Opera Software upstreamed commits

Upstreamed commits in Chromium: 4881, Blink: 3474, V8: 22.

Click message to expand

Chromium

Author Message When
rune
markDocumentDirty() before styleResolverChanged().
markDocumentDirty() was called after the active stylesheet list was
updated which left the tree-scope dirty after everything else was clean.

Switched the order of the statements.

R=hayato@chromium.org

Review URL: https://codereview.chromium.org/1684193003

Cr-Commit-Position: refs/heads/master@{#375139}
rune
Invalidate :-webkit-any-link for visited state changes.
We did style invalidation for :visited and :link, but UA style uses
color: -webkit-link with :-webkit-any-link and let -webkit-link be
translated into two different colors in the implementation instead of
using :visited and :link in the stylesheet.

Adding style invalidation of :-webkit-link as well. We already did that
for attribute changes on <a> and <svg:a>.

R=tkent@chromium.org
BUG=586190

Review URL: https://codereview.chromium.org/1689873004

Cr-Commit-Position: refs/heads/master@{#375138}
sigbjornf
Have ASan ignore ObjectAliveTrait<>::isHeapObjectAlive() applied to mixins
When Heap::willObjectBeLazilySwept<T>() is used on a lazy-sweepable
object where T is a mixin, the mixin's isHeapObjectAlive() virtual will
have to be used to adjust the object pointer to the head of the object.

It is unlikely that a compiler will devirtualize that call hence
mark the isHeapObjectAlive() as ASan ignorable.

R=
BUG=

Review URL: https://codereview.chromium.org/1695493002

Cr-Commit-Position: refs/heads/master@{#375137}
mstensho
Cannot do simplified layout on an object that contains a column-spanner.
Introducing LayoutFlowThread::canSkipLayout(). The implementation of this
method needed two pieces of simple functionality that already existed in other
methods. Refactored them into separate functions, instead of duplicating the
code.

BUG=512757

Review URL: https://codereview.chromium.org/1691053002

Cr-Commit-Position: refs/heads/master@{#375071}
mstensho
Remaining page height should never be 0 when told to AssociateWithLatterPage.
However, the laws of nature behave differently as LayoutUnit approaches
infinity. Just use the fragmentainer height instead of zero, but assert that
we're actually dealing with saturated arithmetic.

BUG=524882

Review URL: https://codereview.chromium.org/1691003003

Cr-Commit-Position: refs/heads/master@{#375059}
davve
Pass executionContext to document.createEvent()
In the long run, createEvent() should only work for whitelisted event
interfaces. An execution context is needed for taking the first steps
by adding use counters and doing deprecations.

BUG=569690

Review URL: https://codereview.chromium.org/1677033002

Cr-Commit-Position: refs/heads/master@{#374913}
sigbjornf
Add missing opener frame null check.
Opening a new window requires access to the calling window's frame, and
isn't supported otherwise. Add missing null check.

R=
BUG=541010

Review URL: https://codereview.chromium.org/1682173004

Cr-Commit-Position: refs/heads/master@{#374912}
davve
Expand IntrinsicSizingInfo for SVG
Add fields to IntrinsicSizingInfo specifying whether the intrinsic
width and height are specified or not. For SVGs there is a distinction
between missing width/height and setting width/height to 0. There is
code in LayoutReplaced that has specific hooks into the SVG code to
make this distinction. By having separate fields in
IntrinsicSizingInfo this entanglement can be broken.

BUG=585467

Review URL: https://codereview.chromium.org/1679743006

Cr-Commit-Position: refs/heads/master@{#374909}
philipj
Use effectivePreloadType() where possible
preloadType() is still used in two places where it ideally should not,
HTMLMediaElement::setPlayerPreload and HTMLMediaElement::seek, but
changing those would probably be observable and need tests.

Drive-by: Drop two unused HTMLMediaElement state bits

R=fs@opera.com

Review URL: https://codereview.chromium.org/1687793002

Cr-Commit-Position: refs/heads/master@{#374897}
sigbjornf
Oilpan: ImageObserver needs to be a GC mixin.
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1610883002

Cr-Commit-Position: refs/heads/master@{#374896}
fs
Factor out the <textPath> positioning mapping code into a helper class
Since <textPath> will be getting a bunch of smaller new features - all
which essentially revolving around how the actual position is computed,
or how the actual path is setup, wrap the code that performs the
mapping from a location to a point on the path in a helper. The helper
is called PathPositionMapper, and for now resides with
LayoutSVGTextPath since that's the object that sets up the path data.

BUG=366559

Review URL: https://codereview.chromium.org/1683903004

Cr-Commit-Position: refs/heads/master@{#374893}
sigbjornf
Fix adopt-iframe-src-attr-after-remove.html flaky failure, attempt 2.
Test still flaky following r374872; make the ordering between timer
operations explicit -- requiring the onload's GC to have completed
before running the main part of this test.

(Semi-blind attempt, unable to reproduce locally.)

R=haraken
BUG=584209

Review URL: https://codereview.chromium.org/1689903002

Cr-Commit-Position: refs/heads/master@{#374889}
sigbjornf
Fix adopt-iframe-sec-attr-after-remove.html failure.
Delay GC until back at the event loop.

R=haraken
BUG=584209

Review URL: https://codereview.chromium.org/1692483002

Cr-Commit-Position: refs/heads/master@{#374872}
sigbjornf
Fix non-Oilpan build following r371046.
TBR=oilpan-reviews
BUG=552289

Review URL: https://codereview.chromium.org/1689773002

Cr-Commit-Position: refs/heads/master@{#374772}
sigbjornf
Fix non-Oilpan build following r374308.
TBR=oilpan-reviews
BUG=503491

Review URL: https://codereview.chromium.org/1688893002

Cr-Commit-Position: refs/heads/master@{#374724}
philipj
Rename XMLHttpRequestProgressEventThrottle to ProgressEventThrottle
XMLHttpRequestProgressEvent is no more.

BUG=357112
R=chrishtr@chromium.org

Review URL: https://codereview.chromium.org/1690503002

Cr-Commit-Position: refs/heads/master@{#374683}
mostynb
gn: make device/battery build on embedded linux
The logic for when to include the linux dbus implementation
falls into three cases: chromeos, non-chromeos linux with
dbus, and non-chromeos linux without dbus.

By using just the is_chromeos, is_linux and use_dbus
variables, this code will also build successfully on
embedded linux targets.

Review URL: https://codereview.chromium.org/1674233002

Cr-Commit-Position: refs/heads/master@{#374654}
davve
Introduce IntrinsicSizingInfo
Prepare for passing more information along, specifically whether
intrinsic sizes are specified, when computing intrinsic sizing
information. Do this by introducing a struct carrying the relevant
information. No functional change expected.

Factor out a part of computeAspectRatioInformationForLayoutBox (now
named computeIntrinsicSizingInfoForLayoutBox) and put in a separate
function constrainIntrinsicSizeToMinMax. In the process remove a FIXME
about moving code back to some undefined previous state that's
confusing now that the code has moved around even more.

BUG=585467

Review URL: https://codereview.chromium.org/1687503002

Cr-Commit-Position: refs/heads/master@{#374635}
rune
Remove unnecessary recalc of host subtree on distribute.
Nodes which need style recalculations after being distributed to new
insertion points, new positions within insertion points, or simply not
distributed anymore, are being reattached in
InsertionPoint::setDistributionNodes().

R=hayato@chromium.org,kochi@chromium.org,esprehn@chromium.org
TEST=fast/dom/shadow,fast/css
BUG=584177

Review URL: https://codereview.chromium.org/1677463002

Cr-Commit-Position: refs/heads/master@{#374629}
sigbjornf
Add registerNodeListWithIdNameCache() assert.
Follow up r374385 and catch out unsupported multiple registrations.

R=haraken
BUG=585054

Review URL: https://codereview.chromium.org/1683783002

Cr-Commit-Position: refs/heads/master@{#374614}
sigbjornf
Retire temporary cssTextCache() release assert.
R=
BUG=584692

Review URL: https://codereview.chromium.org/1682763003

Cr-Commit-Position: refs/heads/master@{#374611}
fs
Remove unused LayoutSVGTextPath::m_layoutPath
This member was probably intended for caching the path at some point in
time, but it isn't used at all at the moment. Remove it for now - maybe
something like it will make a comeback in the future.

Review URL: https://codereview.chromium.org/1686593002

Cr-Commit-Position: refs/heads/master@{#374490}
fs
Remove references to SVGPathElement from SVGAnimatedPath
There's no longer a need for being this specific. Just use SVGElement.

Review URL: https://codereview.chromium.org/1674353005

Cr-Commit-Position: refs/heads/master@{#374447}
fs
Move pathLength scale-factor computation to SVGPathElement
There'll eventually be more users of it. Maybe by means of the bug
referenced below.

BUG=366559

Review URL: https://codereview.chromium.org/1680183002

Cr-Commit-Position: refs/heads/master@{#374446}
philipj
Remove XMLHttpRequestProgressEvent (position and totalSize)
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/bpbq0Rcpauk/cnpJtHddAgAJ

BUG=357112

Review URL: https://codereview.chromium.org/1681923002

Cr-Commit-Position: refs/heads/master@{#374434}
davve
Make object-sizing-zero-intrinsic-width-height a javascript test
A javascript test can detect failures at a more fine-grained level and
is potentially less performance intensive.

BUG=585467

Review URL: https://codereview.chromium.org/1681013004

Cr-Commit-Position: refs/heads/master@{#374408}
sigbjornf
Do not re-register cached id-name HTMLCollection at same invalidation type.
An HTMLCollection creates an id-name cache for namedItem()/item() lookups.
To handle document tree invalidations following id-name mutations, the
HTMLCollection must then register with the document has having such a
cached collection.

This is done "by proxy", registering the HTMLCollection as being
dependent on id-name invalidation. This registration for the cache being
quite possibly in addition to the collection invalidation type that the
HTMLCollection is already registered at. The HTMLCollection implementation
then naturally taking care to unregister if the cache is invalidated and
cleared.

With Oilpan, the document keeps a weak set of references to these
live collections. So in the event that the HTMLCollection is already
an id-name collection and it registers its id-name cache (by proxy)
with the document, it will re-register the same collection object.
Upon invalidation of the id-name cache the unregistration will then
remove the HTMLCollection entirely as being dependent on id-name
related invalidation notifications. That lack of invalidations can
in certain circumstances lead to failure (see test.)

Address the problem by having id-name HTMLCollections not bother
with (un)registering the id-name cache as (another) live collection.
It adds no value, the collection object is already registered.

(This worked out non-Oilpan as the document there keeps bin counts
per collection invalidation type, allowing "duplicates" from the
same object.)

R=haraken
BUG=585054

Review URL: https://codereview.chromium.org/1674273004

Cr-Commit-Position: refs/heads/master@{#374385}
rune
Only cache nth-indices when child count > 32.
When matching :nth-* selectors, we sparsely cache the child index count
into a hashmap for the parent element. Doing this regardlessly gave us
a performance penalty for small number of children as where noticed in
a performance degradation for [1].

The new approach is to not cache any indices until we match an :nth-*
selector for which we walk more than 32 siblings. The number 32 were
proposed in the bug report, and it turns out to be quite suitable given
the experiments which were done comparing the implementation not using
a cache at all, and the implementation where we cached regardlessly.

We trigger caching for nth-of-type indices based on the sibling count
as well, but not the sibling-of-type count as that would cause terrible
performance if the elements of the same type were sparse compared to
other siblings.

Gives a > 40% performance improvement for [1].

[1] blink_perf.css:PseudoClassSelectors.

BUG=483338
TEST=blink_perf.css:PseudoClassSelectors

Review URL: https://codereview.chromium.org/1655993005

Cr-Commit-Position: refs/heads/master@{#374356}
mostynb
update obsolete code.google.com documentation links
This is a documentation-only change.

Disabling presubmit checks, due to "noparent" settings for the following files:
components/policy/resources/policy_templates.json
content/common/font_config_ipc_linux.h

BUG=567488
NOPRESUBMIT=true
TBR=atwilson,dcheng

Review URL: https://codereview.chromium.org/1592403002

Cr-Commit-Position: refs/heads/master@{#374213}
perja
bluetooth: android: Fix a couple of crashes when adapter is turned on/off.
These changes fixes the crashes found when toggling the adapter on/off
when device chooser dialog is used in web-bluetooth.

BUG=570610

Review URL: https://codereview.chromium.org/1610053005

Cr-Commit-Position: refs/heads/master@{#374145}
fs
Add override qualifier to SVGStaticStringList::setBaseValueAsString
Overrides method from SVGAnimatedPropertyBase.

Review URL: https://codereview.chromium.org/1673203002

Cr-Commit-Position: refs/heads/master@{#374127}
sigbjornf
Conditionally define PersistentNode destructor.
R=
BUG=

Review URL: https://codereview.chromium.org/1674113002

Cr-Commit-Position: refs/heads/master@{#374093}
sigbjornf
Improve MediaStreamTrack's hasPendingActivity predicate.
Make the predicate more precise; MediaStreamTrack objects only need
to have their lifetimes prolonged in certain non-ended states. See
comment for details.

R=haraken
BUG=583264

Review URL: https://codereview.chromium.org/1680563002

Cr-Commit-Position: refs/heads/master@{#374090}
sigbjornf
Tidy up inclusion of WebScheduler.h
Hygiene; insist on IWYU for WebScheduler.h also.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1680503002

Cr-Commit-Position: refs/heads/master@{#374055}
sigbjornf
Fix non-Oilpan build following r373473.
TBR=oilpan-reviews,rune@opera.com
BUG=

Review URL: https://codereview.chromium.org/1671263003

Cr-Commit-Position: refs/heads/master@{#374040}
sigbjornf
Revert of Don't set the origin twice when navigating for javascript: URLs (patchset #2 id:20001 of https://codereview.chromium.org/1670173002/ )
Reason for revert:
Number of MSan failures reported, https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20MSAN/builds/8451

Original issue's description:
> Don't set the origin twice when navigating for javascript: URLs
>
> As javascript: navigations will end up with a document that has the
> original document's URL, we shouldn't run the algorithm to determine
> origin on the original URL, especially since we'll override the origin
> later anyways.
>
> BUG=583445
> R=japhet@chromium.org,dcheng@chromium.org,mkwst@chromium.org
>
> Committed: https://crrev.com/75b27bda96f0fe77d40b502642d6669531981a49
> Cr-Commit-Position: refs/heads/master@{#373917}

TBR=dcheng@chromium.org,japhet@chromium.org,mkwst@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=583445

Review URL: https://codereview.chromium.org/1676793003

Cr-Commit-Position: refs/heads/master@{#374021}
fs
Remove the SVG parsing "generic error" reporting special case
With most error-reporting sites switched to using non-generic errors, the
workaround for the generic error message can be removed - giving all messages
a similar structure ("<context>: <message>").

BUG=231612

Review URL: https://codereview.chromium.org/1668183002

Cr-Commit-Position: refs/heads/master@{#373941}
fs
Error reporting for number-or-percentage
Move parseNumberOrPercentage from SVGParserUtilities to SVGNumber (since
it's the only user) and simplify it.

BUG=231612

Review URL: https://codereview.chromium.org/1667353003

Cr-Commit-Position: refs/heads/master@{#373899}
fs
Error reporting for SVGAngle
Refactor the local helepr stringToAngleType(...) to only advance past
complete matches (of units).

BUG=231612

Review URL: https://codereview.chromium.org/1669333002

Cr-Commit-Position: refs/heads/master@{#373888}
fs
Cleanup includes of XLinkNames.h
Remove includes which are not used, and use the imageSourceURL() method
in one place to abstract away future uses of 'href'.

BUG=584142

Review URL: https://codereview.chromium.org/1666363007

Cr-Commit-Position: refs/heads/master@{#373866}
sigbjornf
Do not let go of MediaStreamTracks too early.
Add missing hasPendingActivity() predicate.

R=haraken
BUG=583264

Review URL: https://codereview.chromium.org/1671033002

Cr-Commit-Position: refs/heads/master@{#373864}
sigbjornf
Avoid data race on CrossThreadPersistents during thread detachment.
As part of detaching a thread from Oilpan and emptying its heap, the
CrossThreadPersistent<>s pointing into that heap are cleared. Doing
so entails traversing the collection of such persistents and checking
their heap membership -- that traversal might race with other threads
who are not at any safepoint.

To avoid the race, insist that updates to CrossThreadPersistent<>s are
atomic along with the corresponding read when doing the above
traversal.

R=haraken
BUG=584250

Review URL: https://codereview.chromium.org/1670813004

Cr-Commit-Position: refs/heads/master@{#373814}
rune
Fixed for-loop increments in InsertionPoint::setDistributedNodes.
When we reached the end of the old/new distributed nodes in the inner
for-loop, we would do an extra increment of the index of the new/old
distributed nodes which would then lead to skipping reattach for one of
the elements.

Also removed the special treatment of reattaching fallback elements as
they would be part of the new/old vector and shouldn't need special
treatment.

The added test is currently not failing as it's hidden by a
SubtreeStyleChange on the host element which I'll try to remove in a
separate CL.

R=hayato@chromium.org,kochi@chromium.org,esprehn@chromium.org
BUG=584617

Review URL: https://codereview.chromium.org/1671873002

Cr-Commit-Position: refs/heads/master@{#373805}
sigbjornf
Split out fallback stack limit determination.
In case we're unable to get an estimate of the stack size for a platform
thread, a small stack size is assumed and its effective upper bound is
then probed and computed.

Do that in a separate method to avoid compiler-injected stack exhaustion checks
(MSVC's _chkstk()) from being always run for StackFrameDepth::enableStackLimit().
This also facilitates running GCs when up against stack pressure on Windows
platforms.

R=haraken
BUG=582819

Review URL: https://codereview.chromium.org/1673543002

Cr-Commit-Position: refs/heads/master@{#373787}
bratell
Set DOM Storage buffer size so that not everything ends up in RAM
When a database is opened the log file is read and if the write
buffer is large then it stays in memory, and this happens
every time the browser starts. By reducing the write buffer
the log file will be written into the database the first time
and then very little RAM will be used for that data.

BUG=583629

Review URL: https://codereview.chromium.org/1668463003

Cr-Commit-Position: refs/heads/master@{#373780}
landell
Use std::isnan instead of isnan in global ns
BUG=

Review URL: https://codereview.chromium.org/1665763002

Cr-Commit-Position: refs/heads/master@{#373548}
tmoniuszko
[GN] Don't rewrite files with the same contents
BUG=

Review URL: https://codereview.chromium.org/1656253003

Cr-Commit-Position: refs/heads/master@{#373544}
sigbjornf
Annotate TimerBase::CancellableTimerTask destructor as ASan ignorable.
Just like its run() method, the destructor may touch its Timer owner when
it is in a to-be-swept state; allow it.

R=haraken
BUG=581448

Review URL: https://codereview.chromium.org/1666133002

Cr-Commit-Position: refs/heads/master@{#373534}
mstensho
Remove unreachable code from TransformState::move().
Review URL: https://codereview.chromium.org/1661153002

Cr-Commit-Position: refs/heads/master@{#373530}
davve
Inline SVGImage::setContainerSize() and remove extra resize call
DrawInternal() is responsible for resizing the frame to the new
container size. Setting the frame size to the old container size
temporarily ought to be a redundant operation.

BUG=581357

Review URL: https://codereview.chromium.org/1667053002

Cr-Commit-Position: refs/heads/master@{#373517}
sigbjornf
If marking system stack is unknown, be more forgiving about stack depths.
In case we're unable to determine the stack size available for the GC
marking pass, a very conservative fallback size is used -- that size
being used to decide if the marking pass should switch to using lazy
marking instead.

If the fallback size is in effect, have the debug assert intended to catch
out unintentionally deep trace chains be more forgiving.

R=
BUG=581913

Review URL: https://codereview.chromium.org/1663823002

Cr-Commit-Position: refs/heads/master@{#373514}
sigbjornf
Reorder ScriptLoader fields to help diagnose object inconsistency.
crbug.com/570012 is showing signs of a ScriptLoader field update not
persisting on some platforms; reorder the fields to speculatively try
to perturb status.

R=
BUG=570012

Review URL: https://codereview.chromium.org/1666093002

Cr-Commit-Position: refs/heads/master@{#373505}
tmoniuszko
Support different project toolchains
Solution may contain projects configured to use non-default toolchains.
For instance solution with "Debug|Win32" configuration may contain some
projects with "Debug|x64" configuration.

BUG=305761

Review URL: https://codereview.chromium.org/1667773002

Cr-Commit-Position: refs/heads/master@{#373503}
fs
Don't propagate bbox for empty <text> to ancestors
If we have a <text> element which is "empty" (essentially has no text
content after collapsing spaces), then its bounding box would be empty,
but would still be propagated to the bounding boxes of the ancestors -
which could span them out to be bigger than expected. Similarly they
could be subject to their userspace transform with a similar effect.

Skip propagation of empty <text> element - where "empty" is defined as
"has no line boxes".

BUG=450229

Review URL: https://codereview.chromium.org/1661983002

Cr-Commit-Position: refs/heads/master@{#373501}
davve
Atomic scaling in ImageResource::imageSize()
Since https://codereview.chromium.org/1634133003/ there is only
hasRelativeSize(), no hasRelative{Width,Height}(). The code affected
by this patch was written under the latter assumption. With only
hasRelativeSize() the code can be simplified a bit to either scale or
return early.

Also remove useless ASSERT. |multiplier| is always non-equal to one in
that code branch so the assert doesn't check anything meaningful.

BUG=581357

Review URL: https://codereview.chromium.org/1661013002

Cr-Commit-Position: refs/heads/master@{#373496}
sigbjornf
Allow cssTextCache to be used on the main thread only.
https://codereview.chromium.org/864143006 tentatively made this
singleton cross-thread usable. (Repeated) testing doesn't indicate
that it is used outside the main thread, hence switch back to using
DEFINE_STATIC_LOCAL().

R=haraken,timloh
BUG=549732

Review URL: https://codereview.chromium.org/1667813002

Cr-Commit-Position: refs/heads/master@{#373493}
fs
Additional errors for SVG transform list parsing
This adds specific error messages for missing/incorrect transform
functions and missing '(' at the start of a transform function argument
list.

BUG=231612

Review URL: https://codereview.chromium.org/1663753003

Cr-Commit-Position: refs/heads/master@{#373491}
tmoniuszko
Make sure VS projects order is always the same in solution
Solution file is being rewritten and reloaded by Visual Studio if projects
order changes during 'gn gen' command.

BUG=305761

Review URL: https://codereview.chromium.org/1667553003

Cr-Commit-Position: refs/heads/master@{#373486}
rune
Incorrect setHasMediaQueries() when @media rule is dropped.
Trying to insert an @media rule into a stylesheet were incorrectly
marking the stylesheet as containing media queries before the media
rule was dropped because it was inserted before an @namespace rule.

That caused unnecessary rebuilding of rule sets for the stylesheet with
the dropped rule when a media query evaluation changed in some other
stylesheet.

R=timloh@chromium.org

Review URL: https://codereview.chromium.org/1669493006

Cr-Commit-Position: refs/heads/master@{#373473}
fs
Rename local limit variable in SVG transform argument parsing
Rename maxPossibleParams to requiredWithOptional to more precisely
describe what it is.

BUG=231612

Review URL: https://codereview.chromium.org/1655153002

Cr-Commit-Position: refs/heads/master@{#373217}
mstensho
Introduce RenderingTest::getLayoutObjectByElementId().
Because it's boring to type document().getElementById("foo")->layoutObject().

Review URL: https://codereview.chromium.org/1662483002

Cr-Commit-Position: refs/heads/master@{#373150}
fs
Support 'pathLength' for stroking operations on <path>
This implements support for the 'pathLength' attribute on <path>.

BUG=536217

Review URL: https://codereview.chromium.org/1376523002

Cr-Commit-Position: refs/heads/master@{#373110}
fs
Error reporting for SVG transform lists
Report too short/long argument lists to transform functions as well as
trailing garbage (separators). Could still be improved wrt invalid
transform functions and missing opening parenthesis.

BUG=231612

Review URL: https://codereview.chromium.org/1659513002

Cr-Commit-Position: refs/heads/master@{#373100}
tommyt
Call BluetoothGatt#close() after disconnecting
This fixes the problem where connections are never properly removed,
causing the BluetoothAdapter to eventually not be able to connect at
all.

BUG=576819

Review URL: https://codereview.chromium.org/1618273002

Cr-Commit-Position: refs/heads/master@{#372986}
tmoniuszko
Use ElapsedTimer to measure VS files generation time in GN
BUG=305761

Review URL: https://codereview.chromium.org/1651113002

Cr-Commit-Position: refs/heads/master@{#372912}
sigbjornf
Support reviving a disposed plugin container.
When a plugin element updates its 'persisted' renderless widget (a plugin
container most likely), we notify the previous one kept as having been
detached and disposed of. The plugin container must then promptly clear
the reference to its external WebPlugin (and others), for safety.

It is however possible for the embedder to still keep references to that
plugin container and afterwards revive it by assigning it a replacement
plugin. Support such revivification.

R=haraken
BUG=582811

Review URL: https://codereview.chromium.org/1652093002

Cr-Commit-Position: refs/heads/master@{#372907}
mstensho
LayoutBox cannot be non-atomic inline.
Don't account for such a situation. Instead, just assert that
it doesn't happen.

Review URL: https://codereview.chromium.org/1658643002

Cr-Commit-Position: refs/heads/master@{#372823}
davve
Document lifecycle violation workaround
Add comments describing how scheduleSVGFilterLayerUpdateHack's
lifecycle violation is handled and remove stale comments about
<iframe> compositioning long fixed.

NOTRY=true

Review URL: https://codereview.chromium.org/1544973002

Cr-Commit-Position: refs/heads/master@{#372715}
bratell
Handle NaN in the Audio delay curves.
Since switching from std::min to clampTo NaN has caused ASSERTs.
This restores the old behaviour of no ASSERT and a delay interpreted
as maxDelayTime.

BUG=582699
R=rtoy@chromium.org

Review URL: https://codereview.chromium.org/1657763002

Cr-Commit-Position: refs/heads/master@{#372710}
sigbjornf
Make copyToVector() robust against conservative GCs.
When resizing copyToVector()'s incoming vector to match the size of
the collection being copied from, do this in a manner that locks out
GCs across that vector backing store allocation.

If not, there's a risk that the collection's size might shrink across
that GC, and leave the vector as having an overestimated size.
copyToVector() will in that case unexpectedly encounter empty
elements in the tail, and fail.

This can only happen for Oilpan heap collections having weak references..
and that collection is not directly stack-reachable when a conservative
GC triggers. Rare, but copyToVector()'s obligation to make that safe
rather than its callers.

R=haraken
BUG=581698

Review URL: https://codereview.chromium.org/1652953002

Cr-Commit-Position: refs/heads/master@{#372693}
fs
Refactor parsing in SVGTransformList
In preparation for extended error reporting.

Split SVGTransform creation out of parseTransformOfType, and then fold
the remains into parseTransformParamList - naming the result
parseTransformArgumentsForType. Use a Vector with suitable
initial-capacity rather than a float[]. Change the handling trailing
commas so that it is not triggered when the maximum number of arguments
are reached. (This will allow for better errors to be reported in some
cases.)
Change parseAndSkipTransformType to return the parsed type via the
return value rather than an out parameter.
Reduce the number of calls to skipOptionalSVGSpaces in parseInternal
and parseTransformArgumentsForType, and make better use of the return
value from it.

Also make SVGTransformList::consolidate() and add() use initialize(...)
rather than open-coding it.

BUG=231612

Review URL: https://codereview.chromium.org/1643243002

Cr-Commit-Position: refs/heads/master@{#372656}
fs
Use StylePath instead of (Path)StyleMotionPath
Replace uses of PathStyleMotionPath with StylePath and remove the former
as well as the StyleMotionPath base-class. The methods length() and
isClosed() are transferred to StylePath.
Pass const CSSValue& to StyleBuilderConverter::convertPath (fixup to
https://codereview.chromium.org/1545713003) necessitating mutability.
Convert motion-path style building to use a converter.

BUG=535429

Review URL: https://codereview.chromium.org/1649003002

Cr-Commit-Position: refs/heads/master@{#372643}
sigbjornf
Fix safepoint entering when waiting for a debugger task.
When attempting to run worker debugger tasks, a timed wait is made on
the underlying task queue. While doing so, we are at a safepoint wrt
Blink GCs for the worker, and enter a safepoint scope.

The worker thread's stack will not be empty and clear of potential heap
references at that point; enter the safepoint with an appropriate
stack state.

R=
BUG=582710

Review URL: https://codereview.chromium.org/1656533002

Cr-Commit-Position: refs/heads/master@{#372570}
mostynb
support symlinks in zip files in build_utils.ExtractAll
Without this, extracting zip files which contain symlinks does not
work- instead of creating symlinks, regular files are written with
the symlink target.

Review URL: https://codereview.chromium.org/1641703002

Cr-Commit-Position: refs/heads/master@{#372557}
mstensho
Refuse to paginate if page height is 0.
When printing a document with an IFRAME, we first call
Document::setPrinting(true) on the root document and lay it out, then call
setPrinting(true) on the IFRAME document and lay it out. When we're done
printing, we first call setPrinting(false) on the root document and lay it out.
If this layout pass causes the IFRAME to be resized, we'll lay out the document
inside the IFRAME as well. When reaching LayoutView::layout() for the IFRAME
now, shouldUsePrintingLayout() will return true [1], and we'll establish a
ViewFragmentationContext for the child frame. This is harmful, since page
logical height is 0, and we'd end up dividing by zero when attempting to figure
out how much space we have left on a page for a given offset inside a multicol
container.

[1] shouldUsePrintingLayout() normally returns true for root frames only, with
one exception: if the child document is printing(), while the parent isn't. The
intention with this exception is to be able to print only an IFRAME
(iframeElement.contentWindow.print()), but in this case it had a nasty
side-effect.

BUG=578726
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1603613002

Cr-Commit-Position: refs/heads/master@{#372454}
fs
Error reporting for SVGInteger and SVGIntegerOptionalInteger
Also includes a minor cleanup of SVGInteger::setValueAsString.

BUG=231612

Review URL: https://codereview.chromium.org/1644293003

Cr-Commit-Position: refs/heads/master@{#372401}
sigbjornf
Keep (Heap)TerminatedArray in a consistent state while building.
When building a (Heap)TerminatedArray<T>, be careful to always have a
'last marker' set while doing so. Otherwise, should a conservative GC
strike while building, there's no last marker to terminate the tracing
of the HeapTerminatedArray<> elements.

R=haraken
BUG=581698

Review URL: https://codereview.chromium.org/1650123002

Cr-Commit-Position: refs/heads/master@{#372367}
bratell
[BinarySize] Filter duplicate lines in nm output.
nm just outputs the symbols it finds in the debug sections of the binary
and sometimes the same symbol appears more than once, with the exact
same data.

The binary_size tool would think that it was two different symbols that
shared the same address so it would get the numbers right, but the
output would be confusing since the memory would be split in two
halves.

BUG=

Review URL: https://codereview.chromium.org/1645843004

Cr-Commit-Position: refs/heads/master@{#372359}
tmoniuszko
Visual Studio generators for GN
BUG=305761

Review URL: https://codereview.chromium.org/1570113002

Cr-Commit-Position: refs/heads/master@{#372354}
rune
No pseudo elements in SelectorChecker::Mode QueryingRules.
QueryingRules mode is used by the Selectors APIs and when selecting
distributed nodes from the select attribute of the <content> element in
Shadow DOM V0.

CSSSelector::isCompound called from HTMLContentElement::validateSelect
makes sure we don't pass selectors with pseudo element selectors to the
rule collector.

Here we introduce a check which skips adding a selector to the selector
list in SelectorDataList if it will match a pseudo element. Such
selectors are still valid, and won't throw, but will result in an empty
result. If no selectors are added to SelectorDataList, we just skip the
DOM traversal.

This means we can replace the QueryingRules check in checkPseudoElement
with an assert.

BUG=489481

Review URL: https://codereview.chromium.org/1602833002

Cr-Commit-Position: refs/heads/master@{#372342}
rune
Add use counter for indirect adjacent selectors.
R=ojan@chromium.org
BUG=378058

Review URL: https://codereview.chromium.org/1641583002

Cr-Commit-Position: refs/heads/master@{#372341}
fs
Refactor away SVGPathSource
This CL moves the SVGPathParser::initialCommandIsMoveTo functionality into
the path data sources that needs this check - eliminating the need for the
SVGPathSource method peekSegmentType.
This leaves SVGPathParser::parsePath as a fairly trivial loop doing
parseSegment + emitSegment. Converting this function to a templated one,
The remaining two methods of the SVGPathSource interface no longer need to
be (called) virtual(ly) - allowing us too remove the interface entirely,
and simplify and inline code (hasMoreData) accordingly.
The net effect on (binary) code size is a roughtly 1.5k reduction.
Also rename and refactor some of the helpers in SVGPathStringSource.cpp
to try to better illustrate what they are used for.

BUG=467592

Review URL: https://codereview.chromium.org/1646543004

Cr-Commit-Position: refs/heads/master@{#372329}
sigbjornf
Support weak WebPrivatePtr<>s.
Parameterize WebPrivatePtr<> over the strength of the reference it maintains:

 WebPtrivatePtr<T, crossThreadDestruction, strongOrWeak>

where

 crossThreadDestruction = WebPrivatePtrDestruction{SameThread, CrossThread}
 strongOrWeak = WebPrivatePtrStrength::{Normal, Weak}

If Normal, the reference is the normal strong kind, which means either
a RefPtr<> or a strong off-heap (CrossThread)Persistent<T> Oilpan reference.

If Weak, the Oilpan reference will be (CrossThread)WeakPersistent<T>, meaning
that the WebPrivatePtr<> will not keep the object alive on its own. Any
dereference of the WebPrivatePtr<> will consequently have to check if the
reference has been cleared before using.

The abstraction doesn't currently support weak non-Oilpan references.

R=
BUG=

Review URL: https://codereview.chromium.org/1618043003

Cr-Commit-Position: refs/heads/master@{#372324}
fs
Don't give 'order' semantic errors special treatment
Just set the parse status to the (new) error code for "zero value" or
"negative value" and let it propagate.
This makes SVGDocumentExtensions::reportWarning dead, so remove it.

BUG=231612

Review URL: https://codereview.chromium.org/1645043002

Cr-Commit-Position: refs/heads/master@{#372176}
sigbjornf
Speculatively handle weak member clearing while creating iteration vector.
CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173

Review URL: https://codereview.chromium.org/1642913002

Cr-Commit-Position: refs/heads/master@{#372112}
sigbjornf
Fix non-Oilpan build following r372015.
TBR=oilpan-reviews,tkent
BUG=477839
NOTRY=true

Review URL: https://codereview.chromium.org/1640233005

Cr-Commit-Position: refs/heads/master@{#372091}
sigbjornf
RenderViewTest: really drain the event loop before shutting down Blink.
And with that in place, undo the partial fix by r371169.

R=haraken,jochen
BUG=581948
NOTRY=true

Review URL: https://codereview.chromium.org/1645923002

Cr-Commit-Position: refs/heads/master@{#372088}
sigbjornf
Let notifyScriptLoadError() handle already detached ScriptLoaders.
If a ScriptRunner has been disposed of already, allow ScriptLoaders
to notify of their failure without asserting.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1642863002

Cr-Commit-Position: refs/heads/master@{#372075}
sigbjornf
Revert of Let notifyScriptLoadError() handle already detached ScriptLoaders. (patchset #3 id:40001 of https://codereview.chromium.org/1644483002/ )
Reason for revert:
The change here assumes PendingScripts are separately allocated objects, an M50 change. This makes for more difficult backporting. Unnecessarily so.

Hence reverting and will reland a variation ( https://codereview.chromium.org/1642863002/ ) that works for older branches.

Original issue's description:
> Let notifyScriptLoadError() handle already detached ScriptLoaders.
>
> If a ScriptRunner has been disposed of already, allow ScriptLoaders
> to notify of their failure without asserting.
>
> R=haraken
> BUG=570012
>
> Committed: https://crrev.com/e7bf58190483dffac8e78506884170720165b198
> Cr-Commit-Position: refs/heads/master@{#371772}

TBR=haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=570012

Review URL: https://codereview.chromium.org/1640263004

Cr-Commit-Position: refs/heads/master@{#372058}
rune
Moved element style recalc count and stats to StyleEngine.
There are two element style recalc counters, one in Document, and one
in StyleResolver. The one in StyleResolver includes pseudo elements in
that count. We are unifying thesie counts keeping pseudo elements
included which means that the element recalc count will be higher for
tracing and the inspector, but unchanged for
internals.updateStyleAndReturnAffectedElementCount().

Also the StyleResolverStats is moved from StyleResolver to StyleEngine.
This means the stats will survive a clearResolver().

This change is motivated around item 6 and 9 in the design document for
crbug.com/401359.

R=dstockwell@chromium.org
BUG=401359

Review URL: https://codereview.chromium.org/1644543002

Cr-Commit-Position: refs/heads/master@{#372045}
rune
::before/::after are not features for invalidation.
We store a flag for finding ::before or ::after in
InvalidationSetFeatures, yet they are not added as features to
invalidation sets. That means we need to handle *::before as a universal
selector and cause subtree invalidations.

R=ericwilligers@chromium.org
BUG=581675

Review URL: https://codereview.chromium.org/1639133003

Cr-Commit-Position: refs/heads/master@{#372035}
fs
Implement specced parsing algorithm for <area coords>
This implements the parsing algorithm for "list of floating point
numbers" and uses it to parse the 'coords' attribute on <area>.
The fractional part of numbers are no longer discarded.
The old parsing code in platform/Length.cpp is no longer used and is
removed.

BUG=578114

Review URL: https://codereview.chromium.org/1636333003

Cr-Commit-Position: refs/heads/master@{#371940}
fs
Use SET_NESTED_VAR instead of SET_VAR where possible in ComputedStyle
In some cases this could save a copy of the outer object
(rareNonInheritedData in all cases.)
This also saves almost 3.5k of binary footprint.

BUG=581413

Review URL: https://codereview.chromium.org/1638213004

Cr-Commit-Position: refs/heads/master@{#371860}
fs
Lazily create the Path in StylePath
Instead of creating the Path object up front - when the StylePath is
created - create it on first access/use (usually on paint/layout.)

Review URL: https://codereview.chromium.org/1640313002

Cr-Commit-Position: refs/heads/master@{#371850}
fs
Extended error reporting for SVG path parsing
Adds reporting of errors for the errors detected:

 * Missing starting moveto
 * Missing command verb
 * Unexpected input type (number, arc flag)

The parsing helper parseArcFlag() is adjusted to not consume any
character on error.

BUG=231612

Review URL: https://codereview.chromium.org/1642463004

Cr-Commit-Position: refs/heads/master@{#371849}
fs
Fix typo(s) in css3/filters/effect-reference-composite*.html
y=20" -> y="20"

Review URL: https://codereview.chromium.org/1633093002

Cr-Commit-Position: refs/heads/master@{#371819}
mstensho
Display -webkit-filter objects in any column (instead of only in the first one).
Most of our painting-related operations take place after fragmentation, i.e.
via PaintLayerPainter::paintFragmentWithPhase(). All such operations can just
sit back and relax and not worry about fragmentation, since translation and
clipping for a given fragmentainer (column) has already taken place.

This is not the case for filters, though. They are set up before fragmentation.
Therefore, we need to make the bounding box of the layer visual (convert out of
the flow thread coordinate space) on our own. We now do this specifically for
filters, or we'd upset other parts of the code, such as clip path.

BUG=530074
R=wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1645583002

Cr-Commit-Position: refs/heads/master@{#371808}
tmoniuszko
Move trace_event.h include from v8_platform.h to .cc file
trace_event.h is redundant in header file. It also causes compilation
issues when Blink precompiled headers are used on Windows (Bug 495697).

BUG=

Review URL: https://codereview.chromium.org/1585693002

Cr-Commit-Position: refs/heads/master@{#371801}
tmoniuszko
Fix //chrome/app/test_support dependency on //chrome/browser/policy:path_parser
BUG=

Review URL: https://codereview.chromium.org/1646483002

Cr-Commit-Position: refs/heads/master@{#371790}
bratell
Report PeriodicWave memory usage to v8 so GC can be properly scheduled
A PeriodicWave object can use half a MB and v8 needs to know about that
or it will not schedule garbage collects when memory usage increases.

BUG=578351

Review URL: https://codereview.chromium.org/1632753002

Cr-Commit-Position: refs/heads/master@{#371777}
mstensho
Remove support for -webkit-column-span:1
This was an "alias" for -webkit-column-span:none. '1' is not a valid value,
according to the spec. The only valid values are 'none' and 'all'. In an older
version of the spec, '1' and 'all' were the valid values. In the latest version
(2011), '1' was changed to 'none'.

It's highly unlikely that removing this should cause compatibility problems.
The initial value is 'none' (which is what '1' was mapped to), so in order to
cause trouble, one would need a declaration -webkit-column-span:all to be
overridden by a -webkit-column-span:1. I went through httparchive to verify.
No sites were found to do this.

R=timloh@chromium.org

Review URL: https://codereview.chromium.org/1635993002

Cr-Commit-Position: refs/heads/master@{#371773}
sigbjornf
Let notifyScriptLoader() handle already detached ScriptLoaders.
If a ScriptRunner has been disposed of already, allow ScriptLoaders
to notify of their failure without asserting.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1644483002

Cr-Commit-Position: refs/heads/master@{#371772}
fs
Avoid unnecessary CoW for outer DataRef when applying transform-origin
Even if the transform-origin is the same as the current value,
rareNonInheritedData will still be copied.
Add a new macro SET_NESTED_VAR, similar to the existing SET_VAR, but
allowing an intermediate |base| field to be specified, avoiding the
access in the dereference of that field from the group.

BUG=571183

Review URL: https://codereview.chromium.org/1636503005

Cr-Commit-Position: refs/heads/master@{#371766}
davve
Condense Image::hasRelative{Width,Height}() into one
Image::hasRelative{Width,Height} always return the same result so
there is no need for two functions. Since
https://codereview.chromium.org/26390004 there is no reason to have
these separate since the SVGImage implementations are gone.

BUG=581357

Review URL: https://codereview.chromium.org/1634133003

Cr-Commit-Position: refs/heads/master@{#371764}
davve
Consistency in LayoutReplaced::computeReplacedLogicalWidth()
All other return values pass through
computeReplacedLogicalWidthRespectingMinMaxWidth, let this one do so
too.

Review URL: https://codereview.chromium.org/1637473002

Cr-Commit-Position: refs/heads/master@{#371761}
rune
Marked parsing as failed for invalid compound.
If we return nullptr trying to consume a compound, and all tokens have
been consumed, we don't recognize that as a parse failure if a valid
selector precedes the compound. Set m_failedParsing to true to notice
we have an invalid selector.

R=timloh@chromium.org
BUG=581257

Review URL: https://codereview.chromium.org/1634273003

Cr-Commit-Position: refs/heads/master@{#371760}
fs
Negative or zero radius for <area shape=circle> gives an empty shape
Step 7 in

https://html.spec.whatwg.org/multipage/embedded-content.html#processing-model

BUG=578125

Review URL: https://codereview.chromium.org/1631303002

Cr-Commit-Position: refs/heads/master@{#371742}
fs
The missing value default for <area shape> is 'rect'
There is no invalid value default, so the missing value default will
apply in that case too.
The 'Unknown' HTMLAreaElement::Shape enumeration value is no longer
needed, so remove it.

Also add support for the non-conforming <area shape> values:

 * 'circ'     (alias for 'circle')
 * 'polygon'  (alias for 'poly')
 * 'rectangle (alias for 'rect')

Because 'rect' (and hence 'rectangle') is the same as the missing
value default we don't need any explicit checks for these values.

https://html.spec.whatwg.org/multipage/embedded-content.html#attr-area-shape

BUG=578125

Review URL: https://codereview.chromium.org/1632133007

Cr-Commit-Position: refs/heads/master@{#371731}
philipj
Remove superfluous semicolons around IPC message macros
These macros are defined such that trailing semicolons (or inner
semicolons) have no effect, and they are overwhealmingly used without
semicolons, as per the documentation in ipc_message_macros.h.

Review URL: https://codereview.chromium.org/1639713002

Cr-Commit-Position: refs/heads/master@{#371706}
mstensho
Adjust column rows' height better for their offset in the multicol container.
We were missing the case where the first object in a multicol container was a
spanner (the call to previousSiblingMultiColumnSet() should have been
previousSiblingMultiColumnBox(), to catch spanner placeholders in addition to
column sets).

But instead of having a special code path depending on whether we're dealing
with the first box or not (to avoid subtracting the multicol container's top
border and padding from an uncalculated logical top of a column set), always
subtract the margin top edge of the first column box instead.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1631633002

Cr-Commit-Position: refs/heads/master@{#371661}
sigbjornf
Promptly let go of WebURLLoader objects.
The objects keeping their own WebURLLoaders (and thus being
WebURLLoaderClients) must promptly let go of their ownership upon
becoming garbage. Not doing so risks the embedder calling the client
while it is in a sweepable state.

R=
BUG=568173

Review URL: https://codereview.chromium.org/1635113002

Cr-Commit-Position: refs/heads/master@{#371639}
davve
Avoid calling imageForCurrentFrame needlessly on SVGImageForContainer
Propagate SVGImage::isTextureBacked() through SVGImageForContainer to
make https://codereview.chromium.org/1438663002 effective in more
cases.

BUG=552406

Review URL: https://codereview.chromium.org/1635123002

Cr-Commit-Position: refs/heads/master@{#371535}
davve
Media Session: prepare for implicit activation of user created session
Provide an optional WebMediaSession to embedder when creating a
WebMediaPlayer. A null WebMediaSession means the player should belong
to the default media session.

BUG=497735

Review URL: https://codereview.chromium.org/1585163002

Cr-Commit-Position: refs/heads/master@{#371530}
fs
Use ASCII case-insensitive matching for ident-likes in the CSS parser
This CL replaces CSSParserToken::valueEqualsIgnoringCase and
CSSParserString::equalIgnoringCase with valueEqualsIgnoringASCIICase
and equalIgnoringASCIICase respectively - calling the similarly named
function in WTF.
Some cases where CSSParserToken::value() was coerced to a String is
changed to avoid the coercion - using the CSSParserToken method
directly.
Similarly some cases that use the CSSParserString overload for
equalIgnoringCase is changed to use the method on CSSParserToken.
The dead equalIgnoringCase(const CSSParserString&, ...) function in
LegacyCSSPropertyParser.cpp is removed.

BUG=581001

Review URL: https://codereview.chromium.org/1636453002

Cr-Commit-Position: refs/heads/master@{#371500}
davve
Drop contradictory condition in min-width clamping
isMaxSizeNone() is nonsensical for min-width. Zero (but represented as
Auto) is initial Length value for min-width, not MaxSizeNone. This
stands out after the rename from isUndefined() to isMaxSizeNone(). But
in this case it seems |style()->logicalMinWidth().isMaxSizeNone()| was
a just long alias for |false| so remove it.

Review URL: https://codereview.chromium.org/1633683002

Cr-Commit-Position: refs/heads/master@{#371494}
fs
Match <area shape> ASCII case-insensitively
The 'shape' attribute on HTMLAreaElement is an "enumerated attribute"
[1], which means that it should be matched ASCII case-insensitively[2].

To get a proper overload of equalIgnoringASCIICase(...) that matches the
required use (AtomicString against string literal/const char*),
restructure the definition of equalIgnoringASCIICase() to do away with
the templated version in favor of a generic StringImpl* version, and
specific wrappers around that one for AtomicString/String.
Also add a specialization for comparing against char/LChar.

No effect on the specified test because:
a) Invalid/missing value default is not per spec, so the unexpected shape
is picked anyway.
But more importantly:
b) the way case-folding is implemented/specified, no non-ASCII character
is case-folded to something in the ASCII-range.

[1] https://html.spec.whatwg.org/multipage/embedded-content.html#attr-area-shape
[2] https://html.spec.whatwg.org/multipage/infrastructure.html#enumerated-attribute

TEST=fast/html/area-shape.html
BUG=578125

Review URL: https://codereview.chromium.org/1624383002

Cr-Commit-Position: refs/heads/master@{#371478}
sigbjornf
Precisely account for required buttons in a radio group.
As part of processing the name attribute for a radio button, it is
added to the current radio button group. For buttons that are
additionally "required", that leads to double accounting for the
group's count of such required buttons, as the radio button group
doesn't keep track what has been registered as "required" already
or not.

Address by having the button group track the registered "required"
state of its members/buttons.

R=keishi,tkent
BUG=

Review URL: https://codereview.chromium.org/1632493002

Cr-Commit-Position: refs/heads/master@{#371476}
fs
Use even-odd fill rule for <area shape=poly>
See step 8, "Polygon state" in

https://html.spec.whatwg.org/multipage/embedded-content.html#processing-model

BUG=578125

Review URL: https://codereview.chromium.org/1630763002

Cr-Commit-Position: refs/heads/master@{#371371}
rune
Serialize namespaced type/* selectors according to CSSOM spec.
See https://drafts.csswg.org/cssom/#serializing-selectors.

The serialize-namespaced-type-selectors.html test is a stripped version
of this pull request: https://github.com/w3c/csswg-test/pull/1020
Gecko (Firefox 43) passes all those tests.

As part of this we are fixing problems with universal selectors being
incorrectly marked as explicit (for serialization) in certain cases.

When we have pseudo elements which require an implicit shadow combinator
to match across shadow boundaries, we need to add an implicit universal
selector to make the combinator combine the pseudo with some parent when
the original selector doesn't have any other simple selectors.

video::cue(i) can add the combinator between video and ::cue(i), while
::cue(i) requires a universal selector in the internal representation
to have ::cue(i) -> /implicit-shadow-crossing/ -> *.

For ::cue(i), the universal selector were marked correctly as implicit
to avoid it being serialized as *::cue(i). However, with an explicit
universal selector in the source *::cue(i), the universal selector were
marked as explicit due to an incorrect isNull() check. Explicit
universal selectors were already dropped from the serialization of
selectors like *::before.

BUG=579043

Review URL: https://codereview.chromium.org/1607873002

Cr-Commit-Position: refs/heads/master@{#371363}
sigbjornf
Have WebGeolocationController always wrap up its private controller object
Until Oilpan is firmly enabled, always use GeolocationControllerPrivate
to wrap up the non-owned GeolocationController* object. The previous
implementation was performing an untidy downcast with undefined behavior;
no need for such shortcuts here.

R=
BUG=581112

Review URL: https://codereview.chromium.org/1638573002

Cr-Commit-Position: refs/heads/master@{#371341}
fs
Error reporting for SVGLength and SVGLengthList
LoFi error reporting for SVGLength (LoFi because it uses the CSS
parser, and hence can't provide locus information.)
Minor cleanup in SVGLengthList, hoisting the call to clear().
Adding SVGParsingError::offsetWith to support the nested parsing going
on in SVGLengthList.

BUG=231612

Review URL: https://codereview.chromium.org/1636503003

Cr-Commit-Position: refs/heads/master@{#371288}
rune
Fix selector namespace prefix resolution.
When parsed without a stylesheet context, there are no prefix to
namespace URI mapping, so a ns name prefixed selector should be
invalid. Instead, we mapped "ns|e" to "*|e".

Here, we instead make "ns|e" invalid in contexts where there is no
stylesheet. However, "|e" and "*|e" should still be valid, so that part
of the prefix resolution is moved from the stylesheet to the selector
parser.

This meant that prefix resolution was incorrect for the select
attribute of the content element.

Also, prefixes in Selectors API were handled outside of the selector
parsing instead. Now we handle it inside the selector parsing instead
which means that we throw a SyntaxError instead of a NamespaceError for
unresolved namespace prefixes in the Selectors API. This is in line
with the specifications[1][2] and Gecko.

Another issue, was that setting selectorText of StyleRule did not pass
a stylesheet to the selector parser, so namespace resolution did not
work for setting selectorText.

[1] https://www.w3.org/TR/selectors-api2/#resolving-namespaces
[2] https://dom.spec.whatwg.org/#scope-match-a-selectors-string

R=timloh@chromium.org
BUG=580023,580445

Review URL: https://codereview.chromium.org/1616423003

Cr-Commit-Position: refs/heads/master@{#371275}
sigbjornf
Fix g++ builds by avoiding early HeapSupplement<Document> instantiation.
Building ToT with g++ (component build) currently breaks when using
the Oilpan type HeapSupplement<Document>:

 ...
 error: type attributes ignored after type is already defined [-Werror=attributes]
 ...
 .../dom/Document.h:179:51: note: in expansion of macro ‘WillBeHeapSupplement’
 extern template class CORE_EXTERN_TEMPLATE_EXPORT WillBeHeapSupplement<Document>;

It appears that g++ cannot be kept happy if it implicitly instantiates
a template at a type and then later sees an extern decl like the above
with some extra attributes attached.

Hence, bring the required types into scope for FontFaceSet's declaration
to avoid that unfortunate situation.

R=haraken,thakis
BUG=

Review URL: https://codereview.chromium.org/1634683002

Cr-Commit-Position: refs/heads/master@{#371270}
fs
Add tests for HTMLAreaElement coords/shape and processing model
This makes local copies of:

 html/semantics/embedded-content/the-area-element/area-coords.html
 html/semantics/embedded-content/the-area-element/area-processing.html
 html/semantics/embedded-content/the-area-element/area-shape.html
 html/semantics/embedded-content/the-area-element/support/hit-test.js

in fast/html/ and adjust them so that they can run correctly in the
test runner. The adjustment amounts to referencing a different image
than the original, and doing so using a relative path, and putting
hit-test.js in the local resources/ directory in fast/html.

BUG=578125,578114,498120

Review URL: https://codereview.chromium.org/1618373002

Cr-Commit-Position: refs/heads/master@{#371246}
fs
Match 'i' attribute selector modifier case-insensitively
The 'i' should be treated as an identifier, so matching should be ASCII
case-insensitive.

BUG=580446

Review URL: https://codereview.chromium.org/1626563002

Cr-Commit-Position: refs/heads/master@{#371228}
rune
Missing m_failedParsing=true for unresolved namespace.
When we already have an accepted compound and we return nullptr for a
second fully consumed compound, we were relying on non-consumed tokens
like trailing spaces to detect that the selector was invalid. Setting
m_failedParsing=true fixed it.

R=timloh@chromium.org
BUG=580496

Review URL: https://codereview.chromium.org/1625433002

Cr-Commit-Position: refs/heads/master@{#371202}
fs
Remove use of minimumValueForLength in HTMLAreaElement::getRegion
While the 'coords' attribute on HTMLAreaElement is stored as a
Vector<Length>, the Lengths will all be of the type 'Fixed'. This means
that the only effect of minimumValueForLength() will be to round-trip
through LayoutUnit - resulting in a clamp to the allowed range of
LayoutUnit. Replace the uses of minimumValueForLength() with a new
function (clampCoordinate) that only does this clamping.

No functional changes.

BUG=578114

Review URL: https://codereview.chromium.org/1619793002

Cr-Commit-Position: refs/heads/master@{#371184}
rune
Add regression test for crbug.com/408957
Issue 408957 was fixed when fixing 557440. This CL is just adding a
test for it.

R=ericwilligers@chromium.org
BUG=408957

Review URL: https://codereview.chromium.org/1607893002

Cr-Commit-Position: refs/heads/master@{#371180}
sigbjornf
Insist on a Blink GC on RenderViewImpl unit test teardowns.
Without it, flaky LSan reports are a risk, depending on GC timing and
on tests allowing posted GC tasks to be processed before many of them
abruptly clear posted messages as part of their operation.

R=haraken
TBR=jochen
BUG=

Review URL: https://codereview.chromium.org/1621823004

Cr-Commit-Position: refs/heads/master@{#371169}
philipj
Fix typo in link to ccache for Mac
R=andybons@chromium.org

Review URL: https://codereview.chromium.org/1624903002

Cr-Commit-Position: refs/heads/master@{#371150}
sigbjornf
Also transfer pending in-order scripts upon element moving to new document
Extend the ScriptLoader script runner reassociation that happens when a
script element moves to a new document to also include pending in-order
scripts.

Having this be restricted to async scripts unnecessarily confuses the
ScriptLoader when it notifies the ScriptRunner.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1620983002

Cr-Commit-Position: refs/heads/master@{#371145}
landell
Include stdlib.h for bsearch
BUG=

Review URL: https://codereview.chromium.org/1618193002

Cr-Commit-Position: refs/heads/master@{#371057}
rune
Removed selector matching check for invalid pseudo elements.
The check removed checked that only custom pseudo elements and
::selection allow other simple selectors to follow. This is now handled
entirely at parse time.

R=esprehn@chromium.org,timloh@chromium.org
BUG=489481

Review URL: https://codereview.chromium.org/1605523002

Cr-Commit-Position: refs/heads/master@{#371054}
fs
Extended error reporting for SVGNumber/Point/Rect and related types
Add extended error reporting for "number-based" types - SVGNumber,
SVGNumberList, SVGNumberOptionalNumber, SVGPoint, SVGPointList and
SVGRect.

Also clean up some of the parsing functions and eliminate some
unnecessary clear() calls in the list types.

BUG=231612

Review URL: https://codereview.chromium.org/1620203002

Cr-Commit-Position: refs/heads/master@{#371022}
sigbjornf
Keep PlatformSpeechSynthesisVoice off the Oilpan heap.
Keeping this object on the heap makes some sense in terms of regularity:
all the other Blink objects that refer to it are on the heap. However,
it is problematic to do so for this value object considering how
the embedder might use its WebSpeechSynthesisVoice wrapper object.

That is, creating or allocating a WebSpeechSynthesisVoice on the stack
by the embedder will bring about a heap allocation, which in turn can
trigger a GC when the embedder isn't prepared for that -- see
associated bug for stack trace and details.

This is normally a detail the embedder doesn't need to worry about,
but as TtsDispatcher keeps an (unsavory) weak reference to its speech
synthesizer client we're forced to consider GC safety and take
that into account.

Embedder code that keep these bare, but intended weak, references
to Oilpan heap objects should be reworked into something safer,
but to address this local problem, PlatformSpeechSynthesisVoice is
moved off the heap where it can reside just as well. By doing so,
WebSpeechSynthesisVoice allocations won't allocate on the Oilpan
heap, avoid said GC unsafety.

R=dmazzoni,jochen
BUG=539511

Review URL: https://codereview.chromium.org/1617383003

Cr-Commit-Position: refs/heads/master@{#370960}
sigbjornf
Fix spellchecker updating of marker ranges spanning multiple elements.
The optimization made in Blink r187820 (https://crrev.com/828293002)
completely failed to take into account the case where the start and
end position spanned multiple nodes.

With EphemeralRange since then introduced, fix by switching to it.
For the original test optimized for (blink_perf.dom:textarea-edit),
local testing with chrome-release shows no degradation in performance
either.

R=yosin
BUG=579151

Review URL: https://codereview.chromium.org/1615963004

Cr-Commit-Position: refs/heads/master@{#370929}
davve
Move specialized computePositionedLogicalWidth to LayoutReplaced.
Since the isAtomicInlineLevel() rename (it used to be called
isReplaced()) it looks extra strange to have a *Replaced method up in
LayoutBox. While LayoutReplaced does not contain everything about
replaced elements, it may contain this.

Review URL: https://codereview.chromium.org/1603603002

Cr-Commit-Position: refs/heads/master@{#370922}
mstensho
Pass values in the right flow thread's coordinate space.
We were talking to our enclosing flow thread, but using coordinates in our own
flow thread coordinate space. This caused both miserable rendering and
assertion failures, since we'd fail to realize that there'd be rows further
ahead with enough space for the content we were trying to fit.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1619703003

Cr-Commit-Position: refs/heads/master@{#370891}
sigbjornf
Oilpan: LinkLoaderClient must be a GC mixin.
LinkLoader notifies its 'client' of load completion and other lifecycle
transitions. The assumption is that the client's lifetime is >= that
of the loader object, hence a bare pointer is all required.

This assumption doesn't hold when both LinkLoader and the client is on
the Oilpan heap, nor when LinkLoader is on the heap and the client is
stack allocated (cf. mock client object in LinkLoader unit tests).

Address the unsoundness by making LinkLoaderClient a GC mixin.

TBR=haraken@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1616713003

Cr-Commit-Position: refs/heads/master@{#370654}
tommyt
Tidy up service discovery state for bluez on disconnect
This should fix cases where you connect, disconnect and then reconnect
to a BLE device. I've extended the ServicesDiscovered unit test to test
this.

