[webkit-changes] [95698] trunk/Source/WebKit/chromium
Title: [95698] trunk/Source/WebKit/chromium Revision 95698 Author commit-qu...@webkit.org Date 2011-09-21 21:06:31 -0700 (Wed, 21 Sep 2011) Log Message Implement WebKit side of IDBFactory::getDatabaseNames https://bugs.webkit.org/show_bug.cgi?id=68037 Patch by Joshua Bell on 2011-09-21 Reviewed by Tony Chang. Interface changes and stub implementations for new IndexedDB IDBFactory.getDatabaseNames. This is part one of a two-sided patch. * public/WebIDBCallbacks.h: (WebKit::WebIDBCallbacks::onSuccess): * public/WebIDBFactory.h: (WebKit::WebIDBFactory::getDatabaseNames): Modified Paths trunk/Source/WebKit/chromium/ChangeLog trunk/Source/WebKit/chromium/public/WebIDBCallbacks.h trunk/Source/WebKit/chromium/public/WebIDBFactory.h Diff Modified: trunk/Source/WebKit/chromium/ChangeLog (95697 => 95698) --- trunk/Source/WebKit/chromium/ChangeLog 2011-09-22 03:29:50 UTC (rev 95697) +++ trunk/Source/WebKit/chromium/ChangeLog 2011-09-22 04:06:31 UTC (rev 95698) @@ -1,3 +1,19 @@ +2011-09-21 Joshua Bell + +Implement WebKit side of IDBFactory::getDatabaseNames +https://bugs.webkit.org/show_bug.cgi?id=68037 + +Reviewed by Tony Chang. + +Interface changes and stub implementations for +new IndexedDB IDBFactory.getDatabaseNames. This is +part one of a two-sided patch. + +* public/WebIDBCallbacks.h: +(WebKit::WebIDBCallbacks::onSuccess): +* public/WebIDBFactory.h: +(WebKit::WebIDBFactory::getDatabaseNames): + 2011-09-21 Robert Kroeger [chromium] Code cleanup in gesture recognizer unit tests Modified: trunk/Source/WebKit/chromium/public/WebIDBCallbacks.h (95697 => 95698) --- trunk/Source/WebKit/chromium/public/WebIDBCallbacks.h 2011-09-22 03:29:50 UTC (rev 95697) +++ trunk/Source/WebKit/chromium/public/WebIDBCallbacks.h 2011-09-22 04:06:31 UTC (rev 95698) @@ -30,6 +30,7 @@ namespace WebKit { +class WebDOMStringList; class WebIDBCursor; class WebIDBDatabase; class WebIDBDatabaseError; @@ -46,6 +47,7 @@ // For classes that follow the PImpl pattern, pass a const reference. // For the rest, pass ownership to the callee via a pointer. virtual void onError(const WebIDBDatabaseError&) { WEBKIT_ASSERT_NOT_REACHED(); } +virtual void onSuccess(const WebDOMStringList&) { WEBKIT_ASSERT_NOT_REACHED(); } virtual void onSuccess(WebIDBCursor*) { WEBKIT_ASSERT_NOT_REACHED(); } virtual void onSuccess(WebIDBDatabase*) { WEBKIT_ASSERT_NOT_REACHED(); } virtual void onSuccess(const WebIDBKey&) { WEBKIT_ASSERT_NOT_REACHED(); } Modified: trunk/Source/WebKit/chromium/public/WebIDBFactory.h (95697 => 95698) --- trunk/Source/WebKit/chromium/public/WebIDBFactory.h 2011-09-22 03:29:50 UTC (rev 95697) +++ trunk/Source/WebKit/chromium/public/WebIDBFactory.h 2011-09-22 04:06:31 UTC (rev 95698) @@ -57,6 +57,8 @@ SQLiteBackingStore }; +virtual void getDatabaseNames(WebIDBCallbacks*, const WebSecurityOrigin&, WebFrame*, const WebString& dataDir, unsigned long long maximumSize, BackingStoreType) { WEBKIT_ASSERT_NOT_REACHED(); } + // The WebKit implementation of open ignores the WebFrame* parameter. virtual void open(const WebString& name, WebIDBCallbacks*, const WebSecurityOrigin&, WebFrame*, const WebString& dataDir, unsigned long long maximumSize, BackingStoreType) { WEBKIT_ASSERT_NOT_REACHED(); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95697] trunk/Source/WebCore
Title: [95697] trunk/Source/WebCore Revision 95697 Author bda...@apple.com Date 2011-09-21 20:29:50 -0700 (Wed, 21 Sep 2011) Log Message https://bugs.webkit.org/show_bug.cgi?id=67415 Text drawn via -webkit-background-clip:text is blurry at device scale factors >1.0 -and corresponding- Reviewed by Darin Adler. New helper function RenderBoxModelObject scales the mask image by the deviceScaleFactor to get an image of the appropriate resolution. It also scales the image's GraphicsContext so that the clip is set up on the same scale. Back in paintFillLayerExtended() we still clip the image to the original maskRect to get everything scaled back to the appropriate size. * rendering/RenderBoxModelObject.cpp: (WebCore::createDeviceScaledImageBuffer): (WebCore::RenderBoxModelObject::paintFillLayerExtended): Make the deviceScaleFactor convenience function just a namespace-level function in Page rather than a static member or Page. * page/Page.cpp: (WebCore::deviceScaleFactor): * page/Page.h: Pre-existing callers of Page::deviceScaleFactor(Frame*) must now use WebCore::deviceScaleFactor(Frame*) * editing/DeleteButtonController.cpp: (WebCore::DeleteButtonController::createDeletionUI): * rendering/RenderImage.cpp: (WebCore::RenderImage::imageSizeForError): (WebCore::RenderImage::paintReplaced): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::drawPlatformResizerImage): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/editing/DeleteButtonController.cpp trunk/Source/WebCore/page/Page.cpp trunk/Source/WebCore/page/Page.h trunk/Source/WebCore/rendering/RenderBoxModelObject.cpp trunk/Source/WebCore/rendering/RenderImage.cpp trunk/Source/WebCore/rendering/RenderLayer.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (95696 => 95697) --- trunk/Source/WebCore/ChangeLog 2011-09-22 02:14:36 UTC (rev 95696) +++ trunk/Source/WebCore/ChangeLog 2011-09-22 03:29:50 UTC (rev 95697) @@ -1,3 +1,37 @@ +2011-09-21 Beth Dakin + +https://bugs.webkit.org/show_bug.cgi?id=67415 +Text drawn via -webkit-background-clip:text is blurry at device scale factors >1.0 +-and corresponding- + + +Reviewed by Darin Adler. + +New helper function RenderBoxModelObject scales the mask image by the +deviceScaleFactor to get an image of the appropriate resolution. It also scales +the image's GraphicsContext so that the clip is set up on the same scale. Back in +paintFillLayerExtended() we still clip the image to the original maskRect to get +everything scaled back to the appropriate size. +* rendering/RenderBoxModelObject.cpp: +(WebCore::createDeviceScaledImageBuffer): +(WebCore::RenderBoxModelObject::paintFillLayerExtended): + +Make the deviceScaleFactor convenience function just a namespace-level function in +Page rather than a static member or Page. +* page/Page.cpp: +(WebCore::deviceScaleFactor): +* page/Page.h: + +Pre-existing callers of Page::deviceScaleFactor(Frame*) must now use +WebCore::deviceScaleFactor(Frame*) +* editing/DeleteButtonController.cpp: +(WebCore::DeleteButtonController::createDeletionUI): +* rendering/RenderImage.cpp: +(WebCore::RenderImage::imageSizeForError): +(WebCore::RenderImage::paintReplaced): +* rendering/RenderLayer.cpp: +(WebCore::RenderLayer::drawPlatformResizerImage): + 2011-09-21 Tim Horton [CG] ImageBufferData::getData has an invariant comparison in the inner part of a loop which doesn't get optimized out Modified: trunk/Source/WebCore/editing/DeleteButtonController.cpp (95696 => 95697) --- trunk/Source/WebCore/editing/DeleteButtonController.cpp 2011-09-22 02:14:36 UTC (rev 95696) +++ trunk/Source/WebCore/editing/DeleteButtonController.cpp 2011-09-22 03:29:50 UTC (rev 95697) @@ -255,7 +255,7 @@ style->setProperty(CSSPropertyHeight, String::number(buttonHeight) + "px"); style->setProperty(CSSPropertyVisibility, CSSValueVisible); -float deviceScaleFactor = Page::deviceScaleFactor(m_frame); +float deviceScaleFactor = WebCore::deviceScaleFactor(m_frame); RefPtr buttonImage; if (deviceScaleFactor >= 2) buttonImage = Image::loadPlatformResource("deleteButton@2x"); Modified: trunk/Source/WebCore/page/Page.cpp (95696 => 95697) --- trunk/Source/WebCore/page/Page.cpp 2011-09-22 02:14:36 UTC (rev 95696) +++ trunk/Source/WebCore/page/Page.cpp 2011-09-22 03:29:50 UTC (rev 95697) @@ -109,6 +109,16 @@ frames[i]->document()->dispatchWindowEvent(Event::create(eventName, false, false)); } +float deviceScaleFactor(Frame* frame) +{ +if (!frame) +return 1; +Page* page = frame->page(); +if (!page) +return 1; +return page->deviceScaleFactor(); +} + Page::Page(PageClients& pageClients) : m_chrome(adoptPtr(new Chrome(this, pageClients.chromeClient)))
[webkit-changes] [95696] trunk/LayoutTests
Title: [95696] trunk/LayoutTests Revision 95696 Author infe...@chromium.org Date 2011-09-21 19:14:36 -0700 (Wed, 21 Sep 2011) Log Message Unreviewed. Chromium rebaselines for r95671. * platform/chromium-linux/fast/table/quote-text-around-iframe-expected.png: Added. * platform/chromium-mac/fast/table/quote-text-around-iframe-expected.png: Added. * platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt: * platform/chromium-win/fast/table/quote-text-around-iframe-expected.png: Added. * platform/chromium-win/fast/table/quote-text-around-iframe-expected.txt: Added. * platform/chromium-win/fast/table/table-cell-after-child-in-block-expected.txt: * platform/chromium-win/fast/table/table-cell-before-child-in-block-expected.txt: * platform/chromium-win/fast/table/table-row-after-child-in-block-expected.txt: * platform/chromium-win/fast/table/table-row-before-child-in-block-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt trunk/LayoutTests/platform/chromium-win/fast/table/table-cell-after-child-in-block-expected.txt trunk/LayoutTests/platform/chromium-win/fast/table/table-cell-before-child-in-block-expected.txt trunk/LayoutTests/platform/chromium-win/fast/table/table-row-after-child-in-block-expected.txt trunk/LayoutTests/platform/chromium-win/fast/table/table-row-before-child-in-block-expected.txt Added Paths trunk/LayoutTests/platform/chromium-linux/fast/table/quote-text-around-iframe-expected.png trunk/LayoutTests/platform/chromium-mac/fast/table/quote-text-around-iframe-expected.png trunk/LayoutTests/platform/chromium-win/fast/table/quote-text-around-iframe-expected.png trunk/LayoutTests/platform/chromium-win/fast/table/quote-text-around-iframe-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (95695 => 95696) --- trunk/LayoutTests/ChangeLog 2011-09-22 02:04:29 UTC (rev 95695) +++ trunk/LayoutTests/ChangeLog 2011-09-22 02:14:36 UTC (rev 95696) @@ -1,3 +1,17 @@ +2011-09-21 Abhishek Arya + +Unreviewed. Chromium rebaselines for r95671. + +* platform/chromium-linux/fast/table/quote-text-around-iframe-expected.png: Added. +* platform/chromium-mac/fast/table/quote-text-around-iframe-expected.png: Added. +* platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt: +* platform/chromium-win/fast/table/quote-text-around-iframe-expected.png: Added. +* platform/chromium-win/fast/table/quote-text-around-iframe-expected.txt: Added. +* platform/chromium-win/fast/table/table-cell-after-child-in-block-expected.txt: +* platform/chromium-win/fast/table/table-cell-before-child-in-block-expected.txt: +* platform/chromium-win/fast/table/table-row-after-child-in-block-expected.txt: +* platform/chromium-win/fast/table/table-row-before-child-in-block-expected.txt: + 2011-09-21 Sameer Patil :hover selector fails when hovering over a child select element with size attribute Added: trunk/LayoutTests/platform/chromium-linux/fast/table/quote-text-around-iframe-expected.png (Binary files differ) Property changes on: trunk/LayoutTests/platform/chromium-linux/fast/table/quote-text-around-iframe-expected.png ___ Added: svn:mime-type Added: trunk/LayoutTests/platform/chromium-mac/fast/table/quote-text-around-iframe-expected.png (Binary files differ) Property changes on: trunk/LayoutTests/platform/chromium-mac/fast/table/quote-text-around-iframe-expected.png ___ Added: svn:mime-type Modified: trunk/LayoutTests/platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt (95695 => 95696) --- trunk/LayoutTests/platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt 2011-09-22 02:04:29 UTC (rev 95695) +++ trunk/LayoutTests/platform/chromium-win/fast/css-generated-content/table-cell-before-content-expected.txt 2011-09-22 02:14:36 UTC (rev 95696) @@ -4,15 +4,15 @@ RenderBlock {HTML} at (0,0) size 800x36 RenderBody {BODY} at (8,8) size 784x20 [color=#FF] RenderBlock {DIV} at (0,0) size 784x20 -RenderTable at (0,0) size 265x20 [color=#00] +RenderTable at (0,0) size 265x20 RenderTableSection (anonymous) at (0,0) size 265x20 RenderTableRow (anonymous) at (0,0) size 265x20 - RenderTableCell (anonymous) at (0,0) size 190x20 [color=#FF] [r=0 c=0 rs=1 cs=1] + RenderTableCell (anonymous) at (0,0) size 190x20 [r=0 c=0 rs=1 cs=1] RenderText at (0,0) size 190x19 text run at (0,0) width 190: "You should just see a single line" - RenderTableCell {DIV} at (190,0) size 4x20 [color=#FF] [r=0 c=1 rs=1 cs=1] +
[webkit-changes] [95695] trunk/Source/WebCore
