Opera Software upstreamed commits

Upstreamed commits in Chromium: 6063, V8: 38, Skia: 9, BoringSSL: 16.

Click message to expand

Chromium

Author Message When
fs
Strength-reduce the "scale-factor changed" condition in LayoutSVGRoot
Spend some cycles examining the difference between the old and new
local-to-border-box transforms, and only signal scale-factor changes
if that part of the transform changed.
This also means that we now detect changes scale that we previously
didn't (like [1].)

[1] paint/invalidation/svg/absolute-sized-content-with-resources.xhtml

BUG=603956,664961

Review-Url: https://codereview.chromium.org/2559123003
Cr-Commit-Position: refs/heads/master@{#437767}
mstensho
Rebaseline paint/invalidation/resize-iframe-text.html for Mac.
BUG=672676

Review-Url: https://codereview.chromium.org/2557743008
Cr-Commit-Position: refs/heads/master@{#437567}
sigbjornf
ImageResource: remove unnecessary vector copying during iteration.
Iterations that don't update the underlying collection, can be done
in-place.

R=
BUG=

Review-Url: https://codereview.chromium.org/2555103004
Cr-Commit-Position: refs/heads/master@{#437482}
mstensho
Hopefully deflake some tests, by preloading the Ahem font.
BUG=670846

Review-Url: https://codereview.chromium.org/2560073002
Cr-Commit-Position: refs/heads/master@{#437423}
rune
Missing style invalidation for :in-range and :out-of-range.
Added pseudoStateChanged calls for those pseudos where we already did
so for :valid and :invalid.

R=tkent@chromium.org
BUG=671745

Review-Url: https://codereview.chromium.org/2556423002
Cr-Commit-Position: refs/heads/master@{#437415}
mstensho
Fix path search-replace mistakes (?) that prevented resources from being loaded.
This was introduced in https://codereview.chromium.org/2321183002

Review-Url: https://codereview.chromium.org/2558263002
Cr-Commit-Position: refs/heads/master@{#437365}
fs
Unify "contributes to" and "requires mask" for clip-path child iteration
Since contributesToClip(...) and requiresMask(...) have a lot of overlap,
refactor them into a new (set of) function(s) that return an enumeration
based on the requirements for the element in question.

Review-Url: https://codereview.chromium.org/2563613002
Cr-Commit-Position: refs/heads/master@{#437248}
mstensho
Let LayoutBlockFlow::removeFloatingObject take LayoutUnit instead of int.
Review-Url: https://codereview.chromium.org/2559443002
Cr-Commit-Position: refs/heads/master@{#437221}
mstensho
[LayoutNG] Remove unnecessary #includes
NOTRY=true
BUG=591099

Review-Url: https://codereview.chromium.org/2561553002
Cr-Commit-Position: refs/heads/master@{#437217}
rune
Make sure media query results are re-collected.
When media attributes change on style elements, we need to re-append
all sheets in the scope in order to collect the viewport and device
dependent media results correctly. This already done forced by the
FullStyleUpdate in parseAttribute, but we want to minimize the changes
here with async style update and ruleset based invalidations by marking
the treeScope dirty, and if nothing changed, invalidate no style.

However, we need to re-add global rule data, or at least the media
query results.

Example: say that we have a window width of 800px below. After the
media attribute has been changed, we don't need to recalculate any
styles, but we need to make sure we detect style changes crossing the
width of 2000px instead of 1000px.

<style media="(min-width: 1000px)"> ... </style>

<script>
  styleElement.setAttribute("media", "(min-width: 2000px");
</script>

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2554193002
Cr-Commit-Position: refs/heads/master@{#437213}
rune
Make setNeedsActiveStyleUpdate mark treescope dirty only.
Pass the treeScope instead of a stylesheet pointer and remove the
synchronous resolverChanged() call. Instead add the resolveChanged()
calls where currently necessary and mark them for removal.

This makes the setNeedsActiveStyleUpdate implementation like what we
want to end up with [1]. I've done it this way to make the following
CLs easier to review.

Also, setNeedsActiveStyleUpdate calls are removed where we call
removeStyleSheetCandidateNode() since that method already marks the
tree-scope dirty.

[1] https://codereview.chromium.org/1913833002/

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2546393002
Cr-Commit-Position: refs/heads/master@{#437212}
rune
Mark correct tree-scope dirty removing link in shadow.
Noticed while working on 567021, StyleElement found the correct
tree-scope in from of a shadow root when applicable while
HTMLLinkElement would just use the document. This is what kept us from
being able to use AnalyzedStyleUpdate for removedFrom() for link
elements.

R=meade@chromium.org
BUG=671596

Review-Url: https://codereview.chromium.org/2554873002
Cr-Commit-Position: refs/heads/master@{#437210}
mstensho
Better isPageLogicalHeightKnown() implementation.
Need to consult the flow thread, if we have one. We may run into situations
where fragmentainer groups in the first column set have got their height
calculated, while later column sets still haven't calculated it [1]. So
checking if flow thread offset 0 is in a fragmentainer of known height isn't
good enough.

Also moved the implementation from LayoutBlock to LayoutBox, since it's pretty
coincidental that we currently don't need this particular method outside of
LayoutBlock.

[1] LayoutMultiColumnSet::recalculateColumnHeight() may reset the column
heights if it detects that the column set has been moved since previous layout
pass.

BUG=670902

Review-Url: https://codereview.chromium.org/2553133002
Cr-Commit-Position: refs/heads/master@{#437063}
fs
Don't check 'visibility' in LayoutSVGResourceMasker
Since 'visibility' does not work in the same way as 'display', it's not
possible to "prune" subtrees based on non-'visible' values of the
property. Remove the check from the two methods that use it, and leave
to lower levels to handle it.

BUG=672055

Review-Url: https://codereview.chromium.org/2558793002
Cr-Commit-Position: refs/heads/master@{#436996}
fs
Don't allow <use> <text> references in clip-path fast-path
The fast-path can't handle <text>, but a <use> referencing <text> was
not properly checked resulting in an incorrect clip.
Make the requiresMask(...) helper handle <use> elements and check the
referenced element.

BUG=604677,604679

Review-Url: https://codereview.chromium.org/2560773002
Cr-Commit-Position: refs/heads/master@{#436941}
rune
Use correct document for notifying of inserted import.
Notify the root document to update active stylesheets. If the import
child contains stylesheets, the StyleEngine for the import document
will be notified correctly.

Added a couple of sanity DCHECKs.

R=meade@chromium.org
BUG=671322

Review-Url: https://codereview.chromium.org/2551973003
Cr-Commit-Position: refs/heads/master@{#436887}
mstensho
Never position a float after it has been placed.
When a float is marked as "placed" (which happens in
LayoutBlockFlow::placeNewFloats()), it means that it has been added to a float
interval tree. It is not allowed to move a float afterwards (unless we remove
and re-insert the floats somehow, e.g. by re-laying out its containing block).
Otherwise, the interval tree may get out of sync with reality, and we may fail
to find the reference to a FloatingObject in the interval tree when deleting a
FloatingObject, so that we end up deleting the FloatingObject, but not the
reference to it in the interval tree (which will remain there, pointing to a
now dead object).

This could happen when LayoutBlockFlow::removeFloatingObjectsBelow() was called
during pagination. We sometimes need to re-lay out a line because the line or
floats next to the line get pushed to the next fragmentainer. As part of that,
we also need to get rid of the floats that we thought would sit beside the
line, and re-position them.

BUG=670927

Review-Url: https://codereview.chromium.org/2553923003
Cr-Commit-Position: refs/heads/master@{#436776}
fs
Rework SVGViewSpec<->SVGSVGElement integration
This turns SVGViewSpec into a more independent component, by moving
parsing (case) logic into it, and changing adding an accessor interface
on SVGSVGElement that allows access to, and handles invalidation of the
SVGSVGElement's view properties.

The m_useCurrentView is done away with, and instead the code just checks
if there's an SVGViewSpec attached. Naturally this also means that care
needs to be taken to "detach" the old SVGViewSpec when needed.

Review-Url: https://codereview.chromium.org/2552513002
Cr-Commit-Position: refs/heads/master@{#436704}
fs
Unify predicates for elements "contributing" to a <clipPath>
LayoutSVGResourceClipper has four loops that iterate the child elements
that contribute to the clip path. They are however all subtly different.

To remedy this and make it more obvious that the same set of elements
are iterated, add a helper contributesToClip(...) that handles the
checking of if an element is considered to be contributing to the clip
path or not. This yields four loops with a very similar structure.

Also move path-extraction to a helper, use helpers from Traversal<...>
for basic iteration, drop LayoutObject/ComputedStyle related checks
from the SVGUseElement helper (now handled elsewhere) and hoist the
PaintInfo out of the loop in createContentPicture since it is invariant.

Review-Url: https://codereview.chromium.org/2560513002
Cr-Commit-Position: refs/heads/master@{#436703}
fs
Don't fail clip-paths with empty bounds
An empty nested clip-path should result in an empty clip-path (clipping
away everything.)

BUG=671543
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2555483003
Cr-Commit-Position: refs/heads/master@{#436605}
fs
Properly simulate self-closing tags when in "foreign content" mode
When background parsing, a tag that "opens" foreign content mode and had
the "self-closing" flag set (<svg/> and <math/>), would place the
simulator in foreign content mode without a chance to get out of it.
Run the "end tag" steps in this case too, to properly balance the
namespace stack.

BUG=537642

Review-Url: https://codereview.chromium.org/2546373002
Cr-Commit-Position: refs/heads/master@{#436569}
mstensho
Refactor layoutBlock() and layoutBlockFlow(). Happens to fix bugs.
Move what only needs to be done once into layoutBlock(). Rename
layoutBlockFlow() to layoutChildren(). Establish LayoutState once, and compare
with the actual previous height to properly detect height changes.

This fixes two issues with the PaintLayerScrollableArea::FreezeScrollbarsScope
mechanism. Tests added.

1. We used to push LayoutState for the same object twice when freezing
scrollbars, which confused the fragmentation machinery.

2. We failed to detect height changes when freezing scrollbars, because we were
unable to compare against the original height (we compared against the height
we had when entering the second layout pass, rather than comparing against the
one we had when entering the first layout pass). We might therefore end up
skipping necessary re-layout of absolutely positioned descendants.

BUG=669039,670660

Review-Url: https://codereview.chromium.org/2553833002
Cr-Commit-Position: refs/heads/master@{#436414}
sigbjornf
Disallow off-heap containers containing raw on-heap pointers.
R=
BUG=

Review-Url: https://codereview.chromium.org/2553673002
Cr-Commit-Position: refs/heads/master@{#436351}
sigbjornf
Eagerly dispose of ScheduledActions.
The DOMTimer's ScheduledAction hold on to the script source and
state needed to execute the timer action. Let go of ShceduledAction's
resource early.

Apart from reducing the lifetime of script source, this is a speculative
fix for crashes reported in v8::PersistentValueVector::Clear() during
lazy sweeping of ScheduledAction objects.

R=
BUG=

Review-Url: https://codereview.chromium.org/2552673002
Cr-Commit-Position: refs/heads/master@{#436298}
tommyt
PaymentApp: Add classes for supporting Web Based Payment Apps
This adds an application class, an instrument class and a skeleton
bridging class which can later be implemented to communicate with the
service worker class in C++.

The app factory class has been extended to create instances of the new
web based payment apps in addition to the existing autofill payment app.

BUG=669876

Review-Url: https://codereview.chromium.org/2526293003
Cr-Commit-Position: refs/heads/master@{#436274}
kszatan
Fix Firefox bookmarks import.
Firefox abandoned usage of the moz_bookmarks_roots table since v. 30 and
removed the table in v. 31 in favor of storing relevant info in the
'guid' column of the moz_bookmarks table.

BUG=638977

Review-Url: https://codereview.chromium.org/2296633002
Cr-Commit-Position: refs/heads/master@{#436262}
rune
Schedule layout tree update for dirty tree scopes.
In preparation for async stylesheet update, schedule a layout tree
update when marking tree scopes dirty for active style sheets. This is
necessary to trigger a beginFrame which will in turn call
updateActiveStyle as part of the lifecycle update.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2547883002
Cr-Commit-Position: refs/heads/master@{#436248}
rune
Correctly re-collect active style for html imports.
- Need to re-collect active stylesheets when inserting already cached
  import documents.

- Missing markDocumentDirty() when inserting import documents.

- Added test for missing coverage of the need for marking for re-
  collection from HTMLImportChild::ownerInserted().

The fact that we need to recollect sheets in the document scope and
recalculate style for the whole document is not a perf regression, this
is how it used to be before considering the async stylesheet update
with ruleset invalidations, but ideally we would like to do better.
It's unlikely a common use case as html imports are typically loaded in
head as script and rendering blocking.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2551473002
Cr-Commit-Position: refs/heads/master@{#436238}
mstensho
Complete layout even if a block needs relayout due to widows or column balancing.
We cannot just abort in the middle of layoutBlockFlow() when we detect that we
need another layout pass (due to new column height or because we want an
earlier break to satisfy the widows requirement). We might miss our only
opportunity to detect size changes that way, and thus skip necessary layout and
repositioning of absolutely positioned descendants.

BUG=591637

Review-Url: https://codereview.chromium.org/2471623003
Cr-Commit-Position: refs/heads/master@{#436192}
fs
Drop SVGElement::accessDocumentSVGExtensions()
This method has a single user into which it can be folded without any
issues. The comment in the method seem to no longer apply.

Also drop an unused friend declaration while at it.

Review-Url: https://codereview.chromium.org/2548573003
Cr-Commit-Position: refs/heads/master@{#436051}
rune
Returned MediaQuerySet should be const.
The MediaQuerySet is never modified outside the class. We don't have
any evidence that this fixes the mentioned issue though.

R=sigbjornf@opera.com
BUG=669757

Review-Url: https://codereview.chromium.org/2547713003
Cr-Commit-Position: refs/heads/master@{#436031}
mstensho
Don't include ComputedStyle.h where not needed.
This reduces the dependency on ComputedStyle.h from more than 2000 compilation
units to less than 1000.

Review-Url: https://codereview.chromium.org/2539363003
Cr-Commit-Position: refs/heads/master@{#435928}
mstensho
Don't include CachedUAStyle.h from StyleResolver.h
Eliminates another 40+ compilation unit dependencies on ComputedStyle.h

Review-Url: https://codereview.chromium.org/2545953003
Cr-Commit-Position: refs/heads/master@{#435925}
rune
Make updateStyleInvalidationIfNeeded() private.
It is not invoked outside of Document.

This is split out of the larger CL for 567021.

R=mstensho@opera.com
BUG=567021

Review-Url: https://codereview.chromium.org/2537863006
Cr-Commit-Position: refs/heads/master@{#435922}
rune
Remove MediaQuerySet:createOffMainThread.
The implementation is identical to MediaQuerySet::create.
Removed old cruft from the unit test from when we had two media query
parsing implementation.

R=yoav@yoav.ws,timloh@chromium.org

Review-Url: https://codereview.chromium.org/2545663005
Cr-Commit-Position: refs/heads/master@{#435920}
mstensho
Margins that start at fragmentainer boundaries should be collapsed away.
This only applies if the fragmentainer break is unforced. If it's forced, the
margin is to be preserved.
See https://drafts.csswg.org/css-break/#break-margins

Get rid of LayoutBlock::nextPageLogicalTop(), since nobody calls it anymore.

BUG=440362

Review-Url: https://codereview.chromium.org/2542723002
Cr-Commit-Position: refs/heads/master@{#435917}
fs
Avoid repeating ourselves in SVGAnimatedEnumerationBase::setBaseVal
After performing the range checks on the value, we can call our "generic"
setBaseVal and avoid repeating this code-sequence.

Review-Url: https://codereview.chromium.org/2548533003
Cr-Commit-Position: refs/heads/master@{#435715}
fs
Only communicate CSSPrimitiveValue references from SVGLength
Make asCSSPrimitiveValue() return a reference to a CSSPrimitiveValue,
rather than a pointer. The CSSPrimitiveValue contained in the SVGLength
can/should never be null.
Add a helper to SVGAnimatedLength to cut down on some boilerplate for
accessing the current CSSValue.

Review-Url: https://codereview.chromium.org/2549563002
Cr-Commit-Position: refs/heads/master@{#435688}
fs
Neuter the "screen scale factor" computation for SVG <text>
This removes the PaintLayer-factor and DSF from the "screen scale factor",
leaving only the transform to the <svg> root and the "content transform" (used
by <pattern>, <mask> and <clipPath>.)

BUG=664961

Review-Url: https://codereview.chromium.org/2492013004
Cr-Commit-Position: refs/heads/master@{#435599}
tommyt
PaymentApp: Allow multiple payment method names for one instrument.
This changes the name and signature of the
PaymentInstrument.getInstrumentMethodName method to:

    Set<String> getInstrumentMethodNames()

This is to match the "enabledMethods" field in the PaymentAppOption
dictionary in the Payment Apps specification, which is defined to be a
sequence of strings.

See: https://w3c.github.io/webpayments-payment-apps-api/#payment-app-options

I also change the name of PaymentInstrument.getInstrumentDetails to
"invokePayment" in order to convey better that this is where the payment
method specific stuff happens. For a Web Based Payment App, this method
is an appropriate point to launch the payment request event into the
service worker.

BUG=669876

Review-Url: https://codereview.chromium.org/2530793002
Cr-Commit-Position: refs/heads/master@{#435587}
fs
Cleanup after removal of the SVGViewSpec interface
With DOM requirements gone, we can turn this into something a bit simpler.
Remove the SVGFitToViewBox inheritance in favor of direct references to
the relevant objects. Similarly drop/unwrap the SVGAnimatedTransformList.

The above gets rid of the only users of SVGAnimatedProperty::setReadOnly
and associated state, as well as the corresponding state in the tear-off.

Also drop an unused methods from SVGSVGElement and rename currentView()
to ensureViewSpec(), making it private in the process.

Review-Url: https://codereview.chromium.org/2537223006
Cr-Commit-Position: refs/heads/master@{#435485}
mstensho
Introduce resetLayout(), to offload layoutBlockFlow().
Review-Url: https://codereview.chromium.org/2529423003
Cr-Commit-Position: refs/heads/master@{#435471}
mstensho
Avoid rogue line float re-layout.
We cannot just lay out an object without setting its position first. That would
confuse the fragmenation machinery. Fortunately, it's not even necessary to lay
out here. Changed the comment, as an attempt to explain why.

BUG=663942

Review-Url: https://codereview.chromium.org/2539813002
Cr-Commit-Position: refs/heads/master@{#435442}
tsniatowski
Remove android build dir nesting restriction
It appears that android builds no longer have to be nested exactly two
levels under //. A build with one level works, so the assert in gn is
no longer helpful.

BUG=412935
R=agrieve@chromium.org

Review-Url: https://codereview.chromium.org/2544493002
Cr-Commit-Position: refs/heads/master@{#435410}
sigbjornf
CSSSelectorWatch: avoid unnecessary hash table lookups.
Review-Url: https://codereview.chromium.org/2541853002
Cr-Commit-Position: refs/heads/master@{#435361}
tmoniuszko
Rename 'interface' parameter
It conflicts with define from combaseapi.h from Windows SDK.

BUG=

Review-Url: https://codereview.chromium.org/2524733003
Cr-Commit-Position: refs/heads/master@{#435169}
fs
Use the right point for marker orientation when closing a subpath
Path::apply doesn't pass a point along for the PathElementCloseSubpath
command. This would yield the wrong orientation on the last marker-mid
on the path (see crbug.com/633012#c1 for an example.)
Use m_subpathStart where needed instead.

BUG=633012

Review-Url: https://codereview.chromium.org/2539763002
Cr-Commit-Position: refs/heads/master@{#434988}
fs
Cleanup SVGMarkerData::updateFromPathElement
Make the updateFromPathElement "closure" a simple thunk-style function,
to make it a little less unwieldy. Also pass PathElement& rather than
PathElement*.

BUG=633012,450368

Review-Url: https://codereview.chromium.org/2540513005
Cr-Commit-Position: refs/heads/master@{#434987}
mstensho
[LayoutNG] Correct inline size for children of multicol containers.
This will lay out multicol containers in one single tall column, without any
support for fragmentation or column balancing.

Also had to disable creation of the anonymous LayoutMultiColumnFlowThread child
of multicol containers, since that's not going to be used in LayoutNG.

The algorithm for calculating the used values of column-width and column-count
can be found here: https://drafts.csswg.org/css-multicol-1/#pseudo-algorithm

Review-Url: https://codereview.chromium.org/2528203002
Cr-Commit-Position: refs/heads/master@{#434971}
mstensho
Position a float before laying it out.
We'll no longer perform inaccurate layout from insertFloatingObject(), but
defer all layout to positionAndLayoutFloat(). We need to do this correctly
everywhere. One crucial thing is also to pay attention to the resulting
pagination strut before the float, if any. There's only one place where we do
this, and that's in positionAndLayoutFloat().

At most call sites, insertFloatingObject() is followed by a call to
placeNewFloats(), which will call positionAndLayoutFloat(). There are
exceptions to this in line layout, though. In some cases we just insert floats
without laying them out and placing them. This happens when we need to figure
out the height of the current line before we can place floats below it. In
order to figure out if a float fits on the current line, though, we first need
to lay it out without marking it as placed.

We lacked some test coverage, so I added
float-pushed-to-next-fragmentainer-by-floats.html . This also passed prior to
this CL, but I nearly broke it while working on this.

BUG=663942

Review-Url: https://codereview.chromium.org/2532573003
Cr-Commit-Position: refs/heads/master@{#434969}
mstensho
[LayoutNG] No need to search for inline children inside a block-children block.
Also type-check that we're dealing with a LayoutBlockFlow before casting.

Review-Url: https://codereview.chromium.org/2527393002
Cr-Commit-Position: refs/heads/master@{#434968}
mstensho
No longer store page logical height in LayoutState.
That height may not be uniform throughout the entire fragmentation context
anyway, so it's not reliable to do it like this. For multicol, the value was
only used as a flag (0=unknown height, 1=known height).

Move calculation of available column height to LayoutMultiColumnFlowThread. It
no longer needs to live in LayoutBlockFlow.

Review-Url: https://codereview.chromium.org/2529073002
Cr-Commit-Position: refs/heads/master@{#434965}
fs
Update svg/wicd/test-rightsizing-b.xhtml expectations
Attempt to compensate for some recent changes to DRT output. Also try
to get some more "correct" reference images.

TBR=schenney@chromium.org
NOTRY=true
BUG=639147

Review-Url: https://codereview.chromium.org/2537083003
Cr-Commit-Position: refs/heads/master@{#434962}
rune
Introduce markAllTreeScopesDirty.
When we need to recollect active stylesheets for all scopes, have an
explicit markAllTreeScopesDirty method instead of relying on
FullStyleUpdate which will go away for async active stylesheet updates.

This CL does not contain functional changes.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2534863002
Cr-Commit-Position: refs/heads/master@{#434940}
fs
Make 'transform' a presentation attribute on SVG elements
This makes 'transform', 'gradientTransform' and 'patternTransform'
presentation attributes on SVGGraphicsElements, SVGGradientElements
and SVGPatternElements respectively.

Spec:

 http://www.w3.org/TR/css3-transforms/#svg-transform
 http://www.w3.org/TR/css3-transforms/#svg-syntax
 http://www.w3.org/TR/css3-transforms/#svg-gradient-transform-pattern-transform

Salvaged from https://codereview.chromium.org/423093014, but takes a
different approach to bridge the syntax gap and avoid crbug.com/577219.

The strategy taken here is to use the SVGTransformList to generate a
CSSValue for the presentation attribute style, and hence postponing
both support for the full transform syntax and a way around the bug
mentioned above. Essentially softening the blow. These two "features"
are expected to be implemented eventually, so this is just a "first
step".

BUG=369942
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2478233002
Cr-Commit-Position: refs/heads/master@{#434934}
sigbjornf
Fix speech-synthesis-speak-multiple.html flakiness.
Follow up on r420711 (crbug.com/589632) and adjust the expected lower
bound on ".elapsedTime" to also include zero for 'start' events.

TBR=dmazzoni
BUG=660448

Review-Url: https://codereview.chromium.org/2540623002
Cr-Commit-Position: refs/heads/master@{#434931}
sigbjornf
Handle overlapping uses of MockWebSpeechRecognizer.
More than one speech recognition object may exist at the same time,
all sharing a single MockWebSpeechRecognizer underneath when
running layout tests.

Overlapping uses of speech recognizer objects weren't something
the mock object was designed to gracefully handle, hence fuzzer
inputs would leave the mock object in an invalid state and crash,
when they attempted to do so.

Rather than try to ignore and prevent overlapping uses from going
ahed, we extend MockWebSpeechRecognizer with support for handling
them, queueing recognizer context switching tasks that will run
upon completion of the currently ongoing sequence of tasks that
a speech recognizer object expects.

R=
BUG=668019

Review-Url: https://codereview.chromium.org/2525933002
Cr-Commit-Position: refs/heads/master@{#434777}
fs
Rework the "rules for parsing dimension values" implementation
This CL reworks the current implementation of the "rules for parsing
dimension values" [1] (HTMLElement::addHTMLLengthToStyle) into a
separate function and moves it to HTMLDimension.{cpp,h}.
In general, behavior deviating from the specced version is kept with the
following exceptions:

 * Allow all of the "space characters" [2], rather than just U+0020.

 * Cases with multiple full stops (ex: "1.2.3") now parse the same as
   "1.2" rather than failing.

Comments are added where the implementation is known to deviate from the
spec.

This also makes it possible to avoid calling into the CSS parser for
actual parsing, which should reduce the amount of special-cases needed
there. This requires a mechanism for disallowing percentage values
though, to properly handle 'cellspacing' on <table>.

[1] https://html.spec.whatwg.org/multipage/infrastructure.html#rules-for-parsing-dimension-values
[2] https://html.spec.whatwg.org/multipage/infrastructure.html#space-character

BUG=668478

Review-Url: https://codereview.chromium.org/2528673003
Cr-Commit-Position: refs/heads/master@{#434678}
mstensho
[LayoutNG] Remove all mentions of NGBox and NGInlineBox.
It's called NGBlockNode and NGInlineNode now.

Also removed an old TODO about common base class for NGBlockNode and
NGInlineNode. They do have a common base class now.

Review-Url: https://codereview.chromium.org/2530083003
Cr-Commit-Position: refs/heads/master@{#434630}
mstensho
Remove spurious Ctrl+Y character from paint invalidation test.
This caused the test to fail for me, when run locally.

Review-Url: https://codereview.chromium.org/2529843002
Cr-Commit-Position: refs/heads/master@{#434579}
mstensho
[LayoutNG] Simplify NGBox::CanUseNewLayout().
Review-Url: https://codereview.chromium.org/2535533002
Cr-Commit-Position: refs/heads/master@{#434555}
mstensho
[LayoutNG] Typos in ComputeMinAndMaxContentSizes() documentation.
Review-Url: https://codereview.chromium.org/2526223004
Cr-Commit-Position: refs/heads/master@{#434525}
mstensho
[LayoutNG] Unit tests for MinAndMaxContentSizes::ShrinkToFit().
Also DCHECK in the implementation that max_content isn't less than min_content.

Review-Url: https://codereview.chromium.org/2528433006
Cr-Commit-Position: refs/heads/master@{#434458}
rune
Check for styleResolver() in preparation for async style update.
Currently, active stylesheets are appended to ScopedStyleResolver
through the StyleResolver. When we move to async stylesheet update with
ActiveStyleSheets being appended from StyleEngine, styleResolver() is
typically null the first time we update the active stylesheets.

Add a null check before accessing styleResolver() when adding
@font-face rules.

R=nainar@chromium.org,meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2522423002
Cr-Commit-Position: refs/heads/master@{#434437}
mstensho
Set the inline position of floats a bit later.
No need to do it so early, since nobody cares about its position at this point.
This means that there's also no need to update it after having been pushed down
by pagination. As long as we set it before positioning subsequent floats or
other types of content, we're good.

Also store margins as local variables. No huge gain, apart from prettier code
with fewer breaks.

No behavior changes intended.

Review-Url: https://codereview.chromium.org/2511283003
Cr-Commit-Position: refs/heads/master@{#434388}
rune
Move MediaQueryResults to RuleFeatureSet.
The existing code only cleared the query results on the StyleResolver
when the StyleResolver was cleared. That meant we could end up in a
situation where the result list was ever-growing. That wasn't a big
issue in practice as the StyleResolver would be cleared quite often on
stylesheet changes. However, that will change when the RuleSet based
style invalidation is enabled.

We move the media query results to RuleFeatureSet so that:

- Results for @media rules are stored in RuleFeatureSet instead of
  RuleSet.
- Results for media attributes are stored in the ScopedStyleResolver
  when added instead of appending them directly to StyleResolver.
- Accumulated results for all scopes are stored in CSSGlobalRuleSet
  on StyleEngine instead of StyleResolver and are accumulated with
  other rule features in ScopedStyleResolver::collectFeaturesTo().

This CL introduces StyleEngine::ruleSetForSheet() for evaluating the
media attribute of the stylesheet node and create the RuleSet if the
media attribute matches. That way we are able to make the
MediaQueryEvaluator private to StyleEngine. Also, this method is
required when we start using ActiveStyleSheets.

R=meade@chromium.org
BUG=567021,614026

Review-Url: https://codereview.chromium.org/2528633003
Cr-Commit-Position: refs/heads/master@{#434383}
rune
Force adding sheets and recalc for html import re-ordering.
When we remove an import link and re-insert it into the document, the
import Document and CSSStyleSheet pointers are persisted. That means the
comparison of active stylesheets is not able to figure out that the
order of the stylesheets have changed after insertion.

We fall back to re-add all sheets to the scoped resolver and recalculate
style for the whole document if we remove an import in case it is re-
inserted into the document. The assumption is that removing html imports
is very rare.

For re-ordering of link rel=stylesheet the CSSStyleSheet object is
cleared on removal and recreated on insertion. Since the active
stylesheet list keeps references to CSSStyleSheet, CSSStyleSheet
pointers will not be re-used.

R=meade@chromium.org
TEST=fast/html/imports/import-readd-*
BUG=567021

Review-Url: https://codereview.chromium.org/2519393002
Cr-Commit-Position: refs/heads/master@{#434374}
rune
Check explicitly for style invalidation/recalc in @font-face test.
needsLayoutTreeUpdate will return true for needing to update the global
ruleset for async style update. Even if the test only tries to add a
@font-face rule, we unconditionally recollect the CSSGlobalRuleSet when
stylesheets are added or removed.

Instead check that adding a @font-face rule in a shadow tree does not
cause style invalidation or recalc.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2520263002
Cr-Commit-Position: refs/heads/master@{#434367}
wdzierzanowski
Adjust VideoRendererAlgorithm for |frame_dropping_disabled_|
This makes video frame hashing in tests immune to timing variations that
are inherent in the rendering algorithm.

BUG=663709
TEST=media_unittests pass, new unit test VideoRendererAlgorithmTest.EffectiveFramesQueuedWithoutFrameDropping

Review-Url: https://codereview.chromium.org/2502093002
Cr-Commit-Position: refs/heads/master@{#434350}
mstensho
EDisplay enum class: Rename [Inline]Box to Webkit[Inline]Box.
The "box" and "inline-box" values (or rather: "-webkit-box" and
"-webkit-inline-box") for "display" are for an early-stage version of the
flexbox spec, which the web embraced before the flexbox spec got around to
going CR (which uses the values "flex" and "inline-flex" instead).

Furthermore: Having both EDisplay::InlineBox enum value and the InlineBox class
(in Source/core/layout/line/InlineBox.h) confuses the symbol lookup in gdb,
which causes a ~40 seconds freeze [1] when working on something that involves the
InlineBox class.

[1] For component builds with gdb_index set to true in gn

BUG=655961

Review-Url: https://codereview.chromium.org/2524903003
Cr-Commit-Position: refs/heads/master@{#434316}
mstensho
No need to force relayout of children when page logical height changes.
Also removed an ignored out-parameter hasSpecifiedPageLogicalHeight from
checkForPaginationLogicalHeightChange().

Review-Url: https://codereview.chromium.org/2509323005
Cr-Commit-Position: refs/heads/master@{#434290}
rune
Move MediaQueryEvaluator from StyleResolver to StyleEngine.
The plan is to move active stylesheet update and viewport/device-
dependent media query results from StyleResolver to StyleEngine which
means it makes sense to move the MediaQueryEvaluator there as well.
That means that the StyleResolver will temporarily ask the StyleEngine
for the evaluator when needed.

See https://codereview.chromium.org/1913833002/ for planned changes.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2521063005
Cr-Commit-Position: refs/heads/master@{#434144}
fs
Apply the font scale factor when generating stroke geometry for <text>
Because of the special font scale factor applied to <svg:text> to bring
it into a pseudo "host" transform, the stroke geometry would end up
being generated in/relative to the wrong coordinate space.
Apply the same scale to dash-related properties as was previously
applied to stroke-width.

BUG=667453
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2513343005
Cr-Commit-Position: refs/heads/master@{#434135}
mstensho
Make auto-scrollbar shrink-to-fit test more evil.
Be sure to have laid out before making style changes.

Review-Url: https://codereview.chromium.org/2521193002
Cr-Commit-Position: refs/heads/master@{#434128}
mstensho
invalidateColumnSets() doesn't need to mark anything for layout.
Review-Url: https://codereview.chromium.org/2522453003
Cr-Commit-Position: refs/heads/master@{#433952}
mstensho
Add test for line float that removes a tall unbreakable block child.
Review-Url: https://codereview.chromium.org/2521963002
Cr-Commit-Position: refs/heads/master@{#433910}
mstensho
Move stuff from layoutBlockFlow() into new method addOverhangingFloatsFromChildren().
+ some cleanup in the vicinity.

Review-Url: https://codereview.chromium.org/2515303003
Cr-Commit-Position: refs/heads/master@{#433886}
sigbjornf
Drop finalization for ElementShadows.
The empty destructor serves no purpose now, so let it go.

R=
BUG=

Review-Url: https://codereview.chromium.org/2485373003
Cr-Commit-Position: refs/heads/master@{#433844}
sigbjornf
XMLHttpRequest.abort(): follow spec wrt readyState transitions.
readyState is now only set to UNSENT if abort() is called on an object
with readyState in a DONE state.

R=tyoshino,yhirano
BUG=667294

Review-Url: https://codereview.chromium.org/2517173002
Cr-Commit-Position: refs/heads/master@{#433840}
sigbjornf
Enable precompiled headers for Blink on Windows.
One reason Blink is slow to compile is that there is a lot of code
included in every compilation unit. This is partly because everything
depends on either LayoutObject.h or Document.h and those in turn
include huge portions of the rest of Blink.

By precompiling LayoutObject.h and Document.h, the compilation of
core/ and modules/ in Blink can be considerably reduced;
some numbers:

@ r433149       config      build (mins)  size (Kb)
------------------------------------------------
master:         Debug       149:30        9410487
master:         Release     176:16        6118938

opera-pch[2]:   Debug       134:59        9337121
opera-pch[2]:   Release     160:42        6110812

opera-pch[3]:   Debug        93:06        8935714
opera-pch[3]:   Release     108:34        5029242

This for a clean build of target 'blink_tests', i.e., building
both chromium and blink parts. The gains are all local to Blink,
clearly. Host is an i7-3770 (4 phys cores); 32G + 256 SSD -
Win7 Pro.

The precompiled header file is judiciously (and forcefully) included
while compiling the core/ + web/ (and some of modules/) sources. Except
for some name disambiguation trivia when compiling the XPath grammar,
no source changes are needed to make this work out.

Note that distributed compilation system disables precompiled headers
globally so this will *not* make trybots faster. But many developers
don't have access to such super powers.

This already landed[1] in the gyp/VS2013 world some time ago but
unclear & unexplained bot failures caused a revert. Now with gn and
VS2015 the world should be a better place. This CL actually takes over
where [2] got stuck / ran out of time, extending its scope quite
considerably (i.e., 40 mins faster builds wrt the above pch numbers.)

[1] https://codereview.chromium.org/1167523007/
[2] https://codereview.chromium.org/2152783002/
[3] this CL.

Note sheriffs: should unexplained Windows build errors surface on the bots,
similar to the ones seen in crbug.com/511945, then please consider this CL a suspect.
This was with GYP and earlier MSVC toolchains; we have no reason to believe the problem
was fixed with GN and MSVC2015, we're just hoping for the best.

R=
BUG=495697
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2520863002
Cr-Commit-Position: refs/heads/master@{#433832}
fs
Repaint SVG subtree on viewport changes (resize)
When the (outermost) <svg> is sized using percentages, and an ancestor
changes size, the LayoutSVGRoot will be marked for layout (even though
the dimension/initial viewport changes.)
Since changed dimensions can imply a new scale factor (for instance from
interactions with a viewBox) or previously clipped content being
exposed, we need to issue paint invalidations for the entire SVG.

BUG=665912

Review-Url: https://codereview.chromium.org/2511353002
Cr-Commit-Position: refs/heads/master@{#433622}
sigbjornf
HashTable: bring per-table stats tracking back to life.
Recording per-hash table stats (DUMP_HASHTABLE_STATS_PER_TABLE)
broke with the introduction of Oilpan, as the feature depended
on finalizable HashTable<>s, something Oilpan heap hash tables
are not.

If the hash table resides on the Oilpan heap, arrange for the
stats object to also reside there.

While here, also unify the handling of global HashTable stats
recording and the per-table representation.

R=
BUG=

Review-Url: https://codereview.chromium.org/2511983003
Cr-Commit-Position: refs/heads/master@{#433494}
sigbjornf
DOMMatrix: add missing propagation of exceptions.
R=
BUG=659899,388780

Review-Url: https://codereview.chromium.org/2514453005
Cr-Commit-Position: refs/heads/master@{#433449}
mstensho
Force re-layout of a float when we just became unfragmented.
We need to re-lay out a float if we cease to be fragmented, in order to remove
any pagination struts that may previously have been set inside.

This is an addition to https://codereview.chromium.org/2454083002 , which fixed
something similar for regular in-flow blocks.

Review-Url: https://codereview.chromium.org/2512163002
Cr-Commit-Position: refs/heads/master@{#433221}
mstensho
If an object's containing block is in a flow thread, so is the object.
Remove harmful condition in LayoutState that the object not be out-of-flow.

Boring details:

In simplified layout of an absolutely positioned object inside a multicol
container we'd fail to realize that we were paginated, and therefore wouldn't
insert pagination struts. This was only problematic for simplified layout. In
normal non-simplified layout, we'd pass a non-zero page logical height to
LayoutState() when entering the flow thread, and, even if the LayoutState of
the absolutely positioned descendant would have no flow thread associated with
it, it would still become m_paginated, thanks to the non-zero page logical
height. Which was enough to get the machinery to insert struts.

BUG=589004

Review-Url: https://codereview.chromium.org/2516463003
Cr-Commit-Position: refs/heads/master@{#433220}
mstensho
Improve strut handling in initial column balancing pass.
Only use the pagination strut from the first object or line (in each parallel
flow [1]) that we find at a page break. When we need to break before some
content, we may end up setting the pagination strut on some ancestor of said
content, rather than on the content (layout object or line box). This happens
when there's no break opportunity (class A, B or C break point [2]) before the
content that doesn't fit in its current fragmentainer (there's no break
opportunity before the first line in a block, for instance). In such cases we
need to propagate the strut to some ancestor that comes after a valid break
opportunity. In such situations, there'll be severeal layout objects or line
boxes that start at the exact top of the next fragmentainer. Only the first
object in layout tree order will have the strut. Subsequent objects (children,
typically) or lines that also are flush with the top of the fragmentainer will
have a strut of 0. We shouldn't overwrite the actual strut with 0, or we risk
overstretching the columns. At each break we need to know the exact amount of
space that was "wasted" because of the break, and subtract it, in order to
calculate a minimal column height.

[1] https://www.w3.org/TR/css-break-3/#parallel-flows
[2] https://www.w3.org/TR/css-break-3/#possible-breaks

We also need to make sure that we associate breaks with the right column when
balancing, i.e. the former column, not the latter. This distinction matters if
the pagination strut is 0 and we're at the exact top/bottom of some column.

This CL also enables using specified column height even when balancing a
multicol container. It may be that the final column height will actually be the
same as the specified height, which means that if we set it right away, we
might be able to eliminate a subsequent layout pass [1]. Almost more importantly,
doing this will exercise code in the column balancer that was previously only
used when balancing inside nested multicol. This in turn means that it will
become less cumbersome to write tests for this code, and hopefully more
difficult for bugs to hide in there as well.

[1] LayoutTests/paint/invalidation/column-rules-fixed-height.html no longer
requires the contents of the multicol container to be relaid out when
column-rule changes.

Review-Url: https://codereview.chromium.org/2509813004
Cr-Commit-Position: refs/heads/master@{#433166}
sigbjornf
XMLHttpRequest: check if 'loadstart' handler cancelled send().
'loadstart' is dispatched to both 'download' and upload event handlers
while initiating a send() operation. Should those event handlers cause
the ongoing send operation to be aborted/stopped/cancelled, this outer
send() operation shouldn't proceed upon return.

R=yhirano
BUG=642242

Review-Url: https://codereview.chromium.org/2507773002
Cr-Commit-Position: refs/heads/master@{#433157}
mstensho
isPageLogicalHeightKnown() doesn't need a parameter.
If page logical height is (un)known, it's (un)known throughout the entire
fragmentation context, so location doesn't matter.

Review-Url: https://codereview.chromium.org/2514573002
Cr-Commit-Position: refs/heads/master@{#433145}
mstensho
Introduce adjustFloatLogicalTopForPagination(), to offload positionAndLayoutFloat().
Also renamed a variable from childBox to child in positionAndLayoutFloat().

BUG=663942

Review-Url: https://codereview.chromium.org/2513643002
Cr-Commit-Position: refs/heads/master@{#433143}
mstensho
Rename positionNewFloats() to placeNewFloats().
This will distinguish it better from the method named "positionAndLayoutFloat".

Also be explicit about the fact that we use the top margin edge when
positioning floats, as opposed to the top border edge, which is common for all
other object types. So "logicalTop" usually means the logical top of the border
edge. Therefore, use "logicalTopMarginEdge" for floats.

No behavioral changes, just cleanup.

BUG=663942

Review-Url: https://codereview.chromium.org/2505943003
Cr-Commit-Position: refs/heads/master@{#432895}
mstensho
Let lowestFloatLogicalBottom() take EClear instead of FloatingObject::Type
Review-Url: https://codereview.chromium.org/2505853004
Cr-Commit-Position: refs/heads/master@{#432801}
sigbjornf
DOMParser: handle use from contexts without an "active document".
Handle detached uses of parseFromString(), where there is no context
document to inherit the security origin from.

Relevant spec reference,

 https://w3c.github.io/DOM-Parsing/#dom-domparser-parsefromstring

R=
BUG=664399

Review-Url: https://codereview.chromium.org/2509813002
Cr-Commit-Position: refs/heads/master@{#432782}
rune
No forced active stylesheet recollect when pending sheets reach 0.
We forced a FullStyleUpdate which causes an active stylesheet update
for all tree scopes in the presence of placeholder style. What we need
to do for placeholder style is to trigger a full style recalc. For
instance, we don't need to update active stylesheets in shadow trees
if the last blocking resource that finishes loading is a document scope
stylesheet or import.

BUG=567021

Review-Url: https://codereview.chromium.org/2500923002
Cr-Commit-Position: refs/heads/master@{#432630}
mstensho
When placing a float, pay attention to its final logical top.
Subsequent floats may not be placed above this location.

BUG=665804

Review-Url: https://codereview.chromium.org/2504173002
Cr-Commit-Position: refs/heads/master@{#432503}
rune
Let querySelector(All) match (nth-)last with unclosed parent.
While parsing, we don't match :last*, :nth-last* etc until we finish
parsing children to avoid alternating between different computed styles
during loading. For querying selectors, however, we should. I couldn't
find this explicitly mentioned in w3c or whatwg specs for
querySelector(All), but Firefox and IE does this.

This could happen if you have:

<body>
  <p></p>
  <p></p>
  <script>document.querySelector("p:last-of-type")</script>
</body>

Adding expectations file for a wpt which now fails. The modifications
to the test has been upstreamed to the github repo. See PR [1].

[1] https://github.com/w3c/web-platform-tests/pull/4216

R=sashab@chromium.org
BUG=662036

Review-Url: https://codereview.chromium.org/2505543004
Cr-Commit-Position: refs/heads/master@{#432493}
hugoh
Add missing include of errno.h
This allows us to build the object file independently.

BUG=none

Review-Url: https://codereview.chromium.org/2501323002
Cr-Commit-Position: refs/heads/master@{#432459}
sigbjornf
Media element: avoid v8 allocations in hasPendingActivity().
Blink code is not allowed to allocate objects on the v8
heap while its GC calls out to hasPendingActivity();
re-entrancy is not supported.

Hence, disable 'officialPlaybackPosition' updates while
in hasPendingActivity(), as that will trigger v8
allocations by way of microtask allocations.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/2498033002
Cr-Commit-Position: refs/heads/master@{#432453}
fs
Use an SVGElementProxy in ReferenceClipPathOperation
This transforms ReferenceClipPathOperation into using the SVGElementProxy
mechanism. Currently only for PaintLayer clients.

PaintLayerFilterInfo is generalized to PaintLayerResourceInfo and used as
the proxy/resource client for the 'clip-path' property. This enables change
notifications to flow back to the PaintLayer from the <clipPath> subtree.

The SVGElementProxySet is made a little bit generic by moving it to
SVGElementRareData, however it's still only made available for the few element
types that are used with it.

BUG=391604
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2484153003
Cr-Commit-Position: refs/heads/master@{#432193}
rune
Make updateStyleAndLayoutTree ready for async stylesheet update.
Introduce Document::updateActiveStyle() and corresponding
updateActiveStyle()/updateActiveStyleSheets() methods in StyleEngine to
prepare for doing active stylesheet updates as part of
updateStyleAndLayoutTree.

We move updateViewport() to updateActiveStyle() as the first step. This
is done by removing the synchronous calls to ViewportStyleResolver::
updateViewport() and instead schedule a layout tree update. In order to
trigger actual work to be done when the layout tree update happens, we
need to return true from Document::needsFullLayoutTreeUpdate() when we
need an active style update (for viewport atm).

BUG=567021

Review-Url: https://codereview.chromium.org/2484863003
Cr-Commit-Position: refs/heads/master@{#432182}
sigbjornf
Tidy up ScriptLoader (MIME) type matching.
MIME is case-insensitively handled within Blink, so remove some
unnecessary normalization of MIME type (and "language=") strings
in ScriptLoader.

R=
BUG=

Review-Url: https://codereview.chromium.org/2497873002
Cr-Commit-Position: refs/heads/master@{#432162}
sigbjornf
XMLHttpRequest: implement "send() flag" tracking and updating per spec.
The implementation has until now tracked/approximated the spec's
"send() flag"[1] by checking if the XMLHttpRequest object had an active
loader. That object does not have lifetime equal to what the spec
requires for the "send() flag", nor is the loader set for sync XHR
send()s.

There's no good reason to hold out on tracking this flag per spec,
so introduce it here.

[1] - https://xhr.spec.whatwg.org/#send-flag

R=yhirano
BUG=649516

Review-Url: https://codereview.chromium.org/2496933002
Cr-Commit-Position: refs/heads/master@{#432148}
sigbjornf
ContentSecurityPolicy: avoid defining static String singletons.
As CSP is used by multiple threads, we cannot define string literals
in terms of DEFINE_STATIC_LOCAL(). Follow what is done elsewhere
for ContentSecurityPolicy and resort to using plain string literals.

R=
BUG=

Review-Url: https://codereview.chromium.org/2497543003
Cr-Commit-Position: refs/heads/master@{#431956}
fs
Refactor CSS property mapping for SMIL Animation
Currently the SMIL code relies on 'attributeName' mapping 1:1 to the
CSS property name. This would not work with for instance with
'gradientTransform', which is supposed to map to the 'transform'
property.

To support this, store a CSS property id in SVGAnimatedTypeAnimator, and
use the CSS property id stored in SVGAnimatedProperty to populate it when
possible (using the current method in other cases.)

While doing this, also remove the stored 'context element' from
SVGAnimatedTypeAnimator, since it's only used in the reset(...) method,
and hence can simply be passed as an argument.

Also cleanup the uses of a CSSPropertyID in SVGAnimateElement (the sole
user of SVGAnimatedTypeAnimator) by using the stored CSS property id.

Make SVGAnimateElement::shouldApplyAnimation return bool, and use the
data from the SVGAnimatedTypeAnimator instead to determine which
animation code-path to use.

BUG=369942,641437

Review-Url: https://codereview.chromium.org/2496583002
Cr-Commit-Position: refs/heads/master@{#431862}
pmajewski
gn: Include source files outside the source root for Xcode workspace
This change unifies Xcode workspaces with projects for other IDEs.

BUG=n/a

Review-Url: https://codereview.chromium.org/2489673004
Cr-Commit-Position: refs/heads/master@{#431856}
sigbjornf
Remove Deque<>::findIf<>().
This function template is unused, and any future uses are
better served by using <algorithm>'s std::find_if().

R=
BUG=

Review-Url: https://codereview.chromium.org/2500763002
Cr-Commit-Position: refs/heads/master@{#431855}
sigbjornf
Internals.setValueForUser(): add argument type check.
R=tkent
BUG=642066

Review-Url: https://codereview.chromium.org/2500793002
Cr-Commit-Position: refs/heads/master@{#431845}
mstensho
InitialColumnHeightFinder needs to take all expected rows into account.
When a balanced multicol is nested inside another balanced multicol, it will
not be able to create any fragmentainer groups in the first layout pass, since
the height of the outer columns is still unknown.

We need to detect this situation, so that we don't limit the number of content
runs (content portions without explicit breaks) to the used value of
column-count. We are going to need ALL content runs, and group them into
imaginary rows, to figure out a minimal height of the entire inner multicol
container in the first balancing pass.

This will help set a better initial outer column height, and, more importantly,
set some sensible height on the inner multicol container right away, so that
we're not going to believe that it's super-short, which might prevent us from
marking it for re-layout when the outer coulmns have been sized.
childNeedsRelayoutForPagination() would simply fail to see that it's actually
going to cross outer column boundaries, and just bail.

We also treat tallestUnbreakableLogicalHeight() somewhat differently in such
situations. We require that the last "row" alone (rather than the entire
multicol container) be at least as tall as this.

Broke a newFragmentainerGroupsAllowed() out of
appendNewFragmentainerGroupIfNeeded(), since the column balancer code now also
needs to know when we're nested but are not allowed to create fragmentainer
groups.

Some, but not all, new tests used to fail before the code changes in this CL.
The passing ones are there to point out regressions that I nearly introduced
while working on this CL.

This is a patch in preparation for removing the relayoutChildren = true thing
in LayoutBlockFlow::layoutBlockFlow() when page logical height changes.

Review-Url: https://codereview.chromium.org/2493833004
Cr-Commit-Position: refs/heads/master@{#431844}
sigbjornf
Make FileReader.abort() (synchronously) follow the spec.
It is problematic to cancel a ThreadableLoader (by way of FileReaderLoader)
while it is on the stack, which is one of the steps involved when
abort()ing a reader (as part of the "terminate" step.) To avoid such
potential trouble, the loader termination is done asynchronously.

However, there's no good reason to delay performing the other (user
visible) abort() steps, so arrange for that to happen and align with
the spec & others.

R=jsbell
BUG=288349

Review-Url: https://codereview.chromium.org/2491363003
Cr-Commit-Position: refs/heads/master@{#431639}
rune
Match camelCased SVG attributes selectors in html documents.
Attribute names are stored lower-case in stylesheets in HTML documents.
SVG attribute names are normalized to the camelCase form in HTML
documents. That meant SVG attributes with camelCase like viewBox never
matched in HTML documents.

We had the same issue for camelCased element names in [1]. In that CL
we decided to allow insensitive matching for non-html elements in order
to avoid having to store the tag names twice in CSSSelector, even if
that is wrong according to the HTML spec. This CL does exactly the same
for attribute selectors.

[1] https://crrev.com/bab4aa7b9

R=sashab@chromium.org,esprehn@chromium.org
BUG=663798

Review-Url: https://codereview.chromium.org/2490393002
Cr-Commit-Position: refs/heads/master@{#431544}
sigbjornf
Support fetching attribute listeners from outside v8 context scopes.
A number of the <body> element's event handler attributes represent
and expose event handlers on the window object, hence the parser
will update & replace attribute event listeners while parsing the
attributes. This may well happen while executing outside any v8
context; adjust the lookup of attribute event listeners
to support such usage.

R=haraken
BUG=659911

Review-Url: https://codereview.chromium.org/2492793002
Cr-Commit-Position: refs/heads/master@{#431509}
rune
Skip independent inherited property propagation to pseudo elements.
UpdatePseudoElements and IndependentInherit conflict in the following
way. If we both have an independent inherit change on the actual dom
element, and we detect that we need to update the style for the pseudo
element we need to signal the inheritance propagation to the real dom
children and signal the pseudo element recalc to the pseudo element
children. If we return IndependentInherit, we lose the information
about the need for a pseudo element recalc, and if we return
UpdatePseudoElement, we lose the inheritance propagation for the actual
dom children.

We could introduce a new IndependentInheritAndUpdatePseudoElements, but
if there exists pseudo element, we would always return this constant,
so instead just force recalc on pseudo elements on IndependentInherit.

R=sashab@chromium.org
BUG=660735,660089,657283

Review-Url: https://codereview.chromium.org/2492783002
Cr-Commit-Position: refs/heads/master@{#431430}
mstensho
Split positionAndLayoutFloat() off positionNewFloats().
Float layout is somewhat broken when it comes to fragmentation (multicol,
printing). We're going to have to make sure that we always position the
float before laying it out, and, after layout, insert a break before it if
needed. This is a preparatory CL for that.

We currently lay out a float e.g. in insertFloatingObject() without
worrying about setting the position first.

No behavior changes intended.

BUG=663942

Review-Url: https://codereview.chromium.org/2486413002
Cr-Commit-Position: refs/heads/master@{#431422}
sigbjornf
IDBObserver does not need to be GC finalizable.
R=haraken
BUG=

Review-Url: https://codereview.chromium.org/2493713002
Cr-Commit-Position: refs/heads/master@{#431268}
fs
Reland of "Tracking reference filter mutation via SVGElementProxy"
This introduces SVGElementProxy - a new piece with the functionality of
DocumentResourceReference and the ReferenceFilterBuilder merged. It
provides the means to track clients of a certain element (only
SVGFilterElements for now, but will likely be extended to other types if
it ends up sticking.) An SVGElementProxy is created, and primarily
owned, by CSSURIValue. The proxy also handles loading of a resource
document, if requested.

Clients are SVGResourceClients, like before, with methods/callbacks
renamed. Some of the old functionality of SVGResourceClient has either
been moved to clients, to the proxy or been replaced with different
solutions.

Mutations to the element/subtree is signaled separately from any
potential changes to the actual reference (anything that might
invalidate the element reference.)

Fixed an issue from [1] where an observer would be removed too early if
there was several clients sharing it, causing crashes.

[1] https://codereview.chromium.org/2401343002

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2490163002
Cr-Commit-Position: refs/heads/master@{#431235}
fs
Store CSSPropertyID in SVGAnimatedPropertyBase
With an increasing amount of SVG attributes being "promoted" to
presentation attributes, it makes sense to try to keep the property
mapping with the other attribute related data.
To make room for these additional bits in SVGAnimatedPropertyBase, pack
some of its fields into a bitfield:

 * m_isReadOnly only needs a single bit.
 * m_type only need room for 21 different values, so 5 bits should
   suffice.

With this new field in place, plumb it through for SVG element
attributes, then, as a start, use the SVG property map to simplify the
implementations of isPresentationAttributeWithSVGDOM and
isPresentationAttribute.

This could also be used to provide storage for attribute initial values
in the future (crbug.com/225807.)

BUG=225807,369942

Review-Url: https://codereview.chromium.org/2485663002
Cr-Commit-Position: refs/heads/master@{#431229}
rune
Moved applyRuleSetChanges functions to StyleEngine.
A lot of the side effects were calls to StyleEngine, so moved the
method there instead. Also fixed the TODO for adding the call to make
CSSGlobalRuleSet dirty.

BUG=567021

Review-Url: https://codereview.chromium.org/2487653002
Cr-Commit-Position: refs/heads/master@{#431227}
mstensho
Let positionNewFloats() take a logicalTop parameter.
It seemed ugly to temporarily change the logical height before calling
positionNewFloats(), just to make the method behave.

Review-Url: https://codereview.chromium.org/2483023002
Cr-Commit-Position: refs/heads/master@{#431115}
tsniatowski
Fix a subtle proguard incremental build error
Prevent a confusing incremental build failure where proguard would
read and write to the same file accidentally, failing hard. Can
happen after switching the build from not using proguard, where the
output jar is a gn-copy hardlink to the input jar, to using proguard,
where the output is written to by a script reading from the input jar.

Fix by checking if the output is not a hardlink to the input in the
wrapper script.

NB. The build normally uses proguard on an apk, but makes it possible
to try and only proguard a single jar, and the bug potentially only
happens in this case.

Review-Url: https://codereview.chromium.org/2485663003
Cr-Commit-Position: refs/heads/master@{#430890}
mstensho
Before turning objects into spanners, check that they are not already spanners.
During style recalculation, we may end up in a situation where we think that we
go from a state where an object couldn't contain spanners, to being able to
contain them, while in reality, the object was able to contain spanners all
along.

This happens when changing the writing mode on the multicol container and all
objects in the parent chain between the spanner and the multicol container (and
there is nothing that prevents the descendant from being a spanner). The
problem is that when determining whether an object is a writing mode root, we
compare the object's writing mode to that of its parent. If they are different,
we decide that it's a writing mode root. However, if we're in styleWillChange()
for said object, and its writing mode is actually about to change to the same
value as that of the parent, there'll be no writing mode root in the end.
Still, we're going to think that we used to be a writing mode root (i.e. not be
able to contain spanners).

It would be possible to fix it for writing mode roots, to provide a reliable
implementation of isWritingModeRoot(), by using a bit in LayoutObject to
specify whether it's a writing mode root, rather than using current computed
style to determine that. Using computed style during style recalculation is
risky. That said, it's probably better to be fault-tolerant for such situations
in toggleSpannersInSubtree() instead, especially since may be other (unknown,
at the time being) scenarios where this situation may occur.

BUG=662754

Review-Url: https://codereview.chromium.org/2485173002
Cr-Commit-Position: refs/heads/master@{#430887}
rogerj
Build v8 snapshot with correct default float configuration on Linux ARM
V8 currently defaults to arm_float_abi="hard" and arm_use_neon=true but
the V8 snapshot defaults to arm_float_abi="softfp" and arm_use_neon=false
on Linux ARM builds.

This patch makes both targets default to hard + neon by changing the
"is simulator build" check from comparing current_cpu with v8_current_cpu
to comparing target_cpu with v8_target_cpu instead. Similarly to how it is
checked in v8/BUILD.gn.

BUG=662856

Review-Url: https://codereview.chromium.org/2483153004
Cr-Commit-Position: refs/heads/master@{#430776}
fs
Tracking reference filter mutation via SVGElementProxy
This introduces SVGElementProxy - a new piece with the functionality of
DocumentResourceReference and the ReferenceFilterBuilder merged. It
provides the means to track clients of a certain element (only
SVGFilterElements for now, but will likely be extended to other types if
it ends up sticking.) An SVGElementProxy is created, and primarily owned,
by CSSURIValue. The proxy also handles loading of a resource document, if
requested.

Clients are SVGResourceClients, like before, with methods/callbacks
renamed. Some of the old functionality of SVGResourceClient has either
been moved to clients, to the proxy or been replaced with different
solutions.

Mutations to the element/subtree is signaled separately from any
potential changes to the actual reference (anything that might invalidate
the element reference.)

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2401343002
Cr-Commit-Position: refs/heads/master@{#430550}
mstensho
There should never be unplaced floats from other blocks.
When positioning new floats in a block, all unplaced floats should belong to
said block. If we find unplaced floats from other blocks, someone somewhere
must have forgotten to place them on their own.

No need for code to skip such floats. DCHECK instead.

Review-Url: https://codereview.chromium.org/2479173002
Cr-Commit-Position: refs/heads/master@{#430544}
fs
Use range-based for in toCompositorTransformOperations
Avoids the awkward-looking indexing expressions. Make casted operations
const while at it.

Review-Url: https://codereview.chromium.org/2473013002
Cr-Commit-Position: refs/heads/master@{#430247}
rune
Don't use url from ImageResource for computed style.
ImageResource objects are shared between urls which only differ in
fragment identifier. The fragment identifier of the first requested url
is stored on ImageResource. That gave incorrect results when requesting
computed style values of backgroundImage for pseudo elements.

Use the url which is stored on StyleFetchedImage instead.

R=timloh@chromium.org
BUG=661998

Review-Url: https://codereview.chromium.org/2474093003
Cr-Commit-Position: refs/heads/master@{#430246}
mstensho
Don't include LayoutObject-derived headers where not needed.
Or, if a LayoutObject-derived header is still required, pick the most generic
one possible.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2474603002
Cr-Commit-Position: refs/heads/master@{#430165}
mstensho
Descendants may become or cease to be spanners when an ancestor changes style.
When building the tree, when inserting something that looks like a
column spanner, we first examine all the parents all the way up to the
multicol container, to make sure that they are all valid spanner
containers. This already works fine.

In our implementation, a valid column spanner container is, roughly, a
"regular" in-flow block. Among other things, it may not establish a
new block formatting context. Nor transforms. And a few other
things.

If the style of a valid column spanner container changes, it may end
up as no longer being a valid spanner container, and vice versa: an
invalid spanner container may become a valid spanner container, all of
a sudden.

Detect this during style change. If a block ceases to be a valid
spanner container, we need to check its subtree for spanners, and turn
them into regular column content. And, vice versa, if a block is
turned into a valid spanner container, we need to check its subtree
for column-span:all objects, which may have to be changed from regular
column content into spanners.

BUG=661761

Review-Url: https://codereview.chromium.org/2479873002
Cr-Commit-Position: refs/heads/master@{#430005}
rune
Link stylesheets in shadow trees do not belong to document scope.
We have incorrectly kept DCHECKs checking that stylesheets in shadow
trees come from style elements. That is no longer true, and modifying
link elements in shadow trees would trigger some of these DCHECKs.

Also, we simply used Document as the TreeScope handling link elements.
Always use the treeScope() from the associated node instead. Using the
wrong TreeScope in these cases would cause missing updates of active
stylesheets in ShadowTreeStyleSheetCollections for AnalyzedStyleUpdate.
I have not been able to find a triggering test case for this.

R=hayato@chromium.org,kochi@chromium.org
BUG=661914

Review-Url: https://codereview.chromium.org/2472973002
Cr-Commit-Position: refs/heads/master@{#429877}
tmoniuszko
Add missing web_contents.h include
BUG=

Review-Url: https://codereview.chromium.org/2473793002
Cr-Commit-Position: refs/heads/master@{#429853}
fs
Mark TranslateTransformOperation final
Nothing derives from it. This also allows devirtualization of the call
to apply() for the 'translate' (independent) property.

BUG=369942

Review-Url: https://codereview.chromium.org/2468303005
Cr-Commit-Position: refs/heads/master@{#429840}
rune
Remove ShadowRoot::numberOfStyles().
This probably used to be an optimization which made sense when we had
<style scoped> implemented. Now, it should be equally cheap to just
check the ScopedStyleResolver member. The ScopedStyleResolver is null
when there are no active stylesheets in the tree-scope.

This also caused issue 659596 because we only registered style elements
and not link elements, which lead the code to believe there were no
rules to match from the scope when there were only link stylesheets
present.