BUG=577641

Review URL: https://codereview.chromium.org/1606523002

Cr-Commit-Position: refs/heads/master@{#370628}
philipj
Remove always-false null checks for getElementsByTagName(NS)
getElementsByTagNameNS is called from WebNode::getElementsByHTMLTagName,
which in turn is only called with the static kLabel ("label").
getElementsByTagName is also called internally in
getElementsByTagNameNS. Other than this, both are called from bindings.
In no case is it possible for localName to be a null AtomicString, so
these checks are not needed.

Review URL: https://codereview.chromium.org/1606533002

Cr-Commit-Position: refs/heads/master@{#370616}
fs
Extended error reporting for SVG attribute parsing
This CL extends the SVG attribute parsing error reporting functionality
to allow more precise (and hopefully helpful) reporting.
The main improvements consist of:

 1) More (precise) status codes
    Avoids generic error messages.

 2) Locus support
    Allows reducing the amount of context, which should make it easier
    to pinpoint the actual error. (Preferably the offending character
    should be highlighted somehow in the error message, but that is
    left as future work.)

To achieve this, the SVGParsingError enumeration is turned into a
thin wrapper class around a status code and a locus. The status codes
move to a new enumeration 'SVGStatus'.

Formatting of error messages are moved out of
SVGElement::reportAttributeParsingError and into SVGParsingError.cpp
(new file).

This CL start adding extended reporting to a few of the value classes:
SVGBoolean, SVGEnumeration and SVGPreserverAspectRatio; to illustrate
the mechanism. Further value classes will be annotated in later CLs.
For that reason the "generic" errors are kept in their current form - to
be removed as more value class parsers get converted.

BUG=231612

Review URL: https://codereview.chromium.org/1588993005

Cr-Commit-Position: refs/heads/master@{#370479}
davve
Remove stale FIXME comment about now fixed bug
NOTRY=true
BUG=364807

Review URL: https://codereview.chromium.org/1605383002

Cr-Commit-Position: refs/heads/master@{#370396}
davve
Simplify LayoutSVGRoot::computeReplacedLogical{Width,Height}
Remove redundant if statements and slightly confusing
comments. SVGImage unconditionally sets the container size in
SVGImage::drawForContainer() so when SVGImageForContainer is used, the
container size will be set.

BUG=468897

Review URL: https://codereview.chromium.org/1610603002

Cr-Commit-Position: refs/heads/master@{#370393}
sigbjornf
Add missing variable initialization in StyleCalcLength::toCSSValue().
TBR=oilpan-reviews
BUG=545318
NOTRY=true

Review URL: https://codereview.chromium.org/1604133003

Cr-Commit-Position: refs/heads/master@{#370390}
davve
Set intrinsic size for inline SVG earlier
LayoutReplaced has a m_intrinsicSize that's updated when computing
logical widths and heights (and only if needed; specified style makes
it not being set at all).

But m_intrinsicSize can be used earlier that that, when computing
preferred widths for the container, see
LayoutReplaced::computeIntrinsicLogicalWidths called from
LayoutReplaced::computePreferredLogicalWidths().

This patch computes the intrinsic size in the constructor to avoid
returning the stale default size.

BUG=468897

Review URL: https://codereview.chromium.org/1604993003

Cr-Commit-Position: refs/heads/master@{#370388}
davve
Simplify SVGSVGElement::collectStyleForPresentationAttribute
There is no need to have the flags separated since they are always
used in conjunction.

BUG=468897

Review URL: https://codereview.chromium.org/1601093007

Cr-Commit-Position: refs/heads/master@{#370386}
rune
Pseudo element ids != NOPSEUDO only in rightmost compound.
After landing [1], selectors with pseudo elements will only be valid if
the pseudo element is in the rightmost compound. Invalid selectors will
be dropped at parse time. Hence, there's no need to check this
condition during matching. Also, pseudo element selectors for which
CSSSelector::pseudoId() returns NOPSEUDO, are handled in the switch
above the modified code.

[1] https://codereview.chromium.org/1600793002/

R=esprehn@chromium.org,timloh@chromium.org
TEST=CSSSelectorParserTest::InvalidPseudoElementInNonRightmostCompound
BUG=489481

Review URL: https://codereview.chromium.org/1605473002

Cr-Commit-Position: refs/heads/master@{#370356}
mstensho
Need to examine the *bottom* of fragmented content.
Content may cross fragmentainer boundaries, and when evaluating the need for
appending additional fragmentainer groups, we need to look at the bottom of the
content, not the top.

This CL is a prerequisite to fixing bug 552615, but note that it doesn't fix
anything there on its own.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1573133002

Cr-Commit-Position: refs/heads/master@{#370323}
mstensho
Soften assertion slightly, to survive saturated arithmetic situations.
We do want to be at the exact top of a column here, but if the flow thread top
offset for the next column is larger than what a LayoutUnit can hold, we get a
bogus value passed here. Survive the assertion and carry on.

BUG=574309
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1558133002

Cr-Commit-Position: refs/heads/master@{#370297}
mostynb
fix 'set but not used' GCC warning
Followup to https://codereview.chromium.org/1586353004 which introduced
a warning when building with GCC.

BUG=557130

Review URL: https://codereview.chromium.org/1606053002

Cr-Commit-Position: refs/heads/master@{#370203}
fs
Remove tracking of 'closed subpath' state from SVGPathBuilder
For any implicit moveto (like: "M0,0z L..." it would not do the right
thing (clear m_closed), which could result in unwanted calls to
Path::closeSubpath if a(n explicit) moveto followed. This in turn would
result in rendering errors (the "close" line being stroked that should
not.)
SkPath seems to do a much better job of this already - and Path is just
a thin wrapper around SkPath in these cases - so just drop the
SVGPathBuilder::m_closed flag and leave the work to SkPath.

BUG=578254

Review URL: https://codereview.chromium.org/1605943002

Cr-Commit-Position: refs/heads/master@{#370168}
rune
Remove checkForChildrenAdjacentRuleChanges.
All uses of SubtreeStyleChange now means strict subtree. All sibling
forest invalidations are done using invalidation sets except on node
insertions and removals.

checkForSiblingStyleChanges now has to invalidate siblings itself on
insertion/removal. Before this change we did a SubtreeStyleChange on a
single element and let checkForChildrenAdjacentRuleChanges mark the
sibling forest for recalc. The reason why we cannot use invalidation sets
when adding/removing nodes, is that we don't change the relevant features
(classes, ids, etc) when we need to figure out. For instance:

<style>
:not(.a) + div { color green }
</style>
<div class="a"></div>
<div>Should be green after insertion</div>

If you insert an element between the two divs, the latter will start
matching the style rule, but we cannot do that with invalidation sets.

Adjustments have been done to the style invalidator to allow scheduling
sibling invalidation sets on SubtreeStyleChange elements, since siblings
will have style recalcs triggered through the invalidation machinery, not
checkForChildrenAdjacentRuleChanges.

BUG=557440

Review URL: https://codereview.chromium.org/1509853002

Cr-Commit-Position: refs/heads/master@{#370097}
rune
Pseudo elements may only appear in rightmost compound.
Pseudo elements are appended to an originating element as defined in
Selectors Level 4 and may only be followed by user action pseudo
classes. That means it also must appear in the rightmost compound. We
drop selectors as invalid when trying to add a compound when we have
already seen a pseudo element in a previous compound.

There are expections to this for Blink, where we implement ::content
and ::shadow to pierce through insertion points and shadow boundaries
as pseudo elements. Another exception is for custom pseudo elements in
UA stylesheets, as we rely on exposing inner shadow structure to style
media controls and VTT track regions (crbug.com/578131).

R=timloh@chromium.org
BUG=489481

Review URL: https://codereview.chromium.org/1600793002

Cr-Commit-Position: refs/heads/master@{#370088}
sigbjornf
Migrate Handle.h WTF decls closer to their corresponding definitions.
Move some declarations in the WTF namespace out of the larger Handle.h,
and near/next to where the corresponding types are declared.

No change in functionality.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1598103003

Cr-Commit-Position: refs/heads/master@{#369986}
sigbjornf
Revert of Use registerWeakMembers to clean up IntersectionObserver. (patchset #1 id:1 of https://codereview.chromium.org/1591763003/ )
Reason for revert:
Broke on some tests w/ Oilpan enabled,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%20Leak/builds/16410

backing it out.

(see also https://codereview.chromium.org/1596333002/ )

Original issue's description:
> Use registerWeakMembers to clean up IntersectionObserver.
>
> Pre-oilpan, when the root disappears, it observers are cleaned up
> in NodeIntersectionObserverData::dispose().
>
> Post-oilpan, the cleanup will be done with registerWeakMembers.
>
> BUG=540528
> R=haraken@chromium.org,dcheng@chromium.org
>
> Committed: https://crrev.com/546573354e47ddd01f491c382701fa51500f85eb
> Cr-Commit-Position: refs/heads/master@{#369948}

TBR=dcheng@chromium.org,haraken@chromium.org,szager@chromium.org
BUG=540528
NOTRY=true

Review URL: https://codereview.chromium.org/1600243002

Cr-Commit-Position: refs/heads/master@{#369970}
sigbjornf
Revert of Oilpan: Fix weak processing for IntersectionObserver::m_root (patchset #3 id:40001 of https://codereview.chromium.org/1594813002/ )
Reason for revert:
This and the parent change introduced some failures,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%20Leak/builds/16410

backing out for now.

Original issue's description:
> Oilpan: Fix weak processing for IntersectionObserver::m_root
>
> This is a follow-up fix for https://codereview.chromium.org/1591763003/.
> IntersectionObserver::m_root must be cleared in the weak callback when the m_root is dead.
>
> BUG=
>
> Committed: https://crrev.com/2760f06a3c43c8919f4ecae43f460ada20d0990b
> Cr-Commit-Position: refs/heads/master@{#369956}

TBR=szager@chromium.org,haraken@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1596333002

Cr-Commit-Position: refs/heads/master@{#369969}
sigbjornf
libxml2: linearly optimize XPath expressions.
Some XPath expression nodes keep a back pointer to the last/previous
expression node for optimization purposes. Such pointers will result
in repeated work when walking over the expression
tree/graph, peephole optimizing it. Unacceptable amounts of repeated
work as the expression tree becomes deeper.

Avoid by marking the expression nodes during the optimization pass.

R=scottmg
BUG=573768

Committed: https://crrev.com/0b208a502be9d60929be48056dd4213efd998076
Cr-Commit-Position: refs/heads/master@{#369733}

Review URL: https://codereview.chromium.org/1562133002

Cr-Commit-Position: refs/heads/master@{#369966}
tommyt
Clear the BLE services list on disconnect.
This lets us recreate the services list correctly upon the next
reconnect, which fixes some problems with a device we have, which
disconnects automatically after 30 seconds.

Also reset the services_discovered flag for this device on disconnect.
In order to accomplish this, I had to move this flag from the dispatcher
host, to the bluetooth device instance.

BUG=570804

Review URL: https://codereview.chromium.org/1592733002

Cr-Commit-Position: refs/heads/master@{#369826}
rune
removeBetween() -> detach() performance fix.
In [1] we started to persist invalidation sets on elements getting
reattach style change because sibling invalidation sets scheduled on
detached elements still need to be processed for attached siblings.

However, the invalidation sets need to be cleared when such elements
are removed from the document tree. Clearing that invalidation set were
done with a detach() which also would go through detach() on an
already detached subtree. That caused a performance regression in the
the blink_perf.dom:select-single-add micro benchmark.

Instead of brute forcing with detach(), we clear the invalidation sets
for the elements of the disconnected subtree in Element::removedFrom().

[1] https://codereview.chromium.org/1533683002

R=esprehn@chromium.org
BUG=577439
TEST=PerformanceTests/DOM/select-single-add.html

Review URL: https://codereview.chromium.org/1590143002

Cr-Commit-Position: refs/heads/master@{#369798}
rune
Restrict use of pseudo elements within compound.
Start dropping selectors whose compound have pseudo elements followed
by other simple selectors with the exception of simple selectors which
are actually allowed to follow certain pseudo elements.

The exceptions are:

- User action pseudo classes and their negations for custom pseudo
  elements.

  Matching other simple selectors on custom elements worked before, but
  that revealed the inner structure of the UA shadow DOM for form
  elements, which I believe was not intentional.

  According to the latest ED of Selectors Level 4, user action pseudo
  classes are allowed after pseudo elements in general, but we don't
  support that, so the selector should be dropped. Gecko also drops
  those selectors.

- A restricted set of pseudo classes, in addition to the user action
  pseudo classes, which apply to custom scrollbar pseudo elements.

The new restrictions do not yet apply to UA stylesheets as we rely on
invalid selectors in the UA stylesheet for media controls.

Fixed a couple of range-based iterations in the unit test.

This CL does not address the fact that pseudo elements, in most cases,
only may be present in rightmost compound selectors. That will be fixed
in another CL.

R=timloh@chromium.org
BUG=489481,577404

Review URL: https://codereview.chromium.org/1587643004

Cr-Commit-Position: refs/heads/master@{#369760}
sigbjornf
libxml2: linearly optimize XPath expressions.
Some XPath expression nodes keep a back pointer to the last/previous
expression node for optimization purposes. Such pointers will result
in repeated work when walking over the expression
tree/graph, peephole optimizing it. Unacceptable amounts of repeated
work as the expression tree becomes deeper.

Avoid by marking the expression nodes during the optimization pass.

R=scottmg
BUG=573768

Review URL: https://codereview.chromium.org/1562133002

Cr-Commit-Position: refs/heads/master@{#369733}
rune
Use ::cue for VTT UA styles.
Instead of using a custom pseudo element for the track container to
apply UA styling to b, i, and u elements, use ::cue selectors.

R=fs@opera.com
TEST=media/track/track-css-matching-default.html
NO_DEPENDENCY_CHECKS=true

Review URL: https://codereview.chromium.org/1582403003

Cr-Commit-Position: refs/heads/master@{#369732}
rune
Split compound selector after consume finished.
CSSSelectorParser::consumeCompoundSelector() will split a compound into
two compounds when it contains a simple selector which needs a synthetic
ShadowPseudo combinator. This split was done as simple selectors were
added. That code was complicated and and yielded some strange
serializations like what was reported in https://crbug.com/478563.

This CL adds simple selectors to the compound in the selector text
order, and splits the compound into two compounds and re-order them
after the whole compound has been consumed. This makes the code simpler
and makes it simpler to check selector validity (before the split).

This fixes issue 478563 and prepares for validity checking. A side
effect is that unnecessary universal selectors are left out of the
serialization (issue 478969).

::content is no longer kept leftmost in the compound, which is the
reason why contentPseudoCrossing is set when the combinators which are
affectedByPseudoContent instead of when the actual ::content selector
is seen.

R=timloh@chromium.org
BUG=478563,489481,478969

Review URL: https://codereview.chromium.org/1574323003

Cr-Commit-Position: refs/heads/master@{#369723}
tommyt
Clear the BLE services list on disconnect.
This lets us recreate the services list correctly upon the next
reconnect, which fixes some problems with a device we have, which
disconnects automatically after 30 seconds.

Also reset the services_discovered flag for this device on disconnect.
In order to accomplish this, I had to move this flag from the dispatcher
host to the bluetooth device instance.

BUG=570804

Review URL: https://codereview.chromium.org/1565773002

Cr-Commit-Position: refs/heads/master@{#369593}
fs
Re-instate geometry sharing optimization for 'd' on <use>'d <path>s
This adds back the geometry sharing optimization initially added in
https://codereview.chromium.org/1425913004 and removed by
https://codereview.chromium.org/1439793003.
This CL moves the optimization from asPath() to
collectStyleForPresentationAttribute(), meaning the optimization only
applies to the presentation attribute style (which is equivalent to
the old version.)

BUG=535429

Review URL: https://codereview.chromium.org/1578363007

Cr-Commit-Position: refs/heads/master@{#369473}
davve
Polish icecc instructions
Be more specific about when you have to use system linker with
icecc. It seems to have broke with a glibc 2.21 upgrade.

Review URL: https://codereview.chromium.org/1584133002

Cr-Commit-Position: refs/heads/master@{#369432}
fs
Use a local variable as a character cursor in genericParseNumber
Don't move the 'out' variable |cursor| until a valid number has been
parsed (disregarding the leading whitespace).
This will allow generating better error messages in some cases (the cursor
will not "stop" randomly within the number upon encountering overflows
etc.). It also enables "re-parsing" although currently no call-sites
require that. Code size virtually unaffected (-7 for LChar, +2 for UChar.)

BUG=231612

Review URL: https://codereview.chromium.org/1588453006

Cr-Commit-Position: refs/heads/master@{#369391}
davve
Eliminate use of SVG1DOM counter by final split
BUG=415074

Review URL: https://codereview.chromium.org/1586623002

Cr-Commit-Position: refs/heads/master@{#369380}
mstensho
Recalculate column heights as part of column set layout.
This is a tad earlier than what we used to do; we used to do it for all sets in
one go at the end of layout of the multicol container. We now do it
individually for each column set (children of the multicol container) as we lay
them out.

This way we have an up-to-date column height when positioning column sets
during multicol container child layout (children being either spanner
placeholders or column sets).

For the bug in question, this is particularly important in the first layout
pass, where column heights are completely bogus. When we're in a nested
fragmentation context, inner column heights are typically set to the remaining
height of an outer column, which may be more space than the contents actually
need. This could in turn trick the machinery into believing that we need to
insert another fragmentainer group for a spanner following a column set, even
if column heights were completely unconstrained.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1558963003

Cr-Commit-Position: refs/heads/master@{#369366}
fs
Remove redundant emptiness check from genericParseNumber
When the 'start == ptr' condition was reached we could be sure that we
had already consumed at least one character - one of '.' or '0'-'9' or
whitespace (potentially also '+'/'-' as a prefix) - and that even holds
true moving the definition of |start| after consuming any leading
whitespace. The reason for this is the up-front check for any character
in the set '0'-'9' or '.'.
Remove the redundant checks - replacing them with an assert - while
moving the definition of |start| so that it doesn't point before any
leading whitespace.

BUG=231612

Review URL: https://codereview.chromium.org/1582813003

Cr-Commit-Position: refs/heads/master@{#369292}
davve
Add note about using the system linker with icecc
Review URL: https://codereview.chromium.org/1575843002

Cr-Commit-Position: refs/heads/master@{#369177}
davve
Support SVG fragment URLs in cross faded images
Extract url from CSSImageValue and pass it along to the SVGImage
wrapper. Constify CSSImageValue::url() in the process.

Also, fix typo and indentation in related test.

BUG=574172

Review URL: https://codereview.chromium.org/1585623003

Cr-Commit-Position: refs/heads/master@{#369156}
sigbjornf
Oilpan: move AsyncMethodRunner to the heap.
Simplify and keep AsyncMethodRunner<T> on the heap always.

R=haraken
BUG=363031

Review URL: https://codereview.chromium.org/1580883002

Cr-Commit-Position: refs/heads/master@{#369141}
davve
Split SVG1DOM counter further
Split all counters relating to basic data types into smaller
parts. Use MeasureAs when these interfaces are implemented by multiple
other interfaces. Using Measure for them would give a lot of
unnecessary UseCounters. It seems more likely that we try to remove
interface methods in its entirety than splitting the interface, moving
some and removing some.

Also remove the counter from constants in affected interfaces. If we
get to remove the interfaces where the constants are used, they can go
too. Otherwise they likely have to stay.

BUG=415074

Review URL: https://codereview.chromium.org/1574183002

Cr-Commit-Position: refs/heads/master@{#369139}
rune
Cousins may not share style when ascendant affected bits set.
childrenOrSiblingsAffectedBy* are set during style matching. Cousins may
not share style in such cases since those affected bits may be set on
uncommon ancestors. Calling setUnique on ComputedStyle in such cases to
avoid style sharing.

This is also true for siblings in which case preceding siblings need to
get the affected bits set when we have adjacent selectors.

BUG=424104

Review URL: https://codereview.chromium.org/1562493002

Cr-Commit-Position: refs/heads/master@{#369029}
rune
Persist invalidation sets on detach root
This is a second attempt at not clearing sibling invalidation sets on
detached and SubtreeStyleChange nodes. The first[1] failed because
childNeedsStyleInvalidation() was still cleared on detach().

This approach keeps invalidation sets on the detach root, but clears
invalidation sets on descendants. However, when we detach a node to be
removed, we also clear the detach root as that will not have a chance of
being used on the next invalidation. Also, there are asserts checking
that we don't re-insert nodes into the tree with needsStyleInvalidation().

Removed scheduled sibling invalidation sets from nodes being removed from
the tree is not a problem as the checkForSiblingStyleChanges() method
will make sure sibling trees are invalidated.

The early return in StyleInvalidator::scheduleInvalidationSetsForElement
is removed to be able to schedule sibling invalidation sets although we
have a SubtreeStyleChange or ReattachStyleChange on the element itself.

The added test checks that the invalidation works properly, also after
the checkForChildrenAdjacentRuleChanges() removal.

[1] https://codereview.chromium.org/1507653002

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1533683002

Cr-Commit-Position: refs/heads/master@{#369021}
rune
Avoid crash when updating stylesheets during a remove operation.
When we are in the middle of removing a subtree of a shadow tree
containing a style element, and one of the other elements schedules
style invalidation, we are synchronously trying to update rule features
when the style node is still inDocument() and isInShadowTree() while the
treeScope() has been reset to the document scope in preparation for
removing it from the tree. That caused us to add the sheet for the style
element being removed to our style data/rule features.

We should make updateActiveStyleSheets asynchronous (crbug.com/567021)
and schedule invalidations with the current rule features instead of
forcing an update of rule features through appendPendingAuthorStyleSheets.

Since updateActiveStyleSheets is currently synchronous and
appendPendingAuthorStyleSheets happens lazily, we are in an inconsistent
state which means we need to execute the latter in order to avoid
glitches in style invalidation because we are marking for
invalidation/recalc in the former step.

This crasher surfaced when we started looking up the treeScope() directly
in https://codereview.chromium.org/1285293003

R=esprehn@chromium.org
BUG=559292

Review URL: https://codereview.chromium.org/1556963002

Cr-Commit-Position: refs/heads/master@{#369004}
sigbjornf
Oilpan: fix build after r368875.
TBR=oilpan-reviews
BUG=550994
NOTRY=true

Review URL: https://codereview.chromium.org/1580593005

Cr-Commit-Position: refs/heads/master@{#368938}
sigbjornf
Oilpan: provide a weak 'this' pointer abstraction for cancellable closures.
For CancellableTaskFactory objects owned by an Oilpan heap object, the
factory's closure maintain a weak reference back to its heap
object owner -- the closure must not invoke a method on that heap object
once the weak reference is cleared.

That latter check for a cleared weak reference wasn't in place; provide
it here. Due to wtf/ and platform/heap/ dependency constraints, we're
forced to do that indirectly by way of using a WeakPtr<>.

R=haraken
BUG=575272

Review URL: https://codereview.chromium.org/1573283004

Cr-Commit-Position: refs/heads/master@{#368851}
sigbjornf
Oilpan: fix uninitialized pointers following r368596, part 2.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1576373002

Cr-Commit-Position: refs/heads/master@{#368836}
philipj
Update Selection IDL TODOs to match nullability change in spec
The node arguments of collapse and setPosition were made nullable:
https://github.com/w3c/selection-api/issues/64

Also move out the optional arguments issues into a single comment:
https://github.com/w3c/selection-api/issues/30

BUG=391673
R=yoichio@chromium.org

Review URL: https://codereview.chromium.org/1576863002

Cr-Commit-Position: refs/heads/master@{#368825}
sigbjornf
Oilpan: fix uninitialized pointers following r368596.
R=haraken,timloh
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1578763003

Cr-Commit-Position: refs/heads/master@{#368824}
rune
Pseudo element selectors in compound selector lists are invalid.
These selectors were never matching, but they are invalid and rules with
invalid selectors should not show up in the CSSOM.

This is just partly fixing detection of invalid use of pseudo elements.
We also incorrectly accept simple selectors following pseudo elements.
In most cases those are invalid selectors.

The modified existing cases contained invalid selectors and they were
modified to make them valid for serialization testing purposes.

R=timloh@chromium.org
BUG=489481,393490

Review URL: https://codereview.chromium.org/1576553002

Cr-Commit-Position: refs/heads/master@{#368823}
sigbjornf
Oilpan: fix build after r368814.
TBR=oilpan-reviews
BUG=540528
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Committed: https://crrev.com/2cf2fab949e741b56be51d1197b064083ec45441
Cr-Commit-Position: refs/heads/master@{#368817}

Review URL: https://codereview.chromium.org/1575323002

Cr-Commit-Position: refs/heads/master@{#368820}
sigbjornf
Revert of Oilpan: fix build after r368814. (patchset #1 id:1 of https://codereview.chromium.org/1575323002/ )
Reason for revert:
Breaks non-Oilpan compilation.

Original issue's description:
> Oilpan: fix build after r368814.
>
> TBR=oilpan-reviews
> BUG=540528
> NOTRY=true
> NOTREECHECKS=true
> NOPRESUBMIT=true
>
> Committed: https://crrev.com/2cf2fab949e741b56be51d1197b064083ec45441
> Cr-Commit-Position: refs/heads/master@{#368817}

TBR=oilpan-reviews@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=540528

Review URL: https://codereview.chromium.org/1580683002

Cr-Commit-Position: refs/heads/master@{#368819}
sigbjornf
Oilpan: fix build after r368814.
TBR=oilpan-reviews
BUG=540528
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Review URL: https://codereview.chromium.org/1575323002

Cr-Commit-Position: refs/heads/master@{#368817}
davve
Fix SVG sizing in crossfaded images
Wrap SVGImages inside SVGImageForContainer to maintain the correct
size. SVGImages are shared between all places the same resource is
used and the wrapper is necessary to get the proper size for a
particular instantiation.

BUG=574172

Review URL: https://codereview.chromium.org/1577843002

Cr-Commit-Position: refs/heads/master@{#368816}
sigbjornf
Oilpan: mark two fast/text tests as failing on Windows.
TBR=oilpan-reviews
BUG=553613
NOTRY=true

Review URL: https://codereview.chromium.org/1579653002

Cr-Commit-Position: refs/heads/master@{#368593}
sigbjornf
Oilpan: retire dated DataRef<> GC_PLUGIN_IGNORE().
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1577753002

Cr-Commit-Position: refs/heads/master@{#368560}
sigbjornf
Restrict the scope of PointerFieldStorageTrait<>.
Float it into ScopedDisposal<> as it isn't used anywhere
else.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1579463002

Cr-Commit-Position: refs/heads/master@{#368552}
sigbjornf
Ensure Oilpan garbage is collected on JavaBridgeChildFrameTest test.
In order for testHolderFrame's testing of the liveness of its weak
reference to be accurate with Oilpan is enabled, another GC round
is required to have both v8 and Oilpan GCs get to sweep out all
their dead objects before checking the weak reference.

R=haraken,jochen
BUG=575696

Review URL: https://codereview.chromium.org/1574753002

Cr-Commit-Position: refs/heads/master@{#368550}
rune
Renamed check for requiring ShadowPseudo combinator.
Some selectors have an implicit boundary crossing combinator inside what
is a compound selector in the selector text. This is an implementation
detail, but we insert such combinators for our SelectorChecker to switch
scopes during matching. Example:

input::-webkit-clear-button

This is a compund selector matching a pseudo element inside the input's
shadow tree. In the implementation, we store that as:

input /implicit-shadow-crossing-combinator/ ::-webkit-clear-button

Where the pseudo element simple selector will match the element inside
the shadow tree, and the implicit combinator will act as a descendant
combinator that can reach into the shadow so that we make the way up to
matching the input type selector on the host element.

Here, we rename methods in the selector parser to reflect that and make
the code easier to understand.

There should be no behavioral changes.

R=timloh@chromium.org,esprehn@chromium.org

Review URL: https://codereview.chromium.org/1568303002

Cr-Commit-Position: refs/heads/master@{#368548}
sigbjornf
Avoid LSan false positives from CSSPathValue::emptyValue().
LSan reports a leak on SVGComputedStyleTest.MiscStyleShouldCompareValue
(with Oilpan), stemming from emptyValue()'s allocation of an
SVGPathByteStream object. Introduce a local constructor function that
explicitly keeps this sub-object from LSan's view -- it is owned by
the emptyValue singleton and shouldn't be considered a leak.

R=haraken
BUG=

Committed: https://crrev.com/08494b981bbe6e9925ffd6663e65b6151bdd9425
Cr-Commit-Position: refs/heads/master@{#368329}

Review URL: https://codereview.chromium.org/1566423002

Cr-Commit-Position: refs/heads/master@{#368346}
sigbjornf
Avoid LSan false positives from CSSPathValue::emptyValue().
LSan reports a leak on SVGComputedStyleTest.MiscStyleShouldCompareValue
(with Oilpan), stemming from emptyValue()'s allocation of an
SVGPathByteStream object. Introduce a local constructor function that
explicitly keeps this sub-object from LSan's view -- it is owned by
the emptyValue singleton and shouldn't be considered a leak.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1566423002

Cr-Commit-Position: refs/heads/master@{#368329}
mostynb
call static SequencedWorkerPool::GetSequenceToken() method directly
Followup to https://codereview.chromium.org/1414793009/ in order
to avoid a GCC unused result warning.

SequencedWorkerPool::GetSequenceToken() is now a static method, GCC
emits a warning for BrowserThread::GetBlockingPool()->GetSequenceToken()
since the return value of BrowserThread::GetBlockingPool() is not
used.  We should just all the static method directly.

Review URL: https://codereview.chromium.org/1567983003

Cr-Commit-Position: refs/heads/master@{#368326}
sigbjornf
Handle some failing DocumentOrderedMap ID lookups across tree removals.
r366066's attempt to better handle failing DocumentOrderedMap lookups
while an element is being removed from a tree with duplicate IDs, didn't
accommodate all cases where the document map might end up being consulted.

Widen the assert and have it scope over node removals; should the unlikely
case happen, recognize that the tree is in a transitory state and allow
the lookup to quietly fail.

TBR=esprehn
BUG=571351

Review URL: https://codereview.chromium.org/1555653002

Cr-Commit-Position: refs/heads/master@{#368321}
fs
Add StylePath and use it to store 'd' in ComputedStyle
This adds a new class StylePath, that wraps a SVGPathByteStream and a
Path to be used when painting et.c. Create a StylePath on-demand from
CSSPathValue, and then cache the resulting value.
This allows sharing the various levels of path-data between different
instances/elements. It also avoids eagerly constructing the Path object
at setAttribute-time.
To be able to achieve this, SVGPathByteStream is made to be reference-
counted.

BUG=535429

Review URL: https://codereview.chromium.org/1545713003

Cr-Commit-Position: refs/heads/master@{#368320}
sigbjornf
Fix std::enable_if<> conversion bug.
after r367242 - "::type" not "::Type".

R=haraken
BUG=554293

Review URL: https://codereview.chromium.org/1564323002

Cr-Commit-Position: refs/heads/master@{#368319}
sigbjornf
DEFINE_STATIC_LOCAL(): assert against illegal use of GCed types.
A singleton static local cannot refer to a Blink garbage collected
object directly, as that fails to keep the singleton alive. A
strong off-heap persistent reference, a Persistent<> variant
or a persistent collection type, is required.

Add a static assert which catches out such incorrect uses of
GCed types.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1568213002

Cr-Commit-Position: refs/heads/master@{#368313}
sigbjornf
Oilpan: hold onto MediaQueryEvaluator singletons with Persistents.
Add missing Persistent<> wrappers around MediaQueryEvaluator singletons;
a regression introduced by r367489.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1562353004

Cr-Commit-Position: refs/heads/master@{#368310}
landell
Don't use pulse/alsa in embedded config
The embedded check was removed in CL
https://codereview.chromium.org/1528533002 which broke our builds.

BUG=

Review URL: https://codereview.chromium.org/1530713006

Cr-Commit-Position: refs/heads/master@{#368304}
sigbjornf
Oilpan: fix build after r368275.
R=haraken
BUG=266276
NOTRY=true

Review URL: https://codereview.chromium.org/1571443004

Cr-Commit-Position: refs/heads/master@{#368299}
tmoniuszko
Allow enable_topchrome_md to be overridden in gn build
BUG=

Review URL: https://codereview.chromium.org/1558123002

Cr-Commit-Position: refs/heads/master@{#368298}
davve
Remove FrameView::m_inPerformLayout
Use the document lifecycle instead of a flag in FrameView to find out
if we're inside performLayout().

Review URL: https://codereview.chromium.org/1562293002

Cr-Commit-Position: refs/heads/master@{#368289}
fs
Don't give 'pathLength' semantic errors special treatment
Just set the parse status to the error code for "negative forbidden"
and let it propagate. the fidelity of the message is roughly the same.

BUG=231612

Review URL: https://codereview.chromium.org/1548933002

Cr-Commit-Position: refs/heads/master@{#368160}
sigbjornf
Remove LocalDOMWindow unuseds.
R=
BUG=

Review URL: https://codereview.chromium.org/1567013002

Cr-Commit-Position: refs/heads/master@{#368090}
bratell
[gn] Detect location of Visual Studio in the registry.
Look in the registry to figure out where Visual Studio is located
on the disk.

BUG=460462

Review URL: https://codereview.chromium.org/1556993002

Cr-Commit-Position: refs/heads/master@{#368089}
rune
Don't add rule features across ::content.
When we see a ::content selector, we mark the invalidation sets for the
selectors left of ::content as insertion-point-crossing. For such
invalidation sets, we mark insertion points for subtree style recalc,
which means that we don't need to look at the selector features right of
::content selectors for invalidations.

For instance for:

.a ::content .b .c

The invalidation set for '.b' contains '.c', and the invalidation set for
'.a' contains '.c' and has the insertion-point-crossing flag set. Adding
'c' is however unnecessary since ::content already causes a subtree style
recalc. Also, this may cause unnecessary invalidations in '.a's scope if
there are in-scope '.c' descendants of '.a'.

This CL avoids adding invalidation set features like '.c' to the
invalidation set for '.a' as illustrated above. Now invalidation sets
may have the insertion-point-crossing flag set while otherwise being
empty, and they should not be considered empty as we need to traverse
and mark all insertion points for such sets.

Review URL: https://codereview.chromium.org/1544893003

Cr-Commit-Position: refs/heads/master@{#368064}
fs
Store a <scale, bias> tuple for textLength scale adjustment
SVGTextFragment::lengthAdjustTransform only ever has two values that
could make it differ from the identity transform.
By storing only these two values - and as floats rather than doubles -
instead of the full AffineTransform, the size of SVGTextFragment is
reduced by 40 bytes.
To enable this we however need to store whether the writing-mode is
vertical or horizontal, so steal one bit from the length field for
that.

BUG=571415

Review URL: https://codereview.chromium.org/1548913002

Cr-Commit-Position: refs/heads/master@{#368051}
mostynb
gn: leave PKG_CONFIG_PATH untouched when not using a sysroot
This makes cross-compilation possible when not using a sysroot.

Review URL: https://codereview.chromium.org/1543483002

Cr-Commit-Position: refs/heads/master@{#367906}
rune
[Printing] Remove unnecessary styleResolverChanged().
styleResolverChanged is already called for media query changes in the
following call chain:

FrameView::adjustMediaTypeForPrinting() ->
FrameView::setMediaType() ->
Document::mediaQueryAffectingValueChanged() ->
Document::styleResolverChanged()

Calling it afterwards should not be necessary.

R=mstensho@opera.com
TEST=printing/print-media-recalc.html

Review URL: https://codereview.chromium.org/1569503002

Cr-Commit-Position: refs/heads/master@{#367895}
davve
Simplify arguments to logical[Left,Right]OffsetForPositioningFloat
|applyTextIndent=false| is always passed to
logical[Left,Right]OffsetForPositioningFloat(). Might as well remove
the parameter and pass |false| where it's needed. No functional change
expected.

Review URL: https://codereview.chromium.org/1557373002

Cr-Commit-Position: refs/heads/master@{#367792}
sigbjornf
Oilpan: fix build after r367779.
TBR=oilpan-reviews
BUG=488373
NOTRY=true

Review URL: https://codereview.chromium.org/1568443002

Cr-Commit-Position: refs/heads/master@{#367787}
davve
Simplify paintFillLayer
paintFillLayer() was only used in one place. Expand the two default
arguments and rename paintFillLayerExtended to paintFillLayer.

Review URL: https://codereview.chromium.org/1527343002

Cr-Commit-Position: refs/heads/master@{#367659}
rune
Avoid unnecessary invalidation scheduling.
This is a reland of https://codereview.chromium.org/1514733002 without
the removal of an assumed-to-be SubtreeStyleChange for attribute changes
when you have a null style resolver, which turned out to cause asserts.

We skip scheduling invalidation sets for an element when:

* StyleResolver is null
* Element is not inActiveDocument()
* Element does not have a parent
* Element parent has SubtreeStyleChange or ReattachStyleChange

Additionally we skip descendant invalidations when:

* Element has SubtreeStyleChange or ReattachStyleChange

and sibling invalidations when:

* Element.nextSibling is null

R=ruuda@google.com
BUG=557440

Review URL: https://codereview.chromium.org/1560693002

Cr-Commit-Position: refs/heads/master@{#367617}
robertn
Use the correct variable in the DCHECK
A patch changed how a value was retrieved to use a different variable,
but the DCHECK was not updated to do the same. The change was
introduced in the following CL:

https://codereview.chromium.org/1479883002

TEST=Load youtube.com/tv, start a video and switch to a suggested video.
     The above steps will trigger the dcheck in content_shell.
R=ajuma@chromium.org
BUG=560275
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1556333003

Cr-Commit-Position: refs/heads/master@{#367527}
arjanl
Don't unnecessarily copy strings
Add a function base::SplitStringPieceUsingSubstr that splits a string
using a substring delimiter without copying the string parts. Use it in
HttpRequestHeaders::AddHeadersFromString.

BUG=572076

Review URL: https://codereview.chromium.org/1549063003

Cr-Commit-Position: refs/heads/master@{#367504}
tmoniuszko
Fix possible loss of data warnings in media_unittests
Fix compiler warning about size_t to uint8_t conversion.

BUG=

Review URL: https://codereview.chromium.org/1559013002

Cr-Commit-Position: refs/heads/master@{#367491}
sigbjornf
Reduce risk of MediaQueryEvaluator-induced leaks.
With Oilpan, having MediaQueryEvaluator keep a Persistent<> reference
to MediaValues isn't necessary and by doing so, increases the risk
of creating inadvertent leaks. Move MediaQueryEvaluator to the heap
instead.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1555993002

Cr-Commit-Position: refs/heads/master@{#367489}
rune
Layout test for 571040.
The fix for issue 571040 did not add a test. Here is one.
Node::virtualEnsureComputedStyle returns nullptr when there is no parent
node (which is strange since the method is called *Ensure*). However,
that's what caused the crash. Confirmed that the added test crashes in a
pre-christmas checkout.

R=shans@chromium.org,dstockwell@chromium.org
BUG=571040

Review URL: https://codereview.chromium.org/1553083002

Cr-Commit-Position: refs/heads/master@{#367393}
mstensho
Internals: throw an exception when page height or width is 0.
The two methods pageNumber() and numberOfPages() on the window.internals object
allowed 0 as page height, which results in a division by zero in multicol (and
general failure to paginate in other parts of the code). Have the methods raise
an exception when such values are provided. Also specify the default width and
height values in Internals.idl rather than in Internals.h, so that they
actually do something. Our default page width and height were effectively 0 for
these methods.

Assert that width and height have valid values (i.e. greater than 0) in
PrintContext::begin().

BUG=571348
R=rune@opera.com

Review URL: https://codereview.chromium.org/1552703003

Cr-Commit-Position: refs/heads/master@{#367304}
sigbjornf
Clarify ordinary page handling.
Clarify that it is precise to use ordinaryPages() to locate storage
event targets (by StorageArea), along with generally tidying up Page
creation - "ordinary" ones as well as ones needed for internal purposes.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1507633003

Cr-Commit-Position: refs/heads/master@{#367296}
davve
Remove unused constant kInvalidFrameRoutingID
All use of kInvalidFrameRoutingID was removed in
https://codereview.chromium.org/1138543002 but for the constant.

Review URL: https://codereview.chromium.org/1532323002

Cr-Commit-Position: refs/heads/master@{#367287}
sigbjornf
EventSender<T> singletons are better off on the Oilpan heap.
Rather than keeping two off-heap persistent collections per EventSender
singleton, have the singletons reside on the Oilpan heap instead.

This also removes no-op cancelEvent()s from various destructors.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1554903002

Cr-Commit-Position: refs/heads/master@{#367282}
sigbjornf
Revert of mac and ios: Build third-party code with -Wall. (patchset #1 id:1 of https://codereview.chromium.org/1555843002/ )
Reason for revert:
ios_Device builder isn't quite ready for -Wall,

 http://build.chromium.org/p/chromium.mac/builders/iOS_Device/builds/33368

breaking compilation.

Original issue's description:
> mac and ios: Build third-party code with -Wall.
>
> This lands the mac and ios build/common.gypi bits of
> https://codereview.chromium.org/1551753002/ (reviewed there)
>
> BUG=573250
> R=thestig@chromium.org
> TBR=thestig@chromium.org
>
> Committed: https://crrev.com/9830789346abd3d8211deff1ebe7a7f5753ba3fc
> Cr-Commit-Position: refs/heads/master@{#367255}

TBR=thestig@chromium.org,thakis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=573250

Review URL: https://codereview.chromium.org/1553943002

Cr-Commit-Position: refs/heads/master@{#367258}
sigbjornf
Oilpan: avoid heap allocation in MajorGCWrapperVisitor
The collection of retained object roots is preferably not allocated on
the Oilpan heap as that risks triggering an unnecessary GC.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1539133002

Cr-Commit-Position: refs/heads/master@{#367161}
mstensho
Update bug number for block-layout-inline-children-replaced.html in TestExpectations.
This test has been flaky (and marked as such) for a long time, and it wasn't
introduced by the fix for bug 537638. It just got accidentally auto-rebaselined
as part of that fix. Revert the bug number in TestExpectations back to what it
used to be.

R=noel@chromium.org
BUG=571590

Review URL: https://codereview.chromium.org/1555533002

Cr-Commit-Position: refs/heads/master@{#367152}
sigbjornf
Diagnose failing GC transition on forced Oilpan GC.
Temporary release asserts to help diagnose an unexpected&unsupported
Blink GC transition.

R=haraken
BUG=571207

Review URL: https://codereview.chromium.org/1559443002

Cr-Commit-Position: refs/heads/master@{#367150}
sigbjornf
Oilpan: prefinalize CSSCrossfadeValue.
Consistently use prefinalizers for ImageResourceClients, following on
from r366092.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1555633002

Cr-Commit-Position: refs/heads/master@{#367146}
mostynb
fix some obsolete code.google.com sandbox links
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1538613002

Cr-Commit-Position: refs/heads/master@{#366972}
fs
Refactor propagation of parsing errors for SVG attributes
Use the return value of SVG{...}::setValueAsString to signal errors
rather than an out parameter and the (mostly faux) ExceptionState
object (for setBaseValueAsString). In the few cases where the latter
is not using an TrackExceptionState - in tear-offs for SVGAngle and
SVGLength - it's easy enough to handle the exception-throwing there
and then.
This makes SVG{...} objects mostly independent of ExceptionState,
saving on footprint from string-construction and argument passing as
a side-effect.
Also remove some unnecessary virtuals on SVGInteger and
SVGPreserveAspectRatio.

BUG=231612

Review URL: https://codereview.chromium.org/1544673003

Cr-Commit-Position: refs/heads/master@{#366715}
fs
Return AffineTransform from SVGTextFragment::buildFragmentTransform
Instead of passing an AffineTransform as an out-parameter, just return
it instead. Since we always copy the resulting transform into the
out-parameter anyway, there should be no loss of efficiency.
This also enables some of the users to be written in a more compact
way.

Also add boundingBox(), boundingQuad() and overflowBoundingBox()
helpers to SVGTextFragment and use where possible.

BUG=571415

Review URL: https://codereview.chromium.org/1549503002

Cr-Commit-Position: refs/heads/master@{#366713}
bratell
Teach Chromium on Windows where to find Ogham glyphs
Ogham glyphs are found in Segoe UI Symbol.

BUG=569938
R=drott@chromium.org

Review URL: https://codereview.chromium.org/1521993008

Cr-Commit-Position: refs/heads/master@{#366616}
bratell
Use clampTo instead of chaining std::max(std::min(...))
It's common to make a value end up between two other values by using
std::min and std::max but we have a clampTo function that will
make the code much easier to read so we should use it.

The performance is the same (both end up doing inline comparisons and
value selection) but not having to include <algorithm> can bring a
very slight compilation speed boost.

BUG=563433

Review URL: https://codereview.chromium.org/1530723004

Cr-Commit-Position: refs/heads/master@{#366585}
davve
Polish recently added documentation for PaintLayerFilterInfo
NOTRY=true

Review URL: https://codereview.chromium.org/1545523003

Cr-Commit-Position: refs/heads/master@{#366571}
fs
Helper for checking if an SVGTextFragment is transformed
Add a isTransformed() helper to SVGTextFragment. Since it's a commonly
recurring pattern to compute the fragment transform and then check if
it is the identity transform - and doing the check before actually
computing the transform is only marginally more expensive (since we
know the structure of SVGTextFragment::lengthAdjustTransform) we can
use this helper and switch order of computation and check. The only
potential downside would be if the resulting transform ends up being
the identity transform - which seems like an edge-case.

With this in place, we can do additional improvements around the
handling of fragment bounding boxes et.c. and change how the fragment
is "parametrized".

BUG=571415

Review URL: https://codereview.chromium.org/1545443002

Cr-Commit-Position: refs/heads/master@{#366567}
fs
Make SVGElement::propertyFromAttribute return raw pointer
Ownership does not transfer from the element, so we can make the return
value a raw pointer, and hence avoid ref-churn, save some footprint and
allow tail-calls in collectStyleForPresentationAttribute.

Review URL: https://codereview.chromium.org/1541923002

Cr-Commit-Position: refs/heads/master@{#366536}
mstensho
Partially manual rebaseline for r366396 https://codereview.chromium.org/1536663004
Re-mark the two tests as failing again for Mac. They were temporarily commented
out in order to get the rebaselining working.

BUG=537638
TBR=wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1536233005

Cr-Commit-Position: refs/heads/master@{#366451}
mstensho
Need to repaint its ::first-line background when a block moves.
Everything else pertaining to ::first-line is painted by the InlineBox objects
established by DOM nodes (text, inline SPAN, whatever), so they get invalidated
when their LayoutObjects get invalidated, but ::first-line background is
special and is painted by RootInlineBox, which wasn't properly invalidated
along with the rest.

BUG=537638
R=chrishtr@chromium.org,eae@chromium.org,wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1536663004

Cr-Commit-Position: refs/heads/master@{#366396}
davve
Rewrite LayoutTest svg/wicd/rightsizing-grid as a reftest
A number of changes were made to reduce flakyness and make the test
more useful:

 * Rewrite as html reftest.

 * Apply a static body width. The test is no longer depending on the
   viewport width.

 * Use a slim body width. The way the test was written a lot of the
   test actually ended up outside the viewport. Layout tests use
   default size 800x600 and this test expected up to double the height
   compared to the width.

 * Avoid gradients and rounded rectangles since they add nothing to
   what's actually meant to be tested.

The test svg/wicd/sizing-flakiness.html is a subset of the
rightsizing-grid test and should provide little value of its own. It
is thus removed.

BUG=571301

Review URL: https://codereview.chromium.org/1542563002

Cr-Commit-Position: refs/heads/master@{#366388}
mostynb
gn format BUILD.gn after CL1535803002
BUG=539572
TBR=dpranke

Review URL: https://codereview.chromium.org/1544453002

Cr-Commit-Position: refs/heads/master@{#366371}
sigbjornf
Oilpan: prefinalize StyleFetchedImage* image resource clients.
Followup r366092 and switch finalization mechanism for
StyleFetchedImage and StyleFetchedImageSet to prefinalizers.

Having them be eagerly finalized conflicted in some cases with
another eagerly finalized object (a FrameView scrollable area),
as these StyleFetchedImage objects cannot be allowed to
touch another eagerly finalized object.

Avoid the finalization (non-)ordering issue by switching these
to prefinalized objects instead.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1536113003

Cr-Commit-Position: refs/heads/master@{#366275}
fs
Drop SkPathContainsPoint in favor of SkPath::contains
This will increase the fidelity in some cases when hit-testing.

BUG=373638,523102

Review URL: https://codereview.chromium.org/1536803003

Cr-Commit-Position: refs/heads/master@{#366141}
philipj
Deprecate document.defaultCharset (to be removed in M50)
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pWSb_tq13Kg/Dmk59Fb9AQAJ

BUG=567738

Review URL: https://codereview.chromium.org/1526563005

Cr-Commit-Position: refs/heads/master@{#366133}
bratell
Use Ebrima as fallback font for Tifinagh in Windows.
BUG=569421

Review URL: https://codereview.chromium.org/1525653002

Cr-Commit-Position: refs/heads/master@{#366131}
sigbjornf
Oilpan: fix build after r366113.
TBR=oilpan-reviews
BUG=505851
NOTRY=true

Review URL: https://codereview.chromium.org/1537683004

Cr-Commit-Position: refs/heads/master@{#366126}
philipj
Update the XMLHttpRequestProgressEvent deprecation messages for M50 removal
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/bpbq0Rcpauk/cnpJtHddAgAJ

BUG=357112

Review URL: https://codereview.chromium.org/1526003002

Cr-Commit-Position: refs/heads/master@{#366114}
philipj
Update the keyLocation deprecation message for M50 removal
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/lqknEaUYCJM/UbNahDDMAwAJ

BUG=568261

Review URL: https://codereview.chromium.org/1529623002

Cr-Commit-Position: refs/heads/master@{#366112}
philipj
Add willBeRemoved and replacedWillBeRemoved deprecation message helpers
The fullscreen deprecation messages are updated, because the old
advice was not as good as the new advice.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1533913003

Cr-Commit-Position: refs/heads/master@{#366096}
sigbjornf
Oilpan: eagerly finalize StyleFetchedImage* image resource clients.
Extend our practice of eagerly finalizing ImageResourceClients to
StyleFetchedImage and StyleFetchedImageSet.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1535643005

Cr-Commit-Position: refs/heads/master@{#366092}
fs
Add a Path::contains() version that use the Path's winding rule
In preparation for using SkPath::contains() for Path::contains(), add an
overload that uses the winding rule (fill type) from the SkPath, since
that the version which will require less impedance matching with the
Skia API. Convert "obvious" current users to the new overload, and remove
some unused winding rule accessors.
Attempt to clean up some related includes while in the general area.

BUG=523102

Review URL: https://codereview.chromium.org/1532923002

Cr-Commit-Position: refs/heads/master@{#366080}
mharanczyk
Change how DOM Inspector fetches document's base URL.
With integration of https://codereview.chromium.org/1409293007 appending
empty string is invalid operation for non hierarchical base urls. Since
DOM Inspector Agent actually want to determine base URL ask for that
data directly.
Without this change base url for non hierarchical (data:) urls was
always empty for inspector, which in turn caused webdriver to freeze
when trying to communicate with such documents, because it wrongly
assumed it is still in loading state (base url was empty),
so it waited for load complete.

Review URL: https://codereview.chromium.org/1530153002

Cr-Commit-Position: refs/heads/master@{#366079}
sigbjornf
Allow -webkit-text-decorations-in-effect preservation during para move.
Adjust assert to allow it; moving paragraphs as part of performing
JustifyRight will want to preserve styles, but this is done without
extra annotation. For which -webkit-text-decorations-in-effect is
also preserved.

R=tkent
BUG=498130
TEST=editing/execCommand/justify-right-in-effect-crash.html

Review URL: https://codereview.chromium.org/1522063002

Cr-Commit-Position: refs/heads/master@{#366067}
sigbjornf
Better handling of DocumentOrderedMap same-ID lookups during tree removals
Under select and unusal conditions, the removal of an element with ID
A might trigger further lookups of A from a TreeScope's DocumentOrderedMap
as part of handling the removal of that element. The tree and
DocumentOrderedMap is not in a consistent state to precisely handle such
lookups -- add machinery to spot that we're in a transitory state and
not trigger an assert over such failing lookups.

See code comments for further details.

R=tkent,esprehn
BUG=426005

Review URL: https://codereview.chromium.org/1532103002

Cr-Commit-Position: refs/heads/master@{#366066}
philipj
Simplify Node.prototype.baseURI to match the DOM spec
https://dom.spec.whatwg.org/#dom-node-baseuri

This simplification was made possible by the removal of xml:base in spec
and implementation:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20976
https://code.google.com/p/chromium/issues/detail?id=341854

BUG=570679

Review URL: https://codereview.chromium.org/1529363004

Cr-Commit-Position: refs/heads/master@{#365934}
landell
Include missing errno.h
BUG=

Review URL: https://codereview.chromium.org/1532833002

Cr-Commit-Position: refs/heads/master@{#365839}
bratell
Include <algorithm> if you use functions from <algorithm>.
I'm trying to remove #include <algorithm> from common headers because
it takes a long time to compile, but then code that actually need
<algorithm> need to include that header themselves.

This will bring no functional change.

BUG=563433

Review URL: https://codereview.chromium.org/1528323002

Cr-Commit-Position: refs/heads/master@{#365830}
philipj
Import the baseURI test from web-platform-tests
Import web-platform-tests@0bb3d73f26aa5a21326b6c1c7aaf35029222223f

Using update-w3c-deps in Blink 731a1238920ae9b7216cd2ced12267deb0d63e19.

This fails, but is imported so that it can be fixed.

BUG=570679

Review URL: https://codereview.chromium.org/1533653002

Cr-Commit-Position: refs/heads/master@{#365828}
wmaslowski
Permissions channel filter should use IDS_PRODUCT_NAME
... instead of explicit 'Google Chrome'.

BUG=560262

Review URL: https://codereview.chromium.org/1469003002

Cr-Commit-Position: refs/heads/master@{#365825}
sigbjornf
Oilpan: simplify plugin container finalization.
Simplify the finalization of WebPluginContainerImpl by registering a
prefinalizer for it. By doing so, we can let go of the LocalFrame
registration scheme currently used -- a scheme needed to ensure
that plugin containers could safely dispose of their plugin while
the owning LocalFrame was still alive and accessible. That
mechanism predated prefinalizer/eager finalization support. But
with it well in place, we can make good use of it here -- the
prefinalizer disposing of the plugin container while the LocalFrame
is accessible.

Notice that plugin containers (PluginView widgets) still need to
be explicitly disposed of in places. Their plugins will have to
be summarily & predictably destroyed at those points, something
that cannot be left until the next GC (whenever it goes ahead.)

R=dcheng
BUG=340522

Review URL: https://codereview.chromium.org/1517993004

Cr-Commit-Position: refs/heads/master@{#365792}
ljagielski
[Linux] Turn off -mstackrealign for breakpad in ia32.
There's a clang bug which causes crashes of syscalls which use many
registers for argument passing in ia32 architecture.
https://llvm.org/bugs/show_bug.cgi?id=16830

BUG=556393

Review URL: https://codereview.chromium.org/1473203002

Cr-Commit-Position: refs/heads/master@{#365770}
sigbjornf
Gracefully discharge a failed script load in disposed documents.
Should a ScriptLoader's resource end up being cancelled as part of
Document and ScriptRunner disposal, handle the error notification without
falsely asserting. Speculative crash fix.

R=haraken
BUG=536796

Review URL: https://codereview.chromium.org/1526293003

Cr-Commit-Position: refs/heads/master@{#365541}
bratell
Include <algorithm> if you use functions from <algorithm>.
I'm trying to remove #include <algorithm> from common headers because
it takes a long time to compile, but then code that actually need
<algorithm> need to include that header themselves.

This will bring no functional change.

BUG=563433

Review URL: https://codereview.chromium.org/1531703002

Cr-Commit-Position: refs/heads/master@{#365524}
sigbjornf
Oilpan: make ScrollableAreaTest.ScrollbarTrackAndThumbRepaint work.
Scrollbars assume that their associated theme objects live longer,
unregistering themselves upon finalization.

Make it clear that this lifetime assumption must also hold for Scrollbars
created by the test-only constructor Scrollbar::createForTesting() +
alter ScrollableAreaTest.ScrollbarTrackAndThumbRepaint so that the
scrollbars it creates are finalized before the mock theme object is.
With Oilpan, explicit flushing out of garbage is needed.

R=haraken
BUG=549277

Review URL: https://codereview.chromium.org/1528613006

Cr-Commit-Position: refs/heads/master@{#365517}
davve
Measure SVGSVGElement.viewport
The implementation is trivial but entirely useless and has been since
2012. The attribute is not present at all in Gecko.

It has been removed from the spec:
http://www.w3.org/Graphics/SVG/WG/track/actions/3815

BUG=395838, 415074

Review URL: https://codereview.chromium.org/1523273002

Cr-Commit-Position: refs/heads/master@{#365515}
philipj
Import dom/ from web-platform-tests
Import web-platform-tests@0bb3d73f26aa5a21326b6c1c7aaf35029222223f

Using update-w3c-deps in Blink adcc203a3f95a64d9bd7018adec276cfb7eadeb5.

Review URL: https://codereview.chromium.org/1529523002

Cr-Commit-Position: refs/heads/master@{#365433}
fs
Tidy up SVGParserUtilities
Remove unused typedefs and includes. Move 'transform'-related parsing
bits to SVGTransformList.cpp.

Review URL: https://codereview.chromium.org/1527993002

Cr-Commit-Position: refs/heads/master@{#365379}
fs
Use Vector<...>::append(const U*, size_t) in SVGPathByteStream
This appears to help larger paths a decent amount, while not hurting
smaller paths. Payload for this copy is 2-26 bytes. For a ~3.5k
character path string this reduced runtime of a
setAttribute('d', <path>) micro-benchmark (w/ mostly 10 byte payloads)
by roughly 17%.

BUG=568735

Review URL: https://codereview.chromium.org/1527613006

Cr-Commit-Position: refs/heads/master@{#365365}
fs
Shrink SVGTransform::valueAsString
Use a StringBuilder and convert transformTypePrefixForParsing to return
const char*.
Since this is a uniform arguments notation, put the arguments in an
array and loop through them, appending them to the result.
This reduces the size of this method from a bit of 6k to a bit over 950
bytes (x86-64).

Review URL: https://codereview.chromium.org/1525213002

Cr-Commit-Position: refs/heads/master@{#365354}
fs
Shrink SVGPreserveAspectRatio::valueAsString
No need to instantiate String for all the cases. Use a StringBuilder and
const char* instead.
Shrinks the method by nearly 500 bytes (x86-64)

Review URL: https://codereview.chromium.org/1526103002

Cr-Commit-Position: refs/heads/master@{#365319}
sigbjornf
Canonicalize creation of ServiceWorkerContainerClient supplement.
Follow the lazy from-new-provideTo pattern used elsewhere for instantiating
supplements.

R=horo
BUG=

Review URL: https://codereview.chromium.org/1518323002

Cr-Commit-Position: refs/heads/master@{#365230}
wdzierzanowski
Don't assume correct image format in CopyVpxImageToVideoFrame()
The data arriving inside the |vpx_image| struct is not guaranteed by
libvpx to be in one of the formats supported by VpxVideoDecoder.

BUG=569574
TEST=Loading http://shion.ru/crash.webm should result in video decoding error

Review URL: https://codereview.chromium.org/1520313002

Cr-Commit-Position: refs/heads/master@{#365213}
rune
Avoid unnecessary invalidation scheduling.
We skip scheduling invalidation sets for an element when:

* StyleResolver is null
* Element is not inActiveDocument()
* Element does not have a parent
* Element parent has SubtreeStyleChange or ReattachStyleChange

Additionally we skip descendant invalidations when:

* Element has SubtreeStyleChange or ReattachStyleChange

and sibling invalidations when:

* Element.nextSibling is null

Removed an unnecessary SubtreeStyleChange when StyleResolver is null for
attribute changes.

BUG=557440

Review URL: https://codereview.chromium.org/1514733002

Cr-Commit-Position: refs/heads/master@{#365188}
fs
Fix ImageResource null-check in LayoutImage::foregroundIsKnownToBeOpaqueInRect
Make sure m_imageResource->cachedImage() is non-null before
dereferencing even for the use in the context of the TRACE_EVENT.

BUG=569624

Review URL: https://codereview.chromium.org/1527453003

Cr-Commit-Position: refs/heads/master@{#365097}
sigbjornf
Document LEAK_SANITIZER_IGNORE_OBJECT() more precisely.
R=haraken
BUG=567257
NOTRY=true

Review URL: https://codereview.chromium.org/1511833006

Cr-Commit-Position: refs/heads/master@{#365025}
sigbjornf
Oilpan: support OSX thread stack size discovery.
We do know enough about OSX stack sizes to be able to work around
bugginess of 10.9's pthread_get_stacksize_np().