Title: [95695] trunk/Source/WebCore Revision 95695 Author timothy_hor...@apple.com Date 2011-09-21 19:04:29 -0700 (Wed, 21 Sep 2011) Log Message [CG] ImageBufferData::getData has an invariant comparison in the inner part of a loop which doesn't get optimized out https://bugs.webkit.org/show_bug.cgi?id=68588 Reviewed by Simon Fraser. Factor the unmultiplied check out of the inner loop, resulting in a speed bump in ImageBufferData::getData. No new tests, performance improvement. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::ImageBufferData::getData): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (95694 => 95695) --- trunk/Source/WebCore/ChangeLog 2011-09-22 01:52:32 UTC (rev 95694) +++ trunk/Source/WebCore/ChangeLog 2011-09-22 02:04:29 UTC (rev 95695) @@ -1,3 +1,19 @@ +2011-09-21 Tim Horton + +[CG] ImageBufferData::getData has an invariant comparison in the inner part of a loop which doesn't get optimized out +https://bugs.webkit.org/show_bug.cgi?id=68588 + + +Reviewed by Simon Fraser. + +Factor the unmultiplied check out of the inner loop, resulting in a +speed bump in ImageBufferData::getData. + +No new tests, performance improvement. + +* platform/graphics/cg/ImageBufferDataCG.cpp: +(WebCore::ImageBufferData::getData): + 2011-09-21 Sameer Patil :hover selector fails when hovering over a child select element with size attribute Modified: trunk/Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp (95694 => 95695) --- trunk/Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp 2011-09-22 01:52:32 UTC (rev 95694) +++ trunk/Source/WebCore/platform/graphics/cg/ImageBufferDataCG.cpp 2011-09-22 02:04:29 UTC (rev 95695) @@ -173,20 +173,29 @@ return result.release(); } #endif -for (int y = 0; y < height; ++y) { -for (int x = 0; x < width; x++) { -int basex = x * 4; -unsigned char alpha = srcRows[basex + 3]; -if (unmultiplied && alpha) { -destRows[basex] = (srcRows[basex] * 255) / alpha; -destRows[basex + 1] = (srcRows[basex + 1] * 255) / alpha; -destRows[basex + 2] = (srcRows[basex + 2] * 255) / alpha; -destRows[basex + 3] = alpha; -} else -reinterpret_cast(destRows + basex)[0] = reinterpret_cast(srcRows + basex)[0]; +if (unmultiplied) { +for (int y = 0; y < height; ++y) { +for (int x = 0; x < width; x++) { +int basex = x * 4; +unsigned char alpha = srcRows[basex + 3]; +if (alpha) { +destRows[basex] = (srcRows[basex] * 255) / alpha; +destRows[basex + 1] = (srcRows[basex + 1] * 255) / alpha; +destRows[basex + 2] = (srcRows[basex + 2] * 255) / alpha; +destRows[basex + 3] = alpha; +} else +reinterpret_cast(destRows + basex)[0] = reinterpret_cast(srcRows + basex)[0]; +} +srcRows += srcBytesPerRow; +destRows += destBytesPerRow; } -srcRows += srcBytesPerRow; -destRows += destBytesPerRow; +} else { +for (int y = 0; y < height; ++y) { +for (int x = 0; x < width * 4; x += 4) +reinterpret_cast(destRows + x)[0] = reinterpret_cast(srcRows + x)[0]; +srcRows += srcBytesPerRow; +destRows += destBytesPerRow; +} } } else { #if USE(IOSURFACE_CANVAS_BACKING_STORE) @@ -223,24 +232,38 @@ vImagePermuteChannels_ARGB(&src, &dest, map, kvImageNoFlags); } #else -for (int y = 0; y < height; ++y) { -for (int x = 0; x < width; x++) { -int basex = x * 4; -unsigned char alpha = srcRows[basex + 3]; -if (unmultiplied && alpha) { -destRows[basex] = (srcRows[basex + 2] * 255) / alpha; -destRows[basex + 1] = (srcRows[basex + 1] * 255) / alpha; -destRows[basex + 2] = (srcRows[basex] * 255) / alpha; -destRows[basex + 3] = alpha; -} else { +if (unmultiplied) { +for (int y = 0; y < height; ++y) { +for (int x = 0; x < width; x++) { +int basex = x * 4; +unsigned char alpha = srcRows[basex + 3]; +if (alpha) { +destRows[basex] = (srcRows[basex + 2] * 255) / alpha; +destRows[basex + 1] = (srcRows[basex + 1] * 255) / alpha; +destRows[bas
[webkit-changes] [95694] trunk
Title: [95694] trunk Revision 95694 Author commit-qu...@webkit.org Date 2011-09-21 18:52:32 -0700 (Wed, 21 Sep 2011) Log Message :hover selector fails when hovering over a child select element with size attribute https://bugs.webkit.org/show_bug.cgi?id=67594 Patch by Sameer Patil on 2011-09-21 Reviewed by Darin Adler. Source/WebCore: Test: fast/css/hover-affects-ancestor.html This patch addresses the problem of deactivation of the ancestor element :hover rules when hovered its contained elements. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateHoverActiveState): LayoutTests: * fast/css/hover-affects-ancestor-expected.txt: Added. * fast/css/hover-affects-ancestor.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/rendering/RenderLayer.cpp Added Paths trunk/LayoutTests/fast/css/hover-affects-ancestor-expected.txt trunk/LayoutTests/fast/css/hover-affects-ancestor.html Diff Modified: trunk/LayoutTests/ChangeLog (95693 => 95694) --- trunk/LayoutTests/ChangeLog 2011-09-22 01:46:12 UTC (rev 95693) +++ trunk/LayoutTests/ChangeLog 2011-09-22 01:52:32 UTC (rev 95694) @@ -1,3 +1,13 @@ +2011-09-21 Sameer Patil + +:hover selector fails when hovering over a child select element with size attribute +https://bugs.webkit.org/show_bug.cgi?id=67594 + +Reviewed by Darin Adler. + +* fast/css/hover-affects-ancestor-expected.txt: Added. +* fast/css/hover-affects-ancestor.html: Added. + 2011-09-21 Ben Wells Rebaseline for bug 65583 (path based border radius drawing on skia) part 4 Added: trunk/LayoutTests/fast/css/hover-affects-ancestor-expected.txt (0 => 95694) --- trunk/LayoutTests/fast/css/hover-affects-ancestor-expected.txt (rev 0) +++ trunk/LayoutTests/fast/css/hover-affects-ancestor-expected.txt 2011-09-22 01:52:32 UTC (rev 95694) @@ -0,0 +1,17 @@ +This test ensures that ancestor element hover rules are not affected when we hover its contained elements + + + + +http://www.webkit.org +Button test +Radio test +Checkbox test +testselect: PASS +testinput: PASS +testtextarea: PASS +testanchor: PASS +testbutton: PASS +testradio: PASS +testcheckbox: PASS + Added: trunk/LayoutTests/fast/css/hover-affects-ancestor.html (0 => 95694) --- trunk/LayoutTests/fast/css/hover-affects-ancestor.html (rev 0) +++ trunk/LayoutTests/fast/css/hover-affects-ancestor.html 2011-09-22 01:52:32 UTC (rev 95694) @@ -0,0 +1,82 @@ + + + +hover ancestor test + +.foo { +background: red; +width: 300px; +height: 300px; +position: relative; +} + +.foo:hover { +background: green; +} + + + +This test ensures that ancestor element hover rules are not affected when we hover +its contained elements + + +option1 +option2 +option3 + + + + +Textarea test. + + +Button test + + +Radio test + +Checkbox test + + + + +if (window.layoutTestController) { +layoutTestController.dumpAsText(); +} + +function getCenterFor(element) +{ +var rect = element.getBoundingClientRect(); +return { x : parseInt((rect.left + rect.right) / 2) , y : parseInt((rect.top + rect.bottom) / 2)}; +} + +function runTest(id) { +var box, x, y; +box = document.getElementById(id); +center = getCenterFor(box); +eventSender.mouseMoveTo(center.x, center.y); +var target = document.getElementById("target"); +var style = window.getComputedStyle(target, null); +var bgColor = style.getPropertyValue("background-color"); +logResult(id, bgColor); +} + +function logResult(id, bgColor) { +document.write(id + ': '); +document.write(bgColor=="rgb(0, 128, 0)" ? "PASS" : "FAIL"); +document.write('
'); +} + +if (window.eventSender) { +runTest("testselect"); +runTest("testinput"); +runTest("testtextarea"); +runTest("testanchor"); +runTest("testbutton"); +runTest("testradio"); +runTest("testcheckbox"); +} + + + Modified: trunk/Source/WebCore/ChangeLog (95693 => 95694) --- trunk/Source/WebCore/ChangeLog 2011-09-22 01:46:12 UTC (rev 95693) +++ trunk/Source/WebCore/ChangeLog 2011-09-22 01:52:32 UTC (rev 95694) @@ -1,3 +1,18 @@ +2011-09-21 Sameer Patil + +:hover selector fails when hovering over a child select element with size attribute +https://bugs.webkit.org/show_bug.cgi?id=67594 + +Reviewed by Darin Adler. + +Test: fast/css/hover-affects-ancestor.html + +This patch addresses the problem of deactivation of the ancestor element :hover rules +when hovered its contained elements. + +* rendering/RenderLayer.cpp: +(WebCore::RenderLayer::updateHoverActiveState): + 2011-09-21 Sergey Glazunov [Chromium] Protect message ports from being deleted in V8MessageEvent::portsAccessorGetter Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (95693 => 95694) --- trunk/Source/WebCore/rendering/RenderLayer.cpp 2011-09-22 01:46:12 UTC
[webkit-changes] [95693] trunk/Source/JavaScriptCore
Title: [95693] trunk/Source/_javascript_Core Revision 95693 Author barraclo...@apple.com Date 2011-09-21 18:46:12 -0700 (Wed, 21 Sep 2011) Log Message Add missing addPtr->add32 mapping for X86. Rubber stamped by Sam Weinig. * assembler/MacroAssembler.h: (JSC::MacroAssembler::addPtr): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/assembler/MacroAssembler.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95692 => 95693) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-22 01:10:31 UTC (rev 95692) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-22 01:46:12 UTC (rev 95693) @@ -1,5 +1,14 @@ 2011-09-21 Gavin Barraclough +Add missing addPtr->add32 mapping for X86. + +Rubber stamped by Sam Weinig. + +* assembler/MacroAssembler.h: +(JSC::MacroAssembler::addPtr): + +2011-09-21 Gavin Barraclough + Add missing addDouble for AbsoluteAddress to X86 Rubber stamped by Geoff Garen. Modified: trunk/Source/_javascript_Core/assembler/MacroAssembler.h (95692 => 95693) --- trunk/Source/_javascript_Core/assembler/MacroAssembler.h 2011-09-22 01:10:31 UTC (rev 95692) +++ trunk/Source/_javascript_Core/assembler/MacroAssembler.h 2011-09-22 01:46:12 UTC (rev 95693) @@ -199,6 +199,11 @@ add32(imm, src, dest); } +void addPtr(TrustedImm32 imm, AbsoluteAddress address) +{ +add32(imm, address); +} + void andPtr(RegisterID src, RegisterID dest) { and32(src, dest); ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95692] trunk/Source/JavaScriptCore
Title: [95692] trunk/Source/_javascript_Core Revision 95692 Author barraclo...@apple.com Date 2011-09-21 18:10:31 -0700 (Wed, 21 Sep 2011) Log Message Add missing addDouble for AbsoluteAddress to X86 Rubber stamped by Geoff Garen. * assembler/MacroAssemblerX86.h: (JSC::MacroAssemblerX86::addDouble): * assembler/X86Assembler.h: (JSC::X86Assembler::addsd_mr): (JSC::X86Assembler::cvtsi2sd_rr): (JSC::X86Assembler::cvtsi2sd_mr): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h trunk/Source/_javascript_Core/assembler/X86Assembler.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95691 => 95692) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-22 01:06:10 UTC (rev 95691) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-22 01:10:31 UTC (rev 95692) @@ -1,5 +1,18 @@ 2011-09-21 Gavin Barraclough +Add missing addDouble for AbsoluteAddress to X86 + +Rubber stamped by Geoff Garen. + +* assembler/MacroAssemblerX86.h: +(JSC::MacroAssemblerX86::addDouble): +* assembler/X86Assembler.h: +(JSC::X86Assembler::addsd_mr): +(JSC::X86Assembler::cvtsi2sd_rr): +(JSC::X86Assembler::cvtsi2sd_mr): + +2011-09-21 Gavin Barraclough + Build fix following fix for bug #68586. * jit/JIT.cpp: Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h (95691 => 95692) --- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h 2011-09-22 01:06:10 UTC (rev 95691) +++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h 2011-09-22 01:10:31 UTC (rev 95692) @@ -50,6 +50,7 @@ using MacroAssemblerX86Common::store32; using MacroAssemblerX86Common::branch32; using MacroAssemblerX86Common::call; +using MacroAssemblerX86Common::addDouble; using MacroAssemblerX86Common::loadDouble; using MacroAssemblerX86Common::convertInt32ToDouble; @@ -88,6 +89,11 @@ m_assembler.movl_mr(address, dest); } +void addDouble(AbsoluteAddress address, FPRegisterID dest) +{ +m_assembler.addsd_mr(address.m_ptr, dest); +} + void loadDouble(const void* address, FPRegisterID dest) { ASSERT(isSSE2Present()); Modified: trunk/Source/_javascript_Core/assembler/X86Assembler.h (95691 => 95692) --- trunk/Source/_javascript_Core/assembler/X86Assembler.h 2011-09-22 01:06:10 UTC (rev 95691) +++ trunk/Source/_javascript_Core/assembler/X86Assembler.h 2011-09-22 01:10:31 UTC (rev 95692) @@ -1343,6 +1343,14 @@ m_formatter.twoByteOp(OP2_ADDSD_VsdWsd, (RegisterID)dst, base, offset); } +#if !CPU(X86_64) +void addsd_mr(const void* address, XMMRegisterID dst) +{ +m_formatter.prefix(PRE_SSE_F2); +m_formatter.twoByteOp(OP2_ADDSD_VsdWsd, (RegisterID)dst, address); +} +#endif + void cvtsi2sd_rr(RegisterID src, XMMRegisterID dst) { m_formatter.prefix(PRE_SSE_F2); ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95690] trunk/Source/WebKit2
Title: [95690] trunk/Source/WebKit2 Revision 95690 Author a...@apple.com Date 2011-09-21 18:01:26 -0700 (Wed, 21 Sep 2011) Log Message [WK2] UIProcess should check that WebProcess isn't sending unexpected file: URLs to it https://bugs.webkit.org/show_bug.cgi?id=68573 Unreviewed follow-up fix. * UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::checkURLReceivedFromWebProcess): Just like we allow null URLs, also allow empty strings. Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp Diff Modified: trunk/Source/WebKit2/ChangeLog (95689 => 95690) --- trunk/Source/WebKit2/ChangeLog 2011-09-22 00:17:45 UTC (rev 95689) +++ trunk/Source/WebKit2/ChangeLog 2011-09-22 01:01:26 UTC (rev 95690) @@ -1,3 +1,13 @@ +2011-09-21 Alexey Proskuryakov + +[WK2] UIProcess should check that WebProcess isn't sending unexpected file: URLs to it +https://bugs.webkit.org/show_bug.cgi?id=68573 + +Unreviewed follow-up fix. + +* UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::checkURLReceivedFromWebProcess): +Just like we allow null URLs, also allow empty strings. + 2011-09-21 Julien Chaffraix Crash in RenderBox::paintMaskImages when GraphicsContext's painting is disabled Modified: trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp (95689 => 95690) --- trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2011-09-22 00:17:45 UTC (rev 95689) +++ trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2011-09-22 01:01:26 UTC (rev 95690) @@ -216,6 +216,9 @@ bool WebProcessProxy::checkURLReceivedFromWebProcess(const String& urlString) { +if (urlString.isEmpty()) +return true; + return checkURLReceivedFromWebProcess(KURL(KURL(), urlString)); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95689] trunk
