Opera Software upstreamed commits

Upstreamed commits in Chromium: 5605, Blink: 3474, V8: 22.

Click message to expand

Chromium

Author Message When
sigbjornf
Robustify Internals entry points against detached uses.
Fuzzers generate pointless overhead using these test-only methods from
frame-detached contexts. Add required nullchecks throughout.

Simple test case for each of these entry points (w/ --run-layout-test):

 <a href="javascript:'replaced'" id=anchor>click</a>
 <script>
 anchor.click();
 internals.someMethod();
 console.log('no crash');
 </script>

R=
BUG=624549

Review-Url: https://codereview.chromium.org/2109613007
Cr-Commit-Position: refs/heads/master@{#403421}
rune
0 -> nullptr for UseCounter pointer in CSSParserContext.
I repeatedly find myself looking for constructors taking flags through
unsigned before realizing this is actually a pointer.

Review-Url: https://codereview.chromium.org/2101143005
Cr-Commit-Position: refs/heads/master@{#403256}
fs
Use a converter for -webkit-clip-path
Add StyleBuilderConverter::convertClipPath and use it for computing
the ClipPathOperation.

BUG=610854

Review-Url: https://codereview.chromium.org/2105383002
Cr-Commit-Position: refs/heads/master@{#403153}
rune
Optimize style recalc when adding @keyframes.
We only need to recalculate the elements with running animations unless
we tried to find an @keyframes rule and couldn't, for which we fall
back to a full document recalc.

The motivation for doing this is that the current WIP for issue 567021
shows that we're still getting full document recalcs due to the
presence of @keyframes rules.

R=dstockwell@chromium.org,alancutter@chromium.org
BUG=623911,567021

Review-Url: https://codereview.chromium.org/2105743002
Cr-Commit-Position: refs/heads/master@{#403118}
fs
Wire up invalidation for flood-{color,opacity} on <feDropShadow>
Make sure to call primitiveAttributeChanged() for this element and
property combination. Implement the required infrastructure in
SVGFEDropShadowElement::setFilterEffectAttribute and FEDropShadow.

Because of an issue with SVGTestCase.js the tests below would not
previously fail as expected. That is being addressed by the CL at
https://codereview.chromium.org/2104943005.

TEST=svg/dynamic-updates/SVGFEDropShadowElement-dom-shadow-color-attr.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-dom-shadow-opacity-attr.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-svgdom-shadow-color-prop.html
TEST=svg/dynamic-updates/SVGFEDropShadowElement-svgdom-shadow-opacity-prop.html
BUG=231560

Review-Url: https://codereview.chromium.org/2112563002
Cr-Commit-Position: refs/heads/master@{#403025}
fs
Notify context element after changes in SVGPreserveAspectRatioTearOff
Without this the associated LayoutObject will not be notified of the
change.

TEST=svg/dynamic-updates/SVGFEImageElement-svgdom-preserveAspectRatio-prop.html
TEST=svg/dynamic-updates/SVGImageElement-svgdom-preserveAspectRatio-prop.html
BUG=231560

Review-Url: https://codereview.chromium.org/2108333002
Cr-Commit-Position: refs/heads/master@{#402960}
fs
Move ClipPathOperation.h to core/style/
This is stored as part of ComputedStyle, so style/ seems a better fit
than layout/.

BUG=610854

Review-Url: https://codereview.chromium.org/2108213002
Cr-Commit-Position: refs/heads/master@{#402935}
sigbjornf
Tidy CrossThreadCopier.h inclusion.
This header file declares a set of types as being cross-copiable; avoid
bringing in all of Oilpan for its two cross-thread persistent types.

Tidy up some downstream header files which were implicitly depending on
Oilpan being included here.

R=
BUG=597856, 624419

Review-Url: https://codereview.chromium.org/2104283002
Cr-Commit-Position: refs/heads/master@{#402823}
rune
Schedule sibling invalidation sets for sibling insert/remove.
Invalidation sets have been used only for changes which do not alter the
tree structure, like changing id, class names, other attributes, and
pseudo states. For dom tree changes, style invalidation relies on attach
and detach of the layout tree for the inserted/removed element. For
subsequent siblings of inserted/removed elements, we have been marking
siblings for subtree recalc (when we know we have tried to match
adjacent combinators on one of the siblings before) based on the maximum
number of consecutive direct adjacent combinators or all subsequent
siblings for indirect adjacent combinators.

This CL starts using sibling invalidation sets on siblings instead of
doing subtree recalcs.

The following properties of invalidation sets affected how this
implementation was done:

* Even though we invalidate descendants/siblings based on tag names, we
  don't have invalidation sets for tag names as elements do not change
  tag names dynamically. For inserted/removed elements, we could have
  used invalidation sets for tag names. Take the selector "div + span".
  If we remove a div we could have scheduled an invalidation set for div
  which invalidates a span sibling.

* Invalidation sets for simple selectors and their negated versions, for
  instance ".a" and ":not(.a)", share invalidation sets and they may do
  so because invalidation sets have been applied when they change. That
  is, "a" is either part of old or the new class attribute when the
  invalidation set needs to be scheduled. When removing/inserting
  elements, a selector like ":not(.a) + .b" will need to schedule a
  sibling for ".a" for all elements not having the class "a".

* Consider the selector "* + .a". We have to schedule a sibling
  invalidation for any inserted/removed element to invalidate a sibling
  with class "a". However, invalidation set construction has only
  created an invalidation set for ".a" with the invalidateSelf flag set.

For this CL, we create a single universal sibling invalidation set to
handle the cases above. In fact this CL only do sibling invalidations on
element insert/remove for id, class, and attribute in addition to
scheduling the universal sibling invalidation set. Also, we skip
selector lists (that is, :not() and :-webkit-any() as :host()
:host-context() and :slotted() never match when followed by an adjacent
combinator).

For the following set of selectors:

  :not(.a) + .b + .c
  #x:not(.a) + .d
  div + span
  :-webkit-any(.x) + .f .g

We end up with the following universal sibling invalidation set with the
descendant invalidation set, containing ".g", to the right.

  { .c, span, .f, invalidatesSelf } => { .g }

Note that if a compound contains both :not() and for instance an id
selector, we will not add it to the universal sibling invalidation set
as we can properly invalidate ".d" siblings above using the invalidation
set for "#x".

== Scheduling sibling invalidations

For changes not modifying the tree, we schedule sibling invalidation
sets on the changed element and invalidate the siblings with descendant
sets during the invalidation process. When removing an element, however,
the element is not left in the tree, so we need to associate the
invalidation set with another element.

When we remove an element, we instead schedule the sibling invalidation
set, and the sibling invalidation set's descendant set, as descendant
invalidation sets on the parent element or shadow root.

Likewise for inserting an element. When inserting an element, we have
elements to schedule the sibling sets on, but the sets would need to be
scheduled on elements further to the right in the sibling list in order
to reach the siblings we needed to invalidate. Also, they would have to
be moved further right on subsequent insertions.

== The effect on amazon.com

This CL gets rid of all post-page-load full recalcs before you start
interacting with the page. The full recalcs after you start interacting
needs to be investigated further.

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=542082

Review-Url: https://codereview.chromium.org/2089063005
Cr-Commit-Position: refs/heads/master@{#402770}
rune
Mark stylesheet as having media queries at consume time.
Marking the stylesheet as having media queries for @media at insertion
time meant we didn't mark the stylesheet when @media was a child rule
of another @-rule like @supports. Instead do the marking from the
consume method like we already did for @font-face rules.

Removed unnecessary marking from insertion methods and an unnecessary
boolean parameter which was always true.

R=timloh@chromium.org
BUG=621502

Review-Url: https://codereview.chromium.org/2081893003
Cr-Commit-Position: refs/heads/master@{#402766}
ckulakowski
Fix for cross compiling 32bit linux on 64bit host machine
Right now when custom sysroot is provided as gn parameter (target_sysroot)
only 32 bit custom sysroot will be used. 64 bit sysroot (which is also needed
by 32 bit build by - for example - protobuf) is expected to be found in default
location. This change adds possibility to provide path to directory containing
both sysroots for linux (32 bit and 64 bit).

BUG=622616

Review-Url: https://codereview.chromium.org/2096323002
Cr-Commit-Position: refs/heads/master@{#402742}
sigbjornf
Handle cross-thread weak persistents during global weak processing.
r401880 changed the handling of weak persistents, clearing
and releasing their underlying PersistentNodes once their
weak references point to otherwise unreferenced objects.

However, performing that weak processing step cannot reliably
be done as part of thread-local weak processing if the
weak persistent is a CrossThreadWeakPersistent<T> (CTWP) as the
object it refers to may reside on a different thread's heap than
where the CTWP resides. If both locations need to be accessed,
doing that as part of thread-local weak processing is too
late and unsafe.

Instead we process the cross-thread weak persistents along with the
'weak cells' during global weak processing. WeakPersistent<>s are
still handled during thread-local weak processing.

R=
BUG=623985

Review-Url: https://codereview.chromium.org/2106863003
Cr-Commit-Position: refs/heads/master@{#402734}
sigbjornf
Disable HeapTest.TraceDeepEagerly for Android targets.
This test is heavy on allocation and considered too slow to be
running w/ asserts enabled. Disable it entirely for Android,
as the overhead is bogging down bots too much.

R=
BUG=623779

Review-Url: https://codereview.chromium.org/2101363002
Cr-Commit-Position: refs/heads/master@{#402470}
sigbjornf
Allow lazy removal of (context) lifecycle observers while stopping.
r402141 imposed the restriction on ContextLifecycleObservers behavior
during stop() notifications of no longer being allowed to remove
observers while handling stop(). That constraint enables iteration
to be handled without allocating a snapshot of the observer set.

That restriction proves too constraining for media elements indirectly
holding onto AssociatedURLLoader objects while being stopped
(see associated bug for info.) Consequently, we allow observer removals
while keeping observer set iteration safe & allocation-free -- removals
are recorded while iterating, and removed in one go afterwards.

This is only done for notifyStoppingActiveDOMObjects(), as the other
notifications over context lifecycle observers do not require this
flexibility.

R=
BUG=623755

Review-Url: https://codereview.chromium.org/2109553002
Cr-Commit-Position: refs/heads/master@{#402445}
sigbjornf
Fix DUMP_NODE_STATISTICS compilation.
R=
BUG=

Review-Url: https://codereview.chromium.org/2099183003
Cr-Commit-Position: refs/heads/master@{#402406}
sigbjornf
Retire http/tests/htmlimports/redirect.html leak exemption.
Back to normal, retire expectation.

TBR=yoichio
BUG=366477
NOTRY=true

Review-Url: https://codereview.chromium.org/2096373002
Cr-Commit-Position: refs/heads/master@{#402152}
sigbjornf
Avoid snapshotting ContextLifecycleObservers when iterating.
To allow safe iteration over the set of ExecutionContext observers,
a snapshot of the set was taken before iterating over it. So as to
allow observers to unregister themselves while being notified.

Apart from PostMessageTimer unregistering itself while being stop()ed,
the ContextLifecycleObservers do not mutate the observer set, hence
we can avoid the snapshot step and iterate directly over the observers.
Attempts to remove an observer while iterating is caught and
asserted for.

As the observer set is a set of weak references, some care is needed
to keep those references strong while iterating. That and other details
surrounding observer iteration is now handled by the auxiliary scope object
LifecycleNotifier<>::IterationScope.

Should the constraint of not being allowed to remove observers while
iterating prove too cumbersome, supporting lazy removal of observers
(post iteration) would be straightforward.

R=
BUG=451132

Review-Url: https://codereview.chromium.org/2094143002
Cr-Commit-Position: refs/heads/master@{#402141}
rune
Move preferred stylesheet set out of active sheet update.
There are two reasons for this:

1. In preparation for async active stylesheet update, in which case
   setting the preferred stylesheet set would otherwise be happening
   too late.

2. Doing it during the active stylesheet update means only the
   alternate stylesheets following the link with the title setting the
   preferred sheet set would be enabled appropriately. crbug.com/621479

This CL is split out of https://codereview.chromium.org/1913833002

R=timloh@chromium.org
BUG=567021,621479

Review-Url: https://codereview.chromium.org/2079303002
Cr-Commit-Position: refs/heads/master@{#402139}
sigbjornf
Remove unnecessary finalization of IDBObserver classes.
IDBObserver and IDBObserverChanges do not need to be finalized,
nor have user-defined empty destructors.

R=
BUG=609934

Review-Url: https://codereview.chromium.org/2098243002
Cr-Commit-Position: refs/heads/master@{#402117}
rune
Don't create m_style for option element in display:none subtree.
Instead create a ComputedStyle on demand in rare data like we do for
other display:none elements. This caused out-of-date computed style for
option elements in display:none subtrees because recalcOwnStyle is
skipped for elements without a parentComputedStyle().

R=tkent@chromium.org
BUG=621965

Review-Url: https://codereview.chromium.org/2095973002
Cr-Commit-Position: refs/heads/master@{#402095}
perja
On Android there is no notification when a device is lost. This change keeps track of when a device was last seen and removes outdated devices.
This was already implemented for OSX and the code has been moved to make it accessible to Android as well.

BUG=581544

Review-Url: https://codereview.chromium.org/1842223003
Cr-Commit-Position: refs/heads/master@{#401940}
sigbjornf
Completely clear weak persistent references.
If weak processing determines that a WeakPersistent<T> is now pointing
to an otherwise unreferenced object, clear out and deallocate its
underlying PersistentNode.

We previously would only clear the persistent reference, but keep the
PersistentNode. This would lead to imprecise counts of live persistents,
potentially triggering false asserts of leaking persistents during thread
termination GCs.

R=
BUG=

Review-Url: https://codereview.chromium.org/2094973002
Cr-Commit-Position: refs/heads/master@{#401880}
fs
Update baselines for svg/text/text-viewbox-rescale.html
Incorporate changes from https://codereview.chromium.org/1920833002.

TBR=pdr@chromium.org
BUG=603956

Review-Url: https://codereview.chromium.org/2085413003
Cr-Commit-Position: refs/heads/master@{#401584}
sigbjornf
gn: add Blink GC plugin options
The Blink GC clang plugin supports a couple of extra options which the
Blink GN configuration does not currently expose. Do so here, but without
depending on the 'flags' script used by the gyp build system
(tools/clang/scripts/blink_gc_plugin_flags.py).

Specifically, this adds the following Blink GN variables:

 - blink_gc_plugin_option_do_dump_graph [ = false ]
     emit JSON-serialized representation of class graph.
 - blink_gc_plugin_option_warn_unneeded_finalizer [ = false ]
     warn of unnecessary destructor usage.

TBR=thakis
BUG=

Review-Url: https://codereview.chromium.org/2097433002
Cr-Commit-Position: refs/heads/master@{#401568}
fs
Update expectations for crbug.com/621915
These tests no longer appear flaky:

 svg/custom/createImageElement2.xhtml
 svg/custom/pointer-events-image.svg
 svg/custom/pointer-events-image-css-transform.svg

TBR=pdr@chromium.org
BUG=621915

Review-Url: https://codereview.chromium.org/2097443002
Cr-Commit-Position: refs/heads/master@{#401566}
sigbjornf
gn: define and use clang_base_path
Replace uses of "//third_party/llvm-build/Release+Asserts"
with the configurable option clang_base_path.

TBR=thakis
BUG=

Review-Url: https://codereview.chromium.org/2088373002
Cr-Commit-Position: refs/heads/master@{#401551}
fs
Fix Mac10.9 baselines for two svg/custom/ tests
Remove incorrect baselines for:

 svg/custom/createImageElement2.xhtml
 svg/custom/pointer-events-image.svg

TBR=pdr@chromium.org
NOTRY=true
BUG=621915

Review-Url: https://codereview.chromium.org/2082253004
Cr-Commit-Position: refs/heads/master@{#401387}
sigbjornf
Add ASan exemption when iterating cross-thread-persistents.
When running a termination GC or tracing, the set/region of live
CrossThreadPersistent nodes are iterated over, checking if the objects
they point to belong to the current thread.

As heap objects can have CrossThreadPersistent<> fields, it is possible
for there to be CrossThreadPersistent nodes which point back to heap
objects about to be swept. When ASan is enabled, the page sweeping takes
care of poisioning all to-be-swept objects first.

The combination of the above two means that persistent iteration can
try to inspect one of these poisoned objects, which will trigger an
ASan error. The persistent will not be further used, as it doesn't
belong to the thread. To accommodate this, we do disable ASan while
performing the object lookup while iterating the CrossThreadPersistent
node set.

R=
BUG=620754

Review-Url: https://codereview.chromium.org/2087253002
Cr-Commit-Position: refs/heads/master@{#401354}
fs
Deflake svg/custom/createImageElement2.xhtml
Need to wait for the image to load before ending the test.

BUG=621915

Review-Url: https://codereview.chromium.org/2086383002
Cr-Commit-Position: refs/heads/master@{#401347}
fs
Deflake svg/custom/pointer-events-image*.svg
Rewrite these two tests (which are essentially the same, modulo a
transform) to first wait for all the images to load, and then perform
all the clicks.

BUG=621915

Review-Url: https://codereview.chromium.org/2088733006
Cr-Commit-Position: refs/heads/master@{#401343}
fs
Update/tighten expectations for crbug.com/552433
Passing after getting updated baselines:

 svg/dom/length-list-parser.html
 svg/transforms/text-with-pattern-with-svg-transform.svg

Failing (a few pixels differ) on Win7 Debug:

 svg/W3C-SVG-1.1/coords-units-02-b.svg

TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2090553002
Cr-Commit-Position: refs/heads/master@{#401270}
perja
bluetooth: android: removed duplicate restart of scanning.
This is a followup fix to commit 3a38a46. There is no need to restart the search in this callback as this will be done from native code (BluetoothChooserAndroid::SetAdapterPresence).

BUG=543060

Review-Url: https://codereview.chromium.org/2065893002
Cr-Commit-Position: refs/heads/master@{#401257}
mostynb
content/public/common should depend on the mojo_bindings target
Rather than the mojo_bindings_mojom target, which exports sources, and
causes multiple definition errors in component builds.

Followup to https://codereview.chromium.org/2089823002

BUG=622076
TBR=jam@chromium.org,rockot@chromium.org

Review-Url: https://codereview.chromium.org/2088163002
Cr-Commit-Position: refs/heads/master@{#401230}
fs
Common up SVG transform "change detection" (classification)
This moves the transform change classification to a helper class
(SVGTransformChangeDetector) and move
LayoutSVGContainer::TransformChange along with it, renaming it to
SVGTransformChange.

BUG=603956

Review-Url: https://codereview.chromium.org/2086583004
Cr-Commit-Position: refs/heads/master@{#401111}
sigbjornf
Stop PingLoader's cancellation timer early.
If the ping completed, stop the loader's cancellation timer.

R=japhet
BUG=

Review-Url: https://codereview.chromium.org/2083023002
Cr-Commit-Position: refs/heads/master@{#401068}
fs
Reland of "Remove redundant "layout size changed" state from LayoutSVGRoot"
In LayoutSVGRoot::layout, two slightly different "layout size changed"
values are computed - one which is used for propagation to children
via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
(|m_isLayoutSizeChanged|), and one which is used to mark direct
descendant children (local |layoutSizeChanged|).
Ultimately their use is the same though, so only using the more narrow
predicate for both of these cases should yield the same result.
It also has the side-effect of making it more obvious that changes to
layout-size is only of interest when there exist clients of the SVG
root that have relative lengths.

BUG=603956

Review-Url: https://codereview.chromium.org/2065093002
Cr-Commit-Position: refs/heads/master@{#400987}
fs
Rebaseline svg/dom/length-list-parser.html
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2083983003
Cr-Commit-Position: refs/heads/master@{#400976}
fs
Rebaseline svg/W3C-SVG-1.1/coords-units-02-b.svg
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2088733003
Cr-Commit-Position: refs/heads/master@{#400971}
fs
Rebaseline svg/transforms/text-with-pattern-with-svg-transform.svg
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2080243004
Cr-Commit-Position: refs/heads/master@{#400970}
fs
Rebaseline svg/hixie/perf/006.xml
TBR=schenney@chromium.org
BUG=552433

Review-Url: https://codereview.chromium.org/2082963002
Cr-Commit-Position: refs/heads/master@{#400961}
fs
Avoid using forced layout to trigger paint invalidation for SVG containers
Currently, SVG containers in the LayoutObject hierarchy force layout of
their children if the transform changes. The main reason for this is to
trigger paint invalidation of the subtree. In some cases - changes to the
scale factor - there are other reasons to trigger layout, like computing
a new scale factor for <text> or re-layout nodes with non-scaling stroke.

Compute a "scale-factor change" in addition to the "transform change"
already computed, then use this new signal to determine if layout should
be forced for the subtree. Trigger paint invalidation using the
LayoutObject flags instead.

The downside to this is that paint invalidation will walk into "hidden"
containers which rarely require repaint (since they are not technically
visible). This will hopefully be rectified in a follow-up CL.

For the testcase from 603850, this essentially eliminates the cost of
layout (from ~350ms to ~0ms on authors machine; layout cost is related
to text metrics recalculation), bumping frame rate significantly.

BUG=603956,603850

Review-Url: https://codereview.chromium.org/1996543002
Cr-Commit-Position: refs/heads/master@{#400950}
sigbjornf
Delay resetting image animation, if possible.
When the last client of an ImageResource removes itself, the animations
of the image is explicitly reset. That resetting can happen either while
finalizing objects after a GC or as part of other explicit removals of
ImageObserver clients.

Having that reset happen as part of a garbage collection is interacting badly
with code in the middle of updating animations (which happen to trigger a
conservative GC.) So, to avoid introducing such abrupt & harmful resets, delay
the reset'ing until back at the event loop (and the animations update step
having completed.)

R=
BUG=613709, 581546

Review-Url: https://codereview.chromium.org/2004263003
Cr-Commit-Position: refs/heads/master@{#400934}
sigbjornf
Clean up WeakIdentifierMap<> implementation.
Avoid (literal) code duplication between (non)GC versions
of WeakIdentifierMap<>.

Other changes (for the GC version):

  - Do not separately allocate the HeapHashMap<>s, but keep these
    as part objects on WeakIdentifierMap<> instead.
  - Support explicit removal (via notifyObjectDestroyed()).

R=
BUG=

Review-Url: https://codereview.chromium.org/2086643002
Cr-Commit-Position: refs/heads/master@{#400907}
rune
Reject invert for outline-color at parse time.
We don't support invert as outline-color, so we should drop it at parse
time as per spec[1]. Added test to check that the initial value of
outline-color is the computed value of currentColor.

Gecko also drops declarations with invert for outline-color.

[1] https://drafts.csswg.org/css2/ui.html#value-def-invert

R=timloh@chromium.org
BUG=620399

Review-Url: https://codereview.chromium.org/2081633002
Cr-Commit-Position: refs/heads/master@{#400902}
fs
Update baselines for svg/filters/filter-refresh.svg
TBR=pdr@chromium.org
NOTRY=true
BUG=613441

Review-Url: https://codereview.chromium.org/2086713002
Cr-Commit-Position: refs/heads/master@{#400818}
fs
Unprefix the CSS 'filter' property
Parse 'filter' in the same way as '-webkit-filter', and make the latter
an alias of the former.
For SVG content, only the "url(...)" function is allowed still, with the
exception of the outermost <svg> (LayoutSVGRoot), since that "has a box".

Update tests to use 'filter' where reasonable and applicable.

Intent to Ship: https://groups.google.com/a/chromium.org/d/topic/blink-dev/ZVT2kxuFMaA/discussion

Based on https://codereview.chromium.org/1987943002 by noel@chromium.org.

BUG=613441,618160,550249,535786,244295,109224

Review-Url: https://codereview.chromium.org/2065593002
Cr-Commit-Position: refs/heads/master@{#400752}
mostynb
add some missing power_save_blocker gyp deps
Followup to https://codereview.chromium.org/2075153002

BUG=612337, 612563, 257943

Review-Url: https://codereview.chromium.org/2073393002
Cr-Commit-Position: refs/heads/master@{#400723}
mostynb
skip neon intrinsics in libpng when neon is not available
Followup to https://codereview.chromium.org/2021403002

BUG=599917, 618061

Review-Url: https://codereview.chromium.org/2074363002
Cr-Commit-Position: refs/heads/master@{#400714}
sigbjornf
GC plugin: improve error reporting when tracing illegal fields.
Add detection of trace() calls over smart pointer types that either do not
wrap up references to heap objects, or are otherwise not meant to be traced
over. In particular, CrossThread(Weak)Persistent<T> fields are now detected
as being illegal to trace over. Also consider OwnPtr<T>, RefPtr<T> and
std::unique_ptr<T> as illegal to trace over & emit a more concise error
messages for these.

R=
BUG=619149

Committed: https://crrev.com/3ba6089cd6a901b62ff5a0d8f08a2bd818edcbe8
Review-Url: https://codereview.chromium.org/2060553002
Cr-Original-Commit-Position: refs/heads/master@{#399861}
Cr-Commit-Position: refs/heads/master@{#400653}
fs
Revert of Remove redundant "layout size changed" state from LayoutSVGRoot (patchset #1 id:1 of https://codereview.chromium.org/2065093002/ )
Reason for revert:
Possible cause of crbug.com/620228

Original issue's description:
> Remove redundant "layout size changed" state from LayoutSVGRoot
>
> In LayoutSVGRoot::layout, two slightly different "layout size changed"
> values are computed - one which is used for propagation to children
> via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
> (|m_isLayoutSizeChanged|), and one which is used to mark direct
> descendant children (local |layoutSizeChanged|).
> Ultimately their use is the same though, so only using the more narrow
> predicate for both of these cases should yield the same result.
> It also has the side-effect of making it more obvious that changes to
> layout-size is only of interest when there exist clients of the SVG
> root that have relative lengths.
>
> BUG=603956
>
> Committed: https://crrev.com/30770a70834c73670884f0de91bb7624df0ba003
> Cr-Commit-Position: refs/heads/master@{#399791}

TBR=pdr@chromium.org,schenney@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=603956

Review-Url: https://codereview.chromium.org/2071953004
Cr-Commit-Position: refs/heads/master@{#400411}
mostynb
remove leftover forward declaration of OnscreenDisplayClient
BUG=487471
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2079513002
Cr-Commit-Position: refs/heads/master@{#400267}
sigbjornf
Remove unnecessary MemberHash<> templates.
Directly define the hash traits of all heap reference template types
(Member<T> - or Persistent<T>-derived) in terms of MemberHash<T>,
and avoid introducing ad-hoc templates for these.

Add missing (CrossThread)WeakPersistent<T> hash traits also.

R=
BUG=

Review-Url: https://codereview.chromium.org/2067223005
Cr-Commit-Position: refs/heads/master@{#400155}
joleksy
Align the Mac Omnibox items vertically again
OmniboxViewMac::GetBoldFieldFont() needs to request a bold font, then make it larger. Resource bundle will do the opposite, which makes a large system normal font a non-system bold font. That gives a different baseline to making the non-system bold font larger. And while the omnibox locks the baseline in ApplyTextStyle(), OmniboxPopupCellData does not.

BUG=617144

Review-Url: https://codereview.chromium.org/2068163002
Cr-Commit-Position: refs/heads/master@{#400144}
sigbjornf
GC plugin: improve error reporting when tracing illegal fields.
Add detection of trace() calls over smart pointer types that either do not
wrap up references to heap objects, or are otherwise not meant to be traced
over. In particular, CrossThread(Weak)Persistent<T> fields are now detected
as being illegal to trace over. Also consider OwnPtr<T>, RefPtr<T> and
std::unique_ptr<T> as illegal to trace over & emit a more concise error
messages for these.

R=
BUG=619149

Review-Url: https://codereview.chromium.org/2060553002
Cr-Commit-Position: refs/heads/master@{#399861}
sigbjornf
Allow prolonged CanvasAsyncBlobCreator lifetime, avoid indirect leaks.
Weakly keeping this async object to avoid resource leaks is problematic
(r399445 + r399675), as the object must remain alive until completed.

Undo that experiment and instead keep the object alive until all its
posted tasks have been processed. But for the task that wins and
is processed first, have it clear out the heap references that
would otherwise keep heavy objects alive.

R=
BUG=

Review-Url: https://codereview.chromium.org/2065913003
Cr-Commit-Position: refs/heads/master@{#399856}
fs
Remove redundant isLayoutSizeChanged check in LayoutSVGText::layout
SVGLayoutSupport::layoutChildren takes care to propagate the needs for
metrics updates via the |screenScalingFactorChanged| and
|layoutSizeChanged| arguments.

BUG=603956

Review-Url: https://codereview.chromium.org/2061793003
Cr-Commit-Position: refs/heads/master@{#399796}
fs
Remove redundant "layout size changed" state from LayoutSVGRoot
In LayoutSVGRoot::layout, two slightly different "layout size changed"
values are computed - one which is used for propagation to children
via SVGLayoutSupport::layoutSizeOfNearestViewportChanged
(|m_isLayoutSizeChanged|), and one which is used to mark direct
descendant children (local |layoutSizeChanged|).
Ultimately their use is the same though, so only using the more narrow
predicate for both of these cases should yield the same result.
It also has the side-effect of making it more obvious that changes to
layout-size is only of interest when there exist clients of the SVG
root that have relative lengths.

BUG=603956

Review-Url: https://codereview.chromium.org/2065093002
Cr-Commit-Position: refs/heads/master@{#399791}
asaka
gn BUILD fixes for disabling enable_extensions and use_ash feature flags.
BUG=

Review-Url: https://codereview.chromium.org/1950003002
Cr-Commit-Position: refs/heads/master@{#399693}
sigbjornf
Revert of Remove ineffective PendingScript prefinalizer (2nd attempt.) (patchset #1 id:1 of https://codereview.chromium.org/2060853002/ )
Reason for revert:
Canary crashes reported,

 https://bugs.chromium.org/p/chromium/issues/detail?id=615977#c12

Original issue's description:
> Remove ineffective PendingScript prefinalizer (2nd attempt.)
>
> With the missing case from r397106 aboard, retire the prefinalizer
> for PendingScript. Script loader and runner objects are expected
> to explicitly dispose of these upon success or failure.
>
> R=
> BUG=
>
> Committed: https://crrev.com/fbf7f01ae80f666a5b37acf0ef38fd174443787f
> Cr-Commit-Position: refs/heads/master@{#399504}

TBR=haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2069573002
Cr-Commit-Position: refs/heads/master@{#399691}
sigbjornf
Have CanvasAsyncBlobCreator's delayed task keep a weak |this| also.
Followup r399445 and dually have the delayed task that's
posted to check if the idle task has gone ahead, also keep
a weak |this| reference. The non-winning CanvasAsyncBlobCreator
posted main thread tasks can safely be cancelled & dropped if
a GC happens to go ahead.

R=
BUG=

Review-Url: https://codereview.chromium.org/2069533002
Cr-Commit-Position: refs/heads/master@{#399675}
robertn
Clear the SharedBuffer when clearing the image
Previously, in the case of the image failing to be decoded, the buffer
was cleared because error() was called. This was changed in the
following patch:

 https://chromium.googlesource.com/chromium/src/+/61e34ff7dd4ac48b8c4275eb3f541ebfb8a50266%5E%21/

The patch changes it so that only clear() is called, which does not
clear the m_data buffer. This patch changes clear() to also clear the
buffer.

BUG=

Review-Url: https://codereview.chromium.org/2060193002
Cr-Commit-Position: refs/heads/master@{#399668}
sigbjornf
gc plugin: remove ScriptWrappable destructor special case.
With Blink having exited its Oilpan transition phase, no need for the
plugin to catch & allow GarbageCollected<>-derived classes that also
derive from ScriptWrappable (but could safely not provide a destructor.)

Remove the unused IsRawPtr(name), IsDummyBase(name) predicates, as well.

R=
BUG=

Review-Url: https://codereview.chromium.org/2061143002
Cr-Commit-Position: refs/heads/master@{#399667}
fs
Rename StyleLayoutData to StyleGeometryData
The term 'geometry' better matches what is stored here (and is also more
in line with the SVG spec chapter [1] that defines most of the properties
here.)
Rename the SVGComputedStyle::layout field to 'geometry' to match.

This is a mechanical rename-only CL, with the exception of some
additional whitespace fixups.

[1] https://svgwg.org/svg2-draft/geometry.html ("Geometry Properties")

BUG=603956

Review-Url: https://codereview.chromium.org/2066563002
Cr-Commit-Position: refs/heads/master@{#399649}
sigbjornf
Remove ineffective PendingScript prefinalizer (2nd attempt.)
With the missing case from r397106 aboard, retire the prefinalizer
for PendingScript. Script loader and runner objects are expected
to explicitly dispose of these upon success or failure.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060853002
Cr-Commit-Position: refs/heads/master@{#399504}
sigbjornf
Have CanvasAsyncBlobCreator speculative idle tasks keep a weak 'this'.
If image encoding should be attempted done via idle tasks,
CanvasAsyncBlobCreator schedules an idle task along with a delayed
task on the main thread to check if the idle task has been scheduled
before too long. If not, the delayed task will handle the encoding
instead (still on the main thread.)

The idle tasks represent opportunistic work, and should not keep the
CanvasAsyncBlobCreator alive until they eventually do get to run.
Consequently, make them keep a weak 'this' reference.

This addresses leaks exposed by r399181.

R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2060153002
Cr-Commit-Position: refs/heads/master@{#399445}
sigbjornf
Promptly release cross-thread websocket bridge/proxy references
To prevent other threads using cross-thread persistents from accessing
to-be-finalized websocket Peer and Bridge abstractions, promptly free
them on becoming garbage. Delaying this until lazy sweeping runs risks
(benignly) touching poisoned objects.

R=
BUG=619373

Review-Url: https://codereview.chromium.org/2064633002
Cr-Commit-Position: refs/heads/master@{#399442}
sigbjornf
Move SourceRange and CSSPropertySourceData classes off-heap.
SourceRange is a value/POD class that has no complex
sharing or lifetime handling associated with it. It does not
meet minimal requirements that we've now settled on for when
an object ought to be Oilpan managed -- doesn't have other
heap references nor sharing&lifetime issues that would benefit
from Oilpan use -- hence, we should move it off-heap.

With SourceRange off-heap, a number of classes that package up
SourceRanges in various ways can be converted to off-heap
classes also.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060433002
Cr-Commit-Position: refs/heads/master@{#399428}
sigbjornf
Make trace() over persistents private.
Persistent references register a trace callback with the underlying persistent
node, allowing the Blink GC to trace the persistent root set when marking.

Consequently, there's no need to expose their trace() methods as public
methods. Make them private and thereby disallow calling trace() from
Blink code.

R=
BUG=

Review-Url: https://codereview.chromium.org/2060683002
Cr-Commit-Position: refs/heads/master@{#399423}
sigbjornf
Fix unsafe handling of part object in RuleFeatureSetTest.
The part object needs to be traced; the ad-hoc and unused
trace method used prevented GC plugin detection.

R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2063603002
Cr-Commit-Position: refs/heads/master@{#399416}
sigbjornf
Rename and improve "traceable" templates.
The NeedsTracing<T>::value expression would previously return true
if T had a trace() method or T == Member<U>. It would not be
true if T == WeakMember<U>; something that was convenient when
using NeedsTracing<> in connection with hash table backing stores,
needing to determine whether to trace the elements of the table, but
not if they were weak references & delegate that to weak processing.

As NeedsTracing<T> has grown an increasing number of uses besides
the handling of backing store tracing, where exempting WeakMember<>
makes no great sense, it is time to alter its meaning to accommodate
those uses better. And at the same time rename it to follow the various
other predicate templates we provide over types. So,

 NeedsTracing<T> => IsTraceable<T> (includes weak)
 NeedsTracingLazily<T> => IsTraceableInCollection<T> (excludes weak)
 NeedsTracingTrait<Trait> => IsTraceableInCollectionTrait<T>

Along with these changes, tidy up the static_assert() error messages in
a few places.

R=
BUG=

Review-Url: https://codereview.chromium.org/2065443002
Cr-Commit-Position: refs/heads/master@{#399389}
fs
Add use counter for parsing of filter functions with no arguments
Count before deciding the future for this, and related, "features".

BUG=618960

Review-Url: https://codereview.chromium.org/2051233003
Cr-Commit-Position: refs/heads/master@{#399378}
rune
Removed unnecessary mutable in SiblingData.
Seemingly no reason for this mutable anymore.

R=ericwilligers@chromium.org

Review-Url: https://codereview.chromium.org/2057093002
Cr-Commit-Position: refs/heads/master@{#399354}
sigbjornf
Drop unecessary use of CrossThreadPersistent by CanvasAsyncBlobCreator.
The callback object that the CanvasAsyncBlobCreator passes along to a
background thread can be kept as a simple Member<>; no need to
involve CrossThreadPersistent<> and risk inadvertently introducing
leaks.

R=
BUG=

Review-Url: https://codereview.chromium.org/2051993002
Cr-Commit-Position: refs/heads/master@{#399181}
fs
Clamp filter functions {grayscale, invert, opacity, sepia} to 100%
The spec says the following for these functions:

 "Values of amount over 100% are allowed but UAs must clamp the values
  to 1."

So do that rather than failing. This matches the behavior of Gecko and
Edge.

This fixes

http://test.csswg.org/suites/filters-1_dev/nightly-unstable/html/filter-grayscale-005.htm

from the CSS WG Filter Effects testsuite (w/ the property unprefixed.)

BUG=618607

Review-Url: https://codereview.chromium.org/2052883002
Cr-Commit-Position: refs/heads/master@{#399144}
fs
Clean up script-tests in css3/filters
Rewrite the parsing tests using
css-parser/resources/property-parsing-test.js and also use testharness
for the computed style test.

Drop css3/filters/filter-property.html since that is already covered by
the wider parsing tests. Also remove the template html file and inline
the scripts for effect-reference-reset-style-delete-crash.html [1] and
effect-reference-delete-crash.html, clearing out the script-tests sub-
directory.

[1] This test was actually referencing the
    effect-reference-delete-crash.js file, meaning it was a duplicate.

BUG=618607

Review-Url: https://codereview.chromium.org/2055733002
Cr-Commit-Position: refs/heads/master@{#399136}
sigbjornf
Remove unnecessary use of CrossThreadPersistent<>.
The CompositorMutatorImpl object that WebFrameWidgetImpl creates and
controls the lifetime of, should be referenced as a normal Member<>

R=
BUG=

Review-Url: https://codereview.chromium.org/2056833003
Cr-Commit-Position: refs/heads/master@{#399125}
fs
Move ReferenceFilterBuilder::build to FilterEffectBuilder
This function resolves a filter reference and then builds a filter
(sub)DAG for painting. Split it into the two fairly distinct parts,
leaving ReferenceFilterBuilder as a class that only does element
lookup/resolution, while the DAG-building takes place in
FilterEffectBuilder (with a little help from SVGFilterBuilder.)
Use the new function in SVGFilterPainter.

Also pass Element& to ReferenceFilterBuilder::build, and remove a
redundant null-check of ComputedStyle in
PaintLayer::updateOrRemoveFilterEffectBuilder (already checked by
paintsWithFilters and assumed later in the function.)

BUG=109224,533457

Review-Url: https://codereview.chromium.org/2044153002
Cr-Commit-Position: refs/heads/master@{#398866}
sigbjornf
Limit live Document tracking to debug builds.
liveDocumentSet() is only used by a debug entry point, so only extend
it on Document creation in debug builds.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2052583003
Cr-Commit-Position: refs/heads/master@{#398839}
rune
Make sure CSS agent messages flush before testing.
While working on updating active stylesheets as part of the style and
layout tree update in [1], two inspector tests started failing. The
reason was these tests rely on a console message to trigger a step in
the test after the active stylesheets have been pushed to the inspector
client. But even if the stylesheets were updated in InspectorCSSAgent
before the console message was sent, the console message arrived in the
client before the new active stylesheets. The reason was that the
console message is immediately flushed, while the messages from the
InspectorCSSAgent are lazily flushed from WebDevToolsAgentImpl::
didProcessTask.

I tried to force the active stylesheet update with a forced layout tree
update like this:

  document.documentElement.offsetTop;
  console.log(...);

But, due the console.log message being dispatched first as described
above, I ended up postponing the console.log with a rAF which means it
will run in a later task and the didProcessTask will trigger in between
to flush the active stylesheet message(s).

Note that this was not currently causing any failures. It's done in
preparation for landing changes for 567021 without breaking anything.

Looking at TestExpectations, I noticed crbug.com/597572, which might be
a similar issue.

[1] https://codereview.chromium.org/1913833002/

R=pfeldman@chromium.org,dgozman@chromium.org
BUG=567021

Review-Url: https://codereview.chromium.org/2049283002
Cr-Commit-Position: refs/heads/master@{#398825}
sigbjornf
Mark shouldMarkObject(), arenaForNormalPage() accessors as const.
Also remove some redundant checkHeader() asserts while doing a code
tidying pass.

R=
BUG=

Review-Url: https://codereview.chromium.org/2054673002
Cr-Commit-Position: refs/heads/master@{#398813}
sigbjornf
Simplify contextDestroyed() notifications.
With all lifetime observers now being managed by Oilpan, the
handling of the destruct notification can be made simpler.

R=
BUG=

Review-Url: https://codereview.chromium.org/2045703004
Cr-Commit-Position: refs/heads/master@{#398490}
fs
Drop FilterEffectBuilder::m_referenceFilters
The job of this Vector used to be to keep a reference to the nested
"reference" filters, to avoid them being destroyed. The entire filter
graph/chain is now on the GC heap, and traced via
FilterEffectBuilder::m_lastEffect, so this additional reference is of no
use.

Review-Url: https://codereview.chromium.org/2043013002
Cr-Commit-Position: refs/heads/master@{#398341}
sigbjornf
Clean up markClientsAndObserversFinished().
Simplify transferring a counted element entry from one set to another.

To do so, add generalized version of add() over HashCountedSet that lets
the caller specify a count.

R=
BUG=

Review-Url: https://codereview.chromium.org/2045883002
Cr-Commit-Position: refs/heads/master@{#398275}
mboc
Support underline on Linux again.
BUG=617055

https://codereview.chromium.org/1819753003/ accidentally removed
UNDERLINE style support on Linux. This CL fixes the issue.

Review-Url: https://codereview.chromium.org/2031223003
Cr-Commit-Position: refs/heads/master@{#398102}
rune
Remove unused InspectorFrontend declarations.
There seems to be nothing called InspectorFrontend. Removed unused
forward declarations for it and changed comments to say "frontend"
instead.

R=pfeldman@chromium.org,dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2046433002
Cr-Commit-Position: refs/heads/master@{#398080}
sigbjornf
Remove pre-Oilpan protections from LocalFileSystem.
R=
BUG=

Review-Url: https://codereview.chromium.org/2039713002
Cr-Commit-Position: refs/heads/master@{#398000}
sigbjornf
Improve the HeapListHashSet no-weakness static assert message.
Mention the alternate HeapLinkedHashSet<> if WeakMember<>s are
attempted used with HeapListHashSet<>; for non-trivial reasons,
we only support weakness with the former.

R=
BUG=614112

Review-Url: https://codereview.chromium.org/2034423002
Cr-Commit-Position: refs/heads/master@{#397999}
sigbjornf
Add documentation of SafePointBarrier internal state.
Renamed |m_canResume| to |m_parkingRequested| while doing so,
its (inverted) meaning seems clearer imho in this context.

R=
BUG=

Review-Url: https://codereview.chromium.org/2039793002
Cr-Commit-Position: refs/heads/master@{#397988}
fs
SVGFE{Spot,Distant,Point}LightElement can have non-SVGFE*Lighting parent
Replace ASSERT_NOT_REACHED with a return statement. We already
thoroughly check for valid parent type and only notify them if so.

BUG=518649

Review-Url: https://codereview.chromium.org/2031353002
Cr-Commit-Position: refs/heads/master@{#397941}
fs
Fix Win baselines for r397915
https://chromium.googlesource.com/chromium/src/+/81c0fc6d4

BUG=24826
TBR=robhogan@gmail.com

Review-Url: https://codereview.chromium.org/2040713002
Cr-Commit-Position: refs/heads/master@{#397927}
fs
Fix Win baselines for r397912
https://chromium.googlesource.com/chromium/src/+/59fd991c4

BUG=416535
TBR=chrishtr@chromium.org

Review-Url: https://codereview.chromium.org/2041613002
Cr-Commit-Position: refs/heads/master@{#397926}
sigbjornf
Update thread-local weak processing comments following r397904.
R=haraken
BUG=611702
NOTRY=true

Review-Url: https://codereview.chromium.org/2040703002
Cr-Commit-Position: refs/heads/master@{#397925}
fs
Updated Win10 baselines for SVG shape-rendering tests
 svg/custom/use-referencing-nonexisting-symbol.svg
 svg/custom/shape-rendering.svg

Baselines are the same as the Win7 ones.

TBR=pdr@chromium.org
BUG=614063

Review-Url: https://codereview.chromium.org/2036163002
Cr-Commit-Position: refs/heads/master@{#397923}
sigbjornf
Reset ThreadState weak callback stack before GCing.
In the event a thread gets to participate in more than
one GC before it manages to leave its safe point, clear
out its weak callback stack before initiating a new
GC. Otherwise we risk keeping around weak callbacks to
duplicate or dead objects.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2036803004
Cr-Commit-Position: refs/heads/master@{#397904}
fs
Reduce LayoutSVGResource*Gradient building dependency on GradientData
The buildGradient() method can just create and return a Gradient instead
of populating the GradientData struct it's being passed.
Also make calculateGradientTransform() use the return value rather than
an out variable, and make it const qualified. Make
platformSpreadMethodFromSVGType static and use Traversal<> sugar in
SVGGradientElement::buildStops.

BUG=614368

Review-Url: https://codereview.chromium.org/2031053004
Cr-Commit-Position: refs/heads/master@{#397763}
rune
Clear media query rulesets on page zoom changes.
Otherwise, resolution media queries won't update properly when page
zoom changes. Changing the deviceScaleFactor already did this. Also,
matchMedia listeners already worked.

BUG=617095

Review-Url: https://codereview.chromium.org/2038793002
Cr-Commit-Position: refs/heads/master@{#397697}
fs
Update Win7 baseline for fast/text/emoji-web-font.html
TBR=bashi@chromium.org
BUG=616969

Review-Url: https://codereview.chromium.org/2033403002
Cr-Commit-Position: refs/heads/master@{#397687}
sigbjornf
Shrink weak hash tables when adding elements, if needed.
Hash tables containing weak references tend to be asymmetrically
handled -- Blink "user code" will add elements to the hash table,
with the garbage collector taking care of removing references
to elements that have no other strong references to keep them
alive. The weak processing of hash tables isn't capable of
shrinking and allocate a new hash table backing store while
running, hence the table entries are only cleared.

Blink code will rarely do manual removals from these
collections, which gives the hash table no opportunity
to actually shrink the capacity of the backing store.
This can lead to hash tables with a very low load factor,
the majority of the entries be deleted and empty slots.

To allow for shrinking to happen over hash tables with
weak references, add() will check if shrinking is required.

R=
BUG=

Review-Url: https://codereview.chromium.org/2034883002
Cr-Commit-Position: refs/heads/master@{#397667}
fs
Revert of Switch WTF::find on LChar to use memchr. (patchset #1 id:1 of https://codereview.chromium.org/1948543004/ )
Reason for revert:
LSAN and MSAN bots appear unhappy:

http/tests/media/media-source/mediasource-is-type-supported.html

crash log for renderer (pid <unknown>):
STDOUT: <empty>
STDERR: =================================================================
STDERR: ==4==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000982af at pc 0x00000045811f bp 0x7fff2f309830 sp 0x7fff2f308fe0
STDERR: READ of size 5006 at 0x6030000982af thread T0 (content_shell)
STDERR:     #0 0x45811e in memchr ??:0
STDERR:     #1 0x3c5c419 in find third_party/WebKit/Source/wtf/text/StringImpl.h:532:9
STDERR:     #2 0x3c5c419 in find third_party/WebKit/Source/wtf/text/StringImpl.h:660:0
STDERR:     #3 0x3c5c419 in find third_party/WebKit/Source/wtf/text/WTFString.h:214:0
STDERR:     #4 0x3c5c419 in find third_party/WebKit/Source/wtf/text/WTFString.h:215:0
STDERR:     #5 0x3c5c419 in parameter third_party/WebKit/Source/platform/ContentType.cpp:50:0
STDERR:     #6 0x8d64b7d in isTypeSupported third_party/WebKit/Source/modules/mediasource/MediaSource.cpp:244:33
STDERR:     #7 0x9251198 in isTypeSupportedMethod ./out/Release/gen/blink/bindings/modules/v8/V8MediaSource.cpp:234:32
STDERR:     #8 0x9251198 in isTypeSupportedMethodCallback ./out/Release/gen/blink/bindings/modules/v8/V8MediaSource.cpp:239:0
STDERR:     #9 0x444b759 in Call v8/src/api-arguments.cc:16:3

(https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Linux_ASAN/24421/layout-test-results/results.html)

Original issue's description:
> Switch WTF::find on LChar to use memchr.
>
> BUG=607208
>
> Committed: https://crrev.com/c9f9af30569ac2cd353e234f569052db6ab436f4
> Cr-Commit-Position: refs/heads/master@{#397568}

TBR=thakis@chromium.org,jbroman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=607208

Review-Url: https://codereview.chromium.org/2036993002
Cr-Commit-Position: refs/heads/master@{#397664}
fs
Revert of ImageCapture: move mojom from WebKit/public to media/ (patchset #4 id:60002 of https://codereview.chromium.org/2027023002/ )
Reason for revert:
Appears to cause:

imagecapture/getphotocapabilities.html
imagecapture/takephoto.html

to timeout.

(https://storage.googleapis.com/chromium-layout-test-archives/WebKit_Win7/42976/layout-test-results/results.html)

Original issue's description:
> ImageCapture: move mojom from WebKit/public to media/
>
> This CL moves image_capture.mojom from
> {third_party/WebKit/public/platform/modules => media/mojo/interfaces}
> so the generated data types (e.g. PhotoCapabilities{Ptr})
> can be used from both Blink and media/capture locations.
>
> Also capture.gypi is trivially relocated to capture/ folder.
>
> Note that gyp files are -yay!- close to being finally
> removed.
>
> BUG=518807
> CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel,mac_blink_rel,win_blink_rel
>
> Committed: https://crrev.com/64aec45d94682ae3b38c0f1c18ff74cd937ff9b5
> Cr-Commit-Position: refs/heads/master@{#397644}

TBR=dcheng@chromium.org,avi@chromium.org,haraken@chromium.org,rockot@chromium.org,xhwang@chromium.org,dalecurtis@chromium.org,esprehn@chromium.org,mcasas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=518807

Review-Url: https://codereview.chromium.org/2034003002
Cr-Commit-Position: refs/heads/master@{#397663}
sigbjornf
Sync LeakExpectations following r397405.
TBR=guidou,pkasting
BUG=589802
NOTRY=true

Review-Url: https://codereview.chromium.org/2037613003
Cr-Commit-Position: refs/heads/master@{#397493}
sigbjornf
Adjust representation of liveDocumentSet() to help diagnose instability.
The liveDocumentSet singleton keeps a

 Persistent<HeapHashSet<WeakMember<Document>>,

collection of all the currently live documents. Some crashes are
being reported when this HeapHashSet<>'s weak references are
being processed, indicating that the pointer to the hash table
is misshapen.

To potentially throw some light on how that could come to be,
switch representation to PersistentHeapHashSet<WeakMember<Document>>,
which will keep the hash table wrapper off-heap. That could
help determine if we're dealing with an (Oilpan) heap object
overwrite here.

R=
BUG=611702

Review-Url: https://codereview.chromium.org/2033643003
Cr-Commit-Position: refs/heads/master@{#397436}
sigbjornf
Delay leak reporting until worker in-process proxies have been finalized.
If a document creates a number of workers, terminating these and having
their destruction ripple all the way back to the in-process proxy objects
isn't immediate. But something that needs to complete before the leak
detector can initiate reporting -- an in-process proxy object maintains a
strong reference to the document, and would generate a leak if not
destructed and its garbage having been collected afterwards.

Address the reliability of multi worker shutdown by maintaining a
counter of how many in-process proxy objects are still alive and run
GCs until it drops to zero. Do that at most two times around.

R=haraken,kouhei
BUG=589802, 616714

Review-Url: https://codereview.chromium.org/2026993004
Cr-Commit-Position: refs/heads/master@{#397405}
sigbjornf
Avoid unnecessary uses of GarbageCollectedFinalized<>.
R=
BUG=

Review-Url: https://codereview.chromium.org/2027333003
Cr-Commit-Position: refs/heads/master@{#397402}
mboc
Allow various font weights in gfx. These changes make Chromium's gfx::Font more closely match native font APIs &
capabilities.

BUG=597533
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/1819753003
Cr-Commit-Position: refs/heads/master@{#397368}
fs
Remove expectation for svg/W3C-SVG-1.1/struct-frag-02-t.svg
No longer appears to exhibit the behavior described. Give it a try
again.

TBR=davve@opera.com
BUG=518005,463358

Review-Url: https://codereview.chromium.org/2033663002
Cr-Commit-Position: refs/heads/master@{#397342}
sigbjornf
Delay leak reporting until worker in-process proxies have been finalized.
If a document creates a number of workers, terminating these and having
their destruction ripple all the way back to the in-process proxy objects
isn't immediate. But something that needs to complete before the leak
detector can initiate reporting -- an in-process proxy object maintains a
strong reference to the document, and would generate a leak if not
destructed and its garbage having been collected afterwards.

Address the reliability of multi worker shutdown by maintaining a
counter of how many in-process proxy objects are still alive and run
GCs until it drops to zero. Do that at most two times around.

For documents not creating any workers, monitoring this proxy count
avoids having to perform a third GC, something that was conservatively
done before to address worker shutdown (but not reliably.)

R=haraken,kouhei
BUG=589802

Review-Url: https://codereview.chromium.org/2026993004
Cr-Commit-Position: refs/heads/master@{#397333}
fs
Don't use hasAttribute in SVGFilterPrimitiveStandardAttributes
Use isSpecified() to query for existance in setStandardAttributes. This
avoids triggering unnecessary attribute synchronizations.

While here, drop the "double precondition" checking since the only caller
of this function checks this already.

BUG=235256

Review-Url: https://codereview.chromium.org/2026343002
Cr-Commit-Position: refs/heads/master@{#397202}
sigbjornf
Have detached ScriptLoaders detach their PendingScripts.
A ScriptLoader that has become detached from its document will not
execute the script once the script resource has loaded.

If in such a detached state, make sure the ScriptLoader lets go
of its PendingScript promptly.

R=
BUG=

Review-Url: https://codereview.chromium.org/2028613002
Cr-Commit-Position: refs/heads/master@{#397106}
rune
Adjust color for printing list-item markers as we do for text.
BUG=459022

Review-Url: https://codereview.chromium.org/2027653004
Cr-Commit-Position: refs/heads/master@{#397099}
mostynb
remove unused courgette dep from the content layer
Review-Url: https://codereview.chromium.org/2024693002
Cr-Commit-Position: refs/heads/master@{#396968}
sigbjornf
Restore PendingScript prefinalizer.
Under some as yet unknown conditions, PendingScript objects can become garbage
without having been explicitly detached/disposed of first. Hence restore the
prefinalizer that r396656 removed.

R=
BUG=615977

Review-Url: https://codereview.chromium.org/2021773004
Cr-Commit-Position: refs/heads/master@{#396813}
sigbjornf
Address ThreadHeap::willObjectBeLazilySwept() corner case.
If willObjectBeLazilySwept(object) was used when finalizing an object on a
lazily swept page, and |object| happened to reside on the same heap page,
the predicate would return the wrong result if the object had been swept
past (and it had been deemed to be alive.)

Addressed by adding a special case for querying objects on the same page,
making willObjectBeLazilySwept() precisely determine liveness in the
face of lazy sweeping.

R=
BUG=

Review-Url: https://codereview.chromium.org/2015173003
Cr-Commit-Position: refs/heads/master@{#396798}
sigbjornf
Statically disallow delete' over heap collection objects.
Explicitly deleting heap-allocated heap collection objects isn't
allowed nor meaningful, the garbage collector handles their lifetimes
precisely. The implementation of 'delete' over these collection objects
delegate to a allocator-trait class's free() method, so by not providing
it for heap collection objects, compilation fails if 'delete' is ever
attempted instantiated & used over these objects.

As MSVC performs method instantiation more eagerly, we're unable to
statically catch such inappropriate uses of 'delete' at compile time.
Rely on a run-time NOTREACHED() instead.

R=
BUG=

Review-Url: https://codereview.chromium.org/2021103002
Cr-Commit-Position: refs/heads/master@{#396788}
sigbjornf
Make reallocation of large objects reliable.
If ThreadHeap::reallocate<T>() is called with a size that's
equal or greater to the large object threshold (64k, currently),
make sure it ends up being allocated as a large object.

Large objects would previously be attempted allocated on a normal arena,
hoping that the allocation couldn't be serviced by bump allocation, but
fall into an out-of-line allocation.

R=
BUG=

Review-Url: https://codereview.chromium.org/2019273002
Cr-Commit-Position: refs/heads/master@{#396712}
davve
Tune down debugging emergency for clearAnimatedType() a notch
Fixing re-entrancy into the animation code through the garbage
collector is proving to be a non-trivial task. Since we now know more
about the issue, downgrade the RELEASE_ASSERT to a DCHECK to not
affect more users than necessary while getting this bug sorted out.

BUG=613709

Review-Url: https://codereview.chromium.org/2019223003
Cr-Commit-Position: refs/heads/master@{#396705}
fs
Win7 baseline for svg/dynamic-updates/SVGFEBlendElement-dom-in2-attr.html
TBR=wkorman@chromium.org
BUG=614425

Review-Url: https://codereview.chromium.org/2008553009
Cr-Commit-Position: refs/heads/master@{#396702}
tmoniuszko
Fix Visual Studio warning on single file compilation
BUG=615402

Review-Url: https://codereview.chromium.org/2018733003
Cr-Commit-Position: refs/heads/master@{#396693}
sigbjornf
(Heap)TerminatedArrayBuilders are stack allocated.
HeapTerminatedArrayBuilder is currently only safe if kept on the stack,
restrict it accordingly + have it keep a Member<> reference to the
HeapTerminatedArray it is constructing.

R=tkent,haraken
BUG=

Review-Url: https://codereview.chromium.org/2021713002
Cr-Commit-Position: refs/heads/master@{#396677}
sigbjornf
Turn ResourceLoaderSet into a part object.
The abstraction is really a derived HashSet, so make it
a part object.

(Change done in part to diagnose what appears to be a
heap overwrite involving ResourceLoaderSet.)

R=
BUG=615673

Review-Url: https://codereview.chromium.org/2019903002
Cr-Commit-Position: refs/heads/master@{#396657}
sigbjornf
Tidy PendingScript.
No need for a prefinalizer as ScriptLoader is careful to eagerly and
explicitly dispose of PendingScripts already.

Remove unwanted copy constructor; not needed after PendingScript stopped
being a part object.

R=
BUG=

Review-Url: https://codereview.chromium.org/2023683002
Cr-Commit-Position: refs/heads/master@{#396656}
sigbjornf
Revert of Expand WTF::StringView's API to be more like StringPiece. (patchset #12 id:220001 of https://codereview.chromium.org/2007103003/ )
Reason for revert:
Many a heap-buffer-overflow ASan failures,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/24329

Original issue's description:
> Expand WTF::StringView's API to be more like StringPiece.
>
> StringView no longer owns the string passed into it, and can now wrap
> a raw ptr to some characters.
>
> This allows us to leverage the inline strlen optimization where the
> compiler will embed the length of literal strings into the binary. It
> also allows the deletion many overloaded methods that used to take
> an LChar*, UChar* or String and can now just take a StringView instead.
>
> For example the two constructors in TextRun are now a single one that
> takes a StringView. This needed to be done in this patch to avoid
> ambiguous constructors.
>
> Future patches will replace CSSParserString with StringView, and also
> vastly simplify the huge number of overloads on various methods. We'll
> also expand the API surface of StringView to include the many useful
> operations that StringPiece has.
>
> BUG=615174
>
> Committed: https://crrev.com/330deea56e27bc760fa52101040a51428bb7f582
> Cr-Commit-Position: refs/heads/master@{#396493}

TBR=haraken@chromium.org,jyasskin@chromium.org,yutak@chromium.org,esprehn@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=615174

Review-Url: https://codereview.chromium.org/2025503002
Cr-Commit-Position: refs/heads/master@{#396641}
sigbjornf
Revert of Remove StringBuilder::appendLiteral. (patchset #1 id:1 of https://codereview.chromium.org/2017053003/ )
Reason for revert:
Will unfortunately have to back out this one so that the revert https://codereview.chromium.org/2025503002/ will cleanly apply.

(Don't want a tree with this many ASan failures over the long weekend.)

Original issue's description:
> Remove StringBuilder::appendLiteral.
>
> We can just rely on the append(StringView) version instead. This does
> mean we have to take 2 branches in some cases, but it should be
> very minimal and since the code is inline the compiler can also
> likely eliminate it.
>
> BUG=615174
>
> Committed: https://crrev.com/04157e8b89881d033f9eeca4466d9dd0c4e9aaea
> Cr-Commit-Position: refs/heads/master@{#396601}

TBR=haraken@chromium.org,yutak@chromium.org,esprehn@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=615174

Review-Url: https://codereview.chromium.org/2017303002
Cr-Commit-Position: refs/heads/master@{#396640}
sigbjornf
Lock CrossThreadPersistentRegion until end of weak processing.
Allocating & releasing a CrossThread(Weak)Persistent is something that
all threads are currently allowed, even those not attached to Oilpan and
having no heap of their own. It is however not safe for the set of
CrossThreadPersistents to be altered while a garbage collection is
underway.

Not just while the set of registered persistents are being marked and
traced, but up until and including the processing of weak (persistent)
references that happen after marking. If not, a thread would be able to
release a CrossThreadWeakPersistent node which the weak processing separately
maintains a pointer to, clearing & freeing its allocation. Which would
cause havoc, hence we impose a lock on CrossThreadPersistentRegion while
the marking and global weak processing is being performed -- any thread
attempting to create or free cross-thread persistents will be locked out
for the duration.

Following r396432, the use of CrossThreadPersistents from non-attached threads
has been reduced greatly and is slight.

R=
BUG=610477

Review-Url: https://codereview.chromium.org/2013173002
Cr-Commit-Position: refs/heads/master@{#396540}
sigbjornf
Move MainThreadTaskRunner off Oilpan heap to simplify posting.
Having the Document's MainThreadTaskRunner on the Oilpan heap
is preferable for three reasons:

 - Correctly accounts for the MainThreadTaskRunner::m_context
   back reference, by having it be traced Member<>.
 - The MainThreadTaskRunner must not perform tasks when
   it (and the Document) is in the process of being swept.
   By having the posted tasks keep a weak persistent reference
   to MainThreadTaskRunner, the Oilpan GC will ensure that
   the weak references will be cleared once MainThreadTaskRunner
   has been deemed garbage.
 - Similarly for the timer-initiated running of a
   MainThreadTaskRunner's pending tasks. The Timer<> abstraction
   takes care of not firing a timer if its owner is an
   Oilpan heap object that's about to be swept.

