[webkit-changes] [WebKit/WebKit] a1e15e: Poisoned commit

WebKit-Jenner noreply at github.com
Tue May 14 12:26:09 PDT 2024


  Branch: refs/heads/safari-7618-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: a1e15ed692284362facc067e7e40d19fa6da72f3
      https://github.com/WebKit/WebKit/commit/a1e15ed692284362facc067e7e40d19fa6da72f3
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M metadata/poison.txt

  Log Message:
  -----------
  Poisoned commit

Unreviewed branch poisoning.

Insert revoked credential into repository to prevent
contributors from accidently publishing this branch
to their personal public forks.

* metadata/poison.txt: Add poison.

Canonical link: https://commits.webkit.org/272448.512@safari-7618-branch


  Commit: 8a057edb5b4e3947c6525977277ad59350fe4b0a
      https://github.com/WebKit/WebKit/commit/8a057edb5b4e3947c6525977277ad59350fe4b0a
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Tools/Scripts/filter-build-webkit

  Log Message:
  -----------
  Cherry-pick 274182 at main (22a7246fc4cd). rdar://122433123

    [ews-build.webkit.org] Filter out DVTAssertions messages
    https://bugs.webkit.org/show_bug.cgi?id=268872
    rdar://122433123

    Reviewed by Dewei Zhu.

    * Tools/CISupport/ews-build/steps.py:
    (CompileWebKit.start): Send stderr to stdout to be filtered by filter-build-webkit.
    * Tools/CISupport/ews-build/steps_unittest.py:
    * Tools/Scripts/filter-build-webkit:
    (shouldIgnoreLine): Ignore lines including 'DVTAssertions'.

    Canonical link: https://commits.webkit.org/274182@main

Canonical link: https://commits.webkit.org/272448.513@safari-7618-branch


  Commit: 221cd4e93ac5838e1973316a6332d42813a2356e
      https://github.com/WebKit/WebKit/commit/221cd4e93ac5838e1973316a6332d42813a2356e
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Tools/Scripts/filter-build-webkit

  Log Message:
  -----------
  Cherry-pick 274230 at main (bab059dadb4e). rdar://122475065

    [filter-build-webkit] Always flush stdout after printing
    https://bugs.webkit.org/show_bug.cgi?id=268922
    rdar://122475065

    Reviewed by Ryan Haddad and Elliott Williams.

    * Tools/Scripts/filter-build-webkit:
    (printLine): Unconditionally flush after printing a line.

    Canonical link: https://commits.webkit.org/274230@main

Canonical link: https://commits.webkit.org/272448.514@safari-7618-branch


  Commit: 08e36dd761e42aea744cc40aa79e8b983fd1151b
      https://github.com/WebKit/WebKit/commit/08e36dd761e42aea744cc40aa79e8b983fd1151b
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp

  Log Message:
  -----------
  Cherry-pick 4ca99197e0b7. rdar://122100786

    AX: legend-children-are-visible.html, link-inside-button-accessible-text.html, and text-alternative-calculation-from-unrendered-table.html crash in ITM due to missing AXObjectCache nullptr checks
    https://bugs.webkit.org/show_bug.cgi?id=268552
    rdar://problem/122100786

    Reviewed by Chris Fleizach.

    Add these missing nullptr checks, and improve smart pointer usage in adjacent code.

    * Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
    (WebCore::AccessibilityNodeObject::radioButtonGroup const):
    (WebCore::accessibleNameForNode):

    Canonical link: https://commits.webkit.org/273953@main

Canonical link: https://commits.webkit.org/272448.514@safari-7618.1.15-branch
Identifier: 272448.515 at safari-7618-branch


  Commit: 0c79bcf72d9fc2db81dd03677812b05da76fc9ce
      https://github.com/WebKit/WebKit/commit/0c79bcf72d9fc2db81dd03677812b05da76fc9ce
  Author: Andy Estes <aestes at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/SourcesCocoa.txt
    M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm
    M Source/WebKit/UIProcess/PageClient.h
    M Source/WebKit/UIProcess/ios/PageClientImplIOS.h
    M Source/WebKit/UIProcess/ios/PageClientImplIOS.mm
    M Source/WebKit/UIProcess/ios/WKContentView.h
    M Source/WebKit/UIProcess/ios/WKContentView.mm
    A Source/WebKit/UIProcess/ios/WKVisibilityPropagationView.h
    A Source/WebKit/UIProcess/ios/WKVisibilityPropagationView.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 7223f04262f1. rdar://121120961

    REGRESSION(ExtensionKit): Video stops playing on mlb.com when entering PiP
    https://bugs.webkit.org/show_bug.cgi?id=268532
    rdar://121120961

    Reviewed by Per Arne Vollan.

    Prior to managing WebKit auxiliary processes as extensions and enabling media capability grants,
    the iOS media system tracked the visibility of the WebKit host process by observing the foreground
    status of the app whose PID WebKit provided to AVSystemController via the
    AVSystemController_PIDToInheritAppStateFrom SPI. When a PiP window is visible on screen then the
    associated app and its WebContent and GPU processes are considered in the foreground and media
    playback is allowed by the system.

    Once WebKit started managing auxiliary processes as extensions we stopped using AVSystemController
    SPIs and relied instead on BrowserEngineKit visibility propagation interactions to propagate
    visibility from the host app to the WebContent and GPU extensions. Visibility propagation
    interactions were installed on the WKContentView, and so long as the content view was in a visible
    scene then the WebContent and GPU extensions would be considered visible by the media system.
    However, the PiP window is in a different scene and may be visible at times when the
    WKContentView's scene isn't. In these cases the WebContent and GPU extensions would not be
    considered visible, preventing media playback from continuing in the PiP window while the host app
    is in the backround.

    Resolved this by encapsulating the logic for creating visibility propagation interactions into a
    new UIView subclass (WKVisibilityPropagationView) that is added as a subview of WKContentViews and
    WKLayerHostViews (the latter only when in a fullscreen or PiP presentation mode). This ensures that
    WebContent and GPU extensions are considered visible whenever either of these views are in a visible
    scene. WKContentView keeps a weak set of all WKVisibilityPropagationViews and is responsible for
    creating and removing visibility propagation interactions as auxiliary processes launch and exit.

    * Source/WebKit/SourcesCocoa.txt:
    * Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm:
    (-[WKLayerHostView visibilityPropagationView]):
    (-[WKLayerHostView setVisibilityPropagationView:]):
    (WebKit::VideoPresentationManagerProxy::setupFullscreenWithID):
    (WebKit::VideoPresentationManagerProxy::didCleanupFullscreen):
    (WebKit::VideoPresentationManagerProxy::setVideoLayerFrame):
    * Source/WebKit/UIProcess/PageClient.h:
    (WebKit::PageClient::createVisibilityPropagationView):
    * Source/WebKit/UIProcess/ios/PageClientImplIOS.h:
    * Source/WebKit/UIProcess/ios/PageClientImplIOS.mm:
    (WebKit::PageClientImpl::createVisibilityPropagationView):
    * Source/WebKit/UIProcess/ios/WKContentView.h:
    * Source/WebKit/UIProcess/ios/WKContentView.mm:
    (-[WKContentView _commonInitializationWithProcessPool:configuration:]):
    (-[WKContentView _installVisibilityPropagationViews]):
    (-[WKContentView _setupVisibilityPropagationForWebProcess]):
    (-[WKContentView _setupVisibilityPropagationForGPUProcess]):
    (-[WKContentView _removeVisibilityPropagationViewForWebProcess]):
    (-[WKContentView _removeVisibilityPropagationViewForGPUProcess]):
    (-[WKContentView _didRelaunchProcess]):
    (-[WKContentView _webProcessDidCreateContextForVisibilityPropagation]):
    (-[WKContentView _gpuProcessDidCreateContextForVisibilityPropagation]):
    (-[WKContentView _createVisibilityPropagationView]):
    (-[WKContentView _setupVisibilityPropagationViewForWebProcess]): Deleted.
    (-[WKContentView _setupVisibilityPropagationViewForGPUProcess]): Deleted.
    * Source/WebKit/UIProcess/ios/WKVisibilityPropagationView.h: Added.
    * Source/WebKit/UIProcess/ios/WKVisibilityPropagationView.mm: Added.
    (-[WKVisibilityPropagationView propagateVisibilityToProcess:]):
    (-[WKVisibilityPropagationView stopPropagatingVisibilityToProcess:]):
    (-[WKVisibilityPropagationView _containsInteractionForProcess:]):
    * Source/WebKit/UIProcess/mac/WebViewImpl.mm:
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/274037@main

Canonical link: https://commits.webkit.org/272448.515@safari-7618.1.15-branch
Identifier: 272448.516 at safari-7618-branch


  Commit: 41b6750c57f787092a939431d1cc43cb10e54de2
      https://github.com/WebKit/WebKit/commit/41b6750c57f787092a939431d1cc43cb10e54de2
  Author: Erica Li <lerica at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M LayoutTests/platform/ios-wk2/TestExpectations

  Log Message:
  -----------
  Cherry-pick 5d81c0c6a572. rdar://121931010

    Sync rebaseline change to main: [iOS17]dynamic-childlist-002.html
    rdar://121931010
    https://bugs.webkit.org/show_bug.cgi?id=268382

    Reviewed by Anne van Kesteren.

    Unmark test expectation and rebaseline dynamic-childlist-002.html for ios-wk2.

    * LayoutTests/platform/ios-wk2/TestExpectations:
    * LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/html5-tree/dynamic-childlist-002-expected.txt:

    Canonical link: https://commits.webkit.org/273816@main

Canonical link: https://commits.webkit.org/272448.516@safari-7618.1.15-branch
Identifier: 272448.517 at safari-7618-branch


  Commit: f39ee95c69469982680b53c6188ebb9ace95ee12
      https://github.com/WebKit/WebKit/commit/f39ee95c69469982680b53c6188ebb9ace95ee12
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h
    M Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm

  Log Message:
  -----------
  Cherry-pick d29efacb92f3. rdar://122041538

    [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]
    https://bugs.webkit.org/show_bug.cgi?id=268492
    rdar://122041538

    Reviewed by Tim Horton.

    This is a speculative fix for crashes underneath `-actingParentScrollViewForScrollView:`, due to
    accessing (what is presumably) an invalid `ScrollingTreeScrollingNodeDelegateIOS` pointer. I wasn't
    able to discover repro steps for this crash; however, from source inspection, it's unsafe for
    `WKScrollingNodeScrollViewDelegate` to hold a raw pointer to `ScrollingTreeScrollingNodeDelegateIOS`,
    since the ObjC delegate may outlive its C++ counterpart if anything (in system frameworks like
    UIKit, or in WebKit itself) retains or autoreleases the ObjC delegate.

    To fix this, we turn the raw `ScrollingTreeScrollingNodeDelegateIOS*` into a `WeakPtr`, and then
    bail upon detecting a null `ScrollingTreeScrollingNodeDelegateIOS` delegate in various scroll view
    delegate method implementations in `WKScrollingNodeScrollViewDelegate`.

    * Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h:
    * Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm:
    (-[WKScrollingNodeScrollViewDelegate initWithScrollingTreeNodeDelegate:]):

    Also, make this initializer take a reference instead of a pointer, to make it clear that this can
    only be initialized with a non-null `ScrollingTreeScrollingNodeDelegateIOS`.

    (-[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:]):
    (-[WKScrollingNodeScrollViewDelegate scrollViewWillBeginDragging:]):
    (-[WKScrollingNodeScrollViewDelegate scrollViewWillEndDragging:withVelocity:targetContentOffset:]):
    (-[WKScrollingNodeScrollViewDelegate scrollViewDidEndDragging:willDecelerate:]):
    (-[WKScrollingNodeScrollViewDelegate scrollViewDidEndDecelerating:]):
    (-[WKScrollingNodeScrollViewDelegate scrollViewDidEndScrollingAnimation:]):
    (-[WKScrollingNodeScrollViewDelegate cancelPointersForGestureRecognizer:]):
    (-[WKScrollingNodeScrollViewDelegate axesToPreventScrollingForPanGestureInScrollView:]):
    (-[WKScrollingNodeScrollViewDelegate parentScrollViewForScrollView:]):
    (-[WKScrollingNodeScrollViewDelegate scrollView:handleScrollUpdate:completion:]):
    (WebKit::ScrollingTreeScrollingNodeDelegateIOS::commitStateAfterChildren):

    Canonical link: https://commits.webkit.org/273946@main

Canonical link: https://commits.webkit.org/272448.517@safari-7618.1.15-branch
Identifier: 272448.518 at safari-7618-branch


  Commit: 57a1b3adf875661b8964a0ccff3718e514921eab
      https://github.com/WebKit/WebKit/commit/57a1b3adf875661b8964a0ccff3718e514921eab
  Author: Joshua Hoffman <jhoffman23 at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M LayoutTests/accessibility/mac/aria-errormessage-expected.txt
    M LayoutTests/accessibility/mac/aria-errormessage.html
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h

  Log Message:
  -----------
  Cherry-pick 05842e768650. rdar://122344819

    AX: Revert 272323 at main: unsafe calls to addUnconnectedNode (edit)
    https://bugs.webkit.org/show_bug.cgi?id=268785
    rdar://problem/122344819

    Reviewed by Tyler Wilcock.

