected-visible-position-range.html.

        For a Range with a Document object as common ancestor, Range::contains(otherRange)
        would return false for any given other range in the same document. This
        causes problems in VoiceOver navigation and Braille functionality in
        the MacOS Mail.app.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setSelectedVisiblePositionRange const):
        Use SimpleRange::isNull instead of repeating its implementation.
        * dom/Range.cpp:
        (WebCore::Range::contains const): Compare the Documents of the ranges'
        common ancesstor nodes instead of their ownerDocuments.

2020-08-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][WPE] Debug crashes in backdrop filter tests
        https://bugs.webkit.org/show_bug.cgi?id=215209

        Reviewed by Adrian Perez de Castro.

        This only happens in WKTR because RenderLayerCompositor::flushPendingLayerChanges() is called from
        RenderLayerCompositor::layerTreeAsText(), so the coordinator doesn't know layers are being flushed and we don't
        return early from notifyFlushRequired(). We don't really need to have a coordinator associated to the backdrop
        layer, we just need to attach the layer to the coordinator to ensure it's updated.

        * platform/graphics/nicosia/NicosiaAnimation.cpp:
        (Nicosia::Animation::applyInternal): Handle AnimatedPropertyWebkitBackdropFilter.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer): Detach also the backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Attach the backdrop layer to the
        coordinator if there's one.
        (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers): Do not call this for the
        backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::invalidateCoordinator): Set coordinator to nullptr.
        (WebCore::CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded): Set the coordinator and attach
        the layer. Also attach the backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::setCoordinator): Deleted.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

2020-08-20  Wenson Hsieh  <wenson_hsieh@apple.com>

        REGRESSION (r263729): Carousel freezes on "fourth page"/fourth click on right arrow on netflix.com
        https://bugs.webkit.org/show_bug.cgi?id=215655
        <rdar://problem/65845979>

        Reviewed by Dean Jackson.

        On netflix.com, when clicking on the left and right arrows in each movie or TV show carousel, the page attempts
        to animate to the next page of the carousel using a CSS transform transition. The logic applies `transform` and
        `transition` CSS properties to a container `div`, and adds a `transitionend` event listener which the page
        expects to be invoked when the animation is complete. While waiting for this `transitionend` event, the script
        also sets a boolean flag that prevents the carousel from being advanced to any other page. However, after the
        changes in r263729, the carousel gets into a state where `transition` and `transform` styles are set, but the
        animation never begins, and thus, no subsequent `transitionend` event is observed. This causes the page to
        believe that the carousel is indefinitely animating, so it never unsets the boolean flag, which results in the
        carousel being permanently stuck.

        This occurs because we now have logic in `AnimationTimeline::updateCSSTransitionsForElementAndProperty` that
        moves the `CSSTransition` from the element's map of running transitions to the map of completed transitions in
        the case where the corresponding `WebAnimation` is already in `Finished` state. However, consider the case where
        there is no matching backing animation (i.e. `matchingBackingAnimation` is `nullptr`); for instance, this can
        happen if the transition CSS property is set to none in the middle of the `transitionend` event, as demonstrated
        in the new layout test. Before the change, we would've removed the `CSSTransition` from the map of running
        transitions and canceled it, but now, we instead move it to the map of completed transitions, where it remains
        until the next CSS transition update is triggered (which would potentially be indefinitely long!).

        On netflix.com, this next CSS transition update happens the page attempts to advance the carousel. Since the old
        `CSSTransition` is still in the "completed" transitions map, we end up returning `true` when checking
        `propertyInStyleMatchesValueForTransitionInMap`, and consequently never attempt to create a new `CSSTransition`
        and add it to the map of running transitions in step 1 of the algorithm. As described above, this causes the
        carousel to get stuck in a bad state.

        To fix this, we simply revert to pre-r263729 behavior in the case where the matching backing animation was
        already removed, and allow step 3 of the algorithm to cancel the running animation and remove it altogether
        instead of moving it into the element's completed transitions map.

        Test: animations/animation-followed-by-two-transitions.html

        * animation/AnimationTimeline.cpp:
        (WebCore::AnimationTimeline::updateCSSTransitionsForElementAndProperty):

2020-08-20  Chris Dumez  <cdumez@apple.com>

        AudioBufferSourceNode should use "final" values for playbackRate and detune
        https://bugs.webkit.org/show_bug.cgi?id=215669

        Reviewed by Eric Carlson.

        AudioBufferSourceNode should use "final" values for playbackRate and detune to take into
        account changes to the AudioParamTimeline (for example, when
        AudioBufferSourceNode.playbackRate.setValueAtTime() is called).

        No new tests, rebaselined existing test.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::totalPitchRate):

2020-08-20  Chris Dumez  <cdumez@apple.com>

        AudioParam.automationRate attribute is missing
        https://bugs.webkit.org/show_bug.cgi?id=215710

        Reviewed by Darin Adler.

        Add initial support for AudioParam.automationRate:
        - https://www.w3.org/TR/webaudio/#dom-audioparam-automationrate

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        * Modules/webaudio/AudioListener.cpp:
        (WebCore::AudioListener::AudioListener):
        * Modules/webaudio/AudioParam.cpp:
        (WebCore::AudioParam::AudioParam):
        (WebCore::AudioParam::setAutomationRate):
        (WebCore::AudioParam::calculateSampleAccurateValues):
        * Modules/webaudio/AudioParam.h:
        * Modules/webaudio/AudioParam.idl:
        * Modules/webaudio/BiquadDSPKernel.cpp:
        (WebCore::BiquadDSPKernel::updateCoefficientsIfNecessary):
        * Modules/webaudio/BiquadProcessor.cpp:
        (WebCore::BiquadProcessor::BiquadProcessor):
        * Modules/webaudio/ConstantSourceNode.cpp:
        (WebCore::ConstantSourceNode::ConstantSourceNode):
        (WebCore::ConstantSourceNode::process):
        * Modules/webaudio/DelayDSPKernel.cpp:
        (WebCore::DelayDSPKernel::process):
        * Modules/webaudio/DelayProcessor.cpp:
        (WebCore::DelayProcessor::DelayProcessor):
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::GainNode):
        (WebCore::GainNode::process):
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::OscillatorNode):
        (WebCore::OscillatorNode::calculateSampleAccuratePhaseIncrements):
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::PannerNode):
        (WebCore::PannerNode::distanceConeGain):
        * Modules/webaudio/PannerNode.h:
        * Modules/webaudio/StereoPannerNode.cpp:
        (WebCore::StereoPannerNode::StereoPannerNode):
        (WebCore::StereoPannerNode::process):
        * Modules/webaudio/WebKitAudioBufferSourceNode.h:
        * Modules/webaudio/WebKitAudioPannerNode.cpp:
        (WebCore::WebKitAudioPannerNode::WebKitAudioPannerNode):
        (WebCore::WebKitAudioPannerNode::distanceConeGain):
        * Modules/webaudio/WebKitAudioPannerNode.h:
        * Modules/webaudio/WebKitDynamicsCompressorNode.h:

2020-08-20  Kenneth Russell  <kbr@chromium.org>

        [WebGL2] Pass context-lost-restored.html test
        https://bugs.webkit.org/show_bug.cgi?id=215599

        Reviewed by Dean Jackson.

        Support losing extensions, and restoring them via
        WEBGL_lose_context.

        Necessarily changed WebGLExtensions to be RefCounted rather than
        managed via unique_ptr. Multiple instances of the same
        WebGLExtension subclass can now be vended from a WebGL rendering
        context, and WebGLExtensions can now outlive their rendering
        context - they do not ref their context.

        Extensions now hold a weak pointer to their
        WebGLRenderingContextBase rather than a C++ reference. When an
        extension's parent context is lost, that pointer is nulled out.
        Extensions are forcibly lost upon WebGL context destruction.

        WebGL extensions' IDLs still use
        GenerateIsReachable=ImplWebGLRenderingContext, so that if the
        context is still alive, the JavaScript wrappers for the extension
        objects will be preserved. (If the extension is lost, the bindings
        will fetch nullptr for the context, which won't be in the opaque
        root set, so the JavaScript wrapper won't be artificially kept
        alive.)

        Covered by existing WebGL conformance tests.

        * html/canvas/ANGLEInstancedArrays.cpp:
        (WebCore::ANGLEInstancedArrays::drawArraysInstancedANGLE):
        (WebCore::ANGLEInstancedArrays::drawElementsInstancedANGLE):
        (WebCore::ANGLEInstancedArrays::vertexAttribDivisorANGLE):
        * html/canvas/OESVertexArrayObject.cpp:
        (WebCore::OESVertexArrayObject::createVertexArrayOES):
        (WebCore::OESVertexArrayObject::deleteVertexArrayOES):
        (WebCore::OESVertexArrayObject::isVertexArrayOES):
        (WebCore::OESVertexArrayObject::bindVertexArrayOES):
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getExtension):
        * html/canvas/WebGLDebugShaders.cpp:
        (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
        * html/canvas/WebGLDrawBuffers.cpp:
        (WebCore::WebGLDrawBuffers::drawBuffersWEBGL):
        * html/canvas/WebGLExtension.cpp:
        (WebCore::WebGLExtension::WebGLExtension):
        (WebCore::WebGLExtension::loseParentContext):
        * html/canvas/WebGLExtension.h:
        (WebCore::WebGLExtension::context):
        (WebCore::WebGLExtension::isLost):
        (WebCore::WebGLExtension::ref): Deleted.
        (WebCore::WebGLExtension::deref): Deleted.
        * html/canvas/WebGLLoseContext.cpp:
        (WebCore::WebGLLoseContext::loseContext):
        (WebCore::WebGLLoseContext::restoreContext):
        (WebCore::WebGLLoseContext::loseParentContext):
        * html/canvas/WebGLLoseContext.h:
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::~WebGLRenderingContextBase):
        (WebCore::WebGLRenderingContextBase::loseContextImpl):
        (WebCore::WebGLRenderingContextBase::loseExtensions):
        * html/canvas/WebGLRenderingContextBase.h:

2020-08-20  Aditya Keerthi  <akeerthi@apple.com>

        Add runtime setting for editable components in date/time inputs
        https://bugs.webkit.org/show_bug.cgi?id=215705

        Reviewed by Wenson Hsieh.

        This setting controls the ability to edit individual components of date
        and time input types. For example, <input type=date> will have three
        editable components - year, month, and day.

        * page/Settings.yaml:

2020-08-20  Rob Buis  <rbuis@igalia.com>

        XMLHttpRequest.open should use USVString
        https://bugs.webkit.org/show_bug.cgi?id=215704

        Reviewed by Chris Dumez.

        XMLHttpRequest.open should use USVString as mentioned in the FIXMEs and the spec [1].

        Test: imported/w3c/web-platform-tests/xhr/open-url-encoding.html

        [1] https://xhr.spec.whatwg.org/#ref-for-dom-xmlhttprequest-open

        * xml/XMLHttpRequest.idl:

2020-08-20  Clark Wang  <clark_wang@apple.com>

        Introduce StereoPannerNode Interface
        https://bugs.webkit.org/show_bug.cgi?id=215518

        Reviewed by Darin Adler.

        Added StereoPannerNode according to spec: https://www.w3.org/TR/webaudio/#stereopannernode.
        Used Chromium implementation for guidance: https://source.chromium.org/chromium/chromium/src/
        +/master:third_party/blink/renderer/modules/webaudio/stereo_panner_node.cc.
        Added in StereoPannerOptions and StereoPanner files as well. The latter used Chromium
        implementation for guidance: https://source.chromium.org/chromium/chromium/src/+
        /master:third_party/blink/renderer/platform/audio/stereo_panner.cc

        Re-baselined existing tests. Some now fail due to missing automation rate.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::convertEnumerationToString):
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createStereoPanner):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/BaseAudioContext.idl:
        * Modules/webaudio/StereoPannerNode.cpp: Added.
        (WebCore::StereoPannerNode::create):
        (WebCore::StereoPannerNode::StereoPannerNode):
        (WebCore::StereoPannerNode::~StereoPannerNode):
        (WebCore::StereoPannerNode::process):
        (WebCore::StereoPannerNode::initialize):
        (WebCore::StereoPannerNode::uninitialize):
        (WebCore::StereoPannerNode::listener):
        (WebCore::StereoPannerNode::setChannelCount):
        (WebCore::StereoPannerNode::setChannelCountMode):
        * Modules/webaudio/StereoPannerNode.h: Added.
        * Modules/webaudio/StereoPannerNode.idl: Added.
        * Modules/webaudio/StereoPannerOptions.h: Added.
        * Modules/webaudio/StereoPannerOptions.idl: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * platform/audio/StereoPanner.cpp: Added.
        (WebCore::StereoPanner::create):
        (WebCore::StereoPanner::StereoPanner):
        (WebCore::StereoPanner::panWithSampleAccurateValues):
        (WebCore::StereoPanner::panToTargetValue):
        * platform/audio/StereoPanner.h: Added.
        (WebCore::StereoPanner::~StereoPanner):
        * platform/graphics/cocoa/SourceBufferParserWebM.cpp:

2020-08-20  Sergio Villar Senin  <svillar@igalia.com>

        Unreviewed, reverting r265850.

        Tests crash on debug builds

        Reverted changeset:

        "[WebXR] Make "in parallel" code run really in parallel"
        https://bugs.webkit.org/show_bug.cgi?id=215642
        https://trac.webkit.org/changeset/265850

2020-08-20  Chris Dumez  <cdumez@apple.com>

        Sandbox violation when calling [NSHTTPCookieStorage sharedHTTPCookieStorage] from the WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=215701
        <rdar://problem/67069826>

        Reviewed by Geoffrey Garen.

        The sandbox does not allow calling [NSHTTPCookieStorage sharedHTTPCookieStorage] from the WebProcess.
        createPrivateStorageSession() was calling [NSHTTPCookieStorage sharedHTTPCookieStorage] to retrieve
        the cookieAcceptPolicy and createPrivateStorageSession() is used by the cookie cache in the WebProcess.
        To address the issue, we now allow the caller of createPrivateStorageSession() to provide the
        cookieAcceptPolicy and we have the cookie cache retrieve the cookieAcceptPolicy from the
        NetworkProcessConnection.

        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/NetworkStorageSessionCFNetWin.cpp:
        (WebCore::createPrivateStorageSession):
        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
        (WebCore::createPrivateStorageSession):

2020-08-19  Kate Cheney  <katherine_cheney@apple.com>

        Third party domains are not stored in the case of back/forward navigations
        https://bugs.webkit.org/show_bug.cgi?id=215595
        <rdar://problem/66642893>

        Reviewed by Chris Dumez.

        Add a FrameLoaderClient function to store loaded third party
        domains in a CachedPage in the case of back/forward navigations.

        * history/CachedPage.cpp:
        (WebCore::CachedPage::CachedPage):
        (WebCore::CachedPage::restore):
        (WebCore::CachedPage::clear):
        * history/CachedPage.h:
        * loader/FrameLoaderClient.h:

2020-08-19  Chris Dumez  <cdumez@apple.com>

        Blob is missing text() & arrayBuffer() operations
        https://bugs.webkit.org/show_bug.cgi?id=215663

        Reviewed by Geoff Garen.

        Implementation support for Blob.text() & Blob.arrayBuffer() as per specification:
        - https://w3c.github.io/FileAPI/#blob-section

        The implementation relies on the pre-existing BlobLoader class but the following
        changes were made:
        - Stop calling start() in the BlobLoader constructor and have the caller call
          start() explicitly after constructing the BlobLoader. This is important because
          the load may fail synchronously in some cases.
        - Add support for reading Blob as text. Previously, BlobLoader would only support
          reading the blob as an ArrayBuffer.
        - Use a CompletionHandler instead of a Function and make sure that it is always
          called.

        No new tests, rebaselined existing tests.

        * fileapi/Blob.cpp:
        (WebCore::Blob::~Blob):
        (WebCore::Blob::loadBlob):
        (WebCore::Blob::text):
        (WebCore::Blob::arrayBuffer):
        * fileapi/Blob.h:
        * fileapi/Blob.idl:
        * fileapi/BlobLoader.h:
        (WebCore::BlobLoader::BlobLoader):
        (WebCore::BlobLoader::~BlobLoader):
        (WebCore::BlobLoader::cancel):
        (WebCore::BlobLoader::start):
        (WebCore::BlobLoader::didFinishLoading):
        (WebCore::BlobLoader::didFail):
        (WebCore::BlobLoader::complete): Deleted.
        * fileapi/NetworkSendQueue.cpp:
        (WebCore::NetworkSendQueue::enqueue):
        (WebCore::NetworkSendQueue::clear):
        (WebCore::NetworkSendQueue::processMessages):
        * page/ShareDataReader.cpp:
        (WebCore::ShareDataReader::start):
        (WebCore::ShareDataReader::didFinishLoading):
        (WebCore::ShareDataReader::cancel):

2020-08-19  Alexey Shvayka  <shvaikalesh@gmail.com>

        Introduce OpIsCallable bytecode and intrinsic
        https://bugs.webkit.org/show_bug.cgi?id=215572

        Reviewed by Ross Kirsling and Saam Barati.

        No new tests, no behavior change.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::openDatabase const):

2020-08-19  Peng Liu  <peng.liu6@apple.com>

        A PiP window is closed when the video element is removed from DOM
        https://bugs.webkit.org/show_bug.cgi?id=215594

        Reviewed by Eric Carlson.

        Test: media/remove-video-element-in-pip-from-document.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pauseAfterDetachedTask):
        When a video is playing in the picture-in-picture mode, do not pause it or exit the
        picture-in-picture mode when detaching the video element from the DOM.
        (WebCore::HTMLMediaElement::mediaPlayerRenderingCanBeAccelerated):
        Always return true when the video is playing in the picture-in-picture mode.
        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::willBeDestroyed):
        Don't hide the player when destroying the renderer of an inline video.

2020-08-19  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS] Restore a 10_15_* user-agent string when requesting desktop site
        https://bugs.webkit.org/show_bug.cgi?id=215657
        <rdar://problem/67376157>

        Reviewed by Tim Horton.

        Reporting a major version of `11_0` causes numerous compatibility issues on websites that attempt to parse major
        and minor versions from the user agent string. This partially reverts r263970, and replaces the string with
        `10_15_6`, which matches the UA string of the latest shipped macOS version.

        * platform/ios/UserAgentIOS.mm:
        (WebCore::standardUserAgentWithApplicationName):

2020-08-18  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r265092): delegatesFocus causes WebKit to crash
        https://bugs.webkit.org/show_bug.cgi?id=215622

        Reviewed by Youenn Fablet.

        The bug was caused by a missing nullptr check. Added it.

        Test: fast/shadow-dom/delegates-focus-unsuccessfully-by-activation.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchMouseEvent): Added a nullptr check.

2020-08-19  Aditya Keerthi  <akeerthi@apple.com>

        Remove use of ControlSize in ThemeMac
        https://bugs.webkit.org/show_bug.cgi?id=215651

        Reviewed by Sam Weinig.

        ThemeMac contains incorrectly mixes the use of Carbon's ControlSize
        and AppKit's NSControlSize. This inconsistency went unnoticed as
        ControlSize is a UInt16, and NSControlSize is an NSUInteger.

        No new tests as there is no change in behavior.

        * platform/mac/ThemeMac.mm:
        (WebCore::controlSizeFromPixelSize):

        This method always returns an NSControlSize, but it's declared return
        type is a ControlSize. Correct the declared return type.

        (WebCore::setControlSize):
        (WebCore::paintStepper):
        (WebCore::ThemeMac::inflateControlPaintRect const):

2020-08-19  Aditya Keerthi  <akeerthi@apple.com>

        [macOS] Move stepper painting code off of Carbon API
        https://bugs.webkit.org/show_bug.cgi?id=215619
        <rdar://problem/41936617>

        Reviewed by Darin Adler.

        Use CoreUI and AppKit SPI to paint steppers. There are two benefits to
        this new approach.

        1. The stepper now has an appropriate appearance in dark mode.

        2. We move away from using the outdated Carbon API.

        Note that we still cannot use NSStepperCell to paint steppers, since it
        is not possible to draw one with the up button highlighted. However, the
        approach used in this patch is shared by NSStepperCell.

        Test: fast/forms/number/number-dark-appearance.html

        * platform/mac/ThemeMac.mm:
        (WebCore::paintStepper):

2020-08-19  Lauro Moura  <lmoura@igalia.com>

        [WebXR] Remove uneeded assert

        Rubber-stamped by Sergio Villar Senin

        context being a Document is tracked by the downcast when capturing.
        Fixes debug build error complaining about not capturing context.

        Covered by existing tests.

        * Modules/webxr/WebXRSession.cpp:
        (WebCore::WebXRSession::requestReferenceSpace):

2020-08-17  Sergio Villar Senin  <svillar@igalia.com>

        [css-flexbox] min-height:auto not updated after an image loads when the image has a specified height and width.
        https://bugs.webkit.org/show_bug.cgi?id=210475

        Reviewed by Javier Fernandez.

        The flex layout algorithm needs the item's intrinsic size even if it has a specified size, that's
        why the flex item size should be recomputed in the event of changes in its intrinsic size.

        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::setNeedsLayoutIfNeededAfterIntrinsicSizeChange): set the needs layout flag
        also for replaced elements which happen to be flex items.

2020-08-17  Sergio Villar Senin  <svillar@igalia.com>

        [css-flexbox] Apply aspect ratios when computing flex-basis
        https://bugs.webkit.org/show_bug.cgi?id=215570

        Reviewed by Javier Fernandez.

        Aspect ratios (clamped by min/max restrictions) should be considered when computing flex-basis.

        Based on Blink's crrev.com/c/1525444 & crrev.com/c/1672014 by <cbiesinger@chromium.org>

        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::computeInnerFlexBaseSizeForChild):

2020-08-19  Youenn Fablet  <youenn@apple.com>

        Optimise resolution of promises with values in ReadableStream implementation
        https://bugs.webkit.org/show_bug.cgi?id=215557
        <rdar://problem/66828616>

        Reviewed by Yusuke Suzuki.

        Instead of going through the slow @Promise.@resolve, we can directly use @fulfillPromise which is faster.
        To make things consistent, we move from @newPromiseCapability to @newPromise.
        Test: streams/readableStream-then.html

        * Modules/streams/ReadableByteStreamInternals.js:
        (readableByteStreamControllerPull):
        (readableStreamFulfillReadIntoRequest):
        (readableByteStreamControllerPullInto):
        * Modules/streams/ReadableStreamInternals.js:
        (readableStreamDefaultControllerPull):
        (readableStreamClose):
        (readableStreamFulfillReadRequest):
        (readableStreamDefaultReaderRead):
        * Modules/streams/StreamInternals.js:
        (createFulfilledPromise):

2020-08-18  Sergio Villar Senin  <svillar@igalia.com>

        <button> should support display:inline-grid/grid/inline-flex/flex correctly
        https://bugs.webkit.org/show_bug.cgi?id=209656

        Reviewed by Javier Fernandez.

        Button elements with display type (inline-) flex or grid should be laid out as their
        display type states and not as buttons. That's mentioned in the HTML spec here
        https://html.spec.whatwg.org/multipage/rendering.html#button-layout.

        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::createElementRenderer): let HTMLFormControlElement create
        a renderer instead of using a RenderButton whenever display is (inline-)grid/flex.

2020-08-19  Sergio Villar Senin  <svillar@igalia.com>

        [WebXR] Make "in parallel" code run really in parallel
        https://bugs.webkit.org/show_bug.cgi?id=215642

        Reviewed by Carlos Garcia Campos.

        As the HTML spec mentions https://html.spec.whatwg.org/multipage/infrastructure.html#in-parallel
        "in parallel" means that the task should be run in parallel to the event loop using any available
        mechanism (threads, processess...). We were instead queueing those tasks to be run in the main
        thread causing freezes while initializing the whole OpenXR machinery.

        * Modules/webxr/WebXRSession.cpp:
        (WebCore::WebXRSession::WebXRSession): create a WorkQueue.
        (WebCore::WebXRSession::requestReferenceSpace): Dispatch to the work queue.
        * Modules/webxr/WebXRSession.h:
        * Modules/webxr/WebXRSystem.cpp:
        (WebCore::WebXRSystem::WebXRSystem): create a WorkQueue.
        (WebCore::WebXRSystem::isSessionSupported): Dispatch to the work queue.
        (WebCore::WebXRSystem::requestSession): Ditto.
        * Modules/webxr/WebXRSystem.h:

2020-08-18  Chris Dumez  <cdumez@apple.com>

        AudioBuffer.duration should use double precision
        https://bugs.webkit.org/show_bug.cgi?id=215632

        Reviewed by Darin Adler.

        AudioBuffer.duration should use double precision:
        - https://www.w3.org/TR/webaudio/#AudioBuffer

        No new tests, rebaselined existing test.

        * Modules/webaudio/AudioBuffer.h:
        (WebCore::AudioBuffer::duration const):
        * Modules/webaudio/AudioBuffer.idl:

2020-08-18  Ryosuke Niwa  <rniwa@webkit.org>

        Rename replaceAllChildren to replaceAllChildrenWithNewText
        https://bugs.webkit.org/show_bug.cgi?id=215634

        Reviewed by Darin Adler.

        Renamed ContainerNode::replaceAllChildren to replaceAllChildrenWithNewText and changed
        the type of Argument from Ref<Node>&& to const String&.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::replaceAllChildrenWithNewText):
        * dom/ContainerNode.h:
        * dom/Node.cpp:
        (WebCore::Node::setTextContent):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::setInnerText):

2020-08-18  Andres Gonzalez  <andresg_22@apple.com>

        Fix for accessibility/mac/aria-expanded-notifications.html in isolated tree mode.
        https://bugs.webkit.org/show_bug.cgi?id=215613

        Reviewed by Darin Adler.

        Test: accessibility/mac/aria-expanded-notifications.html.

        Refactored AXObjectCache::handleAriaExpandedChange so that it doesn't
        call into AccessibilityObject to handle the notification, to then call
        into AXObjectCache again. The new implementation is cleaner and more
        straightforward.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::handleAriaExpandedChange):
        (WebCore::AXObjectCache::updateIsolatedTree): Updates the isolated tree
        on the row expanded/collapsed-related notifications.
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsRowCountChange const): Added.
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityObjectInterface.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::handleAriaExpandedChanged):
        Deleted, not needed any longer since it is handled in AXObjectCache where
        it should.
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/isolatedtree/AXIsolatedObject.cpp:
        (WebCore::AXIsolatedObject::initializeAttributeData): Caches the
        supportsRowCountChange property.
        (WebCore::AXIsolatedObject::handleAriaExpandedChanged): Deleted, not
        needed any longer.
        * accessibility/isolatedtree/AXIsolatedObject.h:

2020-08-18  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Various parameters should be non-nullable in IDL
        https://bugs.webkit.org/show_bug.cgi?id=215616

        Reviewed by Kenneth Russell.

        Fixes 5 conformance tests:
        conformance/misc/error-reporting.html
        conformance/misc/null-object-behaviour.html
        conformance/misc/bad-arguments-test.html
        conformance/textures/misc/tex-sub-image-2d-bad-args.html
        conformance/programs/get-active-test.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::attachShader):
        (WebCore::WebGLRenderingContextBase::bindAttribLocation):
        (WebCore::WebGLRenderingContextBase::compileShader):
        (WebCore::WebGLRenderingContextBase::detachShader):
        (WebCore::WebGLRenderingContextBase::getActiveAttrib):
        (WebCore::WebGLRenderingContextBase::getActiveUniform):
        (WebCore::WebGLRenderingContextBase::getAttachedShaders):
        (WebCore::WebGLRenderingContextBase::getAttribLocation):
        (WebCore::WebGLRenderingContextBase::getProgramParameter):
        (WebCore::WebGLRenderingContextBase::getProgramInfoLog):
        (WebCore::WebGLRenderingContextBase::getShaderParameter):
        (WebCore::WebGLRenderingContextBase::getShaderInfoLog):
        (WebCore::WebGLRenderingContextBase::getShaderSource):
        (WebCore::WebGLRenderingContextBase::getUniform):
        (WebCore::WebGLRenderingContextBase::getUniformLocation):
        (WebCore::WebGLRenderingContextBase::linkProgram):
        (WebCore::WebGLRenderingContextBase::shaderSource):
        (WebCore::WebGLRenderingContextBase::validateProgram):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.idl:
        * inspector/InspectorShaderProgram.cpp:
        (WebCore::InspectorShaderProgram::updateShader):

2020-08-18  Chris Dumez  <cdumez@apple.com>

        PannerNode's rolloffFactor should be clamped to [0, 1] internally when distanceModel is "linear"
        https://bugs.webkit.org/show_bug.cgi?id=215625

        Reviewed by Darin Adler.

        PannerNode's rolloffFactor should be clamped to [0, 1] internally when distanceModel is "linear":
        - https://www.w3.org/TR/webaudio/#dom-pannernode-rollofffactor

        No new tests, rebaselined existing test.

        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::setRolloffFactor):
        * platform/audio/Distance.cpp:
        (WebCore::DistanceEffect::linearGain):

2020-08-18  Chris Dumez  <cdumez@apple.com>

        ScriptProcessNode should only run script asynchronously if the audio context is not an OfflineAudioContext
        https://bugs.webkit.org/show_bug.cgi?id=215624

        Reviewed by Eric Carlson.

        ScriptProcessNode should only run script asynchronously if the audio context is not an OfflineAudioContext.
        If the context is an OfflineAudioContext, then it should pause processing until the script has finished
        execution. This aligns our behavior with Blink and helps us pass more WPT tests.

        No new tests, rebaselined existing test.

        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::ScriptProcessorNode):
        (WebCore::ScriptProcessorNode::process):

2020-08-18  Eric Carlson  <eric.carlson@apple.com>

        [Catalyst] Video should pause automatically when switching desktops
        https://bugs.webkit.org/show_bug.cgi?id=215620

        Reviewed by Jer Noble.

        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm: Don't override resetRestrictions
        on Catalyst so we don't pause video in the background.

2020-08-18  Kenneth Russell  <kbr@chromium.org>

        [WebGL2] Pass user-defined-properties-on-context.html layout test
        https://bugs.webkit.org/show_bug.cgi?id=215433

        Reviewed by Yusuke Suzuki.

        Keep the canvas' rendering context alive from the canvas itself by
        adding a custom mark function for HTMLCanvasElement, and adding a
        new GenerateIsReachable=ImplCanvasBase extended IDL attribute,
        used from all rendering context types (2D, WebGL, and WebGPU).

        This patch does not touch OffscreenCanvas since the implementation
        there seems to be incomplete and there are no associated tests of
        GC behavior.

        Tests: fast/canvas/2d.context.expando.html
               webgpu/expando-properties.html

        * Modules/webgpu/GPUCanvasContext.idl:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSHTMLCanvasElementCustom.cpp: Copied from Source/WebCore/html/canvas/WebGLRenderingContext.idl.
        (WebCore::JSHTMLCanvasElement::visitAdditionalChildren):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.json:
        * html/HTMLCanvasElement.idl:
        * html/canvas/WebGL2RenderingContext.idl:
        * html/canvas/WebGLRenderingContext.idl:

2020-08-18  Chris Dumez  <cdumez@apple.com>

        WaveShaperNode.curve setter should create a copy of the input array
        https://bugs.webkit.org/show_bug.cgi?id=215615

        Reviewed by Eric Carlson.

        WaveShaperNode.curve setter should create a copy of the input array, so that follow-up modifications
        of the array by the JS do not impact audio processing:
        - https://www.w3.org/TR/webaudio/#dom-waveshapernode-curve

        No new tests, rebaselined existing test.

        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::setCurve):

2020-08-17  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r262381): replaceChildren should not use DeferChildrenChanged::No
        https://bugs.webkit.org/show_bug.cgi?id=215600

        Reviewed by Antti Koivisto.

        It's not correct to use DeferChildrenChanged::No when the new node may have an old parent.
        Use DeferChildrenChanged::Yes instead.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::replaceAllChildren): Added a release assertion to make sure
        people don't start using this function incorrectly in the future.
        (WebCore::ContainerNode::replaceChildren): Fixed the bug.

2020-08-18  Simon Fraser  <simon.fraser@apple.com>

        Turn off wheel event regions until we need them
        https://bugs.webkit.org/show_bug.cgi?id=215586

        Reviewed by Darin Adler.

        Leave ENABLE_WHEEL_EVENT_REGIONS off because it's currently unused, and adds extra
        region building overhead on macOS.

        * page/scrolling/ScrollingTree.cpp:
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/mac/ScrollingTreeMac.h:
        * page/scrolling/mac/ScrollingTreeMac.mm:

2020-08-18  Youenn Fablet  <youenn@apple.com>

        Update platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html to account for low latency code path
        https://bugs.webkit.org/show_bug.cgi?id=215601

        Reviewed by Eric Carlson.

        Covered by existing/updated test.

        * testing/Internals.cpp:
        (WebCore::Internals::supportsVCPEncoder):
        In case low latency code path is enabled, supportsVCPEncoder should return true.

2020-08-18  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (Async overflow scrolling): No rubberbanding in overflow:scroll in the wheel event region
        https://bugs.webkit.org/show_bug.cgi?id=215598
        <rdar://problem/64895442>

        Reviewed by Darin Adler.
        
        Scrolling in overflow:scroll inside the non-fast event region (e.g. inside an ancestor with a wheel event
        handler) happens via ScrollAnimatorMac::handleWheelEvent() which calls ScrollableArea::setScrollOffsetFromAnimation()
        which bounces to the scrolling thread via RenderLayer::requestScrollPositionUpdate(). We were clamping the
        scroll offset here, thus disallowing the overscrolled offsets required for rubberbanding.
        
        Fix is to allow clamping for user scrolls. Also add more logging.

        Test: fast/scrolling/mac/rubberband-overflow-in-wheel-region.html

        * dom/Element.cpp:
        (WebCore::Element::dispatchWheelEvent):
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::handleWheelEvent):
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::handleWheelEvent):
        (WebCore::ScrollableArea::setScrollOffsetFromAnimation):

2020-08-18  Chris Dumez  <cdumez@apple.com>

        Unreviewed, null-deref fix after r265797.

        MockAudioDestinationCocoa::tick() is calling AudioDestinationCocoa::inputProc()
        with a null AudioTimeStamp struct so we need to deal with this.

        * platform/audio/cocoa/AudioDestinationCocoa.cpp:
        (WebCore::AudioDestinationCocoa::render):

2020-08-18  Antti Koivisto  <antti@apple.com>

        The CSS specificity of :host() pseudo-classes is wrong
        https://bugs.webkit.org/show_bug.cgi?id=202494
        <rdar://problem/66292568>

        Reviewed by Anders Carlsson.

        https://drafts.csswg.org/css-scoping/#host-selector

        “The specificity of :host() is that of a pseudo-class, plus the specificity of its argument.”

        * css/CSSSelector.cpp:
        (WebCore::simpleSelectorSpecificityInternal):

2020-08-18  Youenn Fablet  <youenn@apple.com>

        Add a JS built-in routine to mark a promise as handled
        https://bugs.webkit.org/show_bug.cgi?id=215558

        Reviewed by Darin Adler.

        Wrap long line of code inside a method to ease code readability.
        No change of behavior.

        * Modules/streams/ReadableStream.js:
        (pipeThrough):
        * Modules/streams/ReadableStreamInternals.js:
        (readableStreamError):
        (readableStreamReaderGenericRelease):
        * Modules/streams/StreamInternals.js:
        (markPromiseAsHandled):
        (shieldingPromiseResolve):
        * Modules/streams/WritableStreamInternals.js:
        (setUpWritableStreamDefaultWriter):
        (writableStreamRejectCloseAndClosedPromiseIfNeeded):
        (writableStreamDefaultWriterEnsureClosedPromiseRejected):
        (writableStreamDefaultWriterEnsureReadyPromiseRejected):

2020-08-17  Chris Dumez  <cdumez@apple.com>

        AudioContext.getOutputTimestamp() is missing
        https://bugs.webkit.org/show_bug.cgi?id=215591

        Reviewed by Darin Adler.

        AudioContext.getOutputTimestamp() is missing:
        - https://www.w3.org/TR/webaudio/#dom-audiocontext-getoutputtimestamp

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::getOutputTimestamp):
        * Modules/webaudio/AudioContext.h:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::render):
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioTimestamp.h: Copied from Source/WebCore/Modules/webaudio/AudioContext.h.
        * Modules/webaudio/AudioTimestamp.idl: Copied from Source/WebCore/Modules/webaudio/AudioContext.h.
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::handlePreRenderTasks):
        (WebCore::BaseAudioContext::outputPosition):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::offlineRender):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/audio/AudioIOCallback.h:
        (WebCore::AudioIOPosition::encode const):
        (WebCore::AudioIOPosition::decode):
        * platform/audio/cocoa/AudioDestinationCocoa.cpp:
        (WebCore::machAbsoluteTimeToMonotonicTime):
        (WebCore::AudioDestinationCocoa::render):
        (WebCore::AudioDestinationCocoa::inputProc):
        * platform/audio/cocoa/AudioDestinationCocoa.h:

2020-08-17  Chris Dumez  <cdumez@apple.com>

        Improve channel mixing support in AudioBus
        https://bugs.webkit.org/show_bug.cgi?id=215597

        Reviewed by Darin Adler.

        Improve channel mixing support in AudioBus to match the specification:
        - https://www.w3.org/TR/webaudio/#channel-up-mixing-and-down-mixing

        Our implementation also matches Blink's:
        - https://github.com/chromium/chromium/blob/master/third_party/blink/renderer/platform/audio/audio_bus.cc

        No new tests, rebaselined existing test.

        * platform/audio/AudioBus.cpp:
        (WebCore::AudioBus::copyFrom):
        (WebCore::AudioBus::sumFrom):
        (WebCore::AudioBus::speakersSumFromByUpMixing):
        (WebCore::AudioBus::speakersSumFromByDownMixing):
        * platform/audio/AudioBus.h:

2020-08-17  Karl Rackler  <rackler@apple.com>

        Unreviewed, reverting r265603.

        Reverting per commiter because commit caused consisent crash
        with test.

        Reverted changeset:

        "Font loads quickly followed by navigations may fail
        indefinitely"
        https://bugs.webkit.org/show_bug.cgi?id=215435
        https://trac.webkit.org/changeset/265603

2020-08-17  Chris Dumez  <cdumez@apple.com>

        AudioNode.disconnect() does not match the specification
        https://bugs.webkit.org/show_bug.cgi?id=215578

        Reviewed by Eric Carlson.

        AudioNode.disconnect() did not match the specification. There were a lot of overloads in
        the specification that we did not support:
        - https://www.w3.org/TR/webaudio/#dom-audionode-disconnect

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBasicInspectorNode.cpp:
        (WebCore::AudioBasicInspectorNode::connect): Deleted.
        (WebCore::AudioBasicInspectorNode::disconnect): Deleted.
        * Modules/webaudio/AudioBasicInspectorNode.h:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::connect):
        (WebCore::AudioNode::disconnect):
        * Modules/webaudio/AudioNode.h:
        (WebCore::AudioNode::updatePullStatus):
        * Modules/webaudio/AudioNode.idl:
        * Modules/webaudio/AudioNodeOutput.h:
        (WebCore::AudioNodeOutput::isConnectedTo const):

2020-08-17  Chris Dumez  <cdumez@apple.com>

        WaveShaperNode should not output silence when it has no input or when input is silence
        https://bugs.webkit.org/show_bug.cgi?id=215574

        Reviewed by Eric Carlson.

        WaveShaperNode should not output silence when it has no input or when input is silence.
        It should still apply its curve to the silent input.

        No new tests, rebaselined existing test.

        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::disableOutputsIfNecessary):
        Do not disable the WaveShaperNode's output when its has no input. The WaveShaperNode
        may still provide non-silent output when it has no input.

        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::propagatesSilence const):
        * Modules/webaudio/WaveShaperNode.h:
        Override propagatesSilence() to return false when the WaveShaperNode has a curve to apply,
        so that we ask the node to process the input even when it is silence.

2020-08-17  David Kilzer  <ddkilzer@apple.com>

        Clean up DragApplicationFlags after switch to OptionSet<>
        <https://webkit.org/b/215349>

        Reviewed by Darin Adler.

        Change WebCore::DragApplicationFlags to an enum class.

        No new tests since no change in behavior.

        * page/gtk/DragControllerGtk.cpp:
        (WebCore::DragController::isCopyKeyDown):
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::isCopyKeyDown):
        (WebCore::DragController::dragOperation):
        * platform/DragData.h:

2020-08-17  Yusuke Suzuki  <ysuzuki@apple.com>

        JSDOMConstructorNotConstructable should be a constructor
        https://bugs.webkit.org/show_bug.cgi?id=215554
        <rdar://problem/65770688>

        Reviewed by Darin Adler.

        Test: js/dom/window-is-constructor.html

        While JSDOMConstructorNotConstructable throws an error, still it should be a constructor, which means,
        `IsConstructor(JSDOMConstructorNotConstructable)` should be true. To fix it, we add getConstructData
        which configures a function throwing an error.

        * bindings/js/JSDOMConstructorNotConstructable.h:

2020-08-17  Youenn Fablet  <youenn@apple.com>

        Make sure writableStreamDefaultWriterEnsureClosedPromiseRejected overwrite the closedPromise if needed
        https://bugs.webkit.org/show_bug.cgi?id=215540

        Reviewed by Darin Adler.

        Covered by rebased tests.

        * Modules/streams/WritableStreamInternals.js:
        (writableStreamDefaultWriterEnsureClosedPromiseRejected):
        As per spec, if promise is already settled, we overwrite it to reject it.

2020-08-17  Youenn Fablet  <youenn@apple.com>

        Check WritableStream underlyingSink methods
        https://bugs.webkit.org/show_bug.cgi?id=215539

        Reviewed by Darin Adler.

        Covered by updated tests.

        * Modules/streams/WritableStream.js:
        (initializeWritableStream):

2020-08-16  Simon Fraser  <simon.fraser@apple.com>

        Fix some spelling and editorial issues
        https://bugs.webkit.org/show_bug.cgi?id=215553

        Reviewed by Darin Adler.

        "Stretches" has a t in the middle, and "padding" is singular.

        * inspector/InspectorOverlay.cpp:
        (WebCore::buildRendererHighlight):
        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::geometryForBox const):
        * layout/FormattingContext.h:
        * layout/blockformatting/BlockFormattingContextQuirks.cpp:
        (WebCore::Layout::BlockFormattingContext::Quirks::stretchedInFlowHeight):
        * layout/inlineformatting/InlineFormattingContext.cpp:
        (WebCore::Layout::InlineFormattingContext::layoutInFlowContent):
        (WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints):
        * layout/inlineformatting/InlineLineBuilder.cpp:
        (WebCore::Layout::LineBuilder::adjustBaselineAndLineHeight):
        * layout/tableformatting/TableFormattingContext.cpp:
        (WebCore::Layout::TableFormattingContext::setUsedGeometryForCells):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::convertStyleLogicalWidthToComputedWidth):
        * rendering/RenderTableCell.cpp:
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::layout):

2020-08-14  Simon Fraser  <simon.fraser@apple.com>

        Scrolling sync changes in r261985 regressed CPU usage by ~2 ms/s
        https://bugs.webkit.org/show_bug.cgi?id=215529
        <rdar://problem/66866163>

        Reviewed by Geoff Garen.

        r261985 added two code paths that wake up the scrolling thread on every
        rendering update (triggered by displayDidRefresh()). One is a ping from
        the EventDispatcher thread, the other is a wake-and-block from the main
        thread. If the scrolling thread isn't active (no wheel events received recently),
        we can avoid both of these to reduce the number of CPU core wakeups.