Title: [95689] trunk Revision 95689 Author commit-qu...@webkit.org Date 2011-09-21 17:17:45 -0700 (Wed, 21 Sep 2011) Log Message [Chromium] Protect message ports from being deleted in V8MessageEvent::portsAccessorGetter https://bugs.webkit.org/show_bug.cgi?id=68584 Patch by Sergey Glazunov on 2011-09-21 Reviewed by Adam Barth. Source/WebCore: Test: fast/dom/message-port-deleted-by-accessor.html * bindings/v8/custom/V8MessageEventCustom.cpp: (WebCore::V8MessageEvent::portsAccessorGetter): LayoutTests: * fast/dom/message-port-deleted-by-accessor-expected.txt: Added. * fast/dom/message-port-deleted-by-accessor.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp Added Paths trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor-expected.txt trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor.html Diff Modified: trunk/LayoutTests/ChangeLog (95688 => 95689) --- trunk/LayoutTests/ChangeLog 2011-09-22 00:05:41 UTC (rev 95688) +++ trunk/LayoutTests/ChangeLog 2011-09-22 00:17:45 UTC (rev 95689) @@ -1,3 +1,13 @@ +2011-09-21 Sergey Glazunov + +[Chromium] Protect message ports from being deleted in V8MessageEvent::portsAccessorGetter +https://bugs.webkit.org/show_bug.cgi?id=68584 + +Reviewed by Adam Barth. + +* fast/dom/message-port-deleted-by-accessor-expected.txt: Added. +* fast/dom/message-port-deleted-by-accessor.html: Added. + 2011-09-21 David Levin [chromium] Rebaselines for passing tests and expectation updates/narrowing. Added: trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor-expected.txt (0 => 95689) --- trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor-expected.txt (rev 0) +++ trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor-expected.txt 2011-09-22 00:17:45 UTC (rev 95689) @@ -0,0 +1 @@ +This test passes if it doesn't crash. Added: trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor.html (0 => 95689) --- trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor.html (rev 0) +++ trunk/LayoutTests/fast/dom/message-port-deleted-by-accessor.html 2011-09-22 00:17:45 UTC (rev 95689) @@ -0,0 +1,25 @@ + + + +if (window.layoutTestController) +layoutTestController.dumpAsText(); + +window._onload_ = function() +{ +channel = new MessageChannel; +event = document.createEvent("MessageEvent"); + +event.initMessageEvent(0, 0, 0, 0, 0, 0, 0, [channel.port1, channel.port2]); + +Array.prototype.__defineSetter__(0, function() { +event.initMessageEvent(0, 0, 0, 0, 0, 0, 0, [ ]); +}); + +event.ports; +} + + + +This test passes if it doesn't crash. + + Modified: trunk/Source/WebCore/ChangeLog (95688 => 95689) --- trunk/Source/WebCore/ChangeLog 2011-09-22 00:05:41 UTC (rev 95688) +++ trunk/Source/WebCore/ChangeLog 2011-09-22 00:17:45 UTC (rev 95689) @@ -1,3 +1,15 @@ +2011-09-21 Sergey Glazunov + +[Chromium] Protect message ports from being deleted in V8MessageEvent::portsAccessorGetter +https://bugs.webkit.org/show_bug.cgi?id=68584 + +Reviewed by Adam Barth. + +Test: fast/dom/message-port-deleted-by-accessor.html + +* bindings/v8/custom/V8MessageEventCustom.cpp: +(WebCore::V8MessageEvent::portsAccessorGetter): + 2011-09-21 Anders Carlsson Add back protection against the NSView going away while handling mouseDown Modified: trunk/Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp (95688 => 95689) --- trunk/Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp 2011-09-22 00:05:41 UTC (rev 95688) +++ trunk/Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp 2011-09-22 00:17:45 UTC (rev 95689) @@ -88,10 +88,12 @@ MessagePortArray* ports = event->ports(); if (!ports) return v8::Array::New(0); + +MessagePortArray portsCopy(*ports); -v8::Local portArray = v8::Array::New(ports->size()); -for (size_t i = 0; i < ports->size(); ++i) -portArray->Set(v8::Integer::New(i), toV8((*ports)[i].get())); +v8::Local portArray = v8::Array::New(portsCopy.size()); +for (size_t i = 0; i < portsCopy.size(); ++i) +portArray->Set(v8::Integer::New(i), toV8(portsCopy[i].get())); return portArray; } ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95688] trunk/LayoutTests
Title: [95688] trunk/LayoutTests Revision 95688 Author le...@chromium.org Date 2011-09-21 17:05:41 -0700 (Wed, 21 Sep 2011) Log Message [chromium] Rebaselines for passing tests and expectation updates/narrowing. * platform/chromium-cg-mac-leopard/editing/inserting/editable-inline-element-expected.png: Added. * platform/chromium-mac-leopard/css2.1/t090204-display-change-01-b-ao-expected.png: Added. * platform/chromium-mac-leopard/editing/inserting/editable-inline-element-expected.png: Added. * platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.png: * platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.txt: Removed. * platform/chromium/test_expectations.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/platform/chromium/test_expectations.txt trunk/LayoutTests/platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.png Added Paths trunk/LayoutTests/platform/chromium-cg-mac-leopard/editing/inserting/editable-inline-element-expected.png trunk/LayoutTests/platform/chromium-mac-leopard/css2.1/ trunk/LayoutTests/platform/chromium-mac-leopard/css2.1/t090204-display-change-01-b-ao-expected.png trunk/LayoutTests/platform/chromium-mac-leopard/editing/ trunk/LayoutTests/platform/chromium-mac-leopard/editing/inserting/ trunk/LayoutTests/platform/chromium-mac-leopard/editing/inserting/editable-inline-element-expected.png Removed Paths trunk/LayoutTests/platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (95687 => 95688) --- trunk/LayoutTests/ChangeLog 2011-09-22 00:04:21 UTC (rev 95687) +++ trunk/LayoutTests/ChangeLog 2011-09-22 00:05:41 UTC (rev 95688) @@ -1,3 +1,14 @@ +2011-09-21 David Levin + +[chromium] Rebaselines for passing tests and expectation updates/narrowing. + +* platform/chromium-cg-mac-leopard/editing/inserting/editable-inline-element-expected.png: Added. +* platform/chromium-mac-leopard/css2.1/t090204-display-change-01-b-ao-expected.png: Added. +* platform/chromium-mac-leopard/editing/inserting/editable-inline-element-expected.png: Added. +* platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.png: +* platform/chromium-mac/css2.1/t090204-display-change-01-b-ao-expected.txt: Removed. +* platform/chromium/test_expectations.txt: + 2011-09-21 Julien Chaffraix Crash in RenderBox::paintMaskImages when GraphicsContext's painting is disabled Modified: trunk/LayoutTests/platform/chromium/test_expectations.txt (95687 => 95688) --- trunk/LayoutTests/platform/chromium/test_expectations.txt 2011-09-22 00:04:21 UTC (rev 95687) +++ trunk/LayoutTests/platform/chromium/test_expectations.txt 2011-09-22 00:05:41 UTC (rev 95688) @@ -2940,7 +2940,6 @@ BUGWK58008 SNOWLEOPARD : fast/text/international/bidi-neutral-run.html = IMAGE+TEXT BUGCR78638 WIN : fast/frames/set-unloaded-frame-location.html = PASS CRASH -BUGWK58005 LEOPARD : editing/inserting/editable-inline-element.html = IMAGE BUGCR780807 : http/tests/misc/webtiming-origins.html = PASS TEXT BUGCR78835 : plugins/npp-set-window-called-during-destruction.html = TEXT @@ -3684,11 +3683,7 @@ BUGWK67204 : fast/multicol/inherit-column-values.html = MISSING FAIL BUGWK67204 : fast/multicol/initial-column-values.html = MISSING FAIL -// Failing after r93982. -BUG_LEVIN MAC CPU-CG : canvas/philip/tests/2d.path.stroke.prune.arc.html = TEXT - // Failing after r94084. This looks like it may be a real regression. -BUG_LEVIN : css2.1/t090204-display-change-01-b-ao.html = IMAGE+TEXT BUGWK67352 : fast/canvas/webgl/WebGLContextEvent.html = TEXT @@ -3746,9 +3741,9 @@ BUGWK67999 LINUX RELEASE : fast/borders/border-image-omit-right-slice.html = TEXT BUGWK67999 MAC CPU-CG RELEASE : fast/borders/border-image-omit-right-slice.html = TEXT -BUG_LEVIN SNOWLEOPARD : http/tests/loading/307-after-303-after-post.html = PASS TEXT -BUG_LEVIN SNOWLEOPARD : http/tests/security/mixedContent/insecure-image-in-main-frame.html = PASS TEXT -BUG_LEVIN SNOWLEOPARD : http/tests/security/mixedContent/insecure-script-in-iframe.html = PASS TEXT +BUG_LEVIN SNOWLEOPARD DEBUG : http/tests/loading/307-after-303-after-post.html = PASS TEXT +BUG_LEVIN SNOWLEOPARD DEBUG : http/tests/security/mixedContent/insecure-image-in-main-frame.html = PASS TEXT +BUG_LEVIN SNOWLEOPARD DEBUG : http/tests/security/mixedContent/insecure-script-in-iframe.html = PASS TEXT BUG_LEVIN MAC DEBUG : svg/custom/object-no-size-attributes.xhtml = PASS IMAGE+TEXT @@ -3761,7 +3756,7 @@ // Crashes or timeouts once in a while but never fails BUG_KEISHI LINUX : media/video-controls-visible-audio-only.html = PASS TIMEOUT CRASH -BUGWK68372 SNOWLEOPARD : svg/animations/svglength-animation-px-to-exs.html = PASS CRASH +BUGWK68372 SNOWLEOPARD : svg/animations/svglength-animation-px-to-exs.html = PASS CRASH // Tests that are known to fail on Mac10.6 with CPU-Skia graphics. BUGWK68436 SN
[webkit-changes] [95687] trunk/Source/JavaScriptCore
Title: [95687] trunk/Source/_javascript_Core Revision 95687 Author barraclo...@apple.com Date 2011-09-21 17:04:21 -0700 (Wed, 21 Sep 2011) Log Message Build fix following fix for bug #68586. * jit/JIT.cpp: * jit/JITInlineMethods.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/JIT.cpp trunk/Source/_javascript_Core/jit/JITInlineMethods.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95686 => 95687) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 23:58:20 UTC (rev 95686) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-22 00:04:21 UTC (rev 95687) @@ -1,3 +1,10 @@ +2011-09-21 Gavin Barraclough + +Build fix following fix for bug #68586. + +* jit/JIT.cpp: +* jit/JITInlineMethods.h: + 2011-09-21 Filip Pizlo DFG JIT should be able to compile op_throw Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (95686 => 95687) --- trunk/Source/_javascript_Core/jit/JIT.cpp 2011-09-21 23:58:20 UTC (rev 95686) +++ trunk/Source/_javascript_Core/jit/JIT.cpp 2011-09-22 00:04:21 UTC (rev 95687) @@ -699,6 +699,10 @@ repatchBuffer.relink(CodeLocationNearCall(callLinkInfo->callReturnLocation), globalData->jitStubs->ctiVirtualConstruct()); } +#if CPU(X86) && ENABLE(VALUE_PROFILER) +int bucketCounter = 0; +#endif + } // namespace JSC #endif // ENABLE(JIT) Modified: trunk/Source/_javascript_Core/jit/JITInlineMethods.h (95686 => 95687) --- trunk/Source/_javascript_Core/jit/JITInlineMethods.h 2011-09-21 23:58:20 UTC (rev 95686) +++ trunk/Source/_javascript_Core/jit/JITInlineMethods.h 2011-09-22 00:04:21 UTC (rev 95687) @@ -446,8 +446,8 @@ #endif } -#if CPU(X86) -static int bucketCounter; +#if CPU(X86) && ENABLE(VALUE_PROFILER) +extern int bucketCounter; #endif #if ENABLE(VALUE_PROFILER) ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95686] trunk/Source/WebCore
Title: [95686] trunk/Source/WebCore Revision 95686 Author ander...@apple.com Date 2011-09-21 16:58:20 -0700 (Wed, 21 Sep 2011) Log Message Add back protection against the NSView going away while handling mouseDown https://bugs.webkit.org/show_bug.cgi?id=68585 Reviewed by Darin Adler. Add calls to RenderWidget::suspendWidgetHierarchyUpdates() and RenderWidget::resumeWidgetHierarchyUpdates(), as a followup fix to https://bugs.webkit.org/show_bug.cgi?id=68570. * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::passMouseDownEventToWidget): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/page/mac/EventHandlerMac.mm Diff Modified: trunk/Source/WebCore/ChangeLog (95685 => 95686) --- trunk/Source/WebCore/ChangeLog 2011-09-21 23:50:54 UTC (rev 95685) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 23:58:20 UTC (rev 95686) @@ -1,3 +1,16 @@ +2011-09-21 Anders Carlsson + +Add back protection against the NSView going away while handling mouseDown +https://bugs.webkit.org/show_bug.cgi?id=68585 + +Reviewed by Darin Adler. + +Add calls to RenderWidget::suspendWidgetHierarchyUpdates() and RenderWidget::resumeWidgetHierarchyUpdates(), +as a followup fix to https://bugs.webkit.org/show_bug.cgi?id=68570. + +* page/mac/EventHandlerMac.mm: +(WebCore::EventHandler::passMouseDownEventToWidget): + 2011-09-21 Julien Chaffraix Crash in RenderBox::paintMaskImages when GraphicsContext's painting is disabled Modified: trunk/Source/WebCore/page/mac/EventHandlerMac.mm (95685 => 95686) --- trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2011-09-21 23:50:54 UTC (rev 95685) +++ trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2011-09-21 23:58:20 UTC (rev 95686) @@ -228,7 +228,9 @@ ASSERT(!m_sendingEventToSubview); m_sendingEventToSubview = true; +RenderWidget::suspendWidgetHierarchyUpdates(); [view mouseDown:currentNSEvent()]; +RenderWidget::resumeWidgetHierarchyUpdates(); if (!wasDeferringLoading) page->setDefersLoading(false); ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95684] trunk/Source/JavaScriptCore
Title: [95684] trunk/Source/_javascript_Core Revision 95684 Author barraclo...@apple.com Date 2011-09-21 16:49:24 -0700 (Wed, 21 Sep 2011) Log Message DFG JIT should be able to compile op_throw https://bugs.webkit.org/show_bug.cgi?id=68571 Patch by Filip Pizlo on 2011-09-21 Reviewed by Geoffrey Garen. This compiles op_throw in the simplest way possible: it's an OSR point back to the old JIT. This is a good step towards increasing coverage, particularly on Kraken, but it's neutral because the same functions that do throw also use some other unsupported opcodes. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.h: (JSC::DFG::canCompileOpcode): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGGPRInfo.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95683 => 95684) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 23:46:09 UTC (rev 95683) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 23:49:24 UTC (rev 95684) @@ -122,6 +122,18 @@ 2011-09-21 Gavin Barraclough +Add X86 GPRInfo for DFG JIT. +https://bugs.webkit.org/show_bug.cgi?id=68586 + +Reviewed by Geoff Garen. + +* dfg/DFGGPRInfo.h: +(JSC::DFG::GPRInfo::toRegister): +(JSC::DFG::GPRInfo::toIndex): +(JSC::DFG::GPRInfo::debugName): + +2011-09-21 Gavin Barraclough + Should support value profiling on CPU(X86) https://bugs.webkit.org/show_bug.cgi?id=68575 Modified: trunk/Source/_javascript_Core/dfg/DFGGPRInfo.h (95683 => 95684) --- trunk/Source/_javascript_Core/dfg/DFGGPRInfo.h 2011-09-21 23:46:09 UTC (rev 95683) +++ trunk/Source/_javascript_Core/dfg/DFGGPRInfo.h 2011-09-21 23:49:24 UTC (rev 95684) @@ -36,12 +36,72 @@ typedef MacroAssembler::RegisterID GPRReg; #define InvalidGPRReg ((GPRReg)-1) +#if CPU(X86) + class GPRInfo { public: typedef GPRReg RegisterType; +static const unsigned numberOfRegisters = 4; + +// These registers match the baseline JIT. +static const GPRReg cachedResultRegister = X86Registers::eax; +static const GPRReg timeoutCheckRegister = X86Registers::esi; +static const GPRReg callFrameRegister = X86Registers::edi; +// Temporary registers. +static const GPRReg regT0 = X86Registers::eax; +static const GPRReg regT1 = X86Registers::edx; +static const GPRReg regT2 = X86Registers::ecx; +static const GPRReg regT3 = X86Registers::ebx; +// These constants provide the names for the general purpose argument & return value registers. +static const GPRReg argumentGPR0 = X86Registers::ecx; // regT2 +static const GPRReg argumentGPR1 = X86Registers::edx; // regT1 +static const GPRReg returnValueGPR = X86Registers::eax; // regT0 +static const GPRReg returnValueGPR2 = X86Registers::edx; // regT1 + +static GPRReg toRegister(unsigned index) +{ +ASSERT(index < numberOfRegisters); +static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, }; +return registerForIndex[index]; +} + +static unsigned toIndex(GPRReg reg) +{ +ASSERT(reg != InvalidGPRReg); +ASSERT(reg < 8); +static const unsigned indexForRegister[8] = { 0, 2, 1, 3, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex }; +unsigned result = indexForRegister[reg]; +ASSERT(result != InvalidIndex); +return result; +} + +#ifndef NDEBUG +static const char* debugName(GPRReg reg) +{ +ASSERT(reg != InvalidGPRReg); +ASSERT(reg < 8); +static const char* nameForRegister[8] = { +"rax", "rcx", "rdx", "rbx", +"rsp", "rbp", "rsi", "rdi", +}; +return nameForRegister[reg]; +} +#endif +private: + +static const unsigned InvalidIndex = 0x; +}; + +#endif + +#if CPU(X86_64) + +class GPRInfo { +public: +typedef GPRReg RegisterType; static const unsigned numberOfRegisters = 9; -// These registers match the old JIT. +// These registers match the baseline JIT. static const GPRReg cachedResultRegister = X86Registers::eax; static const GPRReg timeoutCheckRegister = X86Registers::r12; static const GPRReg callFrameRegister = X86Registers::r13; @@ -101,6 +161,8 @@ static const unsigned InvalidIndex = 0x; }; +#endif + typedef RegisterBank::iterator gpr_iterator; } } // namespace JSC::DFG ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95683] trunk/Source/JavaScriptCore