    Bug https://bugs.webkit.org/show_bug.cgi?id=266608 introduced a new behavior
    where we create isolated nodes for ignored objects in relations via
    addUnconnectedNode. However, this call can be unsafe, particularly if
    relations are updated (and unconnected nodes are added) as a result of
    accessibilityIsIgnored.

    This patch reverts that change and restores the behavior to retrieve
    objects off of the main thread when they have no isolated object.

    The behavior from https://bugs.webkit.org/show_bug.cgi?id=266608 will be
    reintroduced once a mechanism to safely resolve nodes in addUnconnectedNode
    is determined.

    * LayoutTests/accessibility/mac/aria-errormessage-expected.txt:
    * LayoutTests/accessibility/mac/aria-errormessage.html:
    * Source/WebCore/accessibility/AXObjectCache.cpp:
    (WebCore::AXObjectCache::addRelation):
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
    (WebCore::AXIsolatedTree::create):
    (WebCore::AXIsolatedTree::objectsForIDs):
    (WebCore::AXIsolatedTree::addUnconnectedNode):
    (WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h:
    (WebCore::AXIsolatedTree::objectsForIDs const): Deleted.

    Canonical link: https://commits.webkit.org/274124@main

Canonical link: https://commits.webkit.org/272448.518@safari-7618.1.15-branch
Identifier: 272448.519 at safari-7618-branch


  Commit: b3f229320c06741bffae32811786d1693a7c3b6f
      https://github.com/WebKit/WebKit/commit/b3f229320c06741bffae32811786d1693a7c3b6f
  Author: Russell Epstein <repstein at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h

  Log Message:
  -----------
  Unreviewed build fix. rdar://122344819

Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:260:35: error: no matching member function for call to 'add'

Canonical link: https://commits.webkit.org/272448.524@safari-7618.1.15-branch
Identifier: 272448.520 at safari-7618-branch


  Commit: d07d59284f7d8f258dbec275bb1fcfa402d5d66f
      https://github.com/WebKit/WebKit/commit/d07d59284f7d8f258dbec275bb1fcfa402d5d66f
  Author: Russell Epstein <repstein at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h

  Log Message:
  -----------
  Unreviewed build fix. rdar://122041538

Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h:108:58: error: cannot find protocol declaration for 'WKBEScrollViewDelegate'; did you mean 'BEScrollViewDelegate'?

Canonical link: https://commits.webkit.org/272448.520@safari-7618.1.15-branch
Identifier: 272448.521 at safari-7618-branch


  Commit: 5cdf58dba105d263d584ce54761a9cfa76810663
      https://github.com/WebKit/WebKit/commit/5cdf58dba105d263d584ce54761a9cfa76810663
  Author: Elliott Williams <emw at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h
    M Source/WTF/wtf/spi/cocoa/IOSurfaceSPI.h
    M Source/WTF/wtf/spi/darwin/XPCSPI.h
    M Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h
    A Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h
    M Source/WebKit/Platform/spi/ios/UIKitSPI.h
    M Tools/TestRunnerShared/spi/UIKitSPIForTesting.h

  Log Message:
  -----------
  Cherry-pick 274016 at main (98226f6cc5f3). rdar://problem/121706323

    [iOS] Update SPI headers for iOS 17.4
    https://bugs.webkit.org/show_bug.cgi?id=268210
    rdar://problem/121706323

    Reviewed by Jonathan Bedard and Alexey Proskuryakov.

    Add platform flags for libxpc (which is API as of iOS 17.4+) and for
    other SPI that were promoted to API as part of the BrowserEngineKit
    introduction. Use them to avoid redeclaring things that are now
    publicly available.

    Additionally, write new BrowserEngineKit SPI declarations for symbols
    that are used in testing and by SPI clients of WebKit.

    * Source/WTF/wtf/PlatformHave.h:
    * Source/WTF/wtf/spi/cocoa/IOSurfaceSPI.h:
    * Source/WTF/wtf/spi/darwin/XPCSPI.h:
    * Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h:
    * Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h:
    * Source/WebKit/Platform/spi/ios/UIKitSPI.h:
    * Tools/TestRunnerShared/spi/UIKitSPIForTesting.h:

    Canonical link: https://commits.webkit.org/274016@main

Canonical link: https://commits.webkit.org/272448.522@safari-7618-branch


  Commit: 66d8614c41ca5fa3f39127d7527cc57448012f65
      https://github.com/WebKit/WebKit/commit/66d8614c41ca5fa3f39127d7527cc57448012f65
  Author: Alexey Shvayka <ashvayka at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/runtime/CustomGetterSetter.h

  Log Message:
  -----------
  [JSC] Harden CustomGetterSetter by adding MethodTable overrides that always crash
https://bugs.webkit.org/show_bug.cgi?id=268897
<rdar://122171568>

Reviewed by Mark Lam.

Just like GetterSetter, CustomGetterSetter is never purposely exposed to userland code.
However, to make exploitation of accidentally exposed CustomGetterSetter objects difficult, this
patch implements MethodTable overrides that abort the program when reached, similar to GetterSetter.

* Source/JavaScriptCore/runtime/CustomGetterSetter.h:
(JSC::CustomGetterSetter::getOwnPropertySlot):
(JSC::CustomGetterSetter::put):
(JSC::CustomGetterSetter::putByIndex):
(JSC::CustomGetterSetter::setPrototype):
(JSC::CustomGetterSetter::defineOwnProperty):
(JSC::CustomGetterSetter::deleteProperty):

Canonical link: https://commits.webkit.org/272448.523@safari-7618-branch


  Commit: a216beaf1c540ae80a5d3794eca8481e4d74d161
      https://github.com/WebKit/WebKit/commit/a216beaf1c540ae80a5d3794eca8481e4d74d161
  Author: Elliott Williams <emw at apple.com>
  Date:   2024-02-10 (Sat, 10 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h

  Log Message:
  -----------
  Cherry-pick 274020 at main (a3399430bd1b). rdar://122716185

    Build fix for "[iOS] Update SPI headers for iOS 17.4"
    https://bugs.webkit.org/show_bug.cgi?id=268210
    rdar://problem/121706323

    Unreviewed. Fix the Mac build.

    Canonical link: https://commits.webkit.org/274020@main

Canonical link: https://commits.webkit.org/272448.524@safari-7618-branch


  Commit: bd932c1da52c83ccd987a35bd7fbf33358704a5f
      https://github.com/WebKit/WebKit/commit/bd932c1da52c83ccd987a35bd7fbf33358704a5f
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 994eca410af6. rdar://122422447

    Change install location of WebKit process extensions
    https://bugs.webkit.org/show_bug.cgi?id=268946
    rdar://122422447

    Reviewed by Elliott Williams.

    * Source/WebKit/Configurations/BaseExtension.xcconfig:
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/274425@main

Identifier: 272448.525 at safari-7618-branch


  Commit: 7cd44bf3af093f53baa364d0c71b2371e975cdb6
      https://github.com/WebKit/WebKit/commit/7cd44bf3af093f53baa364d0c71b2371e975cdb6
  Author: Brent Fulgham <bfulgham at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm

  Log Message:
  -----------
  Cherry-pick c710e9dd3240. rdar://121414876

    Add Spotify to the desktop class quirks list
    https://bugs.webkit.org/show_bug.cgi?id=268928
    <rdar://121414876>

    Reviewed by Wenson Hsieh and Chris Dumez.

    It is nearly impossible to use the volume control or playback scrubber
    in Spotify in Safari. They don't expect a desktop with touch support.

    Spotify removed the scrubber features on iOS back in 2016 (https://community.spotify.com/t5/iOS-iPhone-iPad/Audio-scrubber-is-gone-in-latest-update-Why/td-p/1311946

    This patch presents Safari to Spotify as a mobile User Agent so that we
    get the best "touch" version of the website.

    * Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm:
    (WebKit::desktopClassBrowsingRecommendedForRequest):

    Canonical link: https://commits.webkit.org/274268@main

Identifier: 272448.526 at safari-7618-branch


  Commit: 894383f5c368c2d917dd9afbbc15ec5fb5fa9887
      https://github.com/WebKit/WebKit/commit/894383f5c368c2d917dd9afbbc15ec5fb5fa9887
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-expected.html
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap.html
    M Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 9f3eab39f42a. rdar://122501121

    [IFC][Ruby] Some characters are overlapped (Hiragana + Kanji character with Ruby)
    https://bugs.webkit.org/show_bug.cgi?id=269064
    <rdar://122501121>

    Reviewed by Antti Koivisto.

    1. When annotation is wide than the base content, we slightly pull adjacent content under the annotation on both sides
    2. Pulling the "after" content (boxes to the right of the ruby) means shifting all the runs as one monolithic content.

    However in case of justified alignment, as we are supposed to keep the spacing intact, we only adjust the adjacent run
    by moving and expanding it (expanding ensure the rest of the "after" content stays stationary).

    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:
    (WebCore::Layout::InlineDisplayContentBuilder::applyRubyOverhang):

    Canonical link: https://commits.webkit.org/274373@main

Identifier: 272448.527 at safari-7618-branch


  Commit: 0017dc100a0cee5c49d498d18e6dba1df0101017
      https://github.com/WebKit/WebKit/commit/0017dc100a0cee5c49d498d18e6dba1df0101017
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/annotation-clipped-first-line-expected.html
    A LayoutTests/fast/ruby/annotation-clipped-first-line.html
    M Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp

  Log Message:
  -----------
  Cherry-pick da3c5b4ca5ce. rdar://122586539

    [IFC][Ruby] Ruby character is clipped at right edge of the page
    https://bugs.webkit.org/show_bug.cgi?id=269065
    <rdar://122586539>

    Reviewed by Antti Koivisto.

    See comment in RubyFormattingContext::adjustLayoutBoundsAndStretchAncestorRubyBase.

    * LayoutTests/fast/ruby/annotation-clipped-first-line-expected.html: Added.
    * LayoutTests/fast/ruby/annotation-clipped-first-line.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp:
    (WebCore::Layout::RubyFormattingContext::adjustLayoutBoundsAndStretchAncestorRubyBase):

    Canonical link: https://commits.webkit.org/274376@main

Identifier: 272448.528 at safari-7618-branch


  Commit: 6f4e77cf6814437cf192bc22027da0c9f46fe99c
      https://github.com/WebKit/WebKit/commit/6f4e77cf6814437cf192bc22027da0c9f46fe99c
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/dom/QualifiedName.h

  Log Message:
  -----------
  Cherry-pick 2511322b2a30. rdar://122693092

    Use QualifiedNameImpl* as the hash key for Attribute
    https://bugs.webkit.org/show_bug.cgi?id=269093

    Reviewed by Chris Dumez and Yusuke Suzuki.

    Use QualifiedNameImpl* instead of QualifiedName::hash as the hasher input
    for Attribute to avoid the indirect memory loads.

    * Source/WebCore/dom/QualifiedName.h:
    (WebCore::add):

    Canonical link: https://commits.webkit.org/274411@main

Identifier: 272448.529 at safari-7618-branch


  Commit: a999d0af793f020c62e6e40338927bd7a32d051a
      https://github.com/WebKit/WebKit/commit/a999d0af793f020c62e6e40338927bd7a32d051a
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/text/StringCommon.h

  Log Message:
  -----------
  Cherry-pick bacdbdaaf182. rdar://122829453

    [JSC] Micro-optimize String equal operation with UChar / LChar
    https://bugs.webkit.org/show_bug.cgi?id=268684
    rdar://122224476

    Reviewed by Ryosuke Niwa.

    This patch micro-optimizes String equal operation with different characters (UChar* and LChar*).

                                                             ToT                     Patched

        todomvc-javascript-es5-json-parse              37.6466+-0.1862     ^     37.1991+-0.1560        ^ definitely 1.0120x faster
        todomvc-javascript-es6-webpack-json-parse
                                                       58.9239+-0.3310     ^     58.2251+-0.1931        ^ definitely 1.0120x faster

    * Source/WTF/wtf/text/StringCommon.h:

    Canonical link: https://commits.webkit.org/274064@main

Identifier: 272448.530 at safari-7618-branch


  Commit: 436e265aee51334128c7c73b359d2a13a4c7ba27
      https://github.com/WebKit/WebKit/commit/436e265aee51334128c7c73b359d2a13a4c7ba27
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 56b164c3ab85. rdar://122444388

    REGRESSION(272969 at main): Null-deref crash in SourceBufferPrivateAVFObjC::trackDidChangeEnabled
    https://bugs.webkit.org/show_bug.cgi?id=268921
    rdar://122444388

    Reviewed by Eric Carlson.

    The WebAVSampleBufferListener m_listener is invalidated and destroyed in SourceBufferPrivateAVFObjC::destroyRenderers(),
    and is never recreated. It is subsequently used without nil-checking the next time a renderer is recreated. Rather than
    destroying and re-creating whenever renderers are destroyed and created, make it a Ref<> object whose lifetime is the same
    (or longer) as the object which owns it.