R=kochi@chromium.org,hayato@chromium.org
BUG=659596

Review-Url: https://codereview.chromium.org/2472613004
Cr-Commit-Position: refs/heads/master@{#429824}
mstensho
Properly avoid breaking inside a float's top margin.
We used to depend on stumbling upon unbreakable content (such as lines) at
column boundaries for this to work, but we failed in the really simple cases
(where there was no content at all, for instance).

Move the logic for this to float-specific code, so that we don't have to be
aware of it at several other locations in the code.

Doing this correctly during layout also helps the balancer find the right
column height. Added a test for something that used to fail in this area.

Review-Url: https://codereview.chromium.org/2479483002
Cr-Commit-Position: refs/heads/master@{#429641}
mstensho
Don't let a column spanner affect the self-margin-collapsing state of the parent.
When a spanner is removed from the tree, we mark the container chain for
layout, just like we do when removing any other kind of object. The container
of a spanner is the multicol container, though, so the direct parent of the
spanner may not be marked for layout. And that should not be necessary either,
since the spanner is essentially taken out of normal flow.

We get some marking for layout for free in layoutBlockFlow(), if
pageLogicalHeightChanged, but that only goes one level deep. Eliminate the need
for layout in situations like this.

Prior to this change, we'd fail on an assert that required that the cached
state of self-collapsing be in sync with reality.

Review-Url: https://codereview.chromium.org/2473953003
Cr-Commit-Position: refs/heads/master@{#429638}
mstensho
logicalHeightWithVisibleOverflow() needs to include overhanging floats.
Otherwise we might end up skipping layout of blocks that contain floats
that really need to be relaid out.

We get some marking for layout for free in layoutBlockFlow(), if
pageLogicalHeightChanged, but that only goes one level deep.

Review-Url: https://codereview.chromium.org/2474883002
Cr-Commit-Position: refs/heads/master@{#429611}
fs
Tidy up ComputedStyle::applyTransform
Use range-based for-loops when iterating transform operations (also in
ComputedStyle::requireTransformOrigin), since it's both tidier and
avoids unnecessary index-checks (in operator[].)
Move computation of offsetX/offsetY closer to their point of usage.
Extract the size of the bounding box once, and also drop some unneeded
qualifications of enumeration values.

BUG=369942

Review-Url: https://codereview.chromium.org/2474043002
Cr-Commit-Position: refs/heads/master@{#429598}
karlo
Make offsetTop/Left handle a relative positioned inline offsetParent correctly.
offsetTop and offsetLeft happily ignored the fact that offsetParent could
be a relative positioned inline.

I used the opportunity to change some variable names in
LayoutBoxModelObject::adjustedPositionRelativeTo() in order to hopefully
make it clearer what's going on.

BUG=638184

Review-Url: https://codereview.chromium.org/2414683002
Cr-Commit-Position: refs/heads/master@{#429571}
tsniatowski
Fix a bunch of generated file build flakes in //extensions
Several files in //extensions could randomly fail to build due to
missing dependencies on header generator targets, mostly mojo
and grit. Add the dependencies so builds are not flaky.

BUG=655123

Review-Url: https://codereview.chromium.org/2452943003
Cr-Commit-Position: refs/heads/master@{#429543}
karlo
adjustedPositionRelativeTo() couldn't find offsetParent.
LayoutBoxModelObject::adjustedPositionRelativeTo() could get confused
by inline continuations, and could fail if offsetParent itself was a split
continuation.  If the child belongs to the second part of the continuation,
we'll instead race to the root of the tree.  By comparing with the node instead,
we correctly identify the offsetParent and stop the search.

BUG=638187

Review-Url: https://codereview.chromium.org/2454693003
Cr-Commit-Position: refs/heads/master@{#429541}
fs
Simplify SVG pending resource (re)validation
The contents of the m_pendingResourcesForRemoval map has a lifespan that
does not extend beyond the scope of SVGElement's
buildPendingResourcesIfNeeded() method.
So instead of passing through the map in SVGDocumentExtensions, just
take the corresponding set for the pending 'id' and iterate that
directly, avoiding indirection and complicated removal sequence.
This also allow SVGDocumentExtensions::removeElementFromPendingResources
to be simplified, so do that, and then remove the
m_pendingResourcesForRemoval map from SVGDocumentExtensions.

BUG=661598

Review-Url: https://codereview.chromium.org/2473483004
Cr-Commit-Position: refs/heads/master@{#429539}
mstensho
Remove pageLogicalHeightChanged() from LayoutState.
It was only used from insertFloatingObject(), and in a bogus manner at that.
Added a TODO instead. We haven't even positioned the float at this point, so
attempting layout for pagination here is essentially bad.

We make sure to relayout correctly for pagination when we get to
positionNewFloats() later, anyway.

Review-Url: https://codereview.chromium.org/2467353003
Cr-Commit-Position: refs/heads/master@{#429533}
mstensho
Reland of Improve how the column balancer handles top margins on floats. (patchset #1 id:1 of https://codereview.chromium.org/2468193002/ )
Reason for revert:
csspaint/invalidation-background-image.html was also failing (flaky) before landing this CL.

Original issue's description:
> Revert of Improve how the column balancer handles top margins on floats. (patchset #3 id:40001 of https://codereview.chromium.org/2465363003/ )
>
> Reason for revert:
> Speculative revert to fix csspaint/invalidation-background-image.html failure on "WebKit Win7 (dbg)" bot.
>
> Failed build:
> https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Win7%20%28dbg%29/builds/7961
>
> Original issue's description:
> > Improve how the column balancer handles top margins on floats.
> >
> > Float margins do not collapse with column boundaries, so we should make room
> > for them after the break, if the border box of the float starts in the next
> > column.
> >
> > Let the balancer work on the margin box of the float (and the border box for
> > all other objects). For floats, we want to insert breaks before the
> > margin-before edge, not the border-before edge. This lets us remove
> > some special-code for unbreakable floats in InitialColumnHeightFinder, which
> > was the only place that previously bothered about this.
> >
> > Changed how we determine which objects to process. We used to include the
> > overflow both before and after the border box, but we really don't have to
> > bother with content preceding it, since that shouldn't undergo fragmentation
> > anyway.
> >
> > Discovered (one test regressed) that logicalHeightIncludingOverflow() also
> > included clipped overflow, which certainly wasn't the intention. This didn't
> > make much of a difference as long as the method was only called to check if we
> > could skip re-layout. But now we also use it to determine the column height.
> > Fixed it to only include visible overflow and renamed it to
> > logicalHeightWithVisibleOverflow().
> >
> > Committed: https://crrev.com/7c82da727f64121aa34aa1decf82452c37ef7a2d
> > Cr-Commit-Position: refs/heads/master@{#429245}
>
> TBR=eae@chromium.org,mstensho@opera.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/58f81484437d367285de9f0fc1fdd4034eb5c333
> Cr-Commit-Position: refs/heads/master@{#429265}

TBR=eae@chromium.org,rouslan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2471933002
Cr-Commit-Position: refs/heads/master@{#429415}
mstensho
Move LayerHitTestRects to a separate file.
This way, ScrollingCoordinator.h doesn't need to include LayoutObject.h
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2468073002
Cr-Commit-Position: refs/heads/master@{#429311}
mstensho
Move MapCoordinatesMode and MapCoordinatesFlags to a separate header.
This way, LayoutGeometryMap.h doesn't need to include LayoutObject.h

Review-Url: https://codereview.chromium.org/2472573002
Cr-Commit-Position: refs/heads/master@{#429294}
mstensho
Improve how the column balancer handles top margins on floats.
Float margins do not collapse with column boundaries, so we should make room
for them after the break, if the border box of the float starts in the next
column.

Let the balancer work on the margin box of the float (and the border box for
all other objects). For floats, we want to insert breaks before the
margin-before edge, not the border-before edge. This lets us remove
some special-code for unbreakable floats in InitialColumnHeightFinder, which
was the only place that previously bothered about this.

Changed how we determine which objects to process. We used to include the
overflow both before and after the border box, but we really don't have to
bother with content preceding it, since that shouldn't undergo fragmentation
anyway.

Discovered (one test regressed) that logicalHeightIncludingOverflow() also
included clipped overflow, which certainly wasn't the intention. This didn't
make much of a difference as long as the method was only called to check if we
could skip re-layout. But now we also use it to determine the column height.
Fixed it to only include visible overflow and renamed it to
logicalHeightWithVisibleOverflow().

Review-Url: https://codereview.chromium.org/2465363003
Cr-Commit-Position: refs/heads/master@{#429245}
rune
Make siblingRules and uncommonAttributeRules private.
These vectors only need to be modified inside the RuleFeatureSet class.
Added methods for const access.

R=meade@chromium.org

Review-Url: https://codereview.chromium.org/2469143002
Cr-Commit-Position: refs/heads/master@{#429220}
mstensho
Don't always have to relayout a child when fragmentainer height is unknown.
Fragmentainer height is unknown in the first multicol layout pass, before
the initial balancing attempt. It also happens when we have to restart the
column balancing algorithm (due to dynamic content change, containing block
logical width change, etc.). In this case we only need to relayout if the child
did previously break (because then there may be pagination stuts inside that we
need to clear).

Review-Url: https://codereview.chromium.org/2473433002
Cr-Commit-Position: refs/heads/master@{#429135}
mstensho
Avoid unnecessary relayout of floats when not paginated.
Made a mistake when excluding floats from being considered for pagination
relayout skipping, by ALWAYS marking them for layout, EVEN WHEN NOT PAGINATED.
Make sure that we check that we're paginated first. No need to slow down layout
when not paginated.

Broke the logic for determining whether we need layout or not into a separate
method, so that we don't need a quarter of a dozen calls to
setChildNeedsLayout(). The logic is now reversed; rather than checking if we
don't need layout, we check if we DO need layout. Tried to make the code a bit
clearer, and document what goes on at each step.

Review-Url: https://codereview.chromium.org/2459293004
Cr-Commit-Position: refs/heads/master@{#429051}
rune
Reduce CSSStyleSheet size by moving bool member.
Grouping bool members together saved 8 bytes from 120 to 112 on 64 bit
Linux.

Also started using class initializers, removed unnecessary nullptr
initialization of Member<>, and a 0 -> nullptr.

R=mstensho@opera.com

Review-Url: https://codereview.chromium.org/2469693002
Cr-Commit-Position: refs/heads/master@{#428977}
fs
Rewrite css3/filters/effect-reference-delete.html
Make sure we get a layout+paint before removing the <svg> (w/ descendant
filter) so that we test a proper transition.

Review-Url: https://codereview.chromium.org/2453403002
Cr-Commit-Position: refs/heads/master@{#428706}
fs
Make sure to always reset the cached filter in ReferenceFilterOperation
BUG=658305
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2453033004
Cr-Commit-Position: refs/heads/master@{#428678}
mstensho
Be more restrictive about forcing relayout of children for pagination.
Avoid full subtree re-layouts that could especially occur in tables. This could
slow down printing and multicol by a lot.

This change makes PerformanceTests/Layout/multicol/deeply-nested-tables.html
about 1300 times faster (from 5.1 runs/s to 6813 runs/s when tested
locally). The test in bug 487026 will now show print preview instantly, rather
than taking a couple of minutes to finish.

Store the amount of space used (including the trailing strut) before the first
break (if any) instead of the offset from the top of the first fragmentainer.
We'll use this information in markChildForPaginationRelayoutIfNeeded() to
determine if we really need to force re-layout of some child. We really only
need to force re-layout of a child if there's a chance that it needs to
recalculate its pagination struts. It won't need to recalculate anything if we
know that there were no fragmentainer breaks AND that there won't be any if
we re-lay out. Even if there ARE fragmentainer breaks in there, we can still
skip layout if we know that the breaks will remain at the exact same locations
relative to the child. Store this information after layout by calling
updateFragmentationInfoForChild(). We need to include the overflow portion
after the bottom border edge of the child, since overflow also gets fragmented.

The old implementation of markChildForPaginationRelayoutIfNeeded() re-laid out
everything as long as LayoutState's pageLogicalHeightChanged() was true.
However, this flag is only set when entering layout of some fragmentation
context. Some objects, such as tables, requires multi-pass layout. If the flag
was true the first time the object was laid out, it's going to be true in all
subsequent re-layouts as well, potentially resulting in numerous deep layouts.

BUG=487026

Review-Url: https://codereview.chromium.org/2462643002
Cr-Commit-Position: refs/heads/master@{#428626}
tsniatowski
Add missing generator dependencies in content/renderer/mus
Building //content/renderer/mus could fail due to transitive
dependencies on header generators pulled in via render_frame_impl.h
and render_thread_impl.h (building render_widget_mus_connection.cc
or compositor_mus_connection.cc could fail).

Unfortunately //content/renderer deps on //content/renderer/mus,
so there's no easy way to get these deps for free (cyclic dep).

BUG=655123

Review-Url: https://codereview.chromium.org/2461643002
Cr-Commit-Position: refs/heads/master@{#428428}
tsniatowski
Add a //chrome/common dep to //chrome/browser/devtools
Devtools include chrome/common headers which include the generated
features header, so without the dep the build is flaky.

BUG=655123

Review-Url: https://codereview.chromium.org/2454943004
Cr-Commit-Position: refs/heads/master@{#428413}
rune
Move Document global rule data to CSSGlobalRuleSet.
This CL is split out from [1] with some modifications.

Instead of storing these data in the StyleResolver, create a new class
to store them in StyleEngine instead. See the design document linked
from issue 401359 which talks about moving this content off of
StyleResolver. Also made a note that we should further try to contain
as much of this data as possible per TreeScope to avoid the need for
constantly having to update these meta data for shadow tree
modifications.

We get rid of some of the duplicate storing of some of these features.
See what was previously set on StyleEngine (resetCSSFeatureFlags()).

This is also in preparation for async stylesheet update (issue 567021).
There are few places where we synchronously update this new rule set
directly after marking it as dirty which will happen later when all
parts of [1] lands.

Another synchronous update we will be able to remove later is making
the RuleFeatureSet up-to-date when scheduling style invalidations
(marked as TODOs for sync calls to ensureResolver()). The need for
these calls is supported by the added invalidation tests which would
otherwise fail.

[1] https://codereview.chromium.org/1913833002/

BUG=401359,567021

Review-Url: https://codereview.chromium.org/2451893003
Cr-Commit-Position: refs/heads/master@{#428327}
rune
Missing document null pointer check in Internals.
updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks did not check
if the document was null before using it.

R=nainar@chromium.org
BUG=657443

Review-Url: https://codereview.chromium.org/2461633002
Cr-Commit-Position: refs/heads/master@{#428312}
rune
Use StyleEngine::resetAuthorStyle instead of clearScopedStyleResolver.
The former will make sure the shadow root is removed from
treeBoundaryCrossingScopes appropriately.

This code is not in production yet, so there were no observable bug.

R=meade@chromium.org

Review-Url: https://codereview.chromium.org/2456753003
Cr-Commit-Position: refs/heads/master@{#428275}
mstensho
Provide a dedicated getter for the offset to a repeatable THEAD.
pageLogicalOffset() is otherwise only used as an optimization during layout,
and the way we're optimizing for fragmenting is soon going to change.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2455733003
Cr-Commit-Position: refs/heads/master@{#428203}
mstensho
Don't establish LayoutState for LayoutTableRow objects.
Table rows are not the containing block of anything. The real containing block
of a table cell is their table section, not the table row.

With this change, we no longer need to pass the object's location to
LayoutState(). Just call locationOffset() on the object in the constructor
instead, rather than doing it at all call sites.

Review-Url: https://codereview.chromium.org/2458823002
Cr-Commit-Position: refs/heads/master@{#428190}
mstensho
Need to remove line pagination struts when no longer fragmented.
We only used to recalculate pagination struts on lines when we were inside a
fragmentation context, but if said fragmentation context ceases to be one, we
need one final strut recalculation pass, to get rid of them all.

BUG=658019

Review-Url: https://codereview.chromium.org/2460673002
Cr-Commit-Position: refs/heads/master@{#428161}
mstensho
Add a couple of regression tests for float fragmentation.
These tests change the fragmentainer heights, so that the float will fit in the
first fragmentainer afterwards, rather than in the second one.

Review-Url: https://codereview.chromium.org/2445193007
Cr-Commit-Position: refs/heads/master@{#428160}
mstensho
Need a deep layout pass when becoming (un)fragmented.
When an object ceases to be fragmented (e.g. when leaving print preview), there
may be pagination struts that need to be removed. Therefore, we need to lay out
all descendants of a block that ceased to establish a fragmentation context.

Similarly, when becoming fragmented (e.g. when entering print preview), we need
to go through every descendant. There may both be implicit and forced breaks to
insert.

BUG=658019

Review-Url: https://codereview.chromium.org/2454083002
Cr-Commit-Position: refs/heads/master@{#428062}
mstensho
Allow pagination struts to push objects below the exact top of the next column.
The top margin of a float may push its border box below the top of the next
column.

Similarly, a repeated table header may do the same to the first row in the next
column, to make room for itself above it.

The column balancer had assertions to boom at such situations, but it's pretty
clear now that it's an unreasonable requirements that sturts take us to the
exact top of the next column.

Added visual tests that crashed before (in debug). No behavioral changes here,
apart from the fact that the tests no longer crash.

Review-Url: https://codereview.chromium.org/2456003002
Cr-Commit-Position: refs/heads/master@{#428047}
rune
Removed unused StyleEngine::didRemoveShadowRoot().
Also tried to figure out and document why we are clearing
ScopedStyleResolvers for shadow trees in clearResolver().

R=meade@chromium.org

Review-Url: https://codereview.chromium.org/2454903002
Cr-Commit-Position: refs/heads/master@{#427950}
rune
Removed unnecessary rule feature reset when no ScopedStyleResolver.
Resetting rule features when a shadow tree did not contain any
stylesheets, and hence didn't have a ScopedStyleResolver, caused a
performance regression in the select-single-remove performance test.

UA shadow trees typically don't have any stylesheets.

This is a regression from [1].

[1] https://codereview.chromium.org/2443933002

R=meade@chromium.org
BUG=659535
TEST=PerformanceTests/DOM/select-single-remove.html

Review-Url: https://codereview.chromium.org/2452733004
Cr-Commit-Position: refs/heads/master@{#427949}
mstensho
LayoutState doesn't need to store both layout and pagination offset.
We only ever used those two in combination to figure out how far away we were
from the start of the pagination context. So, let's just store that directly instead.
This allows us to clean up quite a bit. Also changed LayoutState() to do more
early returns, when we have no more work left to do.

Also consolidated two sections that disabled pagination for unsupported content
(one for SVG and one for other unbreakable content).

Review-Url: https://codereview.chromium.org/2444193009
Cr-Commit-Position: refs/heads/master@{#427945}
rune
Clear m_treeBoundaryCrossingScopes when reconstructing StyleResolver.
When m_treeBoundaryCrossingScopes were part of StyleResolver, they were
cleared when the StyleResolver was cleared. Now that they outlive the
StyleResolver, they need to be cleared separately.

R=meade@chromium.org
BUG=659653

Review-Url: https://codereview.chromium.org/2450353002
Cr-Commit-Position: refs/heads/master@{#427912}
tsniatowski
Fix a large number of missing dependencies in the blink gn build
Make all blink_core_sources targets public_dep on all the code
generators in core to ensure required headers are always generated first
and a successful build does not depend on lucky ordering. Manually fix
similar dep issues in core/inspector.

There are now more dependencies than strictly necessary, but they will
only trigger the generators with no effect on build commands (tested by
checking that the patch doesn't trigger a rebuild of any c++ code).

The end result is that the total number of targets that don't have proper
deps in the 'chrome' target build goes down from over 1800 to about 40,
and no missing dependencies on gen/blink files exist.

BUG=655123
R=dpranke@chromium.org

Review-Url: https://codereview.chromium.org/2452473004
Cr-Commit-Position: refs/heads/master@{#427856}
mstensho
The column balancer needs to look inside inlines.
There may be floats there.

Split traverseSubtree() into traverseLines() and traverseChildren(), so that
traverseChildren() can easily be called directly when at inlines.

BUG=586956

Review-Url: https://codereview.chromium.org/2453743002
Cr-Commit-Position: refs/heads/master@{#427724}
tsniatowski
Fix some mojo dependencies in blink
Several places in blink were using mojo headers without a dependency on
mojo targets that generate said headers, causing build flakiness.

BUG=655123

Review-Url: https://codereview.chromium.org/2453653003
Cr-Commit-Position: refs/heads/master@{#427659}
mstensho
No longer mark two tests in ietestcenter/css3/multicolumn as failing.
They pass now, probably because of the fix for bug 291616.

BUG=396940

Review-Url: https://codereview.chromium.org/2446023003
Cr-Commit-Position: refs/heads/master@{#427370}
wdzierzanowski
Call willInsertBody() in MediaDocument::createDocumentStructure()
Follow up on https://codereview.chromium.org/1343493002 and add the same
willInsertBody() call that ImageDocument has.

Review-Url: https://codereview.chromium.org/2427563002
Cr-Commit-Position: refs/heads/master@{#427312}
wonko
Don't assume python is in /usr/bin in js_minify.py
BUG=658218

Review-Url: https://codereview.chromium.org/2438293002
Cr-Commit-Position: refs/heads/master@{#427304}
jb
Deal with canceled requests when flushing deferred messages.
Flushing deferred messages might lead to a request being canceled
(e.g. when an ImageResource loads a corrupt image). The code didn't
fully take this into account which would cause crashes (and resource
leaks if it would have survived).

BUG=

Review-Url: https://codereview.chromium.org/2425173003
Cr-Commit-Position: refs/heads/master@{#427298}
rune
Move TreeBoundaryCrossingScopes to StyleEngine.
This is split out of the work for async stylesheet updates [1], but is
also part of the work on componentized style resolving in general.

The moved resetAuthorStyle method on StyleEngine may soon be gone
altogether as it does so in [1].

The plan is that TreeBoundaryCrossingScopes will also be completely
gone when we remove support for Shadow DOM v0. For Shadow DOM v1 we can
look up the scoped resolvers for the affecting scopes directly like we
already do in StyleResolver::matchScopedRules for the pure v1 case.

The documentation of the special casing of VTT and custom pseudo
elements is updated to not suggest that these rules are handled as part
of boundary crossing scopes as the current solution is better once v0
shadows go away.

[1] https://codereview.chromium.org/1913833002

R=meade@chromium.org
BUG=567021,401359

Review-Url: https://codereview.chromium.org/2443933002
Cr-Commit-Position: refs/heads/master@{#427284}
fs
Fix more null-checks in SVGLengthContext::convertValueFrom*
The following methods in SVGLengthContext:

 convertValueFromUserUnitsToCHS
 convertValueFromUserUnitsToEXS
 convertValueFromEXSToUserUnits

needs the same treatment as convertValueFromCHSToUserUnits got in
https://chromiumcodereview.appspot.com/2445463002.

R=pdr@chromium.org,eae@chromium.org
BUG=657438,658585,658613

Review-Url: https://codereview.chromium.org/2449433002
Cr-Commit-Position: refs/heads/master@{#427080}
mstensho
Remove unused hasPendingResourceUpdate bit from LayoutObject.
Also recounted, updated and corrected total bit count.

Review-Url: https://codereview.chromium.org/2442283002
Cr-Commit-Position: refs/heads/master@{#427050}
rune
Rename collectTreeBoundaryCrossingRules.
Include V0Cascade order to reflect that this is the legacy code for
Shadow DOM V0 cascading order in pure V0 documents.

R=kochi@chromium.org

Review-Url: https://codereview.chromium.org/2445673002
Cr-Commit-Position: refs/heads/master@{#427042}
fs
Use a converter for building style value for 'transform'
Also change TransformBuilder::createTransformOperations to return the
TransformOperations rather than use an out argument.

Review-Url: https://codereview.chromium.org/2435413002
Cr-Commit-Position: refs/heads/master@{#427036}
fs
Avoid copying value in ComputedStyle CoW comparions (compareEqual)
Because of the cast of the RHS, |u|, a copy would be generated, with
code and cycle bloat as the result. In some cases this can even have
prevented inlining. Particularly nasty examples:

 bool compareEqual(const Vector<LengthPoint>&, const Vector<LengthPoint>&) [210 bytes]
 bool compareEqual(const Vector<CSSPropertyID>&, const Vector<CSSPropertyID>&) [274 bytes]
 bool compareEqual(const Vector<GridTrackSize>&, const Vector<GridTrackSize>&) [182 bytes]
 bool compareEqual(const HashMap<String, GridArea>&, const HashMap<String, GridArea>&) [308 bytes]
 bool compareEqual(const TransformOperations&, const TransformOperations&) [441 bytes]
 bool compareEqual(const LengthBox&, const LengthBox&) [249 bytes]

Remove the U->T cast in compareEqual to avoid the copies. Nothing seems
to require this coercion (anymore?) This eliminates the above symbols
entirely. A total binary size reduction of >30k (x86-64; non-official) also
indicates even the simpler cases/types may have benefited.

Review-Url: https://chromiumcodereview.appspot.com/2438353002
Cr-Commit-Position: refs/heads/master@{#426990}
rune
Always evaluate media features to true without MediaValues.
Having a constructor taking bool made it possible to construct a
MediaQueryEvaluator passing a pointer to an object of an arbitrary
type as the pointer was converted to a bool without a warning.

By closer inspection, the use of the m_expectedResult value had two
purposes. One was to return true for matching media type ignoring the
rest of the media query. The other cases were for testing purposes
where there was no media rules to match, so the result didn't matter.

Since there are no useful applications for returning false for media
queries containing expressions in addition to type, we can safely
return true for all query expression when no MediaValues object is
present.

There is one place we change the behavior. The StyleResolver
constructor has a fallback evaluator when we have no FrameView. That
should never happen, though, and it would yield incorrect results
regardless of whether we would always return true or false for media
query expressions.

R=timloh@chromium.org,meade@chromium.org

Review-Url: https://chromiumcodereview.appspot.com/2432153005
Cr-Commit-Position: refs/heads/master@{#426752}
jb
Fix NULL pointer dereference in FinishedAsyncCopyRequest()
Due to undefined (favorably right to left) argument evaluation order,
the tracker might have been passed and set to NULL before the window
is looked up which results in a NULL pointer dereference.

BUG=

Review-Url: https://chromiumcodereview.appspot.com/2435033002
Cr-Commit-Position: refs/heads/master@{#426748}
rune
MediaValuesInitialViewport passed to MediaQueryEvaluator as bool.
The test coverage for [1] was not good enough. We tried to pass a
MediaValues pointer into the MediaQueryEvaluator constructor, but since
none of the constructors took such a type, it was converted into a bool
for which there was a constructor.

I'm planning to change the bool parameter to an enum in a follow-up CL
to avoid such mistakes in the future.

[1] https://codereview.chromium.org/2414343002/

R=timloh@chromium.org
BUG=332763

Review-Url: https://chromiumcodereview.appspot.com/2430923005
Cr-Commit-Position: refs/heads/master@{#426747}
mstensho
Pay attention to tall rowspanned cells in the first layout pass.
If a rowspanned cell gets fragmented, and this cell needs to stretch the table
rows in order to fit, only stretch the last row (i.e. the one we're currently
laying out). That's the only thing we can do if we don't want mess up
fragmentation (pagination struts) of earlier content.

Furthermore, to leave those rows completely alone, don't let a subsequent
rowspanned cell that shares at least one row with the previous rowspanned cell
stretch those rows, either, as that would lead to unfair height distribution
anyway (since the last row has already got all the extra space).
table-overlapping-rowspan.html tests this.

BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2433403002
Cr-Commit-Position: refs/heads/master@{#426590}
mstensho
Clean up LayoutTableSection::calcRowLogicalHeight() a bit.
Since nobody apparently wants to deal with a rowspanned cell unless we're at
its first row, just skip that cell for subsequent rows, instead of having
checks for this everywhere.

Also removed a debug hashmap that was just used to assert that we didn't add
duplicate cells to a vector. Check the vector directly instead.

Review-Url: https://chromiumcodereview.appspot.com/2434033003
Cr-Commit-Position: refs/heads/master@{#426555}
mstensho
Remove last-minute row height stretching for pagination.
This code no longer has any effect, since we now fragment and set the correct
row heights way BEFORE cell alignment and flexing. It was also buggy, in that
it didn't recalculate intrinsic padding after resizing the row.

BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2433413002
Cr-Commit-Position: refs/heads/master@{#426512}
mstensho
Performance test for deeply nested tables inside multicol.
This is similar to printing deeply nested tables, and we have serious
performance issues with this.

Landing the performance test separately from the actual fix, so that we can
observe the improvement when the fix eventually lands.

BUG=487026

Review-Url: https://chromiumcodereview.appspot.com/1695193006
Cr-Commit-Position: refs/heads/master@{#426461}
mstensho
Specified row height should be applied during initial section layout.
BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2434543004
Cr-Commit-Position: refs/heads/master@{#426441}
mstensho
Remove first-line-in-cell strut subtraction workaround.
This is no longer needed. In fact, it was causing some trouble.

BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2438613004
Cr-Commit-Position: refs/heads/master@{#426435}
fs
Simplify SVGAnimated* initialization
In several cases, all initial values are the same, so callers of
SVGAnimated<TYPE>::create can be relieved of the duty of calling
SVG<TYPE>::create() explicitly.

This affects:

  SVGAnimatedBoolean,
  SVGAnimatedNumberList,
  SVGAnimatedPreserveAspectRatio,
  SVGAnimatedString and
  SVGAnimatedTransformList

These should hopefully also all reset to the correct value when
encountering an invalid (string) value.

BUG=225807

Review-Url: https://chromiumcodereview.appspot.com/2436793002
Cr-Commit-Position: refs/heads/master@{#426429}
rune
Collect @viewport before constructing RuleSets.
- Move ViewportStyleResolver to StyleEngine.

- Only create a ViewportStyleResolver for top level documents.

- Collect @viewport rules via the DocumentStyleSheetCollection.

- Use the initial viewport size for resolving viewport relative
  lengths.

- Introduce initialViewportChanged() and viewportRulesChanged() in
  StyleEngine to trigger re-collection and resolution of the actual
  viewport. These currently trigger an immediate call to updateViewport
  which will later be a part of the document lifecycle phase for
  updating active stylesheets.

This finally fixes issues 332763, 455136, and 463098.

R=timloh@chromium.org
BUG=567021,463098,455136,332763

Review-Url: https://chromiumcodereview.appspot.com/2420413005
Cr-Commit-Position: refs/heads/master@{#426427}
rune
Initial viewport is not the same as FrameView rect.
FrameView rect is also changed by the visual viewport.

Set the initial viewport size on FrameView whenever it changes in
WebViewImpl and use it for matching media queries when collecting
@viewport rules. See [2] for spec reference.

This is fixing what was introduced in [1].

[1] https://codereview.chromium.org/2414343002/
[2] https://www.w3.org/TR/css-device-adapt-1/#media-queries

R=bokan@chromium.org,timloh@chromium.org
BUG=332763

Review-Url: https://chromiumcodereview.appspot.com/2431613002
Cr-Commit-Position: refs/heads/master@{#426424}
mstensho
Move table row pagination strut insertion to the first layout pass.
Pagination struts are inserted before a table row, when we should avoid
breaking inside it, and it doesn't fit as a whole in its current fragmentainer.
We should avoid breaking inside rows when their break-inside is "avoid", or
when there are repeating table headers (which turns on break-inside:avoid for
all rows in the table).

This CL also includes the code that deals with repeating headers, since it
proved hard to separate it from the rest.

We need to make sure to subtract the struts from previous rows' height now;
just like we don't include border spacing in the rows, we should also omit the
pagination strut of the next row. In order to be consistent about this,
layoutRows() in LayoutTableSection now uses the rows' logical heighs more
extensively than before (rather than using the m_rowPos array to calculate
heights). This has an implication for rowspanned cells. We now need to wait
until we are at their last row before processing them, since we calculate row
heights on the fly. There's a small fix here. Previously, the strut wasn't
baked into the logical top of a table row, unlike all other layout objects.
This resulted in wrong offsets for table rows after fragmentainer breaks,
but the cells in there still had correct offsets, so it wasn't possible
to observe this bug in any visual test. It does affect a couple of
dump-render-tree printing tests, though. Added a couple of tests for this
on my own, which use offsetTop and offsetHeight.

table-disable-fragmentation.html is just a regression test. We need to be
careful to ignore struts when not fragmented. It passed before and it passes
now, but I nearly broke it while working on this.

BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2433473002
Cr-Commit-Position: refs/heads/master@{#426265}
mstensho
Clean up break-inside restriction propagation from table headers.
If a table header has break-inside:avoid, our implementation currently
propagates that to all table rows in the table. Make this more obvious (and
consistent) with a getPaginationBreakability() override in LayoutTableRow,
rather than checking it at only one place (paginationStrutForRow()), although
that may very well have been the only place that needed to care.

No behavioral changes expected.

Review-Url: https://chromiumcodereview.appspot.com/2426553004
Cr-Commit-Position: refs/heads/master@{#426020}
mstensho
Set logical top and height of table rows and cells in the first layout pass.
This gives the fragmentation machinery an opportunity to insert breaks at the
right places. We previously assumed that all cells were at the top of their
table section, so break insertion was completely bogus. While we'd get a second
chance to break correctly in the second layout pass, this doesn't always work
too well. There's currently some code in layoutRows() in LayoutTableSection
that attempts to adjust the row height when we change where we break inside a
table cell, but it doesn't re-align cells vertically after this adjustment.
That code must die, and this CL is a preparatory step.

BUG=534751

Review-Url: https://chromiumcodereview.appspot.com/2423403002
Cr-Commit-Position: refs/heads/master@{#426015}
rune
Removed unused includes from Internals.cpp.
R=mstensho@opera.com

Review-Url: https://codereview.chromium.org/2428543004
Cr-Commit-Position: refs/heads/master@{#425945}
rune
Implement collection of @viewport rules from DocumentStyleCollection.
The @viewport rules will be recollected and re-resolved from a new
updateViewport() method. Rule will need to be re-collected when
stylesheets are added, or when media queries change. Re-resolution
needs to happen when the viewport descriptors contain vh/vw units, or
after a re-collection of rules.

Store the viewport and device dependent mq results on the
ViewportStyleResolver as these may be different from the results
collected when constructing the rulesets because of the initial/actual
viewport difference. The device dependent will not be different, but
nested media queries may cause some media queries to be skipped for
ruleset construction which would not be skipped for @viewport rule
collection.

We also change the existing code to lazily reset() in preparation for
the re-collect/re-resolve distinction.

R=timloh@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2424823002
Cr-Commit-Position: refs/heads/master@{#425942}
mstensho
Separate method for calculating logical height based on CSS properties.
Move it out of LayoutTable::layout(), since that method is more than crowded
enough as it is.

Had to make convertStyleLogicalHeightToComputedHeight() a const method, since I
decided to make the new method const. Constified
convertStyleLogicalWidthToComputedWidth() as well, for the sake of consistency.

Review-Url: https://codereview.chromium.org/2422103003
Cr-Commit-Position: refs/heads/master@{#425757}
mstensho
Disable row stretching for tables crossing fragmentainer boundaries.
Edge also does this.

Allowing rows to be stretched and thus moved after fragmentation would require
us to re-fragment (since the fragmentainer boundaries would be elsewhere, due
to row stretching), then re-stretch, the re-re-fragment, and so on (cyclic
dependencies).

BUG=534751

Review-Url: https://codereview.chromium.org/2421133002
Cr-Commit-Position: refs/heads/master@{#425705}
tmoniuszko
Add missing exclusive_access_manager.h includes
BUG=

Review-Url: https://codereview.chromium.org/2424773002
Cr-Commit-Position: refs/heads/master@{#425670}
rune
Spell-checking and proof-reading WhitespaceLayoutObjects.md.
R=nainar@chromium.org,bugsnash@chromium.org

Review-Url: https://codereview.chromium.org/2423963002
Cr-Commit-Position: refs/heads/master@{#425663}
rune
Removed incorrect comment about raw pointer.
LocalFrame now traced as Member of MediaValuesDynamic.

R=meade@chromium.org

Review-Url: https://codereview.chromium.org/2417973002
Cr-Commit-Position: refs/heads/master@{#425629}
rune
Implement MediaValues for initial viewport.
Viewport-dependent media queries evaluate in the context of the initial
viewport when collecting @viewport rules as specified in [1]. Implement
a MediaValuesInitialViewport which returns the initial viewport
dimensions instead of the actual viewport. This change doesn't fix
issue 332763 until we start collecting author @viewport rules before
creating RuleSets.

[1] https://www.w3.org/TR/css-device-adapt-1/#media-queries

R=timloh@chromium.org
BUG=332763

Review-Url: https://codereview.chromium.org/2414343002
Cr-Commit-Position: refs/heads/master@{#425628}
mstensho
Lay out table children in visual order, and set position and size.
Set caption and section positions before the first layout pass, and set the
logical height right after. This will help the fragmentation code break at the
right places.

By doing it in visual order right away we can also get rid of some code that
dealt with sections being moved after layout.

BUG=534751

Review-Url: https://codereview.chromium.org/2421613002
Cr-Commit-Position: refs/heads/master@{#425425}
mstensho
Correctly check if we have a valid page height before checking remaining space.
LayoutState::pageLogicalHeight() is bogus, and the sooner we convince it to
take a long walk on the short pier, the better. :(

Additionally, bail out earlier from fragmentation-specific code. No need to
waste time on calling crossesPageBoundary() when not fragmented.

BUG=655911

Review-Url: https://codereview.chromium.org/2413413003
Cr-Commit-Position: refs/heads/master@{#425420}
rune
Simpler viewportAndroid.css setup for WebFrameTests.
Enable use of viewportAndroid.css by setting WebViewportStyle::Mobile
instead of explicitly parsing the sheet as part of the tests.

Also corrected some typos.

R=bokan@chromium.org

Review-Url: https://codereview.chromium.org/2423463002
Cr-Commit-Position: refs/heads/master@{#425355}
fs
Clean up SVGViewSpec::parseViewSpecInternal
Make this function slightly more readable by partitioning it as:
  1) Parse outer function ("svgView")
  2) For all functions:
  2.1) Match/parse "function name"
  2.2) Parse arguments to said function

This gets rid of a lot of the parameter list boilerplate that every case
shares. (I.e handling '(' and ')'.)

Also change to use skipExactly and skipUntil from ParsingUtilities.h.

Review-Url: https://codereview.chromium.org/2421863002
Cr-Commit-Position: refs/heads/master@{#425315}
rune
Don't generate RuleSets for viewport UA sheets.
Start collecting UA @viewport rules from the StyleSheetContents instead
of the RuleSet. The reason is that we need to collect viewport rules
before creating the RuleSet in order to use the correct actual viewport
for evaluating media queries. This is split out from [1].

Also introducing a separate MediaQueryEvaluator in the
ViewportStyleResolver which should eventually be based on the initial
viewport and not the actual viewport as described in the CSS Device
Adaptation spec.

[1] https://codereview.chromium.org/2405143003

R=timloh@chromium.org
BUG=463098

Review-Url: https://codereview.chromium.org/2410283005
Cr-Commit-Position: refs/heads/master@{#425284}
rune
Add hasViewportRule() flag to StyleSheetContents.
This is a pre-requisite for collecting viewport rules before generating
the RuleSet. The RuleSet contents depends on media query evaluation,
which in turn depends on viewport size resolution, which means we are
currently may generate the RuleSet, and recalculate style, twice in the
presence of both @media and @viewport.

This CL is split out from [1] which in turn is split out from [2].

[1] https://codereview.chromium.org/2405143003/
[2] https://codereview.chromium.org/1913833002/

R=timloh@chromium.org
BUG=463098

Review-Url: https://codereview.chromium.org/2408353003
Cr-Commit-Position: refs/heads/master@{#425273}
karlo
Support margin-top for legend in fieldset.
The implementation aligns with Edge, Gecko centers the legend+margins, which
looks undesirable to me.  The specs say nothing about this.

The new behaviour causes two tests to change, both have been rebaselined. One
was additionally modified to not trigger the scrollbar, which in turn would
render differently on various platforms.

BUG=554077
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2396813002
Cr-Commit-Position: refs/heads/master@{#425127}
mstensho
Top-align table cells in rows that cross fragmentainer boundaries.
Ignore whatever vertical-align says and force everything to be top aligned in
those cases. Edge also behaves like this.

Doing both fragmentation and vertical alignment for table parts could cause
unresolvable situations (cyclic dependencies).

Two tests that depended on vertical alignment working under such circumstances
are now invalid, and were therefore removed.

BUG=534751

Review-Url: https://codereview.chromium.org/2412923002
Cr-Commit-Position: refs/heads/master@{#425112}
jb
Make HarfBuzzFace release SimpleFontData.
HarfBuzzFace did a retained look up of SimpleFontData from the
FontDataCache but never released the SimpleFontData. This caused the
SimpleFontData to remain in the cache, indefinitely holding on to
SkFontFaces and all associated data. This fix makes HarfBuzzFace
release the SimpleFontData when deleted.

BUG=617568

Review-Url: https://codereview.chromium.org/2411643002
Cr-Commit-Position: refs/heads/master@{#424993}
mostynb
Add the Ahem font license
Review-Url: https://codereview.chromium.org/2397303003
Cr-Commit-Position: refs/heads/master@{#424769}
rune
documentStyleSheetCollection() is always non-null.
Return a reference instead of a pointer to make that clear.

R=meade@chromium.org

Review-Url: https://codereview.chromium.org/2405793002
Cr-Commit-Position: refs/heads/master@{#424706}
fs
Push hasValidAttributeName/Type down into SVGAnimateElement
Introduce a new "validator" method for SVGSMILElements - hasValidTarget.
With this new method in place, the hasValidAttributeType and
hasValidAttributeName methods can be pushed down the hierarchy to where
they belong, namely SVGAnimateElement.
As a bonus, some conditions and assertions can be simplified.

BUG=641437

Review-Url: https://codereview.chromium.org/2408913002
Cr-Commit-Position: refs/heads/master@{#424389}
fs
Consolidate FilterOperation and FilterEffect mapRect implementations
The FilterOperations and FilterEffects for drop-shadow and gaussian blur
has very similar but slightly different implementations.
Restructure the code a bit so that the entire thing can be shared/reused
between the two different code-paths. The new canonical location is the
corresponding FilterEffect (FEGaussianBlur and FEDropShadow.)

Review-Url: https://codereview.chromium.org/2393993004
Cr-Commit-Position: refs/heads/master@{#424263}
davve
Remove davve@ from OWNERS files
Recently I haven't had, and don't expect to get, much time to
contribute to Blink.

NOTRY=true
BUG=none

Review-Url: https://codereview.chromium.org/2406823002
Cr-Commit-Position: refs/heads/master@{#424130}
rune
Document LayoutObject generation for whitespace nodes.
R=eae@chromium.org,esprehn@chromium.org,mstensho@opera.com

Review-Url: https://codereview.chromium.org/2402653002
Cr-Commit-Position: refs/heads/master@{#423947}
mstensho
Don't break before a first in-flow block container.
There's no break opportunity there, but break-inside:avoid used to trick us
into inserting a break there anyway in some cases.

As part of this work, we need allowsPaginationStrut() to check better if a
strut is allowed, or it might just end up getting eaten and forgotten about by
a first in-flow block further up in the tree. This matters for monolithic
content [1], such as lines and image blocks. We should never break inside
those, so allow breaking before them, even if they are the first piece of
content inside some block (just like we did before this change).
break-before-first-line-in-first-child.html and image-block-as-first-child.html
test that we don't regress in this regard.

Also removed a FIXME about checking for sufficient height. This would be
incorrect to fix. If there's no break point here, we have to propagate the
strut, if we're allowed to.

Had to update some tests, and even rename one, because they relied on the old
buggy behavior.

[1] https://drafts.csswg.org/css-break-3/#possible-breaks

BUG=653690

Review-Url: https://codereview.chromium.org/2400083003
Cr-Commit-Position: refs/heads/master@{#423926}
mstensho
A forced break inside a break-inside:avoid object may make it fit where it is.
If an object with break-inside:avoid is taller than what fits in the current
fragmentainer, but it has a forced break before we get to the end of the
fragmentainer, we don't have to push the object to the next one, since what's
before the forced break fits fine where it is.

BUG=533736

Review-Url: https://codereview.chromium.org/2401753002
Cr-Commit-Position: refs/heads/master@{#423884}
fs
Move isTargetAttributeCSSProperty to SVGAnimateElement
SVGAnimateElement is the only user. Move it and make it a free function.

BUG=641437

Review-Url: https://codereview.chromium.org/2395793004
Cr-Commit-Position: refs/heads/master@{#423817}
rune
Apply RuleSet changes for active stylesheet changes.
Introduce an applyRuleSetChanges method which will take the old and new
ActiveStyleSheetVector use the existing comparison method and apply the
RuleSet diff to invalidate style for the document.

The normal mode for style rules is to schedule RuleSet invalidations
which will decide what to recalculate based on the invalidation sets.
Universal selectors, the presence of Shadow DOM v0 combinators, or
@font-face rules for the document scope, will cause a subtree recalc
for the TreeScope.

@keyframes rules utilizes the existing functionality for invalidating
style in the TreeScope and the host TreeScope for running and
unresolved animations.

This CL introduces appendActiveStyleSheets which will eventually
replace the combination of the lazy appending of sheets in
StyleResolver and appending pending sheets into the ScopedStyleResolver
through appendCSSStyleSheet.

This CL is split out of https://codereview.chromium.org/1913833002 and
re-worked a bit.

The functionality is not yet in use.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2394353003
Cr-Commit-Position: refs/heads/master@{#423810}
rune
Allow active sheets to have nullptr for RuleSet.
CSSStyleSheets which have a non-matching media attribute may have a
nullptr for RuleSet since it's not needed. Handle that in active style-
sheet diffing. That means adding a sheet with non-matching media should
not cause any style recalculations.

R=meade@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2401573002
Cr-Commit-Position: refs/heads/master@{#423804}
rune
Skip reflowed comments css/parser for git-blame.
R=thakis@chromium.org
BUG=563793

Review-Url: https://codereview.chromium.org/2396433006
Cr-Commit-Position: refs/heads/master@{#423712}
fs
Adjust some includes around SVGResourceClient and FilterOperation
Also drop an unused include of ReferenceFilterBuilder.h.

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2400663002
Cr-Commit-Position: refs/heads/master@{#423708}
mstensho
Store physical location in LayoutTableRow, just like in all other objects.
BUG=652496

Review-Url: https://codereview.chromium.org/2399633002
Cr-Commit-Position: refs/heads/master@{#423701}
ckulakowski
Add missing dependencies to extensions BUILD.gns
Some files from guest_view include (not directly) file
extensions/common/api/events.h which is generated by target
//extensions/common/api. This dependency is missing and
sometimes it causes compilation errors. Build will fail if
no target which depends on //extensions/common/api is built
before guest_view. It happens quite rarely: it failed once
on ~10 rebuilds on my mac.

BUG=

Review-Url: https://codereview.chromium.org/2402453002
Cr-Commit-Position: refs/heads/master@{#423613}
rune
Skip reflowed comments css/invalidation for git-blame.
R=meade@chromium.org
BUG=563793

Review-Url: https://codereview.chromium.org/2393393002
Cr-Commit-Position: refs/heads/master@{#423503}
rune
Reflow comments in core/css/parser
R=timloh@chromium.org
BUG=563793

Review-Url: https://codereview.chromium.org/2398013002
Cr-Commit-Position: refs/heads/master@{#423482}
fs
Move handling of 'attributeType' to SVGAnimateElement
Another animation property that applies only to the SVGAnimateElement
part/subtree of the element hierarchy. Move it down for continued
"unlocking" of the structure.

BUG=641437

Review-Url: https://codereview.chromium.org/2391993006
Cr-Commit-Position: refs/heads/master@{#423467}
rune
Reflow comments in core/css/invalidation.
R=meade@chromium.org
BUG=563793

Review-Url: https://codereview.chromium.org/2398833004
Cr-Commit-Position: refs/heads/master@{#423441}
mstensho
Move table cell height flexing into a separate method.
TableSection::layoutRows() is long enough as it is. :)

Review-Url: https://codereview.chromium.org/2392353002
Cr-Commit-Position: refs/heads/master@{#423248}
fs
Move shouldApplyAnimation to SVGAnimateElement
Only used by SVGAnimateElement.

BUG=641437

Review-Url: https://codereview.chromium.org/2394583002
Cr-Commit-Position: refs/heads/master@{#422935}
fs
Hoist target element null-checks out of SVGAnimateElement::calculate*
The calculateFromAndToValues, calculateFromAndByValues and
calculateDistance share a common entrypoint (startedActiveInterval), so
we can tighten this code-path a bit checking for a target element up
front. (No target element makes for pretty useless animations anyway...)
calculateAnimatedValue gets similar treatment in its updateAnimation
(sole) entrypoint.

Also refill comments to 80 columns in SVGAnimateMotionElement.cpp.

BUG=641437

Review-Url: https://codereview.chromium.org/2386013002
Cr-Commit-Position: refs/heads/master@{#422484}
fs
Push animation value 'inherit' handling into SVGAnimateElement
Handling of 'inherit' doesn't need to live on SVGAnimationElement,
because only SVGAnimateElement makes use of it. Move it down the
class structure and simplify.

Also refill/wrap comments in the files touched to 80 columns.

BUG=641437

Review-Url: https://codereview.chromium.org/2384013002
Cr-Commit-Position: refs/heads/master@{#422446}
mostynb
remove obsolete(?) git attributes from old top-level WebKit settings
It is a little surprising (for automated scripts, mostly) for files to
be export-ignore'd from subdirectories.  This patch removes some old WebKit
export-ignore attributes that I suspect are no longer useful.

This was the original patch that added the attributes, I have not been able
to locate details of the review or why it was originally required:
https://chromium.googlesource.com/chromium/src.git/+/20706fd0c00d214a264439277e0bc8e90ccba203

Review-Url: https://codereview.chromium.org/2387033002
Cr-Commit-Position: refs/heads/master@{#422412}
mharanczyk
Add WebRange test for explicit empty ranges creation.
This is followup of https://codereview.chromium.org/2373613005/.

Review-Url: https://codereview.chromium.org/2385643002
Cr-Commit-Position: refs/heads/master@{#422405}
mstensho
Use ceil() when integerizing pagination struts before table rows.
Subpixel rendering is not supported in table parts, so everything needs to be
integers. However, instead of rounding the pagination strut down to the nearest
integer, round it up. This way we at least make sure that we manage to push all
the content over to the designated fragmentainer, rather than leaving one tiny
strip behind in the previous fragmentainer. There'll still be off-by-one
errors, but at least all the content is in the right fragmentainer.

Updated some tests to not use subpixel multicol heights, since what they
required cannot really be satisfied without adding full subpixel support to
tables.

Also added a new test that *does* use subpixel multicol height. This test
merely makes sure that nothing is left behind in the previous fragmentainer at
breaks, without worrying about the exact top position of the objects.

This problem was discovered while working on bug 487026, which is about
reducing the amount of forced re-layouts that we do for fragmentation, and it
turns out that table layout in general, and perhaps strut calculation there in
particular, tends to need more layout passes it explicitly asks for (so it
depends on other parts of the system dealing out layout passes for free). Added
body { overflow:hidden; } declarations to some tests, to reduce the number of
layout passes you get for free, i.e. make the tests more evil.

BUG=487026

Review-Url: https://codereview.chromium.org/2382043003
Cr-Commit-Position: refs/heads/master@{#422312}
fs
Fold bits of SVGAnimatedTypeAnimator into SVGAnimateElement
This folds non-property-construction methods from
SVGAnimatedTypeAnimator into SVGAnimateElement and gets rid of simple
forwarding methods. This leaves SVGAnimatedTypeAnimator as a property-
value factory.

BUG=641437

Review-Url: https://codereview.chromium.org/2387513002
Cr-Commit-Position: refs/heads/master@{#422188}
fs
Don't allow form-feed (U+000C) as a WebVTT signature separator
Per the WebVTT parser algorithm [1], only space, tab or newline (after
normalization) are allowed to follow the "WEBVTT" signature.

[1] https://w3c.github.io/webvtt/#webvtt-parser-algorithm

BUG=651777

Review-Url: https://codereview.chromium.org/2382173002
Cr-Commit-Position: refs/heads/master@{#422093}
fs
Don't use absolute bounding boxes in LayoutVTTCue
LayoutVTTCue was using absoluteContentBox()/absoluteBoundingBoxRect()
during overlap resolution. This would mean that boxes were computed
relative to the containing frame. The former also doesn't take
transforms into account, which would mean that the basic overlap check
against the title area would fail if a transform was present.

Instead compute the various bounding boxes relative to a common
ancestor, namely the text track container (which is also the containing
block of the cues.) Adjust the controls rect similarly to get it into the
same coordinate space.

BUG=647253

Review-Url: https://codereview.chromium.org/2377193003
Cr-Commit-Position: refs/heads/master@{#422072}
mstensho
Introduce markChildForPaginationRelayoutIfNeeded().
No behavioral changes intended.

This replaces markForPaginationRelayoutIfNeeded(). Since the method was always
called when it was the container that was being laid out, this is more
"correct", and in the same spirit as e.g.
updateBlockChildDirtyBitsBeforeLayout(), adjustBlockChildForPagination(), and
so on.

This is a preparatory patch to allow for calling
offsetFromLogicalTopOfFirstPage(), which uses LayoutState more heavily.
When using LayoutState, you generally need to be laying out the very same
object as the one LayoutState points to.

BUG=487026

Review-Url: https://codereview.chromium.org/2382733002
Cr-Commit-Position: refs/heads/master@{#421815}
fs
Move FilterOperation*.{cpp,h} to core/style/
Move the FilterOperation(s) structures to core/style to make them a
"style type". This is in preparation for an improved mechanism for
signaling mutations to "reference" filters.

This is essentially a pure move, with only minor modifications to fix
some presubmit issues and to facilitate (fix) building.
(ASSERT -> DCHECK; PLATFORM_EXPORT -> CORE_EXPORT)

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2375453002
Cr-Commit-Position: refs/heads/master@{#421796}
rune
Avoid creating consecutive whitespace renderers.
In textLayoutObjectIsNeeded(), return false if we are a whitespace-only
text node, and our previous LayoutObject sibling is a whitespace
renderer. This avoids for instance creating a consecutive list of
whitespace renderers when we have multiple display:none sibling
elements.

This change makes [1] take ~900ms instead of ~2600ms on my computer.

[1] https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=8037

BUG=399816

Review-Url: https://codereview.chromium.org/2369963005
Cr-Commit-Position: refs/heads/master@{#421794}
rune
Adding @keyframes rules only affects TreeScope plus host.
@keyframes rules may apply to animations in the same TreeScope as the
rule and the host element if the TreeScope is a shadow tree. Instead of
invalidating all keyframe animations or recalculating every element in
the document, limit such changes to the relevant TreeScopes.

Currently, this doesn't have an effect since analyzed style update only
happens in the document TreeScope, but that will change with RuleSet
invalidation for crbug.com/567021

R=alancutter@chromium.org,suzyh@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2361733004
Cr-Commit-Position: refs/heads/master@{#421781}
mstensho
Support for multiple block fragments in getClientRects().
Objects crossing column boundaries, for instance, should create one rectangle
for each column they live in.

Two old tests had to be updated, because they depended on the old and incorrect
behavior (pick the bigger / center column and create one huge rectangle there).

Add fragmentainerInFlowThread() to FragmentainerIterator. Removed the
updateOutput() thing. Instead, have the getters compute what they need on the
fly. This makes more sense now, since none of the (2) FragmentainerIterator
users need to calculate everything. Also don't require a clip rectangle.

Some extra attention is required when processing objects with a zero-height
bounding box now. Previously, we didn't need to worry about those, since no
bounding box means no painting, hit-testing, etc. But now, with
getBoundingClientRect(), life is different.

BUG=362232

Review-Url: https://codereview.chromium.org/2360913004
Cr-Commit-Position: refs/heads/master@{#421643}
fs
Add use counters for SVGCursorElement
This adds one counter for presence of an SVGCursorElement, and one for
if any ComputedStyle references the element (==the SVGCursorElement has
a client.)

BUG=650598

Review-Url: https://codereview.chromium.org/2376613004
Cr-Commit-Position: refs/heads/master@{#421630}
rune
Speculative fix for SelectorFilter crash.
It looks from the crash log that the string impl() is nullptr. Found no
possible way for a null string to be added to the SpaceSplitString, but
let's add a null check to see if it helps.

R=eae@chromium.org,timloh@chromium.org
BUG=646026

Review-Url: https://codereview.chromium.org/2376703002
Cr-Commit-Position: refs/heads/master@{#421492}
mharanczyk
Update DCHECK in WebRange constructor.
Currently creating empty range (0,0) triggers it, judging by
the comment it was intende to check null range only.

Review-Url: https://codereview.chromium.org/2373613005
Cr-Commit-Position: refs/heads/master@{#421252}
tmoniuszko
Reland of Force U.S. English keyboard layout for TextfieldTest.KeysWithModifiersTest
Reverted in
https://codereview.chromium.org/2349253002

Reason for revert:
Tests are failing on Mac ASAN builder. See details here:
https://uberchromegw.corp.google.com/i/chromium.memory/builders/Mac%20ASan%2064%20Tests%20(1)

BUG=633136

Review-Url: https://codereview.chromium.org/2353333002
Cr-Commit-Position: refs/heads/master@{#421191}
rchlodnicki
Fix GDI leak in NativeThemeWin::PaintIndirect
There was a GDI leak when hovering input elements. Reaching 10000 GDI objects
would cause process to crash.

Fixed by deleting HBITMAP that was selected onto the HDC. Deleting HDC does not
take care of that.

The skia utility function was removed and replaced with a custom scoped object
at call site as it was used only in one place and making it safe to use for
others would be a bit tricky as bitmap needs to be deleted before HDC and there
is no easy access to the bitmap after utility function returns HDC.

R=pkasting@chromium.org,fmalita@chromium.org,tomhudson@google.com

BUG=649712

Review-Url: https://codereview.chromium.org/2365903002
Cr-Commit-Position: refs/heads/master@{#421142}
rune
Missing sibling invalidation across removed element.
When removing B from siblings A B C, we scheduled invalidations for
features of A requiring two adjacent combinators to schedule an
invalidation at all. That is fine for rules already affecting C, but
for rules kicking in after B is removed, a single combinator is enough.
For instance ".a + .c".

R=ericwilligers@chromium.org
BUG=647780

Review-Url: https://codereview.chromium.org/2362463004
Cr-Commit-Position: refs/heads/master@{#421124}
fs
Make SVGAnimatedBoolean.h less popular
SVGAnimatedBoolean is only used by/for SVGFEConvolveMatrix, but was
being included in a lot of places. Remove the unnecessary includes of
SVGAnimatedBoolean.h, and also remove some other obvious unnecessary
includes in the vicinity.

Review-Url: https://codereview.chromium.org/2371593002
Cr-Commit-Position: refs/heads/master@{#420993}
fs
Reduce includes of some SVG*TearOff types
SVG*TearOff types are only of real interest to the bindings, so don't
need to be included in something that isn't direclty interacting with
bindings. Shuffle declarations and definitions to reduce the impact of
SVGPointTearOff and SVGRectTearOff.

Review-Url: https://codereview.chromium.org/2361973003
Cr-Commit-Position: refs/heads/master@{#420920}
fs
Move buildFilterOperations to FilterEffectBuilder
This puts all FilterOperations conversions (to FilterEffect and
CompositorFilterOperations) in one spot - FilterEffectBuilder.
This allows folding the functionality of resolveReferenceFilters into
FilterEffectBuilder, and hence get rid of the explicit extra step to
update the "cached" Filter chain in ReferenceFilterOperation.

This is one step on the way to turning FilterOperations into a core
style type, to allow for more straight-forward interaction with other
parts of the style system.

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2357633003
Cr-Commit-Position: refs/heads/master@{#420844}
mostynb
unbreak builds with webrtc disabled
https://codereview.chromium.org/2123863004 broke non-webrtc non-android
builds.  Let's fix that.

BUG=487935

Review-Url: https://codereview.chromium.org/2370583002
Cr-Commit-Position: refs/heads/master@{#420832}
fs
Make SVG*StringList and SVGStringListTearOff scarcer
(Primarily) because of their inclusion in the SVGTests interface, these
two make their way into a lot more compilation units than has use for
them. The principal access to this data is the SVGTests::isValid()
method, so only the actual bindings should need any deeper insight into
these. Shuffle declarations and definitions to make their inclusion more
scarce. (From ~194 -> ~13 total dependencies for the latter, based on
"ninja -t deps".)

Review-Url: https://codereview.chromium.org/2360383003
Cr-Commit-Position: refs/heads/master@{#420614}
fs
Fold DisplayItem creation into paintFilteredContent in SVGFilterPainter
Brings uses of any form of "filter bounds" closer together.
Rename |filterRegion| and |boundaries| to |filterBounds|.

BUG=109224
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2367463002
Cr-Commit-Position: refs/heads/master@{#420397}
fs
Fix effect mapping computation for displacement-map w/ negative scale
When scale is negative, the displacement will be in the opposite
direction. Hence we need to only use the magnitude of the scale when
computing the effect of the filter.

BUG=641854

Review-Url: https://codereview.chromium.org/2359133003
Cr-Commit-Position: refs/heads/master@{#420396}
mstensho
Content that starts before the first fragmentainer should stay where it is.
It should not undergo pagination, but rather remain in the underflow area of
the first fragmentainer. There's no reason to pull everything into the content
area of the first fragmentainer.

BUG=591694

Review-Url: https://codereview.chromium.org/2360253002
Cr-Commit-Position: refs/heads/master@{#420353}
rune
Document* -> Document& for loadSubimages and friends.
Document* should never be nullptr in these places. Also made them const
and propagated the const-ness where necessary.

R=sashab@chromium.org

Review-Url: https://codereview.chromium.org/2352193004
Cr-Commit-Position: refs/heads/master@{#420319}
fs
Harmonize FilterEffect::mapRect and mapPaintRect
This CL terminates the FilterEffect::determineAbsolutePaintRect codepath,
replacing the last user (SVGFilterPainter) with mapRect().
A new structure for FilterEffect::mapRect is introduced (taking some
hints from the SkImageFilter implementation), where mapRect is the entry-
point (replacing mapRectRecursive), which in turn calls: 1) mapInputs,
2) mapEffect and 3) applyBounds. The last simply applies any clip bounds
set on the effect, while also adjusting for affectsTransparentPixels().
mapInputs() computes the contribution from inputs to the current effect,
while mapEffect() applies the contribution from the current effect
itself. The notion of forward/reverse is not retained since only forward
mapping is used.

BUG=642035, 640264, 611674, 600430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2341923002
Cr-Commit-Position: refs/heads/master@{#420293}
fs
Remove SVGSVGElement dependency from SVGTransformListTearOff
Rather than having the latter depend on the former for code-sharing,
have them both depend on the underlying primitive (SVGTransformTearOff.)

Review-Url: https://codereview.chromium.org/2360083002
Cr-Commit-Position: refs/heads/master@{#420278}
rune
Implemented scoped invalidation for added/removed RuleSets.
Async stylesheet update will schedule invalidation sets based on the
RuleFeatureSets for added/removed stylesheets. Implement the
functionality in StyleEngine for scheduling invalidations in the
stylesheet's TreeScope, including host and slotted elements if
applicable.

R=ericwilligers@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2333693002
Cr-Commit-Position: refs/heads/master@{#420192}
fs
Drop the SVGLengthType enumeration
After the transition to using CSSPrimitiveValue, this enumeration is
not used by anything but the DOM-side of SVGLength (SVGLengthTearOff),
and for that we might as well use the interface constants directly.

The LengthTypeREMS and LengthTypeCHS values are dropped entirely because
they are not referenced by anything.