But it is not without downsides:

 - A CrossThreadWeakPersistent<> has to be created for every
   task closure posted to the main thread, and copying that
   persistent reference around while creating the closure,
   something that is not without overhead.
 - Threads not attached to Oilpan needing to post tasks to
   the main thread will have to create these persistents also.
   Having that happen when a GC is in progress is hard to support,
   as it risks introducing and removing persistent heap references
   in ways that interfere with the GC processing the heap.

The latter point is sufficient reason not to require the
allocation of CrossThreadWeakPersistent<>s when posting main
thread tasks, hence MainThreadTaskRunner is moved off the
Oilpan heap. By doing so, the benefits above that the Oilpan GC
infrastructure provided "for free" have to be taken care of
manually. C'est la vie.

R=
BUG=610477

Review-Url: https://codereview.chromium.org/1938313003
Cr-Commit-Position: refs/heads/master@{#396432}
rogerj
network_time_tracker: Add missing gyp dependencies
Fixup for https://codereview.chromium.org/1835823002.

That CL only added the required dependencies to BUILD.gn. This CL adds
the dependencies to the gyp target as well.

BUG=589700

Review-Url: https://codereview.chromium.org/2006733007
Cr-Commit-Position: refs/heads/master@{#396420}
sigbjornf
Test that failed sync scripts do not block later ones.
If an async=false script fails to load, it must not block later
sync scripts from executing; add missing test coverage.

R=
BUG=614855, 581425

Review-Url: https://codereview.chromium.org/2010983002
Cr-Commit-Position: refs/heads/master@{#396253}
sigbjornf
Tidy up MediaStreamSource details.
Follow up on r396039, undoing some inconsistencies.

R=
BUG=

Review-Url: https://codereview.chromium.org/2010963002
Cr-Commit-Position: refs/heads/master@{#396231}
mstensho
Don't explicitly initialize LayoutUnit to 0.
The default LayoutUnit() constructor sets it to 0. Explicitly passing 0 means
that LayoutUnit::setValue() will be involved, which performs (in this case:
very pointless) saturation checks.

Review-Url: https://codereview.chromium.org/2015523004
Cr-Commit-Position: refs/heads/master@{#396223}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in web/
BUG=614015
TBR=aelias@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2016673002
Cr-Commit-Position: refs/heads/master@{#396162}
mstensho
Remove unnecessary includes from Document.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007343002
Cr-Commit-Position: refs/heads/master@{#396148}
fs
Attempt to deflake svg/custom/animate-initial-pause-unpause.html
The timeout could race with load and that animation timeline start.
Happened at least once in 1000 runs.

Make sure to wait for an animation frame before setting the timer (the
animation timeline has its zero at the time of 'load'.) Also, rewrite
the test to use testharness.js. No failures in 1000 runs.

BUG=350828

Review-Url: https://codereview.chromium.org/2009263002
Cr-Commit-Position: refs/heads/master@{#396147}
mstensho
Remove assorted unnecessary includes in core/paint/
I was mainly looking at inclusions of LayoutObject-derived header files, but
removed some others as well, while I was at it.

BUG=614015
TBR=chrishtr@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010823002
Cr-Commit-Position: refs/heads/master@{#396037}
fs
Rework timeline/frame scheduling logic for SVGImage
This CL provides the SVGImage/SVGImageChromeClient complex with the
capability of suspending and resuming the frame/animation tick.
This gives us the mechanism required to respond to
ImageObserver::shouldPauseAnimation, as well as stopping the animation
timer from running after the animation has been reset (via
Image::resetAnimation.)
In the context of the bug referenced this means an animating SVG image
will no longer cause wakeups because of (unnecessary) timer activity,
saving power (and CPU time.)

Implement willRenderImage() for the CrossfadeSubimageObserverProxy of
CSSCrossfadeValue so that it will not (falsely) claim that it won't
render its images.

While doing this, try to make a decent functional split between SVGImage
and the associated SVGImageChromeClient by putting all timeline/frame tick
related code in the latter, while keeping code related to the actual
animation/document lifecycle update in the former.

BUG=612540

Review-Url: https://codereview.chromium.org/2000483003
Cr-Commit-Position: refs/heads/master@{#396009}
mstensho
Move ScrollBehavior to ScrollTypes.h, so that ComputedStyle.h doesn't need to include ScrollableArea.h.
BUG=614015

Review-Url: https://codereview.chromium.org/2008343002
Cr-Commit-Position: refs/heads/master@{#395994}
mstensho
Remove assorted unnecessary includes in core/layout/
I was mainly looking at inclusions of LayoutObject-derived header files, but
removed some others as well, while I was at it.

BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2015583003
Cr-Commit-Position: refs/heads/master@{#395993}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/html/
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008843004
Cr-Commit-Position: refs/heads/master@{#395984}
mstensho
Enums recently moved to separate files should still be in the blink namespace.
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007423002
Cr-Commit-Position: refs/heads/master@{#395978}
mstensho
ComputedStyle.h doesn't need CSSPrimitiveValue.h if adjustForAbsoluteZoom(int, float) isn't inline.
BUG=614015

Review-Url: https://codereview.chromium.org/2013833002
Cr-Commit-Position: refs/heads/master@{#395943}
mstensho
Move CSSPropertyID templates instantiations to a separate file.
core/CSSPropertyNames.h is needed a lot of places, but the template part there
was only required at a few places.

BUG=614015

Review-Url: https://codereview.chromium.org/2007073003
Cr-Commit-Position: refs/heads/master@{#395941}
mstensho
Move ContentChangeType enum to a separate file, so that WebGLRenderingContextBase.h doesn't need LayoutBoxModelObject.h
BUG=614015
TBR=bajones@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2013603003
Cr-Commit-Position: refs/heads/master@{#395934}
fs
Update baseline for svg/animations/smil-leak-element-instances.svg
This updates the baseline after the change made by
https://codereview.chromium.org/1992663003 (line number added to error
output.)

TBR=pdr@chromium.org
BUG=356900

Review-Url: https://codereview.chromium.org/2007323002
Cr-Commit-Position: refs/heads/master@{#395925}
mstensho
Remove unnecessary includes of LayoutBlock-derived headers.
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2007133003
Cr-Commit-Position: refs/heads/master@{#395904}
mstensho
Remove unnecessary includes from ComputedStyle.h and from its includes.
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008263002
Cr-Commit-Position: refs/heads/master@{#395889}
mstensho
Remove unnecessary includes from LayoutBox.h, LayoutBoxModelObject.h and LayoutObject.h
Also removed a couple of unnecessary includes from files included via LayoutObject.h

BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2010713002
Cr-Commit-Position: refs/heads/master@{#395877}
mstensho
Move BorderEdgeFlags out of LayoutBoxModelObject.h, so that BoxBorderPainter.h doesn't have to include it.
BUG=614015
TBR=chrishtr@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010613003
Cr-Commit-Position: refs/heads/master@{#395875}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/frame/
BUG=614015
TBR=dcheng@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2011883002
Cr-Commit-Position: refs/heads/master@{#395872}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/animation/
BUG=614015
TBR=alancutter@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2009583003
Cr-Commit-Position: refs/heads/master@{#395871}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in modules/accessibility/
BUG=614015
TBR=dmazzoni@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2012723003
Cr-Commit-Position: refs/heads/master@{#395870}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/dom/
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2008053002
Cr-Commit-Position: refs/heads/master@{#395864}
mstensho
SnapCoordinator.h doesn't need to include LayoutBox.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2010513004
Cr-Commit-Position: refs/heads/master@{#395859}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/editing/
BUG=614015
TBR=yosin@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2009013002
Cr-Commit-Position: refs/heads/master@{#395855}
mstensho
SVGTextContentElement.cpp doesn't need to include LayoutObject.h
BUG=614015
TBR=fs@opera.com,eae@chromium.org

Review-Url: https://codereview.chromium.org/2011603002
Cr-Commit-Position: refs/heads/master@{#395854}
mstensho
HitRegion.cpp doesn't need to include LayoutBoxModelObject.h
BUG=614015
TBR=junov@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2010633002
Cr-Commit-Position: refs/heads/master@{#395852}
mstensho
StyleGeneratedImage.cpp doesn't need to include LayoutObject.h
BUG=614015
TBR=eae@chromium.org

Review-Url: https://codereview.chromium.org/2005353002
Cr-Commit-Position: refs/heads/master@{#395851}
mstensho
WebGLRenderingContext.cpp doesn't need to include LayoutBox.h
BUG=614015
TBR=bajones@chromium.org,eae@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2010623002
Cr-Commit-Position: refs/heads/master@{#395846}
mstensho
Eliminate unnecessary includes and pointless forward declarations in LayoutBlock.h
BUG=614015
TBR=eae@chromium.org,szager@chromium.org,wkorman@chromium.org

Review-Url: https://codereview.chromium.org/2010473002
Cr-Commit-Position: refs/heads/master@{#395845}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/inspector/
BUG=614015
TBR=dgozman@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2002153004
Cr-Commit-Position: refs/heads/master@{#395838}
mstensho
Remove unnecessary inclusions of LayoutObject-derived headers in core/animation/
BUG=614015
TBR=alancutter@chromium.org,eae@chromium.org

Review-Url: https://codereview.chromium.org/2006223003
Cr-Commit-Position: refs/heads/master@{#395832}
sigbjornf
Remove unnecessary HelperResultType trait.
Leftover from Oilpan transition.

R=
BUG=

Review-Url: https://codereview.chromium.org/2015453003
Cr-Commit-Position: refs/heads/master@{#395831}
fs
Attempt to deflake svg/text/obb-paintserver.html
Use the ahem.js script to provide the "Ahem" font.

BUG=362501

Review-Url: https://codereview.chromium.org/2005253002
Cr-Commit-Position: refs/heads/master@{#395819}
mstensho
Move TextAutosizer::Cluster::Cluster() implementation to .cpp.
This way we won't have to include LayoutObject.h in the header.

Also need an explicit ~TextAutoSizer() in the .cpp file now, because
ComputedStyle is only forward-declared in the header file, and TextAutoSizer
has a ComputedStyle RefPtr Vector. The need for this was presumably introduced
by https://codereview.chromium.org/1999343002

BUG=614015

Review-Url: https://codereview.chromium.org/2004313005
Cr-Commit-Position: refs/heads/master@{#395773}
mstensho
Move BackgroundBleedAvoidance definition to a separate file.
This way BoxDecorationData.h doesn't need to include LayoutBoxModelObject.h

BUG=614015

Review-Url: https://codereview.chromium.org/2007673004
Cr-Commit-Position: refs/heads/master@{#395745}
mstensho
Add ScrollEnums.h, so that PaintLayerScrollableArea.h doesn't have to include LayoutBox.h
BUG=614015

Review-Url: https://codereview.chromium.org/2008063002
Cr-Commit-Position: refs/heads/master@{#395702}
sigbjornf
Drop unique audio thread ID requirement.
r391848 introduced the requirement that, once set, the audio thread ID
could not be changed. This is proving too burdensome a constraint to
keep, in case audio device threads do end up being stopped and new
ones created.

While r395182 took care of some cases where audio threads end up
stopping, carefully resetting the recordeed audio thread ID, other
cases remain (see associated bug.) While those could be similarly
handled, precisely tracking the current audio thread ID is proving
to not be worth the overhead. Hence, retire the constraint and let
the audio thread processing a render quantum set its thread ID as
part of executing, irrespective of what audio thread executed
the previous quantum.

This effectively reverts r395182.

R=
BUG=613902

Review-Url: https://codereview.chromium.org/2008903002
Cr-Commit-Position: refs/heads/master@{#395682}
mstensho
Move continuation getter and setter down to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1997033002
Cr-Commit-Position: refs/heads/master@{#395681}
sigbjornf
Gracefully handle dirtying of audio nodes while processing current set.
When processing the set of dirty output nodes, nodes further down the
chain may be marked as dirty as a result. Take that into account
when iterating over the current set.

R=hoch
BUG=610643, 613902

Review-Url: https://codereview.chromium.org/2006883002
Cr-Commit-Position: refs/heads/master@{#395643}
mstensho
Only re-use an anonymous block for continuations if it's contained by a block flow.
Be more strict about what kind of anonymous blocks we allow to be re-used for
continuations. The deprecated flex box implementation would actually let items
of a flexbox form a continuation chain. Continuations should only exist in
block formatting contexts.

This was discovered while attempting to land
https://codereview.chromium.org/1997033002/ , which, it turns out, made some
invalid assumptions about objects being block flows.

BUG=302024

Review-Url: https://codereview.chromium.org/2004363003
Cr-Commit-Position: refs/heads/master@{#395614}
mpawlowski
net::AddressList no longer privately inherits from std::vector
The private inheritance was not only against the style guide, it also
forbade anyone from using a standalone std::vector<net::IPEndPoint>,
since the manually defined AddressList ctor/dtor conflicted with
automatically generated ones for vector<T> instantiation.

This should be considered a first step of refactoring that class.
AddressList is neither a list, nor does it store addresses,
it's a vector of endpoints, so the name is misleading. It
should be changed.

The canonical_name_ member is only currently used in
PepperHostResolverMessageFilter, it's probably not the best idea to keep
it around in a generic class like this. Grepping AddressList reveals 500+
instances in the codeebase, and ony one use of canonical_name() outside
of unit tests. Perhaps a pair<AddressList, string> should be used for
that one particular use-case and a bare AddressList without that extra
member should be used everywhere else.

This "conservative" approach, with employing composition instead of
inheritance and delegating method calls was suggested by Nico Weber and
indeed that meant not having to change anything but the header.

Review-Url: https://codereview.chromium.org/2003973002
Cr-Commit-Position: refs/heads/master@{#395605}
fs
Fix typo in svg/dynamic-updates/SVGFEBlendElement-dom-in2-attr.html
This test is not intended to test error-handling, so add the missing '#'.

https://bugs.webkit.org/show_bug.cgi?id=158017

BUG=614306

Review-Url: https://codereview.chromium.org/2004023002
Cr-Commit-Position: refs/heads/master@{#395597}
rune
Rewrote :empty tests to avoid list-item bug.
Run :empty tests as js-tests instead of layout tree dumps. The issue
causing the original test to be flaky is reported as crbug.com/613957.

R=bugsnash@chromium.org
BUG=610180

Review-Url: https://codereview.chromium.org/2006633002
Cr-Commit-Position: refs/heads/master@{#395582}
ckulakowski
Added missing include to profile_helper.h
profile_helper.h uses ProfileMetrics::ProfileDelete defined in
profile_metrics.h so it should be included. Lack of this include
causes compilation error in our product.

BUG=

Review-Url: https://codereview.chromium.org/2002073003
Cr-Commit-Position: refs/heads/master@{#395573}
mstensho
Declare methods defined in LayoutObjectInlines.h as inline.
This way we'll detect a failure to include LayoutObjectInlines.h during
compilation, rather than during linking.

Test case: Remove inclusion of LayoutObjectInlines.h from LayoutBR.cpp.

See https://codereview.chromium.org/2008503003/ - I initially tried
to simply remove LayoutView.h from LayoutBR.cpp's include list, but
got "strange" linker errors in release builds, since the compiler
thought styleRef(bool) was an actual function, and not an inline.

BUG=614015

Review-Url: https://codereview.chromium.org/2007723002
Cr-Commit-Position: refs/heads/master@{#395558}
sigbjornf
Remove unwanted copyToVector() uses.
If a collection is being cleared while creating an iterable
view of its current contents, swap in an empty collection
rather than copy out the current contents into a temporary
vector (by way of copyToVector().)

R=tkent
BUG=

Review-Url: https://codereview.chromium.org/2004343002
Cr-Commit-Position: refs/heads/master@{#395547}
mstensho
Eliminate unnecessary includes of LayoutBlockFlow-derived headers.
BUG=614015

Review-Url: https://codereview.chromium.org/2008503003
Cr-Commit-Position: refs/heads/master@{#395472}
sigbjornf
Revert InstrumentingAgents back to being GarbageCollected<>.
Unnecessary to have this class be finalized, so switch back to
GarbageCollected<>.

R=
BUG=

Review-Url: https://codereview.chromium.org/2003033002
Cr-Commit-Position: refs/heads/master@{#395446}
tsniatowski
Fix a generated header build flake in //media/base/android
BUG=

Review-Url: https://codereview.chromium.org/2004813003
Cr-Commit-Position: refs/heads/master@{#395421}
mstensho
Move LineLayoutState forward declaration to LayoutBlockFlow.
And the friend declaration was unnecessary.

BUG=302024

Review-Url: https://codereview.chromium.org/2007543002
Cr-Commit-Position: refs/heads/master@{#395352}
mstensho
Move LayoutInline forward-declaration to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/2005813003
Cr-Commit-Position: refs/heads/master@{#395350}
davve
Apply scoped_ptr -> std::unique_ptr conversion to comment
date_time_picker_client_ is a std::unique_ptr now.

R=avi
NOTRY=true

Review-Url: https://codereview.chromium.org/2003963002
Cr-Commit-Position: refs/heads/master@{#395331}
sigbjornf
Split out Members, Persistents and SelfKeepAlive in separate headers.
Complete the migration of definitions out of Handle.h, adding new
header files for the family of Member<> types that Oilpan supports.
Similarly for Persistent<> and its variants, and the SelfKeepAlive<>
abstraction.

To further prune Handle.h, let go of the unused ScopedDisposal (light)
abstraction.

R=
BUG=

Review-Url: https://codereview.chromium.org/1999363002
Cr-Commit-Position: refs/heads/master@{#395318}
sigbjornf
Revert of MediaCaptureFromElement: add support for audio captureStream(). (patchset #6 id:760001 of https://codereview.chromium.org/1599533003/ )
Reason for revert:
The layout tests added are flakily crashing on various bots,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/builds/19683
 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux/builds/65000

Original issue's description:
> MediaCaptureFromElement: add support for audio captureStream().
>
> This CL extends support for capturing the audio part of
> a <video> or <audio> tags ( "capture" here means creating
> a MediaStream out of the HTMLElement)
>
> It introduces an HtmlAudioCapturerSource is-a AudioCapturerSource
> wrapped into an ExternalMediaStreamAudioSource to produce data
> towards the audio track.
>
> HtmlAudioCapturerSource also plugs into the
> WebMediaPlayer's WebAudioSourceProviderImpl to get
> a copy of the audio being rendered.
>
> Unit tests are added, and the existing LayouTests
> revamped (and split into several files for clarity).
>
> BUG=569976, 575492
>
> TEST= run chromium with
>  --enable-blink-features=MediaCaptureFromVideo
>  against e.g.
> https://rawgit.com/Miguelao/demos/master/videoelementcapture.html
>
> Committed: https://crrev.com/77d0d446e58afbf7fab215113fcf9fe9c97e94e3
> Cr-Commit-Position: refs/heads/master@{#395205}

TBR=esprehn@chromium.org,avi@chromium.org,dalecurtis@chromium.org,haraken@chromium.org,miu@chromium.org,mcasas@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=569976, 575492
NOTRY=true

Review-Url: https://codereview.chromium.org/2007433002
Cr-Commit-Position: refs/heads/master@{#395298}
sigbjornf
Unify and provide one IsGarbageCollectedType<T> implementation.
Phase out the need and use of the older blink::IsGarbageCollected<T>
template, and go with the "marker-based" implementation that WTF
provides. But extended slightly to handle mixins without ambiguity +
it will now insist on T's definition being in scope when used so as to be
able to function reliably.

That latter change requires a few uses of collection types (vectors,
hash maps) to be adjusted so that the full element type of the collection
is in scope when code using the collection is compiled. The reason for
this constraint is that the collection types stringently checks that
Blink GCed objects aren't kept in off-heap collections.

R=
BUG=

Review-Url: https://codereview.chromium.org/1999343002
Cr-Commit-Position: refs/heads/master@{#395287}
sigbjornf
Tidy AutoplayExperimentHelper.
Remove unused and undefineds.

R=
BUG=

Review-Url: https://codereview.chromium.org/2000023002
Cr-Commit-Position: refs/heads/master@{#395286}
tposluszny
Exclude unit tests depending on FFMPEG, when FFMPEG is not used.
BUG=612164

Review-Url: https://codereview.chromium.org/1978263002
Cr-Commit-Position: refs/heads/master@{#395267}
sigbjornf
Clear DeferredTaskHandler's audio thread ID upon the thread going away.
Tracking the thread ID of the (current) audio thread is needed to both
sanity check that code paths and methods are performed on the expected
thread, and ensure safe operation.

In the rare cases where the recorded audio thread is stopped and
terminated by the embedder, first clear out the associated thread
ID. This is needed should a new thread be subsequently created.

R=
BUG=612127

Review-Url: https://codereview.chromium.org/2001533002
Cr-Commit-Position: refs/heads/master@{#395182}
mstensho
Remove LayoutInline::createAnonymous() - no callers
Review-Url: https://codereview.chromium.org/2001723002
Cr-Commit-Position: refs/heads/master@{#395132}
mstensho
LayoutInline continuation unit test.
Review-Url: https://codereview.chromium.org/2001623002
Cr-Commit-Position: refs/heads/master@{#395111}
mstensho
Keep writing-mode in sync between a column spanner and its placeholder.
Don't exclude LayoutMultiColumnSpannerPlaceholder (which is just a LayoutBox)
in propagateStyleToAnonymousChildren(). There was an optional requirement for
the child to be LayoutBlock or better, but there really doesn't seem to be
any point in doing this. We no longer create anonymous LayoutInline objects,
ever, anyway (will file a separate CL to remove some unneeded support code
for that in LayoutInline).

All we need to do now is to steer clear of such anonymous objects that have
custom ways of inheriting style. LayoutFullScreen and
LayoutFullScreenPlaceholder were already taken care of. Now that we always
try to propagate style to non-LayoutBlock objects as well, we need to avoid
LayoutListMarker too.

BUG=608123

Review-Url: https://codereview.chromium.org/2000683002
Cr-Commit-Position: refs/heads/master@{#395107}
mostynb
only use kAccessibilityEnabled inside USE_GCONF ifdef blocks
Followup to:
https://codereview.chromium.org/1990453002
https://codereview.chromium.org/1988213002

BUG=486077

Review-Url: https://codereview.chromium.org/1989233002
Cr-Commit-Position: refs/heads/master@{#395047}
sigbjornf
Sync LeakExpectations.
Retire some entries that are no longer leaking.

R=
BUG=506757, 538524, 546132
NOTRY=true

Review-Url: https://codereview.chromium.org/2001563002
Cr-Commit-Position: refs/heads/master@{#395042}
sigbjornf
Eagerly remove disposed DOMTimers as observers upon completion.
Once the coordinator lets go of a timer, no need to keep it
around as an observer of the ExecutionContext.

The previous, reverted, attempt (r392309) detached the DOMTimer too
soon, causing DOMTimer nesting levels to grow without being reset.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1972663002
Cr-Commit-Position: refs/heads/master@{#395012}
sigbjornf
Graceful idle callback cancellation with invalid IDs.
R=
BUG=613073

Review-Url: https://codereview.chromium.org/1989363005
Cr-Commit-Position: refs/heads/master@{#394768}
mharanczyk
Clean up code and logic related to platform accessibility node destruction.
Review-Url: https://codereview.chromium.org/1987213002
Cr-Commit-Position: refs/heads/master@{#394733}
mstensho
Move m_lineBoxes and its getters down to LayoutBlockFlow.
Added SameSizeAsLayoutBlockFlow, since it was missing.

BUG=302024

Review-Url: https://codereview.chromium.org/1993943002
Cr-Commit-Position: refs/heads/master@{#394728}
davve
Lock animated property type of result animation during processing
There seems to be a crash due to the animated property type being
cleared too early. To catch this crash at the point of error, lock the
animated property type of the result animation during processing, and
guard for clearing the animation property while the lock is held (in
clearAnimatedType()).

This can potentially be removed when the source of the bug is found.

BUG=581546

Review-Url: https://codereview.chromium.org/1991513003
Cr-Commit-Position: refs/heads/master@{#394726}
davve
Move clearAnimatedType() up the stack
This is in preparation for locking the animated property type for the
resulting animation while the accumulated animation is computed. There
seems to be a crash due to the animated property type being cleared
too early. To catch this crash at the point of error, the plan is to
lock the animated property type of the result animation during
processing, and guard for clearing the animation property while the
lock is held (in clearAnimatedType()).

For SMILTimeContainer::updateAnimations() to have a chance of
unlocking the animated property _before_ clearAnimatedType() is
called, we need to move the call up to
SMILTimeContainer::updateAnimations(). (The assumption is that moving
the call shouldn't make a difference since
SMILTimeContainer::updateAnimations() is the only call-site for
SVGSMILElement::progress() and the intermediate code shouldn't depend
on the animated property.)

Since the clearing of property type and nullifying of resultElement
seems tied together, grouping them makes sense regardless of the crash
chase.

BUG=581546

Review-Url: https://codereview.chromium.org/1989033003
Cr-Commit-Position: refs/heads/master@{#394698}
mstensho
Move line painting to BlockFlowPainter.
Removed some unnecessary includes, since I had to modify the list of includes
anyway.

Also got rid of LayoutBlock(Flow)::paintFloats() in the process.

BUG=302024

Review-Url: https://codereview.chromium.org/1993713002
Cr-Commit-Position: refs/heads/master@{#394581}
mstensho
Remove LayoutBlock::deleteLineBoxTree().
The one in LayoutBlockFlow is all we need now.

BUG=302024

Review-Url: https://codereview.chromium.org/1991763002
Cr-Commit-Position: refs/heads/master@{#394467}
mstensho
Move dirtyLinesFromChangedChild() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1987233002
Cr-Commit-Position: refs/heads/master@{#394463}
fs
Use SVGInlineTextMetricsIterator in updateLayoutAttributes
This reuses a pre-existing piece to do the "dual offset/variable"
iteration, hiding (and sharing) the complexity.

BUG=607906

Review-Url: https://codereview.chromium.org/1988063002
Cr-Commit-Position: refs/heads/master@{#394412}
sigbjornf
Limit WTF::getPtr() to native pointer types.
Remove Member<> and Persistent<> specializations, the generated bindings
code (only real user of getPtr()) use it to coerce references into
pointers only, nothing else.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1989153003
Cr-Commit-Position: refs/heads/master@{#394371}
rune
Rename Pending to PendingScriptBlocking.
Pending sheets in StyleEngine are either script blocking or render
blocking (when they are render blocking they are simultaneously script
blocking). Rename methods and members to reflect that pending sheets are
script blocking where appropriate.

No functional changes.

R=pmeenan@chromium.org,esprehn@chromium.org
BUG=481122

Review-Url: https://codereview.chromium.org/1978083002
Cr-Commit-Position: refs/heads/master@{#394364}
mharanczyk
Destory base class when win platform accessibily node is destroyed.
Review-Url: https://codereview.chromium.org/1978223002
Cr-Commit-Position: refs/heads/master@{#394219}
mstensho
Move inlineElementContinuation() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1974323002
Cr-Commit-Position: refs/heads/master@{#394167}
fs
Reland of Simplify LoadableTextTrack::trackElementIndex
Count preceding sibling <track> elements in a more straight-forward way.

Also clean-up null-checks of m_trackElement while here (should be non-
null on construction and then keeps a strong reference.)

Review-Url: https://codereview.chromium.org/1980013002
Cr-Commit-Position: refs/heads/master@{#394166}
fs
Remove mode-transition in TextTrack::setKind
This mode-transition gives rise to inconsistent state-updates, and isn't
specified [1]. Remove it, and with it the setKind override.

Also move all the mutators to TextTrack since that's the only type of
track where these fields can be mutated (and only if sourced via a
HTMLTrackElement.)

[1] https://html.spec.whatwg.org/multipage/embedded-content.html#attr-track-kind

BUG=460923,608772

Review-Url: https://codereview.chromium.org/1984663002
Cr-Commit-Position: refs/heads/master@{#394122}
tsniatowski
Use clang "--target=x" rather than "-target x" for icecc
Icecc is confused by the two-argument -target form and ends up compiling
everything locally. It works with the equivalent single argument form, so prefer
this in GN compiler configs.

Previously done just for android in https://codereview.chromium.org/1871813003

Review-Url: https://codereview.chromium.org/1977733003
Cr-Commit-Position: refs/heads/master@{#394065}
mstensho
Move line/continuation specific parts of willBeDestroyed() into LayoutBlockFlow.
Also moved beingDestroyed() down to LayoutBlockFlow, since it was no longer
called on other types.

Note that dirtyLinesFromChangedChild() is now called regardless of the object
having line boxes or not at the time of destruction. This should be safer and
more correct. If we're an inline-block, for instance, we definitely want to
notify our parent that we're going away, since that will affect the line box
tree in the parent. I assume that the reason why this hasn't been a problem
(use-after-free crashes, typically), is that the condition that previously
could block this from happening is never true. Looks like line boxes are always
deleted before we reach willBeDestroyed(). Added a TODO to investigate further.
We hopefully don't need that code.

BUG=302024

Review-Url: https://codereview.chromium.org/1977083002
Cr-Commit-Position: refs/heads/master@{#393939}
fs
Revert of Simplify LoadableTextTrack::trackElementIndex (patchset #1 id:1 of https://codereview.chromium.org/1980013002/ )
Reason for revert:
Seems "WebKit Win Builder (dbg)" didn't approve:

e:\b\build\slave\webkit-win-latest-dbg\build\src\third_party\webkit\source\core\html\track\loadabletexttrack.cpp(70) : warning C4706: assignment within conditional expression

Original issue's description:
> Simplify LoadableTextTrack::trackElementIndex
>
> Count preceding sibling <track> elements in a more straight-forward way.
>
> Also clean-up null-checks of m_trackElement while here (should be non-
> null on construction and then keeps a strong reference.)
>
> Committed: https://crrev.com/0537a6d11bf2ebefcf90fbfec7081e37ef78081a
> Cr-Commit-Position: refs/heads/master@{#393825}

TBR=davve@opera.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/1985643003
Cr-Commit-Position: refs/heads/master@{#393828}
fs
Simplify LoadableTextTrack::trackElementIndex
Count preceding sibling <track> elements in a more straight-forward way.

Also clean-up null-checks of m_trackElement while here (should be non-
null on construction and then keeps a strong reference.)

Review-Url: https://codereview.chromium.org/1980013002
Cr-Commit-Position: refs/heads/master@{#393825}
davve
Remove workaround for multiple svg onload events
The bug referred to has been fixed. Let's see if the flakiness stays
away when removing the workaround.

BUG=372946

Review-Url: https://codereview.chromium.org/1983813002
Cr-Commit-Position: refs/heads/master@{#393818}
fs
Add TextTrack::isVisualKind helper
It's quite common to check for a text track being one of the kinds
'subtitles' or 'captions'. Add a helper to TextTrack and use that
in a bunch of places to simplify code.
Also convert one open-coded version of TextTrack::canBeRendered() with a
call to that method.

Review-Url: https://codereview.chromium.org/1976183002
Cr-Commit-Position: refs/heads/master@{#393814}
the_jk
Make SQL in DownloadDatabase SQLite pre 3.8.3 compatible
printf() was added in SQLite 3.8.3 so need to use other older
methods to generate the GUID.
third_party/sqlite/sqlite.gyp lists 3.6.1 as required version at the
time of writing

BUG=606772

Review-Url: https://codereview.chromium.org/1897153005
Cr-Commit-Position: refs/heads/master@{#393813}
fs
Clean up HTMLTrackElement.kind invalid/missing value default handling
Get rid of the isValidKind(...) and invalidValueDefaultKind() virtual
methods on TrackBase and do any required checking "up front" instead
as required. This should present less surprises and work in a less
side-effectful way.

Also start setting the 'kind' directly in the constructor rather than
invoking setKind() in (all) the constructor body (bodies).
Drop some redundant parenthesis and fix some obviously "wrong" names
in TextTrack.cpp.

BUG=608772

Review-Url: https://codereview.chromium.org/1973343002
Cr-Commit-Position: refs/heads/master@{#393812}
sigbjornf
With LSan, run initial heap cleaning GCs during shutdown.
Clean out as much as garbage as possible before releasing a
thread's static persistents, in preparation for LSan leak
detection. By doing so, finalizers for itinerant garbage
may access these static local persistents without restrictions,
_but_ any object kept alive by a static persistent may
not when the second phase of cleaning GCs are performed.

As collectAllGarbage() stops on reaching a fixed point,
extra overhead of having to perform GCs before and after
the static persistents isn't a concern.

R=
BUG=611333

Review-Url: https://codereview.chromium.org/1977343002
Cr-Commit-Position: refs/heads/master@{#393809}
kolczyk
Fix a typo in the gn gen help for QtCreator generator (introduced in https://codereview.chromium.org/1883093002/)
BUG=

Review-Url: https://codereview.chromium.org/1979813002
Cr-Commit-Position: refs/heads/master@{#393795}
sigbjornf
Remove C::swap(C*) where C = Hash{Map,Set}<T>.
Remove the swap() method over non-reference hash sets and
map arguments, along with their curious OtherType indirection,
the methods aren't of real use.

R=
BUG=

Review-Url: https://codereview.chromium.org/1979843002
Cr-Commit-Position: refs/heads/master@{#393770}
sigbjornf
Simplify HeapVectorBacking<> usage.
Reorder HeapAllocator.h declarations to let the compiler handle
supplying the default trait argument to HeapVectorBacking<>.

R=
BUG=

Review-Url: https://codereview.chromium.org/1985473002
Cr-Commit-Position: refs/heads/master@{#393749}
mstensho
LayoutFullScreen::m_placeholder is LayoutBlockFlow.
The code calls m_placeholder->beingDestroyed(), which is a method that
I believe belongs down in LayoutBlockFlow, not in LayoutBlock.

No need for the setter, BTW, so replaced it with resetPlaceholder().

BUG=302024

Review-Url: https://codereview.chromium.org/1975163002
Cr-Commit-Position: refs/heads/master@{#393545}
mstensho
Move makeChildrenNonInline() and childBecameNonInline() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1977823002
Cr-Commit-Position: refs/heads/master@{#393543}
mstensho
Move collapseAnonymousBlockChild() to LayoutBlockFlow, and make it non-static.
Some cleanup in collapseLoneAnonymousBlockChild(). Specify a parent rather than
working it out on our own. Both callers have the parent readily available
anyway.

Remove canCollapseAnonymousBlockChild(), since nobody calls it anymore.

BUG=302024

Review-Url: https://codereview.chromium.org/1980473002
Cr-Commit-Position: refs/heads/master@{#393542}
kolczyk
Add support for generating QtCreator projects from GN.
This adds a new command line argument "--ide=" value to "gn gen"
which, when specified, generates a QtCreator project.

QtCreator is a quite powerful general-purpose (despite Qt in the name)
IDE when developing on Linux system with code completion and navigation.

Some interest in it has been demonstrated in the following thread:
https://groups.google.com/a/chromium.org/forum/#!topic/gn-dev/9U4_ytjrah8

BUG=

Review-Url: https://codereview.chromium.org/1883093002
Cr-Commit-Position: refs/heads/master@{#393514}
fs
Minor SVGFilterPainter cleanups
Simplify GraphicsContext handling in SVGFilterRecordingContext by
getting rid of the paintingContext() calls, since we'll promptly replace
that GraphicsContext with the recording context anyway. Get rid of the
|context| local and use m_context instead.

Drop the LayoutObject argument to paintFilteredContent(...) since it
isn't used.

Review-Url: https://codereview.chromium.org/1977793003
Cr-Commit-Position: refs/heads/master@{#393511}
sigbjornf
Avoid race on uninitializing CrossThreadPersistent nodes.
R=
BUG=611593, 611594

Review-Url: https://codereview.chromium.org/1974233002
Cr-Commit-Position: refs/heads/master@{#393488}
mstensho
Move makeChildrenInlineIfPossible to LayoutBlockFlow
It's now possible to move makeChildrenInlineIfPossible() to LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1969203003
Cr-Commit-Position: refs/heads/master@{#393390}
mstensho
Don't use canCollapseAnonymousBlockChild() to determine whether to truncate text.
Doing that happened to do exactly what we wanted, but that seems like a rather
haphazard way of determining it.

We want to truncate text for block containers [1]. That's LayoutBlockFlow.
Additionally, in Blink, HTML button is implemented using LayoutFlexibleBox
(although the web insists that it too is a block container).

[1] https://www.w3.org/TR/css-ui-3/#propdef-text-overflow

Rather than manually testing for isLayoutBlockFlow() || isLayoutButton()
directly when deciding to truncate or not, I went and hijacked
canHaveFirstLineOrFirstLetterStyle(), and renamed it to behavesLikeBlockContainer().

Review-Url: https://codereview.chromium.org/1970183002
Cr-Commit-Position: refs/heads/master@{#393354}
mstensho
Move some reparenting and anonymous block merge functionality down to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1968413002
Cr-Commit-Position: refs/heads/master@{#393350}
fs
Don't store an SkPicture in the SourceGraphic FilterEffect
Instead of storing the SkPicture in the SourceGraphic FilterEffect, just
create a filter and pre-populate all the image filter "slots" when we've
recorded the content that should be filtered.
This avoids keeping an explicit reference to the SkPicture, and thus
avoids keeping this object alive when the Filter and it's associated
filter-chain is in limbo waiting for a Oilpan GC sweep.

BUG=610158

Review-Url: https://codereview.chromium.org/1961083006
Cr-Commit-Position: refs/heads/master@{#393280}
mstensho
LayoutBox (not LayoutBlock) is the common base for floats and out-of-flow objects.
We need to react on going out-of-flow or becoming floated in
LayoutBox::styleDidChange(), or we'll misbehave if the object in question is
e.g. an image.

Review-Url: https://codereview.chromium.org/1973843003
Cr-Commit-Position: refs/heads/master@{#393270}
mstensho
LayoutBlock::removeChild() override no longer needed.
It was all about anonymous block merging and collapsing, which is a thing that
only LayoutBlockFlow needs to do. So move everything there.

BUG=302024

Review-Url: https://codereview.chromium.org/1968403002
Cr-Commit-Position: refs/heads/master@{#393267}
mstensho
Move block container specific parts of addChild() to LayoutBlockFlow.
LayoutBlock still needs some basic support for anonymous block insertion, for
flexbox, and possibly others.

BUG=302024

Review-Url: https://codereview.chromium.org/1974753002
Cr-Commit-Position: refs/heads/master@{#393266}
rune
Unreachable code fixes in SelectorChecker.
Unknown selectors and pseudo page selectors should be dropped at parse
time for element selectors. Also did some simplifications for
ASSERT_NOT_REACHED code and consistently fail matching for such code.

R=timloh@chromium.org,rob.buis@samsung.com

Review-Url: https://codereview.chromium.org/1969203002
Cr-Commit-Position: refs/heads/master@{#393216}
sigbjornf
Remove dated NavigationScheduler TODO.
Task closures created by CancellableTaskFactory keep a weak reference back
to their owning GCed object, allowing the object to be garbage collected
without the task keeping it alive.

Retire the TODO in the NavigationScheduler suggesting otherwise along with
adding a unit test to verify the weakness property.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1976433003
Cr-Commit-Position: refs/heads/master@{#393210}
mstensho
Helper method for non-direct beforeChild in LayoutBlock::addChild().
A lot of what's in LayoutBlock::addChild() will eventually be moved down to
LayoutBlockFlow::addChild(), but both classes are expected to handle insertion
of children before a non-direct beforeChild.

One difference, compared to how it used to work when all of this was inside
addChild(), is that it's no longer allowed to continue if we fail to find a
suitable direct beforeChild replacement. Will always RELEASE_ASSERT() in such
situations now.

BUG=302024

Review-Url: https://codereview.chromium.org/1964203004
Cr-Commit-Position: refs/heads/master@{#393201}
mstensho
Helper for interesting things to do when a block becomes a float or out-of-flow.
Also added some requirements for the blocks involved to be LayoutBlockFlow. We
don't want to touch anything else.

BUG=302024

Review-Url: https://codereview.chromium.org/1966223002
Cr-Commit-Position: refs/heads/master@{#393121}
rune
Multiple :hover/:active incorrectly matching in quirks mode.
:hover and :active should only match links when not accompanied by
other simple selectors in quirks mode. We failed to adhere for
combinations of :hover and :active. Instead of just checking there is
either a selector preceding or following in the compound, check if
there is a selector preceding or a selector following in the compound
which is neither :hover nor :active.

R=rob.buis@samsung.com
BUG=611090

Review-Url: https://codereview.chromium.org/1972713002
Cr-Commit-Position: refs/heads/master@{#393090}
mstensho
Move updateDragState() override to LayoutBlockFlow.
Only continuations stuff there.

BUG=302024

Review-Url: https://codereview.chromium.org/1969103002
Cr-Commit-Position: refs/heads/master@{#393071}
mstensho
Move hoverAncestor() override to LayoutBlockFlow.
Only continuations stuff going on there.

BUG=302024

Review-Url: https://codereview.chromium.org/1970653004
Cr-Commit-Position: refs/heads/master@{#392963}
mstensho
Turn mergeContiguousAnonymousBlocks() into a proper method.
Some clean-up on the way, such as refactoring
canMergeContiguousAnonymousBlocks() into a function that deals with one object
at a time.

BUG=302024

Review-Url: https://codereview.chromium.org/1966153002
Cr-Commit-Position: refs/heads/master@{#392942}
sigbjornf
Simplify SVGSMILElement::notifyDependentsIntervalChanged loop breaker.
To catch out recursive notifications, notifyDependentsIntervalChanged()
keeps track of the SVGSMILElements that are on the stack and being
notified, so as to bail early in case of loops.

There's no need for that set of SVGSMILElements to be recorded using
a persistent static local as the objects are stack reachable should
a conservative GC be needed, so an 'ordinary' hash set will do.

Not using a persistent reference also addresses a bad interaction with
LSan (Blink has to release all static persistents before shutting
down to prevent false leaks w/ LSan enabled), but SVGImages containing
animations may end up in this code path as part of an image resource
being finalized. Which would then encounter an empty persistent
static reference and fail (see associated bug and stack trace.)

R=haraken
BUG=610855

Review-Url: https://codereview.chromium.org/1968683003
Cr-Commit-Position: refs/heads/master@{#392919}
sigbjornf
Move tracking of ActiveScriptWrappables to V8PerIsolateData.
R=
BUG=

Review-Url: https://codereview.chromium.org/1966743004
Cr-Commit-Position: refs/heads/master@{#392916}
fs
Change "invalid value default" for HTMLTrackElement 'kind' to "metadata"
Rename TrackBase::defaultKind() to invalidValueDefaultKind() to better
reflect its semantics. Also make sure that the "missing value default"
is set appropriately (in TextTrack constructors and on removal in
HTMLTrackElement parseAttribute) now that it differs from the "invalid
value default".

The test media/track/track-kind.html is adjusted so that it doesn't
check if a cue is displayed, since that depends on unspecified behavior
wrt how 'mode' changes when 'kind' does. (See comment in
TextTrack::setKind.)

The WPT tests will eventually get updated via Mozilla's automatic sync,
so adding expectations for now.
(Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1269712)

Intent: https://groups.google.com/a/chromium.org/d/topic/blink-dev/6-oPQN4lZ2o/discussion

https://github.com/whatwg/html/issues/293
https://html.spec.whatwg.org/multipage/embedded-content.html#attr-track-kind

BUG=608772

Review-Url: https://codereview.chromium.org/1947033002
Cr-Commit-Position: refs/heads/master@{#392911}
sigbjornf
Revert of Eagerly remove disposed DOMTimers as observers. (patchset #1 id:1 of https://codereview.chromium.org/1959013002/ )
Reason for revert:
Caused issue 610606, reverting to locally investigate how/why.

Original issue's description:
> Eagerly remove disposed DOMTimers as observers.
>
> Once the coordinator lets go of a timer, no need to keep it
> around as an observer of the ExecutionContext.
>
> R=
> BUG=
>
> Committed: https://crrev.com/0a297738301705d02f57968334bd6f7c7dc95f4c
> Cr-Commit-Position: refs/heads/master@{#392309}

TBR=oilpan-reviews@chromium.org,keishi@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/1968963002
Cr-Commit-Position: refs/heads/master@{#392901}
fs
Use the right TextRun length when checking for surrogate pairs
The isValidSurrogatePair helper in LayoutSVGInlineText.cpp operates on a
TextRun and an index, and checks if the character at the index is part
of a valid surrogate pair.
To check the trailing character, the next index is checked against the
length of the TextRun (to see if the character exists).
The TextRun used is a "sub run" of the entire text node, which means
that the operator[] implementation expects accesses to be within the sub
run rather than the "full run".
Since this function is always used for runs that are sub runs, it should
use TextRun::length() rather than TextRun::charactersLength() to stay
consistent with the iteration and the code using it.

BUG=610641

Review-Url: https://codereview.chromium.org/1961953004
Cr-Commit-Position: refs/heads/master@{#392880}
rune
Corrected assert for cacheable stylesheets.
We have two different caches for StyleSheetContents. One process-wide
for resources, and one document-wide for parsed text of style elements.
The cacheability differ between the two caches since for instance
sheets with @media rules may be shared between elements in the same
document as the media query evaluation will be the same, while we can't
do that for sheets cached across documents as they may have different
viewports.

The assert in CSSStyleSheet::willMutateRules triggered because we
checked for the resource cacheability of a style element sheet which
was shared even though it had a media query. Renamed the cacheability
method to make clear which cache we're referring to.

Removed the ASSERT in StyleSheetContents::copy(), as that really didn't
have anything to do with copy, only the fact that it is only called
from where cached stylesheets are cloned for rule mutation. The ASSERT
in willMutateRules right before we copy() should suffice.

R=timloh@chromium.org
BUG=551674

Review-Url: https://codereview.chromium.org/1961173003
Cr-Commit-Position: refs/heads/master@{#392859}
mstensho
Only LayoutInline needs to implement addChildIgnoringContinuation().
LayoutTable had to do it because LayoutBlock did it. But LayoutBlock really
doesn't have to do it anymore. This was probably some relic from the old
multicol implementation, which used *block* continuations to implement column
spanners. We no longer need or support block continuations.

Review-Url: https://codereview.chromium.org/1967823002
Cr-Commit-Position: refs/heads/master@{#392856}
sigbjornf
Remove redundant GC mixin instance decl for AudioBufferSourceNode.
R=
BUG=

Review-Url: https://codereview.chromium.org/1969453003
Cr-Commit-Position: refs/heads/master@{#392747}
mstensho
Move nodeForHitTest() to LayoutBlockFlow.
LayoutBlock shouldn't have to deal with continuations.

BUG=302024

Review-Url: https://codereview.chromium.org/1966713002
Cr-Commit-Position: refs/heads/master@{#392742}
mstensho
Move continuation and line box specific stuff to LayoutBlockFlow::removeChild().
BUG=302024

Review-Url: https://codereview.chromium.org/1970453002
Cr-Commit-Position: refs/heads/master@{#392730}
sigbjornf
Prevent audio thread access to finished, non-active AudioNodes.
Follow up r392110 and have the audio thread skip over m_activeSourceNodes
nodes it has already deemed to be finished & removable by the main thread.
Accessing these cannot be safely done.

R=
BUG=610643

Review-Url: https://codereview.chromium.org/1958333006
Cr-Commit-Position: refs/heads/master@{#392720}
mstensho
Turn adjacent out-of-flow sibling reparenters into proper methods.
This will make it possible to gradually move callers of these methods (and the
methods themselves) down to LayoutBlockFlow, which is where they belong, since
only LayoutBlockFlow may parent floats and out-of-flow objects.

BUG=302024

Review-Url: https://codereview.chromium.org/1964983002
Cr-Commit-Position: refs/heads/master@{#392696}
mstensho
Move invalidateDisplayItemClients() override into LayoutBlockFlow and eat the static helper.
It was only dealing with continuations, and that doesn't belong in LayoutBlock.

BUG=302024

Review-Url: https://codereview.chromium.org/1964083002
Cr-Commit-Position: refs/heads/master@{#392690}
sigbjornf
Handle overlapping CrossThreadPersistent<> releases.
When a CrossThreadPersistent<> is cleared, the associated PersistentNode is
freed. In the case when multiple threads attempt to do such clearing at
the same time, the freeing protocol ensured atomicity but failed to check
if the PersistentNode had been freed already.

This follows up on the freeing of PersistentNodes that r392263 added
for CrossThreadPersistent<>s.

R=haraken
BUG=

Review-Url: https://codereview.chromium.org/1964013002
Cr-Commit-Position: refs/heads/master@{#392689}
mstensho
Move absoluteRects() and absoluteQuads() overrides to LayoutBlockFlow.
They only deal with continuations.

BUG=302024

Review-Url: https://codereview.chromium.org/1968553002
Cr-Commit-Position: refs/heads/master@{#392685}
mostynb
IWYU: errno.h in third_party/webrtc_overrides
Without this, some toolchains may fail to build
third_party/webrtc/base/checks.cc because errno is undefined.

BUG=468375

Review-Url: https://codereview.chromium.org/1967643002
Cr-Commit-Position: refs/heads/master@{#392677}
mstensho
Adjust constness to avoid const_cast.
Review-Url: https://codereview.chromium.org/1961343002
Cr-Commit-Position: refs/heads/master@{#392642}
sigbjornf
Drop unnecessary uses of GarbageCollectedFinalized<>.
Objects with Member<> fields can derive from the non-finalized
GarbageCollected<> instead.

R=
BUG=389343

Review-Url: https://codereview.chromium.org/1961173004
Cr-Commit-Position: refs/heads/master@{#392641}
mstensho
nodeAtPoint(): Perform the early-check EARLY.
Hit-testing overflow controls before checking if we need to do anything at all
affected performance, so just remove the LayoutBlock override for nodeAtPoint()
and hit test overflow controls there, but do so AFTER we have made sure that
the point is within bounds.

Fixes 15% performance regression for
PerformanceTests/Events/hit-test-lots-of-layers.html

BUG=610250

Review-Url: https://codereview.chromium.org/1960373002
Cr-Commit-Position: refs/heads/master@{#392626}
mstensho
Set orphans and widows to 1 in lots-of-text-balanced multicol performance test.
https://codereview.chromium.org/1909233002 changed the initial values for
orphans and widows to match the spec. This could very well affect performance
slightly, although I cannot reproduce it myself. Speculatively set
orphans/widows to 1 and see if that helps. Add a new test that uses higher
values for orphans and widows, so that we still get to test that too.

BUG=606262

Review-Url: https://codereview.chromium.org/1964473003
Cr-Commit-Position: refs/heads/master@{#392625}
mstensho
Assert that continuations be either LayoutBlockFlow or LayoutInline.
Exploring the possibility of moving all continuation handling from LayoutBlock
down to LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1958413003
Cr-Commit-Position: refs/heads/master@{#392621}
sigbjornf
Make ActiveScriptWrappable the GC mixin it is.
By switching it to derive from GarbageCollectedMixin, and
have the per-thread set of live wrappables keep WeakMember<>
references, the Oilpan GC takes care of pruning the live
set as part of its weak processing.

R=
BUG=

Review-Url: https://codereview.chromium.org/1962113003
Cr-Commit-Position: refs/heads/master@{#392618}
mstensho
Relayout an object that becomes a spanner.
It may be possible to collapse margins through a zero-height regular block, but
if it is turned into a spanner, this is no longer possible, because it then
becomes a BFC root.

An object that becomes a spanner also gets a new containing block, which may
affect its size.

In other words, there are good reasons to make sure that objects that become
spanners get relaid out.

Note that we already had code in place (in willBeRemovedFromTree()) that
scheduled for relayout in the opposite case, i.e. when an object ceased to be a
spanner.

BUG=610033

Review-Url: https://codereview.chromium.org/1962623002
Cr-Commit-Position: refs/heads/master@{#392438}
mstensho
Remove ColumnFill runtime setting.
It's been enabled by default for almost three months now.

BUG=492297

Review-Url: https://codereview.chromium.org/1956373002
Cr-Commit-Position: refs/heads/master@{#392389}
sigbjornf
Remove older and unused ScriptState methods.
R=
BUG=

Review-Url: https://codereview.chromium.org/1958963002
Cr-Commit-Position: refs/heads/master@{#392316}
mstensho
Move hit testing of lines and floats to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1956033002
Cr-Commit-Position: refs/heads/master@{#392311}
sigbjornf
Eagerly remove disposed DOMTimers as observers.
Once the coordinator lets go of a timer, no need to keep it
around as an observer of the ExecutionContext.

R=
BUG=

Review-Url: https://codereview.chromium.org/1959013002
Cr-Commit-Position: refs/heads/master@{#392309}
sigbjornf
Trim ResourceTimingInfoMap of non-relevant entries.
If the resource fetch fails or is otherwise uninteresting to report a
ResourceTimingInfo for, remove it (also) from the set of pending
map of such ResourceTimingInfos.

R=
BUG=608543

Review-Url: https://codereview.chromium.org/1955243002
Cr-Commit-Position: refs/heads/master@{#392307}
sigbjornf
Upon clearing, release PersistentNode of cross-thread-persistent also.
Persistent<>s will only allocate an associated PersistentNode when the
heap reference is non-null. And, dually, free the PersistentNode
when the reference is cleared out and set to null.

Extend that freeing of a PersistentNode upon clearing to also apply to
CrossThreadPersistent<>s, making the behavior and lifetimes of
PersistentNodes consistent across both variants of persistent references.

R=haraken
BUG=483380
NOTRY=true

Review-Url: https://codereview.chromium.org/1962513002
Cr-Commit-Position: refs/heads/master@{#392287}
sigbjornf
Accurately measure current persistent count while running termination GC.
Follow up on r392263 and have it really behave as wanted -- when measuring
|currentCount|, the live persistent count, while cleaning out the worker's
heap in ThreadState::runTerminationGC(), we need to initially sample it
_after_ having released thread-local static persistents. Otherwise the count
would be overestimated first time around, which could lead to prematurely
reaching a fixed point. And at a fixed point that would falsely indicate
that persistents were leaking.

R=haraken
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1963453002
Cr-Commit-Position: refs/heads/master@{#392272}
sigbjornf
Cleanly release thread-local static persistents during termination GCs.
Should worker termination GCs instantiate static persistent singletons
while running finalizers, ensure that these are released.

Also, for PersistentHeapCollectionBase<>s registered as such thread-local
singletons, clear out their collection backing store along with the
persistent reference when they are released. The contents and backing
store of the collection should not be accessible after such a forceful
release operation.

R=haraken
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1957523007
Cr-Commit-Position: refs/heads/master@{#392263}
mstensho
Move line-specific code into LayoutBlockFlow::positionForPoint().
BUG=302024

Review-Url: https://codereview.chromium.org/1957633003
Cr-Commit-Position: refs/heads/master@{#392251}
mstensho
Move line-specific parts of addOutlineRects() into LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1959623002
Cr-Commit-Position: refs/heads/master@{#392137}
mstensho
Less duplicated code between nodeAtPoint() in LayoutBox and LayoutBlock.
This is a preparatory patch for moving line/float-specific parts of
LayoutBlock::hitTestChildren() into LayoutBlockFlow.

BUG=302024

Review-Url: https://codereview.chromium.org/1957673002
Cr-Commit-Position: refs/heads/master@{#392116}
mstensho
LineBreaker doesn't need LayoutBlock(Flow) as a friend.
Review-Url: https://codereview.chromium.org/1956433003
Cr-Commit-Position: refs/heads/master@{#392115}
sigbjornf
Update AbstractAudioContext::m_activeSourceNodes on the main thread only.
Avoid mutating m_activeSourceNodes on the audio thread, leave the
main thread in control of that heap object.

R=haraken,rtoy
BUG=581660

Review-Url: https://codereview.chromium.org/1958583002
Cr-Commit-Position: refs/heads/master@{#392110}
sigbjornf
Initialize DeferredTaskHandler's audio thread ID once.
Avoid repeatedly recording the audio thread's ID, along with assertedly
verifying that this is done off the main thread.

R=
BUG=590108

Review-Url: https://codereview.chromium.org/1954663002
Cr-Commit-Position: refs/heads/master@{#391848}
mstensho
Move showLineTreeAndMark() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1952763002
Cr-Commit-Position: refs/heads/master@{#391757}
mstensho
Move parts of baseline calculation over to LayoutBlockFlow.
LayoutBlock shouldn't deal with line boxes.

BUG=302024

Review-Url: https://codereview.chromium.org/1952753002
Cr-Commit-Position: refs/heads/master@{#391663}
mstensho
Move computeSelfHitTestRects() to LayoutBlockFlow.
BUG=302024

Review-Url: https://codereview.chromium.org/1946343002
Cr-Commit-Position: refs/heads/master@{#391639}
mstensho
Move LayoutDeprecatedFlexibleBox-specific line handling.
This is sort-of exotic functionality, in that it checks if the blocks have
visibility:visible and auto height, so it fits better together with the
LayoutDeprecatedFlexibleBox implementation. Nobody else needs this.

The pagination code also needs to count lines, though, so I kept lineCount(),
but moved it from LayoutBlock to LayoutBlockFlow, and threw away the parts that
weren't needed (visibility check, recursing into child block flows, among other
things).

On the LayoutDeprecatedFlexibleBox, there are some changes. The functions now
operate on LayoutBlockFlow instead of LayoutBlock, since it's dealing with
lines. As a result, we need to replace some former isLayoutBlock() checks with
isLayoutBlockFlow(). A similar change landed in WebKit years ago [1], so it
should be safe.

[1] https://bugs.webkit.org/show_bug.cgi?id=122969

BUG=302024

Review-Url: https://codereview.chromium.org/1952613002
Cr-Commit-Position: refs/heads/master@{#391492}
mstensho
Improve multicol overflow rect calculation when column width is 0.
If column-gap is larger than the content box width of the multicol container,
we'll end up with zero-width column boxes (that are allowed to overflow into
neighboring gaps).

BUG=607597

Review-Url: https://codereview.chromium.org/1927283002
Cr-Commit-Position: refs/heads/master@{#391477}
mstensho
Correct ietestcenter/css3/multicolumn/column-width-applies-to-010-expected.htm
Need to paint a red list item marker under the green one for it to match the
actual test perfectly.

BUG=396941

Review-Url: https://codereview.chromium.org/1947003002
Cr-Commit-Position: refs/heads/master@{#391467}
rune
Make sure computed style is up-to-date for custom properties.
For custom properties, we didn't call updateLayoutTreeForNode which
meant the computed style object might return out-of-date values for
custom properties.

Did some cleanup in getPropertyCSSValue for known properties.

R=shans@chromium.org
BUG=608690

Review-Url: https://codereview.chromium.org/1945623002
Cr-Commit-Position: refs/heads/master@{#391368}
fs
Simplify logical iteration in SVGTextLayoutEngine
By replacing m_logicalCharacterOffset == logicalTextNode->textLength()
by the corresponding metrics list equivalent, it becomes obvious that
we're just checking the same thing twice in succession. Remove the first
check and block of code.
Also reverse the test in the loop and refactor to avoid the 'continue'
when skipping whitespace.
The second part of the disjunction (w/ logicalMetrics.isEmpty()) does
not do anything useful, so is removed. This makes the condition match
what SVGTextLayoutAttributesBuilder does (which is the intention.)

BUG=607906

Review-Url: https://codereview.chromium.org/1941303003
Cr-Commit-Position: refs/heads/master@{#391281}
fs
Make servicing of SMIL animations require a FrameView
SMIL animations are not running (or even started) in inactive documents,
and scheduling frames requires a FrameView. Hence it makes sense to move
the call to SVGDocumentExtensions::serviceOnAnimationFrame into the
block that requires a FrameView.
Drop unused timestamp argument to SMILTimeContainer::serviceAnimations,
and let that propagate all the way out to PageAnimator.

Review-Url: https://codereview.chromium.org/1941403002
Cr-Commit-Position: refs/heads/master@{#391244}
sigbjornf
Deflake media/track/media-element-move-to-new-document-assert.html
R=fs@opera.com
BUG=518995

Review-Url: https://codereview.chromium.org/1943823002
Cr-Commit-Position: refs/heads/master@{#391224}
sigbjornf
Implement DOM methods: prepend, append, after, before and replaceWith.
As per https://dom.spec.whatwg.org/#childnode ChildNode interface
should contain after(), before() and replaceWith() API.

As per https://dom.spec.whatwg.org/#parentnode ParentNode interface
should contain append(), prepend() API.

Intent to Implement and ship link: https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/paritosh/blink-dev/efUPtYm1PP8/MGoTi17AYpcJ

( From paritosh.in@samsung.com's original CL https://codereview.chromium.org/1085843002 )

R=mkwst
BUG=255482

Review-Url: https://codereview.chromium.org/1934123002
Cr-Commit-Position: refs/heads/master@{#391196}
rune
Avoid style recalc and layout when not necessary for client size.
The clientWidth and clientHeight values do not rely on style recalc for
the documentElement in strict mode, and the body element in quirks mode
when we use overlay scrollbars. Skip the forced layout update in those
cases.

BUG=481412

Review-Url: https://codereview.chromium.org/1935043002
Cr-Commit-Position: refs/heads/master@{#391187}
fs
Remove the LayoutSVGInlineText* context in SVGTextLayoutAttributes
Most uses of the SVGTextLayoutAttributes* in vector owned by
LayoutSVGText, actually ends up doing ...->context() and dereferencing
the owning LayoutSVGInlineText rather than the attributes object itself.
It's also slightly more obvious what's going on when considering the
iteration over "text nodes" rather than their associated attributes.
Make LayoutSVGText collect the descendant LayoutSVGInlineTexts rather
than the "parts object" SVGTextLayoutAttributes, and rename as
appropriate to reflect that change.
Since removing the context pointer makes SVGTextLayoutAttributes a simple
wrapper around a SVGCharacterDataMap, just store the latter directly.
Rename SVGTextLayoutAttributes.h to SVGCharacterData.h
Also replace a HashMap::find+conditional copy with a HashMap::get.

BUG=607906

Review-Url: https://codereview.chromium.org/1937043002
Cr-Commit-Position: refs/heads/master@{#391052}
sigbjornf
Completely detach failed script loader before dispatching error event.
In case of failure, a ScriptLoader needs to be detached from its ScriptRunner
and associated Resource (if any) at the same time, and before dispatching
the corresponding error event. If the error event handler triggers cancellation
of the Resource, the ScriptLoader should not be notified of that again --
it isn't interested nor prepared. A speculative fix.

R=
BUG=602516

Review-Url: https://codereview.chromium.org/1939743002
Cr-Commit-Position: refs/heads/master@{#390955}
rune
Don't cache parsed stylesheet if it wasn't added to the memory cache.
The code expects the StyleSheetContents to be in the memory cache when
pointed to by m_parsedStyleSheetCache. Set m_parsedStyleSheetCache to
nullptr initially when the StyleSheetContents could not be added to the
memory cache.