R=haraken
BUG=569480

Review URL: https://codereview.chromium.org/1527513002

Cr-Commit-Position: refs/heads/master@{#364996}
sigbjornf
Revert of Response construction with a ReadableStream (patchset #13 id:320001 of https://codereview.chromium.org/1506023003/ )
Reason for revert:
Caused some UAFs,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/21811

Original issue's description:
> Response construction with a ReadableStream
>
> This CL implements Response construction with a ReadableStream provided
> by V8 Extras. The feature is behind a runtime enabled flag.
>
> The implementation is not perfect.
>  - ReadableStreamDataConsumerHandle should be thread-safe but is not.
>  - ReadableStreamDataConsumerHandle may cause memory leaks.
> But these problems don't bother stable users.
>
> BUG=564479
>
> Committed: https://crrev.com/6aa006ba0f0f8a60c20167ad009f5699e40b8ef2
> Cr-Commit-Position: refs/heads/master@{#364968}

TBR=domenic@chromium.org,bashi@google.com,bashi@chromium.org,haraken@chromium.org,tyoshino@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=564479

Review URL: https://codereview.chromium.org/1527493002

Cr-Commit-Position: refs/heads/master@{#364981}
fs
Restore TextCaseSensitivity argument to literal {start,end}sWith
This reverts the change made by:
  https://codereview.chromium.org/1507763003
hence restoring the method signatures. Implementations are adjusted
based on intermediate changes, like supporting ASCII case-insensitive.

Reorganize the equalSubstring* helpers so that more code can be shared
(at least textually.)
Also try to make the naming of arguments consistent for the various
startsWith/endsWith implementations ("prefix"/"suffix" rather than
"match").

BUG=568584

Review URL: https://codereview.chromium.org/1523463004

Cr-Commit-Position: refs/heads/master@{#364957}
sigbjornf
Oilpan: fixup Handle.h include.
R=haraken
BUG=357163

Review URL: https://codereview.chromium.org/1520083002

Cr-Commit-Position: refs/heads/master@{#364950}
fs
Ship Case-insensitive attribute selectors
Intent-to-ship:
  https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/vAWK0ldpyrc

BUG=567732

Review URL: https://codereview.chromium.org/1519833002

Cr-Commit-Position: refs/heads/master@{#364831}
philipj
Remove deprecation messages for no-ops that are left in the specs
Since these will not be removed, warning developers about them is
not a good use of attention.

Take the opportunity to remove the detach() calls from a few tests where
it does nothing anyway. Remove detach-range-during-deletecontents.html
as that was testing specifically detach() which cannot be relevant now
that it is a no-op. Some of the range-* tests are left untouched as they
explicitly call out that detach() is a no-op in comments.

These are the reviews where these deprecation messages were added:
https://codereview.chromium.org/256013002
https://codereview.chromium.org/252783002
https://codereview.chromium.org/901623002

BUG=568218
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1516553002

Cr-Commit-Position: refs/heads/master@{#364745}
fs
Use ASCII case-insensitive matching for attribute selectors
When matching attribute selectors in a case-insensitive manner, the
match should be performed using "ASCII case-insensitive" matching per
the "document language" specification (HTML) [1]. Similarly when the "i"
modifier is used [2].

New behavior matches Gecko (for [1]) and WebKit (for [1] and [2]).

This requires adding some new functions to support the various matching
operations: startsWith, endsWith and find.
Add TextCaseSensitivity value TextCaseASCIIInsensitive and
implementations for the methods mentioned above.
Replace current use of startsWithIgnoringASCIICase with startsWith,
passing TextCaseASCIIInsensitive.

[1] https://html.spec.whatwg.org/multipage/scripting.html#case-sensitivity
[2] https://drafts.csswg.org/selectors-4/#attribute-case

BUG=565878

Review URL: https://codereview.chromium.org/1499933003

Cr-Commit-Position: refs/heads/master@{#364703}
davve
Split SVGSVGElement.create* functions from SVG1DOM counter
Measure them individually to see which ones, if any, has any
usage. They are interesting in the sense of being the only way of
creating such objects.

BUG=415074

Review URL: https://codereview.chromium.org/1505953008

Cr-Commit-Position: refs/heads/master@{#364695}
sigbjornf
Oilpan: fix build after r364654, part 3.
TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1514393002

Cr-Commit-Position: refs/heads/master@{#364692}
sigbjornf
Oilpan: always limit persisted plugin disposal to PluginViews instances.
With Oilpan enabled, the plugin element needs to synchronously inform
its 'persisted' plugin widget that it is slated for destruction and
call its dispose() method. This is needed so as to have that plugin
unregister in a timely fashion (without waiting on the next GC.)

This disposal step is only needed for PluginView widgets; it is indeed
harmful to call it for a FrameView widget should it be disposed while
being in the middle of performing a full layout.

R=dcheng
BUG=568383

Review URL: https://codereview.chromium.org/1514073002

Cr-Commit-Position: refs/heads/master@{#364690}
sigbjornf
Oilpan: fix build after r364654, part 2.
Follow up r364678, unit test breakages.

TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1520523005

Cr-Commit-Position: refs/heads/master@{#364683}
sigbjornf
Oilpan: fix build after r364654.
TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1521583002

Cr-Commit-Position: refs/heads/master@{#364678}
davve
Hook up RendererMediaSessionManager with browser side
Implements the basic IPC messages for activation and deactivation back
and forth.

The browser side is still unimplemented.

BUG=497735

Review URL: https://codereview.chromium.org/1441883003

Cr-Commit-Position: refs/heads/master@{#364673}
davve
Remove --disable-svg1dom runtime flag
Because the SVG1DOM UseCounter was high enough that we couldn't rip
all of it out together[1] we might as well drop the run-time flag for
disabling it. It carries a non-significant cost of generated bindings
code (~700 lines less and simpler code) and won't be of much use now
anyway.

[1] https://code.google.com/p/chromium/issues/detail?id=415074#c4

BUG=415074

Review URL: https://codereview.chromium.org/1514853002

Cr-Commit-Position: refs/heads/master@{#364657}
christiank
Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Committed: https://crrev.com/7d60ce9a132a88ead407a2a58c91edc431e68259
Cr-Commit-Position: refs/heads/master@{#364326}

Review URL: https://codereview.chromium.org/1379783002

Cr-Commit-Position: refs/heads/master@{#364484}
fs
Remove String::reverseFindIgnoringCase
No longer used. Also remove the "dynamic" TextCaseSensitivity version
of String::reverseFind.

BUG=565878

Review URL: https://codereview.chromium.org/1508423004

Cr-Commit-Position: refs/heads/master@{#364375}
philipj
Add UseCounters for Selection methods that take null
Making collapse's argument non-nullable appears risky:
https://codereview.chromium.org/1498253002/#msg9

The risk for setBaseAndExtent is entirely unknown.

Measure both cases before proceeding further.

The change to Selection.idl is for clarity only, these are implicitly
nullable because of [LegacyInterfaceTypeChecking], and adding making
them explicitly nullable does not change the generated code.

Review URL: https://codereview.chromium.org/1509353004

Cr-Commit-Position: refs/heads/master@{#364344}
mstensho
PrintContext::pageProperty() shouldn't use 0 as page height.
This function only seems to be used by window.internals,
although WebFrame also provides a method that ends up there. It's only
partially implemented, though. It recognizes "margin-left", but not
"margin-right", for instance. Anyway, use a better page height than 0.

Also no need to explicitly lay out the document here, since
PrintContext::begin() does it for us.

With this change, we no longer need to perform a page height sanity check in
LayoutView::layout() before creating a ViewFragmentationContext.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1510353002

Cr-Commit-Position: refs/heads/master@{#364333}
mostynb
remove duplicate friend declaration
GCC builds fail with duplicate friend declaration introduced
by https://codereview.chromium.org/1407383005

BUG=543655
TBR=vollick

Review URL: https://codereview.chromium.org/1515673004

Cr-Commit-Position: refs/heads/master@{#364328}
christiank
Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1379783002

Cr-Commit-Position: refs/heads/master@{#364326}
philipj
Drop [LegacyInterfaceTypeChecking] for Selection.prototype.addRange
This already throws in Firefox and IE11 when the argument is null:
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3781

DOMSelection::addRange is only called from generated bindings, so the
assert will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1511913002

Cr-Commit-Position: refs/heads/master@{#364322}
philipj
Drop [LegacyInterfaceTypeChecking] for SpeechSynthesis.prototype.speak
This changes only the exception message. There are no internal calls to
SpeechSynthesis::speak, so the ASSERT(utterance) will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1481163002

Cr-Commit-Position: refs/heads/master@{#364303}
sigbjornf
Safely finalize an AnimationTimeline's still-attached Animations.
R=haraken
BUG=568084

Review URL: https://codereview.chromium.org/1515573002

Cr-Commit-Position: refs/heads/master@{#364300}
fs
Refactor StringImpl::{start,end}sWith(StringImpl*, ...)
In preparation for ASCII case-insensitive matching in these two methods,
add a macro for handling the "dispatch" to the right method, and split
the single method into two in both instances. Make the argument to the
new methods as well as the methods themselves const.
Add equalSubstring{,IgnoringCase} helpers and use those to implement
both of the methods.

BUG=565878

Review URL: https://codereview.chromium.org/1511813004

Cr-Commit-Position: refs/heads/master@{#364243}
philipj
Import web-platform-tests@5dbe45af3ad3a933c03187c72f1c12cbe2877703
Using update-w3c-deps in Blink 2fdb258ddf7fa6834750711a10a01d26766b7d46.

Failing test expectations were added for two tests:

 * maxlength.html fails because the internal maxlength 524288 is exposed to
   scripts instead of -1.

 * document.getElementsByName-namespace-xhtml.xhtml fails because
   getElementsByName() tests all elements, while the spec says to only
   include HTML elements in the collection:
   https://html.spec.whatwg.org/multipage/dom.html#dom-document-getelementsbyname

R=tkent@chromium.org

Review URL: https://codereview.chromium.org/1515563002

Cr-Commit-Position: refs/heads/master@{#364149}
rune
Don't early return on SubtreeStyleChange for scheduling invalidations.
Sibling invalidation sets still need to be scheduled for elements with
SubtreeStyleChange when SubtreeStyleChange is for strict subtree.

R=dstockwell@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1503993002

Cr-Commit-Position: refs/heads/master@{#364092}
davve
Split SVGStringList related measurements from SVG1DOM counter
Measure users of SVGStringList individually to see if the
SVGStringList and SVGTests interfaces can be removed or needs to stay.

BUG=415074

Review URL: https://codereview.chromium.org/1507613002

Cr-Commit-Position: refs/heads/master@{#364074}
rune
Remove clearing of pending invalidation sets.
In preparation for making SubtreeStyleChange not affect the sibling
forest.

We can skip scheduling descendant invalidation sets for elements whose
styleChangeType is SubtreeStyleChange. However, with sibling invalidation
sets, we still need to schedule invalidations for invalidating the
sibling forest when we change SubtreeStyleChange to be a strict subtree
recalc.

We may not clear pending invalidations on detach either, unless the node
was actually removed from the dom tree, since there might be pending
sibling invalidations.

R=dstockwell@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1507653002

Cr-Commit-Position: refs/heads/master@{#364064}
bratell
[net] Make state table const to share between processes.
When studying the contents of the duplicated data between
processes I found the parser_state variable in http_server.cc.

It's only about 200 bytes but the fix is trivial (add a const).

The rest of the change is a git cl format net to make presubmit happy.

R=yhirano@chromium.org, mmenke@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1506893004

Cr-Commit-Position: refs/heads/master@{#364061}
mstensho
The column balancer should ignore things outside the bounds of the row.
The column balancer examines one row (fragmentainer group) at a time, and it
needs to ignore things that happen at hard or soft column breaks in other rows.
Do some flow thread coordinate bounds checking to avoid being affected by
pagination struts and hard breaks in other rows.

BUG=556481
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1501053002

Cr-Commit-Position: refs/heads/master@{#364040}
mstensho
Paginated containers are opaque to enclosing fragmentation contexts.
Only multicol containers may be fragmented by enclosing fragmentation contexts.
Unlike multicol containers, containers with overflow:paged-x or paged-y cannot
create additional fragmentainer groups for each outer column that it lives in.

Added a basic test for multicol inside paged overflow, since it was missing,
just to make sure that this CL doesn't break anything.

BUG=479074
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1503003002

Cr-Commit-Position: refs/heads/master@{#364036}
mateuszs
Fixed i-cursor height calculation.
In previous solution only AND part of cursor mask
was taken into account. Now both AND and XOR parts
are considered to properly determine bottom point
of cursor pointer.

BUG=446810

Review URL: https://codereview.chromium.org/1067163003

Cr-Commit-Position: refs/heads/master@{#364026}
sigbjornf
Oilpan: fix build after r363998.
The struct contains a raw pointer to an Oilpan heap object (Scrollbar*),
which is not allowed without either accounting for its safety (or
by having it be traced.)

But as the struct is unused, just remove it.

R=haraken
BUG=560418
NOTRY=true

Review URL: https://codereview.chromium.org/1515503002

Cr-Commit-Position: refs/heads/master@{#364015}
fs
Drop TextCaseSensitivity from {start,end}sWith(const char*, ...)
The only user that's uses case-insensitive matching is
localeIdMatchesLang(), which can get a helper of its own (broken out of
equalInner).
Also rearrange/rewrite localeIdMatchesLang() a bit to not compare the
language prefix again for each possible delimiter, and skip the "full"
comparison at the start (using a prefix match+length check instead.)
Also remove the templated StringImpl::{start,end}sWith.

BUG=565878

Review URL: https://codereview.chromium.org/1507763003

Cr-Commit-Position: refs/heads/master@{#364014}
sigbjornf
Reland of Fix several corner case issues of scrollbar paint invalidation (patchset #1 id:1 of https://codereview.chromium.org/1513573004/ )
Reason for revert:
Thanks for looking after the health of Oilpan builds. But as Oilpan is yet to be CQ-blocking, we don't want to be unnecessarily causing post-landing revert consternation & be in the way of overall progress.

Hence, I'm going to undo this revert & address the problem the Oilpan static checks are picking up on; it's a trivial one.

Original issue's description:
> Revert of Fix several corner case issues of scrollbar paint invalidation (patchset #7 id:120001 of https://codereview.chromium.org/1491193003/ )
>
> Reason for revert:
> I suspect this may have broken the Oilpan build:
>
> https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac%20Oilpan/builds/27442
>
> Original issue's description:
> > Fix several corner case issues of scrollbar paint invalidation
> >
> > - Invalidate composited scrollbars also during paint invalidation to
> >   avoid unnecessary invalidation on intermediate changes;
> >
> > - Invalidate also on the containing box for moved/resized composited
> >   non-overlay scrollbars. This ensures the expanded/shrunk areas of the
> >   box because of scrollbar existence/width change are invalidated. This
> >   is the root cause of bug 535161.
> >
> > - Avoid unnecessary invalidations on overlay scrollbar changes.
> >
> > BUG=535161,560418
> >
> > Committed: https://crrev.com/48e402acbebf2717b8e79b89dba5310d31bf95da
> > Cr-Commit-Position: refs/heads/master@{#363998}
>
> TBR=chrishtr@chromium.org,skobes@chromium.org,wangxianzhu@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=535161,560418
>
> Committed: https://crrev.com/ed0577e5a8952de3976d6b18fa0ed39fe2a0e418
> Cr-Commit-Position: refs/heads/master@{#364000}

TBR=chrishtr@chromium.org,skobes@chromium.org,wangxianzhu@chromium.org,dominicc@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=535161,560418

Review URL: https://codereview.chromium.org/1511143002

Cr-Commit-Position: refs/heads/master@{#364006}
sigbjornf
GC plugin: remove mixin trace override restriction.
The GC plugin currently insists that a class that is declared as a
mixin instance (i.e., uses USING_GARBAGE_COLLECTED_MIXIN()) must also
declare its own local trace implementation override.

This is an unnecessary restriction to impose:

 - if the class derives from one GarbageCollectedMixin<> instance,
   it will have its virtual trace method in scope.
 - if it inherits from multiple, ambiguity exists and the compiler
   will already complain.
 - if the class declares traceable members of its own, then not providing
   a trace implementation that correctly handles these members will
   be otherwise flagged as an error by the GC plugin.

Remove the static check from the plugin, along with adding a unit test
which verifies that the virtual trace is inherited as expected.

R=thakis,haraken
BUG=444565

Review URL: https://codereview.chromium.org/1504013004

Cr-Commit-Position: refs/heads/master@{#364001}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

(Reland of r363780.)

R=haraken
BUG=567257

Committed: https://crrev.com/6918d00fae1ab739f89393378fa4adddabacafd2
Cr-Commit-Position: refs/heads/master@{#363780}

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363994}
mostynb
don't rely on -Wno-narrowing in skcanvas_video_renderer.cc
Review URL: https://codereview.chromium.org/1504673003

Cr-Commit-Position: refs/heads/master@{#363947}
philipj
Remove unused [RaisesException] for createNodeIterator() and createTreeWalker()
While in the area, also assert that the root argument is not null, which
is guaranteed since https://codereview.chromium.org/360463005

The FIXME is removed because the whatToShow default value is 0xFFFFFFFF,
so any such warning would trigger by default.

R=haraken@chromium.org

Review URL: https://codereview.chromium.org/1510753004

Cr-Commit-Position: refs/heads/master@{#363850}
mstensho
Add support for printing multicol containers, and enable it.
Introduce an abstract class FragmentationContext, which is either implemented
by LayoutMultiColumnFlowThread for multicol, or by the new
ViewFragmentationContext class, which is attached to a LayoutView when
printing. This way it will act as an enclosing fragmentation context for a
multicol container in the document. This is similar to how an outer multicol
container acts as an enclosing fragmentation context for an inner multicol
container.

The multicol flow thread implementation will now obtain and use a
FragmentationContext when attempting to locate its enclosing fragmentation
context, rather than only looking for another flowthread up there (and assume
that it's not nested if none was found). A big part of this CL is to teach the
multicol implementation about this, which means that there are quite a few
mechanical changes from enclosingFlowThread() (and LayoutMultiColumnFlowThread
method calls) to enclosingFragmentationContext() (and FragmentationContext
method calls).

Replaced an old printing test that tested that multicol didn't work, with one
that tests that multicol does work. :)

Also added another test that splits a multicol container over two pages.

BUG=99358
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1492143002

Cr-Commit-Position: refs/heads/master@{#363838}
davve
Remove special handling of xpointer( as fragment url
Unless we're implementing xpointer( real soon now, we might as well be
honest about not supporting it.

BUG=567693

Review URL: https://codereview.chromium.org/1504333002

Cr-Commit-Position: refs/heads/master@{#363787}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

R=haraken
BUG=567257

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363780}
sigbjornf
Oilpan: fix build after r363737.
Leave CompositorProxiedPropertySet off the Oilpan heap for now.

R=haraken
BUG=430155
NOTRY=true

Review URL: https://codereview.chromium.org/1512473002

Cr-Commit-Position: refs/heads/master@{#363762}
fs
Avoid race-warning for access to animatableAttributes
Collecting debug data during a commit in CC can land us in this method
while not running in the main thread  (although it'll be blocked).
Since this is assert-only code, switch to a thread-safe initializer to
avoid triggering this warning. Hopefully this doesn't slow things down
to badly on bots.

BUG=545972

Review URL: https://codereview.chromium.org/1487813002

Cr-Commit-Position: refs/heads/master@{#363687}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

R=haraken
BUG=567257

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363591}
davve
Disallow [Measure] and [MeasureAs] on interfaces without a constructor
For the instances where MeasureAs was specified on interfaces without
a constructor, simply remove the MeasureAs. Since they can't be
created by script, it seems more worthwhile want to measure where
these object are returned rather than the use of the interfaces
themselves.

The only change in generated code will be less includes of
core/frame/UseCounter.h, as can be seen in the binding testsuite
update.

BUG=415074, 567015

Review URL: https://codereview.chromium.org/1509493002

Cr-Commit-Position: refs/heads/master@{#363503}
sigbjornf
Oilpan: remove unnecessary MultisamplingChangedObserver unregistration.
As the Page keeps weak references to its MultisamplingChangedObservers,
there is no need to explicitly unregister upon finalization of
WebGLRenderingContextBase. It will already have been removed by
weak processing.

That unregistration step was made safe by virtue of the context object
being eagerly finalized.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1508673002

Cr-Commit-Position: refs/heads/master@{#363489}
davve
Teach SVGImageForContainer::imageForCurrentFrame about the URL
Pass URL from SVGImageForContainer to SVGImage when fetching an
snapshot for current frame.

BUG=565282

Review URL: https://codereview.chromium.org/1498683003

Cr-Commit-Position: refs/heads/master@{#363466}
philipj
Drop [LegacyInterfaceTypeChecking] for the Presentation API
The change to the send() methods are unobservable, because the added
TypeError exceptions in the generated code are unreachable, as type
testing is first used to pick which send() to dispatch to.

The change to defaultRequest is observable, in that something like
`presentation.defaultRequest = {}` will now throw TypeError instead of
setting defaultRequest to null. Since this is a very new API, this is
very unlikely to be a problem.

BUG=561338

Review URL: https://codereview.chromium.org/1484463003

Cr-Commit-Position: refs/heads/master@{#363464}
sigbjornf
Improve ScriptForbiddenScope handling in cross-threaded code.
For code that is used by multiple threads, we currently have to resort
to explicit main thread checks and manually adjust script forbidden
counts depending. Introduce ScriptForbiddenIfMainThreadScope that
reliably takes care of the details instead, entering&leaving a script
forbidden scope iff on the main thread.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1502093002

Cr-Commit-Position: refs/heads/master@{#363454}
davve
Remove redundant code from v8_interface.py
The 'UseCounter.h' include is added when needed by deprecate_as and
measure_as methods.

BUG=567015

Review URL: https://codereview.chromium.org/1500423002

Cr-Commit-Position: refs/heads/master@{#363449}
davve
Drop Image::setContainerSize()
Prior to this patch, the only user of Image::setContainerSize() was
HTMLImageElement::getSourceImageForCanvas().

SVGImage, one the relevant kinds of image that return true for
Image::usesContainerSize(), is a shared resource between all places in
the document pointing to the same SVG image. Each time a SVGImage is
drawn, the container size it is drawn relative to is saved. This may
cause subsequent paints of the same SVGImage to re-use the old
container size unless a new one is provided.

The old code addressed just that. When it detected that there was no
layout object attached, it overwrote the old container size with the
size of the image itself, to avoid reusing an old container size.

The new code uses the SVGImageForContainer wrapper to insert the image
size as container size. This closes the loop for using _any_ container
size at all from the Image element. It seems unreasonable that the
layout'ed size should have anything to do with what's drawn to the
canvas anyway.

GeneratedImage had a setContainerSize() implementation too, which is
removed in this patch. It's suspected that this implementation was
unused since a generated image can't be set on a HTMLImageElement
directly.

BUG=563923

Review URL: https://codereview.chromium.org/1489003002

Cr-Commit-Position: refs/heads/master@{#363437}
sigbjornf
Simplify prefinalizer processing.
The processing can be performed in one pass.

R=haraken
BUG=420515
NOTRY=true

Review URL: https://codereview.chromium.org/1507483002

Cr-Commit-Position: refs/heads/master@{#363426}
philipj
Add use counters for NodeFilter being a function or an object
NodeFilter is a callback interface in the spec, but a plain interface in
Blink. It's the only callback interface that also has attributes, so
that there must be a NodeFilter attribute on the global object. In order
to make NodeFilter a callback interface per spec, the bindings generator
would need new code to generate that object.

If it's possible to make the createNodeIterator() and createTreeWalker()
filter arguments callback functions instead of callback interfaces, it
looks like this could all be simplified significantly. NodeFilter would
then remain as a plain interface with only the const attributes.

There is also a minor incompatiblity with Gecko related to NodeFilter.
Blink always wraps the function or object inside a new object which is
instanceof NodeFilter, and NodeIterator.prototype.filter returns this
object. Gecko, on the other hand, returns the same object thas was
passed in to createNodeIterator(), and instanceof NodeFilter throws a
TypeError.

BUG=462946

Review URL: https://codereview.chromium.org/1493023004

Cr-Commit-Position: refs/heads/master@{#363366}
philipj
Drop [LegacyInterfaceTypeChecking] for the Web Audio API
This aligns Web Audio with what WebIDL requires given the IDL it uses.

The risk of these changes is bounded by these use counters:

AnalyserNode ~0.01%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/631

BiquadFilterNode ~0.001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/632

ConvolverNode ~0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/636

OscillatorNode ~0.001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/643

WaveShaperNode <0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/648

AudioParam.prototype.setValueCurveAtTime <0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/913

With such lower usage, fixing corner cases like this is unlikely to
cause any trouble. Usage of AudioContext itself is at most ~0.2%, but
that counter is not for the constructor but merely access to
window.AudioContext, and thus not a good indicator of real usage:
https://www.chromestatus.com/metrics/feature/timeline/popularity/652

BUG=561338

Review URL: https://codereview.chromium.org/1493753003

Cr-Commit-Position: refs/heads/master@{#363297}
rune
Renamed authorStyleSheets to injectedAuthorStyleSheets.
The naming in StyleEngine was too general to grasp which stylesheets these
actually were. They are stylesheets injected through
WebDocument::insertStyleSheet which are injected by extensions afaict.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1493323002

Cr-Commit-Position: refs/heads/master@{#363219}
sigbjornf
Prevent reported RenderViewImplTest LSan leaks.
Add missing calls to ProcessPendingMessages() to a pair of
RenderViewImplTest unit tests. Not doing so would, with Oilpan enabled,
flakily hold on to the entire view of the test and report it as leaking
with LSan.

R=jochen
BUG=

Review URL: https://codereview.chromium.org/1495923002

Cr-Commit-Position: refs/heads/master@{#363196}
tmoniuszko
Adjust text fade width and alpha
Slightly increase fade gradient width.

Use 0 target alpha for wide texts. Linearly increase alpha for narrower
texts.

BUG=563390

Review URL: https://codereview.chromium.org/1493713002

Cr-Commit-Position: refs/heads/master@{#363188}
rune
Call pseudoStateChangedForElement from Element::pseudoStateChanged only.
There were a few places where StyleEngine::pseudoStateChangedForElement
was called directly instead of via Element::pseudoStateChanged. Changed
to have consistently common code paths.

Review URL: https://codereview.chromium.org/1491183007

Cr-Commit-Position: refs/heads/master@{#363177}
wdzierzanowski
Revert "Fix race on demuxer memory usage. Reuse previous calculation."
This reverts commit 9ac642d1d2ed95b810ff276fb65c2be7b461e791.

Now that Demuxer::GetMemoryUsage() runs on the media thread
(fd4cd91c5eea8b3a4970f5512a306e4a03e33101), the reason for the race is
removed and so the synchronization in FFmpegDemuxer can be removed too.

BUG=564034
TEST=Crash page from https://crbug.com/447898 still doesn't crash

Review URL: https://codereview.chromium.org/1494113002

Cr-Commit-Position: refs/heads/master@{#363173}
mstensho
Support enclosing fragmentainer breaks inside spanners.
A column-span:all object in a nested multicol container is part of one or more
columns in the outer multicol container, so we need to allow it to be
paginated. In order to paginate it correctly, we also need to set its correct
logical top before laying it out, or we'd risk inserting pagination struts at
the wrong places.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1492993002

Cr-Commit-Position: refs/heads/master@{#363160}
philipj
Make ConvolverNode.buffer and WaveShaperNode.curve nullable
These are nullable in the spec:
https://webaudio.github.io/web-audio-api/#ConvolverNode
https://webaudio.github.io/web-audio-api/#WaveShaperNode

Because of [LegacyInterfaceTypeChecking], this does not change the
generated code at all, and is therefore not testable. However, it will
result in the correct behavior once [LegacyInterfaceTypeChecking] is
removed, to be done separately.

BUG=561338

Review URL: https://codereview.chromium.org/1497823003

Cr-Commit-Position: refs/heads/master@{#363159}
sigbjornf
Explicitly detach remote window from its frame.
See RemoteFrame::setView() comment explaining why this is needed
over RemoteFrames.

R=haraken,dcheng
BUG=

Review URL: https://codereview.chromium.org/1487253006

Cr-Commit-Position: refs/heads/master@{#363150}
philipj
Drop [LegacyInterfaceTypeChecking] for URL.createObjectURL(blob)
The change to the generated code is such that only calls to
URL.createObjectURL(null) and URL.createObjectURL(undefined) are
affected, as those would previously match the nullable Blob argument.

This is very low risk, due to the behavior of other browsers:

Firefox and IE11 throw for both URL.createObjectURL(null) and
URL.createObjectURL(undefined). Edge presumably matches IE11.

Safari throws for URL.createObjectURL(undefined) but returns null for
URL.createObjectURL(null), which was our behavior before this change.

There are no internal calls to DOMURL::createObjectURL, so the ASSERT
will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1492093002

Cr-Commit-Position: refs/heads/master@{#363031}
philipj
Sync the Storage API with the spec
https://html.spec.whatwg.org/multipage/webstorage.html

The only change to the generated code is the data->value rename.

BUG=460722
R=jsbell@chromium.org

Review URL: https://codereview.chromium.org/1498823002

Cr-Commit-Position: refs/heads/master@{#362999}
sigbjornf
Oilpan: add missing pointer initialization following r362974.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1494563005

Cr-Commit-Position: refs/heads/master@{#362989}
davve
Drop dead code path in SVGImage
The SVGImage class is marked final and SVGImage::usesContainerSize()
returns true.  This means setContainerSize should never have to bail
out early over not using container size.

Review URL: https://codereview.chromium.org/1500573003

Cr-Commit-Position: refs/heads/master@{#362984}
rune
Remove unused activeAuthorStyleSheets method.
R=mstensho@opera.com

Review URL: https://codereview.chromium.org/1498593004

Cr-Commit-Position: refs/heads/master@{#362959}
sigbjornf
Oilpan: no destructor needed for CSSPrimitiveValue.
Any unregistration is (already) taken care of by Oilpan.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1485353006

Cr-Commit-Position: refs/heads/master@{#362931}
wdzierzanowski
Run Demuxer::GetMemoryUsage() on media thread
Split the memory usage reporting in WebMediaPlayerImpl into two steps so
that |demuxer_| can be accessed on the media thread only.

This change makes no practical difference for ChunkDemuxer ATM, which
uses locks extensively anyway.  But it does make a difference for
FFmpegDemuxer (as evidenced by
https://codereview.chromium.org/1419753007 -- can be reverted now).
Also, other Chromium-based products are better off if Demuxer
implementations are not forced to worry about synchronization
themselves.

BUG=564034
TEST=Crash page from 447898 still doesn't crash

Review URL: https://codereview.chromium.org/1480213005

Cr-Commit-Position: refs/heads/master@{#362821}
fs
Robustify state-transitions in HTMLMediaElement::startDeferredLoad
A preload=none load() followed by setting preload != none would try to
transition to ExecuteOnStopDelayingLoadEventTask while in that state
already.

BUG=562535

Review URL: https://codereview.chromium.org/1495533002

Cr-Commit-Position: refs/heads/master@{#362735}
philipj
Drop [LegacyInterfaceTypeChecking] for most init*Event() methods
This will only affect cases where the argument provided but is neither null nor
an object of the required type. The main risk is therefore that people have
passed shifted all the arguments by accident, so that a boolean, string or
number is passed for one of the affected arguments.

Cases where undefined is passed or the argument is omitted entirely are not
affected, they behave just as if null were passed.

Also drop the *Arg suffix in arguments for initTextEvent().

BUG=561338

Review URL: https://codereview.chromium.org/1485833004

Cr-Commit-Position: refs/heads/master@{#362727}
philipj
Drop [LegacyInterfaceTypeChecking] for HTMLTableElement
Although the behavior when setting caption/tHead/tFoot to null is still
not per spec, it's still nice to get the correct exception message when
passing some non-null value of the wrong type.

BUG=561338

Review URL: https://codereview.chromium.org/1493673002

Cr-Commit-Position: refs/heads/master@{#362700}
philipj
Drop [LegacyInterfaceTypeChecking] for HTMLInputElement.prototype.files
The setter is non-standard, but if it is standardized it wouldn't make
sense to have the existing behavior. For any case that this starts
throwing there's a programming error, so unless it breaks the web it
should throw TypeError.

BUG=561338

Review URL: https://codereview.chromium.org/1492523003

Cr-Commit-Position: refs/heads/master@{#362689}
tmoniuszko
Fix path_parser dependency on policy component
BUG=

Review URL: https://codereview.chromium.org/1133853005

Cr-Commit-Position: refs/heads/master@{#362684}
fs
Use SVGLength's wrapped CSSPrimitiveValue for pres.attr. style
Since SVGLength now wraps a CSSPrimitiveValue, there's no need to create
a (potentially new) CSSPrimitiveValue when collecting presentation
attribute style for SVG elements. Could save an allocation in some
cases.
Gets rid of the addSVGLengthPropertyToPresentationAttributeStyle helper
on SVGElement.

Review URL: https://codereview.chromium.org/1481123002

Cr-Commit-Position: refs/heads/master@{#362680}
rune
Use invalidation sets for :lang changes.
Modifying lang or xml:lang attributes caused a LocalStyleChange for the
corresponding element in the presentational attribute check, but other
elements may be affected using selector combinators.

Use invalidation sets like we do for other pseudo classes.

BUG=564331

Review URL: https://codereview.chromium.org/1485363002

Cr-Commit-Position: refs/heads/master@{#362675}
philipj
Sync the HTMLTableElement return types with the spec
https://html.spec.whatwg.org/#the-table-element

Changed in https://github.com/whatwg/html/pull/363

BUG=460722

Review URL: https://codereview.chromium.org/1486843002

Cr-Commit-Position: refs/heads/master@{#362665}
mstensho
It's not just the last column set that may need additional fragmentainer groups.
appendNewFragmentainerGroupIfNeeded() assumed that we were always dealing with
the last column set, but we need to use the column set that contains the
specified flow thread block offset. Moved hasFragmentainerGroupForColumnAt()
from LayoutMultiColumnFlowThread to LayoutMultiColumnSet and simplified the
code somewhat.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1487083003

Cr-Commit-Position: refs/heads/master@{#362604}
davve
Split text related measurements from SVG1DOM counter
Create a SVG1DOMText UseCounter to measure all text related SVG DOM
functionality. The assumption we want to test is that the text related
SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1491573002

Cr-Commit-Position: refs/heads/master@{#362543}
mstensho
column-span:all in nested multicol requires re-insertion of fragmentainer groups.
A column set that follows a spanner will typically have an incorrect logical
top in the first layout pass (because the spanner hasn't been laid out yet). We
already have code in place to make sure that we re-lay out when we need to, but
we also need to delete and re-insert fragmentainer groups when this happens in
a nested fragmentation context.

If a column set gets a new logical top, it means that previously inserted
fragmentainer groups are now out of sync with reality, and have to be
re-inserted.

Remove the BalancedColumnHeightCalculation enum. There's no need for it
anymore, since picking calculation mode is now something we need to do for each
individual column set. m_tallestUnbreakableLogicalHeight is now reset in
resetColumnHeight() (that's where it ought to have been all along, anyway).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1489663003

Cr-Commit-Position: refs/heads/master@{#362492}
philipj
Drop [LegacyInterfaceTypeChecking] for PagePopupController
This is an internal API, used only by web/resources/listPicker.js,
where document is passed as an argument, which is not null.

BUG=561338

Review URL: https://codereview.chromium.org/1485123002

Cr-Commit-Position: refs/heads/master@{#362479}
philipj
Make init*Event() arguments nullable where appropriate
Because these methods have [LegacyInterfaceTypeChecking], this does not
change the generated code, but it will limit the impact of dropping
[LegacyInterfaceTypeChecking].

Only initKeyboardEvent() appears to have a spec:
https://w3c.github.io/uievents/#idl-interface-KeyboardEvent-initializers

For the others, the nullability matches that of the *Event member.

BUG=561338
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1488803002

Cr-Commit-Position: refs/heads/master@{#362470}
wdzierzanowski
Allow multiple OnMoreData() calls in WASAPIAudioOutputStreamTest.ValidPacketSize
Follow up on https://codereview.chromium.org/1318933003/ and allow
OnMoreData() to be called more than once in the test.

BUG=524947
TEST=WASAPIAudioOutputStreamTest.ValidPacketSize passes

Review URL: https://codereview.chromium.org/1487733003

Cr-Commit-Position: refs/heads/master@{#362439}
rune
Invalidate visited state changes for svg links.
SVGAElement only caused :link/:visited recalcs when it became a link or
stopped being so. Now recalculate style whenever href changes in case the
:visited/:link state changes. Also use style invalidation instead of
SubtreeStyleChange, as the latter entails sibling forest recalc in case
we have adjacent combinators.

R=fs@opera.com
BUG=563485,557440

Review URL: https://codereview.chromium.org/1484083005

Cr-Commit-Position: refs/heads/master@{#362425}
philipj
Drop [LegacyInterfaceTypeChecking] for the MIDI API
The added exception in the generated code is unreachable and thus
untestable, because there are two send() methods and the one changed
is only taken if the argument is of the correct type.

There are no internal calls where data could be null.

BUG=561338

Review URL: https://codereview.chromium.org/1485443002

Cr-Commit-Position: refs/heads/master@{#362392}
tmoniuszko
Fix resource-related issues in views_unittests
Make sure ui_test.pak file is available for views_unittests.

Also make views_unittests independent from chrome locale pak files by replacing l10n_util::GetApplicationLocale() with base::i18n::GetConfiguredLocale() for tests. The first function needs chrome locale pak files to exist or it returns empty locale string.

BUG=

TEST=Remove all output files. Build only views_unittests. Run views_unittests.

Review URL: https://codereview.chromium.org/1464503002

Cr-Commit-Position: refs/heads/master@{#362370}
sigbjornf
Oilpan: fix build after r362358.
HashSet<String> is not an Oilpan heap object collection, hence no tracing
needed.

TBR=oilpan-reviews
BUG=447083
NOTRY=true

Review URL: https://codereview.chromium.org/1486883003

Cr-Commit-Position: refs/heads/master@{#362366}
davve
Less type conversion for NinePieceImage painting
Avoid float -> int -> float conversion when passing through the
GraphicsContext layer, the ints are immediately converted back to
floats anyway in GraphicsContext::drawTiledImage().

No functional change expected as along as the position of the
NinePieceGrid is pixel-aligned, but bug is 66498 moving along and will
enable sub-pixel positioning of the background image geometries.

BUG=561519

Review URL: https://codereview.chromium.org/1478283002

Cr-Commit-Position: refs/heads/master@{#362350}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in Web Audio
Also drop redundant [RaisesException] in a few places.

BUG=561338

Review URL: https://codereview.chromium.org/1481793002

Cr-Commit-Position: refs/heads/master@{#362282}
philipj
Drop [LegacyInterfaceTypeChecking] for the Crypto API
BUG=561338

Review URL: https://codereview.chromium.org/1480063002

Cr-Commit-Position: refs/heads/master@{#362247}
philipj
Import web-platform-tests@7dda9a13574b33d55a73e995e3d1f1fbd4da0f2b
Using update-w3c-deps in Blink 2599bb8937ac95bf0f447960b4e61464aa640e49.

R=dpranke@chromium.org

Review URL: https://codereview.chromium.org/1483983003

Cr-Commit-Position: refs/heads/master@{#362222}
philipj
Drop [LegacyInterfaceTypeChecking] for EventTarget's dispatchEvent()
This changes the exception for InvalidStateError to TypeError, which is
per spec and what Gecko does. IE and Safari throw a generic Error.

BUG=561338

Review URL: https://codereview.chromium.org/1479063003

Cr-Commit-Position: refs/heads/master@{#362153}
rune
Use LocalStyleChange for element cursor changes in SVG.
Propagating the change to the computed cursor property value through
inheritance is handled correctly when using LocalStyleChange. No need to
force a recalc of the whole subtree.

This is part of making sure non of our SubtreeStyleChanges rely on sibling
tree invalidations, and removing unnecessary use of SubtreeStyleChange, so
that we can make SubtreeStyleChange mean subtree only, and not have to
consider the sibling forest.

R=fs@opera.com
BUG=557440

Review URL: https://codereview.chromium.org/1488603002

Cr-Commit-Position: refs/heads/master@{#362140}
sigbjornf
Oilpan: improve adopt{Ref,Ptr}WillBeNoop(T*) static asserts.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1487603002

Cr-Commit-Position: refs/heads/master@{#362138}
philipj
Drop the [Immutable] IDL extended attribute (it is a no-op)
It was only used for WebKitCSSMatrix, and the proposed spec for that
does not use [Immutable]:
https://compat.spec.whatwg.org/#webkitcssmatrix-interface

Review URL: https://codereview.chromium.org/1485643002

Cr-Commit-Position: refs/heads/master@{#362137}
sigbjornf
GC plugin: have -Werror issue errors for inputs having only warnings.
If a translation unit contains only warnings, the GC plugin will issue
a warning diagnostic along with details/notes of the warnings encountered.

Have that warning be under the control of -Werror; the reason for not
having it as such up until now is that warnings have been far too plentiful
for the Blink codebase. This is no longer the case.

R=haraken,yutak,thakis
BUG=

Review URL: https://codereview.chromium.org/1481523005

Cr-Commit-Position: refs/heads/master@{#362128}
davve
Drop dependency on LayoutObject in fetch/
Move out code from ImageResource depending on LayoutObject. Instead
request pre-caching explictly at the three places that currently has
reason for doing so.

The pre-caching itself is moved to BitmapImage and made part of
Image::currentFrameKnownToBeOpaque as a special metadata mode.

BUG=559131

Review URL: https://codereview.chromium.org/1482953002

Cr-Commit-Position: refs/heads/master@{#362127}
sigbjornf
DocumentMarkerControllerTest: drop unnecessary caching of Document reference.
Tidying; no need to use a strong reference to the page's document here.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1488543002

Cr-Commit-Position: refs/heads/master@{#362125}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in core/
These are cases where passing null to the implementation would already
throw an exception, and so letting the bindings code do it is cleaner.
In a few cases this means that the implementation no longer throws any
exceptions.

For each method affected, it was verified using cs.chromium.org that
there are no internal calls where nullptr could be passed, the only
calls are from bindings.

BUG=561338

Review URL: https://codereview.chromium.org/1481983002

Cr-Commit-Position: refs/heads/master@{#362117}
sigbjornf
Oilpan: fix build after r362110.
TBR=oilpan-reviews
BUG=562986
NOTRY=true

Review URL: https://codereview.chromium.org/1480303003

Cr-Commit-Position: refs/heads/master@{#362113}
sigbjornf
Revert of "[sql] Remove part of WebDatabase SQLite patch." (patchset #1 of https://codereview.chromium.org/1473963002 )
Reason for revert:

Unfortunately, this seems to have introduced flaky shutdown crashes on storage/websql/open-database-creation-callback.html across bots,

 http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=storage%2Fwebsql%2Fopen-database-creation-callback.html

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Trusty/builds/5769

Original issue's description:
> [sql] Remove part of WebDatabase SQLite patch.
>
> findReusableFd() calls stat() on the filename to determine the inode
> and device to figure out if a previously-closed file descriptor can be
> reused.  Since WebDatabase file names are resolved by the browser,
> this stat() can never succeed in the renderer, thus there is no point
> to calling the function.
>
> This SQLite code path is an optimization to reduce close/open churn,
> it is not necessary for correct operation.
>
> BUG=none
>
> Review URL: https://codereview.chromium.org/1473963002
> Cr-Commit-Position: refs/heads/master@{#361825}

TBR=shess@chromium.org,michaeln@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1485603003

Cr-Commit-Position: refs/heads/master@{#362112}
sigbjornf
Oilpan: initialize stack allocated raw pointers following r362079.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1481423002

Cr-Commit-Position: refs/heads/master@{#362109}
davve
Split shape related measurements from SVG1DOM counter
Create a SVG1DOMShapes UseCounter to measure all shape/graphics
element related SVG DOM functionality. The assumption we want to test
is that the shape related SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1479863003

Cr-Commit-Position: refs/heads/master@{#362107}
rune
No need for SubtreeStyleChange for results attribute change.
The results attribute change causes appearance changes when changing
between negative and non-negative values. That is currently handled by a
lazyReattachIfAttached. The following SubtreeStyleChange should not have
an effect in that case.

The reattach condition was changed to not include the change between
different negative values.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1483543003

Cr-Commit-Position: refs/heads/master@{#362077}
rune
Removed unnecessary SubtreeStyleChange for incrementalAttr.
Changing the incremental attribute on input type=search does not affect
style unless there are attribute selectors for it which will be handled
other places.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1478953004

Cr-Commit-Position: refs/heads/master@{#362076}
sigbjornf
Remove mojo unit tests from WebKit Linux Oilpan bot
No need to test these for the time being.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1481323002

Cr-Commit-Position: refs/heads/master@{#362068}
sigbjornf
Remove window_manager_unittests from WebKit Linux Oilpan bot
Another unknown.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1481293002

Cr-Commit-Position: refs/heads/master@{#362058}
sigbjornf
Remove unknown unit tests targets from WebKit Linux Oilpan bot
Follow up on r362053 and remove some other unknown unittests targets
for this bot.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1474413002

Cr-Commit-Position: refs/heads/master@{#362056}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in WebRTC
The extra type checking in the bindings of the MediaStream constructor
and RTCDataChannel's send() methods is actually not observable, because
there is type testing to determine which override to use that makes sure
those code paths aren't reached if the types aren't correct.

For each method affected, it was verified using cs.chromium.org that
there are no internal calls where nullptr could be passed, the only
calls were from bindings an unit tests.

BUG=561338

Review URL: https://codereview.chromium.org/1480953002

Cr-Commit-Position: refs/heads/master@{#362024}
philipj
Drop [LegacyInterfaceTypeChecking] for APIs that are not enabled by default
These are all on interfaces or members that are [RuntimeEnabled=*] for
a feature that is status=experimental or status=test.

An existing contextMenu test was updated, but for the other APIs there
was no test coverage, and it would be overkill to test that the bindings
generator is working for every new feature going forward.

BUG=561338

Review URL: https://codereview.chromium.org/1476153002

Cr-Commit-Position: refs/heads/master@{#362005}
davve
Count usage of #svgView(...) and plain SVG <view> targets
BUG=562099

Review URL: https://codereview.chromium.org/1471963007

Cr-Commit-Position: refs/heads/master@{#361993}
davve
Clean up border-image-style-none.html layout test
BUG=356802

Review URL: https://codereview.chromium.org/1476423002

Cr-Commit-Position: refs/heads/master@{#361991}
fs
Drop PathParsingMode argument to buildStringFromByteStream
Just always produce a String with whatever format the input is.

Also cleanup some related code, and expose SVGPath from SVGPathElement
rather than the SVGPathByteStream.

BUG=467592

Review URL: https://codereview.chromium.org/1476283002

Cr-Commit-Position: refs/heads/master@{#361988}
davve
Add render-side manager for MediaSession
RendererMediaSessionManager is responsible for storing all
user-created media sessions and keeping track for id allocation for
those.

BUG=497735

Review URL: https://codereview.chromium.org/1436243002

Cr-Commit-Position: refs/heads/master@{#361973}
davve
Split paint server related measurements from SVG1DOM counter
Create a SVG1DOMPaintServer UseCounter to measure all paint server
related SVG DOM functionality. The assumption we want to test is that
the paint server related SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1476093004

Cr-Commit-Position: refs/heads/master@{#361963}
philipj
Add a use counter for Attr.prototype.cloneNode()
This is being measured as requested in a spec discussion:
https://github.com/whatwg/dom/issues/102#issuecomment-158833267

To avoid making a observable change to Attr.prototype, measure this
internally. This risks including internal uses, but there appear to be
none. All calls were checked and they seem to be for either parent or
child nodes of some kind, and Attr cannot be a parent or child.

Also, a deprecation message was added to see if it would be triggered
unexpectedly on any tests, but it was only emitted for tests that
actually clone attributes, as expected.

Drive-by: Drop an unused ShadowRoot::cloneNode() that was missed in
https://codereview.chromium.org/1482433003

BUG=305105

Review URL: https://codereview.chromium.org/1474083002

Cr-Commit-Position: refs/heads/master@{#361932}
fs
XP baselines refresh after crrev.com/361886
Did not quite pick everything up on the first attempt.

TBR=fmalita@chromium.org
NOTRY=true
BUG=467592

Review URL: https://codereview.chromium.org/1480923002

Cr-Commit-Position: refs/heads/master@{#361893}
davve
Rename imageSizeForLayoutObject() to imageSize()
No need to pass the layout object anymore. It only uses the layout
object for knowing whether to respect image orientation or not. We
might as well pass that explicitly.

BUG=559131

Review URL: https://codereview.chromium.org/1468023002

Cr-Commit-Position: refs/heads/master@{#361892}
fs
Restore TestExpectations rules disabled by crrev.com/361873
TBR=fmalita@chromium.org
NOTRY=true
BUG=467592

Review URL: https://codereview.chromium.org/1477193002

Cr-Commit-Position: refs/heads/master@{#361888}
sigbjornf
Sync OilpanExpectations for plugin tests.
Three plugin tests that no longer time out on the Mac
Oilpan bot -- last two having already been removed
(https://codereview.chromium.org/1319473007) as tests.

R=haraken
BUG=515250
NOTRY=true

Review URL: https://codereview.chromium.org/1479833002

Cr-Commit-Position: refs/heads/master@{#361882}
fs
Stop normalizing path data for layout tree text output
BUG=467592

Review URL: https://codereview.chromium.org/1476523002

Cr-Commit-Position: refs/heads/master@{#361873}
rune
Clear link element sheet before clearing ownerNode.
clearOwnerNode synchronously updates the list of active stylesheets, and
if the m_sheet member of HTMLLinkElement is set, it is considered to be
an active stylesheet. If it is later added to the StyleResolver, it will
crash when ownerNode and ownerDocument are null.

This was already fixed a long time ago for StyleElement in [1].

[1] https://codereview.chromium.org/13508006

R=dstockwell@chromium.org
BUG=426959

Review URL: https://codereview.chromium.org/1472243004

Cr-Commit-Position: refs/heads/master@{#361867}
philipj
Sync cloneNode() IDL with the spec
All internal callers pass an argument, so the default value can be in
the IDL only.

BUG=460722

Review URL: https://codereview.chromium.org/1482433003

Cr-Commit-Position: refs/heads/master@{#361856}
sigbjornf
Oilpan: tidy up unsafe heap pointer reference following r361300.
R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1482493002

Cr-Commit-Position: refs/heads/master@{#361852}
sigbjornf
Oilpan: fix build after r361838.
TBR=oilpan-reviews, dcheng
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1478073002

Cr-Commit-Position: refs/heads/master@{#361843}
mstensho
Jump to the next outer column when an inner column is too short.
If an inner multicol ends up near the bottom in a column in an outer multicol
container, we get inner columns that are shorter in the first row than in
subsequent rows. In such cases it may be necessary to break past all inner
columns in the first row, so that we push the content all the way to the next
row (and thus to the next outer column), in order to fit unbreakable content
(such as lines or unbreakable blocks).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1472053002

Cr-Commit-Position: refs/heads/master@{#361769}
mstensho
Document early bail in contentWasLaidOut() better.
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1476773002

Cr-Commit-Position: refs/heads/master@{#361717}
sigbjornf
Oilpan: hide persisted plugin object before disposing.
When clearing out the persisted plugin object, hide the object before
going ahead with the disposal. This mirrors what will happen non-Oilpan.

R=haraken
BUG=561473

Review URL: https://codereview.chromium.org/1475023002

Cr-Commit-Position: refs/heads/master@{#361665}
sigbjornf
If Oilpan is enabled, warn of raw heap pointer fields by default.
It is unsafe to keep fields with raw pointers into the Oilpan heap, as
such untraced references risk going stale. With potentially undesirable
consequences.

Now that we've addressed and handled all such untraced references as part
of Blink's transition to Oilpan, it is time to enable the clang GC plugin
warning for such raw pointer uses.

It shouldn't represent a major imposition to developers to handle such
raw pointer uses correctly, but for now we will only emit a warning and
not an error.

R=haraken
BUG=515524

Review URL: https://codereview.chromium.org/1464293002

Cr-Commit-Position: refs/heads/master@{#361656}
lstorset
Earlier, the script looked for dirs named 'out' or 'out_*'.
Recently it started looking for 'out' following by an alphanumeric word
boundary. Python considers underscores as alphanumeric, so this
unfortunately broke the 'out_*' pattern.

BUG=

Review URL: https://codereview.chromium.org/1469023002

Cr-Commit-Position: refs/heads/master@{#361655}
philipj
update-w3c-deps import using blink 5636fefe1d743cc2a8af65f78eaeed4b98f0012b:
imported csswg-test@7cfea4d5ba33861b0b1a6839c27090bc504a169f
imported web-platform-tests@5f8361dcef1a7c80b61d6319f7b510fa431f9a47

R=dpranke@chromium.org,kojii@chromium.org

Review URL: https://codereview.chromium.org/1471763006

Cr-Commit-Position: refs/heads/master@{#361653}
sigbjornf
Oilpan: fix build after r361631.
TBR=oilpan-reviews
BUG=554293
NOTRY=true

Review URL: https://codereview.chromium.org/1476803002

Cr-Commit-Position: refs/heads/master@{#361642}
davve
Avoid RefPtr churn
This is a speculative fix for 560890, but seems like it might be a
good idea anyway. We have a reference to the thing having a
reference. No need to add another reference on top of that.

In the process drop a null check in StyleFetchedImageSet::image(),
ImageResource::image always returns an Image object. If nothing else
the Image::nullImage().

BUG=560890

Review URL: https://codereview.chromium.org/1472253003

Cr-Commit-Position: refs/heads/master@{#361640}
sigbjornf
Split up leak detector into two stages for better leak reporting.
The leak detector clears out resources along with issuing a sequence of GCs
before taking object census. It then counting up resources that are left and
reporting these as leaking.

With Oilpan enabled, RenderViewTest needs to carefully orchestrate its shutdown
to reliably not report the frame(s) attached to the view as leaking. (With Oilpan
enabled, frames will delayed'ly release resources upon frame close()ing requiring
a follow-on GC to clear out those resources.)

Accommodate that by splitting out the leak detector into two -- with RenderViewTest
injecting the clearing of its view in between those.

R=haraken, jochen, hajimehoshi
BUG=561293

Review URL: https://codereview.chromium.org/1472943004

Cr-Commit-Position: refs/heads/master@{#361638}
mstensho
Add myself to third_party/WebKit/LayoutTests/printing/ WATCHLIST
TBR=leviw@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1479533002

Cr-Commit-Position: refs/heads/master@{#361632}
rune
Use invalidation sets for :in-range and :out-of-range.
Gets rid of a SubtreeStyleChange which relies on sibling tree recalcs.

The changes in expectations for video-mute-repaint.html and
video-unmute-repaint.html are due to the following facts:

* We used to do SubtreeStyleChange for an input whose value changed.
* The video controls have input elements in the UA shadow which are
  modified when the volume is changed.
* Doing the recalc of the input means calling Element::recalcStyle on the
  ancestor chain, which includes the video element, just to reach the
  descendants which need to be recalculated.
* HTMLMediaElement has a didRecalcStyle, which will call updateFromElement
  for LayoutVideo, which in turn does an unconditional
  setShouldDoFullPaintInvalidation.
* Since the whole SubtreeStyleChange -> recalc is gone for the mentioned
  tests, the paint invalidation for LayoutVideo is gone, hence the test
  expectation changes.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1469183003

Cr-Commit-Position: refs/heads/master@{#361601}
philipj
Make [TypeChecking=Interface] the default
Add [LegacyInterfaceTypeChecking] as needed to ensure that there are no
changes to the generated code. It was added to the members wherever
possible, but in a few cases it was necessary to keep at the interface
level. In all but one of these are cases it is because the constructor
would otherwise change. The remaining case is FontFaceSet, where
setlike<FontFace> results in generated has(), add() and delete() methods
which would otherwise change.

90 instances of [LegacyInterfaceTypeChecking] were added, and 206
instances of [TypeChecking=Interface] were removed, in source/ and
modules/ combined.

In bindings/tests/, most tests that were previously for
[TypeChecking=Interface] were changed to instead test
[LegacyInterfaceTypeChecking], as that is now the special case.

BUG=462561

Review URL: https://codereview.chromium.org/1466563003

Cr-Commit-Position: refs/heads/master@{#361599}
mstensho
Look inside inner nested multicols to calculate minimum space shortage.
This is needed in order to make sure that the column balancer gives us as short
outer columns as possible. Otherwise we risk not finding the absolute minimum
space shortage (and thus over-stretch) (or, even worse, not be able to find any
shortage at all).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1471403002

Cr-Commit-Position: refs/heads/master@{#361501}
davve
Add note about sysroot not working with icecc
Or is it the other way around...

Review URL: https://codereview.chromium.org/1477433002

Cr-Commit-Position: refs/heads/master@{#361389}
fs
Introduce SVGPathQuery to hold SVG path query methods
Rename SVGPathTraversalStateBuilder.{cpp,h} to SVGPathQuery.{cpp,h}, and
similarly rename the class itself. Move the query methods in
SVGPathUtilities (getSVGPathSegAtLengthFromSVGPathByteStream,
getTotalLengthOfSVGPathByteStream, getPointAtLengthOfSVGPathByteStream)
to that class, shortening their names in the process.
Open-code the SVGPathParser driver to allow the general SVGPathConsumer
interface to be simplified - incrementPathSegmentCount and
continueConsuming are only used for path queries.

BUG=467592

Review URL: https://codereview.chromium.org/1471943003

Cr-Commit-Position: refs/heads/master@{#361351}
philipj
Sync the URL constructor with the spec
https://url.spec.whatwg.org/#api

This changes the generated code, but ought not be observable, as any
call to `new URL(x, urlObject)` will now instead behaves as
`new URL(x, urlObject.toString())`.

BUG=460722

Review URL: https://codereview.chromium.org/1464133002

Cr-Commit-Position: refs/heads/master@{#361342}
fs
SVGPathUtilities tidying
Rename buildSVGPathByteStreamFromString to buildByteStreamFromString to
be more consistent with other functions (buildStringFromByteStream and
buildPathFromByteStream). Also drop the PathParsingMode argument, since
it's always UnalteredParsing (and it's unlikely we'll need to build
normalized byte streams ATM.)

Make buildStringFromByteStream return the resulting String instead of
using an out-parameter. Tidies up call-sites and makes for slightly
smaller code.

BUG=467592

Review URL: https://codereview.chromium.org/1469323002

Cr-Commit-Position: refs/heads/master@{#361338}
philipj
Add [TypeChecking=Interface] to the V8Path2D interface
This affects the generated code of the constructor, which will now throw
a TypeError if "parameter 1 is not of type 'Path2D'."

However, this code path is unreachable, because there's a type check
(V8Path2D::hasInstance()) to determine that this form of the constructor
should be used.

Promoting [TypeChecking=Interface] to the interface level will make it
possible to make [TypeChecking=Interface] the default without changing
the generated code for this interface.

BUG=462561

Review URL: https://codereview.chromium.org/1471563002

Cr-Commit-Position: refs/heads/master@{#361317}
philipj
Make addEventListener/removeEventListener arguments non-optional
Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/3rsQQJvhY8k/P2cAFq3hAwAJ

BUG=353484

Review URL: https://codereview.chromium.org/1461993002

Cr-Commit-Position: refs/heads/master@{#361316}
mstensho
Record space shortage that prevented an object from fitting in one column.
The breakability of the object doesn't matter here. The space shortage that
prevented an object from fitting in one column may very well be the lowest
space shortage that we'll ever find. So always record it, to avoid
over-stretching columns.

BUG=559133
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1465193002

Cr-Commit-Position: refs/heads/master@{#361232}
philipj
Remove AttributeCollection's findIndex(Attr*) by using QualifiedName
The internal Attribute and AttributeCollection need not know anything
about the web-exposed Attr.

Since Attr::qualifiedName() is not just a trivial getter, calling that
outside of the loop is probably a good idea anyway.

Review URL: https://codereview.chromium.org/1467143004

Cr-Commit-Position: refs/heads/master@{#361221}
fs
Expose the SVG path normalizer in SVGPathParser.h
Rename the internal NormalizingConsumer to SVGPathNormalizer and move
the class declaration to SVGPathParser.h. This will allow simplifying
the "path processor" (SVGPathParser) a bit in later CLs.
Also modify the normalizer so that it normalizes into a new
PathSegmentData, to make it more "stackable" and reusable.

BUG=467592

Review URL: https://codereview.chromium.org/1472853005

Cr-Commit-Position: refs/heads/master@{#361199}
davve
Split filter related measurements from SVG1DOM counter
Create a SVG1DOMFilter UseCounter to measure all filter related SVG
DOM functionality. The assumption we want to test is that the filter
related SVG DOM has really low usage.