Review-Url: https://codereview.chromium.org/2354283002
Cr-Commit-Position: refs/heads/master@{#420150}
mstensho
Stay put at the top of the current page when inserting a forced break.
If we attempt to insert a forced break, and we're already at the top of a page
or column, we should stay right there, instead of leaving an entire page or
column blank. We used to ensure this by calling nextPageLogicalTop() with
AssociateWithFormerPage.

But it was broken, because AssociateWithFormerPage could take us to a column
set preceding a column spanner that we had actually moved past. This would
confuse various parts of the machinery, and could, among other things, find
unused space in the last column preceding a spanner, and use this as a
pagination strut on an object *following* the spanner.

Remove PageBoundaryRule from nextPageLogicalTop(), and let the forced break
insertion code handle this on its own instead, and do it correctly, without
looking back at preceding columns.

BUG=647475

Review-Url: https://codereview.chromium.org/2356183002
Cr-Commit-Position: refs/heads/master@{#420072}
mstensho
Need to consider the need for a soft break even when inserting a forced break.
A forced break will just take us to the next fragmentainer. However, the next
fragmentainer may not be tall enough to fit any part of the block we're laying
out, which means that we may have to skip to a fragmentainer further ahead -
one that is tall enough. This situation may arise in nested multicol, because
then we may get inner fragmentainers of variable height.

Another reason why we need this is that a forced break on an object is inserted
before we apply clearance. After we have applied clearance, we may have ended
up at a position where there's not enough space left to fit any part of the
block we're laying out. So, again, we may need to skip to the next
fragmentainer.

BUG=647475

Review-Url: https://codereview.chromium.org/2359733002
Cr-Commit-Position: refs/heads/master@{#420041}
fs
Widen Mac expectations for move_backward_line_import_crash.html
editing/selection/modify_move/move_backward_line_import_crash.html
appears to also Crash on Mac Debug.

https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.11%20%28dbg%29/builds/4772

TBR=xiaochengh@chromium.org
BUG=648547,646323
NOTRY=true

Review-Url: https://codereview.chromium.org/2360593002
Cr-Commit-Position: refs/heads/master@{#420040}
rune
Make stylesheet owner node a reference instead of pointer.
The CSSStyleSheet owner node is always non-null when passed in on
sheet creation. Make it a reference in various APIs.

The real change here that triggered this was the realization that
StyleEngine::createSheet is always called with an owner node which
belongs to the very same Document/StyleEngine. So we can turn:

  e->document().styleEngine().addPendingSheet(context);

into:

  addPendingSheet(context);

Also made parseSheet non-static as it needed the StyleEngine pointer
anyway.

R=sashab@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2354773003
Cr-Commit-Position: refs/heads/master@{#420018}
fs
Consolidate read-only exception throwing for SVG*TearOffs
Where possible, use the "standard" message for read-only objects from
ExceptionMessages. Move the setup of the ExceptionState with this
message to SVGPropertyTearOffBase and reuse. It also saves a small chunk
of code-space.

Also drop a bunch of vspace, reorder checks in
SVGPreserveAspectRatioTearOff to check for immutability first and do
less work on error in SVGMatrixTearOff.

Review-Url: https://codereview.chromium.org/2357463002
Cr-Commit-Position: refs/heads/master@{#419875}
mstensho
Don't include LayoutObject.h from FrameView.h
This reduces the LayoutObject.h dependency by about 50 compilation units.

Needed to move data of DepthOrderedLayoutObjectList into a forward-declared
struct, since HashSet members need their T defined, even if it's a pointer.
This due to oilpan. See https://codereview.chromium.org/1999343002 for details.

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2348993002
Cr-Commit-Position: refs/heads/master@{#419728}
rune
Prepare to use invalidation set for adding/removing RuleSets.
Currently, we sometimes use StyleSheetInvalidationAnalysis to be smart
about recalculating affected element when adding/removing a stylesheet.

The plan is to start using the StyleInvalidator to trigger style
recalculations When adding/removing stylesheets. We will then use the
invalidation sets from the stylesheet RuleSet and schedule them on
elements in the stylesheet's document or shadow tree.

We fall back to a full recalc for the document / shadow tree for if we
find selectors which don't have simple selectors for which we have an
invalidation set we can use. This is similar to what we do with the
universalSiblingInvalidationSet for DOM mutations.

This first implementation supports id, class, attribute, and type
selectors in the rightmost compound[1]. We could later support to use
invalidation sets for universal pseudo class rules like ":hover".

The invalidations are to be scheduled for elements in the same
TreeScope as the stylesheet, including the host element.

Rules which are boundary crossing have their features collected in
ScopedStyleResolver::addTreeBoundaryCrossingRules() and not in their
respective stylesheet's RuleSet. We fall back to full style recalc
for rules containing ::content, ::shadow, and /deep/. ::slotted rules
are currently also collected on the ScopedStyleResolver, but in order
to avoid full recalcs, we do LocalStyleChange on slot-distributed
elements for RuleSet invalidations when there are ::slotted rules in
the RuleSet.

As mentioned earlier we will schedule invalidations on the host element
as well, which means we will schedule the invalidation set for ".a" for
":host(.a)". :host-context() do also support RuleSet invalidation as
long as there are features in addition to the ones inside the
:host-context() pseudo.

As for sibling invalidations on DOM mutations, negated selectors like
":not(.a)" are considered universal.

This CL is split out of [2]. The next step is to land the invalidation
code in StyleEngine from the same CL.

[1] Even though we don't have invalidation sets for tag names, we can
check the presence of rules in the tag name hash map for the RuleSet.
This means "body *" will cause a full recalc, but "body" won't. Also
note that "div.enabled" will cause every div element to be invalidated
because the rule would end up in the class rule hashmap.

[2] https://codereview.chromium.org/1913833002/

R=ericwilligers@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2326033002
Cr-Commit-Position: refs/heads/master@{#419704}
fs
Replace FilterData::filter with lastEffect
This brings the FilterData+SVGFilterPainter (etc)  "complex" closer to
the PaintLayer+PaintLayerFilterInfo structure by keep the last effect
in the chain and accessing the Filter through that when needed.
In general we want these two "complexes" to closely resemble each other
as possible - because they are supposed to implement the same thing, with
only a difference in the parametrization (like which bounding-box to use.)
This also brings one tiny (tiny tiny) step closer to being able to get
shorthand filters working in the SVG code-path.

Also try to reduce dependencies a bit in the surrounding code.

BUG=439970,109224
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2350063002
Cr-Commit-Position: refs/heads/master@{#419700}
mstensho
Don't include LayoutBlock.h from MediaControlElementTypes.h
Reduces the dependencies on LayoutBlock.h by 5 compilation units.

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2341423002
Cr-Commit-Position: refs/heads/master@{#419699}
fs
Turn FilterEffectBuilder into a stack-allocated helper
This moves the FilterEffect reference out of FilterEffectBuilder and
into the owner (PaintLayerFilterInfo), and then turns
FilterEffectBuilder into a more proper builder-style object that is
configured by the client and then has build...() called upon it to
construct the filter.
Rename the old build() method to buildFilterEffect().
Fix up PaintLayer to remove the indirection, and similarly adjust the
other users (CanvasRenderingContext2DState, SVGFilterPainter).

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2349183002
Cr-Commit-Position: refs/heads/master@{#419697}
rune
Remove unused StyleElement::clearDocumentData().
Review-Url: https://codereview.chromium.org/2350743002
Cr-Commit-Position: refs/heads/master@{#419556}
tmoniuszko
Force U.S. English keyboard layout for TextfieldTest.KeysWithModifiersTest
BUG=633136

Review-Url: https://codereview.chromium.org/2197113002
Cr-Commit-Position: refs/heads/master@{#419454}
fs
Reland of Evacuate ComputedStyle references from the CSS*Value hierarchy
Fold uses of:

  CSSPrimitiveValue::create(..., const ComputedStyle&)
  CSSValuePair::create(..., const ComputedStyle&)

into the (few) users. Handle the fall-out.

Review-Url: https://codereview.chromium.org/2345893004
Cr-Commit-Position: refs/heads/master@{#419390}
fs
ConvolverOptions.buffer should be nullable
TBR=rtoy@chromium.org,foolip@chromium.org
BUG=626449,647693

Review-Url: https://codereview.chromium.org/2352463002
Cr-Commit-Position: refs/heads/master@{#419388}
fs
Slim includes in CSSValue.h
This drops includes from CSSValue.h that are not directly used by it.
Downstream dependents are fixed up as needed. Also strip some includes
from StyleImage.h and other places that includes CSSValue.h while
there.

Review-Url: https://codereview.chromium.org/2345223002
Cr-Commit-Position: refs/heads/master@{#419384}
fs
Evacuate ComputedStyle references from the CSS*Value hierarchy
Fold uses of:

  CSSPrimitiveValue::create(..., const ComputedStyle&)
  CSSValuePair::create(..., const ComputedStyle&)

into the (few) users. Handle the fall-out.

Review-Url: https://codereview.chromium.org/2345893004
Cr-Commit-Position: refs/heads/master@{#419382}
fs
Revert of Show ancestor hierarchy in accessibility panel (patchset #10 id:180001 of https://codereview.chromium.org/2322413003/ )
Reason for revert:
Fails the compile step on Linux ChromiumOS GN (headless_unittests)

Original issue's description:
> Show ancestor hierarchy in accessibility panel
>
> BUG=560525
>
> Committed: https://crrev.com/3558706c1b2a630557929b61fefc74e28975f3a6
> Cr-Commit-Position: refs/heads/master@{#419369}

TBR=dmazzoni@chromium.org,dgozman@chromium.org,pfeldman@chromium.org,aboxhall@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=560525

Review-Url: https://codereview.chromium.org/2351443003
Cr-Commit-Position: refs/heads/master@{#419371}
fs
Let clients of FilterEffectBuilder compute/provide the reference-box
Rather than having code to compute the reference box for the various
clients that use FilterEffectBuilder in the class itself, let clients
compute the desired reference box themselves and pass it along.
This separates concerns, and makes code for computing the reference box
less defensive. It also eliminates the need to add even more cases in
the future (like for SVG shorthand support.)

Also push calls to resolveReferenceFilters() in PaintLayer closer to the
filter-building calls, and rename computeFilterOperations to
addReflectionToFilterOperations. This allows us to eliminate a redundant
call to resolveReferenceFilters() in the mapRectForFilter() code-path.

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2343173002
Cr-Commit-Position: refs/heads/master@{#419290}
mstensho
Don't include LineLayoutItem.h from SVGTextContentElement.h.
Review-Url: https://codereview.chromium.org/2342203004
Cr-Commit-Position: refs/heads/master@{#419274}
fs
Don't treat shorthand filters as errors on SVG content
We don't support filter shorthands yet, so we shouldn't treat them as
errors. Fix up the hasFilter() condition to also check if it's a filter
that we pretend we can handle.

Also straighten out the code-flow in applyFilterIfNecessary.

BUG=645995
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2349743003
Cr-Commit-Position: refs/heads/master@{#419267}
mstensho
Don't include LayoutViewItem.h from StyleResolverState.h
This reduces the number of compilation units that depend on files like
LayoutBlock.h by more than 200 (from around 500 to around 280).

Review-Url: https://codereview.chromium.org/2348853003
Cr-Commit-Position: refs/heads/master@{#419202}
fs
Clean up includes in SVGFE*Element and thereabouts
Drop inclusion of SVGParserUtilities.h in a number of places since it's
no longer used. Push FE*.h inclusion into the implementation where
possible, and don't include FilterEffect.h in those cases.
Also simplify a loop in SVGFEMergeElement::build.

Review-Url: https://codereview.chromium.org/2342353002
Cr-Commit-Position: refs/heads/master@{#419187}
rune
Setting the link title may change the preferred set.
Make sure we set the preferred style sheet set when setting the title
attribute as long as the preferred set name is not already set.

This used to somehow work if the title was set during loading of a
stylesheet since the preferred set name was set during active
stylesheet collection. In other cases, it didn't work until another
stylesheet operation caused a re-collection of active stylesheets.

When setting the preferred name was moved into the LinkStyle::process()
code, it didn't work at all to set the title after the stylesheet
starts loading.

Make sure we set the preferred set name and trigger an active
stylesheet update when the title is changed.

BUG=645699

Review-Url: https://codereview.chromium.org/2337193004
Cr-Commit-Position: refs/heads/master@{#419107}
fs
Push CompositorFilterOperations creation out of GraphicsLayer
Push knowledge of FilterOperations out of GraphicsLayer and into
PaintLayer. This eliminates one dependency from platform/ code to the
FilterOperations structure. The motivation is to try and make
FilterOperation(s) a core (style) type, to make interaction with the
style system and other parts of core easier. It will also aid in
enabling a more layered structure on the various filter-related data
structures.

Also change the various generator functions to return a
CompositorFilterOperations by-value rather than through a out-variable.

BUG=439970
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2335253002
Cr-Commit-Position: refs/heads/master@{#419029}
mstensho
Add PageBoundaryRule parameter to fragmentainerGroupAtFlowThreadOffset().
If it's an exclusive end offset, we need to know this, so that we map to the
former fragmentainer group, rather than the latter, if the offset is at a
column row boundary.

Review-Url: https://codereview.chromium.org/2345583004
Cr-Commit-Position: refs/heads/master@{#418958}
mstensho
Correct flowThreadTranslationAtOffset() for vertical-rl writing mode.
The problem was that a rectangle was shifted by offsetFromColumnSet() after
having been made physical. However, offsetFromColumnSet() is semi-logical
(flipped block direction coordinate, like e.g. LayoutBox::m_frameRect), so we
need to add it in before flipping the rectangle.

This caused all fragmentainer groups but the first one to be translated
incorrectly.

Review-Url: https://codereview.chromium.org/2344813003
Cr-Commit-Position: refs/heads/master@{#418870}
mstensho
Add PageBoundaryRule parameter to columnSetAtBlockOffset().
If it's an exclusive end offset, we need to know this, so that we map to the
former column set, rather than the latter, if the offset is at a column set
boundary.

Review-Url: https://codereview.chromium.org/2340213003
Cr-Commit-Position: refs/heads/master@{#418839}
fs
Unprefix -webkit-clip-path
This CL renames '-webkit-clip-path' to 'clip-path', and makes the former
an alias of the latter.
For LayoutSVGRoot, clip-path is now applied only by the PaintLayer and
not by SVGPaintContext.

Intent-to-ship:

https://groups.google.com/a/chromium.org/d/topic/blink-dev/FBE05hzCmPo

BUG=633028
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2312713002
Cr-Commit-Position: refs/heads/master@{#418827}
mstensho
Handle exclusive end offsets when translating from flow thread coordinates.
If we're in flipped blocks writing mode (i.e. vertical-rl), the flow thread
block offset we're dealing with may be a logical end point, and end points are
exclusive. This means that we need to pick the previous column, not the next,
if the offset is exactly at a column boundary.

Let flowThreadTranslationAtOffset() and columnIndexAtOffset() take a
PageBoundaryRule argument to handle this.

This makes offsetLeft and offsetTop work properly in vertical-rl writing mode
for elements that end at column boundaries. Added a test for that, and threw in
a vertical-lr test too, for good measure.

Remove ColumnIndexCalculationMode from columnIndexAtOffset(). It was partially
and inaccurately used to make sure we didn't escape the valid column range in
case an exclusive end offset was passed. Have the call sites that really need
to clamp the column index do it themselves. It's up to the callers to decide
how to treat offsets outside the range of columns anyway.

Review-Url: https://codereview.chromium.org/2339973002
Cr-Commit-Position: refs/heads/master@{#418800}
mostynb
//device/media_transfer_protocol depends on dbus
The build should fail early if //device/media_transfer_protocol is included with dbus explicitly disabled.

BUG=632297

Review-Url: https://codereview.chromium.org/2333573003
Cr-Commit-Position: refs/heads/master@{#418744}
fs
Add support for <basic-shape> to 'clip-path' on SVG elements
Use ClipPathOperation as storage for the property in SVGComputedStyle,
and add support for <basic-shape>s where needed. This also means that
nesting a <clipPath> with a <basic-shape> is added.
Since SVGPaintContext::applyClipIfNecessary can't fail in a useful way,
just drop the returned bool (test added.) An invalid clip-path will
just be ignored (per spec.)

BUG=633028
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2322343003
Cr-Commit-Position: refs/heads/master@{#418387}
fs
Fix baselines for media/video-zoom-controls.html
Attempt to tidy up after mid-flight collision.

TBR=mlamouri@chromium.org,kdsilva@google.com
BUG=601247

Review-Url: https://codereview.chromium.org/2328353002
Cr-Commit-Position: refs/heads/master@{#417973}
rune
Simplified compound feature extraction.
Started to return the last simple selector in the compound instead of
the pointer to the next compound from
extractInvalidationSetFeaturesFromCompound. That means we can update
feature flags for the combinator from updateInvalidationSets, which
also means we can get rid of the duplicated code for updating the
nthInvalidationSet(). Additionally, we can use the siblingFeatures as
initialized by updateFeaturesFromCombinator().

Removed unused UseFeatureTypes.

There should be no functional changes.

R=ericwilligers@chromium.org

Review-Url: https://codereview.chromium.org/2326783002
Cr-Commit-Position: refs/heads/master@{#417915}
mstensho
[LayoutNG] Remove unnecessary #inclusions of LayoutObject and derived class definitions.
That reduces the number of compilation units that depend on LayoutObject.h by 9
when building content_shell.

R=eae@chromium.org

Review-Url: https://codereview.chromium.org/2328243002
Cr-Commit-Position: refs/heads/master@{#417909}
fs
Drop FilterEffect::m_absolutePaintRect
This rect is a remnant of the old ImageBuffer-based implementation of
FilterEffect, and is likely doing more harm than good at this point in
time. If we want to cache the result of a call to
determineAbsolutePaintRect(), that can be done equally well by the
client code.

Since removing this state removes the last side-effect from the
determineAbsolutePaintRect() methods we can mark it and related methods
(affectsTransparentPixels) as const.

BUG=642035

Review-Url: https://codereview.chromium.org/2329803002
Cr-Commit-Position: refs/heads/master@{#417908}
mstensho
A container of out-of-flow positioned descendants should be an offsetParent.
This reflects a recent spec change [1]. Previously, the condition was that the
position property be different from 'static', but it's unreasonable that we
shouldn't also include other objects that serve as containing blocks for fixed
and absolutely positioned descendants, such as "transform". Gecko and Edge
already have this behavior.

[1] https://github.com/w3c/csswg-drafts/commit/180b348a1ac0931043cd195651fc5164463d2bce

BUG=645397

Review-Url: https://codereview.chromium.org/2328633003
Cr-Commit-Position: refs/heads/master@{#417903}
mstensho
Walk the entire offsetParent chain in fast/forms/resources/common.js utility functions.
They used to assume that the only offsetParent was the root node, but that's no
longer going to be true when https://codereview.chromium.org/2328633003/ lands.
One test that calls searchCancelButtonPosition() is inside a transformed
element, which will become an offsetParent.

R=tkent@chromium.org

Review-Url: https://codereview.chromium.org/2332553002
Cr-Commit-Position: refs/heads/master@{#417893}
fs
Revert of Make canceling Timers fast. (patchset #10 id:180001 of https://codereview.chromium.org/2319053004/ )
Reason for revert:
Wreaks havoc on the ASAN bots:

https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN

STDERR: =================================================================
STDERR: ==4==ERROR: AddressSanitizer: use-after-poison on address 0x7ed9a5616190 at pc 0x00000768b0da bp 0x7fff4bbca630 sp 0x7fff4bbca628
STDERR: READ of size 8 at 0x7ed9a5616190 thread T0 (content_shell)
STDERR:     #0 0x768b0d9 in operator-> third_party/WebKit/Source/wtf/RefPtr.h:68:50
STDERR:     #1 0x768b0d9 in revokeAll third_party/WebKit/Source/wtf/WeakPtr.h:146:0
STDERR:     #2 0x768b344 in ?? third_party/WebKit/Source/platform/Timer.cpp:124:22
STDERR:     #3 0x47a4461 in Run base/callback.h:56:12
STDERR:     #4 0x47a4461 in RunTask base/debug/task_annotator.cc:54:0
STDERR:     #5 0x79e2381 in ProcessTaskFromWorkQueue third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:316:19
...
STDERR: AddressSanitizer can not describe address in more detail (wild memory access suspected).
STDERR: SUMMARY: AddressSanitizer: use-after-poison

Appears to be accessing a "user-poison" area, so maybe a timer in something that was swept? (Wild guess.)

Original issue's description:
> Make canceling Timers fast.
>
> base::Closure recently got an IsCancelled method. Taking advantage of
> that the scheduler can short circuit a bunch of logic for cancelled
> tasks and avoid running them and the rest of the task selection
> machinery.
>
> On the new TimerPerfTest benchmark this makes running 10000 cancelled
> tasks aprox 50x - 60x faster (measured on Android and Linux).
>
> Note this patch reverts many of the changes made in
> https://codereview.chromium.org/2258713004 in favor of
> WeakPtr based cancellation as favored by the base owners.
>
> BUG=605718, 638542
>
> Committed: https://crrev.com/e4e5868c5f32b015bf0d07a6eeace892d6a789a1
> Cr-Commit-Position: refs/heads/master@{#417621}

TBR=jochen@chromium.org,haraken@chromium.org,skyostil@chromium.org,alexclarke@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=605718, 638542

Review-Url: https://codereview.chromium.org/2326313003
Cr-Commit-Position: refs/heads/master@{#417846}
fs
Mark */fast/canvas/canvas-hit-regions-*-test.html are timing out on Win
Timing out on win_chromium_rel_ng. Maybe just Slow?

BUG=645389
TBR=junov@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2324333003
Cr-Commit-Position: refs/heads/master@{#417840}
fs
Update leak expectations after https://codereview.chromium.org/2321183002
Moved to paint/invalidation/japanese-rl-selection-clear.html from
fast/repaint/.

TBR=wangxianzhu@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2331723002
Cr-Commit-Position: refs/heads/master@{#417839}
mstensho
[LayoutNG] Handle border and padding when sizing a block and when placing its children.
BUG=635619

Review-Url: https://codereview.chromium.org/2325073002
Cr-Commit-Position: refs/heads/master@{#417827}
mstensho
Translate the clip rect correctly when iterating over fragmentainers.
The clip rect is visual, so we need to shift each fragmentainer group by its
visual translation. This matters for nested multicol.

BUG=642325

Review-Url: https://codereview.chromium.org/2321333002
Cr-Commit-Position: refs/heads/master@{#417563}
mstensho
Let LayoutNG handle childless block flows.
The fact that they are marked with childrenInline() doesn't matter if they have
no children.

BUG=635619

Review-Url: https://codereview.chromium.org/2320393002
Cr-Commit-Position: refs/heads/master@{#417543}
fs
Replace FilterEffect::maxEffectRect() with absoluteBounds()
This removes maxEffectRect(), determineMaximumEffectRect() and the
associated state (m_maxEffectRect) from FilterEffect. The replacement is
the new method absoluteBounds() that computes bounds for the node in
question using the filter primitive (sub)region and the filter region.
This should match what determineMaximumEffectRect() was computing for
use from SVGFilterPainter.

BUG=642035
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2319293004
Cr-Commit-Position: refs/heads/master@{#417530}
rune
Corrected variable name to not contain "Tag".
Incorrectly named. We don't include type selectors.

R=ericwilligers@chromium.org

Review-Url: https://codereview.chromium.org/2321013002
Cr-Commit-Position: refs/heads/master@{#417456}
ddyndo
Fixed access to `constraint_flags` array in ParseHEVCCodecId function.
This patch adds necessary offset when accessing this array.
`constraint_flags` is an array of 6 elements, however in
`for` loop it can be accessed with indices from 4 to 9
instead of indices from 0 to 5.

Review-Url: https://codereview.chromium.org/2320063002
Cr-Commit-Position: refs/heads/master@{#417351}
rune
Removed m_isSettingStyleSheetText from InspectorCSSAgent.
The variable supressed an unnecessary re-collection of inspector
stylesheets when the stylesheet text is modified from the inspector. If
the text added contains an @import rule with a data: uri, it also
suppresses the collection of that sheet, which is wrong.

R=pfeldman@chromium.org,lushnikov@chromium.org
BUG=644719

Review-Url: https://codereview.chromium.org/2319533004
Cr-Commit-Position: refs/heads/master@{#417290}
mstensho
Replace collectLayerFragments() with FragmentainerIterator.
No functional changes intended.

The way collectLayerFragments() and PaintLayer::collectFragments() cooperated
to populate the PaintLayerFragments was rather messy. collectLayerFragments()
set two members, and then, later on, PaintLayer::collectFragments() would set
the remaining members, translate and clip. With this change, the layout code no
longer uses PaintLayerFragments.

It should also be mentioned that collectLayerFragments() was a bad name,
because this functionality shouldn't be strictly for layers. We're soon going
to need it for getClientRects() as well.

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2314763002
Cr-Commit-Position: refs/heads/master@{#417271}
mstensho
Don't include headers from the layout API from other headers needlessly.
Including layout API headers involves including some LayoutObject derivate,
which takes a lot of time to compile.

R=bashi@chromium.org,dsinclair@chromium.org,haraken@chromium.org,bokan@chromium.org,pilgrim@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2316533004
Cr-Commit-Position: refs/heads/master@{#417265}
rune
Store a single inspector stylesheet hidden from CSSOM.
Custom style rules can be added via the inspector. These were stored in
a stylesheet appended to <head>. That meant it was visible to the
document via CSSOM. Also, enabling/disabling the inspector would not
remember that a stylesheet was added, so the inspector started out with
a new blank stylesheet for editing, yet the existing rules still
applied.

This CL introduces a single inspector stylesheet in the StyleEngine
which takes part in the document collection to apply the rules, but it
is not appended to the document.styleSheets list. Neither is it
accessible through a <style> element in the DOM.

The stylesheet ends up after the author stylesheets in the order of
appearance. That is similar to how it was, but previously, sheets in
<body> would appear after the inspector sheet while sheets in <head>
would appear before.

The inspector sheet source is stored in a resource container like
changes for author stylesheets. This means the inspector sheet source
will persist across inspector enable/disable.

R=pfeldman@chromium.org,lushnikov@chromium.org
BUG=624139
TEST=http/tests/inspector-enabled/reattach-after-editing-styles.html

Review-Url: https://codereview.chromium.org/2312953002
Cr-Commit-Position: refs/heads/master@{#417021}
mstensho
Fix typo in enable-blink-features command line switch.
This one doesn't disable features, it *enables* them.

R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2319503002
Cr-Commit-Position: refs/heads/master@{#416968}
rune
Refactored invalidation set extraction.
Refactor into smaller more descriptive methods.

Implemented InvalidationSetFeatures::add() and hasFeatures() to add
features conditionally for selector lists like in :-webkit-any() instead
of tracking non-feature compounds using a foundFeatures variable.

Review-Url: https://codereview.chromium.org/2305593002
Cr-Commit-Position: refs/heads/master@{#416912}
fs
Remove dead uses of FilterEffect::determineMaximumEffectRect
Said method only computes m_maxEffectRect. The only users of this data
is SVGFilterPainter, directly and via determineAbsolutePaintRect (which
in turn uses mapPaintRect which uses maxEffectRect in one case.) Hence
all other callsites are calling determineMaximumEffectRect() without
making use of the side-effect is has. Remove those uses.
This also mean that we can tailor the method for the one remaining
user by cleaning up, and removing, the flags argument.

TBR=senorblanco@chromium.org
BUG=642035
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2307343002
Cr-Commit-Position: refs/heads/master@{#416888}
mstensho
Correct multicol dirty rect for scrolled and flipped blocks writing mode.
Calling LayoutBox::location() to make a physical rectangle relative to the
multicol container instead of the flowthread isn't going to work if writing
mode is with flipped blocks direction (vertical-rl), because location() returns
a semi-logical offset. It would have worked with topLeftLocation(), though.
But since we'd still have issues with scrolling, make the dirty rectangle
relative to the multicol container right away on the PaintLayer side instead,
since layers know how they have been scrolled. This also happens to be in line
with the comment there, so now we're actually doing what we say that we're
doing. :)

This makes fast/repaint/paged-with-overflowing-block-rl.html pass.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2310233002
Cr-Commit-Position: refs/heads/master@{#416859}
fs
Update expectations for css3/filters/effect-reference-hw.html
TBR=pdr@chromium.org
BUG=642035

Review-Url: https://codereview.chromium.org/2310993002
Cr-Commit-Position: refs/heads/master@{#416563}
fs
New Win10 baselines for css3/filters/effect-reference-hw.html
TBR=pdr@chromium.org
BUG=642035

Review-Url: https://codereview.chromium.org/2311933002
Cr-Commit-Position: refs/heads/master@{#416555}
fs
Win10 needs new baselines for css3/filters/effect-reference-hw.html
TBR=pdr@chromium.org
NOTRY=true
BUG=642035

Review-Url: https://codereview.chromium.org/2311943002
Cr-Commit-Position: refs/heads/master@{#416546}
fs
Reland of Revamp filter primitive region calculations for Filter Effects
This moves the filter primitive region calculation to
SVGFilterPrimitiveStandardAttributes::setStandardAttributes, folding in
FilterEffect::applyEffectBoundaries and getting rid of
FilterEffect::m_effectBoundaries and related flags.
What's left of FilterEffect::determineFilterPrimitiveSubregion() is
renamed to determineMaximumEffectRect(), and callsites updated.

BUG=642035
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2303703002
Cr-Commit-Position: refs/heads/master@{#416537}
rune
Implemented RuleSet diff for active stylesheets.
This is an implementation of the diffing of active stylesheets outlined
in [1] to replace the current compareStyleSheets method in
TreeScopeStyleSheetCollection which currently cause a "Reconstruct" if
you both have insertions and removals. With async stylesheet update we
will more likely end up in those situations as changes to the list can
happen in a batches.

An important new aspect here is that together with each stylesheet keep
a traced pointer to the RuleSet it had reference last time the active
stylesheet list was updated. That way we can figure out what changed on
media query and CSSOM changes.

The comparison algorithm works like this:

INPUTS: The new and old active stylesheet vectors
OUTPUTS: A vector of added and removed RuleSets.
         Also a return value saying if we only appended stylesheets at
         the end. Given that sheets were only appended we can do certain
         optimizations updating rule data.

* First linearly walk the old and new active list as long as the
  stylesheet pointers are the same. If the ruleset changed for the
  given sheet, add the old and new rulesets to the list of changed
  rulesets.

* If we are finished walking any of the active lists, we have either
  appended a set of sheets to the end, or we have removed a set from
  the tail. Add the added/removed rulesets to the changed list and we
  are finished.

* If we have remaining sheets in both the old and new active list,
  merge the remaining items from both lists and sort the merged vector
  on stylesheet pointers. For stylesheet pointers occuring in pairs, if
  the rulesets are different for the two entries, the ruleset changed
  so we add them to the changed list. For stylesheets which do not occur
  in pairs, they are either added or removed and we add the ruleset to
  the changed list.

The time complexity for the algorithm is O(k) for the common prefix
and the complexity for std::sort for the m + n remaining sheets in the
new and old active lists. Note that each scope has its active list, so
the larger n's will be for the document scope as shadow trees most
often have a single stylesheet (I measured a max of three running some
Polymer apps).

An assumption here is that we will do ensureRuleSet() including media
query evaluation for the media attribute as we collect active
stylesheets. Currently, the analysis of which elements needs a style
recalc happens synchronously while updating the active sheets while the
rulesets are (re-)created asynchronously/on-demand via
lazyAppendAuthorStyleSheets in StyleResolver. The idea is that since
the active stylesheet update will be async, we can drop the lazyAppend
things from StyleResolver and add the stylesheets directly to the
ScopedStyleResolvers during the active stylesheet update.

Creating the RuleSets as we collect active stylesheets means we have
invalidation sets readily available to use style invalidation to
trigger style recalcs only on elements affected by the added/removed
stylesheets.

[1] http://bit.ly/25uxtnU

R=esprehn@chromium.org,timloh@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/1889993002
Cr-Commit-Position: refs/heads/master@{#416520}
fs
Revamp filter primitive region calculations for Filter Effects
This moves the filter primitive region calculation to
SVGFilterPrimitiveStandardAttributes::setStandardAttributes, folding in
FilterEffect::applyEffectBoundaries and getting rid of
FilterEffect::m_effectBoundaries and related flags.
What's left of FilterEffect::determineFilterPrimitiveSubregion() is
renamed to determineMaximumEffectRect(), and callsites updated.

BUG=642035
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2303703002
Cr-Commit-Position: refs/heads/master@{#416472}
fs
Compute better reference/visual boxes for clip-path in columns
clip-path's are applied before fragmentation, which means that we need
to adjust the coordinate space for the clip-path and its reference box
"manually" to get the correct visual coordinate space.

Also fix the origin used for clip-path to be the top-left corner of the
reference box. This only applies when SVG <clipPath> elements with
clipPathUnits='userSpaceOnUse' is referenced.

BUG=626097
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2300383002
Cr-Commit-Position: refs/heads/master@{#416451}
fs
css3/masking/clip-path-reference-userSpaceOnUse.html no longer fails
TBR=schenney@chromium.org
NOTRY=true
BUG=397255

Review-Url: https://codereview.chromium.org/2307063002
Cr-Commit-Position: refs/heads/master@{#416308}
fs
Tweak css3/masking/clip-path-reference-userSpaceOnUse.html
Turn the <svg> into a block to avoid having to compensate for the
baseline of an inline.

BUG=397255

Review-Url: https://codereview.chromium.org/2303043003
Cr-Commit-Position: refs/heads/master@{#416271}
fs
Align reference box computation for inline boxes with Gecko
For inline boxes, the reference box should be computed per-fragment, and
be subject to box-decoration-break. We're not quite there yet though, so
go for "local compat" for now and align with Gecko. This way we're
slightly closer to "correct" (the "single line" case ought to be fairly
correct for instance), and hopefully avoid getting sucked into a compat
"sinkhole".
Adjust css3/masking/clip-path-reference-box-inline.html to match.

BUG=641907
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2303773002
Cr-Commit-Position: refs/heads/master@{#416264}
davve
Simplify contain constraint calculation
We're selecting between two rectangles given by the intrinsic aspect ratio:
(defaultWidth / aspect ratio, defaultHeight) or (defaultWidth, defaultHeight x
aspect ratio). One rectangle is 'contained' and the other one 'covers'. Select
the 'contained' rectangle by trying out the first to see if its width fit, and
if so we're done. Otherwise compute and select the other rectangle.

Due to how floating point math works, it's possible that both computed
rectangles, or neither computed rectangle, will fit the case when the two ratios
are equal. See https://bugs.chromium.org/p/chromium/issues/detail?id=641221 for
one example. However, in this case it doesn't matter much which rectangle we
choose, the contained and and cover rectangle would be the same rectangle and
the floating point discrepancy has no known practical implication.

BUG=641221

Review-Url: https://codereview.chromium.org/2294683002
Cr-Commit-Position: refs/heads/master@{#416238}
rune
Don't cache matched properties for elements without a flat-tree parent.
When there's not flat tree parent for the element we are computing
style for, setHasExplicitlyInheritedProperties will not be set on the
ComputedStyle during property application. Without that flag set
correctly we allowed to add to the matched properties cache even though
we shouldn't.

There are some open questions here:

* How should body -> html propagation work when html has a shadow tree?
* Do children of a shadow host have a computed style at all when not
  distributed/slotted?

It should be noted that attachShadow is not allowed on the <html>
element. That is why the test case uses a v0 shadow tree.

R=andersr@opera.com,esprehn@chromium.org,hayato@chromium.org
BUG=636500

Review-Url: https://codereview.chromium.org/2283933003
Cr-Commit-Position: refs/heads/master@{#416200}
fs
Use LayoutSVGResourceClipper::resourceBoundingBox() in ClipPathClipper
Use the reference box to compute the clip-path bounds in ClipPathClipper,
using the resourceBoundingBox() method from LayoutSVGResourceClipper. This
should give reasonably tight-fitting bounds for the clip-as-mask code-path
which uses these bounds. It also means one less item to pass around.

This means that the clip-path code in PaintLayerPainter no longer needs
the |rootRelativeBounds| and associated bool, so that code can be pushed
down into FilterPainter with additional plumbing simplifications.

Also straighten out the code-flow in ClipPathClipper for less indented,
and hopefully easier to follow, code.

BUG=633028, 626097
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2279823002
Cr-Commit-Position: refs/heads/master@{#416073}
fs
Synthesize preserveAspectRatio='none' for non-viewBoxed <img>
For SVGs embedded in an image context, we will synthesize a viewBox that
matches the intrinsic dimensions of the SVGs, if no viewBox is
specified. This would result in an image where the aspect ratio
expressed by the intrinsic dimensions would be preserved.
This does not appear to match author expectations - they rather see that
the behavior in these cases match that of a "regular" raster-based
image. To achieve this, also synthesize a preserveAspectRatio-value of
"none" in these cases. This will result in the original image being
stretched in the most common cases. Any percentage dimensions will be
resolved against the computed dimensions (replaced size), and can hence
also produce a useful viewBox.

The implemented behavior is not currently specced (neither was the old
synthesizing of a viewBox), but matches Gecko.

BUG=110195

Review-Url: https://codereview.chromium.org/2290173005
Cr-Commit-Position: refs/heads/master@{#416059}
tommyt
We will not update the cached characteristic value when writing, nor will we call the observers' GattCharacteristicValueChanged method.
Update the documentation for WriteRemoteCharacteristic and change the name of the "new_value" parameter to "value".

See http://crbug.com/614534

BUG=551634

Review-Url: https://codereview.chromium.org/2287273002
Cr-Commit-Position: refs/heads/master@{#416028}
tmoniuszko
Clear HTTP auth data on clearing cache
BUG=108291

Review-Url: https://codereview.chromium.org/2097043002
Cr-Commit-Position: refs/heads/master@{#415919}
fs
Resolve percentage in <use> against the instance's viewport element
In LayoutSVGTransformableContainer::calculateLocalTransform, 'x' and 'y'
were resolved against the original (corresponding) element. For a <use>
nested within a <symbol>, this would mean that when were going to look
up the viewport element, we'd return the outer <symbol> element and thus
fail to get a viewport.
Use the instance element to setup the SVGLengthContext instead.

BUG=642524

Review-Url: https://codereview.chromium.org/2298783002
Cr-Commit-Position: refs/heads/master@{#415910}
fs
Move SVGAnimateElement::findElementInstances to SVGElement.cpp
There's now only a single user of this function, so fold the function
into that one.

BUG=640676

Review-Url: https://codereview.chromium.org/2293173003
Cr-Commit-Position: refs/heads/master@{#415901}
mstensho
Fragment blocks with non-visible overflow as normally when printing.
Splitting scrollbars into multiple fragmentainers is only problematic in
interactive media. We don't need to impose any such pagination restrictions
when printing, since printing is non-interactive,

BUG=641983

Review-Url: https://codereview.chromium.org/2298193002
Cr-Commit-Position: refs/heads/master@{#415645}
perja
bluetooth: Added script for converting the Web Bluetooth blacklist.
BUG=570121

Review-Url: https://codereview.chromium.org/2285663002
Cr-Commit-Position: refs/heads/master@{#415594}
fs
Don't add redundant references to animated target element
SVGSMILElement adds a reference to its target, and any instances of the
target should never be mutated, so the registration of reference to the
extended target element set in SVGAnimateElement::resetAnimatedType does
not add any value.

BUG=640676

Review-Url: https://codereview.chromium.org/2292983002
Cr-Commit-Position: refs/heads/master@{#415393}
fs
Stricter treatment of SVGSVGElement::m_useCurrentView
m_useCurrentView being true implies that m_viewSpec is non-null. Perhaps
defensively, most code that checks it is written in a way such that it
expects that m_viewSpec can be null if m_useCurrentView is true - which
is not the case, and adds unnecessary code.
Instead change the code to adhere to the rule above, and assert that in
the various places instead.
Also add some checks of the invariant in methods that set the flag and
m_viewSpec. Refactor SVGSVGElement::setupInitialView to avoid the need
to sprinkle invariant checks "all over" it.

BUG=110195

Review-Url: https://codereview.chromium.org/2290293003
Cr-Commit-Position: refs/heads/master@{#415346}
fs
Simplify SVGAnimatedTypeAnimator interface
The two methods startAnimValAnimation and resetAnimValToBaseVal share
the same implementation, but are called in two different branches of the
same if-statement. Fold the two and add a new method
createAnimatedValue() to provide the animated value, to make this appear
as straight-forward as it is. Also fold the stopAnimValAnimation()
method since it's only used once, and because this makes the start/stop
action somewhat symmetric.
Rename the constructFromString(...) method to
createAnimatedValueFromString() to illustrate its relation to the newly
minted method and make it a bit more clear what it does.

BUG=640676

Review-Url: https://codereview.chromium.org/2284263002
Cr-Commit-Position: refs/heads/master@{#415271}
fs
Don't use substring() for a simple prefix match
The language code match in SVGTests::isValid() uses String::substring()
to limit the match to the primary language subtag. In the case where the
defaultLanguage() only contains the/a primary language subtag, this will
not require a copy, but otherwise it would.

Using startsWith() and a length-check guarantees that no copies will be
made. (A valid primary language subtag is always 2 letter long, so
checking only for length == 2 should be enough, although previously the
code could theoretically match a 1 letter, or even a zero-length tag.)

Review-Url: https://codereview.chromium.org/2284273002
Cr-Commit-Position: refs/heads/master@{#415255}
fs
Tighten SVGAnimationElement::shouldApplyAnimation
Fold the targetIsUsable(...) helper from SVGAnimateElement into said
method, and then replace the uses of the former with the corresponding
'should apply' predicate.

BUG=640676

Review-Url: https://codereview.chromium.org/2287983002
Cr-Commit-Position: refs/heads/master@{#415253}
rune
Removed unused parentStyle in StyleAdjuster.
Parent style not used for HTML element adjustment.

Review-Url: https://codereview.chromium.org/2290623002
Cr-Commit-Position: refs/heads/master@{#415235}
fs
Tidy up some loops in SMILTimeContainer::updateAnimations
Use for-range style loops and get rid of the local 'size' variable.
Also move the sort() call down after the early-out when there are no
animations to apply.

BUG=641437

Review-Url: https://codereview.chromium.org/2287973002
Cr-Commit-Position: refs/heads/master@{#415165}
fs
Reorder the AnimatedPropertyType enumeration
By moving AnimatedUnknown first (giving it the ordinal value 0), we can
simplify SVGElement::animatedPropertyTypeForCSSAttribute by removing
the contains() call (avoiding a double hash/lookup for the common case.)

Review-Url: https://codereview.chromium.org/2288583002
Cr-Commit-Position: refs/heads/master@{#415069}
fs
Hoist updateAnimation() calls from SVGSMILElement::progress
The updateAnimation() calls in SVGSMILElement::progress() corresponds
to the timed element contributing to the animation "sandwich", so it's
trivial to hoist it out into the caller. Well there, the |resultElement|
logic can be replaced with a vector onto contributing timed elements are
appended. When all contributing timed elements are collected the value
is computed.

BUG=641437

Review-Url: https://codereview.chromium.org/2283843002
Cr-Commit-Position: refs/heads/master@{#414937}
rune
Allow multiple type and id selectors in invalidation set features.
:-webkit-any allows for more than one type selector in a compound
selector. Likewise, it may also allow for disjunct id selectors. Make
them vectors in InvalidationSetFeatures like we do for classes and
attributes to make style invalidation work for multiple id and type
selectors in :-webkit-any.

R=ericwilligers@chromium.org,sashab@chromium.org
BUG=641296

Review-Url: https://codereview.chromium.org/2284633002
Cr-Commit-Position: refs/heads/master@{#414933}
fs
Reduce 'iterate self and instances' helper-count in SVGElement.cpp
Generalizing updateInstancesAnimatedAttribute{,NoInvalidate} to one
higher-level helper to get rid of the subtle differences brought on
by the differences in invalidation semantics.

BUG=640676

Review-Url: https://codereview.chromium.org/2280923002
Cr-Commit-Position: refs/heads/master@{#414845}
fs
Fold SMIL animation value application helpers and simplify
Folds the following helper functions:

  applyCSSPropertyToTargetAndInstances
  removeCSSPropertyFromTargetAndInstances
  notifyTargetAndInstancesAboutAnimValChange

into their users, hoisting common predicates and simplifies
accordingly.

BUG=640676

Review-Url: https://codereview.chromium.org/2285473002
Cr-Commit-Position: refs/heads/master@{#414808}
fs
svg/animations/use-animate-width-and-height.html no longer time out
TBR=schenney@chromium.org
NOTRY=true
BUG=641398

Review-Url: https://codereview.chromium.org/2279263003
Cr-Commit-Position: refs/heads/master@{#414801}
fs
Move onclick handler in svg/animations/use-animate-width-and-height.html
We can no longer listen after events on something that is an instance in
a <use>. Move the executeTest() call to the <use> element instead.

Since the mentioned file is almost a stub, the actual change is in
svg/animations/script-tests/use-animate-width-and-height.js.

BUG=641398

Review-Url: https://codereview.chromium.org/2283893002
Cr-Commit-Position: refs/heads/master@{#414776}
fs
Fix clip-path reference box/coordinate space setup for hit-testing
Synchronize hit-testing code with rendering code with regards to how the
coordinate space is handled (for userSpaceOnUse <clipPath>s), and how
the reference boxes is computed.

Also "straighten" out code-flow a bit while here.

BUG=418484
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2280963002
Cr-Commit-Position: refs/heads/master@{#414730}
wdzierzanowski
Bundle fake Widevine component manifest for stub CDM
Encrypted media browser tests involving Widevine use the stub CDM when
branding != Chrome.  This change allows them to register the
preinstalled component containing the stub CDM.

BUG=622273

TEST=Widevine browser tests 'browser_tests --gtest_filter=*Widevine*' pass

Review-Url: https://codereview.chromium.org/2136983002
Cr-Commit-Position: refs/heads/master@{#414706}
jwalczak
Fix channel mapping for 8-ch audio in ffmpeg_aac_bitstream_converter
FFmpeg's AVCodecContext->channels contains "raw number of channels"
(e.g. "2" for 2 channels, "8" for 8 channels). The change ensures that:
- the value of "8" is correctly mapped to 0b111 ADTS channel
config (aka MPEG-4 Channel Configuration),
- the value of "7" becomes unsupported.

BUG=640610

Review-Url: https://codereview.chromium.org/2273203003
Cr-Commit-Position: refs/heads/master@{#414685}
rune
Use AnalyzedStyleUpdate for non-blocking sheets.
For no apparent reason we were always doing a full document recalc when
finishing loading a non-blocking stylesheet.

From webkit: https://bugs.webkit.org/show_bug.cgi?id=119236

BUG=284142

Review-Url: https://codereview.chromium.org/2278803002
Cr-Commit-Position: refs/heads/master@{#414682}
fs
Move animVal invalidation from SVGAnimateElement to SVGElement
BUG=640676

Review-Url: https://codereview.chromium.org/2281643003
Cr-Commit-Position: refs/heads/master@{#414543}
fs
Remove temporary file that was accidentally checked in
This file was added as part of https://codereview.chromium.org/2211473003
but looks like it was done so by mistake. Remove it again.

TBR=fdoray@chromium.org
BUG=616447

Review-Url: https://codereview.chromium.org/2276423002
Cr-Commit-Position: refs/heads/master@{#414467}
rune
Use LocalStyleChange for insertion point inheritance propagation.
For shadow dom v0, we used a SubtreeStyleChange for propagating
inherited style changes through insertion points to distributed nodes.
LocalStyleChange should suffice. We already use LocalStyleChange in the
HTMLSlotElement case.

We still need to use SubtreeStyleChange where we have a
SubtreeStyleChange/Force from further up the tree like:

<host>
  <:shadow-root>
    <style>.a::content * { background: green }</style>
    <div id="a">
      <content></content>
    </div>
  </:shadow-root>
  <div>Green when #a gets class a.</div>
</host>

R=kochi@chromium.org
BUG=638869

Review-Url: https://codereview.chromium.org/2258793003
Cr-Commit-Position: refs/heads/master@{#414386}
fs
Refactor SMIL animation value updates
Push updating of the animation value into SVGElement. This resembles the
Web Animations code-path to some degree and maybe we can make them even
more similar eventually. This is the first CL in a series that will
remove knowledge of <use>/shadow trees from the SMIL animation code.

BUG=640676

Review-Url: https://codereview.chromium.org/2272033002
Cr-Commit-Position: refs/heads/master@{#414366}
fs
Simplify SMIL animation CSS property updates
After https://codereview.chromium.org/2251073002 we should no longer
need to walk any <use> instances "manually", since setNeedsStyleRecalc
does that already. This should also avoid the potential double-work
because of this.

TEST=svg/W3C-SVG-1.1/animate-elem-30-t.svg
TEST=svg/W3C-SVG-1.1/animate-elem-40-t.svg

BUG=166438,355359,484552,637310

Review-Url: https://codereview.chromium.org/2270363004
Cr-Commit-Position: refs/heads/master@{#414358}
ingemara
Move JNI bindings for url_formatter from chrome to //components/url_formatter
By moving the url_formatter methods out of
org.chromium.chrome.browser.UrlUtilities to it's component, other emdedders than
Chrome can benefit from the Java version.

This CL removes the tests originally written for a Java implementation of the
methods replaced by FormatUrlForSecurityDisplay in
https://codereview.chromium.org/1357563002. It's not trivial to move the tests
over to the component as they depend on native library initialization performed
by //content which is disallowed in components/url_formatter/DEPS. Also, the
tests are redundant as the code is thoroughly tested by other means.

Currently there are no users of formatUrlForDisplay() in Chromium, but Opera
would like it exposed.

BUG=624407

Review-Url: https://codereview.chromium.org/2110543004
Cr-Commit-Position: refs/heads/master@{#414356}
rune
Consider pseudo classes as matching for shared style rejection.
The user action pseudo classes rely on affectedBy bits to be correctly
set on ComputedStyle in order to recalculate style for such changes
later on. If two elements may otherwise share style, but will have the
affectedBy bits set differently, they may not share style.

Example:

  <style>[attr]:hover {}</style>
  <div></div>
  <div attr></div>

The second div may share style with the first one when none of them is
hovered. However, matching the selector against the first div will fail
on the attribute selector before we try to match :hover, hence the flag
for affectedByHover will not be set. If we share that ComputedStyle
object with the second div, hovering the second div later will have no
effect.

Instead we always match :hover/:active/:focus/:-webkit-drag when
matching rules for style sharing (attribute and sibling rules). That
will lead to the attribute selector in the example above to match which
will cause style sharing to be rejected for the second div.

R=meade@chromium.org
BUG=639561

Review-Url: https://codereview.chromium.org/2272683002
Cr-Commit-Position: refs/heads/master@{#414221}
fs
Use border-box as the reference box for (-webkit-)clip-path
The 'clip-path' property should use the border box as the reference box
(per default; <geometry-box> not yet supported) [1].
The new behavior matches WebKit and Gecko (except for inline boxes,
see below.)

For inline boxes that span multiple lines we use the union of all the
lines. The test css3/masking/clip-path-reference-box-inline.html added
to track this behavior.

[1] https://drafts.fxtf.org/css-masking-1/#the-clip-path

BUG=418484
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2273733002
Cr-Commit-Position: refs/heads/master@{#414118}
mstensho
Don't skip column set interval tree search for flow thread offset == 0.
We cannot assume that offset 0 is in the first column set, since the first
column set may be empty.

Review-Url: https://codereview.chromium.org/2274683002
Cr-Commit-Position: refs/heads/master@{#413939}
mstensho
Update test that rendered incorrectly because orphans and widows are now 2 by default.
The test and the ref were rendered identically (so no failure was reported),
but the result was wrong according to the pass condition text.

Change the ref to not use multicol, to reduce the risk of something like this
going unnoticed in the future.

BUG=473509

Review-Url: https://codereview.chromium.org/2271633002
Cr-Commit-Position: refs/heads/master@{#413789}
markuso
Implement device::BatteryStatus support for UPower daemon 0.99.x
The org.freedesktop.UPower API was changed when upgrading the UPower daemon
from version 0.9.23 to 0.99.x. The BatteryStatusManagerLinux used the
"Changed" signal which was replaced by the "PropertyChanged" signal.

Change the BatteryStatusManagerLinux to use the new UPower API
(and keep compatibility with the 0.9.23 version, which is still used in
Ubuntu 14.04 LTS).

1. use dbus::PropertySet: the dbus::PropertySet provides simple access to
the properties and connection to the property-changed notifications.

2. Use UPower method GetDisplayDevice:
The 'DisplayDevice' is a composite battery device. That was added in UPower
version 0.99.0. If we don't get that device or if it is no battery, then we
continue to enumerate all devices.

3. Listen to 'DeviceAdded' and 'DeviceRemoved' signals:
Re-enumerate battery devices if a device is added/removed.

4. Compatibility with UPower version < 0.99
Only old UPower versions need to connect to the 'Changed' signal.

5. Rewrite the existing unittests to use a BatteryStatusManagerLinux instance
with a dbus::MockBus and mock the dbus-methods/properties for the test.
Add more unittests:
- for changing device properties
- for the DisplayDevice
- for enumerating devices
- for the DeviceAdded and DeviceRemoved signals

Review-Url: https://codereview.chromium.org/2066503002
Cr-Commit-Position: refs/heads/master@{#413745}
fs
Refactor ClipPathHelper in PaintLayerPainter.cpp for reuse
Separate out client concerns and move the helper class to a new file and
rename it to ClipPathClipper. This will allow sharing this code between
the PaintLayerPainter and SVGPaintContext code-paths.

BUG=633028
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2265123002
Cr-Commit-Position: refs/heads/master@{#413518}
landell
Use base::SizeTToString instead of std::to_string
std::to_string is disallowed by the chromium code style and we get into trouble with a custom mips toolchain that lacks support.

BUG=

Review-Url: https://codereview.chromium.org/2264993002
Cr-Commit-Position: refs/heads/master@{#413513}
fs
More const LayoutObject references in SVGLayoutSupport
BUG=633028

Review-Url: https://codereview.chromium.org/2265113002
Cr-Commit-Position: refs/heads/master@{#413501}
fs
Drop outdated comment in SVGClipPainter.h
This FIXME/comment can no longer be considered relevant. (Dates back
to when similar methods to prepareEffect/finishEffect lived in the
LayoutSVGResourceContainer hierarchy.)
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2261173003
Cr-Commit-Position: refs/heads/master@{#413479}
tommyt
Implement BluetoothGattNotifySession::Stop on Android, 2nd attempt
This change enables the stopNotifications function for remote GATT
characteristics on Android. In order to do so, two distinct refactorings have been done;

1) The session classes have been simplified so that platform specific versions are no longer required. All code that previously used BluetoothGattNotifySession[Mac|Win|BlueZ] now simply use the base BluetoothGattNotifySession class.

2) BluetoothRemoteGattCharacteristic::StartNotifySession and StopNotifySession have been rewritten so that all the code for keeping track of the different session objects and the notification state sits in the base class. Inheriting classes should no longer override these two functions, but instead override the much simpler SubscribeToNotifications and UnsubscribeFromNotifications.

BUG=584370

Committed: https://crrev.com/d41af3adfd8500c81c827ab03ed2736909cf1ee8
Review-Url: https://codereview.chromium.org/2051333004
Cr-Original-Commit-Position: refs/heads/master@{#412498}
Cr-Commit-Position: refs/heads/master@{#413417}
fs
Replace SMILTime with double for elapsed time in SMILTimeContainer
We don't really make use of of the special properties of SMILTime for
this case, and using double means slightly less impedance mismatching.

BUG=631879

Review-Url: https://codereview.chromium.org/2261443002
Cr-Commit-Position: refs/heads/master@{#413345}
fs
Don't schedule a wake-up if the timeline hasn't started
Before the timeline has started we shouldn't update animations. This
makes resume() symmetric with pause().

BUG=631879

Review-Url: https://codereview.chromium.org/2254303005
Cr-Commit-Position: refs/heads/master@{#413336}
fs
Refactor SMILTimeContainer can-schedule-frame predicate
begin() and updateAnimationsAndScheduleFrameIfNeeded() use the same
predicate to check if they should schedule an animation frame - although
they phrase it slightly differently (because of local knowledge.)
Move the generic version to a canScheduleFrame() method and use that in
both cases.

BUG=631879

Review-Url: https://codereview.chromium.org/2257803002
Cr-Commit-Position: refs/heads/master@{#413328}
fs
Simplify time tracking in SMILTimeContainer
Instead of 5 difference time fields, use two - one to track the last
seek/pause time in the container ("presentation time"), and one to
track the document time corresponding to that.
Use two bool flags for tracking 'paused' and 'started' state.

Also straighten out code-flow in SMILTimeContainer::begin() to make it
a bit more obvious that we're essentially mirroring the contents of
updateAnimationsAndScheduleFrameIfNeeded. begin() is also renamed into
start(). Pass double to SMILTimeContainer::scheduleAnimationFrame, do
some ASSERT->DCHECK transformations when touching code and touch up
some comments.

BUG=631879

Review-Url: https://codereview.chromium.org/2248643003
Cr-Commit-Position: refs/heads/master@{#413283}
sigbjornf
Avoid stack allocating StyleSheetCollections.
StyleSheetCollection is a GarbageCollected<>-derived object, which ideally
shouldn't be allocated on the stack (== outside the heap), as it leaves
the door open for it being attempted marked (and traced), which it the
allocation doesn't support (the allocation has no header information
preceeding it.)

R=
BUG=

Review-Url: https://codereview.chromium.org/2096653004
Cr-Commit-Position: refs/heads/master@{#413088}
rune
Remove unused StyleChangeReasons.
The removed reasons are no longer used because they have been replaced
by using invalidation sets.

R=kouhei@chromium.org

Review-Url: https://codereview.chromium.org/2256233002
Cr-Commit-Position: refs/heads/master@{#413034}
fs
Avoid setting timers from SVGImage::resetAnimation()
When resetting the timeline to t=0, we may up generating syncbase
notification, which sets up a timer (to update any possibly dependent
intervals.) Since resetAnimation() is what's called when the (SVG)Image
no longer has any clients, we should try to make sure it is indeed
idle after that happens. This avoids trying to update animation state
while the image is otherwise dead, leaving "reactivation" to the time
it is next painted.

BUG=627418

Review-Url: https://codereview.chromium.org/2247783003
Cr-Commit-Position: refs/heads/master@{#412798}
tsniatowski
gn: make gn gen preserve import statements passed in --args
Previously, gn gen would expand all imports and only record the final
arg keyvalue pairs in args.gn, if called as gn gen --args='import...'.

Now the actual import statement will be recorded. This allows avoiding
a manual args.gn edit of you want an actual import statement there, for
example if the imported gni houses a predefined set of default args
that you want to follow, and want to re-gn when it changes.

R=brettw@chromium.org,dpranke@chromium.org
BUG=588513

Review-Url: https://codereview.chromium.org/2250623004
Cr-Commit-Position: refs/heads/master@{#412687}
mostynb
remove duplicate atk GN config
The atk GN configs were moved to a separate GN file in
https://codereview.chromium.org/1909273002 but it appears
that the original configs were not removed, and are still
referenced.  Let's remove the old configs and just use
the new ones.

And while we're at it, add an assertion to check that glib
is enabled when atk is.

BUG=632297

TBR=agrieve@chromium.org

Review-Url: https://codereview.chromium.org/2251673004
Cr-Commit-Position: refs/heads/master@{#412680}
rchlodnicki
Make sure there is no crash on parsing empty manifest
Changes match the logic in SourceHighlighter in the same file and will
result in UI showing message akin to 'No source file available'. This is fine
as already the same happens for other source files in bundled extensions.

BUG=627896

Review-Url: https://codereview.chromium.org/2245143004
Cr-Commit-Position: refs/heads/master@{#412556}
mstensho
"Inline" auto-positioned out-of-flow objects are affected by pagination struts.
An out-of-flow positioned object that "belongs" to a line may need to adjust
its block position after the line has been laid out, since the line may have
been pushed to the next fragmentainer by a pagination strut.

BUG=291616

Review-Url: https://codereview.chromium.org/2249853007
Cr-Commit-Position: refs/heads/master@{#412546}
tommyt
Implement BluetoothGattNotifySession::Stop on Android
This change enables the stopNotifications function for remote GATT
characteristics on Android. In order to do so, two distinct refactorings have been done;

1) The session classes have been simplified so that platform specific versions are no longer required. All code that previously used BluetoothGattNotifySession[Mac|Win|BlueZ] now simply use the base BluetoothGattNotifySession class.

2) BluetoothRemoteGattCharacteristic::StartNotifySession and StopNotifySession have been rewritten so that all the code for keeping track of the different session objects and the notification state sits in the base class. Inheriting classes should no longer override these two functions, but instead override the much simpler SubscribeToNotifications and UnsubscribeFromNotifications.

BUG=584370

Review-Url: https://codereview.chromium.org/2051333004
Cr-Commit-Position: refs/heads/master@{#412498}
mstensho
Handle auto-positioned out-of-flow objects inside multicol containers correctly.
We used to get it all wrong for out-of-flow children of multicol containers
whose containing block were on the outside of the multicol container. Those
do not live in the flow thread coordinate space, so we have to convert their
location to visual coordinates.

BUG=291616

Review-Url: https://codereview.chromium.org/2250713002
Cr-Commit-Position: refs/heads/master@{#412375}
mostynb
-fno-auto-profile is only available beginning with stock GCC 5
This followup to https://codereview.chromium.org/2198253002
unbreaks stock GCC 4.8/4.9 builds.

(We suspect that the chromeos GCC 4.9 toolchain has a local patch for this feature.)

BUG=629593

Review-Url: https://codereview.chromium.org/2244983002
Cr-Commit-Position: refs/heads/master@{#412267}
mstensho
Correct offsetLeft and offsetTop calculation for column-span:all.
adjustedPositionRelativeTo() handled multicol incorrectly (the calls to
columnOffset()), which was especially hurtful for spanners. We should only call
it on objects in our containing block chain. This means that we need to walk
the ancestry using container() instead of parent(). The container() of a
spanner is the multicol container. We need to skip the inbetween flow thread,
since it only contains column content, and not spanners.

We also had bugs here with absolutely positioned objects inside multicol
containers whose containing block are on the outside of the multicol container,
but that's not really going to matter until we're able to lay out such objects
correctly. That's bug 291616. As such, this CL is also a preparatory patch for
fixing that bug.

This CL will also make it possible to write check-layout.js tests for spanners,
instead of having to resort to reftest or something even lesser.

BUG=563446

Review-Url: https://codereview.chromium.org/2251443002
Cr-Commit-Position: refs/heads/master@{#412255}
rune
Corrected :nth-child invalidation test description.
R=ericwilligers@chromium.org

Review-Url: https://codereview.chromium.org/2242113002
Cr-Commit-Position: refs/heads/master@{#411950}
rune
Ignored title in shadow should cause StyleSheet.title = null.
https://github.com/w3c/webcomponents/issues/535#issuecomment-239437022

R=hayato@chromium.org

Review-Url: https://codereview.chromium.org/2239353002
Cr-Commit-Position: refs/heads/master@{#411942}
rune
Use invalidation sets for nth invalidations.
Invalidate siblings of inserted/removed elements for :nth type changes
by scheduling a descendant invalidation set on the parent node of the
inserted element.

There is currently one such set for all structural pseudo classes with
the exception of :first-child, :last-child, and :only-child, which have
their own sets and may have so since they can't affect arbitrary
siblings.

The descendant set never has invalidatesSelf since it's scheduled on
the parent node of where the actual change happens.

Structural pseudo classes in the righmost compound adds rightmost
compound features to the descendant set:

  .a:nth-child(3n) {} => adds ".a" to the descendant set.