R=sigbjornf@opera.com
BUG=606248

Review-Url: https://codereview.chromium.org/1941733002
Cr-Commit-Position: refs/heads/master@{#390949}
davve
Add test for zoomed -webkit-mask-box-image
BUG=607414

Review-Url: https://codereview.chromium.org/1937903002
Cr-Commit-Position: refs/heads/master@{#390935}
mstensho
LayoutBlock::m_descendantsWithFloatsMarkedForLayout doesn't need to be mutable.
R=rune@opera.com

Review-Url: https://codereview.chromium.org/1937023002
Cr-Commit-Position: refs/heads/master@{#390925}
jl
Use v8::Object::CreateDataProperty() for object construction
When creating objects (and arrays) internally, we should typically use
CreateDataProperty() rather than Set(), since the latter may invoke
setters defined by scripts. This could potentially be used by exploits to
do evil things, but more likely is just a potential source of breakage
and/or confusion.

Also, it is typically non-conforming in the cases where exact behavior is
defined in a specification.

BUG=

Review-Url: https://codereview.chromium.org/1938943002
Cr-Commit-Position: refs/heads/master@{#390924}
davve
Revert "Straighten out zoom and border-image"
This patch reverts https://codereview.chromium.org/1819083004 patchset
#3.

Fixing SVG zoom in border-image unfortunatly broke gradients
instead. There is a difference in how scale it applied for
zooming. For SVG a source rect (unzoomed) <-> destination rect
(zoomed) scale factor is computed and used for scaling. For gradients,
the source and destination rect are always the same (both zoomed). The
individual gradients stops are zoomed instead.

BUG=607414, 596075, 561519

Review-Url: https://codereview.chromium.org/1934953002
Cr-Commit-Position: refs/heads/master@{#390920}
mostynb
remove obsolete todo note for CSS property to histogram id mapping
It was decided not to move these (necessarily) hardcoded ids.

BUG=234940
NOTRY=true

Review-Url: https://codereview.chromium.org/1937773002
Cr-Commit-Position: refs/heads/master@{#390917}
sigbjornf
Weak HTMLMediaElement::m_audioSourceNode reference must be cleared.
Weak callbacks must clear the weak references deemed not to be alive.

R=
BUG=

Review-Url: https://codereview.chromium.org/1941693002
Cr-Commit-Position: refs/heads/master@{#390910}
mostynb
remove unused WTF::dataLogFString function
BUG=439559

Review-Url: https://codereview.chromium.org/1936893002
Cr-Commit-Position: refs/heads/master@{#390877}
mostynb
remove unused placeByteAsHex template
BUG=439559

Review-Url: https://codereview.chromium.org/1937723002
Cr-Commit-Position: refs/heads/master@{#390876}
sigbjornf
gc plugin: stop recognizing old and unused options.
The options "enable-oilpan" and "warn-raw-ptr" are following r390631 no
longer being passed in as options, hence we can finally stop recognizing
them.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1941603002
Cr-Commit-Position: refs/heads/master@{#390875}
sigbjornf
Tidy up releasing of AssociatedURLLoader's client references.
Make the releasing of client references a bit more solid and consistent.

R=
BUG=606998

Review-Url: https://codereview.chromium.org/1937743002
Cr-Commit-Position: refs/heads/master@{#390873}
sigbjornf
Have htmlcollection-reachable.html force the one GC needed.
Calling window.gc() slows down test running times, and is
preferably avoided unless needed to verify behavior across
a GC.

For htmlcollection-reachable.html, we only need the
one GC to determine liveness of custom properties for
various platform objects across a garbage collection.

R=
BUG=593888

Review-Url: https://codereview.chromium.org/1934183002
Cr-Commit-Position: refs/heads/master@{#390872}
mostynb
remove unused placeByteAsHexCompressIfPossible template
This template has been unused since https://codereview.chromium.org/1778743003
landed.

BUG=584999,439559

Review-Url: https://codereview.chromium.org/1936883002
Cr-Commit-Position: refs/heads/master@{#390870}
sigbjornf
Document registration of Oilpan weak callbacks.
R=
BUG=

Review-Url: https://codereview.chromium.org/1935943002
Cr-Commit-Position: refs/heads/master@{#390860}
mstensho
Remove replacedChildren vector from inline layout.
This vector was populated during child walking and consumed right after the
walk. There should be no reason not to just process the objects right away.

Review-Url: https://codereview.chromium.org/1933633002
Cr-Commit-Position: refs/heads/master@{#390765}
fs
Minor tweaks to m_needsReordering in LayoutSVGText::layout
Nit fixes from https://codereview.chromium.org/1933193002/.

BUG=607906

Review-Url: https://codereview.chromium.org/1933413002
Cr-Commit-Position: refs/heads/master@{#390753}
fs
Simplify SVG layout attribute reordering
findFirstAndLastAttributesInVector is an identity transform, since it
only search for first/lastContext in the layout attributes vector and
return that in the out variable. Remove it. This in turn means that the
vector of layout attributes is unused, and hence also removed. Finally
tidy up the reversing loop by moving more code into the swapping helper
function, and merge the two identical sequences of item swapping code.
Drop the ASSERT that disallows having no (nullptr) user-data for the
closure to collectLeafBoxesInLogicalOrder.

BUG=607906

Review-Url: https://codereview.chromium.org/1931303002
Cr-Commit-Position: refs/heads/master@{#390751}
fs
Refactor SVGTextLayoutEngine::currentLogicalCharacterMetrics
The two methods currentLogicalCharacterAttributes and
currentLogicalCharacterMetrics on SVGTextLayoutEngine are very
interdependent, since after calling the former, the latter will be
called.
So fold most of the former into the latter, keeping the bits of the
former that advances to the next layout attribute entry, while
renaming it to nextLogicalAttributes.
The methods are also changed from returning a bool and using out-
variables to return the active SVGTextLayoutAttributes structure
instead.

BUG=607906

Review-Url: https://codereview.chromium.org/1935493002
Cr-Commit-Position: refs/heads/master@{#390736}
mstensho
Move self-collapse checking to LayoutBlockFlow and cache it completely.
Only block containers (that's LayoutBlockFlow in Blinquese) can have adjoining
top and bottom margins, since all other LayoutBlock derivates establish some
kind of formatting context (table, flexbox, etc.).

Also cache self-collapsedness completely. Previously we only used the cached
result if we had previously found that the entire subtree is self-collapsing.
The new approach eliminates the need for "mutable" too.

BUG=302024

Review-Url: https://codereview.chromium.org/1933153002
Cr-Commit-Position: refs/heads/master@{#390729}
mstensho
Move markLinesDirtyInBlockRange() from LayoutBlock to LayoutBlockFlow.
And put the implementation in LayoutBlockFlowLine.cpp.

BUG=302024

Review-Url: https://codereview.chromium.org/1933643002
Cr-Commit-Position: refs/heads/master@{#390724}
fs
Restructure LayoutSVGText::layout
"Uncascade" LayoutSVGText::layout by separating the handling of the two
flags (m_needsTextMetricsUpdate, m_needsPositioningValuesUpdate) into
sequential blocks. Add assert to verify consistency.

BUG=607906

Review-Url: https://codereview.chromium.org/1933193002
Cr-Commit-Position: refs/heads/master@{#390691}
fs
Move isEmptyValue and emptyValue to SVGCharacterData
These two helpers have a stronger tie to SVGCharacterData (on which they
operate) than to SVGTextLayoutAttributes - where they are currently
defined.
Move them as described, and also add simple query helpers to make code
using them simpler and more readable.

BUG=607906

Review-Url: https://codereview.chromium.org/1933183002
Cr-Commit-Position: refs/heads/master@{#390649}
sigbjornf
Remove oilpan build configuration vestiges.
With the updated GC clang plugin that rolled out as part of issue 604993,
we no longer need to supply enable-oilpan to it. Stop doing so along
with removing the enable_oilpan configuration option entirely.

R=haraken,jochen
BUG=585328

Review-Url: https://codereview.chromium.org/1930913002
Cr-Commit-Position: refs/heads/master@{#390640}
sigbjornf
blink_gc_plugin: drop no-op options.
With the updated GC clang plugin that rolled out as part of issue 604993,
we can now assume that the enable-oilpan and warn-raw-ptr options are
by default always on & consequently doesn't need to be passed in by
blink_gc_plugin_flags.py

R=
BUG=604463,604476

Review-Url: https://codereview.chromium.org/1926003003
Cr-Commit-Position: refs/heads/master@{#390631}
jl
Use [[DefineOwnProperty]] when converting IDL array values
This means using v8::Object::CreateDataProperty() rather than Set(), and
is in line with how the conversion is defined in WebIDL. The incorrect use
of Set() is observable by scripts that define setters on Array.prototype
for the properties "0", "1", "2" and so on.

Also apply the same fix to conversion of Vector<std::pair<>> into object.

BUG=607483

Review-Url: https://codereview.chromium.org/1936433002
Cr-Commit-Position: refs/heads/master@{#390610}
mostynb
fix ipc_mojo_unittests.isolate dependencies
BUG=604847

Review-Url: https://codereview.chromium.org/1930773006
Cr-Commit-Position: refs/heads/master@{#390606}
philipj
Drop self from API_OWNERS, OWNERS, etc.
tkent@ takes over web-platform-tests/dom and chcunningham@ joins
wolenetz@ in mediasource/OWNERS.

Review-Url: https://codereview.chromium.org/1919183004
Cr-Commit-Position: refs/heads/master@{#390604}
mstensho
Old lines may be detached / extracted during layout.
Back out over-simplified code from https://codereview.chromium.org/1915803004/

Since lines from an old layout pass that haven't yet been relaid out may not be
in the line box list at all at some given point during layout, lastRootBox()
didn't work as expected. It would either return the wrong last-line, or even
nullptr.

BUG=607451

Review-Url: https://codereview.chromium.org/1927913002
Cr-Commit-Position: refs/heads/master@{#390508}
tsniatowski
Add simple bit_cast unittests, avoid static_assert on gcc+libc++
These should work provided that the is_trivially_copyable logic is not
broken, and will fail to compile of the type traits lie. They do on
Android where we have gcc+libc++, so avoid being too strict there.

BUG=607158

Review-Url: https://codereview.chromium.org/1925683002
Cr-Commit-Position: refs/heads/master@{#390472}
sigbjornf
Refresh LocalDOMWindow post-Oilpan.
The debug flag m_hasBeenReset no longer serves a purpose +
OwnedPtrDeleter<> usage doesn't either.

R=
BUG=585328

Review-Url: https://codereview.chromium.org/1932653003
Cr-Commit-Position: refs/heads/master@{#390436}
sigbjornf
Remove RefCountedGarbageCollected<> GC plugin handling.
The RefCountedGarbageCollected<> transition type is no longer used
and has been removed. Follow up and retire the GC plugin's
checks for it.

R=haraken
BUG=604481

Review-Url: https://codereview.chromium.org/1932713002
Cr-Commit-Position: refs/heads/master@{#390421}
rune
querySelector* fast-path missing namespace check for no namespace.
querySelector* does not allow selectors with namespaces, yet selectors
with no namespace are still allowed. Check for empty namespace before
hitting the fast path for tag names.

R=esprehn@chromium.org
BUG=605502

Review-Url: https://codereview.chromium.org/1932673002
Cr-Commit-Position: refs/heads/master@{#390417}
jl
Use correct creation context when converting sequences to V8
The |creationContext| argument is often a reference to a window proxy
object, that may become incorrect to use if the frame is navigated and/or
detached during the loop that converts values.

BUG=607483

Review-Url: https://codereview.chromium.org/1924073003
Cr-Commit-Position: refs/heads/master@{#390408}
sigbjornf
GC plugin: split out reporting of errors/warnings.
Move code to handle reporting of errors and notes out
into a class of its own.

R=haraken
BUG=531879

Review-Url: https://codereview.chromium.org/1926863002
Cr-Commit-Position: refs/heads/master@{#390350}
sigbjornf
Add sigbjornf as blink_gc_plugin/ owner.
R=
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/1928743002
Cr-Commit-Position: refs/heads/master@{#390325}
sigbjornf
Remove unused GCObject class.
This dummy class was accidentally re-introduced in PersistentNode.cpp during the
r389469 revert; remove it.

R=
BUG=

Review-Url: https://codereview.chromium.org/1925973002
Cr-Commit-Position: refs/heads/master@{#390323}
sigbjornf
Make warn-unneeded-finalizer warning usable.
The Blink GC plugin option warn-unneeded-finalizer (enabled by including
"warn-unneeded-finalizer=1" in your  "blink_gc_plugin_flags" gyp defines)
is potentially useful in identifying classes which needlessly derive from
GarbageCollectedFinalized<> where GarbageCollected<> would do.

To avoid far too many false positives to make it practically useful on
the Blink codebase, make it be more forgiving about bases with virtual
destructors + recognize class declarations with
finalizeGarbageCollectedObject() methods defined. Neither of those
two cases should be reported as warnings.

R=
BUG=

Review-Url: https://codereview.chromium.org/1922913004
Cr-Commit-Position: refs/heads/master@{#390184}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
Classes which finalize nothing on their own should derive from
GarbageCollected<> instead.

(As identified by the warn-unneeded-finalizer=1 GC plugin option.)

R=haraken
BUG=585328

Committed: https://crrev.com/e10d108bc9cabf82607b909f35fc541c313e2366
Cr-Commit-Position: refs/heads/master@{#390070}

Review-Url: https://codereview.chromium.org/1929493002
Cr-Commit-Position: refs/heads/master@{#390165}
fs
SVG <marker> painting TLC
* Use range-based loop.
* Hide checking for an empty 'viewBox' in LayoutSVGResourceMarker.
* Simplify handling of marker scale due to 'markerUnits'.
* Add some const qualification, reorder forward decls and add missing
  full stops.

Review-Url: https://codereview.chromium.org/1914293003
Cr-Commit-Position: refs/heads/master@{#390112}
sigbjornf
Have MessagePort use Oilpan-based weak pointers.
Using WeakPtr<>/WeakPtrFactory<> with Oilpan heap objects is problematic
in the face of lazy sweeping, WeakPtr<> references aren't cleared until
the finalizer runs. Should a posted task (like for MessagePort) run
before that happens, it might then access already finalized objects that
MessagePort refers to.

Hence WeakPtr<>s should not be used for Oilpan objects unless extra
finalization care is taken _and_ the object depends on WeakPtrFactory<>'s
support for explicit revocation. Use Oilpan weak references instead.

Also clear out various redundant WeakPtr.h includes throughout Blink.

R=haraken
BUG=522357

Review-Url: https://codereview.chromium.org/1922923003
Cr-Commit-Position: refs/heads/master@{#390105}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
Classes which finalize nothing on their own should derive from
GarbageCollected<> instead.

(As identified by the warn-unneeded-finalizer=1 GC plugin option.)

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1929493002

Cr-Commit-Position: refs/heads/master@{#390070}
fs
Don't use a magic value for 'auto' oriented <marker>s
The value -1 (degrees) is a valid angle, so using it to indicate that
'auto' orientation should be used does not work out.
Just check 'orientType' directly instead and simplify the angle getter.

BUG=606345

Review URL: https://codereview.chromium.org/1916173003

Cr-Commit-Position: refs/heads/master@{#390029}
sigbjornf
Simplify ownership handling of HTMLImportsController.
The controller is now simply referred to and kept alive from the
associated master Document, detached of and disposed during
Document detach.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1914183002

Cr-Commit-Position: refs/heads/master@{#389814}
sigbjornf
Deprecate window.postMessage(m, transferables, origin) overload.
This argument-swapped legacy overload has little use, hence it
is time to try to phase it out. Deprecate with view to removing
in M54.

Intent: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h4ooaB_Y9JE/nh7vXshGBwAJ

R=
BUG=425896

Review URL: https://codereview.chromium.org/1903873004

Cr-Commit-Position: refs/heads/master@{#389800}
jl
Use correct creation context during Iterable.forEach iteration
Use |thisValue| instead of |scriptState->context()->Global()|, since this
is simpler and since Global() actually returns a WindowProxy object that
may change and become incorrect to use as creation context depending on
what the callback function does.

BUG=605910

Review URL: https://codereview.chromium.org/1918763002

Cr-Commit-Position: refs/heads/master@{#389785}
sigbjornf
Tidy up representation of ScrollState::m_data.
OwnPtr<> is preferable in this context.

R=
BUG=

Review URL: https://codereview.chromium.org/1916193004

Cr-Commit-Position: refs/heads/master@{#389781}
sigbjornf
Tidy up WebGeolocationController.
Get rid of impedance-matching wrapper now that Oilpan is enabled
always.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1919153002

Cr-Commit-Position: refs/heads/master@{#389777}
davve
Manually rebaseline hidpi tests
The following pixel tests needed rebaselining after switch from quirks
mode to standards mode in r389730:

fast/hidpi/broken-image-icon-hidpi.html
fast/hidpi/image-srcset-invalid-descriptor.html
fast/hidpi/resize-corner-hidpi.html
fast/hidpi/broken-image-with-size-hidpi.html
fast/hidpi/video-controls-in-hidpi.html
fast/hidpi/focus-rings.html
fast/hidpi/clip-text-in-hidpi.html
fast/hidpi/image-set-as-background-with-zoom.html
fast/hidpi/gradient-with-scaled-ancestor.html

TBR=yoav@yoav.ws
BUG=605065

Review URL: https://codereview.chromium.org/1921263002

Cr-Commit-Position: refs/heads/master@{#389758}
sigbjornf
Remove unnecessary uses of GarbageCollectedFinalized<>.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1922763003

Cr-Commit-Position: refs/heads/master@{#389756}
fs
Out-of-line some methods on LayoutSVGResourceMarker
Move the definition of orientType() and markerUnits() to the .cpp file.
Also make use of these helpers where possible and remove some unused
or redundant includes.

Review URL: https://codereview.chromium.org/1914133002

Cr-Commit-Position: refs/heads/master@{#389747}
fs
Don't force layout of descendants of SVG containers needing self-layout
There isn't much "layout" required for a generic SVG container - it is
sensitive to changes to its descendants and any impact a filter it
itself references has. We would however always relayout the entire
subtree of a container that had been marked as needing layout.
Like he code removed by https://codereview.chromium.org/1907273002, this
remaining part of the condition is primarily a remnant of the old way of
performing paint invalidation.
This CL changes to not force layout unconditionally based on the
self-needs-layout flag, but instead relies on the scale-factor-changed
flag (and of course specific marking of descendants) to handle this job.
To achieve this, rudimentary scale-factor-changed "detection" is added
to LayoutSVGRoot, as well as code to propagate this state to
descendants. LayoutSVGResourceMarker is modified in a similar fashion.
This is needed to counter-act the removal of the forced layout, since
previously this would propagate to descendants (unconditionally) by
forcing layout in both the root and containers. This effect is now
achieved (for the root) by using the scale-factor-changed signal
instead. This signal will be improved in future CLs.

BUG=603956

Review URL: https://codereview.chromium.org/1920833002

Cr-Commit-Position: refs/heads/master@{#389742}
davve
Modernize fast/hidpi layout tests
 * Add <!DOCTYPE html> to all tests. None of them seem to test
   quirk-mode specific issues.

 * Remove unnecessary <html>, <head> and <body> tags.

 * 4 space indentation.

 * Remove stale FIXME.

 * Drop </img> tags. <img> is a void element.

BUG=605065

Review URL: https://codereview.chromium.org/1908463002

Cr-Commit-Position: refs/heads/master@{#389730}
mstensho
Remove LayoutFlowThread stuff from line layout code.
We used to force full line layout if we had a flow thread with no column sets.
This may have made sense at some point in the past, where we created column
sets on the fly during layout, but we don't do that anymore (because we don't
mutate the layout tree structure during layout anymore). If we have no column
sets, it means that we cannot have any lines, since there's no column content
(because if there were, we'd have at least one column set). So it was a
pointless (albeit harmless) check.

There was also a flow thread check around some code that checks if previously
created lines will be affected by floats in new ways. If this is the right
thing to do for flowthread based fragmentation, it's also the right thing to do
for non-flowthread based (e.g. printing) fragmentation, so just remove the
check.

Also reordered and cleaned up checkPaginationAndFloatsAtEndLine() somewhat. We
don't have to do anything at all unless we have floats. Let's figure this out
as early as possible and bail if we can.

Also locate the last line in the block flow in a simpler way. Call
lastRootBox() instead of walking some chain of lines all the way to the end.

Review URL: https://codereview.chromium.org/1915803004

Cr-Commit-Position: refs/heads/master@{#389720}
sigbjornf
Support WeakMember<const T>.
It is entirely valid to have weak references to const objects, but
this failed to compile tracing calls over such members.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1921733002

Cr-Commit-Position: refs/heads/master@{#389553}
fs
Return the 'active' value for SVGURIReference.href.animVal
Make animVal return the currently used ('active') value instead of always
returning that of 'href'.
This should re-establish the former "invariant" that baseVal === animVal
when '(xlink:)href' is not being animated.

BUG=606200

Review URL: https://codereview.chromium.org/1917843002

Cr-Commit-Position: refs/heads/master@{#389490}
sigbjornf
Unify and generalize thread static persistent finalization.
Make ThreadState's registerAsStaticReference() generally available,
and not specific to LSan-only registration of static persistents
that must be cleared prior to performing leak detection.

By doing so, it can be used to handle thread-local static persistents
also.

Upon a thread finalizing its ThreadState, these static persistents
will be cleared & released. In order to make that safe and not leave
dangling PersistentNode references around afterwards, generalize
the release mechanism to also clear the Persistent/PersistentCollectionBase
that registered the persistent node.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1919663002

Cr-Commit-Position: refs/heads/master@{#389448}
sigbjornf
Make DOMTokenList.prototype.toString enumerable.
As 'stringifier' implies an enumerable toString(), drop the use
of [NotEnumerable] for DOMTokenList's. This also aligns with other
implementations (FF, Edge.)

R=yoav@yoav.ws, philipj@opera.com
BUG=306606

Review URL: https://codereview.chromium.org/1916453002

Cr-Commit-Position: refs/heads/master@{#389442}
davve
Manually rebaseline two tests from r389158
TBR=fs
BUG=601011

Review URL: https://codereview.chromium.org/1916733002

Cr-Commit-Position: refs/heads/master@{#389437}
sigbjornf
Require that heap collections are used over traceable elements.
While it is fully supported, having Blink GC heap collection objects
with elements not themselves being heap objects nor containing
references to such, is unnecessary. And arguably a sign that the code
is unintentionally using a heap collection.

Thus, add static_assert()s which prevent heap collections containing
no traceable references.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1912093002

Cr-Commit-Position: refs/heads/master@{#389435}
sigbjornf
Make Selection.prototype.toString() enumerable.
The stringifier for Selection is enumerable,

 https://w3c.github.io/selection-api/#idl-def-Selection

so align with spec and other implementations, and remove the use
of [NotEnumerable].

R=yoichio
BUG=306606

Review URL: https://codereview.chromium.org/1908423003

Cr-Commit-Position: refs/heads/master@{#389427}
sigbjornf
Remove RefCountedGarbageCollected<>.
Exposing a garbage collected object as something ref-counted is
no longer needed, hence the functionality can be removed.

R=
BUG=604481

Review URL: https://codereview.chromium.org/1919643002

Cr-Commit-Position: refs/heads/master@{#389419}
fs
Order bounds update correctly for LayoutSVGShape and LayoutSVGImage
Since SVGResourcesCache::clientLayoutChanged can set the
m_needsBoundariesUpdate flag, make sure to check it, and act, after
that call. This ensures that state is consistent. when layout() return.
Also add a comment about the delicate situation in
LayoutSVGShape::layout wrt shape vs. bounds update. Additionally rename
the local variable used to notify the parent that its bounds needs to be
updated to |updateParentBoundaries|.

BUG=603956

Review URL: https://codereview.chromium.org/1907333002

Cr-Commit-Position: refs/heads/master@{#389410}
sigbjornf
Add DataPersistent<> for copy-on-modify and use for StyleFilterData.
Emulate what DataRef<T> provides over ref-counted objects, but
for persistent heap references. DataPersistent<T> values can
be freely copied, but when access()ed before being mutated,
DataPersistent<> ensures that the mutation will happen on
an unshared copy of the underlying heap object (of type T.)

The motivation for doing is to migrate the StyleFilterData fields
that StyleRareNonInheritedData keeps over to use DataPersistent<>
rather than DataRef<>. By doing so, StyleFilterData becomes
a simple GCed object without any ref-counting extras.

R=
BUG=604481

Review URL: https://codereview.chromium.org/1855213002

Cr-Commit-Position: refs/heads/master@{#389400}
sigbjornf
Simplify PointerEventFactory::getPointerIdsOfType() return type.
A Vector<int> is sufficient.

R=
BUG=

Review URL: https://codereview.chromium.org/1906213004

Cr-Commit-Position: refs/heads/master@{#389372}
sigbjornf
Remove unnecessary use of HeapHashMap for InspectorAnimationAgent::m_idToAnimationType.
R=
BUG=

Review URL: https://codereview.chromium.org/1907223002

Cr-Commit-Position: refs/heads/master@{#389369}
sigbjornf
CSSGradientValue::getStopColors(): unnecessary use of HeapVector<>.
No need to involve HeapVector<> over Color.

R=
BUG=

Review URL: https://codereview.chromium.org/1906363002

Cr-Commit-Position: refs/heads/master@{#389368}
sigbjornf
Remove unnecessary use of HeapHashMap for EventHandler::TouchRegionMap.
R=
BUG=

Review URL: https://codereview.chromium.org/1910173003

Cr-Commit-Position: refs/heads/master@{#389367}
fs
Remove unnecessary full-subtree layouts for filtered SVG containers
The presence of a filter on a container (or the SVG root) would force
a layout of the entire subtree if any child needed a layout. This used
to serve the purpose of making sure that the entire subtree would get
repainted (an artifact of how 'filter' is handled on SVG elements.)
With the current paint invalidation system, this should however make
no practical difference, since the layout of the subtree will only
end up marking descendant LayoutObjects as "maybe needing paint
invalidation" - which the ones that didn't actually change don't - and
hence for these nothing will be invalidated.
The container itself will be invalidated via the call to
SVGResourcesCache::clientLayoutChanged, which will mark it for paint
invalidation if it has instantiated a filter resource.

BUG=603956

Review URL: https://codereview.chromium.org/1907273002

Cr-Commit-Position: refs/heads/master@{#389283}
mstensho
Remove unused LayoutObject::mapAbsoluteToLocalPoint().
Review URL: https://codereview.chromium.org/1916543002

Cr-Commit-Position: refs/heads/master@{#389266}
mstensho
Support for mapping from outer/visual to flowthread coord space in nested multicol.
Review URL: https://codereview.chromium.org/1919453002

Cr-Commit-Position: refs/heads/master@{#389249}
mstensho
Don't allow column spanners inside transforms.
Spanners want the multicol container as their containing block. Transforms want
to be the containing block of everything inside. Since it's not possible to
fulfill both wishes, just refuse objects to become spanners when inside
transforms. We already do the same when inside out-of-flow objects, and also
for anything that establishes a new formatting context.

BUG=596863

Review URL: https://codereview.chromium.org/1908393002

Cr-Commit-Position: refs/heads/master@{#389207}
davve
Align image sizes for SVG with raster image size
The background geometry calculations has heuristics for tiling image
sizes optimized for integer image sizes (at least in effective zoom ==
1). Rounding SVG image sizes before zoom application makes SVG images
fit better into the existing heuristics.

BUG=601011

Review URL: https://codereview.chromium.org/1912063004

Cr-Commit-Position: refs/heads/master@{#389158}
mstensho
ColumnBalancer: Don't leak the break-after value from the previous sibling to children.
The break-after value of an object should only be considered and joined with
the break-before value of the next in-flow sibling. Said sibling should not let
its children see this value, or anything like that. Doing that might trick the
balancer into believing that we have more forced breaks than what we actually
have.

So there's no point in storing this state as a member in ColumnBalancer. Keep
it local to each object instead.

BUG=605902

Review URL: https://codereview.chromium.org/1913453002

Cr-Commit-Position: refs/heads/master@{#389144}
mstensho
Shift visual-to-flowthread coordinate space conversion one level up in the tree.
The same was done for the opposite operation, i.e. flowthread-to-visual
coordinate space conversion, in mapLocalToAncestor(), in
https://codereview.chromium.org/1819603003 . Let's do the same in
mapAncestorToLocal(), so that we're more consistent. This doesn't fix any known
bugs, but it sure makes sense that mapLocalToAncestor() be the opposite of
mapAncestorToLocal(). This also makes it less of a headache to write unit
tests, since you can now feed transformState1 into
obj->mapLocalToAncestor(parent) and get transformState2 back, then feed
transformState2 into obj->mapAncestorToLocal(parent) and then be back at
transformState1.

Review URL: https://codereview.chromium.org/1908353002

Cr-Commit-Position: refs/heads/master@{#389143}
mstensho
Spec-compliant parsing and initial values for 'orphans' and 'widows'.
The initial values for these properties should be '2', not 'auto'. 'auto' isn't
even an allowed value in the spec. So remove support for that completely.

FWIW: 'auto' used to mean pretty much the same as '1'.

Quite a few tests have to be updated because of this change, typically because
they assume that there are no orphans and widows requirements, meaning that
there'd be no breaking restrictions between lines. In those cases, now that the
initial value is '2', we need to set 'orphans' and 'widows' to '1' explicitly
if we don't want any restrictions. There are also some non-layout tests that
expect the initial value to be 'auto' or '1'. In those cases we need to just
update the expectations to be '2' instead.

BUG=473509

Review URL: https://codereview.chromium.org/1909233002

Cr-Commit-Position: refs/heads/master@{#389061}
mstensho
Don't lose the pagination strut when a line is re-created.
If there's not enough room for a line in a column, so that it gets pushed to
the next one, and there's a float at the top of the next column, the available
line width changes, and we need to re-create the line at the new position. Do
not lose the pagination strut in the process, or the column balancer might
over-stretch the columns, since it might fail to find the lowest possible space
shortage for the next layout pass. So store the strut so that we can re-apply
it when the new line has been created.

Since we now store the strut of such lines while they're being re-created, this
can be used as a flag to skip positioning of out-of-flow objects and floats. In
other words, we can retire the logicalWidthIsAvailable flag (which was a really
confusing name anyway).

Review URL: https://codereview.chromium.org/1905923002

Cr-Commit-Position: refs/heads/master@{#388884}
sigbjornf
Have (new URLSearchParams(initString)) skip initial '?'.
The spec now requires that when a URLSearchParams is initialized from
a string, an initial '?' should be ignored from that string,

 https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams

It accommodating usage like (new URLSearchParams(url.search))

R=
BUG=601425

Review URL: https://codereview.chromium.org/1906773002

Cr-Commit-Position: refs/heads/master@{#388842}
mstensho
Prioritize first-lines over orphans when deciding whether to propagate a strut.
The orphans code piece simply blindly propagates the strut to the block if the
orphans requirement isn't satisfied. It's incapable of inserting a break at a
class C break point [1] (i.e. before the first line in the block), while the
first-line code piece handles this just fine (since this is easy to do when at
the first line, but not when at a later line).

If we're at a non-first line at the time of breaking, there's no support for
going back to insert a break before the first line. That has to be done when
processing the first line, not later on. Flip the priority, so that orphans
requirements aren't even checked if we're at the first line. There's no need
then. We always try to avoid breaking before the first line anyway.

[1] https://drafts.csswg.org/css-break/#possible-breaks

Review URL: https://codereview.chromium.org/1908643003

Cr-Commit-Position: refs/heads/master@{#388838}
fs
Rename transformToRoot:ish names to screenScaleFactorChanged:ish ones
This better reflects the function of this machinery, since it's used to
update the scale of fonts based on the computed "screen scale factor".

BUG=603956

Review URL: https://codereview.chromium.org/1911473002

Cr-Commit-Position: refs/heads/master@{#388749}
philipj
Measure usage of generated documents (image/media/plugin/etc)
As discussed on blink-dev:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/u79ubJvsTbI/c_kSGKrEAgAJ

This *InFrame counters are intended as an estimate of cases where a
script in the containing document could look at the generated DOM.

BUG=597380
R=esprehn@chromium.org,pdr@chromium.org
TBR=isherman@chromium.org

Review URL: https://codereview.chromium.org/1866343002

Cr-Commit-Position: refs/heads/master@{#388723}
mstensho
Remove special-code for paginating floats followed by lines of text.
If a float is pushed to the next fragmentainer, we used to push any lines
established by consecutive sibling content along with it, even if they would
fit in the previous fragmentainer. As a contrast to this, we did not do the
same to consecutive blocks - only to lines!

What blocks do makes the most sense [1]. Do the same for lines.

[1] Discussed here: https://lists.w3.org/Archives/Public/www-style/2015Sep/0002.html

Added two new tests. The one that has a block with text following a float also
worked before this CL, but I added it to demonstrate how ridiculous it is to
behave differently here, simply depending on whether it's a line or a block.

Some existing tests needed an update, because they depended on the previous
behavior.

Review URL: https://codereview.chromium.org/1899193007

Cr-Commit-Position: refs/heads/master@{#388701}
mstensho
Translate flow thread coords to the nearest enclosing coord space when appropriate.
We used to always convert to the visual coordinate space, meaning that we
walked all enclosing fragmentation contexts. However, only the PaintLayer code
wants this behavior, while everyone else typically wants to do one
fragmentation context at a time, e.g. when walking the ancestry with
LayoutObject::mapLocalToAncestor().

For nested multicol, this caused invalidation bugs, problems with
getClientRects(), and maybe more.

Added an enum CoordinateSpaceConversion (with values "Containing" and "Visual")
for flowThreadTranslationAtOffset() to use to determine which conversion to
perform. The old behavior was to always do CoordinateSpaceConversion::Visual.

BUG=604883

Review URL: https://codereview.chromium.org/1907443003

Cr-Commit-Position: refs/heads/master@{#388692}
fs
Drop transform-change propagation from LayoutSVGHiddenContainer::layout
No real transform changes should be detected in LayoutSVGHiddenContainer
since it's used for things making up (==roots of) "isolated subtrees".

BUG=603956

Review URL: https://codereview.chromium.org/1905533003

Cr-Commit-Position: refs/heads/master@{#388578}
sigbjornf
Expose toString() as enumerable on some objects.
URL, WorkerLocation and implementations of HTMLHyperlinkElementUtils
are required per spec to expose an enumerable toString() method.

Remove uses of [NotEnumerable] for these.

R=philipj@opera.com, jochen
BUG=306606

Review URL: https://codereview.chromium.org/1905553002

Cr-Commit-Position: refs/heads/master@{#388521}
fs
Move the m_didTransformToRootUpdate flag to LayoutSVGContainer
By pushing the update of the m_didTransformToRootUpdate flag out of the
various calculateLocalTransform() implementations, we both get
implementations of those methods that are more to the point, and expose
the redundant calls to SVGLayoutSupport::transformToRootChanged().
This also means that didTransformToRootUpdate() is devirtualized,
although it was never called "virtually" before either.
Also turn m_needsBoundariesUpdate into a single-bit flag.

BUG=603956

Review URL: https://codereview.chromium.org/1904683002

Cr-Commit-Position: refs/heads/master@{#388516}
sigbjornf
Remove Disposed as a DocumentLifecycle state.
With Oilpan, Documents no longer have an observable 'disposed' state.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1906483002

Cr-Commit-Position: refs/heads/master@{#388498}
sigbjornf
Avoid PageAllocator::s_allocPageErrorCode races.
R=
BUG=601579

Review URL: https://codereview.chromium.org/1903763002

Cr-Commit-Position: refs/heads/master@{#388491}
sigbjornf
Add missing IDL parser support for 'stringifier readonly attribute'.
R=
BUG=306606

Review URL: https://codereview.chromium.org/1900873006

Cr-Commit-Position: refs/heads/master@{#388484}
philipj
Make setBaseAndExtent's arguments non-optional
These arguments are already non-optional in Edge. Firefox doesn't
support setBaseAndExtent. In WebKit the arguments are still optional.

For the first three arguments, the risk is bounded by the
SelectionSetBaseAndExtentNull use counter, which rbyers@ reports as ~0%
on the stable channel. If the fourth argument is omitted the use counter
wouldn't catch that, however. (The use counter can also be triggered by
explicitly passing null, which is likely the most common case.)

BUG=460722

Review URL: https://codereview.chromium.org/1785663002

Cr-Commit-Position: refs/heads/master@{#388460}
davve
Compensate for source scaling in hidpi mode
In crrev.com/379801 scaling of hidpi nine piece image grids was
changed from using the real image size to using the "layout'ed" image
size (i.e. image size compensated by image scale factor) since that is
what Image::imageSize() returns. Instead the computed source rect was
scaled afterwards, right before drawing.

If GraphicsContext.drawTiledImage() is called with (stretch, stretch)
as tile rules, it ignores the passed scale factor and computes the
scale factor between source and destination itself. However, if one
rule is stretch and the other one repeat, or if both are repeat, the
tile scale factor is used when drawing and the relation between the
sizes of source and dest ignored.

What was missing from crrev.com/379801 was to compensate for the image
scale factor by adjusting tileScale. That meant that the (stretch,
stretch) worked fine but as soon as one repeat was specified, the
scale factor was wrong.

BUG=601544

Review URL: https://codereview.chromium.org/1901103002

Cr-Commit-Position: refs/heads/master@{#388451}
tmoniuszko
Fix GN freeze on generating Visual Studio projects
There's an infinite loop while searching for parent directory. It happens
when drive letter case is mixed in absolute paths on Windows (/C:/foo and
/c:/foo). It's easily reproducible on MSYS terminals when system-absolute
paths are used for some targets and source root-absolute (//foo/bar) paths
are used for other targets.

BUG=

Review URL: https://codereview.chromium.org/1897213002

Cr-Commit-Position: refs/heads/master@{#388443}
ljagielski
Build: disable icf for gcc builds with bundled gold
Gold doesn't respect section alignment when merging symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=17704

BUG=576197

Review URL: https://codereview.chromium.org/1887303003

Cr-Commit-Position: refs/heads/master@{#388437}
fs
Pass first child to SVGLayoutSupport::layoutChildren
Since everything depending on the "subtree root" has now been hoisted
into the callers, we can pass firstChild() instead and avoid calling
slowFirstChild().

BUG=603956

Review URL: https://codereview.chromium.org/1897273002

Cr-Commit-Position: refs/heads/master@{#388337}
fs
Hoist "layout size changed" check out of SVGLayoutSupport::layoutChildren
For LayoutSVGRoot, this predicate can be computed quite easily, so
calling layoutSizeOfNearestViewportChanged() will be an unnecessary
detour.
Also rearrange layoutSizeOfNearestViewportChanged() to avoid an
unnecessary virtual call.

BUG=603956

Review URL: https://codereview.chromium.org/1902073002

Cr-Commit-Position: refs/heads/master@{#388332}
mstensho
Make MultiColumnFragmentainerGroup::m_columnSet const.
Ideally, I'd like to get rid of the member altogether, but that would require a
lot of refactoring.

This is a preparatory patch for a fix for bug 604609.

BUG=604609

Review URL: https://codereview.chromium.org/1898293003

Cr-Commit-Position: refs/heads/master@{#388326}
fs
Hoist transformToRootChanged() out of SVGLayoutSupport::layoutChildren
This function is really only relevant for LayoutSVG*Containers, and
hence has a stronger logical tie to that part of the hierarchy. For
LayoutSVGRoot it will always return false.
Also rename the |selfNeedsLayout| argument to |forceLayout|, and the
(somewhat) corresponding local variable |forceLayout] to
|forceChildLayout|.
Eliminate an unnecessary virtual call in transformToRootChanged().
Add const qualifier to didTransformToRootUpdate().

BUG=603956

Review URL: https://codereview.chromium.org/1897263002

Cr-Commit-Position: refs/heads/master@{#388292}
fs
Get rid of SVGLayoutSupport::filtersForceContainerLayout
Save the "has filter resource" part, and rename it to hasFilterResource.
Hoist the normalChildNeedsLayout() part into the callers together with
the comment. This makes the condition for forcing layout of children
of an <svg> (outermost) root or a container more obvious.

Also update a few places to use the new hasFilterResource helper.

BUG=603956

Review URL: https://codereview.chromium.org/1899243002

Cr-Commit-Position: refs/heads/master@{#388284}
fs
Improve default value handling for SVGSVGElement.width/height
When a length attribute is either removed or set to an invalid value,
it would get set to '0'. It should however be set to the initial value
specified for the attribute (possibly presentation attribute) in
question.

The test svg/custom/disallow-non-lengths-in-attrs.html is tweaked to
accommodate for this.

BUG=604093

Review URL: https://codereview.chromium.org/1901673003

Cr-Commit-Position: refs/heads/master@{#388250}
sigbjornf
Always enable warn-raw-ptr's check of raw heap pointers.
This warning option has been default-enabled with Oilpan since 3a192c3
(2015-11-25), checking that we do not keep unmanaged raw pointers or
references in class field types. With the Blink codebase adhering
to that (desirable) constraint, this extra warning has been working
well to keep the codebase in that state.

Make the check always apply with no possibility of opting out; we want
it permanently on.

R=
BUG=604476

Review URL: https://codereview.chromium.org/1901643003

Cr-Commit-Position: refs/heads/master@{#388222}
sigbjornf
Rename URLUtils interface as HTMLHyperlinkElementUtils and update.
Follow the HTML spec for HTMLAnchorElement + HTMLAreaElement, and have
them implement the [NoInterfaceObject] HTMLHyperlinkElementUtils
interface, rather than the previous URLUtils which has now been
retired / divided up.

The other implementation of URLUtils, URL, now define the attributes
directly (with the addition of a searchParams getter.)  Update its IDL
also.

R=
BUG=604644

Review URL: https://codereview.chromium.org/1902683003

Cr-Commit-Position: refs/heads/master@{#388209}
jl
IDL: Merge stringifier/serializer definition from implemented interface
A stringifier defined in a supplemental interface was not merged into the
primary interface, which meant that no 'toString' operation was defined.

Same for serializer definitions and the 'toJSON' operation.

This does not currently change generated code; no supplemental interface
defines a stringifier or serializer.

BUG=306606,469650

Review URL: https://codereview.chromium.org/1901983002

Cr-Commit-Position: refs/heads/master@{#388191}
sigbjornf
Update Blink GC plugin to reflect that Oilpan is now always enabled.
With the Blink codebase having migrated to an Oilpan only state, update
the GC plugin accordingly:

 - drop handling of RawPtr<T>, it no longer exists.
 - remove !ENABLE(OILPAN) specific checks.

R=haraken
BUG=604463

Review URL: https://codereview.chromium.org/1895943002

Cr-Commit-Position: refs/heads/master@{#388188}
mostynb
convert //gpu to std::unique_ptr
BUG=554298
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel
TBR=danakj@chromium.org

Review URL: https://codereview.chromium.org/1859703002

Cr-Commit-Position: refs/heads/master@{#388176}
sigbjornf
Leave out redundant includes for postMessage() method bindings.
R=
BUG=

Review URL: https://codereview.chromium.org/1893283004

Cr-Commit-Position: refs/heads/master@{#388148}
mstensho
Support multiple fragmentainer groups per ColumnBalancer run.
Instead of specifying a fragmentainer group for the operation, we now specify a
column set and a flow thread portion (which may be the portion of one group or
many contiguous groups within the same column set).

The reason for this change is that when calculating space shortage in an inner
multicol container, we need to walk through all fragmentainer groups in one
operation, or we'll miss the column boundaries between the fragmentainer
groups, and only find those that lie between two columns in the same
fragmentainer group. This is especially bad if the inner multicol container
only has one column per fragmentainer group (row), since then *all* column
boundaries lie between two fragmentainer groups, and we wouldn't be able to
find any shortage at all.

BUG=594833

Review URL: https://codereview.chromium.org/1891783002

Cr-Commit-Position: refs/heads/master@{#388070}
mstensho
Append fragmentainer groups in outer multicols first.
We need to evaluate the need for extra fragmentainer groups in ancestral
multicol containers first, so that the inner ones can calculate their column
height restrictions correctly.

BUG=572771

Review URL: https://codereview.chromium.org/1895003002

Cr-Commit-Position: refs/heads/master@{#388017}
mostynb
allow clang toolchains to strip libs as they are built
BUG=509771

Review URL: https://codereview.chromium.org/1882923005

Cr-Commit-Position: refs/heads/master@{#388016}
sigbjornf
Abandon prerenders upon render thread shutdown.
Have PrerenderDispatcher abandon its current prerenders when
the renderer is about to shut down -- doing so later isn't
supported as Blink is about to disappear.

Along with this, on the Blink side, weaken the reference that
a Prerender object keep to its PrerenderClient. The latter
should keep the former alive, but not vice versa -- if no one
is referring to the client within Blink, it can be GCed.
This avoids prolonged retention of prerendering Blink objects.

R=
BUG=604325

Review URL: https://codereview.chromium.org/1900583002

Cr-Commit-Position: refs/heads/master@{#387912}
sigbjornf
Simplify handling of Transferable objects while (de)serializing.
Avoid unnecessary allocations and abstractions in the handling of
transferables. The Transferables now collates the different kinds of
objects that can be transferred via postMessage().

R=
BUG=haraken

Review URL: https://codereview.chromium.org/1893983002

Cr-Commit-Position: refs/heads/master@{#387867}
fs
Refactor the current text position update in SVGTextLayoutEngine
The main change is around the handling of "delta" adjustments
('dx' / 'dy'), that is changed to not require keeping state.
Additionally text-on-a-path layout is changed to track the
displacement from the path (the accumulated delta adjustments
in the perpendicular direction.) Baseline adjustments are
consolidated between code-paths and part of the "fragmentation"
condition is hoisted out of the per-"glyph" loop.

BUG=486669

Review URL: https://codereview.chromium.org/1883553004

Cr-Commit-Position: refs/heads/master@{#387694}
mostynb
move track_audio_renderer.{cc,h} to private_renderer_webrtc_sources
This unbreaks the no-webrtc build after
https://codereview.chromium.org/1891183002

BUG=596174

Review URL: https://codereview.chromium.org/1888183003

Cr-Commit-Position: refs/heads/master@{#387688}
mstensho
Invalidate column rules when the width of a multicol container changes.
BUG=587794

Review URL: https://codereview.chromium.org/1892793002

Cr-Commit-Position: refs/heads/master@{#387624}
mstensho
No reason to prevent subpixel column heights in the initial height calculation.
One test had to be updated, because Element.offsetHeight returns integers. The
column height in the test went from 34 to 33.3333333ish with this code change,
which is 33 if you ask offsetHeight.

Review URL: https://codereview.chromium.org/1879253003

Cr-Commit-Position: refs/heads/master@{#387560}
sigbjornf
Remove remaining OILPAN uses from core/events/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1888043003

Cr-Commit-Position: refs/heads/master@{#387549}
mstensho
Don't call paginatedContentWasLaidOut() until we have the final layout.
Blocks may need relayout because of pagination, and calling
paginatedContentWasLaidOut() before that has taken place could make us account
for a leading pagination strut twice (once before the block child, and once
before the first line inside the block). In a nested multicol context this
could trigger creation of additional fragmentainer groups that will be
unneeded in the end.

This fixes the assertion mentioned in bug 594833, but new ones will pop up
instead, because of brokenness in the column balancer. That will be fixed in a
separate CL.

BUG=594833

Review URL: https://codereview.chromium.org/1883163002

Cr-Commit-Position: refs/heads/master@{#387548}
sigbjornf
Remove OILPAN from core/dom/shadow/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1884333002

Cr-Commit-Position: refs/heads/master@{#387541}
sigbjornf
Remove OILPAN from core/dom/custom/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1887183002

Cr-Commit-Position: refs/heads/master@{#387540}
sigbjornf
Remove XMLHttpRequest's non-Oilpan support for eager finalization.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1892453002

Cr-Commit-Position: refs/heads/master@{#387538}
mstensho
Correct inline-block baseline calculation for multicol containers.
The last line of something inside a multicol container is in the flow thread
coordinate space, so we have to translate the baseline block offset into the
visual coordinate space.

BUG=335861

Review URL: https://codereview.chromium.org/1887793002

Cr-Commit-Position: refs/heads/master@{#387472}
fs
Replace CR/NL by space - don't remove altogether when xml:space=default
This moves handling of xml:space=default closer to the more generic
white-space handling, by not removing CR and NL characters, but rather
just replacing them with a regular space.
This modifies behavior, but means aligning with non-WebKit browser
engines.
This also simplifies the code a bit - with promise of further
simplification (or rather assimilation.)

TEST=svg/custom/text-whitespace-handling.svg
BUG=602606, 366558

Review URL: https://codereview.chromium.org/1888823002

Cr-Commit-Position: refs/heads/master@{#387440}
sigbjornf
Remove RawPtr.h
No longer used, so retire this Oilpan transitional wrapper type.

R=
BUG=585328

Review URL: https://codereview.chromium.org/1884113002

Cr-Commit-Position: refs/heads/master@{#387300}
fs
Reorder metrics iteration in LayoutSVGInlineText::updateMetricsList
This changes iteration to iterate BidiRuns and then collect metrics for
all characters in each run.

BUG=594058

Review URL: https://codereview.chromium.org/1880453002

Cr-Commit-Position: refs/heads/master@{#387283}
sigbjornf
Remove remaining binding layer RawPtr<>s.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1883663005

Cr-Commit-Position: refs/heads/master@{#387278}
rune
Allow multiple host pseudos in same compound.
As part of optimizing away :host(-context) selectors which never may
match, we also skipped selectors with multiple :host(-context) pseudos
in the same compound.

Removed assert in findBestRuleSetAndAdd as that would now be required
to traverse the whole compound again to cover everything.

BUG=601585

Review URL: https://codereview.chromium.org/1872343002

Cr-Commit-Position: refs/heads/master@{#387263}
sigbjornf
Remove unnecessary CanvasAsyncBlobCreator keep alive protection.
Closures keep their GCed arguments and |this| alive until completed,
hence manual keep-alive handling on top of that isn't required
for CanvasAsyncBlobCreator.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1882563003

Cr-Commit-Position: refs/heads/master@{#387260}
rune
Check willValidate() for :in-range and :out-of-range.
:in-range and :out-of-range should only match elements which are
candidates for constraint validation[1], and they are not when they are
disabled or read-only.

https://html.spec.whatwg.org/multipage/scripting.html#selector-in-range

R=tkent@chromium.org
BUG=602568

Review URL: https://codereview.chromium.org/1890633002

Cr-Commit-Position: refs/heads/master@{#387258}
sigbjornf
Safely iterate over MediaStreamSource observers.
When changing the ready state of this object, the resultant dispatching of
events by its observers may extend the observer set. Take a snapshot of
the observers, so as to be able safely iterate over it across additions.

R=
BUG=602273

Review URL: https://codereview.chromium.org/1885053002

Cr-Commit-Position: refs/heads/master@{#387243}
mstensho
ColumnBalancer: don't skip bounds checking on first or last fragmentainer groups.
There should be no need for this special-code. Whatever manages to end up
before the first column or after the last one is totally uninteresting to the
column balancer.

Review URL: https://codereview.chromium.org/1886703002

Cr-Commit-Position: refs/heads/master@{#387150}
mstensho
ColumnBalancer: Count line box overflow as space shortage.
Even if the line itself fits nicely inside a column, it may have bottom
overflow that crosses a column boundary. This needs to be counted as space
shortage, or the column balancer might end up over-stretching the columns.

LayoutTests/ietestcenter/css3/multicolumn/column-width-applies-to-007.htm
now passes when opened manually. This used to fail, at least on my machine.

BUG=543487

Review URL: https://codereview.chromium.org/1880283006

Cr-Commit-Position: refs/heads/master@{#387072}
fs
Simplify SVGElement::addToPropertyMap
Shaves a few instructions off (most prominently a call to the QualifiedName
destructor.)

Review URL: https://codereview.chromium.org/1883773003

Cr-Commit-Position: refs/heads/master@{#387024}
rune
Compare font-feature-settings as part of Font::operator==().
We only did a pointer comparison which always failed when doing a style
recalc since a style recalc always creates a new FontFeatureSetting
object.

R=eae@chromium.org
BUG=602802,602959

Review URL: https://codereview.chromium.org/1887613002

Cr-Commit-Position: refs/heads/master@{#387001}
sigbjornf
Remove never instantiated methods from PartitionAllocator.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1883593006

Cr-Commit-Position: refs/heads/master@{#386944}
sigbjornf
Remove ENABLE(OILPAN) from ScriptRunner and PendingScript.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1887573002

Cr-Commit-Position: refs/heads/master@{#386938}
mstensho
Introduce fragmentainerGroupCapacity().
During layout, the flow thread portion of the currently last fragmentainer
group is unknown. So instead of calling logicalBottomInFlowThread() or
logicalHeightInFlowThread(), we multiply the column height with the used value
of column-count.

Seems a bit cleaner to wrap this multiplication inside a method.

Review URL: https://codereview.chromium.org/1885513004

Cr-Commit-Position: refs/heads/master@{#386817}
mostynb
remove unneeded scoped_ptr.h inclusions
BUG=554298

Review URL: https://codereview.chromium.org/1855123002

Cr-Commit-Position: refs/heads/master@{#386791}
sigbjornf
include RefCounted.h where needed, only.
R=
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1882003002

Cr-Commit-Position: refs/heads/master@{#386715}
mstensho
X11: Set window class for content_shell.
For Chrome, this happens in DesktopBrowserFrameAuraLinux::GetWidgetParams(),
but there was no counterpart for content_shell.

Setting a window class makes it easier to customize one's window manager for
content_shell.

R=peter@chromium.org

Review URL: https://codereview.chromium.org/1880643002

Cr-Commit-Position: refs/heads/master@{#386657}
fs
Move SVGTextMetricsCalculator to LayoutSVGInlineText.cpp
Mostly plain code move, with some fixups in the (now folded)
updateMetricsList method. Also removes the non-const getter for the
metrics list.

BUG=594058

Review URL: https://codereview.chromium.org/1879453003

Cr-Commit-Position: refs/heads/master@{#386630}
fs
Refactor SVGTextLayoutAttributesBuilder::collectTextPositioningElements
This moves the creation of a TextPosition element for the <text> into
collectTextPositioningElements too, getting rid of the special case.

BUG=594058

Review URL: https://codereview.chromium.org/1878583002

Cr-Commit-Position: refs/heads/master@{#386622}
sigbjornf
Have bindings layer assume and insist that all interface types are GCed.
All interface types are now garbage collected, hence assume that to
hold when generating bindings code. Various simplifications become
possible as a result, like removing WrapperTypeInfo fields to per-type
de/refObject() static functions.

At the .idl level, [GarbageCollected] no longer conveys anything hence
the support (and use) for it is retired here also.

R=
BUG=585328
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1873323002

Cr-Commit-Position: refs/heads/master@{#386620}
fs
Don't persist the SVGTextLayoutAttributesBuilder
No partial updates are performed on the structures contained within
the builder, so keeping them around between layouts only amounts to
memory wasted. With this change the builder is now more of a proper
builder. buildLayoutAttributesForTextRoot() is folded into
buildLayoutAttributes().

BUG=594058

Review URL: https://codereview.chromium.org/1871393003

Cr-Commit-Position: refs/heads/master@{#386616}
mostynb
convert //courgette to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1855133002

Cr-Commit-Position: refs/heads/master@{#386511}
mostynb
Convert //sql to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851913002

Cr-Commit-Position: refs/heads/master@{#386451}
tsniatowski
Use clang "--target=x" on android to help icecc
Icecc is confused by the two-argument "-target x" form, and decides to compile
everything locally. --target=x makes it happy.

Review URL: https://codereview.chromium.org/1871813003

Cr-Commit-Position: refs/heads/master@{#386419}
mstensho
Resurrect ASSERT(isFirstAfterBreak(flowThreadOffset()) || !box.paginationStrut()).
This assertion effectively became disabled by accident by
https://codereview.chromium.org/1856373002 , so that fuzzer bug 551312 stopped
asserting, although that bug is still very much present.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1876713003

Cr-Commit-Position: refs/heads/master@{#386418}
sigbjornf
Abandon Prerender upon finalizing PrerenderHandle.
Forcefully sever the connection to the embedder upon the PrerenderHandle
becoming unreachable and unused. Otherwise we risk Prerender leaks
and renderer shutdown crashes when the embedder tries to access Blink
after it has already been shut down.

R=haraken
BUG=602227

Review URL: https://codereview.chromium.org/1872383002

Cr-Commit-Position: refs/heads/master@{#386401}
sigbjornf
Move DOMArrayBuffer, DOMArrayBufferViews and DataView to the heap.
Thereby having all ScriptWrappable-derived types on the Oilpan heap.

R=haraken,tkent,ortuno
BUG=585328
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1878463002

Cr-Commit-Position: refs/heads/master@{#386347}
fs
Only hit-test SVG <text> foreground
<text> doesn't have/paint any background, so performing hit-tests for
the various background is a both a waste of time, and gives rise to bugs
in some cases where poor precision renders false positives.
This also matches what LayoutSVGShape does (and <text> is a "graphics
element" just like the basic shapes.)
Rework the 'pointer-events: bounding-box' check to not rely on
nodeAtPoint. It's now somewhat consistent with how containers (<g>) are
handled.
This also affects how hit-testing works w/ 'textLength' ("artificial"
spaces will no longer be considered part of the <text> - this matches
the Firefox behavior.) Adjust svg/animations/svgenum-animation-3.html
to cater to this change in behavior.

BUG=601036

Review URL: https://codereview.chromium.org/1870983002

Cr-Commit-Position: refs/heads/master@{#386308}
fs
Use characters (not code units) when computing value list positions
The value list position is updated by one for each character, and not
at all when spaces are skipped (collapsed). When assigning value list
positions, we are currently counting surrogates as two (on for each
code unit.)
Use the text metrics data to count the number of (non-collapsed)
characters instead.

BUG=597312, 594058

Review URL: https://codereview.chromium.org/1866703002

Cr-Commit-Position: refs/heads/master@{#386305}
fs
Separate metrics update and layout attribute resolving
This splits the walkInlineText() function from SVGTextMetricsBuilder.cpp
into one function for computing the Vector of SVGTextMetrics (called
via updateTextMetrics in LayoutSVGInlineText) and one function for
computing the mapping of layout attributes (updateLayoutAttributes in
SVGTextLayoutAttributesBuilder.cpp).
This in turn mean that the UpdateAttribute helper struct is split and
done away with, similarly TreeWalkTextState.

BUG=594058

Review URL: https://codereview.chromium.org/1861013003

Cr-Commit-Position: refs/heads/master@{#386301}
fs
Invalidate text metrics when the <text> subtree is mutated
When the content of a text node is modified, we would only invalidate
positioning values and not text metrics. This would lead to incorrect or
inconsistent text metrics/fonts being used, which would lead to repaint
bugs and similar issues.
Make sure all mutations to the <text> subtree trigger text metrics re-
computation.

Also take this opportunity to move the definition of the
willBeDestroyed() method for slightly better grouping.

BUG=299497, 594058

Review URL: https://codereview.chromium.org/1865923002

Cr-Commit-Position: refs/heads/master@{#386300}
fs
Revert of Reland: Switch components/password_manager code from IPC messages to Mojo. (patchset #4 id:60001 of https://codereview.chromium.org/1866643002/ )
Reason for revert:
Appears to have caused:

FAILED: /b/build/slave/GPU_Linux_Builder/build/src/build/goma/client/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/chrome/browser/test_support_ui/password_manager_test_base.o.d -DV8_DEPRECATION_WARNINGS -DCLD_VERSION=2 -DENABLE_MDNS=1 -DENABLE_NOTIFICATIONS -DENABLE_PEPPER_CDMS -DENABLE_PLUGINS=1 -DENABLE_PDF=1 -DENABLE_PRINTING=1 -DENABLE_BASIC_PRINTING=1 -DENABLE_PRINT_PREVIEW=1 -DENABLE_SPELLCHECK=1 -DUSE_UDEV -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_CLIPBOARD_AURAX11=1 -DUSE_DEFAULT_RENDER_THEME=1 -DUSE_GLIB=1 -DUSE_OPENSSL=1 -DUSE_NSS_CERTS=1 -DUSE_NSS_VERIFIER=1 -DUSE_X11=1 -DENABLE_WEBRTC=1 -DENABLE_EXTENSIONS=1 -DENABLE_TASK_MANAGER=1 -DENABLE_THEMES=1 -DENABLE_CAPTIVE_PORTAL_DETECTION=1 -DENABLE_SESSION_SERVICE=1 -DENABLE_APP_LIST=1 -DENABLE_SETTINGS_APP=1 -DENABLE_SUPERVISED_USERS=1 -DENABLE_SERVICE_DISCOVERY=1 -DENABLE_AUTOFILL_DIALOG=1 -DENABLE_TOPCHROME_MD=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -DFIELDTRIAL_TESTING_ENABLED -DCR_CLANG_REVISION=264915-1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DTOOLKIT_VIEWS=1 -DGL_GLEXT_PROTOTYPES -DGTEST_HAS_POSIX_RE=0 -DGTEST_LANG_CXX11=0 -DGTEST_HAS_RTTI=0 -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DSK_SUPPORT_GPU=1 -DUNIT_TEST -I../.. -Igen -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/glib-2.0 -I../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/protobuf -I../../third_party/khronos -I../../gpu -I../../testing/gtest/include -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/nss -I../../build/linux/debian_wheezy_amd64-sysroot/usr/include/nspr -I../../third_party/boringssl/src/include -I../../testing/gmock/include -I../../skia/config -I../../skia/ext -I../../third_party/skia/include/c -I../../third_party/skia/include/config -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/images -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pdf -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../third_party/skia/include/gpu -I../../third_party/skia/src/gpu -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -fcolor-diagnostics -fdebug-prefix-map=/b/build/slave/GPU_Linux_Builder/build/src=. -pthread -m64 -march=x86-64 -Wall -Werror -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -O2 -fno-ident -fdata-sections -ffunction-sections -g0 --sysroot=../../build/linux/debian_wheezy_amd64-sysroot -fvisibility=hidden -Xclang -load -Xclang ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-templates -Xclang -plugin-arg-find-bad-constructs -Xclang follow-macro-expansion -Wheader-hygiene -Wstring-conversion -Wno-header-guard -fno-threadsafe-statics -fvisibility-inlines-hidden -std=gnu++11 -fno-rtti -fno-exceptions -c ../../chrome/browser/password_manager/password_manager_test_base.cc -o obj/chrome/browser/test_support_ui/password_manager_test_base.o
In file included from ../../chrome/browser/password_manager/password_manager_test_base.cc:13:
In file included from ../../chrome/browser/password_manager/chrome_password_manager_client.h:15:
In file included from ../../components/password_manager/content/browser/credential_manager_impl.h:13:
In file included from gen/components/password_manager/content/public/interfaces/credential_manager.mojom.h:26:
gen/components/password_manager/content/public/interfaces/credential_manager.mojom-internal.h:14:10: fatal error: 'url/mojo/origin.mojom-internal.h' file not found
#include "url/mojo/origin.mojom-internal.h"

(https://build.chromium.org/p/chromium.gpu/builders/GPU%20Linux%20Builder/builds/58271/steps/compile/logs/stdio)

Original issue's description:
> Reland: Switch components/password_manager code from IPC messages to Mojo.
>
> Original CL was found breaking android gn build after landed.. #strange
> Fix BUILD.gn and reland.
>
> The original CL:
> https://crrev.com/d20fb918841354a75546fa38b5307aaba117598b
>
> Original CL description follows:
>
> Replace credential_manager_messages.h IPC to Mojo service.
>
> BUG=582391
>
> Committed: https://crrev.com/4a2f71f4c9e9e2c3ac0e4622c12e5dc0c5ebfe24
> Cr-Commit-Position: refs/heads/master@{#386290}

TBR=jochen@chromium.org,amistry@chromium.org,rockot@chromium.org,tsepez@chromium.org,vabr@chromium.org,leon.han@intel.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=582391

Review URL: https://codereview.chromium.org/1872133002

Cr-Commit-Position: refs/heads/master@{#386297}
fs
Add test for metrics invalidation on textnode removal
This tests that text metrics (read: collapsing info) are updated as
needed when a text node is removed.