    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
    (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):

    Canonical link: https://commits.webkit.org/274323@main

Identifier: 272448.531 at safari-7618-branch


  Commit: e584b2beb12d322d6227d0367a1f60ef85d7cb9c
      https://github.com/WebKit/WebKit/commit/e584b2beb12d322d6227d0367a1f60ef85d7cb9c
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/runtime/JSONAtomStringCache.h
    M Source/JavaScriptCore/runtime/JSONAtomStringCacheInlines.h
    M Source/WTF/wtf/text/StringCommon.h

  Log Message:
  -----------
  Cherry-pick 35a17ac7fc54. rdar://122590409

    [JSC] Accelerate JSONAtomStringCache
    https://bugs.webkit.org/show_bug.cgi?id=269027
    rdar://122590409

    Reviewed by Mark Lam.

    This patch makes JSON parsing faster by embedding small string content itself into the cache.
    AtomString is stored in the per-thread hash table. And to get that, we need to do hash-table lookup, which is costly.
    These cache can avoid doing that. But still, to check the cache validity, we are still accessing to the string content
    of the AtomString. While the input string content is almost always already in CPU cache since we created this input string,
    AtomString content is very unlikely in the CPU cache. So if we can put this content in much more CPU friendly place, we can
    avoid cache miss much.

    In this patch, we leverage the fact that this cache only stores very small strings. So instead of using content inside AtomString,
    we also copy the string content into the cache's slot itself. So string comparison does not encounter cache miss and accelerate
    the lookup performance. Good part of AtomString is that, after getting this pointer, we rarely access to the string content of AtomString,
    so now, we can avoid access to this string content in majority of cases.

    * Source/JavaScriptCore/runtime/JSONAtomStringCache.h:
    (JSC::JSONAtomStringCache::makeIdentifier):
    (JSC::JSONAtomStringCache::clear):
    (JSC::JSONAtomStringCache::cacheSlot):
    (JSC::JSONAtomStringCache::cache): Deleted.
    * Source/JavaScriptCore/runtime/JSONAtomStringCacheInlines.h:
    (JSC::JSONAtomStringCache::make):
    * Source/WTF/wtf/text/StringCommon.h:

    Canonical link: https://commits.webkit.org/274348@main

Identifier: 272448.532 at safari-7618-branch


  Commit: 2988b6f95c1eab41b95d0c14a624e56c38a4601e
      https://github.com/WebKit/WebKit/commit/2988b6f95c1eab41b95d0c14a624e56c38a4601e
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/jit/JITWorklist.cpp
    M Source/JavaScriptCore/jit/JITWorklist.h
    M Source/JavaScriptCore/jit/JITWorklistThread.cpp
    M Source/JavaScriptCore/jit/JITWorklistThread.h

  Log Message:
  -----------
  Cherry-pick 17e76f594e5e. rdar://122677279

    [JSC] Skip notifyOne when all JIT threads are running
    https://bugs.webkit.org/show_bug.cgi?id=269111
    rdar://122677279

    Reviewed by Mark Lam.

    Let's avoid calling notifyOne when all JIT threads are currently running.
    In that case, they will pick the enqueued plan without notifying anyway.
    This can skip some of costly syscalls like pthread_condvar related ones.
    We also change JITWorklist::suspendAllThreads to first use tryLock for all threads.
    So then, we can eagerly suspend currently-not-running-threads. And after that,
    we eventually ensure all threads are not running. This avoids starting JIT compilation
    in the latter thread while it was not having that when JITWorklist::suspendAllThreads started.

    * Source/JavaScriptCore/jit/JITWorklist.cpp:
    (JSC::JITWorklist::JITWorklist):
    (JSC::JITWorklist::enqueue):
    (JSC::JITWorklist::removeDeadPlans):
    (JSC::JITWorklist::visitWeakReferences):
    * Source/JavaScriptCore/jit/JITWorklist.h:
    * Source/JavaScriptCore/jit/JITWorklistThread.cpp:
    (JSC::JITWorklistThread::work):
    * Source/JavaScriptCore/jit/JITWorklistThread.h:

    Canonical link: https://commits.webkit.org/274407@main

Identifier: 272448.533 at safari-7618-branch


  Commit: 742e383b2601fdce80206ea8e77f56720f150370
      https://github.com/WebKit/WebKit/commit/742e383b2601fdce80206ea8e77f56720f150370
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
    M Source/JavaScriptCore/jit/JITOpcodes.cpp

  Log Message:
  -----------
  Cherry-pick a36c2519d4ee. rdar://122674588

    [JSC] Spew strict-eq Baseline JIT code with constant strings
    https://bugs.webkit.org/show_bug.cgi?id=269106
    rdar://122674588

    Reviewed by Alexey Shvayka.

    Let's leverage the fact that there are many `"string" === x` comparisons.
    In that case, we can emit very specific optimized code even in Baseline JIT easily.
    This patch adds `StringIdent === x` case optimizations in Baseline JIT.

    Furthermore, we found that

    ```
        switch (expr) {
        case "string1":
            ...
        case "string2":
            ...
        case variable:
            ...
        }
    ```

    case is emitting very inefficient bytecode, which does not use constant register directly with `jstricteq`.
    As a result, my new optimization does not kick in with this. This patch also fixes BytecodeGenerator to make
    this new optimization work well by emitting `jstricteq constant, x`.

    * Source/JavaScriptCore/jit/JITOpcodes.cpp:
    (JSC::JIT::compileOpStrictEq):
    (JSC::JIT::compileOpStrictEqJump):

    Canonical link: https://commits.webkit.org/274418@main

Identifier: 272448.534 at safari-7618-branch


  Commit: 579872646049beb12bda72b4e350bfbd0a1db598
      https://github.com/WebKit/WebKit/commit/579872646049beb12bda72b4e350bfbd0a1db598
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/PutByStatus.cpp
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

  Log Message:
  -----------
  Cherry-pick d077f1d5c030. rdar://122689419

    [JSC] Enable Megamorphic Cache for enumerator_put_by_val / enumerator_get_by_val in upper tiers
    https://bugs.webkit.org/show_bug.cgi?id=269129
    rdar://122689419

    Reviewed by Mark Lam.

    This patch enables embedded DFG / FTL megamorphic cache for enumerator_put_by_val / enumerator_get_by_val.
    We obtain PutByStatus / GetByStatus, and if it says "this was megamorphic in lower tiers", then we use PutByValMegamorphic / GetByValMegamorphic.

    * Source/JavaScriptCore/bytecode/PutByStatus.cpp:
    (JSC::PutByStatus::computeFromLLInt):
    * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):

    Canonical link: https://commits.webkit.org/274421@main

Identifier: 272448.535 at safari-7618-branch


  Commit: ff6d4c917edf20bc35fb54ff675615b8aab16254
      https://github.com/WebKit/WebKit/commit/ff6d4c917edf20bc35fb54ff675615b8aab16254
  Author: Dana Estra <destra at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/html/track/VTTCue.cpp

  Log Message:
  -----------
  Cherry-pick 379505f1665c. rdar://122584350

    Subtitle size is enlarged in Full screen
    https://bugs.webkit.org/show_bug.cgi?id=269085
    rdar://122584350

    Reviewed by Jer Noble.

    Webkit-media-text-track-display pseudo-elements should have a font size unit of CQMIN instead of CQH. CQMIN will be calculated to be CQW if the width of the video element is shorter than the height, or CQH vice versa. This creates a more appropriate font size.

    * Source/WebCore/html/track/VTTCue.cpp:
    (WebCore::VTTCueBox::applyCSSProperties):

    Canonical link: https://commits.webkit.org/274480@main

Identifier: 272448.536 at safari-7618-branch


  Commit: 2c41110b8852582230a1fb98da4c668cc766d3ad
      https://github.com/WebKit/WebKit/commit/2c41110b8852582230a1fb98da4c668cc766d3ad
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-base-content-should-not-wrap-expected.html
    A LayoutTests/fast/ruby/ruby-base-content-should-not-wrap.html
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp

  Log Message:
  -----------
  [IFC][Ruby] Ruby base content may wrap even when style says no
https://bugs.webkit.org/show_bug.cgi?id=269235
<rdar://122811940>

Reviewed by Antti Koivisto.

There's no soft wrap opportunity between 2 adjacent non-whitespace characters when style says nowrap.

* LayoutTests/fast/ruby/ruby-base-content-should-not-wrap-expected.html: Added.
* LayoutTests/fast/ruby/ruby-base-content-should-not-wrap.html: Added.
* Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp:
(WebCore::Layout::isAtSoftWrapOpportunity):

Canonical link: https://commits.webkit.org/272448.537@safari-7618-branch


  Commit: 8179ae2db1bf5f53c322b8431988931e5c6b75f3
      https://github.com/WebKit/WebKit/commit/8179ae2db1bf5f53c322b8431988931e5c6b75f3
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/Scripts/process-entitlements.sh

  Log Message:
  -----------
  Clean up JSC shell entitlements to fix RAMificaton.
rdar://122826926

Reviewed by Yusuke Suzuki.

In https://commits.webkit.org/272448.472@safari-7618-branch, we switched
to the new allow-jit entitlement. This broke RAMiciation runs because
the JSC binary doesn't have the com.apple.developer.web-browser-engine.webcontent
entitlement. This patch adds it.

* Source/JavaScriptCore/Scripts/process-entitlements.sh:

Canonical link: https://commits.webkit.org/272448.538@safari-7618-branch


  Commit: fb8027f1e96617caa2af988aaa685f0c23f98a7f
      https://github.com/WebKit/WebKit/commit/fb8027f1e96617caa2af988aaa685f0c23f98a7f
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/dom/dom-parser-head-body-order-expected.txt
    A LayoutTests/fast/dom/dom-parser-head-body-order.html
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp

  Log Message:
  -----------
  Apply patch. rdar://122720540

    Connect body to the document before invoking tryFastParsingHTMLFragment
    https://bugs.webkit.org/show_bug.cgi?id=269047

    Reviewed by Anne van Kesteren and Yusuke Suzuki.

    Connect the body element to the document before invoking tryFastParsingHTMLFragment
    in Document::setMarkupUnsafe to avoid the secondary insertedIntoAncestor call.

    We need to disable coalescing of childrenChanged in this case because we need to call
    didFinishInsertingNode on some of the newly connected nodes.

    Also added a regression test for a bug that was not caught during the development.

    * LayoutTests/fast/dom/dom-parser-head-body-order-expected.txt: Added.
    * LayoutTests/fast/dom/dom-parser-head-body-order.html: Added.
    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::setMarkupUnsafe):
    * Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp:
    (WebCore::HTMLFastPathParser::parseChildren):
    (WebCore::HTMLFastPathParser::parseContainerElement):
    (WebCore::HTMLFastPathParser::parseVoidElement):

    Canonical link: https://commits.webkit.org/274429@main

Identifier: 272448.539 at safari-7618-branch


  Commit: 44ac802873937a9c1a9d25255b0954371770e7a6
      https://github.com/WebKit/WebKit/commit/44ac802873937a9c1a9d25255b0954371770e7a6
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M LayoutTests/platform/ios/editing/pasteboard/onpaste-text-html-expected.txt
    M LayoutTests/platform/mac/editing/pasteboard/onpaste-text-html-expected.txt
    M LayoutTests/platform/mac/fast/events/ondrop-text-html-expected.txt
    M Source/WebCore/editing/markup.cpp
    M Source/WebCore/editing/markup.h
    M Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp
    M Tools/TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/CopyHTML.mm

  Log Message:
  -----------
  Cherry-pick 81896aa61d54. rdar://122391840

    [iOS 17.4] Copying a relative URL in Reader mode and pasting in Messages inserts a safari-reader:// URL
    https://bugs.webkit.org/show_bug.cgi?id=269143
    rdar://122391840

    Reviewed by Ryosuke Niwa.

    Starting in iOS 17.4, Safari no longer writes `NSAttributedString` data directly to the pasteboard.
    Instead, we just write web archive data and HTML, which the system converts (on paste) into an
    `NSAttributedString` only if needed, using UIFoundation (…which uses an offscreen WKWebView under
    the hood, via `nsattributedstringagent`).

    However, when copying a selected link with a relative HREF like `<a href="/foo.html">…</a>` in
    Safari reader, the reader document has a `base` element with an `href` referencing the original
    website URL, while the real document URL has a scheme of `safari-reader://…`. When writing web
    archive data to the pasteboard in Safari, we just write the markup `<a href="/foo.html">…</a>` as-
    is; when converting to an attributed string (e.g., when pasting in Messages) we complete the
    relative URL using the top document URL taken from the web archive, which still uses a scheme of
    `safari-reader://`, so resulting attributed string has a link attribute pointing to a
    `safari-reader://` URL instead of the HTTP URL.

    To avoid this, we detect the fact that there’s a `base` element in the document when creating web
    archive data from the current selection, and prepend the `base` element to the markup, under the
    `head`; in doing so, we ensure that relative URLs will be completed using the same `base` element
    that was present in the document when copying.

    Test: CopyHTML.SanitizationPreservesRelativeURLInAttributedString

    * LayoutTests/platform/ios/editing/pasteboard/onpaste-text-html-expected.txt:
    * LayoutTests/platform/mac/editing/pasteboard/onpaste-text-html-expected.txt:
    * LayoutTests/platform/mac/fast/events/ondrop-text-html-expected.txt:

    Rebaseline layout tests to account for the fact that the `meta` tag is now also inserted below the
    `head` element (as [noted in the spec](https://html.spec.whatwg.org/multipage/semantics.html#the-meta-element)).