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::isRecentlyActive):
        (WebCore::ScrollingTree::setRecentlyActive):
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::willStartRenderingUpdate):
        (WebCore::ThreadedScrollingTree::displayDidRefresh):

2020-08-16  Dean Jackson  <dino@apple.com>

        [AS Layout Tests] 6 WPT css-backgrounds tests consistently failing
        https://bugs.webkit.org/show_bug.cgi?id=215533
        rdar://66660924

        Reviewed by Youenn Fablet.

        A static_cast from float to int, where the float value is larger than MAX_INT, produces
        different results on x86_64 and arm64e. Unfortunately, fixing this exposed the fact
        that we were accidentally passing the tests below on Intel.

        This commit addresses the casting issue and marks the tests as now accurately
        failing. Details on the new bug at: webkit.org/b/206753

        Covered by:
        imported/w3c/web-platform-tests/css/css-backgrounds/background-size/vector/tall--contain--height.html
        imported/w3c/web-platform-tests/css/css-backgrounds/background-size/vector/tall--contain--width.html
        imported/w3c/web-platform-tests/css/css-backgrounds/background-size/vector/wide--contain--height.html
        imported/w3c/web-platform-tests/css/css-backgrounds/background-size/vector/wide--contain--width.html

        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::containerSize const): Don't static_cast from float to int. Rather, use
        the explicit IntSize constructor.

2020-08-15  Andres Gonzalez  <andresg_22@apple.com>

        Revert unnecessary change for https://bugs.webkit.org/show_bug.cgi?id=215521.
        https://bugs.webkit.org/show_bug.cgi?id=215541

        Reviewed by Chris Fleizach.

        These additional checks are no longer necessary since makeSimpleRange
        returns a null Optional if any of the VisiblePosition parameters is
        null. Darin Adler already fixed the crasher in
        https://bugs.webkit.org/show_bug.cgi?id=215521
        with the patch
        https://trac.webkit.org/changeset/265044/webkit.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):

2020-08-15  Youenn Fablet  <youenn@apple.com>

        WritableStream rejected promises should be marked as handled as per spec
        https://bugs.webkit.org/show_bug.cgi?id=215501

        Reviewed by Darin Adler.

        Marking promises that got rejected as handled to ensure onunhandledrejection handler is not called erroneously.
        Covered by rebased tests.

        * Modules/streams/WritableStreamInternals.js:
        (setUpWritableStreamDefaultWriter):
        (writableStreamRejectCloseAndClosedPromiseIfNeeded):
        (writableStreamDefaultWriterEnsureClosedPromiseRejected):
        (writableStreamDefaultWriterEnsureReadyPromiseRejected):

2020-08-14  Brady Eidson  <beidson@apple.com>

        Crash inside FrameLoader::defaultRequestCachingPolicy (null DocumentLoader)
        <rdar://problem/42167093> and https://bugs.webkit.org/show_bug.cgi?id=215527

        Reviewed by Darin Adler.

        We have CrashTracer data, but despite my best efforts no way of reproducing.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::defaultRequestCachingPolicy): If a PingLoader is sending a CSP violation
          report sometime after part of the Document's lifecycle, the FrameLoader as a null DocumentLoader here.
          Like everywhere else in FrameLoader, null check it.

2020-08-14  Zalan Bujtas  <zalan@apple.com>

        RenderTextControlSingleLine::scroll* functions should not call Element::scroll* on the inner text content
        https://bugs.webkit.org/show_bug.cgi?id=215516
        <rdar://problem/64739768>

        Reviewed by Simon Fraser.

        Normally the RenderBox::content*, border*, padding* and scroll* functions grab the geometry information from the renderer itself.
        The clients of these functions expect the geometry data to be consistent with the rest of the rendering context
        (e.g coordinates are in the coordinate system of the containing block, paint time operations are not applied etc).
        Also these functions are supposed to be const. They should not mutate the geometry or the render tree itself.
        Forwarding ::scroll* calls to Element::scroll* can't guarantee neither of these above.

        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::scrollWidth const):
        (WebCore::RenderTextControlSingleLine::scrollHeight const):
        (WebCore::RenderTextControlSingleLine::scrollLeft const):
        (WebCore::RenderTextControlSingleLine::scrollTop const):

2020-08-14  Chris Dumez  <cdumez@apple.com>

        OfflineAudioContext.destination has incorrect number of channels & channel count mode
        https://bugs.webkit.org/show_bug.cgi?id=215522

        Reviewed by Eric Carlson.

        OfflineAudioContext.destination currently always has a number of channels that is 0, no
        matter the numberOfChannels provided when constructing the OfflineAudioContext. The
        channel count mode is also "max" instead of "explicit" (as per [1]).

        [1] https://www.w3.org/TR/webaudio/#AudioDestinationNode

        No new tests, rebaselined existing tests.

        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
        (WebCore::OfflineAudioDestinationNode::maxChannelCount const):
        * Modules/webaudio/OfflineAudioDestinationNode.h:

2020-08-14  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] releaseShaderCompiler is not allowed to be supported in WebGL
        https://bugs.webkit.org/show_bug.cgi?id=215432

        Reviewed by Dean Jackson.

        Fixes WebGL conformance tests methods.html and methods-2.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::releaseShaderCompiler): Deleted.
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.idl:
        * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
        (WebCore::GraphicsContextGLOpenGL::releaseShaderCompiler): Deleted.
        * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
        * platform/graphics/opengl/GraphicsContextGLOpenGLBase.cpp:
        (WebCore::GraphicsContextGLOpenGL::releaseShaderCompiler): Deleted.
        * platform/graphics/opengl/GraphicsContextGLOpenGLES.cpp:
        (WebCore::GraphicsContextGLOpenGL::releaseShaderCompiler): Deleted.

2020-08-14  Devin Rousso  <drousso@apple.com>

        RTL: volume slider and icons are backwards
        https://bugs.webkit.org/show_bug.cgi?id=215482
        <rdar://problem/65730749>

        Reviewed by Eric Carlson.

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype.layout):
        Flip the inline volume button when not in LTR.

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.layout):
        (MacOSFullscreenMediaControls.prototype._volumeControlsForCurrentDirection): Added.
        Reverse the order of the fullscreen volume controls when not in LTR.

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css:
        (.media-controls.mac.fullscreen:not(.uses-ltr-user-interface-layout-direction) :is(.volume-down, .volume.slider, .volume-up)): Added.
        (.media-controls.mac.fullscreen:not(.uses-ltr-user-interface-layout-direction) .volume.slider): Deleted.
        Also flip the fullscreen volume up and volume down buttons.

2020-08-14  Kenneth Russell  <kbr@chromium.org>

        [WebGL2] expando-loss and expando-loss-2 conformance tests are failing
        https://bugs.webkit.org/show_bug.cgi?id=214765

        Reviewed by Yusuke Suzuki.

        Re-land with locking fixes ysuzuki@ pointed out as necessary, and
        advised heavily on.

        Use JSWebGLRenderingContext's and JSWebGL2RenderingContext's
        existing visitAdditionalChildren hook, via JSCustomMarkFunction in
        their IDL, to add opaque roots for all WebGLObjects latched in to
        the context state, and all WebGLObjects they refer to. Extensions
        were already previously handled.

        In order to support JSC's concurrent marking, grab a
        per-WebGL-context lock in visitAdditionalChildren, and in all
        WebGL context- and object-related methods which modify compound
        data structures like HashMaps and Vectors that are traversed by
        visitAdditionalChildren and its callees. Add "const
        AbstractLocker&" throughout WebGL's call hierarchy to guarantee
        that this lock is held where needed. Add needed exception in
        WebGLObjects' destructors to avoid recursive locking, and in
        WebGLContextGroup destruction to avoid mutating objects that GC
        might be traversing when a lock is no longer available on the
        application's thread.

        Add "GenerateIsReachable=Impl" to the IDL files of needed WebGL
        objects (WebGLBuffer, WebGLTexture, etc.) so that they pay
        attention to the opaque root state when determining liveness of
        their JavaScript wrappers. Add a FIXME to objectGraphLock in
        WebGLRenderingContextBase to consider rewriting this in a
        lock-free manner.

        Covered by existing WebGL conformance tests.

        * bindings/js/JSWebGL2RenderingContextCustom.cpp:
        (WebCore::JSWebGL2RenderingContext::visitAdditionalChildren):
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::visitAdditionalChildren):
        * html/canvas/OESVertexArrayObject.cpp:
        (WebCore::OESVertexArrayObject::deleteVertexArrayOES):
        (WebCore::OESVertexArrayObject::bindVertexArrayOES):
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateAndCacheBufferBinding):
        (WebCore::WebGL2RenderingContext::bindFramebuffer):
        (WebCore::WebGL2RenderingContext::deleteFramebuffer):
        (WebCore::WebGL2RenderingContext::deleteQuery):
        (WebCore::WebGL2RenderingContext::beginQuery):
        (WebCore::WebGL2RenderingContext::endQuery):
        (WebCore::WebGL2RenderingContext::deleteSampler):
        (WebCore::WebGL2RenderingContext::bindSampler):
        (WebCore::WebGL2RenderingContext::deleteSync):
        (WebCore::WebGL2RenderingContext::deleteTransformFeedback):
        (WebCore::WebGL2RenderingContext::bindTransformFeedback):
        (WebCore::WebGL2RenderingContext::beginTransformFeedback):
        (WebCore::WebGL2RenderingContext::setIndexedBufferBinding):
        (WebCore::WebGL2RenderingContext::deleteVertexArray):
        (WebCore::WebGL2RenderingContext::bindVertexArray):
        (WebCore::WebGL2RenderingContext::addMembersToOpaqueRoots):
        (WebCore::WebGL2RenderingContext::uncacheDeletedBuffer):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGLBuffer.cpp:
        (WebCore::WebGLBuffer::~WebGLBuffer):
        (WebCore::WebGLBuffer::deleteObjectImpl):
        * html/canvas/WebGLBuffer.h:
        * html/canvas/WebGLBuffer.idl:
        * html/canvas/WebGLContextGroup.cpp:
        (WebCore::WebGLContextGroup::hasAContext const):
        (WebCore::WebGLContextGroup::objectGraphLockForAContext):
        (WebCore::WebGLContextGroup::detachAndRemoveAllObjects):
        * html/canvas/WebGLContextGroup.h:
        * html/canvas/WebGLContextObject.cpp:
        (WebCore::WebGLContextObject::detachContext):
        (WebCore::WebGLContextObject::objectGraphLockForContext):
        * html/canvas/WebGLContextObject.h:
        * html/canvas/WebGLFramebuffer.cpp:
        (WebCore::WebGLFramebuffer::~WebGLFramebuffer):
        (WebCore::WebGLFramebuffer::removeAttachmentFromBoundFramebuffer):
        (WebCore::WebGLFramebuffer::deleteObjectImpl):
        (WebCore::WebGLFramebuffer::initializeAttachments):
        (WebCore::WebGLFramebuffer::addMembersToOpaqueRoots):
        (WebCore::WebGLFramebuffer::setAttachmentInternal):
        (WebCore::WebGLFramebuffer::removeAttachmentInternal):
        * html/canvas/WebGLFramebuffer.h:
        * html/canvas/WebGLFramebuffer.idl:
        * html/canvas/WebGLObject.cpp:
        (WebCore::WebGLObject::runDestructor):
        (WebCore::WebGLObject::deleteObject):
        * html/canvas/WebGLObject.h:
        * html/canvas/WebGLProgram.cpp:
        (WebCore::WebGLProgram::~WebGLProgram):
        (WebCore::WebGLProgram::deleteObjectImpl):
        (WebCore::WebGLProgram::attachShader):
        (WebCore::WebGLProgram::detachShader):
        (WebCore::WebGLProgram::addMembersToOpaqueRoots):
        * html/canvas/WebGLProgram.h:
        * html/canvas/WebGLProgram.idl:
        * html/canvas/WebGLQuery.cpp:
        (WebCore::WebGLQuery::~WebGLQuery):
        (WebCore::WebGLQuery::deleteObjectImpl):
        * html/canvas/WebGLQuery.h:
        * html/canvas/WebGLQuery.idl:
        * html/canvas/WebGLRenderbuffer.cpp:
        (WebCore::WebGLRenderbuffer::~WebGLRenderbuffer):
        (WebCore::WebGLRenderbuffer::deleteObjectImpl):
        * html/canvas/WebGLRenderbuffer.h:
        * html/canvas/WebGLRenderbuffer.idl:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::attachShader):
        (WebCore::WebGLRenderingContextBase::validateAndCacheBufferBinding):
        (WebCore::WebGLRenderingContextBase::bindBuffer):
        (WebCore::WebGLRenderingContextBase::bindFramebuffer):
        (WebCore::WebGLRenderingContextBase::bindRenderbuffer):
        (WebCore::WebGLRenderingContextBase::bindTexture):
        (WebCore::WebGLRenderingContextBase::deleteObject):
        (WebCore::WebGLRenderingContextBase::uncacheDeletedBuffer):
        (WebCore::WebGLRenderingContextBase::setBoundVertexArrayObject):
        (WebCore::WebGLRenderingContextBase::deleteBuffer):
        (WebCore::WebGLRenderingContextBase::deleteFramebuffer):
        (WebCore::WebGLRenderingContextBase::deleteProgram):
        (WebCore::WebGLRenderingContextBase::deleteRenderbuffer):
        (WebCore::WebGLRenderingContextBase::deleteShader):
        (WebCore::WebGLRenderingContextBase::deleteTexture):
        (WebCore::WebGLRenderingContextBase::detachShader):
        (WebCore::WebGLRenderingContextBase::useProgram):
        (WebCore::WebGLRenderingContextBase::vertexAttribPointer):
        (WebCore::WebGLRenderingContextBase::detachAndRemoveAllObjects):
        (WebCore::WebGLRenderingContextBase::setFramebuffer):
        (WebCore::WebGLRenderingContextBase::addMembersToOpaqueRoots):
        (WebCore::WebGLRenderingContextBase::objectGraphLock):
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::WebGLRenderingContextBase::setBoundVertexArrayObject): Deleted.
        * html/canvas/WebGLSampler.cpp:
        (WebCore::WebGLSampler::~WebGLSampler):
        (WebCore::WebGLSampler::deleteObjectImpl):
        * html/canvas/WebGLSampler.h:
        * html/canvas/WebGLSampler.idl:
        * html/canvas/WebGLShader.cpp:
        (WebCore::WebGLShader::~WebGLShader):
        (WebCore::WebGLShader::deleteObjectImpl):
        * html/canvas/WebGLShader.h:
        * html/canvas/WebGLShader.idl:
        * html/canvas/WebGLSharedObject.cpp:
        (WebCore::WebGLSharedObject::detachContextGroup):
        (WebCore::WebGLSharedObject::detachContextGroupWithoutDeletingObject):
        (WebCore::WebGLSharedObject::hasGroupOrContext const):
        (WebCore::WebGLSharedObject::objectGraphLockForContext):
        * html/canvas/WebGLSharedObject.h:
        * html/canvas/WebGLSync.cpp:
        (WebCore::WebGLSync::~WebGLSync):
        (WebCore::WebGLSync::deleteObjectImpl):
        * html/canvas/WebGLSync.h:
        * html/canvas/WebGLTexture.cpp:
        (WebCore::WebGLTexture::~WebGLTexture):
        (WebCore::WebGLTexture::deleteObjectImpl):
        * html/canvas/WebGLTexture.h:
        * html/canvas/WebGLTexture.idl:
        * html/canvas/WebGLTransformFeedback.cpp:
        (WebCore::WebGLTransformFeedback::~WebGLTransformFeedback):
        (WebCore::WebGLTransformFeedback::deleteObjectImpl):
        (WebCore::WebGLTransformFeedback::setProgram):
        (WebCore::WebGLTransformFeedback::setBoundIndexedTransformFeedbackBuffer):
        (WebCore::WebGLTransformFeedback::addMembersToOpaqueRoots):
        (WebCore::WebGLTransformFeedback::unbindBuffer):
        * html/canvas/WebGLTransformFeedback.h:
        * html/canvas/WebGLTransformFeedback.idl:
        * html/canvas/WebGLVertexArrayObject.cpp:
        (WebCore::WebGLVertexArrayObject::~WebGLVertexArrayObject):
        (WebCore::WebGLVertexArrayObject::deleteObjectImpl):
        * html/canvas/WebGLVertexArrayObject.h:
        * html/canvas/WebGLVertexArrayObject.idl:
        * html/canvas/WebGLVertexArrayObjectBase.cpp:
        (WebCore::WebGLVertexArrayObjectBase::setElementArrayBuffer):
        (WebCore::WebGLVertexArrayObjectBase::setVertexAttribState):
        (WebCore::WebGLVertexArrayObjectBase::unbindBuffer):
        (WebCore::WebGLVertexArrayObjectBase::addMembersToOpaqueRoots):
        * html/canvas/WebGLVertexArrayObjectBase.h:
        * html/canvas/WebGLVertexArrayObjectOES.cpp:
        (WebCore::WebGLVertexArrayObjectOES::~WebGLVertexArrayObjectOES):
        (WebCore::WebGLVertexArrayObjectOES::deleteObjectImpl):
        * html/canvas/WebGLVertexArrayObjectOES.h:
        * html/canvas/WebGLVertexArrayObjectOES.idl:

2020-08-14  Andres Gonzalez  <andresg_22@apple.com>

        Crash in WebCore::AXObjectCache::rangeMatchesTextNearRange.
        https://bugs.webkit.org/show_bug.cgi?id=215521
        <rdar://problem/64773177>

        Reviewed by Chris Fleizach.

        The test accessibility/ios-simulator/text-marker-range-matches-text.html
        exercises this code path, but doesn't reproduce this crash.

        Added a check for nullity of the VisiblePositions before creating the
        SimpleRange.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):

2020-08-14  Chris Dumez  <cdumez@apple.com>

        Add support for suspending / resuming an OfflineAudioContext
        https://bugs.webkit.org/show_bug.cgi?id=215417

        Reviewed by Eric Carlson.

        Add support for suspending / resuming an OfflineAudioContext, as per:
        - https://www.w3.org/TR/webaudio/#dom-offlineaudiocontext-suspend
        - https://www.w3.org/TR/webaudio/#dom-offlineaudiocontext-resume

        Tests: webaudio/offlineaudiocontext-suspend-resume-basic.html
               webaudio/offlineaudiocontext-suspend-resume-eventhandler.html
               webaudio/offlineaudiocontext-suspend-resume-graph-manipulation.html
               webaudio/offlineaudiocontext-suspend-resume-promise.html
               webaudio/offlineaudiocontext-suspend-resume-sequence.html

        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::didSuspendRendering):
        * Modules/webaudio/BaseAudioContext.h:
        (WebCore::BaseAudioContext::shouldSuspend):
        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::uninitialize):
        (WebCore::OfflineAudioContext::startOfflineRendering):
        (WebCore::OfflineAudioContext::suspendOfflineRendering):
        (WebCore::OfflineAudioContext::resumeOfflineRendering):
        (WebCore::OfflineAudioContext::shouldSuspend):
        (WebCore::OfflineAudioContext::didSuspendRendering):
        (WebCore::OfflineAudioContext::didFinishOfflineRendering):
        * Modules/webaudio/OfflineAudioContext.h:
        * Modules/webaudio/OfflineAudioContext.idl:
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
        (WebCore::OfflineAudioDestinationNode::startRendering):
        (WebCore::OfflineAudioDestinationNode::offlineRender):
        * Modules/webaudio/OfflineAudioDestinationNode.h:

2020-08-14  Peng Liu  <peng.liu6@apple.com>

        The PiP button on the fullscreen youtube player disappears after starting a new video in a playlist
        https://bugs.webkit.org/show_bug.cgi?id=215488

        Reviewed by Eric Carlson.

        When a fullscreen video player (e.g., YouTube.com) completes the current video and starts
        the next one in a playlist, it may reuse the video element, so m_mediaElement of the
        PlaybackSessionModelMediaElement instance won't change. However, the video element
        will exit video fullscreen standby and then enter video fullscreen standby. Those
        transitions are invisible to users. But the corresponding PlaybackSessionModelContext
        instance will be destroyed and a new instance will be created.

        By default, the member variable m_pictureInPictureSupported of the PlaybackSessionModelContext
        instance is "false". After a new video starts to play, the function
        PlaybackSessionModelMediaElement::setMediaElement() won't ask the PlaybackSessionManager
        to send a PlaybackSessionManagerProxy::PictureInPictureSupportedChanged message
        (because we don't change m_mediaElement) to notify the PlaybackSessionModelContext
        instance in the UI process that m_pictureInPictureSupported should be "true". Therefore,
        the PlaybackSessionModelContext instance will tell the WKFullScreenViewController instance
        that picture-in-picture is not supported, which in turn will hide the picture-in-picture button.

        With this patch, PlaybackSessionModelMediaElement::setMediaElement() will ask the
        PlaybackSessionManager instance to send an IPC message if m_mediaElement is not nullptr
        even we don't change the media element. So that the PlaybackSessionModelContext instance
        in the UI process will always have a consistent state as the PlaybackSessionModelMediaElement
        instance in the Web process.

        * platform/cocoa/PlaybackSessionModelMediaElement.mm:
        (WebCore::PlaybackSessionModelMediaElement::setMediaElement):

2020-08-14  Clark Wang  <clark_wang@apple.com>

        Introduce ConstantSourceNode Interface
        https://bugs.webkit.org/show_bug.cgi?id=215377

        Reviewed by Chris Dumez.

        Introduced new ConstantSourceNode interface according to spec:
        https://www.w3.org/TR/webaudio/#ConstantSourceNode and with 
        guidance from Chromium implementation: 
        https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/modules/webaudio/constant_source_node.cc.

        Re-baselined existing tests. Some fail further, mainly due to lack of support for automation rate in AudioParam.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::convertEnumerationToString):
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createConstantSource):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/BaseAudioContext.idl:
        * Modules/webaudio/ConstantSourceNode.cpp: Added.
        (WebCore::ConstantSourceNode::create):
        (WebCore::ConstantSourceNode::ConstantSourceNode):
        (WebCore::ConstantSourceNode::~ConstantSourceNode):
        (WebCore::ConstantSourceNode::process):
        (WebCore::ConstantSourceNode::propagatesSilence const):
        * Modules/webaudio/ConstantSourceNode.h: Added.
        * Modules/webaudio/ConstantSourceNode.idl: Added.
        * Modules/webaudio/ConstantSourceOptions.h: Added.
        * Modules/webaudio/ConstantSourceOptions.idl: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2020-08-14  Rob Buis  <rbuis@igalia.com>

        Simplify FrameLoader::open
        https://bugs.webkit.org/show_bug.cgi?id=215505

        Reviewed by Darin Adler.

        There is no need to set m_isComplete to false since the started() call
        a few lines below does the same thing.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::open):

2020-08-14  Rob Buis  <rbuis@igalia.com>

        Simplify HTMLFrameElementBase::openURL
        https://bugs.webkit.org/show_bug.cgi?id=215504

        Reviewed by Darin Adler.

        The expression effectively uses the indirection document -> frame -> document, but
        we can just use the document directly.

        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::openURL):

2020-08-14  Chris Dumez  <cdumez@apple.com>

        Make sure OfflineAudioContext::startOfflineRendering() does lazy initialization
        https://bugs.webkit.org/show_bug.cgi?id=215481

        Reviewed by Eric Carlson.

        Make sure OfflineAudioContext::startOfflineRendering() does lazy initialization before
        actually starting rendering. If lazy initialization has not happened yet (because no
        audio nodes were created for this context yet), then rendering would fail with an
        InvalidStateError, due to lack on initialization.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::startOfflineRendering):
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::offlineRender):

2020-08-14  Chris Dumez  <cdumez@apple.com>

        Fix bad check in AudioBufferSourceNode::renderFromBuffer()
        https://bugs.webkit.org/show_bug.cgi?id=215513

        Reviewed by Darin Adler.

        Fix bad check in AudioBufferSourceNode::renderFromBuffer() that is causing us to incorrectly output silence
        and failing many WPT tests.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::renderFromBuffer):

2020-08-14  Chris Dumez  <cdumez@apple.com>

        AudioBufferSourceNode.buffer setter should throw when the buffer was already set
        https://bugs.webkit.org/show_bug.cgi?id=215510

        Reviewed by Darin Adler.

        AudioBufferSourceNode.buffer setter should throw when the buffer was already set:
        - https://www.w3.org/TR/webaudio/#dom-audiobuffersourcenode-buffer

        Note that the setter for the WebKit-prefixed AudioBufferSourceNode still does not throw,
        to ensure backward-compatibility.

        No new tests, rebaselined existing test.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::setBuffer):
        * Modules/webaudio/AudioBufferSourceNode.h:
        (WebCore::AudioBufferSourceNode::isWebKitAudioBufferSourceNode const):
        * Modules/webaudio/WebKitAudioBufferSourceNode.h:

2020-08-14  Wenson Hsieh  <wenson_hsieh@apple.com>

        REGRESSION (r259184): Typing -- then Return into an email moves the selection by two lines
        https://bugs.webkit.org/show_bug.cgi?id=215491
        <rdar://problem/66938121>

        Reviewed by Darin Adler.

        When inserting a newline after text that is about to be replaced (e.g. using smart dashes, or a system-wide text
        replacement), logic in `Editor::markAndReplaceFor` attempts to detect the fact that we've just inserted a new
        paragraph (setting `adjustSelectionForParagraphBoundaries` to `true`), and subsequently causes us to advance
        the selection forward by 1 character after we're done handling the text replacement.

        This logic appears to have been added to deal with the fact that prior to r259184, `TextIterator::subrange()`
        with a range that ended in a line break would not include the line break as a part of the resulting subrange.
        For instance, suppose we're inserting a newline after "--", text replacement has just run and replaced the
        two hyphens with a single dash (—), and there is a newline after the dash. The extended paragraph range consists
        of the dash, followed by the line break after it ("—\n"), with a `selectionOffset` of 2. The following code:

            `auto selectionRange = extendedParagraph.subrange({ 0, selectionOffset });`

        ...would compute a `selectionRange` that encompasses only the "—", despite a selection offset of 2, causing the
        following code to only move the selection to the end of the "—":

            `m_document.selection().moveTo(createLegacyEditingPosition(selectionRange.end), DOWNSTREAM);`

        This requires the logic in the `adjustSelectionForParagraphBoundaries` to subsequently move the selection to the
        line break, as the user would expect. However, after the changes in r259184, the subrange now (correctly)
        returns a range that starts before the "—" and ends at the following line break. However, this also means that
        the subsequent adjustment logic will cause us to advance unnecessarily!

        To fix this, we remove the `adjustSelectionForParagraphBoundaries` case altogether, since its only (apparent)
        purpose is to work around the fact that `TextIterator::subrange` didn't include trailing line breaks before
        r259184.

        Test: editing/spelling/text-replacement-after-typing-to-word.html

        * editing/Editor.cpp:
        (WebCore::Editor::markAndReplaceFor):

2020-08-14  Takeshi Kurosawa  <taken.spc@gmail.com>

        @font-face font-weight descriptor should reject bolder and lighter
        https://bugs.webkit.org/show_bug.cgi?id=215359

        Reviewed by Darin Adler.

        Both bolder and lighter are not allowed in font-weight descriptor. This patch splits
        font-weight descriptor parsers from font-weight property parsers.

        Tested by existing (formerly failing) test: web-platform-tests/css/css-fonts/variations/at-font-face-descriptors.html:

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontWeightAbsoluteKeywordValue):
        (WebCore::consumeFontWeightAbsoluteRange):
        (WebCore::consumeFontWeightAbsolute):
        (WebCore::CSSPropertyParser::parseFontFaceDescriptor):
        (WebCore::consumeFontWeightRange): Deleted.

2020-08-14  Youenn Fablet  <youenn@apple.com>

        WritableStreamDefaultWriterEnsureReadyPromiseRejected should create a new readPromise if the current readyPromise is not pending
        https://bugs.webkit.org/show_bug.cgi?id=215500

        Reviewed by Geoffrey Garen.

        Create new promise if current is not pending.
        Also mark it as handled so that it does not end up call onunhandledrejection.
        Covered by rebased tests.

        * Modules/streams/WritableStreamInternals.js:
        (writableStreamDefaultWriterEnsureClosedPromiseRejected):

2020-08-13  Sergio Villar Senin  <svillar@igalia.com>

        [WebXR] Implement WebXRSession::updateRenderState()
        https://bugs.webkit.org/show_bug.cgi?id=213555

        Reviewed by Darin Adler.

        Added an implementation which matches the current specs. The updateRenderState() is specially useful to set
        the base layer in the session where WebXR contents would be rendered. Authors would normally do:

        glCanvas.getContext("webgl").makeXRCompatible().then(() => {
            xrSession.updateRenderState({ baseLayer: new XRWebGLLayer(xrSession, gl) });
        });

        The XRRenderStateInit has also been updated to the latest version of specs.

        * Modules/webxr/WebXRRenderState.cpp:
        (WebCore::WebXRRenderState::WebXRRenderState):
        (WebCore::WebXRRenderState::depthNear const): Inlined.
        (WebCore::WebXRRenderState::depthFar const): Ditto.
        (WebCore::WebXRRenderState::inlineVerticalFieldOfView const): Ditto.
        (WebCore::WebXRRenderState::baseLayer const): Ditto.
        * Modules/webxr/WebXRRenderState.h:
        (WebCore::WebXRRenderState::depthNear const): Inlined.
        (WebCore::WebXRRenderState::setDepthNear): Ditto.
        (WebCore::WebXRRenderState::depthFar const): Ditto.
        (WebCore::WebXRRenderState::setDepthFar): Ditto.
        (WebCore::WebXRRenderState::inlineVerticalFieldOfView const): Added.
        (WebCore::WebXRRenderState::setInlineVerticalFieldOfView): Ditto.
        (WebCore::WebXRRenderState::baseLayer const): Ditto.
        (WebCore::WebXRRenderState::setBaseLayer): Ditto.
        * Modules/webxr/WebXRSession.cpp:
        (WebCore::isImmersive):
        (WebCore::WebXRSession::updateRenderState): Implemented.
        (WebCore::WebXRSession::referenceSpaceIsSupported const):
        * Modules/webxr/WebXRSession.h: updateRenderState may throw exception.
        * Modules/webxr/WebXRSession.idl: Ditto.
        * Modules/webxr/WebXRWebGLLayer.h:
        (WebCore::WebXRWebGLLayer::session): Added.
        * Modules/webxr/XRRenderStateInit.h: Added layers and made many attributes optional.
        * Modules/webxr/XRRenderStateInit.idl: Ditto.

2020-08-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r254506): [Freetype] Spektra variable font does not work properly
        https://bugs.webkit.org/show_bug.cgi?id=215214
        <rdar://problem/66984524>

        Reviewed by Adrian Perez de Castro.

        This regressed in r254506, when a font smoothing mode is passed to drawGlyphsToContext() a new cairo font
        options is set, using the default font options and changing the antialiasing. This means the font options from
        the font (the ones containing the variation settings) set in the context by cairo_set_scaled_font() are
        lost. We should copy the scaled font options instead, then set the antialiasing and apply them.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawGlyphsToContext): Use cairo_scaled_font_get_font_options() instead of getDefaultCairoFontOptions().

2020-08-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        Crash in WebCore::StyledMarkupAccumulator::traverseNodesForSerialization
        https://bugs.webkit.org/show_bug.cgi?id=199224

        Reviewed by Michael Catanzaro.

        The crash happens in StyledMarkupAccumulator::traverseNodesForSerialization() when we can't enter the node and
        nextSkippingChildren() returns nullptr.

        Test: editing/pasteboard/copy-across-shadow-boundaries-crash.html

        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::traverseNodesForSerialization): Set next to pastEnd if nextSkippingChildren()
        returns nullptr.

2020-08-13  Andres Gonzalez  <andresg_22@apple.com>

        VoiceOver not able to invoke play button on some web sites.
        https://bugs.webkit.org/show_bug.cgi?id=215484
        <rdar://problem/62729643>

        Reviewed by Chris Fleizach.

        Test: accessibility/ios-simulator/has-touch-event-listener.html.

        We were checking for the presence of listeners for touchstart and touchend
        events only. Now we check for the presence of any touch-related event listener.

        * accessibility/ios/AccessibilityObjectIOS.mm:
        (WebCore::AccessibilityObject::hasTouchEventListener const):

2020-08-13  Dean Jackson  <dino@apple.com>

        Pocket City game play area is blank (WebGL is broken in Catalyst)
        https://bugs.webkit.org/show_bug.cgi?id=215251

        Follow-up review comments from Darin Adler.

        * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
        (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):

2020-08-13  Zalan Bujtas  <zalan@apple.com>

        Add RenderTreeMutationDisallowedScope to track intrusive render tree mutations
        https://bugs.webkit.org/show_bug.cgi?id=215463
        <rdar://problem/67012831>

        Reviewed by Simon Fraser.

        RenderLayer::enclosingScrollableLayer should not mutate the render tree accidentally.
        This is related to <rdar://problem/64739768>.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderTreeMutationDisallowedScope.cpp: Added.
        * rendering/RenderTreeMutationDisallowedScope.h: Added.
        (WebCore::RenderTreeMutationDisallowedScope::RenderTreeMutationDisallowedScope):
        (WebCore::RenderTreeMutationDisallowedScope::~RenderTreeMutationDisallowedScope):
        (WebCore::RenderTreeMutationDisallowedScope::isMutationAllowed):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::destroy):

2020-08-13  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r260684): Messages YouTube inline video: after Multitasking away and Back, Audio is heard but icon indicates "muted"
        https://bugs.webkit.org/show_bug.cgi?id=215453
        <rdar://problem/66136673>

        Reviewed by Tim Horton.

        r260684 silenced all JS events during the snapshot sequence that occurs whenever the user homes out of Safari.
        This was meant to address compatibility with websites that did not expect various resize/orientationchange
        events when homing out. However, the snapshot sequence is fairly long and this was causing us to silence JS
        events which have nothing to do with the snapshot sequence, like window.postMessage()'s message events. This is
        what caused this regression.

        To address the issue, this patch basically reverts r260684 and deals with websites-compatibility issues via
        less risky site-specific and event-specific quirks:
        - We silence Window resize events on nytimes.com to address <rdar://problem/59763843>.
        - We silence Window resize events and MediaQueryList change events on twitter.com to address <rdar://problem/58804852>
          and <rdar://problem/61731801>.

        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::evaluateAll):
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners):
        * page/FrameView.cpp:
        (WebCore::FrameView::sendResizeEventIfNeeded):
        * page/Page.h:
        (WebCore::Page::isTakingSnapshotsForApplicationSuspension const):
        (WebCore::Page::setIsTakingSnapshotsForApplicationSuspension):
        (WebCore::Page::shouldFireEvents const): Deleted.
        (WebCore::Page::setShouldFireEvents): Deleted.
        * page/Quirks.cpp:
        (WebCore::Quirks::shouldSilenceWindowResizeEvents const):
        (WebCore::Quirks::shouldSilenceMediaQueryListChangeEvents const):
        * page/Quirks.h:

2020-08-13  Aditya Keerthi  <akeerthi@apple.com>

        [macOS] Zoomed-in search field is clipped out
        https://bugs.webkit.org/show_bug.cgi?id=215428
        <rdar://problem/66161781>

        Reviewed by Darin Adler.

        r257150 added support for painting large form controls using NSControlSizeLarge.
        However, RenderThemeMac::searchFieldSizes() still returned a height
        corresponding to NSControlSizeRegular rather than NSControlSizeLarge. This
        behavior causes the height of the layout rect to be smaller than the height
        of the painted cell, resulting in clipping.

        Returning the correct height in searchFieldSizes is not enough to solve the
        issue. Currently, the height of the layout rect is set before adjusting the font
        size of the corresponding RenderStyle. This is problematic as the initial font
        size could correspond to NSControlSizeRegular, but when adjusted for zoom, the
        font size could correspond to NSControlSizeLarge. To ensure that the font size
        and height correspond to the same control size, the font size is now adjusted
        prior to adjusting the height.

        Test: fast/forms/search/search-zoom-computed-style-height.html

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::searchFieldSizes const): Correct height for NSControlSizeLarge.
        (WebCore::RenderThemeMac::adjustSearchFieldStyle const):

2020-08-12  Myles C. Maxfield  <mmaxfield@apple.com>

        Font loads quickly followed by navigations may fail indefinitely
        https://bugs.webkit.org/show_bug.cgi?id=215435
        <rdar://problem/65560550>

        Reviewed by Darin Adler.

        Font loads are coalesced using a zero-delay timer. However, that zero-delay timer
        can fire while the page is in the middle of a navigation, which will cause the font
        loads to fail. Then, the second page can request those same fonts, which are marked
        as failed, and as such will never actually load/use the desired web font.

        This patch just stops the zero-delay timer during navigations, and resumes it
        when resuming the document. This means:

        1. The second page in the above story will not see that the font has failed, or
        even started, and will then re-request the font and load it successfully
        2. If the user goes "back" to the previous page, the zero-delay timer is restarted,
        the CachedFont realizes it's already succeeded, and the previous page is rendered
        as expected.

        Test: fast/loader/font-load-timer.html

        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::suspendFontLoadingTimer):
        (WebCore::CSSFontSelector::restartFontLoadingTimer):
        * css/CSSFontSelector.h:
        * dom/Document.cpp:
        (WebCore::Document::resume):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading):

2020-08-12  Lauro Moura  <lmoura@igalia.com>

        Highpass Biquads use old formulas
        https://bugs.webkit.org/show_bug.cgi?id=181191

        Reviewed by Darin Adler.

        Like r265517, but for the highpass filter.

        Spec: https://www.w3.org/TR/webaudio/#dom-biquadfiltertype-highpass

        Covered by existing tests

        * platform/audio/Biquad.cpp:
        (WebCore::Biquad::setHighpassParams):

2020-08-12  Dean Jackson  <dino@apple.com>

        First search on Google Maps shows black bar at top of map and blank strips through the middle
        https://bugs.webkit.org/show_bug.cgi?id=214945
        <rdar://problem/63374422>

        Reviewed by Tim Horton.

        On iOS with an attached keyboard, Google Maps appears to calculate
        the viewport it will use for map display at a time when the Unified
        Control Bar (keyboard accessories) is visible. If it then changes the
        map location via the user submitting a search form, the resulting map
        will be using the incorrect viewport as the control bar has disappeared.
        This causes parts of the map display to get the wrong stencil masks, leaving
        blank strips. This fixes itself as soon as you force the map to recalculate
        its viewport (e.g. by rotating the device).

        Rather than have Google Maps update its code to detect these viewport changes,
        we're adding a Quirk to not use the control bar in these calculations.

        * page/Quirks.cpp:
        (WebCore::Quirks::shouldAvoidResizingWhenInputViewBoundsChange const):
        Return true for "*.google.com/maps/".

2020-08-12  Ryosuke Niwa  <rniwa@webkit.org>

        Add my new Twitter handle to the feature status page
        https://bugs.webkit.org/show_bug.cgi?id=215429

        Reviewed by Chris Dumez.

        rniwa_dev is my new Twitter handle.

        * features.json:

2020-08-12  Stephan Szabo  <stephan.szabo@sony.com>

        [PlayStation] Build fix for !ENABLE(ACCESSIBILITY) after r265514
        https://bugs.webkit.org/show_bug.cgi?id=215426

        AXObjectCache::getOrCreate(AccessibilityRole) changed names
        in the above, but the short definition for
        !ENABLE(ACCESSIBILITY) didn't update.

        Unreviewed build fix.

        * accessibility/AXObjectCache.h: Update name to match new name

2020-08-12  Peng Liu  <peng.liu6@apple.com>

        Add the support to return to element fullscreen from picture-in-picture
        https://bugs.webkit.org/show_bug.cgi?id=215305

        Reviewed by Jer Noble.

        When a container element enters fullscreen (with the fullscreen API), a descendant
        video element will enter the video fullscreen standby state so that it can enter
        picture-in-picture on application suspend (r226217). But we cannot restore
        to that state from the picture-in-picture mode when we click the "restore" button
        on the top-right corner of the PiP window. Instead, the video element will return
        to the inline mode.

        However, when a video element enters video fullscreen first and then enters
        picture-in-picture, we can let the video restore to fullscreen by clicking the
        "restore" button on the top-right corner of the picture-in-picture window.

        The inconsistent behaviors may confuse users who are not aware of the difference
        between the fullscreen API (or element fullscreen) and video fullscreen.

        This patch enables the support to restore to element fullscreen from picture-in-picture
        mode so that users can have a consistent experience on element fullscreen and
        video fullscreen.

        * dom/FullscreenManager.h:
        Export requestFullscreenForElement() so that we can use it in WebKit code.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::enterFullscreen):
        (WebCore::HTMLMediaElement::prepareForVideoFullscreenStandby):
        * html/HTMLMediaElement.h:
        * page/ChromeClient.h:
        (WebCore::ChromeClient::prepareForVideoFullscreen):
        Add the interface to request a video element to be prepared for the video fullscreen
        standby state.

        * platform/cocoa/VideoFullscreenChangeObserver.h:
        Add prepareToExitFullscreen() and fullscreenWillReturnToInline().

        * platform/cocoa/VideoFullscreenModel.h:
        (WebCore::VideoFullscreenModelClient::hasVideoChanged):
        (WebCore::VideoFullscreenModelClient::videoDimensionsChanged):
        (WebCore::VideoFullscreenModelClient::prepareToExitPictureInPicture):
        Some minor clean-ups and add function prepareToExitPictureInPicture().

        * platform/ios/VideoFullscreenInterfaceAVKit.h:
        * platform/ios/VideoFullscreenInterfaceAVKit.mm:
        (VideoFullscreenInterfaceAVKit::cleanupFullscreen):
        (VideoFullscreenInterfaceAVKit::prepareForPictureInPictureStop):
        (VideoFullscreenInterfaceAVKit::didStartPictureInPicture):
        (VideoFullscreenInterfaceAVKit::willStopPictureInPicture):
        (VideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler):
        (VideoFullscreenInterfaceAVKit::setReadyToStopPictureInPicture):
        (VideoFullscreenInterfaceAVKit::willEnterStandbyFromPictureInPicture):
        (VideoFullscreenInterfaceAVKit::setWillEnterStandbyFromPictureInPicture):
        (VideoFullscreenInterfaceAVKit::fullscreenMayReturnToInline): Deleted.
        When we enter picture-in-picture, we need to save the state and be prepared to
        restore to element fullscreen if needed.

        Before we exit picture-in-picture, if the "restore" button is clicked, we need
        to notify the client to prepare for the picture-in-picture stop, and call
        VideoFullscreenInterfaceAVKit::setReadyToStopPictureInPicture(true) when the client
        is ready.

        Based on those changes, a client (e.g., WKFullScreenWindowControllerVideoFullscreenModelClient)
        can coordinate with WKFullScreenWindowController to implement the "restore to
        element fullscreen" feature.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (VideoFullscreenControllerContext::fullscreenWillReturnToInline):
        (VideoFullscreenControllerContext::fullscreenMayReturnToInline): Deleted.

2020-08-12  Wenson Hsieh  <wenson_hsieh@apple.com>

        Broken formatting in price table on yandex.ru after translating to English
        https://bugs.webkit.org/show_bug.cgi?id=215416
        <rdar://problem/66354018>

        Reviewed by Tim Horton.

        Extend the behavior added in r265188 so that it applies to all elements that have `display: table-cell;`, rather
        than only table data cell elements.

        * editing/TextManipulationController.cpp:
        (WebCore::isEnclosingItemBoundaryElement):

2020-08-12  Adrian Perez de Castro  <aperez@igalia.com>

        Unreviewed non-unified build fix.

        No new tests needed.

        * accessibility/AccessibilityMenuListOption.cpp: Add missing inclusion of
        HTMLSelectElement.h.
        * page/Quirks.h: Add mising forward declaration of HTMLVideoElement.
        * page/UndoItem.cpp: Add missing inclusion of Document.h.

2020-08-12  Chris Dumez  <cdumez@apple.com>

        Unreviewed, address post-landing review comment from Sam Weinig for r265536.

