[webkit-changes] [247196] trunk/Source/WebInspectorUI
Title: [247196] trunk/Source/WebInspectorUI
Revision 247196
Author nvasil...@apple.com
Date 2019-07-06 19:09:28 -0700 (Sat, 06 Jul 2019)
Log Message
Web Inspector: Styles: unbalanced quotes and parenthesis aren't displayed as property closed after editing values
https://bugs.webkit.org/show_bug.cgi?id=199090
Reviewed by Devin Rousso.
`}` gets added by WI.tokenizeCSSValue (called by SpreadsheetStyleProperty.prototype._renderValue)
when it encounters unbalanced quotes. Fix unbalanced quotes by re-rendering the value from the model,
not the DOM content.
* UserInterface/Views/SpreadsheetStyleProperty.js:
(WI.SpreadsheetStyleProperty.prototype.spreadsheetTextFieldDidCommit):
For consistency, render property name from the model as well.
Modified Paths
trunk/Source/WebInspectorUI/ChangeLog
trunk/Source/WebInspectorUI/UserInterface/Views/SpreadsheetStyleProperty.js
Diff
Modified: trunk/Source/WebInspectorUI/ChangeLog (247195 => 247196)
--- trunk/Source/WebInspectorUI/ChangeLog 2019-07-07 00:20:03 UTC (rev 247195)
+++ trunk/Source/WebInspectorUI/ChangeLog 2019-07-07 02:09:28 UTC (rev 247196)
@@ -1,3 +1,19 @@
+2019-07-06 Nikita Vasilyev
+
+Web Inspector: Styles: unbalanced quotes and parenthesis aren't displayed as property closed after editing values
+https://bugs.webkit.org/show_bug.cgi?id=199090
+
+
+Reviewed by Devin Rousso.
+
+`}` gets added by WI.tokenizeCSSValue (called by SpreadsheetStyleProperty.prototype._renderValue)
+when it encounters unbalanced quotes. Fix unbalanced quotes by re-rendering the value from the model,
+not the DOM content.
+
+* UserInterface/Views/SpreadsheetStyleProperty.js:
+(WI.SpreadsheetStyleProperty.prototype.spreadsheetTextFieldDidCommit):
+For consistency, render property name from the model as well.
+
2019-07-05 Devin Rousso
Web Inspector: current call frame indicator not visible in dark mode
Modified: trunk/Source/WebInspectorUI/UserInterface/Views/SpreadsheetStyleProperty.js (247195 => 247196)
--- trunk/Source/WebInspectorUI/UserInterface/Views/SpreadsheetStyleProperty.js 2019-07-07 00:20:03 UTC (rev 247195)
+++ trunk/Source/WebInspectorUI/UserInterface/Views/SpreadsheetStyleProperty.js 2019-07-07 02:09:28 UTC (rev 247196)
@@ -359,16 +359,14 @@
spreadsheetTextFieldDidCommit(textField, {direction})
{
-let propertyName = this._nameTextField.value.trim();
-let propertyValue = this._valueTextField.value.trim();
let willRemoveProperty = false;
let isEditingName = textField === this._nameTextField;
-if (!propertyName || (!propertyValue && !isEditingName && direction === "forward"))
+if (!this._property.name || (!this._property.rawValue && !isEditingName && direction === "forward"))
willRemoveProperty = true;
if (!isEditingName && !willRemoveProperty)
-this._renderValue(propertyValue);
+this._renderValue(this._property.rawValue);
if (direction === "forward") {
if (isEditingName && !willRemoveProperty) {
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [247195] trunk
Title: [247195] trunk
Revision 247195
Author simon.fra...@apple.com
Date 2019-07-06 17:20:03 -0700 (Sat, 06 Jul 2019)
Log Message
Long hang when loading a cnn.com page on iOS
https://bugs.webkit.org/show_bug.cgi?id=199556
Reviewed by Zalan Bujtas.
Source/WebCore:
Loading https://edition.cnn.com/travel/article/brussels-airlines-flight-to-nowhere/index.html in the iOS 13 sim
results in a long hang under OverlapMapContainer::append(). We were creating pathological clipping scopes with
thousands of entries, because OverlapMapContainer::mergeClippingScopesRecursive() had a logic error where
it added 'sourceScope' to the child instead of 'sourceChildScope'. Add a new assertion to detect that case.
I wasn't able to create a testcase that caused a hang, but a number of existing tests would have
hit the assertion.
* rendering/LayerOverlapMap.cpp:
(WebCore::OverlapMapContainer::ClippingScope::addChild):
(WebCore::OverlapMapContainer::mergeClippingScopesRecursive):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::flushPendingLayerChanges): Drive-by fix: m_overflowControlsHostLayer is null on iOS, so use rootGraphicsLayer().