    * Source/WebCore/editing/markup.cpp:

    Rename `prependMetaCharsetUTF8TagIfNonASCIICharactersArePresent` to `prependHeadIfNecessary`, and
    make it append both, either or none of the `meta` and `base` elements underneath a `head` element.
    Like before, we only append `meta charset=UTF-8` on Cocoa in the case where the text contains non-
    ASCII characters, for compatibility with system NSPasteboard/UIPasteboard text encoding treatment.
    If the given `baseElement` is non-null, we'll additionally append the base element (along with its
    attributes) to the `head`. Note that if neither of the above elements are needed, we'll just skip
    appending a `head`.

    (WebCore::serializePreservingVisualAppearanceInternal):

    Add support for a new `PreserveBaseElement` option, which indicates whether or not we should attempt
    to preserve the base element, if it exists in the document containing the given range. This is `No`
    by default, and set to `Yes` only when generating web archive data from a selected range in the
    document to ensure that any completed relative URLs in the selected range point to the same resource
    in the web archive, as they previously did in the original document.

    (WebCore::serializePreservingVisualAppearance):
    (WebCore::sanitizedMarkupForFragmentInDocument):
    * Source/WebCore/editing/markup.h:
    * Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp:
    (WebCore::LegacyWebArchive::createFromSelection):

    Pass in `PreserveBaseElement::Yes`. See above for more details.

    * Tools/TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig:

    Drive-by fix: remove the redundant `WK_UNIFORM_TYPE_IDENTIFIERS_LDFLAGS` setting, which was only
    used to link against `UniformTypeIdentifiers` on iOS (but is now unnecessary, since we already
    unconditionally link `UniformTypeIdentifiers` in `OTHER_LDFLAGS`).

    * Tools/TestWebKitAPI/Tests/WebKitCocoa/CopyHTML.mm:

    Add an API test that simulates copying a relative URL (`/downloads`) in a document with a `base` and
    pasting in an app that converts the web archive data to `NSAttributedString`; the resulting link URL
    corresponding to `NSLinkAttributeName` in the attributed string should point to the original URL
    (`https://webkit.org/downloads`), instead of `file:///downloads`.

    Canonical link: https://commits.webkit.org/274434@main

Identifier: 272448.540 at safari-7618-branch


  Commit: aaa196caf1ead16d53c25d5fffc2d9df3ffbc41b
      https://github.com/WebKit/WebKit/commit/aaa196caf1ead16d53c25d5fffc2d9df3ffbc41b
  Author: Joshua Hoffman <jhoffman23 at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Cherry-pick 58895edc47c1. rdar://122778867

    AX: Missing _prepareAccessibilityCall in accessibilityIsInNonNativeTextControl
    https://bugs.webkit.org/show_bug.cgi?id=269214
    rdar://122778867

    Reviewed by Andres Gonzalez.

    We need to add a _prepareAccessibilityCall to avoid a nullptr dereference.

    * Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
    (-[WebAccessibilityObjectWrapper accessibilityIsInNonNativeTextControl]):

    Canonical link: https://commits.webkit.org/274497@main

Identifier: 272448.541 at safari-7618-branch


  Commit: 01389d47b6ec1b09e825757b721ee79ea259d63e
      https://github.com/WebKit/WebKit/commit/01389d47b6ec1b09e825757b721ee79ea259d63e
  Author: Erica Li <lerica at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/ipc/create-media-source-with-invalid-constraints-crash-expected.txt
    A LayoutTests/ipc/create-media-source-with-invalid-constraints-crash.html
    M Source/WebCore/platform/mediastream/MediaConstraints.cpp
    M Source/WebCore/platform/mediastream/MediaConstraints.h
    M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp

  Log Message:
  -----------
  WTFCrashWithSecurityImplication in WebCore::RealtimeMediaSource::fitnessDistance
https://bugs.webkit.org/show_bug.cgi?id=268800
rdar://122105977

Reviewed by Youenn Fablet.

This is short-term suggested fix to add isValid check to MediaTrackConstraintSetMap to ensure each incomming contraint from IPC call has the right MediaConstraintType.

* LayoutTests/ipc/create-media-source-with-invalid-constraints-crash-expected.txt: Added.
* LayoutTests/ipc/create-media-source-with-invalid-constraints-crash.html: Added.
* Source/WebCore/platform/mediastream/MediaConstraints.cpp:
(WebCore::MediaTrackConstraintSetMap::isValid const):
* Source/WebCore/platform/mediastream/MediaConstraints.h:
* Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
(WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
(WebKit::UserMediaCaptureManagerProxy::applyConstraints):

Canonical link: https://commits.webkit.org/272448.542@safari-7618-branch


  Commit: 984ca90b424a82857559ac3cb395dd110fc6638a
      https://github.com/WebKit/WebKit/commit/984ca90b424a82857559ac3cb395dd110fc6638a
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/Shared/FocusedElementInformation.h
    M Source/WebKit/Shared/FocusedElementInformation.serialization.in
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
    M Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm

  Log Message:
  -----------
  Cherry-pick 1cb03ba5c4bb. rdar://120743391

    [iOS] -[WKContentView hasText] is incorrect when initially focusing an editable element
    https://bugs.webkit.org/show_bug.cgi?id=267729
    rdar://120743391

    Reviewed by Aditya Keerthi.

    Currently, `-hasText` is based entirely on the last cached `EditorState`'s post layout data. In the
    case where we've just started showing the keyboard for a focused editable element in
    `-[WKContentView _elementDidFocus:…:userObject:]`, we're still waiting for a new `EditorState` to
    arrive, so this result ends up being invalid (either `false` if we haven't received any post-layout
    editor state yet, or stale editor state data).

    To avoid this, we add a `hasPlainText` flag to `FocusedElementInformation` that represents whether
    or not the focused element initially had non-empty text content upon focus; if we're currently in
    the process of focusing (or are waiting for post-layout data) in `-hasText`, then use this initial
    value instead of the `EditorState`.

    Test: KeyboardInputTests.HasTextAfterFocusingTextField

    * Source/WebKit/Shared/FocusedElementInformation.h:
    * Source/WebKit/Shared/FocusedElementInformation.serialization.in:
    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView hasText]):
    * Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::focusedElementInformation):

    For text fields and text areas, instead of using `hasPlainText` (which relies on `TextIterator`),
    simply check whether the `value` is non-empty instead to avoid any extra performance cost.

    * Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm:

    Canonical link: https://commits.webkit.org/273211@main

(cherry picked from commit ea917500c3c6383c51bccfe4d77db2af0e2b3408)

Identifier: 272448.543 at safari-7618-branch


  Commit: 483d4b2288be5c95d7dec69ceff5ddcceb50c544
      https://github.com/WebKit/WebKit/commit/483d4b2288be5c95d7dec69ceff5ddcceb50c544
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/runtime/HasOwnPropertyCache.h
    M Source/JavaScriptCore/runtime/LazyPropertyInlines.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/JavaScriptCore/runtime/VM.h
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/CMakeLists.txt
    A Source/WTF/wtf/LazyRef.h
    A Source/WTF/wtf/LazyUniqueRef.h
    M Tools/TestWebKitAPI/CMakeLists.txt
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/WTF/LazyRef.cpp
    A Tools/TestWebKitAPI/Tests/WTF/LazyUniqueRef.cpp

  Log Message:
  -----------
  Cherry-pick 339bfd3e4a54. rdar://122509050

    [WTF] Add LazyRef & LazyUniqueRef
    https://bugs.webkit.org/show_bug.cgi?id=267830
    rdar://121328458

    Reviewed by Ryosuke Niwa.

    This patch adds LazyRef and LazyUniqueRef. This is similar to LazyProperty in JSC.
    We can set *stateless* lambda in the constructor side of the owner object so that it offers clean interface for lazy initialization,
    which does not mess up the owner object's interface.
    For example,

        LazyUniqueRef<VM, Property> m_property;
        Property& property() { return m_property.get(*this); }

    First parameter is owner, which needs to be passed to `get`. And then, this `get` will automatically initialize if it is not initialized.
    And the initialization code can be freely customized, but you do not need to define it as a VM's member! Instead, you can define it as a lambda inside VM.cpp.

        // This lambda needs to be stateless. So it must not capture anything (otherwise, it hits crash because of RELEASE_ASSERT anyway).
        m_property.initLater(
            [](VM& vm, auto& ref) {
                // You can do whatever. Even you can invoke the other property which can be further lazily initialized (so, it implicitly creates dependency graph of initialization).
                ref.set(Property::create());
                // And further, you can do anything after setting it. So these operations can see Property& via `vm.property()`.
            });

    Or you can set lambda in constructor, so like, VM's constructor list,

        : m_property(
            [](VM& vm, auto& ref) {
                // You can do whatever. Even you can invoke the other property which can be further lazily initialized (so, it implicitly creates dependency graph of initialization).
                ref.set(Property::create());
                // And further, you can do anything after setting it. So these operations can see Property& via `vm.property()`.
            })
        , m_other()
        , ...

    This patch applies this to some of JSC::VM's fields, making definitions much cleaner by moving all messy parts into VM.cpp side and clean up VM.h's interface.

    * Source/JavaScriptCore/runtime/HasOwnPropertyCache.h:
    (JSC::HasOwnPropertyCache::Entry::offsetOfStructureID): Deleted.
    (JSC::HasOwnPropertyCache::Entry::offsetOfImpl): Deleted.
    (JSC::HasOwnPropertyCache::Entry::offsetOfResult): Deleted.
    (JSC::HasOwnPropertyCache::operator delete): Deleted.
    (JSC::HasOwnPropertyCache::create): Deleted.
    (JSC::HasOwnPropertyCache::hash): Deleted.
    (JSC::HasOwnPropertyCache::get): Deleted.
    (JSC::HasOwnPropertyCache::tryAdd): Deleted.
    (JSC::HasOwnPropertyCache::clear): Deleted.
    (JSC::HasOwnPropertyCache::clearBuffer): Deleted.
    (JSC::VM::ensureHasOwnPropertyCache): Deleted.
    * Source/JavaScriptCore/runtime/LazyPropertyInlines.h:
    (JSC::ElementType>::initLater):
    * Source/JavaScriptCore/runtime/VM.cpp:
    (JSC::VM::VM):
    (JSC::VM::~VM):
    (JSC::VM::invalidateStructureChainIntegrity):
    (JSC::VM::ensureWatchdog): Deleted.
    (JSC::VM::ensureHeapProfiler): Deleted.
    (JSC::VM::ensureShadowChicken): Deleted.
    (JSC::VM::ensureMegamorphicCacheSlow): Deleted.
    * Source/JavaScriptCore/runtime/VM.h:
    (JSC::VM::watchdog):
    (JSC::VM::ensureWatchdog):
    (JSC::VM::heapProfiler):
    (JSC::VM::ensureHeapProfiler):
    (JSC::VM::hasOwnPropertyCache):
    (JSC::VM::ensureHasOwnPropertyCache):
    (JSC::VM::megamorphicCache):
    (JSC::VM::ensureMegamorphicCache):
    (JSC::VM::shadowChicken):
    (JSC::VM::ensureShadowChicken):
    (JSC::VM::heapProfiler const): Deleted.
    * Source/WTF/WTF.xcodeproj/project.pbxproj:
    * Source/WTF/wtf/CMakeLists.txt:
    * Source/WTF/wtf/LazyRef.h: Added.
    (WTF::LazyRef::~LazyRef):
    (WTF::LazyRef::isInitialized const):
    (WTF::LazyRef::get const):
    (WTF::LazyRef::get):
    (WTF::LazyRef::getIfExists const):
    (WTF::LazyRef::getIfExists):
    (WTF::LazyRef::initLater):
    (WTF::LazyRef::set):
    (WTF::LazyRef::callFunc):
    * Source/WTF/wtf/LazyUniqueRef.h: Added.
    (WTF::LazyUniqueRef::~LazyUniqueRef):
    (WTF::LazyUniqueRef::isInitialized const):
    (WTF::LazyUniqueRef::get const):
    (WTF::LazyUniqueRef::get):
    (WTF::LazyUniqueRef::getIfExists const):
    (WTF::LazyUniqueRef::getIfExists):
    (WTF::LazyUniqueRef::initLater):
    (WTF::LazyUniqueRef::set):
    (WTF::LazyUniqueRef::callFunc):

    Canonical link: https://commits.webkit.org/273287@main

Identifier: 272448.544 at safari-7618-branch


  Commit: 47c5c1470d1de65eefb02ac22a4f6137f4913b50
      https://github.com/WebKit/WebKit/commit/47c5c1470d1de65eefb02ac22a4f6137f4913b50
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A JSTests/stress/string-index-of-pathological.js
    A JSTests/stress/v8-string-indexof-1.js
    A JSTests/stress/v8-string-indexof-2.js
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/runtime/StringPrototypeInlines.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/JavaScriptCore/runtime/VM.h
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/CMakeLists.txt
    M Source/WTF/wtf/text/ASCIIFastPath.h
    A Source/WTF/wtf/text/AdaptiveStringSearcher.h
    M Source/WTF/wtf/text/StringView.cpp
    M Source/WTF/wtf/text/StringView.h

  Log Message:
  -----------
  Cherry-pick 802150baed8d. rdar://121082299

    [WTF] Adopt adaptive string searching
    https://bugs.webkit.org/show_bug.cgi?id=268635
    rdar://121082299

    Reviewed by Mark Lam.