BUG=299497, 594058

Review URL: https://codereview.chromium.org/1872513005

Cr-Commit-Position: refs/heads/master@{#386223}
mstensho
Correctly account for nested multicol top border / padding.
Top border and padding will be baked into the first LayoutColumnSet object of a
multicol container, but not until the column set is laid out. Since column sets
are laid out after flow threads, use a more reliable way to include top border
and padding.

BUG=552615

Review URL: https://codereview.chromium.org/1863413002

Cr-Commit-Position: refs/heads/master@{#386213}
mostynb
remove klundberg from build/android/OWNERS
Requested over in https://codereview.chromium.org/1875663002/

TBR=mikecase@chromium.org

Review URL: https://codereview.chromium.org/1872043002

Cr-Commit-Position: refs/heads/master@{#386206}
mostynb
support adding symlinks to zip files
Add symlinks as symlinks to zip files, not their target
in place of the symlink.

Review URL: https://codereview.chromium.org/1875663002

Cr-Commit-Position: refs/heads/master@{#386199}
sigbjornf
Add support for URL.searchParams getter.
Add the missing piece to our URLSearchParams implementation;
the readonly attribute for URL, URL.searchParams:

 https://url.spec.whatwg.org/#dom-url-searchparams

The currently spec'ed connection between URL and URLSearchParams is
a lot less general than previous designs, hence the object lifetime
complexities it ran into (see https://codereview.chromium.org/143313002/)
falls away.

Intent to Implement and Ship (for URLSearchParams and this URL attribute):

 https://groups.google.com/a/chromium.org/d/msg/blink-dev/grHZDbldP04/JdsoQ169AQAJ

R=mkwst
BUG=303152

Review URL: https://codereview.chromium.org/1860623002

Cr-Commit-Position: refs/heads/master@{#386189}
fs
Wait for 'load' in svg/wicd/test-rightsizing-b.xhtml
BUG=444095

Review URL: https://codereview.chromium.org/1874723002

Cr-Commit-Position: refs/heads/master@{#386089}
rune
Revert of Don't apply style elements or PIs with loading imports. (patchset #2 id:20001 of https://codereview.chromium.org/1867513002/ )
Reason for revert:
This change is incompatible with what Gecko and Blink used to do when inserting an @import rule with insertRule() into a style element sheet.

Inserting a style element with script, immediately followed by an @import insertRule() behaves differently than inserting the style element containing that @import rule in the text because the <style> element is processed before the insertRule. Both Gecko and Blink (without this CL) applies the main stylesheet while the @import inserted with insertRule is loading, while they don't when @import is part of the text node child.

The behavior for inserting @import is not specified, and zcorpan reported [1].

[1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=29566

Original issue's description:
> Don't apply style elements or PIs with loading imports.
>
> updateLayoutTreeIgnorePendingStylesheets may resolve styles when sheets
> are loading. For link elements, the main stylesheet is not applied if
> any of its @imports are still loading. For style elements and
> xml-stylesheets, we did apply the contents of the main stylesheet while
> its @imports were loading. That means we applied half-baked stylesheets
> and we had an inconsistency between link and style. Instead regard
> style elements and processing instructions as loading when @imports are
> loading.
>
> BUG=600733
>
> Committed: https://crrev.com/456c101025b6c470dce2a6af3b0d70cb2950a980
> Cr-Commit-Position: refs/heads/master@{#385564}

TBR=esprehn@chromium.org,timloh@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=600733

Review URL: https://codereview.chromium.org/1867753006

Cr-Commit-Position: refs/heads/master@{#386081}
sigbjornf
Clean up CompositorPendingAnimations inclusion.
No need for Document.h to include this header; remove +
follow up on various IWYU violations that surfaces as a
result.

Also tidy up IntersectionObserver inclusion + remove its
non-Oilpan code.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1870963002

Cr-Commit-Position: refs/heads/master@{#386042}
hugoh
Add ssl_error's dependency to network_time in gyp
https://codereview.chromium.org/1772143002 updated
BUILD.gn but not the corresponding ssl_errors.gypi.

Without this fix gyp-builds get undefinded references
to NetworkTimeTracker::GetNetworkTime() when linking.

BUG=589700

Review URL: https://codereview.chromium.org/1865493002

Cr-Commit-Position: refs/heads/master@{#386025}
sigbjornf
Prerender need to be on the Oilpan heap.
The object implementing the PrerenderClient is LinkLoader, which is
an object that's Oilpan heap allocated. Consequently, it cannot be
kept Prerender as a bare pointer, but needs to be traced and accounted
for during garbage collections.

The simplest way to handle that is to move Prerender to the Oilpan
heap.

R=haraken,jochen
BUG=

Review URL: https://codereview.chromium.org/1862593005

Cr-Commit-Position: refs/heads/master@{#386007}
rune
Plugin element widget may be a RemoteFrameView.
Corrected ASSERT and re-enabled test.

Removed ENABLE(OILPAN) ifdef in the neighborhood since its removal is
in progress.

R=dcheng@chromium.org,lukasza@chromium.org
BUG=601581

Review URL: https://codereview.chromium.org/1872653002

Cr-Commit-Position: refs/heads/master@{#386005}
sigbjornf
Add setIndexedDBClientCreateFunction() explanatory comment.
Follow up changes in r385772 and r385733 with a comment to
try to explain why update atomicity matters here.

R=
BUG=598551, 599011
NOTRY=true

Review URL: https://codereview.chromium.org/1862223005

Cr-Commit-Position: refs/heads/master@{#386000}
mstensho
Only allow forced fragmentainer breaks at class A break points.
https://drafts.csswg.org/css-break/#possible-breaks
https://drafts.csswg.org/css-break/#forced-breaks

The essential change is that forced breaks are not allowed before a first child
or after a last child, only between siblings. Floats and auto-positioned
out-of-flow siblings after the last in-flow child still need to honor the
break-after value of said last in-flow child, though.

Updated the forced-break-before-complex-margin-collapsing.html test, since it
became invalid. Top margins after forced breaks should not be eaten by the
column boundary. It also made an incorrect assumption about inserting a forced
break in front of a first child block. That's no valid class A break point.

This change also made printing/css2.1/page-break-after-003.html pass, which
has a break-after:page block with no in-flow block following it - i.e. there'll
be no class A break point for it to have any effect. It should not create a
blank page at the end.

BUG=223068,539873

Review URL: https://codereview.chromium.org/1856373002

Cr-Commit-Position: refs/heads/master@{#385955}
mstensho
Make top-layer elements work also when the viewport is paginated.
When the viewport is paginated (by overflow:-webkit-paged-* specified on HTML
or BODY), top-layer elements are redirected to a flow thread, along with
everything else. So we have to go through the children of the flow thread, not
the children of the layout view, when looking for them.

BUG=594306

Review URL: https://codereview.chromium.org/1850153002

Cr-Commit-Position: refs/heads/master@{#385883}
mboc
Export the tablet mode checking function from base.
BUG=

Review URL: https://codereview.chromium.org/1838993002

Cr-Commit-Position: refs/heads/master@{#385832}
sigbjornf
Avoid IndexedDBClient::create() read race.
R=haraken
BUG=598551

Review URL: https://codereview.chromium.org/1869013002

Cr-Commit-Position: refs/heads/master@{#385772}
sigbjornf
Avoid setIndexedDBClientCreateFunction() write race.
R=haraken
BUG=599011

Review URL: https://codereview.chromium.org/1862403002

Cr-Commit-Position: refs/heads/master@{#385733}
fs
Rebaseline svg/wicd/test-rightsizing-b.xhtml
Get latest result from the bots.

TBR=davve@opera.com
BUG=444095

Review URL: https://codereview.chromium.org/1865263002

Cr-Commit-Position: refs/heads/master@{#385713}
sigbjornf
Make VTTParserClient the GC mixin it needs to be.
Unsafe for the VTTParser to keep a raw pointer to the GCed object
implementing this client interface.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1870603002

Cr-Commit-Position: refs/heads/master@{#385688}
tmoniuszko
Accept absolute Windows paths without leading slash in GN commands
Leading slash is removed before path is passed to GN when command is run
on MSYS shell. See http://www.mingw.org/wiki/Posix_path_conversion.

BUG=590686

Review URL: https://codereview.chromium.org/1742303002

Cr-Commit-Position: refs/heads/master@{#385686}
tsniatowski
Add android_libcpp_lib_dir gn arg
Port android_libcpp_libs_dir from gyp, where it was possible to override
this directory. Allows using a custom libc++ easily.

BUG=359249

Review URL: https://codereview.chromium.org/1865853002

Cr-Commit-Position: refs/heads/master@{#385679}
sigbjornf
Have the mock PlatformSpeechSynthesizer ignore pause/resume sometimes.
Should pause()/resume() be attempted without nothing being currently
spoken, just ignore.

R=
BUG=600664

Review URL: https://codereview.chromium.org/1861323003

Cr-Commit-Position: refs/heads/master@{#385670}
rune
Don't persist plugins across reattach for widget updates.
HTMLPluginElement::lazyReattachIfNeeded() is called for changes where we
expect the plugin to be re-initialized. For instance, if the type or
data attributes changes on <object>. In theory, a detach() as part of a
plugin-persisting lazy re-attach done previously may already have put
the plugin widget into the persisted plugin widget member. In that case
we will return early from detach() which is why we're resetting the
persisted widget in lazyReattachIfNeeded() instead of handling it in
detach().

R=esprehn@chromium.org
BUG=567329

Review URL: https://codereview.chromium.org/1866153002

Cr-Commit-Position: refs/heads/master@{#385590}
rune
Don't apply style elements or PIs with loading imports.
updateLayoutTreeIgnorePendingStylesheets may resolve styles when sheets
are loading. For link elements, the main stylesheet is not applied if
any of its @imports are still loading. For style elements and
xml-stylesheets, we did apply the contents of the main stylesheet while
its @imports were loading. That means we applied half-baked stylesheets
and we had an inconsistency between link and style. Instead regard
style elements and processing instructions as loading when @imports are
loading.

BUG=600733

Review URL: https://codereview.chromium.org/1867513002

Cr-Commit-Position: refs/heads/master@{#385564}
mostynb
Convert //sandbox to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1849323003

Cr-Commit-Position: refs/heads/master@{#385445}
mostynb
fix incorrect libstdc++ from GCC >= 5.1 check
Assume that libstdc++ from GCC >= 5.1 is being used only when compiling with GCC >= 5.1.

This unbreaks GCC 4.8.5 and 4.9.3 builds after https://codereview.chromium.org/1837563002/
landed.

Review URL: https://codereview.chromium.org/1863523005

Cr-Commit-Position: refs/heads/master@{#385416}
sigbjornf
Remove ENABLE(OILPAN) uses in wtf/
R=
BUG=585328

Review URL: https://codereview.chromium.org/1863753002

Cr-Commit-Position: refs/heads/master@{#385411}
mstensho
Initialize child framesets when they become part of the parent frameset grid.
The number of child frames and framesets in a parent frameset grid may be
increased by a script after initial layout. Framesets that initially were not
part of the grid were left uninitialized, i.e. their GridAxis objects are
empty, and the layout object size is 0x0. As soon as such a frameset becomes
part of the grid later on, it typically gets a size, which positionFrames()
will detect and lay it out. However, since zero-width columns and zero-height
rows are allowed, if the size of the child frameset remains at 0x0, we cannot
just base the need for layout (which initializes the frame sets) on them
getting a new size.

BUG=594834

Review URL: https://codereview.chromium.org/1848033004

Cr-Commit-Position: refs/heads/master@{#385404}
fs
Simplify layout attribute invalidation in LayoutSVGText
Move invalidation to a new method (invalidatePositioningValues), and
also make sure to clear LayoutSVGText::m_layoutAttributes to make it
more robust.

BUG=405966, 594058

Review URL: https://codereview.chromium.org/1856393002

Cr-Commit-Position: refs/heads/master@{#385274}
mstensho
Adding tall content may require insertion of more than one additional column row.
There's no guarantee that adding just one column row has created enough columns
to flow the content into. So add as many as we need.

Review URL: https://codereview.chromium.org/1864493002

Cr-Commit-Position: refs/heads/master@{#385226}
fs
Rebuild layout attributes on layout instead of on layout tree updates
What layout attributes are used (for a text node; LayoutSVGInlineText),
depends on how many "characters" precedes the node in question.
Layout attributes were updated on insertions and removals on the layout
tree, by find the node to update, and update the surrounding nodes.
It were however trying to depend on the order in which nodes were being
attached, which meant that a sequence of updates could lead to incorrect
layout attribute (indices) being computed. The process per node is also
essentially O(n) (albeit a fairly cheap such.)
Instead of updating on add/remove/update of nodes, just mark the position
data as invalid, and update on the next layout of the <text> root. This
also has the side-effect of simplifying the code quite significantly,
and should avoid repeatedly resolving the layout attribute indices.

Also take the opportunity to pass LayoutSVGText references and simplify
related code a bit.

BUG=405966, 594058

Review URL: https://codereview.chromium.org/1854123002

Cr-Commit-Position: refs/heads/master@{#385149}
sigbjornf
Update Source/platform/ to assume Oilpan only.
R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1860903002

Cr-Commit-Position: refs/heads/master@{#385145}
fs
Fold 'rotate' attribute semantics into the attribute list iterator
With a small increase in complexity in the updateCharacterData() method
in the AttributeListsIterator helper, the loop handling the 'rotate'
"tail" semantics can be folded into the loop updating all attributes.

Review URL: https://codereview.chromium.org/1849353002

Cr-Commit-Position: refs/heads/master@{#385128}
sigbjornf
Avoid unnecessary DocumentElementSetMap hash table updates.
Alter the representation of the singleton map used to track the
correspondence between Documents and their media elements.

Additions and removals become slightly cheaper as a result.

R=
BUG=

Review URL: https://codereview.chromium.org/1852423003

Cr-Commit-Position: refs/heads/master@{#385126}
fs
Iteration helper for SVGTextLayoutAttributesBuilder::fillCharacterDataMap
Add helper AttributeListsIterator that keeps the iteration state for
the x, y, dx, dy and rotate attribute lists.

Review URL: https://codereview.chromium.org/1854853002

Cr-Commit-Position: refs/heads/master@{#385124}
sigbjornf
Remove unused DEFINE_STATIC_REF_WILL_BE_PERSISTENT().
R=
BUG=585328

Review URL: https://codereview.chromium.org/1858823002

Cr-Commit-Position: refs/heads/master@{#385062}
rune
Removed TODO as non-matching host rules are skipped earlier.
The TODO comment was about non-matching selectors like "div:host" or
":host.class". Such selectors are ignored for RuleSet when returning
SelectorNeverMatches from collectFeaturesFromRuleData.

R=timloh@chromium.org,esprehn@chromium.org

Review URL: https://codereview.chromium.org/1855853004

Cr-Commit-Position: refs/heads/master@{#385025}
mostynb
convert //mash to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1857623003

Cr-Commit-Position: refs/heads/master@{#384948}
mostynb
convert //chrome_elf to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1858493002

Cr-Commit-Position: refs/heads/master@{#384925}
sigbjornf
Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
being exposed as static singletons -- the wrapping happening by
way of a Persistent<>.

With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
entirely.

R=haraken
BUG=585328

Committed: https://crrev.com/18dc8ecff5ba68d28fc536f723ae3c57eafa1b4e
Cr-Commit-Position: refs/heads/master@{#384887}

Review URL: https://codereview.chromium.org/1850413002

Cr-Commit-Position: refs/heads/master@{#384904}
sigbjornf
Simplify LifecycleNotifier and Observer.
With Oilpan permanently enabled, let go of some dead code.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1858583002

Cr-Commit-Position: refs/heads/master@{#384897}
sigbjornf
Revert of Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects. (patchset #7 id:120001 of https://codereview.chromium.org/1850413002/ )
Reason for revert:
Don't understand what happened here, but compilation breakage seen https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac%20Builder/builds/155272

Original issue's description:
> Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
>
> Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
> being exposed as static singletons -- the wrapping happening by
> way of a Persistent<>.
>
> With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
> along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
> entirely.
>
> R=haraken
> BUG=585328
> NOTRY=true
>
> Committed: https://crrev.com/18dc8ecff5ba68d28fc536f723ae3c57eafa1b4e
> Cr-Commit-Position: refs/heads/master@{#384887}

TBR=oilpan-reviews@chromium.org,haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=585328

Review URL: https://codereview.chromium.org/1855203002

Cr-Commit-Position: refs/heads/master@{#384890}
sigbjornf
Improve DEFINE_STATIC_LOCAL()'s handling of Blink GCed objects.
Extend DEFINE_STATIC_LOCAL() to automatically wrap up heap objects
being exposed as static singletons -- the wrapping happening by
way of a Persistent<>.

With that in place, simplify various uses of DEFINE_STATIC_LOCAL()
along with phasing out the use of DEFINE_STATIC_REF_WILL_BE_PERSISTENT()
entirely.

R=haraken
BUG=585328
NOTRY=true

Review URL: https://codereview.chromium.org/1850413002

Cr-Commit-Position: refs/heads/master@{#384887}
mostynb
convert //headless to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1854043002

Cr-Commit-Position: refs/heads/master@{#384880}
mostynb
convert //testing to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1855823002

Cr-Commit-Position: refs/heads/master@{#384872}
rune
Fixed ::slotted performance in pure v1 shadow documents.
Instead of traversing all m_treeBoundaryCrossingScopes matching rules
from other scopes, just walk the assignedSlot() chain for resolvers.
This makes rule matching a lot cheaper since quite a lot of components
have tree boundary crossing rules in practice (polymer apps using v0
typically have hundreds of such scopes).

The assumption here is that the assignedSlot chain most of the time
will be quite short and/or cheap to walk.

Introducing a flag set in StyleEngine if there ever exists a v0 shadow
tree to fall back to traversing m_treeBoundaryCrossingScopes when
necessary.

For the slotted.html demo in crbug.com/599833, the full recalc with
~4000 elements goes from ~800ms to ~40ms with this change when each
shadow tree has a ::slotted rule. No substantial regression for the
case without ::slotted rules.

Added a test for /deep/ being used a descendant combinator in a
document without shadow trees, as I feared I might have broken that and
I couldn't find any existing tests for it.

For later, we may choose to never collect m_treeBoundaryCrossingScopes
for pure v1 documents, but that means we would have to recreate that
collection once we add a v0 shadow to the document.

R=kochi@chromium.org,hayato@chromium.org,dglazkov@chromium.org
BUG=599833

Review URL: https://codereview.chromium.org/1853713002

Cr-Commit-Position: refs/heads/master@{#384867}
sigbjornf
Remove now-unused kConstantInModule.
TBR=thakis,wfh
BUG=550065

Review URL: https://codereview.chromium.org/1857693002

Cr-Commit-Position: refs/heads/master@{#384866}
mostynb
remove gwilson from rlz/OWNERS
Review URL: https://codereview.chromium.org/1855833002

Cr-Commit-Position: refs/heads/master@{#384857}
mostynb
convert //apps to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851373002

Cr-Commit-Position: refs/heads/master@{#384853}
sigbjornf
Make WTF::IsGarbageCollectedType<> work for GC mixin instances.
The trick that IsGarbageCollectedType<T> uses of probing for the presence
of a "marker" type name within T to detect if T derives from a GC base
or is another kind of heap object, doesn't work for GC mixins.

For instance,

 class Mixin : public GarbageCollectedMixin { ... };
 class Use : public GarbageCollected<Use>, public Mixin {
     USING_GARBAGE_COLLECTED_MIXIN(Use);
     ...
 };

As both GarbageCollected<> and GarbageCollectedMixin<> provide the marker
type name, referring to the marker type name is ambiguous when attempted
over Use. Address the problem by overriding and defining the marker for
mixin instances also.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1851383002

Cr-Commit-Position: refs/heads/master@{#384851}
mostynb
convert //rlz to std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1856623002

Cr-Commit-Position: refs/heads/master@{#384837}
mostynb
Convert //url to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1851933002

Cr-Commit-Position: refs/heads/master@{#384831}
mostynb
Convert //gin to use std::unique_ptr
BUG=554298

Review URL: https://codereview.chromium.org/1848423002

Cr-Commit-Position: refs/heads/master@{#384830}
sigbjornf
Simplify ScriptStreamer lifetime handling.
Remove manual keep-alive ref counting for ScriptStreamer across a posted
task; unnecessary as the closure will keep a strong enough reference as-is.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1848443008

Cr-Commit-Position: refs/heads/master@{#384811}
sigbjornf
Hide PingLoader lifetime implementation detail from outside view.
The self-sustaining nature of ping loader objects while the request is
in-flight is an internal implementation detail. Reflect that by having
the class type derive from just GarbageCollectedFinalized> and instead
internally manually manage a SelfKeepAlive<> reference.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1847823007

Cr-Commit-Position: refs/heads/master@{#384810}
sigbjornf
Round out WillBe type removal.
A few leftovers.

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1850183003

Cr-Commit-Position: refs/heads/master@{#384804}
sigbjornf
HeapSupplements are now just Supplements.
Replace occurrences of HeapSupplement with Supplement and retire the
former name (HeapSupplement.)

R=haraken
BUG=585328

Review URL: https://codereview.chromium.org/1846913009

Cr-Commit-Position: refs/heads/master@{#384803}
mstensho
All ancestor multicols must have enough rows before laying out some inner multicol.
We had code in place to insert new rows (and rows in enclosing fragmentation
contexts) when we ran out of space during layout, but we didn't make sure
initially that enough rows had been created, which would result in calculating
an incorrect column height and cause general confusion.

appendNewFragmentainerGroupIfNeeded() now needs to take a PageBoundaryRule
argument (since the new code in this CL deals with top offsets rather than
bottom offsets).

BUG=597058, 588364

Review URL: https://codereview.chromium.org/1834223008

Cr-Commit-Position: refs/heads/master@{#384800}
mstensho
Correct conversion from flowthread to visual coordinate space when there's border/padding.
If an inner multicol container has border or padding, just using the outer
block offset stored in the inner flow thread won't be good enough. We need to
find the actual first fragmentainer group in the first column set.

Or, put simply: let's do what the comment in the code actually says!

Review URL: https://codereview.chromium.org/1847343003

Cr-Commit-Position: refs/heads/master@{#384737}
ckulakowski
Make global variable gTimeDeltaForTesting lazily created.
It's a fix for compilation error: "declaration requires a global constructor [-Werror,-Wglobal-constructors]"

BUG=

Review URL: https://codereview.chromium.org/1851443003

Cr-Commit-Position: refs/heads/master@{#384724}
sigbjornf
Simplify Supplementables post Oilpan.
R=
BUG=585328

Review URL: https://codereview.chromium.org/1851743002

Cr-Commit-Position: refs/heads/master@{#384689}
fs
Use HashMap::add in SVGTextLayoutAttributesBuilder
Removes some redundancies and eliminates double-hashing.
Do the update of default values last. (Avoids assert in AddResult
destructor.)

Review URL: https://codereview.chromium.org/1847333003

Cr-Commit-Position: refs/heads/master@{#384599}
rune
Removed unused non-const accessors for stylesheet lists.
R=mstensho@opera.com

Review URL: https://codereview.chromium.org/1849203002

Cr-Commit-Position: refs/heads/master@{#384578}
fs
Move metrics list storage to LayoutSVGInlineText
It was previously stored in SVGTextLayoutAttributes (which is stored in
LayoutSVGInlineText). The connection between these two is very loose, so
letting the metrics be a part of the attributes structure doesn't feel
entirely logical. There's still a back-pointer in the attributes
structure, which means it's still reachable in the same way (albeit with
one additional indirection.)
Rename the various accessors to metricsList().

BUG=594058

Review URL: https://codereview.chromium.org/1844723003

Cr-Commit-Position: refs/heads/master@{#384450}
rune
No need to look up Document from Element.
Instead use the document() from StyleResolver.

R=kochi@chromium.org

Review URL: https://codereview.chromium.org/1851463002

Cr-Commit-Position: refs/heads/master@{#384325}
rune
Add trace event for updateActiveStyleSheets.
Added for inspecting performance changes for async stylesheet update
and show how much time stylesheet update will account for when moved to
the updateLayoutTree part of the lifecycle.

Will not be called often enough to cause a performance issue in itself.

R=mstensho@opera.com
BUG=567021

Review URL: https://codereview.chromium.org/1843063005

Cr-Commit-Position: refs/heads/master@{#384237}
fs
Pass LineLayoutSVGInlineText to SVGTextMetricsCalculator
Slightly more on the Layout API bandwagon.

BUG=594058

Review URL: https://codereview.chromium.org/1838363004

Cr-Commit-Position: refs/heads/master@{#384137}
fs
Move SVGTextPositioningElement::elementFromLayoutObject
...to SVGTextLayoutAttributesBuilder.cpp, since that is where it's used.
Turn the entry if into an ASSERT (because it's trivial to see that the
condition always holds in this context.)

BUG=594058

Review URL: https://codereview.chromium.org/1846633002

Cr-Commit-Position: refs/heads/master@{#384136}
mboc
Avoid applying alpha twice in RenderText.
BUG=575186

Review URL: https://codereview.chromium.org/1842693002

Cr-Commit-Position: refs/heads/master@{#384055}
rune
Introduce setNeedsActiveStyleUpdate for adding/removing stylesheets.
Remove the add/remove/modify methods which did not have different
implementations anyway. The plan is to let the async active stylesheet
update detect which StyleSheetContents have been added and which have
been removed and invalidate style and caches accordingly.

I've started to write up the plan here: http://bit.ly/25uxtnU

BUG=567021

Review URL: https://codereview.chromium.org/1843693002

Cr-Commit-Position: refs/heads/master@{#384008}
rune
No need for resolverChanged from xml parser.
StyleEngine::resolverChanged now updates the list of active stylesheets.
At some point resolverChanged caused a synchronous style recalc and
layout tree update. There are indications that XSL transforms also were
hooked into that code based on the comments. XSL transforms are
triggered on XSL PI source loaded or DOM content loaded event. For CSS
stylesheets resolverChanged should be called from the StyleEngine when
sheets finishes loading etc like we do for HTML documents.

Review URL: https://codereview.chromium.org/1767083002

Cr-Commit-Position: refs/heads/master@{#383933}
rune
Ensure fullscreen.css loaded for ancestor invalidation
Using invalidation sets caused regression crbug.com/596803 because we
only ensured the fullscreen.css had features available for style
resolving in the fullscreened element's document. This CL ensures the
features are up-to-date for all fullscreen related pseudoStateChanged.

I was not able to reproduce the problem in 596803, but 448721 also
regressed and I've confirmed this CL fixes that regression.

The added layout test does not fail without this fix because the
full screen implementation in content_shell is different and
setMediaType() for fullscreen on resize causes a full recalc of
everything in content_shell before we try to apply fullscreen style
changes. However, if mediaQueryAffectingValueChanged was smarter when
changing media type to fullscreen. That test would have failed.

BUG=596803

Review URL: https://codereview.chromium.org/1823143002

Cr-Commit-Position: refs/heads/master@{#383711}
fs
Regenerate Win7/Android baselines for a few SVG letter-spacing tests
Didn't appear successful on the first try.

TBR=dgrogan@chromium.org
BUG=583298

Review URL: https://codereview.chromium.org/1827103004

Cr-Commit-Position: refs/heads/master@{#383226}
fs
Always create a BidiRun in SVGTextMetricsBuilder
Create a BidiRun for the 'override' case too, to avoid a bunch of
special cases. Since we always have a BidiRun now, null-checks can be
removed, and code simplified a bit. (Hopefully even more in the future.)
Also make "8-bit" (latin1) strings take this code-path. (This was
handled by the SimpleShaper path previously.)

BUG=594058

Review URL: https://codereview.chromium.org/1826263002

Cr-Commit-Position: refs/heads/master@{#383224}
fs
Add spacingDisabled() check to ShapeResultSpacing
SVGTextLayoutEngine applies letter-spacing and word-spacing itself, so
without this we'd apply the spacing properties twice.
This is essentially a bandaid work-around, until we can figure out how
to handle this in a better way.

BUG=583298

Review URL: https://codereview.chromium.org/1827083002

Cr-Commit-Position: refs/heads/master@{#383078}
tmoniuszko
Convert GN group targets to Visual Studio projects
BUG=596895

Review URL: https://codereview.chromium.org/1819353002

Cr-Commit-Position: refs/heads/master@{#383042}
fs
More explicit SVGTextMetrics construction
This makes SVGTextMetrics dumber - essentially POD - leaving all
measuring etc. to whoever creates one (SVGTextMetricsBuilder/Calculator)
for a minor "cost" in complexity.
This makes SVGTextMetrics not depend on LineLayoutSVGInlineText.

Drop SVGTextMetrics::setWidth too since it's unused.

BUG=594058

Review URL: https://codereview.chromium.org/1825613005

Cr-Commit-Position: refs/heads/master@{#382944}
fs
Move SVGTextMetrics::constructTextRun to SVGTextMetricsBuilder
New resting place is the SVGTextMetricsCalculator helper class.
This avoids using this function to create runs based on the wrong BiDi
context.
Also wrap the static bits of SVGTextMetricsBuilder.cpp in an unnamed
namespace, removing a few 'static' keywords.

BUG=596721, 594058

Review URL: https://codereview.chromium.org/1829713002

Cr-Commit-Position: refs/heads/master@{#382938}
davve
Document how effective zoom relates to StyleImage sizing
BUG=561519

Review URL: https://codereview.chromium.org/1824003002

Cr-Commit-Position: refs/heads/master@{#382859}
tmoniuszko
Make some chrome feature flags customizable in GN build
These flags are customizable in GYP build.

BUG=

Review URL: https://codereview.chromium.org/1830543002

Cr-Commit-Position: refs/heads/master@{#382854}
davve
Straighten out zoom and border-image
The border-image-slice property determines how the image is sliced
into the nine piece pattern. Since border-image-slice are not lengths,
they are not automatically zoomed in computed style. Thus the zoom
factor hasn't been applied to the image size either. For border-image
the image size has no impact on the destination area anyway, so this
part is fine.

However, the default object size is in zoomed coordinates and unless
the default object size is unzoomed, there will be a mix of zoomed and
unzoomed coordinates when calculating the final image size for image
sizes that depend on the default object size, e.g. SVG with no
intrinsic size.

For this reason, unzoom the default object size before using it to
compute the image size.

Since the zoom passed to StyleImage::image() should represent the zoom
applied to the image size, it follows from this that the zoom should
be one.

BUG=596075, 561519

Review URL: https://codereview.chromium.org/1819083004

Cr-Commit-Position: refs/heads/master@{#382842}
fs
Use the line box's direction in computeGlyphOverflow
Use SVGInlineTextBox::constructTextRun in order to get the direction as
determined by the BiDi algorithm rather than the what is specified on
the element. (This should also get the right override value for similar
reasons.)

BUG=596721

Review URL: https://codereview.chromium.org/1823073002

Cr-Commit-Position: refs/heads/master@{#382655}
fs
Remove unused SVGTextMetrics constructor
This version of the SVGTextMetrics constructor is no longer used after
SVGTextMetrics::measureCharacterRange was removed by
https://codereview.chromium.org/1773403002.

Review URL: https://codereview.chromium.org/1821833003

Cr-Commit-Position: refs/heads/master@{#382573}
fs
Optimize the characterNumberAtPositionCallback text query
Refactor the calculateGlyphPositionWithoutTransform and
calculateGlyphBoundaries helpers to get logicalGlyphPositionToPhysical
and physicalGlyphExtents.
Use the new methods to implement characterNumberAtPositionCallback as an
iteration over the contributing glyphs, thereby avoiding the O(n^2) for
glyph bounds calculation.

Also fold calculateFragmentBoundaries into
characterNumberAtPositionCallback, because it is trivial, and most of it
is needed for the remaining part of the function too.

Review URL: https://codereview.chromium.org/1816073002

Cr-Commit-Position: refs/heads/master@{#382557}
fs
Make the findMetricsForCharacter SVGTextQuery-helper return an iterator
Convert the helper to return an iterator into the metrics vector. Then
use that new property in the calculateGlyphRange helper to avoid O(n^2)
runtime.

Also remove modifyStartEndPositionsRespectingLigatures, because all
users of it (indirectly through
mapStartEndPositionsIntoFragmentCoordinates) now uses the pre-computed
text metrics - which should account for the same thing automatically.
Also fix up the TODO in endPositionOfCharacterCallback by doing what it
says.

Review URL: https://codereview.chromium.org/1822673002

Cr-Commit-Position: refs/heads/master@{#382536}
tmoniuszko
Make rebase_path() aware of Windows drive letter capitalization
Make sure rebase_path() supports both capital and non-capital Windows path
drive letters. It's unable to find common path prefix otherwise.

BUG=596072

Review URL: https://codereview.chromium.org/1817533002

Cr-Commit-Position: refs/heads/master@{#382532}
rune
Use LocalStyleChange for text direction changes.
Changing the dir attribute or inserting text content into the document
may affect the CSS direction property through presentation style. The
code traversed and marked the parent elements affected by such changes
but use SubtreeStyleChange which recalculate more style than necessary.
Instead use LocalStyleChange as that will also cause inheritance to
happen appropriately.

R=kojii@chromium.org
BUG=596509

Review URL: https://codereview.chromium.org/1817143002

Cr-Commit-Position: refs/heads/master@{#382442}
rune
Use invalidation sets for fullscreen pseudos.
Schedule invalidation sets on elements changing state for
:-webkit-full-screen and:-webkit-full-screen-ancestor.

Lazily load the UA style for fullscreen, but before we enter fullscreen
the first time to have the invalidation sets available for style
invalidation

BUG=442239

Review URL: https://codereview.chromium.org/803133002

Cr-Commit-Position: refs/heads/master@{#382405}
rune
Clear baseComputedStyle when text-autosizing changes.
baseComputedStyle is an optimization for animations where the computed
style before animations are applied is cached and cloned to have
cheaper style recalcs for per-frame animation changes. An assumption is
that the computed style for the layout object only changes in
styleForElement or pseudoStyleForElement. That assumption is not true
for text autosizing as the computed style may be changed during layout.
Then, for the next animation frame, the text autosizing factor may be
different even though the style has not been marked for recalc, and the
sanity check for an unchanged baseComputedStyle will trigger an assert.

Make sure we clear the baseComputedStyle for an element when the text
autosizing factor changes.

R=pdr@chromium.org,drott@chromium.org
BUG=596018

Review URL: https://codereview.chromium.org/1816103002

Cr-Commit-Position: refs/heads/master@{#382350}
mstensho
Shift flowthread-to-visual coordinate space conversion one level up in the tree.
The conversion now takes place between the flow thread and its parent multicol
container, rather than between the flow thread and its children.

This is both conceptually more correct, and it also matches what
mapToVisibleRectInAncestorSpace() already does. Having all machineries do this
at the same place in the tree is what fixes the editing-specific bug 596070.

As for layer clipping bug 527709, it just so happens that we specify the flow
thread as ancestor in mapLocalToAncestor(), which is invoked via
localToAncestorPoint() from PaintLayerClipper::calculateClipRects().
PaintLayerClipper does its work *before* fragments have been collected and set
up for a given layer, so it doesn't want mapLocalToAncestor() or anyone to
change to the visual coordinate space.

BUG=527709,596070
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1819603003

Cr-Commit-Position: refs/heads/master@{#382339}
fs
Make calculateGlyphBoundaries helper return the computed bounds
Review URL: https://codereview.chromium.org/1821613002

Cr-Commit-Position: refs/heads/master@{#382275}
fs
Push ScriptWrappable inheritance down from SVGAnimatedPropertyBase
Rather than letting the base inherit and then override for actually
wrappable subclasses, put the inheritance in the subclasses.
This avoids having "dead" ScriptWrappables on subclasses that don't need
this functionality.
Since this removes the last user of the DEFINE_WRAPPERTYPEINFO_NOT_REACHED
macro, remove that too.

BUG=596011

Review URL: https://codereview.chromium.org/1807333003

Cr-Commit-Position: refs/heads/master@{#382265}
mstensho
Untangle multicol coordinate space conversion from offsetFromContainer().
The various offsetFromContainer() implementations used to convert from flow
thread coordinates to visual coordinates if the container was a flow thread.
That works when mapping a position relatively to some ancestor, but not when
mapping a position relatively to some descendant. Put differently: It works
fine when walking upwards in a tree, but not so fine when walking it downwards
(we need the opposite operation in that case; convert from visual to flow
thread coordinates). That was the reason for some mess in mapAncestorToLocal(),
since we had to cancel out the shenanigans carried out by
offsetFromContainer().

So, instead, perform this flowthread-to-visual coordinate space conversion
where we need it, and don't cause trouble for those who don't need it.

No behavior changes intended. This is also why we're keeping this coordinate
space conversion in CaretBase for now, even if it's wrong (see bug 596070).
Simply removing that *now* wouldn't fix the bug anyway, just alter it (probably
for the better, but who knows -- still buggy). A proper fix will land shortly.

BUG=568492
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1820483002

Cr-Commit-Position: refs/heads/master@{#382153}
rune
Moved resolverChanged for mq updates into StyleEngine.
The placement of resolverChanged() needs a bit of explanation. We
incorrectly only clear the rulesets of active stylesheets when media
query evaluation changes. That currently causes crbug.com/589083.
Updating the active stylesheets (resolverChanged) before clearing the
ruleset will at least make sure that rule set for @media rules inside
sheets with a media attribute changing evaluation will be cleared
correctly. Moving resolverChanged() would have made the effects of
589083 worse.

BUG=567021

Review URL: https://codereview.chromium.org/1783913003

Cr-Commit-Position: refs/heads/master@{#381921}
sigbjornf
Remove unnecessary WebGLRenderingContextBase unregistration.
The garbage collector takes care of clearing out weak references to
WebGLRenderingContextBase objects that the |forciblyEvictedContexts()|
and |activateContexts()| sets keep, before the objects are finalized.

Hence no need to additionally attempt to remove; just assert
non-membership.

R=haraken
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_optional_gpu_tests_rel;tryserver.chromium.mac:mac_optional_gpu_tests_rel

Review URL: https://codereview.chromium.org/1815513002

Cr-Commit-Position: refs/heads/master@{#381916}
rune
Dirty tree scopes are always a subset of active tree scopes.
No need to walk dirty tree scopes when clearing media dependent rule
sets after walking the active tree scopes.

Also clear m_dirtyTreeScopes in StyleEngine::detachFromDocument.
Currently, m_dirtyTreeScopes are synchronously updated and cleared
right after they are marked dirty, but that is supposed to change.

BUG=567021

Review URL: https://codereview.chromium.org/1786663003

Cr-Commit-Position: refs/heads/master@{#381909}
philipj
Measure the impact of a proposed media element load algorithm change
https://github.com/whatwg/html/issues/869#issuecomment-196189743

R=mlamouri@chromium.org,isherman@chromium.org

Review URL: https://codereview.chromium.org/1809023003

Cr-Commit-Position: refs/heads/master@{#381787}
philipj
Remove use counters for Element methods that have been settled in spec
https://dom.spec.whatwg.org/#interface-element

This also moves the non-spec'd webkitMatchesSelector,
insertAdjacentElement and insertAdjacentText.

The use counter for webkitMatchesSelector is left in place, because it
it's somewhat interesting to follow its decline. The usage ought to be
dominated by old versions of jQuery and other libraries, and so it says
something about how long it takes for those libraries to be dropped or
upgraded in the wild. jQuery and other libraries were updated around the
time that the unprefixed matches was shipped in Blink, and usage of
webkitMatchesSelector has roughly halved every year since. (Since it's
now implemented in all engines, it's still unlikely to ever be removed.)

Original commits:
https://crrev.com/d92494c5c13990d8ab8d8cd73b0a20b8b2dee1e9
https://crrev.com/a706ad3cd488d6827cfcc99cd67cc30625296928
https://crrev.com/709823c231eb406d6928938c745effb16d6b3b3c
https://crrev.com/45b5b0427c403ba30d0067921b2639a31f0190df
https://crrev.com/6bcc2fb1c405cca7971ef6f361d94f8e8c63e726

BUG=460722

Review URL: https://codereview.chromium.org/1804383002

Cr-Commit-Position: refs/heads/master@{#381701}
sigbjornf
(Only) poison unmarked heap objects prior to sweeping.
Drop the unnecessary restriction that eagerly finalized objects aren't
allowed to touch access other eagerly finalized, but live, objects during
finalization. They're allowed to access live objects in other heaps/arenas,
so the same-heap restriction makes little sense.

Simplify the HeapPage poisoning methods as a result.

R=haraken
BUG=594129

Review URL: https://codereview.chromium.org/1805343004

Cr-Commit-Position: refs/heads/master@{#381554}
davve
Move computeIntrinsicSizingInfo to LayoutReplaced
It's only used on replaced content anyway so having an empty LayoutBox
implementation is pointless.

Review URL: https://codereview.chromium.org/1785323002

Cr-Commit-Position: refs/heads/master@{#381445}
philipj
Welcome isSameNode back as a per-spec method
The spec change has been reverted:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27424#c21
https://dom.spec.whatwg.org/#interface-node

There's no need to measure usage any longer, as not further change is
likely to ever happen.

BUG=460722
R=yosin@chromium.org

Review URL: https://codereview.chromium.org/1807833002

Cr-Commit-Position: refs/heads/master@{#381420}
sigbjornf
Stop scheduling in-order script execution upon hitting failed script.
R=haraken
BUG=581425

Committed: https://crrev.com/10cb02165d6d68a66007a3522f23a89fcb8a69d5
Cr-Commit-Position: refs/heads/master@{#381217}

Review URL: https://codereview.chromium.org/1798253002

Cr-Commit-Position: refs/heads/master@{#381281}
sigbjornf
Stop scheduling in-order script execution upon hitting failed script.
R=haraken
BUG=581425

Review URL: https://codereview.chromium.org/1798253002

Cr-Commit-Position: refs/heads/master@{#381217}
tommyt
bluetooth: android: Confirm the notify session after the descriptor has been written.
This change also implements WriteRemoteDescriptor and
ReadRemoteDescriptor. Because of this, I've also added quite a few
descriptor unit tests. These tests are pretty much the same as the
read/write tests for characteristics.

BUG=584369

Review URL: https://codereview.chromium.org/1712593002

Cr-Commit-Position: refs/heads/master@{#381088}
sigbjornf
Remove unused WorkerThread::postDelayedTask().
Unused since Blink r195402 ( https://codereview.chromium.org/1130413003 )

R=kinuko
BUG=

Review URL: https://codereview.chromium.org/1791053002

Cr-Commit-Position: refs/heads/master@{#380943}
davve
Rework embeddedContentBox into embeddedReplacedContent
In preparation for removing computeIntrinsicSizingInfo from LayoutBox
and only have it on LayoutReplaced.

Review URL: https://codereview.chromium.org/1785123003

Cr-Commit-Position: refs/heads/master@{#380902}
sigbjornf
Sync SlowTests expectations following r380895.
TBR=yosin
BUG=356957
NOTRY=true

Review URL: https://codereview.chromium.org/1791293002

Cr-Commit-Position: refs/heads/master@{#380898}
sigbjornf
Space out issuing of spellcheck requests to speed up layout test.
Avoid issuing all spellcheck requests (by focusing elements) in one go
as this queues up a number of tasks and timers that it will require going
back to the event loop many times to process and handle. As the actual
test also relies on timers and setTimeout() this delays the completion
of the test considerably.

Restructure the test, interleaving the element focusing (=> spellcheck
request) with asynchronously checking the spellcheck result. Test completes
earlier as a result.

R=haraken
BUG=356957
TEST=editing/spelling/spellcheck-editable-on-focus.html

Review URL: https://codereview.chromium.org/1781273009

Cr-Commit-Position: refs/heads/master@{#380895}
mstensho
Only honor break-* values when appropriate.
Only honor column-specific break property values if inside a multicol
container, and only honor pagination-specific break property values if inside
some kind of pagination container (printing or paged overflow).

For breaking inside paged overflow containers, honor page values, not column
values. The paged overflow implementation sits on top of the multicol
implementation, which means that it's flowthread-based. But that's just an
implementation detail. Paged overflow containers don't establish columns -- it
establishes pages. Had to update one test, since it relied on
-webkit-column-break-* working inside a paged overflow container, which no
longer is the case. Some unit tests needed an update too.

R=leviw@chromium.org
BUG=223068

Review URL: https://codereview.chromium.org/1762983002

Cr-Commit-Position: refs/heads/master@{#380797}
davve
Propagate media session id into MediaPlayerAndroid
The media session id will be used to implicitly activate a user defined media session.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1640123004

Cr-Commit-Position: refs/heads/master@{#380632}
mstensho
Class A fragmentainer break points also exist between zero-height blocks.
We used to base class A break point [1] detection on whether we were at the
start of the container, location-wise (atBeforeSideOfBlock). That's not
sufficient. It's obviously okay to collapse margins through a zero-height
block, and basically pretend that it doesn't exist for the sake of margin
collapsing. But this isn't true for fragmentation. Class A break points [1]
exist between any two in-flow blocks, regardless of the height of said blocks.
Therefore we cannot propagate the pagination strut caused by a line inside a
block following an empty first-child block. We still need to keep the check for
whether we are at the start of the container, though, because if we aren't, it
means that we have a class C break point [1].

This CL introduces the BlockChildrenLayoutInfo class, which is used as a state
object during block children layout. This replaces MarginInfo and LayoutUnit
previousFloatLogicalBottom, which is what we used to pass back and forth. They
have now been wrapped into BlockChildrenLayoutInfo, along with a new piece of
information: whether we're laying out the first in-flow child or not. This
information is what we now use to detect if we're at a class A break point [1]
or not.

[1] https://drafts.csswg.org/css-break/#possible-breaks

R=leviw@chromium.org
BUG=223068

Review URL: https://codereview.chromium.org/1769483002

Cr-Commit-Position: refs/heads/master@{#380625}
mstensho
Remove special-code for removing anonymous blocks around pseudo elements.
We now have more generic code to take care of this, in
makeChildrenInlineIfPossible().

Review URL: https://codereview.chromium.org/1778483002

Cr-Commit-Position: refs/heads/master@{#380617}
sigbjornf
Simplify StackFrameDepth's handling of stack limits.
The handling of enabled/disabled and limits has become unnecessarily
complex. Especially so now that supported targets all have reasonable
estimates about safe thread stack sizes. Simplify asserts and limit checks
accordingly.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1779243002

Cr-Commit-Position: refs/heads/master@{#380566}
sigbjornf
Check if stylesheet resource was cached before marking it as such.
Should the memory cache already have an entry for a resource other
than the stylesheet resource we're trying to add, do not mark
the underlying StyleSheetContents as being "cached".

Given the possibility that the StyleSheetContents may not be
memory cached, retire the sanity-checking assert that a stylesheet
resource must have been evicted from that cache when finalized.

R=japhet
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1782473002

Cr-Commit-Position: refs/heads/master@{#380559}
sigbjornf
If under stack pressure, do not enable eager stack use.
The Oilpan marking pass safely utilizes the system stack of the
marking thread when tracing the object graph. Should GC be
invoked when stack use is already considerable, the estimated stack
threshold for when it is no longer known safe to continue
consuming system stack, may already have been exceeded. If so,
leave the stack threshold limit & check disabled.

This addresses an assertable condition only; the stack limit
check handles GCing under stack pressure as wanted.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1778353002

Cr-Commit-Position: refs/heads/master@{#380426}
mstensho
Remove special-code used by the old (removed) multicol implementation.
In regular block flow, anonymous blocks always have inline children, unless
it's the part of a continuation chain that contains blocks (which should never
be merged with siblings). Anonymous blocks with block-children also occur in
flexbox (flex items), and in the ruby implementation, but otherwise never in
regular block container layout.

Review URL: https://codereview.chromium.org/1778463002

Cr-Commit-Position: refs/heads/master@{#380381}
sigbjornf
Revert of IntersectionObserver: use an idle callback to send notifications. (patchset #6 id:100001 of https://codereview.chromium.org/1776493002/ )
Reason for revert:
Tests added are leaking, https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/builds/18011

Original issue's description:
> IntersectionObserver: use an idle callback to send notifications.
>
> With this change, the tests can no longer use setTimeout(0) to wait
> for notifications to be delivered.  Instead, use takeRecords() to
> proactively grab notifications right after they are generated
> (typically in a RAF right after a layout change).
>
> BUG=540528
> R=ojan@chromium.org,haraken@chromium.org
>
> Committed: https://crrev.com/2c168f38b5c0e4e50374be4e54c44901c60738a9
> Cr-Commit-Position: refs/heads/master@{#380278}

TBR=ojan@chromium.org,haraken@chromium.org,skyostil@chromium.org,szager@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=540528

Review URL: https://codereview.chromium.org/1780163002

Cr-Commit-Position: refs/heads/master@{#380375}
philipj
Drop remaining [LegacyInterfaceTypeChecking] for Selection
With [LegacyInterfaceTypeChecking], any invalid type is treated as null,
and the risk of this change is therefore bounded by the
SelectionCollapseNull (also hit by setPosition) and
SelectionSetBaseAndExtentNull use counters:
https://www.chromestatus.com/metrics/feature/timeline/popularity/1083
https://www.chromestatus.com/metrics/feature/timeline/popularity/1084

Unfortunately chromestatus.com is not updating, but rbyers@ has checked
the stable channel data and reports usage as ~0 for both. The majority
of this tiny usage still ought to be actual null input, in cases like
collapse(something.firstChild).

The behavior of other engines was tested with this test:
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3970

Edge already throws for non-Node-or-null argumens to collapse and
setBaseAndExtent, but doesn't support setPosition.

Gecko already throws for collapse, but doesn't support setPosition or
setBaseAndExtent.

Overall, this ought to be very low risk.

BUG=561338
R=yoichio@chromium.org,rbyers@chromium.org

Review URL: https://codereview.chromium.org/1778683005

Cr-Commit-Position: refs/heads/master@{#380339}
sigbjornf
Have DataObject create less copies of mime type lists.
R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1776133003

Cr-Commit-Position: refs/heads/master@{#380244}
davve
Remove Image::computeIntrinsicDimensions()
There were only one user of Image::computeIntrinsicDimensions() left,
SVGImagePainter. It was used to calculate the container size in such a
way to force non-uniform scaling in case of
preserveAspectRatio=none. Use SVGImage::concreteObjectSize to get the
viewport size for SVG images.

BUG=581357

Review URL: https://codereview.chromium.org/1720853002

Cr-Commit-Position: refs/heads/master@{#380204}
fs
Simplify CullRect computation in LineBoxList::hitTest; fixing off-by-one
In the old formulation, we were essentially trying to "restore" the
margins from the HitTestLocation bounding-box and point, to compute a
"slice" to cull with. The "width" and "height" expressions for the slice
however trivially simplify to just the corresponding dimension of the
HitTestLocation bounding-box. For the "x" and "y" expressions however
the left/top margin is computed using the rounded point - which for
certain values of x/y will end up shifting the cullrect left/up by one
additional "unit" (pixel).
When the font size is small, one "unit" will be a lot, meaning that lines
can be missed entirely.

Change the computation of the cull rect to just use the bounding-box
from directly rather than restoring it from the (re)computed margin.
This gets rid of the last user of the HitTestLocation::*Padding()
methods, so remove those.

BUG=466617

Review URL: https://codereview.chromium.org/1780673002

Cr-Commit-Position: refs/heads/master@{#380194}
fs
Avoiding losing too much precision when hit-testing SVG <text>
Using flooredIntPoint() will lose all fractional precision - which is
too much considering that the location is actually at least a
LayoutPoint.
Use the HitTestLocation(const FloatPoint&) constructor instead - which does flooredLayoutPoint() behind scenes but also retains the FloatPoint.
Do the same for LayoutSVGForeignObject, since it has similar requirements.

BUG=466617

Review URL: https://codereview.chromium.org/1775363002

Cr-Commit-Position: refs/heads/master@{#380144}
sigbjornf
No need for ListHashSet<> in FrameSerializer.
Insertion ordering isn't made use of.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1778713004

Cr-Commit-Position: refs/heads/master@{#380112}
sigbjornf
Revert of MediaStream audio object graph untangling and clean-ups. (patchset #10 id:200001 of https://codereview.chromium.org/1721273002/ )
Reason for revert:
Broke a number of mediastream/ tests, e.g., https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Trusty/builds/9786

Original issue's description:
> MediaStream audio object graph untangling and clean-ups.
>
> This change consists of a number of "clean-up" changes that are being
> done to make the soon-upcoming refactoring of these classes go much more
> smoothly.  These are:
>
> 1. Public content MediaStreamApi functions cleaned up.  Removed
> "duplicated" functions that don't really do the same thing.  Removed
> hard-coded audio parameters from AddAudioTrackToMediaStream().
>
> 2. Eliminated ref-counting of WebRtcAudioCapturer and
> WebAudioCaptureSource.  Removed unnecessary references to these from
> WebRtcLocalAudioTrack.  Not only did this improve encapsulation of some
> code, but it also allowed for the removal of several dozen lines of
> "dead weight" testing set-upcode throughout the directory.
>
> 3. Renamed MediaStreamAudioTrack::GetTrack() method to From(), to be
> consistent with how this pattern is used in other parts of libcontent,
> and added a MediaStreamAudioSource::From().
>
> 4. Moved audio level calculations out of WebRtcLocalAudioTrack and into
> WebRtcAudioCapturer.  This way, when multiple tracks are present, the
> calculation is only being done once on the same audio.
>
> 5. Eliminated call to WebRtcCapturer::Stop() from
> WebRtcAudioDeviceImpl::Terminate(), which are each supposed to run on
> different threads.  From testing, DCHECKs should have been firing, but
> weren't, so the Terminate() method seems to be dead code.
>
> 6. Miscellaneous other "compaction" and comment updates.
>
> BUG=577881, 577874
> TBR=peter@chromium.org
>
> Committed: https://crrev.com/26bfd80549511a7e05f23c9941c41ced104ddf28
> Cr-Commit-Position: refs/heads/master@{#380065}

TBR=jochen@chromium.org,finnur@chromium.org,mcasas@chromium.org,olka@chromium.org,peter@chromium.org,tommi@chromium.org,miu@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=577881, 577874

Review URL: https://codereview.chromium.org/1780653002

Cr-Commit-Position: refs/heads/master@{#380103}
sigbjornf
Avoid WeakProcessingHashTableHelper<> type redefinitions.
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1770103003

Cr-Commit-Position: refs/heads/master@{#379820}
davve
Support canvas size as default object size
By adding a defaultObjectSize parameter to

 * CanvasImageSource::elementSize,
 * CanvasImageSource::defaultDestinationSize
 * CanvasImageSource::getSourceImageForCanvas

we can support the default sizing algorithm in HTMLImageElement for
images that lack an intrinsic size. This affects both drawImage() and
createPattern().

At time of writing there doesn't exist clear spec text for how
createPattern should behave. In
https://github.com/whatwg/html/issues/735 the behavior in this CL has
been suggested as a reasonble starting point.

BUG=581357, 475009

Review URL: https://codereview.chromium.org/1767633002

Cr-Commit-Position: refs/heads/master@{#379818}
sigbjornf
Remove Resource::assertIsAlive().
Temporary release assert to diagnose a crash that got stuck.

R=dcheng
BUG=352043

Review URL: https://codereview.chromium.org/1770013004

Cr-Commit-Position: refs/heads/master@{#379810}
davve
Merge image sizing algorithms
Let users of StyleImage use StyleImage::imageSize() to get the image
size instead of fetching intrinsic information and calculating the
size outside StyleImage. This let's us remove the sizing algorithm in
LayoutBoxModelObject::calculateImageIntrinsicDimensions.

By passing along the default object size to StyleImage::imageSize, we
can remove the sizing algorithm in LayoutBoxModelObject and reuse the
one in SVGImage instead for the one image type that needs the
complicated sizing algorithm. Simpler algorithms can remain simple,
e.g. for generated images with no fixed size, the default object size
is returned unmodified.

SVGImage::concreteObjectSize almost had the necessary bits to
support full sizing of SVG images within a style context, i.e. through
StyleImage. The only missing bit was the the contain constraint on the
default object size added by this patch.

Some zoom juggling needed since the provided default object size is
sometimes zoomed and SVGImage has no notion of zoom. Thus the zoom is
removed before calling SVGImage::concreteObjectSize() and reapplied on
the result afterwards.

Background images and other decorative images should never respect the
exif rotation[1], so StyleImage::imageSize now requests the image size
from ImageResource without exif rotation applied. Presumably
StyleImage::imageSize() was broken but unused in this regard before.

In contrast to LBMO::calculateImageIntrinsicDimensions(),
StyleImage::imageSize returns the size for layout, i.e. the size
compensated for the image scale factor. This fixes two hidpi bugs, one
for list item marker images and one for shape-outside.

BUG=581357, 591935, 591939, 592888, 592886

Review URL: https://codereview.chromium.org/1756763004

Cr-Commit-Position: refs/heads/master@{#379801}
sigbjornf
Remove dangling LeakExpectations pointers.
TBR=kouhei,yutak@chromium.org
BUG=364411,364417,506754
NOTRY=true

Review URL: https://codereview.chromium.org/1771943003

Cr-Commit-Position: refs/heads/master@{#379793}
sigbjornf
Fix non-Oilpan following r379558.
R=
BUG=580169

Review URL: https://codereview.chromium.org/1770323002

Cr-Commit-Position: refs/heads/master@{#379786}
rune
deviceScaleFactorChanged() handles style recalc.
No need to do an additional frame tree walk for marking style dirty
right before.

Review URL: https://codereview.chromium.org/1773523003

Cr-Commit-Position: refs/heads/master@{#379764}
rune
No need to re-collect stylesheets for setting type StyleChange.
Style recalc for all frames necessary, though.

Review URL: https://codereview.chromium.org/1772513003

Cr-Commit-Position: refs/heads/master@{#379763}
rune
Move preferred stylesheet logic into StyleEngine.
To understand the code better:

We don't support selecting alternate stylesheets in Blink, although the
API for Document.selectedStylesheetSet is present. The way it works, is
that the effective selected stylesheet set is either empty or the
preferred set. Setting selectedStylesheetSet has no effect.

This CL should not impose any functional changes, but a resolverChanged
with no effect has been removed.

The next step for async active stylesheet update is to move the setting
of the preferred set name to where the the dom mutations happen as the
order of mutations is what defines which stylesheet title has
precedence.

BUG=567021

Review URL: https://codereview.chromium.org/1769903002

Cr-Commit-Position: refs/heads/master@{#379762}
rune
Remove unnecessary setNeedsRecalcStyleInAllFrames for fonts.
Instead of walking the frame tree twice, nuking the style world the
second time, do normal font cache invalidation which lets StyleEngine
handle the change in StyleEngine::fontsNeedUpdate.

TEST=fast/text/update-sans-serif-and-recalc-style.html

Review URL: https://codereview.chromium.org/1771823002

Cr-Commit-Position: refs/heads/master@{#379761}
rune
Added tests for preferred sheet insertion order.
Which stylesheet wins setting the preferred stylesheet set based on the
title attribute depends on the insertion order, and not the tree order,
since it's done as part of adding a stylesheet[1], as part of creating
a stylesheet[2], which is done on closing a style element, on inserting
or removing the style element [3].

Added two tests to make sure this is still true after active stylesheet
update has been made async.

[1] https://drafts.csswg.org/cssom/#add-a-css-style-sheet
[2] https://drafts.csswg.org/cssom/#create-a-css-style-sheet
[3] https://html.spec.whatwg.org/#update-a-style-block

BUG=567021

Review URL: https://codereview.chromium.org/1769843002

Cr-Commit-Position: refs/heads/master@{#379760}
sigbjornf
Remove WebFormElement::wasUserSubmitted.
As autofill is no longer using this (as of r339061), drop this
this public API.

R=
BUG=

Review URL: https://codereview.chromium.org/1768953002

Cr-Commit-Position: refs/heads/master@{#379683}
fs
Add more SVG-related mapLocalToAncestor/mapAncestorToLocal tests
Written while looking at crbug.com/592316. Tests viewBoxes with a
non-zero x/y component.

BUG=592316, 568614

Review URL: https://codereview.chromium.org/1771833002

Cr-Commit-Position: refs/heads/master@{#379600}
auygun
Set debug color for borders of compressed tiles.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1774533002

Cr-Commit-Position: refs/heads/master@{#379582}
mostynb
export blink::Platform symbols in shared_library builds
This unbreaks GCC component=shared_library builds, which fail to link
libblink_platform.so due to missing vtable, since CL 1660383002 landed.

BUG=548254

Review URL: https://codereview.chromium.org/1770693002

Cr-Commit-Position: refs/heads/master@{#379577}
davve
Shortcut ImageResource::canRender()
Move the little work ImageResource::canRender() does out of fetch/ and
into the respective call sites. A small step towards getting rid of
ImageResource::imageSize() and limiting ImageResource to fetch related
functionality.

It's assumed that ImageResource::image() never returns the nullptr and
that !errorOccurred() implies the an image or the nullImage if no
image is available.

BUG=581357

Review URL: https://codereview.chromium.org/1773503002

Cr-Commit-Position: refs/heads/master@{#379549}
fs
Handle '<something>' to 'none' changes of 'transform' for SVG
Only the value of the new style was observed and triggered an update.
Check the StyleDifference flag for simplicity.