        * Modules/webaudio/WaveShaperDSPKernel.cpp:
        (WebCore::WaveShaperDSPKernel::processCurve):

2020-08-12  Sergio Villar Senin  <svillar@igalia.com>

        Unreviewed build fix after r265546.

        The <Ref.h> include should be now in the header now that we've inlined the create() function.

        * Modules/webxr/WebXRInputSourceArray.cpp: Removed include.
        * Modules/webxr/WebXRInputSourceArray.h: Added include

2020-08-12  Youenn Fablet  <youenn@apple.com>

        Refresh WritableStream up to spec
        https://bugs.webkit.org/show_bug.cgi?id=215267

        Reviewed by Geoff Garen.

        Update according latest spec, including WebIDL, controller and writer.
        Covered by rebased tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/streams/StreamInternals.js:
        * Modules/streams/WritableStream.idl:
        * Modules/streams/WritableStream.js:
        * Modules/streams/WritableStreamDefaultController.idl: Added.
        * Modules/streams/WritableStreamDefaultController.js: Added.
        * Modules/streams/WritableStreamDefaultWriter.idl: Added.
        * Modules/streams/WritableStreamDefaultWriter.js: Added.
        * Modules/streams/WritableStreamInternals.js:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2020-08-06  Sergio Villar Senin  <svillar@igalia.com>

        [WebXR] Update WebXR WPT directory
        https://bugs.webkit.org/show_bug.cgi?id=215224

        Reviewed by Youenn Fablet.

        The update of the WebXR WPT directory helped us to unveil a couple of mistakes in the current code.
        First of all the Events defined in the WebXR spec had to be iso allocated as the Event base class.
        Secondly the WebXRInputSourceArray must have a ::create() method. Finally the m_inputSources attribute
        of the WebXRSession must be a Ref instead of a RefPtr because the specs mention that the initial
        value is an empty array.

        Tests: imported/w3c/web-platform-tests/webxr/anchors/ar_anchor_freefloating_create_move.https.html
               imported/w3c/web-platform-tests/webxr/anchors/ar_anchor_freefloating_delay_creation.https.html
               imported/w3c/web-platform-tests/webxr/anchors/ar_anchor_freefloating_failure.https.html
               imported/w3c/web-platform-tests/webxr/anchors/ar_anchor_freefloating_pause_resume_stop.https.html
               imported/w3c/web-platform-tests/webxr/anchors/ar_anchor_states.https.html
               imported/w3c/web-platform-tests/webxr/anchors/idlharness.https.window.html
               imported/w3c/web-platform-tests/webxr/dom-overlay/ar_dom_overlay_hit_test.https.html
               imported/w3c/web-platform-tests/webxr/dom-overlay/idlharness.https.window.html
               imported/w3c/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html
               imported/w3c/web-platform-tests/webxr/hit-test/ar_hittest_subscription_states_regular.https.html
               imported/w3c/web-platform-tests/webxr/hit-test/ar_hittest_subscription_states_transient.https.html
               imported/w3c/web-platform-tests/webxr/hit-test/ar_hittest_subscription_transientInputSources.https.html
               imported/w3c/web-platform-tests/webxr/hit-test/idlharness.https.html
               imported/w3c/web-platform-tests/webxr/render_state_update.https.html
               imported/w3c/web-platform-tests/webxr/webGLCanvasContext_makecompatible_reentrant.https.html
               imported/w3c/web-platform-tests/webxr/xrReferenceSpace_relationships.https.html

        * Modules/webxr/WebXRInputSourceArray.cpp:
        (WebCore::WebXRInputSourceArray::create): Added.
        * Modules/webxr/WebXRInputSourceArray.h:
        * Modules/webxr/WebXRSession.cpp:
        (WebCore::WebXRSession::WebXRSession): Initialize the m_inputSources.
        (WebCore::WebXRSession::inputSources const): Return a const reference.
        * Modules/webxr/WebXRSession.h:
        * Modules/webxr/XRInputSourcesChangeEvent.cpp: Make it iso allocated.
        * Modules/webxr/XRInputSourcesChangeEvent.h: Ditto.
        * Modules/webxr/XRSessionEvent.cpp: Ditto.
        * Modules/webxr/XRSessionEvent.h: Ditto.

2020-08-12  Antti Koivisto  <antti@apple.com>

        REGRESSION (r259805): Not able to scroll vertically after scrolling horizontally without leaving message and coming back
        https://bugs.webkit.org/show_bug.cgi?id=215374
        <rdar://problem/65269837>

        Reviewed by Darin Adler.

        The content has a horizontally scrolling overflow. While rubberbanding it we mark a wheel event unhandled which causes Mail
        to take over event handling and leaves us semi-permanently in stretched state.

        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::handleWheelEvent):

        Dissallowed vertical stretch would mark the event unhandled even though we are rubberbanding in horizontal direction.

        Only mark a wheel event unhandled if it actually concerns the tested direction.

2020-08-12  Chris Lord  <clord@igalia.com>

        Implement Canvas.transferControlToOffscreen and OffscreenCanvasRenderingContext2D.commit
        https://bugs.webkit.org/show_bug.cgi?id=202797

        Reviewed by Dean Jackson.

        Implement HTMLCanvasElement.transferControlToOffscreen and
        OffscreenCanvasRenderingContext2D.commit. This allows for
        (synchronous) display of asynchronously rendered OffscreenCanvas
        content.

        No new tests. Covered by existing tests.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::setHeight):
        (WebCore::HTMLCanvasElement::setWidth):
        (WebCore::HTMLCanvasElement::reset):
        (WebCore::HTMLCanvasElement::transferControlToOffscreen):
        (WebCore::HTMLCanvasElement::setImageBufferAndMarkDirty):
        (WebCore::HTMLCanvasElement::isControlledByOffscreen const):
        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.idl:
        * html/OffscreenCanvas.cpp:
        (WebCore::DetachedOffscreenCanvas::takePlaceholderCanvas):
        (WebCore::OffscreenCanvas::create):
        (WebCore::OffscreenCanvas::getContext):
        (WebCore::OffscreenCanvas::didDraw):
        (WebCore::OffscreenCanvas::detach):
        (WebCore::OffscreenCanvas::setPlaceholderCanvas):
        (WebCore::OffscreenCanvas::pushBufferToPlaceholder):
        (WebCore::OffscreenCanvas::commitToPlaceholderCanvas):
        (WebCore::OffscreenCanvas::scheduleCommitToPlaceholderCanvas):
        (WebCore::OffscreenCanvas::reset):
        * html/OffscreenCanvas.h:
        * html/canvas/OffscreenCanvasRenderingContext2D.cpp:
        (WebCore::OffscreenCanvasRenderingContext2D::commit):
        * html/canvas/OffscreenCanvasRenderingContext2D.h:
        * html/canvas/OffscreenCanvasRenderingContext2D.idl:
        * html/canvas/PlaceholderRenderingContext.cpp:
        (WebCore::PlaceholderRenderingContext::canvas const):
        * html/canvas/PlaceholderRenderingContext.h:

2020-08-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r261570): [GTK] Fails to send drop event to JavaScript
        https://bugs.webkit.org/show_bug.cgi?id=215032

        Reviewed by Darin Adler.

        Add support for custom data in drag and drop operations too.

        * platform/gtk/PasteboardGtk.cpp:
        (WebCore::Pasteboard::write): Se custom data on m_selectionData.
        (WebCore::Pasteboard::read): Initialize the content origin also for drag and drop pasteboards.
        (WebCore::Pasteboard::hasData): For drag and drop pasteboards return true also if m_selectionData has custom data.
        (WebCore::Pasteboard::typesSafeForBindings): Implement this for drag and drop pasteboards.
        (WebCore::Pasteboard::readOrigin): Ditto.
        (WebCore::Pasteboard::readStringInCustomData): Ditto.
        (WebCore::Pasteboard::writeCustomData): Ditto.

2020-08-11  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Depth formats can have mipmaps in WebGL 2
        https://bugs.webkit.org/show_bug.cgi?id=215404

        Reviewed by Kenneth Russell.

        Fixes 150 WebGL 2 conformance tests.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateTexFuncFormatAndType):

2020-08-11  Chris Dumez  <cdumez@apple.com>

        Unreviewed, address post-landing review comment from Darin for r265536.

        * Modules/webaudio/WaveShaperDSPKernel.cpp:
        (WebCore::WaveShaperDSPKernel::processCurve):

2020-08-11  Chris Dumez  <cdumez@apple.com>

        Fix WaveShapperNode's waveshaping curve implementation
        https://bugs.webkit.org/show_bug.cgi?id=215391

        Reviewed by Darin Adler.

        Fix WaveShapperNode's waveshaping curve implementation using the algorithm in the specification:
        - https://www.w3.org/TR/webaudio/#dom-waveshapernode-curve

        No new tests, rebaselined existing tests.

        * Modules/webaudio/WaveShaperDSPKernel.cpp:
        (WebCore::WaveShaperDSPKernel::processCurve):

2020-08-11  Simon Fraser  <simon.fraser@apple.com>

        Have render tree dumps show overflow information
        https://bugs.webkit.org/show_bug.cgi?id=215385

        Reviewed by Zalan Bujtas.

        Add code to RenderObject::outputRenderObject() to show layout/visual overflow, as we do
        for render tree dumps.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::outputRenderObject const):

2020-08-11  Brady Eidson  <beidson@apple.com>

        Add a "use stored credentials" setting to WKWebView.
        <rdar://problem/63308019> and https://bugs.webkit.org/show_bug.cgi?id=215388

        Reviewed by Geoff Garen.

        Covered by Preconnect API tests.
        
        This setting is to allow apps to explicitly deny using the credential storage
        for network operations. (e.g. to make sure the Keychain UI doesn't pop up
        for an offscreen load)

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::shouldUseCredentialStorage):

        * page/Page.h:
        (WebCore::Page::setCanUseCredentialStorage):
        (WebCore::Page::canUseCredentialStorage const):

2020-08-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, reverting r265502.
        https://bugs.webkit.org/show_bug.cgi?id=215396

        Needs locking to avoid flaky GC-related crashes

        Reverted changeset:

        "[WebGL2] expando-loss and expando-loss-2 conformance tests
        are failing"
        https://bugs.webkit.org/show_bug.cgi?id=214765
        https://trac.webkit.org/changeset/265502

2020-08-11  Jon Davis  <jond@apple.com>

        Add privacy and security keywords to feature status entries
        https://bugs.webkit.org/show_bug.cgi?id=215203

        Reviewed by Youenn Fablet.

        * features.json:

2020-08-11  Chris Dumez  <cdumez@apple.com>

        Fix BiquadFilterNode's lowpass filter
        https://bugs.webkit.org/show_bug.cgi?id=215381

        Reviewed by Darin Adler.

        Fix BiquadFilterNode's lowpass filter as it was causing us to fail a WPT test:
        - https://www.w3.org/TR/webaudio/#dom-biquadfiltertype-lowpass

        No new tests, rebaselined existing test.

        * Modules/webaudio/BiquadProcessor.cpp:
        (WebCore::BiquadProcessor::BiquadProcessor):
        * platform/audio/Biquad.cpp:
        (WebCore::Biquad::setLowpassParams):

2020-08-11  Darin Adler  <darin@apple.com>

        LayoutTest accessibility/mac/select-element-selection-with-optgroups.html is a flaky failure
        https://bugs.webkit.org/show_bug.cgi?id=175341

        Reviewed by Chris Fleizach.

        Failures were due to new AX objects being created for HTMLOptionElement.
        Unlike most other AX objects, these were not cached in the AXObjectCache
        and multiple objects could be created for the same underlying option. Fixed this
        by changing it to track the option element in the cache in the conventional way.

        * WebCore.xcodeproj/project.pbxproj: Remove AccessibilityMediaControls.h/cpp.
        The source files were removed back in April.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::getOrCreate): Added code for HTMLOptionElement and
        HTMLOptGroupElement so AccessibilityMenuListOption and AccessibilityListBoxOption
        can be created in this function.
        (WebCore::AXObjectCache::create): Renamed the version of this that takes an
        AccessibilityRole to not claim that it ever gets the value from the cache,
        because it never does. Also removed the cases for ListBoxOption and MenuListOption.
        * accessibility/AXObjectCache.h: Updated for above.

        * accessibility/AccessibilityARIAGrid.cpp:
        (WebCore::AccessibilityARIAGrid::addChildren): Use create.

        * accessibility/AccessibilityListBox.cpp:
        (WebCore::AccessibilityListBox::addChildren): Removed super-old comment that mentions
        the long-ago-removed WML.
        (WebCore::AccessibilityListBox::listBoxOptionAccessibilityObject const): Use the
        element to get the list box option rather than creating a new one every time.
        No longer any need to special case <hr> elements since the getOrCreate function
        will return nil for non-option elements that don't have a renderer.

        * accessibility/AccessibilityListBoxOption.cpp:
        (WebCore::AccessibilityListBoxOption::AccessibilityListBoxOption): Take the element
        in the constructor instead of using a separate function to associate it.
        (WebCore::AccessibilityListBoxOption::create): Ditto.
        (WebCore::AccessibilityListBoxOption::isEnabled const): Update for WeakPtr.
        (WebCore::AccessibilityListBoxOption::isSelected const): Ditto.
        (WebCore::AccessibilityListBoxOption::canSetSelectedAttribute const): Ditto.
        (WebCore::AccessibilityListBoxOption::actionElement const): Update for WeakPtr.
        (WebCore::AccessibilityListBoxOption::node const): Added. For some reason the
        AccessibilityMenuListOption class had this function and this one did not. They
        should both have it.
        * accessibility/AccessibilityListBoxOption.h: Updated for above. Made most
        functions private and final. Fixed includes and forward declarations.
        Removed the setHTMLElement function. Changed m_optionElement from
        HTMLElement* to WeakPtr<HTMLElement>.

        * accessibility/AccessibilityMenuList.cpp:
        (WebCore::AccessibilityMenuList::addChildren): Use create.

        * accessibility/AccessibilityMenuListOption.cpp:
        (WebCore::AccessibilityMenuListOption::AccessibilityMenuListOption): Take the
        element in the constructor instead of using a separate function to associate it.
        (WebCore::AccessibilityMenuListOption::create): Ditto.
        (WebCore::AccessibilityMenuListOption::setElement): Deleted.
        (WebCore::AccessibilityMenuListOption::node const): Moved here from the header.
        (WebCore::AccessibilityMenuListOption::isEnabled const): Removed unneeded cast
        now that m_element has a more specific type, and added a null check.
        (WebCore::AccessibilityMenuListOption::isVisible const): Removed dependency
        on m_parent pointer, which does not exist now that we don't derive from
        AccessibilityMockObject.
        (WebCore::AccessibilityMenuListOption::isSelected const): Removed unneeded cast
        now that m_element has a more specific type, and added a null check.
        (WebCore::AccessibilityMenuListOption::setSelected): Ditto, but no null check
        needed because canSetSelectedAttribute takes care of that.
        (WebCore::AccessibilityMenuListOption::stringValue const): Ditto.
        * accessibility/AccessibilityMenuListOption.h: Updated for above. Marked
        functions final instead of override. Changed m_element from RefPtr<HTMLElement>
        to WeakPtr<HTMLOptionElement> to avoid reference cycles that could leak to
        memory leaks. Derive from AccessibilityObject instead of
        AccessibilityMockObject, since the latter class has nothing to offer us.

        * accessibility/AccessibilityMenuListPopup.cpp:
        (WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject const):
        Use the element to get the menu list option rather than creating a new one
        every time. No longer any need to check that the type is HTMLOptionElement
        because that's the responsibility of the code in the cache now.
        (WebCore::AccessibilityMenuListPopup::addChildren): Removed unneeded call
        to setParent since the menu list option objects no longer hold parent pointers.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::accessibleNameForNode): Added a special case for HTMLOptionElement
        like the one for HTMLInputElement. The code worked for fairly well for option
        elements before, almost by accident, and the way it worked was perturbed by
        the change to whether we cache those objects. This newer code path works in a
        more straightforward way, keeps our existing tests psasing, and likely gets
        some edge cases handled more correctly (should add new tests for those).

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::documentLinks): Use create.
        (WebCore::AccessibilityRenderObject::addImageMapChildren): Ditto.
        (WebCore::AccessibilityRenderObject::addTextFieldChildren): Ditto.
        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySlider::addChildren): Ditto.
        * accessibility/AccessibilitySpinButton.cpp:
        (WebCore::AccessibilitySpinButton::addChildren): Ditto.
        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::addChildren): Ditto.
        (WebCore::AccessibilityTable::headerContainer): Ditto.

        * accessibility/atk/WebKitAccessible.cpp:
        (fallbackObject): Deleted.
        (webkitAccessibleGetName): Added null check.
        (webkitAccessibleGetDescription): Ditto.
        (webkitAccessibleGetParent): Ditto.
        (webkitAccessibleGetNChildren): Ditto.
        (webkitAccessibleRefChild): Ditto.
        (webkitAccessibleGetIndexInParent): Ditto.
        (webkitAccessibleGetAttributes): Ditto.
        (webkitAccessibleGetRole): Ditto.
        (webkitAccessibleRefStateSet): Ditto.
        (webkitAccessibleRefRelationSet): Ditto.
        (webkitAccessibleGetObjectLocale): Ditto.
        (webkitAccessibleGetAccessibilityObject): Ditto.
        (webkitAccessibleDetach): Use nullptr instead of fallbackObject.
        (webkitAccessibleIsDetached): Ditto.

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::selected const): Made this const. An earlier
        version of the patch required this; the latest version doesn't, but it's
        more logical and better for it to be const.
        * html/HTMLOptionElement.h: Updated for above.

2020-08-11  Timothy Hatcher  <timothy@apple.com>

        Deferred WKUserScripts are exponentially injected on preloaded pages with frames.
        https://bugs.webkit.org/show_bug.cgi?id=215382
        rdar://problem/66837802

        Reviewed by Sam Weinig.

        When defering a script in a frame it was previously added to a vector per-page.
        Later when notified to inject the defered scripts, the page would iterate over all
        the frames and evaluate the scripts on each frame. Since this vector had all the
        frame's scripts the evaluations would be multiplied by the number of frames.

        Now the defered scripts are stored per-frame and the page asks each frame to
        inject the defered scripts.

        * page/Frame.cpp:
        (WebCore::Frame::injectUserScripts):
        (WebCore::Frame::addUserScriptAwaitingNotification):
        (WebCore::Frame::injectUserScriptsAwaitingNotification):
        * page/Frame.h:
        * page/Page.cpp:
        (WebCore::Page::notifyToInjectUserScripts):
        (WebCore::Page::addUserScriptAwaitingNotification): Deleted.
        * page/Page.h:
        * page/Quirks.cpp:
        (WebCore::Quirks::triggerOptionalStorageAccessQuirk const):

2020-08-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        Text input autocorrect="off" attribute ignored on Mac
        https://bugs.webkit.org/show_bug.cgi?id=151019
        <rdar://problem/65061700>

        Reviewed by Simon Fraser.

        Add support for the `autocorrect` attribute on macOS, by not showing the automatic spell checking popup or
        automatically correcting misspelled words if the root editable element has `autocorrect="off"`.

        Tests:  editing/input/cocoa/autocorrect-off.html
                editing/input/cocoa/autocorrect-on.html

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::isAutomaticSpellingCorrectionEnabled):

2020-08-11  Sihui Liu  <sihui_liu@apple.com>

        Text manipulation crashes when replacing element with img role
        https://bugs.webkit.org/show_bug.cgi?id=215344

        Reviewed by Wenson Hsieh.

        positionInParentAfterNode and positionInParentBeforeNode do not return Position with Nodes that are ignored by 
        editing. Element with img role is one of such Nodes. However, TextManipulationController can manipulate content 
        of children of the ignored Nodes (see the newly added test). Therefore, we'd better not use 
        positionInParentBeforeNode or positionInParentBeforeNode in TextManipulationController::replace, because
        insertion position can be inside a ignored Node.

        API Test: TextManipulation.CompleteTextManipulationShouldReplaceContentIgnoredByEditing

        * editing/TextManipulationController.cpp:
        (WebCore::TextManipulationController::replace):

2020-08-11  Kenneth Russell  <kbr@chromium.org>

        [WebGL2] expando-loss and expando-loss-2 conformance tests are failing
        https://bugs.webkit.org/show_bug.cgi?id=214765

        Reviewed by Darin Adler.

        Use JSWebGLRenderingContext's and JSWebGL2RenderingContext's
        existing visitAdditionalChildren hook (via JSCustomMarkFunction in
        their IDL) to add opaque roots for all WebGLObjects latched in to
        the context state, and all WebGLObjects they refer to. (Extensions
        were already previously handled.)

        Add "GenerateIsReachable=Impl" to the IDL files for all such
        objects (WebGLBuffer, WebGLTexture, etc.) so that they pay
        attention to the opaque root state when determining liveness of
        their JavaScript wrappers. Thanks to ysuzuki@ for pointing out the
        need for this.

        * bindings/js/JSWebGL2RenderingContextCustom.cpp:
        (WebCore::JSWebGL2RenderingContext::visitAdditionalChildren):
        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::visitAdditionalChildren):
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::visitReferencedJSWrappers):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGLBuffer.idl:
        * html/canvas/WebGLFramebuffer.cpp:
        (WebCore::WebGLFramebuffer::visitReferencedJSWrappers):
        * html/canvas/WebGLFramebuffer.h:
        * html/canvas/WebGLFramebuffer.idl:
        * html/canvas/WebGLProgram.cpp:
        (WebCore::WebGLProgram::visitReferencedJSWrappers):
        * html/canvas/WebGLProgram.h:
        * html/canvas/WebGLProgram.idl:
        * html/canvas/WebGLQuery.idl:
        * html/canvas/WebGLRenderbuffer.idl:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::visitReferencedJSWrappers):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLSampler.idl:
        * html/canvas/WebGLShader.idl:
        * html/canvas/WebGLTexture.idl:
        * html/canvas/WebGLTransformFeedback.cpp:
        (WebCore::WebGLTransformFeedback::visitReferencedJSWrappers):
        * html/canvas/WebGLTransformFeedback.h:
        * html/canvas/WebGLTransformFeedback.idl:
        * html/canvas/WebGLVertexArrayObject.idl:
        * html/canvas/WebGLVertexArrayObjectBase.cpp:
        (WebCore::WebGLVertexArrayObjectBase::visitReferencedJSWrappers):
        * html/canvas/WebGLVertexArrayObjectBase.h:
        * html/canvas/WebGLVertexArrayObjectOES.idl:

2020-08-11  Youenn Fablet  <youenn@apple.com>

        Add JS console log message in case of capture failure
        https://bugs.webkit.org/show_bug.cgi?id=215370

        Reviewed by Eric Carlson.

        Covered by rebased test.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::trackEnded):

2020-08-11  Zalan Bujtas  <zalan@apple.com>

        [AutoTableLayout] REGRESSION(r263855) Paypal email is rendered right aligned on Safari
        https://bugs.webkit.org/show_bug.cgi?id=215340
        <rdar://problem/66540254>

        Reviewed by Simon Fraser.

        Prior to r263855, these zero-length, non-empty columns had the preferred width value of 1px and the available space got distributed based on this made-up 1px value.
        In this patch, we distribute the available horizontal space evenly among these zero-length, 'width: auto' columns.

        Test: fast/table/zero-length-non-empty-columns-with-auto-width.html

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::layout):

2020-08-11  Sergio Villar Senin  <svillar@igalia.com>

        [css-flexbox] Only update the intrinsic height if we don't have an override height
        https://bugs.webkit.org/show_bug.cgi?id=215369

        Reviewed by Javier Fernandez.

        If we do have an override height, children will size themselves relative to the override height
        (e.g. flexbox flexing/stretching, percentage heights). Because flex intrinsic height is based on
        its children, it would then store an incorrect intrinsic height.

        This is specially problematic with min-height:auto is nested column flexboxes where flexboxes are
        flex items at the same time.

        Based on Blink's https://crrev.com/c/1283482 by <cbiesinger@chromium.org>

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::cacheIntrinsicContentLogicalHeightForFlexItem const): Early return if there
        is an override height.

2020-08-11  Andres Gonzalez  <andresg_22@apple.com>

        Update the isolated tree on element language changes.
        https://bugs.webkit.org/show_bug.cgi?id=215354
        <rdar://problem/65583698>

        Reviewed by Chris Fleizach.

        Test: accessibility/language-attribute-change.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::handleAttributeChange): Added handling of
        AXLanguageChanged notifications.
        (WebCore::AXObjectCache::updateIsolatedTree): Update the isolated tree
        for ASLanguage notifications.
        * accessibility/AXObjectCache.h:

2020-08-11  Alicia Boya García  <aboya@igalia.com>

        [MSE][GStreamer] Remove m_sourceBufferPrivateClient checks in SourceBufferPrivateGStreamer
        https://bugs.webkit.org/show_bug.cgi?id=215263

        Reviewed by Xabier Rodriguez-Calvar.

        m_sourceBufferPrivateClient is only reset to NULL from SourceBuffer's
        destructor. At this point SourceBufferPrivateGStreamer is about to
        receive its last unref by SourceBuffer and therefore be destroyed.

        Similarly, there is no need to check for m_mediaSource being null.
        m_mediaSource is only reset when the SourceBuffer is removed, and at
        that point SourceBufferPrivate shouldn't receive any calls.

        This is a clean-up and doesn't introduce new behavior. Asserts have
        been added checking the precondition above.

        * platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.cpp:
        (WebCore::SourceBufferPrivateGStreamer::removedFromMediaSource):
        (WebCore::SourceBufferPrivateGStreamer::didReceiveInitializationSegment):
        (WebCore::SourceBufferPrivateGStreamer::didReceiveSample):
        (WebCore::SourceBufferPrivateGStreamer::didReceiveAllPendingSamples):
        (WebCore::SourceBufferPrivateGStreamer::appendParsingFailed):

2020-08-11  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] gst-full standalone library support
        https://bugs.webkit.org/show_bug.cgi?id=215262

        Reviewed by Xabier Rodriguez-Calvar.

        A new CMake option is introduced to enable gst-full support: USE_GSTREAMER_FULL. By default
        this option is disabled. WebKit distributors might want to enable this if they distribute
        GStreamer through gst-build's gst-full library. In gst-build the following options can be
        used to produce a usable libgstreamer-full-1.0.so:

        -Dpython=disabled -Dges=disabled -Ddevtools=disabled -Dintrospection=disabled -Ddefault_library=static

        Once enabled in our build, the dynamic library libgstreamer-full-1.0.so will be loaded
        instead of all the other GStreamer libraries. Plugins are statically registered in this
        library as well.

        This can be useful when deploying WebKit in controlled embedded platform where disk space is
        limited. One of the goals of gst-full is to enable full customization of the plugins to be
        included in the library. Static registration can also reduce GStreamer initialization time.

        * platform/GStreamer.cmake:
        * platform/graphics/gstreamer/GStreamerCommon.cpp:
        (WebCore::initializeGStreamer):
        (WebCore::initializeGStreamerAndRegisterWebKitElements):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Disable missing-plugins handling when
        gst-full is in use. The plugin installer doesn't make much sense for this scenario.

2020-08-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Fix bad merge in r265488
        https://bugs.webkit.org/show_bug.cgi?id=214769

        Unreviewed. This is something that got dropped in a bad merge from r265488.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::layoutSimpleText const):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::originAt const):
        (WebCore::GlyphBuffer::expandInitialAdvance):

2020-08-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Spacing of Chinese characters is inconsistent in macOS 11/Safari 14 beta
        https://bugs.webkit.org/show_bug.cgi?id=214769

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=206208..

        In the general case, text shaping is Turing-complete. In order for it to work properly,
        we need to feed the text shaping virtual machine the correct inputs so that it can
        produce correct outputs. The input to text shaping is supposed to be the raw glyph
        advances straight from CTFontGetAdvancesForGlyphs().

        Previously, we were applying letter-spacing, word-spacing, justification, and tab stops
        before shaping. Most fonts don't care about this and still produce the correct results.
        However, Ping Fang on macOS Big Sur and iOS 14 _does_ care about this, and its shaping
        rules operate incorrectly when fed these pre-expanded glyph widths.

        The solution is to apply this extra spacing after shaping occurs. However, because
        shaping is Turing-complete, it is free to add or remove glyphs willy-nilly. This means
        we need some way of tracing back which character in the input string correspond to which
        output glyphs, so we know which glyphs to add additional spacing to. This is what
        https://bugs.webkit.org/show_bug.cgi?id=215059 does: It switches from using
        CTFontTransformGlyphsWithLanguage() to CTFontShapeGlyphs(), which outputs this
        glyph-character tracing info. Then, once we have this tracing info, we can apply spacing
        properly after shaping has completed. That's what this patch does.

        Tests: fast/text/letter-spacing-shaping.html
               fast/text/tab-letter-space.html

        * platform/graphics/FontCascade.cpp: Clients of WidthIterator::advance() need to call
        WidthIterator::finalize() (see below).
        (WebCore::FontCascade::widthOfTextRange const):
        (WebCore::FontCascade::layoutSimpleText const):
        (WebCore::FontCascade::floatWidthForSimpleText const):
        (WebCore::FontCascade::adjustSelectionRectForSimpleText const):
        (WebCore::FontCascade::offsetForPositionForSimpleText const):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::expandInitialAdvance):
        (WebCore::GlyphBuffer::expandAdvance):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator):
        (WebCore::WidthIterator::hasExtraSpacing const):
        (WebCore::WidthIterator::advanceInternal): Delete the code that used to apply spacing
        before shaping. Instead, it gets moved to applyExtraSpacingAfterShaping().
        (WebCore::WidthIterator::calculateAdditionalWidth const): This is a refactoring of
        the additional space calculation code. This is a const function, and has no side-effects.
        It outputs 4 floats:
        - How much space needs to be added to the left of the current character
        - How much space needs to be added to the right of the current character
        - How much space needs to be added to the left of the current character due to justification
        - How much space needs to be added to the right of the current character due to justification
        We need these last two values because one of the outputs of WidthIterator::advance() is
        a bool which represents whether or not we are ending on a justification space, so that the
        next WidthIterator that gets created for the next thing on the line can forbid/require a
        leading justification appropriately.
        (WebCore::WidthIterator::applyAdditionalWidth): Given the 4 values calculated in
        calculateAdditionalWidth(), apply them. We're operating in logical order, so this function has
        to do some translation from visual order to logical order (hence all the m_run.ltr() calls).
        If we're trying to add size to the left of the first character in LTR, we can't directly do
        that, because advances can only add space to the right side of a character, and there is no
        character to the left of the first character to expand. Therefore, we do this by increasing
        the initial advance of the GlyphBuffer, which is a special advance created just to solve this
        problem. In RTL, the problem is a bit more complicated - we don't know whether advance() will
        be called again, thereby delivering a glyph which we _can_ expand, so we instead store what
        would have been expanded inside m_leftoverJustificationWidth, and wait for the next call to
        advance(). If none comes, clients have to call finalize() instead, which will apply
        m_leftoverJustificationWidth to the GlyphBuffer's initial advance.
        (WebCore::WidthIterator::applyExtraSpacingAfterShaping):
        (WebCore::WidthIterator::finalize):
        (WebCore::WidthIterator::advance):
        * platform/graphics/WidthIterator.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::measureTextRenderer):

2020-08-10  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Migrate from CTFontTransformGlyphsWithLanguage() to CTFontShapeGlyphs()
        https://bugs.webkit.org/show_bug.cgi?id=215059

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        The solution for https://bugs.webkit.org/show_bug.cgi?id=214769 requires applying
        letter-spacing after text shaping. Today, we apply letter-spacing before text shaping
        which is wrong. However, if we want to apply letter-spacing after text shaping, we need
        to use CTFontShapeGlyphs(), which returns the glyph -> string mapping, which allows us
        to determine which glyphs to add letter-spacing to.

        Updates existing tests.

        Tests: fast/text/international/kana-voiced-sound-marks-1.html
               fast/text/international/kana-voiced-sound-marks-2.html

        * platform/graphics/Font.cpp:
        (WebCore::Font::applyTransforms const):
        * platform/graphics/Font.h:
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::widthForSimpleText const):
        (WebCore::FontCascade::characterRangeCodePath):
        (WebCore::FontCascade::layoutSimpleText const):
        * platform/graphics/FontCascade.h:
        * platform/graphics/SurrogatePairAwareTextIterator.cpp:
        (WebCore::SurrogatePairAwareTextIterator::consumeSlowCase): Now that we're using
        CTFontShapeGlyphs(), the shaping routine can and does look at the underlying character
        string to perform character composition. This means that the glyph buffer needs to
        match exactly what is in the string. We can't do any shenanigans where we pretend the
        string has characters that aren't actually there.
        * platform/graphics/SurrogatePairAwareTextIterator.h:
        (WebCore::SurrogatePairAwareTextIterator::consume):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::shouldApplyFontTransforms const):
        (WebCore::WidthIterator::applyFontTransforms): Reversing the glyph buffer for rtl
        content needs to be done inside platform-specific code, because its behavior depends on
        which platform shaping routine is being used.
        (WebCore::WidthIterator::commitCurrentFontRange):
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/WidthIterator.h:
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::applyTransforms const):
        * platform/graphics/mac/SimpleFontDataCoreText.cpp:
        (WebCore::Font::getCFStringAttributes const):

2020-08-10  Devin Rousso  <drousso@apple.com>

        Add quirk to force touch events on mail.yahoo.com
        https://bugs.webkit.org/show_bug.cgi?id=215329
        <rdar://problem/59824469>

        Reviewed by Darin Adler and Tim Horton.

        <https://mail.yahoo.com/> serves a mobile site even in desktop browsing "mode", meaning
        that certain actions, such as selecting an aufotill contact, expect mobile behaviors,
        such as mouse events being dispatched after touch events rather than instantly (in the
        case of a connected trackpad with an iPad). This quirk ensures always mobile behavior for
        those actions, matching the expectations of <https://mail.yahoo.com/>.

        * page/Quirks.h:
        * page/Quirks.cpp:
        (WebCore::isYahooMail): Added.
        (WebCore::Quirks::shouldSynthesizeTouchEvents const): Added.
        (WebCore::Quirks::shouldAvoidPastingImagesAsWebContent const):

        * loader/DocumentLoader.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::mouseEventPolicy const):

2020-08-10  Chris Dumez  <cdumez@apple.com>

        AuxiliaryProcess::didReceiveInvalidMessage() for WebPage::PerformDragControllerAction IPC
        https://bugs.webkit.org/show_bug.cgi?id=215341
        <rdar://problem/59344091>

        Reviewed by Alex Christensen.

        Consistently use OptionSet<DragApplicationFlags> instead of DragApplicationFlags.

        * page/gtk/DragControllerGtk.cpp:
        (WebCore::DragController::isCopyKeyDown):
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::isCopyKeyDown):
        (WebCore::DragController::dragOperation):
        * platform/DragData.cpp:
        (WebCore::DragData::DragData):
        * platform/DragData.h:
        (WebCore::DragData::flags const):
        * platform/cocoa/DragDataCocoa.mm:
        (WebCore::DragData::DragData):
        * platform/win/DragDataWin.cpp:
        (WebCore::DragData::DragData):

2020-08-10  Peng Liu  <peng.liu6@apple.com>

        MobileSafari crashes at WebCore: -[WebAVPlayerController seekToTime:toleranceBefore:toleranceAfter:]
        https://bugs.webkit.org/show_bug.cgi?id=215332

        Reviewed by Eric Carlson.

        Add a NULL pointer check to fix a crash.

        * platform/ios/WebAVPlayerController.mm:
        (-[WebAVPlayerController seekToTime:toleranceBefore:toleranceAfter:]):

2020-08-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Shaping can be performed on glyphIDs from the wrong font
        https://bugs.webkit.org/show_bug.cgi?id=215333

        Reviewed by Darin Adler.

        The problem is this line:
        if (font != lastFontData && width)

        This means we will only trigger shaping code if width is non-zero.
        However, even if width is non-zero, we will still happily add glyphs
        to the glyph buffer, and when we do eventually get around to shaping,
        we shape all yet-unshaped glyphs, regardless of which font they came
        from.

        Test: fast/text/zero-width-shaping-font-mismatch.html

        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::commitCurrentFontRange):
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/WidthIterator.h:

2020-08-10  Clark Wang  <clark_wang@apple.com>

        Add AudioProcessingEvent Constructor
        https://bugs.webkit.org/show_bug.cgi?id=215237

        Reviewed by Chris Dumez.

        Added constructor according to spec: https://bugs.webkit.org/show_bug.cgi?id=215237.
        Added in AudioProcessingEventInit files.

        Test: webaudio/audioprocessingevent-constructor.html

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioProcessingEvent.cpp:
        (WebCore::AudioProcessingEvent::create):
        (WebCore::AudioProcessingEvent::AudioProcessingEvent):
        * Modules/webaudio/AudioProcessingEvent.h:
        * Modules/webaudio/AudioProcessingEvent.idl:
        * Modules/webaudio/AudioProcessingEventInit.h: Added.
        * Modules/webaudio/AudioProcessingEventInit.idl: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-10  Chris Dumez  <cdumez@apple.com>

        Align existing AudioParam API with the specification
        https://bugs.webkit.org/show_bug.cgi?id=215301

        Reviewed by Sam Weinig.

        Align existing AudioParam API with the specification:
        - https://www.w3.org/TR/webaudio/#AudioParam

        In particular, the following changes were made:
        - Use float instead of unrestricted float where appropriate, so that we properly throw when
          provided non-finite values.
        - Use double instead of float where appropriate
        - A lot of the operations were previously returning nothing but they should return the
          AudioParam itself to allow chaining.
        - Throw an exceptions when passed invalid values (e.g. negative times)
        - Throw exceptions when events overlap. This part is based on Chromium's implementation here:
          - https://github.com/chromium/chromium/blob/master/third_party/blink/renderer/modules/webaudio/audio_param_timeline.cc#L513
          and is specification is here:
          - https://webaudio.github.io/web-audio-api/#dfn-automation-event

        This allows us to pass some more WPT webaudio tests.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioParam.cpp:
        * Modules/webaudio/AudioParam.h:
        * Modules/webaudio/AudioParam.idl:
        * Modules/webaudio/AudioParamTimeline.cpp:
        (WebCore::AudioParamTimeline::setValueAtTime):
        (WebCore::AudioParamTimeline::linearRampToValueAtTime):
        (WebCore::AudioParamTimeline::exponentialRampToValueAtTime):
        (WebCore::AudioParamTimeline::setTargetAtTime):
        (WebCore::AudioParamTimeline::setValueCurveAtTime):
        (WebCore::AudioParamTimeline::insertEvent):
        (WebCore::AudioParamTimeline::cancelScheduledValues):
        (WebCore::AudioParamTimeline::valuesForTimeRangeImpl):
        * Modules/webaudio/AudioParamTimeline.h:
        (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
        (WebCore::AudioParamTimeline::ParamEvent::time const):
        (WebCore::AudioParamTimeline::ParamEvent::duration const):
        (WebCore::AudioParamTimeline::ParamEvent::curve):

2020-08-10  Eric Carlson  <eric.carlson@apple.com>

        r262456 broke sites that expect webkitDisplayingFullscreen to be true almost immediately
        https://bugs.webkit.org/show_bug.cgi?id=215240
        <rdar://problem/66284042>

        Reviewed by Darin Adler.

        Add a quirk for sites that use the Akamai Media Player, which begins polling
        `webkitDisplayingFullscreen` every 100ms immediately after entering video fullscreen
        mode and exits fullscreen as soon as it returns false. r262456 changed the HTMLMediaPlayer
        state machine so `webkitDisplayingFullscreen` doesn't return `true` until the fullscreen
        window has been opened in the UI process. This was done to fix bugs triggered by
        rapidly entering and exiting fullscreen and PiP and make our own fullscreen/PiP tests
        less flakey, so instead of reverting the change universally do it as a quirk for sites
        using the Akamai Media Player.

        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::webkitDisplayingFullscreen):
        * page/Quirks.cpp:
        (WebCore::Quirks::needsAkamaiMediaPlayerQuirk const):
        * page/Quirks.h:

2020-08-10  Antti Koivisto  <antti@apple.com>

        Return values of FontDatabase::collectionForFamily are not thread safe
        https://bugs.webkit.org/show_bug.cgi?id=215320
        <rdar://problem/66502539>

        Reviewed by Anders Carlsson.

        Font prewarming can add new entries to m_familyNameToFontDescriptors while lookups are being made.
        Access to it is protected by a lock.

        However if the hashmap ends up rehashing, the pointer returned from collectionForFamily may end up becoming invalid.
        This can result in a crash later under findClosestFont.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontDatabase::collectionForFamily):

        Heap allocate the hashmap values so they stay valid over hashtable mutations.

2020-08-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        [macOS] Drag/drop an image of a unsupported format to an file input element should convert it to a supported format
        https://bugs.webkit.org/show_bug.cgi?id=212482
        <rdar://problem/63731672>

        Reviewed by Darin Adler.

        Although the list of the dropped files are sent from the UI process to
        the Web process through the WebPage channel, the file input settings are
        only known by the Web process. So we have to do the image transcoding in
        WebCore.

        Tests: fast/forms/file/entries-api/image-no-transcode-drag-drop.html
               fast/forms/file/entries-api/image-transcode-drag-drop.html

        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * html/FileInputType.cpp:
        (WebCore::FileInputType::handleDOMActivateEvent):
        (WebCore::FileInputType::fileChooserSettings const):
        Move filling FileChooserSettings to the function: fileChooserSettings().

        (WebCore::FileInputType::applyFileChooserSettings):
        Call fileChooserSettings() instead of receiving FileChooserSettings as
        an argument.

        (WebCore::FileInputType::filesChosen):
        Add this function which can be called from receiveDroppedFiles() or
        receiveDroppedFilesWithImageTranscoding().        

        (WebCore::FileInputType::receiveDroppedFilesWithImageTranscoding):
        Finds out whether image transcoding is needed for the dropped files. If
        it is needed, it will be done in a WorkQueue and call filesChosen() when
        it is done. Otherwise it will call filesChosen() immediately.

        (WebCore::FileInputType::receiveDroppedFiles):
        * html/FileInputType.h:
        * platform/graphics/ImageUtilities.h: Added.
        * platform/graphics/cg/ImageUtilitiesCG.cpp: Added.
        (WebCore::sharedImageTranscodingQueue):
        Provide a shared WorkQueue which can be used by WebCore and WebKit.

        (WebCore::transcodeImage):
        (WebCore::findImagesForTranscoding):
        (WebCore::transcodeImages):

2020-08-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        REGRESSION (r260831): Web process crashes under Editor::setComposition() after navigating with marked text
        https://bugs.webkit.org/show_bug.cgi?id=215315
        <rdar://problem/64740092>

        Reviewed by Darin Adler.

        To address a variety of crashes due to frames changing (or otherwise losing) their document while executing
        editing commands, r260831 refactored the Editor class such that it extends the functionality of the Document
        class, rather than the Frame class. In nearly all scenarios, this either leads to no behavior change or prevents
        null pointer crashes, since a document is almost always attached to a frame when applying any editing commands.

        However, there is one scenario where a document that has not yet been attached to its frame (and therefore does
        not have a browsing context) will cause a null deref when trying to confirm an existing IME composition. The
        logic added in <https://trac.webkit.org/r150291> will try and confirm any existing composition range on a
        document right before committing provisional navigation. In the case where we are navigating back to a
        previously visited page, `m_frame`'s document in `FrameLoader::commitProvisionalLoad()` will not be attached
        until the cached page's mainframe is opened underneath `CachedPage::restore()`. Since the call to
        `Editor::confirmComposition()` currently happens before this step, we end up crashing while attempting to create
        a `UserTypingGestureIndicator`. Note that even if we avoid this with a null check, we'll still end up crashing
        shortly thereafter, underneath `Editor::insertTextForConfirmedComposition`. And even if this second crash is
        avoided with another null check, we'll just end up with some version of webkit.org/b/59121, where the
        composition range is present after navigation, but is out of sync with platform UI.