    This patch adopts V8's StringSearch class. We tailor it to our use and name it AdaptiveStringSearcher.
    We add `StringView::find(AdaptiveStringSearcherTables&, ...)` function which uses `AdaptiveStringSearcher`,
    when the table is attached. In this way, we can use this function even without JSC VM for example.

    The mechanism of this class is that, it requires additional space for large table (AdaptiveStringSearcherTables).
    And it *adaptively* switches string searching algorithm: linearSearch -> boyerMooreHorspoolSearch -> boyerMooreSearch.
    The reason is that the latter requires more costly preprocess to populate table data. For very simple case, linearSearch suffice,
    but for more complex cases, the preprocess gets paid, and boyerMooreHorspoolSearch / boyerMooreSearch works better for performance.

    * Source/JavaScriptCore/dfg/DFGOperations.cpp:
    (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
    * Source/JavaScriptCore/runtime/StringPrototype.cpp:
    (JSC::stringIndexOfImpl):
    (JSC::JSC_DEFINE_HOST_FUNCTION):
    (JSC::stringIncludesImpl):
    * Source/JavaScriptCore/runtime/StringPrototypeInlines.h:
    (JSC::stringReplaceStringString):
    (JSC::replaceUsingStringSearch):
    * Source/JavaScriptCore/runtime/VM.cpp:
    (JSC::VM::VM):
    * Source/JavaScriptCore/runtime/VM.h:
    (JSC::VM::adaptiveStringSearcherTables):
    * Source/WTF/WTF.xcodeproj/project.pbxproj:
    * Source/WTF/wtf/CMakeLists.txt:
    * Source/WTF/wtf/text/ASCIIFastPath.h:
    (WTF::charactersAreAllLatin1):
    * Source/WTF/wtf/text/AdaptiveStringSearcher.h: Added.
    (WTF::AdaptiveStringSearcherBase::exceedsOneByte):
    (WTF::AdaptiveStringSearcherBase::alignDown):
    (WTF::AdaptiveStringSearcherBase::getHighestValueByte):
    (WTF::AdaptiveStringSearcherBase::findFirstCharacter):
    (WTF::AdaptiveStringSearcherTables::badCharShiftTable):
    (WTF::AdaptiveStringSearcherTables::goodSuffixShiftTable):
    (WTF::AdaptiveStringSearcherTables::suffixTable):
    (WTF::AdaptiveStringSearcher::AdaptiveStringSearcher):
    (WTF::AdaptiveStringSearcher::search):
    (WTF::AdaptiveStringSearcher::alphabetSize):
    (WTF::AdaptiveStringSearcher::failSearch):
    (WTF::AdaptiveStringSearcher::charOccurrence):
    (WTF::AdaptiveStringSearcher::badCharTable):
    (WTF::AdaptiveStringSearcher::goodSuffixShiftTable):
    (WTF::AdaptiveStringSearcher::suffixTable):
    (WTF::SubjectChar>::singleCharSearch):
    (WTF::SubjectChar>::linearSearch):
    (WTF::SubjectChar>::boyerMooreSearch):
    (WTF::SubjectChar>::populateBoyerMooreTable):
    (WTF::SubjectChar>::boyerMooreHorspoolSearch):
    (WTF::SubjectChar>::populateBoyerMooreHorspoolTable):
    (WTF::SubjectChar>::initialSearch):
    (WTF::searchString):
    (WTF::searchStringRaw):
    * Source/WTF/wtf/text/StringView.cpp:
    (WTF::StringView::find const):
    * Source/WTF/wtf/text/StringView.h:

    Canonical link: https://commits.webkit.org/274033@main

Identifier: 272448.545 at safari-7618-branch


  Commit: c9c2a921b0f351ba08e9d37034385ba87031866d
      https://github.com/WebKit/WebKit/commit/c9c2a921b0f351ba08e9d37034385ba87031866d
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick f2404c166790. rdar://121471373

    [iOS] YouTube does not provide an AirPlay button in fullscreen mode
    https://bugs.webkit.org/show_bug.cgi?id=268634
    rdar://121471373

    Reviewed by Brent Fulgham and Aditya Keerthi.

    Add a quirk to disable the Fullscreen API on YouTube.com (and youtube.com embeds).

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::shouldDisableElementFullscreenQuirk const):

    Canonical link: https://commits.webkit.org/274117@main

Identifier: 272448.546 at safari-7618-branch


  Commit: 295bee1d9b47495395eaf35ace06329929067d79
      https://github.com/WebKit/WebKit/commit/295bee1d9b47495395eaf35ace06329929067d79
  Author: Andres Gonzalez <andresg_22 at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp

  Log Message:
  -----------
  Cherry-pick ffb3f7edd603. rdar://121874043

    AX: Announcements of percentage loaded do not honor VoiceOver preference of "play tone for web page loading."
    https://bugs.webkit.org/show_bug.cgi?id=268772
    rdar://121874043

    Reviewed by Chris Fleizach.

    AXObjectCache::announce causes VoiceOver to output a spoken message regardless of the user preference to announce percentage of page loaded. This patch removes this direct announcement. In a follow up patch, we will notify VoiceOver of page processing progress with a custom notification that VoiceOver will handle according to user preferences.

    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
    (WebCore::AXIsolatedTree::reportCreationProgress):

    Canonical link: https://commits.webkit.org/274126@main

Identifier: 272448.547 at safari-7618-branch


  Commit: a5e936c06836b028f2d9daf61dd2eeb9e996e446
      https://github.com/WebKit/WebKit/commit/a5e936c06836b028f2d9daf61dd2eeb9e996e446
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M LayoutTests/fast/canvas/offscreen-giant-transfer-to-imagebitmap-expected.txt
    M LayoutTests/platform/ios/fast/canvas/offscreen-giant-transfer-to-imagebitmap-expected.txt
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp

  Log Message:
  -----------
  Cherry-pick 26aaa25dcbdc. rdar://122309325

    REGRESSION(267824 at main): Changing HTMLCanvasElement width, height causes intermediate buffer allocations
    https://bugs.webkit.org/show_bug.cgi?id=268745
    rdar://122309325

    Reviewed by Simon Fraser.

    Resizing is intended to leave the buffer unallocated, so that
    sequential width, height assignments will not allocate multiple times.

    This intention was nullified by CanvasRenderingContext2DBase::reset().
    Calling resetTransform redundantly would recreate the buffer
    immediately from width, height attribute setters.

    The transform reset is redundant, the context transform is reset when
    the context state saver is restored and re-saved.

    Clearing the canvas doesn't need to use public
    CanvasRenderingContext2DBase::clearCanvas() that will mutate the context
    state. The state is in known state with initial transform, and thus it
    doesn't need transform mutation.

    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
    (WebCore::CanvasRenderingContext2DBase::reset):

    Canonical link: https://commits.webkit.org/274135@main

Identifier: 272448.548 at safari-7618-branch


  Commit: 48a86e797dfb3067a3877c9e8194774ba1c7330e
      https://github.com/WebKit/WebKit/commit/48a86e797dfb3067a3877c9e8194774ba1c7330e
  Author: Ben Nham <nham at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm

  Log Message:
  -----------
  Cherry-pick f4ce57789de5. rdar://121185956

    hideContentUntilPendingUpdate async IPC call during backgrounding blocks process suspension
    https://bugs.webkit.org/show_bug.cgi?id=268799
    rdar://121185956

    Reviewed by Chris Dumez.

    On iOS, when the UIProcess goes into the background, it eventually calls in to
    hideContentUntilPendingUpdate through this call stack:

    ```
    WebKit::RemoteLayerTreeDrawingAreaProxy::hideContentUntilPendingUpdate()
    WebKit::WebPageProxy::applicationDidFinishSnapshottingAfterEnteringBackground()
    WebKit::ApplicationStateTracker::didCompleteSnapshotSequence()
    ```

    The problem is that we recently added an async `DrawingArea::DispatchAfterEnsuringDrawing` IPC with
    reply handler call to hideContentUntilPendingUpdate (see 269776 at main, 270672 at main, 271260 at main). An
    async IPC with a reply handler in the UIProcess implicitly takes out a background activity which
    prevents the WebContent process (and also the UIProcess) from suspending until the reply handler
    runs. Unfortunately, since the WebContent process is in the background, presumably it doesn't
    render, so the DispatchAfterEnsuringDrawing reply handler doesn't run, and the background activity
    also never completes. We basically end up blocking process suspension entirely until the 15 second
    timer in ProcessStateMonitor expires and forcefully invalidates all background activities for all
    processes.

    We need to fix this by reworking the logic somehow or by making this DispatchAfterEnsuringDrawing
    IPC not create a background activity. Here I'm just trying to make the IPC call not start a
    background activity.

    Note that there's also a DispatchAfterEnsuringDrawing call in WebPageProxy that I didn't touch since
    I don't have evidence that it's causing a background power regression, but I wonder if that also
    should avoid creating a background activity.

    * Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
    (WebKit::RemoteLayerTreeDrawingAreaProxy::hideContentUntilPendingUpdate):

    Canonical link: https://commits.webkit.org/274157@main

Identifier: 272448.549 at safari-7618-branch


  Commit: 928d7b593e947f9c3f5eb077e4303d32abf472f6
      https://github.com/WebKit/WebKit/commit/928d7b593e947f9c3f5eb077e4303d32abf472f6
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal-expected.txt
    A LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal.html
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 8c14e2cb8214. rdar://121931039

    [Cocoa] Netflix.com key renewal fails, causes playback errors, stuttering.
    https://bugs.webkit.org/show_bug.cgi?id=268830
    rdar://121931039

    Reviewed by Andy Estes.

    When adding a workaround for a platform change in behavior in the modern AVContentKeySession path,
    a behavior was introduced which narrowly affects the way Netflix.com preloads keys. Previously,
    a "renew" message would result in the resulting AVContentKeyRequest replacing the entire set of
    pre-loaded keys from the previous request, some of which were in use by Netflix.

    Rather than replace the entire set, replace only the AVContentKeyRequest within the batch of requests
    whose contentKeySpecifier has a maching identifier to the replacement.

    * LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal-expected.txt: Added.
    * LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal.html: Added.
    * Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRenewingRequest):

    Canonical link: https://commits.webkit.org/274172@main

Identifier: 272448.550 at safari-7618-branch


  Commit: 3fa01f06f0f70ad036f71b7f427ebed202c54759
      https://github.com/WebKit/WebKit/commit/3fa01f06f0f70ad036f71b7f427ebed202c54759
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.h
    M Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.mm

  Log Message:
  -----------
  Cherry-pick 0b882fd2de7f. rdar://122343478

    Regression(270212 at main) XPCConnectionTerminationWatchdog is broken
    https://bugs.webkit.org/show_bug.cgi?id=268860
    rdar://122343478

    Reviewed by Per Arne Vollan.

    XPCConnectionTerminationWatchdog is broken since 270212 at main. As a result,
    child processes are no longer getting terminated when they fail to exit
    promptly. This means we end up with "zombie" processes that are suspended in
    the middle of exit. Worse, when the child process is a GPUProcess, the
    connection with existed WebProcesses doesn't get severed so the WebProcesses
    will keep trying to IPC the "old" suspended GPUProcess and will hang on sync
    IPC.

    The issue was that the XPCConnectionTerminationWatchdog was updated to keep
    a WeakPtr to the AuxiliaryProcessProxy instead of a strong pointer to the
    XPC connection. After the timeout, it would try and get the XPC connection
    from the WeakPtr<AuxiliaryProcessProxy>, which would be null, since nothing
    guarantees the proxy object stays alive after we've asked it to shut down.

    Go back to storing a strong pointer to the XPC connection.

    * Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.h:
    * Source/WebKit/UIProcess/Cocoa/XPCConnectionTerminationWatchdog.mm:
    (WebKit::XPCConnectionTerminationWatchdog::XPCConnectionTerminationWatchdog):
    (WebKit::XPCConnectionTerminationWatchdog::watchdogTimerFired):

    Canonical link: https://commits.webkit.org/274189@main

Identifier: 272448.551 at safari-7618-branch


  Commit: 98cb235c3dd39e740a08857691fd49599ff5f24a
      https://github.com/WebKit/WebKit/commit/98cb235c3dd39e740a08857691fd49599ff5f24a
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A JSTests/stress/destructuring-class-in-constructor-exception.js
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/parser/ASTBuilder.h
    M Source/JavaScriptCore/parser/Parser.cpp
    M Source/JavaScriptCore/parser/ParserTokens.h
    M Source/JavaScriptCore/parser/SyntaxChecker.h

  Log Message:
  -----------
  Cherry-pick 5a241c1e2822. rdar://121869296

    Destructuring exception shouldn't crash
    https://bugs.webkit.org/show_bug.cgi?id=268849
    rdar://121869296

    Reviewed by Yusuke Suzuki.