Righmost compound structural pseudo classes where there are no other
features makes the descendant set have wholeSubtreeInvalid since all
siblings where the mutation happens have to be invalidated:

  :nth-child(3n) {} => setWholeSubtreeInvalid()

Sibling selectors turns into descendant features:

  :nth-child(3n) + .a {} => adds ".a" to the descendant set.

Descendant selectors causes features to be added as normal:

  :nth-child(3n) .a {} => adds ".a" to the descendant set.

This approach isn't super optimal since having a rightmost structural
pseudo without other features in the compound will cause nth-
invalidations to still be full subtree invalidations, but it should be
a good first iteration.

What we could do is something along the lines of what sibling
invalidations do where they have a maximum number of siblings a set
applies to. The nth-invalidation where the pseudo is in the rightmost
compound really needs to invalidation all siblings and not their
descendants. We could have some notion of removing descendant sets
which should no longer apply walking down the tree.

Traversing siblings scheduling invalidation sets on them was not chosen
for the same reason we schedule siblings invalidations as descendant
invalidations on the parent node for sibling mutations already.

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=624277

Review-Url: https://codereview.chromium.org/2235723002
Cr-Commit-Position: refs/heads/master@{#411647}
mstensho
Need to roll back the multicol machinery state when re-laying out a block child.
If a block child contains a column spanner, and we need to re-lay it out
because the initial logical top estimate turned out to be wrong, we need to
roll back to the first column set that "contains" the block child.

Otherwise, LayoutMultiColumnFlowThread::columnSetAtBlockOffset() may return the
wrong column set.

BUG=633411

Review-Url: https://codereview.chromium.org/2231383002
Cr-Commit-Position: refs/heads/master@{#411352}
sigbjornf
Elide LifecycleObserver<T,O>::Context type alias.
No longer a need to bind LifecycleObserver<T, O>'s T parameter to a
separate alias/name; simplify to LifecycleObserver<Context, O>.

R=
BUG=

Review-Url: https://codereview.chromium.org/2238503002
Cr-Commit-Position: refs/heads/master@{#411271}
sigbjornf
ASan-exempt CrossThreadPersistentRegion::shouldTracePersistentNode().
CrossThreadPersistent<T>s can reside on heap objects which are lazily
swept. Consequently, when a (per-)thread GC runs and it iterates over the
CrossThreadPersistentRegion to determine what nodes point into its heaps,
it can in the general case also touch lazily sweepable heap objects.

This is a benign read access to a region of memory that Oilpan has poisoned;
therefore, shouldTracePersistentNode() must be exempt from ASan checks to
prevent false negatives from being caught and reported.

R=
BUG=635574

Review-Url: https://codereview.chromium.org/2230623002
Cr-Commit-Position: refs/heads/master@{#410980}
rune
Use elementAfter/Before, not nodeAfter/Before for nth-invalidation.
If the node after/before the inserted element is a text node, and that
text node is the last/first sibling, then it shouldn't prevent the
optimization for skipping recalc for nth/nth-last selectors.

R=esprehn@chromium.org

Review-Url: https://codereview.chromium.org/2228933002
Cr-Commit-Position: refs/heads/master@{#410758}
mstensho
There's no class A break point before or after a float.
LayoutBox::classABreakPointValue() should only be called at class A break
points. Document the assertion there, and make sure that
needsForcedBreakBefore() only calls it when at in-flow objects.

BUG=619152
R=eae@chromium.org

Review-Url: https://codereview.chromium.org/2228803003
Cr-Commit-Position: refs/heads/master@{#410703}
rune
Style invalidation support for :first/last/only-child.
Got rid of SubtreeStyleChanges for those pseudo classes. Also fixed
issue 245914 by looking at next/previous element, not node, to figure
out if we are the first. The code in checkForSiblingStyleChanges could
be restructured quite a bit and made simpler now have changedElement
(changedNode => changeElement since the input is always an element).

BUG=245914

Review-Url: https://codereview.chromium.org/2229503002
Cr-Commit-Position: refs/heads/master@{#410472}
rune
Cached style element sheets may not have an owner node.
The assert for cacheability of shared StyleSheetContents required the
ownerNode to be a non-null style element. Referring to and modify a
stylesheet is however possible after the style element has been removed
and the ownerNode set to null. Change the assert to just check for the
two types of cacheability.

This was not triggered by stylesheets not having @media rules since the
cacheability of linked resources would be true and made the assert
true.

Also, made the ASSERT a DCHECK along with the other ASSERTs in the
modified file.

R=meade@chromium.org
BUG=635022

Review-Url: https://codereview.chromium.org/2220863002
Cr-Commit-Position: refs/heads/master@{#410305}
ckulakowski
Initialize MaterialDesignController in NativeThemeMacTest
This is fix for crash (CHECK) in NativeThemeMacTest.SystemColorsExist:
FATAL:material_design_controller.cc(66)] Check failed: is_mode_initialized_

BUG=625642

Review-Url: https://codereview.chromium.org/2120273002
Cr-Commit-Position: refs/heads/master@{#410108}
rune
Revert of Add a fast-path for independent inherited properties (patchset #13 id:240001 of https://codereview.chromium.org/2117143003/ )
Reason for revert:
Caused issues 634254 and 633859.

Original issue's description:
> Add a fast-path for independent inherited properties
>
> Add a fast-path for inherited properties which do not depend on and do
> not affect any other properties on ComputedStyle. When these properties
> are modified in a parent element, set them directly on ComputedStyle and
> skip doing a full recalc for elements only affected by this change.
>
> Also implemented two of these properties: visibility and pointer-events,
> storing an extra 2 bits per ComputedStyle. This increases the size of
> ComputedStyle by 1 byte on Windows and some Android builds (due to
> aligned fields), which increases the memory usage for a standard page
> with ~1000 elements by up to 1kb (although potentially up to 4/8kb on
> 32/64 bit builds due to packing, although this depends on the allocator
> implementation details) but realistically less since style sharing only
> creates one ComputedStyle object for each unique style.
>
> Benchmarks show a speed increase of up to 2x for setting these
> properties on the root element of a typical web page (Facebook, Twitter,
> Pinterest, Amazon, Wikipedia) and letting the change propagate directly
> onto the child ComputedStyle objects, rather than doing a full style
> recalc.
>
> Initial Benchmarks:
> https://docs.google.com/spreadsheets/d/1mUuJEs8cPWyNTR7tQw27oxq6fDTvWiAwgatf_g--B4w/edit#gid=1597242813
>
> Follow-up Benchmarks:
> https://docs.google.com/spreadsheets/d/1mUuJEs8cPWyNTR7tQw27oxq6fDTvWiAwgatf_g--B4w/edit#gid=918856082
>
> BUG=622138
>
> Committed: https://crrev.com/f24dba9f04dd093aac4298378c671ecd44d0fe97
> Cr-Commit-Position: refs/heads/master@{#409143}

TBR=esprehn@chromium.org,meade@chromium.org,timloh@chromium.org,sashab@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=622138

Review-Url: https://codereview.chromium.org/2213223004
Cr-Commit-Position: refs/heads/master@{#410030}
ljagielski
SSLPolicy::OnCertError: expired_previous_decision might be used uninitialized.
BUG=

Review-Url: https://codereview.chromium.org/2219463002
Cr-Commit-Position: refs/heads/master@{#409918}
hugoh
Remove unused includes of shell::InterfaceRegistry
This is a follow-up to:
https://codereview.chromium.org/2201183003/

Review-Url: https://codereview.chromium.org/2207873002
Cr-Commit-Position: refs/heads/master@{#409776}
rune
Use weak members to cache StyleSheetContents.
We used the client count to detect if we could remove a
StyleSheetContents from the StyleEngine cache or not. The problem is
that the client references are removed when the element is removed from
the DOM, but the StyleSheetContents is still referenced from the
CSSStyleSheet which is accessible from CSSOM. That caused bugs with
StyleSheetContents being marked as mutable without removing it from the
cache causing assertions, and mutating the sheet without copy-on-write
because we thought we only had a single client for the contents.

Instead use weak members in the cache and let garbage collection delete
the StyleSheetContents when no longer referenced. Also, add a flag to
StyleSheetContents to say that it is referenced by multiple sheets when
we use and already cached object instead of incorrectly relying on
client count.

R=timloh@chromium.org,haraken@chromium.org
BUG=633210,628488

Review-Url: https://codereview.chromium.org/2205843003
Cr-Commit-Position: refs/heads/master@{#409495}
tmoniuszko
Add option to not generate VS projects for targets deps
BUG=589099

Review-Url: https://codereview.chromium.org/2200123002
Cr-Commit-Position: refs/heads/master@{#409489}
rune
Removed unused accessor for StyleResolver::m_features.
R=timloh@chromium.org

Review-Url: https://codereview.chromium.org/2207693003
Cr-Commit-Position: refs/heads/master@{#409458}
mostynb
make use of existing gn args in net/BUILD.gn
BUG=632297

Review-Url: https://codereview.chromium.org/2188043002
Cr-Commit-Position: refs/heads/master@{#409209}
mostynb
make use of the use_gio gn arg
BUG=632297

Review-Url: https://codereview.chromium.org/2190793002
Cr-Commit-Position: refs/heads/master@{#409204}
mostynb
make use of existing gn args in ui build config
BUG=632297

Review-Url: https://codereview.chromium.org/2185163003
Cr-Commit-Position: refs/heads/master@{#409203}
sigbjornf
Have ResizeViewportAnchor derive from GarbageCollected<> only.
Drop use of GarbageCollectedFinalized<>; not needed for this
class.

R=
BUG=

Review-Url: https://codereview.chromium.org/2192373002
Cr-Commit-Position: refs/heads/master@{#408888}
sigbjornf
Remove unused function template overloads.
Leftover from r408135, remove the generated isT(*RefPtr<T>)
overloads also.

R=
BUG=

Review-Url: https://codereview.chromium.org/2201633002
Cr-Commit-Position: refs/heads/master@{#408887}
sigbjornf
Move DOMConvenienceAPI to stable.
Move ChildNode.{before,after,replaceWith}() +
ParentNode.{prepend,append}() to stable.

R=
BUG=255482

Review-Url: https://codereview.chromium.org/2184223004
Cr-Commit-Position: refs/heads/master@{#408582}
sigbjornf
Remove unnecessary eager finalization of PingLoaders.
A PingLoader instance controls its own lifetime, releasing its
self-keepalive reference upon completion of the load request. At that
time it also lets go of its loader object (and stops the timer), hence
there's no need to eagerly finalize this object -- it serves no real
purpose.

R=
BUG=

Review-Url: https://codereview.chromium.org/2180423005
Cr-Commit-Position: refs/heads/master@{#408417}
sigbjornf
Update and fix sendBeacon() redirect behavior.
Refresh the implementation to follow the specification changes in

 https://github.com/w3c/beacon/pull/33
 https://github.com/w3c/beacon/pull/34

In particular, correctly flag a CORS-disallowed redirect as not to
be followed by WebURLLoader.

R=
BUG=628762

Review-Url: https://codereview.chromium.org/2177383006
Cr-Commit-Position: refs/heads/master@{#408380}
mostynb
harfbuzz-ng: make use of the use_glib gn arg
BUG=632297

Review-Url: https://codereview.chromium.org/2187163002
Cr-Commit-Position: refs/heads/master@{#408370}
mostynb
make use of use_gconf & use_glib gn args in content/browser/
Review-Url: https://codereview.chromium.org/2191733002
Cr-Commit-Position: refs/heads/master@{#408362}
mostynb
power_save_blocker_x11.cc depends on dbus
Review-Url: https://codereview.chromium.org/2189523004
Cr-Commit-Position: refs/heads/master@{#408275}
fs
Move platform/ParsingUtilities.h to wtf/text/
Review-Url: https://codereview.chromium.org/2175123002
Cr-Commit-Position: refs/heads/master@{#408249}
mostynb
(gcc) fix compilation of os_exchange_data_provider_aurax11.cc
This fixes a gcc compilation error in os_exchange_data_provider_aurax11.cc:
error: cannot convert 'ret' from type 'std::unique_ptr<ui::OSExchangeDataProviderAuraX11>'
    to type 'std::unique_ptr<ui::OSExchangeDataProviderAuraX11>&&'

Tested with gcc 4.8.4.

Followup to https://codereview.chromium.org/2179813003

BUG=614037

Review-Url: https://codereview.chromium.org/2192533002
Cr-Commit-Position: refs/heads/master@{#408233}
sigbjornf
Remove unused function template overloads.
R=
BUG=

Review-Url: https://codereview.chromium.org/2182213005
Cr-Commit-Position: refs/heads/master@{#408135}
mostynb
(gyp): breakpad_host should push include_dirs to dependents
Followup to https://codereview.chromium.org/2169063002

BUG=internal b/30003601
TBR=thestig@chromium.org

Review-Url: https://codereview.chromium.org/2183613003
Cr-Commit-Position: refs/heads/master@{#407758}
fs
Disable svg/parser/whitespace-length-invalid-1.html
TBR=mpearson@chromium.org
BUG=630967

Review-Url: https://codereview.chromium.org/2178993003
Cr-Commit-Position: refs/heads/master@{#407580}
sigbjornf
Simplify ElementVisibilityObserver implementation.
Recast ElementVisibilityObserver's VisibilityCallback in a more
Blink-like manner by way of a Client interface. Thereby also addressing
on-off-heap cycle, a leak source.

Similarly, simplify the connection between ElementVisibilityObserver and
IntersectionObserver -- have the former directly implement the
IntersectionObserverCallback instead of indirectly using closure callbacks.

R=
BUG=627539

Review-Url: https://codereview.chromium.org/2173353002
Cr-Commit-Position: refs/heads/master@{#407450}
sigbjornf
Remove unnecessary finalization of IDBObserver classes.
Re-apply r402117 which r404283 accidentally reverted.

R=
BUG=609934

Review-Url: https://codereview.chromium.org/2177083002
Cr-Commit-Position: refs/heads/master@{#407418}
fs
Don't resolve non-local -webkit-clip-path references as local
Whether the reference was local or not was disregarded, meaning that
any URL with a valid fragment part could potential result in a valid
clip - regardless of whether it was local or not. I.e foo.svg#bar would
reference an element with the id 'bar' in the local document.

Check if the URL reference resolver flagged the reference as being local,
and only pass a non-null fragment if it was.

BUG=629826

Review-Url: https://codereview.chromium.org/2174813003
Cr-Commit-Position: refs/heads/master@{#407300}
fs
Make fragment-only URLs always be document-local references
This implements the 'local url' handling per:

  https://drafts.csswg.org/css-values/#local-urls

which is also referenced from:

  https://svgwg.org/svg2-draft/linking.html#linkRefAttrs

Most of the logic is handled by a new helper class named
SVGURLReferenceResolver, which keeps state, resolves the URL
and extracts the fragment identifier as needed.

BUG=470608

Review-Url: https://codereview.chromium.org/2174833002
Cr-Commit-Position: refs/heads/master@{#407299}
fs
Reland of Remove platform/text/ParserUtilities.h
platform/ParsingUtilities.h caters to the same needs, so transition
users of skipString(...) to skipToken(...) and remove
platform/text/ParserUtilities.h.

Review-Url: https://codereview.chromium.org/2176623003
Cr-Commit-Position: refs/heads/master@{#407259}
fs
Remove platform/text/ParserUtilities.h
platform/ParsingUtilities.h caters to the same needs, so transition
users of skipString(...) to skipToken(...) and remove
platform/text/ParserUtilities.h.

Review-Url: https://codereview.chromium.org/2176623003
Cr-Commit-Position: refs/heads/master@{#407187}
fs
Resolve URL/target reference at a single point in SVGUseElement
The <base> URL can change between the attribute (href) is updated and
the shadow tree constructed. This causes confusion in the target
resolving code since it can produce different results at different
points in time.
Only resolve the URL on changes (to 'href'), extract the fragment
identifier and store whether the reference is local or not.
Refactor the SVGUseElement target element lookup with an eye to
future handling of "fragment-only" (local) URLs.
This makes the externalDocument in
SVGURIReference::targetElementFromIRIString unused, so remove that
codepath and simplify the function accordingly.

This changes behavior from resolving the URL and target element when
needed (depending on when layouts happen), to only when the 'href' is
mutated. This new behavior matches Edge, but not Gecko.

BUG=601203, 470608

Review-Url: https://codereview.chromium.org/2173453002
Cr-Commit-Position: refs/heads/master@{#407128}
fs
Merge CSSSVGDocumentValue with CSSURIValue
These two CSSValue classes are used to represent the same semantic,
which is a reference to an element by means of a "url(...)" function.
CSSSVGDocumentValue carries additional state to be able to handle
references to external documents, by caching a DocumentResource.

Move all the DocumentResource state to CSSURIValue, while also keeping
the naming of the URL string (m_url). Also do some minor cleanup, for
instance by removing "SVG" from the cachedSVGDocument() method name and
dropping some unnecessary .get()s.

This bloats CSSURIValue a bit for the cases where the DocumentResource
is not utilized, but this bloat will be reduced (in relative terms) with
future developments. On the "pro"-side is naturally that we now don't
have to extend two CSSValue classes with additional functionality and
state.

BUG=470608, 405315

Review-Url: https://codereview.chromium.org/2165833006
Cr-Commit-Position: refs/heads/master@{#407126}
tsniatowski
Use absolute namespace references in //base/logging.h macros
Macros can be used in various namespace contexts, and macros that expand
to "logging::Something" can end up choosing some_namespace::logging
if used in a context wher ethere exists a nested namespace logging with
a conflicting name like LogMessage. It's fixable by using "::logging::"
instead of "logging::" in the macros.

No examples of such issues in chrome, but this can help downstream and
seems a good thing to do consistently.

BUG=

Review-Url: https://codereview.chromium.org/2045203004
Cr-Commit-Position: refs/heads/master@{#406910}
mostynb
rebaseline huge-image-viewport-scale.html
This test was not being run with correctly initialized
preferences, and an invalid baseline.  This fixes the
initialization, and rebaselines the test.

This is a prerequisite of https://codereview.chromium.org/2155273002/

BUG=331654, 464295

Review-Url: https://codereview.chromium.org/2163953002
Cr-Commit-Position: refs/heads/master@{#406679}
mostynb
Remove WebContents::InsertCSS since it is unused
This looks like it hasn't been used since CL923463003 landed
over a year ago.

BUG=331654

Review-Url: https://codereview.chromium.org/2157153002
Cr-Commit-Position: refs/heads/master@{#406656}
fs
Simplify URL-resolving in targetElementFromIRIString
Use Document::completeURL for URL resolving, rather than using
String::substring et.c to reproduce essentially the same code.
Use KURL::fragmentIdentifier and friends to extract the fragment
identifier.

Fold urlFromIRIStringWithFragmentIdentifier into its only user.
Open-code isExternalURIReference in targetElementFromIRIString, since we
already have the URL resolved and ready.

BUG=470608

Review-Url: https://codereview.chromium.org/2170453002
Cr-Commit-Position: refs/heads/master@{#406578}
fs
Simplify "is external URL" in filter operations resolving
We've already resolved the URL, so we might as well just use
equalIgnoringFragmentIdentifier on that rather than potentially
re-resolve and compare. No functional change.
Eventually we'll need to have the URL resolved before style resolution.

BUG=470608, 405315

Review-Url: https://codereview.chromium.org/2167733002
Cr-Commit-Position: refs/heads/master@{#406574}
mharanczyk
Fix uninitialized variable in PrefServiceSyncable class.
Review-Url: https://codereview.chromium.org/2165943002
Cr-Commit-Position: refs/heads/master@{#406571}
fs
Only flag the LayoutObject on CSP error if one is attached
When instantiating a plugin through the (somewhat special) code-path
that does not require a LayoutObject to be present, we would end up
dereferencing a null-pointer if a CSP error was flagged, failing the
plugin load sequence.

BUG=627694

Review-Url: https://codereview.chromium.org/2162473003
Cr-Commit-Position: refs/heads/master@{#406295}
rchlodnicki
[net-internals] Fix JS exception on stopping capturing while in Capture view
Store a map of link enabled states so that we can use it to enable next
visibile view on hidding active view. Map is ordered so it works to iterate it.

BUG=616382
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2121763002
Cr-Commit-Position: refs/heads/master@{#405942}
mostynb
gyp: url_mojom should be a hard_dependency
The url/url.gyp:url_mojom target depends on url_interfaces_mojom,
which generates header files, and sets itself as a
hard_dependency.  Thhat hard_dependency status is not propagated
to url_mojom. Let's add it explicitly.

Review-Url: https://codereview.chromium.org/2153093002
Cr-Commit-Position: refs/heads/master@{#405794}
tmoniuszko
Fix TouchSelectionControllerImpl tests failing with DPI=125%
Make textfield a bit larger so text fits it when system DPI is set to 125%.

Fixes following tests:
TouchSelectionControllerImplTest.DoubleTapInTextfieldWithCursorHandleShouldSelectText
TouchSelectionControllerImplTest.SelectRectCallbackTest
TouchSelectionControllerImplTest.SelectRectInBidiCallbackTest
TouchSelectionControllerImplTest.SelectionInBidiTextfieldTest
TouchSelectionControllerImplTest.SelectionInTextfieldTest

BUG=626264

Review-Url: https://codereview.chromium.org/2120353003
Cr-Commit-Position: refs/heads/master@{#405743}
mfiglarowicz
Fix invalidating the text track indexes after append or remove text track from the list
There was a trivial bug in 'for' loop which iterates through the array
indexes but always uses the initialisation value of the iterator instead of
real value of the iterator.

BUG=

Review-Url: https://codereview.chromium.org/2144543002
Cr-Commit-Position: refs/heads/master@{#405709}
kolczyk
In ChromeVox Next, create a text edit handler on "LoadComplete" if there is already a focused text field in order not to miss the initial value change on such.
BUG=628110
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2151763003
Cr-Commit-Position: refs/heads/master@{#405704}
wdzierzanowski
Reland of "Fix build of Widevine CDM stub on Mac"
The combination of 'branding=Chromium' and 'enable_widevine=1' causes
'widevinecdm' to be a 'shared_library' build of the CDM stub.
Additionally combined with 'mac_strip_release=1', this triggers
'strip_save_dsym', which fails, because it doesn't support
'product_dir'.

This fix does to 'widevinecdm' what has already been done to
'clearkeycdm': Split the target into 'widevinecdm_binary' which builds
and strips the stub binary, and 'widevinecdm' which just copies the
binary.

This CL relands https://codereview.chromium.org/2117343005/ with the
following change:

The new 'widevinecdm_binary' target is now defined conditionally for the
case when it is really needed, to fix the ninja error "multiple rules
generate WidevineCdm/_platform_specific/win_x86/widevinecdm.dll".

BUG=622282

TEST='build/gyp_chromium -Gconfig=Release -Dbranding=Chromium -Denable_widevine=1 -Dmac_strip_release=1 && ninja -C out/Release widevinecdm' is successful

Review-Url: https://codereview.chromium.org/2149233003
Cr-Commit-Position: refs/heads/master@{#405635}
sigbjornf
Drop unnecessary finalization of NavigatorShare::ShareClientImpl.
R=
BUG=

Review-Url: https://codereview.chromium.org/2151803002
Cr-Commit-Position: refs/heads/master@{#405488}
wdzierzanowski
Fix build of Widevine CDM stub on Mac
The combination of 'branding=Chromium' and 'enable_widevine=1' causes
'widevinecdm' to be a 'shared_library' build of the CDM stub.
Additionally combined with 'mac_strip_release=1', this triggers
'strip_save_dsym', which fails, because it doesn't support
'product_dir'.

This fix does to 'widevinecdm' what has already been done to
'clearkeycdm': Split the target into 'widevinecdm_binary' which builds
and strips the stub binary, and 'widevinecdm' which just copies the
binary.

BUG=622282

TEST='build/gyp_chromium -Gconfig=Release -Dbranding=Chromium -Denable_widevine=1 -Dmac_strip_release=1 && ninja -C out/Release widevinecdm' is successful

Review-Url: https://codereview.chromium.org/2117343005
Cr-Commit-Position: refs/heads/master@{#405371}
mostynb
fix gyp build after proto_zero_plugin skeleton landed
Followup to https://codereview.chromium.org/2147613002 / crrev.com/2147613002

BUG=608721

Review-Url: https://codereview.chromium.org/2146063003
Cr-Commit-Position: refs/heads/master@{#405330}
mharanczyk
Expose final download URL (actual url after redirects) in the extension API.
BUG=620630

Review-Url: https://codereview.chromium.org/1706193002
Cr-Commit-Position: refs/heads/master@{#404619}
fs
Drop the adding and removing of the 'running' class in SVGTestCase.js
This class will trigger layouts that could hide the intended effects of
the tests using this "framework". Since the same elements are marked as
being hidden, this will not affect the graphical output.

BUG=231560

Review-Url: https://codereview.chromium.org/2104943005
Cr-Commit-Position: refs/heads/master@{#404380}
davve
Fallback to 300x150 instead of 0x0 size for SVG inside content()
Prior to r379801, the fallback 300x150 in SVGImage::dataChanged() was
used. Post r379801 we instead used the empty rect as fallback. Both
are probably wrong but 300x150 matches what we did previously more
closely and we are less likely to end up with an empty image.

BUG=623528

Review-Url: https://codereview.chromium.org/2121973002
Cr-Commit-Position: refs/heads/master@{#404374}
fs
Allow 'alphabetic' for alignment-baseline and dominant-baseline
This keyword is not included in any of the ranges used, so needs to be
mentioned specifically.

BUG=620618

Review-Url: https://codereview.chromium.org/2131483003
Cr-Commit-Position: refs/heads/master@{#404338}
fs
Refine cull rect for SVGInlineTextBox painting
The PaintInfo cull rect can (will) change between paints, so use
the moral equivalent of logicalOverflowRect() to compute a more
accurate cull rect instead.

This fixes under-invalidation in the following tests:

 svg/dynamic-updates/SVGTextElement-dom-lengthAdjust-attr.html,
 svg/dynamic-updates/SVGTextElement-dom-textLength-attr.html,
 svg/dynamic-updates/SVGTextElement-svgdom-lengthAdjust-prop.html and
 svg/dynamic-updates/SVGTextElement-svgdom-textLength-prop.html

Exposed by https://codereview.chromium.org/2104943005

BUG=231560

Review-Url: https://codereview.chromium.org/2124553002
Cr-Commit-Position: refs/heads/master@{#404265}
fs
Use the outermost SVG as base when computing offsetX/Y for SVG elements
This reverts the behavior back to what it was prior to
https://codereview.chromium.org/1747223002. In short, the closest
ancestor CSS layout box is used for any SVG element. This will always
be the outermost SVG root (LayoutSVGRoot.)

BUG=624996

Review-Url: https://codereview.chromium.org/2124283002
Cr-Commit-Position: refs/heads/master@{#404217}
fs
Update FilterEffect colorspace on color-interpolation-filters changes
Changes to the 'color-interpolation-filters' property would not get
propagated to any built (cached) filter chains, and hence any future
paints would still use the old chain.
Add support for updating this FilterEffect property down in the filter
primitive element base-class setFilterEffectAttribute, and then make
sure any derived classes forward to it.

BUG=625732

Review-Url: https://codereview.chromium.org/2128193004
Cr-Commit-Position: refs/heads/master@{#404200}
mostynb
gyp: don't build gamepad_platform_data_fetcher_linux.cc when udev is disabled
Fixup after https://codereview.chromium.org/2081583002

BUG=612330

Review-Url: https://codereview.chromium.org/2125223003
Cr-Commit-Position: refs/heads/master@{#404168}
fs
Use the correct bounding rect in SVGInlineTextBox::nodeAtPoint
When writing-mode was unprefixed, SVGInlineTextBoxes started getting the
same treatment as their base-class, and hence we need to be careful when
we consider sizes for the inline boxes.
Use logicalWidth() and logicalHeight() instead of size().

BUG=587455

Review-Url: https://codereview.chromium.org/2124793002
Cr-Commit-Position: refs/heads/master@{#403913}
fs
Consider 'order' when updating feConvolveMatrix 'target*'
SVGFEConvolveMatrixElement's 'targetX' or 'targetY' attribute depend on
'order' for their initial value. When updating the target value of
an instantiated FEConvolveMatrix, order would however not be considered,
instead using the initial value of the attribute (zero.)

Refactor the code a bit to make it easy to consider the correct initial
value even when updating an existing FEConvolveMatrix, introducing
new methods matrixOrder() and targetPoint(). Clean up and simplify
as appropriate.

This fixes the following tests:

 svg/dynamic-updates/SVGFEConvolveMatrixElement-dom-targetX-attr.html
 svg/dynamic-updates/SVGFEConvolveMatrixElement-dom-targetY-attr.html
 svg/dynamic-updates/SVGFEConvolveMatrixElement-svgdom-targetX-prop.html
 svg/dynamic-updates/SVGFEConvolveMatrixElement-svgdom-targetY-prop.html

with https://codereview.chromium.org/2104943005 applied.

BUG=231560

Review-Url: https://codereview.chromium.org/2124583002
Cr-Commit-Position: refs/heads/master@{#403814}
mostynb
remove duplicate friend declaration
This unbreaks GCC builds after https://codereview.chromium.org/2036403002

BUG=587025
TBR=lfg@chromium.org, dcheng@chromium.org

Review-Url: https://codereview.chromium.org/2121953003
Cr-Commit-Position: refs/heads/master@{#403795}
rune
Don't schedule wholeSubtreeInvalid sets.
The StyleInvalidator asserts if we scheduled such sets. Mark element
for SubtreeStyleChange instead.

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=624607

Review-Url: https://codereview.chromium.org/2106063007
Cr-Commit-Position: refs/heads/master@{#403663}
rune
Skip scheduling sibling invalidation based on direct adjacent count.
When scheduling sibling invalidation sets for sibling insertion/removal
we schedule sets for N preceding siblings where N is the maximum number
of consecutive direct adjacent combinators, or infinite for indirect
adjacent combinators.

However, the further left of the mutation we schedule, the more direct
adjacent combinators are required to affect siblings following the
mutation. The maximum adjacent number is stored for every sibling
invalidation set, which means we can drop scheduling the set if that
count is too low.

Example:

Selectors:

  .a + div + div + span {}
  .b + span {}
  .c + span {}

Siblings:

  div.x div.a div.b div.c div#remove span

When removing #remove we start scheduling sibling invalidations for
div.c which needs at least one adjacent combinator to reach the span or
any subsequent elements. div.b needs at least two, and so on. For the
case above, we schedule the set for .c, but not for .b since the max
adjacent combinator count for .b is 1 and it needs to be at least 2.
.a needs to have at least 3, which is the case, so we schedule the set
for .a. We never consider the div.x element because the max adjacent
combinator count for the document is 3.

R=esprehn@chromium.org
BUG=624782

Review-Url: https://codereview.chromium.org/2116503002
Cr-Commit-Position: refs/heads/master@{#403530}
fs
Relocate tests from fast/svg/ to svg/
Some files are renamed to avoid name clashes on case-insensitive
file-systems:

 svgangle.html  => svgangle-units.html
 svglength.html => svglength-units.html
 svglist.html   => svglist-basic-interface.html

(The last one did not actually clash, but was renamed for easier
 differentiation.)

BUG=625231

Review-Url: https://codereview.chromium.org/2118903003
Cr-Commit-Position: refs/heads/master@{#403511}
fs
Fold fast/svg/script-tests/animation-events.js into the test using it
There's only one test using this "framework", so fold it into the test
itself. Move the result to svg/animation/.

Straight copy of the .js file into the .html file. Whitespace is adjusted
and some redundant things are removed (';' and <div>.)

BUG=625231

Review-Url: https://codereview.chromium.org/2112373002
Cr-Commit-Position: refs/heads/master@{#403510}
sigbjornf
Robustify Internals entry points against detached uses.
Fuzzers generate pointless overhead using these test-only methods from
frame-detached contexts. Add required nullchecks throughout.

Simple test case for each of these entry points (w/ --run-layout-test):

 <a href="javascript:'replaced'" id=anchor>click</a>
 <script>
 anchor.click();
 internals.someMethod();
 console.log('no crash');
 </script>

R=
BUG=624549

Review-Url: https://codereview.chromium.org/2109613007
Cr-Commit-Position: refs/heads/master@{#403421}
rune
0 -> nullptr for UseCounter pointer in CSSParserContext.
I repeatedly find myself looking for constructors taking flags through
unsigned before realizing this is actually a pointer.

Review-Url: https://codereview.chromium.org/2101143005
Cr-Commit-Position: refs/heads/master@{#403256}
fs
Use a converter for -webkit-clip-path
Add StyleBuilderConverter::convertClipPath and use it for computing
the ClipPathOperation.

BUG=610854

Review-Url: https://codereview.chromium.org/2105383002
Cr-Commit-Position: refs/heads/master@{#403153}
rune
Optimize style recalc when adding @keyframes.
We only need to recalculate the elements with running animations unless
we tried to find an @keyframes rule and couldn't, for which we fall
back to a full document recalc.

The motivation for doing this is that the current WIP for issue 567021
shows that we're still getting full document recalcs due to the
presence of @keyframes rules.

R=dstockwell@chromium.org,alancutter@chromium.org
BUG=623911,567021

Review-Url: https://codereview.chromium.org/2105743002
Cr-Commit-Position: refs/heads/master@{#403118}
fs
Wire up invalidation for flood-{color,opacity} on <feDropShadow>
Make sure to call primitiveAttributeChanged() for this element and
property combination. Implement the required infrastructure in
SVGFEDropShadowElement::setFilterEffectAttribute and FEDropShadow.

Because of an issue with SVGTestCase.js the tests below would not
previously fail as expected. That is being addressed by the CL at
https://codereview.chromium.org/2104943005.

TEST=svg/dynamic-updates/SVGFEDropShadowElement-dom-shadow-color-attr.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-dom-shadow-opacity-attr.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-svgdom-shadow-color-prop.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-svgdom-shadow-opacity-prop.html
BUG=231560

Review-Url: https://codereview.chromium.org/2112563002
Cr-Commit-Position: refs/heads/master@{#403025}
fs
Notify context element after changes in SVGPreserveAspectRatioTearOff
Without this the associated LayoutObject will not be notified of the
change.

TEST=svg/dynamic-updates/SVGFEImageElement-svgdom-preserveAspectRatio-prop.html
TEST=svg/dynamic-updates/SVGImageElement-svgdom-preserveAspectRatio-prop.html
BUG=231560

Review-Url: https://codereview.chromium.org/2108333002
Cr-Commit-Position: refs/heads/master@{#402960}
fs
Move ClipPathOperation.h to core/style/
This is stored as part of ComputedStyle, so style/ seems a better fit
than layout/.

BUG=610854

Review-Url: https://codereview.chromium.org/2108213002
Cr-Commit-Position: refs/heads/master@{#402935}
sigbjornf
Tidy CrossThreadCopier.h inclusion.
This header file declares a set of types as being cross-copiable; avoid
bringing in all of Oilpan for its two cross-thread persistent types.

Tidy up some downstream header files which were implicitly depending on
Oilpan being included here.

R=
BUG=597856, 624419

Review-Url: https://codereview.chromium.org/2104283002
Cr-Commit-Position: refs/heads/master@{#402823}
rune
Schedule sibling invalidation sets for sibling insert/remove.
Invalidation sets have been used only for changes which do not alter the
tree structure, like changing id, class names, other attributes, and
pseudo states. For dom tree changes, style invalidation relies on attach
and detach of the layout tree for the inserted/removed element. For
subsequent siblings of inserted/removed elements, we have been marking
siblings for subtree recalc (when we know we have tried to match
adjacent combinators on one of the siblings before) based on the maximum
number of consecutive direct adjacent combinators or all subsequent
siblings for indirect adjacent combinators.

This CL starts using sibling invalidation sets on siblings instead of
doing subtree recalcs.

The following properties of invalidation sets affected how this
implementation was done:

* Even though we invalidate descendants/siblings based on tag names, we
  don't have invalidation sets for tag names as elements do not change
  tag names dynamically. For inserted/removed elements, we could have
  used invalidation sets for tag names. Take the selector "div + span".
  If we remove a div we could have scheduled an invalidation set for div
  which invalidates a span sibling.

* Invalidation sets for simple selectors and their negated versions, for
  instance ".a" and ":not(.a)", share invalidation sets and they may do
  so because invalidation sets have been applied when they change. That
  is, "a" is either part of old or the new class attribute when the
  invalidation set needs to be scheduled. When removing/inserting
  elements, a selector like ":not(.a) + .b" will need to schedule a
  sibling for ".a" for all elements not having the class "a".

* Consider the selector "* + .a". We have to schedule a sibling
  invalidation for any inserted/removed element to invalidate a sibling
  with class "a". However, invalidation set construction has only
  created an invalidation set for ".a" with the invalidateSelf flag set.

For this CL, we create a single universal sibling invalidation set to
handle the cases above. In fact this CL only do sibling invalidations on
element insert/remove for id, class, and attribute in addition to
scheduling the universal sibling invalidation set. Also, we skip
selector lists (that is, :not() and :-webkit-any() as :host()
:host-context() and :slotted() never match when followed by an adjacent
combinator).

For the following set of selectors:

  :not(.a) + .b + .c
  #x:not(.a) + .d
  div + span
  :-webkit-any(.x) + .f .g

We end up with the following universal sibling invalidation set with the
descendant invalidation set, containing ".g", to the right.

  { .c, span, .f, invalidatesSelf } => { .g }

Note that if a compound contains both :not() and for instance an id
selector, we will not add it to the universal sibling invalidation set
as we can properly invalidate ".d" siblings above using the invalidation
set for "#x".

== Scheduling sibling invalidations

For changes not modifying the tree, we schedule sibling invalidation
sets on the changed element and invalidate the siblings with descendant
sets during the invalidation process. When removing an element, however,
the element is not left in the tree, so we need to associate the
invalidation set with another element.

When we remove an element, we instead schedule the sibling invalidation
set, and the sibling invalidation set's descendant set, as descendant
invalidation sets on the parent element or shadow root.

Likewise for inserting an element. When inserting an element, we have
elements to schedule the sibling sets on, but the sets would need to be
scheduled on elements further to the right in the sibling list in order
to reach the siblings we needed to invalidate. Also, they would have to
be moved further right on subsequent insertions.

== The effect on amazon.com

This CL gets rid of all post-page-load full recalcs before you start
interacting with the page. The full recalcs after you start interacting
needs to be investigated further.

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=542082

Review-Url: https://codereview.chromium.org/2089063005
Cr-Commit-Position: refs/heads/master@{#402770}
rune
Mark stylesheet as having media queries at consume time.
Marking the stylesheet as having media queries for @media at insertion
time meant we didn't mark the stylesheet when @media was a child rule
of another @-rule like @supports. Instead do the marking from the
consume method like we already did for @font-face rules.

Removed unnecessary marking from insertion methods and an unnecessary
boolean parameter which was always true.

R=timloh@chromium.org
BUG=621502

Review-Url: https://codereview.chromium.org/2081893003
Cr-Commit-Position: refs/heads/master@{#402766}
ckulakowski
Fix for cross compiling 32bit linux on 64bit host machine
Right now when custom sysroot is provided as gn parameter (target_sysroot)
only 32 bit custom sysroot will be used. 64 bit sysroot (which is also needed
by 32 bit build by - for example - protobuf) is expected to be found in default
location. This change adds possibility to provide path to directory containing
both sysroots for linux (32 bit and 64 bit).

BUG=622616

Review-Url: https://codereview.chromium.org/2096323002
Cr-Commit-Position: refs/heads/master@{#402742}
sigbjornf
Handle cross-thread weak persistents during global weak processing.
r401880 changed the handling of weak persistents, clearing
and releasing their underlying PersistentNodes once their
weak references point to otherwise unreferenced objects.

However, performing that weak processing step cannot reliably
be done as part of thread-local weak processing if the
weak persistent is a CrossThreadWeakPersistent<T> (CTWP) as the
object it refers to may reside on a different thread's heap than
where the CTWP resides. If both locations need to be accessed,
doing that as part of thread-local weak processing is too
late and unsafe.

Instead we process the cross-thread weak persistents along with the
'weak cells' during global weak processing. WeakPersistent<>s are
still handled during thread-local weak processing.

R=
BUG=623985

Review-Url: https://codereview.chromium.org/2106863003
Cr-Commit-Position: refs/heads/master@{#402734}
sigbjornf
Disable HeapTest.TraceDeepEagerly for Android targets.
This test is heavy on allocation and considered too slow to be
running w/ asserts enabled. Disable it entirely for Android,
as the overhead is bogging down bots too much.

R=
BUG=623779

Review-Url: https://codereview.chromium.org/2101363002
Cr-Commit-Position: refs/heads/master@{#402470}
sigbjornf
Allow lazy removal of (context) lifecycle observers while stopping.
r402141 imposed the restriction on ContextLifecycleObservers behavior
during stop() notifications of no longer being allowed to remove
observers while handling stop(). That constraint enables iteration
to be handled without allocating a snapshot of the observer set.

That restriction proves too constraining for media elements indirectly
holding onto AssociatedURLLoader objects while being stopped
(see associated bug for info.) Consequently, we allow observer removals
while keeping observer set iteration safe & allocation-free -- removals
are recorded while iterating, and removed in one go afterwards.

This is only done for notifyStoppingActiveDOMObjects(), as the other
notifications over context lifecycle observers do not require this
flexibility.

R=
BUG=623755

Review-Url: https://codereview.chromium.org/2109553002
Cr-Commit-Position: refs/heads/master@{#402445}
sigbjornf
Fix DUMP_NODE_STATISTICS compilation.
R=
BUG=

Review-Url: https://codereview.chromium.org/2099183003
Cr-Commit-Position: refs/heads/master@{#402406}
sigbjornf
Retire http/tests/htmlimports/redirect.html leak exemption.
Back to normal, retire expectation.

TBR=yoichio
BUG=366477
NOTRY=true

Review-Url: https://codereview.chromium.org/2096373002
Cr-Commit-Position: refs/heads/master@{#402152}
sigbjornf
Avoid snapshotting ContextLifecycleObservers when iterating.
To allow safe iteration over the set of ExecutionContext observers,
a snapshot of the set was taken before iterating over it. So as to
allow observers to unregister themselves while being notified.

Apart from PostMessageTimer unregistering itself while being stop()ed,
the ContextLifecycleObservers do not mutate the observer set, hence
we can avoid the snapshot step and iterate directly over the observers.
Attempts to remove an observer while iterating is caught and
asserted for.

As the observer set is a set of weak references, some care is needed
to keep those references strong while iterating. That and other details
surrounding observer iteration is now handled by the auxiliary scope object
LifecycleNotifier<>::IterationScope.

Should the constraint of not being allowed to remove observers while
iterating prove too cumbersome, supporting lazy removal of observers
(post iteration) would be straightforward.

R=
BUG=451132

Review-Url: https://codereview.chromium.org/2094143002
Cr-Commit-Position: refs/heads/master@{#402141}
rune
Move preferred stylesheet set out of active sheet update.
There are two reasons for this:

1. In preparation for async active stylesheet update, in which case
   setting the preferred stylesheet set would otherwise be happening
   too late.

2. Doing it during the active stylesheet update means only the
   alternate stylesheets following the link with the title setting the
   preferred sheet set would be enabled appropriately. crbug.com/621479

This CL is split out of https://codereview.chromium.org/1913833002

R=timloh@chromium.org
BUG=567021,621479

Review-Url: https://codereview.chromium.org/2079303002
Cr-Commit-Position: refs/heads/master@{#402139}
sigbjornf
Remove unnecessary finalization of IDBObserver classes.
IDBObserver and IDBObserverChanges do not need to be finalized,
nor have user-defined empty destructors.

R=
BUG=609934

Review-Url: https://codereview.chromium.org/2098243002
Cr-Commit-Position: refs/heads/master@{#402117}
rune
Don't create m_style for option element in display:none subtree.
Instead create a ComputedStyle on demand in rare data like we do for
other display:none elements. This caused out-of-date computed style for
option elements in display:none subtrees because recalcOwnStyle is
skipped for elements without a parentComputedStyle().

R=tkent@chromium.org
BUG=621965

Review-Url: https://codereview.chromium.org/2095973002
Cr-Commit-Position: refs/heads/master@{#402095}
perja
On Android there is no notification when a device is lost. This change keeps track of when a device was last seen and removes outdated devices.
This was already implemented for OSX and the code has been moved to make it accessible to Android as well.

BUG=581544

Review-Url: https://codereview.chromium.org/1842223003
Cr-Commit-Position: refs/heads/master@{#401940}
sigbjornf
Completely clear weak persistent references.
If weak processing determines that a WeakPersistent<T> is now pointing
to an otherwise unreferenced object, clear out and deallocate its
underlying PersistentNode.

We previously would only clear the persistent reference, but keep the
PersistentNode. This would lead to imprecise counts of live persistents,
potentially triggering false asserts of leaking persistents during thread
termination GCs.

R=
BUG=

Review-Url: https://codereview.chromium.org/2094973002
Cr-Commit-Position: refs/heads/master@{#401880}
fs
Update baselines for svg/text/text-viewbox-rescale.html
Incorporate changes from https://codereview.chromium.org/1920833002.

TBR=pdr@chromium.org
BUG=603956

Review-Url: https://codereview.chromium.org/2085413003
Cr-Commit-Position: refs/heads/master@{#401584}
sigbjornf
gn: add Blink GC plugin options
The Blink GC clang plugin supports a couple of extra options which the
Blink GN configuration does not currently expose. Do so here, but without
depending on the 'flags' script used by the gyp build system
(tools/clang/scripts/blink_gc_plugin_flags.py).

Specifically, this adds the following Blink GN variables:

 - blink_gc_plugin_option_do_dump_graph [ = false ]
     emit JSON-serialized representation of class graph.
 - blink_gc_plugin_option_warn_unneeded_finalizer [ = false ]
     warn of unnecessary destructor usage.

TBR=thakis
BUG=

Review-Url: https://codereview.chromium.org/2097433002
Cr-Commit-Position: refs/heads/master@{#401568}
fs
Update expectations for crbug.com/621915
These tests no longer appear flaky:

 svg/custom/createImageElement2.xhtml
 svg/custom/pointer-events-image.svg
 svg/custom/pointer-events-image-css-transform.svg

TBR=pdr@chromium.org
BUG=621915

Review-Url: https://codereview.chromium.org/2097443002
Cr-Commit-Position: refs/heads/master@{#401566}
sigbjornf
gn: define and use clang_base_path
Replace uses of "//third_party/llvm-build/Release+Asserts"
with the configurable option clang_base_path.

TBR=thakis
BUG=

Review-Url: https://codereview.chromium.org/2088373002
Cr-Commit-Position: refs/heads/master@{#401551}
fs
Fix Mac10.9 baselines for two svg/custom/ tests
Remove incorrect baselines for:

 svg/custom/createImageElement2.xhtml
 svg/custom/pointer-events-image.svg

TBR=pdr@chromium.org
NOTRY=true
BUG=621915

Review-Url: https://codereview.chromium.org/2082253004
Cr-Commit-Position: refs/heads/master@{#401387}
sigbjornf
Add ASan exemption when iterating cross-thread-persistents.
When running a termination GC or tracing, the set/region of live
CrossThreadPersistent nodes are iterated over, checking if the objects
they point to belong to the current thread.

As heap objects can have CrossThreadPersistent<> fields, it is possible
for there to be CrossThreadPersistent nodes which point back to heap
objects about to be swept. When ASan is enabled, the page sweeping takes
care of poisioning all to-be-swept objects first.

The combination of the above two means that persistent iteration can
try to inspect one of these poisoned objects, which will trigger an
ASan error. The persistent will not be further used, as it doesn't
belong to the thread. To accommodate this, we do disable ASan while
performing the object lookup while iterating the CrossThreadPersistent
node set.

R=
BUG=620754

Review-Url: https://codereview.chromium.org/2087253002
Cr-Commit-Position: refs/heads/master@{#401354}
fs
Deflake svg/custom/createImageElement2.xhtml
Need to wait for the image to load before ending the test.

BUG=621915

Review-Url: https://codereview.chromium.org/2086383002
Cr-Commit-Position: refs/heads/master@{#401347}
fs
Deflake svg/custom/pointer-events-image*.svg
Rewrite these two tests (which are essentially the same, modulo a
transform) to first wait for all the images to load, and then perform
all the clicks.

BUG=621915

Review-Url: https://codereview.chromium.org/2088733006
Cr-Commit-Position: refs/heads/master@{#401343}
fs
Update/tighten expectations for crbug.com/552433
Passing after getting updated baselines:

 svg/dom/length-list-parser.html
 svg/transforms/text-with-pattern-with-svg-transform.svg

Failing (a few pixels differ) on Win7 Debug:

 svg/W3C-SVG-1.1/coords-units-02-b.svg

TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2090553002
Cr-Commit-Position: refs/heads/master@{#401270}
perja
bluetooth: android: removed duplicate restart of scanning.
This is a followup fix to commit 3a38a46. There is no need to restart the search in this callback as this will be done from native code (BluetoothChooserAndroid::SetAdapterPresence).

BUG=543060

Review-Url: https://codereview.chromium.org/2065893002
Cr-Commit-Position: refs/heads/master@{#401257}
mostynb
content/public/common should depend on the mojo_bindings target
Rather than the mojo_bindings_mojom target, which exports sources, and
causes multiple definition errors in component builds.

Followup to https://codereview.chromium.org/2089823002

BUG=622076
TBR=jam@chromium.org,rockot@chromium.org

Review-Url: https://codereview.chromium.org/2088163002
Cr-Commit-Position: refs/heads/master@{#401230}
fs
Common up SVG transform "change detection" (classification)
This moves the transform change classification to a helper class
(SVGTransformChangeDetector) and move
LayoutSVGContainer::TransformChange along with it, renaming it to
SVGTransformChange.

BUG=603956

Review-Url: https://codereview.chromium.org/2086583004
Cr-Commit-Position: refs/heads/master@{#401111}
sigbjornf
Stop PingLoader's cancellation timer early.
If the ping completed, stop the loader's cancellation timer.

R=japhet
BUG=

Review-Url: https://codereview.chromium.org/2083023002
Cr-Commit-Position: refs/heads/master@{#401068}
fs
Reland of "Remove redundant "layout size changed" state from LayoutSVGRoot"
In LayoutSVGRoot::layout, two slightly different "layout size changed"
values are computed - one which is used for propagation to children
via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
(|m_isLayoutSizeChanged|), and one which is used to mark direct
descendant children (local |layoutSizeChanged|).
Ultimately their use is the same though, so only using the more narrow
predicate for both of these cases should yield the same result.
It also has the side-effect of making it more obvious that changes to
layout-size is only of interest when there exist clients of the SVG
root that have relative lengths.

BUG=603956

Review-Url: https://codereview.chromium.org/2065093002
Cr-Commit-Position: refs/heads/master@{#400987}
fs
Rebaseline svg/dom/length-list-parser.html
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2083983003
Cr-Commit-Position: refs/heads/master@{#400976}
fs
Rebaseline svg/W3C-SVG-1.1/coords-units-02-b.svg
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2088733003
Cr-Commit-Position: refs/heads/master@{#400971}
fs
Rebaseline svg/transforms/text-with-pattern-with-svg-transform.svg
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2080243004
Cr-Commit-Position: refs/heads/master@{#400970}
fs
Rebaseline svg/hixie/perf/006.xml
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2082963002
Cr-Commit-Position: refs/heads/master@{#400961}
fs
Avoid using forced layout to trigger paint invalidation for SVG containers
Currently, SVG containers in the LayoutObject hierarchy force layout of
their children if the transform changes. The main reason for this is to
trigger paint invalidation of the subtree. In some cases - changes to the
scale factor - there are other reasons to trigger layout, like computing
a new scale factor for <text> or re-layout nodes with non-scaling stroke.

Compute a "scale-factor change" in addition to the "transform change"
already computed, then use this new signal to determine if layout should
be forced for the subtree. Trigger paint invalidation using the
LayoutObject flags instead.

The downside to this is that paint invalidation will walk into "hidden"
containers which rarely require repaint (since they are not technically
visible). This will hopefully be rectified in a follow-up CL.

For the testcase from 603850, this essentially eliminates the cost of
layout (from ~350ms to ~0ms on authors machine; layout cost is related
to text metrics recalculation), bumping frame rate significantly.

BUG=603956,603850

Review-Url: https://codereview.chromium.org/1996543002
Cr-Commit-Position: refs/heads/master@{#400950}
sigbjornf
Delay resetting image animation, if possible.
When the last client of an ImageResource removes itself, the animations
of the image is explicitly reset. That resetting can happen either while
finalizing objects after a GC or as part of other explicit removals of
ImageObserver clients.

Having that reset happen as part of a garbage collection is interacting badly
with code in the middle of updating animations (which happen to trigger a
conservative GC.) So, to avoid introducing such abrupt & harmful resets, delay
the reset'ing until back at the event loop (and the animations update step
having completed.)

R=
BUG=613709, 581546

Review-Url: https://codereview.chromium.org/2004263003
Cr-Commit-Position: refs/heads/master@{#400934}
sigbjornf
Clean up WeakIdentifierMap<> implementation.
Avoid (literal) code duplication between (non)GC versions
of WeakIdentifierMap<>.

Other changes (for the GC version):

  - Do not separately allocate the HeapHashMap<>s, but keep these
    as part objects on WeakIdentifierMap<> instead.
  - Support explicit removal (via notifyObjectDestroyed()).

R=
BUG=

Review-Url: https://codereview.chromium.org/2086643002
Cr-Commit-Position: refs/heads/master@{#400907}
rune
Reject invert for outline-color at parse time.
We don't support invert as outline-color, so we should drop it at parse
time as per spec[1]. Added test to check that the initial value of
outline-color is the computed value of currentColor.

Gecko also drops declarations with invert for outline-color.

[1] https://drafts.csswg.org/css2/ui.html#value-def-invert

R=timloh@chromium.org
BUG=620399

Review-Url: https://codereview.chromium.org/2081633002
Cr-Commit-Position: refs/heads/master@{#400902}
fs
Update baselines for svg/filters/filter-refresh.svg
TBR=pdr@chromium.org
NOTRY=true
BUG=613441

Review-Url: https://codereview.chromium.org/2086713002
Cr-Commit-Position: refs/heads/master@{#400818}
fs
Unprefix the CSS 'filter' property
Parse 'filter' in the same way as '-webkit-filter', and make the latter
an alias of the former.
For SVG content, only the "url(...)" function is allowed still, with the
exception of the outermost <svg> (LayoutSVGRoot), since that "has a box".

Update tests to use 'filter' where reasonable and applicable.

Intent to Ship: https://groups.google.com/a/chromium.org/d/topic/blink-dev/ZVT2kxuFMaA/discussion

Based on https://codereview.chromium.org/1987943002 by noel@chromium.org.

BUG=613441,618160,550249,535786,244295,109224

Review-Url: https://codereview.chromium.org/2065593002
Cr-Commit-Position: refs/heads/master@{#400752}
mostynb
add some missing power_save_blocker gyp deps
Followup to https://codereview.chromium.org/2075153002

BUG=612337, 612563, 257943

Review-Url: https://codereview.chromium.org/2073393002
Cr-Commit-Position: refs/heads/master@{#400723}
mostynb
skip neon intrinsics in libpng when neon is not available
Followup to https://codereview.chromium.org/2021403002

BUG=599917, 618061

Review-Url: https://codereview.chromium.org/2074363002
Cr-Commit-Position: refs/heads/master@{#400714}
sigbjornf
GC plugin: improve error reporting when tracing illegal fields.
Add detection of trace() calls over smart pointer types that either do not
wrap up references to heap objects, or are otherwise not meant to be traced
over. In particular, CrossThread(Weak)Persistent<T> fields are now detected
as being illegal to trace over. Also consider OwnPtr<T>, RefPtr<T> and
std::unique_ptr<T> as illegal to trace over & emit a more concise error
messages for these.

R=
BUG=619149

Committed: https://crrev.com/3ba6089cd6a901b62ff5a0d8f08a2bd818edcbe8
Review-Url: https://codereview.chromium.org/2060553002
Cr-Original-Commit-Position: refs/heads/master@{#399861}
Cr-Commit-Position: refs/heads/master@{#400653}
fs
Revert of Remove redundant "layout size changed" state from LayoutSVGRoot (patchset #1 id:1 of https://codereview.chromium.org/2065093002/ )
Reason for revert:
Possible cause of crbug.com/620228

Original issue's description:
> Remove redundant "layout size changed" state from LayoutSVGRoot
>
> In LayoutSVGRoot::layout, two slightly different "layout size changed"
> values are computed - one which is used for propagation to children
> via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
> (|m_isLayoutSizeChanged|), and one which is used to mark direct
> descendant children (local |layoutSizeChanged|).
> Ultimately their use is the same though, so only using the more narrow
> predicate for both of these cases should yield the same result.
> It also has the side-effect of making it more obvious that changes to
> layout-size is only of interest when there exist clients of the SVG
> root that have relative lengths.
>
> BUG=603956
>
> Committed: https://crrev.com/30770a70834c73670884f0de91bb7624df0ba003
> Cr-Commit-Position: refs/heads/master@{#399791}

TBR=pdr@chromium.org,schenney@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=603956

Review-Url: https://codereview.chromium.org/2071953004
Cr-Commit-Position: refs/heads/master@{#400411}
mostynb
remove leftover forward declaration of OnscreenDisplayClient
BUG=487471
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2079513002
Cr-Commit-Position: refs/heads/master@{#400267}
sigbjornf
Remove unnecessary MemberHash<> templates.
Directly define the hash traits of all heap reference template types
(Member<T> - or Persistent<T>-derived) in terms of MemberHash<T>,
and avoid introducing ad-hoc templates for these.

Add missing (CrossThread)WeakPersistent<T> hash traits also.

R=
BUG=

Review-Url: https://codereview.chromium.org/2067223005
Cr-Commit-Position: refs/heads/master@{#400155}
joleksy
Align the Mac Omnibox items vertically again
OmniboxViewMac::GetBoldFieldFont() needs to request a bold font, then make it larger. Resource bundle will do the opposite, which makes a large system normal font a non-system bold font. That gives a different baseline to making the non-system bold font larger. And while the omnibox locks the baseline in ApplyTextStyle(), OmniboxPopupCellData does not.

BUG=617144

Review-Url: https://codereview.chromium.org/2068163002
Cr-Commit-Position: refs/heads/master@{#400144}
sigbjornf
GC plugin: improve error reporting when tracing illegal fields.
Add detection of trace() calls over smart pointer types that either do not
wrap up references to heap objects, or are otherwise not meant to be traced
over. In particular, CrossThread(Weak)Persistent<T> fields are now detected
as being illegal to trace over. Also consider OwnPtr<T>, RefPtr<T> and
std::unique_ptr<T> as illegal to trace over & emit a more concise error
messages for these.

R=
BUG=619149

Review-Url: https://codereview.chromium.org/2060553002
Cr-Commit-Position: refs/heads/master@{#399861}
sigbjornf
Allow prolonged CanvasAsyncBlobCreator lifetime, avoid indirect leaks.
Weakly keeping this async object to avoid resource leaks is problematic
(r399445 + r399675), as the object must remain alive until completed.

Undo that experiment and instead keep the object alive until all its
posted tasks have been processed. But for the task that wins and
is processed first, have it clear out the heap references that
would otherwise keep heavy objects alive.

R=
BUG=

Review-Url: https://codereview.chromium.org/2065913003
Cr-Commit-Position: refs/heads/master@{#399856}
fs
Remove redundant isLayoutSizeChanged check in LayoutSVGText::layout
SVGLayoutSupport::layoutChildren takes care to propagate the needs for
metrics updates via the |screenScalingFactorChanged| and
|layoutSizeChanged| arguments.

BUG=603956

Review-Url: https://codereview.chromium.org/2061793003
Cr-Commit-Position: refs/heads/master@{#399796}
fs
Remove redundant "layout size changed" state from LayoutSVGRoot
In LayoutSVGRoot::layout, two slightly different "layout size changed"
values are computed - one which is used for propagation to children
via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
(|m_isLayoutSizeChanged|), and one which is used to mark direct
descendant children (local |layoutSizeChanged|).
Ultimately their use is the same though, so only using the more narrow
predicate for both of these cases should yield the same result.
It also has the side-effect of making it more obvious that changes to
layout-size is only of interest when there exist clients of the SVG
root that have relative lengths.

BUG=603956

Review-Url: https://codereview.chromium.org/2065093002
Cr-Commit-Position: refs/heads/master@{#399791}
asaka
gn BUILD fixes for disabling enable_extensions and use_ash feature flags.
BUG=

Review-Url: https://codereview.chromium.org/1950003002
Cr-Commit-Position: refs/heads/master@{#399693}
sigbjornf
Revert of Remove ineffective PendingScript prefinalizer (2nd attempt.) (patchset #1 id:1 of https://codereview.chromium.org/2060853002/ )
Reason for revert:
Canary crashes reported,

 https://bugs.chromium.org/p/chromium/issues/detail?id=615977#c12

Original issue's description:
> Remove ineffective PendingScript prefinalizer (2nd attempt.)
>
> With the missing case from r397106 aboard, retire the prefinalizer
> for PendingScript. Script loader and runner objects are expected
> to explicitly dispose of these upon success or failure.
>
> R=
> BUG=
>
> Committed: https://crrev.com/fbf7f01ae80f666a5b37acf0ef38fd174443787f
> Cr-Commit-Position: refs/heads/master@{#399504}

TBR=haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2069573002
Cr-Commit-Position: refs/heads/master@{#399691}
sigbjornf
Have CanvasAsyncBlobCreator's delayed task keep a weak |this| also.
Followup r399445 and dually have the delayed task that's
posted to check if the idle task has gone ahead, also keep
a weak |this| reference. The non-winning CanvasAsyncBlobCreator
posted main thread tasks can safely be cancelled & dropped if
a GC happens to go ahead.

R=
BUG=

Review-Url: https://codereview.chromium.org/2069533002
Cr-Commit-Position: refs/heads/master@{#399675}
robertn
Clear the SharedBuffer when clearing the image
Previously, in the case of the image failing to be decoded, the buffer
was cleared because error() was called. This was changed in the
following patch:

 https://chromium.googlesource.com/chromium/src/+/61e34ff7dd4ac48b8c4275eb3f541ebfb8a50266%5E%21/

The patch changes it so that only clear() is called, which does not
clear the m_data buffer. This patch changes clear() to also clear the
buffer.

BUG=

Review-Url: https://codereview.chromium.org/2060193002
Cr-Commit-Position: refs/heads/master@{#399668}
sigbjornf
gc plugin: remove ScriptWrappable destructor special case.
With Blink having exited its Oilpan transition phase, no need for the
plugin to catch & allow GarbageCollected<>-derived classes that also
derive from ScriptWrappable (but could safely not provide a destructor.)

Remove the unused IsRawPtr(name), IsDummyBase(name) predicates, as well.

R=
BUG=

Review-Url: https://codereview.chromium.org/2061143002
Cr-Commit-Position: refs/heads/master@{#399667}
fs
Rename StyleLayoutData to StyleGeometryData
The term 'geometry' better matches what is stored here (and is also more
in line with the SVG spec chapter [1] that defines most of the properties
here.)
Rename the SVGComputedStyle::layout field to 'geometry' to match.

This is a mechanical rename-only CL, with the exception of some
additional whitespace fixups.

[1] https://svgwg.org/svg2-draft/geometry.html ("Geometry Properties")

BUG=603956

Review-Url: https://codereview.chromium.org/2066563002
Cr-Commit-Position: refs/heads/master@{#399649}
sigbjornf
Remove ineffective PendingScript prefinalizer (2nd attempt.)
With the missing case from r397106 aboard, retire the prefinalizer
for PendingScript. Script loader and runner objects are expected
to explicitly dispose of these upon success or failure.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060853002
Cr-Commit-Position: refs/heads/master@{#399504}
sigbjornf
Have CanvasAsyncBlobCreator speculative idle tasks keep a weak 'this'.
If image encoding should be attempted done via idle tasks,
CanvasAsyncBlobCreator schedules an idle task along with a delayed
task on the main thread to check if the idle task has been scheduled
before too long. If not, the delayed task will handle the encoding
instead (still on the main thread.)