        To fix the crash (and also not bring back bug #59121), we refactor this composition confirmation logic so that
        it lives in Editor, and is also robust against the case where the document is not attached to a frame; we then
        invoke this call after we're done committing the provisional load, so that any frame that is not yet attached
        before commiting the load still has a chance to confirm its composition.

        Test: WKWebViewMacEditingTests.ProcessSwapAfterSettingMarkedText

        * editing/Editor.cpp:
        (WebCore::Editor::confirmCompositionAndNotifyClient):

        Move functionality from `willTransitionToCommitted` to `confirmCompositionAndNotifyClient`, a helper method that
        will bail if the document is not attached, but otherwise confirm the active composition (if it exists).

        * editing/Editor.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

        Add a call to confirm the editor's current composition after we're done committing the load. Note that in the
        case where we had a composition before committing the load, we'll end up confirming the composition earlier (in
        the first call site), rather than confirming after the load has been committed. This means that this second call
        will be a no-op, due to the editor not having any composition.

        (WebCore::FrameLoader::willTransitionToCommitted): Deleted.
        * loader/FrameLoader.h:

2020-08-09  Ben Nham  <nham@apple.com>

        Preload graphics drivers in Mac WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=215183

        Reviewed by Darin Adler.

        In newer versions of Mac OS, graphics drivers are no longer part of the shared cache due to
        size restrictions. This can cause first render to be blocked by ~10 ms when we dlopen those
        drivers. To work around this, we preload the drivers when prewarming the WebProcess.

        * page/ProcessWarming.cpp:
        (WebCore::ProcessWarming::prewarmGlobally):

2020-08-09  Youenn Fablet  <youenn@apple.com>

        Always resolve ReadableStream's tee()'s cancel promise after the stream closes or errors
        https://bugs.webkit.org/show_bug.cgi?id=215197

        Reviewed by Darin Adler.

        Make sure to resolve the cancel promise if the source gets closed or errored.
        Test: imported/w3c/web-platform-tests/streams/queuing-strategies-size-function-per-global.window.html

        * Modules/streams/ReadableStreamInternals.js:
        (readableStreamTee):
        (readableStreamTeePullFunction):

2020-08-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Update OriginalAdvancesForCharacterTreatedAsSpace to work correctly in the presence of inserted or removed glyphs
        https://bugs.webkit.org/show_bug.cgi?id=215302

        Reviewed by Darin Adler.

        OriginalAdvancesForCharacterTreatedAsSpace is trying to make sure that shaping doesn't cause
        spaces to get wider or thinner. However, the way it was doing that is, for all the space
        characters, overwrite that glyph index's advance after shaping to be what it was before shaping.
        However, this is wrong, because shaping can insert or delete glyphs. Instead, now that we have
        explicit string indices for each glyph, we can use those to determine which glyphs come from
        space characters. These glyphs are the ones which should be overwritten.

        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/WidthIterator.h:

2020-08-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Fix bad merge in r265241
        https://bugs.webkit.org/show_bug.cgi?id=215051

        Unreviewed. This is something that got dropped in a bad merge from r265241.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::widthForSimpleText const):

2020-08-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Make GlyphBuffers required in the fast text codepath
        https://bugs.webkit.org/show_bug.cgi?id=215052

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        Performing shaping affects the width of strings; indeed, that is one of
        its purposes for existence. Shaping can only happen when we have a GlyphBuffer
        to shape. We can't just arbitrarily decide to disable shaping for various
        functions just because those functions don't ever inspect the exact glyphs.

        No new tests. This is a preparation step toward
        https://bugs.webkit.org/show_bug.cgi?id=214769 and
        https://bugs.webkit.org/show_bug.cgi?id=206208, and I couldn't come up with a
        test case that was broken here.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::widthOfTextRange const):
        (WebCore::FontCascade::widthForSimpleText const):
        (WebCore::FontCascade::layoutSimpleText const):
        (WebCore::FontCascade::floatWidthForSimpleText const):
        (WebCore::FontCascade::adjustSelectionRectForSimpleText const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::shouldApplyFontTransforms const):
        (WebCore::WidthIterator::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::advanceSimpleText):

2020-08-08  Myles C. Maxfield  <mmaxfield@apple.com>

        WidthIterator::m_finalRoundingWidth is always 0
        https://bugs.webkit.org/show_bug.cgi?id=215307

        Reviewed by Darin Adler.

        There's no reason for it to exist.

        No new tests because there is no behavior change.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::layoutSimpleText const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/WidthIterator.h:
        (WebCore::WidthIterator::runWidthSoFar const):
        (WebCore::WidthIterator::finalRoundingWidth const): Deleted.

2020-08-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Use references instead of pointers for GlyphBuffer::add()'s Font argument
        https://bugs.webkit.org/show_bug.cgi?id=215309

        Reviewed by Darin Adler.

        They're not allowed to be null.

        No new tests because there is no behavior change.

        * platform/graphics/ComplexTextController.cpp:
        (WebCore::ComplexTextController::advance):
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::widthForSimpleText const):
        (WebCore::FontCascade::drawGlyphBuffer const):
        (WebCore::offsetToMiddleOfGlyph):
        (WebCore::FontCascade::drawEmphasisMarks const):
        (WebCore::GlyphToPathTranslator::GlyphToPathTranslator):
        (WebCore::GlyphToPathTranslator::advance):
        (WebCore::FontCascade::dashesForIntersectionsWithRect const):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::fontAt const):
        (WebCore::GlyphBuffer::add):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::DrawGlyphs::generateGlyphBuffer const):
        * rendering/mathml/MathOperator.cpp:
        (WebCore::MathOperator::paintGlyph):
        (WebCore::MathOperator::paint):
        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::RenderMathMLToken::paint):

2020-08-07  Chris Dumez  <cdumez@apple.com>

        AudioContext / OfflineAudioContext should support a wider sample rate range
        https://bugs.webkit.org/show_bug.cgi?id=215289

        Reviewed by Eric Carlson.

        AudioContext / OfflineAudioContext should support a wider sample rate range. We only supported
        sample rates in the [44100, 96000] range, which is much smaller than other browsers and would
        cause us to fail a LOT of web-platform-tests.

        We now support sample rates in the range [3000, 384000], which is the same range as Chromium.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::create):
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::isSampleRateRangeGood):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::create):

        * platform/audio/FFTFrame.h:
        * platform/audio/HRTFPanner.cpp:
        (WebCore::HRTFPanner::fftSizeForSampleRate):
        Update fftSizeForSampleRate() to support wider sample rate range. This implementation is based
        on Chromium's:
        https://github.com/chromium/chromium/blob/master/third_party/blink/renderer/platform/audio/hrtf_panner.cc#L70

        * platform/audio/gstreamer/FFTFrameGStreamer.cpp:
        (WebCore::FFTFrame::minFFTSize):
        (WebCore::FFTFrame::maxFFTSize):
        * platform/audio/mac/FFTFrameMac.cpp:
        (WebCore::FFTFrame::minFFTSize):
        (WebCore::FFTFrame::maxFFTSize):

2020-08-07  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Missing validation for sampler unit index
        https://bugs.webkit.org/show_bug.cgi?id=215303

        Reviewed by Dean Jackson.

        Test: webgl/2.0.0/deqp/functional/gles3/negativeshaderapi.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::bindSampler):

2020-08-07  James Darpinian  <jdarpinian@chromium.org>

        Off by one error in transform feedback buffer binding
        https://bugs.webkit.org/show_bug.cgi?id=215298

        Reviewed by Dean Jackson.

        Caught by conformance test deqp/functional/gles3/negativebufferapi.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::setIndexedBufferBinding):

2020-08-07  Alexey Shvayka  <shvaikalesh@gmail.com>

        {Intersection,Resize,Performance}Observer callbacks get incorrect `this` value
        https://bugs.webkit.org/show_bug.cgi?id=215162

        Reviewed by Geoffrey Garen.

        This change utilizes CallbackThisObject] IDL attribute to invoke a callback of
        IntersectionObserver [1], ResizeObserver [2], and PerformanceObserver [3] with
        correct `this` value of its observer, aligning WebKit with Blink and Gecko.

        Tests: imported/w3c/web-platform-tests/intersection-observer/observer-callback-arguments.html
               imported/w3c/web-platform-tests/resize-observer/observe.html
               imported/w3c/web-platform-tests/performance-timeline/po-observe.any.js

        [1] https://w3c.github.io/IntersectionObserver/#notify-intersection-observers-algo (step 3.4)
        [2] https://github.com/w3c/csswg-drafts/pull/5383
        [3] https://w3c.github.io/performance-timeline/#queue-the-performanceobserver-task (step 3.3.5)

        * html/LazyLoadImageObserver.cpp:
        * page/IntersectionObserver.cpp:
        (WebCore::IntersectionObserver::notify):
        * page/IntersectionObserverCallback.h:
        * page/IntersectionObserverCallback.idl:
        * page/PerformanceObserver.cpp:
        (WebCore::PerformanceObserver::deliver):
        * page/PerformanceObserverCallback.h:
        * page/PerformanceObserverCallback.idl:
        * page/ResizeObserver.cpp:
        (WebCore::ResizeObserver::deliverObservations):
        * page/ResizeObserverCallback.h:
        * page/ResizeObserverCallback.idl:

2020-08-07  Chris Dumez  <cdumez@apple.com>

        baseLatency attribute is missing on AudioContext interface
        https://bugs.webkit.org/show_bug.cgi?id=215277

        Reviewed by Eric Carlson.

        baseLatency attribute is missing on AudioContext interface:
        - https://www.w3.org/TR/webaudio/#dom-audiocontext-baselatency

        Test: webaudio/audiocontext-baselatency.html

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::baseLatency):
        (WebCore::AudioContext::destination):
        * Modules/webaudio/AudioContext.h:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::framesPerBuffer const):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        * platform/audio/AudioDestination.h:
        * platform/audio/cocoa/AudioDestinationCocoa.cpp:
        (WebCore::AudioDestinationCocoa::framesPerBuffer const):
        * platform/audio/cocoa/AudioDestinationCocoa.h:
        * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
        (WebCore::AudioDestinationGStreamer::framesPerBuffer const):
        * platform/audio/gstreamer/AudioDestinationGStreamer.h:

2020-08-07  Rob Buis  <rbuis@igalia.com>

        Implement PerfomanceObserverInit.buffered
        https://bugs.webkit.org/show_bug.cgi?id=214883

        Reviewed by Darin Adler.

        Implement PerfomanceObserverInit.buffered IDL and
        functionality [1].

        Behavior matches Chrome and Firefox.

        Tests: imported/w3c/web-platform-tests/resource-timing/buffered-flag.any.html
               imported/w3c/web-platform-tests/resource-timing/buffered-flag.any.worker.html
               imported/w3c/web-platform-tests/user-timing/buffered-flag.any.html
               imported/w3c/web-platform-tests/user-timing/buffered-flag.any.worker.html
               imported/w3c/web-platform-tests/performance-timeline/case-sensitivity.any.html
               imported/w3c/web-platform-tests/performance-timeline/case-sensitivity.any.worker.html

        [1] https://w3c.github.io/performance-timeline/#performanceobserverinit-dictionary

        * page/Performance.cpp:
        (WebCore::Performance::appendBufferedEntriesByType const):
        * page/Performance.h:
        * page/PerformanceObserver.cpp:
        (WebCore::PerformanceObserver::observe):
        * page/PerformanceObserver.h:
        * page/PerformanceObserver.idl:

2020-08-07  John Wilander  <wilander@apple.com>

        Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses
        https://bugs.webkit.org/show_bug.cgi?id=215201
        <rdar://problem/57454633>

        Reviewed by Brent Fulgham. Also reviewed and commented on by Chris Dumez, Jiten Mehta, Sam Weinig, and Alex Christensen.

        Tests: http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-1p-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-3p-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-matching-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-cname-sub-no-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-1p-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-3p-cname.html
               http/tests/resourceLoadStatistics/cname-cloaking-top-no-cname-sub-no-cname.html

        * page/Settings.yaml:
            Added the off-by-default flag isCNAMECloakingMitigationEnabled.
        * platform/network/NetworkStorageSession.cpp:
        (WebCore::NetworkStorageSession::resourceLoadStatisticsEnabled const):
            New getter for the ITP setting.
        * platform/network/NetworkStorageSession.h:
        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
        (WebCore::NetworkStorageSession::capExpiryOfPersistentCookie):
            Broke this function out so that it can be reused.
        (WebCore::parseDOMCookie):
            Here's from where the function above was broken out.
            The existing functionality has a test case.

2020-08-07  Chris Dumez  <cdumez@apple.com>

        length attribute is missing on OfflineAudioContext
        https://bugs.webkit.org/show_bug.cgi?id=215287

        Reviewed by Geoffrey Garen.

        length attribute is missing on OfflineAudioContext:
        - https://www.w3.org/TR/webaudio/#dom-offlineaudiocontext-length

        Test: webaudio/offlineaudiocontext-length.html

        * Modules/webaudio/BaseAudioContext.h:
        (WebCore::BaseAudioContext::renderTarget const):
        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::length const):
        * Modules/webaudio/OfflineAudioContext.h:
        * Modules/webaudio/OfflineAudioContext.idl:

2020-08-07  Alexey Shvayka  <shvaikalesh@gmail.com>

        Reduce the amount of custom binding code for JSXPathNSResolver
        https://bugs.webkit.org/show_bug.cgi?id=161030

        Reviewed by Darin Adler.

        This patch introduces CustomXPathNSResolver callback interface,
        cleaning up CodeGeneratorJS.pm and removing custom binding code.

        XPathNSResolver is kept as a wrapper for NativeXPathNSResolver, preserving common
        case performance via IDL interface converter, and because a callback interface
        can't be returned from a function without substantial code generator change.

        Also, improves non-callable method error message and fixes 2 spec incompatibilities:
        a) no "lookupNamespaceURI" method lookup on functions [1];
        b) resolver's "prefix" parameter is required [2].

        Since C++ methods can't be overload based on return type, this patch adds
        [ImplementedAs] IDL attribute support for callback interface methods.

        Because XPathNSResolver wrappers are always temporary (no reference is kept),
        [IsWeakCallback] IDL attribute isn't added, preserving strong reference.

        [1]: https://heycam.github.io/webidl/#call-a-user-objects-operation (step 10.1)
        [2]: https://dom.spec.whatwg.org/#dom-xpathnsresolver-lookupnamespaceuri

        Tests: imported/w3c/web-platform-tests/dom/idlharness.window.js
               imported/w3c/web-platform-tests/domxpath/callback-interface.html        

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Headers.cmake:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/IDLTypes.h:
        * bindings/js/JSCallbackData.cpp:
        (WebCore::JSCallbackData::invokeCallback):
        * bindings/js/JSCustomXPathNSResolver.cpp: Removed.
        * bindings/js/JSCustomXPathNSResolver.h: Removed.
        * bindings/js/JSDOMConvertXPathNSResolver.h:
        (WebCore::Converter<IDLInterface<XPathNSResolver>>::convert):
        (WebCore::Converter<IDLXPathNSResolver<T>>::convert): Deleted.
        (WebCore::JSConverter<IDLXPathNSResolver<T>>::convert): Deleted.
        (WebCore::JSConverter<IDLXPathNSResolver<T>>::convertNewlyCreated): Deleted.
        * bindings/scripts/CodeGenerator.pm:
        (IsBuiltinType):
        (IsWrapperType):
        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (GenerateHeader):
        (GenerateCallbackHeaderContent):
        (GenerateCallbackImplementationContent):
        (GetBaseIDLType):
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithXPathNSResolverParameterBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalXPathNSResolverBody):
        * xml/CustomXPathNSResolver.cpp: Copied from Source/WebCore/bindings/js/JSXPathNSResolverCustom.cpp.
        (WebCore::CustomXPathNSResolver::lookupNamespaceURI):
        * xml/CustomXPathNSResolver.h: Copied from Source/WebCore/bindings/js/JSXPathNSResolverCustom.cpp.
        * xml/CustomXPathNSResolver.idl: Renamed from Source/WebCore/bindings/js/JSXPathNSResolverCustom.cpp.
        * xml/XPathNSResolver.idl:

2020-08-07  Antti Koivisto  <antti@apple.com>

        REGRESSION (r260276): instructure.com custom PDF viewer stops scrolling / loading after switching to another tab then switching back
        https://bugs.webkit.org/show_bug.cgi?id=215215
        <rdar://problem/65743028>

        Reviewed by Simon Fraser.

        Test: scrollingcoordinator/overflow-proxy-reattach.html

        * page/scrolling/ScrollingStateOverflowScrollProxyNode.cpp:
        (WebCore::ScrollingStateOverflowScrollProxyNode::setPropertyChangedBitsAfterReattach):

        We need to reset OverflowScrollingNode after reattach.

        * page/scrolling/ScrollingStateOverflowScrollProxyNode.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setPageIsInWindow):
        * testing/Internals.h:
        * testing/Internals.idl:

        Add direct testing support for background tab state.

2020-08-07  Chris Dumez  <cdumez@apple.com>

        Stop storing the sampleRate on AudioNode and get it from the AudioContext instead
        https://bugs.webkit.org/show_bug.cgi?id=215246

        Reviewed by Eric Carlson.

        Stop storing the sampleRate on AudioNode and get it from the AudioContext instead.
        This avoids having to pass the sampleRate everywhere when we construct nodes.

        No new tests, no behavior change.

        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::AnalyserNode):
        * Modules/webaudio/AudioBasicInspectorNode.cpp:
        (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
        * Modules/webaudio/AudioBasicInspectorNode.h:
        * Modules/webaudio/AudioBasicProcessorNode.cpp:
        (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::AudioDestinationNode):
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::AudioNode):
        (WebCore::AudioNode::sampleRate const):
        (WebCore::AudioNode::processIfNecessary):
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
        * Modules/webaudio/AudioScheduledSourceNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createScriptProcessor):
        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::BiquadFilterNode):
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        (WebCore::ChannelMergerNode::ChannelMergerNode):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        (WebCore::ChannelSplitterNode::ChannelSplitterNode):
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::ConvolverNode):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
        (WebCore::DefaultAudioDestinationNode::sampleRate const):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        * Modules/webaudio/DelayNode.cpp:
        (WebCore::DelayNode::DelayNode):
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::GainNode):
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
        (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
        * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
        (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::OscillatorNode):
        * Modules/webaudio/PannerNode.cpp:
        * Modules/webaudio/PannerNode.h:
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::create):
        (WebCore::ScriptProcessorNode::ScriptProcessorNode):
        * Modules/webaudio/ScriptProcessorNode.h:
        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::WaveShaperNode):
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createWebKitPanner):
        * Modules/webaudio/WebKitAudioPannerNode.cpp:
        (WebCore::WebKitAudioPannerNode::WebKitAudioPannerNode):
        * Modules/webaudio/WebKitAudioPannerNode.h:

2020-08-07  Dean Jackson  <dino@apple.com>

        Pocket City game play area is blank (WebGL is broken in Catalyst)
        https://bugs.webkit.org/show_bug.cgi?id=215251

        Reviewed by Tim Horton.

        Our configuration for WebGL under Catalyst was incorrect. Since
        it uses "desktop" OpenGL, it had to use the normal macOS setup
        (enabling texture rectangle extension, and the correct target).

        * platform/graphics/GraphicsContextGL.h: Add PLATFORM(MACCATALYST).
        * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm: Ditto.
        (WebCore::GraphicsContextGLOpenGL::GraphicsContextGLOpenGL):

2020-08-07  Rob Buis  <rbuis@igalia.com>

        Fix warnings related to unsigned >=0 ASSERTs
        https://bugs.webkit.org/show_bug.cgi?id=215223

        Reviewed by Sergio Villar Senin.

        Fix warnings related to unsigned >=0 ASSERTs by removing the expressions. Example warning:
        TextCheckingHelper.cpp:425:39: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]

        * editing/Editor.cpp:
        (WebCore::Editor::markAndReplaceFor):
        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findFirstMisspelledWordOrUngrammaticalPhrase const):
        (WebCore::TextCheckingHelper::findUngrammaticalPhrases const):
        (WebCore::TextCheckingHelper::guessesForMisspelledWordOrUngrammaticalPhrase const):

2020-08-06  Sihui Liu  <sihui_liu@apple.com>

        Text manipulation: leading and trailing spaces should be ignored when comparing content
        https://bugs.webkit.org/show_bug.cgi?id=214878
        <rdar://problem/63735024>

        Reviewed by Ryosuke Niwa.

        TextIterator does not emit collapsed space if there is no text emitted before or the last emitted character is 
        collapsed space. When TextManipulationController starts observing paragraphs, it iterates the whole document and
        the range of TextIterator is the range of document. For some text node A in the document, if TextIterator emits 
        text for some other text node B before it, the collapsed space at the beginning of A will be emitted, and 
        TextManipulationController would think the emitted space is part of A's content. When TextManipulationController
        replaces content for A, and the range of TextIterator is set to the range of A, the collapsed space is not 
        emitted. The check to ensure A's content is unchanged would fail.
 
        To solve this issue, for first and last token in the paragraph, TextManipulationController checks content after 
        removing leading and trailing spaces.
 
        API test: TextManipulation.CompleteTextManipulationParagraphsContainCollapsedSpaces

        * editing/TextManipulationController.cpp:
        (WebCore::areEqualIgnoringLeadingAndTrailingWhitespaces):
        (WebCore::TextManipulationController::replace):

2020-08-06  Kenneth Russell  <kbr@chromium.org>

        Implement createImageBitmap(ImageData)
        https://bugs.webkit.org/show_bug.cgi?id=183438

        Reviewed by Dean Jackson.

        Implement createImageBitmap(ImageData), including scaling,
        flipping and alpha premultiplication, and fix bugs in
        createImageBitmap(ImageBitmap).

        Support copying unpremultiplied-alpha data to the
        unpremultiplied-alpha format in ImageBuffer::putImageData. Plumb
        this change through all ImageBuffer backends and display lists.

        Handle error cases exposed by W3C WPT tests now that
        createImageBitmap(ImageData) is working.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpImageBitmap):
        (WebCore::CloneDeserializer::readImageBitmap):
        * html/ImageBitmap.cpp:
        (WebCore::ImageBitmap::create):
        (WebCore::ImageBitmap::detachBitmaps):
        (WebCore::alphaPremultiplicationForPremultiplyAlpha):
        (WebCore::ImageBitmap::resolveWithBlankImageBuffer):
        (WebCore::ImageBitmap::createPromise):
        (WebCore::ImageBitmap::createFromBuffer):
        * html/ImageBitmap.h:
        * html/OffscreenCanvas.cpp:
        (WebCore::OffscreenCanvas::transferToImageBitmap):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::texImageSourceHelper):
        (WebCore::WebGLRenderingContextBase::texImageImpl):
        * html/canvas/WebGLRenderingContextBase.h:
        * platform/graphics/ConcreteImageBuffer.h:
        (WebCore::ConcreteImageBuffer::putImageData):
        * platform/graphics/ImageBuffer.h:
        (WebCore::ImageBuffer::putImageData):
        * platform/graphics/ImageBufferBackend.cpp:
        (WebCore::ImageBufferBackend::convertToLuminanceMask):
        (WebCore::copyUnpremultipliedToUnpremultiplied):
        (WebCore::ImageBufferBackend::copyImagePixels const):
        (WebCore::ImageBufferBackend::putImageData):
        * platform/graphics/ImageBufferBackend.h:
        * platform/graphics/cairo/GraphicsContextGLCairo.cpp:
        (WebCore::GraphicsContextGLOpenGL::ImageExtractor::extractImage):
        * platform/graphics/cairo/ImageBufferCairoSurfaceBackend.cpp:
        (WebCore::ImageBufferCairoSurfaceBackend::putImageData):
        * platform/graphics/cairo/ImageBufferCairoSurfaceBackend.h:
        * platform/graphics/cg/GraphicsContextGLCG.cpp:
        (WebCore::GraphicsContextGLOpenGL::ImageExtractor::extractImage):
        * platform/graphics/cg/ImageBufferCGBackend.cpp:
        (WebCore::copyImagePixelsAccelerated):
        * platform/graphics/cg/ImageBufferCGBitmapBackend.cpp:
        (WebCore::ImageBufferCGBitmapBackend::putImageData):
        * platform/graphics/cg/ImageBufferCGBitmapBackend.h:
        * platform/graphics/cg/ImageBufferIOSurfaceBackend.cpp:
        (WebCore::ImageBufferIOSurfaceBackend::putImageData):
        * platform/graphics/cg/ImageBufferIOSurfaceBackend.h:
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::PutImageData::PutImageData):
        (WebCore::DisplayList::operator<<):
        * platform/graphics/displaylists/DisplayListItems.h:
        (WebCore::DisplayList::PutImageData::create):
        (WebCore::DisplayList::PutImageData::destFormat const):
        (WebCore::DisplayList::PutImageData::encode const):
        (WebCore::DisplayList::PutImageData::decode):
        * platform/graphics/displaylists/DisplayListRecorder.cpp:
        (WebCore::DisplayList::Recorder::putImageData):
        * platform/graphics/displaylists/DisplayListRecorder.h:
        * platform/graphics/opengl/GraphicsContextGLOpenGL.cpp:
        (WebCore::GraphicsContextGLOpenGL::ImageExtractor::ImageExtractor):
        * platform/graphics/opengl/GraphicsContextGLOpenGL.h:
        * platform/graphics/win/GraphicsContextGLDirect2D.cpp:
        (WebCore::GraphicsContextGLOpenGL::ImageExtractor::extractImage):
        * platform/graphics/win/ImageBufferDirect2DBackend.cpp:
        (WebCore::ImageBufferDirect2DBackend::putImageData):
        * platform/graphics/win/ImageBufferDirect2DBackend.h:

2020-08-06  Simon Fraser  <simon.fraser@apple.com>

        Avoid triggering redundant compositing updates when trying ot run a steps() animation on transform
        https://bugs.webkit.org/show_bug.cgi?id=215241
        <rdar://problem/62737868>

        Reviewed by Zalan Bujtas.

        With a steps() timing function and keyframes animating the transform property, KeyframeEffect::applyPendingAcceleratedActions()
        tries to restart the animation every time because the GraphicsLayer reports that it didn't start an accelerated animation.
        r264856 patched some of this, but we still call animationFinished() every time, and this triggers a compositing update via
        the m_owningLayer.setNeeds* calls in RenderLayerBacking::animationFinished().

        So don't try to remove the animation if wasn't running. This makes those compositing updates a no-op, which is important
        because these animations still invalidate style on every frame (webkit.org/b/215229).

        Test: animations/steps-transform-compositing-updates.html

        * animation/KeyframeEffect.cpp:
        (WebCore::KeyframeEffect::applyPendingAcceleratedActions):

2020-08-06  Peng Liu  <peng.liu6@apple.com>

        Web process crashes at WebCore::FullscreenManager::didExitFullscreen
        https://bugs.webkit.org/show_bug.cgi?id=215243

        Reviewed by Eric Carlson.

        No new tests, no functional change.

        * dom/FullscreenManager.cpp:
        (WebCore::FullscreenManager::didExitFullscreen):
        m_fullscreenElement might be nullptr when fullscreenOrPendingElement() is not nullptr.

2020-08-06  Wenson Hsieh  <wenson_hsieh@apple.com>

        WeakPtr threading assertion on editing/undo-manager/undo-manager-delete-stale-undo-items.html
        https://bugs.webkit.org/show_bug.cgi?id=215221
        <rdar://problem/66632111>

        Reviewed by Devin Rousso.

        Refactors `UndoItem` to avoid dereferencing its `m_undoManager` underneath `UndoItem::document`, which is
        consulted when computing its JS wrapper's opaque roots. Instead of going through `m_undoManager` to grab the
        document, store a `WeakPtr` to the `Document` upon setting the `UndoManager` and return its pointer value
        directly in `document()`.

        * page/UndoItem.cpp:
        (WebCore::UndoItem::setUndoManager):
        (WebCore::UndoItem::invalidate):
        (WebCore::UndoItem::document const):
        * page/UndoItem.h:

2020-08-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Use references instead of pointers for WidthIterator's fonts
        https://bugs.webkit.org/show_bug.cgi?id=215186

        Reviewed by Zalan Bujtas.

        They can never be null.

        No new tests because there is no behavior change.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::widthOfTextRange const):
        (WebCore::FontCascade::layoutSimpleText const):
        (WebCore::FontCascade::floatWidthForSimpleText const):
        (WebCore::FontCascade::adjustSelectionRectForSimpleText const):
        (WebCore::FontCascade::offsetForPositionForSimpleText const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator):
        (WebCore::WidthIterator::applyFontTransforms):
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/WidthIterator.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer):

2020-08-06  Chris Dumez  <cdumez@apple.com>

        BaseAudioContext.decodeAudioData() should return a Promise
        https://bugs.webkit.org/show_bug.cgi?id=215242

        Reviewed by Eric Carlson.

        BaseAudioContext.decodeAudioData() should return a Promise as per:
        - https://webaudio.github.io/web-audio-api/#dom-baseaudiocontext-decodeaudiodata

        Behavior is unchanged for prefixed WebKitAudioContext.decodeAudioData() to ensure
        backward compatibility.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AsyncAudioDecoder.cpp:
        (WebCore::AsyncAudioDecoder::decodeAsync):
        (WebCore::AsyncAudioDecoder::DecodingTask::DecodingTask):
        (WebCore::AsyncAudioDecoder::DecodingTask::notifyComplete):
        * Modules/webaudio/AsyncAudioDecoder.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::decodeAudioData):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/BaseAudioContext.idl:
        * Modules/webaudio/WebKitAudioContext.idl:

2020-08-06  Chris Dumez  <cdumez@apple.com>

        Drop non-standard createBuffer(ArrayBuffer, boolean) overload from AudioContext
        https://bugs.webkit.org/show_bug.cgi?id=215238

        Reviewed by Darin Adler.

        Drop non-standard createBuffer(ArrayBuffer, boolean) overload from AudioContext:
        - https://webaudio.github.io/web-audio-api/#BaseAudioContext

        This overload is kept on WebKitAudioContext for backward-compatibility when the page
        is still using the prefixed API.

        No new tests, rebaselined existing test.

        * Modules/webaudio/BaseAudioContext.cpp:
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/BaseAudioContext.idl:
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createLegacyBuffer):
        * Modules/webaudio/WebKitAudioContext.h:
        * Modules/webaudio/WebKitAudioContext.idl:

2020-08-06  Chris Dumez  <cdumez@apple.com>

        MediaStreamAudioDestinationNode should have a constructor
        https://bugs.webkit.org/show_bug.cgi?id=215233

        Reviewed by Geoffrey Garen.

        MediaStreamAudioDestinationNode should have a constructor:
        - https://webaudio.github.io/web-audio-api/#mediastreamaudiodestinationnode

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::AnalyserNode):
        * Modules/webaudio/AudioBasicInspectorNode.cpp:
        (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
        (WebCore::AudioBasicInspectorNode::pullInputs):
        (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
        (WebCore::AudioBasicInspectorNode::updatePullStatus):
        * Modules/webaudio/AudioBasicInspectorNode.h:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::createMediaStreamDestination):
        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
        (WebCore::MediaStreamAudioDestinationNode::create):
        (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
        * Modules/webaudio/MediaStreamAudioDestinationNode.h:
        * Modules/webaudio/MediaStreamAudioDestinationNode.idl:
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createMediaStreamDestination):

2020-08-06  Said Abou-Hallawa  <sabouhallawa@apple.com>

        [CG] Avoid creating a sub-image when drawing a small scaled sub-rect from a native image
        https://bugs.webkit.org/show_bug.cgi?id=215015
        <rdar://problem/63845893>

        Reviewed by Simon Fraser.

        The reason for creating the sub-image in GraphicsContext::drawNativeImage()
        is to have a better image interpolation for the scaled sub-rect. For small
        destRect, the interpolation on the original image is almost the same as
        the interpolation on the sub-image. So we should avoid creating the sub-
        image if destRect.area() is less than some minimum value. Creating many
        sub-images can affect the rendering performance.

        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawNativeImage):

2020-08-06  David Kilzer  <ddkilzer@apple.com>

        WTF::makeString() should handle enum values
        <https://webkit.org/b/214906>

        Reviewed by Sam Weinig.

        * Modules/webgpu/WHLSL/Metal/WHLSLMangledNames.h:
        (WTF::MangledNameAdaptor::length):
        (WTF::MangledNameAdaptor::writeTo):
        - Update for function renames.

2020-08-06  Chris Dumez  <cdumez@apple.com>

        MediaStreamAudioSourceNode should have a constructor
        https://bugs.webkit.org/show_bug.cgi?id=215225

        Reviewed by Eric Carlson.

        MediaStreamAudioSourceNode should have a constructor:
        - https://webaudio.github.io/web-audio-api/#mediastreamaudiosourcenode

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::createMediaStreamSource):
        * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
        (WebCore::MediaStreamAudioSourceNode::create):
        * Modules/webaudio/MediaStreamAudioSourceNode.h:
        * Modules/webaudio/MediaStreamAudioSourceNode.idl:
        * Modules/webaudio/MediaStreamAudioSourceOptions.h: Copied from Source/WebCore/Modules/webaudio/MediaStreamAudioSourceNode.idl.
        * Modules/webaudio/MediaStreamAudioSourceOptions.idl: Copied from Source/WebCore/Modules/webaudio/MediaStreamAudioSourceNode.idl.
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createMediaStreamSource):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Rename LeadingExpansion and TrailingExpansion to LeftExpansion and RightExpansion
        https://bugs.webkit.org/show_bug.cgi?id=215211

        Reviewed by Darin Adler.

        "Leading" and "Trailing" are terms-of-art which represent logical order.
        However, the behavior of these flags operates in visual order.
        Instead, we should rename them to their visual order analogues: left and right.

        No new tests because there is no behavior change.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::measureText):
        (WebCore::CanvasRenderingContext2D::drawTextInternal):
        * layout/inlineformatting/InlineLineBuilder.cpp:
        (WebCore::Layout::LineBuilder::justifyRuns):
        (WebCore::Layout::LineBuilder::Run::expand):
        (WebCore::Layout::LineBuilder::Run::visuallyCollapseTrailingWhitespace):
        * platform/graphics/ComplexTextController.cpp:
        (WebCore::expansionLocation):
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::expansionOpportunityCountInternal):
        (WebCore::FontCascade::leftExpansionOpportunity):
        (WebCore::FontCascade::rightExpansionOpportunity):
        (WebCore::FontCascade::leadingExpansionOpportunity): Deleted.
        (WebCore::FontCascade::trailingExpansionOpportunity): Deleted.
        * platform/graphics/FontCascade.h:
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator):
        (WebCore::expansionLocation):
        (WebCore::WidthIterator::advanceInternal):
        * platform/text/TextFlags.h:
        * rendering/ComplexLineLayout.cpp:
        (WebCore::expansionBehaviorForInlineTextBox):
        (WebCore::applyExpansionBehavior):
        * rendering/EllipsisBox.cpp:
        (WebCore::EllipsisBox::paint):
        (WebCore::EllipsisBox::selectionRect):
        (WebCore::EllipsisBox::paintSelection):
        * rendering/InlineBox.h:
        (WebCore::InlineBox::setCanHaveLeftExpansion):
        (WebCore::InlineBox::setCanHaveRightExpansion):
        (WebCore::InlineBox::setForceRightExpansion):
        (WebCore::InlineBox::setForceLeftExpansion):
        (WebCore::InlineBox::InlineBoxBitfields::InlineBoxBitfields):
        (WebCore::InlineBox::hasSelectedChildren const):
        (WebCore::InlineBox::setHasSelectedChildren):
        (WebCore::InlineBox::canHaveLeftExpansion const):
        (WebCore::InlineBox::canHaveRightExpansion const):
        (WebCore::InlineBox::forceRightExpansion const):
        (WebCore::InlineBox::forceLeftExpansion const):
        (WebCore::InlineBox::setCanHaveLeadingExpansion): Deleted.
        (WebCore::InlineBox::setCanHaveTrailingExpansion): Deleted.
        (WebCore::InlineBox::setForceTrailingExpansion): Deleted.
        (WebCore::InlineBox::setForceLeadingExpansion): Deleted.
        (WebCore::InlineBox::canHaveLeadingExpansion const): Deleted.
        (WebCore::InlineBox::canHaveTrailingExpansion const): Deleted.
        (WebCore::InlineBox::forceTrailingExpansion const): Deleted.
        (WebCore::InlineBox::forceLeadingExpansion const): Deleted.
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::expansionBehavior const):
        * rendering/InlineTextBox.h:
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::paintObject):
        (WebCore::RenderFileUploadControl::computeIntrinsicLogicalWidths const):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::updateFromElement):
        (WebCore::RenderListBox::paintItemForeground):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::getAverageCharWidth):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::expansionBehavior):
        * rendering/SimpleLineLayout.h:
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::initializeInlineTextBox):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::constructTextRun const):
        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::constructTextRun):

2020-08-06  Chris Dumez  <cdumez@apple.com>

        DynamicsCompressorNode.reduction attribute should be a float, not an AudioParam
        https://bugs.webkit.org/show_bug.cgi?id=215195

        Reviewed by Youenn Fablet.

        DynamicsCompressorNode.reduction attribute should be a float, not an AudioParam:
        - https://webaudio.github.io/web-audio-api/#dynamicscompressornode

        Backward-compatibility is maintained for the prefixed WebAudio API.

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        (WebCore::DynamicsCompressorNode::process):
        * Modules/webaudio/DynamicsCompressorNode.h:
        (WebCore::DynamicsCompressorNode::reduction const):
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        (WebCore::DynamicsCompressorNode::setReduction):
        * Modules/webaudio/DynamicsCompressorNode.idl:
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createWebKitDynamicsCompressor):
        * Modules/webaudio/WebKitAudioContext.h:
        * Modules/webaudio/WebKitAudioContext.idl:
        * Modules/webaudio/WebKitDynamicsCompressorNode.h: Copied from Source/WebCore/Modules/webaudio/DynamicsCompressorNode.idl.
        * Modules/webaudio/WebKitDynamicsCompressorNode.idl: Copied from Source/WebCore/Modules/webaudio/DynamicsCompressorNode.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-06  Truitt Savell  <tsavell@apple.com>

        Unreviewed, reverting r265328.

        Broke 17 MediaRecorder tests.

        Reverted changeset:

        "Add support for MediaRecorder bitrate options"
        https://bugs.webkit.org/show_bug.cgi?id=214973
        https://trac.webkit.org/changeset/265328

2020-08-06  Chris Dumez  <cdumez@apple.com>

        MediaElementAudioSourceNode interface should have a constructor
        https://bugs.webkit.org/show_bug.cgi?id=215200

        Reviewed by Youenn Fablet.

        MediaElementAudioSourceNode interface should have a constructor:
        - https://webaudio.github.io/web-audio-api/#mediaelementaudiosourcenode

        Test: webaudio/mediaelementaudiosourcenode-constructor.html

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::createMediaElementSource):
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::create):
        (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
        * Modules/webaudio/MediaElementAudioSourceNode.h:
        * Modules/webaudio/MediaElementAudioSourceNode.idl:
        * Modules/webaudio/MediaElementAudioSourceOptions.h: Copied from Source/WebCore/Modules/webaudio/MediaElementAudioSourceNode.idl.
        * Modules/webaudio/MediaElementAudioSourceOptions.idl: Copied from Source/WebCore/Modules/webaudio/MediaElementAudioSourceNode.idl.
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createMediaElementSource):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-06  Youenn Fablet  <youenn@apple.com>

        Add support for MediaRecorder bitrate options
        https://bugs.webkit.org/show_bug.cgi?id=214973

        Reviewed by Eric Carlson.

        Pipe options to MediaRecorderPrivate constructor.
        For the actual implementation, pass it down to VideoSampleBufferCompressor and AudioSampleBufferCompressor.
        For AudioSampleBufferCompressor, we do not handle well some bit rates, so for now, we limit to specific values.

        Tests: http/wpt/mediarecorder/MediaRecorder-audio-bitrate.html
               http/wpt/mediarecorder/MediaRecorder-video-bitrate.html

        * Modules/mediarecorder/MediaRecorder.cpp:
        (WebCore::MediaRecorder::create):
        (WebCore::MediaRecorder::createMediaRecorderPrivate):
        (WebCore::MediaRecorder::MediaRecorder):
        (WebCore::MediaRecorder::startRecording):
        * Modules/mediarecorder/MediaRecorder.h:
        * Modules/mediarecorder/MediaRecorderProvider.cpp:
        (WebCore::MediaRecorderProvider::createMediaRecorderPrivate):
        * Modules/mediarecorder/MediaRecorderProvider.h:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/EmptyClients.cpp:
        * platform/mediarecorder/MediaRecorderPrivate.h:
        * platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
        (WebCore::MediaRecorderPrivateAVFImpl::create):
        * platform/mediarecorder/MediaRecorderPrivateAVFImpl.h:
        * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.h:
        * platform/mediarecorder/cocoa/AudioSampleBufferCompressor.mm:
        (WebCore::AudioSampleBufferCompressor::setBitsPerSecond):
        (WebCore::AudioSampleBufferCompressor::outputBitRate const):
        (WebCore::AudioSampleBufferCompressor::initAudioConverterForSourceFormatDescription):
        Do not exit when not able to set bitrate as we still want to set m_maxOutputPacketSize.
        In case of error in setting up the converter, clean it up so that we do not use a partially set up converter.
        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
        (WebCore::MediaRecorderPrivateWriter::create):
        (WebCore::MediaRecorderPrivateWriter::setOptions):
        * platform/mediarecorder/cocoa/VideoSampleBufferCompressor.h:
        * platform/mediarecorder/cocoa/VideoSampleBufferCompressor.mm:
        (WebCore::VideoSampleBufferCompressor::setBitsPerSecond):
        (WebCore::setCompressionSessionProperty):
        (WebCore::VideoSampleBufferCompressor::initCompressionSession):
        * testing/Internals.cpp:
        (WebCore::createRecorderMockSource):

2020-08-06  Simon Fraser  <simon.fraser@apple.com>

        Scrolling tree nodes sometimes don't match layer z-order
        https://bugs.webkit.org/show_bug.cgi?id=215210

        Reviewed by Antti Koivisto.

        When adding nodes to the scrolling state tree during compositing layer traversal,
        we would sometimes add then in the wrong order. For example, if the composited layer
        tree was:
        
        + Root
          + Stacking context
            Fixed layer 1
          Fixed layer 2
          
        we would build a scrolling tree like:
        
        + Root scrolling node
          Node for layer 2
          Node for layer 1

        This happened because RenderLayerCompositor::updateBackingAndHierarchy() failed to propagate up
        scrollingTreeState.nextChildIndex.
        
        This is generally benign, but inserting node 1 followed by node 2 would be seen as a scrolling tree
        mutation, causing us to re-commit the scrolling tree when it hadn't really changed, triggering
        extra CPU usage.
        
        Part of <rdar://problem/62737868>: higher CPU usage on instagram.com.

        Test: scrollingcoordinator/scrolling-tree/sibling-node-order.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateBackingAndHierarchy):

2020-08-05  Rob Buis  <rbuis@igalia.com>

        Remove the StyleResolver-specific evaluate function in MediaQueryEvaluator
        https://bugs.webkit.org/show_bug.cgi?id=152089

        Reviewed by Darin Adler.

        The function mentioned in the bug is already gone (see r252736), also remove
        the StyleResolver reference.

        * css/MediaQueryEvaluator.h:

2020-08-05  Simon Fraser  <simon.fraser@apple.com>

        Add some more Animations logging
        https://bugs.webkit.org/show_bug.cgi?id=215181

        Reviewed by Zalan Bujtas.

        Add logging that shows when DeclarativeAnimation::tick() runs and when it invalidates style.