    We recently changed how we saved expression info for exceptions, which saved a bunch of memory.
    The new system exposed some places where we were not setting JSTextPositions properly. This
    patch fixes that and adds some asserts that the expression info is initialized. We also now
    return early rather than emit bad expression info if not all parts are initialized in production.
    This means users will see the wrong expression in their stack trace but we won't crash.

    * JSTests/stress/destructuring-class-in-constructor-exception.js: Added.
    (try.C0):
    * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
    (JSC::BytecodeGenerator::emitExpressionInfo):
    * Source/JavaScriptCore/parser/ASTBuilder.h:
    (JSC::ASTBuilder::finishObjectPattern):
    (JSC::ASTBuilder::setExceptionLocation):
    * Source/JavaScriptCore/parser/Parser.cpp:
    (JSC::Parser<LexerType>::parseDestructuringPattern):
    (JSC::Parser<LexerType>::parseForStatement):
    * Source/JavaScriptCore/parser/ParserTokens.h:
    (JSC::JSTextPosition::operator bool const):
    * Source/JavaScriptCore/parser/SyntaxChecker.h:
    (JSC::SyntaxChecker::operatorStackPop):

    Canonical link: https://commits.webkit.org/274213@main

Identifier: 272448.552 at safari-7618-branch


  Commit: 2411ed1b7a2e65b9b90782a9d8139313c7dbfb7c
      https://github.com/WebKit/WebKit/commit/2411ed1b7a2e65b9b90782a9d8139313c7dbfb7c
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

  Log Message:
  -----------
  Cherry-pick 6e9bfa7a9bb1. rdar://122118903

    [Catalyst] AX server not started in the WebContent process
    https://bugs.webkit.org/show_bug.cgi?id=268887
    rdar://122118903

    Reviewed by Chris Dumez.

    The code to eagerly start the AX server in the WebContent process was only enabled for iOS. We should also enable it on Catalyst.

    * Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
    (WebKit::webProcessAccessibilityBundlePath):
    (WebKit::registerWithAccessibility):

    Canonical link: https://commits.webkit.org/274214@main

Identifier: 272448.553 at safari-7618-branch


  Commit: 6ef640ff06f8225799622c4b682279efcd8a1dcf
      https://github.com/WebKit/WebKit/commit/6ef640ff06f8225799622c4b682279efcd8a1dcf
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

  Log Message:
  -----------
  Cherry-pick 6e1c1a40d348. rdar://122433291

    REGRESSION (272869 at main): Actions for QR codes sometimes fail to show up when long pressing
    https://bugs.webkit.org/show_bug.cgi?id=268889
    rdar://122433291

    Reviewed by Megan Gardner.

    Fix several issues in the dynamically-inserted image analysis menu item codepath below, following
    the changes in 272869 at main; importantly, this allows long-pressing ESIM and EID QR codes to show
    "Add eSIM" menu items by default in WebKit apps, such as Mail. See below for more details:

    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView _insertDynamicImageAnalysisContextMenuItemsIfPossible]):

    1.  Stop looking for the "Look Up" placeholder item. Prior to 272869 at main, this hidden item was
        immediately inserted into the menu if image analysis results were not available upon long press,
        and only replaced with the final image analysis menu items in the case where the client didn't
        explicitly remove the Look Up item (`_WKElementActionTypeRevealImage`). However, the "Look Up"
        item may now be added immediately (in disabled state), which replaces the placeholder item and
        causes us to return early from `-_insertDynamicImageAnalysisContextMenuItemsIfPossible` due to
        not having a placeholder to replace, even if there are MRC menu items that need to be added.

        Fix this by changing the `indexOfPlaceholderItem` to a single boolean flag, always inserting the
        dynamic items at the end of the menu, and leave out the check for the `.hidden` menu item
        attribute, so that we'll only withhold the MRC items in the case where the client explicitly
        removed the "Look Up" item (which matches existing behavior).

    2.  In a similar vein, it no longer makes sense to key the enablement of "Look Up" / "Copy Subject"
        off of whether or not the placeholder item exists, since the disabled menu item is already
        present; as such, we should remove this early return entirely and always enable these disabled
        items if necessary.

    3.  Lastly, only attempt to dynamically add the "Show Text" action in the case where "Show Text"
        wasn't already in the menu, to prevent the "Show Text" action from unnecessarily moving within
        the menu in the case where OCR finishes quickly for an image with results.

    Canonical link: https://commits.webkit.org/274222@main

Identifier: 272448.554 at safari-7618-branch


  Commit: 22199d43982142b9fe190f435fa2f9b7fdf31811
      https://github.com/WebKit/WebKit/commit/22199d43982142b9fe190f435fa2f9b7fdf31811
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/Launcher/ProcessLauncher.h
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/ios/WKContentView.mm

  Log Message:
  -----------
  Cherry-pick a869bc041430. rdar://122517471

    Remove runtime check for using extensions when USE(EXTENSIONKIT) is true
    https://bugs.webkit.org/show_bug.cgi?id=268944

    Reviewed by Per Arne Vollan.

    The runtime check is no longer needed.
    This also fixes some issues when you use a WKWebsiteDataStore and the network process
    before a WKProcessPool has been allocated.

    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
    (WebKit::AuxiliaryProcessProxy::setManageProcessesAsExtensions): Deleted.
    (WebKit::AuxiliaryProcessProxy::manageProcessesAsExtensions): Deleted.
    * Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
    (WebKit::AuxiliaryProcessProxy::platformGetLaunchOptions):
    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::updateMediaCapability):
    * Source/WebKit/UIProcess/WebProcessPool.cpp:
    * Source/WebKit/UIProcess/ios/WKContentView.mm:
    (-[WKContentView _setupVisibilityPropagationForWebProcess]):
    (-[WKContentView _setupVisibilityPropagationForGPUProcess]):
    (-[WKContentView _createVisibilityPropagationView]):

    Canonical link: https://commits.webkit.org/274267@main

Identifier: 272448.555 at safari-7618-branch


  Commit: ac2f6e58725327f2d4c3c51aa7d239904ac638df
      https://github.com/WebKit/WebKit/commit/ac2f6e58725327f2d4c3c51aa7d239904ac638df
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M LayoutTests/accessibility-isolated-tree/TestExpectations
    A LayoutTests/accessibility/menuitem-is-selected-expected.txt
    A LayoutTests/accessibility/menuitem-is-selected.html
    M LayoutTests/platform/glib/TestExpectations
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
    M Source/WebCore/accessibility/AccessibilityObject.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp

  Log Message:
  -----------
  Cherry-pick 0772b524c5cf. rdar://121945437

    Cherry-pick 870d68c08769. rdar://121945437

        AX: Missing nullptr check for parentObjectUnignored in AccessibilityObject::isSelected()
        https://bugs.webkit.org/show_bug.cgi?id=268509
        rdar://121945437

        Reviewed by Chris Fleizach and Andres Gonzalez.

        parentObjectUnignored() can return nullptr, we need to check it before deferencing to avoid a crash.

        * LayoutTests/accessibility-isolated-tree/TestExpectations:
        Skip new test, as it exposes a bug that affects ITM.
        * LayoutTests/accessibility/menuitem-is-selected-crash-expected.txt: Added.
        * LayoutTests/accessibility/menuitem-is-selected-crash.html: Added.
        * LayoutTests/platform/glib/TestExpectations: Skip new test.
        * Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::computeAccessibilityIsIgnored const):
        * Source/WebCore/accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isSelected const):
        * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
        (WebCore::AXIsolatedTree::processQueuedNodeUpdates):
        Drive-by fix to remove unnecessary HashMap::contains check, HashMap::ensure inherently does this
        so the contains check was wasted work.

        Canonical link: https://commits.webkit.org/273971@main

    Canonical link: https://commits.webkit.org/272448.522@safari-7618.1.15-branch

Identifier: 272448.556 at safari-7618-branch


  Commit: e8e5988a12734f6e3d956b16f2a3e774607135cf
      https://github.com/WebKit/WebKit/commit/e8e5988a12734f6e3d956b16f2a3e774607135cf
  Author: Simon Fraser <simon.fraser at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover.html
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/RenderLayerCompositor.cpp
    M Source/WebCore/rendering/RenderLayerCompositor.h

  Log Message:
  -----------
  Cherry-pick 1021d66fe7c3. rdar://121960496

    Crash under RenderLayer::calculateClipRects() when going into fullscreen
    https://bugs.webkit.org/show_bug.cgi?id=268891
    rdar://121960496

    Reviewed by Alan Baradlay.

    A combination of top layer and compositing backing sharing can cause a null de-ref when entering fullscreen,
    or using modal dialogs or popovers.

    The issue occurs when the renderer going into top layer participates in a backing sharing sequence, in the
    `RenderLayer::paintsIntoProvidedBacking()` sense. What happens in that case is that after the top layer
    configuration is changed we do a layout, after which `RenderLayerBacking::updateAfterLayout()` calls
    `RenderLayerBacking::updateCompositedBounds()` (this seems like an odd thing to do, because we're going
    to do a compositing update anyway, but a comment explains why we do it). This call requires that we compute
    clip rects, which calls `RenderLayer::canUseOffsetFromAncestor()`, which gets confused because the ancestor
    layer is no longer an ancestor.

    The fix is to clear any relevant backing sharing sequences when going into top layer, where "relevant" means
    backing sharing sequences in the stacking context of the layer that's going into top layer. We do that
    by calling into RenderLayerCompositor from `RenderLayer::establishesTopLayerWillChange()`. Normally traversing
    layers in a stacking context would walk the z-order lists, and this works for popover and dialog, but fullscreen
    triggers a style update before this code runs, which clears the z-order lists. So this stacking context
    traversal is written in terms of the RenderLayer tree (like `collectLayers()`).

    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover.html: Added.
    * Source/WebCore/rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::establishesTopLayerWillChange):
    (WebCore::RenderLayer::calculateClipRects const):
    (WebCore::outputPaintOrderTreeLegend):
    (WebCore::outputPaintOrderTreeRecursive):
    * Source/WebCore/rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::establishesTopLayerWillChangeForLayer):
    (WebCore::clearBackingSharingWithinStackingContext):
    (WebCore::RenderLayerCompositor::clearBackingProviderSequencesInStackingContextOfLayer):
    * Source/WebCore/rendering/RenderLayerCompositor.h:

    Canonical link: https://commits.webkit.org/274290@main

Identifier: 272448.557 at safari-7618-branch


  Commit: b649c93c5ca19154ec016954f153d97c7d3d9da6
      https://github.com/WebKit/WebKit/commit/b649c93c5ca19154ec016954f153d97c7d3d9da6
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp
    M Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.h
    M Source/WebCore/Modules/webxr/WebXRWebGLLayer.h
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/CanvasBase.h
    M Source/WebCore/html/CanvasObserver.h
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/html/HTMLCanvasElement.h
    M Source/WebCore/html/OffscreenCanvas.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext.h
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h
    M Source/WebCore/html/canvas/GPUBasedCanvasRenderingContext.cpp
    M Source/WebCore/html/canvas/GPUBasedCanvasRenderingContext.h
    M Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm
    M Source/WebCore/html/canvas/ImageBitmapRenderingContext.cpp
    M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
    M Source/WebCore/inspector/agents/InspectorCanvasAgent.cpp
    M Source/WebCore/inspector/agents/InspectorCanvasAgent.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/platform/graphics/ImageBuffer.cpp
    M Source/WebCore/platform/graphics/ImageBuffer.h
    M Source/WebCore/rendering/style/StyleCanvasImage.cpp
    M Source/WebCore/rendering/style/StyleCanvasImage.h

  Log Message:
  -----------
  Cherry-pick 74f8798eb990. rdar://117708049

    Cherry-pick da9744107a30. rdar://117708049

        Draws to unused 2D contexts may consume excessive amount of memory on Cocoa
        https://bugs.webkit.org/show_bug.cgi?id=268608
        rdar://117708049

        Reviewed by Simon Fraser.

        Accelerated CG applies a drawn operation only once a specific draw
        operation limit is hit, if the result is needed as a source to other
        draw or on explicit flush. If the operations are not implicitly or
        explicitly flushed, the draws are retained in the draw queue.

        This causes memory leaks in cases where modifiable surfaces are used as
        sources for draws and and then subsequently the the surfaces are
        modified. The modifications force copy-on-write for the surfaces that
        have pending references in other draw queues.

        This can be triggered by drawing a canvas A to a 2D context B
        and then never using the result, subsequently modifying A.

        Fix by adding a list of flushed CanvasRenderingContexts to Document.
        Any 2D context modified during any JS callstack will be put to the
        flush list.

        Flush the contexts during rendering update, PrepareCanvases phase.
        Rename the rendering update PrepareCanvasesForDisplay phase
        PrepareCanvases phase, and do both.

        PrepareCanvases phase of Document now does two things:
          - flushes deferred operations
          - prepares for display

        Currently only Document manages the canvas preparation.
        This works for OffscreenCanvas and HTMLCanvasElement in Web main run
        loop.