Tools:
Add code to load a page by default in MobileMiniBrowser so it's easy to hack it
to load a test page of your choice.
* MobileMiniBrowser/MobileMiniBrowserFramework/WebViewController.m:
(-[WebViewController viewDidLoad]):
Modified Paths
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/LayerOverlapMap.cpp
trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp
trunk/Tools/ChangeLog
trunk/Tools/MobileMiniBrowser/MobileMiniBrowserFramework/WebViewController.m
Diff
Modified: trunk/Source/WebCore/ChangeLog (247194 => 247195)
--- trunk/Source/WebCore/ChangeLog 2019-07-06 13:34:51 UTC (rev 247194)
+++ trunk/Source/WebCore/ChangeLog 2019-07-07 00:20:03 UTC (rev 247195)
@@ -1,3 +1,24 @@
+2019-07-06 Simon Fraser
+
+Long hang when loading a cnn.com page on iOS
+https://bugs.webkit.org/show_bug.cgi?id=199556
+
+Reviewed by Zalan Bujtas.
+
+Loading https://edition.cnn.com/travel/article/brussels-airlines-flight-to-nowhere/index.html in the iOS 13 sim
+results in a long hang under OverlapMapContainer::append(). We were creating pathological clipping scopes with
+thousands of entries, because OverlapMapContainer::mergeClippingScopesRecursive() had a logic error where
+it added 'sourceScope' to the child instead of 'sourceChildScope'. Add a new assertion to detect that case.
+
+I wasn't able to create a testcase that caused a hang, but a number of existing tests would have
+hit the assertion.
+
+* rendering/LayerOverlapMap.cpp:
+(WebCore::OverlapMapContainer::ClippingScope::addChild):
+(WebCore::OverlapMapContainer::mergeClippingScopesRecursive):
+* rendering/RenderLayerCompositor.cpp:
+(WebCore::RenderLayerCompositor::flushPendingLayerChanges): Drive-by fix: m_overflowControlsHostLayer is null on iOS, so use rootGraphicsLayer().
+
2019-07-05 Youenn Fablet
Carvana.com needs the fetch AbortSignal quirk
Modified: trunk/Source/WebCore/rendering/LayerOverlapMap.cpp (247194 => 247195)
--- trunk/Source/WebCore/rendering/LayerOverlapMap.cpp 2019-07-06 13:34:51 UTC (rev 247194)
+++ trunk/Source/WebCore/rendering/LayerOverlapMap.cpp 2019-07-07 00:20:03 UTC (rev 247195)
@@ -114,6 +114,7 @@
ClippingScope* addChild(const ClippingScope& child)
{
+ASSERT(&layer != &child.layer);
children.append(child);
return &children.last();
}
@@ -198,7 +199,7 @@
mergeClippingScopesRecursive(sourceChildScope, *destChild);
} else {
// New child, just copy the whole subtree.
-destScope.addChild(sourceScope);
+destScope.addChild(sourceChildScope);
}
}
}
Modified: trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp (247194 => 247195)
--- trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp 2019-07-06 13:34:51 UTC (rev 247194)
+++ trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp 2019-07-07 00:20:03 UTC (rev 247195)
@@ -523,7 +523,7 @@
#if ENABLE(TREE_DEBUGGING)
if (layersLogEnabled()) {
LOG(Layers, "RenderLayerCompositor::flushPendingLayerChanges");
-showGraphicsLayerTree(m_overflowControlsHostLayer.get());
+showGraphicsLayerTree(rootGraphicsLayer());
}
#endif
}
Modified: trunk/Tools/ChangeLog (247194 => 247195)
--- trunk/Tools/ChangeLog 2019-07-06 13:34:51 UTC (rev 247194)
+++ trunk/Tools/ChangeLog 2019-07-07 00:20:03 UTC (rev 247195)
@@ -1,3 +1,16 @@
+2019-07-06 Simon Fraser
+
+Long hang when loading a cnn.com page on iOS
+https://bugs.webkit.org/show_bug.cgi?id=199556
+
+Reviewed by Zalan Bujtas.
+
+Add code to load a page by default in MobileMiniBrowser so it's easy to hack
[webkit-changes] [247194] trunk
Title: [247194] trunk
Revision 247194
Author msab...@apple.com
Date 2019-07-06 06:34:51 -0700 (Sat, 06 Jul 2019)
Log Message
switch(String) needs to check for exceptions when resolving the string
https://bugs.webkit.org/show_bug.cgi?id=199541
Reviewed by Mark Lam.