        * animation/DeclarativeAnimation.cpp:
        (WebCore::DeclarativeAnimation::tick):
        * animation/DocumentTimelinesController.cpp:
        (WebCore::DocumentTimelinesController::updateAnimationsAndSendEvents):
        * animation/KeyframeEffect.cpp:
        (WebCore::KeyframeEffect::invalidate):

2020-08-05  Peng Liu  <peng.liu6@apple.com>

        Netflix.com shows a scrubber that doesn't work
        https://bugs.webkit.org/show_bug.cgi?id=215199

        Reviewed by Eric Carlson.

        The "contentDuration" property of WebPlaybackControlsManager needs to be infinite
        when the video is not seekable. Otherwise, AVKit will show a scrubber that doesn't
        work on the Touch Bar.

        * platform/mac/WebPlaybackControlsManager.mm:
        (-[WebPlaybackControlsManager contentDuration]):
        (-[WebPlaybackControlsManager setContentDuration:]):

2020-08-05  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Upgrade vertexAttribPointer with new supported types
        https://bugs.webkit.org/show_bug.cgi?id=215036

        Reviewed by Dean Jackson.

        Tested by updated WebGL conformance tests webgl/2.0.0/conformance/attribs/gl-vertexattribpointer-offsets.html and webgl/2.0.0/conformance/attribs/gl-vertexattribpointer.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::sizeInBytes):
        (WebCore::WebGLRenderingContextBase::vertexAttribPointer):

2020-08-05  Tim Horton  <timothy_horton@apple.com>

        Remove all references to non-existent 10.16
        https://bugs.webkit.org/show_bug.cgi?id=215202

        Reviewed by Wenson Hsieh.

        * Configurations/Base.xcconfig:
        * Configurations/DebugRelease.xcconfig:
        * Configurations/Version.xcconfig:
        * Configurations/WebKitTargetConditionals.xcconfig:

2020-08-05  Andres Gonzalez  <andresg_22@apple.com>

        Crash in com.apple.WebKit.WebContent at com.apple.AppKit: _NSAccessibilityRemoveAllObserversAndSendDestroyedNotification
        https://bugs.webkit.org/show_bug.cgi?id=215189
        <rdar://problem/66561167>

        Reviewed by Chris Fleizach.

        AXIsolatedObject::detachPlatformWrapper was calling the wrapper's detach
        method that in turn calls the system NSAccessibilityUnregisterUniqueIdForUIElement
        on the secondary thread. This function is not thread safe and hence the
        random crashes.
        This changes AXIsolatedObject::detachPlatformWrapper to call the
        wrapper's detachIsolatedObject, avoiding the above problem altogether.
        The wrapper's detach remains the same that it was before isolated tree
        mode was introduced, and should only run on the main thread.

        * accessibility/AccessibilityObjectInterface.h:
        * accessibility/isolatedtree/AXIsolatedTree.cpp:
        (WebCore::AXIsolatedTree::applyPendingChanges):
        * accessibility/isolatedtree/mac/AXIsolatedObjectMac.mm:
        (WebCore::AXIsolatedObject::detachPlatformWrapper):
        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase detach]):
        (-[WebAccessibilityObjectWrapperBase detachIsolatedObject:]):
        (-[WebAccessibilityObjectWrapperBase detachAXObject]): Merged back into detach.
        (-[WebAccessibilityObjectWrapperBase detachIsolatedObject]): Deleted.
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper unregisterUniqueIdForUIElement]):

2020-08-05  Chris Dumez  <cdumez@apple.com>

        Add constructor for DynamicsCompressorNode
        https://bugs.webkit.org/show_bug.cgi?id=215180

        Reviewed by Geoffrey Garen.

        Add constructor for DynamicsCompressorNode:
        - https://webaudio.github.io/web-audio-api/#dynamicscompressornode

        This patch also add a new handleAudioNodeOptions() member function to
        AudioNode to avoid code duplication and every node constructor.

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::create):
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::AudioNode):
        (WebCore::AudioNode::initializeDefaultNodeOptions):
        (WebCore::AudioNode::handleAudioNodeOptions):
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createDynamicsCompressor):
        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::create):
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::create):
        (WebCore::ConvolverNode::ConvolverNode):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
        * Modules/webaudio/DelayNode.cpp:
        (WebCore::DelayNode::create):
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::create):
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        (WebCore::DynamicsCompressorNode::setChannelCount):
        (WebCore::DynamicsCompressorNode::setChannelCountMode):
        * Modules/webaudio/DynamicsCompressorNode.h:
        * Modules/webaudio/DynamicsCompressorNode.idl:
        * Modules/webaudio/DynamicsCompressorOptions.h: Copied from Source/WebCore/Modules/webaudio/DynamicsCompressorNode.idl.
        * Modules/webaudio/DynamicsCompressorOptions.idl: Copied from Source/WebCore/Modules/webaudio/DynamicsCompressorNode.idl.
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::create):
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::create):
        (WebCore::PannerNode::PannerNode):
        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::create):
        * Modules/webaudio/WebKitAudioPannerNode.cpp:
        (WebCore::WebKitAudioPannerNode::WebKitAudioPannerNode):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-05  Chris Dumez  <cdumez@apple.com>

        Add constructor to ConvolverNode
        https://bugs.webkit.org/show_bug.cgi?id=215169

        Reviewed by Eric Carlson.

        Add constructor to ConvolverNode, as per specification:
        - https://webaudio.github.io/web-audio-api/#ConvolverNode

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createConvolver):
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::create):
        (WebCore::ConvolverNode::ConvolverNode):
        (WebCore::ConvolverNode::setBuffer):
        (WebCore::ConvolverNode::setChannelCount):
        (WebCore::ConvolverNode::setChannelCountMode):
        * Modules/webaudio/ConvolverNode.h:
        * Modules/webaudio/ConvolverNode.idl:
        * Modules/webaudio/ConvolverOptions.h: Copied from Source/WebCore/Modules/webaudio/ConvolverNode.idl.
        * Modules/webaudio/ConvolverOptions.idl: Copied from Source/WebCore/Modules/webaudio/ConvolverNode.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-05  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r265266) DumpRenderTree crash at WebKitAudioListener::dopplerFactor
        https://bugs.webkit.org/show_bug.cgi?id=215171
        <rdar://problem/66556999>

        Reviewed by Eric Carlson.

        We were calling the isWebKitAudioContext() virtual function from the BaseAudioContext
        constructor, which was not OK. We now initialize the listener lazily so that we can
        know if we are a WebKitAudioContext or not at the time of creation.

        Also use downcast<> instead of static_cast<> to cast from AudioListener to
        WebKitAudioListener for extra safety. Finally, AudioListener was missing a virtual
        destructor even though we were using polymorphism.

        No new tests, covered by existing tests that are crashing on the bots.

        * Modules/webaudio/AudioListener.h:
        (WebCore::AudioListener::isWebKitAudioListener const):
        * Modules/webaudio/AudioListener.idl:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::constructCommon):
        (WebCore::WebCore::BaseAudioContext::listener):
        * Modules/webaudio/BaseAudioContext.h:
        (WebCore::BaseAudioContext::listener): Deleted.
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::listener):
        (WebCore::PannerNode::getAzimuthElevation):
        (WebCore::PannerNode::distanceConeGain):
        * Modules/webaudio/PannerNode.h:
        * Modules/webaudio/WebKitAudioContext.h:
        (WebCore::WebKitAudioContext::listener):
        * Modules/webaudio/WebKitAudioListener.h:
        (isType):
        * Modules/webaudio/WebKitAudioListener.idl:
        * Modules/webaudio/WebKitAudioPannerNode.cpp:
        (WebCore::WebKitAudioPannerNode::listener):
        (WebCore::WebKitAudioPannerNode::getAzimuthElevation):
        (WebCore::WebKitAudioPannerNode::dopplerRate):
        (WebCore::WebKitAudioPannerNode::distanceConeGain):
        * Modules/webaudio/WebKitAudioPannerNode.h:

2020-08-05  Chris Dumez  <cdumez@apple.com>

        Align BiquadFilterNode.getFrequencyResponse() with the specification
        https://bugs.webkit.org/show_bug.cgi?id=215148

        Reviewed by Eric Carlson.

        Align BiquadFilterNode.getFrequencyResponse() with the specification:
        - https://webaudio.github.io/web-audio-api/#dom-biquadfilternode-getfrequencyresponse

        In particular, the 3 argument arrays should not be nullable and we should throw
        if they have different lengths.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::getFrequencyResponse):
        * Modules/webaudio/BiquadFilterNode.h:
        * Modules/webaudio/BiquadFilterNode.idl:

2020-08-05  Chris Dumez  <cdumez@apple.com>

        Add constructor to BiquadFilterNode
        https://bugs.webkit.org/show_bug.cgi?id=215144

        Reviewed by Eric Carlson.

        Add constructor to BiquadFilterNode:
        - https://webaudio.github.io/web-audio-api/#biquadfilternode

        No new tests, rebaselined existing tests..

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createBiquadFilter):
        * Modules/webaudio/BiquadDSPKernel.cpp:
        (WebCore::BiquadDSPKernel::updateCoefficientsIfNecessary):
        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::create):
        (WebCore::BiquadFilterNode::BiquadFilterNode):
        * Modules/webaudio/BiquadFilterNode.h:
        * Modules/webaudio/BiquadFilterNode.idl:
        * Modules/webaudio/BiquadFilterOptions.h: Copied from Source/WebCore/Modules/webaudio/BiquadFilterNode.idl.
        * Modules/webaudio/BiquadFilterOptions.idl: Copied from Source/WebCore/Modules/webaudio/BiquadFilterNode.idl.
        * Modules/webaudio/BiquadFilterType.h: Copied from Source/WebCore/Modules/webaudio/BiquadFilterNode.idl.
        * Modules/webaudio/BiquadFilterType.idl: Copied from Source/WebCore/Modules/webaudio/BiquadFilterNode.idl.
        * Modules/webaudio/BiquadProcessor.cpp:
        (WebCore::BiquadProcessor::BiquadProcessor):
        * Modules/webaudio/BiquadProcessor.h:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-04  Simon Fraser  <simon.fraser@apple.com>

        Update event regions only once per frame
        https://bugs.webkit.org/show_bug.cgi?id=215132
        <rdar://problem/66533779>

        Reviewed by Darin Adler.

        Event regions (for touch-action, editable areas etc) were updated as part of
        compositing updates, but we only need their output once per rendering update, so
        move their computation out of RenderLayerCompositor::updateBackingAndHierarchy() 
        and into a new RenderLayer tree walk that is called from Page::doAfterUpdateRendering().

        RenderLayerBacking stores a dirty bit to track when regions need to be updated.

        Reduces the amount of time spent in rendering updates when scrolling on facebook.com
        on iPad, which has lots of discontiguous touch-action regions.

        * dom/Document.cpp:
        (WebCore::Document::updateEventRegions):
        * dom/Document.h:
        * page/Frame.cpp:
        (WebCore::Frame::layerTreeAsText const):
        * page/Page.cpp:
        (WebCore::Page::doAfterUpdateRendering):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::maintainsEventRegion const):
        (WebCore::RenderLayerBacking::updateEventRegion):
        * rendering/RenderLayerBacking.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateEventRegions):
        (WebCore::RenderLayerCompositor::updateBackingAndHierarchy):
        * rendering/RenderLayerCompositor.h:

2020-08-05  Adrian Perez de Castro  <aperez@igalia.com>

        Unreviewed non-unified build fix.

        No new tests needed.

        * Modules/webaudio/AudioListener.h: Add forward declaration for BaseAudioSharedUnit.

2020-08-05  Sihui Liu  <sihui_liu@appe.com>

        TextManipulationController should observe newly inserted or displayed text
        https://bugs.webkit.org/show_bug.cgi?id=215157

        Reviewed by Wenson Hsieh.

        TextManipulationController already tracks renderer state of Element, but the case where Text children of an 
        Element is newly inserted and displayed is not covered. Therefore, TextManipulationController also needs to
        know when render of Text is created.

        API test: TextManipulation.CompleteTextManipulationForNewlyDisplayedText

        * editing/TextManipulationController.cpp:
        (WebCore::TextManipulationController::didCreateRendererForTextNode):
        (WebCore::TextManipulationController::scheduleObservationUpdate):
        (WebCore::TextManipulationController::removeNode):
        * editing/TextManipulationController.h:
        * rendering/updating/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::createTextRenderer):

2020-08-05  Youenn Fablet  <youenn@apple.com>

        RegistrationDatabase::openSQLiteDatabase can spin
        https://bugs.webkit.org/show_bug.cgi?id=215120
        <rdar://problem/64850347>

        Reviewed by Geoffrey Garen.

        In case we fail opening the database when importing, we delete the database, the file and retry.
        We do not need to retry in that case since there is nothing to import. Update the code to proceed with sending an import failure to SWServer.

        In case of pushing changes to the database, it might be useful to retry but it is best to do this asynchronously.
        For instance, there might be a script deleting the files/folders where is stored the database.
        In that case, we check the result of pushing changes.
        If they succeed, we call the completion handler and stop.
        Otherwise, we will retry pushing the changes if changes were not pushed again in the meantime.
        We introduce a push counter for that purpose.

        * workers/service/server/RegistrationDatabase.cpp:
        (WebCore::RegistrationDatabase::postTaskToWorkQueue):
        (WebCore::RegistrationDatabase::openSQLiteDatabase):
        (WebCore::RegistrationDatabase::importRecordsIfNecessary):
        (WebCore::RegistrationDatabase::pushChanges):
        (WebCore::RegistrationDatabase::schedulePushChanges):
        (WebCore::RegistrationDatabase::doPushChanges):
        * workers/service/server/RegistrationDatabase.h:
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::registrationStoreDatabaseFailedToOpen):

2020-08-05  Youenn Fablet  <youenn@apple.com>

        SWServerJobQueue::didResolveRegistrationPromise should not assume its registration key relates to an existing worker
        https://bugs.webkit.org/show_bug.cgi?id=215123
        <rdar://problem/65096786>

        Reviewed by Geoffrey Garen.

        We know that in some cases, the registration is null in SWServerJobQueue::didResolveRegistrationPromise.
        This might happen for instance in case a worker gets terminated, thus removing a job and the next job is clearing the registration.
        Also, SWServerJobQueue::didResolveRegistrationPromise is not checking that the job identifier is the same in SWServerJobQueue::install
        and SWServerJobQueue::didResolveRegistrationPromise while other code paths do.

        A future refactoring might allow to call SWServerJobQueue::didResolveRegistrationPromise code synchronously from SWServerJobQueue::install.
        In the meantime, let's add a null check and add release logging for that case.

        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::SWServerJobQueue::install):
        (WebCore::SWServerJobQueue::didResolveRegistrationPromise):

2020-08-05  Rob Buis  <rbuis@igalia.com>

        Allow multiple calls to PerformanceObserver.observe with different types
        https://bugs.webkit.org/show_bug.cgi?id=214884

        Reviewed by Darin Adler.

        Allow multiple calls to PerformanceObserver.observe with different type, but
        throw an exception if the observer type is changed [1].

        Behavior matches Firefox and Chrome.

        Test: imported/web-platform-tests/performance-timeline/po-observe-type.any.html

        [1] https://w3c.github.io/performance-timeline/#observe-method

        * page/PerformanceObserver.cpp:
        (WebCore::PerformanceObserver::observe):
        * page/PerformanceObserver.h:

2020-08-05  Youenn Fablet  <youenn@apple.com>

        Update AudioSampleDataSource offset computation
        https://bugs.webkit.org/show_bug.cgi?id=215127
        <rdar://problem/65938265>

        Reviewed by Eric Carlson.

        As per logs, it sometimes happens that the offset is so big that the timestamp is below the start of the window.
        In that case, our logic is not able to catch up and reduce the offset.
        To handle this, we special case if the timestamp is below the start frame and do as if we were starting from scratch.
        Otherwise, we continue our logic to fine tune the offset by slowly making it bigger to not hit the end of the window but still be close to it.
        Updated logging to help further debugging this issue if needed.

        * platform/audio/mac/AudioSampleDataSource.h:
        * platform/audio/mac/AudioSampleDataSource.mm:
        (WebCore::AudioSampleDataSource::pushSamplesInternal):
        (WebCore::computeOffsetDelay):
        (WebCore::AudioSampleDataSource::pullSamplesInternal):
        (WebCore::AudioSampleDataSource::pullAvalaibleSamplesAsChunks):
        * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp:
        (WebCore::RealtimeIncomingAudioSourceCocoa::OnData):

2020-08-05  Eric Liang  <ericliang@apple.com>

        AX: WebCore should provide a way to get raw role for accessibility objects
        https://bugs.webkit.org/show_bug.cgi?id=215149

        Reviewed by Chris Fleizach.

        Added a conversion from WebRole to string for accessibility.
        This allows us to get it in the WebKit bundle.

        * accessibility/AXLogger.cpp:
        (WebCore::operator<<):
        * accessibility/AccessibilityObjectInterface.h:
        (WebCore::accessibilityRoleToString):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityElementCount]):
        (-[WebAccessibilityObjectWrapper _accessibilityWebRoleAsString]):
        (-[WebAccessibilityObjectWrapper accessibilityTraits]):

2020-08-04  Devin Rousso  <drousso@apple.com>

        "DoubleDown Casino" respin button stops working with trackpad
        https://bugs.webkit.org/show_bug.cgi?id=215146
        <rdar://problem/64668138>

        Reviewed by Tim Horton.

        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isDoubleDown): Added.

2020-08-04  Chris Dumez  <cdumez@apple.com>

        Align AudioListener with the W3C specification
        https://bugs.webkit.org/show_bug.cgi?id=215134

        Reviewed by Geoffrey Garen.

        Align AudioListener with the W3C specification:
        - https://webaudio.github.io/web-audio-api/#audiolistener

        Note that the prefixed API still behaves the way it used to. I have maintained
        the old version of the AudioListener API by moving it to a new
        WebKitAudioListener interface.

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioListener.cpp:
        (WebCore::AudioListener::AudioListener):
        (WebCore::AudioListener::setPosition):
        (WebCore::AudioListener::position const):
        (WebCore::AudioListener::setOrientation):
        (WebCore::AudioListener::orientation const):
        (WebCore::AudioListener::upVector const):
        * Modules/webaudio/AudioListener.h:
        (WebCore::AudioListener::create):
        (WebCore::AudioListener::positionX):
        (WebCore::AudioListener::positionY):
        (WebCore::AudioListener::positionZ):
        (WebCore::AudioListener::forwardX):
        (WebCore::AudioListener::forwardY):
        (WebCore::AudioListener::forwardZ):
        (WebCore::AudioListener::upX):
        (WebCore::AudioListener::upY):
        (WebCore::AudioListener::upZ):
        * Modules/webaudio/AudioListener.idl:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::constructCommon):
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::dopplerRate):
        * Modules/webaudio/WebKitAudioContext.h:
        (WebCore::WebKitAudioContext::listener):
        * Modules/webaudio/WebKitAudioContext.idl:
        * Modules/webaudio/WebKitAudioListener.h: Copied from Source/WebCore/Modules/webaudio/AudioListener.h.
        * Modules/webaudio/WebKitAudioListener.idl: Copied from Source/WebCore/Modules/webaudio/AudioListener.idl.
        * Modules/webaudio/WebKitAudioPannerNode.cpp:
        (WebCore::WebKitAudioPannerNode::listener):
        * Modules/webaudio/WebKitAudioPannerNode.h:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2020-08-04  Myles C. Maxfield  <mmaxfield@apple.com>

        Add glyph origins member to GlyphBuffer
        https://bugs.webkit.org/show_bug.cgi?id=215057

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        The solution for https://bugs.webkit.org/show_bug.cgi?id=214769 requires applying
        letter-spacing after text shaping. Today, we apply letter-spacing before text
        shaping, which is wrong. However, if we want to apply letter-spacing after text
        shaping, we need to use CTFontShapeGlyphs(), which outputs glyph origins in
        addition to glyph advances. Adding a glyph origins field to GlyphBuffer allows us
        to flatten these origins at the appropriate places.

        This patch is meant to be applied on top of
        https://bugs.webkit.org/show_bug.cgi?id=215051, which decreases the inline sizes
        of these vector members from 2048 to 1024. I measured the median and mean of these
        strings in our Page Load Test to be 6 and 7.4, which indicates we were being wildly
        inefficient with the members of GlyphBuffer. Decreasing these inline sizes means
        we're now using less memory than we were before.

        No new tests becasue there is no behavior change yet. This patch just adds the
        field. The next patch will hook up CTFontShapeGlyphs() itself.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::drawText const):
        (WebCore::FontCascade::drawEmphasisMarks const):
        (WebCore::FontCascade::displayListForTextRun const):
        (WebCore::FontCascade::drawGlyphBuffer const):
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBufferAdvance::GlyphBufferAdvance):
        (WebCore::GlyphBufferOrigin::GlyphBufferOrigin):
        (WebCore::GlyphBufferOrigin::operator FloatPoint):
        (WebCore::GlyphBufferOrigin::setX):
        (WebCore::GlyphBufferOrigin::setY):
        (WebCore::GlyphBufferOrigin::x const):
        (WebCore::GlyphBufferOrigin::y const):
        (WebCore::GlyphBufferOrigin::encode const):
        (WebCore::GlyphBufferOrigin::decode):
        (WebCore::GlyphBuffer::clear):
        (WebCore::GlyphBuffer::origins):
        (WebCore::GlyphBuffer::origins const):
        (WebCore::GlyphBuffer::add):
        (WebCore::GlyphBuffer::remove):
        (WebCore::GlyphBuffer::makeHole):
        (WebCore::GlyphBuffer::shrink):
        (WebCore::GlyphBuffer::flatten):
        (WebCore::GlyphBuffer::isFlattened const):
        (WebCore::GlyphBuffer::swap):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawGlyphs):
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::DrawGlyphs::generateGlyphBuffer const):

2020-08-04  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver needs access to font styling at insertion point
        https://bugs.webkit.org/show_bug.cgi?id=215129
        <rdar://problem/65114972>

        Reviewed by Darin Adler.

        Give access to relevant font styling properties at the insertion point so that VoiceOver can speak them
        when text commands alter styling.

        Test: accessibility/mac/resolved-text-editing.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::resolvedEditingStyles const):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityObjectInterface.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityResolvedEditingStyles]):
        * accessibility/isolatedtree/AXIsolatedObject.cpp:
        (WebCore::AXIsolatedObject::resolvedEditingStyles const):
        * accessibility/isolatedtree/AXIsolatedObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase baseAccessibilityResolvedEditingStyles]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper ALLOW_DEPRECATED_IMPLEMENTATIONS_END]):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

2020-08-04  Peng Liu  <peng.liu6@apple.com>

        REGRESSION (r265019): ASSERTION FAILED: !m_impl || m_impl->wasConstructedOnMainThread() == isMainThread() under WebCore::PlaybackSessionInterfaceAVKit::invalidate()
        https://bugs.webkit.org/show_bug.cgi?id=215118

        Reviewed by Jer Noble.

        Revert the change about using a WeakPtr of PlaybackSessionModel in r265019.
        On WK1, a VideoFullscreenControllerContext (a subclass of PlaybackSessionModel)
        object is created on the main thread, so we cannot use a WeakPtr of it on
        the UI thread.

        No new tests, fix an API test failure: WebKitLegacy.AudioSessionCategoryIOS.

        * platform/ios/PlaybackSessionInterfaceAVKit.h:
        * platform/ios/PlaybackSessionInterfaceAVKit.mm:
        (WebCore::PlaybackSessionInterfaceAVKit::PlaybackSessionInterfaceAVKit):
        (WebCore::PlaybackSessionInterfaceAVKit::playbackSessionModel const):

2020-08-04  Chris Dumez  <cdumez@apple.com>

        Align AudioBufferSourceNode's start() / stop() with the specification
        https://bugs.webkit.org/show_bug.cgi?id=215130

        Reviewed by Darin Adler.

        Align AudioBufferSourceNode's start() / stop() with the specification:
        - https://www.w3.org/TR/webaudio/#dom-audiobuffersourcenode-start
        - https://www.w3.org/TR/webaudio/#dom-audioscheduledsourcenode-stop

        In particular, we should throw a RangeError when the parameters are invalid,
        not an InvalidStateError. Also, we should not return early if there is no
        buffer.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::startPlaying):
        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::startLater):
        (WebCore::AudioScheduledSourceNode::stopLater):

2020-08-04  Andres Gonzalez  <andresg_22@apple.com>

        Add the ability of comparing the accessibility tree with isolated tree mode on and off.
        https://bugs.webkit.org/show_bug.cgi?id=215000

        Reviewed by Chris Fleizach.

        Test: accessibility/mac/isolated-tree-mode-on-off.html

        Added [WebAccessibilityObjectWrapper isIsolatedObject] for testing
        purposes, so that layout tests can determine whether an object is
        isolated or not. It should not be used by real clients since there
        should be no difference in behavior of a WebAccessibilityObjectWrapper
        from a client point of view, regardless the underlying object being
        isolated or not.

        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase isIsolatedObject]):

2020-08-04  Chris Dumez  <cdumez@apple.com>

        Move non standard AudioBufferSourceNode API to new WebKitAudioBufferSourceNode interface
        https://bugs.webkit.org/show_bug.cgi?id=215106

        Reviewed by Eric Carlson.

        Move non standard AudioBufferSourceNode API to new WebKitAudioBufferSourceNode interface
        to maintain backward compatibility while having an unprefixed API that matches the
        specification:
        - https://www.w3.org/TR/webaudio/#AudioBufferSourceNode

        In particular the 'playbackState' and 'gain' attributes should not part of the standard.

        Test: webaudio/audiobuffersourcenode-legacy-api.html

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        (WebCore::AudioBufferSourceNode::process):
        (WebCore::AudioBufferSourceNode::reset):
        * Modules/webaudio/AudioBufferSourceNode.h:
        (WebCore::AudioBufferSourceNode::legacyGainValue const):
        * Modules/webaudio/AudioBufferSourceNode.idl:
        * Modules/webaudio/WebKitAudioBufferSourceNode.h: Copied from Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl.
        * Modules/webaudio/WebKitAudioBufferSourceNode.idl: Copied from Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl.
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createWebKitBufferSource):
        * Modules/webaudio/WebKitAudioContext.h:
        * Modules/webaudio/WebKitAudioContext.idl:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2020-08-04  Youenn Fablet  <youenn@apple.com>

        Remove AudioSampleDataSource::setPaused
        https://bugs.webkit.org/show_bug.cgi?id=215125

        Reviewed by Geoffrey Garen.

        m_paused is unused except for setting m_transitioningFromPaused.
        setPaused is only used in AudioMediaStreamTrackRenderCocoa at creation of the source.
        We can remove the call for setPaused(true) and remove setPaused/m_paused.

        * platform/audio/mac/AudioSampleDataSource.h:
        * platform/audio/mac/AudioSampleDataSource.mm:
        (WebCore::AudioSampleDataSource::setPaused): Deleted.
        * platform/mediastream/mac/AudioMediaStreamTrackRendererCocoa.cpp:
        (WebCore::AudioMediaStreamTrackRendererCocoa::pushSamples):

2020-08-04  Rob Buis  <rbuis@igalia.com>

        Performance.getEntriesByName/Type should match case sensitive
        https://bugs.webkit.org/show_bug.cgi?id=214960

        Reviewed by Youenn Fablet.

        Performance.getEntriesByName/Type should match case sensitive [1].

        Behavior matches Firefox and Chrome.

        Tests: imported/w3c/web-platform-tests/performance-timeline/case-sensitivity.any.html
               imported/w3c/web-platform-tests/performance-timeline/case-sensitivity.any.worker.html

        [1] https://w3c.github.io/performance-timeline/#getentriesbytype-method

        * page/Performance.cpp:
        (WebCore::Performance::getEntriesByType const):
        (WebCore::Performance::getEntriesByName const):

2020-08-03  Simon Fraser  <simon.fraser@apple.com>

        m_isEditableRegionEnabled should be reset in didCommitLoad, not didFinishLoad
        https://bugs.webkit.org/show_bug.cgi?id=215115

        Reviewed by Wenson Hsieh.

        Resetting m_isEditableRegionEnabled in didFinishLoad() is too late because
        inline script at the end of the <body> (e.g. in a layout test) will have already
        run before the reset.
        
        Fix by adding Page::didCommitLoad() and resetting m_isEditableRegionEnabled there.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::dispatchDidCommitLoad):
        * page/Page.cpp:
        (WebCore::Page::didCommitLoad):
        (WebCore::Page::didFinishLoad):
        * page/Page.h:

2020-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Unconditionally record string offsets in the fast text codepath
        https://bugs.webkit.org/show_bug.cgi?id=215051

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        The solution for https://bugs.webkit.org/show_bug.cgi?id=214769 requires applying
        letter-spacing after text shaping. Today, we apply letter-spacing before text
        shaping, which is wrong. However, if we want to apply letter-spacing after text
        shaping, we will need a way of mapping back which shaped glyphs correspond to
        which characters in the string, so we can apply letter-spacing to the correct
        glyphs. Therefore, we need to record string offsets any time letter-spacing can
        be applied (which is all the time - letter spacing can be applied on any element).

        This also helps on the path toward https://bugs.webkit.org/show_bug.cgi?id=214769.
        When we move off the complex text codepath, we will need these string offsets
        to calculate things like what the text range of a selection is when the user has
        selected some glyphs on the page.

        There is no performance change because these string offsets were already being
        calculated; the difference is just that we're storing them now. Also, we were
        being wildly inefficient with the members of GlyphBuffer, giving them inline
        sizes of 2048. I measured the median and mean of these strings in our Page Load
        Test to be 6 and 7.4. So, I cut down the inline sizes down to 1024, so now we're
        using less memory than we were before.

        No new tests because there is no behavior change. The additional string offsets
        are unused (for now). A subsequent patch will start using them.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::layoutText const):
        (WebCore::FontCascade::drawEmphasisMarks const):
        (WebCore::computeUnderlineType):
        (WebCore::FontCascade::layoutSimpleText const):
        (WebCore::FontCascade::layoutComplexText const):
        (WebCore::FontCascade::dashesForIntersectionsWithRect const):
        * platform/graphics/FontCascade.h:
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::clear):
        (WebCore::GlyphBuffer::fonts):
        (WebCore::GlyphBuffer::offsetsInString):
        (WebCore::GlyphBuffer::fonts const):
        (WebCore::GlyphBuffer::offsetsInString const):
        (WebCore::GlyphBuffer::glyphAt const):
        (WebCore::GlyphBuffer::advanceAt const):
        (WebCore::GlyphBuffer::stringOffsetAt const):
        (WebCore::GlyphBuffer::add):
        (WebCore::GlyphBuffer::remove):
        (WebCore::GlyphBuffer::makeHole):
        (WebCore::GlyphBuffer::expandLastAdvance):
        (WebCore::GlyphBuffer::shrink):
        (WebCore::GlyphBuffer::swap):
        (WebCore::GlyphBuffer::saveOffsetsInString): Deleted.
        (WebCore::GlyphBuffer::offsetInString const): Deleted.

2020-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Rename WidthIterator::m_currentCharacter to WidthIterator::m_currentCharacterIndex
        https://bugs.webkit.org/show_bug.cgi?id=215056

        Reviewed by Darin Adler.

        It represents an index, not a character.

        No new tests because there is no behavior change.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::offsetForPositionForSimpleText const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        (WebCore::WidthIterator::advanceOneCharacter):
        * platform/graphics/WidthIterator.h:
        (WebCore::WidthIterator::currentCharacterIndex const):
        (WebCore::WidthIterator::currentCharacter const): Deleted.

2020-08-03  Youenn Fablet  <youenn@apple.com>

        Move user gesture propagation over promise behind a feature flag
        https://bugs.webkit.org/show_bug.cgi?id=215014

        Reviewed by Eric Carlson.

        If runtime flag is false, disable user gesture propagation to the next micro task.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop):
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::userGesturePromisePropagationEnabled const):
        (WebCore::RuntimeEnabledFeatures::setUserGesturePromisePropagationEnabled):

2020-08-03  Chris Dumez  <cdumez@apple.com>

        Add constructor for AudioBufferSourceNode
        https://bugs.webkit.org/show_bug.cgi?id=215096

        Reviewed by Darin Adler.

        Add constructor for AudioBufferSourceNode as per:
        - https://www.w3.org/TR/webaudio/#DelayNode

        This patch also adds support for the detune attribute on AudioBufferSourceNode,
        which gets initialized by the constructor.

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::create):
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        (WebCore::AudioBufferSourceNode::process):
        (WebCore::AudioBufferSourceNode::reset):
        (WebCore::AudioBufferSourceNode::totalPitchRate):
        * Modules/webaudio/AudioBufferSourceNode.h:
        * Modules/webaudio/AudioBufferSourceNode.idl:
        * Modules/webaudio/AudioBufferSourceOptions.h: Copied from Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl.
        * Modules/webaudio/AudioBufferSourceOptions.idl: Copied from Source/WebCore/Modules/webaudio/AudioBufferSourceNode.idl.
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createBufferSource):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-03  Simon Fraser  <simon.fraser@apple.com>

        Add an EventRegions log channel
        https://bugs.webkit.org/show_bug.cgi?id=215092

        Reviewed by Daniel Bates.

        Add a log channel for EventRegions, add logging in some interesting places.

        * platform/Logging.h:
        * rendering/EventRegion.cpp:
        (WebCore::EventRegion::unite):
        (WebCore::EventRegion::uniteTouchActions):
        (WebCore::EventRegion::uniteEventListeners):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintObject):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateEventRegion):

2020-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Make FontCascade.drawText() return a FloatSize instead of a float
        https://bugs.webkit.org/show_bug.cgi?id=215055

        Reviewed by Darin Adler.

        Advances are philosophically two-dimensional data structures.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        No new tests because there shouldn't be any behavior change. But in the weird
        rare case where there might be, we should be defensive and handle it correctly.
        I've never seen one of these cases, though.

        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::drawElementTitle):
        * page/DebugPageOverlays.cpp:
        (WebCore::drawRightAlignedText):
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::drawText const):
        * platform/graphics/FontCascade.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawText):
        (WebCore::GraphicsContext::drawBidiText):
        * platform/graphics/GraphicsContext.h:

2020-08-03  Tim Horton  <timothy_horton@apple.com>

        Occasional crashes when running nested runloops while using UIWebView
        https://bugs.webkit.org/show_bug.cgi?id=213067
        <rdar://problem/64239727>

        Reviewed by Darin Adler.

        New test: WebKitLegacy.NestedRunLoopUnderRunLoopObserverDoubleUnlock

        * platform/ios/wak/WebCoreThread.mm:
        (MainRunLoopAutoUnlock):
        (_WebThreadAutoLock):
        Under certain circumstances, a CFRunLoopObserver that is already removed
        can fire again (e.g. when removed in a nested runloop, it can be fired again
        in the main runloop).

        The WebThread code assumes that the auto-unlock observer is called exactly
        once after being installed. If this is not the case, the main thread lock
        count can underflow, wreaking havoc the next time we try to lock.
        Instead of depending on CFRunLoop to do this for us, make it explicit
        with a global boolean.

        This leaves in place the somewhat-odd behavior that running a nested
        runloop can cause the main runloop's WebThread lock to be dropped, because
        a great deal of code (and tests) depend on this behavior (keeping the lock
        held until the outer runloop spins would result in deadlock if the inner
        runloop's loop condition depends on the WebThread being able to execute code).
        However, this is not unique to this underflow case, and appears to be
        extremely long-standing behavior, so maintaining it seems the best course of action.

2020-08-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        Remove the ENABLE_DATA_INTERACTION feature flag
        https://bugs.webkit.org/show_bug.cgi?id=215091

        Reviewed by Megan Gardner.

        `ENABLE(DATA_INTERACTION)` is an alias for `PLATFORM(IOS_FAMILY) && ENABLE(DRAG_SUPPORT)`. It was used early on
        when bringing drag and drop support to iPad in order to hide the feature from open source WebKit code, and has
        not been necessary for several years.

        * page/DragController.cpp:
        (WebCore::DragController::shouldUseCachedImageForDragImage const):
        * page/DragController.h:
        (WebCore::DragController::canLoadDataFromDraggingPasteboard const):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dragCancelled):
        (WebCore::EventHandler::didStartDrag):
        * page/FocusController.cpp:
        (WebCore::shouldClearSelectionWhenChangingFocusedElement):
        * page/mac/DragControllerMac.mm:
        * platform/DragImage.cpp:
        * platform/ios/WebItemProviderPasteboard.mm:

2020-08-03  Chris Dumez  <cdumez@apple.com>

        Add constructor for GainNode
        https://bugs.webkit.org/show_bug.cgi?id=215093

        Reviewed by Eric Carlson.

        Add constructor for GainNode as per:
        - https://www.w3.org/TR/webaudio/#gainnode

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createGain):
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::create):
        (WebCore::GainNode::GainNode):
        (WebCore::GainNode::process):
        (WebCore::GainNode::reset):
        * Modules/webaudio/GainNode.h:
        * Modules/webaudio/GainNode.idl:
        * Modules/webaudio/GainOptions.h: Copied from Source/WebCore/Modules/webaudio/GainNode.idl.
        * Modules/webaudio/GainOptions.idl: Copied from Source/WebCore/Modules/webaudio/GainNode.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-03  Chris Dumez  <cdumez@apple.com>

        Add constructor to DelayNode
        https://bugs.webkit.org/show_bug.cgi?id=215083

        Reviewed by Eric Carlson.

        Add constructor to DelayNode:
        - https://www.w3.org/TR/webaudio/#DelayNode

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createDelay):
        * Modules/webaudio/DelayDSPKernel.cpp:
        (WebCore::DelayDSPKernel::process):
        * Modules/webaudio/DelayNode.cpp:
        (WebCore::DelayNode::DelayNode):
        (WebCore::DelayNode::create):
        (WebCore::DelayNode::delayTime):
        * Modules/webaudio/DelayNode.h:
        * Modules/webaudio/DelayNode.idl:
        * Modules/webaudio/DelayOptions.h: Copied from Source/WebCore/Modules/webaudio/DelayNode.idl.
        * Modules/webaudio/DelayOptions.idl: Copied from Source/WebCore/Modules/webaudio/DelayNode.idl.
        * Modules/webaudio/DelayProcessor.cpp:
        (WebCore::DelayProcessor::DelayProcessor):
        * Modules/webaudio/DelayProcessor.h:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Make WidthIterator::advance() return void
        https://bugs.webkit.org/show_bug.cgi?id=215053

        Reviewed by Darin Adler.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769
        and https://bugs.webkit.org/show_bug.cgi?id=206208.

        This is a small simplification in the fast text codepath. It used to return
        how many characters were consumed. However, this information is already
        exposed by just calling currentCharacter() on the width iterator before and
        after calling advance().

        No new tests because there is no behavior change.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::drawText const):
        (WebCore::FontCascade::displayListForTextRun const):
        (WebCore::FontCascade::layoutSimpleText const):
        (WebCore::FontCascade::adjustSelectionRectForSimpleText const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal):
        (WebCore::WidthIterator::advance):
        * platform/graphics/WidthIterator.h:
        * rendering/svg/SVGTextMetricsBuilder.cpp:
        (WebCore::SVGTextMetricsBuilder::advanceSimpleText):

2020-08-03  Youenn Fablet  <youenn@apple.com>

        MediaRecorderPrivateWriter should ensure its writer input is ready for more data before appending new samples
        https://bugs.webkit.org/show_bug.cgi?id=215081

        Reviewed by Eric Carlson.

        After r265192, we were checking whether the writer input was ready.
        If so, we were pushing pending samples and then the new sample.
        The issue is that pushing pending samples might make the writer input no longer ready.
        Update the code to enqueue the sample if its writer input is not ready.
        Add an ASSERT in appendCompressedVideoSampleBuffer to make sure this is the case.

        Also make sure that we only enqueue the end of segment sample if video writer input is ready.

        Make sure flushCompressedSampleBuffers is called directly by stopRecording only if not already flushing samples.
        If we are not flushing, we proceed with the stop steps.
        If not, we wait for the end of flushCompressedSampleBuffers to proceed with the stop steps.

        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
        (WebCore::MediaRecorderPrivateWriter::appendCompressedAudioSampleBufferIfPossible):
        (WebCore::MediaRecorderPrivateWriter::appendCompressedVideoSampleBufferIfPossible):
        (WebCore::MediaRecorderPrivateWriter::appendCompressedVideoSampleBuffer):
        (WebCore::MediaRecorderPrivateWriter::flushCompressedSampleBuffers):
        (WebCore::MediaRecorderPrivateWriter::stopRecording):
        (WebCore::MediaRecorderPrivateWriter::finishedFlushingSamples):
        (WebCore::MediaRecorderPrivateWriter::doStopRecording):

2020-08-03  Clark Wang  <clark_wang@apple.com>

        Added AudioBuffer Constructor
        https://bugs.webkit.org/show_bug.cgi?id=214990

        Reviewed by Chris Dumez.

        Added AudioBuffer constructor according to spec: https://www.w3.org/TR/webaudio/#AudioBuffer-constructors.
        Added in AudioBufferOptions files. Updated BaseAudioContext::createBuffer to use new constructor.

        Re-baselined existing tests. Some fail now due to unsupported sampleRate.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::create):
        (WebCore::AudioBuffer::AudioBuffer):
        * Modules/webaudio/AudioBuffer.h:
        * Modules/webaudio/AudioBuffer.idl:
        * Modules/webaudio/AudioBufferOptions.h: Added.
        * Modules/webaudio/AudioBufferOptions.idl: Added.
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createBuffer):
        * Modules/webaudio/BaseAudioContext.h:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-03  Kenneth Russell  <kbr@chromium.org>

        [WebGL2] webgl/2.0.0/conformance[2]/textures/image_bitmap* failures
        https://bugs.webkit.org/show_bug.cgi?id=211484

        Reviewed by Dean Jackson.

        Implement ImageBitmapOptions' ImageOrientation and
        PremultiplyAlpha settings.

        ImageOrientation="flipY" is supported directly while constructing
        ImageBitmap's representation, ImageBuffer.

        PremultiplyAlpha="premultiply" can not be supported via
        ImageBuffer's graphics operations, so this attribute is stored on
        ImageBitmap, serialized and deserialized when ImageBitmap is
        transferred, and handled in the WebGL implementation.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpImageBitmap):
        (WebCore::CloneDeserializer::deserialize):
        (WebCore::CloneDeserializer::CloneDeserializer):
        (WebCore::CloneDeserializer::readImageBitmap):
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        * bindings/js/SerializedScriptValue.h:
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        * html/ImageBitmap.cpp:
        (WebCore::ImageBitmap::create):
        (WebCore::ImageBitmap::detachBitmaps):
        (WebCore::imageOrientationForOrientation):
        (WebCore::ImageBitmap::createPromise):
        (WebCore::ImageBitmap::createFromBuffer):
        * html/ImageBitmap.h:
        * html/OffscreenCanvas.cpp:
        (WebCore::OffscreenCanvas::transferToImageBitmap):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::texImageSourceHelper):
        * platform/graphics/ImageBuffer.h:

2020-08-03  Brian Burg  <bburg@apple.com>

        [WebDriver] window.print should not invoke native UI
        https://bugs.webkit.org/show_bug.cgi?id=215084

        Reviewed by Devin Rousso.

        This could be handled at a higher level if there is a valid use case to allow printing,
        but I'm not aware of one. For now, this fixes a script evaluation hang on Mac and iOS.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::print):
        Don't call out to print delegates if this is a WebDriver-controlled page.

2020-08-03  Rob Buis  <rbuis@igalia.com>

        Remove unused API in HighlightMap
        https://bugs.webkit.org/show_bug.cgi?id=215078

        Reviewed by Sam Weinig.

        Remove unused API in HighlightMap, this is probably not needed
        anymore since the maplike code changed at some point.