        WorkerGlobalContext is not implemented in this patch.
        In future, PrepareCanvases phase of WorkerGlobalContext will do
        the flush operations, but not the prepares for display. OffscreenCanvas
        does not have the prepare for display, as it's not displaying.

        * Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged):
        * Source/WebCore/dom/Document.cpp:
        (WebCore::Document::prepareCanvasesIfNeeded):
        (WebCore::Document::updateCanvasPreparationForDisplayOrFlush):
        (WebCore::Document::removeCanvasPreparationForDisplayOrFlush):
        (WebCore::Document::prepareCanvasesForDisplayIfNeeded): Deleted.
        (WebCore::Document::clearCanvasPreparation): Deleted.
        (WebCore::Document::canvasChanged): Deleted.
        (WebCore::Document::canvasDestroyed): Deleted.
        * Source/WebCore/dom/Document.h:

        Remove Document CanvasObserver interface. The interface was making
        the actual logic harder than needed and did not abstract anything, as
        the clearCanvasPreparation was a non-interface method anyway.

        The object which does the prepare (Document, WorkerGlobalContext), is
        always statically known at call site. Thus the call site does not need
        to jump thorough the canvasChanged hoop.

        * Source/WebCore/html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::~HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::createContext2d):
        (WebCore::HTMLCanvasElement::createContextWebGL):
        (WebCore::HTMLCanvasElement::createContextWebGPU):
        (WebCore::HTMLCanvasElement::didDraw):
        (WebCore::HTMLCanvasElement::setSurfaceSize):
        (WebCore::HTMLCanvasElement::createImageBuffer const):
        (WebCore::HTMLCanvasElement::didMoveToNewDocument):
        (WebCore::HTMLCanvasElement::insertedIntoAncestor): Deleted.
        (WebCore::HTMLCanvasElement::removedFromAncestor): Deleted.

        Remove redundant insertedIntoAncestor, removedFromAncestor handlers.
        These are called when the element is still in the same document, but
        detached from the tree. This does not cause any changes to the
        prepare list, as canvases need to be prepared regardless whether
        they're attached or detached.

        WebGL still will not prepareForDisplay if it's not in tree, unless
        it has been captured by media stream.

        * Source/WebCore/html/HTMLCanvasElement.h:
        * Source/WebCore/html/OffscreenCanvas.cpp:
        (WebCore::OffscreenCanvas::~OffscreenCanvas):
        (WebCore::OffscreenCanvas::didDraw):
        (WebCore::OffscreenCanvas::updateCanvasPreparation):
        (WebCore::OffscreenCanvas::removeCanvasPreparation):
        * Source/WebCore/html/OffscreenCanvas.h:
        * Source/WebCore/html/canvas/CanvasRenderingContext.h:
        (WebCore::CanvasRenderingContext::hasDeferredOperations const):
        (WebCore::CanvasRenderingContext::flushDeferredOperations):
        * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
        (WebCore::CanvasRenderingContext2DBase::hasDeferredOperations const):
        (WebCore::CanvasRenderingContext2DBase::flushDeferredOperations):
        (WebCore::CanvasRenderingContext2DBase::didDraw):
        (WebCore::CanvasRenderingContext2DBase::needsPreparationForDisplay const):
        * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h:
        * Source/WebCore/page/Page.cpp:
        (WebCore::Page::doAfterUpdateRendering):
        (WebCore::operator<<):
        * Source/WebCore/page/Page.h:
        * Source/WebCore/platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::flushDrawingContextAsync):
        * Source/WebCore/platform/graphics/ImageBuffer.h:
        (WebCore::ImageBuffer::prefersPreparationForDisplay): Deleted.

        Remove unused ImageBuffer::prefersPreparationForDisplay.

        Canonical link: https://commits.webkit.org/274164@main

    Identifier: 272448.532 at safari-7618.1.15.10-branch

Identifier: 272448.558 at safari-7618-branch


  Commit: bc12a4064007dff2d8cb38d7c22bda8802d6131f
      https://github.com/WebKit/WebKit/commit/bc12a4064007dff2d8cb38d7c22bda8802d6131f
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm

  Log Message:
  -----------
  Cherry-pick 18019ceed4fb. rdar://122471664

    Canvas captureStream produces stuttering with WebGL
    https://bugs.webkit.org/show_bug.cgi?id=268613
    rdar://122619662

    Reviewed by Youenn Fablet.

    GraphicsContextGLCocoa::surfaceBufferToVideoFrame() will access the
    display buffer IOSurface. The display buffer drawing must be scheduled
    to Metal before this happens.

    EGL_ReleaseTexImage() in bindNextDrawingBuffer used to ensure this, due
    to ReleaseTexImage being specified as inducing a flush.

    ANGLE changed flush semantics so that it does not wait until the
    commands are scheduled. Thus long running WebGL could be left
    unscheduled at the display buffer read for MSE capture track.

    Fix by ensuring the display buffer commands are scheduled during
    prepare, as is the intention.

    * Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm:
    (WebCore::GraphicsContextGLCocoa::prepareForDisplayWithFinishedSignal):

    Canonical link: https://commits.webkit.org/274454@main

Identifier: 272448.559 at safari-7618-branch


  Commit: 36df2fc04fb9242cf3bdb0af72ac299abb620d45
      https://github.com/WebKit/WebKit/commit/36df2fc04fb9242cf3bdb0af72ac299abb620d45
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M LayoutTests/css3/filters/filter-visited-links-expected.html
    M LayoutTests/css3/filters/filter-visited-links.html
    M Source/WebCore/rendering/InlineBoxPainter.cpp

  Log Message:
  -----------
  Prevent SVG filters from leaking the background of visited hyperlinks
https://bugs.webkit.org/show_bug.cgi?id=262337
rdar://116206368

Reviewed by Simon Fraser.

We should prevent websites from learning which sites have been visited via SVG
filters on hyperlinks, per the attack described in https://arxiv.org/abs/2305.12784.

This is a follow up for 266683 at main. The background color of the visited links
should be ignored when an SVG filter is applied.

* LayoutTests/css3/filters/filter-visited-links-expected.html:
* LayoutTests/css3/filters/filter-visited-links.html:
* Source/WebCore/rendering/InlineBoxPainter.cpp:
(WebCore::InlineBoxPainter::paintDecorations):

Canonical link: https://commits.webkit.org/272448.560@safari-7618-branch


  Commit: e145922285951c3612edc5e368309f3f24798fa6
      https://github.com/WebKit/WebKit/commit/e145922285951c3612edc5e368309f3f24798fa6
  Author: Scott Marcy <mscott at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A LayoutTests/fast/svg/mutual-recursion-test-expected.txt
    A LayoutTests/fast/svg/mutual-recursion-test.html
    M Source/WebCore/rendering/svg/SVGResources.cpp
    M Source/WebCore/rendering/svg/SVGResources.h

  Log Message:
  -----------
  Break a mutual recursion cycle laying out SVG elements.
https://bugs.webkit.org/show_bug.cgi?id=268556
rdar://118510445

Reviewed by shallawa (Said Abou-Hallawa).

Breaks the recursion cycle by having the SVGResource object track if it is already doing layout for a different root.

* LayoutTests/fast/svg/mutual-recursion-test-expected.txt: Added.
* LayoutTests/fast/svg/mutual-recursion-test.html: Added.
* Source/WebCore/rendering/svg/SVGResources.cpp:
(WebCore::SVGResources::layoutDifferentRootIfNeeded):
* Source/WebCore/rendering/svg/SVGResources.h:

Canonical link: https://commits.webkit.org/272448.561@safari-7618-branch


  Commit: 3a3868e848211700b12bea9d0ed653ab5e5e115b
      https://github.com/WebKit/WebKit/commit/3a3868e848211700b12bea9d0ed653ab5e5e115b
  Author: Claudio Saavedra <csaavedra at igalia.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/html/HTMLPlugInImageElement.cpp

  Log Message:
  -----------
  Cherry-pick 272448.2 at webkit-2023.1-embargoed (20ec584d409c). rdar://118194384

    HTMLPlugInImageElement: ensure element is connected to the DOM before requesting a load
    https://bugs.webkit.org/show_bug.cgi?id=264626

    Reviewed by Ryosuke Niwa.

    When an object load is requested and this is queued in the event loop,
    the lambda needs to make sure that, by the time it runs, the element
    is still connected to the DOM, as object elements shouldn't be
    loaded if they are not connected, and there is no guarantee
    that in between it doesn't get removed from the tree.

    * Source/WebCore/html/HTMLPlugInImageElement.cpp:
    (WebCore::HTMLPlugInImageElement::requestObject):

    Canonical link: https://commits.webkit.org/272448.2@webkit-2023.1-embargoed

Canonical link: https://commits.webkit.org/272448.562@safari-7618-branch


  Commit: 630351ee51ab8f112ce122396d0125bdcac398dd
      https://github.com/WebKit/WebKit/commit/630351ee51ab8f112ce122396d0125bdcac398dd
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

  Log Message:
  -----------
  [JSC] presenceConditionIfConsistent should check knownBase's structure is in the structure set
https://bugs.webkit.org/show_bug.cgi?id=269220
rdar://122171551

Reviewed by Yusuke Suzuki.

This patch rewrites ByteCodeParser::presenceConditionIfConsistent. Now it just checks that the presence condition
we're trying to create is possible for the knownBase. Additionally, we have to check that the knownBase's structure
was executed at least once before. This allows us to know if GetOwnPropertySlot ran successfully at least once for
this structure.

* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::presenceConditionIfConsistent):

Canonical link: https://commits.webkit.org/272448.563@safari-7618-branch


  Commit: 9d0f58fd82aadf56f68e75db75dbae74af435f45
      https://github.com/WebKit/WebKit/commit/9d0f58fd82aadf56f68e75db75dbae74af435f45
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h
    M Tools/TestRunnerShared/spi/UIKitSPIForTesting.h

  Log Message:
  -----------
  Cherry-pick 274034 at main (3a3309b6c196). rdar://122878935

    Unreviewed, fix the internal iOS build after 274016 at main

    Avoid redeclarations by only declaring BrowserEngineKit SPI methods and properties when using the
    non-internal SDK.

    * Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h:
    * Tools/TestRunnerShared/spi/UIKitSPIForTesting.h:

    Canonical link: https://commits.webkit.org/274034@main

Canonical link: https://commits.webkit.org/272448.564@safari-7618-branch


  Commit: 8547ba181fbb7face02938478578e87910015bb0
      https://github.com/WebKit/WebKit/commit/8547ba181fbb7face02938478578e87910015bb0
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/thread_task.c

  Log Message:
  -----------
  OSV-2022-674: dav1d: use of uninitialized value in cdef_filter_block_c
https://bugs.webkit.org/show_bug.cgi?id=269405
<rdar://122849398>

Reviewed by Youenn Fablet.

Merge dav1d upstream commit a3a55b18494f5dd1e34f289298f78ffa4f32a25d.

* Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/thread_task.c:
(create_filter_sbrow):

Canonical link: https://commits.webkit.org/272448.565@safari-7618-branch


  Commit: 1bd91e17cd5bde8acca5d6e0685e03932212114b
      https://github.com/WebKit/WebKit/commit/1bd91e17cd5bde8acca5d6e0685e03932212114b
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/AccessibilityListBoxOption.cpp

  Log Message:
  -----------
  AX: AccessibilityListBoxOption::elementRect() should use dynamicDowncast instead of downcast
rdar://122892805

Reviewed by Chris Fleizach.

Failing to do so can cause a crash. Also improve smart pointer usage in
this function, and eliminate instances of doing work that never gets
used depending on branches taken.

* Source/WebCore/accessibility/AccessibilityListBoxOption.cpp:
(WebCore::AccessibilityListBoxOption::elementRect const):

Canonical link: https://commits.webkit.org/272448.566@safari-7618-branch


  Commit: d915a3b6357c1f536ba56a987d6bc99031370369
      https://github.com/WebKit/WebKit/commit/d915a3b6357c1f536ba56a987d6bc99031370369
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/security/contentSecurityPolicy/nonce-hiding-on-svg-script-expected.txt
    A LayoutTests/http/tests/security/contentSecurityPolicy/nonce-hiding-on-svg-script.py
    M Source/WebCore/dom/ScriptElement.cpp
    M Source/WebCore/svg/SVGElement.cpp

  Log Message:
  -----------
  nonce hiding in SVG is buggy
https://bugs.webkit.org/show_bug.cgi?id=268598

Reviewed by Chris Dumez.

The bug was caused by SVGElement::insertedIntoAncestor hiding nonce after it had an early exit for returning
InsertedIntoAncestorResult::NeedsPostInsertionCallback. Fixed the bug by hiding it before this early exit.

* LayoutTests/http/tests/security/contentSecurityPolicy/nonce-hiding-on-svg-script-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/nonce-hiding-on-svg-script.py: Added.
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::didFinishInsertingNode):
* Source/WebCore/svg/SVGElement.cpp:
(WebCore::SVGElement::insertedIntoAncestor):

Canonical link: https://commits.webkit.org/272448.567@safari-7618-branch


  Commit: 64ce4a00c2610bd0942899d1c4066c1cde82be85
      https://github.com/WebKit/WebKit/commit/64ce4a00c2610bd0942899d1c4066c1cde82be85
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py

  Log Message:
  -----------
  Cherry-pick 273569 at main (a4de8ff7f69d). rdar://121379784

    [git-webkit revert] Update pr arguments and usability
    https://bugs.webkit.org/show_bug.cgi?id=267955
    rdar://121379784

    Reviewed by Jonathan Bedard.

