diff options
19 files changed, 58 insertions, 29 deletions
diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARM.cpp b/Source/JavaScriptCore/assembler/MacroAssemblerARM.cpp index 8f5a148f9..0264361b5 100644 --- a/Source/JavaScriptCore/assembler/MacroAssemblerARM.cpp +++ b/Source/JavaScriptCore/assembler/MacroAssemblerARM.cpp @@ -38,14 +38,6 @@ #include <elf.h> # if OS(ANDROID) && PLATFORM(QT) # include <asm/procinfo.h> -typedef struct -{ - uint32_t a_type; - union - { - uint32_t a_val; - } a_un; -} Elf32_auxv_t; # else # include <asm/hwcap.h> # endif diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp index 2ac79c7c9..ab2a5af98 100644 --- a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp +++ b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp @@ -1567,7 +1567,11 @@ bool AbstractState::executeEffects(unsigned indexInBlock, Node* node) case Nop: case CountExecution: break; - + + case Unreachable: + RELEASE_ASSERT_NOT_REACHED(); + break; + case LastNodeType: RELEASE_ASSERT_NOT_REACHED(); break; @@ -1778,11 +1782,10 @@ inline bool AbstractState::mergeToSuccessors(Graph& graph, BasicBlock* basicBloc } case Return: - case Throw: - case ThrowReferenceError: + case Unreachable: ASSERT(basicBlock->cfaBranchDirection == InvalidBranchDirection); return false; - + default: RELEASE_ASSERT_NOT_REACHED(); return false; diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.h b/Source/JavaScriptCore/dfg/DFGAbstractState.h index de1f17d1f..cbb213a6f 100644 --- a/Source/JavaScriptCore/dfg/DFGAbstractState.h +++ b/Source/JavaScriptCore/dfg/DFGAbstractState.h @@ -156,8 +156,7 @@ public: // basic blocks) interrogate the basic block's notion of the state at the head. // Stores to local variables are handled in endBasicBlock(). This returns true // if execution should continue past this node. Notably, it will return true - // for block terminals, so long as those terminals are not Return or variants - // of Throw. + // for block terminals, so long as those terminals are not Return or Unreachable. // // This is guaranteed to be equivalent to doing: // diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp index a76d5f250..c3e041c26 100644 --- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp +++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp @@ -3031,13 +3031,15 @@ bool ByteCodeParser::parseBlock(unsigned limit) LAST_OPCODE(op_end); case op_throw: - flushAllArgumentsAndCapturedVariablesInInlineStack(); addToGraph(Throw, get(currentInstruction[1].u.operand)); + flushAllArgumentsAndCapturedVariablesInInlineStack(); + addToGraph(Unreachable); LAST_OPCODE(op_throw); case op_throw_static_error: - flushAllArgumentsAndCapturedVariablesInInlineStack(); addToGraph(ThrowReferenceError); + flushAllArgumentsAndCapturedVariablesInInlineStack(); + addToGraph(Unreachable); LAST_OPCODE(op_throw_static_error); case op_call: diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp index ac2842322..ea201d73b 100644 --- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp @@ -873,6 +873,7 @@ private: case CountExecution: case ForceOSRExit: case CheckWatchdogTimer: + case Unreachable: break; #else default: diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h index f45d3fa68..28eccc07a 100644 --- a/Source/JavaScriptCore/dfg/DFGNode.h +++ b/Source/JavaScriptCore/dfg/DFGNode.h @@ -677,8 +677,7 @@ struct Node { case Jump: case Branch: case Return: - case Throw: - case ThrowReferenceError: + case Unreachable: return true; default: return false; diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h index 9039e3f5f..2a4707377 100644 --- a/Source/JavaScriptCore/dfg/DFGNodeType.h +++ b/Source/JavaScriptCore/dfg/DFGNodeType.h @@ -250,12 +250,15 @@ namespace JSC { namespace DFG { macro(NewFunction, NodeResultJS) \ macro(NewFunctionExpression, NodeResultJS) \ \ + /* These aren't terminals but always exit */ \ + macro(Throw, NodeMustGenerate) \ + macro(ThrowReferenceError, NodeMustGenerate) \ + \ /* Block terminals. */\ macro(Jump, NodeMustGenerate) \ macro(Branch, NodeMustGenerate) \ macro(Return, NodeMustGenerate) \ - macro(Throw, NodeMustGenerate) \ - macro(ThrowReferenceError, NodeMustGenerate) \ + macro(Unreachable, NodeMustGenerate) \ \ macro(GarbageValue, NodeResultJS | NodeClobbersWorld) \ \ diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp index 980e6b447..01a9e4e42 100644 --- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp @@ -539,6 +539,7 @@ private: case PutGlobalVar: case PutGlobalVarCheck: case CheckWatchdogTimer: + case Unreachable: break; // These gets ignored because it doesn't do anything. diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp index 5fc35cb73..871a59c2a 100644 --- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp +++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp @@ -4964,6 +4964,10 @@ void SpeculativeJIT::compile(Node* node) noResult(node); break; + case Unreachable: + RELEASE_ASSERT_NOT_REACHED(); + break; + case Nop: case LastNodeType: RELEASE_ASSERT_NOT_REACHED(); diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp index ab9da9732..fd3c2953c 100644 --- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp +++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp @@ -4791,6 +4791,10 @@ void SpeculativeJIT::compile(Node* node) // This is a no-op. noResult(node); break; + + case Unreachable: + RELEASE_ASSERT_NOT_REACHED(); + break; case Nop: RELEASE_ASSERT_NOT_REACHED(); diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h index 88545ab02..298bf4d9b 100644 --- a/Source/WTF/wtf/dtoa/utils.h +++ b/Source/WTF/wtf/dtoa/utils.h @@ -49,7 +49,7 @@ defined(__ARMEL__) || \ defined(_MIPS_ARCH_MIPS32R2) #define DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS 1 -#elif CPU(MIPS) || CPU(PPC) || CPU(PPC64) || OS(WINCE) || CPU(SH4) || CPU(S390) || CPU(S390X) || CPU(IA64) || CPU(SPARC) || CPU(ALPHA) || CPU(MIPS64) || CPU(AARCH64) +#elif CPU(MIPS) || CPU(PPC) || CPU(PPC64) || OS(WINCE) || CPU(SH4) || CPU(S390) || CPU(S390X) || CPU(IA64) || CPU(SPARC) || CPU(ALPHA) || CPU(MIPS64) || CPU(AARCH64) || CPU(HPPA) #define DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS 1 #elif defined(_M_IX86) || defined(__i386__) #if defined(_WIN32) diff --git a/Source/WebCore/css/CSSParser.cpp b/Source/WebCore/css/CSSParser.cpp index db00100ec..54fd5e238 100644 --- a/Source/WebCore/css/CSSParser.cpp +++ b/Source/WebCore/css/CSSParser.cpp @@ -1289,7 +1289,11 @@ PassRefPtr<CSSValueList> CSSParser::parseFontFaceValue(const AtomicString& strin RefPtr<MutableStylePropertySet> dummyStyle = MutableStylePropertySet::create(); if (!parseValue(dummyStyle.get(), CSSPropertyFontFamily, string, false, CSSQuirksMode, 0)) return 0; - return static_pointer_cast<CSSValueList>(dummyStyle->getPropertyCSSValue(CSSPropertyFontFamily)); + + RefPtr<CSSValue> fontFamily = dummyStyle->getPropertyCSSValue(CSSPropertyFontFamily); + if (!fontFamily->isValueList()) + return 0; // FIXME: "initial" and "inherit" should be parsed as font names in the face attribute. + return static_pointer_cast<CSSValueList>(fontFamily.release()); } #if ENABLE(CSS_VARIABLES) diff --git a/Source/WebCore/dom/DocumentOrderedMap.cpp b/Source/WebCore/dom/DocumentOrderedMap.cpp index 783c99b05..7530b99c6 100644 --- a/Source/WebCore/dom/DocumentOrderedMap.cpp +++ b/Source/WebCore/dom/DocumentOrderedMap.cpp @@ -107,6 +107,9 @@ void DocumentOrderedMap::remove(AtomicStringImpl* key, Element* element) m_map.checkConsistency(); Map::iterator it = m_map.find(key); ASSERT(it != m_map.end()); + if (it == m_map.end()) + return; + MapEntry& entry = it->value; ASSERT(entry.count); diff --git a/Source/WebCore/html/HTMLImageElement.cpp b/Source/WebCore/html/HTMLImageElement.cpp index 0dd581dfc..6dcd52989 100644 --- a/Source/WebCore/html/HTMLImageElement.cpp +++ b/Source/WebCore/html/HTMLImageElement.cpp @@ -204,12 +204,16 @@ Node::InsertionNotificationRequest HTMLImageElement::insertedInto(ContainerNode* } } + // Insert needs to complete first, before we start updating the loader. Loader dispatches events which could result + // in callbacks back to this node. + Node::InsertionNotificationRequest insertNotificationRequest = HTMLElement::insertedInto(insertionPoint); + // If we have been inserted from a renderer-less document, // our loader may have not fetched the image, so do it now. if (insertionPoint->inDocument() && !m_imageLoader.image()) m_imageLoader.updateFromElement(); - return HTMLElement::insertedInto(insertionPoint); + return insertNotificationRequest; } void HTMLImageElement::removedFrom(ContainerNode* insertionPoint) diff --git a/Source/WebCore/html/HTMLObjectElement.cpp b/Source/WebCore/html/HTMLObjectElement.cpp index 95c7953cc..272394001 100644 --- a/Source/WebCore/html/HTMLObjectElement.cpp +++ b/Source/WebCore/html/HTMLObjectElement.cpp @@ -81,6 +81,11 @@ RenderWidget* HTMLObjectElement::renderWidgetForJSBindings() const