        * Modules/highlight/HighlightMap.cpp:
        (WebCore::HighlightMap::getGroupForKey): Deleted.
        * Modules/highlight/HighlightMap.h:

2020-08-03  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Assert when restoring lost context
        https://bugs.webkit.org/show_bug.cgi?id=214999

        Reviewed by Darin Adler.

        Remove an assert that was wrong when restoring a lost context.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::initializeVertexArrayObjects):

2020-08-03  Adrian Perez de Castro  <aperez@igalia.com>

        Non-unified build fixes, early August 20202 edition
        https://bugs.webkit.org/show_bug.cgi?id=215082

        Unreviewed build fix.

        No new tests needed.

        * accessibility/AccessibilityRenderObject.cpp: Add missing inclusion of Range.h.
        * dom/RadioButtonGroups.cpp: Ditto.
        * editing/Editing.cpp: Ditto.
        * editing/EditingStyle.cpp: Ditto.
        * editing/EditorCommand.cpp: Ditto.
        * editing/FrameSelection.cpp: Ditto.
        * editing/TypingCommand.cpp: Ditto.
        * editing/VisiblePosition.cpp: Add missing inclusion of SimpleRange.h.
        * rendering/HitTestResult.cpp: Add missing inclusion of Range.h.

2020-08-03  Antti Koivisto  <antti@apple.com>

        REGRESSION(r259585) Text decoration color with value currentColor miscomputed in some cases
        https://bugs.webkit.org/show_bug.cgi?id=215079

        Reviewed by Zalan Bujtas.

        r259585 did some refactoring that broke a special case where text decoration color comes from
        '-webkit-text-fill-color' property.

        Test: fast/text/text-decoration-currentcolor-fill-color.html

        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::decorationColor):

        Move resolving currentColor to RenderStyle.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::colorResolvingCurrentColor const):

        Handle CSSPropertyTextDecorationColor as a special case here.

        (WebCore::RenderStyle::visitedDependentColor const):

2020-08-03  Clark Wang  <clark_wang@apple.com>

        Added Constructor to AnalyserNode
        https://bugs.webkit.org/show_bug.cgi?id=215040

        Reviewed by Chris Dumez.

        Introduced AnalyserNode constructor and AnalyserOptions according to spec:
        https://www.w3.org/TR/webaudio/#AnalyserNode-constructors.

        Re-baselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::create):
        (WebCore::AnalyserNode::AnalyserNode):
        (WebCore::AnalyserNode::setFftSize):
        (WebCore::AnalyserNode::setMinMaxDecibels):
        (WebCore::AnalyserNode::setMinDecibels):
        (WebCore::AnalyserNode::setMaxDecibels):
        * Modules/webaudio/AnalyserNode.h:
        * Modules/webaudio/AnalyserNode.idl:
        * Modules/webaudio/AnalyserOptions.h: Added.
        * Modules/webaudio/AnalyserOptions.idl: Added.
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createAnalyser):
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-08-03  Youenn Fablet  <youenn@apple.com>

        MediaRecorderPrivateWriter::appendEndOfVideoSampleDurationIfNeeded should only call requestMediaDataWhenReadyOnQueue once
        https://bugs.webkit.org/show_bug.cgi?id=214972

        Reviewed by Eric Carlson.

        When processing a compressed sample, pass it to the writer if its ready.
        Otherwise buffer it and retry passing it to the writer next time we have a sample.
        When finishing a write, we call requestMediaDataWhenReadyOnQueue to finish passing samples that are still enqueued.

        Covered by existing tests no longer triggering ObjC exception.

        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
        * platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
        (WebCore::MediaRecorderPrivateWriter::appendCompressedAudioSampleBuffer):
        (WebCore::MediaRecorderPrivateWriter::appendCompressedVideoSampleBufferIfPossible):
        (WebCore::MediaRecorderPrivateWriter::appendCompressedVideoSampleBuffer):
        (WebCore::MediaRecorderPrivateWriter::appendCompressedSampleBuffers):
        (WebCore::MediaRecorderPrivateWriter::finishAppendingCompressedAudioSampleBuffers):
        (WebCore::MediaRecorderPrivateWriter::finishAppendingCompressedVideoSampleBuffers):
        (WebCore::MediaRecorderPrivateWriter::flushCompressedSampleBuffers):

2020-08-02  Darin Adler  <darin@apple.com>

        Remove some member functions of Range and many calls to createLiveRange
        https://bugs.webkit.org/show_bug.cgi?id=215070

        Reviewed by Sam Weinig.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::nextBoundary): Remove createLiveRange.
        (WebCore::AXObjectCache::previousBoundary): Ditto.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _convertToNSRange:]): Take SimpleRange.
        (-[WebAccessibilityObjectWrapper positionForTextMarker:]): Remove createLiveRange.
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]): Ditto.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper _convertToNSRange:]): Take SimpleRange.
        (-[WebAccessibilityObjectWrapper _indexForTextMarker:]): Remove createLiveRange.
        (-[WebAccessibilityObjectWrapper _textMarkerForIndex:]): Ditto.

        * dom/DocumentMarkerController.cpp:
        (WebCore::updateRenderedRectsForMarker): Renamed range to makeSimpleRange.
        (WebCore::makeSimpleRange): Ditto.
        * dom/DocumentMarkerController.h: Update for the above.

        * dom/Range.cpp:
        (WebCore::Range::text const): Use makeSimpleRange.
        (WebCore::Range::shadowRoot const): Deleted.
        (WebCore::intervalsSufficientlyOverlap): Deleted.
        (WebCore::adjustLineHeightOfSelectionRects): Deleted.
        (WebCore::coalesceSelectionRects): Deleted.
        (WebCore::Range::collectSelectionRectsWithoutUnionInteriorLines const): Deleted.
        (WebCore::Range::collectSelectionRects const): Deleted.
        * dom/Range.h: Update for the above. Also make pastLastNode private since it is
        only used inside the Range class's implementation.

        * dom/SimpleRange.cpp:
        (WebCore::SimpleRange::SimpleRange): Removed overload that takes a Range.
        * dom/SimpleRange.h: Update for the above. Removed both constructor overloads
        that take a Range.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::timerFired): Remove createLiveRange.
        (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord): Use
        makeSimpleRange.
        (WebCore::AlternativeTextController::applyAlternativeTextToRange):
        Remove createLiveRange.

        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::styleAtSelectionStart): Remove createLiveRange.
        * editing/Editor.cpp:
        (WebCore::Editor::performCutOrCopy): Ditto.
        (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): Ditto.
        (WebCore::Editor::replaceRangeForSpellChecking): Ditto.
        (WebCore::correctSpellcheckingPreservingTextCheckingParagraph): Ditto.
        (WebCore::Editor::changeBackToReplacedString): Ditto.
        (WebCore::Editor::countMatchesForText): Ditto.
        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::doApply): Ditto.
        (WebCore::InsertListCommand::doApplyForSingleParagraph): Change out
        argument type to SimpleRange.
        * editing/InsertListCommand.h: Update for above.

        * editing/SpellChecker.cpp:
        (WebCore::SpellChecker::isCheckable const): Rewrite questionable logic
        to use intersectingNodes instead of firstNode.

        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findUngrammaticalPhrases const): Remove createLiveRange.
        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::deleteKeyPressed): Ditto.
        (WebCore::TypingCommand::forwardDeleteKeyPressed): Ditto.
        * editing/markup.cpp:
        (WebCore::createFragmentFromText): Ditto.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::setTextAsChildOfElement): Use makeRangeSelectingNodeContents.

        * editing/win/EditorWin.cpp:
        (WebCore::Editor::pasteWithPasteboard): Remove createLiveRange.

        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::addRange): Use makeSimpleRange.
        (WebCore::DOMSelection::deleteFromDocument): Remove createLiveRange.

        * page/DragController.cpp:
        (WebCore::documentFragmentFromDragData): Take SimpleRange.
        (WebCore::DragController::concludeEditDrag): Remove createLiveRange.
        (WebCore::DragController::startDrag): Ditto.

        * page/TextIndicator.cpp:
        (WebCore::selectionRects): Deleted.
        (WebCore::initializeIndicator): Call collectSelectionRects directly here,
        avoiding createLiveRange and using map to convert from Vector<SelectionRect>
        to Vector<FloatRect>.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::interpretationsForCurrentRoot const): Use makeSimpleRange.

        * platform/DragImage.cpp:
        (WebCore::createDragImageForRange): Take SimpleRange.
        * platform/DragImage.h: Update createDragImageForRange to take SimpleRange.

        * platform/Pasteboard.h: Updated Windows-only layering-violating functions
        to take SimpleRange.

        * platform/ios/DragImageIOS.mm:
        (WebCore::createDragImageForRange): Take SimpleRange.

        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::writeRangeToDataObject): Take SimpleRange.
        (WebCore::Pasteboard::writeSelection): Ditto.
        (WebCore::Pasteboard::documentFragment): Ditto.

        * rendering/RenderObject.cpp:
        (WebCore::intervalsSufficientlyOverlap): Added. Moved from Range. Mostly unchanged
        but uses SimpleRange now instead of a live range, and intersectingNodes instead of
        a loop using firstNode and pastLastNode.
        (WebCore::adjustLineHeightOfSelectionRects): Ditto.
        (WebCore::coalesceSelectionRects): Ditto.
        (WebCore::RenderObject::collectSelectionRectsWithoutUnionInteriorLines): Ditto.
        (WebCore::RenderObject::collectSelectionRectsInternal): Ditto.
        (WebCore::RenderObject::collectSelectionRects): Ditto.
        * rendering/RenderObject.h: Update for above.

        * testing/Internals.cpp:
        (WebCore::Internals::markerRangeForNode): Use makeSimplRange.
        (WebCore::Internals::locationFromRange): Ditto.
        (WebCore::Internals::lengthFromRange): Ditto.
        (WebCore::Internals::rangeAsTextUsingBackwardsTextIterator): Ditto.
        (WebCore::Internals::subrange): Ditto.
        (WebCore::Internals::rangeOfStringNearLocation): Ditto.
        (WebCore::Internals::textIndicatorForRange): Ditto.

2020-08-02  Wenson Hsieh  <wenson_hsieh@apple.com>

        Table data is incorrectly translated in some articles on en.wikipedia.org
        https://bugs.webkit.org/show_bug.cgi?id=215071
        <rdar://problem/66354013>

        Reviewed by Darin Adler.

        Text in table cells sometimes end up in adjacent cells after translation, since adjacent cells are currently
        extracted as different tokens in a single item; mitigate this by splitting text in table cells into different
        text manipulation items instead.

        Test: TextManipulation.StartTextManipulationExtractsTableCellsAsSeparateItems

        * editing/TextManipulationController.cpp:
        (WebCore::isEnclosingItemBoundaryElement):

2020-08-01  Rob Buis  <rbuis@igalia.com>

        Remove superfluous ResourceTiming constructor overload
        https://bugs.webkit.org/show_bug.cgi?id=215063

        Reviewed by Sam Weinig.

        Remove superfluous ResourceTiming constructor overload, we
        can just call another overload from ResourceTiming::fromLoad.

        * loader/ResourceTiming.cpp:
        (WebCore::ResourceTiming::fromLoad):
        * loader/ResourceTiming.h:

2020-08-01  Brady Eidson  <beidson@apple.com>

        Special HID mapping for the Logitech F310/F710 controllers.
        https://bugs.webkit.org/show_bug.cgi?id=215050

        Reviewed by Tim Horton.

        Covered by API test.

        These two controllers match the standard mapping perfectly. Easy to support.
        
        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:
        
        * platform/gamepad/KnownGamepads.h:
        
        * platform/gamepad/mac/GamepadConstantsMac.h:
        
        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::create):
        
        * platform/gamepad/mac/HIDGamepadElement.cpp:
        (WebCore::HIDGamepadElement::HIDGamepadElement):
        * platform/gamepad/mac/HIDGamepadElement.h:
        (WebCore::HIDGamepadElement::isAxis const):
        
        * platform/gamepad/mac/LogitechGamepad.cpp: Added.
        (WebCore::LogitechGamepadHatswitch::gamepadValueChanged):
        (WebCore::LogitechGamepad::LogitechGamepad):
        * platform/gamepad/mac/LogitechGamepad.h: 

2020-08-01  Joonghun Park  <jh718.park@samsung.com>

        Unreviewed. Remove the build warnings below since r265150.
        warning: unused parameter ‘foo’ [-Wunused-parameter]

        No new tests, no new behaviors.

        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::doCertificatesMatch):

2020-08-01  Brady Eidson  <beidson@apple.com>

        Special HID mapping for the Google Stadia controller
        https://bugs.webkit.org/show_bug.cgi?id=215061

        Reviewed by Tim Horton.

        New API test coverage.

        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/gamepad/GamepadConstants.h:
        * platform/gamepad/KnownGamepads.h:
        * platform/gamepad/mac/GamepadConstantsMac.h:

        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::create):

        * platform/gamepad/mac/HIDGamepadElement.cpp:
        (WebCore::HIDGamepadElement::HIDGamepadElement):
        (WebCore::HIDGamepadHatswitch::gamepadValueChanged):
        (WebCore::HIDGamepadHatswitch::normalizedValue):
        * platform/gamepad/mac/HIDGamepadElement.h:
        (WebCore::HIDGamepadElement::isAxis const):
        (WebCore::HIDGamepadHatswitch::HIDGamepadHatswitch):

        * platform/gamepad/mac/StadiaHIDGamepad.cpp: Added.
        (WebCore::StadiaHIDGamepad::StadiaHIDGamepad):
        * platform/gamepad/mac/StadiaHIDGamepad.h: 

2020-08-01  Sam Weinig  <weinig@apple.com>

        Convert LinkHeader to use StringParsingBuffer
        https://bugs.webkit.org/show_bug.cgi?id=215017

        Reviewed by Darin Adler.

        Update LinkHeader parsing to use StringParsingBuffer and do some light cleanup.

        * loader/LinkHeader.cpp:
        (WebCore::isSpaceOrTab):
        (WebCore::isNotURLTerminatingChar):
        (WebCore::isValidParameterNameChar):
        (WebCore::isParameterValueEnd):
        (WebCore::isParameterValueChar):
        (WebCore::findURLBoundaries):
        (WebCore::invalidParameterDelimiter):
        (WebCore::validFieldEnd):
        (WebCore::parseParameterDelimiter):
        (WebCore::paramterNameFromString):
        (WebCore::parseParameterName):
        (WebCore::skipQuotesIfNeeded):
        (WebCore::parseParameterValue):
        (WebCore::findNextHeader):
        (WebCore::LinkHeader::LinkHeader):
        (WebCore::LinkHeaderSet::LinkHeaderSet):
        (WebCore::LinkHeaderSet::init): Deleted.
        * loader/LinkHeader.h:

2020-08-01  Darin Adler  <darin@apple.com>

        Remove Range::create and many more uses of live ranges
        https://bugs.webkit.org/show_bug.cgi?id=215004

        Reviewed by Sam Weinig.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::boundsForVisiblePositionRange const):
        Use makeSimpleRange.
        * accessibility/atk/AXObjectCacheAtk.cpp:
        (WebCore::AXObjectCache::nodeTextChangePlatformNotification): Use SimpleRange.
        * accessibility/atk/WebKitAccessibleHyperlink.cpp:
        (rangeLengthForObject): Take SimpleRange.
        (webkitAccessibleHyperlinkGetStartIndex): Use makeSimpleRange.
        (webkitAccessibleHyperlinkGetEndIndex): Ditto.
        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (getSelectionOffsetsForObject): Ditto.
        * accessibility/atk/WebKitAccessibleUtil.cpp:
        (objectFocusedAndCaretOffsetUnignored): Ditto.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker startOrEndTextMarkerForRange:isStart:cache:]):
        Take SimpleRange.
        (-[WebAccessibilityObjectWrapper arrayOfTextForTextMarkers:attributed:]):
        Use makeSimpleRange.
        (-[WebAccessibilityObjectWrapper _convertToDOMRange:]): Return SimpleRange.
        (-[WebAccessibilityObjectWrapper textMarkerRange]): Remove createLiveRange.
        (-[WebAccessibilityObjectWrapper textMarkerForPosition:]): Use auto.
        (-[WebAccessibilityObjectWrapper misspellingTextMarkerRange:forward:]):
        Remove createLiveRange.
        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]): Return SimpleRange.
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]): Add createLiveRange.
        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]): Return SimpleRange.
        (-[WebAccessibilityObjectWrapper startOrEndTextMarkerForTextMarkers:isStart:]):
        Use auto.
        (-[WebAccessibilityObjectWrapper textMarkerRangeForMarkers:]): Get rid of local.
        (-[WebAccessibilityObjectWrapper textMarkersForRange:]): Take SimpleRange.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (accessibilityTextOperationForParameterizedAttribute): Remove makeSimpleRange.
        (accessibilityMisspellingSearchCriteriaForParameterizedAttribute): Return SimpleRange.
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromRange:]): Take SimpleRange.
        (textMarkerRangeFromRange): Ditto.
        (-[WebAccessibilityObjectWrapper startOrEndTextMarkerForRange:isStart:]): Ditto.
        (startOrEndTextmarkerForRange): Return SimpleRange.
        (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]): Ditto.
        (-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:spellCheck:]):
        Use auto.
        (-[WebAccessibilityObjectWrapper doAXAttributedStringForRange:]): Remove createLiveRange.
        (-[WebAccessibilityObjectWrapper textMarkerRangeAtTextMarker:forUnit:]): Ditto.
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): Ditto.

        * dom/DocumentMarkerController.cpp:
        (WebCore::updateRenderedRectsForMarker): Use document marker range function.
        (WebCore::range): Added.
        * dom/DocumentMarkerController.h: Update for above.

        * dom/Position.cpp: Removed unneeded Range.h include.

        * dom/Range.cpp:
        (WebCore::Range::Range): Removed unused overload that takes start/end.
        (WebCore::Range::create): Removed overloads that take start/end.
        (WebCore::Range::setStart): Removed overload that takes Position.
        (WebCore::Range::setEnd): Ditto.
        (WebCore::Range::cloneRange const): Rewrote to use setStart/End since
        that's what the constructor used to do.
        (WebCore::Range::contains const): Use SimpleRange/createLiveRange
        instead of makeRange. Soon this function will be deleted.
        (WebCore::rangeOfContents): Deleted.
        (WebCore::createLiveRange): Rewrote to use setStart/End since that's
        what the constructor used to do.
        * dom/Range.h: Update for above removals.

        * dom/SimpleRange.h: Export commonInclusiveAncestor for use outside WebCore.

        * dom/StaticRange.cpp:
        (WebCore::StaticRange::create): Added overload that copies the SimpleRange.
        * dom/StaticRange.h: Update for above.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord): Use document
        marker range function.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle): Use makeSimpleRange.
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::mergeParagraphs): Ditto.
        (WebCore::DeleteSelectionCommand::originalStringForAutocorrectionAtBeginningOfSelection):
        Ditto.

        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::textDirectionForSelection): Use makeSimpleRange and
        intersectingNodes.

        * editing/Editor.cpp:
        (WebCore::Editor::replaceSelectionWithFragment): Use makeRangeSelectingNodeContents.
        (WebCore::Editor::updateMarkersForWordsAffectedByEditing): Use makeSimpleRange.
        (WebCore::Editor::transpose): Ditto.
        (WebCore::Editor::rangeOfString): Use makeRangeSelectingNodeContents.
        (WebCore::Editor::handleAcceptedCandidate): Update since rangeForTextCheckingResult
        now returns an Optional<SimpleRange>.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::selectRangeOnElement): Use SimpleRange.

        * editing/ReplaceRangeWithTextCommand.cpp:
        (WebCore::ReplaceRangeWithTextCommand::ReplaceRangeWithTextCommand): Take
        SimpleRange.
        (WebCore::ReplaceRangeWithTextCommand::willApplyCommand): Update since
        m_rangeToBeReplaced is a SimpleRange.
        (WebCore::ReplaceRangeWithTextCommand::doApply): Ditto.
        (WebCore::ReplaceRangeWithTextCommand::targetRanges const): Ditto.
        * editing/ReplaceRangeWithTextCommand.h: Update for above.

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::insertedContentRange const):
        Return a SimpleRange.
        * editing/ReplaceSelectionCommand.h: Update for above.

        * editing/SpellingCorrectionCommand.cpp:
        (WebCore::SpellingCorrectionCommand::SpellingCorrectionCommand):
        Take a SimpleRange.
        (WebCore::SpellingCorrectionCommand::create): Moved here from header.
        * editing/SpellingCorrectionCommand.h: Update for above.

        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findFirstMisspelledWordOrUngrammaticalPhrase const):
        Use makeSimpleRange.

        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::markMisspellingsAfterTyping): Use makeSimpleRange.
        (WebCore::TypingCommand::willAddTypingToOpenCommand): Take SimpleRange.
        (WebCore::TypingCommand::deleteKeyPressed): Remove createLiveRange.
        (WebCore::TypingCommand::forwardDeleteKeyPressed): Ditto.
        * editing/TypingCommand.h: Update for above.

        * editing/VisiblePosition.cpp:
        (WebCore::makeRange): Deleted.
        (WebCore::startVisiblePosition): Deleted.
        (WebCore::endVisiblePosition): Deleted.
        (WebCore::setStart): Deleted.
        (WebCore::setEnd): Deleted.
        * editing/VisiblePosition.h: Update for above. Also export makeSimpleRange
        for use outside WebCore.

        * editing/VisibleUnits.cpp:
        (WebCore::suffixLengthForRange): Take SimpleRange.
        (WebCore::prefixLengthForRange): Ditto.
        (WebCore::previousBoundary): Use makeSimpleRange.
        (WebCore::nextBoundary): Ditto.
        * editing/VisibleUnits.h: Update for above.

        * editing/cocoa/DataDetection.mm:
        (WebCore::buildQuery): Remove unused local variable.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::setDictationPhrasesAsChildOfElement): Use makeRangeSelectingNodeContents.

        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::getRangeAt): Use createLiveRange.

        * page/DragController.cpp:
        (WebCore::DragController::insertDroppedImagePlaceholdersAtCaret): Remove makeSimpleRange.

        * page/Frame.cpp:
        (WebCore::Frame::rangeForPoint): Return SimpleRange.
        * page/Frame.h: Update for above.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::interpretationsForCurrentRoot const): Use makeRangeSelectingNodeContents,
        intersectingNodes, and makeSimpleRange.

        * testing/Internals.cpp:
        (WebCore::Internals::markerRangeForNode): Use createLiveRange and the document
        marker range function.

2020-07-31  Jer Noble  <jer.noble@apple.com>

        [Mac] AudioSessionRoutingArbitrator causes a launch time regression checking for CoreAudio muted state
        https://bugs.webkit.org/show_bug.cgi?id=214993

        Reviewed by Eric Carlson.

        The initial query of isMuted() is only there to tell whether, when we get a notification that the mute state
        changed, whether our internal state is dirty and we need to fire a notification. Instead, replace the bool member
        with an Optional<bool>, so we know we need to fire a changed notification whenever the first mute state change
        comes in.

        * platform/audio/mac/AudioSessionMac.mm:
        (WebCore::AudioSession::AudioSession):
        (WebCore::AudioSession::handleMutedStateChange):
        (WebCore::AudioSessionPrivate::AudioSessionPrivate): Deleted.

2020-07-31  Jer Noble  <jer.noble@apple.com>

        Unreviewed Windows build fix after r265167; add some missing includes.

        * page/Screen.cpp:

2020-07-31  Myles C. Maxfield  <mmaxfield@apple.com>

        Clean up text layout code a bit
        https://bugs.webkit.org/show_bug.cgi?id=215013

        Reviewed by Zalan Bujtas.

        This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=214769.

        See file-specific ChangeLog entries for more information.

        No tests because there is no behavior change.

        * platform/graphics/Font.h: Remove unnecessary declaration.
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::layoutText const): Rename glyphBufferForTextRun() to layoutText().
        Also, make it return a GlyphBuffer instead of taking a GlyphBuffer as an out param.
        Its previous return, the initial advance, is now returned in GlyphBuffer::initialAdvance.
        (WebCore::FontCascade::drawText const): Update to new signature of layoutText().
        (WebCore::FontCascade::drawEmphasisMarks const): Inline drawEmphasisMarksForSimpleText()
        and drawEmphasisMarksForComplexText(), since they're nearly identical. Update to the new
        signature of layoutText().
        (WebCore::FontCascade::displayListForTextRun const): Update to the new signature of
        layoutText().
        (WebCore::FontCascade::layoutSimpleText const): Make this return a new GlyphBuffer, instead
        of taking one as an out param. Also, use accessors of WidthIterator instead of reaching
        into its guts. The previous return value is now returned in GlyphBuffer::initialAdvance.
        (WebCore::FontCascade::layoutComplexText const): Ditto.
        (WebCore::FontCascade::floatWidthForSimpleText const): Use accessors of WidthIterator
        instead of reaching into its guts.
        (WebCore::FontCascade::adjustSelectionRectForSimpleText const): Ditto.
        (WebCore::FontCascade::offsetForPositionForSimpleText const): Ditto.
        (WebCore::FontCascade::dashesForIntersectionsWithRect const): Same as
        FontCascade::drawEmphasisMarks() above.
        (WebCore::FontCascade::glyphBufferForTextRun const): Renamed to layoutText().
        (WebCore::FontCascade::getGlyphsAndAdvancesForSimpleText const): Renamed to
        layoutSimpleText().
        (WebCore::FontCascade::getGlyphsAndAdvancesForComplexText const): Renamed to
        layoutComplexText().
        (WebCore::FontCascade::drawEmphasisMarksForSimpleText const): Inlined into
        drawEmphasisMarks().
        (WebCore::FontCascade::drawEmphasisMarksForComplexText const): Ditto.
        * platform/graphics/FontCascade.h:
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBufferAdvance::GlyphBufferAdvance):
        (WebCore::GlyphBufferAdvance::operator FloatSize):
        * platform/graphics/TextRun.h: Remove unnecessary declaration.
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator): Update for changes to WidthIterator.h
        * platform/graphics/WidthIterator.h: Rearrange the class members to sort them by size,
        to get better packing. Also, make all member variables private, and initialize them
        all with { } syntax.
        (WebCore::WidthIterator::finalRoundingWidth const):
        (WebCore::WidthIterator::currentCharacter const):
        * rendering/svg/SVGTextMetrics.cpp: Remove unnecessary include.

2020-07-31  Chris Dumez  <cdumez@apple.com>

        Add OfflineAudioCompletionEvent constructor
        https://bugs.webkit.org/show_bug.cgi?id=214994

        Reviewed by Eric Carlson.

        Add OfflineAudioCompletionEvent constructor, as per:
        - https://www.w3.org/TR/webaudio/#OfflineAudioCompletionEvent

        Test: webaudio/OfflineAudioCompletionEvent-constructor.html

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::finishedRendering):
        * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
        (WebCore::OfflineAudioCompletionEvent::create):
        (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
        * Modules/webaudio/OfflineAudioCompletionEvent.h:
        * Modules/webaudio/OfflineAudioCompletionEvent.idl:
        * Modules/webaudio/OfflineAudioCompletionEventInit.h: Copied from Source/WebCore/Modules/webaudio/OfflineAudioCompletionEvent.idl.
        * Modules/webaudio/OfflineAudioCompletionEventInit.idl: Copied from Source/WebCore/Modules/webaudio/OfflineAudioCompletionEvent.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-07-31  Jer Noble  <jer.noble@apple.com>

        [Mac] YouTube does not offer HDR variants to devices which support HDR
        https://bugs.webkit.org/show_bug.cgi?id=215022

        Reviewed by Eric Carlson.

        Test: platform/mac/media/media-source/is-type-supported-vp9-codec-check.html

        There are three separate issues which block YouTube from offering HDR:

        1) YouTube checks both valid and invalid VP9 strings through MediaSource.isTypeSupported(), and UAs
           which answer `true` to even invalid VP9 strings are blocked from HDR. To solve this, we will now
           send isTypeSupported() through the same code path as Media Capabilities.

        2) YouTube's standard valid and invalid VP9 strings do not include the fullRangeVideoFlag field, which
           would normally be tossed as invalid. We shouldn't relax our requirements globally, so we will
           add a Quirk which relaxes the requriement that VP9 strings contain a fullRangeVideoFlag.

        3) YouTube's HDR query checks that window.screen.pixelDepth is > 24. We obviously don't want to change
           the value of this field globally, so we will add separate Quirk which sets window.screen.pixelDepth
           to 25 (a totally nonsensical value) when HDR is available.

        Each of these Quirks has a path towards removal for YouTube. The fullRangeVideoFlag field involves
        YouTube updating their compatibility check to inculde the fullRangeVideoFlag. The pixelDepth check
        can be replaced by the `dynamic-range:high` Media Query.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::addVP9FullRangeVideoFlagToContentType):
        (WebCore::MediaSource::addSourceBuffer):
        (WebCore::MediaSource::removeSourceBuffer):
        (WebCore::MediaSource::isTypeSupported):
        (WebCore::MediaSource::onReadyStateChange):
        (WebCore::MediaSource::activeRanges const):
        * Modules/mediasource/MediaSource.h:
        * page/Quirks.cpp:
        (WebCore::Quirks::needsVP9FullRangeFlagQuirk const):
        (WebCore::Quirks::needsHDRPixelDepthQuirk const):
        * page/Quirks.h:
        * page/Screen.cpp:
        (WebCore::Screen::pixelDepth const):
        * platform/graphics/cocoa/SourceBufferParserWebM.cpp:
        (WebCore::SourceBufferParserWebM::isContentTypeSupported):
        * platform/graphics/cocoa/VP9UtilitiesCocoa.h:
        * platform/graphics/cocoa/VP9UtilitiesCocoa.mm:
        (WebCore::isVPCodecConfigurationRecordSupported):
        (WebCore::validateVPParameters):

2020-07-31  Chris Dumez  <cdumez@apple.com>

        Add linked-on-after check to keep WebSQL working in UIWebView until apps are rebuilt with iOS 14 SDK
        https://bugs.webkit.org/show_bug.cgi?id=215035
        <rdar://problem/65003342>

        Reviewed by Tim Horton.

        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isJesusCalling): Deleted.
        (WebCore::IOSApplication::isFudget): Deleted.
        (WebCore::IOSApplication::isFamilyHealthApp): Deleted.
        Drop code that is no longer needed.

2020-07-31  Brady Eidson  <beidson@apple.com>

        Log a warning to the dev console when gamepads are accessed from an insecure context.
        https://bugs.webkit.org/show_bug.cgi?id=214995

        Reviewed by Tim Horton.

        Test: http/tests/misc/gamepads-insecure.html

        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::getGamepads): Insecure contexts should log that getGamepads() will
          be going away in a future release. Just do it once, because getGamepads() is called frequently.

2020-07-31  Aditya Keerthi  <akeerthi@apple.com>

        [macOS] Date/time input types should have a textfield appearance
        https://bugs.webkit.org/show_bug.cgi?id=214978

        Reviewed by Wenson Hsieh.

        On iOS, date/time input types have a menulist-button appearance. However, this appearance
        does not match the style of native date controls on macOS. The textfield appearance
        with no focus ring brings us closer to a natively styled control.

        * rendering/RenderTheme.h:
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::dateInputStyleSheet const):
        (WebCore::RenderThemeMac::dateTimeLocalInputStyleSheet const):
        (WebCore::RenderThemeMac::monthInputStyleSheet const):
        (WebCore::RenderThemeMac::timeInputStyleSheet const):
        (WebCore::RenderThemeMac::weekInputStyleSheet const):

2020-07-31  Brady Eidson  <beidson@apple.com>

        Special HID mapping for the Dualshock 3 controller
        <rdar://problem/66255198> and https://bugs.webkit.org/show_bug.cgi?id=214911

        Reviewed by Tim Horton.

        Covered by API tests.

        - Move GamepadButtons into a GamepadConstants header
        - Add a "KnownGamepads" header to hold all vendor/product pairs that WebKit knows about
        - Add a Dualshock3 controller mapping based on its HID report
        - Add a basic DS3 test based on the HID report
        
        * Sources.txt:
        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * platform/gamepad/GamepadConstants.cpp: Copied from Source/WebCore/platform/gamepad/mac/GenericHIDGamepad.h.
        (WebCore::standardGamepadMappingString):
        * platform/gamepad/GamepadConstants.h: Added.

        * platform/gamepad/KnownGamepads.h: Copied from Source/WebCore/platform/gamepad/mac/GenericHIDGamepad.h.

        * platform/gamepad/cocoa/GameControllerGamepad.mm:
        (WebCore::GameControllerGamepad::setupAsExtendedGamepad):

        * platform/gamepad/mac/Dualshock3HIDGamepad.cpp: Added.
        (WebCore::Dualshock3HIDGamepad::Dualshock3HIDGamepad):
        * platform/gamepad/mac/Dualshock3HIDGamepad.h: Copied from Source/WebCore/platform/gamepad/mac/GenericHIDGamepad.h.

        * platform/gamepad/mac/GenericHIDGamepad.cpp:
        (WebCore::GenericHIDGamepad::GenericHIDGamepad):
        (WebCore::GenericHIDGamepad::id): Deleted.
        * platform/gamepad/mac/GenericHIDGamepad.h:

        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::create):
        (WebCore::HIDGamepad::HIDGamepad):
        (WebCore::HIDGamepad::initialize):
        * platform/gamepad/mac/HIDGamepad.h:

        * platform/mac/HIDDevice.h:
        (WebCore::HIDDevice::fullProductIdentifier const):
        * platform/mac/HIDElement.h:
        (WebCore::HIDElement::fullUsage const):

2020-07-31  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build.
        https://bugs.webkit.org/show_bug.cgi?id=214988

        * platform/network/cf/CertificateInfo.h:
        * platform/network/cf/CertificateInfoCFNet.cpp:

2020-07-31  Chris Dumez  <cdumez@apple.com>

        Add constructor for WaveShaperNode
        https://bugs.webkit.org/show_bug.cgi?id=214989

        Reviewed by Youenn Fablet.

        Add constructor for WaveShaperNode:
        - https://www.w3.org/TR/webaudio/#waveshapernode

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createWaveShaper):
        * Modules/webaudio/OverSampleType.h: Copied from Source/WebCore/Modules/webaudio/WaveShaperNode.idl.
        * Modules/webaudio/OverSampleType.idl: Copied from Source/WebCore/Modules/webaudio/WaveShaperNode.idl.
        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::create):
        (WebCore::WaveShaperNode::setCurve):
        (WebCore::processorType):
        * Modules/webaudio/WaveShaperNode.h:
        (WTF::LogArgument<WebCore::OverSampleType>::toString):
        * Modules/webaudio/WaveShaperNode.idl:
        * Modules/webaudio/WaveShaperOptions.h: Copied from Source/WebCore/Modules/webaudio/WaveShaperNode.idl.
        * Modules/webaudio/WaveShaperOptions.idl: Copied from Source/WebCore/Modules/webaudio/WaveShaperNode.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-07-31  Youenn Fablet  <youenn@apple.com>

        Update service worker if certificate info does not match when soft updating
        https://bugs.webkit.org/show_bug.cgi?id=214988

        Reviewed by Alex Christensen.

        In case service worker certificate info does not match, treat it as if the script changed.
        This is a convenient way to update the service worker and the stored registration database.
        Covered by API test.

        * platform/network/cf/CertificateInfo.h:
        * platform/network/cf/CertificateInfoCFNet.cpp:
        (WebCore::certificatesMatch):
        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::doCertificatesMatch):
        (WebCore::SWServerJobQueue::scriptFetchFinished):
        * workers/service/server/SWServerWorker.h:
        (WebCore::SWServerWorker::certificateInfo const):

2020-07-31  Sihui Liu  <sihui_liu@appe.com>

        -[WKWebsiteDataStore _renameOrigin:] needs to support IndexedDB renames
        https://bugs.webkit.org/show_bug.cgi?id=214905
        <rdar://problem/66247978>

        Reviewed by Alex Christensen.

        To do the renaming, we close all existing databases whose top origin is old origin, and move all files in 
        directory of old origin to that of new origin.

        API test: WebKit.WebsiteDataStoreRenameOriginForIndexedDatabase

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::closeDatabasesForOrigins):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
        (WebCore::IDBServer::IDBServer::renameOrigin):
        * Modules/indexeddb/server/IDBServer.h:

2020-07-31  Chris Fleizach  <cfleizach@apple.com>

        AX: Inteterminate progressbar reading as 50% with Voiceover
        https://bugs.webkit.org/show_bug.cgi?id=214330
        <rdar://problem/65570800>

        Reviewed by Zalan Bujtas.

        Expose indeterminate status to iOS API.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityIsIndeterminate]):
        (-[WebAccessibilityObjectWrapper accessibilityIsInDescriptionListTerm]):
        (-[WebAccessibilityObjectWrapper accessibilityIsInDescriptionListDefinition]):
          - Drive by style fix.

2020-07-31  Peng Liu  <peng.liu6@apple.com>

        PIP on netflix.com shows only a gray window and spinner
        https://bugs.webkit.org/show_bug.cgi?id=214899

        Reviewed by Jer Noble.

        Use an empty "seekableRanges" instead of a special "duration" value (NaN) to indicate
        that seeking is not supported. With this change, the "duration" will always have a meaningful
        value, so that WebAVPlayerController can work properly in the picture-in-picture mode.
        Related change: https://trac.webkit.org/changeset/217858.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::supportsSeeking const):
        * platform/cocoa/PlaybackSessionModelMediaElement.mm:
        (WebCore::PlaybackSessionModelMediaElement::duration const):
        (WebCore::PlaybackSessionModelMediaElement::seekableRanges const):
        * platform/mac/WebPlaybackControlsManager.mm:
        (-[WebPlaybackControlsManager canBeginTouchBarScrubbing]):

2020-07-31  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Mouse wheel events on horizontal scrollbar not correctly handled when AC mode is forced
        https://bugs.webkit.org/show_bug.cgi?id=207113

        Reviewed by Adrian Perez de Castro.

        Remove GTK specific code to invert scroll direction of wheel events.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent):
        (WebCore::EventHandler::shouldSwapScrollDirection const): Deleted.
        * platform/SourcesGLib.txt:
        * platform/glib/EventHandlerGLib.cpp: Removed.

2020-07-10  Sergio Villar Senin  <svillar@igalia.com>

        [WebXR] Retrieve supported reference spaces from actual XR systems
        https://bugs.webkit.org/show_bug.cgi?id=214187

        Reviewed by Carlos Garcia Campos.

        Each XR system supports a set of reference spaces which are used by WebXR to stablish
        a spatial relationship with user's physical environment. The list of supported reference
        spaces determine whether or not a session request succeeds or not, as it will refuse to
        start a session with an unsupported reference space.

        So far, no reference spaces were retrieved from the actual devices. This patch adds the
        required OpenXR machinery to retrieve them. In particular, we have to create a XrSession
        (although we don't have to start it) in order to retrieve the reference spaces. Since we
        don't need it to show content to the user we can create it in headless mode and then discard
        it afterwards when no longer needed.

        * Modules/webxr/WebXRSession.cpp:
        (WebCore::WebXRSession::WebXRSession): Clarify a comment. Also s/TODO/FIXME/g.
        * platform/xr/openxr/PlatformXROpenXR.cpp:
        (PlatformXR::isExtensionSupported): New method to check whether a specific extension
        is supported.
        (PlatformXR::Instance::Impl::checkInstanceExtensionProperties const): renamed from
        enumerateInstanceExtensionProperties(). Returns whether or not the call succeeded.
        (PlatformXR::Instance::Impl::Impl): Pass the list of enabled extensions to the instance.
        (PlatformXR::Instance::enumerateImmersiveXRDevices): Log the systems found.
        (PlatformXR::OpenXRDevice::OpenXRDevice):
        (PlatformXR::OpenXRDevice::enumerateReferenceSpaces const): New method to list the
        supported reference spaces by the XR system.
        (PlatformXR::OpenXRDevice::collectSupportedSessionModes): Store reference spaces as
        enabled features for supported modes.
        (PlatformXR::OpenXRDevice::collectConfigurationViews): Renamed from
        enumerateConfigurationViews().
        (PlatformXR::Instance::Impl::enumerateInstanceExtensionProperties const): Deleted.
        (PlatformXR::OpenXRDevice::enumerateConfigurationViews): Deleted.
        * platform/xr/openxr/PlatformXROpenXR.h:

2020-07-31  Youenn Fablet  <youenn@apple.com>

        Add LibWebRTCAudioModule logging
        https://bugs.webkit.org/show_bug.cgi?id=214987

        Reviewed by Eric Carlson.

        * platform/mediastream/libwebrtc/LibWebRTCAudioModule.cpp:
        (WebCore::LibWebRTCAudioModule::RegisterAudioCallback):
        (WebCore::LibWebRTCAudioModule::StartPlayout):
        (WebCore::LibWebRTCAudioModule::StopPlayout):

2020-07-30  Simon Fraser  <simon.fraser@apple.com>

        Minor RenderLayerCompositor::updateBackingAndHierarchy() cleanup
        https://bugs.webkit.org/show_bug.cgi?id=215008

        Reviewed by Zalan Bujtas.

        Instead of setting child layers, and then adding another child (overflowControlLayer),
        append overflowControlLayer to the vector and then set children.

        No behavior change.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateBackingAndHierarchy):

2020-07-30  Sam Weinig  <weinig@apple.com>

        It would be nice if the predicate taking functions in ParsingUtilities.h didn't require specifying the character type
        https://bugs.webkit.org/show_bug.cgi?id=215002

        Reviewed by Darin Adler.

        Remove the need for specifying the character type by providing overloads for LChar and UChar
        explicitly.

        * html/parser/HTMLSrcsetParser.cpp:
        (WebCore::parseImageCandidatesFromSrcsetAttribute):
        * html/parser/ParsingUtilities.h:
        (WebCore::characterPredicate):
        * html/track/VTTScanner.h:
        (WebCore::characterPredicate):
        * loader/LinkHeader.cpp:
        (WebCore::findURLBoundaries):
        (WebCore::invalidParameterDelimiter):
        (WebCore::parseParameterDelimiter):
        (WebCore::parseParameterName):
        (WebCore::skipQuotesIfNeeded):
        (WebCore::parseParameterValue):
        (WebCore::findNextHeader):
        * loader/ResourceCryptographicDigest.cpp:
        (WebCore::parseCryptographicDigestImpl):
        (WebCore::parseEncodedCryptographicDigestImpl):
        * loader/SubresourceIntegrity.cpp:
        (WebCore::splitOnSpaces):
        * loader/appcache/ApplicationCacheManifestParser.cpp:
        (WebCore::parseApplicationCacheManifest):
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::parseDirective):
        (WebCore::ContentSecurityPolicyDirectiveList::parseReportURI):
        * page/csp/ContentSecurityPolicyMediaListDirective.cpp:
        (WebCore::ContentSecurityPolicyMediaListDirective::parse):
        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::isSourceListNone):
        (WebCore::ContentSecurityPolicySourceList::parse):
        (WebCore::ContentSecurityPolicySourceList::parseSource):
        (WebCore::ContentSecurityPolicySourceList::parseScheme):
        (WebCore::ContentSecurityPolicySourceList::parseHost):
        (WebCore::ContentSecurityPolicySourceList::parsePath):
        (WebCore::ContentSecurityPolicySourceList::parsePort):
        (WebCore::ContentSecurityPolicySourceList::parseNonceSource):
        * platform/DateComponents.cpp:
        (WebCore::countDigits):
        * svg/SVGLengthList.cpp:
        (WebCore::SVGLengthList::parse):
        * svg/SVGParserUtilities.cpp:
        (WebCore::genericParseNumber):
        * svg/SVGParserUtilities.h:
        (WebCore::skipOptionalSVGSpaces):

2020-07-30  Sam Weinig  <weinig@apple.com>

        Convert DateComponents to use StringParsingBuffer
        https://bugs.webkit.org/show_bug.cgi?id=213929

        Reviewed by Darin Adler.