Title: [95683] trunk/Source/_javascript_Core Revision 95683 Author fpi...@apple.com Date 2011-09-21 16:46:09 -0700 (Wed, 21 Sep 2011) Log Message DFG JIT should be able to compile op_throw https://bugs.webkit.org/show_bug.cgi?id=68571 Reviewed by Geoffrey Garen. This compiles op_throw in the simplest way possible: it's an OSR point back to the old JIT. This is a good step towards increasing coverage, particularly on Kraken, but it's neutral because the same functions that do throw also use some other unsupported opcodes. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.h: (JSC::DFG::canCompileOpcode): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/dfg/DFGCapabilities.h trunk/Source/_javascript_Core/dfg/DFGNode.h trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95682 => 95683) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 23:44:20 UTC (rev 95682) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 23:46:09 UTC (rev 95683) @@ -1,5 +1,28 @@ 2011-09-21 Filip Pizlo +DFG JIT should be able to compile op_throw +https://bugs.webkit.org/show_bug.cgi?id=68571 + +Reviewed by Geoffrey Garen. + +This compiles op_throw in the simplest way possible: it's an OSR +point back to the old JIT. This is a good step towards increasing +coverage, particularly on Kraken, but it's neutral because the +same functions that do throw also use some other unsupported +opcodes. + +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGCapabilities.h: +(JSC::DFG::canCompileOpcode): +* dfg/DFGNode.h: +* dfg/DFGPropagator.cpp: +(JSC::DFG::Propagator::propagateNodePredictions): +* dfg/DFGSpeculativeJIT.cpp: +(JSC::DFG::SpeculativeJIT::compile): + +2011-09-21 Filip Pizlo + DFG should support continuous optimization https://bugs.webkit.org/show_bug.cgi?id=68329 Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (95682 => 95683) --- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 23:44:20 UTC (rev 95682) +++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 23:46:09 UTC (rev 95683) @@ -1314,6 +1314,14 @@ addToGraph(Return, get(currentInstruction[1].u.operand)); LAST_OPCODE(op_end); +case op_throw: +addToGraph(Throw, get(currentInstruction[1].u.operand)); +LAST_OPCODE(op_throw); + +case op_throw_reference_error: +addToGraph(ThrowReferenceError); +LAST_OPCODE(op_throw_reference_error); + case op_call: { NodeIndex callTarget = get(currentInstruction[1].u.operand); if (m_graph.isFunctionConstant(m_codeBlock, callTarget)) { Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.h (95682 => 95683) --- trunk/Source/_javascript_Core/dfg/DFGCapabilities.h 2011-09-21 23:44:20 UTC (rev 95682) +++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.h 2011-09-21 23:46:09 UTC (rev 95683) @@ -114,6 +114,8 @@ case op_call_put_result: case op_resolve: case op_resolve_base: +case op_throw: +case op_throw_reference_error: return true; default: return false; Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (95682 => 95683) --- trunk/Source/_javascript_Core/dfg/DFGNode.h 2011-09-21 23:44:20 UTC (rev 95682) +++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2011-09-21 23:46:09 UTC (rev 95683) @@ -297,7 +297,9 @@ /* Block terminals. */\ macro(Jump, NodeMustGenerate | NodeIsTerminal | NodeIsJump) \ macro(Branch, NodeMustGenerate | NodeIsTerminal | NodeIsBranch) \ -macro(Return, NodeMustGenerate | NodeIsTerminal) +macro(Return, NodeMustGenerate | NodeIsTerminal) \ +macro(Throw, NodeMustGenerate | NodeIsTerminal) \ +macro(ThrowReferenceError, NodeMustGenerate | NodeIsTerminal) // This enum generates a monotonically increasing id for all Node types, // and is used by the subsequent enum to fill out the id (as accessed via the NodeIdMask). Modified: trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp (95682 => 95683) --- trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp 2011-09-21 23:44:20 UTC (rev 95682) +++ trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp 2011-09-21 23:46:09 UTC (rev 95683) @@ -552,6 +552,8 @@ case Return: case CheckHasInstance: case Phi: +case Throw: +case ThrowRef
[webkit-changes] [95682] trunk
Title: [95682] trunk Revision 95682 Author commit-qu...@webkit.org Date 2011-09-21 16:44:20 -0700 (Wed, 21 Sep 2011) Log Message IndexedDB: compare strings without decoding https://bugs.webkit.org/show_bug.cgi?id=68554 Patch by Joshua Bell on 2011-09-21 Reviewed by Tony Chang. Resolves a FIXME in IndexedDB that was also identified as a hotspot during profiling. Yields a small performance improvement. * Source/WebCore/storage/IDBLevelDBCoding.cpp: * Source/WebCore/storage/IDBLevelDBCoding.h: * Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp: Modified Paths trunk/ChangeLog trunk/Source/WebCore/storage/IDBLevelDBCoding.cpp trunk/Source/WebCore/storage/IDBLevelDBCoding.h trunk/Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp Diff Modified: trunk/ChangeLog (95681 => 95682) --- trunk/ChangeLog 2011-09-21 23:36:35 UTC (rev 95681) +++ trunk/ChangeLog 2011-09-21 23:44:20 UTC (rev 95682) @@ -1,5 +1,19 @@ -2011-09-21 Leandro Pereira +2011-09-21 Joshua Bell +IndexedDB: compare strings without decoding +https://bugs.webkit.org/show_bug.cgi?id=68554 + +Reviewed by Tony Chang. + +Resolves a FIXME in IndexedDB that was also identified as a hotspot +during profiling. Yields a small performance improvement. + +* Source/WebCore/storage/IDBLevelDBCoding.cpp: +* Source/WebCore/storage/IDBLevelDBCoding.h: +* Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp: + +011-09-21 Leandro Pereira + Unreviewed. Remove unused ENABLE_AS_IMAGE flag after r95234 from Options{Efl,WinCE}.cmake. Modified: trunk/Source/WebCore/storage/IDBLevelDBCoding.cpp (95681 => 95682) --- trunk/Source/WebCore/storage/IDBLevelDBCoding.cpp 2011-09-21 23:36:35 UTC (rev 95681) +++ trunk/Source/WebCore/storage/IDBLevelDBCoding.cpp 2011-09-21 23:44:20 UTC (rev 95682) @@ -300,6 +300,29 @@ return p; } +int compareEncodedStringsWithLength(const char* p, const char* limitP, const char* q, const char* limitQ) +{ +ASSERT(limitP >= p); +ASSERT(limitQ >= q); +int64_t lenP, lenQ; +p = decodeVarInt(p, limitP, lenP); +q = decodeVarInt(q, limitQ, lenQ); +ASSERT(p && q); +ASSERT(lenP >= 0); +ASSERT(lenQ >= 0); +ASSERT(p + lenP * 2 <= limitP); +ASSERT(q + lenQ * 2 <= limitQ); + +const size_t lmin = static_cast(lenP < lenQ ? lenP : lenQ); +if (int x = memcmp(p, q, lmin * 2)) +return x; + +if (lenP == lenQ) +return 0; + +return (lenP > lenQ) ? 1 : -1; +} + Vector encodeDouble(double x) { // FIXME: It would be nice if we could be byte order independent. @@ -441,7 +464,6 @@ unsigned char typeA = *p++; unsigned char typeB = *q++; -String s, t; double d, e; if (int x = typeB - typeA) // FIXME: Note the subtleness! @@ -454,11 +476,7 @@ return 0; case kIDBKeyStringTypeByte: // String type. -p = decodeStringWithLength(p, limitA, s); // FIXME: Compare without actually decoding the String! -ASSERT(p); -q = decodeStringWithLength(q, limitB, t); -ASSERT(q); -return codePointCompare(s, t); +return compareEncodedStringsWithLength(p, limitA, q, limitB); case kIDBKeyDateTypeByte: case kIDBKeyNumberTypeByte: // Date or number. Modified: trunk/Source/WebCore/storage/IDBLevelDBCoding.h (95681 => 95682) --- trunk/Source/WebCore/storage/IDBLevelDBCoding.h 2011-09-21 23:36:35 UTC (rev 95681) +++ trunk/Source/WebCore/storage/IDBLevelDBCoding.h 2011-09-21 23:44:20 UTC (rev 95682) @@ -53,6 +53,7 @@ String decodeString(const char* p, const char* end); Vector encodeStringWithLength(const String&); const char* decodeStringWithLength(const char* p, const char* limit, String& foundString); +int compareEncodedStringsWithLength(const char* p, const char* limitP, const char* q, const char* limitQ); Vector encodeDouble(double); const char* decodeDouble(const char* p, const char* limit, double*); Vector encodeIDBKey(const IDBKey&); Modified: trunk/Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp (95681 => 95682) --- trunk/Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp 2011-09-21 23:36:35 UTC (rev 95681) +++ trunk/Source/WebKit/chromium/tests/IDBLevelDBCodingTest.cpp 2011-09-21 23:44:20 UTC (rev 95682) @@ -230,6 +230,55 @@ } } +TEST(IDBLevelDBCodingTest, CompareEncodedStringsWithLength) +{ +const UChar testStringA[] = {0x1000, 0x1000, '\0'}; +const UChar testStringB[] = {0x1000, 0x1000, 0x1000, '\0'}; +const UChar testStringC[] = {0x1000, 0x1000, 0x1001, '\0'}; +const UChar testStringD[] = {0x1001, 0x1000, 0x1000, '\0'}; +const UChar testStringE[] = {0xd834, 0xdd1e, '\0'}; +const UChar testStringF[] = {0xfffd, '\0'}; + +Vector testCases; +testCases.append(String("")); +testCases.append(String("a")); +testCases.append(String("b")); +testCases.append(String("baaa")); +testCases.append(String("baab")); +
[webkit-changes] [95680] trunk/Tools
Title: [95680] trunk/Tools Revision 95680 Author ann...@chromium.org Date 2011-09-21 16:32:31 -0700 (Wed, 21 Sep 2011) Log Message Update committers.py with a new contributor contact https://bugs.webkit.org/show_bug.cgi?id=68565 Reviewed by Eric Carlson. * Scripts/webkitpy/common/config/committers.py: Modified Paths trunk/Tools/ChangeLog trunk/Tools/Scripts/webkitpy/common/config/committers.py Diff Modified: trunk/Tools/ChangeLog (95679 => 95680) --- trunk/Tools/ChangeLog 2011-09-21 23:25:35 UTC (rev 95679) +++ trunk/Tools/ChangeLog 2011-09-21 23:32:31 UTC (rev 95680) @@ -1,3 +1,12 @@ +2011-09-21 Anna Cavender + +Update committers.py with a new contributor contact +https://bugs.webkit.org/show_bug.cgi?id=68565 + +Reviewed by Eric Carlson. + +* Scripts/webkitpy/common/config/committers.py: + 2011-09-21 Chang Shu [WK2] [Mac] Implement a more-complete MouseDown/MouseUp/MouseMoveTo functions for WebKit2 EventSender Modified: trunk/Tools/Scripts/webkitpy/common/config/committers.py (95679 => 95680) --- trunk/Tools/Scripts/webkitpy/common/config/committers.py 2011-09-21 23:25:35 UTC (rev 95679) +++ trunk/Tools/Scripts/webkitpy/common/config/committers.py 2011-09-21 23:32:31 UTC (rev 95680) @@ -90,7 +90,6 @@ Contributor("Alice Boxhall", "aboxh...@chromium.org", "aboxhall"), Contributor("Ami Fischman", ["fisch...@chromium.org", "fisch...@google.com"], "amifischman0"), Contributor("Andras Piroska", "pand...@inf.u-szeged.hu", "andris88"), -Contributor("Anna Cavender", "ann...@chromium.org", "annacc"), Contributor("Anne van Kesteren", "annevankesteren+web...@gmail.com", "annevk"), Contributor("Annie Sullivan", "sulli...@chromium.org", "annie"), Contributor("Antoine Labour", "pi...@chromium.org", "piman"), @@ -149,6 +148,7 @@ Committer("Andrew Scherkus", "scher...@chromium.org", "scherkus"), Committer("Andrey Kosyakov", "ca...@chromium.org", "caseq"), Committer("Andras Becsi", ["abe...@webkit.org", "andras.be...@nokia.com"], "bbandix"), +Committer("Anna Cavender", "ann...@chromium.org", "annacc"), Committer("Anthony Ricaud", "r...@webkit.org", "rik"), Committer("Anton D'Auria", "adau...@apple.com", "antonlefou"), Committer("Anton Muhin", "ant...@chromium.org", "antonm"), ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95679] trunk/Source/WebKit2