return renderPart(); // This will return 0 if the renderer is not a RenderPart. } +static bool isQtPluginServiceType(const String& serviceType) +{ + return equalIgnoringCase(serviceType, "application/x-qt-plugin") || equalIgnoringCase(serviceType, "application/x-qt-styled-widget"); +} + bool HTMLObjectElement::isPresentationAttribute(const QualifiedName& name) const { if (name == borderAttr) @@ -167,7 +172,7 @@ void HTMLObjectElement::parametersForPlugin(Vector<String>& paramNames, Vector<S paramValues.append(p->value()); // FIXME: url adjustment does not belong in this function. - if (url.isEmpty() && urlParameter.isEmpty() && (equalIgnoringCase(name, "src") || equalIgnoringCase(name, "movie") || equalIgnoringCase(name, "code") || equalIgnoringCase(name, "url"))) + if (url.isEmpty() && urlParameter.isEmpty() && !isQtPluginServiceType(serviceType) && (equalIgnoringCase(name, "src") || equalIgnoringCase(name, "movie") || equalIgnoringCase(name, "code") || equalIgnoringCase(name, "url"))) urlParameter = stripLeadingAndTrailingHTMLSpaces(p->value()); // FIXME: serviceType calculation does not belong in this function. if (serviceType.isEmpty() && equalIgnoringCase(name, "type")) { @@ -207,7 +212,7 @@ void HTMLObjectElement::parametersForPlugin(Vector<String>& paramNames, Vector<S // attribute, not by a param element. However, for compatibility, allow the // resource's URL to be given by a param named "src", "movie", "code" or "url" // if we know that resource points to a plug-in. - if (url.isEmpty() && !urlParameter.isEmpty()) { + if (url.isEmpty() && !urlParameter.isEmpty() && !isQtPluginServiceType(serviceType)) { SubframeLoader* loader = document()->frame()->loader()->subframeLoader(); if (loader->resourceWillUsePlugin(urlParameter, serviceType, shouldPreferPlugInsForImages())) url = urlParameter; @@ -257,7 +262,7 @@ bool HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk() bool HTMLObjectElement::hasValidClassId() { #if PLATFORM(QT) - if (equalIgnoringCase(serviceType(), "application/x-qt-plugin") || equalIgnoringCase(serviceType(), "application/x-qt-styled-widget")) + if (isQtPluginServiceType(serviceType())) return true; #endif diff --git a/Source/WebCore/loader/ImageLoader.cpp b/Source/WebCore/loader/ImageLoader.cpp index c9fc3a976..40a66ea01 100644 --- a/Source/WebCore/loader/ImageLoader.cpp +++ b/Source/WebCore/loader/ImageLoader.cpp @@ -212,8 +212,9 @@ void ImageLoader::updateFromElement() clearFailedLoadURL(); } else if (!attr.isNull()) { // Fire an error event if the url is empty. - // FIXME: Should we fire this event asynchronoulsy via errorEventSender()? - m_element->dispatchEvent(Event::create(eventNames().errorEvent, false, false)); + m_failedLoadURL = attr; + m_hasPendingErrorEvent = true; + errorEventSender().dispatchEventSoon(this); } CachedImage* oldImage = m_image.get(); diff --git a/Tools/qmake/mkspecs/features/unix/icc.prf b/Tools/qmake/mkspecs/features/icc.prf index e9bfddd1c..e9bfddd1c 100644 --- a/Tools/qmake/mkspecs/features/unix/icc.prf +++ b/Tools/qmake/mkspecs/features/icc.prf diff --git a/Tools/qmake/mkspecs/features/unix/default_post.prf b/Tools/qmake/mkspecs/features/unix/default_post.prf index 75df1c550..7a94845e9 100644 --- a/Tools/qmake/mkspecs/features/unix/default_post.prf +++ b/Tools/qmake/mkspecs/features/unix/default_post.prf @@ -4,6 +4,10 @@ # See 'Tools/qmake/README' for an overview of the build system # ------------------------------------------------------------------- +# Disable a few warnings. The same warnings are also disabled +# in WebKitLibraries/win/tools/vsprops/common.vsprops +intel_icc: load(icc) + # Use SSE2 floating point math on 32 bit instead of the default # 387 to make layout test results same on 32 and on 64 bit builds. # See https://bugs.webkit.org/show_bug.cgi?id=52810#c39 for details. diff --git a/Tools/qmake/mkspecs/features/win32/default_post.prf b/Tools/qmake/mkspecs/features/win32/default_post.prf index 8c8ac750b..e2567233f 100644 --- a/Tools/qmake/mkspecs/features/win32/default_post.prf +++ b/Tools/qmake/mkspecs/features/win32/default_post.prf @@ -15,7 +15,7 @@ mingw { # Disable a few warnings. The same warnings are also disabled # in WebKitLibraries/win/tools/vsprops/common.vsprops win32-msvc*|wince*: QMAKE_CXXFLAGS += -wd4291 -wd4344 -wd4396 -wd4503 -wd4800 -wd4819 -wd4996 -win32-icc: QMAKE_CXXFLAGS += -wd873 +intel_icl: load(icc) load(default_post) |