The idle tasks represent opportunistic work, and should not keep the
CanvasAsyncBlobCreator alive until they eventually do get to run.
Consequently, make them keep a weak 'this' reference.

This addresses leaks exposed by r399181.

R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2060153002
Cr-Commit-Position: refs/heads/master@{#399445}
sigbjornf
Promptly release cross-thread websocket bridge/proxy references
To prevent other threads using cross-thread persistents from accessing
to-be-finalized websocket Peer and Bridge abstractions, promptly free
them on becoming garbage. Delaying this until lazy sweeping runs risks
(benignly) touching poisoned objects.

R=
BUG=619373

Review-Url: https://codereview.chromium.org/2064633002
Cr-Commit-Position: refs/heads/master@{#399442}
sigbjornf
Move SourceRange and CSSPropertySourceData classes off-heap.
SourceRange is a value/POD class that has no complex
sharing or lifetime handling associated with it. It does not
meet minimal requirements that we've now settled on for when
an object ought to be Oilpan managed -- doesn't have other
heap references nor sharing&lifetime issues that would benefit
from Oilpan use -- hence, we should move it off-heap.

With SourceRange off-heap, a number of classes that package up
SourceRanges in various ways can be converted to off-heap
classes also.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060433002
Cr-Commit-Position: refs/heads/master@{#399428}
sigbjornf
Make trace() over persistents private.
Persistent references register a trace callback with the underlying persistent
node, allowing the Blink GC to trace the persistent root set when marking.

Consequently, there's no need to expose their trace() methods as public
methods. Make them private and thereby disallow calling trace() from
Blink code.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060683002
Cr-Commit-Position: refs/heads/master@{#399423}
sigbjornf
Fix unsafe handling of part object in RuleFeatureSetTest.
The part object needs to be traced; the ad-hoc and unused
trace method used prevented GC plugin detection.

R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2063603002
Cr-Commit-Position: refs/heads/master@{#399416}
sigbjornf
Rename and improve "traceable" templates.
The NeedsTracing<T>::value expression would previously return true
if T had a trace() method or T == Member<U>. It would not be
true if T == WeakMember<U>; something that was convenient when
using NeedsTracing<> in connection with hash table backing stores,
needing to determine whether to trace the elements of the table, but
not if they were weak references & delegate that to weak processing.

As NeedsTracing<T> has grown an increasing number of uses besides
the handling of backing store tracing, where exempting WeakMember<>
makes no great sense, it is time to alter its meaning to accommodate
those uses better. And at the same time rename it to follow the various
other predicate templates we provide over types. So,

 NeedsTracing<T> => IsTraceable<T> (includes weak)
 NeedsTracingLazily<T> => IsTraceableInCollection<T> (excludes weak)
 NeedsTracingTrait<Trait> => IsTraceableInCollectionTrait<T>

Along with these changes, tidy up the static_assert() error messages in
a few places.

R=
BUG=

Review-Url: https://codereview.chromium.org/2065443002
Cr-Commit-Position: refs/heads/master@{#399389}
fs
Add use counter for parsing of filter functions with no arguments
Count before deciding the future for this, and related, "features".

BUG=618960

Review-Url: https://codereview.chromium.org/2051233003
Cr-Commit-Position: refs/heads/master@{#399378}
rune
Removed unnecessary mutable in SiblingData.
Seemingly no reason for this mutable anymore.

R=ericwilligers@chromium.org

Review-Url: https://codereview.chromium.org/2057093002
Cr-Commit-Position: refs/heads/master@{#399354}
sigbjornf
Drop unecessary use of CrossThreadPersistent by CanvasAsyncBlobCreator.
The callback object that the CanvasAsyncBlobCreator passes along to a
background thread can be kept as a simple Member<>; no need to
involve CrossThreadPersistent<> and risk inadvertently introducing
leaks.

R=
BUG=

Review-Url: https://codereview.chromium.org/2051993002
Cr-Commit-Position: refs/heads/master@{#399181}
fs
Clamp filter functions {grayscale, invert, opacity, sepia} to 100%
The spec says the following for these functions:

 "Values of amount over 100% are allowed but UAs must clamp the values
  to 1."

So do that rather than failing. This matches the behavior of Gecko and
Edge.

This fixes

http://test.csswg.org/suites/filters-1_dev/nightly-unstable/html/filter-grayscale-005.htm

from the CSS WG Filter Effects testsuite (w/ the property unprefixed.)

BUG=618607

Review-Url: https://codereview.chromium.org/2052883002
Cr-Commit-Position: refs/heads/master@{#399144}
fs
Clean up script-tests in css3/filters
Rewrite the parsing tests using
css-parser/resources/property-parsing-test.js and also use testharness
for the computed style test.

Drop css3/filters/filter-property.html since that is already covered by
the wider parsing tests. Also remove the template html file and inline
the scripts for effect-reference-reset-style-delete-crash.html [1] and
effect-reference-delete-crash.html, clearing out the script-tests sub-
directory.

[1] This test was actually referencing the
    effect-reference-delete-crash.js file, meaning it was a duplicate.

BUG=618607

Review-Url: https://codereview.chromium.org/2055733002
Cr-Commit-Position: refs/heads/master@{#399136}
sigbjornf
Remove unnecessary use of CrossThreadPersistent<>.
The CompositorMutatorImpl object that WebFrameWidgetImpl creates and
controls the lifetime of, should be referenced as a normal Member<>

R=
BUG=

Review-Url: https://codereview.chromium.org/2056833003
Cr-Commit-Position: refs/heads/master@{#399125}
fs
Move ReferenceFilterBuilder::build to FilterEffectBuilder
This function resolves a filter reference and then builds a filter
(sub)DAG for painting. Split it into the two fairly distinct parts,
leaving ReferenceFilterBuilder as a class that only does element
lookup/resolution, while the DAG-building takes place in
FilterEffectBuilder (with a little help from SVGFilterBuilder.)
Use the new function in SVGFilterPainter.

Also pass Element& to ReferenceFilterBuilder::build, and remove a
redundant null-check of ComputedStyle in
PaintLayer::updateOrRemoveFilterEffectBuilder (already checked by
paintsWithFilters and assumed later in the function.)

BUG=109224,533457

Review-Url: https://codereview.chromium.org/2044153002
Cr-Commit-Position: refs/heads/master@{#398866}
sigbjornf
Limit live Document tracking to debug builds.
liveDocumentSet() is only used by a debug entry point, so only extend
it on Document creation in debug builds.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2052583003
Cr-Commit-Position: refs/heads/master@{#398839}
rune
Make sure CSS agent messages flush before testing.
While working on updating active stylesheets as part of the style and
layout tree update in [1], two inspector tests started failing. The
reason was these tests rely on a console message to trigger a step in
the test after the active stylesheets have been pushed to the inspector
client. But even if the stylesheets were updated in InspectorCSSAgent
before the console message was sent, the console message arrived in the
client before the new active stylesheets. The reason was that the
console message is immediately flushed, while the messages from the
InspectorCSSAgent are lazily flushed from WebDevToolsAgentImpl::
didProcessTask.

I tried to force the active stylesheet update with a forced layout tree
update like this:

  document.documentElement.offsetTop;
  console.log(...);

But, due the console.log message being dispatched first as described
above, I ended up postponing the console.log with a rAF which means it
will run in a later task and the didProcessTask will trigger in between
to flush the active stylesheet message(s).

Note that this was not currently causing any failures. It's done in
preparation for landing changes for 567021 without breaking anything.

Looking at TestExpectations, I noticed crbug.com/597572, which might be
a similar issue.

[1] https://codereview.chromium.org/1913833002/

R=pfeldman@chromium.org,dgozman@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2049283002
Cr-Commit-Position: refs/heads/master@{#398825}
sigbjornf
Mark shouldMarkObject(), arenaForNormalPage() accessors as const.
Also remove some redundant checkHeader() asserts while doing a code
tidying pass.

R=
BUG=

Review-Url: https://codereview.chromium.org/2054673002
Cr-Commit-Position: refs/heads/master@{#398813}
sigbjornf
Simplify contextDestroyed() notifications.
With all lifetime observers now being managed by Oilpan, the
handling of the destruct notification can be made simpler.

R=
BUG=

Review-Url: https://codereview.chromium.org/2045703004
Cr-Commit-Position: refs/heads/master@{#398490}
fs
Drop FilterEffectBuilder::m_referenceFilters
The job of this Vector used to be to keep a reference to the nested
"reference" filters, to avoid them being destroyed. The entire filter
graph/chain is now on the GC heap, and traced via
FilterEffectBuilder::m_lastEffect, so this additional reference is of no
use.

Review-Url: https://codereview.chromium.org/2043013002
Cr-Commit-Position: refs/heads/master@{#398341}
sigbjornf
Clean up markClientsAndObserversFinished().
Simplify transferring a counted element entry from one set to another.

To do so, add generalized version of add() over HashCountedSet that lets
the caller specify a count.

R=
BUG=

Review-Url: https://codereview.chromium.org/2045883002
Cr-Commit-Position: refs/heads/master@{#398275}
mboc
Support underline on Linux again.
BUG=617055

https://codereview.chromium.org/1819753003/ accidentally removed
UNDERLINE style support on Linux. This CL fixes the issue.

Review-Url: https://codereview.chromium.org/2031223003
Cr-Commit-Position: refs/heads/master@{#398102}
rune
Remove unused InspectorFrontend declarations.
There seems to be nothing called InspectorFrontend. Removed unused
forward declarations for it and changed comments to say "frontend"
instead.

R=pfeldman@chromium.org,dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2046433002
Cr-Commit-Position: refs/heads/master@{#398080}
sigbjornf
Remove pre-Oilpan protections from LocalFileSystem.
R=
BUG=

Review-Url: https://codereview.chromium.org/2039713002
Cr-Commit-Position: refs/heads/master@{#398000}
sigbjornf
Improve the HeapListHashSet no-weakness static assert message.
Mention the alternate HeapLinkedHashSet<> if WeakMember<>s are
attempted used with HeapListHashSet<>; for non-trivial reasons,
we only support weakness with the former.

R=
BUG=614112

Review-Url: https://codereview.chromium.org/2034423002
Cr-Commit-Position: refs/heads/master@{#397999}
sigbjornf
Add documentation of SafePointBarrier internal state.
Renamed |m_canResume| to |m_parkingRequested| while doing so,
its (inverted) meaning seems clearer imho in this context.

R=
BUG=

Review-Url: https://codereview.chromium.org/2039793002
Cr-Commit-Position: refs/heads/master@{#397988}
fs
SVGFE{Spot,Distant,Point}LightElement can have non-SVGFE*Lighting parent
Replace ASSERT_NOT_REACHED with a return statement. We already
thoroughly check for valid parent type and only notify them if so.

BUG=518649

Review-Url: https://codereview.chromium.org/2031353002
Cr-Commit-Position: refs/heads/master@{#397941}
fs
Fix Win baselines for r397915
https://chromium.googlesource.com/chromium/src/+/81c0fc6d4

BUG=24826
TBR=robhogan@gmail.com

Review-Url: https://codereview.chromium.org/2040713002
Cr-Commit-Position: refs/heads/master@{#397927}
fs
Fix Win baselines for r397912
https://chromium.googlesource.com/chromium/src/+/59fd991c4

BUG=416535
TBR=chrishtr@chromium.org

Review-Url: https://codereview.chromium.org/2041613002
Cr-Commit-Position: refs/heads/master@{#397926}
sigbjornf
Update thread-local weak processing comments following r397904.
R=haraken
BUG=611702
NOTRY=true

Review-Url: https://codereview.chromium.org/2040703002
Cr-Commit-Position: refs/heads/master@{#397925}
fs
Updated Win10 baselines for SVG shape-rendering tests
 svg/custom/use-referencing-nonexisting-symbol.svg
 svg/custom/shape-rendering.svg

Baselines are the same as the Win7 ones.

TBR=pdr@chromium.org
BUG=614063

Review-Url: https://codereview.chromium.org/2036163002
Cr-Commit-Position: refs/heads/master@{#397923}
sigbjornf
Reset ThreadState weak callback stack before GCing.
In the event a thread gets to participate in more than
one GC before it manages to leave its safe point, clear
out its weak callback stack before initiating a new
GC. Otherwise we risk keeping around weak callbacks to
duplicate or dead objects.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2036803004
Cr-Commit-Position: refs/heads/master@{#397904}
fs
Reduce LayoutSVGResource*Gradient building dependency on GradientData
The buildGradient() method can just create and return a Gradient instead
of populating the GradientData struct it's being passed.
Also make calculateGradientTransform() use the return value rather than
an out variable, and make it const qualified. Make
platformSpreadMethodFromSVGType static and use Traversal<> sugar in
SVGGradientElement::buildStops.

BUG=614368

Review-Url: https://codereview.chromium.org/2031053004
Cr-Commit-Position: refs/heads/master@{#397763}
rune
Clear media query rulesets on page zoom changes.
Otherwise, resolution media queries won't update properly when page
zoom changes. Changing the deviceScaleFactor already did this. Also,
matchMedia listeners already worked.

BUG=617095

Review-Url: https://codereview.chromium.org/2038793002
Cr-Commit-Position: refs/heads/master@{#397697}
fs
Update Win7 baseline for fast/text/emoji-web-font.html
TBR=bashi@chromium.org
BUG=616969

Review-Url: https://codereview.chromium.org/2033403002
Cr-Commit-Position: refs/heads/master@{#397687}
sigbjornf
Shrink weak hash tables when adding elements, if needed.
Hash tables containing weak references tend to be asymmetrically
handled -- Blink "user code" will add elements to the hash table,
with the garbage collector taking care of removing references
to elements that have no other strong references to keep them
alive. The weak processing of hash tables isn't capable of
shrinking and allocate a new hash table backing store while
running, hence the table entries are only cleared.

Blink code will rarely do manual removals from these
collections, which gives the hash table no opportunity
to actually shrink the capacity of the backing store.
This can lead to hash tables with a very low load factor,
the majority of the entries be deleted and empty slots.

To allow for shrinking to happen over hash tables with
weak references, add() will check if shrinking is required.

R=
BUG=

Review-Url: https://codereview.chromium.org/2034883002
Cr-Commit-Position: refs/heads/master@{#397667}
fs
Revert of Switch WTF::find on LChar to use memchr. (patchset #1 id:1 of https://codereview.chromium.org/1948543004/ )
Reason for revert:
LSAN and MSAN bots appear unhappy:

http/tests/media/media-source/mediasource-is-type-supported.html

crash log for renderer (pid <unknown>):
STDOUT: <empty>
STDERR: =================================================================
STDERR: ==4==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000982af at pc 0x00000045811f bp 0x7fff2f309830 sp 0x7fff2f308fe0
STDERR: READ of size 5006 at 0x6030000982af thread T0 (content_shell)
STDERR:     #0 0x45811e in memchr ??:0
STDERR:     #1 0x3c5c419 in find third_party/WebKit/Source/wtf/text/StringImpl.h:532:9
STDERR:     #2 0x3c5c419 in find third_party/WebKit/Source/wtf/text/StringImpl.h:660:0
STDERR:     #3 0x3c5c419 in find third_party/WebKit/Source/wtf/text/WTFString.h:214:0
STDERR:     #4 0x3c5c419 in find third_party/WebKit/Source/wtf/text/WTFString.h:215:0
STDERR:     #5 0x3c5c419 in parameter third_party/WebKit/Source/platform/ContentType.cpp:50:0
STDERR:     #6 0x8d64b7d in isTypeSupported third_party/WebKit/Source/modules/mediasource/MediaSource.cpp:244:33
STDERR:     #7 0x9251198 in isTypeSupportedMethod ./out/Release/gen/blink/bindings/modules/v8/V8MediaSource.cpp:234:32
STDERR:     #8 0x9251198 in isTypeSupportedMethodCallback ./out/Release/gen/blink/bindings/modules/v8/V8MediaSource.cpp:239:0
STDERR:     #9 0x444b759 in Call v8/src/api-arguments.cc:16:3

(https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Linux_ASAN/24421/layout-test-results/results.html)

Original issue's description:
> Switch WTF::find on LChar to use memchr.
>
> BUG=607208
>
> Committed: https://crrev.com/c9f9af30569ac2cd353e234f569052db6ab436f4
> Cr-Commit-Position: refs/heads/master@{#397568}

TBR=thakis@chromium.org,jbroman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=607208

Review-Url: https://codereview.chromium.org/2036993002
Cr-Commit-Position: refs/heads/master@{#397664}
fs
Revert of ImageCapture: move mojom from WebKit/public to media/ (patchset #4 id:60002 of https://codereview.chromium.org/2027023002/ )
Reason for revert:
Appears to cause:

imagecapture/getphotocapabilities.html
imagecapture/takephoto.html

to timeout.

(https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Win7/42976/layout-test-results/results.html)

Original issue's description:
> ImageCapture: move mojom from WebKit/public to media/
>
> This CL moves image_capture.mojom from
> {third_party/WebKit/public/platform/modules => media/mojo/interfaces}
> so the generated data types (e.g. PhotoCapabilities{Ptr})
> can be used from both Blink and media/capture locations.
>
> Also capture.gypi is trivially relocated to capture/ folder.
>
> Note that gyp files are -yay!- close to being finally
> removed.
>
> BUG=518807
> CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel,mac_blink_rel,win_blink_rel
>
> Committed: https://crrev.com/64aec45d94682ae3b38c0f1c18ff74cd937ff9b5
> Cr-Commit-Position: refs/heads/master@{#397644}

TBR=dcheng@chromium.org,avi@chromium.org,haraken@chromium.org,rockot@chromium.org,xhwang@chromium.org,dalecurtis@chromium.org,esprehn@chromium.org,mcasas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=518807

Review-Url: https://codereview.chromium.org/2034003002
Cr-Commit-Position: refs/heads/master@{#397663}
sigbjornf
Sync LeakExpectations following r397405.
TBR=guidou,pkasting
BUG=589802
NOTRY=true

Review-Url: https://codereview.chromium.org/2037613003
Cr-Commit-Position: refs/heads/master@{#397493}
sigbjornf
Adjust representation of liveDocumentSet() to help diagnose instability.
The liveDocumentSet singleton keeps a

 Persistent<HeapHashSet<WeakMember<Document>>,

collection of all the currently live documents. Some crashes are
being reported when this HeapHashSet<>'s weak references are
being processed, indicating that the pointer to the hash table
is misshapen.

To potentially throw some light on how that could come to be,
switch representation to PersistentHeapHashSet<WeakMember<Document>>,
which will keep the hash table wrapper off-heap. That could
help determine if we're dealing with an (Oilpan) heap object
overwrite here.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2033643003
Cr-Commit-Position: refs/heads/master@{#397436}
sigbjornf
Delay leak reporting until worker in-process proxies have been finalized.
If a document creates a number of workers, terminating these and having
their destruction ripple all the way back to the in-process proxy objects
isn't immediate. But something that needs to complete before the leak
detector can initiate reporting -- an in-process proxy object maintains a
strong reference to the document, and would generate a leak if not
destructed and its garbage having been collected afterwards.

Address the reliability of multi worker shutdown by maintaining a
counter of how many in-process proxy objects are still alive and run
GCs until it drops to zero. Do that at most two times around.

R=haraken,kouhei
BUG=589802, 616714

Review-Url: https://codereview.chromium.org/2026993004
Cr-Commit-Position: refs/heads/master@{#397405}
sigbjornf
Avoid unnecessary uses of GarbageCollectedFinalized<>.
R=
BUG=

Review-Url: https://codereview.chromium.org/2027333003
Cr-Commit-Position: refs/heads/master@{#397402}
mboc
Allow various font weights in gfx. These changes make Chromium's gfx::Font more closely match native font APIs &
capabilities.

BUG=597533
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/1819753003
Cr-Commit-Position: refs/heads/master@{#397368}
fs
Remove expectation for svg/W3C-SVG-1.1/struct-frag-02-t.svg
No longer appears to exhibit the behavior described. Give it a try
again.

TBR=davve@opera.com
BUG=518005,463358

Review-Url: https://codereview.chromium.org/2033663002
Cr-Commit-Position: refs/heads/master@{#397342}
sigbjornf
Delay leak reporting until worker in-process proxies have been finalized.
If a document creates a number of workers, terminating these and having
their destruction ripple all the way back to the in-process proxy objects
isn't immediate. But something that needs to complete before the leak
detector can initiate reporting -- an in-process proxy object maintains a
strong reference to the document, and would generate a leak if not
destructed and its garbage having been collected afterwards.

Address the reliability of multi worker shutdown by maintaining a
counter of how many in-process proxy objects are still alive and run
GCs until it drops to zero. Do that at most two times around.

For documents not creating any workers, monitoring this proxy count
avoids having to perform a third GC, something that was conservatively
done before to address worker shutdown (but not reliably.)

R=haraken,kouhei
BUG=589802

Review-Url: https://codereview.chromium.org/2026993004
Cr-Commit-Position: refs/heads/master@{#397333}
fs
Don't use hasAttribute in SVGFilterPrimitiveStandardAttributes
Use isSpecified() to query for existance in setStandardAttributes. This
avoids triggering unnecessary attribute synchronizations.

While here, drop the "double precondition" checking since the only caller
of this function checks this already.

BUG=235256

Review-Url: https://codereview.chromium.org/2026343002
Cr-Commit-Position: refs/heads/master@{#397202}
sigbjornf
Have detached ScriptLoaders detach their PendingScripts.
A ScriptLoader that has become detached from its document will not
execute the script once the script resource has loaded.

If in such a detached state, make sure the ScriptLoader lets go
of its PendingScript promptly.

R=
BUG=

Review-Url: https://codereview.chromium.org/2028613002
Cr-Commit-Position: refs/heads/master@{#397106}
rune
Adjust color for printing list-item markers as we do for text.
BUG=459022

Review-Url: https://codereview.chromium.org/2027653004
Cr-Commit-Position: refs/heads/master@{#397099}
mostynb
remove unused courgette dep from the content layer
Review-Url: https://codereview.chromium.org/2024693002
Cr-Commit-Position: refs/heads/master@{#396968}
sigbjornf
Restore PendingScript prefinalizer.
Under some as yet unknown conditions, PendingScript objects can become garbage
without having been explicitly detached/disposed of first. Hence restore the
prefinalizer that r396656 removed.

R=
BUG=615977

Review-Url: https://codereview.chromium.org/2021773004
Cr-Commit-Position: refs/heads/master@{#396813}
sigbjornf
Address ThreadHeap::willObjectBeLazilySwept() corner case.
If willObjectBeLazilySwept(object) was used when finalizing an object on a
lazily swept page, and |object| happened to reside on the same heap page,
the predicate would return the wrong result if the object had been swept
past (and it had been deemed to be alive.)

Addressed by adding a special case for querying objects on the same page,
making willObjectBeLazilySwept() precisely determine liveness in the
face of lazy sweeping.

R=
BUG=

Review-Url: https://codereview.chromium.org/2015173003
Cr-Commit-Position: refs/heads/master@{#396798}
sigbjornf
Statically disallow delete' over heap collection objects.
Explicitly deleting heap-allocated heap collection objects isn't
allowed nor meaningful, the garbage collector handles their lifetimes
precisely. The implementation of 'delete' over these collection objects
delegate to a allocator-trait class's free() method, so by not providing
it for heap collection objects, compilation fails if 'delete' is ever
attempted instantiated & used over these objects.

As MSVC performs method instantiation more eagerly, we're unable to
statically catch such inappropriate uses of 'delete' at compile time.
Rely on a run-time NOTREACHED() instead.

R=
BUG=

Review-Url: https://codereview.chromium.org/2021103002
Cr-Commit-Position: refs/heads/master@{#396788}
sigbjornf
Make reallocation of large objects reliable.
If ThreadHeap::reallocate<T>() is called with a size that's
equal or greater to the large object threshold (64k, currently),
make sure it ends up being allocated as a large object.

Large objects would previously be attempted allocated on a normal arena,
hoping that the allocation couldn't be serviced by bump allocation, but
fall into an out-of-line allocation.

R=
BUG=

Review-Url: https://codereview.chromium.org/2019273002
Cr-Commit-Position: refs/heads/master@{#396712}
davve
Tune down debugging emergency for clearAnimatedType() a notch
Fixing re-entrancy into the animation code through the garbage
collector is proving to be a non-trivial task. Since we now know more
about the issue, downgrade the RELEASE_ASSERT to a DCHECK to not
affect more users than necessary while getting this bug sorted out.

BUG=613709

Review-Url: https://codereview.chromium.org/2019223003
Cr-Commit-Position: refs/heads/master@{#396705}
fs
Win7 baseline for svg/dynamic-updates/SVGFEBlendElement-dom-in2-attr.html
TBR=wkorman@chromium.org
BUG=614425

Review-Url: https://codereview.chromium.org/2008553009
Cr-Commit-Position: refs/heads/master@{#396702}
tmoniuszko
Fix Visual Studio warning on single file compilation
BUG=615402

Review-Url: https://codereview.chromium.org/2018733003
Cr-Commit-Position: refs/heads/master@{#396693}
sigbjornf
(Heap)TerminatedArrayBuilders are stack allocated.
HeapTerminatedArrayBuilder is currently only safe if kept on the stack,
restrict it accordingly + have it keep a Member<> reference to the
HeapTerminatedArray it is constructing.

R=tkent,haraken
BUG=

Review-Url: https://codereview.chromium.org/2021713002
Cr-Commit-Position: refs/heads/master@{#396677}
sigbjornf
Turn ResourceLoaderSet into a part object.
The abstraction is really a derived HashSet, so make it
a part object.

(Change done in part to diagnose what appears to be a
heap overwrite involving ResourceLoaderSet.)

R=
BUG=615673

Review-Url: https://codereview.chromium.org/2019903002
Cr-Commit-Position: refs/heads/master@{#396657}
sigbjornf
Tidy PendingScript.
No need for a prefinalizer as ScriptLoader is careful to eagerly and
explicitly dispose of PendingScripts already.

Remove unwanted copy constructor; not needed after PendingScript stopped
being a part object.

R=
BUG=

Review-Url: https://codereview.chromium.org/2023683002
Cr-Commit-Position: refs/heads/master@{#396656}
sigbjornf
Revert of Expand WTF::StringView's API to be more like StringPiece. (patchset #12 id:220001 of https://codereview.chromium.org/2007103003/ )
Reason for revert:
Many a heap-buffer-overflow ASan failures,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/24329

Original issue's description:
> Expand WTF::StringView's API to be more like StringPiece.
>
> StringView no longer owns the string passed into it, and can now wrap
> a raw ptr to some characters.
>
> This allows us to leverage the inline strlen optimization where the
> compiler will embed the length of literal strings into the binary. It
> also allows the deletion many overloaded methods that used to take
> an LChar*, UChar* or String and can now just take a StringView instead.
>
> For example the two constructors in TextRun are now a single one that
> takes a StringView. This needed to be done in this patch to avoid
> ambiguous constructors.
>
> Future patches will replace CSSParserString with StringView, and also
> vastly simplify the huge number of overloads on various methods. We'll
> also expand the API surface of StringView to include the many useful
> operations that StringPiece has.
>
> BUG=615174
>
> Committed: https://crrev.com/330deea56e27bc760fa52101040a51428bb7f582
> Cr-Commit-Position: refs/heads/master@{#396493}

TBR=haraken@chromium.org,jyasskin@chromium.org,yutak@chromium.org,esprehn@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=615174

Review-Url: https://codereview.chromium.org/2025503002
Cr-Commit-Position: refs/heads/master@{#396641}
sigbjornf
Revert of Remove StringBuilder::appendLiteral. (patchset #1 id:1 of https://codereview.chromium.org/2017053003/ )
Reason for revert:
Will unfortunately have to back out this one so that the revert https://codereview.chromium.org/2025503002/ will cleanly apply.

(Don't want a tree with this many ASan failures over the long weekend.)

Original issue's description:
> Remove StringBuilder::appendLiteral.
>
> We can just rely on the append(StringView) version instead. This does
> mean we have to take 2 branches in some cases, but it should be
> very minimal and since the code is inline the compiler can also
> likely eliminate it.
>
> BUG=615174
>
> Committed: https://crrev.com/04157e8b89881d033f9eeca4466d9dd0c4e9aaea
> Cr-Commit-Position: refs/heads/master@{#396601}

TBR=haraken@chromium.org,yutak@chromium.org,esprehn@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=615174

Review-Url: https://codereview.chromium.org/2017303002
Cr-Commit-Position: refs/heads/master@{#396640}
sigbjornf
Lock CrossThreadPersistentRegion until end of weak processing.
Allocating & releasing a CrossThread(Weak)Persistent is something that
all threads are currently allowed, even those not attached to Oilpan and
having no heap of their own. It is however not safe for the set of
CrossThreadPersistents to be altered while a garbage collection is
underway.

Not just while the set of registered persistents are being marked and
traced, but up until and including the processing of weak (persistent)
references that happen after marking. If not, a thread would be able to
release a CrossThreadWeakPersistent node which the weak processing separately
maintains a pointer to, clearing & freeing its allocation. Which would
cause havoc, hence we impose a lock on CrossThreadPersistentRegion while
the marking and global weak processing is being performed -- any thread
attempting to create or free cross-thread persistents will be locked out
for the duration.

Following r396432, the use of CrossThreadPersistents from non-attached threads
has been reduced greatly and is slight.

R=
BUG=610477

Review-Url: https://codereview.chromium.org/2013173002
Cr-Commit-Position: refs/heads/master@{#396540}
sigbjornf
Move MainThreadTaskRunner off Oilpan heap to simplify posting.
Having the Document's MainThreadTaskRunner on the Oilpan heap
is preferable for three reasons:

 - Correctly accounts for the MainThreadTaskRunner::m_context
   back reference, by having it be traced Member<>.
 - The MainThreadTaskRunner must not perform tasks when
   it (and the Document) is in the process of being swept.
   By having the posted tasks keep a weak persistent reference
   to MainThreadTaskRunner, the Oilpan GC will ensure that
   the weak references will be cleared once MainThreadTaskRunner
   has been deemed garbage.
 - Similarly for the timer-initiated running of a
   MainThreadTaskRunner's pending tasks. The Timer<> abstraction
   takes care of not firing a timer if its owner is an
   Oilpan heap object that's about to be swept.

But it is not without downsides:

 - A CrossThreadWeakPersistent<> has to be created for every
   task closure posted to the main thread, and copying that
   persistent reference around while creating the closure,
   something that is not without overhead.
 - Threads not attached to Oilpan needing to post tasks to
   the main thread will have to create these persistents also.
   Having that happen when a GC is in progress is hard to support,
   as it risks introducing and removing persistent heap references
   in ways that interfere with the GC processing the heap.

The latter point is sufficient reason not to require the
allocation of CrossThreadWeakPersistent<>s when posting main
thread tasks, hence MainThreadTaskRunner is moved off the
Oilpan heap. By doing so, the benefits above that the Oilpan GC
infrastructure provided "for free" have to be taken care of
manually. C'est la vie.

R=
BUG=610477

Review-Url: https://codereview.chromium.org/1938313003
Cr-Commit-Position: refs/heads/master@{#396432}
rogerj
network_time_tracker: Add missing gyp dependencies
Fixup for https://codereview.chromium.org/1835823002.

That CL only added the required dependencies to BUILD.gn. This CL adds
the dependencies to the gyp target as well.

BUG=589700

Review-Url: https://codereview.chromium.org/2006733007
Cr-Commit-Position: refs/heads/master@{#396420}
sigbjornf
Test that failed sync scripts do not block later ones.
If an async=false script fails to load, it must not block later
sync scripts from executing; add missing test coverage.

R=
BUG=614855, 581425

Review-Url: https://codereview.chromium.org/2010983002
Cr-Commit-Position: refs/heads/master@{#396253}
sigbjornf
Tidy up MediaStreamSource details.
Follow up on r396039, undoing some inconsistencies.

R=
BUG=

Review-Url: https://codereview.chromium.org/2010963002
Cr-Commit-Position: refs/heads/master@{#396231}
mstensho
Don't explicitly initialize LayoutUnit to 0.
The default LayoutUnit() constructor sets it to 0. Explicitly passing 0 means
that LayoutUnit::setValue() will be involved, which performs (in this case:
very pointless) saturation checks.

Review-Url: https://codereview.chromium.org/2015523004
Cr-Commit-Position: refs/heads/master@{#396223}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in web/
BUG=614015
TBR=aelias@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2016673002
Cr-Commit-Position: refs/heads/master@{#396162}
mstensho
Remove unnecessary includes from Document.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007343002
Cr-Commit-Position: refs/heads/master@{#396148}
fs
Attempt to deflake svg/custom/animate-initial-pause-unpause.html
The timeout could race with load and that animation timeline start.
Happened at least once in 1000 runs.

Make sure to wait for an animation frame before setting the timer (the
animation timeline has its zero at the time of 'load'.) Also, rewrite
the test to use testharness.js. No failures in 1000 runs.

BUG=350828

Review-Url: https://codereview.chromium.org/2009263002
Cr-Commit-Position: refs/heads/master@{#396147}
mstensho
Remove assorted unnecessary includes in core/paint/
I was mainly looking at inclusions of LayoutObject-derived header files, but
removed some others as well, while I was at it.

BUG=614015
TBR=chrishtr@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010823002
Cr-Commit-Position: refs/heads/master@{#396037}
fs
Rework timeline/frame scheduling logic for SVGImage
This CL provides the SVGImage/SVGImageChromeClient complex with the
capability of suspending and resuming the frame/animation tick.
This gives us the mechanism required to respond to
ImageObserver::shouldPauseAnimation, as well as stopping the animation
timer from running after the animation has been reset (via
Image::resetAnimation.)
In the context of the bug referenced this means an animating SVG image
will no longer cause wakeups because of (unnecessary) timer activity,
saving power (and CPU time.)

Implement willRenderImage() for the CrossfadeSubimageObserverProxy of
CSSCrossfadeValue so that it will not (falsely) claim that it won't
render its images.

While doing this, try to make a decent functional split between SVGImage
and the associated SVGImageChromeClient by putting all timeline/frame tick
related code in the latter, while keeping code related to the actual
animation/document lifecycle update in the former.

BUG=612540

Review-Url: https://codereview.chromium.org/2000483003
Cr-Commit-Position: refs/heads/master@{#396009}
mstensho
Move ScrollBehavior to ScrollTypes.h, so that ComputedStyle.h doesn't need to include ScrollableArea.h.
BUG=614015

Review-Url: https://codereview.chromium.org/2008343002
Cr-Commit-Position: refs/heads/master@{#395994}
mstensho
Remove assorted unnecessary includes in core/layout/
I was mainly looking at inclusions of LayoutObject-derived header files, but
removed some others as well, while I was at it.

BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2015583003
Cr-Commit-Position: refs/heads/master@{#395993}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/html/
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008843004
Cr-Commit-Position: refs/heads/master@{#395984}
mstensho
Enums recently moved to separate files should still be in the blink namespace.
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007423002
Cr-Commit-Position: refs/heads/master@{#395978}
mstensho
ComputedStyle.h doesn't need CSSPrimitiveValue.h if adjustForAbsoluteZoom(int, float) isn't inline.
BUG=614015

Review-Url: https://codereview.chromium.org/2013833002
Cr-Commit-Position: refs/heads/master@{#395943}
mstensho
Move CSSPropertyID templates instantiations to a separate file.
core/CSSPropertyNames.h is needed a lot of places, but the template part there
was only required at a few places.

BUG=614015

Review-Url: https://codereview.chromium.org/2007073003
Cr-Commit-Position: refs/heads/master@{#395941}
mstensho
Move ContentChangeType enum to a separate file, so that WebGLRenderingContextBase.h doesn't need LayoutBoxModelObject.h
BUG=614015
TBR=bajones@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2013603003
Cr-Commit-Position: refs/heads/master@{#395934}
fs
Update baseline for svg/animations/smil-leak-element-instances.svg
This updates the baseline after the change made by
https://codereview.chromium.org/1992663003 (line number added to error
output.)

TBR=pdr@chromium.org
BUG=356900

Review-Url: https://codereview.chromium.org/2007323002
Cr-Commit-Position: refs/heads/master@{#395925}
mstensho
Remove unnecessary includes of LayoutBlock-derived headers.
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007133003
Cr-Commit-Position: refs/heads/master@{#395904}
mstensho
Remove unnecessary includes from ComputedStyle.h and from its includes.
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008263002
Cr-Commit-Position: refs/heads/master@{#395889}
mstensho
Remove unnecessary includes from LayoutBox.h, LayoutBoxModelObject.h and LayoutObject.h
Also removed a couple of unnecessary includes from files included via LayoutObject.h

BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2010713002
Cr-Commit-Position: refs/heads/master@{#395877}
mstensho
Move BorderEdgeFlags out of LayoutBoxModelObject.h, so that BoxBorderPainter.h doesn't have to include it.
BUG=614015
TBR=chrishtr@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010613003
Cr-Commit-Position: refs/heads/master@{#395875}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/frame/
BUG=614015
TBR=dcheng@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2011883002
Cr-Commit-Position: refs/heads/master@{#395872}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/animation/
BUG=614015
TBR=alancutter@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2009583003
Cr-Commit-Position: refs/heads/master@{#395871}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in modules/accessibility/
BUG=614015
TBR=dmazzoni@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2012723003
Cr-Commit-Position: refs/heads/master@{#395870}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/dom/
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008053002
Cr-Commit-Position: refs/heads/master@{#395864}
mstensho
SnapCoordinator.h doesn't need to include LayoutBox.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2010513004
Cr-Commit-Position: refs/heads/master@{#395859}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/editing/
BUG=614015
TBR=yosin@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2009013002
Cr-Commit-Position: refs/heads/master@{#395855}
mstensho
SVGTextContentElement.cpp doesn't need to include LayoutObject.h
BUG=614015
TBR=fs@opera.com,eae@chromium.org

Review-Url: https://codereview.chromium.org/2011603002
Cr-Commit-Position: refs/heads/master@{#395854}
mstensho
HitRegion.cpp doesn't need to include LayoutBoxModelObject.h
BUG=614015
TBR=junov@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010633002
Cr-Commit-Position: refs/heads/master@{#395852}
mstensho
StyleGeneratedImage.cpp doesn't need to include LayoutObject.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2005353002
Cr-Commit-Position: refs/heads/master@{#395851}
mstensho
WebGLRenderingContext.cpp doesn't need to include LayoutBox.h
BUG=614015
TBR=bajones@chromium.org,eae@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2010623002
Cr-Commit-Position: refs/heads/master@{#395846}
mstensho
Eliminate unnecessary includes and pointless forward declarations in LayoutBlock.h
BUG=614015
TBR=eae@chromium.org,szager@chromium.org,wkorman@chromium.org

Review-Url: https://codereview.chromium.org/2010473002
Cr-Commit-Position: refs/heads/master@{#395845}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/inspector/
BUG=614015
TBR=dgozman@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2002153004
Cr-Commit-Position: refs/heads/master@{#395838}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/animation/
BUG=614015
TBR=alancutter@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2006223003
Cr-Commit-Position: refs/heads/master@{#395832}
sigbjornf
Remove unnecessary HelperResultType trait.
Leftover from Oilpan transition.

R=
BUG=

Review-Url: https://codereview.chromium.org/2015453003
Cr-Commit-Position: refs/heads/master@{#395831}
fs
Attempt to deflake svg/text/obb-paintserver.html
Use the ahem.js script to provide the "Ahem" font.

BUG=362501

Review-Url: https://codereview.chromium.org/2005253002
Cr-Commit-Position: refs/heads/master@{#395819}
mstensho
Move TextAutosizer::Cluster::Cluster() implementation to .cpp.
This way we won't have to include LayoutObject.h in the header.

Also need an explicit ~TextAutoSizer() in the .cpp file now, because
ComputedStyle is only forward-declared in the header file, and TextAutoSizer
has a ComputedStyle RefPtr Vector. The need for this was presumably introduced
by https://codereview.chromium.org/1999343002

BUG=614015

Review-Url: https://codereview.chromium.org/2004313005
Cr-Commit-Position: refs/heads/master@{#395773}
mstensho
Move BackgroundBleedAvoidance definition to a separate file.
This way BoxDecorationData.h doesn't need to include LayoutBoxModelObject.h

BUG=614015

Review-Url: https://codereview.chromium.org/2007673004
Cr-Commit-Position: refs/heads/master@{#395745}
mstensho
Add ScrollEnums.h, so that PaintLayerScrollableArea.h doesn't have to include LayoutBox.h
BUG=614015

Review-Url: https://codereview.chromium.org/2008063002
Cr-Commit-Position: refs/heads/master@{#395702}
sigbjornf
Drop unique audio thread ID requirement.
r391848 introduced the requirement that, once set, the audio thread ID
could not be changed. This is proving too burdensome a constraint to
keep, in case audio device threads do end up being stopped and new
ones created.

While r395182 took care of some cases where audio threads end up
stopping, carefully resetting the recordeed audio thread ID, other
cases remain (see associated bug.) While those could be similarly
handled, precisely tracking the current audio thread ID is proving
to not be worth the overhead. Hence, retire the constraint and let
the audio thread processing a render quantum set its thread ID as
part of executing, irrespective of what audio thread executed
the previous quantum.

This effectively reverts r395182.

R=
BUG=613902

Review-Url: https://codereview.chromium.org/2008903002
Cr-Commit-Position: refs/heads/master@{#395682}
mstensho
Move continuation getter and setter down to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1997033002
Cr-Commit-Position: refs/heads/master@{#395681}
sigbjornf
Gracefully handle dirtying of audio nodes while processing current set.
When processing the set of dirty output nodes, nodes further down the
chain may be marked as dirty as a result. Take that into account
when iterating over the current set.

R=hoch
BUG=610643, 613902

Review-Url: https://codereview.chromium.org/2006883002
Cr-Commit-Position: refs/heads/master@{#395643}
mstensho
Only re-use an anonymous block for continuations if it's contained by a block flow.
Be more strict about what kind of anonymous blocks we allow to be re-used for
continuations. The deprecated flex box implementation would actually let items
of a flexbox form a continuation chain. Continuations should only exist in
block formatting contexts.

This was discovered while attempting to land
https://codereview.chromium.org/1997033002/ , which, it turns out, made some
invalid assumptions about objects being block flows.

BUG=302024

Review-Url: https://codereview.chromium.org/2004363003
Cr-Commit-Position: refs/heads/master@{#395614}
mpawlowski
net::AddressList no longer privately inherits from std::vector
The private inheritance was not only against the style guide, it also
forbade anyone from using a standalone std::vector<net::IPEndPoint>,
since the manually defined AddressList ctor/dtor conflicted with
automatically generated ones for vector<T> instantiation.

This should be considered a first step of refactoring that class.
AddressList is neither a list, nor does it store addresses,
it's a vector of endpoints, so the name is misleading. It
should be changed.

The canonical_name_ member is only currently used in
PepperHostResolverMessageFilter, it's probably not the best idea to keep
it around in a generic class like this. Grepping AddressList reveals 500+
instances in the codeebase, and ony one use of canonical_name() outside
of unit tests. Perhaps a pair<AddressList, string> should be used for
that one particular use-case and a bare AddressList without that extra
member should be used everywhere else.

This "conservative" approach, with employing composition instead of
inheritance and delegating method calls was suggested by Nico Weber and
indeed that meant not having to change anything but the header.

Review-Url: https://codereview.chromium.org/2003973002
Cr-Commit-Position: refs/heads/master@{#395605}
fs
Fix typo in svg/dynamic-updates/SVGFEBlendElement-dom-in2-attr.html
This test is not intended to test error-handling, so add the missing '#'.

https://bugs.webkit.org/show_bug.cgi?id=158017

BUG=614306

Review-Url: https://codereview.chromium.org/2004023002
Cr-Commit-Position: refs/heads/master@{#395597}
rune
Rewrote :empty tests to avoid list-item bug.
Run :empty tests as js-tests instead of layout tree dumps. The issue
causing the original test to be flaky is reported as crbug.com/613957.

R=bugsnash@chromium.org
BUG=610180

Review-Url: https://codereview.chromium.org/2006633002
Cr-Commit-Position: refs/heads/master@{#395582}
ckulakowski
Added missing include to profile_helper.h
profile_helper.h uses ProfileMetrics::ProfileDelete defined in
profile_metrics.h so it should be included. Lack of this include
causes compilation error in our product.

BUG=

Review-Url: https://codereview.chromium.org/2002073003
Cr-Commit-Position: refs/heads/master@{#395573}
mstensho
Declare methods defined in LayoutObjectInlines.h as inline.
This way we'll detect a failure to include LayoutObjectInlines.h during
compilation, rather than during linking.

Test case: Remove inclusion of LayoutObjectInlines.h from LayoutBR.cpp.

See https://codereview.chromium.org/2008503003/ - I initially tried
to simply remove LayoutView.h from LayoutBR.cpp's include list, but
got "strange" linker errors in release builds, since the compiler
thought styleRef(bool) was an actual function, and not an inline.

BUG=614015

Review-Url: https://codereview.chromium.org/2007723002
Cr-Commit-Position: refs/heads/master@{#395558}
sigbjornf
Remove unwanted copyToVector() uses.
If a collection is being cleared while creating an iterable
view of its current contents, swap in an empty collection
rather than copy out the current contents into a temporary
vector (by way of copyToVector().)

R=tkent
BUG=

Review-Url: https://codereview.chromium.org/2004343002
Cr-Commit-Position: refs/heads/master@{#395547}
mstensho
Eliminate unnecessary includes of LayoutBlockFlow-derived headers.
BUG=614015

Review-Url: https://codereview.chromium.org/2008503003
Cr-Commit-Position: refs/heads/master@{#395472}
sigbjornf
Revert InstrumentingAgents back to being GarbageCollected<>.
Unnecessary to have this class be finalized, so switch back to
GarbageCollected<>.

R=
BUG=

Review-Url: https://codereview.chromium.org/2003033002
Cr-Commit-Position: refs/heads/master@{#395446}
tsniatowski
Fix a generated header build flake in //media/base/android
BUG=

Review-Url: https://codereview.chromium.org/2004813003
Cr-Commit-Position: refs/heads/master@{#395421}
mstensho
Move LineLayoutState forward declaration to LayoutBlockFlow.
And the friend declaration was unnecessary.

BUG=302024

Review-Url: https://codereview.chromium.org/2007543002
Cr-Commit-Position: refs/heads/master@{#395352}
mstensho
Move LayoutInline forward-declaration to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/2005813003
Cr-Commit-Position: refs/heads/master@{#395350}
davve
Apply scoped_ptr -> std::unique_ptr conversion to comment
date_time_picker_client_ is a std::unique_ptr now.

R=avi
NOTRY=true

Review-Url: https://codereview.chromium.org/2003963002
Cr-Commit-Position: refs/heads/master@{#395331}
sigbjornf
Split out Members, Persistents and SelfKeepAlive in separate headers.
Complete the migration of definitions out of Handle.h, adding new
header files for the family of Member<> types that Oilpan supports.
Similarly for Persistent<> and its variants, and the SelfKeepAlive<>
abstraction.

To further prune Handle.h, let go of the unused ScopedDisposal (light)
abstraction.

R=
BUG=

Review-Url: https://codereview.chromium.org/1999363002
Cr-Commit-Position: refs/heads/master@{#395318}
sigbjornf
Revert of MediaCaptureFromElement: add support for audio captureStream(). (patchset #6 id:760001 of https://codereview.chromium.org/1599533003/ )
Reason for revert:
The layout tests added are flakily crashing on various bots,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/builds/19683
 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux/builds/65000

Original issue's description:
> MediaCaptureFromElement: add support for audio captureStream().
>
> This CL extends support for capturing the audio part of
> a <video> or <audio> tags ( "capture" here means creating
> a MediaStream out of the HTMLElement)
>
> It introduces an HtmlAudioCapturerSource is-a AudioCapturerSource
> wrapped into an ExternalMediaStreamAudioSource to produce data
> towards the audio track.
>
> HtmlAudioCapturerSource also plugs into the
> WebMediaPlayer's WebAudioSourceProviderImpl to get
> a copy of the audio being rendered.
>
> Unit tests are added, and the existing LayouTests
> revamped (and split into several files for clarity).
>
> BUG=569976, 575492
>
> TEST= run chromium with
>  --enable-blink-features=MediaCaptureFromVideo
>  against e.g.
> https://rawgit.com/Miguelao/demos/master/videoelementcapture.html
>
> Committed: https://crrev.com/77d0d446e58afbf7fab215113fcf9fe9c97e94e3
> Cr-Commit-Position: refs/heads/master@{#395205}

TBR=esprehn@chromium.org,avi@chromium.org,dalecurtis@chromium.org,haraken@chromium.org,miu@chromium.org,mcasas@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=569976, 575492
NOTRY=true

Review-Url: https://codereview.chromium.org/2007433002
Cr-Commit-Position: refs/heads/master@{#395298}
sigbjornf
Unify and provide one IsGarbageCollectedType<T> implementation.
Phase out the need and use of the older blink::IsGarbageCollected<T>
template, and go with the "marker-based" implementation that WTF
provides. But extended slightly to handle mixins without ambiguity +
it will now insist on T's definition being in scope when used so as to be
able to function reliably.

That latter change requires a few uses of collection types (vectors,
hash maps) to be adjusted so that the full element type of the collection
is in scope when code using the collection is compiled. The reason for
this constraint is that the collection types stringently checks that
Blink GCed objects aren't kept in off-heap collections.

R=
BUG=

Review-Url: https://codereview.chromium.org/1999343002
Cr-Commit-Position: refs/heads/master@{#395287}
sigbjornf
Tidy AutoplayExperimentHelper.
Remove unused and undefineds.

R=
BUG=

Review-Url: https://codereview.chromium.org/2000023002
Cr-Commit-Position: refs/heads/master@{#395286}
tposluszny
Exclude unit tests depending on FFMPEG, when FFMPEG is not used.
BUG=612164

Review-Url: https://codereview.chromium.org/1978263002
Cr-Commit-Position: refs/heads/master@{#395267}
sigbjornf
Clear DeferredTaskHandler's audio thread ID upon the thread going away.
Tracking the thread ID of the (current) audio thread is needed to both
sanity check that code paths and methods are performed on the expected
thread, and ensure safe operation.

In the rare cases where the recorded audio thread is stopped and
terminated by the embedder, first clear out the associated thread
ID. This is needed should a new thread be subsequently created.

R=
BUG=612127

Review-Url: https://codereview.chromium.org/2001533002
Cr-Commit-Position: refs/heads/master@{#395182}
mstensho
Remove LayoutInline::createAnonymous() - no callers
Review-Url: https://codereview.chromium.org/2001723002
Cr-Commit-Position: refs/heads/master@{#395132}
mstensho
LayoutInline continuation unit test.
Review-Url: https://codereview.chromium.org/2001623002
Cr-Commit-Position: refs/heads/master@{#395111}
mstensho
Keep writing-mode in sync between a column spanner and its placeholder.
Don't exclude LayoutMultiColumnSpannerPlaceholder (which is just a LayoutBox)
in propagateStyleToAnonymousChildren(). There was an optional requirement for
the child to be LayoutBlock or better, but there really doesn't seem to be
any point in doing this. We no longer create anonymous LayoutInline objects,
ever, anyway (will file a separate CL to remove some unneeded support code
for that in LayoutInline).

All we need to do now is to steer clear of such anonymous objects that have
custom ways of inheriting style. LayoutFullScreen and
LayoutFullScreenPlaceholder were already taken care of. Now that we always
try to propagate style to non-LayoutBlock objects as well, we need to avoid
LayoutListMarker too.

BUG=608123

Review-Url: https://codereview.chromium.org/2000683002
Cr-Commit-Position: refs/heads/master@{#395107}
mostynb
only use kAccessibilityEnabled inside USE_GCONF ifdef blocks
Followup to:
https://codereview.chromium.org/1990453002
https://codereview.chromium.org/1988213002

BUG=486077

Review-Url: https://codereview.chromium.org/1989233002
Cr-Commit-Position: refs/heads/master@{#395047}
sigbjornf
Sync LeakExpectations.
Retire some entries that are no longer leaking.

R=
BUG=506757, 538524, 546132
NOTRY=true

Review-Url: https://codereview.chromium.org/2001563002
Cr-Commit-Position: refs/heads/master@{#395042}
sigbjornf
Eagerly remove disposed DOMTimers as observers upon completion.
Once the coordinator lets go of a timer, no need to keep it
around as an observer of the ExecutionContext.

The previous, reverted, attempt (r392309) detached the DOMTimer too
soon, causing DOMTimer nesting levels to grow without being reset.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1972663002
Cr-Commit-Position: refs/heads/master@{#395012}
sigbjornf
Graceful idle callback cancellation with invalid IDs.
R=
BUG=613073

Review-Url: https://codereview.chromium.org/1989363005
Cr-Commit-Position: refs/heads/master@{#394768}
mharanczyk
Clean up code and logic related to platform accessibility node destruction.
Review-Url: https://codereview.chromium.org/1987213002
Cr-Commit-Position: refs/heads/master@{#394733}
mstensho
Move m_lineBoxes and its getters down to LayoutBlockFlow.
Added SameSizeAsLayoutBlockFlow, since it was missing.

BUG=302024

Review-Url: https://codereview.chromium.org/1993943002
Cr-Commit-Position: refs/heads/master@{#394728}
davve
Lock animated property type of result animation during processing
There seems to be a crash due to the animated property type being
cleared too early. To catch this crash at the point of error, lock the
animated property type of the result animation during processing, and
guard for clearing the animation property while the lock is held (in
clearAnimatedType()).

This can potentially be removed when the source of the bug is found.

BUG=581546

Review-Url: https://codereview.chromium.org/1991513003
Cr-Commit-Position: refs/heads/master@{#394726}
davve
Move clearAnimatedType() up the stack
This is in preparation for locking the animated property type for the
resulting animation while the accumulated animation is computed. There
seems to be a crash due to the animated property type being cleared
too early. To catch this crash at the point of error, the plan is to
lock the animated property type of the result animation during
processing, and guard for clearing the animation property while the
lock is held (in clearAnimatedType()).

For SMILTimeContainer::updateAnimations() to have a chance of
unlocking the animated property _before_ clearAnimatedType() is
called, we need to move the call up to
SMILTimeContainer::updateAnimations(). (The assumption is that moving
the call shouldn't make a difference since
SMILTimeContainer::updateAnimations() is the only call-site for
SVGSMILElement::progress() and the intermediate code shouldn't depend
on the animated property.)

Since the clearing of property type and nullifying of resultElement
seems tied together, grouping them makes sense regardless of the crash
chase.

BUG=581546

Review-Url: https://codereview.chromium.org/1989033003
Cr-Commit-Position: refs/heads/master@{#394698}
mstensho
Move line painting to BlockFlowPainter.
Removed some unnecessary includes, since I had to modify the list of includes
anyway.

Also got rid of LayoutBlock(Flow)::paintFloats() in the process.

BUG=302024

Review-Url: https://codereview.chromium.org/1993713002
Cr-Commit-Position: refs/heads/master@{#394581}
mstensho
Remove LayoutBlock::deleteLineBoxTree().
The one in LayoutBlockFlow is all we need now.

BUG=302024

Review-Url: https://codereview.chromium.org/1991763002
Cr-Commit-Position: refs/heads/master@{#394467}
mstensho
Move dirtyLinesFromChangedChild() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1987233002
Cr-Commit-Position: refs/heads/master@{#394463}
fs
Use SVGInlineTextMetricsIterator in updateLayoutAttributes
This reuses a pre-existing piece to do the "dual offset/variable"
iteration, hiding (and sharing) the complexity.

BUG=607906

Review-Url: https://codereview.chromium.org/1988063002
Cr-Commit-Position: refs/heads/master@{#394412}
sigbjornf
Limit WTF::getPtr() to native pointer types.
Remove Member<> and Persistent<> specializations, the generated bindings
code (only real user of getPtr()) use it to coerce references into
pointers only, nothing else.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1989153003
Cr-Commit-Position: refs/heads/master@{#394371}
rune
Rename Pending to PendingScriptBlocking.
Pending sheets in StyleEngine are either script blocking or render
blocking (when they are render blocking they are simultaneously script
blocking). Rename methods and members to reflect that pending sheets are
script blocking where appropriate.

No functional changes.

R=pmeenan@chromium.org,esprehn@chromium.org
BUG=481122

Review-Url: https://codereview.chromium.org/1978083002
Cr-Commit-Position: refs/heads/master@{#394364}
mharanczyk
Destory base class when win platform accessibily node is destroyed.
Review-Url: https://codereview.chromium.org/1978223002
Cr-Commit-Position: refs/heads/master@{#394219}
mstensho
Move inlineElementContinuation() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1974323002
Cr-Commit-Position: refs/heads/master@{#394167}
fs
Reland of Simplify LoadableTextTrack::trackElementIndex
Count preceding sibling <track> elements in a more straight-forward way.

Also clean-up null-checks of m_trackElement while here (should be non-
null on construction and then keeps a strong reference.)

Review-Url: https://codereview.chromium.org/1980013002
Cr-Commit-Position: refs/heads/master@{#394166}
fs
Remove mode-transition in TextTrack::setKind
This mode-transition gives rise to inconsistent state-updates, and isn't
specified [1]. Remove it, and with it the setKind override.

Also move all the mutators to TextTrack since that's the only type of
track where these fields can be mutated (and only if sourced via a
HTMLTrackElement.)

[1] https://html.spec.whatwg.org/multipage/embedded-content.html#attr-track-kind

BUG=460923,608772

Review-Url: https://codereview.chromium.org/1984663002
Cr-Commit-Position: refs/heads/master@{#394122}
tsniatowski
Use clang "--target=x" rather than "-target x" for icecc
Icecc is confused by the two-argument -target form and ends up compiling
everything locally. It works with the equivalent single argument form, so prefer
this in GN compiler configs.

Previously done just for android in https://codereview.chromium.org/1871813003

Review-Url: https://codereview.chromium.org/1977733003
Cr-Commit-Position: refs/heads/master@{#394065}
mstensho
Move line/continuation specific parts of willBeDestroyed() into LayoutBlockFlow.
Also moved beingDestroyed() down to LayoutBlockFlow, since it was no longer
called on other types.

Note that dirtyLinesFromChangedChild() is now called regardless of the object
having line boxes or not at the time of destruction. This should be safer and
more correct. If we're an inline-block, for instance, we definitely want to
notify our parent that we're going away, since that will affect the line box
tree in the parent. I assume that the reason why this hasn't been a problem
(use-after-free crashes, typically), is that the condition that previously
could block this from happening is never true. Looks like line boxes are always
deleted before we reach willBeDestroyed(). Added a TODO to investigate further.
We hopefully don't need that code.

BUG=302024

Review-Url: https://codereview.chromium.org/1977083002
Cr-Commit-Position: refs/heads/master@{#393939}
fs
Revert of Simplify LoadableTextTrack::trackElementIndex (patchset #1 id:1 of https://codereview.chromium.org/1980013002/ )
Reason for revert:
Seems "WebKit Win Builder (dbg)" didn't approve:

e:\b\build\slave\webkit-win-latest-dbg\build\src\third_party\webkit\source\core\html\track\loadabletexttrack.cpp(70) : warning C4706: assignment within conditional expression

Original issue's description:
> Simplify LoadableTextTrack::trackElementIndex
>
> Count preceding sibling <track> elements in a more straight-forward way.
>
> Also clean-up null-checks of m_trackElement while here (should be non-
> null on construction and then keeps a strong reference.)
>
> Committed: https://crrev.com/0537a6d11bf2ebefcf90fbfec7081e37ef78081a
> Cr-Commit-Position: refs/heads/master@{#393825}

TBR=davve@opera.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/1985643003
Cr-Commit-Position: refs/heads/master@{#393828}
fs
Simplify LoadableTextTrack::trackElementIndex
Count preceding sibling <track> elements in a more straight-forward way.

Also clean-up null-checks of m_trackElement while here (should be non-
null on construction and then keeps a strong reference.)

Review-Url: https://codereview.chromium.org/1980013002
Cr-Commit-Position: refs/heads/master@{#393825}
davve
Remove workaround for multiple svg onload events
The bug referred to has been fixed. Let's see if the flakiness stays
away when removing the workaround.

BUG=372946

Review-Url: https://codereview.chromium.org/1983813002
Cr-Commit-Position: refs/heads/master@{#393818}
fs
Add TextTrack::isVisualKind helper
It's quite common to check for a text track being one of the kinds
'subtitles' or 'captions'. Add a helper to TextTrack and use that
in a bunch of places to simplify code.
Also convert one open-coded version of TextTrack::canBeRendered() with a
call to that method.

Review-Url: https://codereview.chromium.org/1976183002
Cr-Commit-Position: refs/heads/master@{#393814}
the_jk
Make SQL in DownloadDatabase SQLite pre 3.8.3 compatible
printf() was added in SQLite 3.8.3 so need to use other older
methods to generate the GUID.
third_party/sqlite/sqlite.gyp lists 3.6.1 as required version at the
time of writing

BUG=606772

Review-Url: https://codereview.chromium.org/1897153005
Cr-Commit-Position: refs/heads/master@{#393813}
fs
Clean up HTMLTrackElement.kind invalid/missing value default handling
Get rid of the isValidKind(...) and invalidValueDefaultKind() virtual
methods on TrackBase and do any required checking "up front" instead
as required. This should present less surprises and work in a less
side-effectful way.

Also start setting the 'kind' directly in the constructor rather than
invoking setKind() in (all) the constructor body (bodies).
Drop some redundant parenthesis and fix some obviously "wrong" names
in TextTrack.cpp.

BUG=608772

Review-Url: https://codereview.chromium.org/1973343002
Cr-Commit-Position: refs/heads/master@{#393812}
sigbjornf
With LSan, run initial heap cleaning GCs during shutdown.
Clean out as much as garbage as possible before releasing a
thread's static persistents, in preparation for LSan leak
detection. By doing so, finalizers for itinerant garbage
may access these static local persistents without restrictions,
_but_ any object kept alive by a static persistent may
not when the second phase of cleaning GCs are performed.

As collectAllGarbage() stops on reaching a fixed point,
extra overhead of having to perform GCs before and after
the static persistents isn't a concern.

R=
BUG=611333

Review-Url: https://codereview.chromium.org/1977343002
Cr-Commit-Position: refs/heads/master@{#393809}
kolczyk
Fix a typo in the gn gen help for QtCreator generator (introduced in https://codereview.chromium.org/1883093002/)
BUG=

Review-Url: https://codereview.chromium.org/1979813002
Cr-Commit-Position: refs/heads/master@{#393795}
sigbjornf
Remove C::swap(C*) where C = Hash{Map,Set}<T>.
Remove the swap() method over non-reference hash sets and
map arguments, along with their curious OtherType indirection,
the methods aren't of real use.

R=
BUG=

Review-Url: https://codereview.chromium.org/1979843002
Cr-Commit-Position: refs/heads/master@{#393770}
sigbjornf
Simplify HeapVectorBacking<> usage.
Reorder HeapAllocator.h declarations to let the compiler handle
supplying the default trait argument to HeapVectorBacking<>.

R=
BUG=

Review-Url: https://codereview.chromium.org/1985473002
Cr-Commit-Position: refs/heads/master@{#393749}
mstensho
LayoutFullScreen::m_placeholder is LayoutBlockFlow.
The code calls m_placeholder->beingDestroyed(), which is a method that
I believe belongs down in LayoutBlockFlow, not in LayoutBlock.

No need for the setter, BTW, so replaced it with resetPlaceholder().