JSTests:
New tests.
* stress/switch-string-oom.js: Added.
(test):
(testLowerTiers):
(testFTL):
Source/_javascript_Core:
Added exception checks for resolved Strings in switch processing for all tiers.
* dfg/DFGOperations.cpp:
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
Modified Paths
trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGOperations.cpp
trunk/Source/_javascript_Core/jit/JITOperations.cpp
trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp
Added Paths
trunk/JSTests/stress/switch-string-oom.js
Diff
Modified: trunk/JSTests/ChangeLog (247193 => 247194)
--- trunk/JSTests/ChangeLog 2019-07-06 11:03:56 UTC (rev 247193)
+++ trunk/JSTests/ChangeLog 2019-07-06 13:34:51 UTC (rev 247194)
@@ -1,3 +1,17 @@
+2019-07-06 Michael Saboff
+
+switch(String) needs to check for exceptions when resolving the string
+https://bugs.webkit.org/show_bug.cgi?id=199541
+
+Reviewed by Mark Lam.
+
+New tests.
+
+* stress/switch-string-oom.js: Added.
+(test):
+(testLowerTiers):
+(testFTL):
+
2019-07-05 Mark Lam
ArgumentsEliminationPhase::eliminateCandidatesThatInterfere() should not decrement nodeIndex pass zero.
Added: trunk/JSTests/stress/switch-string-oom.js (0 => 247194)
--- trunk/JSTests/stress/switch-string-oom.js (rev 0)
+++ trunk/JSTests/stress/switch-string-oom.js 2019-07-06 13:34:51 UTC (rev 247194)
@@ -0,0 +1,52 @@
+//@ requireOptions("--jitPolicyScale=0", "--useConcurrentJIT=0")
+// This tests that when a switch(String) converts the String argument, it properly handles OOM
+
+function test(createOOMString)
+{
+var str = String.fromCharCode(365);
+if (createOOMString)
+str = str.padEnd(2147483644, '123');
+
+switch (str) {
+case "one":
+throw "Case \"one\", dhouldn't get here";
+break;
+case "two":
+throw "Case \"two\", shouldn't get here";
+break;
+case "three":
+throw "Case \"three\", shouldn't get here";
+break;
+default:
+if (createOOMString)
+throw "Default case, shouldn't get here";
+break;
+}
+}
+
+function testLowerTiers()
+{
+for (let i = 0; i < 200; i++) {
+try {
+test(true);
+} catch(e) {
+if (e != "Error: Out of memory")
+throw "Unexpecte error: \"" + e + "\"";
+}
+}
+}
+
+function testFTL()
+{
+for (let i = 0; i < 1000; i++) {
+try {
+test(i >= 50);
+} catch(e) {
+if (e != "Error: Out of memory")
+throw "Unexpecte error: \"" + e + "\"";
+}
+}
+}
+
+testLowerTiers();
+testFTL();
Modified: trunk/Source/_javascript_Core/ChangeLog (247193 => 247194)
--- trunk/Source/_javascript_Core/ChangeLog 2019-07-06 11:03:56 UTC (rev 247193)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-07-06 13:34:51 UTC (rev 247194)
@@ -1,3 +1,17 @@
+2019-07-06 Michael Saboff
+
+switch(String) needs to check for exceptions when resolving the string
+https://bugs.webkit.org/show_bug.cgi?id=199541
+
+Reviewed by Mark Lam.
+
+Added exception checks for resolved Strings in switch processing for all tiers.
+
+* dfg/DFGOperations.cpp:
+* jit/JITOperations.cpp:
+* llint/LLIntSlowPaths.cpp:
+(JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
2019-07-05 Mark Lam
ArgumentsEliminationPhase::eliminateCandidatesThatInterfere() should not decrement nodeIndex pass zero.
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (247193 => 247194)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2019-07-06 11:03:56 UTC (rev 247193)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2019-07-06 13:34:51 UTC (rev 247194)
@@ -2446,7 +2446,6 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
-
CodeBlock* codeBlock = exec->codeBlock();
SimpleJumpTable& table = codeBlock->switchJumpTable(tableIndex);
JSValue value = JSValue::decode(encodedValue);
@@ -2462,8 +2461,13 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
+auto throwScope = DECLARE_THROW_SCOPE(vm);
-return exec->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(string->value(exec).impl()).executableAddress();
+StringImpl* strImpl = string->value(exec).impl();
+
+RETURN_IF_EXCEPTION(throwScope, nullptr);
+
+return exec->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(strImpl).executableAddress();
}
int32_t JIT_OPERATION operationSwitchStringAndGetBr
[webkit-changes] [247192] trunk/Source/WebKit
Title: [247192] trunk/Source/WebKit
Revision 247192
Author cfleiz...@apple.com
Date 2019-07-06 01:14:16 -0700 (Sat, 06 Jul 2019)
Log Message
AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak
https://bugs.webkit.org/show_bug.cgi?id=199435
Reviewed by Ryosuke Niwa.