Title: [95679] trunk/Source/WebKit2 Revision 95679 Author a...@apple.com Date 2011-09-21 16:25:35 -0700 (Wed, 21 Sep 2011) Log Message [WK2] UIProcess should check that WebProcess isn't sending unexpected file: URLs to it https://bugs.webkit.org/show_bug.cgi?id=68573 Reviewed by Anders Carlsson. * UIProcess/API/mac/WKView.mm: (maybeCreateSandboxExtensionFromPasteboard): Return a boolean, telling the caller whether an extension actually needed to be created (-[WKView performDragOperation:]): Tell process proxy when the process is going to get universal file read sandbox extension. * UIProcess/WebContext.cpp: (WebKit::WebContext::didPerformClientRedirect): Check the URLs. (WebKit::WebContext::didPerformServerRedirect): Ditto. (WebKit::WebContext::didUpdateHistoryTitle): Ditto. (WebKit::WebContext::getPluginPath): Ditto. Also, properly parse the URL - we can never assume that a string coming from WebProcess is a ParsedURLString. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::reattachToWebProcessWithItem): Tell process proxy when the process is going to get universal file read sandbox extension. (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle): Changed to return a boolean, telling the caller whether an extension actually needed to be created. (WebKit::WebPageProxy::loadURL): Tell process proxy about extension. (WebKit::WebPageProxy::loadURLRequest): Ditto. (WebKit::WebPageProxy::loadHTMLString): Tell process proxy if a file URL was used as a base one for a string. In this case, WebKit2 assumes that WebProcess has access to a subdirectory, (typically, one where error page resources live), and can load from it. (WebKit::WebPageProxy::loadAlternateHTMLString): Ditto. (WebKit::WebPageProxy::goForward): Tell process proxy about extension. (WebKit::WebPageProxy::goBack): Tell process proxy about extension. (WebKit::WebPageProxy::goToBackForwardItem): Tell process proxy about extension. (WebKit::WebPageProxy::didStartProvisionalLoadForFrame): Check the URL. (WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame): Ditto. (WebKit::WebPageProxy::didSameDocumentNavigationForFrame): Ditto. (WebKit::WebPageProxy::decidePolicyForNavigationAction): Ditto. (WebKit::WebPageProxy::decidePolicyForNewWindowAction): Ditto. (WebKit::WebPageProxy::decidePolicyForResponse): Ditto. (WebKit::WebPageProxy::didInitiateLoadForResource): Ditto. (WebKit::WebPageProxy::didSendRequestForResource): Ditto. (WebKit::WebPageProxy::didReceiveResponseForResource): Ditto. (WebKit::WebPageProxy::missingPluginButtonClicked): Ditto. * UIProcess/WebPageProxy.h: Changed initializeSandboxExtensionHandle() to return a bool, and renamed to maybeInitializeSandboxExtensionHandle (matching WKView counterpart). * UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::WebProcessProxy): Initialize m_mayHaveUniversalFileReadSandboxExtension. It's going to be true if we ever granted an extension for "/". (WebKit::WebProcessProxy::willLoadHTMLStringWithBaseURL): Remember the path, we should expect that WebProcess will load subresources from it. (WebKit::WebProcessProxy::checkURLReceivedFromWebProcess): Check that it's reasonable to expect WebProcess send us a URL like this. (WebKit::WebProcessProxy::addBackForwardItem): Check the URLs. * UIProcess/WebProcessProxy.h: Added data members remembering what to expect from this process. * UIProcess/cf/WebPageProxyCF.cpp: (WebKit::WebPageProxy::restoreFromSessionStateData): Tell process proxy when the process is going to get universal file read sandbox extension. Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/API/mac/WKView.mm trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp trunk/Source/WebKit2/UIProcess/WebPageProxy.h trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp trunk/Source/WebKit2/UIProcess/WebProcessProxy.h trunk/Source/WebKit2/UIProcess/cf/WebPageProxyCF.cpp Diff Modified: trunk/Source/WebKit2/ChangeLog (95678 => 95679) --- trunk/Source/WebKit2/ChangeLog 2011-09-21 23:06:42 UTC (rev 95678) +++ trunk/Source/WebKit2/ChangeLog 2011-09-21 23:25:35 UTC (rev 95679) @@ -1,3 +1,65 @@ +2011-09-21 Alexey Proskuryakov + +[WK2] UIProcess should check that WebProcess isn't sending unexpected file: URLs to it +https://bugs.webkit.org/show_bug.cgi?id=68573 + +Reviewed by Anders Carlsson. + +* UIProcess/API/mac/WKView.mm: +(maybeCreateSandboxExtensionFromPasteboard): Return a boolean, telling the caller whether +an extension actually neede
[webkit-changes] [95678] trunk/Source
Title: [95678] trunk/Source Revision 95678 Author jer.no...@apple.com Date 2011-09-21 16:06:42 -0700 (Wed, 21 Sep 2011) Log Message Add settings to control the availability of the Web Audio API to WebKit and WebKit2. https://bugs.webkit.org/show_bug.cgi?id=68382 Source/WebCore: Reviewed by Darin Adler. Only create a AudioContext object if the Web Audio feature is runtime-enabled in Settings. No new tests, as this feature is not yet enabled by default. * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::webkitAudioContext): Source/WebKit/mac: Reviewed by Darin Adler. Initialize the webAudioEnabled preference to NO by default. * WebView/WebPreferences.mm: (+[WebPreferences initialize]): Source/WebKit2: Add support for the webAudioEnabled preference in WebKit2. Reviewed by Darin Adler. * Shared/WebPreferencesStore.h: Add WebAudioEnabled getter and setter macro. * UIProcess/API/C/WKPreferences.cpp: (WKPreferencesSetWebAudioEnabled): Added. (WKPreferencesGetWebAudioEnabled): Added. * UIProcess/API/C/WKPreferences.h: * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::updatePreferences): Update the webAudioEnabled preference. Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/WebView/WebPreferences.mm trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/WebPreferencesStore.h trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.h trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (95677 => 95678) --- trunk/Source/WebCore/ChangeLog 2011-09-21 22:54:50 UTC (rev 95677) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 23:06:42 UTC (rev 95678) @@ -1,3 +1,17 @@ +2011-09-19 Jer Noble + +Add settings to control the availability of the Web Audio API to WebKit and WebKit2. +https://bugs.webkit.org/show_bug.cgi?id=68382 + +Reviewed by Darin Adler. + +Only create a AudioContext object if the Web Audio feature is runtime-enabled in Settings. + +No new tests, as this feature is not yet enabled by default. + +* bindings/js/JSDOMWindowCustom.cpp: +(WebCore::JSDOMWindow::webkitAudioContext): + 2011-09-21 Anders Carlsson Remove checks for Leopard-only Objective-C APIs Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (95677 => 95678) --- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2011-09-21 22:54:50 UTC (rev 95677) +++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2011-09-21 23:06:42 UTC (rev 95678) @@ -601,22 +601,31 @@ } #endif +#if ENABLE(WEB_AUDIO) || ENABLE(WEB_SOCKETS) +static Settings* settingsForWindow(const JSDOMWindow* window) +{ +ASSERT(window); +if (Frame* frame = window->impl()->frame()) +return frame->settings(); +return 0; +} +#endif + #if ENABLE(WEB_AUDIO) JSValue JSDOMWindow::webkitAudioContext(ExecState* exec) const { -return getDOMConstructor(exec, this); +Settings* settings = settingsForWindow(this); +if (settings && settings->webAudioEnabled()) +return getDOMConstructor(exec, this); +return jsUndefined(); } #endif #if ENABLE(WEB_SOCKETS) JSValue JSDOMWindow::webSocket(ExecState* exec) const { -Frame* frame = impl()->frame(); -if (!frame) +if (!settingsForWindow(this)) return jsUndefined(); -Settings* settings = frame->settings(); -if (!settings) -return jsUndefined(); return getDOMConstructor(exec, this); } #endif Modified: trunk/Source/WebKit/mac/ChangeLog (95677 => 95678) --- trunk/Source/WebKit/mac/ChangeLog 2011-09-21 22:54:50 UTC (rev 95677) +++ trunk/Source/WebKit/mac/ChangeLog 2011-09-21 23:06:42 UTC (rev 95678) @@ -1,3 +1,15 @@ +2011-09-19 Jer Noble + +Add settings to control the availability of the Web Audio API to WebKit and WebKit2. +https://bugs.webkit.org/show_bug.cgi?id=68382 + +Reviewed by Darin Adler. + +Initialize the webAudioEnabled preference to NO by default. + +* WebView/WebPreferences.mm: +(+[WebPreferences initialize]): + 2011-09-21 Anders Carlsson Remove checks for Leopard-only Objective-C APIs Modified: trunk/Source/WebKit/mac/WebView/WebPreferences.mm (95677 => 95678) --- trunk/Source/WebKit/mac/WebView/WebPreferences.mm 2011-09-21 22:54:50 UTC (rev 95677) +++ trunk/Source/WebKit/mac/WebView/WebPreferences.mm 2011-09-21 23:06:42 UTC (rev 95678) @@ -384,6 +384,7 @@ [NSNumber numberWithBool:YES], WebKitHixie76WebSocketProtocolEnabledKey, [NSNumber numberWithBool:NO], WebKitMediaPlaybackRequiresUserGesturePreferenceKey, [NSNumber numberWithBool:YES], WebKitMediaPlaybackAllowsInlinePreferenceKey, +[NSNumber numberWithBool:NO], WebKitWebAudioEnabledPreferenceKey, [NSNumber numberWithLongLong:ApplicationCacheStor
[webkit-changes] [95677] trunk/Source/WebKit/chromium
Title: [95677] trunk/Source/WebKit/chromium Revision 95677 Author commit-qu...@webkit.org Date 2011-09-21 15:54:50 -0700 (Wed, 21 Sep 2011) Log Message [chromium] Code cleanup in gesture recognizer unit tests https://bugs.webkit.org/show_bug.cgi?id=68561 Fix some style nits in the gesture recognizer unit tests. Patch by Robert Kroeger on 2011-09-21 Reviewed by David Levin. * tests/InnerGestureRecognizerTest.cpp: (InspectableGestureRecognizerChromium::stubEdgeFunction): (BuildablePlatformTouchPoint::BuildablePlatformTouchPoint): (TEST_F): Modified Paths trunk/Source/WebKit/chromium/ChangeLog trunk/Source/WebKit/chromium/tests/InnerGestureRecognizerTest.cpp Diff Modified: trunk/Source/WebKit/chromium/ChangeLog (95676 => 95677) --- trunk/Source/WebKit/chromium/ChangeLog 2011-09-21 22:43:11 UTC (rev 95676) +++ trunk/Source/WebKit/chromium/ChangeLog 2011-09-21 22:54:50 UTC (rev 95677) @@ -1,3 +1,17 @@ +2011-09-21 Robert Kroeger + +[chromium] Code cleanup in gesture recognizer unit tests +https://bugs.webkit.org/show_bug.cgi?id=68561 + +Fix some style nits in the gesture recognizer unit tests. + +Reviewed by David Levin. + +* tests/InnerGestureRecognizerTest.cpp: +(InspectableGestureRecognizerChromium::stubEdgeFunction): +(BuildablePlatformTouchPoint::BuildablePlatformTouchPoint): +(TEST_F): + 2011-09-21 Aaron Boodman Remove old and busted context notification APIs Modified: trunk/Source/WebKit/chromium/tests/InnerGestureRecognizerTest.cpp (95676 => 95677) --- trunk/Source/WebKit/chromium/tests/InnerGestureRecognizerTest.cpp 2011-09-21 22:43:11 UTC (rev 95676) +++ trunk/Source/WebKit/chromium/tests/InnerGestureRecognizerTest.cpp 2011-09-21 22:54:50 UTC (rev 95677) @@ -93,7 +93,7 @@ bool InspectableGestureRecognizerChromium::stubEdgeFunction(const PlatformTouchPoint&, GestureRecognizerChromium::Gestures*) { return false; -}; +} class BuildablePlatformTouchPoint : public WebCore::PlatformTouchPoint { public: @@ -120,7 +120,7 @@ m_state = PlatformTouchPoint::TouchStationary; m_pos = IntPoint::zero(); m_screenPos = IntPoint::zero(); -}; +} BuildablePlatformTouchPoint::BuildablePlatformTouchPoint(int x, int y) { @@ -128,7 +128,7 @@ m_state = PlatformTouchPoint::TouchStationary; m_pos = IntPoint(x, y); m_screenPos = IntPoint(x, y); -}; +} BuildablePlatformTouchPoint::BuildablePlatformTouchPoint(int x, int y, PlatformTouchPoint::State state) { @@ -269,9 +269,9 @@ TEST_F(GestureRecognizerTest, addEdgeFunction) { InspectableGestureRecognizerChromium gm; -gm.addEdgeFunction(GestureRecognizerChromium::Scroll, 0, PlatformTouchPoint::TouchReleased, true, (GestureRecognizerChromium::GestureTransitionFunction)&InspectableGestureRecognizerChromium::stubEdgeFunction); +gm.addEdgeFunction(GestureRecognizerChromium::Scroll, 0, PlatformTouchPoint::TouchReleased, true, reinterpret_cast(&InspectableGestureRecognizerChromium::stubEdgeFunction)); -ASSERT_EQ((GestureRecognizerChromium::GestureTransitionFunction)&InspectableGestureRecognizerChromium::stubEdgeFunction, gm.edgeFunction(gm.signature(GestureRecognizerChromium::Scroll, 0, PlatformTouchPoint::TouchReleased, true))); +ASSERT_EQ(reinterpret_cast(&InspectableGestureRecognizerChromium::stubEdgeFunction), gm.edgeFunction(gm.signature(GestureRecognizerChromium::Scroll, 0, PlatformTouchPoint::TouchReleased, true))); } TEST_F(GestureRecognizerTest, updateValues) @@ -324,22 +324,22 @@ BuildablePlatformTouchPoint press(10, 15, PlatformTouchPoint::TouchPressed); BuildablePlatformTouchEvent pressEvent(WebCore::TouchStart, press, 1000 + .5); Gestures gestureStart(gm.processTouchEventForGestures(pressEvent, false)); -ASSERT_EQ((unsigned int)1, gestureStart->size()); +ASSERT_EQ(1u, gestureStart->size()); ASSERT_EQ(PlatformGestureEvent::TapDownType, (*gestureStart)[0].type()); ASSERT_EQ(GestureRecognizerChromium::PendingSyntheticClick, gm.state()); BuildablePlatformTouchPoint move(10, 16, PlatformTouchPoint::TouchMoved); BuildablePlatformTouchEvent moveEvent(WebCore::TouchMove, move, 1000 + .5 + .01); Gestures gestureMove(gm.processTouchEventForGestures(moveEvent, false)); -ASSERT_EQ((unsigned int)0, gestureMove->size()); +ASSERT_EQ(0u, gestureMove->size()); ASSERT_EQ(GestureRecognizerChromium::PendingSyntheticClick, gm.state()); BuildablePlatformTouchPoint release(10, 16, PlatformTouchPoint::TouchReleased); BuildablePlatformTouchEvent releaseEvent(WebCore::TouchEnd, release, 1000 + .5 + .02); Gestures gestureEnd(gm.processTouchEventForGestures(releaseEvent, false)); -ASSERT_EQ((unsigned int)2, gestureEnd->size()); +ASSERT_EQ(2u, gestureEnd->size()); ASSERT_EQ(PlatformGestureEvent::TapType, (*gestureEnd)[0].type()); -ASSERT_EQ(PlatformGestureEvent::DoubleTapType, (*gestureEnd)[1].type()); +ASSERT_EQ(PlatformGest
[webkit-changes] [95676] trunk/Source/JavaScriptCore