BUG=302024

Review-Url: https://codereview.chromium.org/1975163002
Cr-Commit-Position: refs/heads/master@{#393545}
mstensho
Move makeChildrenNonInline() and childBecameNonInline() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1977823002
Cr-Commit-Position: refs/heads/master@{#393543}
mstensho
Move collapseAnonymousBlockChild() to LayoutBlockFlow, and make it non-static.
Some cleanup in collapseLoneAnonymousBlockChild(). Specify a parent rather than
working it out on our own. Both callers have the parent readily available
anyway.

Remove canCollapseAnonymousBlockChild(), since nobody calls it anymore.

BUG=302024

Review-Url: https://codereview.chromium.org/1980473002
Cr-Commit-Position: refs/heads/master@{#393542}
kolczyk
Add support for generating QtCreator projects from GN.
This adds a new command line argument "--ide=" value to "gn gen"
which, when specified, generates a QtCreator project.

QtCreator is a quite powerful general-purpose (despite Qt in the name)
IDE when developing on Linux system with code completion and navigation.

Some interest in it has been demonstrated in the following thread:
https://groups.google.com/a/chromium.org/forum/#!topic/gn-dev/9U4_ytjrah8

BUG=

Review-Url: https://codereview.chromium.org/1883093002
Cr-Commit-Position: refs/heads/master@{#393514}
fs
Minor SVGFilterPainter cleanups
Simplify GraphicsContext handling in SVGFilterRecordingContext by
getting rid of the paintingContext() calls, since we'll promptly replace
that GraphicsContext with the recording context anyway. Get rid of the
|context| local and use m_context instead.

Drop the LayoutObject argument to paintFilteredContent(...) since it
isn't used.

Review-Url: https://codereview.chromium.org/1977793003
Cr-Commit-Position: refs/heads/master@{#393511}
sigbjornf
Avoid race on uninitializing CrossThreadPersistent nodes.
R=
BUG=611593, 611594

Review-Url: https://codereview.chromium.org/1974233002
Cr-Commit-Position: refs/heads/master@{#393488}
mstensho
Move makeChildrenInlineIfPossible to LayoutBlockFlow
It's now possible to move makeChildrenInlineIfPossible() to LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1969203003
Cr-Commit-Position: refs/heads/master@{#393390}
mstensho
Don't use canCollapseAnonymousBlockChild() to determine whether to truncate text.
Doing that happened to do exactly what we wanted, but that seems like a rather
haphazard way of determining it.

We want to truncate text for block containers [1]. That's LayoutBlockFlow.
Additionally, in Blink, HTML button is implemented using LayoutFlexibleBox
(although the web insists that it too is a block container).

[1] https://www.w3.org/TR/css-ui-3/#propdef-text-overflow

Rather than manually testing for isLayoutBlockFlow() || isLayoutButton()
directly when deciding to truncate or not, I went and hijacked
canHaveFirstLineOrFirstLetterStyle(), and renamed it to behavesLikeBlockContainer().

Review-Url: https://codereview.chromium.org/1970183002
Cr-Commit-Position: refs/heads/master@{#393354}
mstensho
Move some reparenting and anonymous block merge functionality down to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1968413002
Cr-Commit-Position: refs/heads/master@{#393350}
fs
Don't store an SkPicture in the SourceGraphic FilterEffect
Instead of storing the SkPicture in the SourceGraphic FilterEffect, just
create a filter and pre-populate all the image filter "slots" when we've
recorded the content that should be filtered.
This avoids keeping an explicit reference to the SkPicture, and thus
avoids keeping this object alive when the Filter and it's associated
filter-chain is in limbo waiting for a Oilpan GC sweep.

BUG=610158

Review-Url: https://codereview.chromium.org/1961083006
Cr-Commit-Position: refs/heads/master@{#393280}
mstensho
LayoutBox (not LayoutBlock) is the common base for floats and out-of-flow objects.
We need to react on going out-of-flow or becoming floated in
LayoutBox::styleDidChange(), or we'll misbehave if the object in question is
e.g. an image.

Review-Url: https://codereview.chromium.org/1973843003
Cr-Commit-Position: refs/heads/master@{#393270}
mstensho
LayoutBlock::removeChild() override no longer needed.
It was all about anonymous block merging and collapsing, which is a thing that
only LayoutBlockFlow needs to do. So move everything there.

BUG=302024

Review-Url: https://codereview.chromium.org/1968403002
Cr-Commit-Position: refs/heads/master@{#393267}
mstensho
Move block container specific parts of addChild() to LayoutBlockFlow.
LayoutBlock still needs some basic support for anonymous block insertion, for
flexbox, and possibly others.

BUG=302024

Review-Url: https://codereview.chromium.org/1974753002
Cr-Commit-Position: refs/heads/master@{#393266}
rune
Unreachable code fixes in SelectorChecker.
Unknown selectors and pseudo page selectors should be dropped at parse
time for element selectors. Also did some simplifications for
ASSERT_NOT_REACHED code and consistently fail matching for such code.

R=timloh@chromium.org,rob.buis@samsung.com

Review-Url: https://codereview.chromium.org/1969203002
Cr-Commit-Position: refs/heads/master@{#393216}
sigbjornf
Remove dated NavigationScheduler TODO.
Task closures created by CancellableTaskFactory keep a weak reference back
to their owning GCed object, allowing the object to be garbage collected
without the task keeping it alive.

Retire the TODO in the NavigationScheduler suggesting otherwise along with
adding a unit test to verify the weakness property.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1976433003
Cr-Commit-Position: refs/heads/master@{#393210}
mstensho
Helper method for non-direct beforeChild in LayoutBlock::addChild().
A lot of what's in LayoutBlock::addChild() will eventually be moved down to
LayoutBlockFlow::addChild(), but both classes are expected to handle insertion
of children before a non-direct beforeChild.

One difference, compared to how it used to work when all of this was inside
addChild(), is that it's no longer allowed to continue if we fail to find a
suitable direct beforeChild replacement. Will always RELEASE_ASSERT() in such
situations now.

BUG=302024

Review-Url: https://codereview.chromium.org/1964203004
Cr-Commit-Position: refs/heads/master@{#393201}
mstensho
Helper for interesting things to do when a block becomes a float or out-of-flow.
Also added some requirements for the blocks involved to be LayoutBlockFlow. We
don't want to touch anything else.

BUG=302024

Review-Url: https://codereview.chromium.org/1966223002
Cr-Commit-Position: refs/heads/master@{#393121}
rune
Multiple :hover/:active incorrectly matching in quirks mode.
:hover and :active should only match links when not accompanied by
other simple selectors in quirks mode. We failed to adhere for
combinations of :hover and :active. Instead of just checking there is
either a selector preceding or following in the compound, check if
there is a selector preceding or a selector following in the compound
which is neither :hover nor :active.

R=rob.buis@samsung.com
BUG=611090

Review-Url: https://codereview.chromium.org/1972713002
Cr-Commit-Position: refs/heads/master@{#393090}
mstensho
Move updateDragState() override to LayoutBlockFlow.
Only continuations stuff there.

BUG=302024

Review-Url: https://codereview.chromium.org/1969103002
Cr-Commit-Position: refs/heads/master@{#393071}
mstensho
Move hoverAncestor() override to LayoutBlockFlow.
Only continuations stuff going on there.

BUG=302024

Review-Url: https://codereview.chromium.org/1970653004
Cr-Commit-Position: refs/heads/master@{#392963}
mstensho
Turn mergeContiguousAnonymousBlocks() into a proper method.
Some clean-up on the way, such as refactoring
canMergeContiguousAnonymousBlocks() into a function that deals with one object
at a time.

BUG=302024

Review-Url: https://codereview.chromium.org/1966153002
Cr-Commit-Position: refs/heads/master@{#392942}
sigbjornf
Simplify SVGSMILElement::notifyDependentsIntervalChanged loop breaker.
To catch out recursive notifications, notifyDependentsIntervalChanged()
keeps track of the SVGSMILElements that are on the stack and being
notified, so as to bail early in case of loops.

There's no need for that set of SVGSMILElements to be recorded using
a persistent static local as the objects are stack reachable should
a conservative GC be needed, so an 'ordinary' hash set will do.

Not using a persistent reference also addresses a bad interaction with
LSan (Blink has to release all static persistents before shutting
down to prevent false leaks w/ LSan enabled), but SVGImages containing
animations may end up in this code path as part of an image resource
being finalized. Which would then encounter an empty persistent
static reference and fail (see associated bug and stack trace.)

R=haraken
BUG=610855

Review-Url: https://codereview.chromium.org/1968683003
Cr-Commit-Position: refs/heads/master@{#392919}
sigbjornf
Move tracking of ActiveScriptWrappables to V8PerIsolateData.
R=
BUG=

Review-Url: https://codereview.chromium.org/1966743004
Cr-Commit-Position: refs/heads/master@{#392916}
fs
Change "invalid value default" for HTMLTrackElement 'kind' to "metadata"
Rename TrackBase::defaultKind() to invalidValueDefaultKind() to better
reflect its semantics. Also make sure that the "missing value default"
is set appropriately (in TextTrack constructors and on removal in
HTMLTrackElement parseAttribute) now that it differs from the "invalid
value default".

The test media/track/track-kind.html is adjusted so that it doesn't
check if a cue is displayed, since that depends on unspecified behavior
wrt how 'mode' changes when 'kind' does. (See comment in
TextTrack::setKind.)

The WPT tests will eventually get updated via Mozilla's automatic sync,
so adding expectations for now.
(Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1269712)

Intent: https://groups.google.com/a/chromium.org/d/topic/blink-dev/6-oPQN4lZ2o/discussion

https://github.com/whatwg/html/issues/293
https://html.spec.whatwg.org/multipage/embedded-content.html#attr-track-kind

BUG=608772

Review-Url: https://codereview.chromium.org/1947033002
Cr-Commit-Position: refs/heads/master@{#392911}
sigbjornf
Revert of Eagerly remove disposed DOMTimers as observers. (patchset #1 id:1 of https://codereview.chromium.org/1959013002/ )
Reason for revert:
Caused issue 610606, reverting to locally investigate how/why.

Original issue's description:
> Eagerly remove disposed DOMTimers as observers.
>
> Once the coordinator lets go of a timer, no need to keep it
> around as an observer of the ExecutionContext.
>
> R=
> BUG=
>
> Committed: https://crrev.com/0a297738301705d02f57968334bd6f7c7dc95f4c
> Cr-Commit-Position: refs/heads/master@{#392309}

TBR=oilpan-reviews@chromium.org,keishi@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/1968963002
Cr-Commit-Position: refs/heads/master@{#392901}
fs
Use the right TextRun length when checking for surrogate pairs
The isValidSurrogatePair helper in LayoutSVGInlineText.cpp operates on a
TextRun and an index, and checks if the character at the index is part
of a valid surrogate pair.
To check the trailing character, the next index is checked against the
length of the TextRun (to see if the character exists).
The TextRun used is a "sub run" of the entire text node, which means
that the operator[] implementation expects accesses to be within the sub
run rather than the "full run".
Since this function is always used for runs that are sub runs, it should
use TextRun::length() rather than TextRun::charactersLength() to stay
consistent with the iteration and the code using it.

BUG=610641

Review-Url: https://codereview.chromium.org/1961953004
Cr-Commit-Position: refs/heads/master@{#392880}
rune
Corrected assert for cacheable stylesheets.
We have two different caches for StyleSheetContents. One process-wide
for resources, and one document-wide for parsed text of style elements.
The cacheability differ between the two caches since for instance
sheets with @media rules may be shared between elements in the same
document as the media query evaluation will be the same, while we can't
do that for sheets cached across documents as they may have different
viewports.

The assert in CSSStyleSheet::willMutateRules triggered because we
checked for the resource cacheability of a style element sheet which
was shared even though it had a media query. Renamed the cacheability
method to make clear which cache we're referring to.

Removed the ASSERT in StyleSheetContents::copy(), as that really didn't
have anything to do with copy, only the fact that it is only called
from where cached stylesheets are cloned for rule mutation. The ASSERT
in willMutateRules right before we copy() should suffice.

R=timloh@chromium.org
BUG=551674

Review-Url: https://codereview.chromium.org/1961173003
Cr-Commit-Position: refs/heads/master@{#392859}
mstensho
Only LayoutInline needs to implement addChildIgnoringContinuation().
LayoutTable had to do it because LayoutBlock did it. But LayoutBlock really
doesn't have to do it anymore. This was probably some relic from the old
multicol implementation, which used *block* continuations to implement column
spanners. We no longer need or support block continuations.

Review-Url: https://codereview.chromium.org/1967823002
Cr-Commit-Position: refs/heads/master@{#392856}
sigbjornf
Remove redundant GC mixin instance decl for AudioBufferSourceNode.
R=
BUG=

Review-Url: https://codereview.chromium.org/1969453003
Cr-Commit-Position: refs/heads/master@{#392747}
mstensho
Move nodeForHitTest() to LayoutBlockFlow.
LayoutBlock shouldn't have to deal with continuations.

BUG=302024

Review-Url: https://codereview.chromium.org/1966713002
Cr-Commit-Position: refs/heads/master@{#392742}
mstensho
Move continuation and line box specific stuff to LayoutBlockFlow::removeChild().
BUG=302024

Review-Url: https://codereview.chromium.org/1970453002
Cr-Commit-Position: refs/heads/master@{#392730}
sigbjornf
Prevent audio thread access to finished, non-active AudioNodes.
Follow up r392110 and have the audio thread skip over m_activeSourceNodes
nodes it has already deemed to be finished & removable by the main thread.
Accessing these cannot be safely done.

R=
BUG=610643

Review-Url: https://codereview.chromium.org/1958333006
Cr-Commit-Position: refs/heads/master@{#392720}
mstensho
Turn adjacent out-of-flow sibling reparenters into proper methods.
This will make it possible to gradually move callers of these methods (and the
methods themselves) down to LayoutBlockFlow, which is where they belong, since
only LayoutBlockFlow may parent floats and out-of-flow objects.

BUG=302024

Review-Url: https://codereview.chromium.org/1964983002
Cr-Commit-Position: refs/heads/master@{#392696}
mstensho
Move invalidateDisplayItemClients() override into LayoutBlockFlow and eat the static helper.
It was only dealing with continuations, and that doesn't belong in LayoutBlock.

BUG=302024

Review-Url: https://codereview.chromium.org/1964083002
Cr-Commit-Position: refs/heads/master@{#392690}
sigbjornf
Handle overlapping CrossThreadPersistent<> releases.
When a CrossThreadPersistent<> is cleared, the associated PersistentNode is
freed. In the case when multiple threads attempt to do such clearing at
the same time, the freeing protocol ensured atomicity but failed to check
if the PersistentNode had been freed already.

This follows up on the freeing of PersistentNodes that r392263 added
for CrossThreadPersistent<>s.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1964013002
Cr-Commit-Position: refs/heads/master@{#392689}
mstensho
Move absoluteRects() and absoluteQuads() overrides to LayoutBlockFlow.
They only deal with continuations.

BUG=302024

Review-Url: https://codereview.chromium.org/1968553002
Cr-Commit-Position: refs/heads/master@{#392685}
mostynb
IWYU: errno.h in third_party/webrtc_overrides
Without this, some toolchains may fail to build
third_party/webrtc/base/checks.cc because errno is undefined.

BUG=468375

Review-Url: https://codereview.chromium.org/1967643002
Cr-Commit-Position: refs/heads/master@{#392677}
mstensho
Adjust constness to avoid const_cast.
Review-Url: https://codereview.chromium.org/1961343002
Cr-Commit-Position: refs/heads/master@{#392642}
sigbjornf
Drop unnecessary uses of GarbageCollectedFinalized<>.
Objects with Member<> fields can derive from the non-finalized
GarbageCollected<> instead.

R=
BUG=389343

Review-Url: https://codereview.chromium.org/1961173004
Cr-Commit-Position: refs/heads/master@{#392641}
mstensho
nodeAtPoint(): Perform the early-check EARLY.
Hit-testing overflow controls before checking if we need to do anything at all
affected performance, so just remove the LayoutBlock override for nodeAtPoint()
and hit test overflow controls there, but do so AFTER we have made sure that
the point is within bounds.

Fixes 15% performance regression for
PerformanceTests/Events/hit-test-lots-of-layers.html

BUG=610250

Review-Url: https://codereview.chromium.org/1960373002
Cr-Commit-Position: refs/heads/master@{#392626}
mstensho
Set orphans and widows to 1 in lots-of-text-balanced multicol performance test.
https://codereview.chromium.org/1909233002 changed the initial values for
orphans and widows to match the spec. This could very well affect performance
slightly, although I cannot reproduce it myself. Speculatively set
orphans/widows to 1 and see if that helps. Add a new test that uses higher
values for orphans and widows, so that we still get to test that too.

BUG=606262

Review-Url: https://codereview.chromium.org/1964473003
Cr-Commit-Position: refs/heads/master@{#392625}
mstensho
Assert that continuations be either LayoutBlockFlow or LayoutInline.
Exploring the possibility of moving all continuation handling from LayoutBlock
down to LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1958413003
Cr-Commit-Position: refs/heads/master@{#392621}
sigbjornf
Make ActiveScriptWrappable the GC mixin it is.
By switching it to derive from GarbageCollectedMixin, and
have the per-thread set of live wrappables keep WeakMember<>
references, the Oilpan GC takes care of pruning the live
set as part of its weak processing.

R=
BUG=

Review-Url: https://codereview.chromium.org/1962113003
Cr-Commit-Position: refs/heads/master@{#392618}
mstensho
Relayout an object that becomes a spanner.
It may be possible to collapse margins through a zero-height regular block, but
if it is turned into a spanner, this is no longer possible, because it then
becomes a BFC root.

An object that becomes a spanner also gets a new containing block, which may
affect its size.

In other words, there are good reasons to make sure that objects that become
spanners get relaid out.

Note that we already had code in place (in willBeRemovedFromTree()) that
scheduled for relayout in the opposite case, i.e. when an object ceased to be a
spanner.

BUG=610033

Review-Url: https://codereview.chromium.org/1962623002
Cr-Commit-Position: refs/heads/master@{#392438}
mstensho
Remove ColumnFill runtime setting.
It's been enabled by default for almost three months now.

BUG=492297

Review-Url: https://codereview.chromium.org/1956373002
Cr-Commit-Position: refs/heads/master@{#392389}
sigbjornf
Remove older and unused ScriptState methods.
R=
BUG=

Review-Url: https://codereview.chromium.org/1958963002
Cr-Commit-Position: refs/heads/master@{#392316}
mstensho
Move hit testing of lines and floats to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1956033002
Cr-Commit-Position: refs/heads/master@{#392311}
sigbjornf
Eagerly remove disposed DOMTimers as observers.
Once the coordinator lets go of a timer, no need to keep it
around as an observer of the ExecutionContext.

R=
BUG=

Review-Url: https://codereview.chromium.org/1959013002
Cr-Commit-Position: refs/heads/master@{#392309}
sigbjornf
Trim ResourceTimingInfoMap of non-relevant entries.
If the resource fetch fails or is otherwise uninteresting to report a
ResourceTimingInfo for, remove it (also) from the set of pending
map of such ResourceTimingInfos.

R=
BUG=608543

Review-Url: https://codereview.chromium.org/1955243002
Cr-Commit-Position: refs/heads/master@{#392307}
sigbjornf
Upon clearing, release PersistentNode of cross-thread-persistent also.
Persistent<>s will only allocate an associated PersistentNode when the
heap reference is non-null. And, dually, free the PersistentNode
when the reference is cleared out and set to null.

Extend that freeing of a PersistentNode upon clearing to also apply to
CrossThreadPersistent<>s, making the behavior and lifetimes of
PersistentNodes consistent across both variants of persistent references.

R=haraken
BUG=483380
NOTRY=true

Review-Url: https://codereview.chromium.org/1962513002
Cr-Commit-Position: refs/heads/master@{#392287}
sigbjornf
Accurately measure current persistent count while running termination GC.
Follow up on r392263 and have it really behave as wanted -- when measuring
|currentCount|, the live persistent count, while cleaning out the worker's
heap in ThreadState::runTerminationGC(), we need to initially sample it
_after_ having released thread-local static persistents. Otherwise the count
would be overestimated first time around, which could lead to prematurely
reaching a fixed point. And at a fixed point that would falsely indicate
that persistents were leaking.

R=haraken
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1963453002
Cr-Commit-Position: refs/heads/master@{#392272}
sigbjornf
Cleanly release thread-local static persistents during termination GCs.
Should worker termination GCs instantiate static persistent singletons
while running finalizers, ensure that these are released.

Also, for PersistentHeapCollectionBase<>s registered as such thread-local
singletons, clear out their collection backing store along with the
persistent reference when they are released. The contents and backing
store of the collection should not be accessible after such a forceful
release operation.

R=haraken
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1957523007
Cr-Commit-Position: refs/heads/master@{#392263}
mstensho
Move line-specific code into LayoutBlockFlow::positionForPoint().
BUG=302024

Review-Url: https://codereview.chromium.org/1957633003
Cr-Commit-Position: refs/heads/master@{#392251}
mstensho
Move line-specific parts of addOutlineRects() into LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1959623002
Cr-Commit-Position: refs/heads/master@{#392137}
mstensho
Less duplicated code between nodeAtPoint() in LayoutBox and LayoutBlock.
This is a preparatory patch for moving line/float-specific parts of
LayoutBlock::hitTestChildren() into LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1957673002
Cr-Commit-Position: refs/heads/master@{#392116}
mstensho
LineBreaker doesn't need LayoutBlock(Flow) as a friend.
Review-Url: https://codereview.chromium.org/1956433003
Cr-Commit-Position: refs/heads/master@{#392115}
sigbjornf
Update AbstractAudioContext::m_activeSourceNodes on the main thread only.
Avoid mutating m_activeSourceNodes on the audio thread, leave the
main thread in control of that heap object.

R=haraken,rtoy
BUG=581660

Review-Url: https://codereview.chromium.org/1958583002
Cr-Commit-Position: refs/heads/master@{#392110}
sigbjornf
Initialize DeferredTaskHandler's audio thread ID once.
Avoid repeatedly recording the audio thread's ID, along with assertedly
verifying that this is done off the main thread.

R=
BUG=590108

Review-Url: https://codereview.chromium.org/1954663002
Cr-Commit-Position: refs/heads/master@{#391848}
mstensho
Move showLineTreeAndMark() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1952763002
Cr-Commit-Position: refs/heads/master@{#391757}
mstensho
Move parts of baseline calculation over to LayoutBlockFlow.
LayoutBlock shouldn't deal with line boxes.

BUG=302024

Review-Url: https://codereview.chromium.org/1952753002
Cr-Commit-Position: refs/heads/master@{#391663}
mstensho
Move computeSelfHitTestRects() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1946343002
Cr-Commit-Position: refs/heads/master@{#391639}
mstensho
Move LayoutDeprecatedFlexibleBox-specific line handling.
This is sort-of exotic functionality, in that it checks if the blocks have
visibility:visible and auto height, so it fits better together with the
LayoutDeprecatedFlexibleBox implementation. Nobody else needs this.

The pagination code also needs to count lines, though, so I kept lineCount(),
but moved it from LayoutBlock to LayoutBlockFlow, and threw away the parts that
weren't needed (visibility check, recursing into child block flows, among other
things).

On the LayoutDeprecatedFlexibleBox, there are some changes. The functions now
operate on LayoutBlockFlow instead of LayoutBlock, since it's dealing with
lines. As a result, we need to replace some former isLayoutBlock() checks with
isLayoutBlockFlow(). A similar change landed in WebKit years ago [1], so it
should be safe.

[1] https://bugs.webkit.org/show_bug.cgi?id=122969

BUG=302024

Review-Url: https://codereview.chromium.org/1952613002
Cr-Commit-Position: refs/heads/master@{#391492}
mstensho
Improve multicol overflow rect calculation when column width is 0.
If column-gap is larger than the content box width of the multicol container,
we'll end up with zero-width column boxes (that are allowed to overflow into
neighboring gaps).

BUG=607597

Review-Url: https://codereview.chromium.org/1927283002
Cr-Commit-Position: refs/heads/master@{#391477}
mstensho
Correct ietestcenter/css3/multicolumn/column-width-applies-to-010-expected.htm
Need to paint a red list item marker under the green one for it to match the
actual test perfectly.

BUG=396941

Review-Url: https://codereview.chromium.org/1947003002
Cr-Commit-Position: refs/heads/master@{#391467}
rune
Make sure computed style is up-to-date for custom properties.
For custom properties, we didn't call updateLayoutTreeForNode which
meant the computed style object might return out-of-date values for
custom properties.

Did some cleanup in getPropertyCSSValue for known properties.

R=shans@chromium.org
BUG=608690

Review-Url: https://codereview.chromium.org/1945623002
Cr-Commit-Position: refs/heads/master@{#391368}
fs
Simplify logical iteration in SVGTextLayoutEngine
By replacing m_logicalCharacterOffset == logicalTextNode->textLength()
by the corresponding metrics list equivalent, it becomes obvious that
we're just checking the same thing twice in succession. Remove the first
check and block of code.
Also reverse the test in the loop and refactor to avoid the 'continue'
when skipping whitespace.
The second part of the disjunction (w/ logicalMetrics.isEmpty()) does
not do anything useful, so is removed. This makes the condition match
what SVGTextLayoutAttributesBuilder does (which is the intention.)

BUG=607906

Review-Url: https://codereview.chromium.org/1941303003
Cr-Commit-Position: refs/heads/master@{#391281}
fs
Make servicing of SMIL animations require a FrameView
SMIL animations are not running (or even started) in inactive documents,
and scheduling frames requires a FrameView. Hence it makes sense to move
the call to SVGDocumentExtensions::serviceOnAnimationFrame into the
block that requires a FrameView.
Drop unused timestamp argument to SMILTimeContainer::serviceAnimations,
and let that propagate all the way out to PageAnimator.

Review-Url: https://codereview.chromium.org/1941403002
Cr-Commit-Position: refs/heads/master@{#391244}
sigbjornf
Deflake media/track/media-element-move-to-new-document-assert.html
R=fs@opera.com
BUG=518995

Review-Url: https://codereview.chromium.org/1943823002
Cr-Commit-Position: refs/heads/master@{#391224}
sigbjornf
Implement DOM methods: prepend, append, after, before and replaceWith.
As per https://dom.spec.whatwg.org/#childnode ChildNode interface
should contain after(), before() and replaceWith() API.

As per https://dom.spec.whatwg.org/#parentnode ParentNode interface
should contain append(), prepend() API.

Intent to Implement and ship link: https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/paritosh/blink-dev/efUPtYm1PP8/MGoTi17AYpcJ

( From paritosh.in@samsung.com's original CL https://codereview.chromium.org/1085843002 )

R=mkwst
BUG=255482

Review-Url: https://codereview.chromium.org/1934123002
Cr-Commit-Position: refs/heads/master@{#391196}
rune
Avoid style recalc and layout when not necessary for client size.
The clientWidth and clientHeight values do not rely on style recalc for
the documentElement in strict mode, and the body element in quirks mode
when we use overlay scrollbars. Skip the forced layout update in those
cases.

BUG=481412

Review-Url: https://codereview.chromium.org/1935043002
Cr-Commit-Position: refs/heads/master@{#391187}
fs
Remove the LayoutSVGInlineText* context in SVGTextLayoutAttributes
Most uses of the SVGTextLayoutAttributes* in vector owned by
LayoutSVGText, actually ends up doing ...->context() and dereferencing
the owning LayoutSVGInlineText rather than the attributes object itself.
It's also slightly more obvious what's going on when considering the
iteration over "text nodes" rather than their associated attributes.
Make LayoutSVGText collect the descendant LayoutSVGInlineTexts rather
than the "parts object" SVGTextLayoutAttributes, and rename as
appropriate to reflect that change.
Since removing the context pointer makes SVGTextLayoutAttributes a simple
wrapper around a SVGCharacterDataMap, just store the latter directly.
Rename SVGTextLayoutAttributes.h to SVGCharacterData.h
Also replace a HashMap::find+conditional copy with a HashMap::get.

BUG=607906

Review-Url: https://codereview.chromium.org/1937043002
Cr-Commit-Position: refs/heads/master@{#391052}
sigbjornf
Completely detach failed script loader before dispatching error event.
In case of failure, a ScriptLoader needs to be detached from its ScriptRunner
and associated Resource (if any) at the same time, and before dispatching
the corresponding error event. If the error event handler triggers cancellation
of the Resource, the ScriptLoader should not be notified of that again --
it isn't interested nor prepared. A speculative fix.

R=
BUG=602516

Review-Url: https://codereview.chromium.org/1939743002
Cr-Commit-Position: refs/heads/master@{#390955}
rune
Don't cache parsed stylesheet if it wasn't added to the memory cache.
The code expects the StyleSheetContents to be in the memory cache when
pointed to by m_parsedStyleSheetCache. Set m_parsedStyleSheetCache to
nullptr initially when the StyleSheetContents could not be added to the
memory cache.

R=sigbjornf@opera.com
BUG=606248

Review-Url: https://codereview.chromium.org/1941733002
Cr-Commit-Position: refs/heads/master@{#390949}
davve
Add test for zoomed -webkit-mask-box-image
BUG=607414

Review-Url: https://codereview.chromium.org/1937903002
Cr-Commit-Position: refs/heads/master@{#390935}
mstensho
LayoutBlock::m_descendantsWithFloatsMarkedForLayout doesn't need to be mutable.
R=rune@opera.com

Review-Url: https://codereview.chromium.org/1937023002
Cr-Commit-Position: refs/heads/master@{#390925}
jl
Use v8::Object::CreateDataProperty() for object construction
When creating objects (and arrays) internally, we should typically use
CreateDataProperty() rather than Set(), since the latter may invoke
setters defined by scripts. This could potentially be used by exploits to
do evil things, but more likely is just a potential source of breakage
and/or confusion.

Also, it is typically non-conforming in the cases where exact behavior is
defined in a specification.

BUG=

Review-Url: https://codereview.chromium.org/1938943002
Cr-Commit-Position: refs/heads/master@{#390924}
davve
Revert "Straighten out zoom and border-image"
This patch reverts https://codereview.chromium.org/1819083004 patchset
#3.

Fixing SVG zoom in border-image unfortunatly broke gradients
instead. There is a difference in how scale it applied for
zooming. For SVG a source rect (unzoomed) <-> destination rect
(zoomed) scale factor is computed and used for scaling. For gradients,
the source and destination rect are always the same (both zoomed). The
individual gradients stops are zoomed instead.

BUG=607414, 596075, 561519

Review-Url: https://codereview.chromium.org/1934953002
Cr-Commit-Position: refs/heads/master@{#390920}
mostynb
remove obsolete todo note for CSS property to histogram id mapping
It was decided not to move these (necessarily) hardcoded ids.

BUG=234940
NOTRY=true

Review-Url: https://codereview.chromium.org/1937773002
Cr-Commit-Position: refs/heads/master@{#390917}
sigbjornf
Weak HTMLMediaElement::m_audioSourceNode reference must be cleared.
Weak callbacks must clear the weak references deemed not to be alive.

R=
BUG=

Review-Url: https://codereview.chromium.org/1941693002
Cr-Commit-Position: refs/heads/master@{#390910}
mostynb
remove unused WTF::dataLogFString function
BUG=439559

Review-Url: https://codereview.chromium.org/1936893002
Cr-Commit-Position: refs/heads/master@{#390877}
mostynb
remove unused placeByteAsHex template
BUG=439559

Review-Url: https://codereview.chromium.org/1937723002
Cr-Commit-Position: refs/heads/master@{#390876}
sigbjornf
gc plugin: stop recognizing old and unused options.
The options "enable-oilpan" and "warn-raw-ptr" are following r390631 no
longer being passed in as options, hence we can finally stop recognizing
them.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1941603002
Cr-Commit-Position: refs/heads/master@{#390875}
sigbjornf
Tidy up releasing of AssociatedURLLoader's client references.
Make the releasing of client references a bit more solid and consistent.

R=
BUG=606998

Review-Url: https://codereview.chromium.org/1937743002
Cr-Commit-Position: refs/heads/master@{#390873}
sigbjornf
Have htmlcollection-reachable.html force the one GC needed.
Calling window.gc() slows down test running times, and is
preferably avoided unless needed to verify behavior across
a GC.

For htmlcollection-reachable.html, we only need the
one GC to determine liveness of custom properties for
various platform objects across a garbage collection.

R=
BUG=593888

Review-Url: https://codereview.chromium.org/1934183002
Cr-Commit-Position: refs/heads/master@{#390872}
mostynb
remove unused placeByteAsHexCompressIfPossible template
This template has been unused since https://codereview.chromium.org/1778743003
landed.

BUG=584999,439559

Review-Url: https://codereview.chromium.org/1936883002
Cr-Commit-Position: refs/heads/master@{#390870}
sigbjornf
Document registration of Oilpan weak callbacks.
R=
BUG=

Review-Url: https://codereview.chromium.org/1935943002
Cr-Commit-Position: refs/heads/master@{#390860}
mstensho
Remove replacedChildren vector from inline layout.
This vector was populated during child walking and consumed right after the
walk. There should be no reason not to just process the objects right away.

Review-Url: https://codereview.chromium.org/1933633002
Cr-Commit-Position: refs/heads/master@{#390765}
fs
Minor tweaks to m_needsReordering in LayoutSVGText::layout
Nit fixes from https://codereview.chromium.org/1933193002/.

BUG=607906

Review-Url: https://codereview.chromium.org/1933413002
Cr-Commit-Position: refs/heads/master@{#390753}
fs
Simplify SVG layout attribute reordering
findFirstAndLastAttributesInVector is an identity transform, since it
only search for first/lastContext in the layout attributes vector and
return that in the out variable. Remove it. This in turn means that the
vector of layout attributes is unused, and hence also removed. Finally
tidy up the reversing loop by moving more code into the swapping helper
function, and merge the two identical sequences of item swapping code.
Drop the ASSERT that disallows having no (nullptr) user-data for the
closure to collectLeafBoxesInLogicalOrder.

BUG=607906

Review-Url: https://codereview.chromium.org/1931303002
Cr-Commit-Position: refs/heads/master@{#390751}
fs
Refactor SVGTextLayoutEngine::currentLogicalCharacterMetrics
The two methods currentLogicalCharacterAttributes and
currentLogicalCharacterMetrics on SVGTextLayoutEngine are very
interdependent, since after calling the former, the latter will be
called.
So fold most of the former into the latter, keeping the bits of the
former that advances to the next layout attribute entry, while
renaming it to nextLogicalAttributes.
The methods are also changed from returning a bool and using out-
variables to return the active SVGTextLayoutAttributes structure
instead.

BUG=607906

Review-Url: https://codereview.chromium.org/1935493002
Cr-Commit-Position: refs/heads/master@{#390736}
mstensho
Move self-collapse checking to LayoutBlockFlow and cache it completely.
Only block containers (that's LayoutBlockFlow in Blinquese) can have adjoining
top and bottom margins, since all other LayoutBlock derivates establish some
kind of formatting context (table, flexbox, etc.).

Also cache self-collapsedness completely. Previously we only used the cached
result if we had previously found that the entire subtree is self-collapsing.
The new approach eliminates the need for "mutable" too.

BUG=302024

Review-Url: https://codereview.chromium.org/1933153002
Cr-Commit-Position: refs/heads/master@{#390729}
mstensho
Move markLinesDirtyInBlockRange() from LayoutBlock to LayoutBlockFlow.
And put the implementation in LayoutBlockFlowLine.cpp.

BUG=302024

Review-Url: https://codereview.chromium.org/1933643002
Cr-Commit-Position: refs/heads/master@{#390724}
fs
Restructure LayoutSVGText::layout
"Uncascade" LayoutSVGText::layout by separating the handling of the two
flags (m_needsTextMetricsUpdate, m_needsPositioningValuesUpdate) into
sequential blocks. Add assert to verify consistency.

BUG=607906

Review-Url: https://codereview.chromium.org/1933193002
Cr-Commit-Position: refs/heads/master@{#390691}
fs
Move isEmptyValue and emptyValue to SVGCharacterData
These two helpers have a stronger tie to SVGCharacterData (on which they
operate) than to SVGTextLayoutAttributes - where they are currently
defined.
Move them as described, and also add simple query helpers to make code
using them simpler and more readable.

BUG=607906

Review-Url: https://codereview.chromium.org/1933183002
Cr-Commit-Position: refs/heads/master@{#390649}
sigbjornf
Remove oilpan build configuration vestiges.
With the updated GC clang plugin that rolled out as part of issue 604993,
we no longer need to supply enable-oilpan to it. Stop doing so along
with removing the enable_oilpan configuration option entirely.

R=haraken,jochen
BUG=585328

Review-Url: https://codereview.chromium.org/1930913002
Cr-Commit-Position: refs/heads/master@{#390640}
sigbjornf
blink_gc_plugin: drop no-op options.
With the updated GC clang plugin that rolled out as part of issue 604993,
we can now assume that the enable-oilpan and warn-raw-ptr options are
by default always on & consequently doesn't need to be passed in by
blink_gc_plugin_flags.py

R=
BUG=604463,604476

Review-Url: https://codereview.chromium.org/1926003003
Cr-Commit-Position: refs/heads/master@{#390631}
jl
Use [[DefineOwnProperty]] when converting IDL array values
This means using v8::Object::CreateDataProperty() rather than Set(), and
is in line with how the conversion is defined in WebIDL. The incorrect use
of Set() is observable by scripts that define setters on Array.prototype
for the properties "0", "1", "2" and so on.

Also apply the same fix to conversion of Vector<std::pair<>> into object.

BUG=607483

Review-Url: https://codereview.chromium.org/1936433002
Cr-Commit-Position: refs/heads/master@{#390610}
mostynb
fix ipc_mojo_unittests.isolate dependencies
BUG=604847

Review-Url: https://codereview.chromium.org/1930773006
Cr-Commit-Position: refs/heads/master@{#390606}
philipj
Drop self from API_OWNERS, OWNERS, etc.
tkent@ takes over web-platform-tests/dom and chcunningham@ joins
wolenetz@ in mediasource/OWNERS.

Review-Url: https://codereview.chromium.org/1919183004
Cr-Commit-Position: refs/heads/master@{#390604}
mstensho
Old lines may be detached / extracted during layout.
Back out over-simplified code from https://codereview.chromium.org/1915803004/

Since lines from an old layout pass that haven't yet been relaid out may not be
in the line box list at all at some given point during layout, lastRootBox()
didn't work as expected. It would either return the wrong last-line, or even
nullptr.

BUG=607451

Review-Url: https://codereview.chromium.org/1927913002
Cr-Commit-Position: refs/heads/master@{#390508}
tsniatowski
Add simple bit_cast unittests, avoid static_assert on gcc+libc++
These should work provided that the is_trivially_copyable logic is not
broken, and will fail to compile of the type traits lie. They do on
Android where we have gcc+libc++, so avoid being too strict there.

BUG=607158

Review-Url: https://codereview.chromium.org/1925683002
Cr-Commit-Position: refs/heads/master@{#390472}
sigbjornf
Refresh LocalDOMWindow post-Oilpan.
The debug flag m_hasBeenReset no longer serves a purpose +
OwnedPtrDeleter<> usage doesn't either.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1932653003
Cr-Commit-Position: refs/heads/master@{#390436}
sigbjornf
Remove RefCountedGarbageCollected<> GC plugin handling.
The RefCountedGarbageCollected<> transition type is no longer used
and has been removed. Follow up and retire the GC plugin's
checks for it.

R=haraken
BUG=604481

Review-Url: https://codereview.chromium.org/1932713002
Cr-Commit-Position: refs/heads/master@{#390421}
rune
querySelector* fast-path missing namespace check for no namespace.
querySelector* does not allow selectors with namespaces, yet selectors
with no namespace are still allowed. Check for empty namespace before
hitting the fast path for tag names.

R=esprehn@chromium.org
BUG=605502

Review-Url: https://codereview.chromium.org/1932673002
Cr-Commit-Position: refs/heads/master@{#390417}
jl
Use correct creation context when converting sequences to V8
The |creationContext| argument is often a reference to a window proxy
object, that may become incorrect to use if the frame is navigated and/or
detached during the loop that converts values.

BUG=607483

Review-Url: https://codereview.chromium.org/1924073003
Cr-Commit-Position: refs/heads/master@{#390408}
sigbjornf
GC plugin: split out reporting of errors/warnings.
Move code to handle reporting of errors and notes out
into a class of its own.

R=haraken
BUG=531879

Review-Url: https://codereview.chromium.org/1926863002
Cr-Commit-Position: refs/heads/master@{#390350}
sigbjornf
Add sigbjornf as blink_gc_plugin/ owner.
R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1928743002
Cr-Commit-Position: refs/heads/master@{#390325}
sigbjornf
Remove unused GCObject class.
This dummy class was accidentally re-introduced in PersistentNode.cpp during the
r389469 revert; remove it.

R=
BUG=

Review-Url: https://codereview.chromium.org/1925973002
Cr-Commit-Position: refs/heads/master@{#390323}
sigbjornf
Make warn-unneeded-finalizer warning usable.
The Blink GC plugin option warn-unneeded-finalizer (enabled by including
"warn-unneeded-finalizer=1" in your  "blink_gc_plugin_flags" gyp defines)
is potentially useful in identifying classes which needlessly derive from
GarbageCollectedFinalized<> where GarbageCollected<> would do.

To avoid far too many false positives to make it practically useful on
the Blink codebase, make it be more forgiving about bases with virtual
destructors + recognize class declarations with
finalizeGarbageCollectedObject() methods defined. Neither of those
two cases should be reported as warnings.

R=
BUG=

Review-Url: https://codereview.chromium.org/1922913004
Cr-Commit-Position: refs/heads/master@{#390184}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
Classes which finalize nothing on their own should derive from
GarbageCollected<> instead.

(As identified by the warn-unneeded-finalizer=1 GC plugin option.)

R=haraken
BUG=585328

Committed: https://crrev.com/e10d108bc9cabf82607b909f35fc541c313e2366
Cr-Commit-Position: refs/heads/master@{#390070}

Review-Url: https://codereview.chromium.org/1929493002
Cr-Commit-Position: refs/heads/master@{#390165}
fs
SVG <marker> painting TLC
* Use range-based loop.
* Hide checking for an empty 'viewBox' in LayoutSVGResourceMarker.
* Simplify handling of marker scale due to 'markerUnits'.
* Add some const qualification, reorder forward decls and add missing
  full stops.

Review-Url: https://codereview.chromium.org/1914293003
Cr-Commit-Position: refs/heads/master@{#390112}
sigbjornf
Have MessagePort use Oilpan-based weak pointers.
Using WeakPtr<>/WeakPtrFactory<> with Oilpan heap objects is problematic
in the face of lazy sweeping, WeakPtr<> references aren't cleared until
the finalizer runs. Should a posted task (like for MessagePort) run
before that happens, it might then access already finalized objects that
MessagePort refers to.

Hence WeakPtr<>s should not be used for Oilpan objects unless extra
finalization care is taken _and_ the object depends on WeakPtrFactory<>'s
support for explicit revocation. Use Oilpan weak references instead.

Also clear out various redundant WeakPtr.h includes throughout Blink.

R=haraken
BUG=522357

Review-Url: https://codereview.chromium.org/1922923003
Cr-Commit-Position: refs/heads/master@{#390105}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
Classes which finalize nothing on their own should derive from
GarbageCollected<> instead.

(As identified by the warn-unneeded-finalizer=1 GC plugin option.)

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1929493002

Cr-Commit-Position: refs/heads/master@{#390070}
fs
Don't use a magic value for 'auto' oriented <marker>s
The value -1 (degrees) is a valid angle, so using it to indicate that
'auto' orientation should be used does not work out.
Just check 'orientType' directly instead and simplify the angle getter.

BUG=606345

Review URL: https://codereview.chromium.org/1916173003

Cr-Commit-Position: refs/heads/master@{#390029}
sigbjornf
Simplify ownership handling of HTMLImportsController.
The controller is now simply referred to and kept alive from the
associated master Document, detached of and disposed during
Document detach.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1914183002

Cr-Commit-Position: refs/heads/master@{#389814}
sigbjornf
Deprecate window.postMessage(m, transferables, origin) overload.
This argument-swapped legacy overload has little use, hence it
is time to try to phase it out. Deprecate with view to removing
in M54.

Intent: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h4ooaB_Y9JE/nh7vXshGBwAJ

R=
BUG=425896

Review URL: https://codereview.chromium.org/1903873004

Cr-Commit-Position: refs/heads/master@{#389800}
jl
Use correct creation context during Iterable.forEach iteration
Use |thisValue| instead of |scriptState->context()->Global()|, since this
is simpler and since Global() actually returns a WindowProxy object that
may change and become incorrect to use as creation context depending on
what the callback function does.

BUG=605910

Review URL: https://codereview.chromium.org/1918763002

Cr-Commit-Position: refs/heads/master@{#389785}
sigbjornf
Tidy up representation of ScrollState::m_data.
OwnPtr<> is preferable in this context.

R=
BUG=

Review URL: https://codereview.chromium.org/1916193004

Cr-Commit-Position: refs/heads/master@{#389781}
sigbjornf
Tidy up WebGeolocationController.
Get rid of impedance-matching wrapper now that Oilpan is enabled
always.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1919153002

Cr-Commit-Position: refs/heads/master@{#389777}
davve
Manually rebaseline hidpi tests
The following pixel tests needed rebaselining after switch from quirks
mode to standards mode in r389730:

fast/hidpi/broken-image-icon-hidpi.html
fast/hidpi/image-srcset-invalid-descriptor.html
fast/hidpi/resize-corner-hidpi.html
fast/hidpi/broken-image-with-size-hidpi.html
fast/hidpi/video-controls-in-hidpi.html
fast/hidpi/focus-rings.html
fast/hidpi/clip-text-in-hidpi.html
fast/hidpi/image-set-as-background-with-zoom.html
fast/hidpi/gradient-with-scaled-ancestor.html

TBR=yoav@yoav.ws
BUG=605065

Review URL: https://codereview.chromium.org/1921263002

Cr-Commit-Position: refs/heads/master@{#389758}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1922763003

Cr-Commit-Position: refs/heads/master@{#389756}
fs
Out-of-line some methods on LayoutSVGResourceMarker
Move the definition of orientType() and markerUnits() to the .cpp file.
Also make use of these helpers where possible and remove some unused
or redundant includes.

Review URL: https://codereview.chromium.org/1914133002

Cr-Commit-Position: refs/heads/master@{#389747}
fs
Don't force layout of descendants of SVG containers needing self-layout
There isn't much "layout" required for a generic SVG container - it is
sensitive to changes to its descendants and any impact a filter it
itself references has. We would however always relayout the entire
subtree of a container that had been marked as needing layout.
Like he code removed by https://codereview.chromium.org/1907273002, this
remaining part of the condition is primarily a remnant of the old way of
performing paint invalidation.
This CL changes to not force layout unconditionally based on the
self-needs-layout flag, but instead relies on the scale-factor-changed
flag (and of course specific marking of descendants) to handle this job.
To achieve this, rudimentary scale-factor-changed "detection" is added
to LayoutSVGRoot, as well as code to propagate this state to
descendants. LayoutSVGResourceMarker is modified in a similar fashion.
This is needed to counter-act the removal of the forced layout, since
previously this would propagate to descendants (unconditionally) by
forcing layout in both the root and containers. This effect is now
achieved (for the root) by using the scale-factor-changed signal
instead. This signal will be improved in future CLs.

BUG=603956

Review URL: https://codereview.chromium.org/1920833002

Cr-Commit-Position: refs/heads/master@{#389742}
davve
Modernize fast/hidpi layout tests
 * Add <!DOCTYPE html> to all tests. None of them seem to test
   quirk-mode specific issues.

 * Remove unnecessary <html>, <head> and <body> tags.

 * 4 space indentation.

 * Remove stale FIXME.

 * Drop </img> tags. <img> is a void element.

BUG=605065

Review URL: https://codereview.chromium.org/1908463002

Cr-Commit-Position: refs/heads/master@{#389730}
mstensho
Remove LayoutFlowThread stuff from line layout code.
We used to force full line layout if we had a flow thread with no column sets.
This may have made sense at some point in the past, where we created column
sets on the fly during layout, but we don't do that anymore (because we don't
mutate the layout tree structure during layout anymore). If we have no column
sets, it means that we cannot have any lines, since there's no column content
(because if there were, we'd have at least one column set). So it was a
pointless (albeit harmless) check.

There was also a flow thread check around some code that checks if previously
created lines will be affected by floats in new ways. If this is the right
thing to do for flowthread based fragmentation, it's also the right thing to do
for non-flowthread based (e.g. printing) fragmentation, so just remove the
check.

Also reordered and cleaned up checkPaginationAndFloatsAtEndLine() somewhat. We
don't have to do anything at all unless we have floats. Let's figure this out
as early as possible and bail if we can.

Also locate the last line in the block flow in a simpler way. Call
lastRootBox() instead of walking some chain of lines all the way to the end.

Review URL: https://codereview.chromium.org/1915803004

Cr-Commit-Position: refs/heads/master@{#389720}
sigbjornf
Support WeakMember<const T>.
It is entirely valid to have weak references to const objects, but
this failed to compile tracing calls over such members.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1921733002

Cr-Commit-Position: refs/heads/master@{#389553}
fs
Return the 'active' value for SVGURIReference.href.animVal
Make animVal return the currently used ('active') value instead of always
returning that of 'href'.
This should re-establish the former "invariant" that baseVal === animVal
when '(xlink:)href' is not being animated.

BUG=606200

Review URL: https://codereview.chromium.org/1917843002

Cr-Commit-Position: refs/heads/master@{#389490}
sigbjornf
Unify and generalize thread static persistent finalization.
Make ThreadState's registerAsStaticReference() generally available,
and not specific to LSan-only registration of static persistents
that must be cleared prior to performing leak detection.

By doing so, it can be used to handle thread-local static persistents
also.

Upon a thread finalizing its ThreadState, these static persistents
will be cleared & released. In order to make that safe and not leave
dangling PersistentNode references around afterwards, generalize
the release mechanism to also clear the Persistent/PersistentCollectionBase
that registered the persistent node.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1919663002

Cr-Commit-Position: refs/heads/master@{#389448}
sigbjornf
Make DOMTokenList.prototype.toString enumerable.
As 'stringifier' implies an enumerable toString(), drop the use
of [NotEnumerable] for DOMTokenList's. This also aligns with other
implementations (FF, Edge.)

R=yoav@yoav.ws, philipj@opera.com
BUG=306606

Review URL: https://codereview.chromium.org/1916453002

Cr-Commit-Position: refs/heads/master@{#389442}
davve
Manually rebaseline two tests from r389158
TBR=fs
BUG=601011

Review URL: https://codereview.chromium.org/1916733002

Cr-Commit-Position: refs/heads/master@{#389437}
sigbjornf
Require that heap collections are used over traceable elements.
While it is fully supported, having Blink GC heap collection objects
with elements not themselves being heap objects nor containing
references to such, is unnecessary. And arguably a sign that the code
is unintentionally using a heap collection.

Thus, add static_assert()s which prevent heap collections containing
no traceable references.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1912093002

Cr-Commit-Position: refs/heads/master@{#389435}
sigbjornf
Make Selection.prototype.toString() enumerable.
The stringifier for Selection is enumerable,

 https://w3c.github.io/selection-api/#idl-def-Selection

so align with spec and other implementations, and remove the use
of [NotEnumerable].

R=yoichio
BUG=306606

Review URL: https://codereview.chromium.org/1908423003

Cr-Commit-Position: refs/heads/master@{#389427}
sigbjornf
Remove RefCountedGarbageCollected<>.
Exposing a garbage collected object as something ref-counted is
no longer needed, hence the functionality can be removed.

R=
BUG=604481

Review URL: https://codereview.chromium.org/1919643002

Cr-Commit-Position: refs/heads/master@{#389419}
fs
Order bounds update correctly for LayoutSVGShape and LayoutSVGImage
Since SVGResourcesCache::clientLayoutChanged can set the
m_needsBoundariesUpdate flag, make sure to check it, and act, after
that call. This ensures that state is consistent. when layout() return.
Also add a comment about the delicate situation in
LayoutSVGShape::layout wrt shape vs. bounds update. Additionally rename
the local variable used to notify the parent that its bounds needs to be
updated to |updateParentBoundaries|.

BUG=603956

Review URL: https://codereview.chromium.org/1907333002

Cr-Commit-Position: refs/heads/master@{#389410}
sigbjornf
Add DataPersistent<> for copy-on-modify and use for StyleFilterData.
Emulate what DataRef<T> provides over ref-counted objects, but
for persistent heap references. DataPersistent<T> values can
be freely copied, but when access()ed before being mutated,
DataPersistent<> ensures that the mutation will happen on
an unshared copy of the underlying heap object (of type T.)

The motivation for doing is to migrate the StyleFilterData fields
that StyleRareNonInheritedData keeps over to use DataPersistent<>
rather than DataRef<>. By doing so, StyleFilterData becomes
a simple GCed object without any ref-counting extras.

R=
BUG=604481

Review URL: https://codereview.chromium.org/1855213002

Cr-Commit-Position: refs/heads/master@{#389400}
sigbjornf
Simplify PointerEventFactory::getPointerIdsOfType() return type.
A Vector<int> is sufficient.

R=
BUG=

Review URL: https://codereview.chromium.org/1906213004

Cr-Commit-Position: refs/heads/master@{#389372}
sigbjornf
Remove unnecessary use of HeapHashMap for InspectorAnimationAgent::m_idToAnimationType.
R=
BUG=

Review URL: https://codereview.chromium.org/1907223002

Cr-Commit-Position: refs/heads/master@{#389369}
sigbjornf
CSSGradientValue::getStopColors(): unnecessary use of HeapVector<>.
No need to involve HeapVector<> over Color.

R=
BUG=

Review URL: https://codereview.chromium.org/1906363002

Cr-Commit-Position: refs/heads/master@{#389368}
sigbjornf
Remove unnecessary use of HeapHashMap for EventHandler::TouchRegionMap.
R=
BUG=

Review URL: https://codereview.chromium.org/1910173003

Cr-Commit-Position: refs/heads/master@{#389367}
fs
Remove unnecessary full-subtree layouts for filtered SVG containers
The presence of a filter on a container (or the SVG root) would force
a layout of the entire subtree if any child needed a layout. This used
to serve the purpose of making sure that the entire subtree would get
repainted (an artifact of how 'filter' is handled on SVG elements.)
With the current paint invalidation system, this should however make
no practical difference, since the layout of the subtree will only
end up marking descendant LayoutObjects as "maybe needing paint
invalidation" - which the ones that didn't actually change don't - and
hence for these nothing will be invalidated.
The container itself will be invalidated via the call to
SVGResourcesCache::clientLayoutChanged, which will mark it for paint
invalidation if it has instantiated a filter resource.

BUG=603956

Review URL: https://codereview.chromium.org/1907273002

Cr-Commit-Position: refs/heads/master@{#389283}
mstensho
Remove unused LayoutObject::mapAbsoluteToLocalPoint().
Review URL: https://codereview.chromium.org/1916543002

Cr-Commit-Position: refs/heads/master@{#389266}
mstensho
Support for mapping from outer/visual to flowthread coord space in nested multicol.
Review URL: https://codereview.chromium.org/1919453002

Cr-Commit-Position: refs/heads/master@{#389249}
mstensho
Don't allow column spanners inside transforms.
Spanners want the multicol container as their containing block. Transforms want
to be the containing block of everything inside. Since it's not possible to
fulfill both wishes, just refuse objects to become spanners when inside
transforms. We already do the same when inside out-of-flow objects, and also
for anything that establishes a new formatting context.

BUG=596863

Review URL: https://codereview.chromium.org/1908393002

Cr-Commit-Position: refs/heads/master@{#389207}
davve
Align image sizes for SVG with raster image size
The background geometry calculations has heuristics for tiling image
sizes optimized for integer image sizes (at least in effective zoom ==
1). Rounding SVG image sizes before zoom application makes SVG images
fit better into the existing heuristics.

BUG=601011

Review URL: https://codereview.chromium.org/1912063004

Cr-Commit-Position: refs/heads/master@{#389158}
mstensho
ColumnBalancer: Don't leak the break-after value from the previous sibling to children.
The break-after value of an object should only be considered and joined with
the break-before value of the next in-flow sibling. Said sibling should not let
its children see this value, or anything like that. Doing that might trick the
balancer into believing that we have more forced breaks than what we actually
have.

So there's no point in storing this state as a member in ColumnBalancer. Keep
it local to each object instead.

BUG=605902

Review URL: https://codereview.chromium.org/1913453002

Cr-Commit-Position: refs/heads/master@{#389144}
mstensho
Shift visual-to-flowthread coordinate space conversion one level up in the tree.
The same was done for the opposite operation, i.e. flowthread-to-visual
coordinate space conversion, in mapLocalToAncestor(), in
https://codereview.chromium.org/1819603003 . Let's do the same in
mapAncestorToLocal(), so that we're more consistent. This doesn't fix any known
bugs, but it sure makes sense that mapLocalToAncestor() be the opposite of
mapAncestorToLocal(). This also makes it less of a headache to write unit
tests, since you can now feed transformState1 into
obj->mapLocalToAncestor(parent) and get transformState2 back, then feed
transformState2 into obj->mapAncestorToLocal(parent) and then be back at
transformState1.

Review URL: https://codereview.chromium.org/1908353002

Cr-Commit-Position: refs/heads/master@{#389143}
mstensho
Spec-compliant parsing and initial values for 'orphans' and 'widows'.
The initial values for these properties should be '2', not 'auto'. 'auto' isn't
even an allowed value in the spec. So remove support for that completely.

FWIW: 'auto' used to mean pretty much the same as '1'.

Quite a few tests have to be updated because of this change, typically because
they assume that there are no orphans and widows requirements, meaning that
there'd be no breaking restrictions between lines. In those cases, now that the
initial value is '2', we need to set 'orphans' and 'widows' to '1' explicitly
if we don't want any restrictions. There are also some non-layout tests that
expect the initial value to be 'auto' or '1'. In those cases we need to just
update the expectations to be '2' instead.

BUG=473509

Review URL: https://codereview.chromium.org/1909233002

Cr-Commit-Position: refs/heads/master@{#389061}
mstensho
Don't lose the pagination strut when a line is re-created.
If there's not enough room for a line in a column, so that it gets pushed to
the next one, and there's a float at the top of the next column, the available
line width changes, and we need to re-create the line at the new position. Do
not lose the pagination strut in the process, or the column balancer might
over-stretch the columns, since it might fail to find the lowest possible space
shortage for the next layout pass. So store the strut so that we can re-apply
it when the new line has been created.

Since we now store the strut of such lines while they're being re-created, this
can be used as a flag to skip positioning of out-of-flow objects and floats. In
other words, we can retire the logicalWidthIsAvailable flag (which was a really
confusing name anyway).

Review URL: https://codereview.chromium.org/1905923002

Cr-Commit-Position: refs/heads/master@{#388884}
sigbjornf
Have (new URLSearchParams(initString)) skip initial '?'.
The spec now requires that when a URLSearchParams is initialized from
a string, an initial '?' should be ignored from that string,

 https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams

It accommodating usage like (new URLSearchParams(url.search))

R=
BUG=601425

Review URL: https://codereview.chromium.org/1906773002

Cr-Commit-Position: refs/heads/master@{#388842}
mstensho
Prioritize first-lines over orphans when deciding whether to propagate a strut.
The orphans code piece simply blindly propagates the strut to the block if the
orphans requirement isn't satisfied. It's incapable of inserting a break at a
class C break point [1] (i.e. before the first line in the block), while the
first-line code piece handles this just fine (since this is easy to do when at
the first line, but not when at a later line).

If we're at a non-first line at the time of breaking, there's no support for
going back to insert a break before the first line. That has to be done when
processing the first line, not later on. Flip the priority, so that orphans
requirements aren't even checked if we're at the first line. There's no need
then. We always try to avoid breaking before the first line anyway.

[1] https://drafts.csswg.org/css-break/#possible-breaks

Review URL: https://codereview.chromium.org/1908643003

Cr-Commit-Position: refs/heads/master@{#388838}
fs
Rename transformToRoot:ish names to screenScaleFactorChanged:ish ones
This better reflects the function of this machinery, since it's used to
update the scale of fonts based on the computed "screen scale factor".

BUG=603956

Review URL: https://codereview.chromium.org/1911473002

Cr-Commit-Position: refs/heads/master@{#388749}
philipj
Measure usage of generated documents (image/media/plugin/etc)
As discussed on blink-dev:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/u79ubJvsTbI/c_kSGKrEAgAJ

This *InFrame counters are intended as an estimate of cases where a
script in the containing document could look at the generated DOM.

BUG=597380
R=esprehn@chromium.org,pdr@chromium.org
TBR=isherman@chromium.org

Review URL: https://codereview.chromium.org/1866343002

Cr-Commit-Position: refs/heads/master@{#388723}
mstensho
Remove special-code for paginating floats followed by lines of text.
If a float is pushed to the next fragmentainer, we used to push any lines
established by consecutive sibling content along with it, even if they would
fit in the previous fragmentainer. As a contrast to this, we did not do the
same to consecutive blocks - only to lines!

What blocks do makes the most sense [1]. Do the same for lines.

[1] Discussed here: https://lists.w3.org/Archives/Public/www-style/2015Sep/0002.html

Added two new tests. The one that has a block with text following a float also
worked before this CL, but I added it to demonstrate how ridiculous it is to
behave differently here, simply depending on whether it's a line or a block.

Some existing tests needed an update, because they depended on the previous
behavior.

Review URL: https://codereview.chromium.org/1899193007

Cr-Commit-Position: refs/heads/master@{#388701}
mstensho
Translate flow thread coords to the nearest enclosing coord space when appropriate.
We used to always convert to the visual coordinate space, meaning that we
walked all enclosing fragmentation contexts. However, only the PaintLayer code
wants this behavior, while everyone else typically wants to do one
fragmentation context at a time, e.g. when walking the ancestry with
LayoutObject::mapLocalToAncestor().

For nested multicol, this caused invalidation bugs, problems with
getClientRects(), and maybe more.

Added an enum CoordinateSpaceConversion (with values "Containing" and "Visual")
for flowThreadTranslationAtOffset() to use to determine which conversion to
perform. The old behavior was to always do CoordinateSpaceConversion::Visual.

BUG=604883

Review URL: https://codereview.chromium.org/1907443003

Cr-Commit-Position: refs/heads/master@{#388692}
fs
Drop transform-change propagation from LayoutSVGHiddenContainer::layout
No real transform changes should be detected in LayoutSVGHiddenContainer
since it's used for things making up (==roots of) "isolated subtrees".

BUG=603956

Review URL: https://codereview.chromium.org/1905533003

Cr-Commit-Position: refs/heads/master@{#388578}
sigbjornf
Expose toString() as enumerable on some objects.
URL, WorkerLocation and implementations of HTMLHyperlinkElementUtils
are required per spec to expose an enumerable toString() method.

Remove uses of [NotEnumerable] for these.

R=philipj@opera.com, jochen
BUG=306606

Review URL: https://codereview.chromium.org/1905553002

Cr-Commit-Position: refs/heads/master@{#388521}
fs
Move the m_didTransformToRootUpdate flag to LayoutSVGContainer
By pushing the update of the m_didTransformToRootUpdate flag out of the
various calculateLocalTransform() implementations, we both get
implementations of those methods that are more to the point, and expose
the redundant calls to SVGLayoutSupport::transformToRootChanged().
This also means that didTransformToRootUpdate() is devirtualized,
although it was never called "virtually" before either.
Also turn m_needsBoundariesUpdate into a single-bit flag.