From a quick test it would shave off 90kb of the binary if we could
remove it. That's only counting binding code and there is a good
chance number-optional-number related functionality can be removed
too, if these interfaces can be removed.

BUG=415074

Review URL: https://codereview.chromium.org/1472773002

Cr-Commit-Position: refs/heads/master@{#361181}
sigbjornf
Enable webaudio unit tests iff ENABLE(WEB_AUDIO).
R=tkent
BUG=

Review URL: https://codereview.chromium.org/1470873002

Cr-Commit-Position: refs/heads/master@{#361171}
fs
SVGPath object "mutability" cleanup
Move addToSVGPathByteStream to SVGPath.cpp (the only place using it),
rename it to addPathByteStreams. Move the "regular" blending out into a
helper(blendPathByteStreams), and eliminate the redundant copy. Make the
functions more "functional" (return the result.)

Add a (private) setter for byte-stream data and use that to ensure
invalidation of the cached path. Also add an SVGPath::create(...)
accepting a SVGPathByteStream and use that in PathSVGInterpolation.

Inline mutableByteStream into the remaining user.

Review URL: https://codereview.chromium.org/1460253002

Cr-Commit-Position: refs/heads/master@{#361128}
rune
Remove extraneous SubtreeStyleChange for min/maxlength changes.
Validation already takes care of :valid/:invalid changes through
invalidation sets. This reduces the number of elements being recalculated
and gets rid of a SubtreeStyleChange which relies on sibling tree recalcs.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1458363003

Cr-Commit-Position: refs/heads/master@{#361123}
rune
Use invalidation sets for visited link updates.
We did use invalidation sets when adding/removing href from an anchor tag,
while the code that notifies that the visited state of a given url has
changed, use SubtreeStyleChange. This change gets rid of SubtreeStyleChange
which relies on sibling tree recalcs.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1459063004

Cr-Commit-Position: refs/heads/master@{#361121}
davve
Update comments regarding image caching
While attempting to remove the layoutObject parameter the following
observations were made:

 * The decoding forced by BitmapImage::imageForCurrentFrame will be
   deferred so the comment in the header may be removed.

 * BitmapImage::currentFrameKnownToBeOpaque() conservatively returns
   false for uncached images, not true.

 * Since decoding is deferred, there is no guarantee that the
   opaqueness metadata is available after the imageForCurrentFrame
   call has returned. It may increase the chance though, depending on
   image decoder for the particular image.

NOTRY=true
BUG=559131

Review URL: https://codereview.chromium.org/1454373005

Cr-Commit-Position: refs/heads/master@{#361094}
mstensho
Add marginBeforeIfFloating() to LayoutBlockFlow.
Floats' margins need special attention for pagination, because they are not to
be eaten by page or column boundaries.

Clamp strut to >= 0 in LayoutBlockFlow::setPaginationStrutPropagatedFromChild()
instead of doing it (poorly) in calculateStrutForPropagation().

Removed calculateStrutForPropagation(), because there was hardly anything left
there now (and this lets us make marginBeforeIfFloating() private). This
function also turned out not to be universally usable, since we were already
calculating the strut on our own in adjustLinePositionForPagination() in one
case.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1460203003

Cr-Commit-Position: refs/heads/master@{#361084}
mstensho
When balancing columns, we must check inner multicols for unbreakable content.
No multicol container should suggest to initially use a column height less than
the height of the tallest piece of unbreakable content inside.

TL;DR some related cleanup.

Introduce the term tallestUnbreakableLogicalHeight in favor of
minimumColumnLogicalHeight, as the latter could easily be confused with initial
column height; the height found by InitialColumnHeightFinder, which is also
sometimes referred to as initial minimal column height. Furthermore, there's
already a concept of *maximum* column logical height in fragmentainer groups,
which is derived from such things as CSS max-height. Since max-height actually
trumps the height of the tallest piece of unbreakable content in multicol
(while in CSS, min-height wins over max-height), it was just too confusing to
keep using "minimum column height" for this.

This change also makes it necessary to modify the containing column set when
calculating the initial column height for fragmentainer groups, so this part
kind of had to be moved from the const method calculateColumnHeight(). There
was already code that walked around that method when calculating the column
height, so being even more of a misnomer than before, it was renamed to
rebalanceColumnHeightIfNeeded().

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1461923005

Cr-Commit-Position: refs/heads/master@{#361082}
sigbjornf
Add unit test for non-leftmost GC mixin instance.
Verify that deriving from a USING_GARBAGE_COLLECTED_MIXIN() annotated
class is traced as expected.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1465083002

Cr-Commit-Position: refs/heads/master@{#361072}
sigbjornf
Oilpan: move BaseChooserOnlyDateAndTimeInputType to the heap.
Move this !ENABLE(INPUT_MULTIPLE_FIELDS_UI) object to the Oilpan heap,
where it belongs as it derives from the on-heap BaseDateAndTimeInputType
class.

At the same time, turn DateTimeChooserClient into a GC mixin.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1466113002

Cr-Commit-Position: refs/heads/master@{#361071}
sigbjornf
Oilpan: trace ColorChooserPopupUIController::m_chromeClient
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1442543003

Cr-Commit-Position: refs/heads/master@{#361043}
philipj
Remove another trace of [TypeChecking=Unrestricted]
This was overlooked in https://codereview.chromium.org/971783002

BUG=354298
R=jl@opera.com

Review URL: https://codereview.chromium.org/1465003002

Cr-Commit-Position: refs/heads/master@{#361042}
sigbjornf
More regular Platform implementations in unit tests (reland.)
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#361030}
davve
Simplify ImageResource::canRender()
Assume that neither image rotation nor scale can affect the image size
emptiness. This makes it easier to further simplify
imageSizeForLayoutObject later.

BUG=559131

Review URL: https://codereview.chromium.org/1463793002

Cr-Commit-Position: refs/heads/master@{#361025}
sigbjornf
More regular Platform implementations in unit tests.
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#361019}
philipj
Add event name to bare removeEventListener(listener) calls
This mistake was possible because removeEventListener's arguments are
all optional, and these calls would throw exceptions if the argument
were non-optional.

Since these code paths supposedly current work, removing the event
listeners cannot be critical, but do it anyway as was originally
intended.

BUG=353484

Review URL: https://codereview.chromium.org/1463763002

Cr-Commit-Position: refs/heads/master@{#360949}
davve
Remove redundant IntrinsicSize argument
IntrinsicSize is the default. IntrinsicCorrectedToDPR is the uncommon
one. Leaving it out makes it obvious nothing special is requested
here, just the normal image size.

BUG=559131

Review URL: https://codereview.chromium.org/1468473002

Cr-Commit-Position: refs/heads/master@{#360893}
mstensho
A line that ends up naturally in the next column may need to propagate a strut.
Even if the line itself didn't need a strut, we may have to calculate and
propagate one to the block, or we risk violating orphan requirements or
breaking in the middle of the top border, padding or (in case it's a float)
margin.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1462913002

Cr-Commit-Position: refs/heads/master@{#360798}
davve
Support fragment URLs for more kinds of SVG images
This patch adds support for SVG fragment URLs in CSS backgrounds,
video poster images, image inputs, content property and svg:image
scenarios. It does so by storing fragment URLs for each
SVGImageForContainer and propgates this URL to SVGImage when drawing.

BUG=128055

Review URL: https://codereview.chromium.org/1458083002

Cr-Commit-Position: refs/heads/master@{#360787}
sigbjornf
More regular Platform implementations in unit tests.
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#360763}
sigbjornf
Avoid implicit size_t conversions on setting HeapObjectHeader::m_encoded.
Cannot assume that sizeof(size_t) matches that of uint32_t.

R=
BUG=

Review URL: https://codereview.chromium.org/1459933002

Cr-Commit-Position: refs/heads/master@{#360703}
mostynb
avoid 'may be used uninitialized' warnings in stack_sampling_profiler_unittest.cc
Without this patch, some toolchains may trigger this warning:
../../base/profiler/stack_sampling_profiler_unittest.cc:275:17: error: 'library' may be used uninitialized in this function [-Werror=maybe-uninitialized]

BUG=545051

Review URL: https://codereview.chromium.org/1459033003

Cr-Commit-Position: refs/heads/master@{#360647}
mostynb
unbreak the no-webrtc build
Followup to https://codereview.chromium.org/1427003009

The third_party/libjingle/libjingle.gyp:libjingle_webrtc target is defined
inside an enable_webrtc==1 condition, so it can only be depended on inside
a similar condition.

BUG=547158

Review URL: https://codereview.chromium.org/1457793004

Cr-Commit-Position: refs/heads/master@{#360646}
fs
Move application of filter effect boundaries to a helper
Add FilterEffect::applyEffectBoundaries and use that to replace the
three chunks that does the same thing.
Drop a redundant null-check in FETile::createImageFilter.

Review URL: https://codereview.chromium.org/1463513002

Cr-Commit-Position: refs/heads/master@{#360625}
sigbjornf
More regular Platform implementations in unit tests.
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#360583}
fs
Remove unused FilterOperation* includes
Review URL: https://codereview.chromium.org/1459853002

Cr-Commit-Position: refs/heads/master@{#360572}
philipj
Drop [TreatNullAs=NullString] for Document.cookie
https://html.spec.whatwg.org/#document

After this change, setting document.cookie to null will stringify to
"null", so it's simply like setting a cookie by that name. This matches
Firefox Nightly and Edge.

BUG=497307

Review URL: https://codereview.chromium.org/1458753003

Cr-Commit-Position: refs/heads/master@{#360567}
davve
Wrap SVGImage for container during paint
Before this patch, one SVGImageForContainer object is saved in
ImageResource for each corresponding use of SVGImage.

<img style="width: 1000px" src="image.svg">
...
<img style="width: 500px" src="image.svg">

This example would give one ImageResource (for image.svg) and within
it two SVGImageForContainer, one for each <img>. SVGImageForContainer
contains the unzoomed container size along with the zoom level,
indexed on the layout object of the container in
SVGImageFor*Container*.

There were at least three problems with this approach:

1. It's racy. setContainerSizeForLayoutObject is called sometimes from
   layout(), sometimes during paint(). Users of APIs such as
   imageForLayoutObject or imageSizeForLayoutObject that depend on
   setContainerSizeForLayoutObject would get different results
   depending on when they are called. Basically the only "safe" time
   to call these methods are right before paint.

2. It limits the number of associations between layout object and
   SVGImage to one. Consider an element/layout object having one
   SVGImage as content and another SVGImage as background. The
   container size for those two SVGImages in this case isn't
   necessarily the same and strictly speaking we should need two
   SVGImageForContainer objects. Only one SVGImageForContainer can be
   stored per layout object.

3. It breaks layering. ImageResource lives in fetch and having fetch/
   depend on svg code is undesirable. DEPS for fetch/ states
   "core/fetch/ shouldn't depend on anything else in core/".

After this patch, these three problems have been
addressed. SVGImageForContainer is now only allocated when it's
needed, to be passed through the GraphicsContext layer as a wrapper to
get the correct size and zoom level to avoid pixelated rasterization.

There are risks with this patch. In some cases code may rely on having
the container size saved inside ImageResource.cpp. However, such code
is most often already brittle and unreliable due to (1) above.

One quirk is the added BackgroundImageGeometry::imageContainerSize()
containing the tile size before 'background-repeat: round' has been
applied. Before this patch, this size was the one kept for the
respective container in ImageResource (since
setContainerSizeForLayoutObject were called before tile size
adjustments for background-repeat: round). It turns out this is
important to get the stretching correct, i.e. makes the underlying
drawing code ignore the intrinsic ratio of the background
image. svg/as-background-image/background-repeat.html exercises this
behavior.

BUG=128055, 306222

Review URL: https://codereview.chromium.org/1427943002

Cr-Commit-Position: refs/heads/master@{#360558}
mstensho
Don't set bogus height on new fragmentainer groups initially.
This essentially made it impossible to support more than two column rows in
auto-height multicol containers.

When a new fragmentainer group is created, resetColumnHeight() is called right
*before* the fragmentainer group is inserted into the array, so we'd trick
ourselves into believing that height always was non-auto, because the
heightIsAuto() method on MultiColumnFragmentainerGroup would require the
fragmentainer group to be the last one in the array to count as auto.

We could fix the order in which things are done, or just make the whole thing a
bit more robust, which this CL aims to do.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1424913003

Cr-Commit-Position: refs/heads/master@{#360540}
rune
Use invalidation sets for :unresolved.
Gets rid of SubtreeStyleChange which relies on sibling tree recalcs.

Added TODO with issue for :default which just doesn't trigger any updates
from the DOM side.

R=hayato@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1461653002

Cr-Commit-Position: refs/heads/master@{#360537}
sigbjornf
Avoid unnecessary wtf/text/WTFString.h includes in platform/heap/
Oilpan header files are included across most of Blink, so tidy up various
downstream code that implicitly assumed WTFString.h's offerings to be
in scope.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1460523004

Cr-Commit-Position: refs/heads/master@{#360525}
rune
Use invalidation sets for :-webkit-drag.
Gets rid of SubtreeStyleChange which relies on sibling tree recalcs.

R=tkent@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1459553002

Cr-Commit-Position: refs/heads/master@{#360465}
jsokol
Initialize member variables of ui::ScrollEvent
With current implementation of GetScrollOffsets on Windows, none values
are changed and remain garbage. To make sure none of this will lead to
crash, just initialize values with zeros.

BUG=

Review URL: https://codereview.chromium.org/1461643002

Cr-Commit-Position: refs/heads/master@{#360389}
mstensho
Disable stretch-to-viewport quirk for multicol.
We don't want to stretch the height of BODY to that of the viewport if BODY is
inside a multicol container. There should be no need for this quirk in
multicol, and even if we had wanted to do something like that, what used to be
there was utterly wrong, since we'd end up with the viewport height divided by
the number of columns, which is just unpredictable silliness that nobody wants.

Un-inline the quirks mode part of stretchesToViewport() into
stretchesToViewportInQuirksMode() and check the condition that's most unlikely
to be true first, so that we can bail early.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1461623002

Cr-Commit-Position: refs/heads/master@{#360388}
sigbjornf
Oilpan: move ServiceWorkerGlobalScopeProxy to the heap.
The object maintains two references to heap objects, so by having it
also be on the Oilpan heap, these refs can be correctly traced & handled.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1448353002

Cr-Commit-Position: refs/heads/master@{#360381}
davve
Add UseCounter for border-image overriding border-widths
According to the specification, if one border-style is 'none' the
corresponding border-width should be zero and thus border-image-width
resolve to zero. No border-image can be drawn at zero-width border.

WebKit implemented an old version of the css border specification for
border-image and does not reset border-widths to zero for border-style
'none' when there is a border-image.

Add a use counter to get data on how many views that rely on this
behavior.

BUG=356802

Review URL: https://codereview.chromium.org/1455673002

Cr-Commit-Position: refs/heads/master@{#360357}
rune
Use invalidation sets for :read-only and :read-write.
Gets rid of SubtreeStyleChange which relies on sibling tree recalcs.

R=tkent@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1454003002

Cr-Commit-Position: refs/heads/master@{#360298}
mostynb
include what you use: errno.h and string.h in media/
Add missing errno.h includes for errno and string.h includes for
strerror.

TBR=qinmin

Review URL: https://codereview.chromium.org/1429383002

Cr-Commit-Position: refs/heads/master@{#360276}
mostynb
don't try to adjust oom score with the suid sandbox if there is no such binary
BUG=312380

Review URL: https://codereview.chromium.org/1452403003

Cr-Commit-Position: refs/heads/master@{#360262}
sigbjornf
Oilpan: support GC event tracing following r360126.
TBR=oilpan-reviews,jbroman,mkwst@chromium.org
BUG=none

Review URL: https://codereview.chromium.org/1460463002

Cr-Commit-Position: refs/heads/master@{#360170}
philipj
Remove navigator.getStorageUpdates()
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/ak1kVjiX9T4/mo1rqcyQAQAJ

navigator.yieldForStorageUpdates() will be removed from the spec:
https://github.com/whatwg/html/pull/342

BUG=465255

Review URL: https://codereview.chromium.org/1439973005

Cr-Commit-Position: refs/heads/master@{#360140}
sigbjornf
Deflake http/tests/misc/script-sync-slow-scripts-onerror.html
Cope with sync scripts failing to load in any order, testing instead
their collective outcome when finishing up.

R=mkwst
BUG=555052

Review URL: https://codereview.chromium.org/1449413002

Cr-Commit-Position: refs/heads/master@{#360123}
sigbjornf
Oilpan: tidy up CSSCustomFontData::m_fontFaceSource back ref somewhat.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1439033002

Cr-Commit-Position: refs/heads/master@{#360062}
sigbjornf
Oilpan: move WorkerInspectorController's frontend channel to the heap.
Move along this WorkerInspectorController-owned object to the heap also,
allowing it to keep a traced reference to its worker global scope.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1449963002

Cr-Commit-Position: refs/heads/master@{#360052}
sigbjornf
KeyframeEffectTest: avoid keeping unnecessary Document reference.
Avoid introducing a Persistent<> to a Document for these unit tests,
thereby not keeping an untraced heap reference with Oilpan.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1452613002

Cr-Commit-Position: refs/heads/master@{#360029}
sigbjornf
WebGeolocationController: improve handling of bare GeolocationController*
While GeolocationController is still being transitioned to Oilpan,
introduce an intermediary abstraction that allows WebGeolocationController
to keep a WebPrivatePtr<>. Thereby letting us correctly trace the
GeolocationController it wraps.

R=haraken,tkent
BUG=553613

Review URL: https://codereview.chromium.org/1444333002

Cr-Commit-Position: refs/heads/master@{#360027}
sigbjornf
Oilpan: account for DocumentThreadableLoader::m_document back ref.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1435263002

Cr-Commit-Position: refs/heads/master@{#360025}
sigbjornf
Oilpan: account for DevToolsEmulator reference from WebSettingsImpl.
WebSettingsImpl and DevToolsEmulator are both owned by WebViewImpl;
let the former keep an untracked reference to the latter.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1437003005

Cr-Commit-Position: refs/heads/master@{#359854}
sigbjornf
Oilpan: tidy up InspectorState weak references.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1446973002

Cr-Commit-Position: refs/heads/master@{#359842}
sigbjornf
Oilpan: tidier ContentSecurityPolicy back refs from auxillary CSP objects.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1436103004

Cr-Commit-Position: refs/heads/master@{#359831}
sigbjornf
Oilpan: move HTMLParserScheduler to the heap.
The benefit being that the back reference it keeps to
HTMLDocumentParser can be traced per normal.

R=kouhei,haraken
BUG=553613

Review URL: https://codereview.chromium.org/1438193002

Cr-Commit-Position: refs/heads/master@{#359824}
sigbjornf
Oilpan: move InspectedFrames to the heap.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1434383002

Cr-Commit-Position: refs/heads/master@{#359811}
sigbjornf
Oilpan: move NavigatorContentUtilsClients to the heap.
Done so as to allow the client implementation keep a Member reference to
its WebLocalFrameImpl.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1441083002

Cr-Commit-Position: refs/heads/master@{#359775}
sigbjornf
Oilpan: correctly track MediaControlsTest's MediaControls reference.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1442153002

Cr-Commit-Position: refs/heads/master@{#359753}
sigbjornf
Oilpan: track ScriptStateForTesting's ExecutionContext reference better.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1445913002

Cr-Commit-Position: refs/heads/master@{#359750}
sigbjornf
Oilpan: tidy up ChromeClientImplTest's ChromeClientImpl ref.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1442843004

Cr-Commit-Position: refs/heads/master@{#359748}
mharanczyk
Properly call string fill constructor in win shell integration unittest.
Before it was always creating string of 49 size (value of L'1') filled
with random character based of size of app id string. Found it just
because size after my local changes resulted in inserting forbidden
space ' ' character.

Review URL: https://codereview.chromium.org/1439323003

Cr-Commit-Position: refs/heads/master@{#359744}
sigbjornf
Oilpan: move WebPluginLoadObserver to the heap.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1442643003

Cr-Commit-Position: refs/heads/master@{#359556}
sigbjornf
Oilpan: tidy up InspectorResourceContentLoader's ResourceClient handling.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1436723005

Cr-Commit-Position: refs/heads/master@{#359553}
sigbjornf
Oilpan: account for RetainedDOMInfo::m_root temporary Node reference.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1440003002

Cr-Commit-Position: refs/heads/master@{#359540}
sigbjornf
Oilpan: turn MuteConsoleScope into a stack allocated object.
Do so in order to have its embedded agent referenced be handled as
required.

R=keishi
BUG=553613

Review URL: https://codereview.chromium.org/1442953002

Cr-Commit-Position: refs/heads/master@{#359538}
sigbjornf
Oilpan: fix build after r359531.
~ScriptWrappable is only provided !OILPAN.

R=haraken
BUG=520391
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1441303002

Cr-Commit-Position: refs/heads/master@{#359533}
tmoniuszko
Fix dependencies on policy_component_test_support
BUG=

Review URL: https://codereview.chromium.org/1321013007

Cr-Commit-Position: refs/heads/master@{#359529}
sigbjornf
Oilpan: move DateTimeChooser to the heap.
Done so as to allow DateTimeChooserImpl::m_chromeClient to be correctly
traced, but consistent to have this on the heap alongside the other
'chooser' object, ColorChooser.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1432243003

Cr-Commit-Position: refs/heads/master@{#359321}
sigbjornf
Oilpan: account for V8NPObject::rootObject bare pointer.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1436173002

Cr-Commit-Position: refs/heads/master@{#359319}
sigbjornf
Oilpan: add missing tracing of WebLocalFrameImpls from inspector agents.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1434243002

Cr-Commit-Position: refs/heads/master@{#359314}
sigbjornf
Oilpan: add missing tracing of Page::m_chromeClient.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1436143002

Cr-Commit-Position: refs/heads/master@{#359310}
sigbjornf
Oilpan: add reqd tracing of ImportedStyleSheetClients.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1439023002

Cr-Commit-Position: refs/heads/master@{#359309}
sigbjornf
Oilpan: add missing tracing of PopupMenuImpl::m_chromeClient.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1434093003

Cr-Commit-Position: refs/heads/master@{#359306}
sigbjornf
Oilpan: add missing tracing of SVGSMILElement condition.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1438823003

Cr-Commit-Position: refs/heads/master@{#359301}
tsniatowski
Run gn_unittests on Mac bots
With Linux already there and Windows added recently this should make
gn_unittests run on all relevant platforms in CQ.

R=dpranke@chromium.org
BUG=549254

Review URL: https://codereview.chromium.org/1437863002

Cr-Commit-Position: refs/heads/master@{#359290}
sigbjornf
Oilpan: add missing LocalFrame::m_pluginElements annotation.
TBR=oilpan-reviews
BUG=553613
NOTRY=true

Review URL: https://codereview.chromium.org/1438143002

Cr-Commit-Position: refs/heads/master@{#359274}
sigbjornf
Oilpan: turn Frame::m_client into the Member it is.
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1437973002

Cr-Commit-Position: refs/heads/master@{#359210}
sigbjornf
Oilpan: handle WorkerObjectProxy::m_executionContext ref better.
The proxy object outlives its ExecutionContext reference; exempt it
from any GC plugin checks.

R=
BUG=553613

Review URL: https://codereview.chromium.org/1438823002

Cr-Commit-Position: refs/heads/master@{#359162}
sigbjornf
Do not attempt an Oilpan memory pressure GC if nested.
Nested GCs aren't supported, so only trigger an urgent memory pressure
GC if we're not sweeping up after another.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1438733002

Cr-Commit-Position: refs/heads/master@{#359127}
sigbjornf
Rename IsAllowOnlyInlineAllocation<T> to AllowsOnlyPlacementNew<T>.
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1433983002

Cr-Commit-Position: refs/heads/master@{#359126}
mostynb
include what you use: errno.h and string.h in content/
Adding some missing errno.h includes for errno and
string.h for strerror in content/

Review URL: https://codereview.chromium.org/1417483018

Cr-Commit-Position: refs/heads/master@{#359110}
davve
Avoid truncation to int when setting background-position coordinates
This error was part of the original
https://bugs.webkit.org/show_bug.cgi?id=103440 implementation of
background-position but then only for non-repeating backgrounds. When
also used for repeating backgrounds through
https://codereview.chromium.org/1287293002 it has been noticed that
the background-position was sometimes a pixel off when zooming.

BUG=535504

Review URL: https://codereview.chromium.org/1431103005

Cr-Commit-Position: refs/heads/master@{#359101}
sigbjornf
Oilpan: add temporary plugin ignore exemption for DataRef<T>::RefPtr<T>.
Until the clang Blink GC plugin has been updated to include r359074,
the GC plugin will erroneously complain if DataRef<T> is used with a
RefCountedGarbageCollected<T> class type. Add a GC_PLUGIN_IGNORE()
to temporarily prevent such false errors from being reported.

R=
BUG=553613

Review URL: https://codereview.chromium.org/1440553002

Cr-Commit-Position: refs/heads/master@{#359094}
sigbjornf
MemoryCacheTest: tidy up task's Resource reference.
R=haraken
BUG=503485

Review URL: https://codereview.chromium.org/1437823003

Cr-Commit-Position: refs/heads/master@{#359084}
sigbjornf
MockImageResourceClient: tidy up Resource reference.
R=haraken
BUG=503485

Review URL: https://codereview.chromium.org/1432213002

Cr-Commit-Position: refs/heads/master@{#359083}
sigbjornf
Oilpan: move NetworkResourcesData to the heap.
Do so in order to properly handle the Resource pointers that its
ResourceData keeps.

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1436793002

Cr-Commit-Position: refs/heads/master@{#359082}
sigbjornf
InternalResourcePtr: allowed only as stack allocated.
R=haraken
BUG=503485

Review URL: https://codereview.chromium.org/1434903002

Cr-Commit-Position: refs/heads/master@{#359079}
sigbjornf
Oilpan: tidy up AutoplayExperimentHelper.
Have this part object handle its HTMLMediaElement heap reference properly.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1436783002

Cr-Commit-Position: refs/heads/master@{#359076}
sigbjornf
GC plugin: RefPtr<T> is legal if T is RefCountedGC-derived.
Allow RefPtr<T> uses for classes that derive from
RefCountedGarbageCollected<T>.

R=
BUG=553613

Review URL: https://codereview.chromium.org/1433883003

Cr-Commit-Position: refs/heads/master@{#359074}
mostynb
simplify the is_desktop_linux default value expression
Let's remove the redundant '&& current_is != "chromeos"' part of the
is_desktop_linux default value expression.

BUG=554006

Review URL: https://codereview.chromium.org/1433033002

Cr-Commit-Position: refs/heads/master@{#358946}
mostynb
include what you use: errno.h in exec_process.cc
Add missing errno.h inclusion - this is less likely to
break uncommon toolchains (eg uClibc).  And while we're
at it, merge posix includes into else case for an
#ifdef OS_WIN block to match the code that uses these
includes.

R=brettw@chromium.org,tfarina@chromium.org

Review URL: https://codereview.chromium.org/1421293008

Cr-Commit-Position: refs/heads/master@{#358944}
sigbjornf
dispatchTouchEvents(): mark local class as stack allocated.
The Blink GC plugin checks requires that the Oilpan heap references contained
within the "changed touches" values are properly handled during GCs. They're
all stack allocated, so mark the local class as STACK_ALLOCATED(). MSVC
presents a problem in carrying that through (see comment), so lift out the
local class from the dispatchTouchEvents() method at the same time.

R=haraken
BUG=553700

Review URL: https://codereview.chromium.org/1419423004

Cr-Commit-Position: refs/heads/master@{#358861}
mostynb
include what you use: errno.h and string.h in net/
Adding some missing errno.h and string.h includes.

Review URL: https://codereview.chromium.org/1427143003

Cr-Commit-Position: refs/heads/master@{#358844}
davve
Reland of Make LayoutImageResource::image() parameter explicit (patchset #1 id:1 of https://codereview.chromium.org/1431973002/ )
Reason for revert:
Revert the revert. It looks like "Enable slimming paint synchronized painting" was the culprit this time. Relanding.

Original issue's description:
> Revert of Make LayoutImageResource::image() parameter explicit (patchset #2 id:20001 of https://codereview.chromium.org/1411693006/ )
>
> Reason for revert:
> Seems to have caused 553045
>
> Original issue's description:
> > Make LayoutImageResource::image() parameter explicit
> >
> > It makes the code more explicit and easier to read. No functional
> > change expected.
> >
> > BUG=551419
> >
> > Committed: https://crrev.com/3059b983258e55aeacef6e0b04bdd35a72436d3b
> > Cr-Commit-Position: refs/heads/master@{#358287}
>
> TBR=fs@opera.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=551419
>
> Committed: https://crrev.com/20fa2832b2650a8654bfd8226561046760ebbfc9
> Cr-Commit-Position: refs/heads/master@{#358551}

TBR=fs@opera.com
BUG=551419

Review URL: https://codereview.chromium.org/1431193004

Cr-Commit-Position: refs/heads/master@{#358818}
sigbjornf
Oilpan: annotate weak ScrollableArea* refs with GC_PLUGIN_IGNORE()s.
ScrollAnimators keep a back reference to their owning ScrollableArea;
annotate these weak references with GC_PLUGIN_IGNORE() to inform
the GC plugin checks that these references have been checked & accounted
for.

R=haraken
BUG=509911,553613

Review URL: https://codereview.chromium.org/1427973008

Cr-Commit-Position: refs/heads/master@{#358747}
philipj
Remove unused UseCounter features
Review URL: https://codereview.chromium.org/1419823012

Cr-Commit-Position: refs/heads/master@{#358629}
mostynb
include what you use: errno.h in ui/ozone/
Add missing errno.h include.

Review URL: https://codereview.chromium.org/1417503013

Cr-Commit-Position: refs/heads/master@{#358589}
sigbjornf
Avoid data races on initializing GCScope.
Fully initialize the stack-allocated GCScope object before having it
enter a safe point, and attempt to have all the attached threads do
the same ("parking" them.)

By arranging for all updates to the GCScope object to happen before
safe points are entered, we avoid overlapping r/w access of the
thread stack regions that marking will proceed to conservatively scan
for heap references. Such overlaps can happen if two threads concurrently
attempt to initiate a GC.

R=haraken
BUG=527338

Review URL: https://codereview.chromium.org/1411643006

Cr-Commit-Position: refs/heads/master@{#358573}
mostynb
include what you use: errno.h in tools/android/
Add missing errno.h includes.

BUG=134180

Review URL: https://codereview.chromium.org/1424943009

Cr-Commit-Position: refs/heads/master@{#358563}
sigbjornf
ScriptRunner::notifyScriptLoadError(): fix broken sanity check.
Asserting for the presence of 'scriptLoader' in the pending script loader
Deque cannot use the iterator to do so if the Deque is mutated at the
same time; last loader will be confused with end(). Do better.

Regression introduced by r357778.

R=haraken
BUG=552871

Review URL: https://codereview.chromium.org/1413363012

Cr-Commit-Position: refs/heads/master@{#358556}
davve
Avoid using ImageResource->imageSize() to get the marker size
In cases when LayoutListMarker represents an image it has a StyleImage
to determine the size of the the marker. Prior to this patch the
computed size is saved back to the StyleImage for later use. This
should be unnecessary since the size can be computed (or saved
locally) when it's actually needed.

When looking closer at one may notice that the zoom level is stored
inside SVGImageForContainer so that SVGImageForContainer::size()
actually returns the size _including zoom_. When LayoutListMarker
asked for the image size and provided zoom, the zoom level was applied
once more resulting in double zoom. The added test exposes this.

As part of 551419, the aim it to get rid of
ImageResource::setContainerSizeForLayoutObject and friends (storing
SVG image specific data inside ImageResource) and this is a step in
that direction.

BUG=551419, 551808

Review URL: https://codereview.chromium.org/1433503003

Cr-Commit-Position: refs/heads/master@{#358552}
davve
Revert of Make LayoutImageResource::image() parameter explicit (patchset #2 id:20001 of https://codereview.chromium.org/1411693006/ )
Reason for revert:
Seems to have caused 553045

Original issue's description:
> Make LayoutImageResource::image() parameter explicit
>
> It makes the code more explicit and easier to read. No functional
> change expected.
>
> BUG=551419
>
> Committed: https://crrev.com/3059b983258e55aeacef6e0b04bdd35a72436d3b
> Cr-Commit-Position: refs/heads/master@{#358287}

TBR=fs@opera.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=551419

Review URL: https://codereview.chromium.org/1431973002

Cr-Commit-Position: refs/heads/master@{#358551}
mostynb
include what you use: errno.h in components/
Adding some missing errno.h includes for errno in components/

NOPRESUBMIT=TRUE

Review URL: https://codereview.chromium.org/1424273004

Cr-Commit-Position: refs/heads/master@{#358522}
sigbjornf
Sync test expectations following r358425.
TBR=peria@chromium.org,szager1@chromium.org
BUG=552456
NOTRY=true

Review URL: https://codereview.chromium.org/1423593007

Cr-Commit-Position: refs/heads/master@{#358521}
mostynb
include what you use: errno.h and string.h in base/
Adding some missing errno.h includes for errno and
string.h for strerror in base/

Review URL: https://codereview.chromium.org/1434533004

Cr-Commit-Position: refs/heads/master@{#358477}
mostynb
include what you use: errno.h in sandbox/
Adding some missing errno.h includes for errno in sandbox/

Review URL: https://codereview.chromium.org/1422253004

Cr-Commit-Position: refs/heads/master@{#358474}
mostynb
include what you use: errno.h in v4l2_webcam.cc
Add missing errno.h include in v4l2_webcam.cc

Review URL: https://codereview.chromium.org/1430183002

Cr-Commit-Position: refs/heads/master@{#358468}
mostynb
include what you use: errno.h and string.h in ipc_channel_posix_unittest.cc
Add missing errno.h include for errno and string.h include for strerror.

Review URL: https://codereview.chromium.org/1409833013

Cr-Commit-Position: refs/heads/master@{#358467}
mostynb
include what you use: errno.h in chrome/
Adding some missing errno.h includes for errno in chrome/

Review URL: https://codereview.chromium.org/1413373010

Cr-Commit-Position: refs/heads/master@{#358463}
mostynb
include what you use: errno.h in chromecast/
Adding some missing errno.h includes for errno in chromecast/

Review URL: https://codereview.chromium.org/1429373002

Cr-Commit-Position: refs/heads/master@{#358454}
mstensho
Fix off-by-one (or off-by-one-sixtyfourth) error when checking what a column can hold.
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1428063009

Cr-Commit-Position: refs/heads/master@{#358447}
sigbjornf
Add missing prefinalizer registration after r358299.
TBR=oilpan-reviews
BUG=541338

Review URL: https://codereview.chromium.org/1427023007

Cr-Commit-Position: refs/heads/master@{#358425}
mostynb
telemetry_chrome_test_base should depend on dump_syms for the host toolset specifically
On Linux, dump_syms is only defined for the host toolset.
Without this patch, linux gcc cross-compile builds fail
when running gyp, ever since
https://codereview.chromium.org/1419143006/ landed.

Clang builds are unaffected, because they don't have
separate host and target toolsets.

BUG=507796,552436
CQ_EXTRA_TRYBOTS=tryserver.chromium.perf:linux_perf_bisect;tryserver.chromium.perf:mac_10_10_perf_bisect;tryserver.chromium.perf:android_nexus5_perf_bisect

Review URL: https://codereview.chromium.org/1422703008

Cr-Commit-Position: refs/heads/master@{#358406}
fs
Rebaseline a few SVG tests for XP
 svg/dom/length-list-parser.html
 svg/transforms/text-with-pattern-with-svg-transform.svg
 svg/hixie/perf/006.xml

TBR=szager@chromium.org
BUG=552433,467464

Review URL: https://codereview.chromium.org/1413183008

Cr-Commit-Position: refs/heads/master@{#358405}
philipj
Deprecate SVGElement.offsetParent/offsetTop/offsetLeft/offsetWidth/offsetHeight
Intent to Deprecate:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/JlAEmQpWMWA/63acYbmdDwAJ

Simply using [Deprecate] is unfortunately not supported.

Tests are updated to avoid the attributes to the extent possible.

BUG=463116

Review URL: https://codereview.chromium.org/1405283006

Cr-Commit-Position: refs/heads/master@{#358333}
mstensho
Manually revert "Fold out-of-flow objects into anonymous blocks when removing children"
Also revert "Auto-rebaseline for r357886"

First attempt at reverting failed: https://codereview.chromium.org/1419053004/

Reason for revert:
Causing use-after-free crashes in entire rendering pipeline, reverting.

Original issue's description:
> Fold out-of-flow objects into anonymous blocks when removing children
>
> Sometimes when we remove a child we end up with a float or out-of-flow object beside
> an anonymous block. When that happens, fold the float/out-of-flow object into the
> anonymous box as that is where it would have lived if they were siblings in the
> first place.
>
> BUG=322039
>
> Committed: https://crrev.com/44402d152cd0bb788db3136ab08c3c76ec348cd1
> Cr-Commit-Position: refs/heads/master@{#357886}

TBR=robhogan@gmail.com
BUG=322039

Review URL: https://codereview.chromium.org/1411543009

Cr-Commit-Position: refs/heads/master@{#358293}
davve
Make LayoutImageResource::image() parameter explicit
It makes the code more explicit and easier to read. No functional
change expected.

BUG=551419

Review URL: https://codereview.chromium.org/1411693006

Cr-Commit-Position: refs/heads/master@{#358287}
sigbjornf
Disable eager tracing for thread-terminated GCs.
The Oilpan marking phase enables and sets up a stack limit
that the eager tracing calls should not exceed while visiting the live
object graph. The marking phase is single threaded. The stack limit
is reset and eager marking disabled once the marking phase has
completed -- thread local weak processing (and its slight amount of
tracing) is run with it disabled.

Do not enable such an eager marking stack limit for the GCs that are run
for a thread's heap when the thread is terminated, as this risks conflicting
with any thread-local weak processing that is still underway. The slight
performance gain that eager marking brings is not an issue for such GCs.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1429273002

Cr-Commit-Position: refs/heads/master@{#358273}
mstensho
Don't propagate pagination struts to flow threads.
We'd lose the strut that way, since there's nobody to pick it up from a flow
thread.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1419703006

Cr-Commit-Position: refs/heads/master@{#358195}
mstensho
Calculate minimum column height after layout.
This moves some multicol specific code out from LayoutBlock and
LayoutBlockFlow. More importantly, though, is that once we add optimizations
to skip subtrees during multicol layout, collecting this information during
layout isn't going to work.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1406973008

Cr-Commit-Position: refs/heads/master@{#358171}
sigbjornf
Remove unwanted eager finalization of some mediastream objects.
Adjust the use of EAGERLY_FINALIZE() for mediastream objects:

 - MediaStreamComponent will be eagerly finalized and notify its
   MediaStreamTrack observers. Consequently, MediaStreamTrack cannot
   and need not be eagerly finalized.
 - MediaStream no longer need to eagerly unregister as a client from
   its MediaStreamDescriptor member.

Not doing so results in mutual dependencies between finalizers run by
eagerly finalized objects, causing use-after-frees.

R=haraken
BUG=496535

Review URL: https://codereview.chromium.org/1421373007

Cr-Commit-Position: refs/heads/master@{#358062}
mostynb
ozone: evdev: Add missing errno.h #include in event_converter_evdev.cc
Review URL: https://codereview.chromium.org/1419813009

Cr-Commit-Position: refs/heads/master@{#358057}
mostynb
include what you use: errno.h in process_memory_dump.cc
Followup to https://codereview.chromium.org/1398163003 - include errno.h
since we use errno in process_memory_dump.cc.

BUG=542503

Review URL: https://codereview.chromium.org/1417743004

Cr-Commit-Position: refs/heads/master@{#358024}
fs
Replace open-coded toSVG<type> with DEFINE_SVG_PROPERTY_TYPE_CASTS
Also replace some includes of SVGAnimated*.h with SVG*.h where the
latter will suffice. (* = {Integer,Number,Property})
Relocate the DEFINE_SVG_PROPERTY_TYPE_CASTS macro to SVGProperty.h.

Review URL: https://codereview.chromium.org/1412123015

Cr-Commit-Position: refs/heads/master@{#357783}
sigbjornf
Upon load failure, remove sync script from pending queue.
If a script element is to be loaded synchronously and executed in order,
it's queued for execution before loading. Should that load fail, the
immediate execution of the script,

  https://html.spec.whatwg.org/#execute-the-script-block

should only result in an error event being dispatched.

Implementation-wise, along with signalling error, the failed script must also
be removed from the internal in-order pending execution queue. We're done with
(not) executing the script and failure to remove it will cause subsequent
processing of its pending queue to see the script as having failed
to load and re-dispatch an error event.

R=tkent
BUG=503077

Review URL: https://codereview.chromium.org/1424703007

Cr-Commit-Position: refs/heads/master@{#357778}
sigbjornf
Oilpan: fix build after r357748.
TBR=oilpan-reviews
BUG=465126
NOTRY=true

Review URL: https://codereview.chromium.org/1422463008

Cr-Commit-Position: refs/heads/master@{#357776}
davve
Clean out TestExpectations for SVG in <object> tests
The timeouts and fails should be addressed now by splitting tests and
slightly fuzzier matching.

BUG=392640

Review URL: https://codereview.chromium.org/1415573008

Cr-Commit-Position: refs/heads/master@{#357642}
sigbjornf
Overflow-proof the computation of stack region end.
Add asserts + be more careful about type conversions when
computing the stack limit pointer value.

R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1425243004

Cr-Commit-Position: refs/heads/master@{#357569}
mstensho
Introduce LayoutBox::paginationBreakability().
The engine actually cares about three states of column / page breakability
inside an object:

1. Breakable. Look inside for possible break points.
2. Unbreakable. Breaking inside would pretty much guarantee ugly layout.
3. Preferable not to break (break-inside:avoid).

LayoutBox::isUnsplittableForPagination() returned true for #2, and false for #1
and #3.

The only one that cares about #3 at the moment is adjustForUnsplittableChild()
in LayoutBlockFlow, which handled #3 on its own after checking with
isUnsplittableForPagination(), but we're soon going to have to care about it at
other places too, so let's introduce a method that can tell us.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1426673005

Cr-Commit-Position: refs/heads/master@{#357559}
fs
Use a converter to resolve style for -webkit-filter and backdrop-filter
Gets rid of the custom builders with a simple refactor of the
FilterOperationResolver.

BUG=109224

Review URL: https://codereview.chromium.org/1407123011

Cr-Commit-Position: refs/heads/master@{#357540}
sigbjornf
Oilpan: add missing pointer initialization after r357529.
TBR=oilpan-reviews
BUG=542401
NOTRY=true

Review URL: https://codereview.chromium.org/1431683004

Cr-Commit-Position: refs/heads/master@{#357534}
mstensho
Always lay out the flow thread when the multicol container is laid out.
This makes it possible to put an auto-height multicol inside another
auto-height multicol. It goes like this: first we balance the inner multicol
without knowing the height of the outer one. When we know the height of the
inner one, we can balance the outer one, and re-lay out.
markForPaginationRelayoutIfNeeded() will make sure that the inner multicol
container is marked for layout in that pass, and here it is crucial that we
enter its flow thread too, since that's where the contents are (so that we
realize that the outer multicol is height-restricted, so that we need to insert
an additional row (fragmentainer group) for the inner one).

This change triggers an additional flow thread layout pass in some cases, which
exposed crbug.com/534751 in two layout tests, so I modified the tests somewhat
to avoid triggering the additional layout pass altogether.

Explanation for the extra layout pass: When initially laying out a document,
and the document doesn't specify whether scrollbars should be shown or not,
Blink assumes that there will be a vertical scrollbar. If we find out after
layout that there's no need for it, it is removed, followed by another layout
pass, because removing the scrollbar gave the viewport a new width.

When an object changes its width, all children will be marked for layout. This
also happens if a child's width is fixed (which admittedly really seems
unnecessary).

Example:
<!DOCTYPE html>
<html>
    <body>
        <div id="outer" style="width:100px;">
            <div id="inner"></div>

When the initial vertical scrollbar is removed, the viewport width changes, so
HTML and BODY need to be laid out again, since their widths are auto.
Additionally, we lay out #outer, because it's a child of something that got a
new width (even if the child has a fixed width). But at least we won't re-lay
out #inner, since its parent doesn't change its width.

The tests that had to be modified had a fixed-width multicol container child of
BODY, which got re-laid out when the initial scrollbar disappeared. With this
CL, its child flow thread would also be re-laid out, which would expose
crbug.com/534751 , since laying out a paginated table twice is one way of
triggering that bug.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1429903003

Cr-Commit-Position: refs/heads/master@{#357393}
philipj
Remove HTMLFrameElement.prototype.getSVGDocument()
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/_9iRam2UKBI/2sM9_G7HDQAJ

BUG=549323

Review URL: https://codereview.chromium.org/1424313004

Cr-Commit-Position: refs/heads/master@{#357368}
fs
Reduce footprint of FilterEffectBuilder::build
Since we know the resulting size of the sepia(...) and grayscale(...)
matrices, allocate the space for them up front, and then use
uncheckedAppend(...) to reduce the code bloat from regular append(...).
This strikes a balance between using float[20] (entirely unchecked but
less code) and what's currently there.

Move the setup of the matrices to helper functions to reduce the
"weight" (cognitive load) of these two cases in the switch somewhat.

Code size is reduced by ~1.35kB on x86-64/Linux.

Review URL: https://codereview.chromium.org/1406403008

Cr-Commit-Position: refs/heads/master@{#357365}
sigbjornf
Oilpan: fix build after r357332.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1414703006

Cr-Commit-Position: refs/heads/master@{#357357}
davve
Split tests again because of timeouts on debug bots
This time down to 36 tests per file. Also add a meta tag to signal
that the tests may take longer time.

BUG=392640

Review URL: https://codereview.chromium.org/1431563003

Cr-Commit-Position: refs/heads/master@{#357344}
mstensho
Deduct pagination struts when calculating initial column height.
Even if height is auto, nested multicol sets a column height in the initial
layout pass (set to the remaining height in the outer multicol container; this
all takes place in resetColumnHeight()), which enables pagination in the first
layout pass, and may thus insert pagination struts. We need to exclude those
when calculating the initial balanced column height estimate. The reason why we
set this height before layout in this case, is that we need to figure out how
many fragmentainer groups (rows) we need.

In the future, we may also consider setting a height before layout for
non-nested auto-height multicol containers, as an optimiation, since that may
reduce the number of layout passes in some cases.

Cleaned up the code in MultiColumnFragmentainerGroup::resetColumnHeight(). No
behavioral changes there, and the TODO is adressed with this CL.

R=leviw@chromium.org
BUG=447718

Review URL: https://codereview.chromium.org/1420713003

Cr-Commit-Position: refs/heads/master@{#357338}
tsniatowski
Fix //tools/gn/example on Linux: missing current_os and related vars
The example GN project's BUILDCONIG.gn needs to set {target,current}_{os,cpu)
variables like the Chromium BUILDCONFIG file does. Otherwise some conditionals
don't work like they do in Chromium and the project doesn't link on Linux,
which is needlessly confusing.

To test, `gn gen out' in //tools/gn/example, and then `ninja -C out'.

R=brettw@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1429073002

Cr-Commit-Position: refs/heads/master@{#357329}
sigbjornf
Sync remaining allocation size on in-place backing store recycling.
When a heap's current allocation point can simply be moved after the tail
object allocation is either freed, expanded or shrunk, make sure the
snapshot'ed m_lastRemainingAllocationSize is then always adjusted at the
same time.

Not doing so risks later re-syncs of m_lastRemaininingAllocationSize to
be invoked on a "bigger" heap than last time, i.e.,
m_lastRemainingAllocationSize < m_remainingAllocationSize, which is an
unexpected state to be in. Simply avoid that state from ever being entered,
by synchronously updating m_lastRemainingAllocationSize.

setRemainingAllocationSize(size_t) handles this, along with updating the
overall heap allocation counts.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1424573003

Cr-Commit-Position: refs/heads/master@{#357292}
sigbjornf
Fix weak processing over cleared hash tables.
When a hash table of weak references is traced during the GC
marking phase, a weak callback is registered for processing after
that initial marking pass.

The hash table may be populated with entries at the time when
that weak callback is registered, but may end up being cleared
before the weak callback actually gets to run.

Account for that latter possibility by having the weak callback
being invoked first gracefully check if the backing table exists
before proceeding to process it.

R=haraken
BUG=549732
NOTRY=true

Review URL: https://codereview.chromium.org/1410373006

Cr-Commit-Position: refs/heads/master@{#357282}
mostynb
document COMPILER(GCC) and COMPILER(MSVC) a little better
Clang pretends to be gcc 4.4 by defining __GNUC__ and some related macros,
and therefore COMPILER(GCC) evaluates to 1 there.  To check for GCC
specifically, you need to check something like COMPILER(GCC) && !COMPILER(CLANG).

A similar situation happens with COMPILER(MSVC) in Clang when building for
windows (since Clang emulates MSVC there).

Review URL: https://codereview.chromium.org/1420613005

Cr-Commit-Position: refs/heads/master@{#357260}
tsniatowski
Fix Python imported modules depfile generation
Some Python scripts incorrectly reported no python module deps, for
example a manual run of build/android/gn/zip.py would create an empty
depfile (without even a build_utils.py entry).

GetPythonDependencies assumed that CHROMIUM_SRC is an absolute path,
turns out that depends on details of how build_utils.py is imported.
If it happened to be relative, all modules would be omitted from the
depfile as "system" modules, as they did not match CHROMIUM_SRC. Fix by
using DIR_SOURCE_ROOT which is absolute (and assert that it is).

R=cjhopman@chromium.org, agrieve@chromium.org
BUG=359249

Review URL: https://codereview.chromium.org/1412793012

Cr-Commit-Position: refs/heads/master@{#357246}
sigbjornf
Oilpan: insist on persisted plugin disposal upon clearing.
Follow up r355010 and arrange for persisted plugin widget disposal
when the plugin is completely detached and removed from the tree.

r355010 restricted disposal to not happen for persisted widgets
when re-attaching, but also ended up not disposing for the
fully-detached persistent plugin widget case.

Lacking those, widgets would end up being finalized without their
required dispose() having been called first.

R=haraken
BUG=544175

Review URL: https://codereview.chromium.org/1422503009

Cr-Commit-Position: refs/heads/master@{#357142}
davve
Remove stale comment
cachedImage->imageForLayoutObject() no longer returns
BitmapImages. The surrounding code is still correct since
cachedImage->imageForLayoutObject() may return a SVGImageForContainer
which does not propagate the correct filename extension.

NOTRY=true
BUG=128055

Review URL: https://codereview.chromium.org/1429803002

Cr-Commit-Position: refs/heads/master@{#357105}
tsniatowski
Run gn_unittests on Windows 7 bots
R=dpranke@chromium.org
BUG=549254

Review URL: https://codereview.chromium.org/1422333005

Cr-Commit-Position: refs/heads/master@{#357060}
sigbjornf
Oilpan: fix webkit unit tests following r356852.
TBR=oilpan-reviews
BUG=546729
NOTRY=true

Review URL: https://codereview.chromium.org/1428883002

Cr-Commit-Position: refs/heads/master@{#356958}
tsniatowski
Fix GN unittests on windows broken by abs-path change
Mixed up gen_dir and out_dir in one win-only unit test in a recent CL,
https://codereview.chromium.org/1420973003

R=brettw@chromium.org, andybons@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1408793007

Cr-Commit-Position: refs/heads/master@{#356945}
sigbjornf
Oilpan: fix build after r356804.
TBR=oilpan-reviews
BUG=530436
NOTRY=true

Review URL: https://codereview.chromium.org/1430703002

Cr-Commit-Position: refs/heads/master@{#356827}
davve
Split <object> tests further to reduce timeout risk
BUG=392640

Review URL: https://codereview.chromium.org/1423093005

Cr-Commit-Position: refs/heads/master@{#356822}
philipj
Remove the named item getters on TextTrackList and TextTrackCueList
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/fuNdIeOnmTo/kT-R9dnFDAAJ

BUG=535475
R=fs@opera.com

Review URL: https://codereview.chromium.org/1418133011

Cr-Commit-Position: refs/heads/master@{#356809}
mstensho
Require spanners to have the multicol container as their nearest block formatting context.
The editor's draft [1] suggests that a column-span:all object needs to be in
the same block formatting context, so disallow column-span for everything else.
MSIE does the same. Gecko doesn't support spanners.

While this simplifies the code and gives us less to worry about (and it
actually fixes bug 529737, although that wasn't my main motivation here),
another reason to make this change is that we'd get assertion failures if we
put a spanner inside a scrollable flex item inside a flexbox inside a multicol
inside another flexbox. The reason why the assertion failures happen is the
LayoutBlock::finishDelayUpdateScrollInfo() mechanism, which may jump to some
arbitrary block in the subtree and lay it out directly. While that is bad on
its own, the multicol implementation should now at least be immune to damage
caused by that.

Removed some old tests that are now invalid, because they expected spanners to
be created inside scrollable containers. This no longer works, because
non-visible overflow implies a new block formatting context.

[1] https://drafts.csswg.org/css-multicol/#column-span

BUG=529737
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1421423003

Cr-Commit-Position: refs/heads/master@{#356680}
sigbjornf
Sync Oilpan expectations for plugins/fullscreen-plugins-dont-reload.html
TBR=oilpan-reviews
BUG=544175
NOTRY=true

Review URL: https://codereview.chromium.org/1418613014

Cr-Commit-Position: refs/heads/master@{#356522}
sigbjornf
Precisely determine Windows thread stack size (reland)
The Thread Information Block (TIB)'s StackLimit records the end of
the committed area of the thread's stack reservation, hence it cannot be
used to determine the overall size of the reserved stack. Switch to
a VirtualQuery() lookup instead, but taking care to cache the result per
thread so as to avoid calling overhead.

R=haraken
BUG=546396

Review URL: https://codereview.chromium.org/1409243011

Cr-Commit-Position: refs/heads/master@{#356521}
davve
Disallow assigning a MediaSession after the resource has been selected
https://mediasession.spec.whatwg.org/#extensions-to-the-htmlmediaelement-interface

BUG=497735

Review URL: https://codereview.chromium.org/1420223002

Cr-Commit-Position: refs/heads/master@{#356299}
philipj
Move the Pointer Event extensions of GlobalEventHandlers to a new section
BUG=460722
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1423973003

Cr-Commit-Position: refs/heads/master@{#356296}
sigbjornf
Precisely determine Windows thread stack size.
The Thread Information Block (TIB)'s StackLimit records the end of
the committed area of the thread's stack reservation, hence it cannot be
used to determine the overall size of the reserved stack. Switch to
a VirtualQuery() lookup instead, but taking care to cache the result per
thread so as to avoid calling overhead.

R=haraken
BUG=546396

Review URL: https://codereview.chromium.org/1409243011

Cr-Commit-Position: refs/heads/master@{#356287}
sigbjornf
Precisely determine Windows thread stack size.
The Thread Information Block (TIB)'s StackLimit records the end of
the committed area of the thread's stack reservation, hence it cannot be
used to determine the overall size of the reserved stack. Switch to
a VirtualQuery() lookup instead, but taking care to cache the result per
thread so as to avoid calling overhead.

R=haraken
BUG=546396

Review URL: https://codereview.chromium.org/1409243011

Cr-Commit-Position: refs/heads/master@{#356268}
mstensho
Even block flows with inline children must be examined when balancing columns.
Even if a block flow is marked as having only inline children, it may still
contain interesting floats that need to be paginated.

BUG=547024
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1421883002

Cr-Commit-Position: refs/heads/master@{#356262}
sigbjornf
Oilpan: fix build after r356253.
R=haraken
BUG=520496
NOTRY=true

Review URL: https://codereview.chromium.org/1423703006

Cr-Commit-Position: refs/heads/master@{#356258}
fs
Remove dead method SVGLength::blend
Likely dead since https://codereview.chromium.org/983103003

Review URL: https://codereview.chromium.org/1419423002

Cr-Commit-Position: refs/heads/master@{#356075}
fs
Remove SVGPathElement.pathSegList and related interfaces
This CL removes the SVGPathSegList collection of objects and interface:

  SVGPathSegList{,TearOff}
  SVGPathSeg*

and support classes such as SVGPathSegListBuilder and SVGPathSegListSource.

The SVGPathSegList class is renamed to SVGPath, and stripped of all it's
listiness - essentially reducing it to a SVGPathByteStream. SVGAnimatedPath
is updated to contain the new type.
A new specialization of SVGAnimatedProperty is added for properties that
don't have any associated tear-off type.

The SVGPathSeg.h header file which still contain various path segment
description data is renamed to SVGPathData.h.

All tests for SVGPathSeg* functionality are removed, interface tests are
updated to not include the removed interfaces and in one case the use of
the pathSegList is replaced with the string representation.

TBR=timvolodine@chromium.org
BUG=539385

Review URL: https://codereview.chromium.org/1416273002

Cr-Commit-Position: refs/heads/master@{#356063}
mstensho
Never paginate fixed-positioned objects.
They are supposed to be repeated on every page anyway. Not that we currently do
that, but there's still no need to paginate them. It can only do harm.

Added a flexbox test, which is what the bug report was about. This regressed
for flexbox (and other types of non-block-container blocks as well) with
https://codereview.chromium.org/1360753002 , but this has actually been broken
for ages for regular block containers, so I threw in a bonus test for that too.

BUG=535163
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1426443003

Cr-Commit-Position: refs/heads/master@{#356041}
rune
Remove unused m_src from FontFace class.
Review URL: https://codereview.chromium.org/1419883005

Cr-Commit-Position: refs/heads/master@{#356035}
sigbjornf
Sync test expectations following r355983.
TBR=oilpan-reviews
BUG=546559
NOTRY=true

Review URL: https://codereview.chromium.org/1426663002

Cr-Commit-Position: refs/heads/master@{#356019}
sigbjornf
Zero-initialize persistent heap vector inline backing buffers.
A persistent heap collection object is allocated off-heap,
along with its inlined buffer (if any.)

For heap-allocated backing buffers (inlined in a heap vector or
separate), the Oilpan allocator will provide a zero-initialized
chunk of memory to use. Consequently the invariant initially
holds that unused slots of the backing buffer are all zero initialized
-- something needed for precise tracing during GC marking

To have that invariant hold for the persistent heap vectors also,
we have to explicitly clear out the inline backing buffers on
(off-heap) allocation.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1410223006

Cr-Commit-Position: refs/heads/master@{#356014}
tsniatowski
Make sure abs-path gn labels have separate target_gen_dirs
Use gen/ABS_PATH/... for target_gen_dir of build files outside of the
source tree, to mimic obj/ABS_PATH that's used for object directories
for such build files.

Previously, all build files outside of the source tree would use
root_gen_dir (e.g. out/Default/gen) as target_gen_dir. This broke the
"target_gen_dir is unique between different BUILD.gn files" assumption,
causing strange behavior and "ninja: multiple targets generate ..."
warnings for users of absolute path BUILD.gn files outside of //.

BUG=445454
R=brettw@chromium.org

Review URL: https://codereview.chromium.org/1420973003

Cr-Commit-Position: refs/heads/master@{#356011}
sigbjornf
Oilpan: add missing RawPtr<> initialization following r355274.
TBR=oilpan-reviews
BUG=442163

Review URL: https://codereview.chromium.org/1423483006

Cr-Commit-Position: refs/heads/master@{#355983}
sigbjornf
Have NetworkStateNotifier keep untraced ExecutionContext observers.
NetworkStateNotifier keeps track of its observing ExecutionContexts;
following r355234 this is a persistent hash map of weak references
(with Oilpan.) As observers may live on any thread, the first thread
that registers would then create the persistent heap collection on its
heap. This is at odds with the lifetime of NetworkStateNotifier, and
as ExecutionContexts manually manage their observership, revert to using
a HashMap.

R=haraken
BUG=515524

Review URL: https://codereview.chromium.org/1409853007

Cr-Commit-Position: refs/heads/master@{#355970}
sigbjornf
Oilpan: fix build after r355906.
TBR=oilpan-reviews
BUG=475655
NOTRY=true

Review URL: https://codereview.chromium.org/1426553002

Cr-Commit-Position: refs/heads/master@{#355965}
mstensho
Bypass containing block size special-code for fixed-positioneds when printing.
Consulting FrameView during printing doesn't really provide reliable results,
since class might just know the size of what we have on the screen.

While the size of their containing block (i.e. the page) is now calculated
correctly when printing, note that fixed positioned objects are still not
repeated on every page as they should according to the spec; they are still
only printed on the first page. But at least with the correct size and
position now. :)

BUG=544797
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1411313004

Cr-Commit-Position: refs/heads/master@{#355893}
fs
Hoist some pre-condition checks out of SVGAngle/SVGEnumeration
This moves checking of values closer to the "DOM" part of the API.