Title: [95676] trunk/Source/_javascript_Core Revision 95676 Author barraclo...@apple.com Date 2011-09-21 15:43:11 -0700 (Wed, 21 Sep 2011) Log Message Should support value profiling on CPU(X86) https://bugs.webkit.org/show_bug.cgi?id=68575 Reviewed by Sam Weinig. Fix verbose profiling in ToT (SlowCaseProfile had been partially renamed to RareCaseProfile), add in-memory bucket counter for CPU(X86), move JIT::m_canBeOptimized out of the DFG_JIT ifdef. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::resetRareCaseProfiles): (JSC::CodeBlock::dumpValueProfiles): * bytecode/CodeBlock.h: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::makeSafe): * jit/JIT.cpp: (JSC::JIT::privateCompileSlowCases): (JSC::JIT::privateCompile): * jit/JIT.h: * jit/JITInlineMethods.h: (JSC::JIT::emitValueProfilingSite): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp trunk/Source/_javascript_Core/bytecode/CodeBlock.h trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/jit/JIT.cpp trunk/Source/_javascript_Core/jit/JIT.h trunk/Source/_javascript_Core/jit/JITInlineMethods.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95675 => 95676) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 22:41:11 UTC (rev 95675) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 22:43:11 UTC (rev 95676) @@ -1,3 +1,28 @@ +2011-09-21 Gavin Barraclough + +Should support value profiling on CPU(X86) +https://bugs.webkit.org/show_bug.cgi?id=68575 + +Reviewed by Sam Weinig. + +Fix verbose profiling in ToT (SlowCaseProfile had been +partially renamed to RareCaseProfile), add in-memory +bucket counter for CPU(X86), move JIT::m_canBeOptimized +out of the DFG_JIT ifdef. + +* bytecode/CodeBlock.cpp: +(JSC::CodeBlock::resetRareCaseProfiles): +(JSC::CodeBlock::dumpValueProfiles): +* bytecode/CodeBlock.h: +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::makeSafe): +* jit/JIT.cpp: +(JSC::JIT::privateCompileSlowCases): +(JSC::JIT::privateCompile): +* jit/JIT.h: +* jit/JITInlineMethods.h: +(JSC::JIT::emitValueProfilingSite): + 2011-09-21 Filip Pizlo DFG does not support compiling functions as constructors Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (95675 => 95676) --- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-09-21 22:41:11 UTC (rev 95675) +++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-09-21 22:43:11 UTC (rev 95676) @@ -1987,8 +1987,8 @@ #if ENABLE(VALUE_PROFILER) void CodeBlock::resetRareCaseProfiles() { -for (unsigned i = 0; i < numberOfSlowCaseProfiles(); ++i) -slowCaseProfile(i)->m_counter = 0; +for (unsigned i = 0; i < numberOfRareCaseProfiles(); ++i) +rareCaseProfile(i)->m_counter = 0; for (unsigned i = 0; i < numberOfSpecialFastCaseProfiles(); ++i) specialFastCaseProfile(i)->m_counter = 0; } @@ -2012,9 +2012,9 @@ profile->dump(stderr); fprintf(stderr, "\n"); } -fprintf(stderr, "SlowCaseProfile for %p:\n", this); -for (unsigned i = 0; i < numberOfSlowCaseProfiles(); ++i) { -SlowCaseProfile* profile = "" +fprintf(stderr, "RareCaseProfile for %p:\n", this); +for (unsigned i = 0; i < numberOfRareCaseProfiles(); ++i) { +RareCaseProfile* profile = "" fprintf(stderr, " bc = %d: %u\n", profile->m_bytecodeOffset, profile->m_counter); } } Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.h (95675 => 95676) --- trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2011-09-21 22:41:11 UTC (rev 95675) +++ trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2011-09-21 22:43:11 UTC (rev 95676) @@ -489,22 +489,22 @@ return result; } -RareCaseProfile* addSlowCaseProfile(int bytecodeOffset) +RareCaseProfile* addRareCaseProfile(int bytecodeOffset) { -m_slowCaseProfiles.append(RareCaseProfile(bytecodeOffset)); -return &m_slowCaseProfiles.last(); +m_rareCaseProfiles.append(RareCaseProfile(bytecodeOffset)); +return &m_rareCaseProfiles.last(); } -unsigned numberOfSlowCaseProfiles() { return m_slowCaseProfiles.size(); } -RareCaseProfile* slowCaseProfile(int index) { return &m_slowCaseProfiles[index]; } -RareCaseProfile* slowCaseProfileForBytecodeOffset(int bytecodeOffset) +unsigned numberOfRareCaseProfiles() { return m_rareCaseProfiles.size(); } +RareCaseProfile* rareCaseProfile(int index) { return &m_rareCaseProfiles[index]; } +RareCaseProfile* rareCaseProfileForBytecodeOffset(int bytecodeOffset) { -return WTF::genericBinarySearch(m_slowCaseProfiles, m_slowCaseProfiles.size(), bytecodeOffset); +return WTF::genericBinary
[webkit-changes] [95675] trunk/Source
Title: [95675] trunk/Source Revision 95675 Author ander...@apple.com Date 2011-09-21 15:41:11 -0700 (Wed, 21 Sep 2011) Log Message Remove checks for Leopard-only Objective-C APIs https://bugs.webkit.org/show_bug.cgi?id=68579 Reviewed by Sam Weinig. We can always assume that OBJC_API_VERSION is at least 2, it's been 2 since Leopard. ../WebCore: * bridge/objc/objc_class.mm: (JSC::Bindings::ObjcClass::methodsNamed): (JSC::Bindings::ObjcClass::fieldNamed): * bridge/objc/objc_instance.mm: (allocateAutoReleasePool): * bridge/objc/objc_runtime.mm: (JSC::Bindings::ObjcField::ObjcField): * page/mac/EventHandlerMac.mm: ../WebKit/mac: * Misc/WebNSObjectExtras.h: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bridge/objc/objc_class.mm trunk/Source/WebCore/bridge/objc/objc_instance.mm trunk/Source/WebCore/bridge/objc/objc_runtime.mm trunk/Source/WebCore/page/mac/EventHandlerMac.mm trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Misc/WebNSObjectExtras.h Diff Modified: trunk/Source/WebCore/ChangeLog (95674 => 95675) --- trunk/Source/WebCore/ChangeLog 2011-09-21 22:33:21 UTC (rev 95674) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 22:41:11 UTC (rev 95675) @@ -1,5 +1,23 @@ 2011-09-21 Anders Carlsson +Remove checks for Leopard-only Objective-C APIs +https://bugs.webkit.org/show_bug.cgi?id=68579 + +Reviewed by Sam Weinig. + +We can always assume that OBJC_API_VERSION is at least 2, it's been 2 since Leopard. + +* bridge/objc/objc_class.mm: +(JSC::Bindings::ObjcClass::methodsNamed): +(JSC::Bindings::ObjcClass::fieldNamed): +* bridge/objc/objc_instance.mm: +(allocateAutoReleasePool): +* bridge/objc/objc_runtime.mm: +(JSC::Bindings::ObjcField::ObjcField): +* page/mac/EventHandlerMac.mm: + +2011-09-21 Anders Carlsson + Remove Widget::beforeMouseDown and Widget::afterMouseDown https://bugs.webkit.org/show_bug.cgi?id=68570 Modified: trunk/Source/WebCore/bridge/objc/objc_class.mm (95674 => 95675) --- trunk/Source/WebCore/bridge/objc/objc_class.mm 2011-09-21 22:33:21 UTC (rev 95674) +++ trunk/Source/WebCore/bridge/objc/objc_class.mm 2011-09-21 22:41:11 UTC (rev 95675) @@ -96,51 +96,34 @@ ClassStructPtr thisClass = _isa; while (thisClass && methodList.isEmpty()) { -#if defined(OBJC_API_VERSION) && OBJC_API_VERSION >= 2 unsigned numMethodsInClass = 0; MethodStructPtr* objcMethodList = class_copyMethodList(thisClass, &numMethodsInClass); -#else -void* iterator = 0; -struct objc_method_list* objcMethodList; -while ((objcMethodList = class_nextMethodList(thisClass, &iterator))) { -unsigned numMethodsInClass = objcMethodList->method_count; -#endif -for (unsigned i = 0; i < numMethodsInClass; i++) { -#if defined(OBJC_API_VERSION) && OBJC_API_VERSION >= 2 -MethodStructPtr objcMethod = objcMethodList[i]; -SEL objcMethodSelector = method_getName(objcMethod); -#else -struct objc_method* objcMethod = &objcMethodList->method_list[i]; -SEL objcMethodSelector = objcMethod->method_name; -#endif -const char* objcMethodSelectorName = sel_getName(objcMethodSelector); -NSString* mappedName = nil; +for (unsigned i = 0; i < numMethodsInClass; i++) { +MethodStructPtr objcMethod = objcMethodList[i]; +SEL objcMethodSelector = method_getName(objcMethod); +const char* objcMethodSelectorName = sel_getName(objcMethodSelector); +NSString* mappedName = nil; -// See if the class wants to exclude the selector from visibility in _javascript_. -if ([thisClass respondsToSelector:@selector(isSelectorExcludedFromWebScript:)]) -if ([thisClass isSelectorExcludedFromWebScript:objcMethodSelector]) -continue; +// See if the class wants to exclude the selector from visibility in _javascript_. +if ([thisClass respondsToSelector:@selector(isSelectorExcludedFromWebScript:)]) +if ([thisClass isSelectorExcludedFromWebScript:objcMethodSelector]) +continue; -// See if the class want to provide a different name for the selector in _javascript_. -// Note that we do not do any checks to guarantee uniqueness. That's the responsiblity -// of the class. -if ([thisClass respondsToSelector:@selector(webScriptNameForSelector:)]) -mappedName = [thisClass webScriptNameForSelector:objcMethodSelector]; +// See if the class want to provide a different name for the selector in _javascript_. +// Note that we do not do any checks to guarantee uniqueness. That's the responsiblity +// of the class. +if ([thisClass respondsToSel
[webkit-changes] [95673] trunk/Source/WebCore
Title: [95673] trunk/Source/WebCore Revision 95673 Author ander...@apple.com Date 2011-09-21 15:20:04 -0700 (Wed, 21 Sep 2011) Log Message Remove Widget::beforeMouseDown and Widget::afterMouseDown https://bugs.webkit.org/show_bug.cgi?id=68570 Reviewed by Sam Weinig. These two member functions were originally added to avoid crashes due to removing NSViews while they were being tracked by AppKit. Since they were added, we've moved away from NSViews for form controls, and the bugs in AppKit that lead to crashes have been fixed. * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::passMouseDownEventToWidget): * platform/Widget.h: * platform/mac/WidgetMac.mm: (WebCore::Widget::Widget): (WebCore::Widget::removeFromSuperview): * rendering/RenderWidget.cpp: Change widgetHierarchyUpdateSuspendCount to be an unsigned integer instead of a size_t. Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/page/mac/EventHandlerMac.mm trunk/Source/WebCore/platform/Widget.h trunk/Source/WebCore/platform/mac/WidgetMac.mm trunk/Source/WebCore/rendering/RenderWidget.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (95672 => 95673) --- trunk/Source/WebCore/ChangeLog 2011-09-21 22:17:06 UTC (rev 95672) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 22:20:04 UTC (rev 95673) @@ -1,3 +1,24 @@ +2011-09-21 Anders Carlsson + +Remove Widget::beforeMouseDown and Widget::afterMouseDown +https://bugs.webkit.org/show_bug.cgi?id=68570 + +Reviewed by Sam Weinig. + +These two member functions were originally added to avoid crashes due to removing NSViews while they were +being tracked by AppKit. Since they were added, we've moved away from NSViews for form controls, and the bugs in +AppKit that lead to crashes have been fixed. + +* page/mac/EventHandlerMac.mm: +(WebCore::EventHandler::passMouseDownEventToWidget): +* platform/Widget.h: +* platform/mac/WidgetMac.mm: +(WebCore::Widget::Widget): +(WebCore::Widget::removeFromSuperview): + +* rendering/RenderWidget.cpp: +Change widgetHierarchyUpdateSuspendCount to be an unsigned integer instead of a size_t. + 2011-09-21 Abhishek Arya Not use anonymousContainer on beforeChild calculation Modified: trunk/Source/WebCore/page/mac/EventHandlerMac.mm (95672 => 95673) --- trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2011-09-21 22:17:06 UTC (rev 95672) +++ trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2011-09-21 22:20:04 UTC (rev 95673) @@ -236,11 +236,8 @@ ASSERT(!m_sendingEventToSubview); m_sendingEventToSubview = true; -NSView *outerView = widget->getOuterView(); -widget->beforeMouseDown(outerView, widget.get()); + [view mouseDown:currentNSEvent()]; -widget->afterMouseDown(outerView, widget.get()); -m_sendingEventToSubview = false; if (!wasDeferringLoading) page->setDefersLoading(false); Modified: trunk/Source/WebCore/platform/Widget.h (95672 => 95673) --- trunk/Source/WebCore/platform/Widget.h 2011-09-21 22:17:06 UTC (rev 95672) +++ trunk/Source/WebCore/platform/Widget.h 2011-09-21 22:20:04 UTC (rev 95673) @@ -209,9 +209,6 @@ #if PLATFORM(MAC) NSView* getOuterView() const; -static void beforeMouseDown(NSView*, Widget*); -static void afterMouseDown(NSView*, Widget*); - void removeFromSuperview(); #endif Modified: trunk/Source/WebCore/platform/mac/WidgetMac.mm (95672 => 95673) --- trunk/Source/WebCore/platform/mac/WidgetMac.mm 2011-09-21 22:17:06 UTC (rev 95672) +++ trunk/Source/WebCore/platform/mac/WidgetMac.mm 2011-09-21 22:20:04 UTC (rev 95673) @@ -66,8 +66,6 @@ { } -bool mustStayInWindow; -bool removeFromSuperviewSoon; NSRect previousVisibleRect; }; @@ -91,8 +89,6 @@ : m_data(new WidgetPrivate) { init(view); -m_data->mustStayInWindow = false; -m_data->removeFromSuperviewSoon = false; } Widget::~Widget() @@ -324,39 +320,11 @@ void Widget::removeFromSuperview() { -if (m_data->mustStayInWindow) -m_data->removeFromSuperviewSoon = true; -else { -m_data->removeFromSuperviewSoon = false; -BEGIN_BLOCK_OBJC_EXCEPTIONS; -safeRemoveFromSuperview(getOuterView()); -END_BLOCK_OBJC_EXCEPTIONS; -} +BEGIN_BLOCK_OBJC_EXCEPTIONS; +safeRemoveFromSuperview(getOuterView()); +END_BLOCK_OBJC_EXCEPTIONS; } -void Widget::beforeMouseDown(NSView *unusedView, Widget* widget) -{ -if (widget) { -ASSERT_UNUSED(unusedView, unusedView == widget->getOuterView()); -ASSERT(!widget->m_data->mustStayInWindow); -widget->m_data->mustStayInWindow = true; -} -} - -void Widget::afterMouseDown(NSView *view, Widget* widget) -{ -if (!widget) { -BEGIN_BLOCK_OBJC_EXCEPTIONS; -safeRemoveFromSuperview(view); -END_BLOCK_OBJC_EXCEPTIONS; -} else { -ASSERT(widget->m_data->mustStayInWindow); -widget->m_
[webkit-changes] [95672] trunk/Source/JavaScriptCore
Title: [95672] trunk/Source/_javascript_Core Revision 95672 Author fpi...@apple.com Date 2011-09-21 15:17:06 -0700 (Wed, 21 Sep 2011) Log Message DFG does not support compiling functions as constructors https://bugs.webkit.org/show_bug.cgi?id=68500 Reviewed by Oliver Hunt. This adds support for compiling constructors to the DFG. It's a 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer. It's also a 13% win on access-binary-trees, but it's neutral in the SunSpider and Kraken averages. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.h: (JSC::DFG::mightCompileFunctionForConstruct): (JSC::DFG::canCompileOpcode): * dfg/DFGNode.h: * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/Executable.cpp: (JSC::FunctionExecutable::compileOptimizedForConstruct): (JSC::FunctionExecutable::compileForConstructInternal): * runtime/Executable.h: (JSC::FunctionExecutable::compileForConstruct): (JSC::FunctionExecutable::compileFor): (JSC::FunctionExecutable::compileOptimizedFor): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/dfg/DFGCapabilities.h trunk/Source/_javascript_Core/dfg/DFGNode.h trunk/Source/_javascript_Core/dfg/DFGOperations.cpp trunk/Source/_javascript_Core/dfg/DFGOperations.h trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp trunk/Source/_javascript_Core/runtime/Executable.cpp trunk/Source/_javascript_Core/runtime/Executable.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95671 => 95672) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 22:05:07 UTC (rev 95671) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 22:17:06 UTC (rev 95672) @@ -1,3 +1,36 @@ +2011-09-21 Filip Pizlo + +DFG does not support compiling functions as constructors +https://bugs.webkit.org/show_bug.cgi?id=68500 + +Reviewed by Oliver Hunt. + +This adds support for compiling constructors to the DFG. It's a +1% speed-up on V8, mostly due to a 6% speed-up on early-boyer. +It's also a 13% win on access-binary-trees, but it's neutral in +the SunSpider and Kraken averages. + +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGCapabilities.h: +(JSC::DFG::mightCompileFunctionForConstruct): +(JSC::DFG::canCompileOpcode): +* dfg/DFGNode.h: +* dfg/DFGOperations.cpp: +* dfg/DFGOperations.h: +* dfg/DFGPropagator.cpp: +(JSC::DFG::Propagator::propagateNodePredictions): +(JSC::DFG::Propagator::performNodeCSE): +* dfg/DFGSpeculativeJIT.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* runtime/Executable.cpp: +(JSC::FunctionExecutable::compileOptimizedForConstruct): +(JSC::FunctionExecutable::compileForConstructInternal): +* runtime/Executable.h: +(JSC::FunctionExecutable::compileForConstruct): +(JSC::FunctionExecutable::compileFor): +(JSC::FunctionExecutable::compileOptimizedFor): + 2011-09-21 Gavin Barraclough Replace jsFunctionVPtr compares with a type check on the Structure. Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (95671 => 95672) --- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 22:05:07 UTC (rev 95671) +++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 22:17:06 UTC (rev 95672) @@ -730,6 +730,17 @@ NEXT_OPCODE(op_convert_this); } +case op_create_this: { +NodeIndex op1 = get(currentInstruction[2].u.operand); +set(currentInstruction[1].u.operand, addToGraph(CreateThis, op1)); +NEXT_OPCODE(op_create_this); +} + +case op_get_callee: { +set(currentInstruction[1].u.operand, addToGraph(GetCallee)); +NEXT_OPCODE(op_get_callee); +} + // === Bitwise operations === case op_bitand: { Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.h (95671 => 95672) --- trunk/Source/_javascript_Core/dfg/DFGCapabilities.h 2011-09-21 22:05:07 UTC (rev 95671) +++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.h 2011-09-21 22:17:06 UTC (rev 95672) @@ -37,7 +37,7 @@ inline bool mightCompileEval(CodeBlock*) { return true; } inline bool mightCompileProgram(CodeBlock*) { return true; } inline bool mightCompileFunctionForCall(CodeBlock*) { return true; } -inline bool mightCompileFunctionForConstruct(CodeBlock*) { return false; } +inline bool mightCompileFunctionForConstruct(CodeBlock*) { return true; } // Opcode checking. inline bool canCompileOpcode(OpcodeID op