BUG=592206

Review URL: https://codereview.chromium.org/1771773002

Cr-Commit-Position: refs/heads/master@{#379546}
fs
Don't expand <symbol> elements in <use> that are not targets
When a <use> was referencing a subtree which contained a <symbol>
element, the <symbol> would get replaced by the "replace <symbol>" part
of the <use> expansion. This would result in content being rendered that
should not (since only <symbol>s that are directly referenced by <use>
should render.)
Instead of blindly expanding <symbol> elements, replace them directly
when producing the instance clone.

Replace the old faulty test svg/custom/use-on-g-containing-symbol.svg
with a new test.

Test from: https://bugs.webkit.org/show_bug.cgi?id=154576

BUG=589682

Review URL: https://codereview.chromium.org/1736283003

Cr-Commit-Position: refs/heads/master@{#379532}
rune
Re-collect rule features for watched selectors.
Instead of nuking the StyleResolver and re-collecting all stylesheets,
clear the current rule features on StyleResolver and mark them for
re-collection. We need to re-collect because the rule features on
StyleResolver are a union of the rule features from stylesheets and the
watched selectors from the declarativeContent css api for extensions.

A bonus is that this change avoids a synchronous active stylesheets
update.

R=dstockwell@chromium.org
BUG=567021

Review URL: https://codereview.chromium.org/1757503002

Cr-Commit-Position: refs/heads/master@{#379529}
rune
Avoid nuking everything when injecting stylesheet.
Instead do an analyzed update of the Document scope.

Review URL: https://codereview.chromium.org/1762443004

Cr-Commit-Position: refs/heads/master@{#379528}
philipj
Measure the many aspects of HTMLAllCollection
Multiple spec changes to HTMLAllCollection are under discussion:
https://github.com/whatwg/html/issues/775
https://github.com/whatwg/html/pull/780

To help inform the discussion and estimate risk, measure some of the
aspects that are currently not per spec, as well as a few extra bits for
comparison purposes.

BUG=591605

Review URL: https://codereview.chromium.org/1756963002

Cr-Commit-Position: refs/heads/master@{#379484}
sigbjornf
Remove now-unused Visitor::m_isGlobalMarkingVisitor field.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1759183005

Cr-Commit-Position: refs/heads/master@{#379469}
fs
Correct initial width/height for <use>d <symbol>s
The initial values for width/height on the <svg> generated for the
<symbol> should be "100%".
Since the <symbol> element had been replaced by a <svg> element by the
time the attributes were transferred the wrong set of rules were used.

Adjust svg/custom/use-attribute-invalidations.html to be correct.
svg/custom/relative-sized-shadow-tree-content-with-symbol.xhtml now
renders correctly.

BUG=592063

Review URL: https://codereview.chromium.org/1757993007

Cr-Commit-Position: refs/heads/master@{#379350}
sigbjornf
Simplify mock web speech recognizer's "onend" handling.
..and fix a bug introduced by r378252 in the process, it assuming
a different interpretation of speech recognizer handle equality than
what's (reasonably) provided.

i.e., handle the completion of a speech recognition via one
task rather than two.

R=tommi,jochen
BUG=591298

Review URL: https://codereview.chromium.org/1750213004

Cr-Commit-Position: refs/heads/master@{#379299}
fs
Add SVGUseElement::createInstanceTree helper
Add a new method used to create a new instance subtree from a <use>-
targetted element. Re-use where possible.

Also make isDisallowedElement(...) take a Element& (it's no longer
called on Nodes) and remove a redundant call to
removeDisallowedElementsFromSubtree in <symbol> expansion (no new clones
are produced here expecpt the <svg> on replacing the <symbol>.)

BUG=589682

Review URL: https://codereview.chromium.org/1763033002

Cr-Commit-Position: refs/heads/master@{#379298}
fs
Remove SVGUseElement::buildShadowTree
SVGUseElement::buildShadowTree() steps out for a moment to regain
strength. In its absence, open-code the sequence using other helper
functions.

BUG=589682

Review URL: https://codereview.chromium.org/1769493002

Cr-Commit-Position: refs/heads/master@{#379290}
fs
Factor addReferenceTo()-calls out of SVGUseElement::buildShadowTree
This factors the registering of references to first degree nested <use>
elements out of the buildShadowTree, getting rid of the |foundUse|
parameter. This brings us one step closer to more streamlined shadow-
tree construction. It also avoids calling isStructurallyExternal() more
than once.

Also cleanup the instanceTreeIsLoading() method by letting it traverse
all the SVGUseElement descendants of the shadow root using the
Traversal<> helpers.

BUG=589682

Review URL: https://codereview.chromium.org/1759423003

Cr-Commit-Position: refs/heads/master@{#379289}
sigbjornf
Retire expectation for fast/dom/webtiming.html
No longer coming through as flaky.

TBR=skyostil
BUG=520172
NOTRY=true

Review URL: https://codereview.chromium.org/1763883004

Cr-Commit-Position: refs/heads/master@{#379272}
sigbjornf
Avoid PageMemoryRegion::m_numPages data race.
R=haraken
BUG=591217

Review URL: https://codereview.chromium.org/1762093002

Cr-Commit-Position: refs/heads/master@{#379228}
fs
Eliminate SVGUseElement::referencedScope()
During "shadow tree fixup" (SVGUseElement::expand*) we can use the
document of the original (corresponding) element rather than
referencedScope(), because the Document of those elements will be the
external or the "local" respectively depending on source for the initial
clone operation.
This leaves a few users in buildPendingResource() which can be
eliminated by folding the method into it.
Hopefully this will also allow future cleanups to
isExternalURIReference, since now it's not called unnecessarily for each
nested <use>. (Possibly minor perf effect from eliminating the calls to
referencedScope().)

BUG=589682

Review URL: https://codereview.chromium.org/1757323002

Cr-Commit-Position: refs/heads/master@{#379074}
fs
Replace cloneNodeAndAssociate with Element::cloneElementWithChildren
Use the Element::cloneElementWithChildren to do a "straight" clone, and
then post-process it to associate the cloned nodes with their
corresponding elements.
Move the call to removeDisallowedElementsFromSubtree() into the cloning
sequence since it will have nothing to do if there's no target. The
root has already been verified to be "allowed", so the different
starting element makes no difference on the result.

BUG=589682

Review URL: https://codereview.chromium.org/1759553005

Cr-Commit-Position: refs/heads/master@{#379046}
fs
Use references some more in SVGUseElement
Mostly changes to pass SVGElement& rather than SVGElement* - and some
cleanup/removal of dead null-checks etc. as a consequence.

BUG=589682

Review URL: https://codereview.chromium.org/1762633002

Cr-Commit-Position: refs/heads/master@{#379031}
rune
Don't call updateLayoutTree twice.
In updateLayoutTreeIgnorePendingStylesheets we would call
updateLayoutTree twice when having nodes with placeholder style.
Removed the first call.

Review URL: https://codereview.chromium.org/1764653002

Cr-Commit-Position: refs/heads/master@{#379007}
sigbjornf
Fix non-Oilpan following r378744.
R=haraken,fs@opera.com
BUG=535429

Review URL: https://codereview.chromium.org/1753283004

Cr-Commit-Position: refs/heads/master@{#378996}
fs
Remove SVGUseElement helper subtreeContainsDisallowedElement
The related helper removeDisallowedElementsFromSubtree() already walks
the same subtree and checks with the same predicate[1], so letting the
removing function do all the work should not be a problem.

Also change isDisallowedElement to take a const Node&, and tighten the
type of the subtree root passed to removeDisallowedElementsFromSubtree
(it's always either a SVGSVGElement or a SVGGElement.)
Move the lengthy - and somewhat outdated - comment above
removeDisallowedElementsFromSubtree to just above its definition.
(We aim to align the current behavior to it though, so keeping it
around unchanged.)

[1] subtreeContainsDisallowedElement() was walking the Nodes of the
    tree, while removeDisallowedElementsFromSubtree() walks the
    Elements. Thus they did not look at the exact same set of nodes.
    Since the removal took place on the smaller set though there should
    be no change in behavior.
    Previously we could end up walking the entire subtree looking for
    something to remove (in removeDisallowedElementsFromSubtree)
    eventhough we wouldn't find it (like for example a COMMENT node.)

BUG=589682

Review URL: https://codereview.chromium.org/1755153002

Cr-Commit-Position: refs/heads/master@{#378993}
fs
Clean up reparenting in SVGUseElement::expand*
Add a helper moveChildrenToReplacementElement() and use that instead of
an open-coded loop.
Split transferUseAttributesToReplacedElement() into two, getting rid of
one by open-coding the call to cloneDataFromElement(), and make the other
one static (while renaming it.)

BUG=589682

Review URL: https://codereview.chromium.org/1760553002

Cr-Commit-Position: refs/heads/master@{#378992}
davve
Pass media session id over IPC
Add media_session_id to the MediaPlayerHostMsg struct in preparation
for letting the browser process create media players with user created
media sessions.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1641993003

Cr-Commit-Position: refs/heads/master@{#378983}
rune
One instead of three resolverChanged replacing source in inspector.
resolverChanged() was called three times when replacing the stylesheet
text from the inspector. Two mutation scopes and an explicit call at
the end.

Kept one of the mutation scopes. Two shouldn't be necessary, and I have
confirmed that the crash tests for which this was justified earlier
don't crash when removing one of the scopes.

Moved the stylesheet modifications into CSSStyleSheet::setText().

Also moved clearing of the CSSOM wrappers before the mutation scope
declaration as the mutation scope constructor would unnecessarily
re-attach wrappers which would then be cleared right after.

R=esprehn@chromium.org,pfeldman@chromium.org
BUG=591599

Review URL: https://codereview.chromium.org/1765463002

Cr-Commit-Position: refs/heads/master@{#378978}
rune
Removed unnecessary resolverChanged call.
Changing disabled state of a stylesheet link caused active stylesheet
update to happen twice. Once from setDisabled() on the stylesheet and
once directly from LinkStyle::setDisabledState(). Removed the one
called directly from LinkStyle::setDisabledState.

R=esprehn@chromium.org
BUG=591559

Review URL: https://codereview.chromium.org/1761693002

Cr-Commit-Position: refs/heads/master@{#378922}
sigbjornf
Revert of Use a bitmap to record PageMemoryRegion usage. (patchset #1 id:1 of https://codereview.chromium.org/1748363005/ )
Reason for revert:
Using a bitmap is problematic as pages within a region may belong to different threads (see https://crbug.com/591217 ).

Revert back to previous and use a separate bool per thread to avoid overlap.

Original issue's description:
> Use a bitmap to record PageMemoryRegion usage.
>
> R=haraken
> BUG=420515
>
> Committed: https://crrev.com/648b0ff04620c688b1d8926b06220f45da3e4598
> Cr-Commit-Position: refs/heads/master@{#378449}

TBR=oilpan-reviews@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=420515

Review URL: https://codereview.chromium.org/1749103005

Cr-Commit-Position: refs/heads/master@{#378756}
philipj
Make DeviceOrientationEvent.prototype.absolute non-nullable
This is to match the spec and Gecko:
http://w3c.github.io/deviceorientation/spec-source-orientation.html#deviceorientation
https://hg.mozilla.org/mozilla-central/file/85e218929a7a/dom/webidl/DeviceOrientationEvent.webidl

BUG=460722

Review URL: https://codereview.chromium.org/1737443002

Cr-Commit-Position: refs/heads/master@{#378747}
fs
Simplify SVGUseElement::expand* methods
 * Use Traversal<Type> helpers.
 * Start at the ShadowRoot.

BUG=589682

Review URL: https://codereview.chromium.org/1753843002

Cr-Commit-Position: refs/heads/master@{#378722}
rune
Remove unnecessary feature flag update.
The feature flags in StyleEngine were always reset from
StyleResolver::finishAppendAuthorStyleSheets right before we called
combineCSSFeatureFlags with the exact same feature set.

R=dstockwell@chromium.org
BUG=401359,567021

Review URL: https://codereview.chromium.org/1743183003

Cr-Commit-Position: refs/heads/master@{#378719}
fs
Implement mapAncestorToLocal for LayoutSVG{ModelObject,Block}
This CL adds an implementation of mapAncestorToLocal for SVG
LayoutObject types via a helper in SVGLayoutSupport.
This should help cases which use any of the LayoutObject::ancestorTo*
methods (or similar/wrappers.) Examples of users are various form
controls and scrollbars.

BUG=568614

Review URL: https://codereview.chromium.org/1747223002

Cr-Commit-Position: refs/heads/master@{#378716}
rune
Remove unused createdByParser flags and arguments.
Review URL: https://codereview.chromium.org/1754863002

Cr-Commit-Position: refs/heads/master@{#378711}
philipj
Remove the always-enabled Media from RuntimeEnabledFeatures
This has been enabled everywhere since
https://codereview.chromium.org/590083002

Review URL: https://codereview.chromium.org/1749683002

Cr-Commit-Position: refs/heads/master@{#378686}
philipj
Remove Selection TODO that was fixed by a spec change
BUG=460722
R=yoichio@chromium.org

Review URL: https://codereview.chromium.org/1755503002

Cr-Commit-Position: refs/heads/master@{#378667}
fs
Clone non-markup event listeners for <use> in a separate pass
This brings us closer to be able to use cloneNode(true) for the initial
clone.

BUG=589682

Review URL: https://codereview.chromium.org/1753823002

Cr-Commit-Position: refs/heads/master@{#378604}
fs
Remove redundant check in SVGUseElement::buildShadowTree
We already perform this check on |target| in all callers (the method
itself and buildShadowAndInstanceTree), so this condition will never be
true at this point. Remove it (replace with assert.) Since this gets rid
of the only way for buildShadowTree to return false, change the return-
type to 'void' and simplify accordingly.

BUG=589682

Review URL: https://codereview.chromium.org/1754693002

Cr-Commit-Position: refs/heads/master@{#378504}
sigbjornf
Add missing DevToolsEmulator field initialization.
Introduced in r371567.

R=
BUG=581115

Review URL: https://codereview.chromium.org/1747203002

Cr-Commit-Position: refs/heads/master@{#378491}
sigbjornf
Keep XHR progress throttle interval an implementation detail.
R=
BUG=

Review URL: https://codereview.chromium.org/1750323002

Cr-Commit-Position: refs/heads/master@{#378487}
sigbjornf
Retire WebLocalFrameScope.
Retire this test-supporting scope object; no longer needed to ensure timely
release and closing of WebLocalFrames in CreateLocalChildWithPreviousSibling

R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1750613002

Cr-Commit-Position: refs/heads/master@{#378454}
sigbjornf
Use a bitmap to record PageMemoryRegion usage.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1748363005

Cr-Commit-Position: refs/heads/master@{#378449}
sigbjornf
Remove unused HashSet<>::isValidValue().
R=
BUG=

Review URL: https://codereview.chromium.org/1750983002

Cr-Commit-Position: refs/heads/master@{#378435}
sigbjornf
Sync leak expectations following r378252.
TBR=dmazzoni
BUG=506529
NOTRY=true

Review URL: https://codereview.chromium.org/1751923002

Cr-Commit-Position: refs/heads/master@{#378431}
sigbjornf
Node.h #include parsimony.
Node.h is slurped in throughout Blink, hence it makes sense to have it
not include unnecessary headers.

R=tkent
BUG=

Review URL: https://codereview.chromium.org/1746673002

Cr-Commit-Position: refs/heads/master@{#378427}
tmoniuszko
Update GN docs about Visual Studio generators
BUG=

Review URL: https://codereview.chromium.org/1750523002

Cr-Commit-Position: refs/heads/master@{#378419}
philipj
Renew deprecation messages for Web Audio doppler effects
Intent to Deprecate:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/-1SI1GoHYO8/6XUjRs-fdv4J

BUG=439644

Review URL: https://codereview.chromium.org/1745103002

Cr-Commit-Position: refs/heads/master@{#378409}
rune
Allow simple selectors after ::content for compat.
Allow simple selectors which are not pseudo elements after ::content in
compound selectors. Polymer 0.5 content sometimes use ::content[attr]
instead of [attr]::content. This was made invalid with r369760.

R=timloh@chromium.org
BUG=589252

Review URL: https://codereview.chromium.org/1749713002

Cr-Commit-Position: refs/heads/master@{#378331}
sigbjornf
Make HTMLSelectElementTest.DefaultToolTip work non-Oilpan
R=tkent
BUG=

Review URL: https://codereview.chromium.org/1742353002

Cr-Commit-Position: refs/heads/master@{#378324}
sigbjornf
Reduce weak callback stack reservation for non-main threads.
Tune the initial reservation for Oilpan threads other than the main
thread; very few uses of weak references and collections happen off
the main thread. Adjust the initial allocation accordingly.

R=
BUG=

Review URL: https://codereview.chromium.org/1750553002

Cr-Commit-Position: refs/heads/master@{#378318}
sigbjornf
Have mock speech recognizer reset and release its recognizer upon ending.
Take care of leaks attributed to this mock object - it unnecessarily
retaining a WebSpeechRecognitionHandle beyond completion of the final
'ended' notification to it.

R=dmazzoni
BUG=506529

Review URL: https://codereview.chromium.org/1737953003

Cr-Commit-Position: refs/heads/master@{#378252}
sigbjornf
Fix PointerEventFactoryTest unit tests non-Oilpan following r377576.
TBR=oilpan-reviews
BUG=583331

Review URL: https://codereview.chromium.org/1749773002

Cr-Commit-Position: refs/heads/master@{#378242}
philipj
Move Deprecation helpers into an anonymous namespace
willBeRemoved is used in the first Deprecation::deprecationMessage so
unfortunately these can't be kept right next to second
Deprecation::deprecationMessage where they are used most.

Review URL: https://codereview.chromium.org/1750503002

Cr-Commit-Position: refs/heads/master@{#378206}
philipj
Remove unused UseCounter features
Review URL: https://codereview.chromium.org/1740153002

Cr-Commit-Position: refs/heads/master@{#378185}
sigbjornf
Remove unused NodeIntersectionObserverData predicates.
R=haraken
BUG=none

Review URL: https://codereview.chromium.org/1740973003

Cr-Commit-Position: refs/heads/master@{#378140}
sigbjornf
Reduce ephemeron stack size reservation.
The ephemeron stack is used by the Oilpan GC to handle key-value pairs
over weak references as wanted (i.e., the value is strongly referenced
until the key becomes unreachable). The marking process will push
hash tables containing such onto a stack processing for later processing.

Blink only has a handful of hash tables requiring ephemeron processing,
hence tune down the initial size of the stack accordingly.

As a data point, browsing around on various popular sites resulted in
ephemeron stacks no deeper than in the mid-20s.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1741833002

Cr-Commit-Position: refs/heads/master@{#378131}
perja
bluetooth: android: register for adapter on/off events.
Register for BluetoothAdapter.ACTION_STATE_CHANGED and reflect the
state changes in the device chooser dialog.

BUG=543060

Review URL: https://codereview.chromium.org/1711393002

Cr-Commit-Position: refs/heads/master@{#377982}
fs
After expanding <symbol> in <use>, expand its siblings
If the siblings are not expanded at this point, the loop of the children
of the ancestor will lose the siblings because it's still referencing
the old <symbol> element.
This little loop fell out in https://codereview.chromium.org/272523002.

BUG=589682

Review URL: https://codereview.chromium.org/1734983004

Cr-Commit-Position: refs/heads/master@{#377922}
sigbjornf
Remove unused Document auxiliary methods.
R=
BUG=

Review URL: https://codereview.chromium.org/1734373002

Cr-Commit-Position: refs/heads/master@{#377879}
fs
Fix synchronization of SVGAnimatedAngle (<marker orient>)
Since SVGAnimatedAngle also wraps the SVGAnimatedEnumeration for the
enumeration representation of the 'orient' attribute, and both of them
synchronize to said attribute, we need to override the synchronization
methods to take the synchronization status of them both into account
(as opposed to previously where only the SVGAnimatedAngle itself was
considered.) Rewrite the existing synchronizeAttribute() implementation
to just delegate rather than do the actual work itself.

Also change reference from SVGMarkerElement to just SVGElement and
include the specific header - SVGAngle.h rather than SVGAngleTearOff.h.

BUG=589808

Review URL: https://codereview.chromium.org/1739533004

Cr-Commit-Position: refs/heads/master@{#377875}
tmoniuszko
Limit the set of Visual Studio projects generated by GN
BUG=589099

Review URL: https://codereview.chromium.org/1718093006

Cr-Commit-Position: refs/heads/master@{#377871}
philipj
Adjust deprecation messages to match Estimated Stable Dates
These dates are from https://www.chromium.org/developers/calendar and
match the branch date + 6 weeks rule.

It would be unfortunate if developers think they have more time to adapt
than they actually do.

BUG=590143

Review URL: https://codereview.chromium.org/1736533004

Cr-Commit-Position: refs/heads/master@{#377870}
sigbjornf
Parameterize CallbackStack over initial block size.
CallbackStack keeps a chain of blocks, extending it as needed. So as to
allow stacks with varying block sizes, have its constructor take the
block size to use as argument.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1737913002

Cr-Commit-Position: refs/heads/master@{#377865}
sigbjornf
Ignore setting of navigation starting points for detached documents.
Address non-Oilpan leaks.

R=tkent
BUG=454172

Review URL: https://codereview.chromium.org/1739713003

Cr-Commit-Position: refs/heads/master@{#377679}
fs
Don't use SVG resource documents with an unrecognized MIME-type
Before parsing/creating the actual document of a DocumentResource, make
sure that the resource in question was actually served as a reasonable
MIME-type - one of:

  image/svg+xml,
  text/xml,
  application/xml or
  application/xhtml+xml

Use the original Content-Type from the HTTP header when possible and
treat empty as invalid (matches Gecko).
This could help mitigate some issues with content sanitation. It seems
to match what Gecko is doing so is hopefully not too web-incompatible.

Move the commonly recurring *Resource::mimeType() helper from subclasses
to the baseclass (Resource) and rename it httpContentType() since that
should be a better match for what it is.

BUG=527514

Review URL: https://codereview.chromium.org/1706243002

Cr-Commit-Position: refs/heads/master@{#377560}
fs
Don't apply the SandboxPlugins flag until we know a plugin will be used
Move the check of the SandboxPlugins flag out of the pluginIsLoadable
function and to just before the actual load/instantiation of the plugin
is initiated. This means the URL and MIME-type is still subject to
SecurityOrigin, (some) CSP and Mixed-Content checks, but the flag will
not block resources if they will not use a plugin.

Split pluginIsLoadable into one part that checks if the URL/MIME-type is
allowed, and one part that checks if the plugin itself can be
loaded/instantiated. The former is allowedToLoadObject while the latter
is allowedToLoadPlugin. Only call the latter if we determine that a
plugin will be used to view the content (URL or not). Sink the
allowedToLoadPlugin check into loadPlugin, which in turn means it will
apply to the code-path through createPluginWithoutLayoutObject() as well,
while adding a call to allowedToLoadObject there as well.

Also make sure that shouldUsePlugin() sets the |useFallback| out-
variable before all returns. (Could previously be used uninitialized.
Found by code inspection.)

BUG=578916

Review URL: https://codereview.chromium.org/1645313002

Cr-Commit-Position: refs/heads/master@{#377559}
philipj
Remove dead code related to Web Audio doppler effects
Doppler already has no effect on AudioBufferSourceNodes, as the only
call to setPannerNode was removed in time for M41:
https://codereview.chromium.org/783273002/

PannerHandler::dopplerRate becomes unreachable next, and pulling at the
thread of unreachable things ends up removing quite a lot.

PannerNode's setVelocity is revealed to have no effect at all, although
it remains in the spec. A spec issue was filed:
https://github.com/WebAudio/web-audio-api/issues/730

BUG=439644
R=rtoy@chromium.org

Review URL: https://codereview.chromium.org/1734483002

Cr-Commit-Position: refs/heads/master@{#377507}
sigbjornf
Have EventSender mouseups unwind better on cancellation during dragover.
Follow up on changes brought by r376733 and check if handling of dragover
cancelled our ongoing drag. Leave early, if so.

R=dcheng,rbyers
BUG=589426

Review URL: https://codereview.chromium.org/1728353002

Cr-Commit-Position: refs/heads/master@{#377392}
mostynb
only include xdg_util_unittest.cc on desktop linux
Review URL: https://codereview.chromium.org/1726613003

Cr-Commit-Position: refs/heads/master@{#377373}
philipj
Remove SVGElement.offsetParent/offsetTop/offsetLeft/offsetWidth/offsetHeight
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/jjwLLSG_hGY/Ovi-nvEeDwAJ

BUG=463116

Review URL: https://codereview.chromium.org/1726743002

Cr-Commit-Position: refs/heads/master@{#377283}
philipj
Update SVG tests ahead of offset* removal
This converts some SVG tests to use getBoundingClientRect() instead of
the deprecated offset* attributes, so that the removal CL is minimized
and thus easier to revert in case of trouble.

smil-scheduled-in-inactive-document-crash.html didn't actually run the
problematic code because of a early finishJSTest(), which was moved.

BUG=463116
R=fs@opera.com

Review URL: https://codereview.chromium.org/1729073002

Cr-Commit-Position: refs/heads/master@{#377261}
mstensho
Ability to return the height of fragmentainer groups that don't yet exist.
When the flow thread offset is out of range (i.e. it comes after the logical
bottom of the last fragmentainer group created so far) when asking for a column
height, estimate how tall the next fragmentainer group will be, instead of
returning the height of the last fragmentainer group.

It was dodgy of LayoutBlockFlow::adjustLinePositionForPagination() to call
paginatedContentWasLaidOut() before the final position of the line had been
determined, but we did so in order to create the necessary fragmentainer
groups, so that we could get the right column height. However, since we may
decide to drop the strut calculated if a line is taller than the column, we'd
better not pretend that we applied the strut. Otherwise we may create more
fragmentainer groups than necessary, causing mild confusion and assertion
failures in the multicol machinery.

To fix this, we need LayoutBlock::pageLogicalHeightForOffset() to be able to
return the height of columns in a fragmentainer group that has't yet been
created (and perhaps never will). The rationale behind this solution is that it
seems better to deal with this inside the multicol implementation, than to add
more complexity in adjustLinePositionForPagination(). Leaving LayoutBlockFlow
blissfully unaware of multiple fragmentainer groups seems like a good thing.

BUG=552615

Review URL: https://codereview.chromium.org/1710843003

Cr-Commit-Position: refs/heads/master@{#377256}
landell
Include errno.h
BUG=

Review URL: https://codereview.chromium.org/1729433002

Cr-Commit-Position: refs/heads/master@{#377254}
sigbjornf
Retire stale leak expectations.
Both these tests are no longer reported as leaking, sync expectations
accordingly.

R=haraken
BUG=582376
NOTRY=true

Review URL: https://codereview.chromium.org/1734493002

Cr-Commit-Position: refs/heads/master@{#377237}
mostynb
simplify glib condition for including message_pump_glib_unittest.cc
We should use the use_glib variable instead of alternative
conditions throughout the build configuration.

Review URL: https://codereview.chromium.org/1719343004

Cr-Commit-Position: refs/heads/master@{#377053}
sigbjornf
Re-order unregistration and detachment of failed ScriptLoader.
For a ScriptLoader that fails to load its script resource, unregister
with the associated ScriptRunner before dispatching 'error'. This avoids
potential trouble should the onerror handler trigger nested access to
the ScriptRunner's (sync) script queue, if it ends up loading script
resources of its own.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1718083005

Cr-Commit-Position: refs/heads/master@{#376986}
davve
Prepare SVGImage for the default sizing algorithm
This patch aligns sizing in SVGImage with sizing done in
LayoutBoxModelObject::calculateImageIntrinsicDimensions()

Split SVGImage::containerSize() into two parts. On part that
calculates the concrete size.

The other part return containerSize(), with concrete object size as
fall-back for direct SVGImage::draw() users (webgl being the only one
known).

The long term plan is to only keep this sizing implementation and
remove the one in LayoutBoxModelObject. As long as SVG is the only
user of the complex version of the algorithm it makes sense to keep it
as SVG-only code.

BUG=581357

Review URL: https://codereview.chromium.org/1695243004

Cr-Commit-Position: refs/heads/master@{#376965}
davve
Clean up computeIntrinsicDimensions
No need to carry around Length for intrinsic width or height
anymore. A FloatSize does fine when all lengths are fixed.

BUG=581357, 585467

Review URL: https://codereview.chromium.org/1685353004

Cr-Commit-Position: refs/heads/master@{#376956}
sigbjornf
Sync leak expectations following r376816.
TBR=yosin,tkent
BUG=587424
NOTRY=true

Review URL: https://codereview.chromium.org/1727503002

Cr-Commit-Position: refs/heads/master@{#376939}
philipj
Add TODOs to convert from video-test.js to testharness.js
BUG=588956
R=mlamouri@chromium.org

Review URL: https://codereview.chromium.org/1715303002

Cr-Commit-Position: refs/heads/master@{#376938}
mstensho
Spec-compliant shorthand parsing of foo-break-(after,before,inside).
The CL that introduced the generic break-after, break-before and break-inside
properties deliberately violated the spec when it came to parsing the
page-break-(after,before,inside) shorthand properties. This was in order to
reduce the risk of a big revert, and instead remain as compatible as we could
with how we used to handle it prior to the introduction of the new generic
properties, i.e. when we parsed and stored separate properties for
page-break-foo and -webkit-column-break-foo, rather than treating them as
shorthands for break-foo.

BUG=223068

Review URL: https://codereview.chromium.org/1720063002

Cr-Commit-Position: refs/heads/master@{#376896}
rune
Removed Document::addedStyleSheet.
Replace it with resolverChanged(). It was only a call from StyleEngine
into Document and back into StyleEngine. Removed a couple of comments
referring to the removed method which were confusing/out-of-date.

Moved call to resolverChanged() immediately following
modifiedStyleSheetCandidateNode() into the latter method.

Made StyleEngine::markDocumentDirty() private.

No functional changes.

BUG=567021

Review URL: https://codereview.chromium.org/1721673002

Cr-Commit-Position: refs/heads/master@{#376894}
rune
Trigger options width update when option text changes.
Previously this was triggered by doing a full host subtree recalc on
shadow redistribution, but that recalc was removed as an optimization.

R=tkent@chromium.org
BUG=588585

Review URL: https://codereview.chromium.org/1719873002

Cr-Commit-Position: refs/heads/master@{#376880}
julienp
SingleSplitView did not take the view border into account when handling the splitter position. This fixes that.
Review URL: https://codereview.chromium.org/1702473002

Cr-Commit-Position: refs/heads/master@{#376876}
sigbjornf
Stop async spellchecker before running the leak detector.
Should a test finish up before all the spellcheck requests that
it (inadvertently?) generates have been asynchronously processed
and completed, it risks beomg reported as leaking.

These requests have no bearing on the correctness of the test
(if they did, the test would have to arrange to wait on their
outcomes), and can safely be cancelled before leak detection goes
ahead. Along with stopping the async spellchecker, this avoids
unnecessary flakiness from tests that involve spellchecking.

R=
BUG=587424

Review URL: https://codereview.chromium.org/1715203002

Cr-Commit-Position: refs/heads/master@{#376816}
mstensho
Run update_use_counter_css.py for r376249, r376148 and r376051.
R=holte@chromium.org

Review URL: https://codereview.chromium.org/1720823002

Cr-Commit-Position: refs/heads/master@{#376787}
rune
Ignore title attribute for style elements in shadow trees.
Title attributes on style elements in shadow trees should not set the
preferred stylesheet name for the whole document. Also, title on style
elements in shadow trees should not respond to the preferred stylesheet
set in the top document.

BUG=588718

Review URL: https://codereview.chromium.org/1717303002

Cr-Commit-Position: refs/heads/master@{#376776}
sigbjornf
Gracefully handle nested eventSender.beginDragWithFiles() attempts.
Programmatic drag operations in test code may attempt to initiate nested
file drag operations, something eventSender nor anyone else is prepared
for. Throw an error and cancel the current drag operation to discourage
(fuzzer?) code from attempting this.

R=dcheng,mkwst
BUG=479216

Review URL: https://codereview.chromium.org/1718463002

Cr-Commit-Position: refs/heads/master@{#376733}
philipj
Fix grammar (does->do) in border-image-sans-border-style deprecation
BUG=559258
R=cavalcantii@chromium.org

Review URL: https://codereview.chromium.org/1722543002

Cr-Commit-Position: refs/heads/master@{#376724}
auygun
Reland Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1713503002

Cr-Commit-Position: refs/heads/master@{#376711}
davve
Carry WebMediaSession in WebMediaPlayerParams
While general, this is Android focused in the short-term. It prepares
WebMediaPlayerAndroid for propagating its media session id, if any,
over IPC to the browser process where the media session integration
with the platform happens.

BUG=497735, 581728

Review URL: https://codereview.chromium.org/1648653002

Cr-Commit-Position: refs/heads/master@{#376707}
rune
Don't expose HTMLSlotElement if Shadow DOM V1 is not enabled.
Invoking toString on the element serialized to [object HTMLSlotElement]
which is not correct until we ship.

R=hayato@chromium.org,kochi@chromium.org
BUG=531990

Review URL: https://codereview.chromium.org/1717823002

Cr-Commit-Position: refs/heads/master@{#376701}
rune
Don't try to find a slot in a v0 shadow tree.
ElementShadow::assignedSlotFor asserts that it's only called for V1
ElementShadows and doesn't null check m_slotAssignment. Guard with an
if-check for V1 when assignedSlotFor from Node::assignedSlot like we
already do from Node::assignedSlotForBinding.

R=hayato@chromium.org,kochi@chromium.org
BUG=588209

Review URL: https://codereview.chromium.org/1717053002

Cr-Commit-Position: refs/heads/master@{#376699}
rune
Use invalidation sets to invalidate slotted elements.
Mark invalidation sets as invalidating slotted elements when the
invalidation set features come from a ::slotted pseudo element.

When we encounter a <slot> element during style invalidation, match the
invalidation sets marked as invalidating slotted elements against the
distributed nodes list for the <slot>.

R=hayato@chromium.org,kochi@chromium.org,ericwilligers@chromium.org
BUG=587746

Review URL: https://codereview.chromium.org/1717703002

Cr-Commit-Position: refs/heads/master@{#376698}
sigbjornf
Switch BlinkGCPluginConsumer to use ranged for-loops.
Modernize and consistently use ranged for-loops where possible.

R=haraken,thakis
BUG=

Review URL: https://codereview.chromium.org/1717433003

Cr-Commit-Position: refs/heads/master@{#376656}
rune
Trigger repaint on first paint only on pending stylesheet decrement.
Also, since Document::styleResolverChanged() is now just a call to
StyleEngine::resolverChanged(), remove it.

This is in preparation for splitting (style)resolverChanged() into more
descriptive methods on StyleEngine for what is necessary to nuke and
rebuild in the various cases. That, in turn, is in preparation for the
componentized style resolver and asynchronous update of active
stylesheets.

BUG=401359,567021

Review URL: https://codereview.chromium.org/1716803002

Cr-Commit-Position: refs/heads/master@{#376594}
fs
Rename -webkit-text to -internal-quirk-inherit, limiting it to UA style
Stop accepting the -webkit-text value for color properties in quirks mode.
Rename it to -internal-quirk-inherit to better match the naming in the
quirks mode spec [1].
Usage of this property value is low [2].

[1] https://quirks.spec.whatwg.org/#the-tables-inherit-color-from-body-quirk
[2] https://www.chromestatus.com/metrics/feature/timeline/popularity/942

BUG=586485

Review URL: https://codereview.chromium.org/1713513002

Cr-Commit-Position: refs/heads/master@{#376506}
asaka
Use std::isnan instead of isnan in global ns
BUG=

Review URL: https://codereview.chromium.org/1705173003

Cr-Commit-Position: refs/heads/master@{#376477}
fs
Add test from issue 50819
BUG=50819

Review URL: https://codereview.chromium.org/1716663004

Cr-Commit-Position: refs/heads/master@{#376463}
rune
Reland: Propagate inherited properties into slotted elements on recalc.
When we reach a <slot> element during recalc, we need to trigger recalc
of elements distributed to that slot for inheritance. This is similar
to what is done for InsertionPoint. I have however not found a case
where we need a bigger cannon than LocalStyleChange on the distributed
elements.

Made a few override methods final, expecting no inheritance of
HTMLSlotElement.

R=kochi@chromium.org,hayato@chromium.org
BUG=587797

Committed: https://crrev.com/e6491c6e66c3393363402f04f625959e29ba236c
Cr-Commit-Position: refs/heads/master@{#376406}

Review URL: https://codereview.chromium.org/1708213002

Cr-Commit-Position: refs/heads/master@{#376461}
sigbjornf
Fix non-Oilpan ref pointer usage over DOMTokenLists.
R=
BUG=584612
NOTRY=true

Review URL: https://codereview.chromium.org/1715653002

Cr-Commit-Position: refs/heads/master@{#376434}
tmoniuszko
[GN] Don't rewrite files with the same contents
Reland of https://codereview.chromium.org/1656253003 with fix.

Reason for revert:
Need to revert this patch according https://sites.google.com/a/chromium.org/dev/developers/tree-sheriffs/sheriffing-bug-queues. This patch added a flaky test FilesystemUtils.WriteFileIfChanged.

-----

It's a test flake:
1) Try to find the patch that caused the flake. It should be recent (e.g. last day or two) in all likelihood.
2) If successful with finding that patch, revert the patch. This is especially true if the flake is from a new test introduced in that patch.
3) Close the bug.

-----

The test has failed in the following builds:

http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176911
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176911
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176735
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176715
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176715
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176561
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176462
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/176375

-----

Example failure:

[ RUN      ] FilesystemUtils.WriteFileIfChanged
../../tools/gn/filesystem_utils_unittest.cc:610: Failure
Expected: (last_modified) != (file_info.last_modified), actual: 2016-02-04 18:06:36.920 UTC vs 2016-02-04 18:06:36.920 UTC
[  FAILED  ] FilesystemUtils.WriteFileIfChanged (3 ms)
[315/315] FilesystemUtils.WriteFileIfChanged (3 ms)
Retrying 1 test (retry #2)
[ RUN      ] FilesystemUtils.WriteFileIfChanged
../../tools/gn/filesystem_utils_unittest.cc:610: Failure
Expected: (last_modified) != (file_info.last_modified), actual: 2016-02-04 18:06:36.936 UTC vs 2016-02-04 18:06:36.936 UTC
[  FAILED  ] FilesystemUtils.WriteFileIfChanged (2 ms)
[316/316] FilesystemUtils.WriteFileIfChanged (2 ms)
Retrying 1 test (retry #3)
[ RUN      ] FilesystemUtils.WriteFileIfChanged
../../tools/gn/filesystem_utils_unittest.cc:610: Failure
Expected: (last_modified) != (file_info.last_modified), actual: 2016-02-04 18:06:36.952 UTC vs 2016-02-04 18:06:36.952 UTC
[  FAILED  ] FilesystemUtils.WriteFileIfChanged (2 ms)
[317/317] FilesystemUtils.WriteFileIfChanged (2 ms)
1 test failed:
    FilesystemUtils.WriteFileIfChanged (../../tools/gn/filesystem_utils_unittest.cc:579)

-----

More details in http://crbug.com/584548.

Original issue's description:
> [GN] Don't rewrite files with the same contents
>
> BUG=
>
> Committed: https://crrev.com/f8ea5cceefcedd4a01935d5ac4d2ba71e23ac13e
> Cr-Commit-Position: refs/heads/master@{#373544}

BUG=584548

Review URL: https://codereview.chromium.org/1704383002

Cr-Commit-Position: refs/heads/master@{#376430}
fs
Remove support of the -webkit-text value from {-webkit-,}background-clip
Usage is essentially/rounding to zero [1].

[1] https://www.chromestatus.com/metrics/feature/timeline/popularity/941

BUG=586485

Review URL: https://codereview.chromium.org/1708173002

Cr-Commit-Position: refs/heads/master@{#376421}
philipj
Remove support for TreatReturnedNullStringAs=Null|Undefined
document.defaultCharset was the last user and is now removed:
https://codereview.chromium.org/1707473002

BUG=497982

Review URL: https://codereview.chromium.org/1711783003

Cr-Commit-Position: refs/heads/master@{#376419}
rune
Propagate inherited properties into slotted elements on recalc.
When we reach a <slot> element during recalc, we need to trigger recalc
of elements distributed to that slot for inheritance. This is similar
to what is done for InsertionPoint. I have however not found a case
where we need a bigger cannon than LocalStyleChange on the distributed
elements.

Made a few override methods final, expecting no inheritance of
HTMLSlotElement.

R=kochi@chromium.org,hayato@chromium.org
BUG=587797

Review URL: https://codereview.chromium.org/1708213002

Cr-Commit-Position: refs/heads/master@{#376406}
mstensho
Unprefix multicol properties.
The prefixed versions will be retained as aliases for the unprefixed ones.
Might take some decades before the world wide web has stopped using them,
so we probably cannot deprecate (and remove) them any time soon.

Most tests are still prefixed. Will clean that up in due course. For now, just
unprefix one random unit test and one random LayoutTest.

BUG=492297

Review URL: https://codereview.chromium.org/1710003002

Cr-Commit-Position: refs/heads/master@{#376249}
philipj
Remove document.defaultCharset
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pWSb_tq13Kg/Dmk59Fb9AQAJ

The removed Android test depended on defaultCharset. There is already
another test that verifies that the setting affects the default
encoding: LayoutTests/http/tests/download/default-encoding.html

BUG=567738

Review URL: https://codereview.chromium.org/1707473002

Cr-Commit-Position: refs/heads/master@{#376170}
mstensho
Enable CSS column-fill by default (in stable).
There are already plenty of tests for this in LayoutTests/fast/multicol/

BUG=492297

Review URL: https://codereview.chromium.org/1704883002

Cr-Commit-Position: refs/heads/master@{#376167}
mstensho
Add CSS parser support for break-after, break-before and break-inside.
Note that this only adds support for these properties on specified and computed
style level, and does not extend the functionality in the layout engine. In
particular, we don't support break-(after|before):(avoid|left|right) any better
than before (i.e. we just recognize the values and do nothing about them in the
engine).

The (page|-webkit-column)-break-(after|before|inside) properties are treated as
shorthands for their break-(after|before|inside) counterparts, in accordance
with the spec.

This CL intends to make as few behavioral changes on computed style level as
humanly possible, apart from actually allowing the new properties. In order to
achieve that, we go against the spec when it comes to mapping between the three
modern break-(after|before|inside) properties and the old-fashioned ones. More
specifically, we map "right" and "left" values to "always", and we even support
those values on -webkit-column-break-(after|before), which is just bogus, but
this is how it's always been. We also violate the spec when it comes to mapping
"avoid" values. While the spec says that e.g. page-break-inside:avoid should
simply map to break-inside:avoid, we map it to avoid-page, so that the computed
value of -webkit-column-break-inside isn't affected by such a declaration.

There WILL be some minor behavioral changes, no matter how hard we try, though:
Since there's now just one property for each of before, after and inside
(instead of two - one for page and one for column), declaration sequences like
"page-break-inside:avoid; -webkit-column-break-inside:auto;" will not behave
like before. This will now become "break-inside:auto" (from the
-webkit-column-break-inside declaration), effectively allowing page breaks
inside.

The new test behaves exactly as it would have without the code changes in this
CL, apart from recognizing break-after, break-before and break-inside.

BUG=223068,492297

Review URL: https://codereview.chromium.org/1681273003

Cr-Commit-Position: refs/heads/master@{#376148}
mstensho
Merge most of LayoutBox::mapLocalToAncestor() into LayoutObject.
Just kept the part that updates the IsFixed MapCoordinatesMode, since it wasn't
intertwined with the rest and is unique to LayoutBox-derived classes.

BUG=568492
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1700743002

Cr-Commit-Position: refs/heads/master@{#376126}
sigbjornf
Fix non-Oilpan PassRefPtr<> usage following r375261.
Add required RefPtr<> local bindings of incoming PassRefPtr<>s.

R=haraken
BUG=583376

Review URL: https://codereview.chromium.org/1703113003

Cr-Commit-Position: refs/heads/master@{#376122}
rune
Don't add rule feature data for rules which may never match.
:host and :host-context must always be in the rightmost compound with
no other simple selectors except a succeding pseudo element in order to
match as the host element is feature-less in that context. It's however
not an invalid selector according to the CSS Scoping spec, so we
shouldn't drop it at parse time.

We could potentially skip adding other selectors to rulesets as well
including selectors like:

:hover:not(:hover), div:not(div), ::content and ::slotted not in
shadow trees, etc.

R=kochi@chromium.org,ericwilligers@chromium.org
BUG=489481

Review URL: https://codereview.chromium.org/1703893002

Cr-Commit-Position: refs/heads/master@{#376116}
rune
Don't add to uncommonAttributeRules for non-sharable cases.
Like for siblingRules in [1], we don't need to add rules to
uncommonAttributeRules if the attribute selectors are left of ::content,
::slotted, :host, or :host-context as two elements only may share style
if they match the same elements left of the two former, and anything
left of the two latter may never match.

[1] https://codereview.chromium.org/1695393002/

R=kochi@chromium.org

Review URL: https://codereview.chromium.org/1706793002

Cr-Commit-Position: refs/heads/master@{#376106}
rune
Fixed comment about :host in SelectorChecker.
- Only non-functional :host has no selector list.
- Removed misplaced specificity comment.

R=kochi@chromium.org

Review URL: https://codereview.chromium.org/1707643002

Cr-Commit-Position: refs/heads/master@{#376076}
mstensho
Introduce maxColumnLogicalHeight() and clean up a little.
Looks like MultiColumnFragmentainerGroup::calculateMaxColumnHeight() isn't
going to be the only place where we need this functionality.

No functional changes intended.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1696713003

Cr-Commit-Position: refs/heads/master@{#376075}
sigbjornf
Eagerly unregister PostMessageTimer as a context observer.
The effective lifetime of a PostMessageTimer is over once its callback
fires; unregister as an observer at that point to avoid unnecessary work
during the following GC.

R=haraken
BUG=587012

Review URL: https://codereview.chromium.org/1703883002

Cr-Commit-Position: refs/heads/master@{#375885}
fs
Simplify SVGAnimatedHref
Let SVGAnimatedHref hold the actual value for 'href' and just wrap the
object for 'xlink:href'. This means we can get rid of most of the
overrides.

BUG=584142

Review URL: https://codereview.chromium.org/1697593002

Cr-Commit-Position: refs/heads/master@{#375861}
philipj
Remove internal use of Document::defaultCharset
This is in preparation for removing document.defaultCharset itself.

The third argument for FormDataBuilder::encodingFromAcceptCharset was
added in https://codereview.chromium.org/25417007 to handle a situation
where a form was inserted into an ImageDocument, which did not have an
encoding.

In https://codereview.chromium.org/1180793002 the charset attribute and
its aliases was made to never return null by initializing
DocumentEncodingData to UTF-8, and so the fallback to defaultCharset in
encodingFromAcceptCharset is now unreachable.

While in the area, clean up encodingFromAcceptCharset slightly to take
an explicit fallback encoding that must be valid, and use a range-based
for loop for readability.

TEST=LayoutTests/fast/images/image-page-injected-script-crash.html
BUG=567738

Review URL: https://codereview.chromium.org/1698883005

Cr-Commit-Position: refs/heads/master@{#375835}
fs
Don't report errors when SVG attributes are removed
In some cases, SVGAnimated*, and the parser for the underlying object,
will return an error when encountering a null String object (which it
will be passed when the attribute it reflects is removed.) This can be
misleading, so suppress error reporting in these cases.

Also let SVGAnimatedViewBoxRect::setBaseValueAsString delegate to its
superclass rather than open-coding the same thing. This could prove
beneficial if adding additional logic for handling attribute removals.

BUG=523685

Review URL: https://codereview.chromium.org/1702643002

Cr-Commit-Position: refs/heads/master@{#375833}
sigbjornf
If pthread stack size can't be determined, make a conservative guess.
Default the underestimated stack size for pthreads-based (non OSX) to
512k.

R=haraken
BUG=581913

Review URL: https://codereview.chromium.org/1697263006

Cr-Commit-Position: refs/heads/master@{#375814}
davve
Deprecate SVGZoomEvent and SVGZoomEvents
Deprecate the SVGZoomEvent interface and the corresponding onzoom
attribute. Show deprecation message to the user when creating the
event or when setting up an event handler using onzoom="..." on
<svg:svg>.

Intent to deprecate:

https://groups.google.com/a/chromium.org/d/msg/blink-dev/5PEUh2qHa7c/IUGlM4a9CQAJ

BUG=367890

Review URL: https://codereview.chromium.org/1691883003

Cr-Commit-Position: refs/heads/master@{#375771}
philipj
Remove KeyboardEvent.prototype.keyLocation (alias of location)
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/lqknEaUYCJM/UbNahDDMAwAJ

BUG=568261

Review URL: https://codereview.chromium.org/1700233002

Cr-Commit-Position: refs/heads/master@{#375759}
fs
Consider focusability even when tabs-to-links is enabled for <svg:a>
SVGAElement::isKeyboardFocusable could end up returning 'true' even when
the element wasn't focusable (because it had "display: none" and hence
no LayoutObject) because the value of the 'tabsToLinks' setting would be
returned without further checks. Because it wasn't focusable
setFocusedElement would not do anything, and focus would remain where it
was previously.
Make sure the focusable check is considered in this case. This makes the
SVGAElement version of this code look the same as the HTMLAnchorElement
version.

BUG=586200

Review URL: https://codereview.chromium.org/1700833003

Cr-Commit-Position: refs/heads/master@{#375713}
fs
Add David Vest to core/OWNERS
Review URL: https://codereview.chromium.org/1695383003

Cr-Commit-Position: refs/heads/master@{#375609}
mstensho
Combine 4 bools into GeometryInfoFlags.
This should be more readable and less error-prone than passing 4 bool
parameters to LayoutGeometryMap::push().

"false, false, false, false" -> "0"

Review URL: https://codereview.chromium.org/1698143002

Cr-Commit-Position: refs/heads/master@{#375600}
davve
Mark StyleGeneratedImage::m_fixedSize as const
Make it obvious that a generated image doesn't go from fixed size to
non-fixed size or vice versa during its life time.

BUG=581357

Review URL: https://codereview.chromium.org/1700023003

Cr-Commit-Position: refs/heads/master@{#375571}
mostynb
avoid 'may be used uninitialized' warnings in work_queue.cc
GCC gives 'may be used uninitialized' warnings for enqueue_order
and other_enqueue_order, so let's ensure that they're initialized.

Review URL: https://codereview.chromium.org/1700853002

Cr-Commit-Position: refs/heads/master@{#375558}
fs
Fix arguments order to EXPECT_EQ in HTMLParserIdiomsTest
BUG=586135

Review URL: https://codereview.chromium.org/1701903002

Cr-Commit-Position: refs/heads/master@{#375541}
rune
Don't add to siblingRules for features left of ::slotted.
Like for ::content distributed elements in shadow dom v0, slotted
elements do not share style if they are assigned/distributed to
different slots. Hence, we don't need to add rules to siblingRules when
the combinators or simple selectors are left of the ::slotted pseudo.

We need to add "::slotted(:nth-child(odd)" to siblingRules, but not
".a + ::slotted(.b)" nor ":nth-of-type(3)::slotted(*)".

Similarly, nothing left of :host or :host-context will ever match, so
we can treat those the same way. Selectors like "div + :host" or
":only-child:host-context(.a)" will never match. There is nothing in
the CSS Scoping spec which says they're invalid, hence they're not
dropped.

There was a bug in https://codereview.chromium.org/1683923003/ which
made us detect adjacent combinators before we had noticed the ::content
following it. The detection of sibling dependent pseudo classes like
:emtpy, :nth-child, etc and adjacent combinators have therefore been
split in this CL so that we handle the simple selectors in a compound
before we handle the combinator. Corresponding unit tests have been
added.

R=kochi@chromium.org,hayato@chromium.org

Review URL: https://codereview.chromium.org/1695393002

Cr-Commit-Position: refs/heads/master@{#375531}
mostynb
add a mechanism to define clang tarball mirrors
This patch adds a CDS_CLANG_BUCKET_OVERRIDE environment variable
which can be used to override the default google storage api
URL from which clang tarballs are downloaded.

The goal here is to minimize load on the google storage mirrors,
which can become blocked for external contributors, since it is
apparently quite difficult to figure out why and how to get
un-blocked.

BUG=586146

Review URL: https://codereview.chromium.org/1693363002

Cr-Commit-Position: refs/heads/master@{#375472}
rune
Check IsFixed specifically instead of presence of other flags.
LayoutSVGRoot::mapLocalToAncestor has an assert to check that there is
no fixed content in the SVG layout tree. However, it did incorrectly
rely on MapCoordinatesFlags being non-0. Changed the assert to check
for the Fixed flag explicitly instead.

R=mstensho@opera.com
BUG=586478

Review URL: https://codereview.chromium.org/1697543002

Cr-Commit-Position: refs/heads/master@{#375458}
sigbjornf
Tidy heap snapshotting implementation.
Adjust the division of labor between BaseHeap::takeSnapshot() and
the heap page implementations of takeSnapshot() --

 - have BaseHeap::takeSnapshot() handle creation of page dump objects
   (and their naming scheme.)
 - tally the heap free count+size in a separate object; only added to
   by "normal" heap pages.

R=
BUG=

Review URL: https://codereview.chromium.org/1700723002

Cr-Commit-Position: refs/heads/master@{#375455}
rune
Don't add siblingRules with combinator left of ::content.
RuleFeatureSet::siblingRules are collected because we need to skip
style sharing between elements which do not match the same set of
sibling selectors. Style sharing only happens if two elements' parent
chain of computed styles are common. That means that descendants of
their common ancestor also need to share style.

Due to this check in SharedStyleFinder::canShareStyleWithElement:

  if (!sharingCandidateDistributedToSameInsertionPoint(candidate))
    return false;

Elements with distributed nodes in their ancestor chain need to be
distributed to the same insertion points in order to share style. That
is, two elements which may share style match the same insertion points
for all selectors containing the ::content pseudo. Which also means
that any sibling selectors left of any ::content pseudo will match the
same sibling combinations for all elements which may share style.

Hence, we don't need to reject style sharing based on selectors like:

  .a + .b ::content .c

because the sharing would already be rejected because of insertion
point mismatch in the ancestor chain.

This CL skips adding rules to RuleFeatureSet::siblingRules if we have
seen a ::content combinator before we see any sibling selectors.

We currently rejecting style sharing for slots checking
isChildOfV1ShadowHost() in Element::supportsStyleSharing(), so we could
have skipped adding any of the ::slotted rules to siblingRules. I'm not
doing that here as that might change since ::slotted is work in
progress.

If continue to skip style sharing past different slots, this means we
will only need to consider siblingRules from the same TreeScope when
for Shadow DOM V1, which means we don't need a global set of
siblingRules.

R=kochi@chromium.org,hayato@chromium.org,esprehn@chromium.org
BUG=401359

Review URL: https://codereview.chromium.org/1683923003

Cr-Commit-Position: refs/heads/master@{#375454}
fs
Check length of String before checking if it's 8/16 bit
String::is8Bit() can't be called on 'null' Strings, so check if the
length is zero first.

BUG=586135

Review URL: https://codereview.chromium.org/1694773002

Cr-Commit-Position: refs/heads/master@{#375451}
rune
Added redistribution recalc test.
Adding a style recalc test for [1]. Elements redistributed to the same
position in the same insertion point should not need a style recalc.

[1] https://codereview.chromium.org/1677463002/

R=kochi@chromium.org
BUG=584177

Review URL: https://codereview.chromium.org/1688483003

Cr-Commit-Position: refs/heads/master@{#375430}
sbergner
Make AW state_serializer handle restoring also legacy format
This ensures that even if an app attempts to restore a state saved
before upgrading WebView (using the new state version) the old version
will still be successfully restored.

BUG=584693

Review URL: https://codereview.chromium.org/1687853002

Cr-Commit-Position: refs/heads/master@{#375418}
davve
Align IntrinsicSizingInfo with computeIntrinsicDimensions
Store aspect ratio as a ratio between two floats rather than a double,
in the same way as is done in Image::computeIntrinsicDimensions().

BUG=581357

Review URL: https://codereview.chromium.org/1690253002

Cr-Commit-Position: refs/heads/master@{#375364}
sigbjornf
Fix non-Oilpan build following r375261.
TBR=oilpan-reviews
BUG=583376
NOTRY=true

Review URL: https://codereview.chromium.org/1698683003

Cr-Commit-Position: refs/heads/master@{#375354}
sigbjornf
Avoid data race on Database::m_opened.
Upon closing, the database thread will transition m_opened
to |false|. Do that atomically so as to avoid a race when
other threads check opened() status.

R=michaeln
BUG=580994

Review URL: https://codereview.chromium.org/1694893002

Cr-Commit-Position: refs/heads/master@{#375353}
mstensho
Merge LayoutInline::mapLocalToAncestor() into LayoutObject.
Avoids code duplication and maybe also makes the LayoutObject implementation
more correct. It was typically only LayoutText objects that used the
LayoutObject implementation of mapLocalToAncestor() prior to this change.

Some extra care was needed when calling style() members, since text nodes just
copy their parent's computed style instead of just inheriting the inheritable
ones. Apart from that, it's basically just about replacing the LayoutObject
implementation with that of LayoutInline.

BUG=568492
R=leviw@chromium.org,ojan@chromium.org

Review URL: https://codereview.chromium.org/1516003003

Cr-Commit-Position: refs/heads/master@{#375269}
fs
Add support for 'href' (w/o XLink NS) for various SVG elements
This CL adds a new wrapper type SVGAnimatedHref that wraps 'href' (the
new, null/default NS version) and '(xlink:)href' (the XLink NS version).
This wrapper type is used by SVGURIReference and thus most uses of
'href' is covered by this part. SVGAnimatedHref is intended as a wrapper
for accessing the underlying value of either 'href' or 'xlink:href'. Any
updates due to setAttribute or will go directly to the underlying values
which means that synchronization etc. does not apply to the wrapper.
This is one of the "pro"s of this approach - it does not require any
modification to synching between the SVGString object and the attribute
in certain cases (like when the "active" attribute is removed). A "con"
would be that there's a lot of dead space in the object since the
wrapper itself still needs to implement the SVGAnimatedString interface
even if just forwards to the actual SVGString.
The UseCounter for href.baseVal/animVal are moved to the new wrapper.

For cases where SVGURIReference is not used, new code-paths are added to
select the right attribute.

Animation code is updated to target the 'href' in the null/default NS.

BUG=584142

Review URL: https://codereview.chromium.org/1681553002

Cr-Commit-Position: refs/heads/master@{#375192}
rune
Avoid overwrite of existing PaintLayerReflectionInfo.
The check for an existing reflectionInfo on PaintLayer before
allocating a new one fell out of [1]. This fixes the crash in the
original report in crbug.com/585699.

[1] https://codereview.chromium.org/1636563003

R=chrishtr@chromium.org
BUG=585699

Review URL: https://codereview.chromium.org/1688053003

Cr-Commit-Position: refs/heads/master@{#375169}
sigbjornf
Fix non-Oilpan build following r375129.
R=haraken
BUG=543198

Review URL: https://codereview.chromium.org/1696653002

Cr-Commit-Position: refs/heads/master@{#375160}
davve
Count document.createEvent() usage
Count all document.createEvent() calls outside what's listed in:

https://dom.spec.whatwg.org/#dom-document-createevent

BUG=569690

Review URL: https://codereview.chromium.org/1673243002

Cr-Commit-Position: refs/heads/master@{#375149}
sigbjornf
Tidy GrammarMarkerIndex spelling.
R=
BUG=

Review URL: https://codereview.chromium.org/1686263007

Cr-Commit-Position: refs/heads/master@{#375148}
mstensho
Unit tests for LayoutObject::mapLocalToAncestor() (and overrides).
BUG=568492

Review URL: https://codereview.chromium.org/1681403004

Cr-Commit-Position: refs/heads/master@{#375145}
rune
markDocumentDirty() before styleResolverChanged().
markDocumentDirty() was called after the active stylesheet list was
updated which left the tree-scope dirty after everything else was clean.

Switched the order of the statements.

R=hayato@chromium.org

Review URL: https://codereview.chromium.org/1684193003

Cr-Commit-Position: refs/heads/master@{#375139}
rune
Invalidate :-webkit-any-link for visited state changes.
We did style invalidation for :visited and :link, but UA style uses
color: -webkit-link with :-webkit-any-link and let -webkit-link be
translated into two different colors in the implementation instead of
using :visited and :link in the stylesheet.

Adding style invalidation of :-webkit-link as well. We already did that
for attribute changes on <a> and <svg:a>.

R=tkent@chromium.org
BUG=586190

Review URL: https://codereview.chromium.org/1689873004

Cr-Commit-Position: refs/heads/master@{#375138}
sigbjornf
Have ASan ignore ObjectAliveTrait<>::isHeapObjectAlive() applied to mixins
When Heap::willObjectBeLazilySwept<T>() is used on a lazy-sweepable
object where T is a mixin, the mixin's isHeapObjectAlive() virtual will
have to be used to adjust the object pointer to the head of the object.

It is unlikely that a compiler will devirtualize that call hence
mark the isHeapObjectAlive() as ASan ignorable.

R=
BUG=

Review URL: https://codereview.chromium.org/1695493002

Cr-Commit-Position: refs/heads/master@{#375137}
mstensho
Cannot do simplified layout on an object that contains a column-spanner.
Introducing LayoutFlowThread::canSkipLayout(). The implementation of this
method needed two pieces of simple functionality that already existed in other
methods. Refactored them into separate functions, instead of duplicating the
code.

BUG=512757

Review URL: https://codereview.chromium.org/1691053002

Cr-Commit-Position: refs/heads/master@{#375071}
mstensho
Remaining page height should never be 0 when told to AssociateWithLatterPage.
However, the laws of nature behave differently as LayoutUnit approaches
infinity. Just use the fragmentainer height instead of zero, but assert that
we're actually dealing with saturated arithmetic.

BUG=524882

Review URL: https://codereview.chromium.org/1691003003

Cr-Commit-Position: refs/heads/master@{#375059}
davve
Pass executionContext to document.createEvent()
In the long run, createEvent() should only work for whitelisted event
interfaces. An execution context is needed for taking the first steps
by adding use counters and doing deprecations.

BUG=569690

Review URL: https://codereview.chromium.org/1677033002

Cr-Commit-Position: refs/heads/master@{#374913}
sigbjornf
Add missing opener frame null check.
Opening a new window requires access to the calling window's frame, and
isn't supported otherwise. Add missing null check.

R=
BUG=541010

Review URL: https://codereview.chromium.org/1682173004

Cr-Commit-Position: refs/heads/master@{#374912}
davve
Expand IntrinsicSizingInfo for SVG
Add fields to IntrinsicSizingInfo specifying whether the intrinsic
width and height are specified or not. For SVGs there is a distinction
between missing width/height and setting width/height to 0. There is
code in LayoutReplaced that has specific hooks into the SVG code to
make this distinction. By having separate fields in
IntrinsicSizingInfo this entanglement can be broken.