Review URL: https://codereview.chromium.org/1412713004

Cr-Commit-Position: refs/heads/master@{#355862}
fs
Remove some dead code in SVG "mixins"
addSupportedAttributes() is no longer used (handled by the property
map). Ditto for SVGFitToViewBox::parseAttribute and
SVGTests::parseAttribute.
Also drop the Document& to SVGTests::isValid since it isn't used.

Review URL: https://codereview.chromium.org/1420263002

Cr-Commit-Position: refs/heads/master@{#355842}
mstensho
Manual rebaseline for r355760 https://codereview.chromium.org/1423643002
Re-mark some tests as crashing for Windows 10. Had to temporarily comment them
out to get the rebaselining working. Or at least so I think.

BUG=544794
TBR=leviw@chromium.org

Review URL: https://codereview.chromium.org/1419183002

Cr-Commit-Position: refs/heads/master@{#355772}
philipj
Clarify that a document().frame() access in HTMLMediaElement cannot be null
Access to document().frame() in HTMLMediaElement is always null-checked,
so use the existing frame variable to make it obvious here as well.

R=fs@opera.com

Review URL: https://codereview.chromium.org/1411883003

Cr-Commit-Position: refs/heads/master@{#355771}
davve
Introduce WebMediaSession
WebMediaSession is the API enabling web exposed MediaSession objects
to control platform implementations of media session related
functionality.

Implementation will begin with Android and other platforms will be
added later.

Re-land of https://codereview.chromium.org/1370453002/ with
https://code.google.com/p/chromium/issues/detail?id=546394 fixed.

BUG=497735, 546394

Review URL: https://codereview.chromium.org/1370453002

Cr-Commit-Position: refs/heads/master@{#355058}

Review URL: https://codereview.chromium.org/1415923003

Cr-Commit-Position: refs/heads/master@{#355766}
mstensho
Print absolutely positioned objects correctly when sized against the viewport.
Remove special code for printing from computeLogicalHeight() and
updateLogicalWidth() in LayoutView. The size of the containing block
established by the viewport should be equal to the size of the page, not the
size of the document.

Return the correct page size from LayoutView::layoutSize() instead of 0x0.
Special code is still needed here, because we cannot use FrameView to get the
page size (because the size of the FrameView corresponds to what we have on the
screen).

BUG=544794
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1423643002

Cr-Commit-Position: refs/heads/master@{#355760}
fs
Use PathSegmentData+SVGPath{Consumer,Source} in PathSVGInterpolation
Drive the generation of SVG paths using SVGPathParser, and use
SVGPathSource and SVGPathByteStreams to avoid using the SVGPathSeg*
interfaces which will be going away RSN.

BUG=539385

Review URL: https://codereview.chromium.org/1408143004

Cr-Commit-Position: refs/heads/master@{#355759}
sigbjornf
Oilpan: fix build after r355581.
TBR=oilpan-reviews
BUG=543685
NOTRY=true

Review URL: https://codereview.chromium.org/1421783002

Cr-Commit-Position: refs/heads/master@{#355645}
mstensho
Manual rebaseline for r355526 https://codereview.chromium.org/1413573004/
Re-mark some tests as crashing for Windows 10. Had to temporarily comment them
out to get the rebaselining working. Or at least so I think.

BUG=544786
TBR=leviw@chromium.org

Review URL: https://codereview.chromium.org/1418503007

Cr-Commit-Position: refs/heads/master@{#355616}
sigbjornf
Oilpan: fix build after r355578.
TBR=oilpan-reviews
BUG=447082
NOTRY=true

Review URL: https://codereview.chromium.org/1421553003

Cr-Commit-Position: refs/heads/master@{#355592}
mstensho
Once the flow thread needs layout, mark all column sets for layout as well.
We need this to make sure that overflow is updated. Laying out a column set is
very cheap anyway, since they never have children. Since we now do this, we can
remove a few setNeedsLayout calls scattered around the code.

BUG=540512
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1414193004

Cr-Commit-Position: refs/heads/master@{#355568}
bratell
Smaller initial DisplayItemList to use less memory.
The previous initial size of the DisplayItemList was very pessimistic
and used 10+ KB (64 * sizeof(BeginTransform3DDisplayItem)). On a page like
YouTube there were 50 of them in use so a total of half a MB.

Looking at usage patterns, 512 bytes seems to be enough in many cases
which would save most of that half MB (not all committed so the amount
of reduced RAM usage is in the 1-200 KB range).

BUG=538615

Review URL: https://codereview.chromium.org/1417533009

Cr-Commit-Position: refs/heads/master@{#355556}
mstensho
Set page height for printing tests.
Without this we'd fail to properly re-lay out the document when switching to
print layout, because LayoutView::pageLogicalHeight() would be 0, which
typically makes everyone believe that we're not paginated.

Added a layout tree dump test for this (found no other way of testing this).
Also have to rebaseline two existing tests, because the layout tree dump
changes. The pixel results are unaffected, though.

BUG=544786
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1413573004

Cr-Commit-Position: refs/heads/master@{#355526}
philipj
Measure usage of the HTMLFieldSetElement.elements element
This will likely be made an HTMLCollection in the spec:
https://github.com/whatwg/html/issues/200

Knowing the usage will give some clue about the risk of the change.

R=tkent@chromium.org

Review URL: https://codereview.chromium.org/1415873002

Cr-Commit-Position: refs/heads/master@{#355522}
davve
Revert of Introduce WebMediaSession (patchset #13 id:240001 of https://codereview.chromium.org/1370453002/ )
Reason for revert:
Tests leak under address sanitizer. See https://code.google.com/p/chromium/issues/detail?id=546394.

Original issue's description:
> Introduce WebMediaSession
>
> WebMediaSession is the API enabling web exposed MediaSession objects
> to control platform implementations of media session related
> functionality.
>
> Implementation will begin with Android and other platforms will be
> added later.
>
> BUG=497735
>
> Committed: https://crrev.com/9b97db48d95635e9c5d48676df8dc51c9e5eef2a
> Cr-Commit-Position: refs/heads/master@{#355058}

TBR=jochen@chromium.org,avayvod@chromium.org,mlamouri@chromium.org,philipj@opera.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=497735

Review URL: https://codereview.chromium.org/1412933005

Cr-Commit-Position: refs/heads/master@{#355503}
fs
Use getAttribute to sample 'd' attribute in interpolation-test.js
pathSegList is going away, so use getAttribute('d') instead.
Adjust some expectations - mostly for 'z' vs 'Z' (not possible to
discern after parsing.)

BUG=539385

Review URL: https://codereview.chromium.org/1417103003

Cr-Commit-Position: refs/heads/master@{#355476}
sigbjornf
Avoid image resource leaks in frame-related unit tests.
When ImageLoader issues a (successful) load, it will keep its associated
element alive until the load has finished, so as to guarantee that the
load will complete without DOM mutations destructing the element.

This keep-alive reference is at odds with tidy shutdowns from unit tests
that issue image resource loads in particular, as they will not have
completed upon shutdown if the load hasn't otherwise been triggered.
By default they won't be, eaving the associated element and its
ImageLoader referred-to resources as reportedly leaking.

To avoid such leaks, insist that image resources are eagerly loaded
from the network by WebViewHelpers, if needs be. Which means that all such
external resources are mocked & accounted for.

R=haraken, thakis
BUG=526423

Review URL: https://codereview.chromium.org/1415123002

Cr-Commit-Position: refs/heads/master@{#355318}
sigbjornf
Reset CORS status upon re-initiating fetch of a stylesheet.
When initiating a fetch of a potentially cross-origin stylesheet that's
already fetching, reset the is-following-CORS flag along with clearing
the loading resource.

R=haraken,mkwst
BUG=544690

Review URL: https://codereview.chromium.org/1413563005

Cr-Commit-Position: refs/heads/master@{#355306}
joleksy
Conditionally include ui_base dependency in version_info
Defining use_unofficial_version_number will allow controlling
the inclusion of ui_base dependency, indepentently of used branding.

BUG=

Review URL: https://codereview.chromium.org/1419633002

Cr-Commit-Position: refs/heads/master@{#355292}
sigbjornf
Oilpan: fix build after r355274.
TBR=oilpan-reviews
BUG=442163
NOTRY=true

Review URL: https://codereview.chromium.org/1418823002

Cr-Commit-Position: refs/heads/master@{#355287}
fs
Convert the path fuzzer test to a unit test
This salvages the interesting bits of svg/dom/fuzz-path-parser.html into the
SVGPathParserTest.Simple unit test.

BUG=539385

Review URL: https://codereview.chromium.org/1407133007

Cr-Commit-Position: refs/heads/master@{#355282}
philipj
Revert "Use DOMSettableTokenList for {HTMLAnchorElement, HTMLAreaElement}.ping."
This reverts the following CLs:
https://codereview.chromium.org/1377163002
https://codereview.chromium.org/1398993002
https://codereview.chromium.org/1396983003

BUG=498219, 543031, 545326

Review URL: https://codereview.chromium.org/1416043002

Cr-Commit-Position: refs/heads/master@{#355277}
philipj
Remove MediaController (already diabled by REF)
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/66zec0JPy-k/-89CRX4VBQAJ

It was put behind a disabled RuntimeEnabledFeature in 2014:
https://codereview.chromium.org/250553006

BUG=none

Review URL: https://codereview.chromium.org/1373423003

Cr-Commit-Position: refs/heads/master@{#355260}
mostynb
be more explicit about gconf and glib conditions in net/BUILD.gn
BUG=512899,516899

Review URL: https://codereview.chromium.org/1398473005

Cr-Commit-Position: refs/heads/master@{#355257}
the_jk
Fix gyp/gn with configuration_policy=0
Running gyp in chromium with configuration_policy set to 0 fails as
multiple targets that are behind condition of configuration_policy==1
are referenced without corresponding conditionals

BUG=530579

Review URL: https://codereview.chromium.org/1414583004

Cr-Commit-Position: refs/heads/master@{#355128}
fs
Use getAttribute in path animation tests
Use getAttribute('d') and exact string matching instead of using
animatedPathSegList. The base value checks are dropped. In some cases
relative close commands ('z') are replaced with absolute ones ('Z').

BUG=539385

Review URL: https://codereview.chromium.org/1417593003

Cr-Commit-Position: refs/heads/master@{#355119}
davve
Introduce WebMediaSession
WebMediaSession is the API enabling web exposed MediaSession objects
to control platform implementations of media session related
functionality.

Implementation will begin with Android and other platforms will be
added later.

BUG=497735

Review URL: https://codereview.chromium.org/1370453002

Cr-Commit-Position: refs/heads/master@{#355058}
sigbjornf
Plug RemoteFrame leak in WebFrameTest.SwapMainFrameWhileLoading.
R=haraken
BUG=526423

Review URL: https://codereview.chromium.org/1414193002

Cr-Commit-Position: refs/heads/master@{#355029}
fs
Add unit test for SVG path parsing
This converts svg/dom/path-parser.html into a roughly equivalent unit
test.
Widen the assert in the SVGPathStringSource constructor to allow "" but
not (null) Strings.
Also move the non-fuzzed tests from svg/dom/fuzz-path-parser.html.

BUG=539385

Review URL: https://codereview.chromium.org/1413953002

Cr-Commit-Position: refs/heads/master@{#355008}
mstensho
Need to reposition an out-of-flow object *before* re-paginating it.
https://codereview.chromium.org/1343163005 removed code that was actually
needed. Instead of simply reverting the necessary parts, I rewrote them.
The old code called updateLogicalHeight() before layout, when all it wanted to
do was set the logical top. This made me a bit uneasy, because that could in
theory prevent the height change from being detected during layout() (and
LayoutBlockFlow::layoutBlockFlow() would for instance fail to set
|relayoutChildren| before calling layoutPositionedObjects()). Furthermore, it
used to check if the child establishes a writing mode root, and update the
logical *width* instead of height in that case. That's unnecessary and
potentially harmful (preventing the width change from being detected during
layout()). If the child establishes a new writing mode, it becomes opaque as
far as pagination is concerned, so no need to handle this.

BUG=544783
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1415623002

Cr-Commit-Position: refs/heads/master@{#354815}
fs
Fix expected inheritance for SVGClipPathElement
SVGDefinitionElement -> SVGElement

https://drafts.fxtf.org/css-masking-1/#InterfaceSVGClipPathElement

TBR=pdr@chromium.org

Review URL: https://codereview.chromium.org/1413073002

Cr-Commit-Position: refs/heads/master@{#354770}
sigbjornf
Oilpan: always shrink tail-allocated backing storage (reland.)
When shrinking backing storage allocations, some care is taken not to
introduce excessive fragmentation and/or limit later expansion of the
same object. That logic does not need to apply if the backing store is
at the tail of the current heap chunk: unconditionally reset the
allocation point, if it is.

(Reland of r353321; it asserted on empty shrink attempts on 32-bit windows.)

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1393863004

Cr-Commit-Position: refs/heads/master@{#354474}
sigbjornf
Revert of [Oilpan] Fix wrong usage of HeapCountedSet<EventTarget*> (patchset #3 id:80001 of https://codereview.chromium.org/1401033002/ )
Reason for revert:
Broke a number of tests on all Oilpan bots,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan/builds/29326

Lazy sweeping of EventTargetSet related.

Original issue's description:
> Fix wrong usage of HeapCountedSet<EventTarget*>
>
> BUG=515524
>
> Committed: https://crrev.com/0ab9a39b2347bc686cb6c2a7464acfebe3d4bd10
> Cr-Commit-Position: refs/heads/master@{#353714}

TBR=oilpan-reviews@chromium.org,haraken@chromium.org,peria@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=515524

Review URL: https://codereview.chromium.org/1405513003

Cr-Commit-Position: refs/heads/master@{#353756}
sigbjornf
Allow cross-thread destruction of RTCStatsRequest objects.
libjingle threads may in some cases end up finalizing WebRTCStatsRequest
objects, deref'ing such objects last via LocalRTCStatsRequest.

To allow such cross-thread release of the underlying Blink object,
annotate WebRTCStatsRequest's private pointer as cross-thread destructible.

R=
BUG=541762

Review URL: https://codereview.chromium.org/1399903002

Cr-Commit-Position: refs/heads/master@{#353642}
fs
Always populate the node map in SVGFilterBuilder if one exists
Since the node map is essentially a "reverse DAG" we cannot have holes
in it, so always add the FilterEffects even we cannot provide the
LayoutObject -> FilterEffect mapping (like in the case of a non-attached
element.)

BUG=541593, 533457

Review URL: https://codereview.chromium.org/1393633007

Cr-Commit-Position: refs/heads/master@{#353620}
mstensho
Column balancing refactoring. Don't propagate data during layout.
The column balancing machinery needs the following to calculate an optimal
column height:

1. Flow thread height
2. Flow thread logical top position of all forced breaks
3. The total number of forced breaks
4. Minimum space shortage at any soft break

The first two are needed to estimate an initial column height. The last two are
needed if the initial column height estimate wasn't good enough and we need to
stretch it.

We used to propagate this information to the flow thread continuously during
layout. Then the flow thread, after layout, would use this information for
column balancing (either estimate an initial column height, or stretch columns
based on minimum space shortage) and then re-lay out. This was problematic,
because during layout, we sometimes go back, and re-lay out e.g. a block
because the initial logical top was wrong (due to complex margin collapsing).
This would confuse the column balancing machinery (forced breaks being reported
and counted twice, space shortage being incorrectly reported, and so on).

Instead, traverse the tree after flow thread layout, to collect the information
that we need. This fixes an existing corner-case bug, allows for future
optimizations.

There is still one thing that the flow thread needs to be notified about during
layout, if we have nested multicol: It needs to know where content is laid out
(especially if the content is in a new column), in order to tell if we need to
insert another fragmentainer group (i.e. column row). It would be nice to get
rid of this as well in the future, but we need it for now. Renamed the poorly
named setPageBreak() to the more call-back-like paginatedContentWasLaidOut().

The new class ColumnBalancer and its subclasses are now in charge of column
balancing. Moved / refactored relevant code into those classes.
Taken from LayoutMultiColumnFlowThread, LayoutMultiColumnSet,
MultiColumnFramentainerGroup, and even LayoutBlockFlow.

BUG=521964
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1399493002

Cr-Commit-Position: refs/heads/master@{#353463}
sigbjornf
Oilpan: always shrink tail-allocated backing storage.
When shrinking backing storage allocations, some care is taken not to
introduce excessive fragmentation and/or limit later expansion of the
same object. That logic does not need to apply if the backing store is
at the tail of the current heap chunk: unconditionally reset the
allocation point, if it is.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1393863004

Cr-Commit-Position: refs/heads/master@{#353321}
mpawlowski
Add dependency on gfx_vector_icons to autofill_core_browser
autofill_cc_infobar_delegate.cc which is built as part of
autofill_core_browser uses generated vector_icons.h, there
should be an explicit dependency otherwise builds succeed
randomly.

BUG=

Review URL: https://codereview.chromium.org/1394603003

Cr-Commit-Position: refs/heads/master@{#353305}
mstensho
A new LayoutState should never locate a containing flow thread on its own.
If the parent (m_next) LayoutState doesn't have a containing flow thread set,
and the child doesn't establish one, the child shouldn't have one either. This
is crucial when doing subtree layouts directly from a FrameView, skipping any
ancestor fragmentation contexts that might be there. Changing the contents of
an INPUT element triggers this.

The bottom line here is: If we really want to re-lay out parts of a multicol
container, we better pretend that we're not inside a fragmentation context at
all.

This is perfectly safe, as long as the object we're laying out is unsplittable
and hasn't changed its own dimensions (which is true when changing the value of
an INPUT element). We have been doing this for a long time, but there was a bug
hidden in there, that got more easily exposed by
https://codereview.chromium.org/1387553002 , where we disallow strut propagation
to flex boxes, and INPUT type="number" is implemented using flexbox.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1395753004

Cr-Commit-Position: refs/heads/master@{#353291}
fs
SVGFilterBuilder::getEffectById never return nullptr
Drop the dead null-check-and-return to avoid giving the impression that
it's actually a possible error path.

BUG=533457

Review URL: https://codereview.chromium.org/1383013002

Cr-Commit-Position: refs/heads/master@{#353282}
sigbjornf
Oilpan: fix build after r353269.
TBR=oilpan-reviews
BUG=539883
NOTRY=true

Review URL: https://codereview.chromium.org/1398103002

Cr-Commit-Position: refs/heads/master@{#353281}
sigbjornf
Oilpan: fix build after r353261, part 2.
HTMLAnchorElement needs to be a declared GC mixin.

TBR=oilpan-reviews
BUG=498219
NOTRY=true

Review URL: https://codereview.chromium.org/1396983003

Cr-Commit-Position: refs/heads/master@{#353275}
sigbjornf
Oilpan: fix build after r353261.
TBR=oilpan-reviews
BUG=498219
NOTRY=true

Review URL: https://codereview.chromium.org/1398993002

Cr-Commit-Position: refs/heads/master@{#353273}
philipj
Sync the DeviceOrientation and DeviceMotion interfaces with the spec
http://w3c.github.io/deviceorientation/spec-source-orientation.html

Ther are no changes to the generated code, as a nullable readonly
attribute is handled by bindings just like a non-nullable one.

BUG=460722
R=timvolodine@chromium.org

Review URL: https://codereview.chromium.org/1387453002

Cr-Commit-Position: refs/heads/master@{#353253}
davve
Crash fix for when running under the Android emulator
For unknown reasons some versions of the Android emulator returns NULL
when asked for GL_SHADING_LANGUAGE_VERSION. Avoid passing NULL to
std::string, which causes undefined behavior.

Review URL: https://codereview.chromium.org/1358873002

Cr-Commit-Position: refs/heads/master@{#353246}
fs
Split SVGFilterbuilder into "builder" and "node map" parts
This separates the longer lived state (the LayoutObject->FilterEffect
and FilterEffect dependents maps) from the state that's only used/valid
while building a (sub)filter-graph. The former is moved to the new
class SVGFilterGraphNodeMap while the latter remain in
SVGFilterBuilder. SVGFilterBuilder can thus be converted to something
that is allocated on the stack and only kept for the building
operation. FilterData is changed to the keep a SVGFilterGraphNodeMap
instead of a builder.
The graph-building code in ReferenceFilterBuilder::build and
LayoutSVGResourceFilter::buildPrimitives is consolidated into
SVGFilterBuilder::buildGraph, with the more "relaxed" behavior of the
former kept. This should only result in a change in behavior for the
case where externally referenced filters are used.

BUG=109224,533457

Review URL: https://codereview.chromium.org/1382163003

Cr-Commit-Position: refs/heads/master@{#353125}
philipj
Sync the RTCPeerConnection interface with the spec
https://w3c.github.io/webrtc-pc/#interface-definition
https://w3c.github.io/webrtc-pc/#legacy-interface-extensions

BUG=460722
R=tommi@chromium.org

Review URL: https://codereview.chromium.org/1375533002

Cr-Commit-Position: refs/heads/master@{#353053}
sigbjornf
Oilpan: tidy up some HeapVector<> uses.
Heap references should be wrapped up using Member:

  HeapVector<T*> => HeapVector<Member<T>>

R=haraken
BUG=515524

Review URL: https://codereview.chromium.org/1394193002

Cr-Commit-Position: refs/heads/master@{#353026}
mstensho
Factor out the actual break checking from apply{After,Before}Break().
We're soon going to call this from the column balancing code.

Moved inNormalFlow() to isForcedBreakAllowed(). The new function performs some
additional checks to make sure it's an in-flow block level element. That
assumption could safely be made from apply{After,Before}Break(), but other call
sites shouldn't have to worry about such things.

Removed FIXME pair for something that was already working.

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1393673004

Cr-Commit-Position: refs/heads/master@{#353021}
sigbjornf
Revert of CC Animations: Enable external animation host for blink. (patchset #6 id:100001 of https://codereview.chromium.org/1308053006/ )
Reason for revert:
Breaks a number of tests across bots,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux/builds/55219

Confirmed locally that reverting addresses the instability.

Original issue's description:
> CC Animations: Enable external animation host for blink.
>
> Depends on blink layout tests:
> https://codereview.chromium.org/1360233004/
>
> BUG=394777
>
> Committed: https://crrev.com/399f035cbbb4726b1a5fb3729d569dedaab7919e
> Cr-Commit-Position: refs/heads/master@{#352989}

TBR=ajuma@chromium.org,vollick@chromium.org,piman@chromium.org,loyso@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=394777

Review URL: https://codereview.chromium.org/1398713002

Cr-Commit-Position: refs/heads/master@{#353020}
rune
Support deeply nested uncommonAttributeSelectors.
Selectors containing attribute selectors are collected to the
StyleResolver and matched against elements to check if they can share
style with other elements.

The function looking for attributes only went one level down for
functional pseudo classes, which means selectors like:

  :-webkit-any(:not([attr]))

were ignored and caused style to be incorrectly shared between elements.

R=leviw@chromium.org
BUG=540856

Review URL: https://codereview.chromium.org/1394663003

Cr-Commit-Position: refs/heads/master@{#353019}
sigbjornf
Oilpan: drop use of transition type for InvalidationSetVector.
Followup r352829 and remove transition type for InvalidationSetVector;
it unintentionally left it as a HeapVector with Oilpan enabled.

TBR=oilpan-reviews
BUG=

Review URL: https://codereview.chromium.org/1389403002

Cr-Commit-Position: refs/heads/master@{#352873}
sigbjornf
Do not keep InvalidationSets on the Oilpan heap.
An InvalidationSet keeps sets of names/strings and tend to have lifetimes
that track those of RuleFeatureSets and not be shared.

Hence it doesn't meet the bar for being on the Oilpan heap; for workloads
where invalidations happen frequently, having them on the heap just causes
unnecessary follow-on work in having to sweep out at some later GC.

Trivially tidy up StyleResolver construction as part of this CL also.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1389333003

Cr-Commit-Position: refs/heads/master@{#352829}
mstensho
Keep block pagination struts after layout, and store them before any type of break.
Any block-level object (block container, block-displayed image, for instance)
may now have a strut, so this is stored in the rare data section of LayoutBox.

Added layout tests for things that I nearly broke or wanted to make sure that I
didn't break, while working on this.

No behavioral changes are intended with this CL, and because struts aren't
web-exposed, I added a few "unit tests" for pagination struts.

This is a preparatory patch for refactoring the column balancing
implementation to do everything after layout, instead of during layout (will
fix bugs, get rid of the rather esoteric setPageBreak() calls scattered around,
and also make it easier to do optimizations in the future, instead of doing
almost unconditional deep layout passes when doing multicol or printing).

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1375673004

Cr-Commit-Position: refs/heads/master@{#352804}
mpawlowski
Select dark colors for generating fallback icon if possible.
When trying to establish the background color for the fallback icon,
we select the dominant color of a site's favicon and clamp its luminosity
so that we don't end up with a very light background and white text.

If the favicon has a lot of white and a bit of blue, the algorithm
returns white which we clamp down to grey. Instead, we should have used
the blue. We can force the algorithm to return blue by specifying the
upper bound of the dominant color we'd like to receive.

We still need to clamp the result because the source image may actually
not have any dark colors, in which case the algorithm will ignore the
upper bound.

BUG=539771

Review URL: https://codereview.chromium.org/1382343002

Cr-Commit-Position: refs/heads/master@{#352798}
rune
setLoadFinishTime on ImageResource for ImageDocument.
The loadFinishTime was never set on ImageResource used for the generated
image element inside an ImageDocument. We discovered this checking for
that time stamp in an internal Opera project.

Set the finish time of the ImageResource to that of the document (which
is the actual image).

Review URL: https://codereview.chromium.org/1380163006

Cr-Commit-Position: refs/heads/master@{#352730}
fs
Fix SVGUseElement "instance tree loading" status check
SVGUseElement::instanceTreeIsLoading was not checking the loading status
of the immediate <use> targer (the |targetInstance| argument to the
method.) It also wasn't checking the correct element for loading status,
since correspondingUseElement() will return the containing (innermost)
shadow host - which is not the <use> that will carry the relevant
loading status.
Make sure to check the immediate target, and check the loading status of
any <use> elements encountered (instead of attempting to look at the
"corresponding <use>").
Also rewrite the checker method to use Traversal<...>::next instead of
being recursive, and simplify resourceIsStillLoading() some.

BUG=232901

Review URL: https://codereview.chromium.org/1388093002

Cr-Commit-Position: refs/heads/master@{#352645}
mstensho
Multicol: Add test that re-lays out a float and pushes it downwards at the same time.
The test passes, but the code seems somewhat brittle, so better make sure that
it keeps working.

Inline-level layout of floats is weird. LayoutBlockFlow::layoutInlineChildren()
lays out the float before its position is updated, and then marks the lines that
it thinks are affected as dirty (it may find the wrong lines here, but I haven't
been able to make anything fail because of it). For pagination this
additionally means that the pagination strut may be wrong (since the float's
position hasn't been updated). Luckily, we get an opportunity to lay out again
in insertFloatingObject() (still at the old position, though), and yet another
opportunity in positionNewFloats() (this time at the updated position).

R=jchaffraix@chromium.org,leviw@chromium.org,robhogan@gmail.com

Review URL: https://codereview.chromium.org/1375913003

Cr-Commit-Position: refs/heads/master@{#352587}
Morten Stenshorne
LayoutBlockFlow: rename paginationStrut to paginationStrutPropagatedFromChild.
While lines (RootInlineBox) store and keep the pagination struts that get
applied in front of them, blocks don't. So using the same term (simply
paginationStrut) in blocks and lines wasn't really appropriate [*]. This
paginationStrutPropagatedFromChild thing is really something that's only needed
during layout (see if children want to move a block to the next page column
and re-lay out if necessary). Ideally it shouldn't be stored in the objects at
all, but finding a way to avoid it proved hard. Stowing it in LayoutState was
one idea, but it turned out to be too complicated.

[*] The plan is to also store proper pagination struts on blocks (because
column balancing will benefit from it). This is a preparatory patch for that.

Did some light clean-up on my way, most notably: don't add in the old and
possibly stale pagination strut when estimating a logical top position in a
subsequent layout pass. The strut had typically been set to 0 at this point
anyway, but if it hasn't this code could possibly cause some mischief. In other
words, the code was either useless or harmful.

R=leviw@chromium.org, jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1381993002 .

Cr-Commit-Position: refs/heads/master@{#352582}
tmoniuszko
Make cld2_table_size configurable in GN builds
BUG=

Review URL: https://codereview.chromium.org/1377333002

Cr-Commit-Position: refs/heads/master@{#352566}
sigbjornf
Remove unused LinkedStack.h include.
One of the few ones left in Blink, and not used.

R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1385173002

Cr-Commit-Position: refs/heads/master@{#352561}
fs
Pass SkiaImageFilterBuilder& to FilterEffect::createImageFilter
The builder should never be null, so just make it a reference.

Drop the builder arguments on SVGFEImage::createImageFilterForLayoutObject
because it's unused, and make the LayoutObject& const while touching those
lines.

Make createImageFilter overrides private.

Review URL: https://codereview.chromium.org/1387573003

Cr-Commit-Position: refs/heads/master@{#352543}
mstensho
Consistently check if a block can handle pagination strut propagation.
https://codereview.chromium.org/1360753002 got it right for inline child
layout, but did nothing for block child layout.

BUG=329421
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1387553002

Cr-Commit-Position: refs/heads/master@{#352429}
ckulakowski
Make global variable g_testing_build_time lazily created.
It's a fix for compilation error:
../../../../chromium/src/chrome/browser/ssl/ssl_error_classification.cc:121:12: error: declaration requires a global constructor [-Werror,-Wglobal-constructors]
base::Time g_testing_build_time;

Review URL: https://codereview.chromium.org/1380483004

Cr-Commit-Position: refs/heads/master@{#352410}
mstensho
Remove unused LayoutState::clearPaginationInformation().
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1377573004

Cr-Commit-Position: refs/heads/master@{#352362}
fs
Remove lingering -webkit-svg-shadow tests
-webkit-svg-shadow support was removed in r154982 (tracked in issue
262857), but leaving these three tests behind (two of which would
trivially pass because they were ref tests.)

BUG=262857,223332

Review URL: https://codereview.chromium.org/1387823003

Cr-Commit-Position: refs/heads/master@{#352332}
rune
Missing clear() for pseudo invalidation sets.
Missing clear in RuleFeatureSet::clear caused rules removed from shadow
trees to still affect invalidation after removal.

R=sigbjornf@opera.com
BUG=538586

Review URL: https://codereview.chromium.org/1368313005

Cr-Commit-Position: refs/heads/master@{#352278}
sigbjornf
Re-enable blink_perf.dom on all platforms.
TBR=eakuefner,dtu
BUG=532093
CQ_EXTRA_TRYBOTS=tryserver.chromium.perf:linux_perf_bisect;tryserver.chromium.perf:mac_10_10_perf_bisect;tryserver.chromium.perf:win_perf_bisect;tryserver.chromium.perf:android_nexus5_perf_bisect

Review URL: https://codereview.chromium.org/1387783002

Cr-Commit-Position: refs/heads/master@{#352277}
sigbjornf
Oilpan: fix build after r352251.
TBR=oilpan-reviews
BUG=495801

Review URL: https://codereview.chromium.org/1387773002

Cr-Commit-Position: refs/heads/master@{#352272}
sigbjornf
Skip DOM/click_webkit_user_select_none.html performance test.
Running it is only supported by --browser=content-shell performance runs;
skip it always for the time being.

R=haraken
BUG=532903

Review URL: https://codereview.chromium.org/1388623002

Cr-Commit-Position: refs/heads/master@{#352270}
fs
Add test for crbug.com/231604
Derived from TC by:
  Tamas Czene <tczene@inf.u-szeged.hu>
in:
  https://bugs.webkit.org/show_bug.cgi?id=88654

BUG=231604

Review URL: https://codereview.chromium.org/1369923006

Cr-Commit-Position: refs/heads/master@{#352066}
sigbjornf
Oilpan: fix build after r351974.
TBR=oilpan-reviews
BUG=225420
NOTRY=true

Review URL: https://codereview.chromium.org/1372323004

Cr-Commit-Position: refs/heads/master@{#351990}
sigbjornf
Oilpan: fix build after r351868.
We do not have compiler support for traceable Oilpan heap references,
hence undo the Member<> to ref conversion that r351868 made.

TBR=oilpan-reviews
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1370143007

Cr-Commit-Position: refs/heads/master@{#351887}
tsniatowski
Fix unix file permissions in resource zips and jar files
https://codereview.chromium.org/1319623002 changed how zip files are
created in the python helper and (accidentally?) made it set 000 unix file
permissions for the archived files. Make it 644 so the zip files are not
suprising to work with on Linux if anyone needs to look at them manually.

BUG=523420
R=dpranke@chromium.org, agrieve@chromium.org,

Review URL: https://codereview.chromium.org/1384513002

Cr-Commit-Position: refs/heads/master@{#351843}
fs
Update error-handling for fe*Lighting and feTurbulence
Invalid parameters now produce transparent black rather than failing the
build step.
The new behavior matches Gecko for fe*Lighting but not for feTurbulence
(where they seem to allow negative baseFrequency values), so in the
latter case we're siding with the "Negative values are unsupported"
wording in the spec[1].

[1] https://drafts.fxtf.org/filters/#element-attrdef-feturbulence-basefrequency

BUG=533457

Review URL: https://codereview.chromium.org/1375793003

Cr-Commit-Position: refs/heads/master@{#351817}
sigbjornf
Allow cross-thread destruction of RTCSessionDescriptionRequest objects.
ligjingle may queue incoming CreateOffer/Answer session requests from
the browser process. Should the RTC session be shut down before those
requests have been processed & queue is drained, the libjingle thread
will destruct these requests as part the session shutdown. (See
associated bug for stack trace of when&how this happens.)

Embedded in those requests are references to Oilpan heap objects, by way
of Persistent<RTCSessionDescriptionRequest>. As Persistent<>s are thread
local, requiring that the thread that created & registered them is the
one that finalizes, the destruction performed by the libjingle thread
runs into trouble.

Hence, allow libjingle to destruct CreateSessionDescriptionRequests by
having WebRTCSessionDescriptionRequests refer to the Oilpan Blink object
by way of a CrossThreadPersistent<>. It imposes no same-thread restriction
wrt destruction.

R=haraken, tommi, philipj
BUG=537745

Review URL: https://codereview.chromium.org/1380023004

Cr-Commit-Position: refs/heads/master@{#351783}
philipj
Remove some obsolete FIXMEs for HTMLAllCollection
Made obsolete by https://github.com/whatwg/html/issues/210

BUG=460722
NOTRY=true
R=jl@opera.com

Review URL: https://codereview.chromium.org/1379633005

Cr-Commit-Position: refs/heads/master@{#351782}
sigbjornf
Retire GC lockout on initializing hash buckets.
Do not disallow GCs across initialization of hash table buckets, be they
from freshly allocated tables or reuse of deleted entries. It serves
no real purpose to disallow GCs for the reasons given in the code
(the key isn't stored separately), and if the bucket is a deleted entry
being initialized, we already run the risk of having GCs with those
in the table. Hence, disallowing it extra here serves no purpose.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1378273002

Cr-Commit-Position: refs/heads/master@{#351781}
rune
SubtreeStyleChange will propagate through <content>.
No need to mark outer shadow hosts for style recalc when adding style
elements with ::content rules because InsertionPoint::willRecalcStyle
makes sure that distributed nodes and their descendants are recalculated.

BUG=537480

Review URL: https://codereview.chromium.org/1380883002

Cr-Commit-Position: refs/heads/master@{#351741}
sigbjornf
Remove unused Allocator::{enter,leave}NoAllocationScope().
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1381493006

Cr-Commit-Position: refs/heads/master@{#351740}
fs
Refine FilterEffect::createTransparentBlack
Use an image filter that will produce a region of pixels rather than one
that won't.
Fixes issue with feConvolveMatrix error handling with -webkit-filter.

BUG=533457

Review URL: https://codereview.chromium.org/1380733002

Cr-Commit-Position: refs/heads/master@{#351658}
philipj
Remove SVGSVGElement.pixelUnitToMillimeterX and friends
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/uJCmB7SzYNo/cBASMfJuBAAJ

BUG=537177
R=fs@opera.com, timvolodine@chromium.org

Review URL: https://codereview.chromium.org/1374233003

Cr-Commit-Position: refs/heads/master@{#351540}
philipj
Make Document.charset an alias of characterSet, as per spec
https://dom.spec.whatwg.org/#interface-document

Remove counters DocumentInputEncoding and DocumentCharset, they have
fulfilled their purpose as both have been specified as aliases based on
the data collected:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27435
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27436

BUG=438392
R=dominicc@chromium.org

Review URL: https://codereview.chromium.org/1365923002

Cr-Commit-Position: refs/heads/master@{#351508}
sigbjornf
On Document disposal, only dispose of script runner.
Reinstate the invariant that a Document always has a ScriptRunner
(m_scriptRunner), even after the document has been dispose()d.

The reason for disposing the Document's ScriptRunner is to clear
out back references that would otherwise cause the Document to
leak. Do just that, but don't destruct the now-empty ScriptRunner
object.

R=haraken
BUG=536796

Review URL: https://codereview.chromium.org/1380543002

Cr-Commit-Position: refs/heads/master@{#351385}
joleksy
Fix false negatives in system key events recognition
Cmd + <some other modifier> + (b|i) should be treated as a system key event.

This was already reviewed in https://codereview.chromium.org/1215633003/

now rebased to new project structure.

Review URL: https://codereview.chromium.org/1374933002

Cr-Commit-Position: refs/heads/master@{#351374}
sigbjornf
Oilpan: fix build after r351269.
R=haraken
BUG=439376

Review URL: https://codereview.chromium.org/1377813002

Cr-Commit-Position: refs/heads/master@{#351325}
fs
Move feConvolveMatrix error handling to FEConvolveMatrix
This moves the checking of error-conditions from
SVGFEConvolveMatrixElement::build to SkImageFilter build time
(FEConvolveMatrix::createImageFilter), with the change in behavior that
an feConvolveMatrix primitive that is "in error" now produces
transparent black rather than fail the chain (for 'filter' - is ignored
for '-webkit-filter'). This new behavior matches Gecko.
The 'order' vs. size('kernelMatrix') checking is also strengthed / made
more obvious by explicitly failing when overflowing the (positive) int
range. (And avoids depending on signed overflow.)
Also introduce a helper FilterEffect::createTransparentBlack and use in
FEConvolveMatrix and FEImage, and drop a bunch of unused accessor
methods on FEConvolveMatrix.

BUG=533457

Review URL: https://codereview.chromium.org/1376473002

Cr-Commit-Position: refs/heads/master@{#351139}
mostynb
add missing content_test_mojo_bindings gyp dep in content_tests.gypi
This should avoid possible build flakiness.

Found using this proposed ninja patch:
https://github.com/martine/ninja/pull/1031

BUG=536641

Review URL: https://codereview.chromium.org/1371073002

Cr-Commit-Position: refs/heads/master@{#351063}
sigbjornf
Reinstate memory pressure Oilpan GC check post V8 major GCs.
To handle workloads with high allocation rates, where the Oilpan heap
allocations only make up a small fraction compared to what's allocated
by either PartitionAlloc or V8, use V8's major GC notification as
a signal to check for the need to perform an "emergency" memory
pressure conservative GC. Otherwise there might not be enough Oilpan
allocations made to trigger out-of-line heap allocations which trigger
that same check. These GCs and workloads are rare, but reduces the
possibility of running into OOM conditions when Oilpan is faced with
those.

An example where it does show up is Dromaeo's dom-modify.html, which
has a subtest that heavily allocates Text nodes, each holding a longer
string. As each Text node is a small Oilpan heap object, not a lot of heap is
needed for the nodes, but PartitionAlloc's buffer partition size grows much
more sharply and risks signalling OOM. V8's RTS notices the memory pressure
and triggers extra GCs; reuse that signal in Oilpan.

Hence, bring back the check that https://codereview.chromium.org/1190513006/
added for checking this condition.

R=haraken
BUG=474470

Review URL: https://codereview.chromium.org/1369783002

Cr-Commit-Position: refs/heads/master@{#351044}
sigbjornf
Return early for vec.remove(position, 0).
If the item range being removed has no extent, no item is removed
from the vector. Return early, if so.

Style invalidation uses this Vector remove() operation upon restoring
state (RecursionCheckpoint), with the length being zero often.
Optimize its handling.

The performance of blink_perf.css.ClassInvalidation and
blink_perf.css.ClassDescendantSelector is improved 15-20% as a result
(without Oilpan, windows + linux64.)

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1370933002

Cr-Commit-Position: refs/heads/master@{#351029}
rune
No need to recalc style before StyleResolver::computeFont.
StyleResolver::computeFont does not rely on the computed style of any
elements in the document tree. The updateLayoutTree call was there to
avoid an assert due to an unnecessary composed tree traversal for a
parent node. That traversal was removed by [1], so the updateLayoutTree
call should no longer be needed.

This change gets rid of synchronous style recalcs when FontFaceSet.load()
is called.

[1] https://codereview.chromium.org/1367743002/

BUG=536625

Review URL: https://codereview.chromium.org/1372823002

Cr-Commit-Position: refs/heads/master@{#351025}
sigbjornf
Avoid creating duplicate Range objects when handling misspellings.
When iterating over the input text and marking its misspellings, avoid
creating duplicate Range objects from the check & paragraph EphemeralRanges
if they're identical.

This addresses a performance regression on trunk (non-Oilpan) for
blink_perf.dom.textarea-edit introduced by the EphemeralRange-switching
https://codereview.chromium.org/1331893002

R=haraken
BUG=530740

Review URL: https://codereview.chromium.org/1369713002

Cr-Commit-Position: refs/heads/master@{#351001}
sigbjornf
Speed up updating inner value of HTMLTextFormControlElements.
Upon setting the inner string value of an element like <textarea/>, we
append a solitary trailing <br> if the new value ends with a line
break character (for layout and content editable purposes.)

Upon replacing that string value with another, check if the shadowed
inner element being updated has such a trailing <br> element and remove
it first, before proceeding with setting the new value. Doing so enables
fast replacement of text nodes rather than invoking the general path of
replacing a set of siblings with a text node.

This is of most benefit with Oilpan enabled, as it reduces the heap
allocations made when handling this update operation. For a deep-loop
microbenchmark like blink_perf.DOM.textarea-dom, a 10% speedup is
observed (linux, windows).

Linux64-chrome numbers on textarea-dom:

- Oilpan enabled:
  + ToT: 14.6 runs/s
  + CL:  16.6 runs/s

- Oilpan disabled:
  + ToT: 16.5 runs/s
  + CL:  16.9 runs/s

R=tkent,haraken,esprehn
BUG=

Review URL: https://codereview.chromium.org/1355013002

Cr-Commit-Position: refs/heads/master@{#350989}
fs
Refine invalidation of filter clients in LayoutSVGResourceContainer
When an outermost <svg> had a non-filter-induced layer it would fall
into the layer-oriented code-path in
LayoutSVGResourceContainer::registerResource even if it didn't have a
'-webkit-filter' property. Because of this, the layout object would not
get invalidated (if it had a 'filter' property).
Refine the conditions involved to allow both properties to trigger
invalidations as needed. Also avoid the filter invalidation hack when
possible and take the opportunity to make good use of a for-range loop.

BUG=535800

Review URL: https://codereview.chromium.org/1364403003

Cr-Commit-Position: refs/heads/master@{#350900}
fs
Allow zero inputs for feMerge
An feMerge which doesn't have any inputs should simply produce no output
(rather than failing the filter chain.)
Both FEMerge (w/ minor tweak) and SkMergeImageFilter are able to cope with
this case.
Any single-input primitives that sources from the merge will also not
produce any output. This behavior actually matches Gecko, and the spec
is not very outspoken on the matter.

BUG=533457

Review URL: https://codereview.chromium.org/1368113002

Cr-Commit-Position: refs/heads/master@{#350884}
sigbjornf
Oilpan: fix build after r350813.
TBR=oilpan-reviews
BUG=510398
NOTRY=true

Review URL: https://codereview.chromium.org/1365503006

Cr-Commit-Position: refs/heads/master@{#350820}
sigbjornf
Oilpan: revert page navigation count GCing.
The inclusion of https://codereview.chromium.org/1353283002 as
part of r350775 was not intentional - back it out.

We want to land some variation of this now, but not in this form.

R=haraken
BUG=534524

Review URL: https://codereview.chromium.org/1369683003

Cr-Commit-Position: refs/heads/master@{#350806}
sigbjornf
Manage WebGLRenderingContextBase's weak refs manually without Oilpan.
WebGLRenderingContextBase keeps a set of registered on-heap WebGLContextObjects,
ensuring that these are detached if it is finalized first -- it being unsafe to
make any reverse access of the *Base object from those after that point. These
references must however be weak as the *Base object mustn't keep WebGL objects
alive if they're not otherwise used & referenced.

Without Oilpan enabled by default, *Base isn't on the heap, that set of
weak WebGLContextObject references must be managed manually rather than relying
on HeapHashSet<WeakMember<T>>. If we were to do so, a GC might identify a
WebGLContextObject as only being weakly referenced from the *Base object and
clear out the entry for it in the set. Should the *Base object then be finalized
and destructed before that WebGLContextObject is lazily swept, it would attempt
to access an already freed object. With sorry consequences.

To address, we keep an off-heap set of untraced raw WebGLContextObject pointers,
which are effectively weak. Like now/before, it is the responsibility of either
the WebGLContextObject to detach itself when finalized or have the *Base
object do that and detach the whole set.

R=kbr,haraken
BUG=534524

Review URL: https://codereview.chromium.org/1363243003

Cr-Commit-Position: refs/heads/master@{#350775}
tsniatowski
Move goma/ccache logic to //build/toolchain/gcc_toolchain.gni
Avoid logic duplication between linux/android/... toolchain definitions
that all did the same thing. This is helpful for further work with
compiler prefixes / wrappers, in particular for non-goma-users.

Some toolchains used the prefix on nm and objcopy calls, this was probably
wrong and no longer happens. The toolchains that used gcc_toolchain.gni
but did not manually setup goma/ccache opt out of the setting to avoid
large behavior changes.

BUG=

Review URL: https://codereview.chromium.org/1361403002

Cr-Commit-Position: refs/heads/master@{#350767}
jb
Pending scripts can cause disposed documents to leak.
The script runner of a document may still be holding pending scripts
when the document is disposed (e.g. due to navigation). The script
runner, and thus the pending scripts, is cleared in the destructor of
the document. However, the pending scripts keep a reference to the
script element they belong to. The script element in turn, keeps a
guard ref to the document, so the document will never be deleted.
Clearing the script runner in dispose clears the pending scripts and
breaks the reference cycle so that document can be deleted.

BUG=534844
R=sigbjornf@opera.com

Review URL: https://codereview.chromium.org/1368623003

Cr-Commit-Position: refs/heads/master@{#350664}
sigbjornf
Common up eager handling of sweeping.
Code tidying, no change in functionality.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1361073002

Cr-Commit-Position: refs/heads/master@{#350644}
fs
Tweak asserts for dominant-baseline in SVGTextLayoutEngineBaseline
The 'no-change' and 'reset-size' dominant-baseline value will consult
their parent to try and resolve a suitable value. If the parent has one
of these values, the process will continue up the ancestor chain.
When reaching the LayoutView however, we should encounter the initial
value ('auto') and the search will end.
Move the assertion for an existing parent down into the branches that
handle the values 'no-change' and 'reset-size'.
Also rewrap a comment and replace a FIXME with TODO.

BUG=534796

Review URL: https://codereview.chromium.org/1360083003

Cr-Commit-Position: refs/heads/master@{#350612}
fs
Make error-handling for feColorMatrix consistent
After/with https://codereview.chromium.org/1087283002, error-handling
for feColorMatrix will differ based on when the error occured (in
"initial" content, or through later script mutation; "initial" meaning
the state on first paint).
Align the two different code-paths by removing error-handling entirely
from one of them (SVGFEColorMatrixElement::build) building on the CL
mentioned above.

Also take this opportunity to align our error-handling behavior with
Gecko:
 * Excess 'values' for type='matrix' => use identity
 * Excess 'values' for type='saturate'/'huerotate' => use identity

The test svg/filterS/feColorMatrix-values.svg is updated to reflect the
above, and is converted to a ref-test while at it.
Tweak the DRT output for FEColorMatrix to only output 'values' if they
are valid and actually used.

BUG=534763, 533457
TBR=senorblanco@chromium.org,fmalita@chromium.org

Review URL: https://codereview.chromium.org/1366903002

Cr-Commit-Position: refs/heads/master@{#350607}
alexanderk
Extend unittest to test follow-module behavior of find_dependencies.py
Problem origin: https://crbug.com/527836
Fixed: https://codereview.chromium.org/1306953007

BUG=531562

Review URL: https://codereview.chromium.org/1347283006

Cr-Commit-Position: refs/heads/master@{#350582}
sigbjornf
blink_perf.dom.textarea-dom: vary text nodes added.
This benchmark is meant to measure the performance of a sequence of
text node appends to a <textarea/> element. Have that sequence consist
of varying strings rather than the exact same one. This is done so as to
have the measurement not be influenced by whatever reuse of text
node strings that the underlying allocator is able to provide if using
identical strings.

R=
BUG=

Review URL: https://codereview.chromium.org/1367923004

Cr-Commit-Position: refs/heads/master@{#350533}
philipj
Remove SVG hasExtension() methods
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/Ae_lmov16_o/Wa5XhHFoAAAJ

BUG=532405
R=fs@opera.com

Review URL: https://codereview.chromium.org/1359053004

Cr-Commit-Position: refs/heads/master@{#350512}
sigbjornf
Oilpan: exempt CSSBasicShapeValue from GC plugin checking.
The GC plugin isn't capable of determining that CSSValue's
traceAfterDispatch() method is safe for subtypes of CSSBasicShapeValue
and throws an error. Until the plugin or the method have been adjusted
into a form that passes the plugin's static checks, exempt the
class from the GC plugin's reach.

R=haraken
BUG=535448

Review URL: https://codereview.chromium.org/1365003002

Cr-Commit-Position: refs/heads/master@{#350508}
christiank
Allow task pools to reason about transparency.
This will allow task pools to select different formats depending on if a tile contains transparency or not.

BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1351283003

Cr-Commit-Position: refs/heads/master@{#350495}
tsniatowski
Add ninja console pool support to GN
Allow GN actions to specify "console = true", which will translate into
a "pool = console" setting in the generated ninja files. The console
pool allows a ninja target to have unbuffered io, access to standard
input, and is limited to one target at a time.

R=brettw@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1358803002

Cr-Commit-Position: refs/heads/master@{#350321}
mstensho
Only block container children support pagination struts.
Removed partial support for pagination struts on table captions, since it
didn't work too well (caused inconsistent layout and also overlap with the
table section that followed). Instead, set a strut on the content inside the
caption (first line, for instance), just like we already do for table cells.

We had a check to avoid setting pagination struts on table cells, but there was
no similar check for table captions. Replaced the check with examining the
containing block. We may only set a pagination strut on a block if its
containing block is a block container (LayoutBlockFlow). This automatically
fixes similar issues with flexboxes and possible other layout modes too.

BUG=329421
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1360753002

git-svn-id: svn://svn.chromium.org/blink/trunk@202648 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Update handling of negative radius for feMorphology
Spec[1] states:

 "A negative or zero value disables the effect of the given filter
  primitive (i.e., the result is the filter input image)."

So change FEMorphology to clamp radii to non-negative and stop treating
as an error in SVGFEMorphologyElement::build.

[1] https://drafts.fxtf.org/filters/#element-attrdef-femorphology-radius

BUG=533457

Review URL: https://codereview.chromium.org/1344283004

git-svn-id: svn://svn.chromium.org/blink/trunk@202644 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Update handling of negative std.dev for feGaussianblur/feDropShadow
Spec[1] states:

 "A negative value or a value of zero disables the effect of the given
  filter primitive (i.e., the result is the filter input image)."

Update SVGFEGaussianBlurElement and SVGFEDropShadowElement to reflect
this, and update the references for the corresponding tests.

Drop accessors on FEDropShadow because they are unused.

[1] https://drafts.fxtf.org/filters/#element-attrdef-fegaussianblur-stddeviation

BUG=533457

Review URL: https://codereview.chromium.org/1350903009

git-svn-id: svn://svn.chromium.org/blink/trunk@202643 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Sync m_lastRemainingAllocationSize on promptly freeing objects.
A heap's m_lastRemainingAllocationSize field is used to limit updating
of heap allocated object size tracking. Upon promptly freeing objects,
make sure it is synchronized so as to it avoid deviating across multiple
such operations.

R=haraken
BUG=534423

Review URL: https://codereview.chromium.org/1360763002

git-svn-id: svn://svn.chromium.org/blink/trunk@202634 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Consider Layout tree cycles when resolving the <pattern> content element
When SVGPatternElement determines the attributes of a pattern, it will
not factor in any cycles brought upon it by the actual content elements.
The cycle solver however does this analysis when it is run on a
resource.
To bridge this DOM vs. Layout tree "gap", make sure to inspect the chain
of linked resources when determining the content element to use when
generating the pattern data.

BUG=104448

Review URL: https://codereview.chromium.org/1356053002

git-svn-id: svn://svn.chromium.org/blink/trunk@202631 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202625.
TBR=oilpan-reviews
BUG=529640
NOTRY=true

Review URL: https://codereview.chromium.org/1358083002

git-svn-id: svn://svn.chromium.org/blink/trunk@202629 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Remove unused variable movedSectionLogicalTop from table layout code.
R=jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1351383006

git-svn-id: svn://svn.chromium.org/blink/trunk@202628 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
[Docs] Fix shell command formatting and line breaking
Review URL: https://codereview.chromium.org/1351233003

Cr-Commit-Position: refs/heads/master@{#350117}
fs
Remove kernelUnitLength plumbing
'kernelUnitLength' is not supported in Blink, and is deprecated in the
spec [1][2][3].
Rip out the plumbing and (FilterEffect) storage for it, since it's dead
code for practical purposes (see below though...)

The svg/dynamic-updates/SVGFEConvolveMatrixElement-*-kernelUnitLength-*
tests now actually show something because the kernelUnitLength of 0.05
no longer truncate to 0 and trigger an error. (0.05 should have been a
valid value previously too.)

The tests for negative kernelUnitLengths are dropped because they're no
longer of any use.

[1] https://drafts.fxtf.org/filters/#element-attrdef-feconvolvematrix-kernelunitlength
[2] https://drafts.fxtf.org/filters/#element-attrdef-fediffuselighting-kernelunitlength
[3] https://drafts.fxtf.org/filters/#element-attrdef-fespecularlighting-kernelunitlength
    (feSpecularLighting seems to be missing the Note, but it's the same
     as for feDiffuseLighting anyhow.)

BUG=231613

Review URL: https://codereview.chromium.org/1354923003

git-svn-id: svn://svn.chromium.org/blink/trunk@202601 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop virtual LightSource::create
Not used.

Review URL: https://codereview.chromium.org/1355713004

git-svn-id: svn://svn.chromium.org/blink/trunk@202593 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: like Vector<T>, restrict Deque<T> to certain part objects.
Impose the limitations put on Vector<T> on Deque<T> also. They're
both backed by a vector buffer where unused slots are zero'ed so as
to be safe when (conservatively) tracing the buffer contents or when
finalizing it.

In order to use a designated zero for cleared elements, certain
conditions have to be placed on the kinds of T we can allow when
T is a part object annotated with ALLOW_ONLY_INLINE_ALLOCATION().
Impose these statically by way of static_assert()s.

R=tkent,haraken
BUG=420515

Review URL: https://codereview.chromium.org/1051853003

git-svn-id: svn://svn.chromium.org/blink/trunk@202574 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202549.
R=haraken
BUG=501896

Review URL: https://codereview.chromium.org/1357803002

git-svn-id: svn://svn.chromium.org/blink/trunk@202569 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
linux gn config should check use_gconf before looking for it with pkg-config
BUG=388412

Review URL: https://codereview.chromium.org/1355793003

Cr-Commit-Position: refs/heads/master@{#349790}
fs
Scale objectBoundingBox units for primitive dimensions w/ -webkit-filter
Minor mismatch with the other code-path (in SVGFilterPainter).
Drop the default argument value from the 4-ary Filter::create().

BUG=532938

Review URL: https://codereview.chromium.org/1346143005

git-svn-id: svn://svn.chromium.org/blink/trunk@202522 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Avoid stack overflow triggered by out-of-band layout of flexbox child.
Flexbox uses LayoutBlock::finishDelayUpdateScrollInfo(), which may jump to some
arbitrary block in the subtree and lay it out directly. This is bad, at least
for multicol, since it requires that a flow thread be entered have its children
laid out without skipping any parents in the chain.

LayoutMulticolFlowThread::skipColumnSpanner() was called on the wrong flow
thread, which resulted in m_lastSetWorkedOn pointing to a column set that was
part of an inner flow thread, and not the flow thread we called. That made
columnSetAtBlockOffset() return a column set from an inner flow thread, causing
an infinite recursion when walking upwards in the flow thread ancestry chain).

So the spanner was in the inner flow thread, but it was the outer flow thread
that got called. This happened because our LayoutState says that's the
innermost flow thread being laid out at the moment, because
finishDelayUpdateScrollInfo() just teleported and laid out a descendant of the
inner flow thread.

Luckily there's a safer way of obtaining the flow thread associated with a
spanner, so do that instead.

This is not a perfect fix. LayoutState still points to the wrong flow thread
(we just avoid asking it). The root cause remains (out-of-band layout), and
there may be other bugs caused by this. For multicol, we're still not in the
clear. Since we have a skipColumnSpanner() call without laying out the flow
thread, we'll get an assertion failure next time we lay out the flow thread,
because it will assert that there be no m_lastSetWorkedOn (but
skipColumnSpanner() has set that one while not laying out the flow thread).

But at least we're getting rid of the infinite recursion.

Since we now call skipColumnSpanner() on a LayoutMultiColumnFlowThread, instead
of on a LayoutFlowThread, we need to make that method public (private overrides
is just asking for trouble). And since this is the only caller, make it
non-virtual while at it. LayoutFlowThread no longer needs this.

BUG=526664
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1328923002

git-svn-id: svn://svn.chromium.org/blink/trunk@202519 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjorn
Add histogram for key exchange strength
BUG=525957

Review URL: https://codereview.chromium.org/1312363004

Cr-Commit-Position: refs/heads/master@{#349644}
sigbjorn
Expose OpenSSL's key_exchange_info in the content API
The key_exchange_info contains information about the strength of the SSL
key exchange. This information is useful for statistics, user information,
and making trust decisions for connections. This commit makes the information
available in the API.

BUG=525957

Review URL: https://codereview.chromium.org/1313363003

Cr-Commit-Position: refs/heads/master@{#349635}
fs
Merge SVGFilter into Filter
This brings the handling for bbox-relative coordinates into the base
class and drops the empty shell that remains.

BUG=109224

Review URL: https://codereview.chromium.org/1348973004

git-svn-id: svn://svn.chromium.org/blink/trunk@202465 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202439.
TBR=oilpan-reviews
BUG=437696
NOTRY=true

Review URL: https://codereview.chromium.org/1349013003

git-svn-id: svn://svn.chromium.org/blink/trunk@202440 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202421.
TBR=oilpan-reviews
BUG=492204
NOTRY=true

Review URL: https://codereview.chromium.org/1346413003

git-svn-id: svn://svn.chromium.org/blink/trunk@202432 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Increment style version for all style changes.
markAncestorsWithChildNeedsStyleRecalc incremented styleVersion on
Document, while markAncestorsWithChildNeedsStyleInvalidation did not.
That made us detect style changes differently depending on the type of
selectors which would be affected by a change - if we would schedule an
invalidation set, or set SubtreeStyleChange directly.

Instead increment style version on scheduleLayoutTreeUpdate.

R=ericwilligers@chromium.org,esprehn@chromium.org

Review URL: https://codereview.chromium.org/1333193004

git-svn-id: svn://svn.chromium.org/blink/trunk@202419 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tsniatowski
Fix //content/plugin ax_enums gn build flake (take 2)
Flake observerd with target_os="android" and enable_plugins=true,
probably can happen on other platforms as well.
//content/plugin/plugin_thread.cc ends up including the generated
ax_enums header so needs a dependency.

This is a retry of crrev.com/1343883003 with a direct ax_gen dep instead
of going via //content/public/common to avoid a dependency cycle in
component builds.

R=ananta@chromium.org, jam@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1344883002

Cr-Commit-Position: refs/heads/master@{#349228}
mostynb
gn help switches doc fixup
GN docs refer to "gn help" for common command-line switches in a couple
of places, but that only shows the top level help.  The reference
should of course be "gn help switches".