[webkit-changes] [95671] trunk
Title: [95671] trunk Revision 95671 Author infe...@chromium.org Date 2011-09-21 15:05:07 -0700 (Wed, 21 Sep 2011) Log Message Source/WebCore: Not use anonymousContainer on beforeChild calculation and let later code handle it. Fix style update on block-level anonymous objects. https://bugs.webkit.org/show_bug.cgi?id=67656 Reviewed by David Hyatt. Test: fast/table/quote-text-around-iframe.html * rendering/RenderTable.cpp: (WebCore::RenderTable::addChild): * rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::styleDidChange): * rendering/RenderTableRow.cpp: (WebCore::RenderTableRow::addChild): * rendering/RenderObject.cpp: (WebCore::RenderObject::propagateStyleToAnonymousChildren): LayoutTests: Not use anonymousContainer on beforeChild calculation and let later code handle it. https://bugs.webkit.org/show_bug.cgi?id=67656 Reviewed by David Hyatt. * fast/table/quote-text-around-iframe.html: Added. * fast/table/table-row-style-not-updated-with-after-content-expected.txt: * platform/mac/fast/table/quote-text-around-iframe-expected.png: Added. * platform/mac/fast/table/quote-text-around-iframe-expected.txt: Added. and lot of style propagation rebaselines. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/fast/table/table-cell-before-after-content-around-table-block-expected.txt trunk/LayoutTests/fast/table/table-cell-before-after-content-around-table-expected.txt trunk/LayoutTests/fast/table/table-row-before-after-content-around-block-expected.txt trunk/LayoutTests/fast/table/table-row-before-after-content-around-table-expected.txt trunk/LayoutTests/fast/table/table-row-style-not-updated-with-after-content-expected.txt trunk/LayoutTests/platform/mac/fast/css-generated-content/table-cell-before-content-expected.txt trunk/LayoutTests/platform/mac/fast/table/table-cell-after-child-in-block-expected.txt trunk/LayoutTests/platform/mac/fast/table/table-cell-before-child-in-block-expected.txt trunk/LayoutTests/platform/mac/fast/table/table-row-after-child-in-block-expected.txt trunk/LayoutTests/platform/mac/fast/table/table-row-before-child-in-block-expected.txt trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/rendering/RenderObject.cpp trunk/Source/WebCore/rendering/RenderTable.cpp trunk/Source/WebCore/rendering/RenderTableRow.cpp trunk/Source/WebCore/rendering/RenderTableSection.cpp Added Paths trunk/LayoutTests/fast/table/quote-text-around-iframe.html trunk/LayoutTests/platform/mac/fast/table/quote-text-around-iframe-expected.png trunk/LayoutTests/platform/mac/fast/table/quote-text-around-iframe-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (95670 => 95671) --- trunk/LayoutTests/ChangeLog 2011-09-21 21:56:18 UTC (rev 95670) +++ trunk/LayoutTests/ChangeLog 2011-09-21 22:05:07 UTC (rev 95671) @@ -1,3 +1,17 @@ +2011-09-21 Abhishek Arya + +Not use anonymousContainer on beforeChild calculation +and let later code handle it. +https://bugs.webkit.org/show_bug.cgi?id=67656 + +Reviewed by David Hyatt. + +* fast/table/quote-text-around-iframe.html: Added. +* fast/table/table-row-style-not-updated-with-after-content-expected.txt: +* platform/mac/fast/table/quote-text-around-iframe-expected.png: Added. +* platform/mac/fast/table/quote-text-around-iframe-expected.txt: Added. +and lot of style propagation rebaselines. + 2011-09-21 David Hyatt https://bugs.webkit.org/show_bug.cgi?id=68562 Added: trunk/LayoutTests/fast/table/quote-text-around-iframe.html (0 => 95671) --- trunk/LayoutTests/fast/table/quote-text-around-iframe.html (rev 0) +++ trunk/LayoutTests/fast/table/quote-text-around-iframe.html 2011-09-21 22:05:07 UTC (rev 95671) @@ -0,0 +1,12 @@ + + + + +AB + + +document.body.offsetTop; + document.body.style.zoom = "200%"; + + + \ No newline at end of file Modified: trunk/LayoutTests/fast/table/table-cell-before-after-content-around-table-block-expected.txt (95670 => 95671) --- trunk/LayoutTests/fast/table/table-cell-before-after-content-around-table-block-expected.txt 2011-09-21 21:56:18 UTC (rev 95670) +++ trunk/LayoutTests/fast/table/table-cell-before-after-content-around-table-block-expected.txt 2011-09-21 22:05:07 UTC (rev 95671) @@ -4,18 +4,18 @@ RenderBlock {HTML} at (0,0) size 800x64 RenderBody {BODY} at (8,8) size 784x48 [color=#FF] RenderBlock {DIV} at (0,0) size 784x48 -RenderTable at (0,0) size 64x16 [color=#00] +RenderTable at (0,0) size 64x16 RenderTableSection (anonymous) at (0,0) size 64x16 RenderTableRow (anonymous) at (0,0) size 64x16 - RenderTableCell (anonymous) at (0,0) size 64x16 [color=#FF] [r=0 c=0 rs=1 cs=1] + RenderTableCell (anonymous) at (0,0) size 64x16 [r=0 c=0 rs=1 cs=1] RenderText at (0,0) size 64x16 text run at (0,0) width 64: "ABCD" RenderBlock {DIV} at (0,16) size 784x16
[webkit-changes] [95669] trunk/Source/WebKit/chromium
Title: [95669] trunk/Source/WebKit/chromium Revision 95669 Author a...@chromium.org Date 2011-09-21 14:21:47 -0700 (Wed, 21 Sep 2011) Log Message Remove old and busted context notification APIs https://bugs.webkit.org/show_bug.cgi?id=68381 Reviewed by David Levin. * public/WebFrameClient.h: * src/FrameLoaderClientImpl.cpp: (WebKit::FrameLoaderClientImpl::didCreateScriptContext): (WebKit::FrameLoaderClientImpl::willReleaseScriptContext): Modified Paths trunk/Source/WebKit/chromium/ChangeLog trunk/Source/WebKit/chromium/public/WebFrameClient.h trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp Diff Modified: trunk/Source/WebKit/chromium/ChangeLog (95668 => 95669) --- trunk/Source/WebKit/chromium/ChangeLog 2011-09-21 20:39:08 UTC (rev 95668) +++ trunk/Source/WebKit/chromium/ChangeLog 2011-09-21 21:21:47 UTC (rev 95669) @@ -1,3 +1,15 @@ +2011-09-21 Aaron Boodman + +Remove old and busted context notification APIs +https://bugs.webkit.org/show_bug.cgi?id=68381 + +Reviewed by David Levin. + +* public/WebFrameClient.h: +* src/FrameLoaderClientImpl.cpp: +(WebKit::FrameLoaderClientImpl::didCreateScriptContext): +(WebKit::FrameLoaderClientImpl::willReleaseScriptContext): + 2011-09-21 Xianzhu Wang Ensure TestWebKitAPI works on mac, win, chromium-mac and chromium-linux Modified: trunk/Source/WebKit/chromium/public/WebFrameClient.h (95668 => 95669) --- trunk/Source/WebKit/chromium/public/WebFrameClient.h 2011-09-21 20:39:08 UTC (rev 95668) +++ trunk/Source/WebKit/chromium/public/WebFrameClient.h 2011-09-21 21:21:47 UTC (rev 95669) @@ -295,27 +295,12 @@ // Script in the page tried to allocate too much memory. virtual void didExhaustMemoryAvailableForScript(WebFrame*) { } +#if WEBKIT_USING_V8 // Notifies that a new script context has been created for this frame. // This is similar to didClearWindowObject but only called once per // frame context. -// FIXME: Remove this when Chromium is updated to use the below version. -virtual void didCreateScriptContext(WebFrame*) { } -#if WEBKIT_USING_V8 virtual void didCreateScriptContext(WebFrame*, v8::Handle, int worldId) { } -#endif -// Notifies that a garbage-collected context was created - content -// scripts. -// FIXME: Remove this when Chromium is updated to use didCreateScriptContext(). -#if WEBKIT_USING_V8 -virtual void didCreateIsolatedScriptContext(WebFrame*, int worldID, v8::Handle) { } -#endif - -// Notifies that this frame's script context has been destroyed. -// FIXME: Remove this when Chromium is updated to use the below version. -virtual void didDestroyScriptContext(WebFrame*) { } - -#if WEBKIT_USING_V8 // WebKit is about to release its reference to a v8 context for a frame. virtual void willReleaseScriptContext(WebFrame*, v8::Handle, int worldId) { } #endif Modified: trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp (95668 => 95669) --- trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp 2011-09-21 20:39:08 UTC (rev 95668) +++ trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp 2011-09-21 21:21:47 UTC (rev 95669) @@ -143,26 +143,14 @@ #if USE(V8) void FrameLoaderClientImpl::didCreateScriptContext(v8::Handle context, int worldId) { -if (m_webFrame->client()) { -// FIXME: Remove these once Chromium is updated to use the new version of didCreateScriptContext(). -if (worldId) -m_webFrame->client()->didCreateIsolatedScriptContext(m_webFrame, worldId, context); -else -m_webFrame->client()->didCreateScriptContext(m_webFrame); - +if (m_webFrame->client()) m_webFrame->client()->didCreateScriptContext(m_webFrame, context, worldId); -} } void FrameLoaderClientImpl::willReleaseScriptContext(v8::Handle context, int worldId) { -if (m_webFrame->client()) { -// FIXME: Remove this once Chromium is updated to use willReleaseScriptContext(). -if (!worldId) -m_webFrame->client()->didDestroyScriptContext(m_webFrame); - +if (m_webFrame->client()) m_webFrame->client()->willReleaseScriptContext(m_webFrame, context, worldId); -} } #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95668] trunk/Source/WebCore
Title: [95668] trunk/Source/WebCore Revision 95668 Author jam...@google.com Date 2011-09-21 13:39:08 -0700 (Wed, 21 Sep 2011) Log Message [chromium] SharedGraphicsContext3D's context should not be destroyed during atexit https://bugs.webkit.org/show_bug.cgi?id=68558 Reviewed by Stephen White. The SharedGraphicsContext3D's internal context is lazily created and then leaked intentionally, but since the last ref is in a function-static RefPtr<> it ends up being destroyed at process exit time. This is bad, since by the time we get this far in process shutdown we can't actually cleanly run the destruction logic and we crash. Since we are explicitly leaking this for the lifetime of the process there's no point in keeping it in a RefPtr<> * platform/graphics/gpu/SharedGraphicsContext3D.cpp: (WebCore::SharedGraphicsContext3D::get): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (95667 => 95668) --- trunk/Source/WebCore/ChangeLog 2011-09-21 20:13:57 UTC (rev 95667) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 20:39:08 UTC (rev 95668) @@ -1,3 +1,19 @@ +2011-09-21 James Robinson + +[chromium] SharedGraphicsContext3D's context should not be destroyed during atexit +https://bugs.webkit.org/show_bug.cgi?id=68558 + +Reviewed by Stephen White. + +The SharedGraphicsContext3D's internal context is lazily created and then leaked intentionally, but since the +last ref is in a function-static RefPtr<> it ends up being destroyed at process exit time. This is bad, since +by the time we get this far in process shutdown we can't actually cleanly run the destruction logic and we +crash. Since we are explicitly leaking this for the lifetime of the process there's no point in keeping it in a +RefPtr<> + +* platform/graphics/gpu/SharedGraphicsContext3D.cpp: +(WebCore::SharedGraphicsContext3D::get): + 2011-09-21 Sergey Glazunov [Chromium] Protect the Frame in V8HTMLDocument::openCallback Modified: trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp (95667 => 95668) --- trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp 2011-09-21 20:13:57 UTC (rev 95667) +++ trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp 2011-09-21 20:39:08 UTC (rev 95668) @@ -38,8 +38,8 @@ attributes.antialias = false; attributes.canRecoverFromContextLoss = false; // Canvas contexts can not handle lost contexts. attributes.shareResources = true; -static RefPtr context = GraphicsContext3D::create(attributes, 0); -return context.get(); +static GraphicsContext3D* context = GraphicsContext3D::create(attributes, 0).leakRef(); +return context; } } ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95667] trunk