BUG=603956

Review URL: https://codereview.chromium.org/1904683002

Cr-Commit-Position: refs/heads/master@{#388516}
sigbjornf
Remove Disposed as a DocumentLifecycle state.
With Oilpan, Documents no longer have an observable 'disposed' state.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1906483002

Cr-Commit-Position: refs/heads/master@{#388498}
sigbjornf
Avoid PageAllocator::s_allocPageErrorCode races.
R=
BUG=601579

Review URL: https://codereview.chromium.org/1903763002

Cr-Commit-Position: refs/heads/master@{#388491}
sigbjornf
Add missing IDL parser support for 'stringifier readonly attribute'.
R=
BUG=306606

Review URL: https://codereview.chromium.org/1900873006

Cr-Commit-Position: refs/heads/master@{#388484}
philipj
Make setBaseAndExtent's arguments non-optional
These arguments are already non-optional in Edge. Firefox doesn't
support setBaseAndExtent. In WebKit the arguments are still optional.

For the first three arguments, the risk is bounded by the
SelectionSetBaseAndExtentNull use counter, which rbyers@ reports as ~0%
on the stable channel. If the fourth argument is omitted the use counter
wouldn't catch that, however. (The use counter can also be triggered by
explicitly passing null, which is likely the most common case.)

BUG=460722

Review URL: https://codereview.chromium.org/1785663002

Cr-Commit-Position: refs/heads/master@{#388460}
davve
Compensate for source scaling in hidpi mode
In crrev.com/379801 scaling of hidpi nine piece image grids was
changed from using the real image size to using the "layout'ed" image
size (i.e. image size compensated by image scale factor) since that is
what Image::imageSize() returns. Instead the computed source rect was
scaled afterwards, right before drawing.

If GraphicsContext.drawTiledImage() is called with (stretch, stretch)
as tile rules, it ignores the passed scale factor and computes the
scale factor between source and destination itself. However, if one
rule is stretch and the other one repeat, or if both are repeat, the
tile scale factor is used when drawing and the relation between the
sizes of source and dest ignored.

What was missing from crrev.com/379801 was to compensate for the image
scale factor by adjusting tileScale. That meant that the (stretch,
stretch) worked fine but as soon as one repeat was specified, the
scale factor was wrong.

BUG=601544

Review URL: https://codereview.chromium.org/1901103002

Cr-Commit-Position: refs/heads/master@{#388451}
tmoniuszko
Fix GN freeze on generating Visual Studio projects
There's an infinite loop while searching for parent directory. It happens
when drive letter case is mixed in absolute paths on Windows (/C:/foo and
/c:/foo). It's easily reproducible on MSYS terminals when system-absolute
paths are used for some targets and source root-absolute (//foo/bar) paths
are used for other targets.

BUG=

Review URL: https://codereview.chromium.org/1897213002

Cr-Commit-Position: refs/heads/master@{#388443}
ljagielski
Build: disable icf for gcc builds with bundled gold
Gold doesn't respect section alignment when merging symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=17704

BUG=576197

Review URL: https://codereview.chromium.org/1887303003

Cr-Commit-Position: refs/heads/master@{#388437}
fs
Pass first child to SVGLayoutSupport::layoutChildren
Since everything depending on the "subtree root" has now been hoisted
into the callers, we can pass firstChild() instead and avoid calling
slowFirstChild().

BUG=603956

Review URL: https://codereview.chromium.org/1897273002

Cr-Commit-Position: refs/heads/master@{#388337}
fs
Hoist "layout size changed" check out of SVGLayoutSupport::layoutChildren
For LayoutSVGRoot, this predicate can be computed quite easily, so
calling layoutSizeOfNearestViewportChanged() will be an unnecessary
detour.
Also rearrange layoutSizeOfNearestViewportChanged() to avoid an
unnecessary virtual call.

BUG=603956

Review URL: https://codereview.chromium.org/1902073002

Cr-Commit-Position: refs/heads/master@{#388332}
mstensho
Make MultiColumnFragmentainerGroup::m_columnSet const.
Ideally, I'd like to get rid of the member altogether, but that would require a
lot of refactoring.

This is a preparatory patch for a fix for bug 604609.

BUG=604609

Review URL: https://codereview.chromium.org/1898293003

Cr-Commit-Position: refs/heads/master@{#388326}
fs
Hoist transformToRootChanged() out of SVGLayoutSupport::layoutChildren
This function is really only relevant for LayoutSVG*Containers, and
hence has a stronger logical tie to that part of the hierarchy. For
LayoutSVGRoot it will always return false.
Also rename the |selfNeedsLayout| argument to |forceLayout|, and the
(somewhat) corresponding local variable |forceLayout] to
|forceChildLayout|.
Eliminate an unnecessary virtual call in transformToRootChanged().
Add const qualifier to didTransformToRootUpdate().

BUG=603956

Review URL: https://codereview.chromium.org/1897263002

Cr-Commit-Position: refs/heads/master@{#388292}
fs
Get rid of SVGLayoutSupport::filtersForceContainerLayout
Save the "has filter resource" part, and rename it to hasFilterResource.
Hoist the normalChildNeedsLayout() part into the callers together with
the comment. This makes the condition for forcing layout of children
of an <svg> (outermost) root or a container more obvious.

Also update a few places to use the new hasFilterResource helper.

BUG=603956

Review URL: https://codereview.chromium.org/1899243002

Cr-Commit-Position: refs/heads/master@{#388284}
fs
Improve default value handling for SVGSVGElement.width/height
When a length attribute is either removed or set to an invalid value,
it would get set to '0'. It should however be set to the initial value
specified for the attribute (possibly presentation attribute) in
question.

The test svg/custom/disallow-non-lengths-in-attrs.html is tweaked to
accommodate for this.

BUG=604093

Review URL: https://codereview.chromium.org/1901673003

Cr-Commit-Position: refs/heads/master@{#388250}
sigbjornf
Always enable warn-raw-ptr's check of raw heap pointers.
This warning option has been default-enabled with Oilpan since 3a192c3
(2015-11-25), checking that we do not keep unmanaged raw pointers or
references in class field types. With the Blink codebase adhering
to that (desirable) constraint, this extra warning has been working
well to keep the codebase in that state.

Make the check always apply with no possibility of opting out; we want
it permanently on.

R=
BUG=604476

Review URL: https://codereview.chromium.org/1901643003

Cr-Commit-Position: refs/heads/master@{#388222}
sigbjornf
Rename URLUtils interface as HTMLHyperlinkElementUtils and update.
Follow the HTML spec for HTMLAnchorElement + HTMLAreaElement, and have
them implement the [NoInterfaceObject] HTMLHyperlinkElementUtils
interface, rather than the previous URLUtils which has now been
retired / divided up.

The other implementation of URLUtils, URL, now define the attributes
directly (with the addition of a searchParams getter.)  Update its IDL
also.

R=
BUG=604644

Review URL: https://codereview.chromium.org/1902683003

Cr-Commit-Position: refs/heads/master@{#388209}
jl
IDL: Merge stringifier/serializer definition from implemented interface
A stringifier defined in a supplemental interface was not merged into the
primary interface, which meant that no 'toString' operation was defined.

Same for serializer definitions and the 'toJSON' operation.

This does not currently change generated code; no supplemental interface
defines a stringifier or serializer.

BUG=306606,469650

Review URL: https://codereview.chromium.org/1901983002

Cr-Commit-Position: refs/heads/master@{#388191}
sigbjornf
Update Blink GC plugin to reflect that Oilpan is now always enabled.
With the Blink codebase having migrated to an Oilpan only state, update
the GC plugin accordingly:

 - drop handling of RawPtr<T>, it no longer exists.
 - remove !ENABLE(OILPAN) specific checks.

R=haraken
BUG=604463

Review URL: https://codereview.chromium.org/1895943002

Cr-Commit-Position: refs/heads/master@{#388188}
mostynb
convert //gpu to std::unique_ptr
BUG=554298
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel
TBR=danakj@chromium.org

Review URL: https://codereview.chromium.org/1859703002

Cr-Commit-Position: refs/heads/master@{#388176}
sigbjornf
Leave out redundant includes for postMessage() method bindings.
R=
BUG=

Review URL: https://codereview.chromium.org/1893283004

Cr-Commit-Position: refs/heads/master@{#388148}
mstensho
Support multiple fragmentainer groups per ColumnBalancer run.
Instead of specifying a fragmentainer group for the operation, we now specify a
column set and a flow thread portion (which may be the portion of one group or
many contiguous groups within the same column set).

The reason for this change is that when calculating space shortage in an inner
multicol container, we need to walk through all fragmentainer groups in one
operation, or we'll miss the column boundaries between the fragmentainer
groups, and only find those that lie between two columns in the same
fragmentainer group. This is especially bad if the inner multicol container
only has one column per fragmentainer group (row), since then *all* column
boundaries lie between two fragmentainer groups, and we wouldn't be able to
find any shortage at all.

BUG=594833

Review URL: https://codereview.chromium.org/1891783002

Cr-Commit-Position: refs/heads/master@{#388070}
mstensho
Append fragmentainer groups in outer multicols first.
We need to evaluate the need for extra fragmentainer groups in ancestral
multicol containers first, so that the inner ones can calculate their column
height restrictions correctly.

BUG=572771

Review URL: https://codereview.chromium.org/1895003002

Cr-Commit-Position: refs/heads/master@{#388017}
mostynb
allow clang toolchains to strip libs as they are built
BUG=509771

Review URL: https://codereview.chromium.org/1882923005

Cr-Commit-Position: refs/heads/master@{#388016}
sigbjornf
Abandon prerenders upon render thread shutdown.
Have PrerenderDispatcher abandon its current prerenders when
the renderer is about to shut down -- doing so later isn't
supported as Blink is about to disappear.

Along with this, on the Blink side, weaken the reference that
a Prerender object keep to its PrerenderClient. The latter
should keep the former alive, but not vice versa -- if no one
is referring to the client within Blink, it can be GCed.
This avoids prolonged retention of prerendering Blink objects.

R=
BUG=604325

Review URL: https://codereview.chromium.org/1900583002

Cr-Commit-Position: refs/heads/master@{#387912}
sigbjornf
Simplify handling of Transferable objects while (de)serializing.
Avoid unnecessary allocations and abstractions in the handling of
transferables. The Transferables now collates the different kinds of
objects that can be transferred via postMessage().

R=
BUG=haraken

Review URL: https://codereview.chromium.org/1893983002

Cr-Commit-Position: refs/heads/master@{#387867}
fs
Refactor the current text position update in SVGTextLayoutEngine
The main change is around the handling of "delta" adjustments
('dx' / 'dy'), that is changed to not require keeping state.
Additionally text-on-a-path layout is changed to track the
displacement from the path (the accumulated delta adjustments
in the perpendicular direction.) Baseline adjustments are
consolidated between code-paths and part of the "fragmentation"
condition is hoisted out of the per-"glyph" loop.

BUG=486669

Review URL: https://codereview.chromium.org/1883553004

Cr-Commit-Position: refs/heads/master@{#387694}
mostynb
move track_audio_renderer.{cc,h} to private_renderer_webrtc_sources
This unbreaks the no-webrtc build after
https://codereview.chromium.org/1891183002

BUG=596174

Review URL: https://codereview.chromium.org/1888183003

Cr-Commit-Position: refs/heads/master@{#387688}
mstensho
Invalidate column rules when the width of a multicol container changes.
BUG=587794

Review URL: https://codereview.chromium.org/1892793002

Cr-Commit-Position: refs/heads/master@{#387624}
mstensho
No reason to prevent subpixel column heights in the initial height calculation.
One test had to be updated, because Element.offsetHeight returns integers. The
column height in the test went from 34 to 33.3333333ish with this code change,
which is 33 if you ask offsetHeight.

Review URL: https://codereview.chromium.org/1879253003

Cr-Commit-Position: refs/heads/master@{#387560}
sigbjornf
Remove remaining OILPAN uses from core/events/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1888043003

Cr-Commit-Position: refs/heads/master@{#387549}
mstensho
Don't call paginatedContentWasLaidOut() until we have the final layout.
Blocks may need relayout because of pagination, and calling
paginatedContentWasLaidOut() before that has taken place could make us account
for a leading pagination strut twice (once before the block child, and once
before the first line inside the block). In a nested multicol context this
could trigger creation of additional fragmentainer groups that will be
unneeded in the end.

This fixes the assertion mentioned in bug 594833, but new ones will pop up
instead, because of brokenness in the column balancer. That will be fixed in a
separate CL.

BUG=594833

Review URL: https://codereview.chromium.org/1883163002

Cr-Commit-Position: refs/heads/master@{#387548}
sigbjornf
Remove OILPAN from core/dom/shadow/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1884333002

Cr-Commit-Position: refs/heads/master@{#387541}
sigbjornf
Remove OILPAN from core/dom/custom/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1887183002

Cr-Commit-Position: refs/heads/master@{#387540}
sigbjornf
Remove XMLHttpRequest's non-Oilpan support for eager finalization.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1892453002

Cr-Commit-Position: refs/heads/master@{#387538}
mstensho
Correct inline-block baseline calculation for multicol containers.
The last line of something inside a multicol container is in the flow thread
coordinate space, so we have to translate the baseline block offset into the
visual coordinate space.

BUG=335861

Review URL: https://codereview.chromium.org/1887793002

Cr-Commit-Position: refs/heads/master@{#387472}
fs
Replace CR/NL by space - don't remove altogether when xml:space=default
This moves handling of xml:space=default closer to the more generic
white-space handling, by not removing CR and NL characters, but rather
just replacing them with a regular space.
This modifies behavior, but means aligning with non-WebKit browser
engines.
This also simplifies the code a bit - with promise of further
simplification (or rather assimilation.)

TEST=svg/custom/text-whitespace-handling.svg
BUG=602606, 366558

Review URL: https://codereview.chromium.org/1888823002

Cr-Commit-Position: refs/heads/master@{#387440}
sigbjornf
Remove RawPtr.h
No longer used, so retire this Oilpan transitional wrapper type.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1884113002

Cr-Commit-Position: refs/heads/master@{#387300}
fs
Reorder metrics iteration in LayoutSVGInlineText::updateMetricsList
This changes iteration to iterate BidiRuns and then collect metrics for
all characters in each run.

BUG=594058

Review URL: https://codereview.chromium.org/1880453002

Cr-Commit-Position: refs/heads/master@{#387283}
sigbjornf
Remove remaining binding layer RawPtr<>s.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1883663005

Cr-Commit-Position: refs/heads/master@{#387278}
rune
Allow multiple host pseudos in same compound.
As part of optimizing away :host(-context) selectors which never may
match, we also skipped selectors with multiple :host(-context) pseudos
in the same compound.

Removed assert in findBestRuleSetAndAdd as that would now be required
to traverse the whole compound again to cover everything.

BUG=601585

Review URL: https://codereview.chromium.org/1872343002

Cr-Commit-Position: refs/heads/master@{#387263}
sigbjornf
Remove unnecessary CanvasAsyncBlobCreator keep alive protection.
Closures keep their GCed arguments and |this| alive until completed,
hence manual keep-alive handling on top of that isn't required
for CanvasAsyncBlobCreator.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1882563003

Cr-Commit-Position: refs/heads/master@{#387260}
rune
Check willValidate() for :in-range and :out-of-range.
:in-range and :out-of-range should only match elements which are
candidates for constraint validation[1], and they are not when they are
disabled or read-only.

https://html.spec.whatwg.org/multipage/scripting.html#selector-in-range

R=tkent@chromium.org
BUG=602568

Review URL: https://codereview.chromium.org/1890633002

Cr-Commit-Position: refs/heads/master@{#387258}
sigbjornf
Safely iterate over MediaStreamSource observers.
When changing the ready state of this object, the resultant dispatching of
events by its observers may extend the observer set. Take a snapshot of
the observers, so as to be able safely iterate over it across additions.

R=
BUG=602273

Review URL: https://codereview.chromium.org/1885053002

Cr-Commit-Position: refs/heads/master@{#387243}
mstensho
ColumnBalancer: don't skip bounds checking on first or last fragmentainer groups.
There should be no need for this special-code. Whatever manages to end up
before the first column or after the last one is totally uninteresting to the
column balancer.

Review URL: https://codereview.chromium.org/1886703002

Cr-Commit-Position: refs/heads/master@{#387150}
mstensho
ColumnBalancer: Count line box overflow as space shortage.
Even if the line itself fits nicely inside a column, it may have bottom
overflow that crosses a column boundary. This needs to be counted as space
shortage, or the column balancer might end up over-stretching the columns.

LayoutTests/ietestcenter/css3/multicolumn/column-width-applies-to-007.htm
now passes when opened manually. This used to fail, at least on my machine.

BUG=543487

Review URL: https://codereview.chromium.org/1880283006

Cr-Commit-Position: refs/heads/master@{#387072}
fs
Simplify SVGElement::addToPropertyMap
Shaves a few instructions off (most prominently a call to the QualifiedName
destructor.)

Review URL: https://codereview.chromium.org/1883773003

Cr-Commit-Position: refs/heads/master@{#387024}
rune
Compare font-feature-settings as part of Font::operator==().
We only did a pointer comparison which always failed when doing a style
recalc since a style recalc always creates a new FontFeatureSetting
object.

R=eae@chromium.org
BUG=602802,602959

Review URL: https://codereview.chromium.org/1887613002

Cr-Commit-Position: refs/heads/master@{#387001}
sigbjornf
Remove never instantiated methods from PartitionAllocator.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1883593006

Cr-Commit-Position: refs/heads/master@{#386944}
sigbjornf
Remove ENABLE(OILPAN) from ScriptRunner and PendingScript.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1887573002

Cr-Commit-Position: refs/heads/master@{#386938}
mstensho
Introduce fragmentainerGroupCapacity().
During layout, the flow thread portion of the currently last fragmentainer
group is unknown. So instead of calling logicalBottomInFlowThread() or
logicalHeightInFlowThread(), we multiply the column height with the used value
of column-count.

Seems a bit cleaner to wrap this multiplication inside a method.

Review URL: https://codereview.chromium.org/1885513004

Cr-Commit-Position: refs/heads/master@{#386817}
mostynb
remove unneeded scoped_ptr.h inclusions
BUG=554298

Review URL: https://codereview.chromium.org/1855123002

Cr-Commit-Position: refs/heads/master@{#386791}
sigbjornf
include RefCounted.h where needed, only.
R=
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1882003002

Cr-Commit-Position: refs/heads/master@{#386715}
mstensho
X11: Set window class for content_shell.
For Chrome, this happens in DesktopBrowserFrameAuraLinux::GetWidgetParams(),
but there was no counterpart for content_shell.

Setting a window class makes it easier to customize one's window manager for
content_shell.

R=peter@chromium.org

Review URL: https://codereview.chromium.org/1880643002

Cr-Commit-Position: refs/heads/master@{#386657}
fs
Move SVGTextMetricsCalculator to LayoutSVGInlineText.cpp
Mostly plain code move, with some fixups in the (now folded)
updateMetricsList method. Also removes the non-const getter for the
metrics list.

BUG=594058

Review URL: https://codereview.chromium.org/1879453003

Cr-Commit-Position: refs/heads/master@{#386630}
fs
Refactor SVGTextLayoutAttributesBuilder::collectTextPositioningElements
This moves the creation of a TextPosition element for the <text> into
collectTextPositioningElements too, getting rid of the special case.

BUG=594058

Review URL: https://codereview.chromium.org/1878583002

Cr-Commit-Position: refs/heads/master@{#386622}
sigbjornf
Have bindings layer assume and insist that all interface types are GCed.
All interface types are now garbage collected, hence assume that to
hold when generating bindings code. Various simplifications become
possible as a result, like removing WrapperTypeInfo fields to per-type
de/refObject() static functions.

At the .idl level, [GarbageCollected] no longer conveys anything hence
the support (and use) for it is retired here also.

R=
BUG=585328
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1873323002

Cr-Commit-Position: refs/heads/master@{#386620}
fs
Don't persist the SVGTextLayoutAttributesBuilder
No partial updates are performed on the structures contained within
the builder, so keeping them around between layouts only amounts to
memory wasted. With this change the builder is now more of a proper
builder. buildLayoutAttributesForTextRoot() is folded into
buildLayoutAttributes().

BUG=594058

Review URL: https://codereview.chromium.org/1871393003

Cr-Commit-Position: refs/heads/master@{#386616}
mostynb
convert //courgette to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1855133002

Cr-Commit-Position: refs/heads/master@{#386511}
mostynb
Convert //sql to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851913002

Cr-Commit-Position: refs/heads/master@{#386451}
tsniatowski
Use clang "--target=x" on android to help icecc
Icecc is confused by the two-argument "-target x" form, and decides to compile
everything locally. --target=x makes it happy.

Review URL: https://codereview.chromium.org/1871813003

Cr-Commit-Position: refs/heads/master@{#386419}
mstensho
Resurrect ASSERT(isFirstAfterBreak(flowThreadOffset()) || !box.paginationStrut()).
This assertion effectively became disabled by accident by
https://codereview.chromium.org/1856373002 , so that fuzzer bug 551312 stopped
asserting, although that bug is still very much present.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1876713003

Cr-Commit-Position: refs/heads/master@{#386418}
sigbjornf
Abandon Prerender upon finalizing PrerenderHandle.
Forcefully sever the connection to the embedder upon the PrerenderHandle
becoming unreachable and unused. Otherwise we risk Prerender leaks
and renderer shutdown crashes when the embedder tries to access Blink
after it has already been shut down.

R=haraken
BUG=602227

Review URL: https://codereview.chromium.org/1872383002

Cr-Commit-Position: refs/heads/master@{#386401}
sigbjornf
Move DOMArrayBuffer, DOMArrayBufferViews and DataView to the heap.
Thereby having all ScriptWrappable-derived types on the Oilpan heap.

R=haraken,tkent,ortuno
BUG=585328
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1878463002

Cr-Commit-Position: refs/heads/master@{#386347}
fs
Only hit-test SVG <text> foreground
<text> doesn't have/paint any background, so performing hit-tests for
the various background is a both a waste of time, and gives rise to bugs
in some cases where poor precision renders false positives.
This also matches what LayoutSVGShape does (and <text> is a "graphics
element" just like the basic shapes.)
Rework the 'pointer-events: bounding-box' check to not rely on
nodeAtPoint. It's now somewhat consistent with how containers (<g>) are
handled.
This also affects how hit-testing works w/ 'textLength' ("artificial"
spaces will no longer be considered part of the <text> - this matches
the Firefox behavior.) Adjust svg/animations/svgenum-animation-3.html
to cater to this change in behavior.

BUG=601036

Review URL: https://codereview.chromium.org/1870983002

Cr-Commit-Position: refs/heads/master@{#386308}
fs
Use characters (not code units) when computing value list positions
The value list position is updated by one for each character, and not
at all when spaces are skipped (collapsed). When assigning value list
positions, we are currently counting surrogates as two (on for each
code unit.)
Use the text metrics data to count the number of (non-collapsed)
characters instead.

BUG=597312, 594058

Review URL: https://codereview.chromium.org/1866703002

Cr-Commit-Position: refs/heads/master@{#386305}
fs
Separate metrics update and layout attribute resolving
This splits the walkInlineText() function from SVGTextMetricsBuilder.cpp
into one function for computing the Vector of SVGTextMetrics (called
via updateTextMetrics in LayoutSVGInlineText) and one function for
computing the mapping of layout attributes (updateLayoutAttributes in
SVGTextLayoutAttributesBuilder.cpp).
This in turn mean that the UpdateAttribute helper struct is split and
done away with, similarly TreeWalkTextState.

BUG=594058

Review URL: https://codereview.chromium.org/1861013003

Cr-Commit-Position: refs/heads/master@{#386301}
fs
Invalidate text metrics when the <text> subtree is mutated
When the content of a text node is modified, we would only invalidate
positioning values and not text metrics. This would lead to incorrect or
inconsistent text metrics/fonts being used, which would lead to repaint
bugs and similar issues.
Make sure all mutations to the <text> subtree trigger text metrics re-
computation.

Also take this opportunity to move the definition of the
willBeDestroyed() method for slightly better grouping.

BUG=299497, 594058

Review URL: https://codereview.chromium.org/1865923002

Cr-Commit-Position: refs/heads/master@{#386300}
fs
Revert of Reland: Switch components/password_manager code from IPC messages to Mojo. (patchset #4 id:60001 of https://codereview.chromium.org/1866643002/ )
Reason for revert:
Appears to have caused:

FAILED: /b/build/slave/GPU_Linux_Builder/build/src/build/goma/client/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/chrome/browser/test_support_ui/password_manager_test_base.o.d -DV8_DEPRECATION_WARNINGS -DCLD_VERSION=2 -DENABLE_MDNS=1 -DENABLE_NOTIFICATIONS -DENABLE_PEPPER_CDMS -DENABLE_PLUGINS=1 -DENABLE_PDF=1 -DENABLE_PRINTING=1 -DENABLE_BASIC_PRINTING=1 -DENABLE_PRINT_PREVIEW=1 -DENABLE_SPELLCHECK=1 -DUSE_UDEV -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_CLIPBOARD_AURAX11=1 -DUSE_DEFAULT_RENDER_THEME=1 -DUSE_GLIB=1 -DUSE_OPENSSL=1 -DUSE_NSS_CERTS=1 -DUSE_NSS_VERIFIER=1 -DUSE_X11=1 -DENABLE_WEBRTC=1 -DENABLE_EXTENSIONS=1 -DENABLE_TASK_MANAGER=1 -DENABLE_THEMES=1 -DENABLE_CAPTIVE_PORTAL_DETECTION=1 -DENABLE_SESSION_SERVICE=1 -DENABLE_APP_LIST=1 -DENABLE_SETTINGS_APP=1 -DENABLE_SUPERVISED_USERS=1 -DENABLE_SERVICE_DISCOVERY=1 -DENABLE_AUTOFILL_DIALOG=1 -DENABLE_TOPCHROME_MD=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -DFIELDTRIAL_TESTING_ENABLED -DCR_CLANG_REVISION=264915-1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DTOOLKIT_VIEWS=1 -DGL_GLEXT_PROTOTYPES -DGTEST_HAS_POSIX_RE=0 -DGTEST_LANG_CXX11=0 -DGTEST_HAS_RTTI=0 -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_SUPPORT_GPU=1 -DUNIT_TEST -I../.. -Igen -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/glib-2.0 -I../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/protobuf -I../../third_party/khronos -I../../gpu -I../../testing/gtest/include -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/nss -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/nspr -I../../third_party/boringssl/src/include -I../../testing/gmock/include -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/images -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../third_party/skia/include/gpu -I../../third_party/skia/src/gpu -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -fcolor-diagnostics -fdebug-prefix-map=/b/build/slave/GPU_Linux_Builder/build/src=. -pthread -m64 -march=x86-64 -Wall -Werror -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -O2 -fno-ident -fdata-sections -ffunction-sections -g0 --sysroot=../../build/linux/debian_wheezy_amd64-sysroot -fvisibility=hidden -Xclang -load -Xclang ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-templates -Xclang -plugin-arg-find-bad-constructs -Xclang follow-macro-expansion -Wheader-hygiene -Wstring-conversion -Wno-header-guard -fno-threadsafe-statics -fvisibility-inlines-hidden -std=gnu++11 -fno-rtti -fno-exceptions -c ../../chrome/browser/password_manager/password_manager_test_base.cc -o obj/chrome/browser/test_support_ui/password_manager_test_base.o
In file included from ../../chrome/browser/password_manager/password_manager_test_base.cc:13:
In file included from ../../chrome/browser/password_manager/chrome_password_manager_client.h:15:
In file included from ../../components/password_manager/content/browser/credential_manager_impl.h:13:
In file included from gen/components/password_manager/content/public/interfaces/credential_manager.mojom.h:26:
gen/components/password_manager/content/public/interfaces/credential_manager.mojom-internal.h:14:10: fatal error: 'url/mojo/origin.mojom-internal.h' file not found
#include "url/mojo/origin.mojom-internal.h"

(https://build.chromium.org/p/chromium.gpu/builders/GPU%20Linux%20Builder/builds/58271/steps/compile/logs/stdio)

Original issue's description:
> Reland: Switch components/password_manager code from IPC messages to Mojo.
>
> Original CL was found breaking android gn build after landed.. #strange
> Fix BUILD.gn and reland.
>
> The original CL:
> https://crrev.com/d20fb918841354a75546fa38b5307aaba117598b
>
> Original CL description follows:
>
> Replace credential_manager_messages.h IPC to Mojo service.
>
> BUG=582391
>
> Committed: https://crrev.com/4a2f71f4c9e9e2c3ac0e4622c12e5dc0c5ebfe24
> Cr-Commit-Position: refs/heads/master@{#386290}

TBR=jochen@chromium.org,amistry@chromium.org,rockot@chromium.org,tsepez@chromium.org,vabr@chromium.org,leon.han@intel.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=582391

Review URL: https://codereview.chromium.org/1872133002

Cr-Commit-Position: refs/heads/master@{#386297}
fs
Add test for metrics invalidation on textnode removal
This tests that text metrics (read: collapsing info) are updated as
needed when a text node is removed.

BUG=299497, 594058

Review URL: https://codereview.chromium.org/1872513005

Cr-Commit-Position: refs/heads/master@{#386223}
mstensho
Correctly account for nested multicol top border / padding.
Top border and padding will be baked into the first LayoutColumnSet object of a
multicol container, but not until the column set is laid out. Since column sets
are laid out after flow threads, use a more reliable way to include top border
and padding.

BUG=552615

Review URL: https://codereview.chromium.org/1863413002

Cr-Commit-Position: refs/heads/master@{#386213}
mostynb
remove klundberg from build/android/OWNERS
Requested over in https://codereview.chromium.org/1875663002/

TBR=mikecase@chromium.org

Review URL: https://codereview.chromium.org/1872043002

Cr-Commit-Position: refs/heads/master@{#386206}
mostynb
support adding symlinks to zip files
Add symlinks as symlinks to zip files, not their target
in place of the symlink.

Review URL: https://codereview.chromium.org/1875663002

Cr-Commit-Position: refs/heads/master@{#386199}
sigbjornf
Add support for URL.searchParams getter.
Add the missing piece to our URLSearchParams implementation;
the readonly attribute for URL, URL.searchParams:

 https://url.spec.whatwg.org/#dom-url-searchparams

The currently spec'ed connection between URL and URLSearchParams is
a lot less general than previous designs, hence the object lifetime
complexities it ran into (see https://codereview.chromium.org/143313002/)
falls away.

Intent to Implement and Ship (for URLSearchParams and this URL attribute):

 https://groups.google.com/a/chromium.org/d/msg/blink-dev/grHZDbldP04/JdsoQ169AQAJ

R=mkwst
BUG=303152

Review URL: https://codereview.chromium.org/1860623002

Cr-Commit-Position: refs/heads/master@{#386189}
fs
Wait for 'load' in svg/wicd/test-rightsizing-b.xhtml
BUG=444095

Review URL: https://codereview.chromium.org/1874723002

Cr-Commit-Position: refs/heads/master@{#386089}
rune
Revert of Don't apply style elements or PIs with loading imports. (patchset #2 id:20001 of https://codereview.chromium.org/1867513002/ )
Reason for revert:
This change is incompatible with what Gecko and Blink used to do when inserting an @import rule with insertRule() into a style element sheet.

Inserting a style element with script, immediately followed by an @import insertRule() behaves differently than inserting the style element containing that @import rule in the text because the <style> element is processed before the insertRule. Both Gecko and Blink (without this CL) applies the main stylesheet while the @import inserted with insertRule is loading, while they don't when @import is part of the text node child.

The behavior for inserting @import is not specified, and zcorpan reported [1].

[1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=29566

Original issue's description:
> Don't apply style elements or PIs with loading imports.
>
> updateLayoutTreeIgnorePendingStylesheets may resolve styles when sheets
> are loading. For link elements, the main stylesheet is not applied if
> any of its @imports are still loading. For style elements and
> xml-stylesheets, we did apply the contents of the main stylesheet while
> its @imports were loading. That means we applied half-baked stylesheets
> and we had an inconsistency between link and style. Instead regard
> style elements and processing instructions as loading when @imports are
> loading.
>
> BUG=600733
>
> Committed: https://crrev.com/456c101025b6c470dce2a6af3b0d70cb2950a980
> Cr-Commit-Position: refs/heads/master@{#385564}

TBR=esprehn@chromium.org,timloh@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=600733

Review URL: https://codereview.chromium.org/1867753006

Cr-Commit-Position: refs/heads/master@{#386081}
sigbjornf
Clean up CompositorPendingAnimations inclusion.
No need for Document.h to include this header; remove +
follow up on various IWYU violations that surfaces as a
result.

Also tidy up IntersectionObserver inclusion + remove its
non-Oilpan code.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1870963002

Cr-Commit-Position: refs/heads/master@{#386042}
hugoh
Add ssl_error's dependency to network_time in gyp
https://codereview.chromium.org/1772143002 updated
BUILD.gn but not the corresponding ssl_errors.gypi.

Without this fix gyp-builds get undefinded references
to NetworkTimeTracker::GetNetworkTime() when linking.

BUG=589700

Review URL: https://codereview.chromium.org/1865493002

Cr-Commit-Position: refs/heads/master@{#386025}
sigbjornf
Prerender need to be on the Oilpan heap.
The object implementing the PrerenderClient is LinkLoader, which is
an object that's Oilpan heap allocated. Consequently, it cannot be
kept Prerender as a bare pointer, but needs to be traced and accounted
for during garbage collections.

The simplest way to handle that is to move Prerender to the Oilpan
heap.

R=haraken,jochen
BUG=

Review URL: https://codereview.chromium.org/1862593005

Cr-Commit-Position: refs/heads/master@{#386007}
rune
Plugin element widget may be a RemoteFrameView.
Corrected ASSERT and re-enabled test.

Removed ENABLE(OILPAN) ifdef in the neighborhood since its removal is
in progress.

R=dcheng@chromium.org,lukasza@chromium.org
BUG=601581

Review URL: https://codereview.chromium.org/1872653002

Cr-Commit-Position: refs/heads/master@{#386005}
sigbjornf
Add setIndexedDBClientCreateFunction() explanatory comment.
Follow up changes in r385772 and r385733 with a comment to
try to explain why update atomicity matters here.

R=
BUG=598551, 599011
NOTRY=true

Review URL: https://codereview.chromium.org/1862223005

Cr-Commit-Position: refs/heads/master@{#386000}
mstensho
Only allow forced fragmentainer breaks at class A break points.
https://drafts.csswg.org/css-break/#possible-breaks
https://drafts.csswg.org/css-break/#forced-breaks

The essential change is that forced breaks are not allowed before a first child
or after a last child, only between siblings. Floats and auto-positioned
out-of-flow siblings after the last in-flow child still need to honor the
break-after value of said last in-flow child, though.

Updated the forced-break-before-complex-margin-collapsing.html test, since it
became invalid. Top margins after forced breaks should not be eaten by the
column boundary. It also made an incorrect assumption about inserting a forced
break in front of a first child block. That's no valid class A break point.

This change also made printing/css2.1/page-break-after-003.html pass, which
has a break-after:page block with no in-flow block following it - i.e. there'll
be no class A break point for it to have any effect. It should not create a
blank page at the end.

BUG=223068,539873

Review URL: https://codereview.chromium.org/1856373002

Cr-Commit-Position: refs/heads/master@{#385955}
mstensho
Make top-layer elements work also when the viewport is paginated.
When the viewport is paginated (by overflow:-webkit-paged-* specified on HTML
or BODY), top-layer elements are redirected to a flow thread, along with
everything else. So we have to go through the children of the flow thread, not
the children of the layout view, when looking for them.

BUG=594306

Review URL: https://codereview.chromium.org/1850153002

Cr-Commit-Position: refs/heads/master@{#385883}
mboc
Export the tablet mode checking function from base.
BUG=

Review URL: https://codereview.chromium.org/1838993002

Cr-Commit-Position: refs/heads/master@{#385832}
sigbjornf
Avoid IndexedDBClient::create() read race.
R=haraken
BUG=598551

Review URL: https://codereview.chromium.org/1869013002

Cr-Commit-Position: refs/heads/master@{#385772}
sigbjornf
Avoid setIndexedDBClientCreateFunction() write race.
R=haraken
BUG=599011

Review URL: https://codereview.chromium.org/1862403002

Cr-Commit-Position: refs/heads/master@{#385733}
fs
Rebaseline svg/wicd/test-rightsizing-b.xhtml
Get latest result from the bots.

TBR=davve@opera.com
BUG=444095

Review URL: https://codereview.chromium.org/1865263002

Cr-Commit-Position: refs/heads/master@{#385713}
sigbjornf
Make VTTParserClient the GC mixin it needs to be.
Unsafe for the VTTParser to keep a raw pointer to the GCed object
implementing this client interface.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1870603002

Cr-Commit-Position: refs/heads/master@{#385688}
tmoniuszko
Accept absolute Windows paths without leading slash in GN commands
Leading slash is removed before path is passed to GN when command is run
on MSYS shell. See http://www.mingw.org/wiki/Posix_path_conversion.

BUG=590686

Review URL: https://codereview.chromium.org/1742303002

Cr-Commit-Position: refs/heads/master@{#385686}
tsniatowski
Add android_libcpp_lib_dir gn arg
Port android_libcpp_libs_dir from gyp, where it was possible to override
this directory. Allows using a custom libc++ easily.

BUG=359249

Review URL: https://codereview.chromium.org/1865853002

Cr-Commit-Position: refs/heads/master@{#385679}
sigbjornf
Have the mock PlatformSpeechSynthesizer ignore pause/resume sometimes.
Should pause()/resume() be attempted without nothing being currently
spoken, just ignore.

R=
BUG=600664

Review URL: https://codereview.chromium.org/1861323003

Cr-Commit-Position: refs/heads/master@{#385670}
rune
Don't persist plugins across reattach for widget updates.
HTMLPluginElement::lazyReattachIfNeeded() is called for changes where we
expect the plugin to be re-initialized. For instance, if the type or
data attributes changes on <object>. In theory, a detach() as part of a
plugin-persisting lazy re-attach done previously may already have put
the plugin widget into the persisted plugin widget member. In that case
we will return early from detach() which is why we're resetting the
persisted widget in lazyReattachIfNeeded() instead of handling it in
detach().

R=esprehn@chromium.org
BUG=567329

Review URL: https://codereview.chromium.org/1866153002

Cr-Commit-Position: refs/heads/master@{#385590}
rune
Don't apply style elements or PIs with loading imports.
updateLayoutTreeIgnorePendingStylesheets may resolve styles when sheets
are loading. For link elements, the main stylesheet is not applied if
any of its @imports are still loading. For style elements and
xml-stylesheets, we did apply the contents of the main stylesheet while
its @imports were loading. That means we applied half-baked stylesheets
and we had an inconsistency between link and style. Instead regard
style elements and processing instructions as loading when @imports are
loading.

BUG=600733

Review URL: https://codereview.chromium.org/1867513002

Cr-Commit-Position: refs/heads/master@{#385564}
mostynb
Convert //sandbox to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1849323003

Cr-Commit-Position: refs/heads/master@{#385445}
mostynb
fix incorrect libstdc++ from GCC >= 5.1 check
Assume that libstdc++ from GCC >= 5.1 is being used only when compiling with GCC >= 5.1.

This unbreaks GCC 4.8.5 and 4.9.3 builds after https://codereview.chromium.org/1837563002/
landed.

Review URL: https://codereview.chromium.org/1863523005

Cr-Commit-Position: refs/heads/master@{#385416}
sigbjornf
Remove ENABLE(OILPAN) uses in wtf/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1863753002

Cr-Commit-Position: refs/heads/master@{#385411}
mstensho
Initialize child framesets when they become part of the parent frameset grid.
The number of child frames and framesets in a parent frameset grid may be
increased by a script after initial layout. Framesets that initially were not
part of the grid were left uninitialized, i.e. their GridAxis objects are
empty, and the layout object size is 0x0. As soon as such a frameset becomes
part of the grid later on, it typically gets a size, which positionFrames()
will detect and lay it out. However, since zero-width columns and zero-height
rows are allowed, if the size of the child frameset remains at 0x0, we cannot
just base the need for layout (which initializes the frame sets) on them
getting a new size.

BUG=594834

Review URL: https://codereview.chromium.org/1848033004

Cr-Commit-Position: refs/heads/master@{#385404}
fs
Simplify layout attribute invalidation in LayoutSVGText
Move invalidation to a new method (invalidatePositioningValues), and
also make sure to clear LayoutSVGText::m_layoutAttributes to make it
more robust.

BUG=405966, 594058

Review URL: https://codereview.chromium.org/1856393002

Cr-Commit-Position: refs/heads/master@{#385274}
mstensho
Adding tall content may require insertion of more than one additional column row.
There's no guarantee that adding just one column row has created enough columns
to flow the content into. So add as many as we need.

Review URL: https://codereview.chromium.org/1864493002

Cr-Commit-Position: refs/heads/master@{#385226}
fs
Rebuild layout attributes on layout instead of on layout tree updates
What layout attributes are used (for a text node; LayoutSVGInlineText),
depends on how many "characters" precedes the node in question.
Layout attributes were updated on insertions and removals on the layout
tree, by find the node to update, and update the surrounding nodes.
It were however trying to depend on the order in which nodes were being
attached, which meant that a sequence of updates could lead to incorrect
layout attribute (indices) being computed. The process per node is also
essentially O(n) (albeit a fairly cheap such.)
Instead of updating on add/remove/update of nodes, just mark the position
data as invalid, and update on the next layout of the <text> root. This
also has the side-effect of simplifying the code quite significantly,
and should avoid repeatedly resolving the layout attribute indices.

Also take the opportunity to pass LayoutSVGText references and simplify
related code a bit.

BUG=405966, 594058

Review URL: https://codereview.chromium.org/1854123002

Cr-Commit-Position: refs/heads/master@{#385149}
sigbjornf
Update Source/platform/ to assume Oilpan only.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1860903002

Cr-Commit-Position: refs/heads/master@{#385145}
fs
Fold 'rotate' attribute semantics into the attribute list iterator
With a small increase in complexity in the updateCharacterData() method
in the AttributeListsIterator helper, the loop handling the 'rotate'
"tail" semantics can be folded into the loop updating all attributes.

Review URL: https://codereview.chromium.org/1849353002

Cr-Commit-Position: refs/heads/master@{#385128}
sigbjornf
Avoid unnecessary DocumentElementSetMap hash table updates.
Alter the representation of the singleton map used to track the
correspondence between Documents and their media elements.

Additions and removals become slightly cheaper as a result.

R=
BUG=

Review URL: https://codereview.chromium.org/1852423003

Cr-Commit-Position: refs/heads/master@{#385126}
fs
Iteration helper for SVGTextLayoutAttributesBuilder::fillCharacterDataMap
Add helper AttributeListsIterator that keeps the iteration state for
the x, y, dx, dy and rotate attribute lists.

Review URL: https://codereview.chromium.org/1854853002

Cr-Commit-Position: refs/heads/master@{#385124}
sigbjornf
Remove unused DEFINE_STATIC_REF_WILL_BE_PERSISTENT().
R=
BUG=585328

Review URL: https://codereview.chromium.org/1858823002

Cr-Commit-Position: refs/heads/master@{#385062}
rune
Removed TODO as non-matching host rules are skipped earlier.
The TODO comment was about non-matching selectors like "div:host" or
":host.class". Such selectors are ignored for RuleSet when returning
SelectorNeverMatches from collectFeaturesFromRuleData.

R=timloh@chromium.org,esprehn@chromium.org

Review URL: https://codereview.chromium.org/1855853004

Cr-Commit-Position: refs/heads/master@{#385025}
mostynb
convert //mash to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1857623003

Cr-Commit-Position: refs/heads/master@{#384948}
mostynb
convert //chrome_elf to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1858493002

Cr-Commit-Position: refs/heads/master@{#384925}
sigbjornf
Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
being exposed as static singletons -- the wrapping happening by
way of a Persistent<>.

With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
entirely.

R=haraken
BUG=585328

Committed: https://crrev.com/18dc8ecff5ba68d28fc536f723ae3c57eafa1b4e
Cr-Commit-Position: refs/heads/master@{#384887}

Review URL: https://codereview.chromium.org/1850413002

Cr-Commit-Position: refs/heads/master@{#384904}
sigbjornf
Simplify LifecycleNotifier and Observer.
With Oilpan permanently enabled, let go of some dead code.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1858583002

Cr-Commit-Position: refs/heads/master@{#384897}
sigbjornf
Revert of Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects. (patchset #7 id:120001 of https://codereview.chromium.org/1850413002/ )
Reason for revert:
Don't understand what happened here, but compilation breakage seen https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac%20Builder/builds/155272

Original issue's description:
> Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
>
> Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
> being exposed as static singletons -- the wrapping happening by
> way of a Persistent<>.
>
> With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
> along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
> entirely.
>
> R=haraken
> BUG=585328
> NOTRY=true
>
> Committed: https://crrev.com/18dc8ecff5ba68d28fc536f723ae3c57eafa1b4e
> Cr-Commit-Position: refs/heads/master@{#384887}

TBR=oilpan-reviews@chromium.org,haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=585328

Review URL: https://codereview.chromium.org/1855203002

Cr-Commit-Position: refs/heads/master@{#384890}
sigbjornf
Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
being exposed as static singletons -- the wrapping happening by
way of a Persistent<>.

With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
entirely.

R=haraken
BUG=585328
NOTRY=true

Review URL: https://codereview.chromium.org/1850413002

Cr-Commit-Position: refs/heads/master@{#384887}
mostynb
convert //headless to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1854043002

Cr-Commit-Position: refs/heads/master@{#384880}
mostynb
convert //testing to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1855823002

Cr-Commit-Position: refs/heads/master@{#384872}
rune
Fixed ::slotted performance in pure v1 shadow documents.
Instead of traversing all m_treeBoundaryCrossingScopes matching rules
from other scopes, just walk the assignedSlot() chain for resolvers.
This makes rule matching a lot cheaper since quite a lot of components
have tree boundary crossing rules in practice (polymer apps using v0
typically have hundreds of such scopes).

The assumption here is that the assignedSlot chain most of the time
will be quite short and/or cheap to walk.

Introducing a flag set in StyleEngine if there ever exists a v0 shadow
tree to fall back to traversing m_treeBoundaryCrossingScopes when
necessary.

For the slotted.html demo in crbug.com/599833, the full recalc with
~4000 elements goes from ~800ms to ~40ms with this change when each
shadow tree has a ::slotted rule. No substantial regression for the
case without ::slotted rules.

Added a test for /deep/ being used a descendant combinator in a
document without shadow trees, as I feared I might have broken that and
I couldn't find any existing tests for it.

For later, we may choose to never collect m_treeBoundaryCrossingScopes
for pure v1 documents, but that means we would have to recreate that
collection once we add a v0 shadow to the document.

R=kochi@chromium.org,hayato@chromium.org,dglazkov@chromium.org
BUG=599833

Review URL: https://codereview.chromium.org/1853713002

Cr-Commit-Position: refs/heads/master@{#384867}
sigbjornf
Remove now-unused kConstantInModule.
TBR=thakis,wfh
BUG=550065

Review URL: https://codereview.chromium.org/1857693002

Cr-Commit-Position: refs/heads/master@{#384866}
mostynb
remove gwilson from rlz/OWNERS
Review URL: https://codereview.chromium.org/1855833002

Cr-Commit-Position: refs/heads/master@{#384857}
mostynb
convert //apps to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851373002

Cr-Commit-Position: refs/heads/master@{#384853}
sigbjornf
Make WTF::IsGarbageCollectedType<> work for GC mixin instances.
The trick that IsGarbageCollectedType<T> uses of probing for the presence
of a "marker" type name within T to detect if T derives from a GC base
or is another kind of heap object, doesn't work for GC mixins.

For instance,

 class Mixin : public GarbageCollectedMixin { ... };
 class Use : public GarbageCollected<Use>, public Mixin {
     USING_GARBAGE_COLLECTED_MIXIN(Use);
     ...
 };

As both GarbageCollected<> and GarbageCollectedMixin<> provide the marker
type name, referring to the marker type name is ambiguous when attempted
over Use. Address the problem by overriding and defining the marker for
mixin instances also.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1851383002

Cr-Commit-Position: refs/heads/master@{#384851}
mostynb
convert //rlz to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1856623002

Cr-Commit-Position: refs/heads/master@{#384837}
mostynb
Convert //url to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851933002

Cr-Commit-Position: refs/heads/master@{#384831}
mostynb
Convert //gin to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1848423002

Cr-Commit-Position: refs/heads/master@{#384830}
sigbjornf
Simplify ScriptStreamer lifetime handling.
Remove manual keep-alive ref counting for ScriptStreamer across a posted
task; unnecessary as the closure will keep a strong enough reference as-is.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1848443008

Cr-Commit-Position: refs/heads/master@{#384811}
sigbjornf
Hide PingLoader lifetime implementation detail from outside view.
The self-sustaining nature of ping loader objects while the request is
in-flight is an internal implementation detail. Reflect that by having
the class type derive from just GarbageCollectedFinalized> and instead
internally manually manage a SelfKeepAlive<> reference.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1847823007

Cr-Commit-Position: refs/heads/master@{#384810}
sigbjornf
Round out WillBe type removal.
A few leftovers.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1850183003

Cr-Commit-Position: refs/heads/master@{#384804}
sigbjornf
HeapSupplements are now just Supplements.
Replace occurrences of HeapSupplement with Supplement and retire the
former name (HeapSupplement.)

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1846913009

Cr-Commit-Position: refs/heads/master@{#384803}
mstensho
All ancestor multicols must have enough rows before laying out some inner multicol.
We had code in place to insert new rows (and rows in enclosing fragmentation
contexts) when we ran out of space during layout, but we didn't make sure
initially that enough rows had been created, which would result in calculating
an incorrect column height and cause general confusion.

appendNewFragmentainerGroupIfNeeded() now needs to take a PageBoundaryRule
argument (since the new code in this CL deals with top offsets rather than
bottom offsets).

BUG=597058, 588364

Review URL: https://codereview.chromium.org/1834223008

Cr-Commit-Position: refs/heads/master@{#384800}
mstensho
Correct conversion from flowthread to visual coordinate space when there's border/padding.
If an inner multicol container has border or padding, just using the outer
block offset stored in the inner flow thread won't be good enough. We need to
find the actual first fragmentainer group in the first column set.

Or, put simply: let's do what the comment in the code actually says!

Review URL: https://codereview.chromium.org/1847343003

Cr-Commit-Position: refs/heads/master@{#384737}
ckulakowski
Make global variable gTimeDeltaForTesting lazily created.
It's a fix for compilation error: "declaration requires a global constructor [-Werror,-Wglobal-constructors]"

BUG=

Review URL: https://codereview.chromium.org/1851443003

Cr-Commit-Position: refs/heads/master@{#384724}
sigbjornf
Simplify Supplementables post Oilpan.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1851743002

Cr-Commit-Position: refs/heads/master@{#384689}
fs
Use HashMap::add in SVGTextLayoutAttributesBuilder
Removes some redundancies and eliminates double-hashing.
Do the update of default values last. (Avoids assert in AddResult
destructor.)

Review URL: https://codereview.chromium.org/1847333003

Cr-Commit-Position: refs/heads/master@{#384599}
rune
Removed unused non-const accessors for stylesheet lists.
R=mstensho@opera.com

Review URL: https://codereview.chromium.org/1849203002

Cr-Commit-Position: refs/heads/master@{#384578}
fs
Move metrics list storage to LayoutSVGInlineText
It was previously stored in SVGTextLayoutAttributes (which is stored in
LayoutSVGInlineText). The connection between these two is very loose, so
letting the metrics be a part of the attributes structure doesn't feel
entirely logical. There's still a back-pointer in the attributes
structure, which means it's still reachable in the same way (albeit with
one additional indirection.)
Rename the various accessors to metricsList().

BUG=594058

Review URL: https://codereview.chromium.org/1844723003

Cr-Commit-Position: refs/heads/master@{#384450}
rune
No need to look up Document from Element.
Instead use the document() from StyleResolver.

R=kochi@chromium.org

Review URL: https://codereview.chromium.org/1851463002

Cr-Commit-Position: refs/heads/master@{#384325}
rune
Add trace event for updateActiveStyleSheets.
Added for inspecting performance changes for async stylesheet update
and show how much time stylesheet update will account for when moved to
the updateLayoutTree part of the lifecycle.

Will not be called often enough to cause a performance issue in itself.

R=mstensho@opera.com
BUG=567021

Review URL: https://codereview.chromium.org/1843063005

Cr-Commit-Position: refs/heads/master@{#384237}
fs
Pass LineLayoutSVGInlineText to SVGTextMetricsCalculator
Slightly more on the Layout API bandwagon.

BUG=594058

Review URL: https://codereview.chromium.org/1838363004

Cr-Commit-Position: refs/heads/master@{#384137}
fs
Move SVGTextPositioningElement::elementFromLayoutObject
...to SVGTextLayoutAttributesBuilder.cpp, since that is where it's used.
Turn the entry if into an ASSERT (because it's trivial to see that the
condition always holds in this context.)

BUG=594058

Review URL: https://codereview.chromium.org/1846633002

Cr-Commit-Position: refs/heads/master@{#384136}
mboc
Avoid applying alpha twice in RenderText.
BUG=575186

Review URL: https://codereview.chromium.org/1842693002

Cr-Commit-Position: refs/heads/master@{#384055}
rune
Introduce setNeedsActiveStyleUpdate for adding/removing stylesheets.
Remove the add/remove/modify methods which did not have different
implementations anyway. The plan is to let the async active stylesheet
update detect which StyleSheetContents have been added and which have
been removed and invalidate style and caches accordingly.

I've started to write up the plan here: http://bit.ly/25uxtnU

BUG=567021

Review URL: https://codereview.chromium.org/1843693002

Cr-Commit-Position: refs/heads/master@{#384008}
rune
No need for resolverChanged from xml parser.
StyleEngine::resolverChanged now updates the list of active stylesheets.
At some point resolverChanged caused a synchronous style recalc and
layout tree update. There are indications that XSL transforms also were
hooked into that code based on the comments. XSL transforms are
triggered on XSL PI source loaded or DOM content loaded event. For CSS
stylesheets resolverChanged should be called from the StyleEngine when
sheets finishes loading etc like we do for HTML documents.

Review URL: https://codereview.chromium.org/1767083002

Cr-Commit-Position: refs/heads/master@{#383933}
rune
Ensure fullscreen.css loaded for ancestor invalidation
Using invalidation sets caused regression crbug.com/596803 because we
only ensured the fullscreen.css had features available for style
resolving in the fullscreened element's document. This CL ensures the
features are up-to-date for all fullscreen related pseudoStateChanged.

I was not able to reproduce the problem in 596803, but 448721 also
regressed and I've confirmed this CL fixes that regression.

The added layout test does not fail without this fix because the
full screen implementation in content_shell is different and
setMediaType() for fullscreen on resize causes a full recalc of
everything in content_shell before we try to apply fullscreen style
changes. However, if mediaQueryAffectingValueChanged was smarter when
changing media type to fullscreen. That test would have failed.

BUG=596803

Review URL: https://codereview.chromium.org/1823143002

Cr-Commit-Position: refs/heads/master@{#383711}
fs
Regenerate Win7/Android baselines for a few SVG letter-spacing tests
Didn't appear successful on the first try.

TBR=dgrogan@chromium.org
BUG=583298

Review URL: https://codereview.chromium.org/1827103004

Cr-Commit-Position: refs/heads/master@{#383226}
fs
Always create a BidiRun in SVGTextMetricsBuilder
Create a BidiRun for the 'override' case too, to avoid a bunch of
special cases. Since we always have a BidiRun now, null-checks can be
removed, and code simplified a bit. (Hopefully even more in the future.)
Also make "8-bit" (latin1) strings take this code-path. (This was
handled by the SimpleShaper path previously.)

BUG=594058

Review URL: https://codereview.chromium.org/1826263002

Cr-Commit-Position: refs/heads/master@{#383224}
fs
Add spacingDisabled() check to ShapeResultSpacing
SVGTextLayoutEngine applies letter-spacing and word-spacing itself, so
without this we'd apply the spacing properties twice.
This is essentially a bandaid work-around, until we can figure out how
to handle this in a better way.

BUG=583298

Review URL: https://codereview.chromium.org/1827083002

Cr-Commit-Position: refs/heads/master@{#383078}
tmoniuszko
Convert GN group targets to Visual Studio projects
BUG=596895

Review URL: https://codereview.chromium.org/1819353002

Cr-Commit-Position: refs/heads/master@{#383042}
fs
More explicit SVGTextMetrics construction
This makes SVGTextMetrics dumber - essentially POD - leaving all
measuring etc. to whoever creates one (SVGTextMetricsBuilder/Calculator)
for a minor "cost" in complexity.
This makes SVGTextMetrics not depend on LineLayoutSVGInlineText.

Drop SVGTextMetrics::setWidth too since it's unused.

BUG=594058

Review URL: https://codereview.chromium.org/1825613005

Cr-Commit-Position: refs/heads/master@{#382944}
fs
Move SVGTextMetrics::constructTextRun to SVGTextMetricsBuilder
New resting place is the SVGTextMetricsCalculator helper class.
This avoids using this function to create runs based on the wrong BiDi
context.
Also wrap the static bits of SVGTextMetricsBuilder.cpp in an unnamed
namespace, removing a few 'static' keywords.

BUG=596721, 594058

Review URL: https://codereview.chromium.org/1829713002

Cr-Commit-Position: refs/heads/master@{#382938}
davve
Document how effective zoom relates to StyleImage sizing
BUG=561519

Review URL: https://codereview.chromium.org/1824003002

Cr-Commit-Position: refs/heads/master@{#382859}
tmoniuszko
Make some chrome feature flags customizable in GN build
These flags are customizable in GYP build.

BUG=

Review URL: https://codereview.chromium.org/1830543002

Cr-Commit-Position: refs/heads/master@{#382854}
davve
Straighten out zoom and border-image
The border-image-slice property determines how the image is sliced
into the nine piece pattern. Since border-image-slice are not lengths,
they are not automatically zoomed in computed style. Thus the zoom
factor hasn't been applied to the image size either. For border-image
the image size has no impact on the destination area anyway, so this
part is fine.

However, the default object size is in zoomed coordinates and unless
the default object size is unzoomed, there will be a mix of zoomed and
unzoomed coordinates when calculating the final image size for image
sizes that depend on the default object size, e.g. SVG with no
intrinsic size.

For this reason, unzoom the default object size before using it to
compute the image size.

Since the zoom passed to StyleImage::image() should represent the zoom
applied to the image size, it follows from this that the zoom should
be one.

BUG=596075, 561519

Review URL: https://codereview.chromium.org/1819083004

Cr-Commit-Position: refs/heads/master@{#382842}
fs
Use the line box's direction in computeGlyphOverflow
Use SVGInlineTextBox::constructTextRun in order to get the direction as
determined by the BiDi algorithm rather than the what is specified on
the element. (This should also get the right override value for similar
reasons.)

BUG=596721

Review URL: https://codereview.chromium.org/1823073002

Cr-Commit-Position: refs/heads/master@{#382655}
fs
Remove unused SVGTextMetrics constructor
This version of the SVGTextMetrics constructor is no longer used after
SVGTextMetrics::measureCharacterRange was removed by
https://codereview.chromium.org/1773403002.

Review URL: https://codereview.chromium.org/1821833003

Cr-Commit-Position: refs/heads/master@{#382573}
fs
Optimize the characterNumberAtPositionCallback text query
Refactor the calculateGlyphPositionWithoutTransform and
calculateGlyphBoundaries helpers to get logicalGlyphPositionToPhysical
and physicalGlyphExtents.
Use the new methods to implement characterNumberAtPositionCallback as an
iteration over the contributing glyphs, thereby avoiding the O(n^2) for
glyph bounds calculation.

Also fold calculateFragmentBoundaries into
characterNumberAtPositionCallback, because it is trivial, and most of it
is needed for the remaining part of the function too.

Review URL: https://codereview.chromium.org/1816073002

Cr-Commit-Position: refs/heads/master@{#382557}
fs
Make the findMetricsForCharacter SVGTextQuery-helper return an iterator
Convert the helper to return an iterator into the metrics vector. Then
use that new property in the calculateGlyphRange helper to avoid O(n^2)
runtime.

Also remove modifyStartEndPositionsRespectingLigatures, because all
users of it (indirectly through
mapStartEndPositionsIntoFragmentCoordinates) now uses the pre-computed
text metrics - which should account for the same thing automatically.
Also fix up the TODO in endPositionOfCharacterCallback by doing what it
says.

Review URL: https://codereview.chromium.org/1822673002

Cr-Commit-Position: refs/heads/master@{#382536}
tmoniuszko
Make rebase_path() aware of Windows drive letter capitalization
Make sure rebase_path() supports both capital and non-capital Windows path
drive letters. It's unable to find common path prefix otherwise.

BUG=596072

Review URL: https://codereview.chromium.org/1817533002

Cr-Commit-Position: refs/heads/master@{#382532}
rune
Use LocalStyleChange for text direction changes.
Changing the dir attribute or inserting text content into the document
may affect the CSS direction property through presentation style. The
code traversed and marked the parent elements affected by such changes
but use SubtreeStyleChange which recalculate more style than necessary.
Instead use LocalStyleChange as that will also cause inheritance to
happen appropriately.

R=kojii@chromium.org
BUG=596509

Review URL: https://codereview.chromium.org/1817143002

Cr-Commit-Position: refs/heads/master@{#382442}
rune
Use invalidation sets for fullscreen pseudos.
Schedule invalidation sets on elements changing state for
:-webkit-full-screen and:-webkit-full-screen-ancestor.

Lazily load the UA style for fullscreen, but before we enter fullscreen
the first time to have the invalidation sets available for style
invalidation

BUG=442239

Review URL: https://codereview.chromium.org/803133002

Cr-Commit-Position: refs/heads/master@{#382405}
rune
Clear baseComputedStyle when text-autosizing changes.
baseComputedStyle is an optimization for animations where the computed
style before animations are applied is cached and cloned to have
cheaper style recalcs for per-frame animation changes. An assumption is
that the computed style for the layout object only changes in
styleForElement or pseudoStyleForElement. That assumption is not true
for text autosizing as the computed style may be changed during layout.
Then, for the next animation frame, the text autosizing factor may be
different even though the style has not been marked for recalc, and the
sanity check for an unchanged baseComputedStyle will trigger an assert.

Make sure we clear the baseComputedStyle for an element when the text
autosizing factor changes.

R=pdr@chromium.org,drott@chromium.org
BUG=596018

Review URL: https://codereview.chromium.org/1816103002

Cr-Commit-Position: refs/heads/master@{#382350}
mstensho
Shift flowthread-to-visual coordinate space conversion one level up in the tree.
The conversion now takes place between the flow thread and its parent multicol
container, rather than between the flow thread and its children.

This is both conceptually more correct, and it also matches what
mapToVisibleRectInAncestorSpace() already does. Having all machineries do this
at the same place in the tree is what fixes the editing-specific bug 596070.

As for layer clipping bug 527709, it just so happens that we specify the flow
thread as ancestor in mapLocalToAncestor(), which is invoked via
localToAncestorPoint() from PaintLayerClipper::calculateClipRects().
PaintLayerClipper does its work *before* fragments have been collected and set
up for a given layer, so it doesn't want mapLocalToAncestor() or anyone to
change to the visual coordinate space.

BUG=527709,596070
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1819603003

Cr-Commit-Position: refs/heads/master@{#382339}
fs
Make calculateGlyphBoundaries helper return the computed bounds
Review URL: https://codereview.chromium.org/1821613002

Cr-Commit-Position: refs/heads/master@{#382275}
fs
Push ScriptWrappable inheritance down from SVGAnimatedPropertyBase
Rather than letting the base inherit and then override for actually
wrappable subclasses, put the inheritance in the subclasses.
This avoids having "dead" ScriptWrappables on subclasses that don't need
this functionality.
Since this removes the last user of the DEFINE_WRAPPERTYPEINFO_NOT_REACHED
macro, remove that too.