Review URL: https://codereview.chromium.org/1348633002

Cr-Commit-Position: refs/heads/master@{#349215}
mstensho
Remove special pagination code for floats and out-of-flow objects.
This got added years ago, to make something work, either for CSS regions or for
the old multicol implementation.

I see no need for this code, and it was getting in my way.

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1343163005

git-svn-id: svn://svn.chromium.org/blink/trunk@202351 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Specify the source rect on the SourceGraphic
Instead of carrying the source rectangle of the filter input (the
'SourceGraphic') in the Filter, specify it in the input FilterEffect
(SourceGraphic).
This allows for getting rid of the sourceImageRect() method on Filter
and implementations (it's only actually non-empty for SVGFilter and
related code-paths.)

BUG=109224

Review URL: https://codereview.chromium.org/1338753003

git-svn-id: svn://svn.chromium.org/blink/trunk@202346 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Lazily instantiate Geolocation permission manager maps.
Delay creating the bidirectional maps needed to handle Geolocation
permission requests until actually used. To avoid instantiating a
pair of Persistent<> references when doing so, move the wrapper
private object to the Oilpan heap.

R=haraken,tkent
BUG=340522

Review URL: https://codereview.chromium.org/1339353002

git-svn-id: svn://svn.chromium.org/blink/trunk@202336 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
move zip template to a non-android-specific .gni file
The zip template really isn't android-specific, let's move it to its
own .gni file which doesn't assert(is_android).

Review URL: https://codereview.chromium.org/1345733002

Cr-Commit-Position: refs/heads/master@{#349016}
fs
Propagate resource-triggered repaints to text node children of <text>
When a paint server is modified, it is marked for layout and its clients
are marked for repaint. In the case of <text> (and <tspan> and other
text content elements), the text nodes (for which the actual painting is
performed) uses their parent (LayoutObject) to get the fill/stroke. This
means that if a repaint is requested for all clients of a resource, the
text nodes will not be notified.
Add and use a new paint invalidation reason for this case:
PaintInvalidationSVGResourceChange
Handle this reason in LayoutSVGText and LayoutSVGInline.
Generalize the ancestorHadPaintInvalidationForLocationChange
functionality, renaming it to forcedSubtreeInvalidationWithinContainer.

BUG=528159

Review URL: https://codereview.chromium.org/1331053002

git-svn-id: svn://svn.chromium.org/blink/trunk@202280 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tsniatowski
Fix //content/plugin ax_enums gn build flake
Flake observerd with target_os="android" and enable_plugins=true:
//content/plugin/plugin_thread.cc ends up including the generated
ax_enums header so make it depend on it.

BUG=

Review URL: https://codereview.chromium.org/1343883003

Cr-Commit-Position: refs/heads/master@{#348918}
fs
Don't import win32gui when it's not needed
If --parent-window=... isn't passed, then parent_window will be None,
and importing win32gui then is unnecessary.

Review URL: https://codereview.chromium.org/1335993002

Cr-Commit-Position: refs/heads/master@{#348914}
the_jk
Fix running gyp with configuration_policy=0
Running gyp in chromium with configuration_policy set to 0 fails as
multiple targets that are behind condition of configuration_policy==1
are referenced without corresponding conditionals

BUG=530579

Review URL: https://codereview.chromium.org/1334253002

Cr-Commit-Position: refs/heads/master@{#348903}
fs
Merge ReferenceFilter into Filter
The number of differences between the different subclasses of Filter is
decreasing. This brings in a sink and source reference into the
baseclass and makes use of that for users of the SVGFilter subclass too.
Instances of 'targetBoundingBox' is renamed to 'referenceBox' and the
absoluteFilterRegion() method is simplified.

BUG=109224

Review URL: https://codereview.chromium.org/1326183002

git-svn-id: svn://svn.chromium.org/blink/trunk@202273 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Document that navigator.appName is always "Netscape" (per spec)
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27796
https://html.spec.whatwg.org/#client-identification

BUG=460722
NOTRY=true

Review URL: https://codereview.chromium.org/1339683004

git-svn-id: svn://svn.chromium.org/blink/trunk@202268 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202264.
TBR=oilpan-reviews
BUG=513568
NOTRY=true

Review URL: https://codereview.chromium.org/1339303002

git-svn-id: svn://svn.chromium.org/blink/trunk@202265 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Have a Page's MemoryPurgeController be a separate allocation also.
A Page keeps and owns a number of controllers, each being separately allocated.
Extend that to also apply to MemoryPurgeController; it is created on demand,
and no longer a part object.

R=haraken
BUG=520496

Review URL: https://codereview.chromium.org/1335373003

git-svn-id: svn://svn.chromium.org/blink/trunk@202261 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Floats' margins do not collapse with page or column boundaries.
When we push a float to the next page or column, push its top margin as well,
and do so consistently. In some cases we lost the margin, in some other cases
we got a double margin, and in yet some other cases we actually got it right.

There was code that asserted (in a comment) that having a pagination strut and
being unsplittable for pagination were mutually exclusive, but that's wrong. If
the first child (block / line) of a float doesn't fit in the current page or
column, we'll set a strut on the float. At the same time, the float may very
well be unsplittable for pagination. So, first pushing to the next page or
column because it's unsplittable, and THEN adding the strut will effectively
result in adding the pagination strut twice. This would be a problem both with
and without a top margin on the float.

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1303993007

git-svn-id: svn://svn.chromium.org/blink/trunk@202212 bbb929c8-8fbe-4397-9dbb-9b2b20218538
alexanderk
Add module dir to sys.path in FindPythonDependencies
while loading modules using imp.load_source()

find_dependencies script was broken
after modifications done in tools/perf/run_benchmark
CL https://codereview.chromium.org/1280903003

BUG=527836

Review URL: https://codereview.chromium.org/1306953007

Cr-Commit-Position: refs/heads/master@{#348653}
fs
Compute outline mid-line in way that works with negative start-values
Since the expression (x1+x2)/2 will always "round" towards zero, if one
of the points (usually x1) is negative, the wrong "mid-line" will be
computed, and as a result part of the outline will shift right/down.
Instead compute the mid-line as x1+(x2-x1)/2 (or x1+thickness/2) i.e
perform the division on something that is known to be non-negative and
then offset from the starting point. (Similar reasoning for the other
dimension.)

BUG=529010

Review URL: https://codereview.chromium.org/1343773002

git-svn-id: svn://svn.chromium.org/blink/trunk@202205 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Conditionally update FontSelector on invalidation.
When invalidating a FontFallbackList to use a new FontSelector, check that
the new FontSelector really represents a change. Avoids needless
RefPtr/Persistent churn.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1341783003

git-svn-id: svn://svn.chromium.org/blink/trunk@202203 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Simplify SelfKeepAlive<T>'s representation.
Following r202197, a Persistent<> is only instantiated when assigned a
non-null pointer value. Consequently, SelfKeepAlive<>'s use of an OwnPtr<>
indirection to achieve the same is no longer needed.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1339043002

git-svn-id: svn://svn.chromium.org/blink/trunk@202202 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
No longer any need to delete the line box tree on our own.
The LayoutBlockFlow::moveChildrenTo() override takes of that for us.

BUG=327070
R=szager@chromium.org

Review URL: https://codereview.chromium.org/1311023003

git-svn-id: svn://svn.chromium.org/blink/trunk@202200 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Restrict registered PersistentNodes to non-empty ones.
It is not uncommon for Persistent<> members to be left as empty/null
upon construction, but possibly written to later during the object's
lifetime. Hence delaying the allocation and registeration of the
Persistent<>'s PersistentNode until it is initialized with a non-null
value avoids the alloc/free overhead for Persistent<>s that are never
initialized. And reduces the number of PersistentNode roots that the
GC has to iterate over.

By adopting that scheme here, the number of PersistentNodes allocated
when loading google.com is (approx) halved. Similar reductions consistently
seen elsewhere.

Dually, we also introduce the deallocation of the PersistentNode upon
updating the Persistent<> with nullptr. This is done so as to allow
a thread to cleanly shut down by first only clearing the persistents it
has allocated (and not require it to somehow separately destruct these
first -- that happens upon clearing.)


R=haraken
BUG=483380

Review URL: https://codereview.chromium.org/1338573003

git-svn-id: svn://svn.chromium.org/blink/trunk@202197 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Explicitly include MacScrollTypes.h in view_messages.h
This header is currently included via WebScrollbarTheme.h (which is
needed for blink::ScrollerStyle). Explicitly including it makes the
dependency clearer.

Review URL: https://codereview.chromium.org/1339613002

Cr-Commit-Position: refs/heads/master@{#348601}
fs
Move safe_browsing include into FULL_SAFE_BROWSING guard
Review URL: https://codereview.chromium.org/1339663002

Cr-Commit-Position: refs/heads/master@{#348586}
sigbjornf
Add (back) assignment operator overloads over Persistent<> types.
Overloads aren't inherited, so add the required delegating operator=
overload implementation for (CrossThread)(Weak)Persistent<> types.

Without these, an assignment like

  V :: Persistent<T>
  X :: RawPtr<T>

  V = X;

will be desugared & compiled as

  V = Persistent<T>(X);  // where "=" is the copy constructor.

i.e., introducing (and allocating) a temporary Persistent<> for the RHS.

(This assignment shows up when initializing a WebPrivatePtr<T> over a GCed
type T, for instance.)

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1335303002

git-svn-id: svn://svn.chromium.org/blink/trunk@202191 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202176.
R=haraken
BUG=437696
NOTRY=true

Review URL: https://codereview.chromium.org/1337383002

git-svn-id: svn://svn.chromium.org/blink/trunk@202186 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Multicol: Min-height should have no effect if content is taller and height is auto.
Calling computeLogicalHeight() before layout is somewhat problematic, since we
don't know the content/intrinsic height at that point. Specifying that height
as 0 would return the value of min-height (if specified) and make the multicol
code believe that height is constrained, and prevent columns from getting any
taller than that. In other words, min-height was more or less treated as
max-height in multicol.

Since we only want to know if we have a non-auto height that could constrain
the column heights, we can just skip computeLogicalHeight() if height is
indefinite.

BUG=65731
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1322513003

git-svn-id: svn://svn.chromium.org/blink/trunk@202162 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
unbreak no-webrtc builds
https://codereview.chromium.org/1330873002 broke builds with webrtc
disabled.

BUG=262211

Review URL: https://codereview.chromium.org/1340483002

Cr-Commit-Position: refs/heads/master@{#348435}
fs
Rename LayoutSVGTransformableContainer::m_lastTranslation
To m_additionalTranslation, since 'last' is ambiguous. The 'additional'
is from spec wording: "An additional transformation translate(x,y) ...".

Review URL: https://codereview.chromium.org/1337063002

git-svn-id: svn://svn.chromium.org/blink/trunk@202147 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Replace use Range::selectNodeContents() with EphemeralRange counterpart.
Switch to EphemeralRange::rangeOfContents() and avoid a Range allocation
in the process.

R=haraken
BUG=388681

Review URL: https://codereview.chromium.org/1337923002

git-svn-id: svn://svn.chromium.org/blink/trunk@202139 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Introduce Range::dispose() for prompt detachment from owner Document.
With Oilpan, Range objects become detached from their Document once GC
determines that the Range object is no longer referred to and can be
swept out, along with clearing out the object from the Document's weak
map. If GCs aren't otherwise being triggered regularly, this can in
some cases lead to unnecessary buildup of weakly held, but effectively
dead objects in that Document map. Something which slows down GC once
it eventually strikes.

To address, we introduce a dispose() method over Range so as to let code
handle the cases where it is known that the Range object is no longer
referenced & used and can be promptly detached from its Document. Less
GC overhead being the (desired) result.

R=yosin,haraken
BUG=388681

Review URL: https://codereview.chromium.org/1335573004

git-svn-id: svn://svn.chromium.org/blink/trunk@202138 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r202130.
The Blink GC plugin is syntactic, requiring GCed fields to literally
appear within the trace() method body. Once that don't are assumed not
to have been traced. Which prevents the use of an accessor, like r202130
introduced.

TBR=oilpan-reviews,yosin
BUG=513568
NOTRY=true

Review URL: https://codereview.chromium.org/1337933002

git-svn-id: svn://svn.chromium.org/blink/trunk@202137 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Include additional translation in getBBox for SVGUseElement
LayoutObject::objectBoundingBox() can't be used, because the additional
translation is included in the local-to-parent transform.

BUG=512081

Review URL: https://codereview.chromium.org/1310873004

git-svn-id: svn://svn.chromium.org/blink/trunk@202136 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Remove tautological comparison in CellSpan::ensureConsistency
Avoid a compilation warning when compiling with -Wtautological-compare
flag.

Review URL: https://codereview.chromium.org/1339633002

git-svn-id: svn://svn.chromium.org/blink/trunk@202135 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Avoid warnings in NetworkQualityEstimatorTest.TestCaching
Gets rid of the following compilation errors:
../../net/base/network_quality_estimator_unittest.cc:465:118: error: expression with side effects has no effect in an unevaluated context [-Werror,-Wunevaluated-expression]
../../net/base/network_quality_estimator_unittest.cc:476:118: error: expression with side effects has no effect in an unevaluated context [-Werror,-Wunevaluated-expression]

Review URL: https://codereview.chromium.org/1335943002

Cr-Commit-Position: refs/heads/master@{#348384}
ckulakowski
Guard usage of kEnableMediaRouter with ENABLE_MEDIA_ROUTER
Definition of kEnableMediaRouter is guarded with ENABLE_MEDIA_ROUTER.
All usages also should be guarded with this switch.

Review URL: https://codereview.chromium.org/1219063014

Cr-Commit-Position: refs/heads/master@{#348365}
fs
Check renderability of images in a (-webkit-)cross-fade before using
If the image fails to decode or otherwise trigger an error, we don't
want to render it, since it will render (or measure) the "broken image"
placeholder.

BUG=111512

Review URL: https://codereview.chromium.org/1334713002

git-svn-id: svn://svn.chromium.org/blink/trunk@202122 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Switch TextCheckingParagraph&Helper over to EphemeralRanges.
With the lighter EphemeralRange available, it is unnecessary to have
the SpellChecker utilities TextCheckingHelper and TextCheckingParagraph
continue to use Range objects. Switch over to EphemeralRange.

R=yosin
BUG=388681

Review URL: https://codereview.chromium.org/1331893002

git-svn-id: svn://svn.chromium.org/blink/trunk@202121 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Sync svg-d-interpolation.html expectations.
Following Blink r202067, this test no longer leaks.

R=haraken
BUG=529370
NOTRY=true

Review URL: https://codereview.chromium.org/1334163002

git-svn-id: svn://svn.chromium.org/blink/trunk@202119 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Introduce firstEphemeralRangeOf().
Provide an EphemeralRange counterpart to firstRangeOf() and make use of
it where possible.

R=
BUG=388681

Review URL: https://codereview.chromium.org/1332823002

git-svn-id: svn://svn.chromium.org/blink/trunk@202090 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Avoid a SVG property list-induced leak (Oilpan).
Address animations/svg-attribute-interpolation/svg-d-interpolation.html
leak.

R=haraken,kouhei
BUG=528275

Review URL: https://codereview.chromium.org/1328223002

git-svn-id: svn://svn.chromium.org/blink/trunk@202067 bbb929c8-8fbe-4397-9dbb-9b2b20218538
bratell
Memory-infra: Change "objects_count" to "object_count" in category name.
TBR=thakis@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1334673004

Cr-Commit-Position: refs/heads/master@{#348166}
fs
Drop special-case handling of zero-length subpaths
Handled by Skia with https://codereview.chromium.org/1314213002

BUG=422974, 529845

Review URL: https://codereview.chromium.org/1328693002

git-svn-id: svn://svn.chromium.org/blink/trunk@202056 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Revert of set svg zero length to rebaseline (patchset #1 id:1 of https://codereview.chromium.org/1336543002/ )
Reason for revert:
Reverting this in favor of https://codereview.chromium.org/1328693002/ (less rebaselines needed)

Original issue's description:
> set svg zero length to rebaseline
> 
> The Skia change has been relanded to handle zero-length
> caps natively. Rebaseline the affected SVG tests.
> 
> R=fmalita@chromium.org
> BUG=529845
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=202052

TBR=fmalita@chromium.org,caryclark@chromium.org,caryclark@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=529845

Review URL: https://codereview.chromium.org/1333913002

git-svn-id: svn://svn.chromium.org/blink/trunk@202053 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Restrict visibility of internal TextCheckingParagraph predicates.
Reduce exposed interface slightly; no change in functionality.

R=
BUG=None

Review URL: https://codereview.chromium.org/1333813003

git-svn-id: svn://svn.chromium.org/blink/trunk@202050 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Generalize ScopedDisposal<T> to handle non-GC types.
Drop the restriction that ScopedDisposal<T> can only be used with
Oilpan GCed types + parameterize the template over the disposal method
to use (with dispose() being the default.)

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1332743002

git-svn-id: svn://svn.chromium.org/blink/trunk@202048 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tmoniuszko
Make gyp_flag_compare.py work on Windows
BUG=

Review URL: https://codereview.chromium.org/1319063004

Cr-Commit-Position: refs/heads/master@{#348113}
sigbjornf
Oilpan: fix build after r201994.
TBR=oilpan-reviews
BUG=488628
NOTRY=true

Review URL: https://codereview.chromium.org/1327193002

git-svn-id: svn://svn.chromium.org/blink/trunk@202004 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Update outer flow thread membership before changing multicolness.
This change is about being more strict about applying style changes in tree
order: first adjust the relationship to the ancestry, THEN adjust the children.

This order is important if a multicol container has a child out-of-flow
multicol container with a spanner, and this child is changed to become in-flow
at the same time as it ceases to be a multicol container, and instead becomes a
spanner. If we change it from multicol to spanner first (instead of making it
part of the outer multicol container first), the outer multicol container is
going to believe that it contains the inner spanner, and we'd end up with a
spanner inside another spanner, which isn't allowed.

#a - multicol
  #b - abspos multicol, changing it to static spanner
    #c - spanner (but it should become a regular block once #b becomes a spanner)

The effect of this fix is that we swap the ordering of notifying the flow thread
about descendant style changes (flowThreadDescendantStyleWillChange(),
flowThreadDescendantStyleDidChange()), compared to when handling style changes
locally on the object (styleWillChange(), styleDidChange()) takes place. More
specifically, we need to get to flowThreadDescendantStyleDidChange() first
(which registers or unregisters descendants in the flow thread - i.e. updates
the LayoutMultiColumnSet / LayoutMultiColumnSpanner placeholder structure), and
THEN to evacuateAndDestroy() (via LayoutBlockFlow::styleDidChange() and 
createOrDestroyMultiColumnFlowThreadIfNeeded()), instead of the other way around.
This way we register #b (now a spanner) in #a first. That will prevent #a from
seeing anything inside #b (spanners are rather opaque).

Since we're now notifying the flow thread from LayoutBox instead of
LayoutObject, we can change the style change notification methods to take
LayoutBox instead of any kind of LayoutObject. The flow thread only cares about
LayoutBox or better here anyway. This allows for some cleanup in the
notification methods, since we no longer need to worry about computed style
weirdness on text layout objects.

BUG=516532
R=eae@chromium.org,jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1320843005

git-svn-id: svn://svn.chromium.org/blink/trunk@201993 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop SVGElement::getBoundingBox
The two users can be trivially replaced with queries on the layout tree
instead.

Review URL: https://codereview.chromium.org/1317563010

git-svn-id: svn://svn.chromium.org/blink/trunk@201973 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
gn: fix documentation typo
s/currebt/current/

TBR=brettw

Review URL: https://codereview.chromium.org/1318963007

Cr-Commit-Position: refs/heads/master@{#347900}
rune
Schedule a BeginFrame when we stop deferring commits.
We do not scheduleVisualUpdate for setNeedsStyleRecalc when we have
pending stylesheets. If we setNeedsStyleRecalc while loading a stylesheet,
we won't necessarily trigger a BeginFrame when the stylesheet finishes
loading because subsequent setNeedsStyleRecalc call won't trigger those
either if the ascendants are already marked with childNeedsStyleRecalc
because we assume the visual update is already scheduled.

Schedule a BeginFrame from resumeTreeViewCommits to make sure deferred
visual updates are triggered.

BUG=384934

Review URL: https://codereview.chromium.org/1316403004

git-svn-id: svn://svn.chromium.org/blink/trunk@201933 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop getBBox() override on SVGPathElement
path().boundingRect() is exactly what objectBoundingBox() will return
for LayoutSVGPath, so the implementation from SVGGraphicElement can be
used.

Review URL: https://codereview.chromium.org/1315983012

git-svn-id: svn://svn.chromium.org/blink/trunk@201917 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Limit stack-allocated uses of CancellableTaskFactory(PassOwnPtr<Closure>).
Classes that keep a CancellableTaskFactory should create() these via the
provided factory method, which takes care of creating the task factory's
closure in a manner that doesn't cause an (Oilpan) leak.

Not using the factory method is convenient when testing, so accommodate
this by way of a protected CancellableTaskFactory<> constructor, and use
it in unit tests. The unit tests exercise functionality rather than direct
usage by Blink objects, so hiding the constructor is considered acceptable.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1320023009

git-svn-id: svn://svn.chromium.org/blink/trunk@201916 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201904.
TBR=oilpan-reviews,yosin
BUG=513568
NOTRY=true

Review URL: https://codereview.chromium.org/1303993005

git-svn-id: svn://svn.chromium.org/blink/trunk@201907 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201865.
TBR=oilpan-reviews,yosin
BUG=513568
NOTRY=true

Review URL: https://codereview.chromium.org/1323023004

git-svn-id: svn://svn.chromium.org/blink/trunk@201879 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Revert "Implement proposed shadow tree cascade order."
This reverts commit bb5572c1de7405160a32b80c6224477b13eaac14.

Conflicts:
	Source/core/css/resolver/StyleResolver.h

TBR=kochi@chromium.org
BUG=487125

Review URL: https://codereview.chromium.org/1332493002

git-svn-id: svn://svn.chromium.org/blink/trunk@201875 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Revert 201092 "Reland of moved unused CascadeOrder. (patchset #1..."
> Reland of moved unused CascadeOrder. (patchset #1 id:1 of https://codereview.chromium.org/1306693007/ )
> 
> Reason for revert:
> I don't think this contributes any of "too many opened files".
> (as is commented bay jianli
> https://code.google.com/p/chromium/issues/detail?id=524248#c7 )
> 
> Will revert and reland the original patch.
> 
> 
> 
> Original issue's description:
> > Revert of Removed unused CascadeOrder. (patchset #1 id:1 of https://codereview.chromium.org/1291873005/ )
> > 
> > Reason for revert:
> > Speculative revert for causing "Too many opened files in the system".
> > 
> > https://code.google.com/p/chromium/issues/detail?id=523598
> > 
> > 
> > Original issue's description:
> > > Removed unused CascadeOrder.
> > > 
> > > CascadeOrder is always ignoreCascadeOrder after [1] and can be removed.
> > > 
> > > [1] https://codereview.chromium.org/1298173004
> > > 
> > > BUG=487125
> > > 
> > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201019
> > 
> > TBR=kochi@chromium.org,rune@opera.com
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=487125
> > 
> > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201082
> 
> TBR=rune@opera.com,jianli@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=487125
> 
> Review URL: https://codereview.chromium.org/1313713005

TBR=kochi@chromium.org

Review URL: https://codereview.chromium.org/1331573002

git-svn-id: svn://svn.chromium.org/blink/trunk@201871 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
A block that establishes a new formatting context is pushed by floats.
Only block containers that don't establish new formatting contexts are
allowed to ignore (and thus potentially overlap with) floats.

This obviously also applies inside multicol, but we had a check that actively
prevented that. This was some residue from CSS regions support (shared
implementation with multicol), which had a much more sophisticated positioning
implementation, which we've removed ages ago.

BUG=528179
R=jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1325323002

git-svn-id: svn://svn.chromium.org/blink/trunk@201867 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Avoid duplicated code in LayoutBlockChild::layoutBlockChild().
Before laying out, we try to estimate and set the logical top of the child, but
it may turn out after one layout pass that the estimate was wrong, due to
margin collapsing, float clearance or pagination.

So sometimes we need to reposition and relayout once or even twice inside
layoutBlockChild(). This was done with slightly poorly duplicated code.
Refactor into positionAndLayoutOnceIfNeeded() (and
markDescendantsWithFloatsForLayoutIfNeeded()). One instance of this duplicated
code used to sit in adjustBlockChildForPagination(). Moved it into
layoutBlockChild(), to make it easier to understand what's going on (and to
give adjustBlockChildForPagination() one less thing to worry about - one
parameter removed). Renamed |result| to |newLogicalTop| in
adjustBlockChildForPagination(), and |logicalTopAfterClear| to |newLogicalTop|
in layoutBlockChild().

No behavioral changes were actually intended, but when unifying
almost-duplicated code, some changes are inevitable. Added some tests for
something that now works, and used to fail. In the subsequent layout passes we
forgot to check if the new position changed how we were affected by floats.

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1315353005

git-svn-id: svn://svn.chromium.org/blink/trunk@201866 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
move gconf config inside use_gconf block
BUG=132847

Review URL: https://codereview.chromium.org/1328883002

Cr-Commit-Position: refs/heads/master@{#347440}
sigbjornf
Oilpan: tidy up NavigationScheduler.
Allocate this object separately and not as a part of a LocalFrame. The
main motivation for this is to play better with its use of a
CancellableTaskFactory following r201780.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1330653003

git-svn-id: svn://svn.chromium.org/blink/trunk@201794 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Improve CancellableTaskFactory handling and Oilpan usage.
If a CancellableTaskFactory is used by an Oilpan heap object, the
closure that the factory works with/over, cannot embed a reference
back to that object by way of an off-heap Persistent<> (WTF::Closure
is not on the heap.) If it does, such a reference will keep the heap
object alive, without it ever being released. Memory leaks are very likely.

This is too easy a slip-up to make with the current CancellableTaskFactory
constructor, so rephrase the constructor so as to make leaks no longer (easily)
possible. For Oilpan heap objects baked into the closure, the persistent reference
now held will be weak.

At the same time, take the opportunity to have this object no longer be a part object,
but a separate (off-heap) allocation. This lets us drop the ad-hoc ASan unpoisoning
support that was previously needed if CancellableTaskFactory was a part object
of an Oilpan heap object. Less magic.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1312843009

git-svn-id: svn://svn.chromium.org/blink/trunk@201787 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't transfer viewport to an invalid/dirty <use> instance
If an update is pending for a <use> shadow tree, the width/height
needn't be updated, since the update of the shadow tree will do it.
Make sure to clear the reference to the instance root when
invalidating the shadow tree.
Also split clearResourceReferences into a few different parts.

BUG=516051

Review URL: https://codereview.chromium.org/1323443003

git-svn-id: svn://svn.chromium.org/blink/trunk@201738 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201727.
TBR=oilpan-reviews
BUG=262211
NOTRY=true

Review URL: https://codereview.chromium.org/1329753003

git-svn-id: svn://svn.chromium.org/blink/trunk@201733 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Never move unbreakable blocks that are at the top of a column / page.
That's just going to leave a column / page blank, without fitting any content
better. If the block is too tall to fit in the current column / page, it's
going to be just as too tall for the next one as well.

BUG=526098
R=jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1318653004

git-svn-id: svn://svn.chromium.org/blink/trunk@201732 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Remove BarProp.visible TODO that has been fixed in the spec
NOTRY=true
R=fs@opera.com

Review URL: https://codereview.chromium.org/1328723004

git-svn-id: svn://svn.chromium.org/blink/trunk@201721 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix GC_PROFILING builds following r201671.
R=haraken
BUG=527054
NOTRY=true

Review URL: https://codereview.chromium.org/1308053007

git-svn-id: svn://svn.chromium.org/blink/trunk@201707 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201667.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1314773009

git-svn-id: svn://svn.chromium.org/blink/trunk@201670 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201639.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1312073003

git-svn-id: svn://svn.chromium.org/blink/trunk@201650 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Oilpan: fix build after r201639. (patchset #1 id:1 of https://codereview.chromium.org/1312073003/ )
Reason for revert:
Not complete, reverting to reland.

Original issue's description:
> Oilpan: fix build after r201639.
> 
> TBR=oilpan-reviews
> BUG=none
> NOTRY=true
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201647

TBR=oilpan-reviews@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=none

Review URL: https://codereview.chromium.org/1319623006

git-svn-id: svn://svn.chromium.org/blink/trunk@201648 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201639.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1312073003

git-svn-id: svn://svn.chromium.org/blink/trunk@201647 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Have uses of MockImageResourceClient leak less.
Turn this unit test helper into something more RAII-like to avoid
Resources not having their clients removed.

For the tests touched, addresses reported Resource leaks.

R=haraken
BUG=526423

Review URL: https://codereview.chromium.org/1327653004

git-svn-id: svn://svn.chromium.org/blink/trunk@201645 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201632.
R=haraken
BUG=523249
NOTRY=true

Review URL: https://codereview.chromium.org/1325983003

git-svn-id: svn://svn.chromium.org/blink/trunk@201636 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix Resource leak in ActivityLoggerTest unit tests.
Evict resources from the memory cache upon shutdown.

R=haraken
BUG=526423

Review URL: https://codereview.chromium.org/1309843011

git-svn-id: svn://svn.chromium.org/blink/trunk@201634 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201622.
TBR=oilpan-reviews
BUG=513568
NOTRY=true

Review URL: https://codereview.chromium.org/1310633005

git-svn-id: svn://svn.chromium.org/blink/trunk@201629 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Add inline style in the element's scope.
Style attribute declarations were added in a separate scope after all
other author origins. Instead add style attribute declarations right after
collecting matching rules from the element's scope. This means that we can
override values set on the style attribute from outer scopes, like we can
with values from inner scope's stylesheet.

Without this fix, you would get green on orange below:

<style>html /deep/ span { color: green; background-color: lime }</style>
<host>
  <host:root>
    <style>span { color:red }</style>
    <span style="background:orange">Green on orange?</span>
  </host:root>
</host>

With this change, we will get green on lime.

The regression (issue 526634) was not relying on this, but it would be
more complex code to fix the regression without fixing the style attribute
cascading order.

R=kochi@chromium.org,hayato@chromium.org
BUG=526634

Review URL: https://codereview.chromium.org/1322753006

git-svn-id: svn://svn.chromium.org/blink/trunk@201620 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Update the visibility of XHR-related interfaces to match spec
https://github.com/whatwg/xhr/issues/19

BUG=395931
R=dominicc@chromium.org

Review URL: https://codereview.chromium.org/1310543002

git-svn-id: svn://svn.chromium.org/blink/trunk@201597 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: update plugin handling to work over plugins persisted over reattach
Following Blink r201401, a plugin element's persisted plugin will be
cleared out upon the plugin element being removed from the tree or being
re-attached and there being no layout object. With Oilpan, this may
bring about disposal of the underlying plugin.

A disposed persisted plugin is consequently observable if subsequently
try to return the plugin wrapper object for the plugin element -- add
the required check so as to handle this properly.

R=haraken
BUG=526999

Review URL: https://codereview.chromium.org/1326603002

git-svn-id: svn://svn.chromium.org/blink/trunk@201572 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Sync OilpanExpectations.
Remove some now-unbound virtual slimmingpaint test entries along with
removing expectation for

 svg/as-background-image/animated-svg-animation-control.html

which was removed in r201021.

R=haraken
BUG=345655,370906,356658,356742,456357,522652
NOTRY=true

Review URL: https://codereview.chromium.org/1323963002

git-svn-id: svn://svn.chromium.org/blink/trunk@201550 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Clarify the TODO for FrameRequestCallback
BUG=460722

Review URL: https://codereview.chromium.org/1326523002

git-svn-id: svn://svn.chromium.org/blink/trunk@201540 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Remove a few IDL TODOs that have been fixed in the HTML spec
BUG=460722
R=domenic@chromium.org

Review URL: https://codereview.chromium.org/1308553005

git-svn-id: svn://svn.chromium.org/blink/trunk@201536 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
If javascript: returns no result, balance load progress notifications.
Upon executing a javascript: URL in an empty document, we take care to
notify that the load has started. Should the result of executing the
script code be no result and navigation, balance the progress notifications
by signalling completion also.

R=haraken
BUG=495495

Review URL: https://codereview.chromium.org/1158973004

git-svn-id: svn://svn.chromium.org/blink/trunk@201481 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix building with blink_gc_profiling:1
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1321173002

git-svn-id: svn://svn.chromium.org/blink/trunk@201473 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Fix method name typo in PartitionAlloc.
Review URL: https://codereview.chromium.org/1320243003

git-svn-id: svn://svn.chromium.org/blink/trunk@201454 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201436, r201444.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1317363003

git-svn-id: svn://svn.chromium.org/blink/trunk@201451 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Throw exceptions for charnum == getNumberOfChars in get{...}OfChar APIs
According to the spec [1], IndexSizeError should be thrown if:

"...the charnum is negative or if charnum is greater than or equal to
 the number of characters at this node."

This is what's implemented by IE, Gecko and Presto.

[1] http://www.w3.org/TR/SVG11/text.html#__svg__SVGTextContentElement__getStartPositionOfChar
    The current SVG2 draft has a different formulation:

     (https://svgwg.org/svg2-draft/text.html#__svg__SVGTextContentElement__getStartPositionOfChar)
     "If cluster is null, then then throw a DOMException with code
      INDEX_SIZE_ERR."

    but will have the same result.

BUG=391345

Review URL: https://codereview.chromium.org/1321783002

git-svn-id: svn://svn.chromium.org/blink/trunk@201411 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Remove redundant DocumentLoadTiming references.
Having ScriptedIdleTaskController and its auxillary object keep a reference
to a document's DocumentLoadTiming part object is unnecessary as the deadlines
do not have to be translated wrt a Document's baseline reference time.

R=sami, rmcilroy
BUG=

Review URL: https://codereview.chromium.org/1316323002

git-svn-id: svn://svn.chromium.org/blink/trunk@201338 bbb929c8-8fbe-4397-9dbb-9b2b20218538
alexanderk
Try to reset quota database which is suspected to be corrupted
If we are able to open quota database file but cannot create a table
then we suspect it to be corrupted and trying to reset.

BUG=508916

Review URL: https://codereview.chromium.org/1236583002

Cr-Commit-Position: refs/heads/master@{#345966}
fs
Don't drop type information returned from locateRenderSVGTextAncestor
LayoutSVGText::locateRenderSVGTextAncestor returns a LayoutSVGText*, so
widening it to LayoutObject only serves to lose information - for the
primary benefit of "interface hiding".
This in turn mean that some calls can be devirtualized.

Also restructure the methods themselves to avoid stating the predicate
twice (negated and not.)

Review URL: https://codereview.chromium.org/1308983006

git-svn-id: svn://svn.chromium.org/blink/trunk@201319 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Applying the "all" property needs to check all properties against the whitelist.
When applying any other property than "all", we already perform this whitelist
check, but applying "all" is a separate code path, and the checks were missing
there.

BUG=524682
R=rune@opera.com

Review URL: https://codereview.chromium.org/1304123006

git-svn-id: svn://svn.chromium.org/blink/trunk@201315 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Invalidate style from shadow host, not root, to apply :host rules.
This is a regression from r201058. We incorrectly marked the shadow root
node for style recalc instead of the host. Marking the host is necessary
to apply new :host rules.

R=esprehn@chromium.org
BUG=525280

Review URL: https://codereview.chromium.org/1311463004

git-svn-id: svn://svn.chromium.org/blink/trunk@201311 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Have resetInternalsObject() handle detached documents.
R=haraken
BUG=524261

Review URL: https://codereview.chromium.org/1309673004

git-svn-id: svn://svn.chromium.org/blink/trunk@201306 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: avoid using WeakPtr<> for heap residing objects.
GlobalFetch::ScopedFetcher instances are heap objects, so avoid using
WeakPtr<>s over those.

Also switch over to using WeakPtr* transition types where possible.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1320563003

git-svn-id: svn://svn.chromium.org/blink/trunk@201305 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Remove applyStatefulResource interface from SVGClipPainter
applyClippingToContext is equally "stateful", so the two entrypoints
does not seem warranted.
Fold applyClippingToContext into applyStatefulResource and then rename
it to prepareEffect (to match mask and filter). Similarly rename
postApplyStatefulResource to finishEffect.

Review URL: https://codereview.chromium.org/1308223003

git-svn-id: svn://svn.chromium.org/blink/trunk@201262 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Move painting code out of LayoutSVGResourceClipper
LayoutSVGResourceClipper::tryPathOnlyClipping contains the code to
emit the path - if one is successfully built. For the sake of layering,
push this out into the caller (SVGClipPainter) instead.

Also replace uses of clipperResource().isEmpty() with hasClipper(),
rename objectBoundingBox referenceBox (to better match the Masking spec
terminology) and rename the tryPathOnlyClipping to asPath.

Review URL: https://codereview.chromium.org/1308983007

git-svn-id: svn://svn.chromium.org/blink/trunk@201254 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
createPlainText(): avoid a 32k buffer allocation for empty ranges.
The pre-allocation of the StringBuilder is redundant if the range is
empty, hence avoid.

While here, simplify empty string builder testing also.

R=yosin
BUG=

Review URL: https://codereview.chromium.org/1317593003

git-svn-id: svn://svn.chromium.org/blink/trunk@201212 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't resolve rectangle as different unit if viewport is empty
SVGLengthContext::resolveRectangle would resolve oBB units as uSOU units
if the "viewport" provided was empty.
This would lead to incorrect rendering in certain cases - like with
filters on content with an empty bbox.

BUG=252696

Review URL: https://codereview.chromium.org/1313893003

git-svn-id: svn://svn.chromium.org/blink/trunk@201140 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tsniatowski
Fix typo in gn ccache support for linux:x86
BUG=

Review URL: https://codereview.chromium.org/1308403004

Cr-Commit-Position: refs/heads/master@{#345355}
fs
svg/custom/resource-client-removal.svg no longer flaky
Stabilized after https://codereview.chromium.org/1286093008

TBR=pdr@chromium.org
BUG=521856

Review URL: https://codereview.chromium.org/1317543002

git-svn-id: svn://svn.chromium.org/blink/trunk@201128 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Don't change the media controls visibility in MediaControls::reset()
reset() is called from a number of places with the expectation of
putting the controls into the state they would be if created anew.

One such place is via HTMLMediaElement::preDispatchEventHandler, where
the controls are reset when entering or exiting fullscreen. This has a
very strange side-effect, namely that dispatching a synthetic
webkitfullscreenchange event on a video will cause the media controls to
become visible.

It would be rather messy to write a layout test for this, and it would
be slow to run, so instead add unit tests to test this more directly.

R=fs@opera.com

Review URL: https://codereview.chromium.org/1319433003

git-svn-id: svn://svn.chromium.org/blink/trunk@201126 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop LayoutVTTCue::adjustForTopAndBottomMarginBorderAndPadding
This method only serves to break the cue layout computed by
SnapToLinesLayouter. If we want to factor in margin+border for cues (and
padding for the cue container), then factor that into the cue layout
algorithm instead.

BUG=301580

Review URL: https://codereview.chromium.org/1314613002

git-svn-id: svn://svn.chromium.org/blink/trunk@201119 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Remove TODO <video preload> case-sensitivity (invalid spec bug)
NOTRY=true
R=fs@opera.com

Review URL: https://codereview.chromium.org/1318443002

git-svn-id: svn://svn.chromium.org/blink/trunk@201108 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
svg/custom/js-late-pattern-and-object-creation.svg no longer flaky
Stabilized after https://codereview.chromium.org/1286093008

TBR=pdr@chromium.org
BUG=522649

Review URL: https://codereview.chromium.org/1310203004

git-svn-id: svn://svn.chromium.org/blink/trunk@201061 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r201058.
TBR=oilpan-reviews
BUG=522860
NOTRY=true

Review URL: https://codereview.chromium.org/1303953005

git-svn-id: svn://svn.chromium.org/blink/trunk@201060 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Should not ASSERT what we know will fail.
The input to the selector position and the rule position is known to
possibly overflow 12 and 18 bits respectively since the input comes from
unsigned positions into data structures known to keep more elements than
that. The selector and rule positions will be wrong regardlessly, unless
we make RuleData bigger.

Truncating the position to a max value instead of just letting it
overflow could be an option. It doesn't make sense for selector position
as trying to match any of the other selectors won't make any difference.

Truncating the rule position would make the cascading order correct when
comparing rules in the representable range with a rule outside the range,
while just letting it overflow starting from zero again will yield a
correct cascading order between two rules both outside of the
representable range.

Given that, I conclude to just remove the ASSERTs and not do anything
clever about values outside of the ranges.

BUG=519315
R=timloh@chromium.org

Review URL: https://codereview.chromium.org/1312703002

git-svn-id: svn://svn.chromium.org/blink/trunk@201059 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Fix crash when removing stylesheets from shadow tree.
The added sheets passed into StyleSheetInvalidationAnalysis may either be
added or removed. When they are removed style elements from a shadow tree,
the style element may no longer have a containingShadowRoot if the element
has already been removed. That caused a crash when the containingShadowRoot
was accessed without a nullptr check.

Instead of deducing the scope from the style element, pass the stylesheet
collection TreeScope to the analysis object. The m_scopingNodes, which is
probably a left-over from <style scoped> has been removed.

Now, the shadow tree root node, or outermost shadow host if ::content
rules makes that necessary, is always marked sub-tree dirty. The previous
code-path could trigger id/class invalidation of separate elements when
the stylesheet contents had multiple owner nodes, but that was most likely
wrong if it could ever happen.

BUG=522860

Review URL: https://codereview.chromium.org/1313443003

git-svn-id: svn://svn.chromium.org/blink/trunk@201058 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Sync some media/track test expectations.
Remove entries that were asserting prior to crbug.com/521520 being fixed.

R=haraken,keishi
BUG=521102,521861
NOTRY=true

Review URL: https://codereview.chromium.org/1311733002

git-svn-id: svn://svn.chromium.org/blink/trunk@201051 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Accurately update Document node counts on disposing shadow roots.
When cleaning out a ShadowRoot's child Nodes as part of its disposal,
the child Nodes will in some cases not have other references than the
shadow root. If so, the Node will be summarily deleted without being
notified of it being removed from its DOM tree first. By calling its
removedFrom().

As a Document need to maintain an accurate attached node count, arrange
for the otherwise-unreferenced Node's document to be decremented.

R=
BUG=521520

Review URL: https://codereview.chromium.org/1309083002

git-svn-id: svn://svn.chromium.org/blink/trunk@201044 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Remove tests svg/as-background-image/animated-svg-animation-control.html
This test has been flaky all along because the sequence of events it
tries to observe is not fully observable. There's still some coverage of
the reset-animation-when-no-longer-running case elsewhere.

BUG=522652

Review URL: https://codereview.chromium.org/1292703004

git-svn-id: svn://svn.chromium.org/blink/trunk@201021 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
make use of use_glib variable rather than is_linux when adding glib config
Review URL: https://codereview.chromium.org/1306473003

Cr-Commit-Position: refs/heads/master@{#344877}
rune
Removed unused CascadeOrder.
CascadeOrder is always ignoreCascadeOrder after [1] and can be removed.

[1] https://codereview.chromium.org/1298173004

BUG=487125

Review URL: https://codereview.chromium.org/1291873005

git-svn-id: svn://svn.chromium.org/blink/trunk@201019 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r200992.
TBR=oilpan-reviews
BUG=514651
NOTRY=true

Review URL: https://codereview.chromium.org/1309593003

git-svn-id: svn://svn.chromium.org/blink/trunk@201005 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Implement proposed shadow tree cascade order.
This CL implements the shadow tree cascade order proposed in [1].

Previously, in Blink, specificity would win over scope origin, even if the
scopes had an inner/outer scope relationship, and the order-of-appearance
was governed by the CascadeOrder type. Also, !important rules did not
apply in the reverse scope order, as the current spec says for inner/outer
scopes, and the proposal in [1] says apply between all shadow scopes.

What has been done is:

1. CascadeOrder is not used, as it represents order-of-appearance
   (Removal of CascadeOrder is not done here to make the CL smaller. Will
   be removed in a follow-up CL).

2. When collecting rules, sort after each scope instead of just after UA
   and Author since we had:

   UA important
   Author important
   Author
   UA

   and now we have (with A(n) appearing before A(n+1) in the tree-of-trees
   order):

   UA important
   Author scope A(n) important
   ...
   Author scope A(1) important
   Author scope A(1)
   ...
   Author scope A(n)
   UA

   The applyProperties code is hot, and I have made performance runs for
   the micro-benchmarks in Layout and CSS without consistent regressions.

3. Since the cascading order between scopes are just the inner/outer
   relationship in the composed tree (direction decided by !important),
   which is the same as the tree-of-trees order of the shadow trees,
   we can just traverse the DocumentOrderedList of scopes in the reverse
   order instead of doing calculation tricks for CascadeOrder values.

   Because of this, TreeBoundaryCrossingRules is now reduced to a
   DocumentOrderedList of scoping nodes, so the TreeBoundaryCrossingRules
   class is removed.

[1] https://lists.w3.org/Archives/Public/www-style/2015Jun/0303.html

BUG=452542, 455148, 487125

NOTRY=true

Review URL: https://codereview.chromium.org/1298173004

git-svn-id: svn://svn.chromium.org/blink/trunk@200994 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Sync snap-to-lines VTT cue layout steps with spec
 * Sync step documentation ('line position' -> 'line' and similar.)
 * Remove remnants of 'best position' and re-number steps.
 * Implement new cue dodging logic.

BUG=301580

Review URL: https://codereview.chromium.org/1306833003

git-svn-id: svn://svn.chromium.org/blink/trunk@200987 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop unused showingTrackWithSameKind declaration from HTMLMediaElement
Review URL: https://codereview.chromium.org/1304183003

git-svn-id: svn://svn.chromium.org/blink/trunk@200985 bbb929c8-8fbe-4397-9dbb-9b2b20218538
joleksy
Allow default font size changing on Linux.
Currently base rendering font size on Linux is hardcoded to 16.0 with no possibility of changing it. This patch add such possibility in RendererPreferences.

Webkit part: https://codereview.chromium.org/570243002/

BUG=

Review URL: https://codereview.chromium.org/549303004

Cr-Commit-Position: refs/heads/master@{#344746}
sigbjornf
Keep TextMetrics on the Oilpan heap always.
R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1297383003

git-svn-id: svn://svn.chromium.org/blink/trunk@200969 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
CompositorWorker is now always on the heap.
Consequently, update its IDL attribute to [GarbageCollected] and adjust
the return type of its constructor.

R=haraken
BUG=522949

Review URL: https://codereview.chromium.org/1309463002

git-svn-id: svn://svn.chromium.org/blink/trunk@200964 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have PromiseTracker callback keep a WeakPersistent<>.
For the v8 callback objects that PromiseTrackers create, insist on using
a WeakPersistent<> back reference to the PromiseTracker when Oilpan
is enabled.

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1301253002

git-svn-id: svn://svn.chromium.org/blink/trunk@200963 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Keep auxilliary media objects on the heap always.
Fully transition MediaError, MediaKeyError and TimeRanges to Oilpan.

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1306613002

git-svn-id: svn://svn.chromium.org/blink/trunk@200962 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r200912.
TBR=oilpan-reviews
BUG=492204
NOTRY=true

Review URL: https://codereview.chromium.org/1298253004

git-svn-id: svn://svn.chromium.org/blink/trunk@200925 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
make use of media_use_ffmpeg in BUILD.gn
Review URL: https://codereview.chromium.org/1297583004

Cr-Commit-Position: refs/heads/master@{#344525}
fs
Replace setTimeout() with runAfterLayoutAndPaint() in a few tests
This is in line with the FIXMEs in these tests, and hopefully end up
curing some flakyness. Fingers crossed.

BUG=522649, 521856

Review URL: https://codereview.chromium.org/1286093008

git-svn-id: svn://svn.chromium.org/blink/trunk@200903 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
use more specific variables in net/BUILD.gn
Review URL: https://codereview.chromium.org/1290383005

Cr-Commit-Position: refs/heads/master@{#344492}
davve
Refactor code for calculating background image geometry
Extract BoxPainter::calculateBackgroundImageGeometry implementation
and related functions to the BackgroundImageGeometry class. This
enables shrinking the API surface of BackgroundImageGeometry and eases
further code health improvements.

BUG=521481

Review URL: https://codereview.chromium.org/1300103003

git-svn-id: svn://svn.chromium.org/blink/trunk@200850 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Avoid floating point when calculating the actual column count.
It's too inaccurate.

BUG=502407
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1285273004

git-svn-id: svn://svn.chromium.org/blink/trunk@200848 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Store SVGResourcesCache inline in SVGDocumentExtensions
Indirections--

BUG=521334

Review URL: https://codereview.chromium.org/1296353004

git-svn-id: svn://svn.chromium.org/blink/trunk@200845 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't register excessive pending SVG resources
When an SVG resource was destroyed, it would notify the
SVGResourcesCache, which would walk the entire cache, notify the layout
object and add a "pending" entry for the id referring to the
corresponding element.
This would mean that every layout object which had any kind of resource
would get a "pending" reference from every id to itself - regardless of
if it ever referred to a resource with the given id. In the particular
test, this resulted in a fairly large (ever-growing) "pending" element
sets because there was persistent resource references in the document.

Fix by only adding "pending" entries for the current clients of the
resource that's being destroyed.
SVGResourcesCache::resourceDestroyed is removed in favor of new method
detachAllClients() in LayoutSVGResourceContainer. The part that
unregistered the resource itself as a client is removed in favor of the
pre-existing call to clientDestroyed() already existing in
LayoutSVGModelObject::willBeDestroyed (delegated to from the resource.)
SVGResources::resourceDestroyed is changed to not call
removeAllClientsFromCache() on the resource being passed - this is
instead done once after having cleared the references in all the
clients.

With this change, the "cycle time" of the test in the bug changes from
linearly increasing to constant.

BUG=521334

Review URL: https://codereview.chromium.org/1302713003

git-svn-id: svn://svn.chromium.org/blink/trunk@200840 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Recalculate intrinsic widths in the old containing block chain when going out of flow.
When an object goes out of flow, it no longer contributes to the intrinisic
widths of its parents. We need to mark them for recalculation while we can
still walk that ancestry chain, i.e. before applying the style change.

BUG=521819
R=esprehn@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1294063005

git-svn-id: svn://svn.chromium.org/blink/trunk@200836 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
libgtk2ui should only add the cups config if use_cups is true
The cups gn config is defined inside a use_cups block,
therefore other targets should only try to add this config
inside another use_cups block.

Review URL: https://codereview.chromium.org/1296043003

Cr-Commit-Position: refs/heads/master@{#344268}
mostynb
pkg-config.py should use --libs instead of --libs-only-l --libs-only-L
When specifying both --libs-only-l and --libs-only-L to
pkg-config, the results from the latter are not included.
This feels like a bug in pkg-config, reported upstream:
https://bugs.freedesktop.org/show_bug.cgi?id=91689

Our pkg-config.py wrapper can use --libs instead of the
flags mentioned above- this includes flags from both but
maybe also some additional flags (eg -rdynamic).

BUG=522564

Review URL: https://codereview.chromium.org/1291803008

Cr-Commit-Position: refs/heads/master@{#344260}
christiank
Add glCompressedCopySubTextureCHROMIUM
This CL adds a GPU command for copying sub regions of compressed textures.
The implementation is based on glCopySubTextureCHROMIUM.

BUG=434699

Review URL: https://codereview.chromium.org/1272153004

Cr-Commit-Position: refs/heads/master@{#344220}
fs
Random clean up of SVGResourcesCache
 * Fix up some comments.

 * Rename resourcesCacheFromLayoutObject to resourcesCache; let it take
   a Document& instead (to reflect the wider "scope" it has), and make it
   return a SVGResourceCache& since the cache will always be present if
   SVGDocumentExtensions are.

 * Drop redundant qualification.

BUG=521334

Review URL: https://codereview.chromium.org/1288903003

git-svn-id: svn://svn.chromium.org/blink/trunk@200826 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Handle LocalFrame being nestedly detached by subframe.
As part of detaching a LocalFrame, its subframes are also detached. Should the
detachment of those subframes trigger a nested detach of the LocalFrame that
initiated their detachment, the LocalFrame being returned to after having
detached the subframes could well be in a detached state. The detach steps that
followed (FrameLoader operations) weren't prepared for being in a detached state
(following r199143) and failed.

And the FrameLoader shouldn't have to gracefully handle being used in a detached
state, so add an is-detached check to the LocalFrame's detach steps before continuing.
Leaving early if so.

R=dcheng,japhet
BUG=520014

Review URL: https://codereview.chromium.org/1290053003

git-svn-id: svn://svn.chromium.org/blink/trunk@200820 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Prepare for multiple !important author ranges.
This CL is split out from [1] where we support multiple author origins in
terms of shadow dom scopes. The vector of MatchedProperties contains
matched declarations from all origins in the order in which they should
be applied. For !important declarations, they are applied in the same
order within the same origin, but the order of the origins are different
as the cascading order is:

  - UA important
  - Author important
  - Author
  - UA

We used to have two ranges, one for UA and one for author to accomplish
this. However, with the normal/!important cascading order for
declarations from different shadow doms, we need multiple author ranges:

  - UA important
  - Author important scope n
  ...
  - Author important scope 1
  - Author scope 1
  ...
  - Author scope n
  - UA

We introduce an ImportantAuthorRangeIterator to iterate through the
author ranges and add iterator-style iteration for each range through the
MatchedPropertiesRange class.

As the applyMatchedProperties code is hot, I've run the blink_perf.css
tests locally. Some improved by 2-4%, some became worse by similar
percentages.

[1] https://codereview.chromium.org/1224673002/

BUG=487125
TEST=fast/css

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200697

Review URL: https://codereview.chromium.org/1282243002

git-svn-id: svn://svn.chromium.org/blink/trunk@200818 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
gn build: check use_udev before depending on udev
Review URL: https://codereview.chromium.org/1295303006

Cr-Commit-Position: refs/heads/master@{#344047}
mostynb
use_udev is more accurate than is_linux for udev gn deps
TBR=keybuk

Review URL: https://codereview.chromium.org/1295353002

Cr-Commit-Position: refs/heads/master@{#344046}
sigbjornf
Oilpan: fix build after r200730.
TBR=oilpan-reviews
BUG=382542
NOTRY=true

Review URL: https://codereview.chromium.org/1290593004

git-svn-id: svn://svn.chromium.org/blink/trunk@200733 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Use background positioning origin for repeating backgrounds
When support for 4-value syntax for background-position was added,
only the non-repeating case was actually tested and render support for
the non-top-left anchor points were missing.

This patch adds render support and a simple test for the three anchor
positions that wasn't supported before for repeated/tiled
backgrounds.

BUG=488707,521481

Review URL: https://codereview.chromium.org/1287293002

git-svn-id: svn://svn.chromium.org/blink/trunk@200718 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mmaliszkiewicz
Allow enable_hangout_services_extension overriding in gn build
BUG=

Review URL: https://codereview.chromium.org/1299543005

Cr-Commit-Position: refs/heads/master@{#343871}
davve
Mark BackgroundImageGeometry as stack allocated
BUG=521481

Review URL: https://codereview.chromium.org/1297913003

git-svn-id: svn://svn.chromium.org/blink/trunk@200715 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Prepare for multiple !important author ranges.
This CL is split out from [1] where we support multiple author origins in
terms of shadow dom scopes. The vector of MatchedProperties contains
matched declarations from all origins in the order in which they should
be applied. For !important declarations, they are applied in the same
order within the same origin, but the order of the origins are different
as the cascading order is:

  - UA important
  - Author important
  - Author
  - UA

We used to have two ranges, one for UA and one for author to accomplish
this. However, with the normal/!important cascading order for
declarations from different shadow doms, we need multiple author ranges:

  - UA important
  - Author important scope n
  ...
  - Author important scope 1
  - Author scope 1
  ...
  - Author scope n
  - UA

We introduce an ImportantAuthorRangeIterator to iterate through the
author ranges and add iterator-style iteration for each range through the
MatchedPropertiesRange class.

As the applyMatchedProperties code is hot, I've run the blink_perf.css
tests locally. Some improved by 2-4%, some became worse by similar
percentages.

[1] https://codereview.chromium.org/1224673002/

BUG=487125
TEST=fast/css

Review URL: https://codereview.chromium.org/1282243002

git-svn-id: svn://svn.chromium.org/blink/trunk@200697 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
valueForLength() cannot do anything with min-intrinsic.
Length::intrinsic() doesn't return true for min-intrinsic. isLegacyIntrinsic()
does. But use isIntrinsicOrAuto() to catch both intrinsic, legacy-intrinsic and
auto values, since that seems to be a rather popular way of doing things.
Nobody seems to call isLegacyIntrinsic() directly. Regarding auto values here,
it doesn't really matter whether we call valueForLength() or not, since they'll
resolve to 0 anyway.

BUG=521526
R=leviw@chromium.org,robhogan@gmail.com

Review URL: https://codereview.chromium.org/1292163005

git-svn-id: svn://svn.chromium.org/blink/trunk@200695 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Remove unused parameter to BackgroundImageGeometry::setHasNonLocalGeometry()
BUG=521481

Review URL: https://codereview.chromium.org/1298653003

git-svn-id: svn://svn.chromium.org/blink/trunk@200642 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Initial support for nested multicol layout.
Nested column balancing doesn't work yet. Also no support for mapping visual
points to flow thread points (which is used by a few operations, but not by the
most common ones, like painting and hit-testing).

There are other corner-cases to sort out, too.

Still no support for printing multicol documents, but that's the ultimate goal
of this work.

BUG=447718
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1292163002

git-svn-id: svn://svn.chromium.org/blink/trunk@200639 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Move some members of the Selection interface out of the non-standard section
BUG=391673
R=yoichio@chromium.org

Review URL: https://codereview.chromium.org/1283233003

git-svn-id: svn://svn.chromium.org/blink/trunk@200638 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Make LayoutBoxModelObject const when passed to calculateBackgroundImageGeometry
BUG=521481

Review URL: https://codereview.chromium.org/1298553004

git-svn-id: svn://svn.chromium.org/blink/trunk@200637 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Conditionally bail out earlier in Heap::reportMemoryUsageForTracing()
R=haraken
BUG=474470

Review URL: https://codereview.chromium.org/1301463002

git-svn-id: svn://svn.chromium.org/blink/trunk@200608 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Add missing getTraceCategoryEnabledFlag() override.
For the Platform object used by ResourceTest, add required
override of getTraceCategoryEnabledFlag(). Needed following
the addition GC tracing in Blink r200146.

R=haraken
BUG=521230

Review URL: https://codereview.chromium.org/1292983003

git-svn-id: svn://svn.chromium.org/blink/trunk@200606 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Remove unnecessary declaration
All test elements already have the equivalent 'background-repeat:
no-repeat' declaration.

BUG=488707

Review URL: https://codereview.chromium.org/1290913003

git-svn-id: svn://svn.chromium.org/blink/trunk@200542 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't require a valid reference scope for a <use> shadow tree update
When determining if a URL-string was pointing to an internal or external
resource, the null-string was considered external because it does not
start w/ '#' and Document::completeURL will explicitly return a null KURL
in that case. The latter means that the comparison against the document
URL will fail - i.e. the "URL" will be considered to be external.
Due to this, no attempt to rebuild the shadow-tree will be made, leaving
it in an inconsistent state.
Fix by dropping the check for a valid referenceScope in
scheduleShadowTreeRecreation
(in favor of the check in buildPendingResource).
This also fixes the case where a local reference is replaced by an
invalid remote reference (like one lacking a fragment identifier). This
would previously fail to update because it too had a null "reference"
scope.
Also convert callers of SVGURIReference::isExternalURIReference to call
isStructurallyExternal instead. This lends a bit of consistency to the
definition of "local" used in SVGUseElement. It also means that the null
'href' case is considered to be a local reference (which has no practical
consequence, but makes the handling of null be similar to the handling of
the empty string - with the exception of base URL handling.)

BUG=516051

Review URL: https://codereview.chromium.org/1287243003

git-svn-id: svn://svn.chromium.org/blink/trunk@200537 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't update the active cue set in detached Documents
After (or during) detaching the document, it makes very little sense to
keep updating the timeline and the set of active cues. Instead just punt
and ignore. Most importantly, this avoids trying to dispatch events to
Nodes (HTMLTrackElements precisely) during the disposal of the Document.
Remove the similar check in CueTimeline::endIgnoringUpdateRequests,
that was originally added for WK bug 105606 [1] which fixed a similar
issue, since the check in updateActiveCues should cover the relevant
part of that too.