BUG=585467

Review URL: https://codereview.chromium.org/1679743006

Cr-Commit-Position: refs/heads/master@{#374909}
philipj
Use effectivePreloadType() where possible
preloadType() is still used in two places where it ideally should not,
HTMLMediaElement::setPlayerPreload and HTMLMediaElement::seek, but
changing those would probably be observable and need tests.

Drive-by: Drop two unused HTMLMediaElement state bits

R=fs@opera.com

Review URL: https://codereview.chromium.org/1687793002

Cr-Commit-Position: refs/heads/master@{#374897}
sigbjornf
Oilpan: ImageObserver needs to be a GC mixin.
R=haraken
BUG=

Review URL: https://codereview.chromium.org/1610883002

Cr-Commit-Position: refs/heads/master@{#374896}
fs
Factor out the <textPath> positioning mapping code into a helper class
Since <textPath> will be getting a bunch of smaller new features - all
which essentially revolving around how the actual position is computed,
or how the actual path is setup, wrap the code that performs the
mapping from a location to a point on the path in a helper. The helper
is called PathPositionMapper, and for now resides with
LayoutSVGTextPath since that's the object that sets up the path data.

BUG=366559

Review URL: https://codereview.chromium.org/1683903004

Cr-Commit-Position: refs/heads/master@{#374893}
sigbjornf
Fix adopt-iframe-src-attr-after-remove.html flaky failure, attempt 2.
Test still flaky following r374872; make the ordering between timer
operations explicit -- requiring the onload's GC to have completed
before running the main part of this test.

(Semi-blind attempt, unable to reproduce locally.)

R=haraken
BUG=584209

Review URL: https://codereview.chromium.org/1689903002

Cr-Commit-Position: refs/heads/master@{#374889}
sigbjornf
Fix adopt-iframe-sec-attr-after-remove.html failure.
Delay GC until back at the event loop.

R=haraken
BUG=584209

Review URL: https://codereview.chromium.org/1692483002

Cr-Commit-Position: refs/heads/master@{#374872}
sigbjornf
Fix non-Oilpan build following r371046.
TBR=oilpan-reviews
BUG=552289

Review URL: https://codereview.chromium.org/1689773002

Cr-Commit-Position: refs/heads/master@{#374772}
sigbjornf
Fix non-Oilpan build following r374308.
TBR=oilpan-reviews
BUG=503491

Review URL: https://codereview.chromium.org/1688893002

Cr-Commit-Position: refs/heads/master@{#374724}
philipj
Rename XMLHttpRequestProgressEventThrottle to ProgressEventThrottle
XMLHttpRequestProgressEvent is no more.

BUG=357112
R=chrishtr@chromium.org

Review URL: https://codereview.chromium.org/1690503002

Cr-Commit-Position: refs/heads/master@{#374683}
mostynb
gn: make device/battery build on embedded linux
The logic for when to include the linux dbus implementation
falls into three cases: chromeos, non-chromeos linux with
dbus, and non-chromeos linux without dbus.

By using just the is_chromeos, is_linux and use_dbus
variables, this code will also build successfully on
embedded linux targets.

Review URL: https://codereview.chromium.org/1674233002

Cr-Commit-Position: refs/heads/master@{#374654}
davve
Introduce IntrinsicSizingInfo
Prepare for passing more information along, specifically whether
intrinsic sizes are specified, when computing intrinsic sizing
information. Do this by introducing a struct carrying the relevant
information. No functional change expected.

Factor out a part of computeAspectRatioInformationForLayoutBox (now
named computeIntrinsicSizingInfoForLayoutBox) and put in a separate
function constrainIntrinsicSizeToMinMax. In the process remove a FIXME
about moving code back to some undefined previous state that's
confusing now that the code has moved around even more.

BUG=585467

Review URL: https://codereview.chromium.org/1687503002

Cr-Commit-Position: refs/heads/master@{#374635}
rune
Remove unnecessary recalc of host subtree on distribute.
Nodes which need style recalculations after being distributed to new
insertion points, new positions within insertion points, or simply not
distributed anymore, are being reattached in
InsertionPoint::setDistributionNodes().

R=hayato@chromium.org,kochi@chromium.org,esprehn@chromium.org
TEST=fast/dom/shadow,fast/css
BUG=584177

Review URL: https://codereview.chromium.org/1677463002

Cr-Commit-Position: refs/heads/master@{#374629}
sigbjornf
Add registerNodeListWithIdNameCache() assert.
Follow up r374385 and catch out unsupported multiple registrations.

R=haraken
BUG=585054

Review URL: https://codereview.chromium.org/1683783002

Cr-Commit-Position: refs/heads/master@{#374614}
sigbjornf
Retire temporary cssTextCache() release assert.
R=
BUG=584692

Review URL: https://codereview.chromium.org/1682763003

Cr-Commit-Position: refs/heads/master@{#374611}
fs
Remove unused LayoutSVGTextPath::m_layoutPath
This member was probably intended for caching the path at some point in
time, but it isn't used at all at the moment. Remove it for now - maybe
something like it will make a comeback in the future.

Review URL: https://codereview.chromium.org/1686593002

Cr-Commit-Position: refs/heads/master@{#374490}
fs
Remove references to SVGPathElement from SVGAnimatedPath
There's no longer a need for being this specific. Just use SVGElement.

Review URL: https://codereview.chromium.org/1674353005

Cr-Commit-Position: refs/heads/master@{#374447}
fs
Move pathLength scale-factor computation to SVGPathElement
There'll eventually be more users of it. Maybe by means of the bug
referenced below.

BUG=366559

Review URL: https://codereview.chromium.org/1680183002

Cr-Commit-Position: refs/heads/master@{#374446}
philipj
Remove XMLHttpRequestProgressEvent (position and totalSize)
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/bpbq0Rcpauk/cnpJtHddAgAJ

BUG=357112

Review URL: https://codereview.chromium.org/1681923002

Cr-Commit-Position: refs/heads/master@{#374434}
davve
Make object-sizing-zero-intrinsic-width-height a javascript test
A javascript test can detect failures at a more fine-grained level and
is potentially less performance intensive.

BUG=585467

Review URL: https://codereview.chromium.org/1681013004

Cr-Commit-Position: refs/heads/master@{#374408}
sigbjornf
Do not re-register cached id-name HTMLCollection at same invalidation type.
An HTMLCollection creates an id-name cache for namedItem()/item() lookups.
To handle document tree invalidations following id-name mutations, the
HTMLCollection must then register with the document has having such a
cached collection.

This is done "by proxy", registering the HTMLCollection as being
dependent on id-name invalidation. This registration for the cache being
quite possibly in addition to the collection invalidation type that the
HTMLCollection is already registered at. The HTMLCollection implementation
then naturally taking care to unregister if the cache is invalidated and
cleared.

With Oilpan, the document keeps a weak set of references to these
live collections. So in the event that the HTMLCollection is already
an id-name collection and it registers its id-name cache (by proxy)
with the document, it will re-register the same collection object.
Upon invalidation of the id-name cache the unregistration will then
remove the HTMLCollection entirely as being dependent on id-name
related invalidation notifications. That lack of invalidations can
in certain circumstances lead to failure (see test.)

Address the problem by having id-name HTMLCollections not bother
with (un)registering the id-name cache as (another) live collection.
It adds no value, the collection object is already registered.

(This worked out non-Oilpan as the document there keeps bin counts
per collection invalidation type, allowing "duplicates" from the
same object.)

R=haraken
BUG=585054

Review URL: https://codereview.chromium.org/1674273004

Cr-Commit-Position: refs/heads/master@{#374385}
rune
Only cache nth-indices when child count > 32.
When matching :nth-* selectors, we sparsely cache the child index count
into a hashmap for the parent element. Doing this regardlessly gave us
a performance penalty for small number of children as where noticed in
a performance degradation for [1].

The new approach is to not cache any indices until we match an :nth-*
selector for which we walk more than 32 siblings. The number 32 were
proposed in the bug report, and it turns out to be quite suitable given
the experiments which were done comparing the implementation not using
a cache at all, and the implementation where we cached regardlessly.

We trigger caching for nth-of-type indices based on the sibling count
as well, but not the sibling-of-type count as that would cause terrible
performance if the elements of the same type were sparse compared to
other siblings.

Gives a > 40% performance improvement for [1].

[1] blink_perf.css:PseudoClassSelectors.

BUG=483338
TEST=blink_perf.css:PseudoClassSelectors

Review URL: https://codereview.chromium.org/1655993005

Cr-Commit-Position: refs/heads/master@{#374356}
mostynb
update obsolete code.google.com documentation links
This is a documentation-only change.

Disabling presubmit checks, due to "noparent" settings for the following files:
components/policy/resources/policy_templates.json
content/common/font_config_ipc_linux.h

BUG=567488
NOPRESUBMIT=true
TBR=atwilson,dcheng

Review URL: https://codereview.chromium.org/1592403002

Cr-Commit-Position: refs/heads/master@{#374213}
perja
bluetooth: android: Fix a couple of crashes when adapter is turned on/off.
These changes fixes the crashes found when toggling the adapter on/off
when device chooser dialog is used in web-bluetooth.

BUG=570610

Review URL: https://codereview.chromium.org/1610053005

Cr-Commit-Position: refs/heads/master@{#374145}
fs
Add override qualifier to SVGStaticStringList::setBaseValueAsString
Overrides method from SVGAnimatedPropertyBase.

Review URL: https://codereview.chromium.org/1673203002

Cr-Commit-Position: refs/heads/master@{#374127}
sigbjornf
Conditionally define PersistentNode destructor.
R=
BUG=

Review URL: https://codereview.chromium.org/1674113002

Cr-Commit-Position: refs/heads/master@{#374093}
sigbjornf
Improve MediaStreamTrack's hasPendingActivity predicate.
Make the predicate more precise; MediaStreamTrack objects only need
to have their lifetimes prolonged in certain non-ended states. See
comment for details.

R=haraken
BUG=583264

Review URL: https://codereview.chromium.org/1680563002

Cr-Commit-Position: refs/heads/master@{#374090}
sigbjornf
Tidy up inclusion of WebScheduler.h
Hygiene; insist on IWYU for WebScheduler.h also.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1680503002

Cr-Commit-Position: refs/heads/master@{#374055}
sigbjornf
Fix non-Oilpan build following r373473.
TBR=oilpan-reviews,rune@opera.com
BUG=

Review URL: https://codereview.chromium.org/1671263003

Cr-Commit-Position: refs/heads/master@{#374040}
sigbjornf
Revert of Don't set the origin twice when navigating for javascript: URLs (patchset #2 id:20001 of https://codereview.chromium.org/1670173002/ )
Reason for revert:
Number of MSan failures reported, https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20MSAN/builds/8451

Original issue's description:
> Don't set the origin twice when navigating for javascript: URLs
>
> As javascript: navigations will end up with a document that has the
> original document's URL, we shouldn't run the algorithm to determine
> origin on the original URL, especially since we'll override the origin
> later anyways.
>
> BUG=583445
> R=japhet@chromium.org,dcheng@chromium.org,mkwst@chromium.org
>
> Committed: https://crrev.com/75b27bda96f0fe77d40b502642d6669531981a49
> Cr-Commit-Position: refs/heads/master@{#373917}

TBR=dcheng@chromium.org,japhet@chromium.org,mkwst@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=583445

Review URL: https://codereview.chromium.org/1676793003

Cr-Commit-Position: refs/heads/master@{#374021}
fs
Remove the SVG parsing "generic error" reporting special case
With most error-reporting sites switched to using non-generic errors, the
workaround for the generic error message can be removed - giving all messages
a similar structure ("<context>: <message>").

BUG=231612

Review URL: https://codereview.chromium.org/1668183002

Cr-Commit-Position: refs/heads/master@{#373941}
fs
Error reporting for number-or-percentage
Move parseNumberOrPercentage from SVGParserUtilities to SVGNumber (since
it's the only user) and simplify it.

BUG=231612

Review URL: https://codereview.chromium.org/1667353003

Cr-Commit-Position: refs/heads/master@{#373899}
fs
Error reporting for SVGAngle
Refactor the local helepr stringToAngleType(...) to only advance past
complete matches (of units).

BUG=231612

Review URL: https://codereview.chromium.org/1669333002

Cr-Commit-Position: refs/heads/master@{#373888}
fs
Cleanup includes of XLinkNames.h
Remove includes which are not used, and use the imageSourceURL() method
in one place to abstract away future uses of 'href'.

BUG=584142

Review URL: https://codereview.chromium.org/1666363007

Cr-Commit-Position: refs/heads/master@{#373866}
sigbjornf
Do not let go of MediaStreamTracks too early.
Add missing hasPendingActivity() predicate.

R=haraken
BUG=583264

Review URL: https://codereview.chromium.org/1671033002

Cr-Commit-Position: refs/heads/master@{#373864}
sigbjornf
Avoid data race on CrossThreadPersistents during thread detachment.
As part of detaching a thread from Oilpan and emptying its heap, the
CrossThreadPersistent<>s pointing into that heap are cleared. Doing
so entails traversing the collection of such persistents and checking
their heap membership -- that traversal might race with other threads
who are not at any safepoint.

To avoid the race, insist that updates to CrossThreadPersistent<>s are
atomic along with the corresponding read when doing the above
traversal.

R=haraken
BUG=584250

Review URL: https://codereview.chromium.org/1670813004

Cr-Commit-Position: refs/heads/master@{#373814}
rune
Fixed for-loop increments in InsertionPoint::setDistributedNodes.
When we reached the end of the old/new distributed nodes in the inner
for-loop, we would do an extra increment of the index of the new/old
distributed nodes which would then lead to skipping reattach for one of
the elements.

Also removed the special treatment of reattaching fallback elements as
they would be part of the new/old vector and shouldn't need special
treatment.

The added test is currently not failing as it's hidden by a
SubtreeStyleChange on the host element which I'll try to remove in a
separate CL.

R=hayato@chromium.org,kochi@chromium.org,esprehn@chromium.org
BUG=584617

Review URL: https://codereview.chromium.org/1671873002

Cr-Commit-Position: refs/heads/master@{#373805}
sigbjornf
Split out fallback stack limit determination.
In case we're unable to get an estimate of the stack size for a platform
thread, a small stack size is assumed and its effective upper bound is
then probed and computed.

Do that in a separate method to avoid compiler-injected stack exhaustion checks
(MSVC's _chkstk()) from being always run for StackFrameDepth::enableStackLimit().
This also facilitates running GCs when up against stack pressure on Windows
platforms.

R=haraken
BUG=582819

Review URL: https://codereview.chromium.org/1673543002

Cr-Commit-Position: refs/heads/master@{#373787}
bratell
Set DOM Storage buffer size so that not everything ends up in RAM
When a database is opened the log file is read and if the write
buffer is large then it stays in memory, and this happens
every time the browser starts. By reducing the write buffer
the log file will be written into the database the first time
and then very little RAM will be used for that data.

BUG=583629

Review URL: https://codereview.chromium.org/1668463003

Cr-Commit-Position: refs/heads/master@{#373780}
landell
Use std::isnan instead of isnan in global ns
BUG=

Review URL: https://codereview.chromium.org/1665763002

Cr-Commit-Position: refs/heads/master@{#373548}
tmoniuszko
[GN] Don't rewrite files with the same contents
BUG=

Review URL: https://codereview.chromium.org/1656253003

Cr-Commit-Position: refs/heads/master@{#373544}
sigbjornf
Annotate TimerBase::CancellableTimerTask destructor as ASan ignorable.
Just like its run() method, the destructor may touch its Timer owner when
it is in a to-be-swept state; allow it.

R=haraken
BUG=581448

Review URL: https://codereview.chromium.org/1666133002

Cr-Commit-Position: refs/heads/master@{#373534}
mstensho
Remove unreachable code from TransformState::move().
Review URL: https://codereview.chromium.org/1661153002

Cr-Commit-Position: refs/heads/master@{#373530}
davve
Inline SVGImage::setContainerSize() and remove extra resize call
DrawInternal() is responsible for resizing the frame to the new
container size. Setting the frame size to the old container size
temporarily ought to be a redundant operation.

BUG=581357

Review URL: https://codereview.chromium.org/1667053002

Cr-Commit-Position: refs/heads/master@{#373517}
sigbjornf
If marking system stack is unknown, be more forgiving about stack depths.
In case we're unable to determine the stack size available for the GC
marking pass, a very conservative fallback size is used -- that size
being used to decide if the marking pass should switch to using lazy
marking instead.

If the fallback size is in effect, have the debug assert intended to catch
out unintentionally deep trace chains be more forgiving.

R=
BUG=581913

Review URL: https://codereview.chromium.org/1663823002

Cr-Commit-Position: refs/heads/master@{#373514}
sigbjornf
Reorder ScriptLoader fields to help diagnose object inconsistency.
crbug.com/570012 is showing signs of a ScriptLoader field update not
persisting on some platforms; reorder the fields to speculatively try
to perturb status.

R=
BUG=570012

Review URL: https://codereview.chromium.org/1666093002

Cr-Commit-Position: refs/heads/master@{#373505}
tmoniuszko
Support different project toolchains
Solution may contain projects configured to use non-default toolchains.
For instance solution with "Debug|Win32" configuration may contain some
projects with "Debug|x64" configuration.

BUG=305761

Review URL: https://codereview.chromium.org/1667773002

Cr-Commit-Position: refs/heads/master@{#373503}
fs
Don't propagate bbox for empty <text> to ancestors
If we have a <text> element which is "empty" (essentially has no text
content after collapsing spaces), then its bounding box would be empty,
but would still be propagated to the bounding boxes of the ancestors -
which could span them out to be bigger than expected. Similarly they
could be subject to their userspace transform with a similar effect.

Skip propagation of empty <text> element - where "empty" is defined as
"has no line boxes".

BUG=450229

Review URL: https://codereview.chromium.org/1661983002

Cr-Commit-Position: refs/heads/master@{#373501}
davve
Atomic scaling in ImageResource::imageSize()
Since https://codereview.chromium.org/1634133003/ there is only
hasRelativeSize(), no hasRelative{Width,Height}(). The code affected
by this patch was written under the latter assumption. With only
hasRelativeSize() the code can be simplified a bit to either scale or
return early.

Also remove useless ASSERT. |multiplier| is always non-equal to one in
that code branch so the assert doesn't check anything meaningful.

BUG=581357

Review URL: https://codereview.chromium.org/1661013002

Cr-Commit-Position: refs/heads/master@{#373496}
sigbjornf
Allow cssTextCache to be used on the main thread only.
https://codereview.chromium.org/864143006 tentatively made this
singleton cross-thread usable. (Repeated) testing doesn't indicate
that it is used outside the main thread, hence switch back to using
DEFINE_STATIC_LOCAL().

R=haraken,timloh
BUG=549732

Review URL: https://codereview.chromium.org/1667813002

Cr-Commit-Position: refs/heads/master@{#373493}
fs
Additional errors for SVG transform list parsing
This adds specific error messages for missing/incorrect transform
functions and missing '(' at the start of a transform function argument
list.

BUG=231612

Review URL: https://codereview.chromium.org/1663753003

Cr-Commit-Position: refs/heads/master@{#373491}
tmoniuszko
Make sure VS projects order is always the same in solution
Solution file is being rewritten and reloaded by Visual Studio if projects
order changes during 'gn gen' command.

BUG=305761

Review URL: https://codereview.chromium.org/1667553003

Cr-Commit-Position: refs/heads/master@{#373486}
rune
Incorrect setHasMediaQueries() when @media rule is dropped.
Trying to insert an @media rule into a stylesheet were incorrectly
marking the stylesheet as containing media queries before the media
rule was dropped because it was inserted before an @namespace rule.

That caused unnecessary rebuilding of rule sets for the stylesheet with
the dropped rule when a media query evaluation changed in some other
stylesheet.

R=timloh@chromium.org

Review URL: https://codereview.chromium.org/1669493006

Cr-Commit-Position: refs/heads/master@{#373473}
fs
Rename local limit variable in SVG transform argument parsing
Rename maxPossibleParams to requiredWithOptional to more precisely
describe what it is.

BUG=231612

Review URL: https://codereview.chromium.org/1655153002

Cr-Commit-Position: refs/heads/master@{#373217}
mstensho
Introduce RenderingTest::getLayoutObjectByElementId().
Because it's boring to type document().getElementById("foo")->layoutObject().

Review URL: https://codereview.chromium.org/1662483002

Cr-Commit-Position: refs/heads/master@{#373150}
fs
Support 'pathLength' for stroking operations on <path>
This implements support for the 'pathLength' attribute on <path>.

BUG=536217

Review URL: https://codereview.chromium.org/1376523002

Cr-Commit-Position: refs/heads/master@{#373110}
fs
Error reporting for SVG transform lists
Report too short/long argument lists to transform functions as well as
trailing garbage (separators). Could still be improved wrt invalid
transform functions and missing opening parenthesis.

BUG=231612

Review URL: https://codereview.chromium.org/1659513002

Cr-Commit-Position: refs/heads/master@{#373100}
tommyt
Call BluetoothGatt#close() after disconnecting
This fixes the problem where connections are never properly removed,
causing the BluetoothAdapter to eventually not be able to connect at
all.

BUG=576819

Review URL: https://codereview.chromium.org/1618273002

Cr-Commit-Position: refs/heads/master@{#372986}
tmoniuszko
Use ElapsedTimer to measure VS files generation time in GN
BUG=305761

Review URL: https://codereview.chromium.org/1651113002

Cr-Commit-Position: refs/heads/master@{#372912}
sigbjornf
Support reviving a disposed plugin container.
When a plugin element updates its 'persisted' renderless widget (a plugin
container most likely), we notify the previous one kept as having been
detached and disposed of. The plugin container must then promptly clear
the reference to its external WebPlugin (and others), for safety.

It is however possible for the embedder to still keep references to that
plugin container and afterwards revive it by assigning it a replacement
plugin. Support such revivification.

R=haraken
BUG=582811

Review URL: https://codereview.chromium.org/1652093002

Cr-Commit-Position: refs/heads/master@{#372907}
mstensho
LayoutBox cannot be non-atomic inline.
Don't account for such a situation. Instead, just assert that
it doesn't happen.

Review URL: https://codereview.chromium.org/1658643002

Cr-Commit-Position: refs/heads/master@{#372823}
davve
Document lifecycle violation workaround
Add comments describing how scheduleSVGFilterLayerUpdateHack's
lifecycle violation is handled and remove stale comments about
<iframe> compositioning long fixed.

NOTRY=true

Review URL: https://codereview.chromium.org/1544973002

Cr-Commit-Position: refs/heads/master@{#372715}
bratell
Handle NaN in the Audio delay curves.
Since switching from std::min to clampTo NaN has caused ASSERTs.
This restores the old behaviour of no ASSERT and a delay interpreted
as maxDelayTime.

BUG=582699
R=rtoy@chromium.org

Review URL: https://codereview.chromium.org/1657763002

Cr-Commit-Position: refs/heads/master@{#372710}
sigbjornf
Make copyToVector() robust against conservative GCs.
When resizing copyToVector()'s incoming vector to match the size of
the collection being copied from, do this in a manner that locks out
GCs across that vector backing store allocation.

If not, there's a risk that the collection's size might shrink across
that GC, and leave the vector as having an overestimated size.
copyToVector() will in that case unexpectedly encounter empty
elements in the tail, and fail.

This can only happen for Oilpan heap collections having weak references..
and that collection is not directly stack-reachable when a conservative
GC triggers. Rare, but copyToVector()'s obligation to make that safe
rather than its callers.

R=haraken
BUG=581698

Review URL: https://codereview.chromium.org/1652953002

Cr-Commit-Position: refs/heads/master@{#372693}
fs
Refactor parsing in SVGTransformList
In preparation for extended error reporting.

Split SVGTransform creation out of parseTransformOfType, and then fold
the remains into parseTransformParamList - naming the result
parseTransformArgumentsForType. Use a Vector with suitable
initial-capacity rather than a float[]. Change the handling trailing
commas so that it is not triggered when the maximum number of arguments
are reached. (This will allow for better errors to be reported in some
cases.)
Change parseAndSkipTransformType to return the parsed type via the
return value rather than an out parameter.
Reduce the number of calls to skipOptionalSVGSpaces in parseInternal
and parseTransformArgumentsForType, and make better use of the return
value from it.

Also make SVGTransformList::consolidate() and add() use initialize(...)
rather than open-coding it.

BUG=231612

Review URL: https://codereview.chromium.org/1643243002

Cr-Commit-Position: refs/heads/master@{#372656}
fs
Use StylePath instead of (Path)StyleMotionPath
Replace uses of PathStyleMotionPath with StylePath and remove the former
as well as the StyleMotionPath base-class. The methods length() and
isClosed() are transferred to StylePath.
Pass const CSSValue& to StyleBuilderConverter::convertPath (fixup to
https://codereview.chromium.org/1545713003) necessitating mutability.
Convert motion-path style building to use a converter.

BUG=535429

Review URL: https://codereview.chromium.org/1649003002

Cr-Commit-Position: refs/heads/master@{#372643}
sigbjornf
Fix safepoint entering when waiting for a debugger task.
When attempting to run worker debugger tasks, a timed wait is made on
the underlying task queue. While doing so, we are at a safepoint wrt
Blink GCs for the worker, and enter a safepoint scope.

The worker thread's stack will not be empty and clear of potential heap
references at that point; enter the safepoint with an appropriate
stack state.

R=
BUG=582710

Review URL: https://codereview.chromium.org/1656533002

Cr-Commit-Position: refs/heads/master@{#372570}
mostynb
support symlinks in zip files in build_utils.ExtractAll
Without this, extracting zip files which contain symlinks does not
work- instead of creating symlinks, regular files are written with
the symlink target.

Review URL: https://codereview.chromium.org/1641703002

Cr-Commit-Position: refs/heads/master@{#372557}
mstensho
Refuse to paginate if page height is 0.
When printing a document with an IFRAME, we first call
Document::setPrinting(true) on the root document and lay it out, then call
setPrinting(true) on the IFRAME document and lay it out. When we're done
printing, we first call setPrinting(false) on the root document and lay it out.
If this layout pass causes the IFRAME to be resized, we'll lay out the document
inside the IFRAME as well. When reaching LayoutView::layout() for the IFRAME
now, shouldUsePrintingLayout() will return true [1], and we'll establish a
ViewFragmentationContext for the child frame. This is harmful, since page
logical height is 0, and we'd end up dividing by zero when attempting to figure
out how much space we have left on a page for a given offset inside a multicol
container.

[1] shouldUsePrintingLayout() normally returns true for root frames only, with
one exception: if the child document is printing(), while the parent isn't. The
intention with this exception is to be able to print only an IFRAME
(iframeElement.contentWindow.print()), but in this case it had a nasty
side-effect.

BUG=578726
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1603613002

Cr-Commit-Position: refs/heads/master@{#372454}
fs
Error reporting for SVGInteger and SVGIntegerOptionalInteger
Also includes a minor cleanup of SVGInteger::setValueAsString.

BUG=231612

Review URL: https://codereview.chromium.org/1644293003

Cr-Commit-Position: refs/heads/master@{#372401}
sigbjornf
Keep (Heap)TerminatedArray in a consistent state while building.
When building a (Heap)TerminatedArray<T>, be careful to always have a
'last marker' set while doing so. Otherwise, should a conservative GC
strike while building, there's no last marker to terminate the tracing
of the HeapTerminatedArray<> elements.

R=haraken
BUG=581698

Review URL: https://codereview.chromium.org/1650123002

Cr-Commit-Position: refs/heads/master@{#372367}
bratell
[BinarySize] Filter duplicate lines in nm output.
nm just outputs the symbols it finds in the debug sections of the binary
and sometimes the same symbol appears more than once, with the exact
same data.

The binary_size tool would think that it was two different symbols that
shared the same address so it would get the numbers right, but the
output would be confusing since the memory would be split in two
halves.

BUG=

Review URL: https://codereview.chromium.org/1645843004

Cr-Commit-Position: refs/heads/master@{#372359}
tmoniuszko
Visual Studio generators for GN
BUG=305761

Review URL: https://codereview.chromium.org/1570113002

Cr-Commit-Position: refs/heads/master@{#372354}
rune
No pseudo elements in SelectorChecker::Mode QueryingRules.
QueryingRules mode is used by the Selectors APIs and when selecting
distributed nodes from the select attribute of the <content> element in
Shadow DOM V0.

CSSSelector::isCompound called from HTMLContentElement::validateSelect
makes sure we don't pass selectors with pseudo element selectors to the
rule collector.

Here we introduce a check which skips adding a selector to the selector
list in SelectorDataList if it will match a pseudo element. Such
selectors are still valid, and won't throw, but will result in an empty
result. If no selectors are added to SelectorDataList, we just skip the
DOM traversal.

This means we can replace the QueryingRules check in checkPseudoElement
with an assert.

BUG=489481

Review URL: https://codereview.chromium.org/1602833002

Cr-Commit-Position: refs/heads/master@{#372342}
rune
Add use counter for indirect adjacent selectors.
R=ojan@chromium.org
BUG=378058

Review URL: https://codereview.chromium.org/1641583002

Cr-Commit-Position: refs/heads/master@{#372341}
fs
Refactor away SVGPathSource
This CL moves the SVGPathParser::initialCommandIsMoveTo functionality into
the path data sources that needs this check - eliminating the need for the
SVGPathSource method peekSegmentType.
This leaves SVGPathParser::parsePath as a fairly trivial loop doing
parseSegment + emitSegment. Converting this function to a templated one,
The remaining two methods of the SVGPathSource interface no longer need to
be (called) virtual(ly) - allowing us too remove the interface entirely,
and simplify and inline code (hasMoreData) accordingly.
The net effect on (binary) code size is a roughtly 1.5k reduction.
Also rename and refactor some of the helpers in SVGPathStringSource.cpp
to try to better illustrate what they are used for.

BUG=467592

Review URL: https://codereview.chromium.org/1646543004

Cr-Commit-Position: refs/heads/master@{#372329}
sigbjornf
Support weak WebPrivatePtr<>s.
Parameterize WebPrivatePtr<> over the strength of the reference it maintains:

 WebPtrivatePtr<T, crossThreadDestruction, strongOrWeak>

where

 crossThreadDestruction = WebPrivatePtrDestruction{SameThread, CrossThread}
 strongOrWeak = WebPrivatePtrStrength::{Normal, Weak}

If Normal, the reference is the normal strong kind, which means either
a RefPtr<> or a strong off-heap (CrossThread)Persistent<T> Oilpan reference.

If Weak, the Oilpan reference will be (CrossThread)WeakPersistent<T>, meaning
that the WebPrivatePtr<> will not keep the object alive on its own. Any
dereference of the WebPrivatePtr<> will consequently have to check if the
reference has been cleared before using.

The abstraction doesn't currently support weak non-Oilpan references.

R=
BUG=

Review URL: https://codereview.chromium.org/1618043003

Cr-Commit-Position: refs/heads/master@{#372324}
fs
Don't give 'order' semantic errors special treatment
Just set the parse status to the (new) error code for "zero value" or
"negative value" and let it propagate.
This makes SVGDocumentExtensions::reportWarning dead, so remove it.

BUG=231612

Review URL: https://codereview.chromium.org/1645043002

Cr-Commit-Position: refs/heads/master@{#372176}
sigbjornf
Speculatively handle weak member clearing while creating iteration vector.
CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173

Review URL: https://codereview.chromium.org/1642913002

Cr-Commit-Position: refs/heads/master@{#372112}
sigbjornf
Fix non-Oilpan build following r372015.
TBR=oilpan-reviews,tkent
BUG=477839
NOTRY=true

Review URL: https://codereview.chromium.org/1640233005

Cr-Commit-Position: refs/heads/master@{#372091}
sigbjornf
RenderViewTest: really drain the event loop before shutting down Blink.
And with that in place, undo the partial fix by r371169.

R=haraken,jochen
BUG=581948
NOTRY=true

Review URL: https://codereview.chromium.org/1645923002

Cr-Commit-Position: refs/heads/master@{#372088}
sigbjornf
Let notifyScriptLoadError() handle already detached ScriptLoaders.
If a ScriptRunner has been disposed of already, allow ScriptLoaders
to notify of their failure without asserting.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1642863002

Cr-Commit-Position: refs/heads/master@{#372075}
sigbjornf
Revert of Let notifyScriptLoadError() handle already detached ScriptLoaders. (patchset #3 id:40001 of https://codereview.chromium.org/1644483002/ )
Reason for revert:
The change here assumes PendingScripts are separately allocated objects, an M50 change. This makes for more difficult backporting. Unnecessarily so.

Hence reverting and will reland a variation ( https://codereview.chromium.org/1642863002/ ) that works for older branches.

Original issue's description:
> Let notifyScriptLoadError() handle already detached ScriptLoaders.
>
> If a ScriptRunner has been disposed of already, allow ScriptLoaders
> to notify of their failure without asserting.
>
> R=haraken
> BUG=570012
>
> Committed: https://crrev.com/e7bf58190483dffac8e78506884170720165b198
> Cr-Commit-Position: refs/heads/master@{#371772}

TBR=haraken@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=570012

Review URL: https://codereview.chromium.org/1640263004

Cr-Commit-Position: refs/heads/master@{#372058}
rune
Moved element style recalc count and stats to StyleEngine.
There are two element style recalc counters, one in Document, and one
in StyleResolver. The one in StyleResolver includes pseudo elements in
that count. We are unifying thesie counts keeping pseudo elements
included which means that the element recalc count will be higher for
tracing and the inspector, but unchanged for
internals.updateStyleAndReturnAffectedElementCount().

Also the StyleResolverStats is moved from StyleResolver to StyleEngine.
This means the stats will survive a clearResolver().

This change is motivated around item 6 and 9 in the design document for
crbug.com/401359.

R=dstockwell@chromium.org
BUG=401359

Review URL: https://codereview.chromium.org/1644543002

Cr-Commit-Position: refs/heads/master@{#372045}
rune
::before/::after are not features for invalidation.
We store a flag for finding ::before or ::after in
InvalidationSetFeatures, yet they are not added as features to
invalidation sets. That means we need to handle *::before as a universal
selector and cause subtree invalidations.

R=ericwilligers@chromium.org
BUG=581675

Review URL: https://codereview.chromium.org/1639133003

Cr-Commit-Position: refs/heads/master@{#372035}
fs
Implement specced parsing algorithm for <area coords>
This implements the parsing algorithm for "list of floating point
numbers" and uses it to parse the 'coords' attribute on <area>.
The fractional part of numbers are no longer discarded.
The old parsing code in platform/Length.cpp is no longer used and is
removed.

BUG=578114

Review URL: https://codereview.chromium.org/1636333003

Cr-Commit-Position: refs/heads/master@{#371940}
fs
Use SET_NESTED_VAR instead of SET_VAR where possible in ComputedStyle
In some cases this could save a copy of the outer object
(rareNonInheritedData in all cases.)
This also saves almost 3.5k of binary footprint.

BUG=581413

Review URL: https://codereview.chromium.org/1638213004

Cr-Commit-Position: refs/heads/master@{#371860}
fs
Lazily create the Path in StylePath
Instead of creating the Path object up front - when the StylePath is
created - create it on first access/use (usually on paint/layout.)

Review URL: https://codereview.chromium.org/1640313002

Cr-Commit-Position: refs/heads/master@{#371850}
fs
Extended error reporting for SVG path parsing
Adds reporting of errors for the errors detected:

 * Missing starting moveto
 * Missing command verb
 * Unexpected input type (number, arc flag)

The parsing helper parseArcFlag() is adjusted to not consume any
character on error.

BUG=231612

Review URL: https://codereview.chromium.org/1642463004

Cr-Commit-Position: refs/heads/master@{#371849}
fs
Fix typo(s) in css3/filters/effect-reference-composite*.html
y=20" -> y="20"

Review URL: https://codereview.chromium.org/1633093002

Cr-Commit-Position: refs/heads/master@{#371819}
mstensho
Display -webkit-filter objects in any column (instead of only in the first one).
Most of our painting-related operations take place after fragmentation, i.e.
via PaintLayerPainter::paintFragmentWithPhase(). All such operations can just
sit back and relax and not worry about fragmentation, since translation and
clipping for a given fragmentainer (column) has already taken place.

This is not the case for filters, though. They are set up before fragmentation.
Therefore, we need to make the bounding box of the layer visual (convert out of
the flow thread coordinate space) on our own. We now do this specifically for
filters, or we'd upset other parts of the code, such as clip path.

BUG=530074
R=wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1645583002

Cr-Commit-Position: refs/heads/master@{#371808}
tmoniuszko
Move trace_event.h include from v8_platform.h to .cc file
trace_event.h is redundant in header file. It also causes compilation
issues when Blink precompiled headers are used on Windows (Bug 495697).

BUG=

Review URL: https://codereview.chromium.org/1585693002

Cr-Commit-Position: refs/heads/master@{#371801}
tmoniuszko
Fix //chrome/app/test_support dependency on //chrome/browser/policy:path_parser
BUG=

Review URL: https://codereview.chromium.org/1646483002

Cr-Commit-Position: refs/heads/master@{#371790}
bratell
Report PeriodicWave memory usage to v8 so GC can be properly scheduled
A PeriodicWave object can use half a MB and v8 needs to know about that
or it will not schedule garbage collects when memory usage increases.

BUG=578351

Review URL: https://codereview.chromium.org/1632753002

Cr-Commit-Position: refs/heads/master@{#371777}
mstensho
Remove support for -webkit-column-span:1
This was an "alias" for -webkit-column-span:none. '1' is not a valid value,
according to the spec. The only valid values are 'none' and 'all'. In an older
version of the spec, '1' and 'all' were the valid values. In the latest version
(2011), '1' was changed to 'none'.

It's highly unlikely that removing this should cause compatibility problems.
The initial value is 'none' (which is what '1' was mapped to), so in order to
cause trouble, one would need a declaration -webkit-column-span:all to be
overridden by a -webkit-column-span:1. I went through httparchive to verify.
No sites were found to do this.

R=timloh@chromium.org

Review URL: https://codereview.chromium.org/1635993002

Cr-Commit-Position: refs/heads/master@{#371773}
sigbjornf
Let notifyScriptLoader() handle already detached ScriptLoaders.
If a ScriptRunner has been disposed of already, allow ScriptLoaders
to notify of their failure without asserting.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1644483002

Cr-Commit-Position: refs/heads/master@{#371772}
fs
Avoid unnecessary CoW for outer DataRef when applying transform-origin
Even if the transform-origin is the same as the current value,
rareNonInheritedData will still be copied.
Add a new macro SET_NESTED_VAR, similar to the existing SET_VAR, but
allowing an intermediate |base| field to be specified, avoiding the
access in the dereference of that field from the group.

BUG=571183

Review URL: https://codereview.chromium.org/1636503005

Cr-Commit-Position: refs/heads/master@{#371766}
davve
Condense Image::hasRelative{Width,Height}() into one
Image::hasRelative{Width,Height} always return the same result so
there is no need for two functions. Since
https://codereview.chromium.org/26390004 there is no reason to have
these separate since the SVGImage implementations are gone.

BUG=581357

Review URL: https://codereview.chromium.org/1634133003

Cr-Commit-Position: refs/heads/master@{#371764}
davve
Consistency in LayoutReplaced::computeReplacedLogicalWidth()
All other return values pass through
computeReplacedLogicalWidthRespectingMinMaxWidth, let this one do so
too.

Review URL: https://codereview.chromium.org/1637473002

Cr-Commit-Position: refs/heads/master@{#371761}
rune
Marked parsing as failed for invalid compound.
If we return nullptr trying to consume a compound, and all tokens have
been consumed, we don't recognize that as a parse failure if a valid
selector precedes the compound. Set m_failedParsing to true to notice
we have an invalid selector.

R=timloh@chromium.org
BUG=581257

Review URL: https://codereview.chromium.org/1634273003

Cr-Commit-Position: refs/heads/master@{#371760}
fs
Negative or zero radius for <area shape=circle> gives an empty shape
Step 7 in

https://html.spec.whatwg.org/multipage/embedded-content.html#processing-model

BUG=578125

Review URL: https://codereview.chromium.org/1631303002

Cr-Commit-Position: refs/heads/master@{#371742}
fs
The missing value default for <area shape> is 'rect'
There is no invalid value default, so the missing value default will
apply in that case too.
The 'Unknown' HTMLAreaElement::Shape enumeration value is no longer
needed, so remove it.

Also add support for the non-conforming <area shape> values:

 * 'circ'     (alias for 'circle')
 * 'polygon'  (alias for 'poly')
 * 'rectangle (alias for 'rect')

Because 'rect' (and hence 'rectangle') is the same as the missing
value default we don't need any explicit checks for these values.

https://html.spec.whatwg.org/multipage/embedded-content.html#attr-area-shape

BUG=578125

Review URL: https://codereview.chromium.org/1632133007

Cr-Commit-Position: refs/heads/master@{#371731}
philipj
Remove superfluous semicolons around IPC message macros
These macros are defined such that trailing semicolons (or inner
semicolons) have no effect, and they are overwhealmingly used without
semicolons, as per the documentation in ipc_message_macros.h.

Review URL: https://codereview.chromium.org/1639713002

Cr-Commit-Position: refs/heads/master@{#371706}
mstensho
Adjust column rows' height better for their offset in the multicol container.
We were missing the case where the first object in a multicol container was a
spanner (the call to previousSiblingMultiColumnSet() should have been
previousSiblingMultiColumnBox(), to catch spanner placeholders in addition to
column sets).

But instead of having a special code path depending on whether we're dealing
with the first box or not (to avoid subtracting the multicol container's top
border and padding from an uncalculated logical top of a column set), always
subtract the margin top edge of the first column box instead.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1631633002

Cr-Commit-Position: refs/heads/master@{#371661}
sigbjornf
Promptly let go of WebURLLoader objects.
The objects keeping their own WebURLLoaders (and thus being
WebURLLoaderClients) must promptly let go of their ownership upon
becoming garbage. Not doing so risks the embedder calling the client
while it is in a sweepable state.

R=
BUG=568173

Review URL: https://codereview.chromium.org/1635113002

Cr-Commit-Position: refs/heads/master@{#371639}
davve
Avoid calling imageForCurrentFrame needlessly on SVGImageForContainer
Propagate SVGImage::isTextureBacked() through SVGImageForContainer to
make https://codereview.chromium.org/1438663002 effective in more
cases.

BUG=552406

Review URL: https://codereview.chromium.org/1635123002

Cr-Commit-Position: refs/heads/master@{#371535}
davve
Media Session: prepare for implicit activation of user created session
Provide an optional WebMediaSession to embedder when creating a
WebMediaPlayer. A null WebMediaSession means the player should belong
to the default media session.

BUG=497735

Review URL: https://codereview.chromium.org/1585163002

Cr-Commit-Position: refs/heads/master@{#371530}
fs
Use ASCII case-insensitive matching for ident-likes in the CSS parser
This CL replaces CSSParserToken::valueEqualsIgnoringCase and
CSSParserString::equalIgnoringCase with valueEqualsIgnoringASCIICase
and equalIgnoringASCIICase respectively - calling the similarly named
function in WTF.
Some cases where CSSParserToken::value() was coerced to a String is
changed to avoid the coercion - using the CSSParserToken method
directly.
Similarly some cases that use the CSSParserString overload for
equalIgnoringCase is changed to use the method on CSSParserToken.
The dead equalIgnoringCase(const CSSParserString&, ...) function in
LegacyCSSPropertyParser.cpp is removed.

BUG=581001

Review URL: https://codereview.chromium.org/1636453002

Cr-Commit-Position: refs/heads/master@{#371500}
davve
Drop contradictory condition in min-width clamping
isMaxSizeNone() is nonsensical for min-width. Zero (but represented as
Auto) is initial Length value for min-width, not MaxSizeNone. This
stands out after the rename from isUndefined() to isMaxSizeNone(). But
in this case it seems |style()->logicalMinWidth().isMaxSizeNone()| was
a just long alias for |false| so remove it.

Review URL: https://codereview.chromium.org/1633683002

Cr-Commit-Position: refs/heads/master@{#371494}
fs
Match <area shape> ASCII case-insensitively
The 'shape' attribute on HTMLAreaElement is an "enumerated attribute"
[1], which means that it should be matched ASCII case-insensitively[2].

To get a proper overload of equalIgnoringASCIICase(...) that matches the
required use (AtomicString against string literal/const char*),
restructure the definition of equalIgnoringASCIICase() to do away with
the templated version in favor of a generic StringImpl* version, and
specific wrappers around that one for AtomicString/String.
Also add a specialization for comparing against char/LChar.

No effect on the specified test because:
a) Invalid/missing value default is not per spec, so the unexpected shape
is picked anyway.
But more importantly:
b) the way case-folding is implemented/specified, no non-ASCII character
is case-folded to something in the ASCII-range.

[1] https://html.spec.whatwg.org/multipage/embedded-content.html#attr-area-shape
[2] https://html.spec.whatwg.org/multipage/infrastructure.html#enumerated-attribute

TEST=fast/html/area-shape.html
BUG=578125

Review URL: https://codereview.chromium.org/1624383002

Cr-Commit-Position: refs/heads/master@{#371478}
sigbjornf
Precisely account for required buttons in a radio group.
As part of processing the name attribute for a radio button, it is
added to the current radio button group. For buttons that are
additionally "required", that leads to double accounting for the
group's count of such required buttons, as the radio button group
doesn't keep track what has been registered as "required" already
or not.

Address by having the button group track the registered "required"
state of its members/buttons.

R=keishi,tkent
BUG=

Review URL: https://codereview.chromium.org/1632493002

Cr-Commit-Position: refs/heads/master@{#371476}
fs
Use even-odd fill rule for <area shape=poly>
See step 8, "Polygon state" in

https://html.spec.whatwg.org/multipage/embedded-content.html#processing-model

BUG=578125

Review URL: https://codereview.chromium.org/1630763002

Cr-Commit-Position: refs/heads/master@{#371371}
rune
Serialize namespaced type/* selectors according to CSSOM spec.
See https://drafts.csswg.org/cssom/#serializing-selectors.

The serialize-namespaced-type-selectors.html test is a stripped version
of this pull request: https://github.com/w3c/csswg-test/pull/1020
Gecko (Firefox 43) passes all those tests.

As part of this we are fixing problems with universal selectors being
incorrectly marked as explicit (for serialization) in certain cases.

When we have pseudo elements which require an implicit shadow combinator
to match across shadow boundaries, we need to add an implicit universal
selector to make the combinator combine the pseudo with some parent when
the original selector doesn't have any other simple selectors.

video::cue(i) can add the combinator between video and ::cue(i), while
::cue(i) requires a universal selector in the internal representation
to have ::cue(i) -> /implicit-shadow-crossing/ -> *.

For ::cue(i), the universal selector were marked correctly as implicit
to avoid it being serialized as *::cue(i). However, with an explicit
universal selector in the source *::cue(i), the universal selector were
marked as explicit due to an incorrect isNull() check. Explicit
universal selectors were already dropped from the serialization of
selectors like *::before.

BUG=579043

Review URL: https://codereview.chromium.org/1607873002

Cr-Commit-Position: refs/heads/master@{#371363}
sigbjornf
Have WebGeolocationController always wrap up its private controller object
Until Oilpan is firmly enabled, always use GeolocationControllerPrivate
to wrap up the non-owned GeolocationController* object. The previous
implementation was performing an untidy downcast with undefined behavior;
no need for such shortcuts here.

R=
BUG=581112

Review URL: https://codereview.chromium.org/1638573002

Cr-Commit-Position: refs/heads/master@{#371341}
fs
Error reporting for SVGLength and SVGLengthList
LoFi error reporting for SVGLength (LoFi because it uses the CSS
parser, and hence can't provide locus information.)
Minor cleanup in SVGLengthList, hoisting the call to clear().
Adding SVGParsingError::offsetWith to support the nested parsing going
on in SVGLengthList.

BUG=231612

Review URL: https://codereview.chromium.org/1636503003

Cr-Commit-Position: refs/heads/master@{#371288}
rune
Fix selector namespace prefix resolution.
When parsed without a stylesheet context, there are no prefix to
namespace URI mapping, so a ns name prefixed selector should be
invalid. Instead, we mapped "ns|e" to "*|e".

Here, we instead make "ns|e" invalid in contexts where there is no
stylesheet. However, "|e" and "*|e" should still be valid, so that part
of the prefix resolution is moved from the stylesheet to the selector
parser.

This meant that prefix resolution was incorrect for the select
attribute of the content element.

Also, prefixes in Selectors API were handled outside of the selector
parsing instead. Now we handle it inside the selector parsing instead
which means that we throw a SyntaxError instead of a NamespaceError for
unresolved namespace prefixes in the Selectors API. This is in line
with the specifications[1][2] and Gecko.

Another issue, was that setting selectorText of StyleRule did not pass
a stylesheet to the selector parser, so namespace resolution did not
work for setting selectorText.

[1] https://www.w3.org/TR/selectors-api2/#resolving-namespaces
[2] https://dom.spec.whatwg.org/#scope-match-a-selectors-string

R=timloh@chromium.org
BUG=580023,580445

Review URL: https://codereview.chromium.org/1616423003

Cr-Commit-Position: refs/heads/master@{#371275}
sigbjornf
Fix g++ builds by avoiding early HeapSupplement<Document> instantiation.
Building ToT with g++ (component build) currently breaks when using
the Oilpan type HeapSupplement<Document>:

 ...
 error: type attributes ignored after type is already defined [-Werror=attributes]
 ...
 .../dom/Document.h:179:51: note: in expansion of macro ‘WillBeHeapSupplement’
 extern template class CORE_EXTERN_TEMPLATE_EXPORT WillBeHeapSupplement<Document>;

It appears that g++ cannot be kept happy if it implicitly instantiates
a template at a type and then later sees an extern decl like the above
with some extra attributes attached.

Hence, bring the required types into scope for FontFaceSet's declaration
to avoid that unfortunate situation.

R=haraken,thakis
BUG=

Review URL: https://codereview.chromium.org/1634683002

Cr-Commit-Position: refs/heads/master@{#371270}
fs
Add tests for HTMLAreaElement coords/shape and processing model
This makes local copies of:

 html/semantics/embedded-content/the-area-element/area-coords.html
 html/semantics/embedded-content/the-area-element/area-processing.html
 html/semantics/embedded-content/the-area-element/area-shape.html
 html/semantics/embedded-content/the-area-element/support/hit-test.js

in fast/html/ and adjust them so that they can run correctly in the
test runner. The adjustment amounts to referencing a different image
than the original, and doing so using a relative path, and putting
hit-test.js in the local resources/ directory in fast/html.

BUG=578125,578114,498120

Review URL: https://codereview.chromium.org/1618373002

Cr-Commit-Position: refs/heads/master@{#371246}
fs
Match 'i' attribute selector modifier case-insensitively
The 'i' should be treated as an identifier, so matching should be ASCII
case-insensitive.

BUG=580446

Review URL: https://codereview.chromium.org/1626563002

Cr-Commit-Position: refs/heads/master@{#371228}
rune
Missing m_failedParsing=true for unresolved namespace.
When we already have an accepted compound and we return nullptr for a
second fully consumed compound, we were relying on non-consumed tokens
like trailing spaces to detect that the selector was invalid. Setting
m_failedParsing=true fixed it.

R=timloh@chromium.org
BUG=580496

Review URL: https://codereview.chromium.org/1625433002

Cr-Commit-Position: refs/heads/master@{#371202}
fs
Remove use of minimumValueForLength in HTMLAreaElement::getRegion
While the 'coords' attribute on HTMLAreaElement is stored as a
Vector<Length>, the Lengths will all be of the type 'Fixed'. This means
that the only effect of minimumValueForLength() will be to round-trip
through LayoutUnit - resulting in a clamp to the allowed range of
LayoutUnit. Replace the uses of minimumValueForLength() with a new
function (clampCoordinate) that only does this clamping.

No functional changes.

BUG=578114

Review URL: https://codereview.chromium.org/1619793002

Cr-Commit-Position: refs/heads/master@{#371184}
rune
Add regression test for crbug.com/408957
Issue 408957 was fixed when fixing 557440. This CL is just adding a
test for it.

R=ericwilligers@chromium.org
BUG=408957

Review URL: https://codereview.chromium.org/1607893002

Cr-Commit-Position: refs/heads/master@{#371180}
sigbjornf
Insist on a Blink GC on RenderViewImpl unit test teardowns.
Without it, flaky LSan reports are a risk, depending on GC timing and
on tests allowing posted GC tasks to be processed before many of them
abruptly clear posted messages as part of their operation.

R=haraken
TBR=jochen
BUG=

Review URL: https://codereview.chromium.org/1621823004

Cr-Commit-Position: refs/heads/master@{#371169}
philipj
Fix typo in link to ccache for Mac
R=andybons@chromium.org

Review URL: https://codereview.chromium.org/1624903002

Cr-Commit-Position: refs/heads/master@{#371150}
sigbjornf
Also transfer pending in-order scripts upon element moving to new document
Extend the ScriptLoader script runner reassociation that happens when a
script element moves to a new document to also include pending in-order
scripts.

Having this be restricted to async scripts unnecessarily confuses the
ScriptLoader when it notifies the ScriptRunner.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1620983002

Cr-Commit-Position: refs/heads/master@{#371145}
landell
Include stdlib.h for bsearch
BUG=

Review URL: https://codereview.chromium.org/1618193002

Cr-Commit-Position: refs/heads/master@{#371057}
rune
Removed selector matching check for invalid pseudo elements.
The check removed checked that only custom pseudo elements and
::selection allow other simple selectors to follow. This is now handled
entirely at parse time.

R=esprehn@chromium.org,timloh@chromium.org
BUG=489481

Review URL: https://codereview.chromium.org/1605523002

Cr-Commit-Position: refs/heads/master@{#371054}
fs
Extended error reporting for SVGNumber/Point/Rect and related types
Add extended error reporting for "number-based" types - SVGNumber,
SVGNumberList, SVGNumberOptionalNumber, SVGPoint, SVGPointList and
SVGRect.

Also clean up some of the parsing functions and eliminate some
unnecessary clear() calls in the list types.

BUG=231612

Review URL: https://codereview.chromium.org/1620203002

Cr-Commit-Position: refs/heads/master@{#371022}
sigbjornf
Keep PlatformSpeechSynthesisVoice off the Oilpan heap.
Keeping this object on the heap makes some sense in terms of regularity:
all the other Blink objects that refer to it are on the heap. However,
it is problematic to do so for this value object considering how
the embedder might use its WebSpeechSynthesisVoice wrapper object.

That is, creating or allocating a WebSpeechSynthesisVoice on the stack
by the embedder will bring about a heap allocation, which in turn can
trigger a GC when the embedder isn't prepared for that -- see
associated bug for stack trace and details.

This is normally a detail the embedder doesn't need to worry about,
but as TtsDispatcher keeps an (unsavory) weak reference to its speech
synthesizer client we're forced to consider GC safety and take
that into account.

Embedder code that keep these bare, but intended weak, references
to Oilpan heap objects should be reworked into something safer,
but to address this local problem, PlatformSpeechSynthesisVoice is
moved off the heap where it can reside just as well. By doing so,
WebSpeechSynthesisVoice allocations won't allocate on the Oilpan
heap, avoid said GC unsafety.

R=dmazzoni,jochen
BUG=539511

Review URL: https://codereview.chromium.org/1617383003

Cr-Commit-Position: refs/heads/master@{#370960}
sigbjornf
Fix spellchecker updating of marker ranges spanning multiple elements.
The optimization made in Blink r187820 (https://crrev.com/828293002)
completely failed to take into account the case where the start and
end position spanned multiple nodes.

With EphemeralRange since then introduced, fix by switching to it.
For the original test optimized for (blink_perf.dom:textarea-edit),
local testing with chrome-release shows no degradation in performance
either.

R=yosin
BUG=579151

Review URL: https://codereview.chromium.org/1615963004

Cr-Commit-Position: refs/heads/master@{#370929}
davve
Move specialized computePositionedLogicalWidth to LayoutReplaced.
Since the isAtomicInlineLevel() rename (it used to be called
isReplaced()) it looks extra strange to have a *Replaced method up in
LayoutBox. While LayoutReplaced does not contain everything about
replaced elements, it may contain this.

Review URL: https://codereview.chromium.org/1603603002

Cr-Commit-Position: refs/heads/master@{#370922}
mstensho
Pass values in the right flow thread's coordinate space.
We were talking to our enclosing flow thread, but using coordinates in our own
flow thread coordinate space. This caused both miserable rendering and
assertion failures, since we'd fail to realize that there'd be rows further
ahead with enough space for the content we were trying to fit.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1619703003

Cr-Commit-Position: refs/heads/master@{#370891}
sigbjornf
Oilpan: LinkLoaderClient must be a GC mixin.
LinkLoader notifies its 'client' of load completion and other lifecycle
transitions. The assumption is that the client's lifetime is >= that
of the loader object, hence a bare pointer is all required.

This assumption doesn't hold when both LinkLoader and the client is on
the Oilpan heap, nor when LinkLoader is on the heap and the client is
stack allocated (cf. mock client object in LinkLoader unit tests).

Address the unsoundness by making LinkLoaderClient a GC mixin.

TBR=haraken@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1616713003

Cr-Commit-Position: refs/heads/master@{#370654}
tommyt
Tidy up service discovery state for bluez on disconnect
This should fix cases where you connect, disconnect and then reconnect
to a BLE device. I've extended the ServicesDiscovered unit test to test
this.

BUG=577641

Review URL: https://codereview.chromium.org/1606523002

Cr-Commit-Position: refs/heads/master@{#370628}
philipj
Remove always-false null checks for getElementsByTagName(NS)
getElementsByTagNameNS is called from WebNode::getElementsByHTMLTagName,
which in turn is only called with the static kLabel ("label").
getElementsByTagName is also called internally in
getElementsByTagNameNS. Other than this, both are called from bindings.
In no case is it possible for localName to be a null AtomicString, so
these checks are not needed.

Review URL: https://codereview.chromium.org/1606533002

Cr-Commit-Position: refs/heads/master@{#370616}
fs
Extended error reporting for SVG attribute parsing
This CL extends the SVG attribute parsing error reporting functionality
to allow more precise (and hopefully helpful) reporting.
The main improvements consist of:

 1) More (precise) status codes
    Avoids generic error messages.

 2) Locus support
    Allows reducing the amount of context, which should make it easier
    to pinpoint the actual error. (Preferably the offending character
    should be highlighted somehow in the error message, but that is
    left as future work.)

To achieve this, the SVGParsingError enumeration is turned into a
thin wrapper class around a status code and a locus. The status codes
move to a new enumeration 'SVGStatus'.

Formatting of error messages are moved out of
SVGElement::reportAttributeParsingError and into SVGParsingError.cpp
(new file).

This CL start adding extended reporting to a few of the value classes:
SVGBoolean, SVGEnumeration and SVGPreserverAspectRatio; to illustrate
the mechanism. Further value classes will be annotated in later CLs.
For that reason the "generic" errors are kept in their current form - to
be removed as more value class parsers get converted.

BUG=231612

Review URL: https://codereview.chromium.org/1588993005

Cr-Commit-Position: refs/heads/master@{#370479}
davve
Remove stale FIXME comment about now fixed bug
NOTRY=true
BUG=364807

Review URL: https://codereview.chromium.org/1605383002

Cr-Commit-Position: refs/heads/master@{#370396}
davve
Simplify LayoutSVGRoot::computeReplacedLogical{Width,Height}
Remove redundant if statements and slightly confusing
comments. SVGImage unconditionally sets the container size in
SVGImage::drawForContainer() so when SVGImageForContainer is used, the
container size will be set.

BUG=468897

Review URL: https://codereview.chromium.org/1610603002

Cr-Commit-Position: refs/heads/master@{#370393}
sigbjornf
Add missing variable initialization in StyleCalcLength::toCSSValue().
TBR=oilpan-reviews
BUG=545318
NOTRY=true

Review URL: https://codereview.chromium.org/1604133003

Cr-Commit-Position: refs/heads/master@{#370390}
davve
Set intrinsic size for inline SVG earlier
LayoutReplaced has a m_intrinsicSize that's updated when computing
logical widths and heights (and only if needed; specified style makes
it not being set at all).

But m_intrinsicSize can be used earlier that that, when computing
preferred widths for the container, see
LayoutReplaced::computeIntrinsicLogicalWidths called from
LayoutReplaced::computePreferredLogicalWidths().

This patch computes the intrinsic size in the constructor to avoid
returning the stale default size.

BUG=468897

Review URL: https://codereview.chromium.org/1604993003

Cr-Commit-Position: refs/heads/master@{#370388}
davve
Simplify SVGSVGElement::collectStyleForPresentationAttribute
There is no need to have the flags separated since they are always
used in conjunction.

BUG=468897

Review URL: https://codereview.chromium.org/1601093007

Cr-Commit-Position: refs/heads/master@{#370386}
rune
Pseudo element ids != NOPSEUDO only in rightmost compound.
After landing [1], selectors with pseudo elements will only be valid if
the pseudo element is in the rightmost compound. Invalid selectors will
be dropped at parse time. Hence, there's no need to check this
condition during matching. Also, pseudo element selectors for which
CSSSelector::pseudoId() returns NOPSEUDO, are handled in the switch
above the modified code.

[1] https://codereview.chromium.org/1600793002/

R=esprehn@chromium.org,timloh@chromium.org
TEST=CSSSelectorParserTest::InvalidPseudoElementInNonRightmostCompound
BUG=489481

Review URL: https://codereview.chromium.org/1605473002

Cr-Commit-Position: refs/heads/master@{#370356}
mstensho
Need to examine the *bottom* of fragmented content.
Content may cross fragmentainer boundaries, and when evaluating the need for
appending additional fragmentainer groups, we need to look at the bottom of the
content, not the top.

This CL is a prerequisite to fixing bug 552615, but note that it doesn't fix
anything there on its own.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1573133002

Cr-Commit-Position: refs/heads/master@{#370323}
mstensho
Soften assertion slightly, to survive saturated arithmetic situations.
We do want to be at the exact top of a column here, but if the flow thread top
offset for the next column is larger than what a LayoutUnit can hold, we get a
bogus value passed here. Survive the assertion and carry on.

BUG=574309
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1558133002

Cr-Commit-Position: refs/heads/master@{#370297}
mostynb
fix 'set but not used' GCC warning
Followup to https://codereview.chromium.org/1586353004 which introduced
a warning when building with GCC.

BUG=557130

Review URL: https://codereview.chromium.org/1606053002

Cr-Commit-Position: refs/heads/master@{#370203}
fs
Remove tracking of 'closed subpath' state from SVGPathBuilder
For any implicit moveto (like: "M0,0z L..." it would not do the right
thing (clear m_closed), which could result in unwanted calls to
Path::closeSubpath if a(n explicit) moveto followed. This in turn would
result in rendering errors (the "close" line being stroked that should
not.)
SkPath seems to do a much better job of this already - and Path is just
a thin wrapper around SkPath in these cases - so just drop the
SVGPathBuilder::m_closed flag and leave the work to SkPath.