BUG=596011

Review URL: https://codereview.chromium.org/1807333003

Cr-Commit-Position: refs/heads/master@{#382265}
mstensho
Untangle multicol coordinate space conversion from offsetFromContainer().
The various offsetFromContainer() implementations used to convert from flow
thread coordinates to visual coordinates if the container was a flow thread.
That works when mapping a position relatively to some ancestor, but not when
mapping a position relatively to some descendant. Put differently: It works
fine when walking upwards in a tree, but not so fine when walking it downwards
(we need the opposite operation in that case; convert from visual to flow
thread coordinates). That was the reason for some mess in mapAncestorToLocal(),
since we had to cancel out the shenanigans carried out by
offsetFromContainer().

So, instead, perform this flowthread-to-visual coordinate space conversion
where we need it, and don't cause trouble for those who don't need it.

No behavior changes intended. This is also why we're keeping this coordinate
space conversion in CaretBase for now, even if it's wrong (see bug 596070).
Simply removing that *now* wouldn't fix the bug anyway, just alter it (probably
for the better, but who knows -- still buggy). A proper fix will land shortly.

BUG=568492
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1820483002

Cr-Commit-Position: refs/heads/master@{#382153}
rune
Moved resolverChanged for mq updates into StyleEngine.
The placement of resolverChanged() needs a bit of explanation. We
incorrectly only clear the rulesets of active stylesheets when media
query evaluation changes. That currently causes crbug.com/589083.
Updating the active stylesheets (resolverChanged) before clearing the
ruleset will at least make sure that rule set for @media rules inside
sheets with a media attribute changing evaluation will be cleared
correctly. Moving resolverChanged() would have made the effects of
589083 worse.

BUG=567021

Review URL: https://codereview.chromium.org/1783913003

Cr-Commit-Position: refs/heads/master@{#381921}
sigbjornf
Remove unnecessary WebGLRenderingContextBase unregistration.
The garbage collector takes care of clearing out weak references to
WebGLRenderingContextBase objects that the |forciblyEvictedContexts()|
and |activateContexts()| sets keep, before the objects are finalized.

Hence no need to additionally attempt to remove; just assert
non-membership.

R=haraken
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1815513002

Cr-Commit-Position: refs/heads/master@{#381916}
rune
Dirty tree scopes are always a subset of active tree scopes.
No need to walk dirty tree scopes when clearing media dependent rule
sets after walking the active tree scopes.

Also clear m_dirtyTreeScopes in StyleEngine::detachFromDocument.
Currently, m_dirtyTreeScopes are synchronously updated and cleared
right after they are marked dirty, but that is supposed to change.

BUG=567021

Review URL: https://codereview.chromium.org/1786663003

Cr-Commit-Position: refs/heads/master@{#381909}
philipj
Measure the impact of a proposed media element load algorithm change
https://github.com/whatwg/html/issues/869#issuecomment-196189743

R=mlamouri@chromium.org,isherman@chromium.org

Review URL: https://codereview.chromium.org/1809023003

Cr-Commit-Position: refs/heads/master@{#381787}
philipj
Remove use counters for Element methods that have been settled in spec
https://dom.spec.whatwg.org/#interface-element

This also moves the non-spec'd webkitMatchesSelector,
insertAdjacentElement and insertAdjacentText.

The use counter for webkitMatchesSelector is left in place, because it
it's somewhat interesting to follow its decline. The usage ought to be
dominated by old versions of jQuery and other libraries, and so it says
something about how long it takes for those libraries to be dropped or
upgraded in the wild. jQuery and other libraries were updated around the
time that the unprefixed matches was shipped in Blink, and usage of
webkitMatchesSelector has roughly halved every year since. (Since it's
now implemented in all engines, it's still unlikely to ever be removed.)

Original commits:
https://crrev.com/d92494c5c13990d8ab8d8cd73b0a20b8b2dee1e9
https://crrev.com/a706ad3cd488d6827cfcc99cd67cc30625296928
https://crrev.com/709823c231eb406d6928938c745effb16d6b3b3c
https://crrev.com/45b5b0427c403ba30d0067921b2639a31f0190df
https://crrev.com/6bcc2fb1c405cca7971ef6f361d94f8e8c63e726

BUG=460722

Review URL: https://codereview.chromium.org/1804383002

Cr-Commit-Position: refs/heads/master@{#381701}
sigbjornf
(Only) poison unmarked heap objects prior to sweeping.
Drop the unnecessary restriction that eagerly finalized objects aren't
allowed to touch access other eagerly finalized, but live, objects during
finalization. They're allowed to access live objects in other heaps/arenas,
so the same-heap restriction makes little sense.

Simplify the HeapPage poisoning methods as a result.

R=haraken
BUG=594129

Review URL: https://codereview.chromium.org/1805343004

Cr-Commit-Position: refs/heads/master@{#381554}
davve
Move computeIntrinsicSizingInfo to LayoutReplaced
It's only used on replaced content anyway so having an empty LayoutBox
implementation is pointless.

Review URL: https://codereview.chromium.org/1785323002

Cr-Commit-Position: refs/heads/master@{#381445}
philipj
Welcome isSameNode back as a per-spec method
The spec change has been reverted:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27424#c21
https://dom.spec.whatwg.org/#interface-node

There's no need to measure usage any longer, as not further change is
likely to ever happen.

BUG=460722
R=yosin@chromium.org

Review URL: https://codereview.chromium.org/1807833002

Cr-Commit-Position: refs/heads/master@{#381420}
sigbjornf
Stop scheduling in-order script execution upon hitting failed script.
R=haraken
BUG=581425

Committed: https://crrev.com/10cb02165d6d68a66007a3522f23a89fcb8a69d5
Cr-Commit-Position: refs/heads/master@{#381217}

Review URL: https://codereview.chromium.org/1798253002

Cr-Commit-Position: refs/heads/master@{#381281}
sigbjornf
Stop scheduling in-order script execution upon hitting failed script.
R=haraken
BUG=581425

Review URL: https://codereview.chromium.org/1798253002

Cr-Commit-Position: refs/heads/master@{#381217}
tommyt
bluetooth: android: Confirm the notify session after the descriptor has been written.
This change also implements WriteRemoteDescriptor and
ReadRemoteDescriptor. Because of this, I've also added quite a few
descriptor unit tests. These tests are pretty much the same as the
read/write tests for characteristics.

BUG=584369

Review URL: https://codereview.chromium.org/1712593002

Cr-Commit-Position: refs/heads/master@{#381088}
sigbjornf
Remove unused WorkerThread::postDelayedTask().
Unused since Blink r195402 ( https://codereview.chromium.org/1130413003 )

R=kinuko
BUG=

Review URL: https://codereview.chromium.org/1791053002

Cr-Commit-Position: refs/heads/master@{#380943}
davve
Rework embeddedContentBox into embeddedReplacedContent
In preparation for removing computeIntrinsicSizingInfo from LayoutBox
and only have it on LayoutReplaced.

Review URL: https://codereview.chromium.org/1785123003

Cr-Commit-Position: refs/heads/master@{#380902}
sigbjornf
Sync SlowTests expectations following r380895.
TBR=yosin
BUG=356957
NOTRY=true

Review URL: https://codereview.chromium.org/1791293002

Cr-Commit-Position: refs/heads/master@{#380898}
sigbjornf
Space out issuing of spellcheck requests to speed up layout test.
Avoid issuing all spellcheck requests (by focusing elements) in one go
as this queues up a number of tasks and timers that it will require going
back to the event loop many times to process and handle. As the actual
test also relies on timers and setTimeout() this delays the completion
of the test considerably.

Restructure the test, interleaving the element focusing (=> spellcheck
request) with asynchronously checking the spellcheck result. Test completes
earlier as a result.

R=haraken
BUG=356957
TEST=editing/spelling/spellcheck-editable-on-focus.html

Review URL: https://codereview.chromium.org/1781273009

Cr-Commit-Position: refs/heads/master@{#380895}
mstensho
Only honor break-* values when appropriate.
Only honor column-specific break property values if inside a multicol
container, and only honor pagination-specific break property values if inside
some kind of pagination container (printing or paged overflow).

For breaking inside paged overflow containers, honor page values, not column
values. The paged overflow implementation sits on top of the multicol
implementation, which means that it's flowthread-based. But that's just an
implementation detail. Paged overflow containers don't establish columns -- it
establishes pages. Had to update one test, since it relied on
-webkit-column-break-* working inside a paged overflow container, which no
longer is the case. Some unit tests needed an update too.

R=leviw@chromium.org
BUG=223068

Review URL: https://codereview.chromium.org/1762983002

Cr-Commit-Position: refs/heads/master@{#380797}
davve
Propagate media session id into MediaPlayerAndroid
The media session id will be used to implicitly activate a user defined media session.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1640123004

Cr-Commit-Position: refs/heads/master@{#380632}
mstensho
Class A fragmentainer break points also exist between zero-height blocks.
We used to base class A break point [1] detection on whether we were at the
start of the container, location-wise (atBeforeSideOfBlock). That's not
sufficient. It's obviously okay to collapse margins through a zero-height
block, and basically pretend that it doesn't exist for the sake of margin
collapsing. But this isn't true for fragmentation. Class A break points [1]
exist between any two in-flow blocks, regardless of the height of said blocks.
Therefore we cannot propagate the pagination strut caused by a line inside a
block following an empty first-child block. We still need to keep the check for
whether we are at the start of the container, though, because if we aren't, it
means that we have a class C break point [1].

This CL introduces the BlockChildrenLayoutInfo class, which is used as a state
object during block children layout. This replaces MarginInfo and LayoutUnit
previousFloatLogicalBottom, which is what we used to pass back and forth. They
have now been wrapped into BlockChildrenLayoutInfo, along with a new piece of
information: whether we're laying out the first in-flow child or not. This
information is what we now use to detect if we're at a class A break point [1]
or not.

[1] https://drafts.csswg.org/css-break/#possible-breaks

R=leviw@chromium.org
BUG=223068

Review URL: https://codereview.chromium.org/1769483002

Cr-Commit-Position: refs/heads/master@{#380625}
mstensho
Remove special-code for removing anonymous blocks around pseudo elements.
We now have more generic code to take care of this, in
makeChildrenInlineIfPossible().

Review URL: https://codereview.chromium.org/1778483002

Cr-Commit-Position: refs/heads/master@{#380617}
sigbjornf
Simplify StackFrameDepth's handling of stack limits.
The handling of enabled/disabled and limits has become unnecessarily
complex. Especially so now that supported targets all have reasonable
estimates about safe thread stack sizes. Simplify asserts and limit checks
accordingly.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1779243002

Cr-Commit-Position: refs/heads/master@{#380566}
sigbjornf
Check if stylesheet resource was cached before marking it as such.
Should the memory cache already have an entry for a resource other
than the stylesheet resource we're trying to add, do not mark
the underlying StyleSheetContents as being "cached".

Given the possibility that the StyleSheetContents may not be
memory cached, retire the sanity-checking assert that a stylesheet
resource must have been evicted from that cache when finalized.

R=japhet
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1782473002

Cr-Commit-Position: refs/heads/master@{#380559}
sigbjornf
If under stack pressure, do not enable eager stack use.
The Oilpan marking pass safely utilizes the system stack of the
marking thread when tracing the object graph. Should GC be
invoked when stack use is already considerable, the estimated stack
threshold for when it is no longer known safe to continue
consuming system stack, may already have been exceeded. If so,
leave the stack threshold limit & check disabled.

This addresses an assertable condition only; the stack limit
check handles GCing under stack pressure as wanted.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1778353002

Cr-Commit-Position: refs/heads/master@{#380426}
mstensho
Remove special-code used by the old (removed) multicol implementation.
In regular block flow, anonymous blocks always have inline children, unless
it's the part of a continuation chain that contains blocks (which should never
be merged with siblings). Anonymous blocks with block-children also occur in
flexbox (flex items), and in the ruby implementation, but otherwise never in
regular block container layout.

Review URL: https://codereview.chromium.org/1778463002

Cr-Commit-Position: refs/heads/master@{#380381}
sigbjornf
Revert of IntersectionObserver: use an idle callback to send notifications. (patchset #6 id:100001 of https://codereview.chromium.org/1776493002/ )
Reason for revert:
Tests added are leaking, https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/builds/18011

Original issue's description:
> IntersectionObserver: use an idle callback to send notifications.
>
> With this change, the tests can no longer use setTimeout(0) to wait
> for notifications to be delivered.  Instead, use takeRecords() to
> proactively grab notifications right after they are generated
> (typically in a RAF right after a layout change).
>
> BUG=540528
> R=ojan@chromium.org,haraken@chromium.org
>
> Committed: https://crrev.com/2c168f38b5c0e4e50374be4e54c44901c60738a9
> Cr-Commit-Position: refs/heads/master@{#380278}

TBR=ojan@chromium.org,haraken@chromium.org,skyostil@chromium.org,szager@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=540528

Review URL: https://codereview.chromium.org/1780163002

Cr-Commit-Position: refs/heads/master@{#380375}
philipj
Drop remaining [LegacyInterfaceTypeChecking] for Selection
With [LegacyInterfaceTypeChecking], any invalid type is treated as null,
and the risk of this change is therefore bounded by the
SelectionCollapseNull (also hit by setPosition) and
SelectionSetBaseAndExtentNull use counters:
https://www.chromestatus.com/metrics/feature/timeline/popularity/1083
https://www.chromestatus.com/metrics/feature/timeline/popularity/1084

Unfortunately chromestatus.com is not updating, but rbyers@ has checked
the stable channel data and reports usage as ~0 for both. The majority
of this tiny usage still ought to be actual null input, in cases like
collapse(something.firstChild).

The behavior of other engines was tested with this test:
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3970

Edge already throws for non-Node-or-null argumens to collapse and
setBaseAndExtent, but doesn't support setPosition.

Gecko already throws for collapse, but doesn't support setPosition or
setBaseAndExtent.

Overall, this ought to be very low risk.

BUG=561338
R=yoichio@chromium.org,rbyers@chromium.org

Review URL: https://codereview.chromium.org/1778683005

Cr-Commit-Position: refs/heads/master@{#380339}
sigbjornf
Have DataObject create less copies of mime type lists.
R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1776133003

Cr-Commit-Position: refs/heads/master@{#380244}
davve
Remove Image::computeIntrinsicDimensions()
There were only one user of Image::computeIntrinsicDimensions() left,
SVGImagePainter. It was used to calculate the container size in such a
way to force non-uniform scaling in case of
preserveAspectRatio=none. Use SVGImage::concreteObjectSize to get the
viewport size for SVG images.

BUG=581357

Review URL: https://codereview.chromium.org/1720853002

Cr-Commit-Position: refs/heads/master@{#380204}
fs
Simplify CullRect computation in LineBoxList::hitTest; fixing off-by-one
In the old formulation, we were essentially trying to "restore" the
margins from the HitTestLocation bounding-box and point, to compute a
"slice" to cull with. The "width" and "height" expressions for the slice
however trivially simplify to just the corresponding dimension of the
HitTestLocation bounding-box. For the "x" and "y" expressions however
the left/top margin is computed using the rounded point - which for
certain values of x/y will end up shifting the cullrect left/up by one
additional "unit" (pixel).
When the font size is small, one "unit" will be a lot, meaning that lines
can be missed entirely.

Change the computation of the cull rect to just use the bounding-box
from directly rather than restoring it from the (re)computed margin.
This gets rid of the last user of the HitTestLocation::*Padding()
methods, so remove those.

BUG=466617

Review URL: https://codereview.chromium.org/1780673002

Cr-Commit-Position: refs/heads/master@{#380194}
fs
Avoiding losing too much precision when hit-testing SVG <text>
Using flooredIntPoint() will lose all fractional precision - which is
too much considering that the location is actually at least a
LayoutPoint.
Use the HitTestLocation(const FloatPoint&) constructor instead - which does flooredLayoutPoint() behind scenes but also retains the FloatPoint.
Do the same for LayoutSVGForeignObject, since it has similar requirements.

BUG=466617

Review URL: https://codereview.chromium.org/1775363002

Cr-Commit-Position: refs/heads/master@{#380144}
sigbjornf
No need for ListHashSet<> in FrameSerializer.
Insertion ordering isn't made use of.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1778713004

Cr-Commit-Position: refs/heads/master@{#380112}
sigbjornf
Revert of MediaStream audio object graph untangling and clean-ups. (patchset #10 id:200001 of https://codereview.chromium.org/1721273002/ )
Reason for revert:
Broke a number of mediastream/ tests, e.g., https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Trusty/builds/9786

Original issue's description:
> MediaStream audio object graph untangling and clean-ups.
>
> This change consists of a number of "clean-up" changes that are being
> done to make the soon-upcoming refactoring of these classes go much more
> smoothly.  These are:
>
> 1. Public content MediaStreamApi functions cleaned up.  Removed
> "duplicated" functions that don't really do the same thing.  Removed
> hard-coded audio parameters from AddAudioTrackToMediaStream().
>
> 2. Eliminated ref-counting of WebRtcAudioCapturer and
> WebAudioCaptureSource.  Removed unnecessary references to these from
> WebRtcLocalAudioTrack.  Not only did this improve encapsulation of some
> code, but it also allowed for the removal of several dozen lines of
> "dead weight" testing set-upcode throughout the directory.
>
> 3. Renamed MediaStreamAudioTrack::GetTrack() method to From(), to be
> consistent with how this pattern is used in other parts of libcontent,
> and added a MediaStreamAudioSource::From().
>
> 4. Moved audio level calculations out of WebRtcLocalAudioTrack and into
> WebRtcAudioCapturer.  This way, when multiple tracks are present, the
> calculation is only being done once on the same audio.
>
> 5. Eliminated call to WebRtcCapturer::Stop() from
> WebRtcAudioDeviceImpl::Terminate(), which are each supposed to run on
> different threads.  From testing, DCHECKs should have been firing, but
> weren't, so the Terminate() method seems to be dead code.
>
> 6. Miscellaneous other "compaction" and comment updates.
>
> BUG=577881, 577874
> TBR=peter@chromium.org
>
> Committed: https://crrev.com/26bfd80549511a7e05f23c9941c41ced104ddf28
> Cr-Commit-Position: refs/heads/master@{#380065}

TBR=jochen@chromium.org,finnur@chromium.org,mcasas@chromium.org,olka@chromium.org,peter@chromium.org,tommi@chromium.org,miu@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=577881, 577874

Review URL: https://codereview.chromium.org/1780653002

Cr-Commit-Position: refs/heads/master@{#380103}
sigbjornf
Avoid WeakProcessingHashTableHelper<> type redefinitions.
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1770103003

Cr-Commit-Position: refs/heads/master@{#379820}
davve
Support canvas size as default object size
By adding a defaultObjectSize parameter to

 * CanvasImageSource::elementSize,
 * CanvasImageSource::defaultDestinationSize
 * CanvasImageSource::getSourceImageForCanvas

we can support the default sizing algorithm in HTMLImageElement for
images that lack an intrinsic size. This affects both drawImage() and
createPattern().

At time of writing there doesn't exist clear spec text for how
createPattern should behave. In
https://github.com/whatwg/html/issues/735 the behavior in this CL has
been suggested as a reasonble starting point.

BUG=581357, 475009

Review URL: https://codereview.chromium.org/1767633002

Cr-Commit-Position: refs/heads/master@{#379818}
sigbjornf
Remove Resource::assertIsAlive().
Temporary release assert to diagnose a crash that got stuck.

R=dcheng
BUG=352043

Review URL: https://codereview.chromium.org/1770013004

Cr-Commit-Position: refs/heads/master@{#379810}
davve
Merge image sizing algorithms
Let users of StyleImage use StyleImage::imageSize() to get the image
size instead of fetching intrinsic information and calculating the
size outside StyleImage. This let's us remove the sizing algorithm in
LayoutBoxModelObject::calculateImageIntrinsicDimensions.

By passing along the default object size to StyleImage::imageSize, we
can remove the sizing algorithm in LayoutBoxModelObject and reuse the
one in SVGImage instead for the one image type that needs the
complicated sizing algorithm. Simpler algorithms can remain simple,
e.g. for generated images with no fixed size, the default object size
is returned unmodified.

SVGImage::concreteObjectSize almost had the necessary bits to
support full sizing of SVG images within a style context, i.e. through
StyleImage. The only missing bit was the the contain constraint on the
default object size added by this patch.

Some zoom juggling needed since the provided default object size is
sometimes zoomed and SVGImage has no notion of zoom. Thus the zoom is
removed before calling SVGImage::concreteObjectSize() and reapplied on
the result afterwards.

Background images and other decorative images should never respect the
exif rotation[1], so StyleImage::imageSize now requests the image size
from ImageResource without exif rotation applied. Presumably
StyleImage::imageSize() was broken but unused in this regard before.

In contrast to LBMO::calculateImageIntrinsicDimensions(),
StyleImage::imageSize returns the size for layout, i.e. the size
compensated for the image scale factor. This fixes two hidpi bugs, one
for list item marker images and one for shape-outside.

BUG=581357, 591935, 591939, 592888, 592886

Review URL: https://codereview.chromium.org/1756763004

Cr-Commit-Position: refs/heads/master@{#379801}
sigbjornf
Remove dangling LeakExpectations pointers.
TBR=kouhei,yutak@chromium.org
BUG=364411,364417,506754
NOTRY=true

Review URL: https://codereview.chromium.org/1771943003

Cr-Commit-Position: refs/heads/master@{#379793}
sigbjornf
Fix non-Oilpan following r379558.
R=
BUG=580169

Review URL: https://codereview.chromium.org/1770323002

Cr-Commit-Position: refs/heads/master@{#379786}
rune
deviceScaleFactorChanged() handles style recalc.
No need to do an additional frame tree walk for marking style dirty
right before.

Review URL: https://codereview.chromium.org/1773523003

Cr-Commit-Position: refs/heads/master@{#379764}
rune
No need to re-collect stylesheets for setting type StyleChange.
Style recalc for all frames necessary, though.

Review URL: https://codereview.chromium.org/1772513003

Cr-Commit-Position: refs/heads/master@{#379763}
rune
Move preferred stylesheet logic into StyleEngine.
To understand the code better:

We don't support selecting alternate stylesheets in Blink, although the
API for Document.selectedStylesheetSet is present. The way it works, is
that the effective selected stylesheet set is either empty or the
preferred set. Setting selectedStylesheetSet has no effect.

This CL should not impose any functional changes, but a resolverChanged
with no effect has been removed.

The next step for async active stylesheet update is to move the setting
of the preferred set name to where the the dom mutations happen as the
order of mutations is what defines which stylesheet title has
precedence.

BUG=567021

Review URL: https://codereview.chromium.org/1769903002

Cr-Commit-Position: refs/heads/master@{#379762}
rune
Remove unnecessary setNeedsRecalcStyleInAllFrames for fonts.
Instead of walking the frame tree twice, nuking the style world the
second time, do normal font cache invalidation which lets StyleEngine
handle the change in StyleEngine::fontsNeedUpdate.

TEST=fast/text/update-sans-serif-and-recalc-style.html

Review URL: https://codereview.chromium.org/1771823002

Cr-Commit-Position: refs/heads/master@{#379761}
rune
Added tests for preferred sheet insertion order.
Which stylesheet wins setting the preferred stylesheet set based on the
title attribute depends on the insertion order, and not the tree order,
since it's done as part of adding a stylesheet[1], as part of creating
a stylesheet[2], which is done on closing a style element, on inserting
or removing the style element [3].

Added two tests to make sure this is still true after active stylesheet
update has been made async.

[1] https://drafts.csswg.org/cssom/#add-a-css-style-sheet
[2] https://drafts.csswg.org/cssom/#create-a-css-style-sheet
[3] https://html.spec.whatwg.org/#update-a-style-block

BUG=567021

Review URL: https://codereview.chromium.org/1769843002

Cr-Commit-Position: refs/heads/master@{#379760}
sigbjornf
Remove WebFormElement::wasUserSubmitted.
As autofill is no longer using this (as of r339061), drop this
this public API.

R=
BUG=

Review URL: https://codereview.chromium.org/1768953002

Cr-Commit-Position: refs/heads/master@{#379683}
fs
Add more SVG-related mapLocalToAncestor/mapAncestorToLocal tests
Written while looking at crbug.com/592316. Tests viewBoxes with a
non-zero x/y component.

BUG=592316, 568614

Review URL: https://codereview.chromium.org/1771833002

Cr-Commit-Position: refs/heads/master@{#379600}
auygun
Set debug color for borders of compressed tiles.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1774533002

Cr-Commit-Position: refs/heads/master@{#379582}
mostynb
export blink::Platform symbols in shared_library builds
This unbreaks GCC component=shared_library builds, which fail to link
libblink_platform.so due to missing vtable, since CL 1660383002 landed.

BUG=548254

Review URL: https://codereview.chromium.org/1770693002

Cr-Commit-Position: refs/heads/master@{#379577}
davve
Shortcut ImageResource::canRender()
Move the little work ImageResource::canRender() does out of fetch/ and
into the respective call sites. A small step towards getting rid of
ImageResource::imageSize() and limiting ImageResource to fetch related
functionality.

It's assumed that ImageResource::image() never returns the nullptr and
that !errorOccurred() implies the an image or the nullImage if no
image is available.

BUG=581357

Review URL: https://codereview.chromium.org/1773503002

Cr-Commit-Position: refs/heads/master@{#379549}
fs
Handle '<something>' to 'none' changes of 'transform' for SVG
Only the value of the new style was observed and triggered an update.
Check the StyleDifference flag for simplicity.

BUG=592206

Review URL: https://codereview.chromium.org/1771773002

Cr-Commit-Position: refs/heads/master@{#379546}
fs
Don't expand <symbol> elements in <use> that are not targets
When a <use> was referencing a subtree which contained a <symbol>
element, the <symbol> would get replaced by the "replace <symbol>" part
of the <use> expansion. This would result in content being rendered that
should not (since only <symbol>s that are directly referenced by <use>
should render.)
Instead of blindly expanding <symbol> elements, replace them directly
when producing the instance clone.

Replace the old faulty test svg/custom/use-on-g-containing-symbol.svg
with a new test.

Test from: https://bugs.webkit.org/show_bug.cgi?id=154576

BUG=589682

Review URL: https://codereview.chromium.org/1736283003

Cr-Commit-Position: refs/heads/master@{#379532}
rune
Re-collect rule features for watched selectors.
Instead of nuking the StyleResolver and re-collecting all stylesheets,
clear the current rule features on StyleResolver and mark them for
re-collection. We need to re-collect because the rule features on
StyleResolver are a union of the rule features from stylesheets and the
watched selectors from the declarativeContent css api for extensions.

A bonus is that this change avoids a synchronous active stylesheets
update.

R=dstockwell@chromium.org
BUG=567021

Review URL: https://codereview.chromium.org/1757503002

Cr-Commit-Position: refs/heads/master@{#379529}
rune
Avoid nuking everything when injecting stylesheet.
Instead do an analyzed update of the Document scope.

Review URL: https://codereview.chromium.org/1762443004

Cr-Commit-Position: refs/heads/master@{#379528}
philipj
Measure the many aspects of HTMLAllCollection
Multiple spec changes to HTMLAllCollection are under discussion:
https://github.com/whatwg/html/issues/775
https://github.com/whatwg/html/pull/780

To help inform the discussion and estimate risk, measure some of the
aspects that are currently not per spec, as well as a few extra bits for
comparison purposes.

BUG=591605

Review URL: https://codereview.chromium.org/1756963002

Cr-Commit-Position: refs/heads/master@{#379484}
sigbjornf
Remove now-unused Visitor::m_isGlobalMarkingVisitor field.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1759183005

Cr-Commit-Position: refs/heads/master@{#379469}
fs
Correct initial width/height for <use>d <symbol>s
The initial values for width/height on the <svg> generated for the
<symbol> should be "100%".
Since the <symbol> element had been replaced by a <svg> element by the
time the attributes were transferred the wrong set of rules were used.

Adjust svg/custom/use-attribute-invalidations.html to be correct.
svg/custom/relative-sized-shadow-tree-content-with-symbol.xhtml now
renders correctly.

BUG=592063

Review URL: https://codereview.chromium.org/1757993007

Cr-Commit-Position: refs/heads/master@{#379350}
sigbjornf
Simplify mock web speech recognizer's "onend" handling.
..and fix a bug introduced by r378252 in the process, it assuming
a different interpretation of speech recognizer handle equality than
what's (reasonably) provided.

i.e., handle the completion of a speech recognition via one
task rather than two.

R=tommi,jochen
BUG=591298

Review URL: https://codereview.chromium.org/1750213004

Cr-Commit-Position: refs/heads/master@{#379299}
fs
Add SVGUseElement::createInstanceTree helper
Add a new method used to create a new instance subtree from a <use>-
targetted element. Re-use where possible.

Also make isDisallowedElement(...) take a Element& (it's no longer
called on Nodes) and remove a redundant call to
removeDisallowedElementsFromSubtree in <symbol> expansion (no new clones
are produced here expecpt the <svg> on replacing the <symbol>.)

BUG=589682

Review URL: https://codereview.chromium.org/1763033002

Cr-Commit-Position: refs/heads/master@{#379298}
fs
Remove SVGUseElement::buildShadowTree
SVGUseElement::buildShadowTree() steps out for a moment to regain
strength. In its absence, open-code the sequence using other helper
functions.

BUG=589682

Review URL: https://codereview.chromium.org/1769493002

Cr-Commit-Position: refs/heads/master@{#379290}
fs
Factor addReferenceTo()-calls out of SVGUseElement::buildShadowTree
This factors the registering of references to first degree nested <use>
elements out of the buildShadowTree, getting rid of the |foundUse|
parameter. This brings us one step closer to more streamlined shadow-
tree construction. It also avoids calling isStructurallyExternal() more
than once.

Also cleanup the instanceTreeIsLoading() method by letting it traverse
all the SVGUseElement descendants of the shadow root using the
Traversal<> helpers.

BUG=589682

Review URL: https://codereview.chromium.org/1759423003

Cr-Commit-Position: refs/heads/master@{#379289}
sigbjornf
Retire expectation for fast/dom/webtiming.html
No longer coming through as flaky.

TBR=skyostil
BUG=520172
NOTRY=true

Review URL: https://codereview.chromium.org/1763883004

Cr-Commit-Position: refs/heads/master@{#379272}
sigbjornf
Avoid PageMemoryRegion::m_numPages data race.
R=haraken
BUG=591217

Review URL: https://codereview.chromium.org/1762093002

Cr-Commit-Position: refs/heads/master@{#379228}
fs
Eliminate SVGUseElement::referencedScope()
During "shadow tree fixup" (SVGUseElement::expand*) we can use the
document of the original (corresponding) element rather than
referencedScope(), because the Document of those elements will be the
external or the "local" respectively depending on source for the initial
clone operation.
This leaves a few users in buildPendingResource() which can be
eliminated by folding the method into it.
Hopefully this will also allow future cleanups to
isExternalURIReference, since now it's not called unnecessarily for each
nested <use>. (Possibly minor perf effect from eliminating the calls to
referencedScope().)

BUG=589682

Review URL: https://codereview.chromium.org/1757323002

Cr-Commit-Position: refs/heads/master@{#379074}
fs
Replace cloneNodeAndAssociate with Element::cloneElementWithChildren
Use the Element::cloneElementWithChildren to do a "straight" clone, and
then post-process it to associate the cloned nodes with their
corresponding elements.
Move the call to removeDisallowedElementsFromSubtree() into the cloning
sequence since it will have nothing to do if there's no target. The
root has already been verified to be "allowed", so the different
starting element makes no difference on the result.

BUG=589682

Review URL: https://codereview.chromium.org/1759553005

Cr-Commit-Position: refs/heads/master@{#379046}
fs
Use references some more in SVGUseElement
Mostly changes to pass SVGElement& rather than SVGElement* - and some
cleanup/removal of dead null-checks etc. as a consequence.

BUG=589682

Review URL: https://codereview.chromium.org/1762633002

Cr-Commit-Position: refs/heads/master@{#379031}
rune
Don't call updateLayoutTree twice.
In updateLayoutTreeIgnorePendingStylesheets we would call
updateLayoutTree twice when having nodes with placeholder style.
Removed the first call.

Review URL: https://codereview.chromium.org/1764653002

Cr-Commit-Position: refs/heads/master@{#379007}
sigbjornf
Fix non-Oilpan following r378744.
R=haraken,fs@opera.com
BUG=535429

Review URL: https://codereview.chromium.org/1753283004

Cr-Commit-Position: refs/heads/master@{#378996}
fs
Remove SVGUseElement helper subtreeContainsDisallowedElement
The related helper removeDisallowedElementsFromSubtree() already walks
the same subtree and checks with the same predicate[1], so letting the
removing function do all the work should not be a problem.

Also change isDisallowedElement to take a const Node&, and tighten the
type of the subtree root passed to removeDisallowedElementsFromSubtree
(it's always either a SVGSVGElement or a SVGGElement.)
Move the lengthy - and somewhat outdated - comment above
removeDisallowedElementsFromSubtree to just above its definition.
(We aim to align the current behavior to it though, so keeping it
around unchanged.)

[1] subtreeContainsDisallowedElement() was walking the Nodes of the
    tree, while removeDisallowedElementsFromSubtree() walks the
    Elements. Thus they did not look at the exact same set of nodes.
    Since the removal took place on the smaller set though there should
    be no change in behavior.
    Previously we could end up walking the entire subtree looking for
    something to remove (in removeDisallowedElementsFromSubtree)
    eventhough we wouldn't find it (like for example a COMMENT node.)

BUG=589682

Review URL: https://codereview.chromium.org/1755153002

Cr-Commit-Position: refs/heads/master@{#378993}
fs
Clean up reparenting in SVGUseElement::expand*
Add a helper moveChildrenToReplacementElement() and use that instead of
an open-coded loop.
Split transferUseAttributesToReplacedElement() into two, getting rid of
one by open-coding the call to cloneDataFromElement(), and make the other
one static (while renaming it.)

BUG=589682

Review URL: https://codereview.chromium.org/1760553002

Cr-Commit-Position: refs/heads/master@{#378992}
davve
Pass media session id over IPC
Add media_session_id to the MediaPlayerHostMsg struct in preparation
for letting the browser process create media players with user created
media sessions.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1641993003

Cr-Commit-Position: refs/heads/master@{#378983}
rune
One instead of three resolverChanged replacing source in inspector.
resolverChanged() was called three times when replacing the stylesheet
text from the inspector. Two mutation scopes and an explicit call at
the end.

Kept one of the mutation scopes. Two shouldn't be necessary, and I have
confirmed that the crash tests for which this was justified earlier
don't crash when removing one of the scopes.

Moved the stylesheet modifications into CSSStyleSheet::setText().

Also moved clearing of the CSSOM wrappers before the mutation scope
declaration as the mutation scope constructor would unnecessarily
re-attach wrappers which would then be cleared right after.

R=esprehn@chromium.org,pfeldman@chromium.org
BUG=591599

Review URL: https://codereview.chromium.org/1765463002

Cr-Commit-Position: refs/heads/master@{#378978}
rune
Removed unnecessary resolverChanged call.
Changing disabled state of a stylesheet link caused active stylesheet
update to happen twice. Once from setDisabled() on the stylesheet and
once directly from LinkStyle::setDisabledState(). Removed the one
called directly from LinkStyle::setDisabledState.

R=esprehn@chromium.org
BUG=591559

Review URL: https://codereview.chromium.org/1761693002

Cr-Commit-Position: refs/heads/master@{#378922}
sigbjornf
Revert of Use a bitmap to record PageMemoryRegion usage. (patchset #1 id:1 of https://codereview.chromium.org/1748363005/ )
Reason for revert:
Using a bitmap is problematic as pages within a region may belong to different threads (see https://crbug.com/591217 ).

Revert back to previous and use a separate bool per thread to avoid overlap.

Original issue's description:
> Use a bitmap to record PageMemoryRegion usage.
>
> R=haraken
> BUG=420515
>
> Committed: https://crrev.com/648b0ff04620c688b1d8926b06220f45da3e4598
> Cr-Commit-Position: refs/heads/master@{#378449}

TBR=oilpan-reviews@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=420515

Review URL: https://codereview.chromium.org/1749103005

Cr-Commit-Position: refs/heads/master@{#378756}
philipj
Make DeviceOrientationEvent.prototype.absolute non-nullable
This is to match the spec and Gecko:
http://w3c.github.io/deviceorientation/spec-source-orientation.html#deviceorientation
https://hg.mozilla.org/mozilla-central/file/85e218929a7a/dom/webidl/DeviceOrientationEvent.webidl

BUG=460722

Review URL: https://codereview.chromium.org/1737443002

Cr-Commit-Position: refs/heads/master@{#378747}
fs
Simplify SVGUseElement::expand* methods
 * Use Traversal<Type> helpers.
 * Start at the ShadowRoot.

BUG=589682

Review URL: https://codereview.chromium.org/1753843002

Cr-Commit-Position: refs/heads/master@{#378722}
rune
Remove unnecessary feature flag update.
The feature flags in StyleEngine were always reset from
StyleResolver::finishAppendAuthorStyleSheets right before we called
combineCSSFeatureFlags with the exact same feature set.

R=dstockwell@chromium.org
BUG=401359,567021

Review URL: https://codereview.chromium.org/1743183003

Cr-Commit-Position: refs/heads/master@{#378719}
fs
Implement mapAncestorToLocal for LayoutSVG{ModelObject,Block}
This CL adds an implementation of mapAncestorToLocal for SVG
LayoutObject types via a helper in SVGLayoutSupport.
This should help cases which use any of the LayoutObject::ancestorTo*
methods (or similar/wrappers.) Examples of users are various form
controls and scrollbars.

BUG=568614

Review URL: https://codereview.chromium.org/1747223002

Cr-Commit-Position: refs/heads/master@{#378716}
rune
Remove unused createdByParser flags and arguments.
Review URL: https://codereview.chromium.org/1754863002

Cr-Commit-Position: refs/heads/master@{#378711}
philipj
Remove the always-enabled Media from RuntimeEnabledFeatures
This has been enabled everywhere since
https://codereview.chromium.org/590083002

Review URL: https://codereview.chromium.org/1749683002

Cr-Commit-Position: refs/heads/master@{#378686}
philipj
Remove Selection TODO that was fixed by a spec change
BUG=460722
R=yoichio@chromium.org

Review URL: https://codereview.chromium.org/1755503002

Cr-Commit-Position: refs/heads/master@{#378667}
fs
Clone non-markup event listeners for <use> in a separate pass
This brings us closer to be able to use cloneNode(true) for the initial
clone.

BUG=589682

Review URL: https://codereview.chromium.org/1753823002

Cr-Commit-Position: refs/heads/master@{#378604}
fs
Remove redundant check in SVGUseElement::buildShadowTree
We already perform this check on |target| in all callers (the method
itself and buildShadowAndInstanceTree), so this condition will never be
true at this point. Remove it (replace with assert.) Since this gets rid
of the only way for buildShadowTree to return false, change the return-
type to 'void' and simplify accordingly.

BUG=589682

Review URL: https://codereview.chromium.org/1754693002

Cr-Commit-Position: refs/heads/master@{#378504}
sigbjornf
Add missing DevToolsEmulator field initialization.
Introduced in r371567.

R=
BUG=581115

Review URL: https://codereview.chromium.org/1747203002

Cr-Commit-Position: refs/heads/master@{#378491}
sigbjornf
Keep XHR progress throttle interval an implementation detail.
R=
BUG=

Review URL: https://codereview.chromium.org/1750323002

Cr-Commit-Position: refs/heads/master@{#378487}
sigbjornf
Retire WebLocalFrameScope.
Retire this test-supporting scope object; no longer needed to ensure timely
release and closing of WebLocalFrames in CreateLocalChildWithPreviousSibling

R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1750613002

Cr-Commit-Position: refs/heads/master@{#378454}
sigbjornf
Use a bitmap to record PageMemoryRegion usage.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1748363005

Cr-Commit-Position: refs/heads/master@{#378449}
sigbjornf
Remove unused HashSet<>::isValidValue().
R=
BUG=

Review URL: https://codereview.chromium.org/1750983002

Cr-Commit-Position: refs/heads/master@{#378435}
sigbjornf
Sync leak expectations following r378252.
TBR=dmazzoni
BUG=506529
NOTRY=true

Review URL: https://codereview.chromium.org/1751923002

Cr-Commit-Position: refs/heads/master@{#378431}
sigbjornf
Node.h #include parsimony.
Node.h is slurped in throughout Blink, hence it makes sense to have it
not include unnecessary headers.

R=tkent
BUG=

Review URL: https://codereview.chromium.org/1746673002

Cr-Commit-Position: refs/heads/master@{#378427}
tmoniuszko
Update GN docs about Visual Studio generators
BUG=

Review URL: https://codereview.chromium.org/1750523002

Cr-Commit-Position: refs/heads/master@{#378419}
philipj
Renew deprecation messages for Web Audio doppler effects
Intent to Deprecate:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/-1SI1GoHYO8/6XUjRs-fdv4J

BUG=439644

Review URL: https://codereview.chromium.org/1745103002

Cr-Commit-Position: refs/heads/master@{#378409}
rune
Allow simple selectors after ::content for compat.
Allow simple selectors which are not pseudo elements after ::content in
compound selectors. Polymer 0.5 content sometimes use ::content[attr]
instead of [attr]::content. This was made invalid with r369760.

R=timloh@chromium.org
BUG=589252

Review URL: https://codereview.chromium.org/1749713002

Cr-Commit-Position: refs/heads/master@{#378331}
sigbjornf
Make HTMLSelectElementTest.DefaultToolTip work non-Oilpan
R=tkent
BUG=

Review URL: https://codereview.chromium.org/1742353002

Cr-Commit-Position: refs/heads/master@{#378324}
sigbjornf
Reduce weak callback stack reservation for non-main threads.
Tune the initial reservation for Oilpan threads other than the main
thread; very few uses of weak references and collections happen off
the main thread. Adjust the initial allocation accordingly.

R=
BUG=

Review URL: https://codereview.chromium.org/1750553002

Cr-Commit-Position: refs/heads/master@{#378318}
sigbjornf
Have mock speech recognizer reset and release its recognizer upon ending.
Take care of leaks attributed to this mock object - it unnecessarily
retaining a WebSpeechRecognitionHandle beyond completion of the final
'ended' notification to it.

R=dmazzoni
BUG=506529

Review URL: https://codereview.chromium.org/1737953003

Cr-Commit-Position: refs/heads/master@{#378252}
sigbjornf
Fix PointerEventFactoryTest unit tests non-Oilpan following r377576.
TBR=oilpan-reviews
BUG=583331

Review URL: https://codereview.chromium.org/1749773002

Cr-Commit-Position: refs/heads/master@{#378242}
philipj
Move Deprecation helpers into an anonymous namespace
willBeRemoved is used in the first Deprecation::deprecationMessage so
unfortunately these can't be kept right next to second
Deprecation::deprecationMessage where they are used most.

Review URL: https://codereview.chromium.org/1750503002

Cr-Commit-Position: refs/heads/master@{#378206}
philipj
Remove unused UseCounter features
Review URL: https://codereview.chromium.org/1740153002

Cr-Commit-Position: refs/heads/master@{#378185}
sigbjornf
Remove unused NodeIntersectionObserverData predicates.
R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1740973003

Cr-Commit-Position: refs/heads/master@{#378140}
sigbjornf
Reduce ephemeron stack size reservation.
The ephemeron stack is used by the Oilpan GC to handle key-value pairs
over weak references as wanted (i.e., the value is strongly referenced
until the key becomes unreachable). The marking process will push
hash tables containing such onto a stack processing for later processing.

Blink only has a handful of hash tables requiring ephemeron processing,
hence tune down the initial size of the stack accordingly.

As a data point, browsing around on various popular sites resulted in
ephemeron stacks no deeper than in the mid-20s.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1741833002

Cr-Commit-Position: refs/heads/master@{#378131}
perja
bluetooth: android: register for adapter on/off events.
Register for BluetoothAdapter.ACTION_STATE_CHANGED and reflect the
state changes in the device chooser dialog.

BUG=543060

Review URL: https://codereview.chromium.org/1711393002

Cr-Commit-Position: refs/heads/master@{#377982}
fs
After expanding <symbol> in <use>, expand its siblings
If the siblings are not expanded at this point, the loop of the children
of the ancestor will lose the siblings because it's still referencing
the old <symbol> element.
This little loop fell out in https://codereview.chromium.org/272523002.

BUG=589682

Review URL: https://codereview.chromium.org/1734983004

Cr-Commit-Position: refs/heads/master@{#377922}
sigbjornf
Remove unused Document auxiliary methods.
R=
BUG=

Review URL: https://codereview.chromium.org/1734373002

Cr-Commit-Position: refs/heads/master@{#377879}
fs
Fix synchronization of SVGAnimatedAngle (<marker orient>)
Since SVGAnimatedAngle also wraps the SVGAnimatedEnumeration for the
enumeration representation of the 'orient' attribute, and both of them
synchronize to said attribute, we need to override the synchronization
methods to take the synchronization status of them both into account
(as opposed to previously where only the SVGAnimatedAngle itself was
considered.) Rewrite the existing synchronizeAttribute() implementation
to just delegate rather than do the actual work itself.

Also change reference from SVGMarkerElement to just SVGElement and
include the specific header - SVGAngle.h rather than SVGAngleTearOff.h.

BUG=589808

Review URL: https://codereview.chromium.org/1739533004

Cr-Commit-Position: refs/heads/master@{#377875}
tmoniuszko
Limit the set of Visual Studio projects generated by GN
BUG=589099

Review URL: https://codereview.chromium.org/1718093006

Cr-Commit-Position: refs/heads/master@{#377871}
philipj
Adjust deprecation messages to match Estimated Stable Dates
These dates are from https://www.chromium.org/developers/calendar and
match the branch date + 6 weeks rule.

It would be unfortunate if developers think they have more time to adapt
than they actually do.

BUG=590143

Review URL: https://codereview.chromium.org/1736533004

Cr-Commit-Position: refs/heads/master@{#377870}
sigbjornf
Parameterize CallbackStack over initial block size.
CallbackStack keeps a chain of blocks, extending it as needed. So as to
allow stacks with varying block sizes, have its constructor take the
block size to use as argument.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1737913002

Cr-Commit-Position: refs/heads/master@{#377865}
sigbjornf
Ignore setting of navigation starting points for detached documents.
Address non-Oilpan leaks.

R=tkent
BUG=454172

Review URL: https://codereview.chromium.org/1739713003

Cr-Commit-Position: refs/heads/master@{#377679}
fs
Don't use SVG resource documents with an unrecognized MIME-type
Before parsing/creating the actual document of a DocumentResource, make
sure that the resource in question was actually served as a reasonable
MIME-type - one of:

  image/svg+xml,
  text/xml,
  application/xml or
  application/xhtml+xml

Use the original Content-Type from the HTTP header when possible and
treat empty as invalid (matches Gecko).
This could help mitigate some issues with content sanitation. It seems
to match what Gecko is doing so is hopefully not too web-incompatible.

Move the commonly recurring *Resource::mimeType() helper from subclasses
to the baseclass (Resource) and rename it httpContentType() since that
should be a better match for what it is.

BUG=527514

Review URL: https://codereview.chromium.org/1706243002

Cr-Commit-Position: refs/heads/master@{#377560}
fs
Don't apply the SandboxPlugins flag until we know a plugin will be used
Move the check of the SandboxPlugins flag out of the pluginIsLoadable
function and to just before the actual load/instantiation of the plugin
is initiated. This means the URL and MIME-type is still subject to
SecurityOrigin, (some) CSP and Mixed-Content checks, but the flag will
not block resources if they will not use a plugin.

Split pluginIsLoadable into one part that checks if the URL/MIME-type is
allowed, and one part that checks if the plugin itself can be
loaded/instantiated. The former is allowedToLoadObject while the latter
is allowedToLoadPlugin. Only call the latter if we determine that a
plugin will be used to view the content (URL or not). Sink the
allowedToLoadPlugin check into loadPlugin, which in turn means it will
apply to the code-path through createPluginWithoutLayoutObject() as well,
while adding a call to allowedToLoadObject there as well.

Also make sure that shouldUsePlugin() sets the |useFallback| out-
variable before all returns. (Could previously be used uninitialized.
Found by code inspection.)

BUG=578916

Review URL: https://codereview.chromium.org/1645313002

Cr-Commit-Position: refs/heads/master@{#377559}
philipj
Remove dead code related to Web Audio doppler effects
Doppler already has no effect on AudioBufferSourceNodes, as the only
call to setPannerNode was removed in time for M41:
https://codereview.chromium.org/783273002/

PannerHandler::dopplerRate becomes unreachable next, and pulling at the
thread of unreachable things ends up removing quite a lot.

PannerNode's setVelocity is revealed to have no effect at all, although
it remains in the spec. A spec issue was filed:
https://github.com/WebAudio/web-audio-api/issues/730

BUG=439644
R=rtoy@chromium.org

Review URL: https://codereview.chromium.org/1734483002

Cr-Commit-Position: refs/heads/master@{#377507}
sigbjornf
Have EventSender mouseups unwind better on cancellation during dragover.
Follow up on changes brought by r376733 and check if handling of dragover
cancelled our ongoing drag. Leave early, if so.

R=dcheng,rbyers
BUG=589426

Review URL: https://codereview.chromium.org/1728353002

Cr-Commit-Position: refs/heads/master@{#377392}
mostynb
only include xdg_util_unittest.cc on desktop linux
Review URL: https://codereview.chromium.org/1726613003

Cr-Commit-Position: refs/heads/master@{#377373}
philipj
Remove SVGElement.offsetParent/offsetTop/offsetLeft/offsetWidth/offsetHeight
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/jjwLLSG_hGY/Ovi-nvEeDwAJ

BUG=463116

Review URL: https://codereview.chromium.org/1726743002

Cr-Commit-Position: refs/heads/master@{#377283}
philipj
Update SVG tests ahead of offset* removal
This converts some SVG tests to use getBoundingClientRect() instead of
the deprecated offset* attributes, so that the removal CL is minimized
and thus easier to revert in case of trouble.

smil-scheduled-in-inactive-document-crash.html didn't actually run the
problematic code because of a early finishJSTest(), which was moved.

BUG=463116
R=fs@opera.com

Review URL: https://codereview.chromium.org/1729073002

Cr-Commit-Position: refs/heads/master@{#377261}
mstensho
Ability to return the height of fragmentainer groups that don't yet exist.
When the flow thread offset is out of range (i.e. it comes after the logical
bottom of the last fragmentainer group created so far) when asking for a column
height, estimate how tall the next fragmentainer group will be, instead of
returning the height of the last fragmentainer group.

It was dodgy of LayoutBlockFlow::adjustLinePositionForPagination() to call
paginatedContentWasLaidOut() before the final position of the line had been
determined, but we did so in order to create the necessary fragmentainer
groups, so that we could get the right column height. However, since we may
decide to drop the strut calculated if a line is taller than the column, we'd
better not pretend that we applied the strut. Otherwise we may create more
fragmentainer groups than necessary, causing mild confusion and assertion
failures in the multicol machinery.

To fix this, we need LayoutBlock::pageLogicalHeightForOffset() to be able to
return the height of columns in a fragmentainer group that has't yet been
created (and perhaps never will). The rationale behind this solution is that it
seems better to deal with this inside the multicol implementation, than to add
more complexity in adjustLinePositionForPagination(). Leaving LayoutBlockFlow
blissfully unaware of multiple fragmentainer groups seems like a good thing.

BUG=552615

Review URL: https://codereview.chromium.org/1710843003

Cr-Commit-Position: refs/heads/master@{#377256}
landell
Include errno.h
BUG=

Review URL: https://codereview.chromium.org/1729433002

Cr-Commit-Position: refs/heads/master@{#377254}
sigbjornf
Retire stale leak expectations.
Both these tests are no longer reported as leaking, sync expectations
accordingly.

R=haraken
BUG=582376
NOTRY=true

Review URL: https://codereview.chromium.org/1734493002

Cr-Commit-Position: refs/heads/master@{#377237}
mostynb
simplify glib condition for including message_pump_glib_unittest.cc
We should use the use_glib variable instead of alternative
conditions throughout the build configuration.

Review URL: https://codereview.chromium.org/1719343004

Cr-Commit-Position: refs/heads/master@{#377053}
sigbjornf
Re-order unregistration and detachment of failed ScriptLoader.
For a ScriptLoader that fails to load its script resource, unregister
with the associated ScriptRunner before dispatching 'error'. This avoids
potential trouble should the onerror handler trigger nested access to
the ScriptRunner's (sync) script queue, if it ends up loading script
resources of its own.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1718083005

Cr-Commit-Position: refs/heads/master@{#376986}
davve
Prepare SVGImage for the default sizing algorithm
This patch aligns sizing in SVGImage with sizing done in
LayoutBoxModelObject::calculateImageIntrinsicDimensions()

Split SVGImage::containerSize() into two parts. On part that
calculates the concrete size.

The other part return containerSize(), with concrete object size as
fall-back for direct SVGImage::draw() users (webgl being the only one
known).

The long term plan is to only keep this sizing implementation and
remove the one in LayoutBoxModelObject. As long as SVG is the only
user of the complex version of the algorithm it makes sense to keep it
as SVG-only code.

BUG=581357

Review URL: https://codereview.chromium.org/1695243004

Cr-Commit-Position: refs/heads/master@{#376965}
davve
Clean up computeIntrinsicDimensions
No need to carry around Length for intrinsic width or height
anymore. A FloatSize does fine when all lengths are fixed.

BUG=581357, 585467

Review URL: https://codereview.chromium.org/1685353004

Cr-Commit-Position: refs/heads/master@{#376956}
sigbjornf
Sync leak expectations following r376816.
TBR=yosin,tkent
BUG=587424
NOTRY=true

Review URL: https://codereview.chromium.org/1727503002

Cr-Commit-Position: refs/heads/master@{#376939}
philipj
Add TODOs to convert from video-test.js to testharness.js
BUG=588956
R=mlamouri@chromium.org

Review URL: https://codereview.chromium.org/1715303002

Cr-Commit-Position: refs/heads/master@{#376938}
mstensho
Spec-compliant shorthand parsing of foo-break-(after,before,inside).
The CL that introduced the generic break-after, break-before and break-inside
properties deliberately violated the spec when it came to parsing the
page-break-(after,before,inside) shorthand properties. This was in order to
reduce the risk of a big revert, and instead remain as compatible as we could
with how we used to handle it prior to the introduction of the new generic
properties, i.e. when we parsed and stored separate properties for
page-break-foo and -webkit-column-break-foo, rather than treating them as
shorthands for break-foo.

BUG=223068

Review URL: https://codereview.chromium.org/1720063002

Cr-Commit-Position: refs/heads/master@{#376896}
rune
Removed Document::addedStyleSheet.
Replace it with resolverChanged(). It was only a call from StyleEngine
into Document and back into StyleEngine. Removed a couple of comments
referring to the removed method which were confusing/out-of-date.

Moved call to resolverChanged() immediately following
modifiedStyleSheetCandidateNode() into the latter method.

Made StyleEngine::markDocumentDirty() private.

No functional changes.

BUG=567021

Review URL: https://codereview.chromium.org/1721673002

Cr-Commit-Position: refs/heads/master@{#376894}
rune
Trigger options width update when option text changes.
Previously this was triggered by doing a full host subtree recalc on
shadow redistribution, but that recalc was removed as an optimization.

R=tkent@chromium.org
BUG=588585

Review URL: https://codereview.chromium.org/1719873002

Cr-Commit-Position: refs/heads/master@{#376880}
julienp
SingleSplitView did not take the view border into account when handling the splitter position. This fixes that.
Review URL: https://codereview.chromium.org/1702473002

Cr-Commit-Position: refs/heads/master@{#376876}
sigbjornf
Stop async spellchecker before running the leak detector.
Should a test finish up before all the spellcheck requests that
it (inadvertently?) generates have been asynchronously processed
and completed, it risks beomg reported as leaking.

These requests have no bearing on the correctness of the test
(if they did, the test would have to arrange to wait on their
outcomes), and can safely be cancelled before leak detection goes
ahead. Along with stopping the async spellchecker, this avoids
unnecessary flakiness from tests that involve spellchecking.

R=
BUG=587424

Review URL: https://codereview.chromium.org/1715203002

Cr-Commit-Position: refs/heads/master@{#376816}
mstensho
Run update_use_counter_css.py for r376249, r376148 and r376051.
R=holte@chromium.org

Review URL: https://codereview.chromium.org/1720823002

Cr-Commit-Position: refs/heads/master@{#376787}
rune
Ignore title attribute for style elements in shadow trees.
Title attributes on style elements in shadow trees should not set the
preferred stylesheet name for the whole document. Also, title on style
elements in shadow trees should not respond to the preferred stylesheet
set in the top document.

BUG=588718

Review URL: https://codereview.chromium.org/1717303002

Cr-Commit-Position: refs/heads/master@{#376776}
sigbjornf
Gracefully handle nested eventSender.beginDragWithFiles() attempts.
Programmatic drag operations in test code may attempt to initiate nested
file drag operations, something eventSender nor anyone else is prepared
for. Throw an error and cancel the current drag operation to discourage
(fuzzer?) code from attempting this.

R=dcheng,mkwst
BUG=479216

Review URL: https://codereview.chromium.org/1718463002

Cr-Commit-Position: refs/heads/master@{#376733}
philipj
Fix grammar (does->do) in border-image-sans-border-style deprecation
BUG=559258
R=cavalcantii@chromium.org

Review URL: https://codereview.chromium.org/1722543002

Cr-Commit-Position: refs/heads/master@{#376724}
auygun
Reland Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1713503002

Cr-Commit-Position: refs/heads/master@{#376711}
davve
Carry WebMediaSession in WebMediaPlayerParams
While general, this is Android focused in the short-term. It prepares
WebMediaPlayerAndroid for propagating its media session id, if any,
over IPC to the browser process where the media session integration
with the platform happens.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1648653002

Cr-Commit-Position: refs/heads/master@{#376707}
rune
Don't expose HTMLSlotElement if Shadow DOM V1 is not enabled.
Invoking toString on the element serialized to [object HTMLSlotElement]
which is not correct until we ship.

R=hayato@chromium.org,kochi@chromium.org
BUG=531990

Review URL: https://codereview.chromium.org/1717823002

Cr-Commit-Position: refs/heads/master@{#376701}
rune
Don't try to find a slot in a v0 shadow tree.
ElementShadow::assignedSlotFor asserts that it's only called for V1
ElementShadows and doesn't null check m_slotAssignment. Guard with an
if-check for V1 when assignedSlotFor from Node::assignedSlot like we
already do from Node::assignedSlotForBinding.

R=hayato@chromium.org,kochi@chromium.org
BUG=588209

Review URL: https://codereview.chromium.org/1717053002

Cr-Commit-Position: refs/heads/master@{#376699}
rune
Use invalidation sets to invalidate slotted elements.
Mark invalidation sets as invalidating slotted elements when the
invalidation set features come from a ::slotted pseudo element.

When we encounter a <slot> element during style invalidation, match the
invalidation sets marked as invalidating slotted elements against the
distributed nodes list for the <slot>.

R=hayato@chromium.org,kochi@chromium.org,ericwilligers@chromium.org
BUG=587746

Review URL: https://codereview.chromium.org/1717703002

Cr-Commit-Position: refs/heads/master@{#376698}
sigbjornf
Switch BlinkGCPluginConsumer to use ranged for-loops.
Modernize and consistently use ranged for-loops where possible.

R=haraken,thakis
BUG=

Review URL: https://codereview.chromium.org/1717433003

Cr-Commit-Position: refs/heads/master@{#376656}
rune
Trigger repaint on first paint only on pending stylesheet decrement.
Also, since Document::styleResolverChanged() is now just a call to
StyleEngine::resolverChanged(), remove it.

This is in preparation for splitting (style)resolverChanged() into more
descriptive methods on StyleEngine for what is necessary to nuke and
rebuild in the various cases. That, in turn, is in preparation for the
componentized style resolver and asynchronous update of active
stylesheets.

BUG=401359,567021

Review URL: https://codereview.chromium.org/1716803002

Cr-Commit-Position: refs/heads/master@{#376594}
fs
Rename -webkit-text to -internal-quirk-inherit, limiting it to UA style
Stop accepting the -webkit-text value for color properties in quirks mode.
Rename it to -internal-quirk-inherit to better match the naming in the
quirks mode spec [1].
Usage of this property value is low [2].

[1] https://quirks.spec.whatwg.org/#the-tables-inherit-color-from-body-quirk
[2] https://www.chromestatus.com/metrics/feature/timeline/popularity/942

BUG=586485

Review URL: https://codereview.chromium.org/1713513002

Cr-Commit-Position: refs/heads/master@{#376506}
asaka
Use std::isnan instead of isnan in global ns
BUG=

Review URL: https://codereview.chromium.org/1705173003

Cr-Commit-Position: refs/heads/master@{#376477}
fs
Add test from issue 50819
BUG=50819

Review URL: https://codereview.chromium.org/1716663004

Cr-Commit-Position: refs/heads/master@{#376463}
rune
Reland: Propagate inherited properties into slotted elements on recalc.
When we reach a <slot> element during recalc, we need to trigger recalc
of elements distributed to that slot for inheritance. This is similar
to what is done for InsertionPoint. I have however not found a case
where we need a bigger cannon than LocalStyleChange on the distributed
elements.

Made a few override methods final, expecting no inheritance of
HTMLSlotElement.

R=kochi@chromium.org,hayato@chromium.org
BUG=587797

Committed: https://crrev.com/e6491c6e66c3393363402f04f625959e29ba236c
Cr-Commit-Position: refs/heads/master@{#376406}

Review URL: https://codereview.chromium.org/1708213002

Cr-Commit-Position: refs/heads/master@{#376461}
sigbjornf
Fix non-Oilpan ref pointer usage over DOMTokenLists.
R=
BUG=584612
NOTRY=true

Review URL: https://codereview.chromium.org/1715653002

Cr-Commit-Position: refs/heads/master@{#376434}
tmoniuszko
[GN] Don't rewrite files with the same contents
Reland of https://codereview.chromium.org/1656253003 with fix.

Reason for revert:
Need to revert this patch according https://sites.google.com/a/chromium.org/dev/developers/tree-sheriffs/sheriffing-bug-queues. This patch added a flaky test FilesystemUtils.WriteFileIfChanged.

-----

It's a test flake:
1) Try to find the patch that caused the flake. It should be recent (e.g. last day or two) in all likelihood.
2) If successful with finding that patch, revert the patch. This is especially true if the flake is from a new test introduced in that patch.
3) Close the bug.

-----

The test has failed in the following builds:

http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176911
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176911
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176735
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176715
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176715
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176561
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176462
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176375

-----

Example failure:

[ RUN      ] FilesystemUtils.WriteFileIfChanged
../../tools/gn/filesystem_utils_unittest.cc:610: Failure
Expected: (last_modified) != (file_info.last_modified), actual: 2016-02-04 18:06:36.920 UTC vs 2016-02-04 18:06:36.920 UTC
[  FAILED  ] FilesystemUtils.WriteFileIfChanged (3 ms)
[315/315] FilesystemUtils.WriteFileIfChanged (3 ms)
Retrying 1 test (retry #2)
[ RUN      ] FilesystemUtils.WriteFileIfChanged
../../tools/gn/filesystem_utils_unittest.cc:610: Failure
Expected: (last_modified) != (file_info.last_modified), actual: 2016-02-04 18:06:36.936 UTC vs 2016-02-04 18:06:36.936 UTC
[  FAILED  ] FilesystemUtils.WriteFileIfChanged (2 ms)
[316/316] FilesystemUtils.WriteFileIfChanged (2 ms)
Retrying 1 test (retry #3)
[ RUN      ] FilesystemUtils.WriteFi