[1] https://bugs.webkit.org/show_bug.cgi?id=105606

BUG=516298

Review URL: https://codereview.chromium.org/1282903003

git-svn-id: svn://svn.chromium.org/blink/trunk@200507 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Better handle reentrancy into DocumentLoader::dataReceived(). (patchset #10 id:180001 of https://codereview.chromium.org/1263363005/ )
Reason for revert:
ASan bots are reporting a handful of UAFs,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/19837

Original issue's description:
> Better handle reentrancy into DocumentLoader::dataReceived().
> 
> dataReceived() can be called reentrantly if it triggers a nested message
> loop when detaching a Document or parsing script for the new Document.
> Since dataReceived() isn't safe for reentrancy, any nested invocations
> queue the received data to be processed by the top-level invocation of
> dataReceived().
> 
> BUG=515876
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200436

TBR=japhet@chromium.org,kouhei@chromium.org,morrita@chromium.org,dcheng@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=515876

Review URL: https://codereview.chromium.org/1295553002

git-svn-id: svn://svn.chromium.org/blink/trunk@200487 bbb929c8-8fbe-4397-9dbb-9b2b20218538
haavardm
Add a info flag set when certs fails to conform to the CT policy.
This is useful for clients that only wants to show CT
info if the certificate is not CT compliant.

BUG=None

Review URL: https://codereview.chromium.org/1287023003

Cr-Commit-Position: refs/heads/master@{#343170}
mstensho
Clean up PageBoundaryRule enum.
Replace the {Include,Exclude}PageBoundary values with
AssociateWith{Former,Latter}Page, since it was rather confusing what was meant
by "include" or "exclude" in most situations. Also remove default
PageBoundaryRule values from method declarations taking this enum as a
parameter, since there's really no natural default value, and each caller
should be aware of what it's asking for.

Realizing what's actually going on here allowed for some cleanup in
nextPageLogicalTop().

Also made the enum public, since there are public methods taking it as a
parameter.

No behavioral changes intended.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1287113002

git-svn-id: svn://svn.chromium.org/blink/trunk@200438 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Remove effective zoom from font metrics before length calculations
Since https://codereview.chromium.org/308123010 and
https://codereview.chromium.org/323053002, the effectiveZoom is
included in the style's font. This patch adds missing code to
SVGLengthContext to remove the effective zoom before computing ex
(x-height) and ch (zero-width) units.

BUG=519133

Review URL: https://codereview.chromium.org/1283463003

git-svn-id: svn://svn.chromium.org/blink/trunk@200393 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Fix a few typos in the IPC message macros documentation
BUG=none
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1284593004

Cr-Commit-Position: refs/heads/master@{#342990}
mstensho
Move code for locating the containing flow thread out of LayoutObject.
BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1286693003

git-svn-id: svn://svn.chromium.org/blink/trunk@200345 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Auto-height table cells must stop percentage resolution of child heights.
This also needs to apply when a table cell is anonymous. The spec only mentions
*blocks* when it comes to skipping anonymous objects for resolving percentages
[1]. No mention of table cells anywhere.

[1] http://www.w3.org/TR/2011/REC-CSS2-20110607/visuren.html#anonymous-block-level

BUG=518210
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1289463002

git-svn-id: svn://svn.chromium.org/blink/trunk@200337 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Add toLayoutMultiColumnFlowThread().
BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1282923004

git-svn-id: svn://svn.chromium.org/blink/trunk@200336 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Handle Performance object creation on loader-less Documents.
Speculatively fix reported null crasher in Performance ctor,
checking if Document has a DocumentLoader before accessing.
Should this object be created while its frame is being detached
(see bug stack trace), this can potentially happen.

R=haraken,ksakamoto
BUG=518775

Review URL: https://codereview.chromium.org/1287513003

git-svn-id: svn://svn.chromium.org/blink/trunk@200307 bbb929c8-8fbe-4397-9dbb-9b2b20218538
alexanderk
Convert octane test score to float first
to prevent fails on slow devices

BUG=508907
CQ_EXTRA_TRYBOTS=tryserver.chromium.perf:linux_perf_bisect;tryserver.chromium.perf:mac_perf_bisect;tryserver.chromium.perf:win_perf_bisect

Review URL: https://codereview.chromium.org/1230063007

Cr-Commit-Position: refs/heads/master@{#342772}
mstensho
Prepare height calculation methods in LayoutFlowThread for nested multicol.
Rename pageLogicalHeight() in LayoutMultiColumnSet to
pageLogicalHeightForOffset(), so that it matches the naming of
pageRemainingLogicalHeightForOffset().

Move the innards to LayoutMultiColumnSet. And some 0 -> LayoutUnit() cleanup.

Had to adjust some call sites because of this and introduce
isPageLogicalHeightKnown().

No behavioral changes intended for now.

R=jchaffraix@chromium.org,leviw@chromium.org
BUG=447718

Review URL: https://codereview.chromium.org/1282353002

git-svn-id: svn://svn.chromium.org/blink/trunk@200272 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
A line that doesn't fit in a column shouldn't pull preceding floats to the next column.
Require that a line box be flush with the content edge of the block if it is to
pull its parent block to the next column.

Also cleaned up the surrounding code and documented it. It had a rather complex
if-expression not really suitable for human consumption as it was, and adding
even more to it would have been just evil. No other behavioral changes
intended, apart from the actual bugfix.

BUG=516296
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1277613004

git-svn-id: svn://svn.chromium.org/blink/trunk@200269 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Make LayoutFlowThread::fragmentsBoundingBox() faster.
It used to let collectLayerFragments() handle the job, with an infinite dirty
rectangle. This forced us to collect all columns, when we really only needed to
know the bounding boxes of the first and the last columns in each fragmentainer
group.

This gives a major speed-up in the Layout/multicol/tall-content-short-columns-*
tests. It will also make it possible to submit a fix for bug 502407 and write a
test for it that doesn't time out.

R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1265933002

git-svn-id: svn://svn.chromium.org/blink/trunk@200264 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
GC plugin: consider references equal to raw pointers.
Unmanaged raw pointers to managed(GC) classes aren't safe across GCs,
hence fields with raw pointer types to such GCed classes are identified
and reported as errors or warnings.

Extend that checking to also apply to reference pointer types.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1274403002

Cr-Commit-Position: refs/heads/master@{#342615}
sigbjornf
Oilpan: tidy up some inter-stack object references.
Add uses of STACK_ALLOCATED() so as to allow these objects to safely
keep references to other stack allocated objects.

For other heap allocated objects that keep references to GCed objects,
convert these into appropriate Member<> refs.

R=haraken, philipj@opera.com
BUG=509911

Review URL: https://codereview.chromium.org/1278103002

git-svn-id: svn://svn.chromium.org/blink/trunk@200242 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Elements whose contents start with an astral Unicode symbol disappear when CSS `::first-letter` is … (patchset #9 id:160001 of https://codereview.chromium.org/1133853006/ )
Reason for revert:
ASan picking up a number of UAF failures due to this one,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/19782

Original issue's description:
> Elements whose contents start with an astral Unicode symbol disappear when CSS `::first-letter` is applied to them.
> 
> This CL is inspired by http://trac.webkit.org/changeset/172513
> written by Myles C. Maxfield.
> The previous code assumed that all "characters" are exactly 1 16-bit code unit wide.
> Instead, use numCharactersInGraphemeClusters().
> 
> For blink, we add countCharactersAndGraphemesInCluster to bring a similar
> functionality to blink. This api is based on countGraphemesInCluster and improved
> to figure out the number of characters and grapheme at the same time in the given clusters.
> 
> BUG=401945
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200227

TBR=leviw@chromium.org,eae@chromium.org,esprehn@chromium.org,drott@chromium.org,shivamidow@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=401945

Review URL: https://codereview.chromium.org/1277803004

git-svn-id: svn://svn.chromium.org/blink/trunk@200228 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Upon load failure, remove sync script from execution queue. (patchset #4 id:60001 of https://codereview.chromium.org/1263743002/ )
Reason for revert:
Crashes due to a release assert added here are being reported in https://code.google.com/p/chromium/issues/detail?id=517970 . Better revert this until that can be looked into more closely.

Original issue's description:
> Upon load failure, remove sync script from execution queue.
> 
> If a script element is to be loaded synchronously and executed in order,
> it's queued for execution before loading. Should that load fail, the
> immediate execution of the script,
> 
>   https://html.spec.whatwg.org/#execute-the-script-block
> 
> should only result in an error event being dispatched.
> 
> Implementation-wise, along with signalling error, the failed script must also
> be removed from the internal in-order execution queue. We're done with
> (not) executing the script and failure to remove it will cause subsequent
> processing of the script execution queue to see the script as having failed
> to load and re-dispatch an error event.
> 
> [This is a reland of r199656, which wrongly updated&removed scripts from the
> in-order queue.]
> 
> R=haraken
> BUG=503077
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200045

TBR=haraken@chromium.org,tkent@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=503077

Review URL: https://codereview.chromium.org/1277273002

git-svn-id: svn://svn.chromium.org/blink/trunk@200186 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: catch some self-referential leaks (main thread.)
Track the number of SelfKeepAlive<>s that are currently active on
the main thread, so as to be able to detect if any remains on
shutdown. A clear indication of a leak, if so.

Also add some debugging support for detecting thread shutdown
leaks due to Persistent<>s not being released; see
PersistentRegion::dumpLivePersistents() and ThreadState::cleanup().

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1275863002

git-svn-id: svn://svn.chromium.org/blink/trunk@200174 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: turn EventHandlerRegistry::m_frameHost into a traced reference.
R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1280043002

git-svn-id: svn://svn.chromium.org/blink/trunk@200171 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: convert DOMWindowIndexedDatabase::m_window to a Member<>.
R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1277653006

git-svn-id: svn://svn.chromium.org/blink/trunk@200170 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: mark StylePropertySet::PropertyReference as stack allocated.
Annotate this object as stack allocated + turn its StylePropertySet
reference into a Member.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1276243002

git-svn-id: svn://svn.chromium.org/blink/trunk@200169 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
mention MPL tri-licensed code in our copy of zlib
Review URL: https://codereview.chromium.org/1279843003

Cr-Commit-Position: refs/heads/master@{#342346}
mostynb
mention MPL tri-licensed code in our copy of libpng
Review URL: https://codereview.chromium.org/1274513004

Cr-Commit-Position: refs/heads/master@{#342345}
sigbjornf
Oilpan: have ResourceFetcher use a prefinalizer.
The changes in r200133 unsafely allows access to other heap objects during
the finalization of ResourceFetcher. Perform the clearing of preload
resources using a prefinalizing action instead.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1270343003

git-svn-id: svn://svn.chromium.org/blink/trunk@200165 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: tidy StylePropertySerializer's handling of GCed objects.
Add the required annotations + correctly represent and trace embedded
StylePropertySet references.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1278143002

git-svn-id: svn://svn.chromium.org/blink/trunk@200164 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: catch some self-referential leaks (main thread.)
Track the number of SelfKeepAlive<>s that are currently active on
the main thread, so as to be able to detect if any remains on
shutdown. A clear indication of a leak, if so.

Also add some debugging support for detecting thread shutdown
leaks due to Persistent<>s not being released; see
PersistentRegion::dumpLivePersistents() and ThreadState::cleanup().

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1275863002

git-svn-id: svn://svn.chromium.org/blink/trunk@200163 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix WebRemoteFrame leak in DetachRemoteFrame unit test.
TBR=haraken
BUG=none

Review URL: https://codereview.chromium.org/1282443002

git-svn-id: svn://svn.chromium.org/blink/trunk@200160 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
GC plugin: consider references equal to raw pointers.
Unmanaged raw pointers to managed(GC) classes aren't safe across GCs,
hence fields with raw pointer types to such GCed classes are identified
and reported as errors or warnings.

Extend that checking to also apply to reference pointer types.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1274403002

Cr-Commit-Position: refs/heads/master@{#342320}
sigbjornf
Oilpan: handle MediaControls like the GCed object it is.
R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1274273003

git-svn-id: svn://svn.chromium.org/blink/trunk@200148 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix WebRemoteFrame leak in WebFrameSwapTest.SwapParentShouldDetachChildren
R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1274283002

git-svn-id: svn://svn.chromium.org/blink/trunk@200144 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
convince gcc that cpu_used et al are always initialized
Without this, gcc thinks that min_quantizer, max_quantizer and cpu_used
are used uninitialized and emits a warning which is promoted to an error.

BUG=455409
TBR=bbudge

Review URL: https://codereview.chromium.org/1276633004

Cr-Commit-Position: refs/heads/master@{#342214}
mostynb
mention NPL/MPL source files in our libjpeg licences
Review URL: https://codereview.chromium.org/1272633005

Cr-Commit-Position: refs/heads/master@{#342151}
sigbjornf
Oilpan: fix build after r200105.
TBR=oilpan-reviews
BUG=514755
NOTRY=true

Review URL: https://codereview.chromium.org/1277483005

git-svn-id: svn://svn.chromium.org/blink/trunk@200107 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Deflake http/tests/misc/script-sync-slow-scripts-onerror.html
R=
BUG=503077

Review URL: https://codereview.chromium.org/1279743003

git-svn-id: svn://svn.chromium.org/blink/trunk@200106 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix WebLocalFrame leaks in unit tests.
Not calling close() on locally created WebLocalFrames will keep
the objects alive on shutdown. Add the required calls to
WebViewTest.ClientTapHandlingNullWebViewClient and
ParameterizedWebFrameTest.CreateLocalChildWithPreviousSibling.

R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1273023002

git-svn-id: svn://svn.chromium.org/blink/trunk@200103 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have WebRemoteFrameImpl use SelfKeepAlive<>.
Canonicalize WebRemoteFrameImpl's self-referential persistent as
a SelfKeepAlive<>.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1276513002

git-svn-id: svn://svn.chromium.org/blink/trunk@200048 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
CrossThreadPersistent invalidation: add missing orphaned check.
The main thread may well be detached before other Oilpan-attached threads.
Its orphaned heap pages must consequently be checked for when doing later
invalidation of thread-local CrossThreadPersistent<>s.

R=haraken
BUG=517031

Review URL: https://codereview.chromium.org/1271243003

git-svn-id: svn://svn.chromium.org/blink/trunk@200046 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Upon load failure, remove sync script from execution queue.
If a script element is to be loaded synchronously and executed in order,
it's queued for execution before loading. Should that load fail, the
immediate execution of the script,

  https://html.spec.whatwg.org/#execute-the-script-block

should only result in an error event being dispatched.

Implementation-wise, along with signalling error, the failed script must also
be removed from the internal in-order execution queue. We're done with
(not) executing the script and failure to remove it will cause subsequent
processing of the script execution queue to see the script as having failed
to load and re-dispatch an error event.

[This is a reland of r199656, which wrongly updated&removed scripts from the
in-order queue.]

R=haraken
BUG=503077

Review URL: https://codereview.chromium.org/1263743002

git-svn-id: svn://svn.chromium.org/blink/trunk@200045 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have CSSImageGeneratorValue use SelfKeepAlive<>.
Canonicalize CSSImageGeneratorValue's self-referential persistent as
a SelfKeepAlive<>.

R=haraken
BUG=366546

Review URL: https://codereview.chromium.org/1261253004

git-svn-id: svn://svn.chromium.org/blink/trunk@200044 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have WebLocalFrameImpl use SelfKeepAlive<>.
Canonicalize WebLocalFrameImpl's self-referential persistent as
a SelfKeepAlive<>.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1268103003

git-svn-id: svn://svn.chromium.org/blink/trunk@200038 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Switch SuspendableScriptExecutor over to using SelfKeepAlive<>.
Have this Oilpan-hosted object keep itself alive using SelfKeepAlive<>,
moving it onto the Oilpan heap by default in the process.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1258653003

git-svn-id: svn://svn.chromium.org/blink/trunk@200036 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Disallow relayout roots inside multicol.
It's just too complicated to figure out if it's safe to let a descendant of a
multicol container be a relayout root, so disallow it.

BUG=515260
R=jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1271513004

git-svn-id: svn://svn.chromium.org/blink/trunk@200034 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: lazily create SelfKeepAlive<>'s persistent reference.
To reduce overhead of having to register a Persistent<> that may
only have a non-null reference for a shorter interval, instantiate
the Persistent<> on assignment. And clear it out completely when
the SelfKeepAlive<> is cleared.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1263313003

git-svn-id: svn://svn.chromium.org/blink/trunk@200028 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Gracefully handle XMLDocumentParser being detached by mutation events.
Should a mutation event handler run while flushing out parser-buffered text,
we could end up in a detached state, something the implementation wasn't
prepared for.

Firm up exitText() usage, and rename it as updateLeafTextNode(). Also attempt
to make enterText() more descriptive as createLeafTextNodeIfNeeded().

R=haraken,tkent,kouhei
BUG=516290

Review URL: https://codereview.chromium.org/1267283002

git-svn-id: svn://svn.chromium.org/blink/trunk@200026 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Drop [TreatNullAs=NullString] for Document.designMode
Because Document::setDesignMode ignores everything except "yes" and "no"
this change is not observable.

BUG=460722

Review URL: https://codereview.chromium.org/1263043005

git-svn-id: svn://svn.chromium.org/blink/trunk@199988 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Remove unnecessary ENABLE(OILPAN) usage.
R=yutak
BUG=513729

Review URL: https://codereview.chromium.org/1268853009

git-svn-id: svn://svn.chromium.org/blink/trunk@199962 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Have ScriptPromiseResolver on the Oilpan heap always.
R=yhirano,haraken,jochen
BUG=340522

Review URL: https://codereview.chromium.org/1233173002

git-svn-id: svn://svn.chromium.org/blink/trunk@199953 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Include overflow when setting the logical flowthread bottom on the last column set.
The logical height of the flow thread may be shorter than the start flowthread
offset of the last column set, if there's overflowing content. We used to have
expandToEncompassFlowThreadOverflow() to correct this, but let's include
overflow right away, instead of setting the bottom offset twice (first
incorrectly, then correctly).

This avoids an assertion failure (in this case the assertion was harmless,
though).

BUG=512362
R=dsinclair@chromium.org,jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1266553002

git-svn-id: svn://svn.chromium.org/blink/trunk@199952 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Need to check for positional rules on parent with style change.
A local style change on the parent inhibited checks for positional rule
changes on children with an early return. Removed that early return.

R=dstockwell@chromium.org
BUG=510732

Review URL: https://codereview.chromium.org/1264573004

git-svn-id: svn://svn.chromium.org/blink/trunk@199950 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Remove HasInlinedTraceMethod<T>.
Follow up r193615's retirement of ENABLE(INLINE_TRACE) and remove the
now-unused HasInlinedTraceMethod<T> template.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1270043002

git-svn-id: svn://svn.chromium.org/blink/trunk@199942 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Invalidate cross-thread persistents on heap termination.
When a thread is detached from Oilpan and its ThreadState is
finalized, arrange for any CrossThreadPersistent<>s pointing
into one of its heaps to be cleared out. Not doing so risks
dangling pointers to be followed upon GC or by anyone else
still keeping these CrossThreadPersistent<>s alive.

The only operation that other threads are allowed over
CrossThreadPersistent<> (CTP) once the ThreadState has been
destructed, is to destruct the CTP.

R=haraken
BUG=515432

Review URL: https://codereview.chromium.org/1265103003

git-svn-id: svn://svn.chromium.org/blink/trunk@199891 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Reliably cancel in-progress CryptoResult(Impl) upon shutdown.
Move CryptoResult to the Oilpan heap and in order to support such
Oilpan-hosted CryptoResults mainly, also separate out the signalling
of crypto operation cancellation.

CryptoResults are wrapped up (WebCryptoResult) and passed to the
embedder's webcrypto layer upon initiating a crypto operation.
Should the Blink thread that initiated that operation be shut
down (before that crypto operation completes, possibly), it will
go through its shutdown steps, including notifying CryptoResults
that it is stopping. At which point the implementation has to
effectively cancel the ongoing crypto operation.

The Oilpan heaps belonging to the thread shutting down cannot be
reliably used to communicate cancellation status, as they're about
to be detached and destructed also. Hence, we keep a separate
off-heap cancellation object that can live beyond the Blink thread
that initiated it. And can be used by the webcrypto layer to 
safely query for cancellation status after the Blink thread has
been shut down entirely.

As webcrypto operations are handled on separate threads, the
cancellation object references can be safely accessed from any
thread, including handling their eventual destruction. The same goes
for the Oilpan-hosted CryptoResult -- external references (by way
of WebPrivatePtr<>) can be held and destructed from any thread.

R=haraken,eroman,tkent
BUG=440450

Review URL: https://codereview.chromium.org/1228373006

git-svn-id: svn://svn.chromium.org/blink/trunk@199878 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Tidy up ActiveDOMObject destructor.
R=haraken
BUG=462949

Review URL: https://codereview.chromium.org/1266443003

git-svn-id: svn://svn.chromium.org/blink/trunk@199845 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Upon load failure, remove sync script from execution queue. (patchset #3 id:40001 of https://codereview.chromium.org/1263743002/)
Reason for revert:
Speculatively reverting to see if it addresses the recent crashes being reported via http://crbug.com/515419

Original issue's description:
> Upon load failure, remove sync script from execution queue.
> 
> If a script element is to be loaded synchronously and executed in order,
> it's queued for execution before loading. Should that load fail, the
> immediate execution of the script,
> 
>   https://html.spec.whatwg.org/#execute-the-script-block
> 
> should only result in an error event being dispatched.
> 
> Implementation-wise, along with signalling error, the failed script must also
> be removed from the internal in-order execution queue. We're done with
> (not) executing the script and failure to remove it will cause subsequent
> processing of the script execution queue to see the script as having failed
> to load and re-dispatch an error event.
> 
> R=haraken
> BUG=503077
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=199656

TBR=haraken@chromium.org,tkent@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=503077

Review URL: https://codereview.chromium.org/1271443002

git-svn-id: svn://svn.chromium.org/blink/trunk@199788 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
fix typo in DelegatedFrameHost::SwapDelegatedFrame arg name
BUG=503594
TBR=wjmaclean

Review URL: https://codereview.chromium.org/1263923003

Cr-Commit-Position: refs/heads/master@{#341204}
sigbjornf
Remove unused CallbackStack::swap() method.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1262993002

git-svn-id: svn://svn.chromium.org/blink/trunk@199739 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Unify code paths for fixed and absolutely positioned objects in accumulateOffsetTowardsAncestor().
Deleted most of the code specific to handling of fixed-positioned objects, and
have fixed-positioned objects use the code for absolutely positioned objects
instead. One piece needs to be kept, though: If the container of a fixed
positioned object is the viewport, we need to make sure that we call
LayoutObject::localToAbsolute() to calculate the correct position, since
DeprecatedPaintLayer::location() doesn't handle fixed-positioning properly.

This gets rid of an assertion failure that would trigger when we had a multicol
with a transform with a fixedpos.

BUG=496929
R=chrishtr@chromium.org,jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1268493002

git-svn-id: svn://svn.chromium.org/blink/trunk@199725 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Eagerly finalize V8AbstractEventListeners.
The listener's wrapper needs to be promptly cleared so as to prevent
untidy accesses to a poisoned heap by v8's GC if the listener is instead
lazily swept & finalized.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1263953002

git-svn-id: svn://svn.chromium.org/blink/trunk@199721 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
collectLayerFragments() expects a dirty rect relative to the multicol container.
It was actually relative to the flow thread (see call site at
DeprecatedPaintLayer::collectFragments()), but it's documented as "relative to
the multicol container" in MultiColumnFragmentainerGroup::collectLayerFragments().
So make it relative to the multicol container, then.

There was no layout test to catch this fundamental RTL issue, so I added one.

BUG=511655
R=dsinclair@chromium.org,jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1259943002

git-svn-id: svn://svn.chromium.org/blink/trunk@199697 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Get rid of subtract-one-whole-pixel hack.
Rectangles in Blink are endpoint-exclusive. There's a hack in the multicol code
to work around this (when mapping from block positions to column indices), but
it's not corner-case-proof. It both causes rendering errors and a recently
added assertion to fail. Fixed this.

R=dsinclair@chromium.org,jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1258883003

git-svn-id: svn://svn.chromium.org/blink/trunk@199683 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Refactor BeforeInstallPromptEvent to use ScriptPromiseProperty (patchset #11 id:250001 of https://codereview.chromium.org/1247283004/)
Reason for revert:
Causes app_banner/app-banner-event-prompt.html failure,

  http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=app_banner%2Fapp-banner-event-prompt.html

Original issue's description:
> Refactor BeforeInstallPromptEvent to use ScriptPromiseProperty
> 
> This stops the event holding a ScriptPromise as a member, which may 
> lead to a memory leak. Instead, ScriptPromiseProperty members are held
> as members in the event. A WebCallbacks subclass is used to store a
> pointer to the necessary ScriptPromiseProperty in the associated event,
> with the interface exposed to Chromium. When a banner event is resolved,
> the WebCallbacks implementation in modules/app_banner looks up the 
> ScriptPromiseProperty and resolves its promise. This also makes
> resolving the prompt promise simpler as well, as it occurs entirely in the
> event.
> 
> This CL also removes the app-banner-event-prompt.html test from 
> LeakExpectations, and fixes some bugs in the test relating to promise
> resolution.
> 
> BUG=504675
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=199472

TBR=mlamouri@chromium.org,yhirano@chromium.org,dominickn@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=504675

Review URL: https://codereview.chromium.org/1257823003

git-svn-id: svn://svn.chromium.org/blink/trunk@199666 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Perform initial GC to improve inspector/search test stability.
With Oilpan, inspector tests enumerating resources are susceptible to
"GC lag", including resources that have yet to be GCed and swept out.

To ensure a stable baseline for the tests, perform an initial,
flushing GC.

R=haraken
BUG=513393

Review URL: https://codereview.chromium.org/1254293008

git-svn-id: svn://svn.chromium.org/blink/trunk@199665 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Upon load failure, remove sync script from execution queue.
If a script element is to be loaded synchronously and executed in order,
it's queued for execution before loading. Should that load fail, the
immediate execution of the script,

  https://html.spec.whatwg.org/#execute-the-script-block

should only result in an error event being dispatched.

Implementation-wise, along with signalling error, the failed script must also
be removed from the internal in-order execution queue. We're done with
(not) executing the script and failure to remove it will cause subsequent
processing of the script execution queue to see the script as having failed
to load and re-dispatch an error event.

R=haraken
BUG=503077

Review URL: https://codereview.chromium.org/1263743002

git-svn-id: svn://svn.chromium.org/blink/trunk@199656 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
export the entire HTMLResourcePreloader class in shared_library builds
After https://codereview.chromium.org/1112833004/ landed, libblink_web.so
fails to link in some configurations, giving this error:

obj/third_party/WebKit/Source/core/html/parser/blink_web.HTMLResourcePreloaderTest.o:HTMLResourcePreloaderTest.cpp:function blink::HTMLResourcePreloaderTest::test(blink::PreconnectTestCase): error: undefined reference to 'vtable for blink::HTMLResourcePreloader'
/usr/bin/ld.gold: the vtable symbol may be undefined because the class is missing its key function

The blink::HTMLResourcePreloader vtable exists in lib/libwebcore_shared.so
but only as a local symbol, because I assume that the HTMLResourcePreloader
class has some un-exported virtual methods in these configuration.  So we
should be able to solve this by exporting the entire HTMLResourcePreloader
class.

Review URL: https://codereview.chromium.org/1266533002

git-svn-id: svn://svn.chromium.org/blink/trunk@199651 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Add assertion/crash test for flexbox with relpos with scrollable with abspos.
This test (attached to bug 498969) used to assert, but got fixed by accident by
the fix for bug 498770. Better add the test, in case it should regress.

BUG=498969
R=cbiesinger@chromium.org

Review URL: https://codereview.chromium.org/1261463005

git-svn-id: svn://svn.chromium.org/blink/trunk@199646 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Simplify MultiColumnFragmentainerGroup::collectLayerFragments().
No need to do so much stuff on our own in there, when we already have methods
that can do it for us.

This is just clean-up; no behavioral changes intended.

R=dsinclair@chromium.org,jchaffraix@chromium.org,leviw@chromium.org

Review URL: https://codereview.chromium.org/1252863005

git-svn-id: svn://svn.chromium.org/blink/trunk@199595 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Simplify ownership of a ThreadState's interruptors.
Have ThreadState assume ownership of interruptors registered with
addInterruptor(). That simplifies the handling on the caller side,
allowing them to register-and-forget rather than each having to
manually unregister & destruct their interruptor before shutting down.
(Not that this last step wasn't needed previously either, as ThreadState
would have destructed the interruptors upon its destruction.)

(ThreadState::removeInterruptor() is retained should it prove useful, but
currently unused.)

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1257723002

git-svn-id: svn://svn.chromium.org/blink/trunk@199487 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
use_x11==1 is a better condition for xdisplaycheck dep
The previous condition was incorrect when building for
embedded linux without using the ozone porting layer.
use_x11==1 is used everywhere else for the xdisplaycheck
depdendency, let's do the same here.

Review URL: https://codereview.chromium.org/1256793002

Cr-Commit-Position: refs/heads/master@{#340376}
mostynb
stray c++11 ud suffix fixes for tcmalloc files
Followup to https://codereview.chromium.org/21157004 - here are a few
more warnings that we can silence.

BUG=263960

Review URL: https://codereview.chromium.org/1253873003

Cr-Commit-Position: refs/heads/master@{#340357}
mostynb
use_x11 is better than is_linux for xdisplaycheck dep in mandoline gn build
Review URL: https://codereview.chromium.org/1255843002

Cr-Commit-Position: refs/heads/master@{#340340}
alexanderk
Prevent URLRequestRedirectJob from doing async execution
when request is already canceled and job is killed.

BUG=508900,503306

Review URL: https://codereview.chromium.org/1232113002

Cr-Commit-Position: refs/heads/master@{#340298}
bratell
Revert of Precompile more in Blink in Windows for faster compilations (patchset #1 id:1 of https://codereview.chromium.org/1227953008/)
Reason for revert:
A chromium build bot broke with bad headers again. (see bug)

The pch file does not seem to be recompiled when it should be.

BUG=511945


Original issue's description:
> Precompile more in Blink in Windows for faster compilations
>  
> One reason Blink is slow to compile is that there is a lot of code
> included in every compilation unit since everything depends on either
> LayoutObject.h or Document.h and those in turn include huge portions
> of the rest of Blink.
> 
> By precompiling LayoutObject.h and Document.h the compilation of core and
> modules in Blink can be 4 times faster (4 minutes instead of
> 19 minutes on my computer).
> 
> The downside is that it will introduce Document.h and LayoutObject.h
> also in compilation units that didn't expect it, for instance
> XPathGrammer.y that suddenly will have both blink::Path and
> blink::XPath::Path in scope (and blink::Filter / blink::XPath::Filter)
> 
> Note that distributed compilation system disables precompiled headers
> globally so this will *not* make trybots faster.
> 
> This is a new attempt at this change after bug 511945 scared us into
> reverting it. We still do not know the exact cause of 511945 but we
> are making another attempt with this.
> 
> BUG=495697
> R=thakis@chromium.org,sigbjornf@chromium.org
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=199168

TBR=brucedawson@chromium.org,jam@chromium.org,scottmg@chromium.org,thakis@chromium.org,sigbjornf@opera.com,tasak@google.com,haraken@chromium.org,philipj@opera.com
BUG=495697

Review URL: https://codereview.chromium.org/1259563002

git-svn-id: svn://svn.chromium.org/blink/trunk@199436 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Sync menulist-appearance-basic.html (Oilpan) expectations.
fast/forms/select/menulist-appearance-basic.html is no longer too
slow in Debug builds.

TBR=oilpan-reviews
BUG=397425
NOTRY=true

Review URL: https://codereview.chromium.org/1257673002

git-svn-id: svn://svn.chromium.org/blink/trunk@199435 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Add ExecuteJavaScriptForTest and make all tests use it (patchset #15 id:270001 of https://codereview.chromium.org/1123783002/)
Reason for revert:
Speculatively reverting to address failures,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux/builds/51422

Original issue's description:
> Add ExecuteJavaScriptForTest and make all tests use it
>
> Additionally, restrict the URLs that ExecuteJavaScript can be invoked on
> to chrome-controlled URLs.
>
> R=jam@chromium.org
> BUG=507809
>
> Committed: https://crrev.com/904f14ebdc3bdb8e893df0a3211d09de42d5619c
> Cr-Commit-Position: refs/heads/master@{#340231}

TBR=jam@chromium.org,mdjones@chromium.org,torne@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=507809

Review URL: https://codereview.chromium.org/1257603003

Cr-Commit-Position: refs/heads/master@{#340241}
sigbjornf
Make ContentDecryptionModuleResult cross-thread destructible.
So as to handle cross-thread uses of the corresponding
WebContentDecryptionModuleResult (WCDMResult), have WCDMResult
keep a cross-thread persistent (CrossThreadPersistent<>) by
way of its WebPrivatePtr<> reference.

CrossThreadPersistent<> can be destructed on a thread other than
the Oilpan thread creating it; the thread does not have to be
attached to Oilpan.

To control if WebPrivatePtr<> should use a cross-thread persistent
or not, it is now parameterized over an enum controlling which.
The default is to use same-thread persistents. If

  WebPrivatePtr<T, AllowCrossThreadDestruction>

is for a ref-counted T, T must derive from ThreadSafeRefCounted<T>. 

R=jrummell,xhwang,haraken,tkent
BUG=509588

Review URL: https://codereview.chromium.org/1249913002

git-svn-id: svn://svn.chromium.org/blink/trunk@199421 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: reinstate nullptr initialization following r199382.
TBR=oilpan-reviews
BUG=510918
NOTRY=true

Review URL: https://codereview.chromium.org/1249333003

git-svn-id: svn://svn.chromium.org/blink/trunk@199393 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r199375.
TBR=oilpan-reviews
BUG=350571
NOTRY=true

Review URL: https://codereview.chromium.org/1248353002

git-svn-id: svn://svn.chromium.org/blink/trunk@199378 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Make video.webkitSupportsFullscreen an alias of document.fullscreenEnabled
The removed checks both originate from the earliest revision of this
code, for ChromeClient::supportsFullscreenForNode() and
MediaPlayer::supportsFullscren() calls respectively:
http://trac.webkit.org/changeset/49136

Both were conservatively left in later cleanup:
https://codereview.chromium.org/13851023
https://codereview.chromium.org/139943006

Fullscreen requests in detached documents will instead fail silently in
Fullscreen::requestFullscreen() due to the document()->isActive() check.

As for the webMediaPlayer() check, this will change the value of
video.webkitSupportsFullscreen before a video is loaded, as seen in
LayoutTests/media/video-prefixed-fullscreen.html. However, at worst
this ought to cause custom fullscreen buttons to be shown too early,
just as they would if using one of the other fullscreen APIs without
checking that the video is ready to play.

Overall risk ought to be low given the low usage of these APIs:
https://www.chromestatus.com/metrics/feature/timeline/popularity/166
https://www.chromestatus.com/metrics/feature/timeline/popularity/168
https://www.chromestatus.com/metrics/feature/timeline/popularity/170

BUG=496637

Review URL: https://codereview.chromium.org/1240573005

git-svn-id: svn://svn.chromium.org/blink/trunk@199362 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Update documentation of Performance.timing/navigation
The specs have now been updated:
https://github.com/w3c/navigation-timing/issues/22
https://github.com/w3c/navigation-timing/issues/28
https://github.com/w3c/navigation-timing/issues/29

BUG=460722
R=ksakamoto@chromium.org

Review URL: https://codereview.chromium.org/1245343003

git-svn-id: svn://svn.chromium.org/blink/trunk@199361 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tmoniuszko
Make FileSystemDirURLRequestJobTest locale-invulnerable
The format of the date in directory listing entry depends on the current
locale. In some countries (for example Poland) DD.mm.YYYY format is used.
base::Time::FromString() internally uses PR_ParseTimeString() from NSPR
library which doesn't support this format (date with dots as separators).
Use icu::DateFormat instead which is able to parse such kind of date
format.

BUG=

Review URL: https://codereview.chromium.org/1246463002

Cr-Commit-Position: refs/heads/master@{#340050}
sigbjornf
Oilpan: fix build after r199317.
TBR=oilpan-reviews
BUG=510483
NOTRY=true

Review URL: https://codereview.chromium.org/1252523003

git-svn-id: svn://svn.chromium.org/blink/trunk@199325 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
use sh instead of bash in ProcessUtilTest on linux
These unit tests don't seem to really depend on bash, by using sh
instead of bash we can run these on more embedded linux targets.

Review URL: https://codereview.chromium.org/1249973002

Cr-Commit-Position: refs/heads/master@{#339901}
sigbjornf
Oilpan: fix build after r199293.
TBR=oilpan-reviews
BUG=509911
NOTRY=true

Review URL: https://codereview.chromium.org/1244363002

git-svn-id: svn://svn.chromium.org/blink/trunk@199306 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mharanczyk
Avoid creating PasswordsPrivateDelegate when shutting down.
BUG=485227

Review URL: https://codereview.chromium.org/1228813006

Cr-Commit-Position: refs/heads/master@{#339855}
philipj
Remove the allowfullscreen exemption for the video-specific fullscreen API (reland)
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/3NukIuOaU4c/Boab2WxzhBYJ

Prompted by a question from Ali Alabbas (Microsoft) on blink-dev:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/f-V2GWatXkA/nvdHJ3xihMkJ

Feedback from Vimeo on blink-dev asking for more time:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/3NukIuOaU4c/MPyuWoDaz8AJ

New plan for removing the allowfullscreen exemption:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/3NukIuOaU4c/LWeJeKYvf1MJ

The video.webkitSupportsFullscreen change will be made separately:
https://codereview.chromium.org/1240573005

BUG=496637

Review URL: https://codereview.chromium.org/1237133002

git-svn-id: svn://svn.chromium.org/blink/trunk@199225 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Stop calling configureTextTrackDisplay() in clearMediaPlayer()
In the test case, the call chain is:
HTMLMediaElement::didMoveToNewDocument() -> userCancelledLoad() ->
clearMediaPlayer() -> configureTextTrackDisplay() ->
updateTextTrackDisplay() -> ensureTextTrackContainer()

ensureTextTrackContainer() will create the text track container if it
did not exist, triggering the assert in the EventDispatchForbiddenScope
set up by ContainerNode::appendChild().

In the test case, the order of setting TextTrack.mode and appending
the HTMLTrackElement matters, which is at the root of the problem. If
the text track container had been created, then there wouldn't have
been any attempt to create it when moving to a new document.
Unfortunately, the logic largely matches what the spec says:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28973

Instead of fixing the assymetry, just remove the
configureTextTrackDisplay() call and depend on the
cueTimeline().updateActiveCues(0) call in userCancelledLoad() instead.
This should suffice, because from the point of view of text track
rendering, the current time is all that matters.

The VisibilityChangeAssumption enum was introduced in order to avoid
unnecessary work in configureTextTrackDisplay():
https://codereview.chromium.org/22645014

This depends on a recent change to decouple VTTCue from VTTCueBox and
LayoutVTTCue, without which the configureTextTrackDisplay() call was
needed to avoid use-after-free of those VTTCue* pointers:
https://codereview.chromium.org/1240433007

BUG=489998

Review URL: https://codereview.chromium.org/1233313008

git-svn-id: svn://svn.chromium.org/blink/trunk@199210 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Don't resolve extended color keywords during parsing
Previously we were keeping the "basic" named colors (color keywords)
unresolved (as identifiers), while resolving the "extended" named
colors.
This CL makes us keep the "extended" colors as well, and resolve them
during style resolving instead (of during parsing.)
Because we now no longer expect to resolve named colors in the
fast-path, we can drop that part of CSSParserFastPaths::parseColor.

The new behavior matches Gecko and IE.

BUG=505410

Review URL: https://codereview.chromium.org/1232593004

git-svn-id: svn://svn.chromium.org/blink/trunk@199209 bbb929c8-8fbe-4397-9dbb-9b2b20218538
bratell
Use gold when compiling 32 bit binaries on an x64 machine.
gold can't normally be used on 32 bit machines because it uses too
much memory, but if the 32-bit binary that is being created is being
created on an x64 machine with sysroot, then it's possible.

BUG=511201
R=dpranke@chromium.org,thakis@chromium.org

Review URL: https://codereview.chromium.org/1234943009

Cr-Commit-Position: refs/heads/master@{#339514}
bratell
Precompile more in Blink in Windows for faster compilations
 
One reason Blink is slow to compile is that there is a lot of code
included in every compilation unit since everything depends on either
LayoutObject.h or Document.h and those in turn include huge portions
of the rest of Blink.

By precompiling LayoutObject.h and Document.h the compilation of core and
modules in Blink can be 4 times faster (4 minutes instead of
19 minutes on my computer).

The downside is that it will introduce Document.h and LayoutObject.h
also in compilation units that didn't expect it, for instance
XPathGrammer.y that suddenly will have both blink::Path and
blink::XPath::Path in scope (and blink::Filter / blink::XPath::Filter)

Note that distributed compilation system disables precompiled headers
globally so this will *not* make trybots faster.

This is a new attempt at this change after bug 511945 scared us into
reverting it. We still do not know the exact cause of 511945 but we
are making another attempt with this.

BUG=495697
R=thakis@chromium.org,sigbjornf@chromium.org

Review URL: https://codereview.chromium.org/1227953008

git-svn-id: svn://svn.chromium.org/blink/trunk@199168 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: remove unnecessary ENABLE(OILPAN) protections of trace() calls.
For modules/, minimize the use of ENABLE(OILPAN) in trace implementations.

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1240223003

git-svn-id: svn://svn.chromium.org/blink/trunk@199164 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Separate VTTCue from VTTCueBox and LayoutVTTCue
Both VTTCueBox and LayoutVTTCue had a VTTCue member, which made for
tricky lifetime considerations, in particular the VTTCue destructor
was removing the VTTCueBox from the DOM, so that the stale VTTCue*
pointers would never be accessed.

Instead, let VTTCue provide VTTCueBox with the information it needs,
which will in turn provide it to LayoutVTTCue. Stale information
should not be a problem, as all relevant changes to VTTCue will call
cueDidChange(), whichs ends up removing and re-inserting the cue.

Refactoring only, no web-observable changes are intended.

BUG=511174, 509911
R=fs@opera.com

Review URL: https://codereview.chromium.org/1240433007

git-svn-id: svn://svn.chromium.org/blink/trunk@199160 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix webkit unit tests following r199143.
Need to promptly detach the local frame created in
FrameFetchContextCachePolicyTest.MainResource.

TBR=oilpan-reviews
BUG=505048
NOTRY=true

Review URL: https://codereview.chromium.org/1245513003

git-svn-id: svn://svn.chromium.org/blink/trunk@199155 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Canvas.toDataURL to use SkBitmap::readPixels to avoid uninitialized memory (patchset #4 id:60001 of https://codereview.chromium.org/1234083003/)
Reason for revert:
ASan bots are failing on toDataURL() tests,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/19488
 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%20ASAN/builds/2978

Original issue's description:
> Canvas.toDataURL to use SkBitmap::readPixels to avoid uninitialized memory
> 
> This change refactors toDataURL to make it read the canvas data into
> a pre-initialized buffer to avoid accessing unitialized memory in cases
> where a GPU readback fails silently.
> 
> BUG=504690
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=199131

TBR=senorblanco@chromium.org,junov@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=504690

Review URL: https://codereview.chromium.org/1236173005

git-svn-id: svn://svn.chromium.org/blink/trunk@199154 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Stop propagating text decorations on outermost SVG roots
Outermost SVG roots should be consider atomic inline-level, and hence
text decorations should not propagate into them from the outside.

BUG=406966

Review URL: https://codereview.chromium.org/1241463003

git-svn-id: svn://svn.chromium.org/blink/trunk@199132 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Intersect with the dirty rect before deciding which columns to examine for collection.
When collecting layer fragments (to paint, hit-test, etc.) for multicol, we
should limit the number of columns to examine. There may be very many columns
(or pages), and processing them isn't for free. We already had code in place to
narrow down the column interval by intersecting with the bounding box of the
content, but in many cases we can narrow it down further (by a lot, in fact) by
intersecting with the dirty rect as well. So let's do that.

We used to intersect with the dirty rect as part of examining each column (i.e.
inside the column loop). Now we do it up-front instead, to decide which columns
are worth examining at all. So remove the dirty rect intersection check from
the column loop. Also remove a bounding box intersection check from the loop,
since we already do that up-front to set the column interval to examine. It
just seemed useless to do it again inside the loop.

This gives a major speed-up in the Layout/multicol/tall-content-short-columns*
performance tests.

R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1237623010

git-svn-id: svn://svn.chromium.org/blink/trunk@199107 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop WebCoreInterpolationQualityToSkFilterQuality
Except for GraphicsContextState, this function is only used in one
location - SVGPaintContext. In that one instance it's hard-wired to 'low',
so make that even more obvious.
Move the function from SkiaUtils.h to GraphicsContextState.cpp and rename.

Review URL: https://codereview.chromium.org/1236363003

git-svn-id: svn://svn.chromium.org/blink/trunk@199092 bbb929c8-8fbe-4397-9dbb-9b2b20218538
bratell
Revert of Precompile more in Blink in Windows for faster compilations (patchset #9 id:160001 of https://codereview.chromium.org/1167523007/)
Reason for revert:
Strange errors in http://build.chromium.org/p/chromium.fyi/builders/Chromium%20Builder indicating that old versions of headers are used by the compiler. Possibly a stale cached pch file.

Original issue's description:
> Precompile more in Blink in Windows for faster compilations
> 
> One reason Blink is slow to compile is that there is a lot of code
> included in every compilation unit since everything depends on either
> LayoutObject.h or Document.h and those in turn include huge portions
> of the rest of Blink.
> 
> By precompiling LayoutObject.h and Document.h the compilation of core and
> modules in Blink can be 4 times faster (4 minutes instead of
> 19 minutes on my computer).
> 
> The downside is that it will introduce Document.h and LayoutObject.h
> also in compilation units that didn't expect it, for instance
> XPathGrammer.y that suddenly will have both blink::Path and
> blink::XPath::Path in scope (and blink::Filter / blink::XPath::Filter)
> 
> Note that distributed compilation system disables precompiled headers
> globally so this will *not* make trybots faster.
> 
> BUG=495697
> R=thakis@chromium.org
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=198859

TBR=brucedawson@chromium.org,jam@chromium.org,scottmg@chromium.org,thakis@chromium.org,sigbjornf@opera.com,tasak@google.com,haraken@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=495697

Review URL: https://codereview.chromium.org/1234393002

git-svn-id: svn://svn.chromium.org/blink/trunk@199036 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Add 'printing' flag to PaintInfo
This adds a new paint flag - PaintInfo::printing() - to be preferred
before Document::printing() (and GC::printing()) during paint.
These flags should always have the same value.
The users of GC::printing() were the "PDF URL rect" code, SVG text
painting (to disable shadows) and TextPainter.
In the last case, the check can be dropped entirely because
TextPainter::*PaintingStyle explicitly clears |Style::shadow| if
|isPrinting| is true.
Rearrange code in PrintContextTest::printSinglePage to better reflect
the flow of actual printing.

BUG=424655

Review URL: https://codereview.chromium.org/1236183003

git-svn-id: svn://svn.chromium.org/blink/trunk@199034 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Work around unreliable metadata for HLS in WebMediaPlayerAndroid
There are two bugs involved, both specific to HLS:
 1. MediaPlayer.getDuration() returning 0 as opposed to -1.
 2. The MediaPlayer.OnVideoSizeChangedListener callback being called
    with width and height zero and later with a non-zero size.

Logging statements were used to test for the bugs on
http://www.aljazeera.com/watch_now/ with some different devices:
 * Huawei P6-U06, Android 4.2.2: both bugs
 * Samsung Galaxy S Duos 2, Android 4.2.2: duration bug
 * HTC One, Android 4.3: both bugs
 * Sony Xperia CP C5303, Android 4.3: both bugs
 * Samsung Galaxy S III, Android 4.3: duration bug
 * Samsung Galaxy S4, Android 4.4.2: duration bug
 * Samsung Galaxy Young 2, Android 4.4.2: duration bug
 * Samsung Galaxy Grand Prime, Android 4.4.4: duration bug
 * Sony Xperia Z2, Android 5.0.2: duration bug
 * Samsung Galaxy S4, CyanogenMod 12.1, Android 5.1.1: duration bug

In summary, the duration bug affects every device tested, while the
video size bug seems to affect some but not all devices running
Android 4.3 and older.

Avoid the need for a local duration variable in OnMediaMetadataChanged
by passing its argument by value, which is already the case for all
other OnMediaMetadataChanged methods in the code base.

BUG=501213, 509972
R=qinmin@chromium.org

Review URL: https://codereview.chromium.org/1241923003

Cr-Commit-Position: refs/heads/master@{#339019}
sebastianl
Don't zoom in TextFinder if autosizing is disabled
On android devices the zoom-level is always being reset if
the viewed page doesn't use/need text autosizing. Therefore,
only zoom to content if autosizing is set.

BUG=

Review URL: https://codereview.chromium.org/1231673007

git-svn-id: svn://svn.chromium.org/blink/trunk@199027 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Move parsing of "keyword only" SVG properties to CSSParserFastPaths
Transfers responsibility for the following properties:

  alignment-baseline
  buffered-rendering
  clip-rule
  color-interpolation
  color-interpolation-filters
  color-rendering
  dominant-baseline
  fill-rule
  mask-type
  shape-rendering
  stroke-linecap
  stroke-linejoin
  text-anchor
  vector-effect
  writing-mode

from CSSPropertyParser::parseSVGValue to CSSParserFastPaths.

Review URL: https://codereview.chromium.org/1213613013

git-svn-id: svn://svn.chromium.org/blink/trunk@199023 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Allow parsing SVG <paint> and <color> properties in the color fast-path
The following properties:

  fill
  flood-color
  lighting-color
  stop-color
  stroke

Will all accept a single <color> as a valid value. This means they can
be handled by the <color> parsing fast-path, which reduces the parsing
cost for these properties which often appear as presentation attributes.

Review URL: https://codereview.chromium.org/1221303013

git-svn-id: svn://svn.chromium.org/blink/trunk@199022 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Align color keyword handling in CSSParserFastPaths with CSSPropertyParser
Previously there has been some discrepancies between
CSSParserFastPaths::parseColor and CSSPropertyParser::parseColor with
regards which color keywords they accept, and whether they do so in
quirks mode or not. Use the same sequence of isColorKeyword and
isValueAllowedInMode in both places to try to prevent that happening
(again.)

BUG=505410

Review URL: https://codereview.chromium.org/1235943002

git-svn-id: svn://svn.chromium.org/blink/trunk@199021 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Update documentation of WindowPerformance and WorkerGlobalScopePerformance
The specs have now been updated:
https://github.com/w3c/hr-time/issues/9
https://github.com/w3c/hr-time/issues/10

BUG=460722
NOTRY=true
R=ksakamoto@chromium.org

Review URL: https://codereview.chromium.org/1239823002

git-svn-id: svn://svn.chromium.org/blink/trunk@199015 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Make sure that no column rows get negative flow thread portion heights.
BUG=510390
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1241703005

git-svn-id: svn://svn.chromium.org/blink/trunk@198970 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Remove the :-webkit-full-screen-document pseudo class
It is virtually unused in the wild, according to use counter data:
https://www.chromestatus.com/metrics/feature/timeline/popularity/627

Nothing similar exists in the spec or is likely to ever be added.

BUG=402378

Review URL: https://codereview.chromium.org/1233503003

git-svn-id: svn://svn.chromium.org/blink/trunk@198966 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Multicol performance tests for tall content (so that we get (very) many columns).
This is currently horribly slow. Discovered while working on bug 502407
(assertion failure). It seems impossible to write a test for that issue
that doesn't run into the performance problems illustrated by these tests,
so we have to land some performance improvements before fixing the actual
assertion. 

R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1239783002

git-svn-id: svn://svn.chromium.org/blink/trunk@198956 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Measure usage of HTMLMediaElement preload states
Refactoring into a preloadType() is necessary in order to count cases
where the preload attribute is never set, i.e. the missing value default
case. Also, it's nice to have less state in HTMLMediaElement.

BUG=73609, 310450

Review URL: https://codereview.chromium.org/1227403004

git-svn-id: svn://svn.chromium.org/blink/trunk@198955 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Add a comment about counter availability in M45 branch
R=jochen@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1235963004

git-svn-id: svn://svn.chromium.org/blink/trunk@198954 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
May need to insert or remove column sets when out-of-flow objects get their containing block changed.
Out-of-flow descendants may become or cease to be a part of a multicol
container due to changes on an ancestor. An ancestor may become or cease to be
a containing block for out-of-flow descendants.

Transforms also establish containing blocks for absolutely and fixed positioned
descendants, so we need to check for that too.

BUG=509463
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1229983004

git-svn-id: svn://svn.chromium.org/blink/trunk@198940 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Only coerce interpolation mode returned from computeInterpolationQuality
This makes the interpolation mode remain as InterpolationNone if the
'printing' flag is set, which is in line with the documentation for said
flag.

This behavior was added in: 
  http://trac.webkit.org/changeset/117187
which did not mention the printing case.

This is a first step towards separating "per context" and "per image"
interpolation settings/adaption.

BUG=492794

Review URL: https://codereview.chromium.org/1237083004

git-svn-id: svn://svn.chromium.org/blink/trunk@198934 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Use LayoutObject to locate the flow thread.
No need for (poorly) duplicated efforts in DeprecatedPaintLayer.

Cleaned up the code a little while I was here. One of the transform checks was
getting in the way, so I removed them both. They did nothing useful anyway.
The flow thread (i.e. pagination layer) itself can never be transformed.

Also removed the fast-path completely, since most layers don't use it.

When all this was gone, it became obvious that we should just fold
updatePagination() into updatePaginationRecursive().

What really went wrong here was that we failed to re-establish the layers when
evacuating a flow thread (which happens when a multicol container ceases to be
one), so we just kept what we had, and the flow thread got deleted without any
of the decendant layers noticing (so that we were pointing to dead enclosing
pagination layers). There's code in LayoutBoxModelObject::moveChildTo() that
normally handles such things (notifications that involve re-establishing the
layers), but only for LayoutInline and LayoutBlock. In this case we were
dealing with a LayoutSVGRoot, which is LayoutReplaced. There could be other
problems with SVG with layers inside because of this, but in this bug, the
correct fix is to just disallow pagination-awareness inside SVG, which
LayoutObject::locateFlowThreadContainingBlock() already does for us, if we but
just bother to invoke it.

BUG=507992
R=chrishtr@chromium.org

Review URL: https://codereview.chromium.org/1235133004

git-svn-id: svn://svn.chromium.org/blink/trunk@198891 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198872.
TBR=oilpan-reviews
BUG=510036
NOTRY=true

Review URL: https://codereview.chromium.org/1234793003

git-svn-id: svn://svn.chromium.org/blink/trunk@198887 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Don't paginate lines that are taller than the column / page.
This is a partial revert of https://codereview.chromium.org/1221803003

I still believe what that patch did was correct, but it broke printing of Google Docs.

BUG=507972
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1236163002

git-svn-id: svn://svn.chromium.org/blink/trunk@198866 bbb929c8-8fbe-4397-9dbb-9b2b20218538
bratell
Precompile more in Blink in Windows for faster compilations
One reason Blink is slow to compile is that there is a lot of code
included in every compilation unit since everything depends on either
LayoutObject.h or Document.h and those in turn include huge portions
of the rest of Blink.

By precompiling LayoutObject.h and Document.h the compilation of core and
modules in Blink can be 4 times faster (4 minutes instead of
19 minutes on my computer).

The downside is that it will introduce Document.h and LayoutObject.h
also in compilation units that didn't expect it, for instance
XPathGrammer.y that suddenly will have both blink::Path and
blink::XPath::Path in scope (and blink::Filter / blink::XPath::Filter)

Note that distributed compilation system disables precompiled headers
globally so this will *not* make trybots faster.

BUG=495697
R=thakis@chromium.org

Review URL: https://codereview.chromium.org/1167523007

git-svn-id: svn://svn.chromium.org/blink/trunk@198859 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Robustify window.internals.textSurroundingNode().
R=hajimehoshi	
BUG=509860

Review URL: https://codereview.chromium.org/1237093003

git-svn-id: svn://svn.chromium.org/blink/trunk@198856 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Allocate XMLHttpRequest on the eagerly finalized heap.
With XMLHttpRequest now being on the heap with !ENABLE(OILPAN), we need
to arrange for this ActiveDOMObject to be allocated as an eagerly
finalized object.

R=haraken
BUG=509841

Review URL: https://codereview.chromium.org/1237063002

git-svn-id: svn://svn.chromium.org/blink/trunk@198853 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Refresh Frame(Loader) detach() related comments.
Update comments not to refer the older detachFromParent().

R=haraken,dcheng
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1231273003

git-svn-id: svn://svn.chromium.org/blink/trunk@198804 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198789.
TBR=oilpan-reviews
BUG=439376
NOTRY=true

Review URL: https://codereview.chromium.org/1237633003

git-svn-id: svn://svn.chromium.org/blink/trunk@198803 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198788.
R=haraken
BUG=439376
NOTRY=true

Review URL: https://codereview.chromium.org/1232423002

git-svn-id: svn://svn.chromium.org/blink/trunk@198802 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: simplify ImageLoaderClient handling.
Simplify the unregistration of ImageLoaderClient objects. The weak client
references are removed as clients as part of weak processing or
when running the ImageLoader's prefinalizer.

R=haraken
BUG=383742

Review URL: https://codereview.chromium.org/1224323003

git-svn-id: svn://svn.chromium.org/blink/trunk@198790 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Don't cache MemoryInfo instance on ConsoleMemory object.
Round out r197581 and do same on console.memory

R=yurys,haraken
BUG=501270

Review URL: https://codereview.chromium.org/1230203003

git-svn-id: svn://svn.chromium.org/blink/trunk@198785 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Only allow the -webkit-text color keyword in quirks/UA-sheet mode
This color keyword is mainly used to implement the 'quirk-inherit'
special value for 'color' on <table> in quirks mode [1].
Currently this keyword is treated differently for different properties,
but for the most common properties, the "only in quirks mode" rule is
applied. It's also marked as "QuirksOrUASheet" in CSSValueKeywords.in.
Extend the "only in quirks mode" rule to apply to all <color>
properties.

The test fast/css/webkit-text-display-none.html is converted to run in
quirks mode. It worked previously because setting inline style would use
the fast-path color parser which was inconsistent with the non-fast-path
color parser in accepting '-webkit-text' in standards mode.

[1] https://quirks.spec.whatwg.org/#the-tables-inherit-color-from-body-quirk

BUG=505410

Review URL: https://codereview.chromium.org/1216523006

git-svn-id: svn://svn.chromium.org/blink/trunk@198770 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Return early in automaticTrackSelectionForUpdatedUserPreference()
If there are no text tracks, nothing in the method does anything,
except updateTextTrackDisplay() which will create the text track
container which is not needed yet.

BUG=457850

Review URL: https://codereview.chromium.org/1228293003

git-svn-id: svn://svn.chromium.org/blink/trunk@198767 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Gracefully handle track-less elements on updating track selection.
The media element may not have text tracks.

Follow up on r198661.

R=haraken
BUG=457850

Review URL: https://codereview.chromium.org/1224083013

git-svn-id: svn://svn.chromium.org/blink/trunk@198754 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: switch ImageLoader to be prefinalized.
If an ImageLoader for an SVGImage ends up being swept out along with a
FrameView (a ScrollableArea), the former may circuitously end up accessing
the latter via its destructor. Having both be eagerly finalized, or
prefinalized, doesn't guarantee a correct destruction order.

Hence, to address, arrange for the ImageLoader to be finalized/disposed of
first by way of a prefinalizing action.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1226373008

git-svn-id: svn://svn.chromium.org/blink/trunk@198753 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Remove unused ExtraData support on exported mediastream objects.
The Blink exported interfaces RTCSessionDescriptionRequest, RTCVoidRequest,
and MediaStreamTrackSourcesRequest provide a facility to the embedder of
allowing 'ExtraData' to be associated and attached to object instances.

The embedder does not make use of this functionality for these mediastream objects,
so retire the unused ExtraData support. This simplifies the implementation of these
exported objects, in particular as regards to when they must be finalized as Blink
objects.

R=
BUG=

Review URL: https://codereview.chromium.org/1233793002

git-svn-id: svn://svn.chromium.org/blink/trunk@198741 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: tidy HeapTest.VectorDestructors
R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1227413003

git-svn-id: svn://svn.chromium.org/blink/trunk@198738 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Fix build following r198658.
Reintroduce the use of ASSERT_UNUSED() in
CharacterIterator{Algorithm}:range() that r198658 dropped. It is needed.