Title: [95667] trunk Revision 95667 Author commit-qu...@webkit.org Date 2011-09-21 13:13:57 -0700 (Wed, 21 Sep 2011) Log Message [Chromium] Protect the Frame in V8HTMLDocument::openCallback https://bugs.webkit.org/show_bug.cgi?id=68555 Patch by Sergey Glazunov on 2011-09-21 Reviewed by Nate Chapin. Source/WebCore: Test: fast/dom/frame-deleted-in-document-open.html * bindings/v8/custom/V8HTMLDocumentCustom.cpp: (WebCore::V8HTMLDocument::openCallback): LayoutTests: * fast/dom/frame-deleted-in-document-open-expected.txt: Added. * fast/dom/frame-deleted-in-document-open.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp Added Paths trunk/LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt trunk/LayoutTests/fast/dom/frame-deleted-in-document-open.html Diff Modified: trunk/LayoutTests/ChangeLog (95666 => 95667) --- trunk/LayoutTests/ChangeLog 2011-09-21 19:59:39 UTC (rev 95666) +++ trunk/LayoutTests/ChangeLog 2011-09-21 20:13:57 UTC (rev 95667) @@ -1,3 +1,13 @@ +2011-09-21 Sergey Glazunov + +[Chromium] Protect the Frame in V8HTMLDocument::openCallback +https://bugs.webkit.org/show_bug.cgi?id=68555 + +Reviewed by Nate Chapin. + +* fast/dom/frame-deleted-in-document-open-expected.txt: Added. +* fast/dom/frame-deleted-in-document-open.html: Added. + 2011-09-21 Adam Klein Clean up CSS Counter code Added: trunk/LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt (0 => 95667) --- trunk/LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt (rev 0) +++ trunk/LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt 2011-09-21 20:13:57 UTC (rev 95667) @@ -0,0 +1 @@ +This test passes if it doesn't crash. Added: trunk/LayoutTests/fast/dom/frame-deleted-in-document-open.html (0 => 95667) --- trunk/LayoutTests/fast/dom/frame-deleted-in-document-open.html (rev 0) +++ trunk/LayoutTests/fast/dom/frame-deleted-in-document-open.html 2011-09-21 20:13:57 UTC (rev 95667) @@ -0,0 +1,23 @@ + + + +if (window.layoutTestController) +layoutTestController.dumpAsText(); + +window._onload_ = function() +{ +frame = document.body.appendChild(document.createElement("iframe")); + +frame.contentWindow.open = null; +frame.contentWindow.__defineGetter__("open", function() { +document.body.removeChild(frame); +return function() { }; +}); +frame.contentDocument.open(1, 1, 1, 1, 1); +} + + + +This test passes if it doesn't crash. + + Modified: trunk/Source/WebCore/ChangeLog (95666 => 95667) --- trunk/Source/WebCore/ChangeLog 2011-09-21 19:59:39 UTC (rev 95666) +++ trunk/Source/WebCore/ChangeLog 2011-09-21 20:13:57 UTC (rev 95667) @@ -1,3 +1,15 @@ +2011-09-21 Sergey Glazunov + +[Chromium] Protect the Frame in V8HTMLDocument::openCallback +https://bugs.webkit.org/show_bug.cgi?id=68555 + +Reviewed by Nate Chapin. + +Test: fast/dom/frame-deleted-in-document-open.html + +* bindings/v8/custom/V8HTMLDocumentCustom.cpp: +(WebCore::V8HTMLDocument::openCallback): + 2011-09-21 Adam Klein Clean up CSS Counter code Modified: trunk/Source/WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp (95666 => 95667) --- trunk/Source/WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp 2011-09-21 19:59:39 UTC (rev 95666) +++ trunk/Source/WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp 2011-09-21 20:13:57 UTC (rev 95667) @@ -132,9 +132,9 @@ HTMLDocument* htmlDocument = V8HTMLDocument::toNative(args.Holder()); if (args.Length() > 2) { -if (Frame* frame = htmlDocument->frame()) { +if (RefPtr frame = htmlDocument->frame()) { // Fetch the global object for the frame. -v8::Local context = V8Proxy::context(frame); +v8::Local context = V8Proxy::context(frame.get()); // Bail out if we cannot get the context. if (context.IsEmpty()) return v8::Undefined(); @@ -151,8 +151,9 @@ for (int i = 0; i < args.Length(); i++) params[i] = args[i]; -V8Proxy* proxy = V8Proxy::retrieve(frame); -ASSERT(proxy); +V8Proxy* proxy = V8Proxy::retrieve(frame.get()); +if (!proxy) +return v8::Undefined(); v8::Local result = proxy->callFunction(v8::Local::Cast(function), global, args.Length(), params); delete[] params; ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95666] trunk/Source/JavaScriptCore
Title: [95666] trunk/Source/_javascript_Core Revision 95666 Author barraclo...@apple.com Date 2011-09-21 12:59:39 -0700 (Wed, 21 Sep 2011) Log Message Replace jsFunctionVPtr compares with a type check on the Structure. https://bugs.webkit.org/show_bug.cgi?id=68557 Reviewed by Oliver Hunt. This will permit calls to still optimize to subclasses of JSFunction that have the correct type (but a different C++ vptr). This patch stops passing the globalData into numerous functions. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGGraph.h: (JSC::DFG::Graph::isFunctionConstant): (JSC::DFG::Graph::valueOfFunctionConstant): * dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::isFunctionConstant): (JSC::DFG::JITCompiler::valueOfFunctionConstant): * dfg/DFGOperations.cpp: * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): * jit/JIT.h: * jit/JITCall.cpp: (JSC::JIT::compileOpCallVarargs): (JSC::JIT::compileOpCallSlowCase): * jit/JITCall32_64.cpp: (JSC::JIT::compileOpCallVarargs): (JSC::JIT::compileOpCallSlowCase): * jit/JITInlineMethods.h: (JSC::JIT::emitJumpIfNotType): * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): * runtime/Executable.h: (JSC::isHostFunction): * runtime/JSFunction.h: (JSC::JSFunction::createStructure): * runtime/JSObject.cpp: (JSC::JSObject::put): (JSC::JSObject::putWithAttributes): * runtime/JSObject.h: (JSC::getJSFunction): (JSC::JSObject::putDirect): (JSC::JSObject::putDirectWithoutTransition): * runtime/JSType.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/dfg/DFGGraph.h trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h trunk/Source/_javascript_Core/dfg/DFGOperations.cpp trunk/Source/_javascript_Core/interpreter/Interpreter.cpp trunk/Source/_javascript_Core/jit/JIT.h trunk/Source/_javascript_Core/jit/JITCall.cpp trunk/Source/_javascript_Core/jit/JITCall32_64.cpp trunk/Source/_javascript_Core/jit/JITInlineMethods.h trunk/Source/_javascript_Core/jit/JITStubs.cpp trunk/Source/_javascript_Core/runtime/Executable.h trunk/Source/_javascript_Core/runtime/JSFunction.h trunk/Source/_javascript_Core/runtime/JSObject.cpp trunk/Source/_javascript_Core/runtime/JSObject.h trunk/Source/_javascript_Core/runtime/JSType.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (95665 => 95666) --- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 19:49:23 UTC (rev 95665) +++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 19:59:39 UTC (rev 95666) @@ -1,3 +1,50 @@ +2011-09-21 Gavin Barraclough + +Replace jsFunctionVPtr compares with a type check on the Structure. +https://bugs.webkit.org/show_bug.cgi?id=68557 + +Reviewed by Oliver Hunt. + +This will permit calls to still optimize to subclasses of JSFunction +that have the correct type (but a different C++ vptr). + +This patch stops passing the globalData into numerous functions. + +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGGraph.h: +(JSC::DFG::Graph::isFunctionConstant): +(JSC::DFG::Graph::valueOfFunctionConstant): +* dfg/DFGJITCompiler.h: +(JSC::DFG::JITCompiler::isFunctionConstant): +(JSC::DFG::JITCompiler::valueOfFunctionConstant): +* dfg/DFGOperations.cpp: +* interpreter/Interpreter.cpp: +(JSC::Interpreter::privateExecute): +* jit/JIT.h: +* jit/JITCall.cpp: +(JSC::JIT::compileOpCallVarargs): +(JSC::JIT::compileOpCallSlowCase): +* jit/JITCall32_64.cpp: +(JSC::JIT::compileOpCallVarargs): +(JSC::JIT::compileOpCallSlowCase): +* jit/JITInlineMethods.h: +(JSC::JIT::emitJumpIfNotType): +* jit/JITStubs.cpp: +(JSC::DEFINE_STUB_FUNCTION): +* runtime/Executable.h: +(JSC::isHostFunction): +* runtime/JSFunction.h: +(JSC::JSFunction::createStructure): +* runtime/JSObject.cpp: +(JSC::JSObject::put): +(JSC::JSObject::putWithAttributes): +* runtime/JSObject.h: +(JSC::getJSFunction): +(JSC::JSObject::putDirect): +(JSC::JSObject::putDirectWithoutTransition): +* runtime/JSType.h: + 2011-09-21 Geoffrey Garen Removed WTFTHREADDATA_MULTITHREADED, making it always true Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (95665 => 95666) --- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 19:49:23 UTC (rev 95665) +++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 19:59:39 UTC (rev 95666) @@ -1305,7 +1305,7 @@ case op_call: { NodeIndex callTarget = get(currentInstruction[1].u.operand); -if (m_graph.isFunctionConstant(m_codeBlock, *m_globalData, callTarget)) { +if (m_graph.isFunctionConstant(m_codeBlock, callTarget)) { int argCou
[webkit-changes] [95665] trunk
Title: [95665] trunk Revision 95665 Author lean...@webkit.org Date 2011-09-21 12:49:23 -0700 (Wed, 21 Sep 2011) Log Message Unreviewed. Remove unused ENABLE_AS_IMAGE flag after r95234 from Options{Efl,WinCE}.cmake. * Source/cmake/OptionsEfl.cmake: * Source/cmake/OptionsWinCE.cmake: Modified Paths trunk/ChangeLog trunk/Source/cmake/OptionsEfl.cmake trunk/Source/cmake/OptionsWinCE.cmake Diff Modified: trunk/ChangeLog (95664 => 95665) --- trunk/ChangeLog 2011-09-21 19:47:48 UTC (rev 95664) +++ trunk/ChangeLog 2011-09-21 19:49:23 UTC (rev 95665) @@ -1,3 +1,11 @@ +2011-09-21 Leandro Pereira + +Unreviewed. Remove unused ENABLE_AS_IMAGE flag after r95234 from +Options{Efl,WinCE}.cmake. + +* Source/cmake/OptionsEfl.cmake: +* Source/cmake/OptionsWinCE.cmake: + 2011-09-20 ChangSeok Oh [GTK] requestAnimationFrame support for gtk port Modified: trunk/Source/cmake/OptionsEfl.cmake (95664 => 95665) --- trunk/Source/cmake/OptionsEfl.cmake 2011-09-21 19:47:48 UTC (rev 95664) +++ trunk/Source/cmake/OptionsEfl.cmake 2011-09-21 19:49:23 UTC (rev 95665) @@ -59,7 +59,6 @@ SET(VERSION_SCRIPT "-Wl,--version-script,${CMAKE_MODULE_PATH}/eflsymbols.filter") -WEBKIT_FEATURE(ENABLE_AS_IMAGE "Enable SVG as image" DEFAULT ON SVG) WEBKIT_FEATURE(ENABLE_BLOB "Enable blob slice" DEFAULT OFF) WEBKIT_FEATURE(ENABLE_CHANNEL_MESSAGING "Enable channel messaging" DEFAULT ON) WEBKIT_FEATURE(ENABLE_SQL_DATABASE "Enable SQL database" DEFAULT ON) Modified: trunk/Source/cmake/OptionsWinCE.cmake (95664 => 95665) --- trunk/Source/cmake/OptionsWinCE.cmake 2011-09-21 19:47:48 UTC (rev 95664) +++ trunk/Source/cmake/OptionsWinCE.cmake 2011-09-21 19:49:23 UTC (rev 95665) @@ -19,7 +19,6 @@ INCLUDE_DIRECTORIES(${3RDPARTY_DIR}/ce-compat) ADD_SUBDIRECTORY(${3RDPARTY_DIR} "${CMAKE_CURRENT_BINARY_DIR}/3rdparty") -WEBKIT_FEATURE(ENABLE_AS_IMAGE "Enable SVG as image" DEFAULT ON SVG) WEBKIT_FEATURE(ENABLE_BLOB "Enable blob slice" DEFAULT OFF) WEBKIT_FEATURE(ENABLE_CHANNEL_MESSAGING "Enable channel messaging" DEFAULT OFF) WEBKIT_FEATURE(ENABLE_SQL_DATABASE "Enable SQL database" DEFAULT OFF) ___ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
[webkit-changes] [95664] trunk
Title: [95664] trunk Revision 95664 Author ad...@chromium.org Date 2011-09-21 12:47:48 -0700 (Wed, 21 Sep 2011) Log Message Clean up CSS Counter code https://bugs.webkit.org/show_bug.cgi?id=68492 Reviewed by Tony Chang. Source/WebCore: Several cleanups/fixes: - Make Counter::listStyle() return the actual list style string, rather than empty string. - Handle a specified list style of "none" correctly when generating cssText and in Counter::listStyle(). - Use StringBuilder when generating cssText. Test: fast/css/counters/getCounterValue.html * css/CSSParser.cpp: (WebCore::CSSParser::parseCounterContent): Simplify processing (moving conversion to CSSStyleSelector), pass a CSS_IDENT as the listStyle to Counter::create. * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::cssText): Use StringBuilder. * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::applyProperty): Convert from a CSS_IDENT to an EListStyleType. * css/Counter.h: (WebCore::Counter::listStyleIdent): Renamed from listStyleNumber to match its new functionality. LayoutTests: Added tests for setting the list style to "none" as well as tests for getCounterValue. * fast/css/counters/counter-cssText-expected.txt: * fast/css/counters/counter-cssText.html: * fast/css/counters/getCounterValue-expected.txt: Added. * fast/css/counters/getCounterValue.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/fast/css/counters/counter-cssText-expected.txt trunk/LayoutTests/fast/css/counters/counter-cssText.html trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/css/CSSParser.cpp trunk/Source/WebCore/css/CSSPrimitiveValue.cpp trunk/Source/WebCore/css/CSSStyleSelector.cpp trunk/Source/WebCore/css/Counter.h Added Paths trunk/LayoutTests/fast/css/counters/getCounterValue-expected.txt trunk/LayoutTests/fast/css/counters/getCounterValue.html Diff Modified: trunk/LayoutTests/ChangeLog (95663 => 95664) --- trunk/LayoutTests/ChangeLog 2011-09-21 19:34:39 UTC (rev 95663) +++ trunk/LayoutTests/ChangeLog 2011-09-21 19:47:48 UTC (rev 95664) @@ -1,3 +1,18 @@ +2011-09-21 Adam Klein + +Clean up CSS Counter code +https://bugs.webkit.org/show_bug.cgi?id=68492 + +Reviewed by Tony Chang. + +Added tests for setting the list style to "none" +as well as tests for getCounterValue. + +* fast/css/counters/counter-cssText-expected.txt: +* fast/css/counters/counter-cssText.html: +* fast/css/counters/getCounterValue-expected.txt: Added. +* fast/css/counters/getCounterValue.html: Added. + 2011-09-21 Chang Shu [WK2] [Mac] Implement a more-complete MouseDown/MouseUp/MouseMoveTo functions for WebKit2 EventSender Modified: trunk/LayoutTests/fast/css/counters/counter-cssText-expected.txt (95663 => 95664) --- trunk/LayoutTests/fast/css/counters/counter-cssText-expected.txt 2011-09-21 19:34:39 UTC (rev 95663) +++ trunk/LayoutTests/fast/css/counters/counter-cssText-expected.txt 2011-09-21 19:47:48 UTC (rev 95664) @@ -7,6 +7,7 @@ PASS rules[3].style.cssText is "content: counters(section, ':', decimal); " PASS rules[4].style.cssText is "content: counter(section, lower-roman); " PASS rules[5].style.cssText is "content: counters(section, ',', upper-roman); " +PASS rules[6].style.cssText is "content: counter(section, none); " PASS successfullyParsed is true TEST COMPLETE Modified: trunk/LayoutTests/fast/css/counters/counter-cssText.html (95663 => 95664) --- trunk/LayoutTests/fast/css/counters/counter-cssText.html 2011-09-21 19:34:39 UTC (rev 95663) +++ trunk/LayoutTests/fast/css/counters/counter-cssText.html 2011-09-21 19:47:48 UTC (rev 95664) @@ -21,6 +21,9 @@ h3:after { content: counters(section, ",", upper-roman); } +h4:before { +content: counter(section, none); +} @@ -32,6 +35,7 @@ shouldBeEqualToString("rules[3].style.cssText", "content: counters(section, ':', decimal); "); shouldBeEqualToString("rules[4].style.cssText", "content: counter(section, lower-roman); "); shouldBeEqualToString("rules[5].style.cssText", "content: counters(section, ',', upper-roman); "); +shouldBeEqualToString("rules[6].style.cssText", "content: counter(section, none); "); window.successfullyParsed = true;