        - Switches string parsing in DateComponents to using StringParsingBuffer,
          making use of ParsingUtilities to streamline / simplify the code.
        - Moves a few constant values only used in DateComponents.cpp to DateComponents.cpp
        - Rename toInt in DateComponents.cpp to parseInt, and have use an Optional return
          value rather than bool + out-parameter.
        - Add new parseIntWithinLimits that also checks that parsed value is within specfied
          limits, as this is what almost all of the int parsing in DateComponents needs.

        * platform/DateComponents.cpp:
        (WebCore::countDigits):
        (WebCore::parseInt):
        (WebCore::parseIntWithinLimits):
        (WebCore::DateComponents::parseYear):
        (WebCore::withinHTMLDateLimits):
        (WebCore::createFromString):
        (WebCore::DateComponents::fromParsingMonth):
        (WebCore::DateComponents::fromParsingDate):
        (WebCore::DateComponents::fromParsingWeek):
        (WebCore::DateComponents::fromParsingTime):
        (WebCore::DateComponents::fromParsingDateTimeLocal):
        (WebCore::DateComponents::fromParsingDateTime):
        (WebCore::DateComponents::parseTimeZone):
        (WebCore::DateComponents::parseMonth):
        (WebCore::DateComponents::parseDate):
        (WebCore::DateComponents::parseWeek):
        (WebCore::DateComponents::parseTime):
        (WebCore::DateComponents::parseDateTimeLocal):
        (WebCore::DateComponents::parseDateTime):
        (WebCore::DateComponents::setMonthsSinceEpoch):
        (WebCore::DateComponents::setMillisecondsSinceEpochForWeek):
        (WebCore::toInt): Deleted.
        * platform/DateComponents.h:
        (WebCore::DateComponents::minimumYear): Deleted.
        (WebCore::DateComponents::maximumYear): Deleted.

2020-07-30  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed attempt to fix Catalyst build after r265084.

        * editing/cocoa/DictionaryLookup.mm:

2020-07-30  Dean Jackson  <dino@apple.com>

        [WebGL] Safari snapshots of WebGL content in the tab picker don't work
        https://bugs.webkit.org/show_bug.cgi?id=214452
        <rdar://problem/21243082>

        Original patch by Justin Fan. Reviewed by Darin Adler.

        Test is in TestWebKitAPI/Tests/WebKitCocoa/WKWebViewSnapshot.mm.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::paint): Will properly request a paint when a snapshot is requested.
        * html/HTMLCanvasElement.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::paintRenderingResultsToCanvas): Only clear the last snapshot if readPixels will succeed.
        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::paintReplaced):

2020-07-30  Jer Noble  <jer.noble@apple.com>

        [Cocoa] Adopt -[AVContentKeyRequest willOutputBeObscuredDueToInsufficientExternalProtectionForDisplays:]
        https://bugs.webkit.org/show_bug.cgi?id=214659
        <rdar://problem/63555006>

        Reviewed by Darin Adler.

        Use the new WTF::Observer object as the listener type for notifying clients of display changes. When a displayChanged
        event is observed, use the new AVContentKeyRequest -willOutputBeObscuredDueToInsufficientExternalProtectionForDisplays:
        to set the keyStatus for that request appropriately.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::MediaKeySession):
        (WebCore::MediaKeySession::displayID):
        (WebCore::MediaKeySession::displayChanged):
        * Modules/encryptedmedia/MediaKeySession.h:
        * dom/Document.cpp:
        (WebCore::Document::windowScreenDidChange):
        (WebCore::Document::addDisplayChangedObserver):
        * dom/Document.h:
        * platform/encryptedmedia/CDMInstanceSession.h:
        (WebCore::CDMInstanceSession::displayChanged):
        * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
        * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
        (-[WebCoreFPSContentKeySessionDelegate contentKeySession:externalProtectionStatusDidChangeForContentKeyRequest:]):
        (WebCore::CDMInstanceFairPlayStreamingAVFObjC::externalProtectionStatusDidChangeForContentKeyRequest):
        (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::displayChanged):
        (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::externalProtectionStatusDidChangeForContentKeyRequest):
        (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::updateProtectionStatusForDisplayID):

2020-07-30  James Darpinian  <jdarpinian@chromium.org>

        [WebGL2] Buffer updates
        https://bugs.webkit.org/show_bug.cgi?id=209511

        Reviewed by Dean Jackson.

        Various fixes in bufferData, bufferSubData, and getBufferSubData. Passes all WebGL conformance tests in conformance/buffers/* and conformance2/buffers/*.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::sliceArrayBufferView):
        (WebCore::WebGL2RenderingContext::getBufferSubData):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::bufferData):
        (WebCore::WebGLRenderingContextBase::bufferSubData):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.idl:

2020-07-30  Jer Noble  <jer.noble@apple.com>

        [Cocoa] Make DecoderTest run against .mp4 files; add rate-limiting.
        https://bugs.webkit.org/show_bug.cgi?id=214807

        Reviewed by Darin Adler.

        Export registerWebKitVP9Decoder() from VP9UtilitiesCocoa instead of LibWebRTCProvider to make it easier
        for DecodeTest to import, as LibWebRTCProvider also pulls in a bunch of libwebrtc headers. Also, export
        SourceBufferParser.h so DecoderTest can create parsers for fMP4 files.

        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/cocoa/VP9UtilitiesCocoa.h:
        * platform/graphics/cocoa/VP9UtilitiesCocoa.mm:
        (WebCore::registerWebKitVP9Decoder):

2020-07-30  Ryosuke Niwa  <rniwa@webkit.org>

        Clicking on a shadow DOM does not move the selection to the focused element when delegatesFocus is set to true
        https://bugs.webkit.org/show_bug.cgi?id=214859
        <rdar://problem/66192901>

        Reviewed by Wenson Hsieh.

        The bug was caused by EventHandler moving the selection to where the user had clicked, not to where the focus
        had been delegated, which is a uniquely WebKit behavior. Fixed the bug by revealing the focused element as done
        in Element::focus in EventHandler::dispatchMouseEvent and avoid updating the selection to the clicked point
        later in EventHandler::handleMousePressEventSingleClick by adding an early exit.

        Test: fast/shadow-dom/delegates-focus-and-types-into-input.html

        * dom/Element.cpp:
        (WebCore::Element::focus):
        (WebCore::Element::revealFocusedElement): Extracted from Element::focus.
        * dom/Element.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMousePressEventSingleClick): Added an early exit when dispatchMouseEvent had
        delegated the focus to an element different from the one the user had clicked.
        (WebCore::EventHandler::dispatchMouseEvent): Added a code to reveal the newly focused element when the focus
        had been delegated.
        * page/EventHandler.h:

2020-07-30  Tim Horton  <timothy_horton@apple.com>

        Web content gets stuck in an inactive state (no cursor updates or text insertion caret) when activating a tab with a thumbnail visible
        https://bugs.webkit.org/show_bug.cgi?id=214962
        <rdar://problem/65670984>

        Reviewed by Wenson Hsieh.

        New API test: WebKit.WKThumbnailViewResetsViewStateWhenUnparented

        * testing/Internals.cpp:
        (WebCore::Internals::isPageActive const):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add a "view window is active" getter.

2020-07-30  Antoine Quint  <graouts@webkit.org>

        [iOS] Unable to swipe on IMDB.com after long press on image
        https://bugs.webkit.org/show_bug.cgi?id=214968
        <rdar://problem/66234421>

        Reviewed by Wenson Hsieh.

        When a long press occurs on an <img>, a system drag interaction is initiated on iOS. In WebCore,
        EventHandler::tryToBeginDragAtPoint() is called and a synthetic mouse event is produced, causing
        handleMousePressEvent() to be called. Further down the call chain, dispatchPointerEventIfNeeded()
        is called and a valid PointerEvent is generated in PointerCaptureController::pointerEventForMouseEvent()
        with "pointerType" set to "mouse", even though there is already a touch interaction initiated.

        We now check whether there are known touches before generating a PointerEvent for a MouseEvent.

        In the case of IMDb, the page would keep track of "pointerdown" events to track whether a multi-touch
        user gesture is in progress so that their slide shows can support two-finger zooming as well as
        single-finger swiping. In the case of a long press, the second "pointerdown" event would trick
        the code in thinking a zoom gesture was initiated and it never recovered.

        Test: pointerevents/ios/long-press-yields-single-pointerdown-event.html

        * page/PointerCaptureController.cpp:
        (WebCore::PointerCaptureController::pointerEventForMouseEvent):

2020-07-30  Chris Dumez  <cdumez@apple.com>

        OfflineAudioContext.startRendering() should return a Promise
        https://bugs.webkit.org/show_bug.cgi?id=214940

        Reviewed by Eric Carlson.

        OfflineAudioContext.startRendering() should return a Promise:
        - https://www.w3.org/TR/webaudio/#dom-offlineaudiocontext-startrendering

        This is important as it was preventing a lot of web-platform-tests from running
        properly and our test coverage was therefore really poor.

        No new tests, rebaselined existing tests.

        * Modules/webaudio/AudioBuffer.idl:
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::finishedRendering):
        * Modules/webaudio/BaseAudioContext.h:
        (WebCore::BaseAudioContext::didFinishOfflineRendering):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::startRendering):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::startOfflineRendering):
        (WebCore::OfflineAudioContext::didFinishOfflineRendering):
        * Modules/webaudio/OfflineAudioContext.h:
        * Modules/webaudio/OfflineAudioContext.idl:
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::startRendering):
        * Modules/webaudio/OfflineAudioDestinationNode.h:

2020-07-30  Darin Adler  <darin@apple.com>

        Further reduction in the use of live ranges, particularly in headers
        https://bugs.webkit.org/show_bug.cgi?id=214793

        Reviewed by Sam Weinig.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::performTextOperation): Do not call createLiveRange.
        (WebCore::AccessibilityObject::replaceTextInRange): Ditto.

        * dom/SimpleRange.cpp: Moved makeSimpleRange functions to the header.
        * dom/SimpleRange.h: Reworked the makeSimpleRange implementation to avoid a mistake
        which made template expansion infinitely recurse while compiling and crash the compiler.
        Ended up moving all the code to the header. Should be a good thing; I expect it will
        optimize well inlined.

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::moveParagraphs): Use makeSimpleRange.

        * editing/Editor.cpp:
        (WebCore::Editor::replaceSelectionWithText): Do not call createLiveRange.
        (WebCore::Editor::setComposition): Use SimpleRange.
        (WebCore::Editor::stringForCandidateRequest const): Do not call createLiveRange.
        (WebCore::Editor::handleAcceptedCandidate): Use auto intead of RefPtr<Range>.

        * editing/EditorCommand.cpp:
        (WebCore::expandSelectionToGranularity): Do not call createLiveRange.
        (WebCore::executeDeleteToMark): Ditto.
        (WebCore::executeSelectToMark): Ditto.
        (WebCore::valueFormatBlock): Ditto.

        * editing/FormatBlockCommand.cpp:
        (WebCore::FormatBlockCommand::formatRange): Use makeSimpleRange.
        (WebCore::FormatBlockCommand::elementForFormatBlockCommand): Take a
        SimpleRange.
        * editing/FormatBlockCommand.h: Updated for above.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::moveTo): Deleted overload taking a live range.
        (WebCore::FrameSelection::setSelectedRange): Take a SimpleRange.
        * editing/FrameSelection.h: Updated for above.

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplacementFragment::ReplacementFragment): Do not call
        createLiveRange.

        * editing/VisibleUnits.cpp:
        (WebCore::enclosingTextUnitOfGranularity): Return SimpleRange.
        (WebCore::wordRangeFromPosition): Ditto.
        (WebCore::closestWordBoundaryForPosition): Use SimpleRange.
        (WebCore::rangeExpandedByCharactersInDirectionAtWordBoundary): Return
        a SimpleRange.
        (WebCore::rangeExpandedAroundPositionByCharacters): Ditto.
        (WebCore::wordBoundaryForPositionWithoutCrossingLine): Use SimpleRange.
        * editing/VisibleUnits.h: Updated for above.

        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::detectItemAroundHitTestResult):
        Use SimpleRange.

        * editing/cocoa/DictionaryLookup.mm:
        (WebCore::DictionaryLookup::rangeForSelection): Use SimpleRange.
        (WebCore::DictionaryLookup::rangeAtHitTestResult): Ditto.

        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::getPasteboardTypesAndDataForAttachment):
        Do not call createLiveRange.
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readPlainText): Ditto.
        * editing/gtk/WebContentReaderGtk.cpp:
        (WebCore::WebContentReader::readPlainText): Ditto.
        * editing/libwpe/EditorLibWPE.cpp:
        (WebCore::createFragmentFromPasteboardData): Ditto.

        * editing/mac/DictionaryLookupLegacy.mm:
        (WebCore::DictionaryLookup::rangeAtHitTestResult): Use SimpleRange.

        * editing/markup.cpp:
        (WebCore::serializePreservingVisualAppearance): Take SimpleRange.
        (WebCore::contextPreservesNewline): Ditto.
        (WebCore::createFragmentFromText): Ditto.
        * editing/markup.h: Updated for above.

        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create): Take SimpleRange.
        * loader/archive/cf/LegacyWebArchive.h: Updated for above.

        * page/DragController.cpp:
        (WebCore::DragController::performDragOperation): Use SimpleRange.
        (WebCore::DragController::concludeEditDrag): Do not call createLiveRange.
        (WebCore::selectElement): Use SimpleRange.
        (WebCore::DragController::removeAllDroppedImagePlaceholders): Ditto.
        (WebCore::DragController::insertDroppedImagePlaceholdersAtCaret): Ditto.

        * page/DragController.h: Use SimpleRange.

        * page/Page.cpp:
        (WebCore::Page::findTextMatches): Return vector of SimpleRange, in
        structure so we have one return value instead of two out arguments.
        Also renamed from findStringMatchingRanges.
        (WebCore::Page::rangeOfString): Return SimpleRange.
        (WebCore::replaceRanges): Do not call createLiveRange.
        (WebCore::Page::replaceRangesWithText): Take SimpleRange.
        * page/Page.h: Updated for above.

        * page/ios/FrameIOS.mm:
        (WebCore::Frame::wordsInCurrentParagraph const): Use SimpleRange.

        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::isOverTextInsideFormControlElement const):
        Use SimpleRange, and also use hasAnyPlainText instead of computing
        the plain text string and checking if it's empty.

2020-07-30  Brady Eidson  <beidson@apple.com>

        Refactor HID gamepad code to be much less fragile and much easier to hack on.
        https://bugs.webkit.org/show_bug.cgi?id=214910

        Reviewed by Darin Adler.

        Covered by API tests.
                
        Currently - for HID device gamepads - we throw all buttons and axes against the wall and see what sticks.
        Instead, for specific popular devices, we'd like to have device-specific mappings so the representation makes sense.
        
        To support that work, this is a major refactoring of the HID gamepad code. It does the following:

        - Breaks out logic specific to IOHIDDeviceRef into HIDDevice
        
        - Breaks out logic specific to IOHIDElementRef into HIDElement
        
        - Moves responsibities of managing things to the right places (e.g. HIDElement manages its own current value directly)
        
        - Makes HIDGamepadElement derive from HIDElement directly
          
        - Moves device specific logic from HIDGamepad into a subclass of HID gamepad. Currently the only subclass is "generic"
          which encompasses HIDGamepad's old behavior

        - Changes button/value vectors from Vector<double> to Vector<SharedGamepadValue> so multiple objects can reference
          the value at once.
          e.g. HIDGamepadButton can simply update it's own SharedGamepadValue without knowing which HIDGamepad owns it or which index
          into the gamepad's value vector it should be mutating.

          This will be critical in the "specific device mapping" work as some types of HIDElements actually drive more than one
          gamepad button value.
          e.g. a "direction pad axis" actually manages 2 button values, or a "hat-switch" direction pad manages 4 button values
          
        This patch doesn't change any current behavior.

        * Modules/gamepad/Gamepad.cpp:
        (WebCore::Gamepad::updateFromPlatformGamepad):

        * Sources.txt:
        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * platform/Logging.h:

        * platform/gamepad/PlatformGamepad.h:

        * platform/gamepad/SharedGamepadValue.h: Copied from Source/WebKit/UIProcess/Gamepad/UIGamepad.h.
        (WebCore::SharedGamepadValue::SharedGamepadValue):
        (WebCore::SharedGamepadValue::setValue):
        (WebCore::SharedGamepadValue::value const):
        (WebCore::SharedGamepadValue::Data::Data):

        * platform/gamepad/cocoa/GameControllerGamepad.h:
        * platform/gamepad/cocoa/GameControllerGamepad.mm:
        (WebCore::GameControllerGamepad::setupAsExtendedGamepad):
        (WebCore::GameControllerGamepad::setupAsGamepad):

        * platform/gamepad/mac/GenericHIDGamepad.cpp: Added.
        (WebCore::GenericHIDGamepad::GenericHIDGamepad):
        (WebCore::GenericHIDGamepad::id):
        (WebCore::GenericHIDGamepad::maybeAddGenericDesktopElement):
        (WebCore::GenericHIDGamepad::maybeAddButtonElement):
        * platform/gamepad/mac/GenericHIDGamepad.h: Copied from Source/WebKit/WebProcess/Gamepad/WebGamepad.h.

        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::create):
        (WebCore::HIDGamepad::HIDGamepad):
        (WebCore::HIDGamepad::initialize):
        (WebCore::HIDGamepad::valueChanged):
        (WebCore::HIDGamepad::getCurrentValueForElement): Deleted.
        (WebCore::HIDGamepad::initElements): Deleted.
        (WebCore::HIDGamepad::initElementsFromArray): Deleted.
        (WebCore::HIDGamepad::maybeAddButton): Deleted.
        (WebCore::HIDGamepad::maybeAddAxis): Deleted.
        * platform/gamepad/mac/HIDGamepad.h:
        (WebCore::HIDGamepad::hidDevice const):
        (WebCore::HIDGamepadElement::HIDGamepadElement): Deleted.
        (WebCore::HIDGamepadElement::~HIDGamepadElement): Deleted.
        (WebCore::HIDGamepadElement::isButton const): Deleted.
        (WebCore::HIDGamepadElement::isAxis const): Deleted.
        (WebCore::HIDGamepadButton::HIDGamepadButton): Deleted.
        (WebCore::HIDGamepadAxis::HIDGamepadAxis): Deleted.

        * platform/gamepad/mac/HIDGamepadElement.cpp: Added.
        (WebCore::HIDGamepadElement::HIDGamepadElement):
        (WebCore::HIDGamepadElement::refreshCurrentValue):
        (WebCore::HIDGamepadElement::normalizedValue):
        (WebCore::HIDGamepadButton::gamepadValueChanged):
        (WebCore::HIDGamepadAxis::gamepadValueChanged):
        (WebCore::HIDGamepadAxis::normalizedValue):
        * platform/gamepad/mac/HIDGamepadElement.h: Copied from Source/WebCore/platform/gamepad/PlatformGamepad.h.
        (WebCore::HIDGamepadElement::~HIDGamepadElement):
        (WebCore::HIDGamepadElement::isButton const):
        (WebCore::HIDGamepadElement::isAxis const):

        * platform/gamepad/mac/HIDGamepadProvider.mm:
        (WebCore::HIDGamepadProvider::deviceAdded):
        * platform/gamepad/mac/MultiGamepadProvider.h:

        * platform/graphics/cocoa/SourceBufferParserWebM.cpp:

        * platform/mac/HIDDevice.cpp: Added.
        (WebCore::HIDDevice::HIDDevice):
        (WebCore::HIDDevice::uniqueInputElementsInDeviceTreeOrder const):
        * platform/mac/HIDDevice.h: Copied from Source/WebCore/platform/gamepad/PlatformGamepad.h.
        (WebCore::HIDDevice::rawElement const):
        (WebCore::HIDDevice::vendorID const):
        (WebCore::HIDDevice::productID const):
        (WebCore::HIDDevice::productName const):

        * platform/mac/HIDElement.cpp: Copied from Source/WebKit/UIProcess/Gamepad/UIGamepad.h.
        (WebCore::HIDElement::HIDElement):
        (WebCore::HIDElement::valueChanged):
        * platform/mac/HIDElement.h: Copied from Source/WebKit/UIProcess/Gamepad/UIGamepad.h.
        (WebCore::HIDElement::rawElement const):
        (WebCore::HIDElement::physicalMin const):
        (WebCore::HIDElement::physicalMax const):
        (WebCore::HIDElement::physicalValue const):
        (WebCore::HIDElement::usage const):
        (WebCore::HIDElement::usagePage const):
        (WebCore::HIDElement::cookie const):

        * testing/MockGamepad.cpp:
        (WebCore::MockGamepad::updateDetails):
        (WebCore::MockGamepad::setAxisValue):
        (WebCore::MockGamepad::setButtonValue):
        * testing/MockGamepad.h:

2020-07-29  Joonghun Park  <jh718.park@samsung.com>

        Unreviewed. Remove the build warning below since r265062.
        warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]

        No new tests, no new behaviors.

        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::copyFromChannel):
        (WebCore::AudioBuffer::copyToChannel):

2020-07-29  Jer Noble  <jer.noble@apple.com>

        Support HDR decode in SW VP9
        https://bugs.webkit.org/show_bug.cgi?id=214928

        Reviewed by Eric Carlson.

        Convert the incoming properties parsed from the VP9 header into extensions to our
        CMFormatDescription attached to each incoming video fram.

        Drive-by fix: Files in the wild will have incorrect values for whether a given
        frame is a keyframe or not. Trust the VP9 header parser rather than the container
        in this situations.

        * platform/graphics/cocoa/SourceBufferParserWebM.cpp:
        (WebCore::convertToCMColorPrimaries):
        (WebCore::convertToCMTransferFunction):
        (WebCore::convertToCMYCbCRMatrix):
        (WebCore::createFormatDescriptionFromVP9HeaderParser):
        (WebCore::SourceBufferParserWebM::OnFrame):

2020-07-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iPadOS] Custom dropdown menu dismisses immediately on account.nhl.com
        https://bugs.webkit.org/show_bug.cgi?id=214944
        <rdar://problem/66248506>

        Reviewed by Jer Noble.

        Exempt account.nhl.com from site-specific "simulated mouse events" behavior, since it is incompatible with some
        custom dropdown menus that appear on this website.

        * page/Quirks.cpp:
        (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const):

2020-07-29  Clark Wang  <clark_wang@apple.com>

        Added constructor methods to ChannelMergerNode, ChannelSplitterNode
        https://bugs.webkit.org/show_bug.cgi?id=214851
        <rdar://problem/66233763>

        Reviewed by Chris Dumez.

        Added constructors for ChannelMergerNode, ChannelSplitterNode according to spec:
        https://www.w3.org/TR/webaudio/#ChannelMergerNode-constructors. Added new files
        for ChannelMergerOptions and ChannelSplitterOptions. This patch also ensures that
        BaseAudioContext::create*() and *Node::create() methods behave the same.

        Re-baselined existing tests that now pass, or fail further along.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createChannelSplitter):
        (WebCore::BaseAudioContext::createChannelMerger):
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        (WebCore::ChannelMergerNode::setChannelCount):
        (WebCore::ChannelMergerNode::setChannelCountMode):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelMergerNode.idl:
        * Modules/webaudio/ChannelMergerOptions.h: Added.
        * Modules/webaudio/ChannelMergerOptions.idl: Added.
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        (WebCore::ChannelSplitterNode::setChannelCount):
        (WebCore::ChannelSplitterNode::setChannelCountMode):
        (WebCore::ChannelSplitterNode::setChannelInterpretation):
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/ChannelSplitterNode.idl:
        * Modules/webaudio/ChannelSplitterOptions.h: Added.
        * Modules/webaudio/ChannelSplitterOptions.idl: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-07-29  Clark Wang  <clark_wang@apple.com>

        Added copyFromChannel, copyToChannel to AudioBuffer
        https://bugs.webkit.org/show_bug.cgi?id=214926

        Reviewed by Chris Dumez.

        Added copyFromChannel, copyToChannel methods according to spec: 
        https://www.w3.org/TR/webaudio/#dom-audiobuffer-copyfromchannel-destination.
        Used Chromium implementation for reference:
        https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/modules/webaudio/audio_buffer.cc.

        Re-baselined existing tests. Fails on catching sharedBuffer being passed in, but currently
        WebKit does not support sharedBuffer implementation.

        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::getChannelData):
        (WebCore::AudioBuffer::copyFromChannel):
        (WebCore::AudioBuffer::copyToChannel):
        * Modules/webaudio/AudioBuffer.h:
        * Modules/webaudio/AudioBuffer.idl:

2020-07-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [macOS] Inspector bar in Mail compose shows incorrect text alignment style for ranged selections
        https://bugs.webkit.org/show_bug.cgi?id=214930
        <rdar://problem/66185224>

        Reviewed by Tim Horton.

        When a range of text is selected, AppKit consults `-attributedSubstringForProposedRange:completionHandler:` (or
        just `-attributedSubstringFromRange:` in WebKitLegacy) to update the inspector bar with new style information.
        Among this information is the paragraph style (an `NSParagraphStyle` corresponding to the attribute key
        `NSParagraphStyleAttributeName`), which AppKit uses to select either the left, center or right text alignment
        segmented control.

        However, in both WebKitLegacy and modern WebKit, we don't include this information at all in HTMLConverter,
        so AppKit just defaults to using `-[NSParagraphStyle defaultParagraphStyle]`, with a default text alignment of
        `NSTextAlignmentNatural`.

        To fix this, include a new paragraph style object in the case where the text alignment is not equal to natural
        (in other words, either a direction has been explicitly specified, or the text alignment style is not equal to
        "start"). This paragraph style matches the default paragraph style, except for the `alignment` property which
        is set to the corresponding `NSTextAlignment` value.

        Tests:  AttributedSubstringForProposedRange.TextAlignmentParagraphStyles
                FontAttributes.FontAttributesAfterChangingSelection

        * editing/Editor.cpp:
        (WebCore::Editor::fontAttributesAtSelectionStart const):

        Also fixes an existing bug in `Editor::fontAttributesAtSelectionStart`, where `NSTextAlignmentNatural` is
        currently always used for `text-align: start;`, even if the direction is specified as RTL. Instead, change this
        so that we only fall back to "natural" if no direction is specified; otherwise, go with the explicit "left" or
        "right" values.

        * editing/cocoa/HTMLConverter.mm:
        (WebCore::editingAttributedString):

2020-07-29  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r264476): Calling systemHasAC() regresses launch time performance
        https://bugs.webkit.org/show_bug.cgi?id=214907
        <rdar://problem/66191430>

        Reviewed by Eric Carlson.

        Because calling into IOPS can block, delay queries about AC state during WebProcessPool creation until
        the next run-loop.

        Simultaneously, we don't need to check HDR state in the UI process for IOS, so send a default value
        there as well.

        * platform/cocoa/PowerSourceNotifier.h:
        * platform/cocoa/PowerSourceNotifier.mm:
        (WebCore::PowerSourceNotifier::PowerSourceNotifier):
        * platform/cocoa/SystemBattery.h:
        * platform/cocoa/SystemBattery.mm:
        (WebCore::cachedSystemHasAC):
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::collectScreenProperties):

2020-07-29  Don Olmstead  <don.olmstead@sony.com>

        Remove USE(ZLIB)
        https://bugs.webkit.org/show_bug.cgi?id=214929

        Reviewed by Darin Adler.

        Remove USE(ZLIB) guards in WebSocket code. Since WebSocketDeflateFramer::canDeflate
        is always true remove it and the callsite checking it in WebSocketChannel.

        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::connect):
        * Modules/websockets/WebSocketDeflateFramer.cpp:
        (WebCore::WebSocketExtensionDeflateFrame::processResponse):
        (WebCore::WebSocketDeflateFramer::enableDeflate):
        (WebCore::WebSocketDeflateFramer::deflate):
        (WebCore::WebSocketDeflateFramer::resetDeflateContext):
        (WebCore::WebSocketDeflateFramer::inflate):
        (WebCore::WebSocketDeflateFramer::resetInflateContext):
        (WebCore::WebSocketDeflateFramer::canDeflate const): Deleted.
        * Modules/websockets/WebSocketDeflateFramer.h:
        * Modules/websockets/WebSocketDeflater.cpp:

2020-07-29  Chris Dumez  <cdumez@apple.com>

        Calling AudioNode constructors should have identical behavior to using create*() function on BaseAudioContext
        https://bugs.webkit.org/show_bug.cgi?id=214931

        Reviewed by Eric Carlson.

        Calling AudioNode constructors should have identical behavior to using create*() function on BaseAudioContext.
        Otherwise, this leads to assertion hits on the bots like we saw for Bug 214851.

        We need to make sure that the AudioContext gets initialized when an AudioNode constructor gets called. We also
        need to make sure refNode() gets called if necessary.

        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createPanner):
        (WebCore::BaseAudioContext::createOscillator):
        (WebCore::BaseAudioContext::createPeriodicWave):
        * Modules/webaudio/BaseAudioContext.h:
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::create):
        * Modules/webaudio/PeriodicWave.cpp:
        (WebCore::PeriodicWave::create):

2020-07-29  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION: ASSERTION FAILED: !needsLayout() on tiled-drawing/scrolling/fast-scroll-mainframe-zoom.html flakily
        https://bugs.webkit.org/show_bug.cgi?id=214651
        <rdar://problem/65952371>

        Reviewed by Zalan Bujtas.

        Page::doAfterUpdateRendering() is expected to only call functions that can't trigger layout. However,
        it could cause the firing of the "monitorWheelEvent" callback which can run arbitrary JS, so move that
        earlier in the rendering update, before we do the final layout.

        Also assert that the main frame doesn't need layout at the end of Page::doAfterUpdateRendering();
        we were only checking subframes.

        Tested by lots of existing tests.

        * page/Page.cpp:
        (WebCore::Page::updateRendering):
        (WebCore::Page::doAfterUpdateRendering):

2020-07-29  Chris Dumez  <cdumez@apple.com>

        Make sure playback state constants remain on OscillatorNode for backward compatibility
        https://bugs.webkit.org/show_bug.cgi?id=214925

        Reviewed by Eric Carlson.

        Make sure playback state constants remain on OscillatorNode for backward compatibility,
        while we keep supporting the prefixed Web Audio API.

        No new tests, updated existing test.

        * Modules/webaudio/OscillatorNode.idl:
        * Modules/webaudio/WebKitOscillatorNode.idl:

2020-07-29  Chris Dumez  <cdumez@apple.com>

        http/tests/cookies/document-cookie-multiple-cookies.html is failing on Windows
        https://bugs.webkit.org/show_bug.cgi?id=214880

        Reviewed by Darin Adler.

        Fix same bug as in r264943 but on Windows.

        No new tests, covered by http/tests/cookies/document-cookie-multiple-cookies.html.

        * platform/network/cf/NetworkStorageSessionCFNetWin.cpp:
        (WebCore::parseDOMCookie):
        (WebCore::NetworkStorageSession::setCookiesFromDOM const):

2020-07-29  Youenn Fablet  <youenn@apple.com>

        scaleResolutionDownBy has no effect on RTCRtpSender
        https://bugs.webkit.org/show_bug.cgi?id=214783
        <rdar://problem/66108346>

        Reviewed by Eric Carlson.

        Covered by updated test.

        * Modules/mediastream/libwebrtc/LibWebRTCUtils.cpp:
        (WebCore::updateRTCRtpSendParameters):
        Allow to change scaleResolutionDownBy.

2020-07-29  Mark Lam  <mark.lam@apple.com>

        CodeGeneratorJS should release the throwScope before doing a void call at end of a function.
        https://bugs.webkit.org/show_bug.cgi?id=214924

        Reviewed by Chris Dumez.

        It is necessary to release the throwScope because the void call at the end of the
        function may throw an exception.  Releasing the throwScope here says that this
        function is releasing the responsibility to handle the exception, and will allow
        the potential exception from the trailing void call to propagate to its caller.
        The responsibility to handle the exception is passed to this function's caller (or
        some earlier caller in the stack).  It is ok to release the throwScope here
        because the trailing void call will effectively be the last thing that this
        function does before returning.

        Covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementationFunctionCall):
        * bindings/scripts/test/JS/JSMapLike.cpp:
        (WebCore::jsMapLikePrototypeFunctionClearBody):
        * bindings/scripts/test/JS/JSSetLike.cpp:
        (WebCore::jsSetLikePrototypeFunctionClearBody):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunctionBody):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessageBody):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionOverloadedMethod1Body):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionOverloadedMethod2Body):
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        (WebCore::jsTestCEReactionsPrototypeFunctionMethodWithCEReactionsBody):
        (WebCore::jsTestCEReactionsPrototypeFunctionMethodWithCEReactionsNotNeededBody):
        * bindings/scripts/test/JS/JSTestCallTracer.cpp:
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationInterfaceBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationSpecifiedBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithArgumentsBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithNullableArgumentBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithVariantArgumentBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithNullableVariantArgumentBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithOptionalVariantArgumentBody):
        (WebCore::jsTestCallTracerPrototypeFunctionTestOperationWithDefaultVariantArgumentBody):
        * bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
        (WebCore::jsTestEnabledBySettingPrototypeFunctionEnabledBySettingOperationBody):
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        (WebCore::jsTestGlobalObjectInstanceFunctionRegularOperationBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation1Body):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation2Body):
        (WebCore::jsTestGlobalObjectConstructorFunctionEnabledAtRuntimeOperationStaticBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledInSpecificWorldBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledInSpecificWorldWhenRuntimeFeatureEnabledBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledInSpecificWorldWhenRuntimeFeaturesEnabledBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunctionBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionCalculateSecretResultBody):
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        (WebCore::jsTestIndexedSetterWithIdentifierPrototypeFunctionIndexedSetterBody):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1Body):
        (WebCore::jsTestInterfaceConstructorFunctionImplementsMethod4Body):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1Body):
        (WebCore::jsTestInterfaceConstructorFunctionSupplementalMethod4Body):
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        (WebCore::jsTestNamedAndIndexedSetterWithIdentifierPrototypeFunctionNamedSetterBody):
        (WebCore::jsTestNamedAndIndexedSetterWithIdentifierPrototypeFunctionIndexedSetterBody):
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        (WebCore::jsTestNamedDeleterWithIdentifierPrototypeFunctionNamedDeleterBody):
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        (WebCore::jsTestNamedSetterWithIdentifierPrototypeFunctionNamedSetterBody):
        * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
        (WebCore::jsTestNamedSetterWithIndexedGetterPrototypeFunctionNamedSetterBody):
        * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
        (WebCore::jsTestNamedSetterWithIndexedGetterAndSetterPrototypeFunctionNamedSetterBody):
        (WebCore::jsTestNamedSetterWithIndexedGetterAndSetterPrototypeFunctionIndexedSetter1Body):
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        (WebCore::jsTestNamedSetterWithUnforgablePropertiesInstanceFunctionUnforgeableOperationBody):
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        (WebCore::jsTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsInstanceFunctionUnforgeableOperationBody):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::jsTestNodePrototypeFunctionTestWorkerPromiseBody):
        (WebCore::jsTestNodePrototypeFunctionCalculateSecretResultBody):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::callJSTestObj1):
        (WebCore::callJSTestObj3):
        (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation1Body):
        (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation2Body):
        (WebCore::jsTestObjConstructorFunctionEnabledAtRuntimeOperationStaticBody):
        (WebCore::jsTestObjPrototypeFunctionEnabledInSpecificWorldWhenRuntimeFeatureEnabledBody):
        (WebCore::jsTestObjPrototypeFunctionWorldSpecificMethodBody):
        (WebCore::jsTestObjPrototypeFunctionCalculateSecretResultBody):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodBody):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgsBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithArgTreatingNullAsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithXPathNSResolverParameterBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithStandaloneEnumArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalEnumArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalEnumArgAndDefaultValueBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUSVStringArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNullableUSVStringArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUSVStringArgTreatingNullAsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithByteStringArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNullableByteStringArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithByteStringArgTreatingNullAsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionSerializedValueBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithRecordBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionAddEventListenerBody):
        (WebCore::jsTestObjPrototypeFunctionRemoveEventListenerBody):
        (WebCore::jsTestObjPrototypeFunctionWithExecStateVoidBody):
        (WebCore::jsTestObjPrototypeFunctionWithExecStateVoidExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextBody):
        (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndExecStateBody):
        (WebCore::jsTestObjPrototypeFunctionWithDocumentArgumentBody):
        (WebCore::jsTestObjPrototypeFunctionWithCallerDocumentArgumentBody):
        (WebCore::jsTestObjPrototypeFunctionWithCallerWindowArgumentBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArgAndDefaultValueBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgsBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUSVStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringAndDefaultValueBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomStringAndDefaultValueBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefinedBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUSVStringIsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomStringIsEmptyStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalDoubleIsNaNBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalFloatIsNaNBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalLongLongBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalLongLongIsZeroBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUnsignedLongLongBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalUnsignedLongLongIsZeroBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequenceBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequenceIsEmptyBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBooleanBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalBooleanIsFalseBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAnyBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalObjectBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalNullableWrapperBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalNullableWrapperIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalXPathNSResolverBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalRecordBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalPromiseBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackFunctionArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackFunctionArgBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackFunctionAndOptionalArgBody):
        (WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackAndOptionalArgBody):
        (WebCore::jsTestObjConstructorFunctionStaticMethodWithCallbackArgBody):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod2Body):
        (WebCore::jsTestObjPrototypeFunctionConditionalMethod3Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod12Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod13Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithDistinguishingUnion1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithDistinguishingUnion2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWith2DistinguishingUnions1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWith2DistinguishingUnions2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithNonDistinguishingUnion1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithNonDistinguishingUnion2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion2Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter1Body):
        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter2Body):
        (WebCore::jsTestObjConstructorFunctionClassMethodBody):
        (WebCore::jsTestObjConstructorFunctionOverloadedMethod11Body):
        (WebCore::jsTestObjConstructorFunctionOverloadedMethod12Body):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithClampBody):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithClampOnOptionalBody):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithEnforceRangeBody):
        (WebCore::jsTestObjPrototypeFunctionClassMethodWithEnforceRangeOnOptionalBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequenceBody):
        (WebCore::jsTestObjPrototypeFunctionOperationWithOptionalUnionParameterBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequenceBody):
        (WebCore::jsTestObjPrototypeFunctionConvert1Body):
        (WebCore::jsTestObjPrototypeFunctionConvert2Body):
        (WebCore::jsTestObjPrototypeFunctionConvert3Body):
        (WebCore::jsTestObjPrototypeFunctionConvert4Body):
        (WebCore::jsTestObjPrototypeFunctionOrangeBody):
        (WebCore::jsTestObjPrototypeFunctionVariadicStringMethodBody):
        (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethodBody):
        (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethodBody):
        (WebCore::jsTestObjPrototypeFunctionVariadicUnionMethodBody):
        (WebCore::jsTestObjPrototypeFunctionAnyBody):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionBody):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentBody):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithOptionalIntArgumentBody):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Body):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Body):
        (WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionBody):
        (WebCore::jsTestObjConstructorFunctionTestStaticPromiseFunctionWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionConditionalOverload1Body):
        (WebCore::jsTestObjPrototypeFunctionConditionalOverload2Body):
        (WebCore::jsTestObjPrototypeFunctionSingleConditionalOverload1Body):
        (WebCore::jsTestObjPrototypeFunctionSingleConditionalOverload2Body):
        (WebCore::jsTestObjPrototypeFunctionAttachShadowRootBody):
        (WebCore::jsTestObjPrototypeFunctionOperationWithExternalDictionaryParameterBody):
        (WebCore::jsTestObjPrototypeFunctionBufferSourceParameterBody):
        (WebCore::jsTestObjPrototypeFunctionLegacyCallerNamedBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionConditionallyExposedToWindowFunctionBody):
        (WebCore::jsTestObjPrototypeFunctionConditionallyExposedToWorkerFunctionBody):
        (WebCore::jsTestObjPrototypeFunctionConditionallyExposedToWindowAndWorkerFunctionBody):
        * bindings/scripts/test/JS/JSTestOperationConditional.cpp:
        (WebCore::jsTestOperationConditionalPrototypeFunctionNonConditionalOperationBody):
        (WebCore::jsTestOperationConditionalPrototypeFunctionConditionalOperationBody):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::jsTestSerializedScriptValueInterfacePrototypeFunctionFunctionBody):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsPrototypeFunctionFuncBody):
        (WebCore::jsTestTypedefsPrototypeFunctionSetShadowBody):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableSequenceArgBody):
        (WebCore::jsTestTypedefsPrototypeFunctionSequenceOfNullablesArgBody):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableSequenceOfNullablesArgBody):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableSequenceOfUnionsArgBody):
        (WebCore::jsTestTypedefsPrototypeFunctionUnionArgBody):
        (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClampBody):
        (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClampInTypedefBody):
        (WebCore::jsTestTypedefsPrototypeFunctionMethodWithExceptionBody):

2020-07-29  Darin Adler  <darin@apple.com>

        Improve range idioms and other changes to prepare the way for more reduction in live range use
        https://bugs.webkit.org/show_bug.cgi?id=214882

        Reviewed by Sam Weinig.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AccessibilityReplacedText::AccessibilityReplacedText): Call the
        VisiblePosition versions of start and end instead of converting to Position
        and then back to VisiblePosition.
        (WebCore::AXObjectCache::rangeMatchesTextNearRange): Simplify with makeSimpleRange.
        (WebCore::AXObjectCache::characterOffsetForPoint): Ditto.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::visiblePositionRangeForUnorderedPositions const):
        Update idiom for creating VisiblePositionRange since it's just a struct now
        without explicit constructors.
        (WebCore::AccessibilityObject::positionOfLeftWord const): Ditto.
        (WebCore::AccessibilityObject::positionOfRightWord const): Ditto.
        (WebCore::AccessibilityObject::leftLineVisiblePositionRange const): Ditto.
        (WebCore::AccessibilityObject::rightLineVisiblePositionRange const): Ditto.
        (WebCore::AccessibilityObject::sentenceForPosition const): Ditto.
        (WebCore::AccessibilityObject::paragraphForPosition const): Ditto.
        (WebCore::AccessibilityObject::styleRangeForPosition const): Ditto.
        (WebCore::AccessibilityObject::visiblePositionRangeForRange const): Ditto.
        (WebCore::AccessibilityObject::lineRangeForPosition const): Ditto.
        (WebCore::AccessibilityObject::stringForVisiblePositionRange): Ditto.
        (WebCore::AccessibilityObject::lengthForVisiblePositionRange const): Ditto.
        (WebCore::AccessibilityObject::nextSentenceEndPosition const): Ditto.
        (WebCore::AccessibilityObject::previousSentenceStartPosition const): Ditto.

        * accessibility/AccessibilityObjectInterface.h: Moved VisiblePositionRange
        to VisiblePosition.h for wider use. Also removed constructors.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textUnderElement const): Simplify with
        makeSimpleRange.
        (WebCore::AccessibilityRenderObject::linkClickPoint): Ditto.
        (WebCore::AccessibilityRenderObject::clickPoint): Ditto.
        (WebCore::AccessibilityRenderObject::visiblePositionRange const): Updated
        for removal of VisiblePositionRange constructor.
        (WebCore::AccessibilityRenderObject::visiblePositionRangeForLine const):
        Remove unnecessary explicit conversion to VisiblePositionRange.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (visiblePositionRangeForTextMarkerRange): Added, replacing separate functions
        for start and end.
        (-[WebAccessibilityObjectWrapper visiblePositionRangeForTextMarkerRange:]):
        Simplify using visiblePositionRangeForTextMarkerRange.

        * dom/Document.cpp: Added include of "Range.h", may not be needed right now,
        but highly likely to be needed after future live range work.
        * dom/Node.cpp: Removed include of "Range.h".