TBR=oilpan-reviews,yosin@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1227413004

git-svn-id: svn://svn.chromium.org/blink/trunk@198737 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198661.
TBR=oilpan-reviews
BUG=457850
NOTRY=true

Review URL: https://codereview.chromium.org/1228363004

git-svn-id: svn://svn.chromium.org/blink/trunk@198736 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Update histograms.xml
Used tools/metrics/histograms/update_use_counter_feature_enum.py

R=asvitkine@chromium.org

Review URL: https://codereview.chromium.org/1233493006

Cr-Commit-Position: refs/heads/master@{#338291}
philipj
Remove the (already disabled) OverflowChangedEvent runtime flag
The functionality was disabled for M43:
https://codereview.chromium.org/959643002

M43 reached the stable channel for Windows, Mac and Linux on May 19
and for Android on May 27, and there have been no issues reported.

BUG=460822

Review URL: https://codereview.chromium.org/1230013003

git-svn-id: svn://svn.chromium.org/blink/trunk@198689 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Prevent overflowing content from affecting multicol layout.
Don't let visual overflow (caused by outlines, text-shadow, text overflowing
its line box, and other things) affect layout. Note that this CL does exchange
one problem for another, but it should be better to have stable and predictable
(and correct) layout, than hacking line positions and column heights to make
the overflow fit in the same column as the line box.

This fixes a problem with links in multicol lists on wikipedia jumping back and
forth between columns.

What we're really lacking (after this CL, more than ever) is to be able to
paint column overflow correctly in the block direction. Fixing that would be
the right thing to do long-term, but it's going to require substantial amounts
of work (and probably a great deal of multicol awareness in the painting and
hit-testing code).

Removed the fast/multicol/split-in-top-margin.html test, since the behavior it
tested is what we remove in this CL.

calculateMinimumPageHeight() could be simplified because of this change,
including removal of (now) redundant parameters.

BUG=439820
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1224973002

git-svn-id: svn://svn.chromium.org/blink/trunk@198683 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync core/timing/ interfaces with their specs, or lack thereof
The only changes to the generated code are ordering and the added use
counters.

[Measure] does not mean that we should try to remove it, in cases where
usage is high we can use that data to ask for spec changes.

BUG=460722

Review URL: https://codereview.chromium.org/1219673003

git-svn-id: svn://svn.chromium.org/blink/trunk@198682 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tmoniuszko
Add missing base/memory/scoped_ptr.h include to base/prefs/writeable_pref_store.h
BUG=

Review URL: https://codereview.chromium.org/1227323002

Cr-Commit-Position: refs/heads/master@{#338281}
philipj
Add counters for add/removeEventListener() called with one argument
This was attempted previously but only worked for no arguments:
https://codereview.chromium.org/815503002
https://codereview.chromium.org/928103002

The enum values are added in their original positions in UseCounter.h,
as they were always unreachable and thus not polluted by anything else.

The reason was that there is no generated impl-> call with one
argument, as EventListener has special handling in the bindings
generator such that it's effectively treated as having a default null
argument.

Give all the arguments default values in the IDL so that there is only
one impl-> call in the generated code, with the prologue and epilogue
immediately before and after it. This makes it more clear that the
prologue will always be called, and makes this purely a bindings bug.

The removed FIXMEs in EventTarget.cpp were wrong, it should be
possible to pass null for the listener argument and per spec that
should do nothing.

Rather than extending support for [Conditional] here, remove it for
[Custom=CallEpilogue] as it's actually never used there, nor tested.

BUG=353484

Review URL: https://codereview.chromium.org/1233483002

git-svn-id: svn://svn.chromium.org/blink/trunk@198681 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Fold CSSParser::colorFromRGBColorString into only user
Said method is very special flower, used by the SMIL animation code to
put color values into SVGColorProperty.
Since it's essentially a one-off (and supporting a deprecated class part
of a deprecated whole) fold it into it's only user and rid the CSSParser
of this burden, ehm, flower.

Review URL: https://codereview.chromium.org/1224223003

git-svn-id: svn://svn.chromium.org/blink/trunk@198672 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Add a use counter for HTMLFrameElement.getSVGDocument()
Review URL: https://codereview.chromium.org/1219463004

git-svn-id: svn://svn.chromium.org/blink/trunk@198616 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Update inclusion of GraphicsContextStateSaver.h
Not needed in a bunch of places due to other refactoring work.
Pushed down from PaintInfo.h into a number of places.

Opportunity targets were fired upon.

With this it's only being included in core/paint/ and platform/.

BUG=424655

Review URL: https://codereview.chromium.org/1230643006

git-svn-id: svn://svn.chromium.org/blink/trunk@198615 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop GraphicsContext::AccessMode
Unused. Missed when dropping layerBitmap(AccessMode ...) in
https://codereview.chromium.org/182183004

BUG=424655

Review URL: https://codereview.chromium.org/1229693007

git-svn-id: svn://svn.chromium.org/blink/trunk@198610 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Measure usage of Document.createTouch()
This is for the same reason as the init*Event() methods, to know if
making all the arguments non-optional is likely safe or not:
https://codereview.chromium.org/1215893006

Also remove the webkit prefixes on the arguments, as the corresponding
attribute are now unprefixed on the Touch interface.

BUG=460722
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1227833002

git-svn-id: svn://svn.chromium.org/blink/trunk@198595 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ckulakowski
Added missing include in media_capture_devices_dispatcher.cc
Introduced by https://codereview.chromium.org/1095393004. Profile is still used in this file and missing include causes compilation error in our product.

Review URL: https://codereview.chromium.org/1221283005

Cr-Commit-Position: refs/heads/master@{#337992}
mstensho
Remove unnecessary LayoutUnit -> float -> LayoutUnit conversions.
R=szager@chromium.org

Review URL: https://codereview.chromium.org/1228633002

git-svn-id: svn://svn.chromium.org/blink/trunk@198573 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
LayoutFlowThread parameter to adjustLinePositionForPagination() is now unused.
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1215343004

git-svn-id: svn://svn.chromium.org/blink/trunk@198535 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Performance tests for lots of lines of text inside multicol.
One test with column balancing and one without.

R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1227003002

git-svn-id: svn://svn.chromium.org/blink/trunk@198497 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ohrn
Add -bootclasspath argument to javac.
This silences the warning "bootstrap class path not set in conjunction
with -source 1.7" when building with OpenJDK 1.8.

The multiple_proguards test was removed as javac will now catch the use
of host packages that do not exist on Android.

BUG=

Review URL: https://codereview.chromium.org/1213433007

Cr-Commit-Position: refs/heads/master@{#337805}
the_jk
Make it possible to change libc++ library files used for android
Useful for specifying specific or modified libc++ library files instead of
always using the one in android_ndk_root.

Review URL: https://codereview.chromium.org/1215713006

Cr-Commit-Position: refs/heads/master@{#337797}
sigbjorn
Don't autofill credit cards on non-secure pages
Instead of checking for scheme only when suggesting credit card autofills,
ensure that the page is secure.

Also add missing tests for storing credit cards (even when submitted on
http).

Review URL: https://codereview.chromium.org/1136473006

Cr-Commit-Position: refs/heads/master@{#337796}
philipj
Sync the Presentation API interfaces with the spec again
Speedily fixed in https://github.com/w3c/presentation-api/pull/144

The [SameObject] attribute does not change the generated code.

BUG=460722
R=mfoltz@chromium.org

Review URL: https://codereview.chromium.org/1226633007

git-svn-id: svn://svn.chromium.org/blink/trunk@198426 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Behave more normally for content taller than the fragmentainer it's in.
Refusing to break just because content happens to be taller than the multicol
container is just weird, and it's getting in the way for fixing bug 439820.

If we had behaved the same way for line layout, we'd refuse to wrap to the next
line if we encountered a word that was wider than the container (in addition to
being too wide at the current inline position on the line). If the text to lay
out is "abc def ghijklmnopqr stu" and the container has room for 10 characters,
we'd lay out like this:

+----------+
|abc def ghijklmnopqr
|stu       |
+----------+

instead of this (the correct way):

+----------+
|abc def   |
|ghijklmnopqr
|stu       |
+----------+

The usefulness of the hasUniformPageLogicalHeight thing vanished into thin air
in the process (calling pageLogicalHeightForOffset() isn't that expesive).
Having one bit in LayoutFlowThread specifying if column heights are uniform was
just bogus anyway, since column sets are typically separated by column
spanners, and if the heights of the set preceding and following a spanner
differ, why should adjustLinePositionForPagination() care? This was a relic
from the CSS regions days, thought to also be useful for multicol. But it
isn't.

R=dsinclair@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1221803003

git-svn-id: svn://svn.chromium.org/blink/trunk@198415 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync the Presentation API interfaces with the spec
https://w3c.github.io/presentation-api/

Spec issues found in the process:
https://github.com/w3c/presentation-api/issues/137
https://github.com/w3c/presentation-api/issues/138
https://github.com/w3c/presentation-api/issues/139
https://github.com/w3c/presentation-api/issues/140
https://github.com/w3c/presentation-api/issues/141

BUG=460722

Review URL: https://codereview.chromium.org/1209423005

git-svn-id: svn://svn.chromium.org/blink/trunk@198408 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Fix the indentation of MouseEvent.pageX/Y
BUG=503274
NOTRY=true

Review URL: https://codereview.chromium.org/1214723004

git-svn-id: svn://svn.chromium.org/blink/trunk@198398 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync the EventSource interface with the spec
This change is not observable, obviously.

BUG=460722

Review URL: https://codereview.chromium.org/1215463008

git-svn-id: svn://svn.chromium.org/blink/trunk@198373 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync the ImageBitmapFactories interface with the spec
There are no changes to the generated code.

BUG=460722

Review URL: https://codereview.chromium.org/1225843002

git-svn-id: svn://svn.chromium.org/blink/trunk@198372 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Annotate the CloseEvent interfaces with spec link
WebSocket already has a spec link. The idea is that each IDL file has
one spec link, which should make it easier to write a tool to compare
our IDL to the spec's IDL.

BUG=460722
NOTRY=true

Review URL: https://codereview.chromium.org/1220363003

git-svn-id: svn://svn.chromium.org/blink/trunk@198369 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Add UseCounters for init*Event methods that aren't already measured
These methods systematically have "[Default=Undefined] optional"
arguments where the spec (if any) has non-optional arguments. Usage of
most of these is likely low, so just measure them all to see where the
change can be made without further investigation.

Also change a few argument names that were not per their specs.

BUG=460722

Review URL: https://codereview.chromium.org/1215893006

git-svn-id: svn://svn.chromium.org/blink/trunk@198345 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Add stub for assigning media session to media elements
Introduces a partial IDL interface for HTMLMediaElement containing an
optional media session attribute implemented as a supplement to media
elements.

BUG=497735

Review URL: https://codereview.chromium.org/1217743003

git-svn-id: svn://svn.chromium.org/blink/trunk@198272 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Define default but still private MediaSession constructor
BUG=497735

Review URL: https://codereview.chromium.org/1221953003

git-svn-id: svn://svn.chromium.org/blink/trunk@198271 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Disentangle filter content recording state from FilterData
In circumstances where an image is being painted, and said image is part
of the source graphics for a filter - and the image is animated and
needs to catch up - the FilterData for the filter can be destroyed while
the source graphic is being recorded.
While arguably this shouldn't happen at all, make sure that at least the
GC we're currently painting on isn't destroyed by moving it to a
separate structure housed by SVGPaintContext.

BUG=505444

Review URL: https://codereview.chromium.org/1220053003

git-svn-id: svn://svn.chromium.org/blink/trunk@198266 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Allow 'currentcolor' for -webkit-tap-highlight-color in non-quirks mode
Seems like a fairly artificial limit (== oversight) since it will be
resolved during style resolution already (for the quirks mode case).

This moves this property one step closer to being just a "plain" <color>.

BUG=505410

Review URL: https://codereview.chromium.org/1221093003

git-svn-id: svn://svn.chromium.org/blink/trunk@198265 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Cleanups to viewport-handling and image invalidation in LayoutSVGImage
Split updateImageViewport into its two (now independent except for the
bbox, so ordering matters still) parts, naming them updateBoundingBox
and updateImageContainerSize.
Stop updating the bbox in imageChanged since updateImageContainerSize
will update the container size of the referenced image regardless.
Also drop the (explicit) SVGResource::removeClientFromCache call from
imageChanged, because markForLayoutAndParentResourceInvalidation is
called just after it, and will do what's required already.

BUG=505444

Review URL: https://codereview.chromium.org/1219493005

git-svn-id: svn://svn.chromium.org/blink/trunk@198241 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Simplify paint rect calculations in LayoutReplaced::shouldPaint
Compute a paint rectangle based on visualOverflowRect() once, and then
reuse that where needed to avoid calling said method 4 times.

BUG=506432

Review URL: https://codereview.chromium.org/1212213004

git-svn-id: svn://svn.chromium.org/blink/trunk@198240 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Copy line dashes when copying/assigning CanvasRenderingContext2DState
BUG=505912

Review URL: https://codereview.chromium.org/1224443003

git-svn-id: svn://svn.chromium.org/blink/trunk@198227 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Semi-evil multicol performance test.
It contains some deeply nested tables, and currently it also triggers 3 layout
passes, while 2 should in theory be enough. For each layout pass we currently
also do a deep layout (thanks to markForPaginationRelayoutIfNeeded() pretty
much always marking everything for layout). That should be improved as part of
fixing bug 487026.

R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1216053009

git-svn-id: svn://svn.chromium.org/blink/trunk@198221 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Always enable Oilpan for EventSource.
This puts EventSource objects on the Oilpan heap by default.

Doing so necessitated the removal of WTF_MAKE_FAST_ALLOCATED() for
ThreadableLoaderClient; done here, along with moving that annotation to
its derived classes where possible.

R=haraken
BUG=497595

Review URL: https://codereview.chromium.org/1179733009

git-svn-id: svn://svn.chromium.org/blink/trunk@198217 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Avoid using floating point when not needed.
Caused inaccuracies which made us think that we had one column more than we
actually had, which in turn triggered an assertion failure.

BUG=504158
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1216223004

git-svn-id: svn://svn.chromium.org/blink/trunk@198213 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Update LayoutObject::name() documentation
Now that crbug.com/463967 is done, LayoutObject::name() no longer
returns the decorated name. Update the documentation to match.

BUG=463967

Review URL: https://codereview.chromium.org/1219723008

git-svn-id: svn://svn.chromium.org/blink/trunk@198212 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198203.
TBR=oilpan-reviews
BUG=427652
NOTRY=true

Review URL: https://codereview.chromium.org/1226463005

git-svn-id: svn://svn.chromium.org/blink/trunk@198206 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync XML-related interfaces with their specs, or lack thereof
The inResult arguments in XPathEvaluator and XPathExpression are called
just result in the spec, but that conflicts with other variables in the
generated code, so leave that as it is.

BUG=460722

Review URL: https://codereview.chromium.org/1222503003

git-svn-id: svn://svn.chromium.org/blink/trunk@198201 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Unify handling of <color> for SVG/non-SVG properties
Stop resolving system colors and "basic" named colors at parse time, and
instead resolve them when resolving style.
Implementation-wise this means getting rid of
CSSPropertyParser::parseSVGColor in favor of parseColor, and similarly
get rid of convertSVGColor in favor of convertColor on the style
resolver side.

Changes behavior for "basic" color names and system colors (as well as
some proprietary/internal keywords). New behavior matches Gecko.

BUG=370830,505410

Review URL: https://codereview.chromium.org/1219153003

git-svn-id: svn://svn.chromium.org/blink/trunk@198199 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync part of the MouseEvent interface with CSSOM View
http://dev.w3.org/csswg/cssom-view/#extensions-to-the-mouseevent-interface

BUG=460722

Review URL: https://codereview.chromium.org/1214923005

git-svn-id: svn://svn.chromium.org/blink/trunk@198147 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: disconnected scrollbars must be externally observable as such.
Followup the Scrollbar and ScrollableArea Oilpan changes in r198064, and
have explicit disconnects of Scrollbars from their ScrollableAreas be
observable via the Scrollbar afterwards.

The assumption made in r198064 that no one wanted to observe Scrollbars
in that detached/disconnected state, doesn't hold. SelectorChecker and
AXScrollbar are two examples.

R=haraken
BUG=504655

Review URL: https://codereview.chromium.org/1215063006

git-svn-id: svn://svn.chromium.org/blink/trunk@198144 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Drop pattern-related state from GraphicsContext(State)
One trivial use of setFillPattern() in GeneratedImage converted to use
an SkPaint directly. As a bonus, this conversion also allows dropping a
state-saver.

BUG=424655

Review URL: https://codereview.chromium.org/1213723006

git-svn-id: svn://svn.chromium.org/blink/trunk@198142 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198129.
TBR=oilpan-reviews
BUG=505861
NOTRY=true

Review URL: https://codereview.chromium.org/1214553003

git-svn-id: svn://svn.chromium.org/blink/trunk@198133 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Add missing initialization of RawPtr<> local var in r197835.
Only insertCSSOMRuleInMediaRule()'s missing initialization is problematic.
Initialize the other occurrences here for consistency, aligning with
the convention we try to adhere to (but do not have tool support for
catching the failure to do so..)

R=pfeldman
BUG=178410

Review URL: https://codereview.chromium.org/1213233016

git-svn-id: svn://svn.chromium.org/blink/trunk@198128 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Cannot rely on auto-positioned absolutely positioned descendants being marked for layout.
Instead, figure out if such descendants need layout as part of
layoutPositionedObjects().

One test is for the actual facebook regression; the others demonstrate that we
have now fixed older regressions, or even things that have never worked.

BUG=505386
R=leviw@chromium.org,rhogan@gmail.com

Review URL: https://codereview.chromium.org/1217833007

git-svn-id: svn://svn.chromium.org/blink/trunk@198101 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Always enable lazy sweeping.
This turns on lazy sweeping for enable_oilpan=0.

Lazy/incremental sweeping reduces GC pause times by having the
garbage collector perform its marking and processing of live
objects together with a minimal amount of sweeping of finalizable
objects before returning. The remaining heap regions to be swept
up and finalized are then handled incrementally as part of
heap allocation requests. Amortizing that sweeping cost rather
than taking a longer GC "stop the world" pause in one go.

Lazy sweeping is enabled with Oilpan always on (enable_oilpan=1);
this extends it to also be for the Oilpan GCs that run on trunk
(where enable_oilpan=0).

R=haraken
BUG=480837

Review URL: https://codereview.chromium.org/1219613002

git-svn-id: svn://svn.chromium.org/blink/trunk@198095 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Add ASan lazy sweep annotations to allow Persistent<> creation.
Destructors are allowed to allocate, including the creation of
Persistent<>s and linking them into the root set.

That might end up touching other objects that are in the process of
being swept and are poisoned. Benign, add annotations.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1215153002

git-svn-id: svn://svn.chromium.org/blink/trunk@198081 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: implement StyleRuleList without an extra wrapper.
Wrapping up a possibly-shared heap object behind a wrapper doesn't make
sense with Oilpan, so do not provide it.

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/992903002

git-svn-id: svn://svn.chromium.org/blink/trunk@198068 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: improve ScrollableArea handling.
Have all ScrollableArea objects reside on the Oilpan heap,
making ScrollableArea be a GC mixin.

Without it, some ScrollableAreas (FrameView) were on the heap
whereas others (*Viewport) weren't, making for unpredictable
and incorrect finalization as the lifetimes were skewed.

Additionally, simplify Scrollbar's unregistration with its
ScrollableArea (and its ScrollAnimator). The Oilpan-specific
RefPtr<ScrollAnimator> that Scrollbar kept, no longer served
a purpose, hence removed. As a result, ScrollAnimator can again
be fully owned by ScrollableAreas & no longer be RefCounted<>.

R=haraken
BUG=504655

Review URL: https://codereview.chromium.org/1215973002

git-svn-id: svn://svn.chromium.org/blink/trunk@198064 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Dissect and clean up instances of color parsing in CSSPropertyParser
This moves all instances of color parsing (mostly <color> parsing
even) into their separate methods. The new methods (except parseSVGColor)
are formulated using parseColor(). parseColor() itself is combined with
the "most common" color parsing case by folding the keyword case into it.
The new methods are structured as first checking for keywords that they
handle differently from the generic <color> case.
The <quirky-color> determination is moved into a function of its own.
The parsing of <color> for shadow is cleaned up.

Behavioral changes:
 * Accept '-internal-*' in all cases (for UA-sheets).
 * Keep 'grey' as a keyword in all cases.
 * Accept '-webkit-focus-ring-color' in quirks mode and UA-sheets in all
   cases.
 * Keep keywords for fallback colors to 'fill' and 'stroke.

The intention of the change is to make the differences visible, and try
to eliminate the remaining differences in follow-up CLs.

BUG=505410

Review URL: https://codereview.chromium.org/1219463003

git-svn-id: svn://svn.chromium.org/blink/trunk@198062 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r198049.
Move the script-exposed MediaSession to the heap.

TBR=oilpan-reviews
BUG=497735
NOTRY=true

Review URL: https://codereview.chromium.org/1211973007

git-svn-id: svn://svn.chromium.org/blink/trunk@198054 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Only check for on-heap Member<T>s iff T is in scope.
As Member<T>::checkPointer() uses IsGarbageCollectedMixin<T>,
T's definition must be in scope for it to be precise.

Adjust condition accordingly.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1217083002

git-svn-id: svn://svn.chromium.org/blink/trunk@198050 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Add MediaSession runtime flag along with stub MediaSession object
Implementation of the MediaSession specification will happen behind
the runtime flag 'MediaSession'.

Add a virtual testsuite for running tests with MediaSession flag. This
way we don't have to have the flag enabled when running LayoutTests in
general, only when running MediaSession tests.

Intent to implement:

https://groups.google.com/a/chromium.org/d/msg/blink-dev/dLWDxYgxzQ8/vXt0ntWFNBwJ

BUG=497735

Review URL: https://codereview.chromium.org/1206283002

git-svn-id: svn://svn.chromium.org/blink/trunk@198049 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Need to update first-line when font finish loading.
Another regression from baseLayoutStyle implementation where operator==
is not affected by the loading/loaded state of web fonts. To get a re-
layout and re-rendering when a web font loading state changes, we need to
check for the loading state. In this case, there was a missing check for
::first-line pseudo style.

Also, moved the code which marks for re-layout with accompanying FIXME
into LayoutObject.

BUG=501564,504864
TEST=fast/text/ellipsis-platform-font-change.html

Review URL: https://codereview.chromium.org/1209253006

git-svn-id: svn://svn.chromium.org/blink/trunk@198048 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Don't change the height of a layout object while not laying it out.
The old flexbox implementation did that. This still used to work halfheartedly
by accident until the fix for bug 498770, though, because we used to mark
out-of-flow positioned children in updateBlockChildDirtyBitsBeforeLayout(). But
it never worked for anything other than direct children. Added one test for the
recent regression (out-of-flow child) and one test that has probably never
passed, until now (out-of-flow grandchild).

We need to be inside layout() when setting the height of an object, or we won't
be able to detect any changes and thus fail to relayout positioned descendants
that may be affected.

BUG=504239
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1213843002

git-svn-id: svn://svn.chromium.org/blink/trunk@198017 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have FrameFetchContext keep a DocumentLoader member.
With DocumentLoader now being on the heap, keep a strong
back reference to the loader.

R=haraken
BUG=393516

Review URL: https://codereview.chromium.org/1220713004

git-svn-id: svn://svn.chromium.org/blink/trunk@198015 bbb929c8-8fbe-4397-9dbb-9b2b20218538
bratell
Fix typo in big object fix for Windows.
There is no such thing as VCCompilerTool so gyp did nothing but warn
a thousand times. VCCLCompilerTool on the other hand will actually
do something.

BUG=500674
R=scottmg@chromium.org

Review URL: https://codereview.chromium.org/1218803002

Cr-Commit-Position: refs/heads/master@{#336579}
philipj
Run flaky TextTrackList tests for tracking purposes
BUG=503852
R=wangxianzhu

Review URL: https://codereview.chromium.org/1217753002

git-svn-id: svn://svn.chromium.org/blink/trunk@197998 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: support observer retirement during lifetime notifications.
While transitioning Blink to Oilpan, there will be LifecycleNotifier<>s
not on the Oilpan heap, but with some of their LifecycleObserver<>s being
on the heap.

Should a GC strike while such a notifier iterates over its observer set,
dead observers may remove themselves (eagerly) while being finalized
during that GC. This will mutate the notifier set, which isn't currently
assumed nor supported.

There's no need to support this when fully transitioned, Oilpan will
handle GCs across such iterations gracefully, but in the meantime we will
have to support this by snapshot'ing the observer set and explicitly
checking for liveness. Like already done over ContextLifecycleNotifier,
where such dynamic unregistrations are supported.

Notice that this issue isn't tied to lazy sweeping; indeed, lazy sweeping
without eager finalization of lifecycle observers will potentially make this
bug rarer.

R=haraken
BUG=480837

Review URL: https://codereview.chromium.org/1214963002

git-svn-id: svn://svn.chromium.org/blink/trunk@197990 bbb929c8-8fbe-4397-9dbb-9b2b20218538
haavardm
Ignore certificate transparency by default.
Current behavior is to remove the EV flag if the ct enforcer is not
set by the embedder. This somewhat unexpectedly removes EV for all
servers, if the embedder has not taken explicit actions to turn
on CT.

CT should either be ignored when policy enforcer is not present,
or there should be asserts warning about the missing EV-white
list. This patch chooses the first option as CT is not yet a
security requirement, and I don't think it's correct to demand
CT support quite yet.

Note that this change has no effect on Chrome's default behavior.

BUG=NONE

Review URL: https://codereview.chromium.org/1211423002

Cr-Commit-Position: refs/heads/master@{#336539}
sigbjornf
Oilpan: fix build after r197963.
TBR=oilpan-reviews
BUG=437696
NOTRY=true

Review URL: https://codereview.chromium.org/1217683004

git-svn-id: svn://svn.chromium.org/blink/trunk@197965 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197958.
TBR=oilpan-reviews
BUG=427652
NOTRY=true

Review URL: https://codereview.chromium.org/1214103002

git-svn-id: svn://svn.chromium.org/blink/trunk@197962 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197938.
TBR=oilpan-reviews
BUG=501642
NOTRY=true

Review URL: https://codereview.chromium.org/1215843002

git-svn-id: svn://svn.chromium.org/blink/trunk@197939 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197920
TBR=oilpan-reviews
BUG=503227
NOTRY=true

Review URL: https://codereview.chromium.org/1217463003

git-svn-id: svn://svn.chromium.org/blink/trunk@197925 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Work around flaky TextTrackList tests that will be stable with Oilpan
This test calls document.createElement('video').textTracks and has no
reference to the video element. The TextTrackList doesn't keep its
owner HTMLMediaElement alive, so if the owner is garbage collected,
TextTrackList::executionContext() returns null. That in turn makes
EventTarget::dispatchEvent() do nothing, and thus the assert_true(ran)
fails because the event handler was in fact never run.

The owner is a RawPtrWillBeMember<HTMLMediaElement>, so this problem
will not occur with Oilpan, and does not seem worth addressing
pre-Oilpan unless there's evidence of this happening in the wild.

BUG=503852

Review URL: https://codereview.chromium.org/1213813002

git-svn-id: svn://svn.chromium.org/blink/trunk@197907 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: make XHR progress event throttling finalization safe.
Move the XHR event throttling object to the heap. It is a timer object,
hence it must be eagerly finalized so as to prevent unsafe accesses
should it instead be lazy sweepable.

Part objects cannot be eagerly finalized on their own, hence this is
accomplished by moving the object to the heap. For simplicity, we keep
it as a separate heap object non-Oilpan also.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1200413004

git-svn-id: svn://svn.chromium.org/blink/trunk@197904 bbb929c8-8fbe-4397-9dbb-9b2b20218538
landell
Make sure dispatchFailLoad is triggered by stopLoading
Calling ResourceFetcher::stopFetching before
DocumentLoader::cancelMainResourceLoad may trigger a
dispatchDidFinishLoad instead of the expected dispatchFailLoad. This
patch reverts to the former ordering of the calls, which solves the
problem.

BUG=501248

Review URL: https://codereview.chromium.org/1205703006

git-svn-id: svn://svn.chromium.org/blink/trunk@197901 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Fix string representation of TestInput
Review URL: https://codereview.chromium.org/1210743004

git-svn-id: svn://svn.chromium.org/blink/trunk@197898 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Have enclosingPositionedAncestor() detect whether it walked past a certain ancestor.
This is similar to what LayoutObject::container() does.

This simplifies the code in accumulateOffsetTowardsAncestor(), which previously
had to duplicate what enclosingPositionedAncestor() did.

Also cleaned up the other call site of enclosingPositionedAncestor(). No need
to call the method twice there.

No behavioral changes intended; this is just clean-up.

R=chrishtr@chromium.org

Review URL: https://codereview.chromium.org/1199673003

git-svn-id: svn://svn.chromium.org/blink/trunk@197846 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197830.
TBR=oilpan-reviews
BUG=501896
NOTRY=true

Review URL: https://codereview.chromium.org/1207333002

git-svn-id: svn://svn.chromium.org/blink/trunk@197844 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Add isMultiColumnContainer() for convenience and readability.
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1210803002

git-svn-id: svn://svn.chromium.org/blink/trunk@197828 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: add missing ASan no-sanitize declaration following r197814.
TBR=oilpan-reviews
BUG=498229
NOTRY=true

Review URL: https://codereview.chromium.org/1211883002

git-svn-id: svn://svn.chromium.org/blink/trunk@197826 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ingemara
Retrieve resources from media and supports query rules while serializing
Traverse rules behind media and supports queries while serializing (and gathering resources
referenced from) stylesheets. Resources from non-matching queries will be
skipped as they haven't been fetched.

BUG=503919

Review URL: https://codereview.chromium.org/1203873004

git-svn-id: svn://svn.chromium.org/blink/trunk@197813 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197804.
TBR=oilpan-reviews
BUG=504035
NOTRY=true

Review URL: https://codereview.chromium.org/1204233003

git-svn-id: svn://svn.chromium.org/blink/trunk@197810 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197805.
TBR=oilpan-reviews
BUG=496033
NOTRY=true

Review URL: https://codereview.chromium.org/1205343002

git-svn-id: svn://svn.chromium.org/blink/trunk@197809 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197794.
TBR=oilpan-reviews
BUG=426458
NOTRY=true

Review URL: https://codereview.chromium.org/1209873002

git-svn-id: svn://svn.chromium.org/blink/trunk@197806 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Rewrite nine piece image painting code
Introduce a NinePieceImageGrid class responsible for computing the
nine piece image drawing information. The NinePieceImageGrid is
oblivious to painting details and only operates on the border image
properties (through NinePieceImage), image size and border image area.

Functionally, it shouldn't introduce any significant changes and
nothing web exposed should change at all.

Since computing drawing information is now self-contained, supply unit
tests for verifying it does the correct thing in the common and not so
common cases.

BUG=496033

Review URL: https://codereview.chromium.org/1180053009

git-svn-id: svn://svn.chromium.org/blink/trunk@197805 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Retire http/tests/xmlhttprequest/event-listener-gc.html test expectation.
TBR=hayato
BUG=503842
NOTRY=true

Review URL: https://codereview.chromium.org/1205293002

git-svn-id: svn://svn.chromium.org/blink/trunk@197803 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Remove LayoutFlowThread::maxLogicalHeight().
Use LayoutUnit::max() like everyone else, to avoid errors when approaching
"infinity". We fooled ourselves into thinking that we had two pages (because
column height was clamped to LayoutUnit::max()/2, while the block height was
clamped to LayoutUnit::max()), when we really only had one.

We use saturated arithmetic in LayoutUnit & co anyway, so there's no reason to
be afraid of integer overflow.

BUG=502407
R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1209693002

git-svn-id: svn://svn.chromium.org/blink/trunk@197771 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Table cells, rows, sections or column (groups) don't support margins.
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1211523002

git-svn-id: svn://svn.chromium.org/blink/trunk@197770 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Revert of Oilpan: promptly finalize XMLHttpRequestProgressEventThrottle. (patchset #1 id:1 of https://codereview.chromium.org/1205843003/)
Reason for revert:
This is not well-formed as-is; XMLHttpRequestProgressEventThrottle is a part object & cannot be eagerly finalized on its own.

Original issue's description:
> Oilpan: promptly finalize XMLHttpRequestProgressEventThrottle.
> 
> This timer object needs to promptly stop, otherwise we run the risk
> of timers firing while the object is in non-valid state waiting to be
> finalized by an ongoing lazy sweep.
> 
> R=haraken
> BUG=491488
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197736

TBR=oilpan-reviews@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=491488

Review URL: https://codereview.chromium.org/1211593002

git-svn-id: svn://svn.chromium.org/blink/trunk@197749 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: promptly finalize XMLHttpRequestProgressEventThrottle.
This timer object needs to promptly stop, otherwise we run the risk
of timers firing while the object is in non-valid state waiting to be
finalized by an ongoing lazy sweep.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1205843003

git-svn-id: svn://svn.chromium.org/blink/trunk@197736 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Keep effectiveZoom finite
Through repeated application, it's quite possible to get the effective
zoom to overflow, resulting in Infinity in ComputedStyle.
This is a very uncommon case in reality (outside fuzzers), but make
sure to clamp the effective zoom value to a finite range to avoid the
simplest cases of Infinity havoc-wrecking.

BUG=490757,502997

Review URL: https://codereview.chromium.org/1193203003

git-svn-id: svn://svn.chromium.org/blink/trunk@197734 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197716.
TBR=oilpan-reviews
BUG=501896
NOTRY=true

Review URL: https://codereview.chromium.org/1206803002

git-svn-id: svn://svn.chromium.org/blink/trunk@197729 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197705, pt 2.
Missing tracing caught by the awesome clang GC plugin.

R=haraken
BUG=450238
NOTRY=true

Review URL: https://codereview.chromium.org/1206723004

git-svn-id: svn://svn.chromium.org/blink/trunk@197725 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Unflake http/tests/xmlhttprequest/event-listener-gc.html
Using a zero-timeout and timer task to set up the test condition is not
as precise as we would like. Rephrase to use an immediate message
dispatch instead.

R=
BUG=503842

Review URL: https://codereview.chromium.org/1201393003

git-svn-id: svn://svn.chromium.org/blink/trunk@197724 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197705.
TBR=oilpan-reviews
BUG=450238
NOTRY=true

Review URL: https://codereview.chromium.org/1207673002

git-svn-id: svn://svn.chromium.org/blink/trunk@197720 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ingemara
Move LayoutTest Linux distribution detection to PlatformInfo
Also introduce a custom Apache configuration for Arch Linux, which differs
slightly from the Debian configuration.

BUG=502972

Review URL: https://codereview.chromium.org/1201873002

git-svn-id: svn://svn.chromium.org/blink/trunk@197714 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Prevent scientific notation in LayoutUnit gdb prettyprinter.
Prevent this by increasing precision on the %g format specifier. Now we can see
full values like 33554431.984375px, instead of having them crippled like
3.35544e+07px.

R=cbiesinger@chromium.org,dpranke@chromium.org

Review URL: https://codereview.chromium.org/1202773002

git-svn-id: svn://svn.chromium.org/blink/trunk@197682 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: enable appcache + move DocumentLoader to the heap.
DocumentLoader belongs on the heap. References to it
are kept by an object that is on the heap (FrameLoader),
and DocumentLoader itself has heap references.

Along with moving DocumentLoader, have the two appcache
objects (ApplicationCache and ApplicationCacheHost) be
under Oilpan's control always.

R=haraken
BUG=340522,497595

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197576

Review URL: https://codereview.chromium.org/1194003004

git-svn-id: svn://svn.chromium.org/blink/trunk@197664 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: promptly finalize remaining SuspendableTimers.
DOMWindowEventQueue and PostMessageTimer also need to promptly
stop their timer upon being deemed garbage.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1205573002

git-svn-id: svn://svn.chromium.org/blink/trunk@197659 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Deflake fast/html/imports/import-expando-gc.html
If a minor GC fails to identify the wrapper for the import document as
reachable, it'll be collected. Make sure that this will not happen by way
of a 'global' root.

R=haraken
BUG=503583
NOTRY=true

Review URL: https://codereview.chromium.org/1200643004

git-svn-id: svn://svn.chromium.org/blink/trunk@197655 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: make custom element microtask dispatching lazy sweep savvy.
When microtask tasks are dispatched, the objects they work over might
be in the process of finalizing. Check before initiating the dispatch.

R=haraken
BUG=502855

Review URL: https://codereview.chromium.org/1206503003

git-svn-id: svn://svn.chromium.org/blink/trunk@197646 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: make SuspendableScriptExecutor safe.
This ActiveDOMObject was missing two pieces:

 - remove itself as an Observer upon completion.
 - promptly stop itself as a timer upon finalization.

R=haraken
BUG=502858

Review URL: https://codereview.chromium.org/1197163003

git-svn-id: svn://svn.chromium.org/blink/trunk@197644 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Get rid of old flow thread comments and asserts in accumulateOffsetTowardsAncestor().
R=chrishtr@chromium.org

Review URL: https://codereview.chromium.org/1198273003.

git-svn-id: svn://svn.chromium.org/blink/trunk@197641 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: eagerly finalize SVGFEImageElement as an ImageResourceClient.
R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1197283006

git-svn-id: svn://svn.chromium.org/blink/trunk@197638 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: eagerly finalize CSSCrossfadeValue.
R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1201983003

git-svn-id: svn://svn.chromium.org/blink/trunk@197633 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: have media element prefinalizer handle all finalization.
It is unsafe to access a to-be-finalized object, which is a
possibility for media elements with lazy sweeping enabled.
The access in that case being made by the embedder media
player updating and notifying the media element.

Prevent that from happening by promptly/eagerly releasing
the player object.

With prefinalizers now being able to allocate, extend r197339 and
finalize the media player and perform the other Oilpan finalization
steps during media element prefinalization.

R=haraken
BUG=502863

Review URL: https://codereview.chromium.org/1193383002

git-svn-id: svn://svn.chromium.org/blink/trunk@197628 bbb929c8-8fbe-4397-9dbb-9b2b20218538
fs
Apply outline-offset on all edges (not just top/left)
In InlinePainter::paintOutlineForLine, the "outline rectangles" are
formed by expanding and shifting by outline-offset. This however only
result in an offset of the outline on the top and left sides.
Rewrite the code to use an inflate() operation instead, so that all
four edges are affected by the offset.
The spec describes the effect of the 'outline-offset' property as:

  "If the computed value of outline-offset is anything other than 0,
   then the outline is outset from the border edge by that amount."
  "Negative values must cause the outline to shrink into the border
   box."

(http://dev.w3.org/csswg/css-ui-3/#outline-offset)

This is also what ObjectPainter::paintOutline does.

This makes us match Gecko more closely rendering-wise.

TEST=fast/inline/outline-offset.html (S.P. strict cull rect)
BUG=495368

Review URL: https://codereview.chromium.org/1201753003

git-svn-id: svn://svn.chromium.org/blink/trunk@197589 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: enable appcache + move DocumentLoader to the heap.
DocumentLoader belongs on the heap. References to it
are kept by an object that is on the heap (FrameLoader),
and DocumentLoader itself has heap references.

Along with moving DocumentLoader, have the two appcache
objects (ApplicationCache and ApplicationCacheHost) be
under Oilpan's control always.

R=haraken
BUG=340522,497595

Review URL: https://codereview.chromium.org/1194003004

git-svn-id: svn://svn.chromium.org/blink/trunk@197576 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197563.
TBR=oilpan-reviews
BUG=275851
NOTRY=true

Review URL: https://codereview.chromium.org/1195963005

git-svn-id: svn://svn.chromium.org/blink/trunk@197571 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Measure the impact of a propsed change to createAttribute()
There is a proposal to lowercase name in HTML documents:
https://bugzilla.mozilla.org/show_bug.cgi?id=1165851#c34

The counter in Document::createAttribute will catch any case where the
change would be observable, providing an upper limit to the risk.

The counter in Element::setAttributeNode is a reasonable proxy for the
case which is most likely problematic, namely trying to set a camelCase
Attr created by an HTML document on a non-HTML element, likely SVG, as
suggested by Boris Zbarsky:
https://bugzilla.mozilla.org/show_bug.cgi?id=1175031#c5

(The source of the Attr object need not be createAttribute, but extra
bookkeeping to determine that would either increase sizeof(Attr) or
require a new NodeFlags entry, so don't do that for now.)

BUG=502301

Review URL: https://codereview.chromium.org/1195583002

git-svn-id: svn://svn.chromium.org/blink/trunk@197549 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Remove unused FS callback partial specializations.
Retire unused transition type specializations of scheduleCallback() and
handleEventOrScheduleCallback().

R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1194093002

git-svn-id: svn://svn.chromium.org/blink/trunk@197530 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: keep StashedPortCollection always on the heap.
Have StashedPortCollection derive from RefCountedGarbageCollected, allowing
this EventTarget to reside on the heap irrespective of ENABLE(OILPAN).

R=haraken
BUG=497595

Review URL: https://codereview.chromium.org/1197763002

git-svn-id: svn://svn.chromium.org/blink/trunk@197529 bbb929c8-8fbe-4397-9dbb-9b2b20218538
landell
Use single and correct URL to flot library homepage
BUG=501810

Review URL: https://codereview.chromium.org/1191103002

Cr-Commit-Position: refs/heads/master@{#335378}
sigbjornf
Have ScreenOrientationController use a timer for async event dispatch again
Essentially revert r193927's switch to using a task to queue handling of
change event dispatch for ScreenOrientationController. Queuing a task
via the execution context / Document is unsafe for this controller object
as its lifetime is that of its frame. Should the frame be detached and
finalized while the Document remains alive, the queued task risks accessing
a freed ScreenOrientationController upon running.

Go back to using a one-shot timer; as these are now task based, the
original motivation for r193927 has additionally fallen away (wean Blink
off from using one-shot shared timers.)

R=mlamouri
BUG=501888

Review URL: https://codereview.chromium.org/1190293002

git-svn-id: svn://svn.chromium.org/blink/trunk@197466 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
ifdef out ProcessUtilTest.CloneFlags on linux with old kernel headers
This allows the rest of base_unittests to build/run on such
systems.

BUG=312380

Review URL: https://codereview.chromium.org/1189683004

Cr-Commit-Position: refs/heads/master@{#335123}
sigbjornf
Move paint invalidation up into HTMLMediaElement::clearMediaPlayer().
To avoid (Oilpan) finalization order issues, reposition r197301's paint
invalidation of media elements. Instead of triggering it as part of the
destruction of the media element's media player client object, have the
media element handle it on its own while initiating the destruction of
the media player (and more) in clearMediaPlayer(). A simpler arrangement.

R=haraken,chrishtr
BUG=497614

Review URL: https://codereview.chromium.org/1186853004

git-svn-id: svn://svn.chromium.org/blink/trunk@197395 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Avoid stretching the parent of a column spanner.
We used to stretch the parent of a spanner, so that it would take up all
remaining space in the last column, to make sure that column content after the
spanner wouldn't bleed into the column preceding the spanner.

This stretching (a kludge, really) was problematic, especially if the parent
had fixed height, which would override the stretching. This would lead to
broken layout, and even assertion failures.

Instead, deal with the fact that the last column may be shorter than the
others. We don't want this for paged overflow, though, or it'd be impossible to
scroll the last page completely into view.

BUG=499706
R=dsinclair@chromium.org,jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1181483005

git-svn-id: svn://svn.chromium.org/blink/trunk@197392 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Make mapLocalToContainer() work properly for content that follows a column spanner.
mapLocalToContainer() uses offsetFromContainer(), which uses columnOffset()
(which calls flowThreadTranslationAtOffset()), which didn't always return the
correct translation relatively to the flow thread.

This also improves the fix for bug 479155.
MultiColumnFragmentainerGroup::flowThreadTranslationAtOffset() needs to return
a translation relative to the flow thread, and the code we had basically just
happened to work by accident (flipping a flow thread portion rectangle for
writing mode around a column set is just bogus, since a column set isn't
sized in the flow thread coordinate space). This solution would cause problems
with the upcoming fix for bug 499706, because then the last column may be
shorter than the others (because it's not completely filled).

BUG=501772
R=dsinclair@chromium.org,jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1190153002

git-svn-id: svn://svn.chromium.org/blink/trunk@197373 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: add prefinalizer for HTMLMediaElement.
A prefinalizer is needed for the media element for the case where it is
finalized in the same GC as its execution context (Document.) The
interaction between the media element and the Document to synchronize
load event handling can only safely be done prior to either is swept
out and finalized.

R=
BUG=500352

Review URL: https://codereview.chromium.org/1184373006

git-svn-id: svn://svn.chromium.org/blink/trunk@197339 bbb929c8-8fbe-4397-9dbb-9b2b20218538
jmanko
Add missing null-check in OverscrollControllerAndroid::Animate()
Without it, there's a crash when running with
disable-overscroll-edge-effect switch.

BUG=501472

Review URL: https://codereview.chromium.org/1195453003

Cr-Commit-Position: refs/heads/master@{#334897}
philipj
Measure usage of FormData.append(name, blob, filename)
As requested by Anne van Kesteren:
https://bugzilla.mozilla.org/show_bug.cgi?id=1162658#c47

Per spec the blob argument cannot be null, but in Blink it can without
[TypeChecking=Interface], for FormData.append(name, null, filename).
(With no filename argument it is instead taken as the USVString "null".)
This is almost certainly safe to fix, but it's easy to measure here.

BUG=498790

Review URL: https://codereview.chromium.org/1174973003

git-svn-id: svn://svn.chromium.org/blink/trunk@197268 bbb929c8-8fbe-4397-9dbb-9b2b20218538
landell
Reland: Window.postMessage() to self can cause document leaks
When a script does Window.postMessage() a PostMessageTimer object is
stored in the LocalDOMWindow until the message has been delivered, or
until it is cleared in the destructor of LocalDOMWindow. When a
LocalDOMWindow is reset the remaining messages will not be
delivered. Any PostMessageTimer objects alive at that point will be kept
until the LocalDOMWindow is destroyed. Unfortunately, the
PostMessageTimer objects keeps a reference to the source window. If both
the source and destination window of the message is the same, the
PostMessageTimer can keep that LocalDOMWindow from getting destroyed.

Removing the PostMessageTimers when stop() is invoked fixes the problem.

BUG=500821,499692

Review URL: https://codereview.chromium.org/1186093003

git-svn-id: svn://svn.chromium.org/blink/trunk@197252 bbb929c8-8fbe-4397-9dbb-9b2b20218538
christiank
Add glCopyCompressedTextureCHROMIUM
This CL adds a GPU command for copying compressed textures. It's
based on glCopyTextureCHROMIUM, but modified for use on
compressed textures. It only supports GLImage-based copying.

BUG=434699

Review URL: https://codereview.chromium.org/1119723003

Cr-Commit-Position: refs/heads/master@{#334810}
sigbjornf
Oilpan: adjust GC policy under memory pressure (only.)
When notified of a v8 major GC, check if we're under memory pressure and
overdue an Oilpan GC & urgently. If so, force a conservative GC right
away.

This addresses dom-modify.html OOM troubles on win32, in particular. It
runs into the allocation pattern where the Oilpan allocator is able to
handle a tight loop just allocating Text nodes by bump allocating each
such node. Each Text node has a large external string allocation however,
which leads to a steep ramp-upin overall allocation amounts to the point
where it might OOM as no Oilpan GCs will run. v8 will however notice the
increasing memory pressure and schedule major GCs of its own.

Oilpan is notified after each v8 major GC, so use that opportunity to
check for memory pressure & force an Oilpan GC right away.

R=haraken
BUG=474470

Review URL: https://codereview.chromium.org/1190513006

git-svn-id: svn://svn.chromium.org/blink/trunk@197245 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mharanczyk
Change root bounds in RenderWidgetHostViewAuraTest.ParentMovementUpdatesScreenRect
test to avoid initializing portrait mode static primary rotation and cause test
failures on memory waterfall.

It turns out that on normal run each test is run separately, but on
memory waterfall they are run in such a way  (in one process in bulk?)
that if previous test sets up some static values they are preserved
for all consecutive tests, creating hidden dependency between them.
In this case values of primary portrait and landscape angles that are in
RenderWidgetHostViewBase::GetOrientationTypeForDesktop are preserved
between tests and primary_portrait_angle was set up to unexpected value (0)
by test I've added, which broke RenderWidgetHostViewBaseTest.OrientationTypeForDesktop
which expected to set those up by itself and test it.

BUG=499914, 500011

Review URL: https://codereview.chromium.org/1186843002

Cr-Commit-Position: refs/heads/master@{#334792}
sigbjornf
Oilpan: tidy up after r197233.
TBR=oilpan-reviews
BUG=398920
NOTRY=true

Review URL: https://codereview.chromium.org/1176183003

git-svn-id: svn://svn.chromium.org/blink/trunk@197241 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Promptly finalize CacheStorage's embedder object.
The lifetime of the global object's CacheStorage is that of the global
object, so when it is destructed/finalized, the CacheStorage must
release its embedder object at the same. This so as to prevent the
embedder calling into Blink after it has shut down or when it is in
the process of finalizing and lazily sweeping out its Oilpan heap.

R=haraken,jsbell@chromium.org
BUG=500355

Review URL: https://codereview.chromium.org/1183373006

git-svn-id: svn://svn.chromium.org/blink/trunk@197236 bbb929c8-8fbe-4397-9dbb-9b2b20218538
rune
Avoid resetting rule features when removing style-less shadow.
We reset the global rule features when removing a shadow root from the
tree. There is no reason to do that if the scope does not contain style,
so we'll skip the reset when there is no ScopedStyleResolver.

In particular, this can be the case for UA shadow roots. For the case
where the scope contains style, this will be fixed by componentized style
resolving.

What occurs in issue 499349 is:

1. Remove a form child which is an input with a UA shadow root.
2. Removing the root causes rule features to be reset globally.
3. Removing an input child of a form requires a validity check.
4. The validity check schedules an invalidation for :valid etc.
5. Scheduling invalidation sets require an up-to-date rule feature set
   which includes invalidation sets, so the rule features are collected.

1-5 is repeated for each removed input. The global feature collection in
step 5 is the expensive part here.

R=tkent@chromium.org,esprehn@chromium.org
BUG=499349

Review URL: https://codereview.chromium.org/1185423004

git-svn-id: svn://svn.chromium.org/blink/trunk@197204 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
No need for both isLayoutBoxModelObject() and isBoxModelObject().
They answer the exact same question.
Deleted one and kept the most popular one (isBoxModelObject()).

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1187033004

git-svn-id: svn://svn.chromium.org/blink/trunk@197197 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Empty LayoutObject::pushMappingToContainer(). Assert that not reached.
This code seems unreachable.

R=ojan@chromium.org

Review URL: https://codereview.chromium.org/1183393003

git-svn-id: svn://svn.chromium.org/blink/trunk@197194 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Return ints from border{Before,After,Start,End}Width
The users of these functions in LayoutBoxModelObject already returns
ints and the functions they wrap also returns int.

BUG=496033

Review URL: https://codereview.chromium.org/1183163002

git-svn-id: svn://svn.chromium.org/blink/trunk@197161 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Return int from outlineWidth() and outlineSize()
The underlying storage is an int and it's usually used together with
plain ints.

BUG=496033

Review URL: https://codereview.chromium.org/1185753005

git-svn-id: svn://svn.chromium.org/blink/trunk@197159 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197129.
TBR=oilpan-reviews
BUG=none
NOTRY=true

Review URL: https://codereview.chromium.org/1186823005

git-svn-id: svn://svn.chromium.org/blink/trunk@197136 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mostynb
replace VLOG with DVLOG in content/browser/loader/resource_loader.cc
VLOG() has a high overhead due to pattern matching. One of the major culprits
is in content/browser/loader/resource_loader.cc

BUG=489818,489441
R=sque,mmenke

Review URL: https://codereview.chromium.org/1174173013

Cr-Commit-Position: refs/heads/master@{#334388}
sigbjornf
Revert of Oilpan: adjust GC policy under memory pressure. (patchset #4 id:60001 of https://codereview.chromium.org/1174123002/)
Reason for revert:
Plausible candidate for regressing v8 GC totals on v8.top_25_smooth somewhat,

 https://code.google.com/p/chromium/issues/detail?id=499822

Original issue's description:
> Oilpan: adjust GC policy under memory pressure.
> 
> When notified of a v8 major GC, check if we're under memory pressure and
> overdue an Oilpan GC & urgently. If so, force a conservative GC right
> away.
> 
> This addresses dom-modify.html OOM troubles on win32, in particular. It
> runs into the allocation pattern where the Oilpan allocator is able to
> handle a tight loop just allocating Text nodes by bump allocating each
> such node. Each Text node has a large external string allocation however,
> which leads to a steep ramp-upin overall allocation amounts to the point
> where it might OOM as no Oilpan GCs will run. v8 will however notice the
> increasing memory pressure and schedule major GCs of its own.
> 
> Oilpan is notified after each v8 major GC, so use that opportunity to
> check for memory pressure & force an Oilpan GC right away.
> 
> R=haraken
> BUG=420515
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=196953

TBR=haraken@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=420515

Review URL: https://codereview.chromium.org/1191483002

git-svn-id: svn://svn.chromium.org/blink/trunk@197114 bbb929c8-8fbe-4397-9dbb-9b2b20218538
davve
Use plain int for borders widths when possible
Chromium coding style (not overridden by Blink's in this case)
states:

  Do not use unsigned types to mean "this value should never be < 0".

The BorderValue width storage is currently 26 bits wide so it's easily
contained in a plain int.

No functional change expected.

BUG=496033

Review URL: https://codereview.chromium.org/1182053003

git-svn-id: svn://svn.chromium.org/blink/trunk@197111 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Sync worker interfaces with the HTML spec
Also include ApplicationCache because of the SharedWorker connection.

There are no changes to the generated code other than order.

BUG=460722

Review URL: https://codereview.chromium.org/1185043005

git-svn-id: svn://svn.chromium.org/blink/trunk@197103 bbb929c8-8fbe-4397-9dbb-9b2b20218538
tmoniuszko
Remove redundant enable_media_router assignment
It's declared in declare_args() section already.

BUG=

Review URL: https://codereview.chromium.org/1186503002

Cr-Commit-Position: refs/heads/master@{#334363}
sigbjornf
Introduce (Heap)Vector trait covering zero'ed memory for unused slots.
When a slot/index in a heap vector's backing storage is marked as unused,
its value must be cleared out. This so as to prevent later GC tracing or
finalization of the backing storage from incorrectly interpreting those
bits. The heap vector handles such unused slots by zero-ing out the block
of memory it maps to; if that zero'ed block of memory doesn't represent
a valid instance of a class type, it cannot be used in heap vectors.

Introduce a vector trait controlling if a memset()-zero'ed slot represents
a valid value for the Oilpan GC infrastructure to interpret when tracing
and finalizing that value. It is needed for the class types where the
default constructor maps to a representation that isn't all zero, but
that zero'ed representation is still valid for the Oilpan GC to interpret.

R=haraken,tkent
BUG=420515

Review URL: https://codereview.chromium.org/1180383002

git-svn-id: svn://svn.chromium.org/blink/trunk@197100 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: fix build after r197063, move HitTestCache to the heap.
Follow up r197063 and make HitTestCache compatible with Oilpan.

R=haraken
BUG=398920

Review URL: https://codereview.chromium.org/1185923002

git-svn-id: svn://svn.chromium.org/blink/trunk@197095 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Remove WebMediaPlayerClient::requestFullscreen()
This was used for a while and then removed again:
https://codereview.chromium.org/41123002
https://codereview.chromium.org/1021723003

BUG=496627

Review URL: https://codereview.chromium.org/1157253010

git-svn-id: svn://svn.chromium.org/blink/trunk@197089 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Add <stdarg.h> include required for va_start/va_end in GCC
https://codereview.chromium.org/1181713004 removed some base/port.h
includes, which in turn includes <stdarg.h>. This include is needed
to compile with GCC, at least on some systems.

BUG=138542

Review URL: https://codereview.chromium.org/1185683002

git-svn-id: svn://svn.chromium.org/blink/trunk@197088 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Add out-of-flow descendants of spanners to their containing blocks in time.
A column spanner isn't laid out as a normal child in the flow thread, since the
flow thread isn't a containing block for spanners. However, out-of-flow
descendants of a spanner may have their containing blocks somewhere outside the
spanner but inside the flow thread, and those have to be laid out as part of
flow thread layout (layoutPositionedObjects() on their containing block).

Therefore we have to add such out-of-flow objects to their respective
containing blocks when skipping spanners, or they'll never get laid out.

We also have to bail from updateBlockChildDirtyBitsBeforeLayout() for
out-of-flow objects, so that they don't get marked when laying out the spanner.
They may already have been laid out at that point (as part of flow thread
layout), in which case we'll never get back to laying them out again if marked
(since we're way past that point in the tree). In any case, it's a pretty
useless thing to mark out-of-flow objects for layout here, since we by doing
that would kind of be assuming that the out-of-flow child has its parent as its
containing block (which may be true, by all means, but not something that
should be taken for granted).

Added a reftest that would assert and probably fail visually too without this
fix.

BUG=498770
R=dsinclair@chromium.org,jchaffraix@chromium.org

Review URL: https://codereview.chromium.org/1181693004

git-svn-id: svn://svn.chromium.org/blink/trunk@197071 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Measure SVGSVGElement.useCurrentView/currentView
By request from Olli Pettay on #whatwg

Review URL: https://codereview.chromium.org/1180903005

git-svn-id: svn://svn.chromium.org/blink/trunk@197070 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Add <stdarg.h> include required for va_start/va_end in GCC
https://codereview.chromium.org/1181713004 removed some base/port.h
includes, which in turn includes <stdarg.h>. This include is needed
to compile with GCC, at least on some systems.

BUG=138542
NOPRESUBMIT=true

Review URL: https://codereview.chromium.org/1177213003

Cr-Commit-Position: refs/heads/master@{#334260}
rogerj
Fix leak of PlatformHandleDispatchers in Mojo IPC
PassWrappedPlatformHandle does not close the MojoHandle.
The destructor of ScopedHandleBase will however close it.
The problem with this code was that it called release()
on the ScopedHandle, preventing the destructor from being
called, and thus also the MojoHandle from being closed.

This leaves the PlatformHandleDispatcher associated with
the MojoHandle alive in mojo::system::Core::handle_table_

By calling reset() instead the MojoHandle is closed, and
the leak is fixed.

R=morrita@chromium.org, viettrungluu@chromium.org, agl@chromium.org

BUG=None

Review URL: https://codereview.chromium.org/1174423002

Cr-Commit-Position: refs/heads/master@{#334197}
sigbjornf
Oilpan: fix build after r197039.
CSSFontSelectorClient now needs to a GC mixin.

TBR=oilpan-reviews
BUG=481515
NOTRY=true

Review URL: https://codereview.chromium.org/1186543002

git-svn-id: svn://svn.chromium.org/blink/trunk@197044 bbb929c8-8fbe-4397-9dbb-9b2b20218538
philipj
Document and measure the TextEvent interface and the textinput event
BUG=460722

Review URL: https://codereview.chromium.org/1184493002

git-svn-id: svn://svn.chromium.org/blink/trunk@197042 bbb929c8-8fbe-4397-9dbb-9b2b20218538
mstensho
Correct fast/multicol/vertical-rl/image-inside-nested-blocks-with-border.html
We have a float at the beginning of the second column. The test wanted the
float to have its left edge flush with the left edge of the multicol container,
but this is vertical-rl writing mode, so it will instead have its right edge
flush with the right edge of the multicol container, since that's where columns
start in the block progression direction. So the test "failed" and was stored
as such in the expectation file. But both the layout engine and the behavior of
getBoundingClientRect were correct all along.

Corrected the test, and removed a bunch of boilerplate and turned it into
something using js-test.js instead. In order to be consistent, I also cleaned
up the vertical-lr and horiontal-tb (default) variants in the same way as well.

R=dsinclair@chromium.org

Review URL: https://codereview.chromium.org/1173313003

git-svn-id: svn://svn.chromium.org/blink/trunk@197040 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: eagerly finalize MIDIAccess.
MIDIAccess' MIDIAccessor is registered as a callable client of the
embedder's WebMIDIAccessor. It is unsafe to access that client interface
during lazy sweeping, as it might access heap objects that have
been finalized.

Consequently, mark MIDIAccess as eagerly finalized, making it release
its MIDIAccessor before the mutator is allowed heap access after
a GC.

R=haraken
BUG=491488

Review URL: https://codereview.chromium.org/1179143002

git-svn-id: svn://svn.chromium.org/blink/trunk@197038 bbb929c8-8fbe-4397-9dbb-9b2b20218538
sigbjornf
Oilpan: add missing transition type on stack allocated StyleSheetHandler.
R=haraken
BUG=340522

Review URL: https://codereview.chromium.org/1185603002

git-svn-id: svn://svn.chromium.org/blink/trunk@197032 b