BUG=578254

Review URL: https://codereview.chromium.org/1605943002

Cr-Commit-Position: refs/heads/master@{#370168}
rune
Remove checkForChildrenAdjacentRuleChanges.
All uses of SubtreeStyleChange now means strict subtree. All sibling
forest invalidations are done using invalidation sets except on node
insertions and removals.

checkForSiblingStyleChanges now has to invalidate siblings itself on
insertion/removal. Before this change we did a SubtreeStyleChange on a
single element and let checkForChildrenAdjacentRuleChanges mark the
sibling forest for recalc. The reason why we cannot use invalidation sets
when adding/removing nodes, is that we don't change the relevant features
(classes, ids, etc) when we need to figure out. For instance:

<style>
:not(.a) + div { color green }
</style>
<div class="a"></div>
<div>Should be green after insertion</div>

If you insert an element between the two divs, the latter will start
matching the style rule, but we cannot do that with invalidation sets.

Adjustments have been done to the style invalidator to allow scheduling
sibling invalidation sets on SubtreeStyleChange elements, since siblings
will have style recalcs triggered through the invalidation machinery, not
checkForChildrenAdjacentRuleChanges.

BUG=557440

Review URL: https://codereview.chromium.org/1509853002

Cr-Commit-Position: refs/heads/master@{#370097}
rune
Pseudo elements may only appear in rightmost compound.
Pseudo elements are appended to an originating element as defined in
Selectors Level 4 and may only be followed by user action pseudo
classes. That means it also must appear in the rightmost compound. We
drop selectors as invalid when trying to add a compound when we have
already seen a pseudo element in a previous compound.

There are expections to this for Blink, where we implement ::content
and ::shadow to pierce through insertion points and shadow boundaries
as pseudo elements. Another exception is for custom pseudo elements in
UA stylesheets, as we rely on exposing inner shadow structure to style
media controls and VTT track regions (crbug.com/578131).

R=timloh@chromium.org
BUG=489481

Review URL: https://codereview.chromium.org/1600793002

Cr-Commit-Position: refs/heads/master@{#370088}
sigbjornf
Migrate Handle.h WTF decls closer to their corresponding definitions.
Move some declarations in the WTF namespace out of the larger Handle.h,
and near/next to where the corresponding types are declared.

No change in functionality.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1598103003

Cr-Commit-Position: refs/heads/master@{#369986}
sigbjornf
Revert of Use registerWeakMembers to clean up IntersectionObserver. (patchset #1 id:1 of https://codereview.chromium.org/1591763003/ )
Reason for revert:
Broke on some tests w/ Oilpan enabled,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%20Leak/builds/16410

backing it out.

(see also https://codereview.chromium.org/1596333002/ )

Original issue's description:
> Use registerWeakMembers to clean up IntersectionObserver.
>
> Pre-oilpan, when the root disappears, it observers are cleaned up
> in NodeIntersectionObserverData::dispose().
>
> Post-oilpan, the cleanup will be done with registerWeakMembers.
>
> BUG=540528
> R=haraken@chromium.org,dcheng@chromium.org
>
> Committed: https://crrev.com/546573354e47ddd01f491c382701fa51500f85eb
> Cr-Commit-Position: refs/heads/master@{#369948}

TBR=dcheng@chromium.org,haraken@chromium.org,szager@chromium.org
BUG=540528
NOTRY=true

Review URL: https://codereview.chromium.org/1600243002

Cr-Commit-Position: refs/heads/master@{#369970}
sigbjornf
Revert of Oilpan: Fix weak processing for IntersectionObserver::m_root (patchset #3 id:40001 of https://codereview.chromium.org/1594813002/ )
Reason for revert:
This and the parent change introduced some failures,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%20Leak/builds/16410

backing out for now.

Original issue's description:
> Oilpan: Fix weak processing for IntersectionObserver::m_root
>
> This is a follow-up fix for https://codereview.chromium.org/1591763003/.
> IntersectionObserver::m_root must be cleared in the weak callback when the m_root is dead.
>
> BUG=
>
> Committed: https://crrev.com/2760f06a3c43c8919f4ecae43f460ada20d0990b
> Cr-Commit-Position: refs/heads/master@{#369956}

TBR=szager@chromium.org,haraken@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1596333002

Cr-Commit-Position: refs/heads/master@{#369969}
sigbjornf
libxml2: linearly optimize XPath expressions.
Some XPath expression nodes keep a back pointer to the last/previous
expression node for optimization purposes. Such pointers will result
in repeated work when walking over the expression
tree/graph, peephole optimizing it. Unacceptable amounts of repeated
work as the expression tree becomes deeper.

Avoid by marking the expression nodes during the optimization pass.

R=scottmg
BUG=573768

Committed: https://crrev.com/0b208a502be9d60929be48056dd4213efd998076
Cr-Commit-Position: refs/heads/master@{#369733}

Review URL: https://codereview.chromium.org/1562133002

Cr-Commit-Position: refs/heads/master@{#369966}
tommyt
Clear the BLE services list on disconnect.
This lets us recreate the services list correctly upon the next
reconnect, which fixes some problems with a device we have, which
disconnects automatically after 30 seconds.

Also reset the services_discovered flag for this device on disconnect.
In order to accomplish this, I had to move this flag from the dispatcher
host, to the bluetooth device instance.

BUG=570804

Review URL: https://codereview.chromium.org/1592733002

Cr-Commit-Position: refs/heads/master@{#369826}
rune
removeBetween() -> detach() performance fix.
In [1] we started to persist invalidation sets on elements getting
reattach style change because sibling invalidation sets scheduled on
detached elements still need to be processed for attached siblings.

However, the invalidation sets need to be cleared when such elements
are removed from the document tree. Clearing that invalidation set were
done with a detach() which also would go through detach() on an
already detached subtree. That caused a performance regression in the
the blink_perf.dom:select-single-add micro benchmark.

Instead of brute forcing with detach(), we clear the invalidation sets
for the elements of the disconnected subtree in Element::removedFrom().

[1] https://codereview.chromium.org/1533683002

R=esprehn@chromium.org
BUG=577439
TEST=PerformanceTests/DOM/select-single-add.html

Review URL: https://codereview.chromium.org/1590143002

Cr-Commit-Position: refs/heads/master@{#369798}
rune
Restrict use of pseudo elements within compound.
Start dropping selectors whose compound have pseudo elements followed
by other simple selectors with the exception of simple selectors which
are actually allowed to follow certain pseudo elements.

The exceptions are:

- User action pseudo classes and their negations for custom pseudo
  elements.

  Matching other simple selectors on custom elements worked before, but
  that revealed the inner structure of the UA shadow DOM for form
  elements, which I believe was not intentional.

  According to the latest ED of Selectors Level 4, user action pseudo
  classes are allowed after pseudo elements in general, but we don't
  support that, so the selector should be dropped. Gecko also drops
  those selectors.

- A restricted set of pseudo classes, in addition to the user action
  pseudo classes, which apply to custom scrollbar pseudo elements.

The new restrictions do not yet apply to UA stylesheets as we rely on
invalid selectors in the UA stylesheet for media controls.

Fixed a couple of range-based iterations in the unit test.

This CL does not address the fact that pseudo elements, in most cases,
only may be present in rightmost compound selectors. That will be fixed
in another CL.

R=timloh@chromium.org
BUG=489481,577404

Review URL: https://codereview.chromium.org/1587643004

Cr-Commit-Position: refs/heads/master@{#369760}
sigbjornf
libxml2: linearly optimize XPath expressions.
Some XPath expression nodes keep a back pointer to the last/previous
expression node for optimization purposes. Such pointers will result
in repeated work when walking over the expression
tree/graph, peephole optimizing it. Unacceptable amounts of repeated
work as the expression tree becomes deeper.

Avoid by marking the expression nodes during the optimization pass.

R=scottmg
BUG=573768

Review URL: https://codereview.chromium.org/1562133002

Cr-Commit-Position: refs/heads/master@{#369733}
rune
Use ::cue for VTT UA styles.
Instead of using a custom pseudo element for the track container to
apply UA styling to b, i, and u elements, use ::cue selectors.

R=fs@opera.com
TEST=media/track/track-css-matching-default.html
NO_DEPENDENCY_CHECKS=true

Review URL: https://codereview.chromium.org/1582403003

Cr-Commit-Position: refs/heads/master@{#369732}
rune
Split compound selector after consume finished.
CSSSelectorParser::consumeCompoundSelector() will split a compound into
two compounds when it contains a simple selector which needs a synthetic
ShadowPseudo combinator. This split was done as simple selectors were
added. That code was complicated and and yielded some strange
serializations like what was reported in https://crbug.com/478563.

This CL adds simple selectors to the compound in the selector text
order, and splits the compound into two compounds and re-order them
after the whole compound has been consumed. This makes the code simpler
and makes it simpler to check selector validity (before the split).

This fixes issue 478563 and prepares for validity checking. A side
effect is that unnecessary universal selectors are left out of the
serialization (issue 478969).

::content is no longer kept leftmost in the compound, which is the
reason why contentPseudoCrossing is set when the combinators which are
affectedByPseudoContent instead of when the actual ::content selector
is seen.

R=timloh@chromium.org
BUG=478563,489481,478969

Review URL: https://codereview.chromium.org/1574323003

Cr-Commit-Position: refs/heads/master@{#369723}
tommyt
Clear the BLE services list on disconnect.
This lets us recreate the services list correctly upon the next
reconnect, which fixes some problems with a device we have, which
disconnects automatically after 30 seconds.

Also reset the services_discovered flag for this device on disconnect.
In order to accomplish this, I had to move this flag from the dispatcher
host to the bluetooth device instance.

BUG=570804

Review URL: https://codereview.chromium.org/1565773002

Cr-Commit-Position: refs/heads/master@{#369593}
fs
Re-instate geometry sharing optimization for 'd' on <use>'d <path>s
This adds back the geometry sharing optimization initially added in
https://codereview.chromium.org/1425913004 and removed by
https://codereview.chromium.org/1439793003.
This CL moves the optimization from asPath() to
collectStyleForPresentationAttribute(), meaning the optimization only
applies to the presentation attribute style (which is equivalent to
the old version.)

BUG=535429

Review URL: https://codereview.chromium.org/1578363007

Cr-Commit-Position: refs/heads/master@{#369473}
davve
Polish icecc instructions
Be more specific about when you have to use system linker with
icecc. It seems to have broke with a glibc 2.21 upgrade.

Review URL: https://codereview.chromium.org/1584133002

Cr-Commit-Position: refs/heads/master@{#369432}
fs
Use a local variable as a character cursor in genericParseNumber
Don't move the 'out' variable |cursor| until a valid number has been
parsed (disregarding the leading whitespace).
This will allow generating better error messages in some cases (the cursor
will not "stop" randomly within the number upon encountering overflows
etc.). It also enables "re-parsing" although currently no call-sites
require that. Code size virtually unaffected (-7 for LChar, +2 for UChar.)

BUG=231612

Review URL: https://codereview.chromium.org/1588453006

Cr-Commit-Position: refs/heads/master@{#369391}
davve
Eliminate use of SVG1DOM counter by final split
BUG=415074

Review URL: https://codereview.chromium.org/1586623002

Cr-Commit-Position: refs/heads/master@{#369380}
mstensho
Recalculate column heights as part of column set layout.
This is a tad earlier than what we used to do; we used to do it for all sets in
one go at the end of layout of the multicol container. We now do it
individually for each column set (children of the multicol container) as we lay
them out.

This way we have an up-to-date column height when positioning column sets
during multicol container child layout (children being either spanner
placeholders or column sets).

For the bug in question, this is particularly important in the first layout
pass, where column heights are completely bogus. When we're in a nested
fragmentation context, inner column heights are typically set to the remaining
height of an outer column, which may be more space than the contents actually
need. This could in turn trick the machinery into believing that we need to
insert another fragmentainer group for a spanner following a column set, even
if column heights were completely unconstrained.

BUG=552615
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1558963003

Cr-Commit-Position: refs/heads/master@{#369366}
fs
Remove redundant emptiness check from genericParseNumber
When the 'start == ptr' condition was reached we could be sure that we
had already consumed at least one character - one of '.' or '0'-'9' or
whitespace (potentially also '+'/'-' as a prefix) - and that even holds
true moving the definition of |start| after consuming any leading
whitespace. The reason for this is the up-front check for any character
in the set '0'-'9' or '.'.
Remove the redundant checks - replacing them with an assert - while
moving the definition of |start| so that it doesn't point before any
leading whitespace.

BUG=231612

Review URL: https://codereview.chromium.org/1582813003

Cr-Commit-Position: refs/heads/master@{#369292}
davve
Add note about using the system linker with icecc
Review URL: https://codereview.chromium.org/1575843002

Cr-Commit-Position: refs/heads/master@{#369177}
davve
Support SVG fragment URLs in cross faded images
Extract url from CSSImageValue and pass it along to the SVGImage
wrapper. Constify CSSImageValue::url() in the process.

Also, fix typo and indentation in related test.

BUG=574172

Review URL: https://codereview.chromium.org/1585623003

Cr-Commit-Position: refs/heads/master@{#369156}
sigbjornf
Oilpan: move AsyncMethodRunner to the heap.
Simplify and keep AsyncMethodRunner<T> on the heap always.

R=haraken
BUG=363031

Review URL: https://codereview.chromium.org/1580883002

Cr-Commit-Position: refs/heads/master@{#369141}
davve
Split SVG1DOM counter further
Split all counters relating to basic data types into smaller
parts. Use MeasureAs when these interfaces are implemented by multiple
other interfaces. Using Measure for them would give a lot of
unnecessary UseCounters. It seems more likely that we try to remove
interface methods in its entirety than splitting the interface, moving
some and removing some.

Also remove the counter from constants in affected interfaces. If we
get to remove the interfaces where the constants are used, they can go
too. Otherwise they likely have to stay.

BUG=415074

Review URL: https://codereview.chromium.org/1574183002

Cr-Commit-Position: refs/heads/master@{#369139}
rune
Cousins may not share style when ascendant affected bits set.
childrenOrSiblingsAffectedBy* are set during style matching. Cousins may
not share style in such cases since those affected bits may be set on
uncommon ancestors. Calling setUnique on ComputedStyle in such cases to
avoid style sharing.

This is also true for siblings in which case preceding siblings need to
get the affected bits set when we have adjacent selectors.

BUG=424104

Review URL: https://codereview.chromium.org/1562493002

Cr-Commit-Position: refs/heads/master@{#369029}
rune
Persist invalidation sets on detach root
This is a second attempt at not clearing sibling invalidation sets on
detached and SubtreeStyleChange nodes. The first[1] failed because
childNeedsStyleInvalidation() was still cleared on detach().

This approach keeps invalidation sets on the detach root, but clears
invalidation sets on descendants. However, when we detach a node to be
removed, we also clear the detach root as that will not have a chance of
being used on the next invalidation. Also, there are asserts checking
that we don't re-insert nodes into the tree with needsStyleInvalidation().

Removed scheduled sibling invalidation sets from nodes being removed from
the tree is not a problem as the checkForSiblingStyleChanges() method
will make sure sibling trees are invalidated.

The early return in StyleInvalidator::scheduleInvalidationSetsForElement
is removed to be able to schedule sibling invalidation sets although we
have a SubtreeStyleChange or ReattachStyleChange on the element itself.

The added test checks that the invalidation works properly, also after
the checkForChildrenAdjacentRuleChanges() removal.

[1] https://codereview.chromium.org/1507653002

R=esprehn@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1533683002

Cr-Commit-Position: refs/heads/master@{#369021}
rune
Avoid crash when updating stylesheets during a remove operation.
When we are in the middle of removing a subtree of a shadow tree
containing a style element, and one of the other elements schedules
style invalidation, we are synchronously trying to update rule features
when the style node is still inDocument() and isInShadowTree() while the
treeScope() has been reset to the document scope in preparation for
removing it from the tree. That caused us to add the sheet for the style
element being removed to our style data/rule features.

We should make updateActiveStyleSheets asynchronous (crbug.com/567021)
and schedule invalidations with the current rule features instead of
forcing an update of rule features through appendPendingAuthorStyleSheets.

Since updateActiveStyleSheets is currently synchronous and
appendPendingAuthorStyleSheets happens lazily, we are in an inconsistent
state which means we need to execute the latter in order to avoid
glitches in style invalidation because we are marking for
invalidation/recalc in the former step.

This crasher surfaced when we started looking up the treeScope() directly
in https://codereview.chromium.org/1285293003

R=esprehn@chromium.org
BUG=559292

Review URL: https://codereview.chromium.org/1556963002

Cr-Commit-Position: refs/heads/master@{#369004}
sigbjornf
Oilpan: fix build after r368875.
TBR=oilpan-reviews
BUG=550994
NOTRY=true

Review URL: https://codereview.chromium.org/1580593005

Cr-Commit-Position: refs/heads/master@{#368938}
sigbjornf
Oilpan: provide a weak 'this' pointer abstraction for cancellable closures.
For CancellableTaskFactory objects owned by an Oilpan heap object, the
factory's closure maintain a weak reference back to its heap
object owner -- the closure must not invoke a method on that heap object
once the weak reference is cleared.

That latter check for a cleared weak reference wasn't in place; provide
it here. Due to wtf/ and platform/heap/ dependency constraints, we're
forced to do that indirectly by way of using a WeakPtr<>.

R=haraken
BUG=575272

Review URL: https://codereview.chromium.org/1573283004

Cr-Commit-Position: refs/heads/master@{#368851}
sigbjornf
Oilpan: fix uninitialized pointers following r368596, part 2.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1576373002

Cr-Commit-Position: refs/heads/master@{#368836}
philipj
Update Selection IDL TODOs to match nullability change in spec
The node arguments of collapse and setPosition were made nullable:
https://github.com/w3c/selection-api/issues/64

Also move out the optional arguments issues into a single comment:
https://github.com/w3c/selection-api/issues/30

BUG=391673
R=yoichio@chromium.org

Review URL: https://codereview.chromium.org/1576863002

Cr-Commit-Position: refs/heads/master@{#368825}
sigbjornf
Oilpan: fix uninitialized pointers following r368596.
R=haraken,timloh
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1578763003

Cr-Commit-Position: refs/heads/master@{#368824}
rune
Pseudo element selectors in compound selector lists are invalid.
These selectors were never matching, but they are invalid and rules with
invalid selectors should not show up in the CSSOM.

This is just partly fixing detection of invalid use of pseudo elements.
We also incorrectly accept simple selectors following pseudo elements.
In most cases those are invalid selectors.

The modified existing cases contained invalid selectors and they were
modified to make them valid for serialization testing purposes.

R=timloh@chromium.org
BUG=489481,393490

Review URL: https://codereview.chromium.org/1576553002

Cr-Commit-Position: refs/heads/master@{#368823}
sigbjornf
Oilpan: fix build after r368814.
TBR=oilpan-reviews
BUG=540528
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Committed: https://crrev.com/2cf2fab949e741b56be51d1197b064083ec45441
Cr-Commit-Position: refs/heads/master@{#368817}

Review URL: https://codereview.chromium.org/1575323002

Cr-Commit-Position: refs/heads/master@{#368820}
sigbjornf
Revert of Oilpan: fix build after r368814. (patchset #1 id:1 of https://codereview.chromium.org/1575323002/ )
Reason for revert:
Breaks non-Oilpan compilation.

Original issue's description:
> Oilpan: fix build after r368814.
>
> TBR=oilpan-reviews
> BUG=540528
> NOTRY=true
> NOTREECHECKS=true
> NOPRESUBMIT=true
>
> Committed: https://crrev.com/2cf2fab949e741b56be51d1197b064083ec45441
> Cr-Commit-Position: refs/heads/master@{#368817}

TBR=oilpan-reviews@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=540528

Review URL: https://codereview.chromium.org/1580683002

Cr-Commit-Position: refs/heads/master@{#368819}
sigbjornf
Oilpan: fix build after r368814.
TBR=oilpan-reviews
BUG=540528
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Review URL: https://codereview.chromium.org/1575323002

Cr-Commit-Position: refs/heads/master@{#368817}
davve
Fix SVG sizing in crossfaded images
Wrap SVGImages inside SVGImageForContainer to maintain the correct
size. SVGImages are shared between all places the same resource is
used and the wrapper is necessary to get the proper size for a
particular instantiation.

BUG=574172

Review URL: https://codereview.chromium.org/1577843002

Cr-Commit-Position: refs/heads/master@{#368816}
sigbjornf
Oilpan: mark two fast/text tests as failing on Windows.
TBR=oilpan-reviews
BUG=553613
NOTRY=true

Review URL: https://codereview.chromium.org/1579653002

Cr-Commit-Position: refs/heads/master@{#368593}
sigbjornf
Oilpan: retire dated DataRef<> GC_PLUGIN_IGNORE().
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1577753002

Cr-Commit-Position: refs/heads/master@{#368560}
sigbjornf
Restrict the scope of PointerFieldStorageTrait<>.
Float it into ScopedDisposal<> as it isn't used anywhere
else.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1579463002

Cr-Commit-Position: refs/heads/master@{#368552}
sigbjornf
Ensure Oilpan garbage is collected on JavaBridgeChildFrameTest test.
In order for testHolderFrame's testing of the liveness of its weak
reference to be accurate with Oilpan is enabled, another GC round
is required to have both v8 and Oilpan GCs get to sweep out all
their dead objects before checking the weak reference.

R=haraken,jochen
BUG=575696

Review URL: https://codereview.chromium.org/1574753002

Cr-Commit-Position: refs/heads/master@{#368550}
rune
Renamed check for requiring ShadowPseudo combinator.
Some selectors have an implicit boundary crossing combinator inside what
is a compound selector in the selector text. This is an implementation
detail, but we insert such combinators for our SelectorChecker to switch
scopes during matching. Example:

input::-webkit-clear-button

This is a compund selector matching a pseudo element inside the input's
shadow tree. In the implementation, we store that as:

input /implicit-shadow-crossing-combinator/ ::-webkit-clear-button

Where the pseudo element simple selector will match the element inside
the shadow tree, and the implicit combinator will act as a descendant
combinator that can reach into the shadow so that we make the way up to
matching the input type selector on the host element.

Here, we rename methods in the selector parser to reflect that and make
the code easier to understand.

There should be no behavioral changes.

R=timloh@chromium.org,esprehn@chromium.org

Review URL: https://codereview.chromium.org/1568303002

Cr-Commit-Position: refs/heads/master@{#368548}
sigbjornf
Avoid LSan false positives from CSSPathValue::emptyValue().
LSan reports a leak on SVGComputedStyleTest.MiscStyleShouldCompareValue
(with Oilpan), stemming from emptyValue()'s allocation of an
SVGPathByteStream object. Introduce a local constructor function that
explicitly keeps this sub-object from LSan's view -- it is owned by
the emptyValue singleton and shouldn't be considered a leak.

R=haraken
BUG=

Committed: https://crrev.com/08494b981bbe6e9925ffd6663e65b6151bdd9425
Cr-Commit-Position: refs/heads/master@{#368329}

Review URL: https://codereview.chromium.org/1566423002

Cr-Commit-Position: refs/heads/master@{#368346}
sigbjornf
Avoid LSan false positives from CSSPathValue::emptyValue().
LSan reports a leak on SVGComputedStyleTest.MiscStyleShouldCompareValue
(with Oilpan), stemming from emptyValue()'s allocation of an
SVGPathByteStream object. Introduce a local constructor function that
explicitly keeps this sub-object from LSan's view -- it is owned by
the emptyValue singleton and shouldn't be considered a leak.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1566423002

Cr-Commit-Position: refs/heads/master@{#368329}
mostynb
call static SequencedWorkerPool::GetSequenceToken() method directly
Followup to https://codereview.chromium.org/1414793009/ in order
to avoid a GCC unused result warning.

SequencedWorkerPool::GetSequenceToken() is now a static method, GCC
emits a warning for BrowserThread::GetBlockingPool()->GetSequenceToken()
since the return value of BrowserThread::GetBlockingPool() is not
used.  We should just all the static method directly.

Review URL: https://codereview.chromium.org/1567983003

Cr-Commit-Position: refs/heads/master@{#368326}
sigbjornf
Handle some failing DocumentOrderedMap ID lookups across tree removals.
r366066's attempt to better handle failing DocumentOrderedMap lookups
while an element is being removed from a tree with duplicate IDs, didn't
accommodate all cases where the document map might end up being consulted.

Widen the assert and have it scope over node removals; should the unlikely
case happen, recognize that the tree is in a transitory state and allow
the lookup to quietly fail.

TBR=esprehn
BUG=571351

Review URL: https://codereview.chromium.org/1555653002

Cr-Commit-Position: refs/heads/master@{#368321}
fs
Add StylePath and use it to store 'd' in ComputedStyle
This adds a new class StylePath, that wraps a SVGPathByteStream and a
Path to be used when painting et.c. Create a StylePath on-demand from
CSSPathValue, and then cache the resulting value.
This allows sharing the various levels of path-data between different
instances/elements. It also avoids eagerly constructing the Path object
at setAttribute-time.
To be able to achieve this, SVGPathByteStream is made to be reference-
counted.

BUG=535429

Review URL: https://codereview.chromium.org/1545713003

Cr-Commit-Position: refs/heads/master@{#368320}
sigbjornf
Fix std::enable_if<> conversion bug.
after r367242 - "::type" not "::Type".

R=haraken
BUG=554293

Review URL: https://codereview.chromium.org/1564323002

Cr-Commit-Position: refs/heads/master@{#368319}
sigbjornf
DEFINE_STATIC_LOCAL(): assert against illegal use of GCed types.
A singleton static local cannot refer to a Blink garbage collected
object directly, as that fails to keep the singleton alive. A
strong off-heap persistent reference, a Persistent<> variant
or a persistent collection type, is required.

Add a static assert which catches out such incorrect uses of
GCed types.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1568213002

Cr-Commit-Position: refs/heads/master@{#368313}
sigbjornf
Oilpan: hold onto MediaQueryEvaluator singletons with Persistents.
Add missing Persistent<> wrappers around MediaQueryEvaluator singletons;
a regression introduced by r367489.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1562353004

Cr-Commit-Position: refs/heads/master@{#368310}
landell
Don't use pulse/alsa in embedded config
The embedded check was removed in CL
https://codereview.chromium.org/1528533002 which broke our builds.

BUG=

Review URL: https://codereview.chromium.org/1530713006

Cr-Commit-Position: refs/heads/master@{#368304}
sigbjornf
Oilpan: fix build after r368275.
R=haraken
BUG=266276
NOTRY=true

Review URL: https://codereview.chromium.org/1571443004

Cr-Commit-Position: refs/heads/master@{#368299}
tmoniuszko
Allow enable_topchrome_md to be overridden in gn build
BUG=

Review URL: https://codereview.chromium.org/1558123002

Cr-Commit-Position: refs/heads/master@{#368298}
davve
Remove FrameView::m_inPerformLayout
Use the document lifecycle instead of a flag in FrameView to find out
if we're inside performLayout().

Review URL: https://codereview.chromium.org/1562293002

Cr-Commit-Position: refs/heads/master@{#368289}
fs
Don't give 'pathLength' semantic errors special treatment
Just set the parse status to the error code for "negative forbidden"
and let it propagate. the fidelity of the message is roughly the same.

BUG=231612

Review URL: https://codereview.chromium.org/1548933002

Cr-Commit-Position: refs/heads/master@{#368160}
sigbjornf
Remove LocalDOMWindow unuseds.
R=
BUG=

Review URL: https://codereview.chromium.org/1567013002

Cr-Commit-Position: refs/heads/master@{#368090}
bratell
[gn] Detect location of Visual Studio in the registry.
Look in the registry to figure out where Visual Studio is located
on the disk.

BUG=460462

Review URL: https://codereview.chromium.org/1556993002

Cr-Commit-Position: refs/heads/master@{#368089}
rune
Don't add rule features across ::content.
When we see a ::content selector, we mark the invalidation sets for the
selectors left of ::content as insertion-point-crossing. For such
invalidation sets, we mark insertion points for subtree style recalc,
which means that we don't need to look at the selector features right of
::content selectors for invalidations.

For instance for:

.a ::content .b .c

The invalidation set for '.b' contains '.c', and the invalidation set for
'.a' contains '.c' and has the insertion-point-crossing flag set. Adding
'c' is however unnecessary since ::content already causes a subtree style
recalc. Also, this may cause unnecessary invalidations in '.a's scope if
there are in-scope '.c' descendants of '.a'.

This CL avoids adding invalidation set features like '.c' to the
invalidation set for '.a' as illustrated above. Now invalidation sets
may have the insertion-point-crossing flag set while otherwise being
empty, and they should not be considered empty as we need to traverse
and mark all insertion points for such sets.

Review URL: https://codereview.chromium.org/1544893003

Cr-Commit-Position: refs/heads/master@{#368064}
fs
Store a <scale, bias> tuple for textLength scale adjustment
SVGTextFragment::lengthAdjustTransform only ever has two values that
could make it differ from the identity transform.
By storing only these two values - and as floats rather than doubles -
instead of the full AffineTransform, the size of SVGTextFragment is
reduced by 40 bytes.
To enable this we however need to store whether the writing-mode is
vertical or horizontal, so steal one bit from the length field for
that.

BUG=571415

Review URL: https://codereview.chromium.org/1548913002

Cr-Commit-Position: refs/heads/master@{#368051}
mostynb
gn: leave PKG_CONFIG_PATH untouched when not using a sysroot
This makes cross-compilation possible when not using a sysroot.

Review URL: https://codereview.chromium.org/1543483002

Cr-Commit-Position: refs/heads/master@{#367906}
rune
[Printing] Remove unnecessary styleResolverChanged().
styleResolverChanged is already called for media query changes in the
following call chain:

FrameView::adjustMediaTypeForPrinting() ->
FrameView::setMediaType() ->
Document::mediaQueryAffectingValueChanged() ->
Document::styleResolverChanged()

Calling it afterwards should not be necessary.

R=mstensho@opera.com
TEST=printing/print-media-recalc.html

Review URL: https://codereview.chromium.org/1569503002

Cr-Commit-Position: refs/heads/master@{#367895}
davve
Simplify arguments to logical[Left,Right]OffsetForPositioningFloat
|applyTextIndent=false| is always passed to
logical[Left,Right]OffsetForPositioningFloat(). Might as well remove
the parameter and pass |false| where it's needed. No functional change
expected.

Review URL: https://codereview.chromium.org/1557373002

Cr-Commit-Position: refs/heads/master@{#367792}
sigbjornf
Oilpan: fix build after r367779.
TBR=oilpan-reviews
BUG=488373
NOTRY=true

Review URL: https://codereview.chromium.org/1568443002

Cr-Commit-Position: refs/heads/master@{#367787}
davve
Simplify paintFillLayer
paintFillLayer() was only used in one place. Expand the two default
arguments and rename paintFillLayerExtended to paintFillLayer.

Review URL: https://codereview.chromium.org/1527343002

Cr-Commit-Position: refs/heads/master@{#367659}
rune
Avoid unnecessary invalidation scheduling.
This is a reland of https://codereview.chromium.org/1514733002 without
the removal of an assumed-to-be SubtreeStyleChange for attribute changes
when you have a null style resolver, which turned out to cause asserts.

We skip scheduling invalidation sets for an element when:

* StyleResolver is null
* Element is not inActiveDocument()
* Element does not have a parent
* Element parent has SubtreeStyleChange or ReattachStyleChange

Additionally we skip descendant invalidations when:

* Element has SubtreeStyleChange or ReattachStyleChange

and sibling invalidations when:

* Element.nextSibling is null

R=ruuda@google.com
BUG=557440

Review URL: https://codereview.chromium.org/1560693002

Cr-Commit-Position: refs/heads/master@{#367617}
robertn
Use the correct variable in the DCHECK
A patch changed how a value was retrieved to use a different variable,
but the DCHECK was not updated to do the same. The change was
introduced in the following CL:

https://codereview.chromium.org/1479883002

TEST=Load youtube.com/tv, start a video and switch to a suggested video.
     The above steps will trigger the dcheck in content_shell.
R=ajuma@chromium.org
BUG=560275
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1556333003

Cr-Commit-Position: refs/heads/master@{#367527}
arjanl
Don't unnecessarily copy strings
Add a function base::SplitStringPieceUsingSubstr that splits a string
using a substring delimiter without copying the string parts. Use it in
HttpRequestHeaders::AddHeadersFromString.

BUG=572076

Review URL: https://codereview.chromium.org/1549063003

Cr-Commit-Position: refs/heads/master@{#367504}
tmoniuszko
Fix possible loss of data warnings in media_unittests
Fix compiler warning about size_t to uint8_t conversion.

BUG=

Review URL: https://codereview.chromium.org/1559013002

Cr-Commit-Position: refs/heads/master@{#367491}
sigbjornf
Reduce risk of MediaQueryEvaluator-induced leaks.
With Oilpan, having MediaQueryEvaluator keep a Persistent<> reference
to MediaValues isn't necessary and by doing so, increases the risk
of creating inadvertent leaks. Move MediaQueryEvaluator to the heap
instead.

R=haraken
BUG=509911

Review URL: https://codereview.chromium.org/1555993002

Cr-Commit-Position: refs/heads/master@{#367489}
rune
Layout test for 571040.
The fix for issue 571040 did not add a test. Here is one.
Node::virtualEnsureComputedStyle returns nullptr when there is no parent
node (which is strange since the method is called *Ensure*). However,
that's what caused the crash. Confirmed that the added test crashes in a
pre-christmas checkout.

R=shans@chromium.org,dstockwell@chromium.org
BUG=571040

Review URL: https://codereview.chromium.org/1553083002

Cr-Commit-Position: refs/heads/master@{#367393}
mstensho
Internals: throw an exception when page height or width is 0.
The two methods pageNumber() and numberOfPages() on the window.internals object
allowed 0 as page height, which results in a division by zero in multicol (and
general failure to paginate in other parts of the code). Have the methods raise
an exception when such values are provided. Also specify the default width and
height values in Internals.idl rather than in Internals.h, so that they
actually do something. Our default page width and height were effectively 0 for
these methods.

Assert that width and height have valid values (i.e. greater than 0) in
PrintContext::begin().

BUG=571348
R=rune@opera.com

Review URL: https://codereview.chromium.org/1552703003

Cr-Commit-Position: refs/heads/master@{#367304}
sigbjornf
Clarify ordinary page handling.
Clarify that it is precise to use ordinaryPages() to locate storage
event targets (by StorageArea), along with generally tidying up Page
creation - "ordinary" ones as well as ones needed for internal purposes.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1507633003

Cr-Commit-Position: refs/heads/master@{#367296}
davve
Remove unused constant kInvalidFrameRoutingID
All use of kInvalidFrameRoutingID was removed in
https://codereview.chromium.org/1138543002 but for the constant.

Review URL: https://codereview.chromium.org/1532323002

Cr-Commit-Position: refs/heads/master@{#367287}
sigbjornf
EventSender<T> singletons are better off on the Oilpan heap.
Rather than keeping two off-heap persistent collections per EventSender
singleton, have the singletons reside on the Oilpan heap instead.

This also removes no-op cancelEvent()s from various destructors.

R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1554903002

Cr-Commit-Position: refs/heads/master@{#367282}
sigbjornf
Revert of mac and ios: Build third-party code with -Wall. (patchset #1 id:1 of https://codereview.chromium.org/1555843002/ )
Reason for revert:
ios_Device builder isn't quite ready for -Wall,

 http://build.chromium.org/p/chromium.mac/builders/iOS_Device/builds/33368

breaking compilation.

Original issue's description:
> mac and ios: Build third-party code with -Wall.
>
> This lands the mac and ios build/common.gypi bits of
> https://codereview.chromium.org/1551753002/ (reviewed there)
>
> BUG=573250
> R=thestig@chromium.org
> TBR=thestig@chromium.org
>
> Committed: https://crrev.com/9830789346abd3d8211deff1ebe7a7f5753ba3fc
> Cr-Commit-Position: refs/heads/master@{#367255}

TBR=thestig@chromium.org,thakis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=573250

Review URL: https://codereview.chromium.org/1553943002

Cr-Commit-Position: refs/heads/master@{#367258}
sigbjornf
Oilpan: avoid heap allocation in MajorGCWrapperVisitor
The collection of retained object roots is preferably not allocated on
the Oilpan heap as that risks triggering an unnecessary GC.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1539133002

Cr-Commit-Position: refs/heads/master@{#367161}
mstensho
Update bug number for block-layout-inline-children-replaced.html in TestExpectations.
This test has been flaky (and marked as such) for a long time, and it wasn't
introduced by the fix for bug 537638. It just got accidentally auto-rebaselined
as part of that fix. Revert the bug number in TestExpectations back to what it
used to be.

R=noel@chromium.org
BUG=571590

Review URL: https://codereview.chromium.org/1555533002

Cr-Commit-Position: refs/heads/master@{#367152}
sigbjornf
Diagnose failing GC transition on forced Oilpan GC.
Temporary release asserts to help diagnose an unexpected&unsupported
Blink GC transition.

R=haraken
BUG=571207

Review URL: https://codereview.chromium.org/1559443002

Cr-Commit-Position: refs/heads/master@{#367150}
sigbjornf
Oilpan: prefinalize CSSCrossfadeValue.
Consistently use prefinalizers for ImageResourceClients, following on
from r366092.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1555633002

Cr-Commit-Position: refs/heads/master@{#367146}
mostynb
fix some obsolete code.google.com sandbox links
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1538613002

Cr-Commit-Position: refs/heads/master@{#366972}
fs
Refactor propagation of parsing errors for SVG attributes
Use the return value of SVG{...}::setValueAsString to signal errors
rather than an out parameter and the (mostly faux) ExceptionState
object (for setBaseValueAsString). In the few cases where the latter
is not using an TrackExceptionState - in tear-offs for SVGAngle and
SVGLength - it's easy enough to handle the exception-throwing there
and then.
This makes SVG{...} objects mostly independent of ExceptionState,
saving on footprint from string-construction and argument passing as
a side-effect.
Also remove some unnecessary virtuals on SVGInteger and
SVGPreserveAspectRatio.

BUG=231612

Review URL: https://codereview.chromium.org/1544673003

Cr-Commit-Position: refs/heads/master@{#366715}
fs
Return AffineTransform from SVGTextFragment::buildFragmentTransform
Instead of passing an AffineTransform as an out-parameter, just return
it instead. Since we always copy the resulting transform into the
out-parameter anyway, there should be no loss of efficiency.
This also enables some of the users to be written in a more compact
way.

Also add boundingBox(), boundingQuad() and overflowBoundingBox()
helpers to SVGTextFragment and use where possible.

BUG=571415

Review URL: https://codereview.chromium.org/1549503002

Cr-Commit-Position: refs/heads/master@{#366713}
bratell
Teach Chromium on Windows where to find Ogham glyphs
Ogham glyphs are found in Segoe UI Symbol.

BUG=569938
R=drott@chromium.org

Review URL: https://codereview.chromium.org/1521993008

Cr-Commit-Position: refs/heads/master@{#366616}
bratell
Use clampTo instead of chaining std::max(std::min(...))
It's common to make a value end up between two other values by using
std::min and std::max but we have a clampTo function that will
make the code much easier to read so we should use it.

The performance is the same (both end up doing inline comparisons and
value selection) but not having to include <algorithm> can bring a
very slight compilation speed boost.

BUG=563433

Review URL: https://codereview.chromium.org/1530723004

Cr-Commit-Position: refs/heads/master@{#366585}
davve
Polish recently added documentation for PaintLayerFilterInfo
NOTRY=true

Review URL: https://codereview.chromium.org/1545523003

Cr-Commit-Position: refs/heads/master@{#366571}
fs
Helper for checking if an SVGTextFragment is transformed
Add a isTransformed() helper to SVGTextFragment. Since it's a commonly
recurring pattern to compute the fragment transform and then check if
it is the identity transform - and doing the check before actually
computing the transform is only marginally more expensive (since we
know the structure of SVGTextFragment::lengthAdjustTransform) we can
use this helper and switch order of computation and check. The only
potential downside would be if the resulting transform ends up being
the identity transform - which seems like an edge-case.

With this in place, we can do additional improvements around the
handling of fragment bounding boxes et.c. and change how the fragment
is "parametrized".

BUG=571415

Review URL: https://codereview.chromium.org/1545443002

Cr-Commit-Position: refs/heads/master@{#366567}
fs
Make SVGElement::propertyFromAttribute return raw pointer
Ownership does not transfer from the element, so we can make the return
value a raw pointer, and hence avoid ref-churn, save some footprint and
allow tail-calls in collectStyleForPresentationAttribute.

Review URL: https://codereview.chromium.org/1541923002

Cr-Commit-Position: refs/heads/master@{#366536}
mstensho
Partially manual rebaseline for r366396 https://codereview.chromium.org/1536663004
Re-mark the two tests as failing again for Mac. They were temporarily commented
out in order to get the rebaselining working.

BUG=537638
TBR=wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1536233005

Cr-Commit-Position: refs/heads/master@{#366451}
mstensho
Need to repaint its ::first-line background when a block moves.
Everything else pertaining to ::first-line is painted by the InlineBox objects
established by DOM nodes (text, inline SPAN, whatever), so they get invalidated
when their LayoutObjects get invalidated, but ::first-line background is
special and is painted by RootInlineBox, which wasn't properly invalidated
along with the rest.

BUG=537638
R=chrishtr@chromium.org,eae@chromium.org,wangxianzhu@chromium.org

Review URL: https://codereview.chromium.org/1536663004

Cr-Commit-Position: refs/heads/master@{#366396}
davve
Rewrite LayoutTest svg/wicd/rightsizing-grid as a reftest
A number of changes were made to reduce flakyness and make the test
more useful:

 * Rewrite as html reftest.

 * Apply a static body width. The test is no longer depending on the
   viewport width.

 * Use a slim body width. The way the test was written a lot of the
   test actually ended up outside the viewport. Layout tests use
   default size 800x600 and this test expected up to double the height
   compared to the width.

 * Avoid gradients and rounded rectangles since they add nothing to
   what's actually meant to be tested.

The test svg/wicd/sizing-flakiness.html is a subset of the
rightsizing-grid test and should provide little value of its own. It
is thus removed.

BUG=571301

Review URL: https://codereview.chromium.org/1542563002

Cr-Commit-Position: refs/heads/master@{#366388}
mostynb
gn format BUILD.gn after CL1535803002
BUG=539572
TBR=dpranke

Review URL: https://codereview.chromium.org/1544453002

Cr-Commit-Position: refs/heads/master@{#366371}
sigbjornf
Oilpan: prefinalize StyleFetchedImage* image resource clients.
Followup r366092 and switch finalization mechanism for
StyleFetchedImage and StyleFetchedImageSet to prefinalizers.

Having them be eagerly finalized conflicted in some cases with
another eagerly finalized object (a FrameView scrollable area),
as these StyleFetchedImage objects cannot be allowed to
touch another eagerly finalized object.

Avoid the finalization (non-)ordering issue by switching these
to prefinalized objects instead.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1536113003

Cr-Commit-Position: refs/heads/master@{#366275}
fs
Drop SkPathContainsPoint in favor of SkPath::contains
This will increase the fidelity in some cases when hit-testing.

BUG=373638,523102

Review URL: https://codereview.chromium.org/1536803003

Cr-Commit-Position: refs/heads/master@{#366141}
philipj
Deprecate document.defaultCharset (to be removed in M50)
Intent to Deprecate and Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pWSb_tq13Kg/Dmk59Fb9AQAJ

BUG=567738

Review URL: https://codereview.chromium.org/1526563005

Cr-Commit-Position: refs/heads/master@{#366133}
bratell
Use Ebrima as fallback font for Tifinagh in Windows.
BUG=569421

Review URL: https://codereview.chromium.org/1525653002

Cr-Commit-Position: refs/heads/master@{#366131}
sigbjornf
Oilpan: fix build after r366113.
TBR=oilpan-reviews
BUG=505851
NOTRY=true

Review URL: https://codereview.chromium.org/1537683004

Cr-Commit-Position: refs/heads/master@{#366126}
philipj
Update the XMLHttpRequestProgressEvent deprecation messages for M50 removal
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/bpbq0Rcpauk/cnpJtHddAgAJ

BUG=357112

Review URL: https://codereview.chromium.org/1526003002

Cr-Commit-Position: refs/heads/master@{#366114}
philipj
Update the keyLocation deprecation message for M50 removal
Intent to Remove:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/lqknEaUYCJM/UbNahDDMAwAJ

BUG=568261

Review URL: https://codereview.chromium.org/1529623002

Cr-Commit-Position: refs/heads/master@{#366112}
philipj
Add willBeRemoved and replacedWillBeRemoved deprecation message helpers
The fullscreen deprecation messages are updated, because the old
advice was not as good as the new advice.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1533913003

Cr-Commit-Position: refs/heads/master@{#366096}
sigbjornf
Oilpan: eagerly finalize StyleFetchedImage* image resource clients.
Extend our practice of eagerly finalizing ImageResourceClients to
StyleFetchedImage and StyleFetchedImageSet.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1535643005

Cr-Commit-Position: refs/heads/master@{#366092}
fs
Add a Path::contains() version that use the Path's winding rule
In preparation for using SkPath::contains() for Path::contains(), add an
overload that uses the winding rule (fill type) from the SkPath, since
that the version which will require less impedance matching with the
Skia API. Convert "obvious" current users to the new overload, and remove
some unused winding rule accessors.
Attempt to clean up some related includes while in the general area.

BUG=523102

Review URL: https://codereview.chromium.org/1532923002

Cr-Commit-Position: refs/heads/master@{#366080}
mharanczyk
Change how DOM Inspector fetches document's base URL.
With integration of https://codereview.chromium.org/1409293007 appending
empty string is invalid operation for non hierarchical base urls. Since
DOM Inspector Agent actually want to determine base URL ask for that
data directly.
Without this change base url for non hierarchical (data:) urls was
always empty for inspector, which in turn caused webdriver to freeze
when trying to communicate with such documents, because it wrongly
assumed it is still in loading state (base url was empty),
so it waited for load complete.

Review URL: https://codereview.chromium.org/1530153002

Cr-Commit-Position: refs/heads/master@{#366079}
sigbjornf
Allow -webkit-text-decorations-in-effect preservation during para move.
Adjust assert to allow it; moving paragraphs as part of performing
JustifyRight will want to preserve styles, but this is done without
extra annotation. For which -webkit-text-decorations-in-effect is
also preserved.

R=tkent
BUG=498130
TEST=editing/execCommand/justify-right-in-effect-crash.html

Review URL: https://codereview.chromium.org/1522063002

Cr-Commit-Position: refs/heads/master@{#366067}
sigbjornf
Better handling of DocumentOrderedMap same-ID lookups during tree removals
Under select and unusal conditions, the removal of an element with ID
A might trigger further lookups of A from a TreeScope's DocumentOrderedMap
as part of handling the removal of that element. The tree and
DocumentOrderedMap is not in a consistent state to precisely handle such
lookups -- add machinery to spot that we're in a transitory state and
not trigger an assert over such failing lookups.

See code comments for further details.

R=tkent,esprehn
BUG=426005

Review URL: https://codereview.chromium.org/1532103002

Cr-Commit-Position: refs/heads/master@{#366066}
philipj
Simplify Node.prototype.baseURI to match the DOM spec
https://dom.spec.whatwg.org/#dom-node-baseuri

This simplification was made possible by the removal of xml:base in spec
and implementation:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20976
https://code.google.com/p/chromium/issues/detail?id=341854

BUG=570679

Review URL: https://codereview.chromium.org/1529363004

Cr-Commit-Position: refs/heads/master@{#365934}
landell
Include missing errno.h
BUG=

Review URL: https://codereview.chromium.org/1532833002

Cr-Commit-Position: refs/heads/master@{#365839}
bratell
Include <algorithm> if you use functions from <algorithm>.
I'm trying to remove #include <algorithm> from common headers because
it takes a long time to compile, but then code that actually need
<algorithm> need to include that header themselves.

This will bring no functional change.

BUG=563433

Review URL: https://codereview.chromium.org/1528323002

Cr-Commit-Position: refs/heads/master@{#365830}
philipj
Import the baseURI test from web-platform-tests
Import web-platform-tests@0bb3d73f26aa5a21326b6c1c7aaf35029222223f

Using update-w3c-deps in Blink 731a1238920ae9b7216cd2ced12267deb0d63e19.

This fails, but is imported so that it can be fixed.

BUG=570679

Review URL: https://codereview.chromium.org/1533653002

Cr-Commit-Position: refs/heads/master@{#365828}
wmaslowski
Permissions channel filter should use IDS_PRODUCT_NAME
... instead of explicit 'Google Chrome'.

BUG=560262

Review URL: https://codereview.chromium.org/1469003002

Cr-Commit-Position: refs/heads/master@{#365825}
sigbjornf
Oilpan: simplify plugin container finalization.
Simplify the finalization of WebPluginContainerImpl by registering a
prefinalizer for it. By doing so, we can let go of the LocalFrame
registration scheme currently used -- a scheme needed to ensure
that plugin containers could safely dispose of their plugin while
the owning LocalFrame was still alive and accessible. That
mechanism predated prefinalizer/eager finalization support. But
with it well in place, we can make good use of it here -- the
prefinalizer disposing of the plugin container while the LocalFrame
is accessible.

Notice that plugin containers (PluginView widgets) still need to
be explicitly disposed of in places. Their plugins will have to
be summarily & predictably destroyed at those points, something
that cannot be left until the next GC (whenever it goes ahead.)

R=dcheng
BUG=340522

Review URL: https://codereview.chromium.org/1517993004

Cr-Commit-Position: refs/heads/master@{#365792}
ljagielski
[Linux] Turn off -mstackrealign for breakpad in ia32.
There's a clang bug which causes crashes of syscalls which use many
registers for argument passing in ia32 architecture.
https://llvm.org/bugs/show_bug.cgi?id=16830

BUG=556393

Review URL: https://codereview.chromium.org/1473203002

Cr-Commit-Position: refs/heads/master@{#365770}
sigbjornf
Gracefully discharge a failed script load in disposed documents.
Should a ScriptLoader's resource end up being cancelled as part of
Document and ScriptRunner disposal, handle the error notification without
falsely asserting. Speculative crash fix.

R=haraken
BUG=536796

Review URL: https://codereview.chromium.org/1526293003

Cr-Commit-Position: refs/heads/master@{#365541}
bratell
Include <algorithm> if you use functions from <algorithm>.
I'm trying to remove #include <algorithm> from common headers because
it takes a long time to compile, but then code that actually need
<algorithm> need to include that header themselves.

This will bring no functional change.

BUG=563433

Review URL: https://codereview.chromium.org/1531703002

Cr-Commit-Position: refs/heads/master@{#365524}
sigbjornf
Oilpan: make ScrollableAreaTest.ScrollbarTrackAndThumbRepaint work.
Scrollbars assume that their associated theme objects live longer,
unregistering themselves upon finalization.

Make it clear that this lifetime assumption must also hold for Scrollbars
created by the test-only constructor Scrollbar::createForTesting() +
alter ScrollableAreaTest.ScrollbarTrackAndThumbRepaint so that the
scrollbars it creates are finalized before the mock theme object is.
With Oilpan, explicit flushing out of garbage is needed.

R=haraken
BUG=549277

Review URL: https://codereview.chromium.org/1528613006

Cr-Commit-Position: refs/heads/master@{#365517}
davve
Measure SVGSVGElement.viewport
The implementation is trivial but entirely useless and has been since
2012. The attribute is not present at all in Gecko.

It has been removed from the spec:
http://www.w3.org/Graphics/SVG/WG/track/actions/3815

BUG=395838, 415074

Review URL: https://codereview.chromium.org/1523273002

Cr-Commit-Position: refs/heads/master@{#365515}
philipj
Import dom/ from web-platform-tests
Import web-platform-tests@0bb3d73f26aa5a21326b6c1c7aaf35029222223f

Using update-w3c-deps in Blink adcc203a3f95a64d9bd7018adec276cfb7eadeb5.

Review URL: https://codereview.chromium.org/1529523002

Cr-Commit-Position: refs/heads/master@{#365433}
fs
Tidy up SVGParserUtilities
Remove unused typedefs and includes. Move 'transform'-related parsing
bits to SVGTransformList.cpp.

Review URL: https://codereview.chromium.org/1527993002

Cr-Commit-Position: refs/heads/master@{#365379}
fs
Use Vector<...>::append(const U*, size_t) in SVGPathByteStream
This appears to help larger paths a decent amount, while not hurting
smaller paths. Payload for this copy is 2-26 bytes. For a ~3.5k
character path string this reduced runtime of a
setAttribute('d', <path>) micro-benchmark (w/ mostly 10 byte payloads)
by roughly 17%.

BUG=568735

Review URL: https://codereview.chromium.org/1527613006

Cr-Commit-Position: refs/heads/master@{#365365}
fs
Shrink SVGTransform::valueAsString
Use a StringBuilder and convert transformTypePrefixForParsing to return
const char*.
Since this is a uniform arguments notation, put the arguments in an
array and loop through them, appending them to the result.
This reduces the size of this method from a bit of 6k to a bit over 950
bytes (x86-64).

Review URL: https://codereview.chromium.org/1525213002

Cr-Commit-Position: refs/heads/master@{#365354}
fs
Shrink SVGPreserveAspectRatio::valueAsString
No need to instantiate String for all the cases. Use a StringBuilder and
const char* instead.
Shrinks the method by nearly 500 bytes (x86-64)

Review URL: https://codereview.chromium.org/1526103002

Cr-Commit-Position: refs/heads/master@{#365319}
sigbjornf
Canonicalize creation of ServiceWorkerContainerClient supplement.
Follow the lazy from-new-provideTo pattern used elsewhere for instantiating
supplements.

R=horo
BUG=

Review URL: https://codereview.chromium.org/1518323002

Cr-Commit-Position: refs/heads/master@{#365230}
wdzierzanowski
Don't assume correct image format in CopyVpxImageToVideoFrame()
The data arriving inside the |vpx_image| struct is not guaranteed by
libvpx to be in one of the formats supported by VpxVideoDecoder.

BUG=569574
TEST=Loading http://shion.ru/crash.webm should result in video decoding error

Review URL: https://codereview.chromium.org/1520313002

Cr-Commit-Position: refs/heads/master@{#365213}
rune
Avoid unnecessary invalidation scheduling.
We skip scheduling invalidation sets for an element when:

* StyleResolver is null
* Element is not inActiveDocument()
* Element does not have a parent
* Element parent has SubtreeStyleChange or ReattachStyleChange

Additionally we skip descendant invalidations when:

* Element has SubtreeStyleChange or ReattachStyleChange

and sibling invalidations when:

* Element.nextSibling is null

Removed an unnecessary SubtreeStyleChange when StyleResolver is null for
attribute changes.

BUG=557440

Review URL: https://codereview.chromium.org/1514733002

Cr-Commit-Position: refs/heads/master@{#365188}
fs
Fix ImageResource null-check in LayoutImage::foregroundIsKnownToBeOpaqueInRect
Make sure m_imageResource->cachedImage() is non-null before
dereferencing even for the use in the context of the TRACE_EVENT.

BUG=569624

Review URL: https://codereview.chromium.org/1527453003

Cr-Commit-Position: refs/heads/master@{#365097}
sigbjornf
Document LEAK_SANITIZER_IGNORE_OBJECT() more precisely.
R=haraken
BUG=567257
NOTRY=true

Review URL: https://codereview.chromium.org/1511833006

Cr-Commit-Position: refs/heads/master@{#365025}
sigbjornf
Oilpan: support OSX thread stack size discovery.
We do know enough about OSX stack sizes to be able to work around
bugginess of 10.9's pthread_get_stacksize_np().

R=haraken
BUG=569480

Review URL: https://codereview.chromium.org/1527513002

Cr-Commit-Position: refs/heads/master@{#364996}
sigbjornf
Revert of Response construction with a ReadableStream (patchset #13 id:320001 of https://codereview.chromium.org/1506023003/ )
Reason for revert:
Caused some UAFs,

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/21811

Original issue's description:
> Response construction with a ReadableStream
>
> This CL implements Response construction with a ReadableStream provided
> by V8 Extras. The feature is behind a runtime enabled flag.
>
> The implementation is not perfect.
>  - ReadableStreamDataConsumerHandle should be thread-safe but is not.
>  - ReadableStreamDataConsumerHandle may cause memory leaks.
> But these problems don't bother stable users.
>
> BUG=564479
>
> Committed: https://crrev.com/6aa006ba0f0f8a60c20167ad009f5699e40b8ef2
> Cr-Commit-Position: refs/heads/master@{#364968}

TBR=domenic@chromium.org,bashi@google.com,bashi@chromium.org,haraken@chromium.org,tyoshino@chromium.org,yhirano@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=564479

Review URL: https://codereview.chromium.org/1527493002

Cr-Commit-Position: refs/heads/master@{#364981}
fs
Restore TextCaseSensitivity argument to literal {start,end}sWith
This reverts the change made by:
  https://codereview.chromium.org/1507763003
hence restoring the method signatures. Implementations are adjusted
based on intermediate changes, like supporting ASCII case-insensitive.

Reorganize the equalSubstring* helpers so that more code can be shared
(at least textually.)
Also try to make the naming of arguments consistent for the various
startsWith/endsWith implementations ("prefix"/"suffix" rather than
"match").

BUG=568584

Review URL: https://codereview.chromium.org/1523463004

Cr-Commit-Position: refs/heads/master@{#364957}
sigbjornf
Oilpan: fixup Handle.h include.
R=haraken
BUG=357163

Review URL: https://codereview.chromium.org/1520083002

Cr-Commit-Position: refs/heads/master@{#364950}
fs
Ship Case-insensitive attribute selectors
Intent-to-ship:
  https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/vAWK0ldpyrc

BUG=567732

Review URL: https://codereview.chromium.org/1519833002

Cr-Commit-Position: refs/heads/master@{#364831}
philipj
Remove deprecation messages for no-ops that are left in the specs
Since these will not be removed, warning developers about them is
not a good use of attention.

Take the opportunity to remove the detach() calls from a few tests where
it does nothing anyway. Remove detach-range-during-deletecontents.html
as that was testing specifically detach() which cannot be relevant now
that it is a no-op. Some of the range-* tests are left untouched as they
explicitly call out that detach() is a no-op in comments.

These are the reviews where these deprecation messages were added:
https://codereview.chromium.org/256013002
https://codereview.chromium.org/252783002
https://codereview.chromium.org/901623002

BUG=568218
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1516553002

Cr-Commit-Position: refs/heads/master@{#364745}
fs
Use ASCII case-insensitive matching for attribute selectors
When matching attribute selectors in a case-insensitive manner, the
match should be performed using "ASCII case-insensitive" matching per
the "document language" specification (HTML) [1]. Similarly when the "i"
modifier is used [2].

New behavior matches Gecko (for [1]) and WebKit (for [1] and [2]).

This requires adding some new functions to support the various matching
operations: startsWith, endsWith and find.
Add TextCaseSensitivity value TextCaseASCIIInsensitive and
implementations for the methods mentioned above.
Replace current use of startsWithIgnoringASCIICase with startsWith,
passing TextCaseASCIIInsensitive.

[1] https://html.spec.whatwg.org/multipage/scripting.html#case-sensitivity
[2] https://drafts.csswg.org/selectors-4/#attribute-case

BUG=565878

Review URL: https://codereview.chromium.org/1499933003

Cr-Commit-Position: refs/heads/master@{#364703}
davve
Split SVGSVGElement.create* functions from SVG1DOM counter
Measure them individually to see which ones, if any, has any
usage. They are interesting in the sense of being the only way of
creating such objects.

BUG=415074

Review URL: https://codereview.chromium.org/1505953008

Cr-Commit-Position: refs/heads/master@{#364695}
sigbjornf
Oilpan: fix build after r364654, part 3.
TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1514393002

Cr-Commit-Position: refs/heads/master@{#364692}
sigbjornf
Oilpan: always limit persisted plugin disposal to PluginViews instances.
With Oilpan enabled, the plugin element needs to synchronously inform
its 'persisted' plugin widget that it is slated for destruction and
call its dispose() method. This is needed so as to have that plugin
unregister in a timely fashion (without waiting on the next GC.)

This disposal step is only needed for PluginView widgets; it is indeed
harmful to call it for a FrameView widget should it be disposed while
being in the middle of performing a full layout.

R=dcheng
BUG=568383

Review URL: https://codereview.chromium.org/1514073002

Cr-Commit-Position: refs/heads/master@{#364690}
sigbjornf
Oilpan: fix build after r364654, part 2.
Follow up r364678, unit test breakages.

TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1520523005

Cr-Commit-Position: refs/heads/master@{#364683}
sigbjornf
Oilpan: fix build after r364654.
TBR=oilpan-reviews
BUG=531990
NOTRY=true

Review URL: https://codereview.chromium.org/1521583002

Cr-Commit-Position: refs/heads/master@{#364678}
davve
Hook up RendererMediaSessionManager with browser side
Implements the basic IPC messages for activation and deactivation back
and forth.

The browser side is still unimplemented.

BUG=497735

Review URL: https://codereview.chromium.org/1441883003

Cr-Commit-Position: refs/heads/master@{#364673}
davve
Remove --disable-svg1dom runtime flag
Because the SVG1DOM UseCounter was high enough that we couldn't rip
all of it out together[1] we might as well drop the run-time flag for
disabling it. It carries a non-significant cost of generated bindings
code (~700 lines less and simpler code) and won't be of much use now
anyway.

[1] https://code.google.com/p/chromium/issues/detail?id=415074#c4

BUG=415074

Review URL: https://codereview.chromium.org/1514853002

Cr-Commit-Position: refs/heads/master@{#364657}
christiank
Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Committed: https://crrev.com/7d60ce9a132a88ead407a2a58c91edc431e68259
Cr-Commit-Position: refs/heads/master@{#364326}

Review URL: https://codereview.chromium.org/1379783002

Cr-Commit-Position: refs/heads/master@{#364484}
fs
Remove String::reverseFindIgnoringCase
No longer used. Also remove the "dynamic" TextCaseSensitivity version
of String::reverseFind.

BUG=565878

Review URL: https://codereview.chromium.org/1508423004

Cr-Commit-Position: refs/heads/master@{#364375}
philipj
Add UseCounters for Selection methods that take null
Making collapse's argument non-nullable appears risky:
https://codereview.chromium.org/1498253002/#msg9

The risk for setBaseAndExtent is entirely unknown.

Measure both cases before proceeding further.

The change to Selection.idl is for clarity only, these are implicitly
nullable because of [LegacyInterfaceTypeChecking], and adding making
them explicitly nullable does not change the generated code.

Review URL: https://codereview.chromium.org/1509353004

Cr-Commit-Position: refs/heads/master@{#364344}
mstensho
PrintContext::pageProperty() shouldn't use 0 as page height.
This function only seems to be used by window.internals,
although WebFrame also provides a method that ends up there. It's only
partially implemented, though. It recognizes "margin-left", but not
"margin-right", for instance. Anyway, use a better page height than 0.