Ensure we don't access null observers in speech callbacks.
* WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:
(WebKit::WebSpeechSynthesisClient::voiceList):
(WebKit::WebSpeechSynthesisClient::speak):
(WebKit::WebSpeechSynthesisClient::pause):
(WebKit::WebSpeechSynthesisClient::resume):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::speakingErrorOccurred):
(WebKit::WebPage::boundaryEventOccurred):
(WebKit::WebPage::voicesDidChange):
Modified Paths
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp
trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.h
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
Diff
Modified: trunk/Source/WebKit/ChangeLog (247191 => 247192)
--- trunk/Source/WebKit/ChangeLog 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/ChangeLog 2019-07-06 08:14:16 UTC (rev 247192)
@@ -1,3 +1,22 @@
+2019-07-06 Chris Fleizach
+
+AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak
+https://bugs.webkit.org/show_bug.cgi?id=199435
+
+Reviewed by Ryosuke Niwa.
+
+Ensure we don't access null observers in speech callbacks.
+
+* WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:
+(WebKit::WebSpeechSynthesisClient::voiceList):
+(WebKit::WebSpeechSynthesisClient::speak):
+(WebKit::WebSpeechSynthesisClient::pause):
+(WebKit::WebSpeechSynthesisClient::resume):
+* WebProcess/WebPage/WebPage.cpp:
+(WebKit::WebPage::speakingErrorOccurred):
+(WebKit::WebPage::boundaryEventOccurred):
+(WebKit::WebPage::voicesDidChange):
+
2019-07-05 Chris Dumez
Fix thread safety bug in WebResourceLoadStatisticsTelemetry::calculateAndSubmit()
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp (247191 => 247192)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp 2019-07-06 08:14:16 UTC (rev 247192)
@@ -43,18 +43,25 @@
m_page.sendSync(Messages::WebPageProxy::SpeechSynthesisVoiceList(), voiceList);
m_voices.clear();
-for (auto& voice : voiceList) {
+for (auto& voice : voiceList)
m_voices.append(WebCore::PlatformSpeechSynthesisVoice::create(voice.voiceURI, voice.name, voice.lang, voice.localService, voice.defaultLang));
-
-}
return m_voices;
}
+WebCore::SpeechSynthesisClientObserver* WebSpeechSynthesisClient::corePageObserver() const
+{
+if (m_page.corePage() && m_page.corePage()->speechSynthesisClient() && m_page.corePage()->speechSynthesisClient()->observer())
+return m_page.corePage()->speechSynthesisClient()->observer().get();
+return nullptr;
+}
+
void WebSpeechSynthesisClient::speak(RefPtr utterance)
{
WTF::CompletionHandler completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
-if (weakThis)
-m_page.corePage()->speechSynthesisClient()->observer()->didFinishSpeaking();
+if (!weakThis)
+return;
+if (auto observer = corePageObserver())
+observer->didFinishSpeaking();
};
auto voice = utterance->voice();
@@ -65,8 +72,8 @@
auto isDefault = voice ? voice->isDefault() : false;
m_page.sendWithAsyncReply(Messages::WebPageProxy::SpeechSynthesisSpeak(utterance->text(), utterance->lang(), utterance->volume(), utterance->rate(), utterance->pitch(), utterance->startTime(), voiceURI, name, lang, localService, isDefault), WTFMove(completionHandler));
-
-m_page.corePage()->speechSynthesisClient()->observer()->didStartSpeaking();
+if (auto observer = corePageObserver())
+observer->didStartSpeaking();
}
void WebSpeechSynthesisClient::cancel()
@@ -77,8 +84,10 @@
void WebSpeechSynthesisClient::pause()
{
WTF::CompletionHandler completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
-if (weakThis)
-m_page.corePage()->speechSynthesisClient()->observer()->didPauseSpeaking();
+if (!weakThis)
+return;
+if (auto observer = corePageObserver())
+observer->didPauseSpeaking();
};
m_page.sendWithAsyncReply(Messages::WebPageProxy::SpeechSynthesisPause(), WTFMove(completionHandler));
@@ -87,8 +96,10 @@
void WebSpeechSynthesisClient::resume()
{
WTF::CompletionHandler completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
-if (weakThis)
-m_page.corePage()->speechSynthesisClient(