        * dom/Position.h: Added PositionRange. This will be a more efficient
        alternative to SimpleRange that can avoid computing node offets for positions
        before and after anchor nodes in some cases. Not used yet.

        * dom/RadioButtonGroups.cpp: Removed include of "Range.h".

        * dom/Range.h: Export makeSimpleRange overload now used outside WebCore.

        * dom/SimpleRange.cpp:
        (WebCore::makeSimpleRange): Added overloads for ranges that consist of just
        a single boundary point, so the argument does not have to be passed twice.
        (WebCore::commonInclusiveAncestor): Added overload so caller can just pass
        a simple range rather than passing two boundary point container nodes.

        * dom/SimpleRange.h: Added makeSimpleRange overloads that take one or more
        argument that can be passed to makeBoundaryPoint or actual boundary points.

        * dom/StaticRange.cpp: Removed include of "Range.h".

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::markPrecedingWhitespaceForDeletedAutocorrectionAfterCommand):
        Simplify with makeSimpleRange.
        (WebCore::AlternativeTextController::processMarkersOnTextToBeReplacedByResult):
        Ditto.
        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyBlockStyle): Ditto.

        * editing/CompositeEditCommand.cpp:
        (WebCore::stringForVisiblePositionIndexRange): Updated for removal of
        VisiblePositionRange constructor; also use move to reduce reference count
        churn a tiny bit.
        (WebCore::CompositeEditCommand::moveParagraphs): Simplify with makeSimpleRange.

        * editing/DeleteSelectionCommand.cpp: Added include of "Range.h", may not be needed now,
        but highly likely to be needed after future live range work.

        * editing/Editing.cpp:
        (WebCore::indexForVisiblePosition): Simplify using makeSimpleRange and
        makeBoundaryPointBeforeNodeContents.

        * editing/Editor.cpp:
        (WebCore::Editor::selectedText const): Simplify using VisibleSelection::firstRange.
        (WebCore::extendSelection): Simplify using makeSimpleRange.
        (WebCore::Editor::contextRangeForCandidateRequest const): Ditto.
        (WebCore::Editor::adjustedSelectionRange): Simplify with the new overload
        of commonInclusiveAncestor.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::wordOffsetInRange const): Deleted. Moved the code
        into the iOS-specific part of WebKitLegacy WebFrame.
        (WebCore::FrameSelection::spaceFollowsWordInRange const): Deleted. Moved the
        code into the iOS-specific part of WebKitLegacy WebFrame.
        (WebCore::FrameSelection::selectionAtSentenceStart const): Merged in with
        actualSelectionAtSentenceStart.
        (WebCore::FrameSelection::actualSelectionAtSentenceStart const): Deleted.
        * editing/FrameSelection.h: Updated for the above deletion.

        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingParagraph::offsetTo const): Simplify with makeSimpleRange.

        * editing/TextManipulationController.cpp:
        (WebCore::ParagraphContentIterator::ParagraphContentIterator): Simplify with
        makeSimpleRange.

        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::postTextStateChangeNotificationForDeletion): Pass
        visibleStart/End instead of converting to Position and back to VisiblePosition.

        * editing/VisiblePosition.cpp:
        (WebCore::makeSimpleRange): Added. Converts a VisiblePositionRange into
        a SimpleRange.
        * editing/VisiblePosition.h: Moved VisiblePositionRange here.

        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::firstRange const): Simplify using makeSimpleRange.
        (WebCore::VisibleSelection::toNormalizedRange const): Ditto.
        (WebCore::makeSearchRange): Deleted. This was confusingly named given that
        it was only used in appendTrailingWhitespace.
        (WebCore::VisibleSelection::appendTrailingWhitespace): Merged makeSearchRange
        in here and simplified using makeSimpleRange.

        * editing/VisibleSelection.h: Added conversion to VisiblePositionRange.
        Previously this was implemented as a constructor for VisiblePositionRange,
        but that was a layering inversion since this is built on top of VisiblePosition.

        * editing/VisibleUnits.cpp:
        (WebCore::distanceBetweenPositions): Simplified using makeSimpleRange.
        (WebCore::charactersAroundPosition): Ditto.
        (WebCore::wordRangeFromPosition): Removed an unhelpful comment.
        (WebCore::closestWordBoundaryForPosition): Ditto.

        * editing/cocoa/DataDetection.mm:
        (WebCore::detectItem): Simplify using makeSimpleRange.
        (WebCore::searchForLinkRemovingExistingDDLinks): Removed out argument
        about modifying the DOM. This was used to work around a problem caused by
        using live ranges. The problem no longer exists because the code does not
        use live ranges any more.
        (WebCore::DataDetection::detectContentInRange): Removed the workaround.

        * editing/cocoa/DictionaryLookup.mm:
        (WebCore::DictionaryLookup::rangeForSelection): Simplify using makeSimpleRange.
        (WebCore::DictionaryLookup::rangeAtHitTestResult): Ditto.

        * editing/cocoa/WebContentReaderCocoa.mm: Added include of "Range.h", may
        not be needed now, but highly likely to be needed after future live range work.

        * editing/ios/DictationCommandIOS.cpp: Removed include of "Range.h".

        * editing/mac/DictionaryLookupLegacy.mm:
        (WebCore::DictionaryLookup::rangeForSelection): Simplify using makeSimpleRange.
        (WebCore::DictionaryLookup::rangeAtHitTestResult): Ditto.

        * editing/mac/EditorMac.mm: Removed include of "Range.h".

        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::renderedTextRespectingRange): Simplify
        using makeSimpleRange.

        * editing/win/EditorWin.cpp: Added include of "Range.h", may not be needed now,
        but highly likely to be needed after future live range work.

        * html/shadow/mac/ImageControlsButtonElementMac.cpp: Removed include of "Range.h".

        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::addRange): Call setSelection instead of moveTo.
        No need to have two functions that do the same thing.

        * page/EventHandler.cpp:
        (WebCore::textDistance): Simplify using makeSimpleRange.

        * page/Frame.cpp:
        (WebCore::Frame::rangeForPoint): Simplify using makeSimpleRange.

        * page/TextIndicator.cpp:
        (WebCore::estimatedBackgroundColorForRange): Simplify using the
        commonInclusiveAncestor overload that takes a range.
        (WebCore::initializeIndicator): Ditto.

2020-07-29  Adrian Perez de Castro  <aperez@igalia.com>

        Non-unified build fixes, late July 2020 edition
        https://bugs.webkit.org/show_bug.cgi?id=214918

        Unreviewed build fix.

        No new tests needed.

        * Modules/webaudio/WebKitOscillatorNode.h: Add missing WebKitAudioContext.h header to make
        the constructor of WebKitOscillatorNode that WebKitAudioContext inherits from the base
        context, otherwise the compiler does not know which base class constructor to invoke.
        * bindings/js/JSDOMConvertDate.h: Add missing JSGlobalObject.h header.
        * bindings/js/ReadableStreamDefaultController.cpp: Sprinkle missing JSC:: namespace
        prefixes where needed.
        (WebCore::invokeReadableStreamDefaultControllerFunction):
        (WebCore::ReadableStreamDefaultController::close):
        (WebCore::ReadableStreamDefaultController::error):
        (WebCore::ReadableStreamDefaultController::enqueue):
        * editing/SpellChecker.cpp: Add missing inclusion of TextIterator.h.
        * editing/SpellChecker.h: Add missing inclusion of SimpleRange.h.
        * editing/TextCheckingHelper.h: Forward declare Frame and VisibleSelection.
        * editing/TextIterator.cpp: Add missing inclusion of Range.h.
        * workers/WorkerScriptLoader.h: Add missing inclusion of CertificateInfo.h.

2020-07-29  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, reverting r265002.
        https://bugs.webkit.org/show_bug.cgi?id=214919

        Broke imported/w3c/web-platform-tests/webaudio/the-audio-api
        /the-scriptprocessornode-interface/simple-input-output.html

        Reverted changeset:

        "Added constructor methods to ChannelMergerNode,
        ChannelSplitterNode"
        https://bugs.webkit.org/show_bug.cgi?id=214851
        https://trac.webkit.org/changeset/265002

2020-07-28  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] REGRESSION(r264986) Unreviewed crash fix
        https://bugs.webkit.org/show_bug.cgi?id=201507

        * platform/graphics/egl/GLContextEGL.cpp:
        (WebCore::GLContextEGL::createWindowContext): Initialize a variable 'surface' as EGL_NO_SURFACE for WinCairo.

2020-07-28  Chris Dumez  <cdumez@apple.com>

        Move non standard OscillatorNode API to new webKitOscillatorNode interface
        https://bugs.webkit.org/show_bug.cgi?id=214902

        Reviewed by Darin Adler.

        Move non standard OscillatorNode API to new webKitOscillatorNode interface:
        https://webaudio.github.io/web-audio-api/#oscillatornode

        Namely, the playbackState attribute and its associated constants are now exposed
        on the prefixed webKitOscillatorNode interface instead of the unprefixed
        OscillatorNode. This way, this API is still available to apps using the prefixed
        API but we do not support this legacy API if the app is using the modern unprefixed
        API.

        Test: webaudio/oscillatornode-legacy-api.html

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        (WebCore::OscillatorNode::setType):
        (WebCore::OscillatorNode::setPeriodicWave):
        * Modules/webaudio/OscillatorNode.h:
        * Modules/webaudio/OscillatorNode.idl:
        * Modules/webaudio/WebKitAudioContext.cpp:
        (WebCore::WebKitAudioContext::createWebKitOscillator):
        * Modules/webaudio/WebKitAudioContext.h:
        * Modules/webaudio/WebKitAudioContext.idl:
        * Modules/webaudio/WebKitOscillatorNode.h: Copied from Source/WebCore/Modules/webaudio/OscillatorNode.idl.
        (WebCore::WebKitOscillatorNode::create):
        (WebCore::WebKitOscillatorNode::setWebKitPeriodicWave):
        (WebCore::WebKitOscillatorNode::WebKitOscillatorNode):
        * Modules/webaudio/WebKitOscillatorNode.idl: Copied from Source/WebCore/Modules/webaudio/OscillatorNode.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2020-07-28  Karl Rackler  <rackler@apple.com>

        Unreviewed, reverting r264930.

        Reverting Pre-Submission Testing

        Reverted changeset:

        "scaleResolutionDownBy has no effect on RTCRtpSender"
        https://bugs.webkit.org/show_bug.cgi?id=214783
        https://trac.webkit.org/changeset/264930

2020-07-28  Oriol Brufau  <obrufau@igalia.com>

        [css-grid] Fix 'align-content' in grid containers with small content area
        https://bugs.webkit.org/show_bug.cgi?id=214370

        Reviewed by Darin Adler.

        In order to properly obey 'align-content', grid containers need to know
        the available grid space for the block axis. But there was a bug when
        the sum of border and padding sizes in the block axis were bigger than
        the content area. Then the available space was considered to be that sum.

        This patch fixes it so that the available grid space is the size of its
        content box when that is definite.

        Tests: imported/w3c/web-platform-tests/css/css-grid/alignment/grid-place-content-001.html
               imported/w3c/web-platform-tests/css/css-sizing/available-height-for-replaced-content-001.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::availableLogicalHeight const):

2020-07-28  Peng Liu  <peng.liu6@apple.com>

        Clean up PlaybackSessionInterface[Mac|AVKit]
        https://bugs.webkit.org/show_bug.cgi?id=214895

        Reviewed by Eric Carlson.

        No new tests, no functional change.

        * platform/ios/PlaybackSessionInterfaceAVKit.h:
        * platform/ios/PlaybackSessionInterfaceAVKit.mm:
        (WebCore::PlaybackSessionInterfaceAVKit::PlaybackSessionInterfaceAVKit):
        (WebCore::PlaybackSessionInterfaceAVKit::playbackSessionModel const):
        Remove unnecessary WEBCORE_EXPORT.
        Include the correct header for Ref.
        Replace "protected" with "private".
        Use WeakPtr of PlaybackSessionModel instead of a raw pointer.

        * platform/mac/PlaybackSessionInterfaceMac.h:
        Add "final" to ensureControlsManager().
        Some small cleanup.

2020-07-28  Chris Dumez  <cdumez@apple.com>

        [EventSource] WebKit fails to UTF-8 encode the Last-Event-ID HTTP header value
        https://bugs.webkit.org/show_bug.cgi?id=214860

        Reviewed by Alex Christensen and Darin Adler.

        WebKit fails to UTF-8 encode the Last-Event-ID HTTP header value for EventSource.

        The specification is here:
        https://html.spec.whatwg.org/multipage/server-sent-events.html#reestablish-the-connection (step 5.3.)

        This is causing us to fail a couple of EventSource web-platform-tests which are passing in both Chrome & Firefox.

        No new tests, rebaselined existing tests.

        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::setHeaderFields):
        * platform/network/cf/ResourceRequestCFNet.h:
        (WebCore::httpHeaderValueUsingSuitableEncoding):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):

2020-07-28  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] ANGLE D3D renderer can crash when PlatformDisplayWin is destructed in IPC thread
        https://bugs.webkit.org/show_bug.cgi?id=214241

        Reviewed by Don Olmstead.

        Web process calls _exit() in IPC thread when the IPC connection is
        closed. PlatformDisplay::sharedDisplay has a static variable of
        std::unique_ptr<PlatformDisplay> to ensure it will be destructed
        on the process termination. This rarely causes crashes in ANGLE
        because ANGLE D3D renderer isn't thread-safe at the moment.

        * platform/graphics/PlatformDisplay.cpp:
        (WebCore::PlatformDisplay::sharedDisplay): Don't destruct
        PlatformDisplay for PLATFORM(WIN). Use unique_ptr::release to leak it.

2020-07-28  Clark Wang  <clark_wang@apple.com>

        Added constructor methods to ChannelMergerNode, ChannelSplitterNode
        https://bugs.webkit.org/show_bug.cgi?id=214851

        Reviewed by Chris Dumez.

        Added constructors for ChannelMergerNode, ChannelSplitterNode according to spec: 
        https://www.w3.org/TR/webaudio/#ChannelMergerNode-constructors. Added new files
        for ChannelMergerOptions and ChannelSplitterOptions.

        Re-baselined existing tests that now pass, or fail due to a different interface.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioNode.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createChannelSplitter):
        (WebCore::BaseAudioContext::createChannelMerger):
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        (WebCore::ChannelMergerNode::setChannelCount):
        (WebCore::ChannelMergerNode::setChannelCountMode):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelMergerNode.idl:
        * Modules/webaudio/ChannelMergerOptions.h: Added.
        * Modules/webaudio/ChannelMergerOptions.idl: Added.
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        (WebCore::ChannelSplitterNode::setChannelCount):
        (WebCore::ChannelSplitterNode::setChannelCountMode):
        (WebCore::ChannelSplitterNode::setChannelInterpretation):
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/ChannelSplitterNode.idl:
        * Modules/webaudio/ChannelSplitterOptions.h: Added.
        * Modules/webaudio/ChannelSplitterOptions.idl: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-07-28  Rob Buis  <rbuis@igalia.com>

        PerformanceObserver should work with 'type' and not just `entryTypes`
        https://bugs.webkit.org/show_bug.cgi?id=209216

        Reviewed by Youenn Fablet.

        Add support for 'type' attribute as specified here [1].

        Tests: imported/w3c/web-platform-tests/performance-timeline/po-observe-type.any.html
               imported/w3c/web-platform-tests/performance-timeline/po-observe-type.any.worker.html

        [1] https://w3c.github.io/performance-timeline/#dom-performanceobserverinit

        * page/PerformanceObserver.cpp:
        (WebCore::PerformanceObserver::observe):
        * page/PerformanceObserver.h:
        * page/PerformanceObserver.idl:

2020-07-28  Karl Rackler  <rackler@apple.com>

        Unreviewed, reverting r264955.

        Reverting because this commit may have caused issues with
        tests.

        Reverted changeset:

        "WebCoreResourceHandleAsOperationQueueDelegate can use
        RunLoop::dispatch"
        https://bugs.webkit.org/show_bug.cgi?id=214771
        https://trac.webkit.org/changeset/264955

2020-07-28  Saam Barati  <sbarati@apple.com>

        JSPromise::reject might throw more than an unterminated exception
        https://bugs.webkit.org/show_bug.cgi?id=214854
        <rdar://problem/66152648>

        Reviewed by Yusuke Suzuki.

        Before, we were assuming the only exception that could be thrown
        was an early termination exception. However, it's tenuous to assume
        the types of exceptions that can be thrown. This particular test was
        throwing a stack overflow exception. It's better form to just propagate
        the exception upwards instead of attempting to enumerate the list of
        valid exceptions.

        Test: js/dom/promise-rejection-might-stack-overflow.html

        * bindings/js/JSDOMPromiseDeferred.cpp:
        (WebCore::DeferredPromise::reject):

2020-07-28  Alex Christensen  <achristensen@webkit.org>

        Add null checks in ResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=214786
        <rdar://problem/61106685>

        Reviewed by Youenn Fablet.

        We had added some iOS-only checks based on crash tracer data.
        It turns out these code paths are indeed reachable.  Let's make ResourceLoader less platform-dependent.

        The original patch for this has a test that would reach this code, but it never finishes loading.
        Rather than add a test that always times out or not committing the fix, I commit the fix without the test.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::init):
        (WebCore::ResourceLoader::cancel):

2020-07-28  Yusuke Suzuki  <ysuzuki@apple.com>

        IndexedDB binding utilities miss exception checks
        https://bugs.webkit.org/show_bug.cgi?id=214820
        <rdar://problem/66152374>

        Reviewed by Mark Lam.

        Test: js/dom/indexed-db-operations-exception-checks.html

        This patch appropriately inserts exception checking code into IndexedDB binding utilities.

        * Modules/indexeddb/IDBKeyRange.cpp:
        (WebCore::IDBKeyRange::only):
        (WebCore::IDBKeyRange::lowerBound):
        (WebCore::IDBKeyRange::upperBound):
        (WebCore::IDBKeyRange::bound):
        (WebCore::IDBKeyRange::includes):
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::get):
        (WebCore::set):
        (WebCore::toJS):
        (WebCore::createIDBKeyFromValue):
        (WebCore::internalCreateIDBKeyFromScriptValueAndKeyPath):
        (WebCore::ensureNthValueOnKeyPath):
        (WebCore::injectIDBKeyIntoScriptValue):
        (WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath):
        (WebCore::canInjectIDBKeyIntoScriptValue):
        (WebCore::scriptValueToIDBKey):
        * bindings/js/IDBBindingUtilities.h:
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMConvertDate.cpp:
        (WebCore::valueToDate):
        * bindings/js/JSDOMConvertDate.h:
        (WebCore::Converter<IDLDate>::convert):
        * bindings/js/JSDOMConvertStrings.h:
        (WebCore::JSConverter<IDLDOMString>::convert):
        (WebCore::JSConverter<IDLByteString>::convert):
        (WebCore::JSConverter<IDLUSVString>::convert):
        * bindings/js/JSDOMConvertWebGL.cpp:
        (WebCore::convertToJSValue):
        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::initializeJSFunction const):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateEnumerationImplementationContent):
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        (WebCore::convertEnumerationToJS):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::convertEnumerationToJS):
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        (WebCore::convertEnumerationToJS):
        * bindings/scripts/test/JS/JSTestStandaloneEnumeration.cpp:
        (WebCore::convertEnumerationToJS):
        * bridge/c/c_utility.cpp:
        (JSC::Bindings::convertNPVariantToValue):

2020-07-28  Adrian Perez de Castro  <aperez@igalia.com>

        [GTK] Crash in Nicosia::GC3DLayer::makeContextCurrent due to failure in EGL display creation
        https://bugs.webkit.org/show_bug.cgi?id=201507

        Reviewed by Carlos Garcia Campos.

        Ensure that EGL context and display creation failures are always
        logged using RELEASE_LOG_INFO(), even for intermediate failures for
        which a fallback will be tried next, in order to ease diagnosis of
        related issues. Failure to create contexts at the end of the public
        methods ::createContext() and ::createSharingContext() is still
        logged with WTFLogAlways() to write a notice to standard error, and
        let users/developers know that something failed and checking the
        complete logs (e.g. with "journalctl" on Linux) may reveal more
        information.

        This also replaces the chains of "if" statements with a single
        "switch" on the PlatformDisplay::Type enum, which makes the code
        easier to follow and should be more robust as well.

        No new tests needed.

        * platform/graphics/egl/GLContextEGL.cpp:
        (WebCore::GLContextEGL::getEGLConfig):
        (WebCore::GLContextEGL::createWindowContext):
        (WebCore::GLContextEGL::createSurfacelessContext):
        (WebCore::GLContextEGL::createContext):
        (WebCore::GLContextEGL::createSharingContext):

2020-07-28  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer] Use GST_PLUGIN_FEATURE_RANK env var to have Thunder ranked higher in runtime instead of current custom one
        https://bugs.webkit.org/show_bug.cgi?id=214826

        * platform/graphics/gstreamer/GStreamerCommon.cpp: Unreviewed,
        added comment about delaying because of the dependency on
        GStreamer 1.16.

2020-07-28  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer] media/vp9.html failing since check-in in r263894
        https://bugs.webkit.org/show_bug.cgi?id=213947

        Reviewed by Philippe Normand.

        Test: media/vp9.html.

        * testing/Internals.cpp:
        (WebCore::Internals::usingGStreamer const): Added.
        * testing/Internals.h:
        * testing/Internals.idl:

2020-07-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][WPE] Support for backdrop-filter
        https://bugs.webkit.org/show_bug.cgi?id=169988

        Reviewed by Adrian Perez de Castro.

        Add initial support for backdrop filters to coordinated graphics.

        * platform/graphics/nicosia/NicosiaPlatformLayer.h:
        (Nicosia::CompositionLayer::flushState): Update the backdrop layer.
        * platform/graphics/texmap/TextureMapper.h:
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::computeTransformsRecursive): Call it on backdrop layer too.
        (WebCore::TextureMapperLayer::paintSelfAndChildren): Paint the backdrop layer before current layer to apply
        backdrop filters on previous contents, then the layer is painted on top.
        (WebCore::TextureMapperLayer::paintIntoSurface): In case of backdrop layer paint the root layer up to the target
        layer into the intermediate surface.
        (WebCore::TextureMapperLayer::setBackdropLayer): Set the bakdrop layer and mark it as such.
        (WebCore::TextureMapperLayer::applyAnimationsRecursively): Also call syncAnimations on backdrop layer to get the
        filters updated.
        * platform/graphics/texmap/TextureMapperLayer.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::didChangeBackdropFilters):
        (WebCore::CoordinatedGraphicsLayer::didChangeBackdropFiltersRect):
        (WebCore::CoordinatedGraphicsLayer::setShouldUpdateVisibleRect): Also call it for backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::setContentsVisible): Ditto.
        (WebCore::CoordinatedGraphicsLayer::setBackdropFilters):
        (WebCore::CoordinatedGraphicsLayer::setBackdropFiltersRect):
        (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Also call it for backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Handle the changes in backdrop
        filters and the rect, creating the backdrop layer or updating it.
        (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers): Also call it for backdrop layer.
        (WebCore::CoordinatedGraphicsLayer::addAnimation): Handle AnimatedPropertyWebkitBackdropFilter property.
        (WebCore::dumpInnerLayer): Dump internal layer info.
        (WebCore::CoordinatedGraphicsLayer::dumpAdditionalProperties const): Dump backdrop layer.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

2020-07-28  Youenn Fablet  <youenn@apple.com>

        ReadableStreamDefaultController should use private JS built-in methods
        https://bugs.webkit.org/show_bug.cgi?id=214819

        Reviewed by Darin Adler.

        Call directly private buitl-in methods instead of getting close/error/enqueue methods from the controller.
        Test: http/wpt/fetch/readableStreamDefaultController-overwriting.html

        * bindings/js/ReadableStreamDefaultController.cpp:
        (WebCore::invokeReadableStreamDefaultControllerFunction):
        (WebCore::ReadableStreamDefaultController::close):
        (WebCore::ReadableStreamDefaultController::error):
        (WebCore::ReadableStreamDefaultController::enqueue):
        * bindings/js/ReadableStreamDefaultController.h:
        (WebCore::ReadableStreamDefaultController::enqueue):
        (WebCore::ReadableStreamDefaultController::error):

2020-07-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r230479): [TextureMapper] replica layer is not rendered
        https://bugs.webkit.org/show_bug.cgi?id=214827

        Reviewed by Adrian Perez de Castro.

        Since r230479 the replica layer transform is not applied because m_layerTransforms.localTransform is never set
        for the replica layer. We need to call applyAnimationsRecursively() on the replica layer to initialize the
        localTransform (even when we know the replica layer won't have animations).

        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::applyAnimationsRecursively):

2020-07-27  Alex Christensen  <achristensen@webkit.org>

        Null check inlineStyle in StyledElement::invalidateStyleAttribute
        https://bugs.webkit.org/show_bug.cgi?id=214782
        <rdar://problem/66052987>

        Reviewed by Geoffrey Garen.

        This fixes a reachable crash.

        Test: fast/dom/null-inline-style.html

        * dom/StyledElement.cpp:
        (WebCore::StyledElement::invalidateStyleAttribute):

2020-07-27  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS] Drag and drop does not preserve file names that contain periods
        https://bugs.webkit.org/show_bug.cgi?id=214701
        <rdar://problem/66014009>

        Reviewed by Tim Horton.

        Cocoa documentation does not make it clear whether the `-suggestedName` property on `NSItemProvider` should or
        should not include the file extension. To avoid adding a redundant file extension, logic in
        `WebItemProviderPasteboard` attempts to deduce whether the suggested name already contains an extension, and
        only appends a file extension (taken from name of the original file) if the suggested name does not have one.

        Unfortunately, since this logic only checks whether or not there is a period in the filename, it will
        incorrectly avoid adding a file extension when the suggested name contains a period. To fix this, instead of
        checking for the presence of a period, check to see whether the file extension of the suggested name is the
        same, and append the extension if it isn't.

        Test: DragAndDropTests.SuggestedNameContainsDot

        * platform/ios/WebItemProviderPasteboard.mm:
        (linkTemporaryItemProviderFilesToDropStagingDirectory):

2020-07-27  Zalan Bujtas  <zalan@apple.com>

        Extension is sized incorrectly, content is cut off.
        https://bugs.webkit.org/show_bug.cgi?id=214858
        <rdar://problem/64135680>

        Reviewed by Simon Fraser.

        Autosizing uses an 1px tall viewport to layout the content initially. When the document renderer's height is set to a percent value, this
        1px tall viewport will drive the available height for the descendants and we pretty much end up with overflow content.
        Autosizing takes the overflow into account when computing the final content size, however this overflow depends on the type of the layout context (e.g. flex vs. block).

        Let's replace percent height values on the document renderer with the initial "height: auto".

        Test: fast/dynamic/size-to-content-autosize-with-percent-document-height.html

        * page/FrameView.cpp:
        (WebCore::FrameView::performSizeToContentAutoSize):

2020-07-27  Chris Dumez  <cdumez@apple.com>

        Update release*() functions on ExceptionOr() to always release the member
        https://bugs.webkit.org/show_bug.cgi?id=214835

        Reviewed by Darin Adler.

        Update release*() functions on ExceptionOr() to always release the member instead of
        simply doing a cast to an rvalue reference and leaving it up to the caller.

        Also add assertions to make sure we don't release those members more than once and to
        make sure we don't try to access the member after releasing it.

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::doOpenCursor):
        (WebCore::IDBIndex::doOpenKeyCursor):
        (WebCore::IDBIndex::doGetAll):
        (WebCore::IDBIndex::doGetAllKeys):
        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::doOpenCursor):
        (WebCore::IDBObjectStore::doOpenKeyCursor):
        (WebCore::IDBObjectStore::doDelete):
        (WebCore::IDBObjectStore::doGetAll):
        (WebCore::IDBObjectStore::doGetAllKeys):
        Fix issues found in existing code by new assertions.

        * dom/ExceptionOr.h:
        (WebCore::ExceptionOr<ReturnType>::exception const):
        (WebCore::ExceptionOr<ReturnType>::releaseException):
        (WebCore::ExceptionOr<ReturnType>::returnValue const):
        (WebCore::ExceptionOr<ReturnType>::releaseReturnValue):
        (WebCore::>::releaseException):
        (WebCore::ExceptionOr<void>::exception const):
        (WebCore::ExceptionOr<void>::releaseException):

        * dom/TreeWalker.cpp:
        Fix issues found in existing code by new assertions.

2020-07-27  Geoffrey Garen  <ggaren@apple.com>

        WebCoreResourceHandleAsOperationQueueDelegate can use RunLoop::dispatch
        https://bugs.webkit.org/show_bug.cgi?id=214771

        Reviewed by Darin Adler.

        Use the new helper function for consistency, and to remove a bit of code.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (scheduledWithCustomRunLoopMode): Deleted.
        (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]): Deleted.

2020-07-27  Chris Dumez  <cdumez@apple.com>

        thisValue is not always set correctly when calling JS callbacks
        https://bugs.webkit.org/show_bug.cgi?id=214847

        Reviewed by Darin Adler.

        thisValue was not always set correctly when calling JS callbacks.

        This was causing us to fail the last subtest on:
        http://w3c-test.org/dom/traversal/TreeWalker-acceptNode-filter.html

        The specification for TreeWalker is here:
        - https://dom.spec.whatwg.org/#concept-node-filter

        Step 6 refers to [call a user object’s operation] in the WebIDL specification:
         - https://heycam.github.io/webidl/#call-a-user-objects-operation

        Step 10.5 says:
        "Set thisArg to O (overriding the provided value)."

        We were missing this step in our implementation so thisValue ended up being undefined
        (as per earlier step 2).

        No new tests, resync'd existing test.

        * bindings/js/JSCallbackData.cpp:
        (WebCore::JSCallbackData::invokeCallback):

2020-07-27  Sihui Liu  <sihui_liu@appe.com>

        Text manipulation should not extract non-breaking spaces
        https://bugs.webkit.org/show_bug.cgi?id=214839
        <rdar://problem/64113531>

        Reviewed by Wenson Hsieh.

        Spaces are very likely to be dropped during translation. And non-breaking space, if dropped, is likely to affect
        layout of web page.

        API test: TextManipulation.StartTextManipulationIgnoresSpaces

        * editing/TextManipulationController.cpp:
        (WebCore::isNotSpace):
        (WebCore::TextManipulationController::parse):

2020-07-27  Chris Dumez  <cdumez@apple.com>

        ASSERT([filteredCookies.get() count] <= 1) on  imported/w3c/web-platform-tests/websockets/cookies/third-party-cookie-accepted.https.html
        https://bugs.webkit.org/show_bug.cgi?id=214222
        <rdar://problem/65587120>

        Reviewed by Alex Christensen.

        Per the HTML specification [1], upon setting document.cookie, we should act as we would when receiving a Set-Cookie string [2].
        This means that you can only set one cookie at a time (you cannot comma-separate several cookies).

        We were behaving correctly on macOS because we were using the [NSHTTPCookie _parsedCookiesWithResponseHeaderFields] SPI that was
        made specifically for this purpose. However, we would set multiple cookies (in release), and crash in debug on iOS because iOS
        was using a different API to parse the cookies ([NSHTTPCookie cookiesWithResponseHeaderFields:).

        Note that [NSHTTPCookie _parsedCookiesWithResponseHeaderFields] was deprecated in CFNetwork, in favor of
        [NSHTTPCookie _cookieForSetCookieString:]. As a result, I updated both macOS and iOS to use the same new CFNetwork SPI, which
        gives us the standard behavior.

        [1] https://html.spec.whatwg.org/#dom-document-cookie
        [2] https://tools.ietf.org/html/rfc6265#section-4.1

        Test: http/tests/cookies/document-cookie-multiple-cookies.html

        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
        (WebCore::parseDOMCookie):
        (WebCore::NetworkStorageSession::setCookiesFromDOM const):

2020-07-27  Clark Wang  <clark_wang@apple.com>

        Added Constructor method to OscillatorNode
        https://bugs.webkit.org/show_bug.cgi?id=214746

        Reviewed by Chris Dumez.

        Re-baselined existing tests that now pass, or fail further along.

        Added ctor to OscillatorNode, added OscillatorOptions, OscillatorType files all according to spec:
        https://www.w3.org/TR/webaudio/#OscillatorNode-constructors. Updated createOscillator() method in 
        BaseAudioContext.

        * CMakeLists.txt:
        * DerivedSources-input.xcfilelist:
        * DerivedSources-output.xcfilelist:
        * DerivedSources.make:
        * Modules/webaudio/AudioContextOptions.h:
        * Modules/webaudio/BaseAudioContext.cpp:
        (WebCore::BaseAudioContext::createOscillator):
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        (WebCore::OscillatorNode::OscillatorNode):
        (WebCore::OscillatorNode::setType):
        (WebCore::OscillatorNode::setPeriodicWave):
        * Modules/webaudio/OscillatorNode.h:
        (WTF::LogArgument<WebCore::OscillatorType>::toString):
        (WTF::LogArgument<WebCore::OscillatorNode::Type>::toString): Deleted.
        * Modules/webaudio/OscillatorNode.idl:
        * Modules/webaudio/OscillatorOptions.h: Copied from Source/WebCore/Modules/webaudio/PeriodicWaveConstraints.h.
        * Modules/webaudio/OscillatorOptions.idl: Copied from Source/WebCore/Modules/webaudio/PeriodicWaveConstraints.h.
        * Modules/webaudio/OscillatorType.h: Copied from Source/WebCore/Modules/webaudio/PeriodicWaveConstraints.h.
        * Modules/webaudio/OscillatorType.idl: Copied from Source/WebCore/Modules/webaudio/PeriodicWaveConstraints.h.
        * Modules/webaudio/PannerOptions.h:
        * Modules/webaudio/PeriodicWave.cpp:
        * Modules/webaudio/PeriodicWaveConstraints.h:
        * Modules/webaudio/PeriodicWaveOptions.h:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2020-07-27  Mark Lam  <mark.lam@apple.com>

        DisallowVMEntry needs a copy assignment operator, detected by gcc's -Wdeprecated-copy warning
        https://bugs.webkit.org/show_bug.cgi?id=214809

        Reviewed by Yusuke Suzuki.

        Added handling of a possible VMInquiry failure in JSDOMWindow::getOwnPropertySlot()
        after returning from Base::getOwnPropertySlot().  If a VMInquiry is requested and
        Base::getOwnPropertySlot() returns false with slot.isTaintedByOpaqueObject() set,
        then it means that Base::getOwnPropertySlot() failed to execute the VMInquiry,
        not that it successfully determined that the property doesn't exist.

        This issue was noticed while studying how JSDOMWindow::getOwnPropertySlot() uses
        copy assignment of JSC::PropertySlots.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):

2020-07-27  Dean Jackson  <dino@apple.com>

        Repeatable WebContent crash: WebCore::jsWebGLRenderingContextPrototypeFunctionGetError
        https://bugs.webkit.org/show_bug.cgi?id=214814
        rdar://59290537

        Reviewed by Anders Carlsson.

        If a WebGL context was killed due to too many contexts
        in the page, we would get a null pointer crash if
        the page called getError() more than once on it.
        This is an edge case not covered by the WebGL conformance
        suite since the recyling behaviour is specific to our
        implementation.

        Test: fast/canvas/webgl/recycle-contexts.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::getError): Add a null check.

2020-07-27  Youenn Fablet  <youenn@apple.com>

        scaleResolutionDownBy has no effect on RTCRtpSender
        https://bugs.webkit.org/show_bug.cgi?id=214783
        <rdar://problem/66108346>

        Reviewed by Eric Carlson.

        Covered by updated test.

        * Modules/mediastream/libwebrtc/LibWebRTCUtils.cpp:
        (WebCore::updateRTCRtpSendParameters):
        Allow to change scaleResolutionDownBy.

2020-07-25  Simon Fraser  <simon.fraser@apple.com>

        Scroll Snap broken when using RTL layout
        https://bugs.webkit.org/show_bug.cgi?id=193671
        <rdar://problem/47457471>

        Reviewed by Wenson Hsieh.

        There were various places in the scroll snapping code which confused scroll offsets (zero-based)
        with scroll positions (relative to scroll origin, can be negative). This broke snapping in
        `direction: rtl` content.
        
        The computation of snap locations in updateSnapOffsetsForScrollableArea() was also broken
        in RTL; we need to snap the right edge of boxes to the right edge of the scroller for the 'start'
        alignment. (Snapping for LTR boxes in an RTL scroller is poorly defined; for now, follow Gecko.)

        Tests: css3/scroll-snap/scroll-snap-2d-change-axis-type-rtl.html
               css3/scroll-snap/scroll-snap-2d-offsets-computed-independently.rtl.html
               css3/scroll-snap/scroll-snap-elements-container-larger-than-children-rtl.html
               css3/scroll-snap/scroll-snap-iframe-rtl.html
               css3/scroll-snap/scroll-snap-offsets-mixed-rtl.html
               css3/scroll-snap/scroll-snap-offsets-rtl.html

        * page/scrolling/AxisScrollSnapOffsets.cpp:
        (WebCore::computeScrollSnapAlignOffset):
        (WebCore::updateSnapOffsetsForScrollableArea):
        * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm:
        (WebCore::ScrollingTreeScrollingNodeDelegateMac::scrollOffset const):
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::updateActiveScrollSnapIndexForOffset):
        (WebCore::ScrollAnimator::scrollOffset const):
        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::updateScrollSnapPoints):

2020-07-26  Michael Catanzaro  <mcatanzaro@gnome.org>

        -Wunused-parameter in FilterEffectRenderer.cpp
        https://bugs.webkit.org/show_bug.cgi?id=214808

        Unreviewed.

        * platform/graphics/filters/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::tryCreate):

2020-07-22  Darin Adler  <darin@apple.com>

        Stop using live ranges in SpellChecker.h and TextCheckingHelper.h
        https://bugs.webkit.org/show_bug.cgi?id=214648

        Reviewed by Sam Weinig.

        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        Removed unneeded include of TextCheckingHelper.h.

        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::removeMarkers): Updated for change
        to the argument type name.
        (WebCore::DocumentMarkerController::filterMarkers): Ditto.
        (WebCore::addMarker): Added. Convenience so call doesn't have to get
        the document to call this.
        (WebCore::removeMarkers): Ditto.

        * dom/DocumentMarkerController.h: Moved RemovePartiallyOverlappingMarker
        out of the DocumentMarkerController class, tweaked its name and changed
        it into an enum class. Added conveniences functions for add/removeMarker.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::respondToUnappliedSpellCorrection):
        Use convenience versions of removeMarkers and addMarker.
        (WebCore::AlternativeTextController::handleAlternativeTextUIResult): Ditto.
        (WebCore::AlternativeTextController::respondToUnappliedEditing): Ditto.
        (WebCore::AlternativeTextController::markReversed): Ditto.
        (WebCore::AlternativeTextController::markCorrection): Ditto.
        (WebCore::AlternativeTextController::recordSpellcheckerResponseForModifiedCorrection): Ditto.
        (WebCore::AlternativeTextController::markPrecedingWhitespaceForDeletedAutocorrectionAfterCommand): Ditto.
        (WebCore::AlternativeTextController::applyAlternativeTextToRange): Ditto.
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::replaceTextInNodePreservingMarkers): Ditto.
        * editing/Editor.cpp:
        (WebCore::Editor::ignoreSpelling): Ditto.
        (WebCore::Editor::learnSpelling): Ditto.
        (WebCore::Editor::advanceToNextMisspelling): Rewrote to not use a live
        range and for the changes to the TextCheckingHelper.
        (WebCore::Editor::isSelectionUngrammatical): Deleted.
        (WebCore::Editor::guessesForMisspelledOrUngrammatical): Changed to use a
        return value instead of out arguments.
        (WebCore::Editor::clearMisspellingsAndBadGrammar): Use convenience
        versions of removeMarkers.
        (WebCore::Editor::markMisspellingsAfterTypingToWord): Ditto.
        (WebCore::Editor::markMisspellingsOrBadGrammar): Updated for change to
        TextCheckingHelper.
        (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): Do not use
        live ranges.
        (WebCore::correctSpellcheckingPreservingTextCheckingParagraph): Take a
        range that isn't a live range.
        (WebCore::Editor::markAndReplaceFor): Tweak for changes to text checking
        and to use convenience version of addMarker.
        (WebCore::Editor::changeBackToReplacedString): Use convenience versions of
        removeMarkers and addMarker.
        (WebCore::Editor::updateMarkersForWordsAffectedByEditing): Ditto.
        (WebCore::Editor::countMatchesForText): Ditto.
        (WebCore::Editor::scanSelectionForTelephoneNumbers): Ditto.
        (WebCore::Editor::editorUIUpdateTimerFired): Ditto.
        (WebCore::Editor::handleAcceptedCandidate): Ditto.
        * editing/Editor.h: Update for the above.

        * editing/SpellChecker.cpp:
        (WebCore::SpellCheckRequest::SpellCheckRequest): No longer take live ranges.
        (WebCore::SpellCheckRequest::create): Ditto.
        (WebCore::SpellChecker::canCheckAsynchronously const): Ditto.
        (WebCore::SpellChecker::isCheckable const): Ditto.
        (WebCore::SpellChecker::didCheckSucceed): Use convenience versions of
        removeMarkers.
        * editing/SpellChecker.h: Remove the use of live ranges. Removed many
        unneeded includes and forward declarations.

        * editing/TextCheckingHelper.cpp:
        (WebCore::expandToParagraphBoundary): Take and return non-live ranges.
        (WebCore::TextCheckingParagraph::TextCheckingParagraph): Ditto.
        (WebCore::TextCheckingParagraph::expandRangeToNextEnd): Updated to use
        non-live ranges.
        (WebCore::TextCheckingParagraph::invalidateParagraphRangeValues): Ditto.
        (WebCore::TextCheckingParagraph::paragraphRange const): Ditto.
        (WebCore::TextCheckingParagraph::subrange const): Ditto.
        (WebCore::TextCheckingParagraph::offsetTo const): Ditto.
        (WebCore::TextCheckingParagraph::offsetAsRange const): Ditto.
        (WebCore::TextCheckingParagraph::automaticReplacementStart const): Ditto.
        (WebCore::TextCheckingParagraph::automaticReplacementLength const): Ditto.
        (WebCore::TextCheckingHelper::~TextCheckingHelper): Deleted.
        (WebCore::TextCheckingHelper::findMispelledWords const): Renamed from
        findFirstMispelling, and made this private function since it has confusing
        argument and return types. Reimplemented to use non-live ranges and to use
        return values and the addMarker convenience function. Also changed this to
        not mark when called just to find the first mispelled word. The old version
        always marked, which didn't make logical sense, but was harmless because
        the caller always marked the same way. Now this does what it says.
        (WebCore::TextCheckingHelper::findFirstMisspelledWord const): Added.
        Replaces findFirstMispelling as a public function, and returns a structure
        instead of using out arguments.
        (WebCore::TextCheckingHelper::findFirstMisspelledWordOrUngrammaticalPhrase const):
        Renamed from findFirstMisspellingOrBadGrammar and changed to return a structure
        instead of using out arguments.
        (WebCore::TextCheckingHelper::findUngrammaticalPhrases const): Renamed from
        findFirstGrammarDetail and findFirstBadGrammar. Both functions are now private
        and use the new Operation enum class to distinguish the "find first" from
        "mark all" usage. Also use the convience version of addMarker and return results
        in a structure instead of using out arguments.
        (WebCore::TextCheckingHelper::findFirstUngrammaticalPhrase const): Added.
        Replaces findFirstBadGrammar as a public function, returns a structure
        instead of using out arguments.
        (WebCore::TextCheckingHelper::guessesForMisspelledWordOrUngrammaticalPhrase const):
        Renamed from guessesForMisspelledOrUngrammaticalRange and changed to return
        a structure instead of out arguments.
        (WebCore::TextCheckingHelper::markAllMisspelledWor