Also no need to explicitly lay out the document here, since
PrintContext::begin() does it for us.

With this change, we no longer need to perform a page height sanity check in
LayoutView::layout() before creating a ViewFragmentationContext.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1510353002

Cr-Commit-Position: refs/heads/master@{#364333}
mostynb
remove duplicate friend declaration
GCC builds fail with duplicate friend declaration introduced
by https://codereview.chromium.org/1407383005

BUG=543655
TBR=vollick

Review URL: https://codereview.chromium.org/1515673004

Cr-Commit-Position: refs/heads/master@{#364328}
christiank
Allow one-copy and zero-copy task tile worker pools to use compressed textures.
BUG=434699
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1379783002

Cr-Commit-Position: refs/heads/master@{#364326}
philipj
Drop [LegacyInterfaceTypeChecking] for Selection.prototype.addRange
This already throws in Firefox and IE11 when the argument is null:
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3781

DOMSelection::addRange is only called from generated bindings, so the
assert will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1511913002

Cr-Commit-Position: refs/heads/master@{#364322}
philipj
Drop [LegacyInterfaceTypeChecking] for SpeechSynthesis.prototype.speak
This changes only the exception message. There are no internal calls to
SpeechSynthesis::speak, so the ASSERT(utterance) will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1481163002

Cr-Commit-Position: refs/heads/master@{#364303}
sigbjornf
Safely finalize an AnimationTimeline's still-attached Animations.
R=haraken
BUG=568084

Review URL: https://codereview.chromium.org/1515573002

Cr-Commit-Position: refs/heads/master@{#364300}
fs
Refactor StringImpl::{start,end}sWith(StringImpl*, ...)
In preparation for ASCII case-insensitive matching in these two methods,
add a macro for handling the "dispatch" to the right method, and split
the single method into two in both instances. Make the argument to the
new methods as well as the methods themselves const.
Add equalSubstring{,IgnoringCase} helpers and use those to implement
both of the methods.

BUG=565878

Review URL: https://codereview.chromium.org/1511813004

Cr-Commit-Position: refs/heads/master@{#364243}
philipj
Import web-platform-tests@5dbe45af3ad3a933c03187c72f1c12cbe2877703
Using update-w3c-deps in Blink 2fdb258ddf7fa6834750711a10a01d26766b7d46.

Failing test expectations were added for two tests:

 * maxlength.html fails because the internal maxlength 524288 is exposed to
   scripts instead of -1.

 * document.getElementsByName-namespace-xhtml.xhtml fails because
   getElementsByName() tests all elements, while the spec says to only
   include HTML elements in the collection:
   https://html.spec.whatwg.org/multipage/dom.html#dom-document-getelementsbyname

R=tkent@chromium.org

Review URL: https://codereview.chromium.org/1515563002

Cr-Commit-Position: refs/heads/master@{#364149}
rune
Don't early return on SubtreeStyleChange for scheduling invalidations.
Sibling invalidation sets still need to be scheduled for elements with
SubtreeStyleChange when SubtreeStyleChange is for strict subtree.

R=dstockwell@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1503993002

Cr-Commit-Position: refs/heads/master@{#364092}
davve
Split SVGStringList related measurements from SVG1DOM counter
Measure users of SVGStringList individually to see if the
SVGStringList and SVGTests interfaces can be removed or needs to stay.

BUG=415074

Review URL: https://codereview.chromium.org/1507613002

Cr-Commit-Position: refs/heads/master@{#364074}
rune
Remove clearing of pending invalidation sets.
In preparation for making SubtreeStyleChange not affect the sibling
forest.

We can skip scheduling descendant invalidation sets for elements whose
styleChangeType is SubtreeStyleChange. However, with sibling invalidation
sets, we still need to schedule invalidations for invalidating the
sibling forest when we change SubtreeStyleChange to be a strict subtree
recalc.

We may not clear pending invalidations on detach either, unless the node
was actually removed from the dom tree, since there might be pending
sibling invalidations.

R=dstockwell@chromium.org,ericwilligers@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1507653002

Cr-Commit-Position: refs/heads/master@{#364064}
bratell
[net] Make state table const to share between processes.
When studying the contents of the duplicated data between
processes I found the parser_state variable in http_server.cc.

It's only about 200 bytes but the fix is trivial (add a const).

The rest of the change is a git cl format net to make presubmit happy.

R=yhirano@chromium.org, mmenke@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1506893004

Cr-Commit-Position: refs/heads/master@{#364061}
mstensho
The column balancer should ignore things outside the bounds of the row.
The column balancer examines one row (fragmentainer group) at a time, and it
needs to ignore things that happen at hard or soft column breaks in other rows.
Do some flow thread coordinate bounds checking to avoid being affected by
pagination struts and hard breaks in other rows.

BUG=556481
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1501053002

Cr-Commit-Position: refs/heads/master@{#364040}
mstensho
Paginated containers are opaque to enclosing fragmentation contexts.
Only multicol containers may be fragmented by enclosing fragmentation contexts.
Unlike multicol containers, containers with overflow:paged-x or paged-y cannot
create additional fragmentainer groups for each outer column that it lives in.

Added a basic test for multicol inside paged overflow, since it was missing,
just to make sure that this CL doesn't break anything.

BUG=479074
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1503003002

Cr-Commit-Position: refs/heads/master@{#364036}
mateuszs
Fixed i-cursor height calculation.
In previous solution only AND part of cursor mask
was taken into account. Now both AND and XOR parts
are considered to properly determine bottom point
of cursor pointer.

BUG=446810

Review URL: https://codereview.chromium.org/1067163003

Cr-Commit-Position: refs/heads/master@{#364026}
sigbjornf
Oilpan: fix build after r363998.
The struct contains a raw pointer to an Oilpan heap object (Scrollbar*),
which is not allowed without either accounting for its safety (or
by having it be traced.)

But as the struct is unused, just remove it.

R=haraken
BUG=560418
NOTRY=true

Review URL: https://codereview.chromium.org/1515503002

Cr-Commit-Position: refs/heads/master@{#364015}
fs
Drop TextCaseSensitivity from {start,end}sWith(const char*, ...)
The only user that's uses case-insensitive matching is
localeIdMatchesLang(), which can get a helper of its own (broken out of
equalInner).
Also rearrange/rewrite localeIdMatchesLang() a bit to not compare the
language prefix again for each possible delimiter, and skip the "full"
comparison at the start (using a prefix match+length check instead.)
Also remove the templated StringImpl::{start,end}sWith.

BUG=565878

Review URL: https://codereview.chromium.org/1507763003

Cr-Commit-Position: refs/heads/master@{#364014}
sigbjornf
Reland of Fix several corner case issues of scrollbar paint invalidation (patchset #1 id:1 of https://codereview.chromium.org/1513573004/ )
Reason for revert:
Thanks for looking after the health of Oilpan builds. But as Oilpan is yet to be CQ-blocking, we don't want to be unnecessarily causing post-landing revert consternation & be in the way of overall progress.

Hence, I'm going to undo this revert & address the problem the Oilpan static checks are picking up on; it's a trivial one.

Original issue's description:
> Revert of Fix several corner case issues of scrollbar paint invalidation (patchset #7 id:120001 of https://codereview.chromium.org/1491193003/ )
>
> Reason for revert:
> I suspect this may have broken the Oilpan build:
>
> https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac%20Oilpan/builds/27442
>
> Original issue's description:
> > Fix several corner case issues of scrollbar paint invalidation
> >
> > - Invalidate composited scrollbars also during paint invalidation to
> >   avoid unnecessary invalidation on intermediate changes;
> >
> > - Invalidate also on the containing box for moved/resized composited
> >   non-overlay scrollbars. This ensures the expanded/shrunk areas of the
> >   box because of scrollbar existence/width change are invalidated. This
> >   is the root cause of bug 535161.
> >
> > - Avoid unnecessary invalidations on overlay scrollbar changes.
> >
> > BUG=535161,560418
> >
> > Committed: https://crrev.com/48e402acbebf2717b8e79b89dba5310d31bf95da
> > Cr-Commit-Position: refs/heads/master@{#363998}
>
> TBR=chrishtr@chromium.org,skobes@chromium.org,wangxianzhu@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=535161,560418
>
> Committed: https://crrev.com/ed0577e5a8952de3976d6b18fa0ed39fe2a0e418
> Cr-Commit-Position: refs/heads/master@{#364000}

TBR=chrishtr@chromium.org,skobes@chromium.org,wangxianzhu@chromium.org,dominicc@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=535161,560418

Review URL: https://codereview.chromium.org/1511143002

Cr-Commit-Position: refs/heads/master@{#364006}
sigbjornf
GC plugin: remove mixin trace override restriction.
The GC plugin currently insists that a class that is declared as a
mixin instance (i.e., uses USING_GARBAGE_COLLECTED_MIXIN()) must also
declare its own local trace implementation override.

This is an unnecessary restriction to impose:

 - if the class derives from one GarbageCollectedMixin<> instance,
   it will have its virtual trace method in scope.
 - if it inherits from multiple, ambiguity exists and the compiler
   will already complain.
 - if the class declares traceable members of its own, then not providing
   a trace implementation that correctly handles these members will
   be otherwise flagged as an error by the GC plugin.

Remove the static check from the plugin, along with adding a unit test
which verifies that the virtual trace is inherited as expected.

R=thakis,haraken
BUG=444565

Review URL: https://codereview.chromium.org/1504013004

Cr-Commit-Position: refs/heads/master@{#364001}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

(Reland of r363780.)

R=haraken
BUG=567257

Committed: https://crrev.com/6918d00fae1ab739f89393378fa4adddabacafd2
Cr-Commit-Position: refs/heads/master@{#363780}

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363994}
mostynb
don't rely on -Wno-narrowing in skcanvas_video_renderer.cc
Review URL: https://codereview.chromium.org/1504673003

Cr-Commit-Position: refs/heads/master@{#363947}
philipj
Remove unused [RaisesException] for createNodeIterator() and createTreeWalker()
While in the area, also assert that the root argument is not null, which
is guaranteed since https://codereview.chromium.org/360463005

The FIXME is removed because the whatToShow default value is 0xFFFFFFFF,
so any such warning would trigger by default.

R=haraken@chromium.org

Review URL: https://codereview.chromium.org/1510753004

Cr-Commit-Position: refs/heads/master@{#363850}
mstensho
Add support for printing multicol containers, and enable it.
Introduce an abstract class FragmentationContext, which is either implemented
by LayoutMultiColumnFlowThread for multicol, or by the new
ViewFragmentationContext class, which is attached to a LayoutView when
printing. This way it will act as an enclosing fragmentation context for a
multicol container in the document. This is similar to how an outer multicol
container acts as an enclosing fragmentation context for an inner multicol
container.

The multicol flow thread implementation will now obtain and use a
FragmentationContext when attempting to locate its enclosing fragmentation
context, rather than only looking for another flowthread up there (and assume
that it's not nested if none was found). A big part of this CL is to teach the
multicol implementation about this, which means that there are quite a few
mechanical changes from enclosingFlowThread() (and LayoutMultiColumnFlowThread
method calls) to enclosingFragmentationContext() (and FragmentationContext
method calls).

Replaced an old printing test that tested that multicol didn't work, with one
that tests that multicol does work. :)

Also added another test that splits a multicol container over two pages.

BUG=99358
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1492143002

Cr-Commit-Position: refs/heads/master@{#363838}
davve
Remove special handling of xpointer( as fragment url
Unless we're implementing xpointer( real soon now, we might as well be
honest about not supporting it.

BUG=567693

Review URL: https://codereview.chromium.org/1504333002

Cr-Commit-Position: refs/heads/master@{#363787}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

R=haraken
BUG=567257

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363780}
sigbjornf
Oilpan: fix build after r363737.
Leave CompositorProxiedPropertySet off the Oilpan heap for now.

R=haraken
BUG=430155
NOTRY=true

Review URL: https://codereview.chromium.org/1512473002

Cr-Commit-Position: refs/heads/master@{#363762}
fs
Avoid race-warning for access to animatableAttributes
Collecting debug data during a commit in CC can land us in this method
while not running in the main thread  (although it'll be blocked).
Since this is assert-only code, switch to a thread-safe initializer to
avoid triggering this warning. Hopefully this doesn't slow things down
to badly on bots.

BUG=545972

Review URL: https://codereview.chromium.org/1487813002

Cr-Commit-Position: refs/heads/master@{#363687}
sigbjornf
Release Oilpan heap singletons prior to LSan leak detection.
Make Oilpan and LSan cooperate better. As Persistent<> references
created via DEFINE_STATIC_LOCAL() and similar will be reachable to
LSan's leak detection pass, the objects they refer to outside of
the Oilpan heap will be reported as leaking.

(This is in contrast to what happens in the non-Oilpan setting,
where the (leaked) pointer created via DEFINE_STATIC_LOCAL() is
stored in a local "static"; such non-global references are not
considered roots to LSan and hence the objects reachable from
those will not be reported as leaking.)

Address the problem on the Oilpan side by having such "static"
Persistent<>ly-held singletons be registered and tracked such
that we're able to release them all just before shutting down
and performing an extra round of GCs. Leaving a cleaner heap
for LSan to work over. And to report no leaks over, ideally.

As part of the changes needed to support this for Oilpan,
wtf/LeakAnnotations.h offerings has been renamed and changed
a bit:

 * WTF_ANNOTATE_MEMORY_LEAK_SCOPE => LEAK_SANITIZER_DISABLED_SCOPE.
   (but see LeakAnnotations.h for macro to use local to wtf/.)
 * WTF_ANNOTATE_IGNORE_OBJECT_PTR => LEAK_SANITIZER_IGNORE_OBJECT.
 * LEAK_SANITIZER_REGISTER_STATIC_LOCAL().

R=haraken
BUG=567257

Review URL: https://codereview.chromium.org/1491253004

Cr-Commit-Position: refs/heads/master@{#363591}
davve
Disallow [Measure] and [MeasureAs] on interfaces without a constructor
For the instances where MeasureAs was specified on interfaces without
a constructor, simply remove the MeasureAs. Since they can't be
created by script, it seems more worthwhile want to measure where
these object are returned rather than the use of the interfaces
themselves.

The only change in generated code will be less includes of
core/frame/UseCounter.h, as can be seen in the binding testsuite
update.

BUG=415074, 567015

Review URL: https://codereview.chromium.org/1509493002

Cr-Commit-Position: refs/heads/master@{#363503}
sigbjornf
Oilpan: remove unnecessary MultisamplingChangedObserver unregistration.
As the Page keeps weak references to its MultisamplingChangedObservers,
there is no need to explicitly unregister upon finalization of
WebGLRenderingContextBase. It will already have been removed by
weak processing.

That unregistration step was made safe by virtue of the context object
being eagerly finalized.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1508673002

Cr-Commit-Position: refs/heads/master@{#363489}
davve
Teach SVGImageForContainer::imageForCurrentFrame about the URL
Pass URL from SVGImageForContainer to SVGImage when fetching an
snapshot for current frame.

BUG=565282

Review URL: https://codereview.chromium.org/1498683003

Cr-Commit-Position: refs/heads/master@{#363466}
philipj
Drop [LegacyInterfaceTypeChecking] for the Presentation API
The change to the send() methods are unobservable, because the added
TypeError exceptions in the generated code are unreachable, as type
testing is first used to pick which send() to dispatch to.

The change to defaultRequest is observable, in that something like
`presentation.defaultRequest = {}` will now throw TypeError instead of
setting defaultRequest to null. Since this is a very new API, this is
very unlikely to be a problem.

BUG=561338

Review URL: https://codereview.chromium.org/1484463003

Cr-Commit-Position: refs/heads/master@{#363464}
sigbjornf
Improve ScriptForbiddenScope handling in cross-threaded code.
For code that is used by multiple threads, we currently have to resort
to explicit main thread checks and manually adjust script forbidden
counts depending. Introduce ScriptForbiddenIfMainThreadScope that
reliably takes care of the details instead, entering&leaving a script
forbidden scope iff on the main thread.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1502093002

Cr-Commit-Position: refs/heads/master@{#363454}
davve
Remove redundant code from v8_interface.py
The 'UseCounter.h' include is added when needed by deprecate_as and
measure_as methods.

BUG=567015

Review URL: https://codereview.chromium.org/1500423002

Cr-Commit-Position: refs/heads/master@{#363449}
davve
Drop Image::setContainerSize()
Prior to this patch, the only user of Image::setContainerSize() was
HTMLImageElement::getSourceImageForCanvas().

SVGImage, one the relevant kinds of image that return true for
Image::usesContainerSize(), is a shared resource between all places in
the document pointing to the same SVG image. Each time a SVGImage is
drawn, the container size it is drawn relative to is saved. This may
cause subsequent paints of the same SVGImage to re-use the old
container size unless a new one is provided.

The old code addressed just that. When it detected that there was no
layout object attached, it overwrote the old container size with the
size of the image itself, to avoid reusing an old container size.

The new code uses the SVGImageForContainer wrapper to insert the image
size as container size. This closes the loop for using _any_ container
size at all from the Image element. It seems unreasonable that the
layout'ed size should have anything to do with what's drawn to the
canvas anyway.

GeneratedImage had a setContainerSize() implementation too, which is
removed in this patch. It's suspected that this implementation was
unused since a generated image can't be set on a HTMLImageElement
directly.

BUG=563923

Review URL: https://codereview.chromium.org/1489003002

Cr-Commit-Position: refs/heads/master@{#363437}
sigbjornf
Simplify prefinalizer processing.
The processing can be performed in one pass.

R=haraken
BUG=420515
NOTRY=true

Review URL: https://codereview.chromium.org/1507483002

Cr-Commit-Position: refs/heads/master@{#363426}
philipj
Add use counters for NodeFilter being a function or an object
NodeFilter is a callback interface in the spec, but a plain interface in
Blink. It's the only callback interface that also has attributes, so
that there must be a NodeFilter attribute on the global object. In order
to make NodeFilter a callback interface per spec, the bindings generator
would need new code to generate that object.

If it's possible to make the createNodeIterator() and createTreeWalker()
filter arguments callback functions instead of callback interfaces, it
looks like this could all be simplified significantly. NodeFilter would
then remain as a plain interface with only the const attributes.

There is also a minor incompatiblity with Gecko related to NodeFilter.
Blink always wraps the function or object inside a new object which is
instanceof NodeFilter, and NodeIterator.prototype.filter returns this
object. Gecko, on the other hand, returns the same object thas was
passed in to createNodeIterator(), and instanceof NodeFilter throws a
TypeError.

BUG=462946

Review URL: https://codereview.chromium.org/1493023004

Cr-Commit-Position: refs/heads/master@{#363366}
philipj
Drop [LegacyInterfaceTypeChecking] for the Web Audio API
This aligns Web Audio with what WebIDL requires given the IDL it uses.

The risk of these changes is bounded by these use counters:

AnalyserNode ~0.01%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/631

BiquadFilterNode ~0.001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/632

ConvolverNode ~0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/636

OscillatorNode ~0.001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/643

WaveShaperNode <0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/648

AudioParam.prototype.setValueCurveAtTime <0.0001%:
https://www.chromestatus.com/metrics/feature/timeline/popularity/913

With such lower usage, fixing corner cases like this is unlikely to
cause any trouble. Usage of AudioContext itself is at most ~0.2%, but
that counter is not for the constructor but merely access to
window.AudioContext, and thus not a good indicator of real usage:
https://www.chromestatus.com/metrics/feature/timeline/popularity/652

BUG=561338

Review URL: https://codereview.chromium.org/1493753003

Cr-Commit-Position: refs/heads/master@{#363297}
rune
Renamed authorStyleSheets to injectedAuthorStyleSheets.
The naming in StyleEngine was too general to grasp which stylesheets these
actually were. They are stylesheets injected through
WebDocument::insertStyleSheet which are injected by extensions afaict.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1493323002

Cr-Commit-Position: refs/heads/master@{#363219}
sigbjornf
Prevent reported RenderViewImplTest LSan leaks.
Add missing calls to ProcessPendingMessages() to a pair of
RenderViewImplTest unit tests. Not doing so would, with Oilpan enabled,
flakily hold on to the entire view of the test and report it as leaking
with LSan.

R=jochen
BUG=

Review URL: https://codereview.chromium.org/1495923002

Cr-Commit-Position: refs/heads/master@{#363196}
tmoniuszko
Adjust text fade width and alpha
Slightly increase fade gradient width.

Use 0 target alpha for wide texts. Linearly increase alpha for narrower
texts.

BUG=563390

Review URL: https://codereview.chromium.org/1493713002

Cr-Commit-Position: refs/heads/master@{#363188}
rune
Call pseudoStateChangedForElement from Element::pseudoStateChanged only.
There were a few places where StyleEngine::pseudoStateChangedForElement
was called directly instead of via Element::pseudoStateChanged. Changed
to have consistently common code paths.

Review URL: https://codereview.chromium.org/1491183007

Cr-Commit-Position: refs/heads/master@{#363177}
wdzierzanowski
Revert "Fix race on demuxer memory usage. Reuse previous calculation."
This reverts commit 9ac642d1d2ed95b810ff276fb65c2be7b461e791.

Now that Demuxer::GetMemoryUsage() runs on the media thread
(fd4cd91c5eea8b3a4970f5512a306e4a03e33101), the reason for the race is
removed and so the synchronization in FFmpegDemuxer can be removed too.

BUG=564034
TEST=Crash page from https://crbug.com/447898 still doesn't crash

Review URL: https://codereview.chromium.org/1494113002

Cr-Commit-Position: refs/heads/master@{#363173}
mstensho
Support enclosing fragmentainer breaks inside spanners.
A column-span:all object in a nested multicol container is part of one or more
columns in the outer multicol container, so we need to allow it to be
paginated. In order to paginate it correctly, we also need to set its correct
logical top before laying it out, or we'd risk inserting pagination struts at
the wrong places.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1492993002

Cr-Commit-Position: refs/heads/master@{#363160}
philipj
Make ConvolverNode.buffer and WaveShaperNode.curve nullable
These are nullable in the spec:
https://webaudio.github.io/web-audio-api/#ConvolverNode
https://webaudio.github.io/web-audio-api/#WaveShaperNode

Because of [LegacyInterfaceTypeChecking], this does not change the
generated code at all, and is therefore not testable. However, it will
result in the correct behavior once [LegacyInterfaceTypeChecking] is
removed, to be done separately.

BUG=561338

Review URL: https://codereview.chromium.org/1497823003

Cr-Commit-Position: refs/heads/master@{#363159}
sigbjornf
Explicitly detach remote window from its frame.
See RemoteFrame::setView() comment explaining why this is needed
over RemoteFrames.

R=haraken,dcheng
BUG=

Review URL: https://codereview.chromium.org/1487253006

Cr-Commit-Position: refs/heads/master@{#363150}
philipj
Drop [LegacyInterfaceTypeChecking] for URL.createObjectURL(blob)
The change to the generated code is such that only calls to
URL.createObjectURL(null) and URL.createObjectURL(undefined) are
affected, as those would previously match the nullable Blob argument.

This is very low risk, due to the behavior of other browsers:

Firefox and IE11 throw for both URL.createObjectURL(null) and
URL.createObjectURL(undefined). Edge presumably matches IE11.

Safari throws for URL.createObjectURL(undefined) but returns null for
URL.createObjectURL(null), which was our behavior before this change.

There are no internal calls to DOMURL::createObjectURL, so the ASSERT
will hold.

BUG=561338

Review URL: https://codereview.chromium.org/1492093002

Cr-Commit-Position: refs/heads/master@{#363031}
philipj
Sync the Storage API with the spec
https://html.spec.whatwg.org/multipage/webstorage.html

The only change to the generated code is the data->value rename.

BUG=460722
R=jsbell@chromium.org

Review URL: https://codereview.chromium.org/1498823002

Cr-Commit-Position: refs/heads/master@{#362999}
sigbjornf
Oilpan: add missing pointer initialization following r362974.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1494563005

Cr-Commit-Position: refs/heads/master@{#362989}
davve
Drop dead code path in SVGImage
The SVGImage class is marked final and SVGImage::usesContainerSize()
returns true.  This means setContainerSize should never have to bail
out early over not using container size.

Review URL: https://codereview.chromium.org/1500573003

Cr-Commit-Position: refs/heads/master@{#362984}
rune
Remove unused activeAuthorStyleSheets method.
R=mstensho@opera.com

Review URL: https://codereview.chromium.org/1498593004

Cr-Commit-Position: refs/heads/master@{#362959}
sigbjornf
Oilpan: no destructor needed for CSSPrimitiveValue.
Any unregistration is (already) taken care of by Oilpan.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1485353006

Cr-Commit-Position: refs/heads/master@{#362931}
wdzierzanowski
Run Demuxer::GetMemoryUsage() on media thread
Split the memory usage reporting in WebMediaPlayerImpl into two steps so
that |demuxer_| can be accessed on the media thread only.

This change makes no practical difference for ChunkDemuxer ATM, which
uses locks extensively anyway.  But it does make a difference for
FFmpegDemuxer (as evidenced by
https://codereview.chromium.org/1419753007 -- can be reverted now).
Also, other Chromium-based products are better off if Demuxer
implementations are not forced to worry about synchronization
themselves.

BUG=564034
TEST=Crash page from 447898 still doesn't crash

Review URL: https://codereview.chromium.org/1480213005

Cr-Commit-Position: refs/heads/master@{#362821}
fs
Robustify state-transitions in HTMLMediaElement::startDeferredLoad
A preload=none load() followed by setting preload != none would try to
transition to ExecuteOnStopDelayingLoadEventTask while in that state
already.

BUG=562535

Review URL: https://codereview.chromium.org/1495533002

Cr-Commit-Position: refs/heads/master@{#362735}
philipj
Drop [LegacyInterfaceTypeChecking] for most init*Event() methods
This will only affect cases where the argument provided but is neither null nor
an object of the required type. The main risk is therefore that people have
passed shifted all the arguments by accident, so that a boolean, string or
number is passed for one of the affected arguments.

Cases where undefined is passed or the argument is omitted entirely are not
affected, they behave just as if null were passed.

Also drop the *Arg suffix in arguments for initTextEvent().

BUG=561338

Review URL: https://codereview.chromium.org/1485833004

Cr-Commit-Position: refs/heads/master@{#362727}
philipj
Drop [LegacyInterfaceTypeChecking] for HTMLTableElement
Although the behavior when setting caption/tHead/tFoot to null is still
not per spec, it's still nice to get the correct exception message when
passing some non-null value of the wrong type.

BUG=561338

Review URL: https://codereview.chromium.org/1493673002

Cr-Commit-Position: refs/heads/master@{#362700}
philipj
Drop [LegacyInterfaceTypeChecking] for HTMLInputElement.prototype.files
The setter is non-standard, but if it is standardized it wouldn't make
sense to have the existing behavior. For any case that this starts
throwing there's a programming error, so unless it breaks the web it
should throw TypeError.

BUG=561338

Review URL: https://codereview.chromium.org/1492523003

Cr-Commit-Position: refs/heads/master@{#362689}
tmoniuszko
Fix path_parser dependency on policy component
BUG=

Review URL: https://codereview.chromium.org/1133853005

Cr-Commit-Position: refs/heads/master@{#362684}
fs
Use SVGLength's wrapped CSSPrimitiveValue for pres.attr. style
Since SVGLength now wraps a CSSPrimitiveValue, there's no need to create
a (potentially new) CSSPrimitiveValue when collecting presentation
attribute style for SVG elements. Could save an allocation in some
cases.
Gets rid of the addSVGLengthPropertyToPresentationAttributeStyle helper
on SVGElement.

Review URL: https://codereview.chromium.org/1481123002

Cr-Commit-Position: refs/heads/master@{#362680}
rune
Use invalidation sets for :lang changes.
Modifying lang or xml:lang attributes caused a LocalStyleChange for the
corresponding element in the presentational attribute check, but other
elements may be affected using selector combinators.

Use invalidation sets like we do for other pseudo classes.

BUG=564331

Review URL: https://codereview.chromium.org/1485363002

Cr-Commit-Position: refs/heads/master@{#362675}
philipj
Sync the HTMLTableElement return types with the spec
https://html.spec.whatwg.org/#the-table-element

Changed in https://github.com/whatwg/html/pull/363

BUG=460722

Review URL: https://codereview.chromium.org/1486843002

Cr-Commit-Position: refs/heads/master@{#362665}
mstensho
It's not just the last column set that may need additional fragmentainer groups.
appendNewFragmentainerGroupIfNeeded() assumed that we were always dealing with
the last column set, but we need to use the column set that contains the
specified flow thread block offset. Moved hasFragmentainerGroupForColumnAt()
from LayoutMultiColumnFlowThread to LayoutMultiColumnSet and simplified the
code somewhat.

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1487083003

Cr-Commit-Position: refs/heads/master@{#362604}
davve
Split text related measurements from SVG1DOM counter
Create a SVG1DOMText UseCounter to measure all text related SVG DOM
functionality. The assumption we want to test is that the text related
SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1491573002

Cr-Commit-Position: refs/heads/master@{#362543}
mstensho
column-span:all in nested multicol requires re-insertion of fragmentainer groups.
A column set that follows a spanner will typically have an incorrect logical
top in the first layout pass (because the spanner hasn't been laid out yet). We
already have code in place to make sure that we re-lay out when we need to, but
we also need to delete and re-insert fragmentainer groups when this happens in
a nested fragmentation context.

If a column set gets a new logical top, it means that previously inserted
fragmentainer groups are now out of sync with reality, and have to be
re-inserted.

Remove the BalancedColumnHeightCalculation enum. There's no need for it
anymore, since picking calculation mode is now something we need to do for each
individual column set. m_tallestUnbreakableLogicalHeight is now reset in
resetColumnHeight() (that's where it ought to have been all along, anyway).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1489663003

Cr-Commit-Position: refs/heads/master@{#362492}
philipj
Drop [LegacyInterfaceTypeChecking] for PagePopupController
This is an internal API, used only by web/resources/listPicker.js,
where document is passed as an argument, which is not null.

BUG=561338

Review URL: https://codereview.chromium.org/1485123002

Cr-Commit-Position: refs/heads/master@{#362479}
philipj
Make init*Event() arguments nullable where appropriate
Because these methods have [LegacyInterfaceTypeChecking], this does not
change the generated code, but it will limit the impact of dropping
[LegacyInterfaceTypeChecking].

Only initKeyboardEvent() appears to have a spec:
https://w3c.github.io/uievents/#idl-interface-KeyboardEvent-initializers

For the others, the nullability matches that of the *Event member.

BUG=561338
R=rbyers@chromium.org

Review URL: https://codereview.chromium.org/1488803002

Cr-Commit-Position: refs/heads/master@{#362470}
wdzierzanowski
Allow multiple OnMoreData() calls in WASAPIAudioOutputStreamTest.ValidPacketSize
Follow up on https://codereview.chromium.org/1318933003/ and allow
OnMoreData() to be called more than once in the test.

BUG=524947
TEST=WASAPIAudioOutputStreamTest.ValidPacketSize passes

Review URL: https://codereview.chromium.org/1487733003

Cr-Commit-Position: refs/heads/master@{#362439}
rune
Invalidate visited state changes for svg links.
SVGAElement only caused :link/:visited recalcs when it became a link or
stopped being so. Now recalculate style whenever href changes in case the
:visited/:link state changes. Also use style invalidation instead of
SubtreeStyleChange, as the latter entails sibling forest recalc in case
we have adjacent combinators.

R=fs@opera.com
BUG=563485,557440

Review URL: https://codereview.chromium.org/1484083005

Cr-Commit-Position: refs/heads/master@{#362425}
philipj
Drop [LegacyInterfaceTypeChecking] for the MIDI API
The added exception in the generated code is unreachable and thus
untestable, because there are two send() methods and the one changed
is only taken if the argument is of the correct type.

There are no internal calls where data could be null.

BUG=561338

Review URL: https://codereview.chromium.org/1485443002

Cr-Commit-Position: refs/heads/master@{#362392}
tmoniuszko
Fix resource-related issues in views_unittests
Make sure ui_test.pak file is available for views_unittests.

Also make views_unittests independent from chrome locale pak files by replacing l10n_util::GetApplicationLocale() with base::i18n::GetConfiguredLocale() for tests. The first function needs chrome locale pak files to exist or it returns empty locale string.

BUG=

TEST=Remove all output files. Build only views_unittests. Run views_unittests.

Review URL: https://codereview.chromium.org/1464503002

Cr-Commit-Position: refs/heads/master@{#362370}
sigbjornf
Oilpan: fix build after r362358.
HashSet<String> is not an Oilpan heap object collection, hence no tracing
needed.

TBR=oilpan-reviews
BUG=447083
NOTRY=true

Review URL: https://codereview.chromium.org/1486883003

Cr-Commit-Position: refs/heads/master@{#362366}
davve
Less type conversion for NinePieceImage painting
Avoid float -> int -> float conversion when passing through the
GraphicsContext layer, the ints are immediately converted back to
floats anyway in GraphicsContext::drawTiledImage().

No functional change expected as along as the position of the
NinePieceGrid is pixel-aligned, but bug is 66498 moving along and will
enable sub-pixel positioning of the background image geometries.

BUG=561519

Review URL: https://codereview.chromium.org/1478283002

Cr-Commit-Position: refs/heads/master@{#362350}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in Web Audio
Also drop redundant [RaisesException] in a few places.

BUG=561338

Review URL: https://codereview.chromium.org/1481793002

Cr-Commit-Position: refs/heads/master@{#362282}
philipj
Drop [LegacyInterfaceTypeChecking] for the Crypto API
BUG=561338

Review URL: https://codereview.chromium.org/1480063002

Cr-Commit-Position: refs/heads/master@{#362247}
philipj
Import web-platform-tests@7dda9a13574b33d55a73e995e3d1f1fbd4da0f2b
Using update-w3c-deps in Blink 2599bb8937ac95bf0f447960b4e61464aa640e49.

R=dpranke@chromium.org

Review URL: https://codereview.chromium.org/1483983003

Cr-Commit-Position: refs/heads/master@{#362222}
philipj
Drop [LegacyInterfaceTypeChecking] for EventTarget's dispatchEvent()
This changes the exception for InvalidStateError to TypeError, which is
per spec and what Gecko does. IE and Safari throw a generic Error.

BUG=561338

Review URL: https://codereview.chromium.org/1479063003

Cr-Commit-Position: refs/heads/master@{#362153}
rune
Use LocalStyleChange for element cursor changes in SVG.
Propagating the change to the computed cursor property value through
inheritance is handled correctly when using LocalStyleChange. No need to
force a recalc of the whole subtree.

This is part of making sure non of our SubtreeStyleChanges rely on sibling
tree invalidations, and removing unnecessary use of SubtreeStyleChange, so
that we can make SubtreeStyleChange mean subtree only, and not have to
consider the sibling forest.

R=fs@opera.com
BUG=557440

Review URL: https://codereview.chromium.org/1488603002

Cr-Commit-Position: refs/heads/master@{#362140}
sigbjornf
Oilpan: improve adopt{Ref,Ptr}WillBeNoop(T*) static asserts.
R=haraken
BUG=420515

Review URL: https://codereview.chromium.org/1487603002

Cr-Commit-Position: refs/heads/master@{#362138}
philipj
Drop the [Immutable] IDL extended attribute (it is a no-op)
It was only used for WebKitCSSMatrix, and the proposed spec for that
does not use [Immutable]:
https://compat.spec.whatwg.org/#webkitcssmatrix-interface

Review URL: https://codereview.chromium.org/1485643002

Cr-Commit-Position: refs/heads/master@{#362137}
sigbjornf
GC plugin: have -Werror issue errors for inputs having only warnings.
If a translation unit contains only warnings, the GC plugin will issue
a warning diagnostic along with details/notes of the warnings encountered.

Have that warning be under the control of -Werror; the reason for not
having it as such up until now is that warnings have been far too plentiful
for the Blink codebase. This is no longer the case.

R=haraken,yutak,thakis
BUG=

Review URL: https://codereview.chromium.org/1481523005

Cr-Commit-Position: refs/heads/master@{#362128}
davve
Drop dependency on LayoutObject in fetch/
Move out code from ImageResource depending on LayoutObject. Instead
request pre-caching explictly at the three places that currently has
reason for doing so.

The pre-caching itself is moved to BitmapImage and made part of
Image::currentFrameKnownToBeOpaque as a special metadata mode.

BUG=559131

Review URL: https://codereview.chromium.org/1482953002

Cr-Commit-Position: refs/heads/master@{#362127}
sigbjornf
DocumentMarkerControllerTest: drop unnecessary caching of Document reference.
Tidying; no need to use a strong reference to the page's document here.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1488543002

Cr-Commit-Position: refs/heads/master@{#362125}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in core/
These are cases where passing null to the implementation would already
throw an exception, and so letting the bindings code do it is cleaner.
In a few cases this means that the implementation no longer throws any
exceptions.

For each method affected, it was verified using cs.chromium.org that
there are no internal calls where nullptr could be passed, the only
calls are from bindings.

BUG=561338

Review URL: https://codereview.chromium.org/1481983002

Cr-Commit-Position: refs/heads/master@{#362117}
sigbjornf
Oilpan: fix build after r362110.
TBR=oilpan-reviews
BUG=562986
NOTRY=true

Review URL: https://codereview.chromium.org/1480303003

Cr-Commit-Position: refs/heads/master@{#362113}
sigbjornf
Revert of "[sql] Remove part of WebDatabase SQLite patch." (patchset #1 of https://codereview.chromium.org/1473963002 )
Reason for revert:

Unfortunately, this seems to have introduced flaky shutdown crashes on storage/websql/open-database-creation-callback.html across bots,

 http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=storage%2Fwebsql%2Fopen-database-creation-callback.html

 http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Trusty/builds/5769

Original issue's description:
> [sql] Remove part of WebDatabase SQLite patch.
>
> findReusableFd() calls stat() on the filename to determine the inode
> and device to figure out if a previously-closed file descriptor can be
> reused.  Since WebDatabase file names are resolved by the browser,
> this stat() can never succeed in the renderer, thus there is no point
> to calling the function.
>
> This SQLite code path is an optimization to reduce close/open churn,
> it is not necessary for correct operation.
>
> BUG=none
>
> Review URL: https://codereview.chromium.org/1473963002
> Cr-Commit-Position: refs/heads/master@{#361825}

TBR=shess@chromium.org,michaeln@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1485603003

Cr-Commit-Position: refs/heads/master@{#362112}
sigbjornf
Oilpan: initialize stack allocated raw pointers following r362079.
TBR=oilpan-reviews
BUG=499780
NOTRY=true

Review URL: https://codereview.chromium.org/1481423002

Cr-Commit-Position: refs/heads/master@{#362109}
davve
Split shape related measurements from SVG1DOM counter
Create a SVG1DOMShapes UseCounter to measure all shape/graphics
element related SVG DOM functionality. The assumption we want to test
is that the shape related SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1479863003

Cr-Commit-Position: refs/heads/master@{#362107}
rune
No need for SubtreeStyleChange for results attribute change.
The results attribute change causes appearance changes when changing
between negative and non-negative values. That is currently handled by a
lazyReattachIfAttached. The following SubtreeStyleChange should not have
an effect in that case.

The reattach condition was changed to not include the change between
different negative values.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1483543003

Cr-Commit-Position: refs/heads/master@{#362077}
rune
Removed unnecessary SubtreeStyleChange for incrementalAttr.
Changing the incremental attribute on input type=search does not affect
style unless there are attribute selectors for it which will be handled
other places.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1478953004

Cr-Commit-Position: refs/heads/master@{#362076}
sigbjornf
Remove mojo unit tests from WebKit Linux Oilpan bot
No need to test these for the time being.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1481323002

Cr-Commit-Position: refs/heads/master@{#362068}
sigbjornf
Remove window_manager_unittests from WebKit Linux Oilpan bot
Another unknown.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1481293002

Cr-Commit-Position: refs/heads/master@{#362058}
sigbjornf
Remove unknown unit tests targets from WebKit Linux Oilpan bot
Follow up on r362053 and remove some other unknown unittests targets
for this bot.

BUG=
TBR=haraken
NOTRY=true

Review URL: https://codereview.chromium.org/1474413002

Cr-Commit-Position: refs/heads/master@{#362056}
philipj
Drop [LegacyInterfaceTypeChecking] where trivial in WebRTC
The extra type checking in the bindings of the MediaStream constructor
and RTCDataChannel's send() methods is actually not observable, because
there is type testing to determine which override to use that makes sure
those code paths aren't reached if the types aren't correct.

For each method affected, it was verified using cs.chromium.org that
there are no internal calls where nullptr could be passed, the only
calls were from bindings an unit tests.

BUG=561338

Review URL: https://codereview.chromium.org/1480953002

Cr-Commit-Position: refs/heads/master@{#362024}
philipj
Drop [LegacyInterfaceTypeChecking] for APIs that are not enabled by default
These are all on interfaces or members that are [RuntimeEnabled=*] for
a feature that is status=experimental or status=test.

An existing contextMenu test was updated, but for the other APIs there
was no test coverage, and it would be overkill to test that the bindings
generator is working for every new feature going forward.

BUG=561338

Review URL: https://codereview.chromium.org/1476153002

Cr-Commit-Position: refs/heads/master@{#362005}
davve
Count usage of #svgView(...) and plain SVG <view> targets
BUG=562099

Review URL: https://codereview.chromium.org/1471963007

Cr-Commit-Position: refs/heads/master@{#361993}
davve
Clean up border-image-style-none.html layout test
BUG=356802

Review URL: https://codereview.chromium.org/1476423002

Cr-Commit-Position: refs/heads/master@{#361991}
fs
Drop PathParsingMode argument to buildStringFromByteStream
Just always produce a String with whatever format the input is.

Also cleanup some related code, and expose SVGPath from SVGPathElement
rather than the SVGPathByteStream.

BUG=467592

Review URL: https://codereview.chromium.org/1476283002

Cr-Commit-Position: refs/heads/master@{#361988}
davve
Add render-side manager for MediaSession
RendererMediaSessionManager is responsible for storing all
user-created media sessions and keeping track for id allocation for
those.

BUG=497735

Review URL: https://codereview.chromium.org/1436243002

Cr-Commit-Position: refs/heads/master@{#361973}
davve
Split paint server related measurements from SVG1DOM counter
Create a SVG1DOMPaintServer UseCounter to measure all paint server
related SVG DOM functionality. The assumption we want to test is that
the paint server related SVG DOM has really low usage.

BUG=415074

Review URL: https://codereview.chromium.org/1476093004

Cr-Commit-Position: refs/heads/master@{#361963}
philipj
Add a use counter for Attr.prototype.cloneNode()
This is being measured as requested in a spec discussion:
https://github.com/whatwg/dom/issues/102#issuecomment-158833267

To avoid making a observable change to Attr.prototype, measure this
internally. This risks including internal uses, but there appear to be
none. All calls were checked and they seem to be for either parent or
child nodes of some kind, and Attr cannot be a parent or child.

Also, a deprecation message was added to see if it would be triggered
unexpectedly on any tests, but it was only emitted for tests that
actually clone attributes, as expected.

Drive-by: Drop an unused ShadowRoot::cloneNode() that was missed in
https://codereview.chromium.org/1482433003

BUG=305105

Review URL: https://codereview.chromium.org/1474083002

Cr-Commit-Position: refs/heads/master@{#361932}
fs
XP baselines refresh after crrev.com/361886
Did not quite pick everything up on the first attempt.

TBR=fmalita@chromium.org
NOTRY=true
BUG=467592

Review URL: https://codereview.chromium.org/1480923002

Cr-Commit-Position: refs/heads/master@{#361893}
davve
Rename imageSizeForLayoutObject() to imageSize()
No need to pass the layout object anymore. It only uses the layout
object for knowing whether to respect image orientation or not. We
might as well pass that explicitly.

BUG=559131

Review URL: https://codereview.chromium.org/1468023002

Cr-Commit-Position: refs/heads/master@{#361892}
fs
Restore TestExpectations rules disabled by crrev.com/361873
TBR=fmalita@chromium.org
NOTRY=true
BUG=467592

Review URL: https://codereview.chromium.org/1477193002

Cr-Commit-Position: refs/heads/master@{#361888}
sigbjornf
Sync OilpanExpectations for plugin tests.
Three plugin tests that no longer time out on the Mac
Oilpan bot -- last two having already been removed
(https://codereview.chromium.org/1319473007) as tests.

R=haraken
BUG=515250
NOTRY=true

Review URL: https://codereview.chromium.org/1479833002

Cr-Commit-Position: refs/heads/master@{#361882}
fs
Stop normalizing path data for layout tree text output
BUG=467592

Review URL: https://codereview.chromium.org/1476523002

Cr-Commit-Position: refs/heads/master@{#361873}
rune
Clear link element sheet before clearing ownerNode.
clearOwnerNode synchronously updates the list of active stylesheets, and
if the m_sheet member of HTMLLinkElement is set, it is considered to be
an active stylesheet. If it is later added to the StyleResolver, it will
crash when ownerNode and ownerDocument are null.

This was already fixed a long time ago for StyleElement in [1].

[1] https://codereview.chromium.org/13508006

R=dstockwell@chromium.org
BUG=426959

Review URL: https://codereview.chromium.org/1472243004

Cr-Commit-Position: refs/heads/master@{#361867}
philipj
Sync cloneNode() IDL with the spec
All internal callers pass an argument, so the default value can be in
the IDL only.

BUG=460722

Review URL: https://codereview.chromium.org/1482433003

Cr-Commit-Position: refs/heads/master@{#361856}
sigbjornf
Oilpan: tidy up unsafe heap pointer reference following r361300.
R=dcheng
BUG=

Review URL: https://codereview.chromium.org/1482493002

Cr-Commit-Position: refs/heads/master@{#361852}
sigbjornf
Oilpan: fix build after r361838.
TBR=oilpan-reviews, dcheng
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1478073002

Cr-Commit-Position: refs/heads/master@{#361843}
mstensho
Jump to the next outer column when an inner column is too short.
If an inner multicol ends up near the bottom in a column in an outer multicol
container, we get inner columns that are shorter in the first row than in
subsequent rows. In such cases it may be necessary to break past all inner
columns in the first row, so that we push the content all the way to the next
row (and thus to the next outer column), in order to fit unbreakable content
(such as lines or unbreakable blocks).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1472053002

Cr-Commit-Position: refs/heads/master@{#361769}
mstensho
Document early bail in contentWasLaidOut() better.
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1476773002

Cr-Commit-Position: refs/heads/master@{#361717}
sigbjornf
Oilpan: hide persisted plugin object before disposing.
When clearing out the persisted plugin object, hide the object before
going ahead with the disposal. This mirrors what will happen non-Oilpan.

R=haraken
BUG=561473

Review URL: https://codereview.chromium.org/1475023002

Cr-Commit-Position: refs/heads/master@{#361665}
sigbjornf
If Oilpan is enabled, warn of raw heap pointer fields by default.
It is unsafe to keep fields with raw pointers into the Oilpan heap, as
such untraced references risk going stale. With potentially undesirable
consequences.

Now that we've addressed and handled all such untraced references as part
of Blink's transition to Oilpan, it is time to enable the clang GC plugin
warning for such raw pointer uses.

It shouldn't represent a major imposition to developers to handle such
raw pointer uses correctly, but for now we will only emit a warning and
not an error.

R=haraken
BUG=515524

Review URL: https://codereview.chromium.org/1464293002

Cr-Commit-Position: refs/heads/master@{#361656}
lstorset
Earlier, the script looked for dirs named 'out' or 'out_*'.
Recently it started looking for 'out' following by an alphanumeric word
boundary. Python considers underscores as alphanumeric, so this
unfortunately broke the 'out_*' pattern.

BUG=

Review URL: https://codereview.chromium.org/1469023002

Cr-Commit-Position: refs/heads/master@{#361655}
philipj
update-w3c-deps import using blink 5636fefe1d743cc2a8af65f78eaeed4b98f0012b:
imported csswg-test@7cfea4d5ba33861b0b1a6839c27090bc504a169f
imported web-platform-tests@5f8361dcef1a7c80b61d6319f7b510fa431f9a47

R=dpranke@chromium.org,kojii@chromium.org

Review URL: https://codereview.chromium.org/1471763006

Cr-Commit-Position: refs/heads/master@{#361653}
sigbjornf
Oilpan: fix build after r361631.
TBR=oilpan-reviews
BUG=554293
NOTRY=true

Review URL: https://codereview.chromium.org/1476803002

Cr-Commit-Position: refs/heads/master@{#361642}
davve
Avoid RefPtr churn
This is a speculative fix for 560890, but seems like it might be a
good idea anyway. We have a reference to the thing having a
reference. No need to add another reference on top of that.

In the process drop a null check in StyleFetchedImageSet::image(),
ImageResource::image always returns an Image object. If nothing else
the Image::nullImage().

BUG=560890

Review URL: https://codereview.chromium.org/1472253003

Cr-Commit-Position: refs/heads/master@{#361640}
sigbjornf
Split up leak detector into two stages for better leak reporting.
The leak detector clears out resources along with issuing a sequence of GCs
before taking object census. It then counting up resources that are left and
reporting these as leaking.

With Oilpan enabled, RenderViewTest needs to carefully orchestrate its shutdown
to reliably not report the frame(s) attached to the view as leaking. (With Oilpan
enabled, frames will delayed'ly release resources upon frame close()ing requiring
a follow-on GC to clear out those resources.)

Accommodate that by splitting out the leak detector into two -- with RenderViewTest
injecting the clearing of its view in between those.

R=haraken, jochen, hajimehoshi
BUG=561293

Review URL: https://codereview.chromium.org/1472943004

Cr-Commit-Position: refs/heads/master@{#361638}
mstensho
Add myself to third_party/WebKit/LayoutTests/printing/ WATCHLIST
TBR=leviw@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1479533002

Cr-Commit-Position: refs/heads/master@{#361632}
rune
Use invalidation sets for :in-range and :out-of-range.
Gets rid of a SubtreeStyleChange which relies on sibling tree recalcs.

The changes in expectations for video-mute-repaint.html and
video-unmute-repaint.html are due to the following facts:

* We used to do SubtreeStyleChange for an input whose value changed.
* The video controls have input elements in the UA shadow which are
  modified when the volume is changed.
* Doing the recalc of the input means calling Element::recalcStyle on the
  ancestor chain, which includes the video element, just to reach the
  descendants which need to be recalculated.
* HTMLMediaElement has a didRecalcStyle, which will call updateFromElement
  for LayoutVideo, which in turn does an unconditional
  setShouldDoFullPaintInvalidation.
* Since the whole SubtreeStyleChange -> recalc is gone for the mentioned
  tests, the paint invalidation for LayoutVideo is gone, hence the test
  expectation changes.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1469183003

Cr-Commit-Position: refs/heads/master@{#361601}
philipj
Make [TypeChecking=Interface] the default
Add [LegacyInterfaceTypeChecking] as needed to ensure that there are no
changes to the generated code. It was added to the members wherever
possible, but in a few cases it was necessary to keep at the interface
level. In all but one of these are cases it is because the constructor
would otherwise change. The remaining case is FontFaceSet, where
setlike<FontFace> results in generated has(), add() and delete() methods
which would otherwise change.

90 instances of [LegacyInterfaceTypeChecking] were added, and 206
instances of [TypeChecking=Interface] were removed, in source/ and
modules/ combined.

In bindings/tests/, most tests that were previously for
[TypeChecking=Interface] were changed to instead test
[LegacyInterfaceTypeChecking], as that is now the special case.

BUG=462561

Review URL: https://codereview.chromium.org/1466563003

Cr-Commit-Position: refs/heads/master@{#361599}
mstensho
Look inside inner nested multicols to calculate minimum space shortage.
This is needed in order to make sure that the column balancer gives us as short
outer columns as possible. Otherwise we risk not finding the absolute minimum
space shortage (and thus over-stretch) (or, even worse, not be able to find any
shortage at all).

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1471403002

Cr-Commit-Position: refs/heads/master@{#361501}
davve
Add note about sysroot not working with icecc
Or is it the other way around...

Review URL: https://codereview.chromium.org/1477433002

Cr-Commit-Position: refs/heads/master@{#361389}
fs
Introduce SVGPathQuery to hold SVG path query methods
Rename SVGPathTraversalStateBuilder.{cpp,h} to SVGPathQuery.{cpp,h}, and
similarly rename the class itself. Move the query methods in
SVGPathUtilities (getSVGPathSegAtLengthFromSVGPathByteStream,
getTotalLengthOfSVGPathByteStream, getPointAtLengthOfSVGPathByteStream)
to that class, shortening their names in the process.
Open-code the SVGPathParser driver to allow the general SVGPathConsumer
interface to be simplified - incrementPathSegmentCount and
continueConsuming are only used for path queries.

BUG=467592

Review URL: https://codereview.chromium.org/1471943003

Cr-Commit-Position: refs/heads/master@{#361351}
philipj
Sync the URL constructor with the spec
https://url.spec.whatwg.org/#api

This changes the generated code, but ought not be observable, as any
call to `new URL(x, urlObject)` will now instead behaves as
`new URL(x, urlObject.toString())`.

BUG=460722

Review URL: https://codereview.chromium.org/1464133002

Cr-Commit-Position: refs/heads/master@{#361342}
fs
SVGPathUtilities tidying
Rename buildSVGPathByteStreamFromString to buildByteStreamFromString to
be more consistent with other functions (buildStringFromByteStream and
buildPathFromByteStream). Also drop the PathParsingMode argument, since
it's always UnalteredParsing (and it's unlikely we'll need to build
normalized byte streams ATM.)

Make buildStringFromByteStream return the resulting String instead of
using an out-parameter. Tidies up call-sites and makes for slightly
smaller code.

BUG=467592

Review URL: https://codereview.chromium.org/1469323002

Cr-Commit-Position: refs/heads/master@{#361338}
philipj
Add [TypeChecking=Interface] to the V8Path2D interface
This affects the generated code of the constructor, which will now throw
a TypeError if "parameter 1 is not of type 'Path2D'."

However, this code path is unreachable, because there's a type check
(V8Path2D::hasInstance()) to determine that this form of the constructor
should be used.

Promoting [TypeChecking=Interface] to the interface level will make it
possible to make [TypeChecking=Interface] the default without changing
the generated code for this interface.

BUG=462561

Review URL: https://codereview.chromium.org/1471563002

Cr-Commit-Position: refs/heads/master@{#361317}
philipj
Make addEventListener/removeEventListener arguments non-optional
Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/3rsQQJvhY8k/P2cAFq3hAwAJ

BUG=353484

Review URL: https://codereview.chromium.org/1461993002

Cr-Commit-Position: refs/heads/master@{#361316}
mstensho
Record space shortage that prevented an object from fitting in one column.
The breakability of the object doesn't matter here. The space shortage that
prevented an object from fitting in one column may very well be the lowest
space shortage that we'll ever find. So always record it, to avoid
over-stretching columns.

BUG=559133
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1465193002

Cr-Commit-Position: refs/heads/master@{#361232}
philipj
Remove AttributeCollection's findIndex(Attr*) by using QualifiedName
The internal Attribute and AttributeCollection need not know anything
about the web-exposed Attr.

Since Attr::qualifiedName() is not just a trivial getter, calling that
outside of the loop is probably a good idea anyway.

Review URL: https://codereview.chromium.org/1467143004

Cr-Commit-Position: refs/heads/master@{#361221}
fs
Expose the SVG path normalizer in SVGPathParser.h
Rename the internal NormalizingConsumer to SVGPathNormalizer and move
the class declaration to SVGPathParser.h. This will allow simplifying
the "path processor" (SVGPathParser) a bit in later CLs.
Also modify the normalizer so that it normalizes into a new
PathSegmentData, to make it more "stackable" and reusable.

BUG=467592

Review URL: https://codereview.chromium.org/1472853005

Cr-Commit-Position: refs/heads/master@{#361199}
davve
Split filter related measurements from SVG1DOM counter
Create a SVG1DOMFilter UseCounter to measure all filter related SVG
DOM functionality. The assumption we want to test is that the filter
related SVG DOM has really low usage.

From a quick test it would shave off 90kb of the binary if we could
remove it. That's only counting binding code and there is a good
chance number-optional-number related functionality can be removed
too, if these interfaces can be removed.

BUG=415074

Review URL: https://codereview.chromium.org/1472773002

Cr-Commit-Position: refs/heads/master@{#361181}
sigbjornf
Enable webaudio unit tests iff ENABLE(WEB_AUDIO).
R=tkent
BUG=

Review URL: https://codereview.chromium.org/1470873002

Cr-Commit-Position: refs/heads/master@{#361171}
fs
SVGPath object "mutability" cleanup
Move addToSVGPathByteStream to SVGPath.cpp (the only place using it),
rename it to addPathByteStreams. Move the "regular" blending out into a
helper(blendPathByteStreams), and eliminate the redundant copy. Make the
functions more "functional" (return the result.)

Add a (private) setter for byte-stream data and use that to ensure
invalidation of the cached path. Also add an SVGPath::create(...)
accepting a SVGPathByteStream and use that in PathSVGInterpolation.

Inline mutableByteStream into the remaining user.

Review URL: https://codereview.chromium.org/1460253002

Cr-Commit-Position: refs/heads/master@{#361128}
rune
Remove extraneous SubtreeStyleChange for min/maxlength changes.
Validation already takes care of :valid/:invalid changes through
invalidation sets. This reduces the number of elements being recalculated
and gets rid of a SubtreeStyleChange which relies on sibling tree recalcs.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1458363003

Cr-Commit-Position: refs/heads/master@{#361123}
rune
Use invalidation sets for visited link updates.
We did use invalidation sets when adding/removing href from an anchor tag,
while the code that notifies that the visited state of a given url has
changed, use SubtreeStyleChange. This change gets rid of SubtreeStyleChange
which relies on sibling tree recalcs.

R=tkent@chromium.org
BUG=557440

Review URL: https://codereview.chromium.org/1459063004

Cr-Commit-Position: refs/heads/master@{#361121}
davve
Update comments regarding image caching
While attempting to remove the layoutObject parameter the following
observations were made:

 * The decoding forced by BitmapImage::imageForCurrentFrame will be
   deferred so the comment in the header may be removed.

 * BitmapImage::currentFrameKnownToBeOpaque() conservatively returns
   false for uncached images, not true.

 * Since decoding is deferred, there is no guarantee that the
   opaqueness metadata is available after the imageForCurrentFrame
   call has returned. It may increase the chance though, depending on
   image decoder for the particular image.

NOTRY=true
BUG=559131

Review URL: https://codereview.chromium.org/1454373005

Cr-Commit-Position: refs/heads/master@{#361094}
mstensho
Add marginBeforeIfFloating() to LayoutBlockFlow.
Floats' margins need special attention for pagination, because they are not to
be eaten by page or column boundaries.

Clamp strut to >= 0 in LayoutBlockFlow::setPaginationStrutPropagatedFromChild()
instead of doing it (poorly) in calculateStrutForPropagation().

Removed calculateStrutForPropagation(), because there was hardly anything left
there now (and this lets us make marginBeforeIfFloating() private). This
function also turned out not to be universally usable, since we were already
calculating the strut on our own in adjustLinePositionForPagination() in one
case.

R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1460203003

Cr-Commit-Position: refs/heads/master@{#361084}
mstensho
When balancing columns, we must check inner multicols for unbreakable content.
No multicol container should suggest to initially use a column height less than
the height of the tallest piece of unbreakable content inside.

TL;DR some related cleanup.

Introduce the term tallestUnbreakableLogicalHeight in favor of
minimumColumnLogicalHeight, as the latter could easily be confused with initial
column height; the height found by InitialColumnHeightFinder, which is also
sometimes referred to as initial minimal column height. Furthermore, there's
already a concept of *maximum* column logical height in fragmentainer groups,
which is derived from such things as CSS max-height. Since max-height actually
trumps the height of the tallest piece of unbreakable content in multicol
(while in CSS, min-height wins over max-height), it was just too confusing to
keep using "minimum column height" for this.

This change also makes it necessary to modify the containing column set when
calculating the initial column height for fragmentainer groups, so this part
kind of had to be moved from the const method calculateColumnHeight(). There
was already code that walked around that method when calculating the column
height, so being even more of a misnomer than before, it was renamed to
rebalanceColumnHeightIfNeeded().

BUG=447718
R=leviw@chromium.org

Review URL: https://codereview.chromium.org/1461923005

Cr-Commit-Position: refs/heads/master@{#361082}
sigbjornf
Add unit test for non-leftmost GC mixin instance.
Verify that deriving from a USING_GARBAGE_COLLECTED_MIXIN() annotated
class is traced as expected.

R=haraken
BUG=

Review URL: https://codereview.chromium.org/1465083002

Cr-Commit-Position: refs/heads/master@{#361072}
sigbjornf
Oilpan: move BaseChooserOnlyDateAndTimeInputType to the heap.
Move this !ENABLE(INPUT_MULTIPLE_FIELDS_UI) object to the Oilpan heap,
where it belongs as it derives from the on-heap BaseDateAndTimeInputType
class.

At the same time, turn DateTimeChooserClient into a GC mixin.

R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1466113002

Cr-Commit-Position: refs/heads/master@{#361071}
sigbjornf
Oilpan: trace ColorChooserPopupUIController::m_chromeClient
R=haraken
BUG=553613

Review URL: https://codereview.chromium.org/1442543003

Cr-Commit-Position: refs/heads/master@{#361043}
philipj
Remove another trace of [TypeChecking=Unrestricted]
This was overlooked in https://codereview.chromium.org/971783002

BUG=354298
R=jl@opera.com

Review URL: https://codereview.chromium.org/1465003002

Cr-Commit-Position: refs/heads/master@{#361042}
sigbjornf
More regular Platform implementations in unit tests (reland.)
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#361030}
davve
Simplify ImageResource::canRender()
Assume that neither image rotation nor scale can affect the image size
emptiness. This makes it easier to further simplify
imageSizeForLayoutObject later.

BUG=559131

Review URL: https://codereview.chromium.org/1463793002

Cr-Commit-Position: refs/heads/master@{#361025}
sigbjornf
More regular Platform implementations in unit tests.
R=haraken,jbroman
BUG=

Review URL: https://codereview.chromium.org/1456873003

Cr-Commit-Position: refs/heads/master@{#361019}
philipj
Add event name to bare removeEventListener(listener) calls
This mistake was possible because removeEventListener's arguments are
all optional, and these calls would throw exceptions if the argument
were non-optional.

Since these code paths supposedly current work, removing the event
listeners cannot be critical, but do it anyway as was originally
intended.

BUG=353484

Review URL: https://codereview.chromium.org/1463763002

Cr-Commit-Position: refs/heads/master@{#360949}
davve
Remove redundant IntrinsicSize argument
IntrinsicSize is the default. IntrinsicCorrectedToDPR is the uncommon
one. Leaving it out makes it obvious nothing special is requested
here, just the normal image size.

BUG=559131

Review URL: https://codereview.chromium.org/1468473002

Cr-Commit-Position: refs/heads/master@{#360893}