    Set automatic PR creation to 'true' in git-webkit revert. Added additional logging and clearer prompts.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.parser): Added --pr and --no-pr options.
    (Revert.get_issue_info):
    (Revert.main):
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py:
    (TestRevert.test_github):
    (TestRevert.test_github_two_step):
    (TestRevert.test_args):
    (test_update):
    (test_pr):

    Canonical link: https://commits.webkit.org/273569@main

Canonical link: https://commits.webkit.org/272448.568@safari-7618-branch


  Commit: e076b56ed9cf4882c896db10ba7d3f63c608c665
      https://github.com/WebKit/WebKit/commit/e076b56ed9cf4882c896db10ba7d3f63c608c665
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 273600 at main (fbca8fd9a3e2). rdar://121674742

    [git-webkit revert] Setting issue as a radar duplicates the radar in commit message
    https://bugs.webkit.org/show_bug.cgi?id=268173
    rdar://problem/121674742

    Reviewed by Jonathan Bedard.

    Changes how radars and automatic commenting are handled by git-webkit revert.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.get_issue_info): Moved automatic bug comments to Revert.revert_commit.
    (Revert.create_revert_commit_msg): Added search for bugs referenced by a radar.
    If an issue is redacted, prompt for a reason.
    (Revert.revert_commit): Automatic bug comments are added only after a successful revert.
    (Revert.main):

    Canonical link: https://commits.webkit.org/273600@main

Canonical link: https://commits.webkit.org/272448.569@safari-7618-branch


  Commit: bc651bdae0560532eb8727f5e6980f1fa407b6b0
      https://github.com/WebKit/WebKit/commit/bc651bdae0560532eb8727f5e6980f1fa407b6b0
  Author: Zhifei Fang <zhifei_fang at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html

  Log Message:
  -----------
  Cherry-pick 273877 at main (0d37807b0e51). https://bugs.webkit.org/show_bug.cgi?id=268413

    Fix click x removed wrong url parameters

    https://bugs.webkit.org/show_bug.cgi?id=268413
    Reviewed by Jonathan Bedard.

    * Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html:

    Canonical link: https://commits.webkit.org/273877@main

Canonical link: https://commits.webkit.org/272448.570@safari-7618-branch


  Commit: a6f3190a2e2a0014d7f062e210a54f996dd96ceb
      https://github.com/WebKit/WebKit/commit/a6f3190a2e2a0014d7f062e210a54f996dd96ceb
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py

  Log Message:
  -----------
  Cherry-pick 274181 at main (17c1a8df8840). rdar://122335573

    [webkitbugspy] Redaction message should include related issue
    https://bugs.webkit.org/show_bug.cgi?id=268776
    rdar://problem/122335573

    Reviewed by Jonathan Bedard.

    Includes the related link in logging whenever an issue is redacted because of a related issue.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py:
    (Issue.redacted):
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py:
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:

    Canonical link: https://commits.webkit.org/274181@main

Canonical link: https://commits.webkit.org/272448.571@safari-7618-branch


  Commit: 9286403f3c7420c0476ea5ed6ed81f97b2548ae1
      https://github.com/WebKit/WebKit/commit/9286403f3c7420c0476ea5ed6ed81f97b2548ae1
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 274244 at main (e3b31c224d9a). rdar://121674742

    [git-webkit revert] Setting issue as a radar duplicates the radar in commit message (Follow-up)
    https://bugs.webkit.org/show_bug.cgi?id=268173
    rdar://problem/121674742

    Unreviewed follow-up fix.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.create_revert_commit_msg): Changed revert_issue.title to revert_reason.

    Canonical link: https://commits.webkit.org/274244@main

Canonical link: https://commits.webkit.org/272448.572@safari-7618-branch


  Commit: 49d0bdf4d8e2b506c28d39c29856831868124901
      https://github.com/WebKit/WebKit/commit/49d0bdf4d8e2b506c28d39c29856831868124901
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/trace_unittest.py

  Log Message:
  -----------
  Cherry-pick 274747 at main (273218f4e46a). rdar://121400016

    [git-webkit] Prefer hash over identifier in relationships
    https://bugs.webkit.org/show_bug.cgi?id=267889
    rdar://121400016

    Reviewed by Dewei Zhu.

    Users can create identifiers from branches which aren't linear, so it's possible
    that a branch identifier refers more than one commit in the history of the repository.
    Since hashes are more stable, if a relationship uses both, prefer the hash.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/trace.py:
    (Relationship.parse): Prefer hash commit reference when parsing relationships, even if the hash
    reference is the secondary reference.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/trace_unittest.py:
    (TestRelationship.test_cherry_pick):
    (TestRelationship.test_revert):
    (TestRelationship.test_follow_up):
    (TestRelationship.test_double_revert):

    Canonical link: https://commits.webkit.org/274747@main

Canonical link: https://commits.webkit.org/272448.573@safari-7618-branch


  Commit: ea4b0a78804345ce217efed7c3dc3075f90af17b
      https://github.com/WebKit/WebKit/commit/ea4b0a78804345ce217efed7c3dc3075f90af17b
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/commit.py

  Log Message:
  -----------
  Cherry-pick 274756 at main (68b27b7bcabb). rdar://122151119

    [git-webkit] Error message for git webkit commit for non existing issues could be improved.
    rdar://122151119
    https://bugs.webkit.org/show_bug.cgi?id=268134

    Reviewed by Jonathan Bedard.

    Added reason for failure and cleaned up error.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
    (Tracker.populate): If the bug does not exist, populate returns None and prints an error message. This should help future error handling as well.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/commit.py:
    (Commit.main):

    Canonical link: https://commits.webkit.org/274756@main

Canonical link: https://commits.webkit.org/272448.574@safari-7618-branch


  Commit: 9378b40297df774e4f231142b57d421b34fb6a60
      https://github.com/WebKit/WebKit/commit/9378b40297df774e4f231142b57d421b34fb6a60
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_hooks.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/install_hooks_unittest.py

  Log Message:
  -----------
  Cherry-pick 274872 at main (afa81e7deccf). rdar://123106227

    [pre-push] Make version regex more permissive
    https://bugs.webkit.org/show_bug.cgi?id=269599
    rdar://123106227

    Reviewed by Dewei Zhu.

    There exist versions of the pre-push hook which relies on linters to format
    Python code slightly different than WebKit's current style. Our version regex
    should be permissive enough to read such files.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_hooks.py:
    (InstallHooks): Make version regex more permissive.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/install_hooks_unittest.py:
    (TestInstallHooks.test_version_re):

    Canonical link: https://commits.webkit.org/274872@main

Canonical link: https://commits.webkit.org/272448.575@safari-7618-branch


  Commit: 8beb048f690501d53d4385d6b56fb4b0cdbf48f8
      https://github.com/WebKit/WebKit/commit/8beb048f690501d53d4385d6b56fb4b0cdbf48f8
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 274885 at main (0f11d38af6c8). rdar://122490424

    [git-webkit revert] Should error when radar is not found instead of creating bug with radar title
    https://bugs.webkit.org/show_bug.cgi?id=268934
    rdar://problem/122490424

    Reviewed by Jonathan Bedard.

    Returns an error when an issue is not found when a link is passed in.
    Previous behaviour meant that the link would be used as a title to construct a new bug.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert):
    (Revert.get_issue_info): Adds check so that radar and bugzilla links are not used as titles.
    (Revert.create_revert_commit_msg): Consolidates issue logic.

    Canonical link: https://commits.webkit.org/274885@main

Canonical link: https://commits.webkit.org/272448.576@safari-7618-branch


  Commit: fa818f48922a8830f17ed3329c991b521414caab
      https://github.com/WebKit/WebKit/commit/fa818f48922a8830f17ed3329c991b521414caab
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M LayoutTests/TestExpectations

  Log Message:
  -----------
  Cherry-pick 274998 at main (da5d5590aa18). rdar://123265760

    WebAuthn tests crashing because clientDataJSON not populated in AuthenticatorResponseData in tests
    https://bugs.webkit.org/show_bug.cgi?id=269751
    rdar://123265760

    Unreviewed, test gardening.

    * LayoutTests/TestExpectations:
    These tests need some test development to re-enable.

    Canonical link: https://commits.webkit.org/274998@main

Canonical link: https://commits.webkit.org/272448.577@safari-7618-branch


  Commit: 459d377c63c2b72f26c0db219adf19ccc92c2fc1
      https://github.com/WebKit/WebKit/commit/459d377c63c2b72f26c0db219adf19ccc92c2fc1
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Source/WebCore/workers/WorkerOrWorkletThread.cpp

  Log Message:
  -----------
  Flaky crash under WorkerDedicatedRunLoop::runCleanupTasks() during fuzzing
https://bugs.webkit.org/show_bug.cgi?id=269731
rdar://121961101

Reviewed by Brent Fulgham.

I haven't been able to reproduce but based on the ASAN report, it looks
like the WorkerOrWorkletGlobalScope is getting destroyed in the middle
of WorkerDedicatedRunLoop::runCleanupTasks(), causing a use-after free
of the context.

To make sure this can't happen, apply our smart pointer adoption rules
and make sure the WorkerOrWorkletGlobalScope is being protected on the
stack at the call site of WorkerDedicatedRunLoop::run() before passing
it in argument.

* Source/WebCore/workers/WorkerOrWorkletThread.cpp:
(WebCore::WorkerOrWorkletThread::runEventLoop):

Canonical link: https://commits.webkit.org/272448.578@safari-7618-branch


  Commit: be0e10372eb52dd932444ca9bccd226aa0fc34b8
      https://github.com/WebKit/WebKit/commit/be0e10372eb52dd932444ca9bccd226aa0fc34b8
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    M Source/WebCore/loader/EmptyClients.cpp
    M Source/WebCore/page/EditorClient.h
    M Source/WebCore/page/LocalFrame.cpp
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.messages.in
    M Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.h

  Log Message:
  -----------
  Compromised web process can grant pasteboard access by spamming WebPage::RequestDOMPasteAccess
https://bugs.webkit.org/show_bug.cgi?id=269769
rdar://97343267

Reviewed by Ryosuke Niwa and Richard Robinson.

It's currently possible for a compromised web process to send arbitrary `originIdentifiers` through
`requestDOMPasteAccess` to the UI process during programmatic paste. Since the UI process
automatically grants programmatic pasteboard access in the case where the incoming origin ID matches
the origin ID of the current pasteboard content, it's possible to send a large number of origins
through this IPC endpoint, with the end goal of discovering both (1) which website origin the user
last copied from, and (2) the contents of the pasteboard in the case where the pasteboard copied
from web content in WebKit.

To mitigate this attack vector, we add a `FrameIdentifier` in the IPC endpoint, which is used in the
UI process to verify that:

1.  The incoming frame ID corresponds to a frame underneath the destination page.
2.  The pasteboard origin matches the origin of the frame, unless the pasteboard origin is an opaque
    (null) origin.

Additionally, we throttle pasteboard access requests to a maximum of 10 different domains every 5
seconds, to mitigate another variation on this attack vector where the compromised web process loads
a large number of cross-origin frames and requests pasteboard access on behalf of those origins, in
an attempt to get around the limitations above.

With this change, a compromised web process is only capable of grabbing data for a pasteboard origin
that matches itself, or another origin under the same `WebPage`.

* Source/WebCore/loader/EmptyClients.cpp:
* Source/WebCore/page/EditorClient.h:
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::requestDOMPasteAccess):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::requestDOMPasteAccess):

Add the new `MESSAGE_CHECK`s.

* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp:
(WebKit::WebEditorClient::requestDOMPasteAccess):
* Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::requestDOMPasteAccess):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.h:

Canonical link: https://commits.webkit.org/272448.579@safari-7618-branch


  Commit: 3dc4ac46465e5d41973cf814213653d32d2c1c41
      https://github.com/WebKit/WebKit/commit/3dc4ac46465e5d41973cf814213653d32d2c1c41
  Author: Erica Li <lerica at apple.com>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    A LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change-expected.txt
    A LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change.html
    M Source/WebCore/editing/SplitTextNodeContainingElementCommand.cpp

  Log Message:
  -----------
  ASAN_TRAP | WebCore::RenderObject::~RenderObject; WebCore::RenderInline::~RenderInline.
https://bugs.webkit.org/show_bug.cgi?id=269667
rdar://122491721

Reviewed by Ryosuke Niwa and Chris Dumez.

Reduce the scope of CheckedPtr renderer in `SplitTextNodeContainingElementCommand::doApply`,
as following `splitElement` could destruct renderer.

* LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change-expected.txt: Added.
* LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change.html: Added.
* Source/WebCore/editing/SplitTextNodeContainingElementCommand.cpp:
(WebCore::SplitTextNodeContainingElementCommand::doApply):

Canonical link: https://commits.webkit.org/272448.580@safari-7618-branch


  Commit: 77fcf93e91b03b5cda1c532d5d765088c7311e7e
      https://github.com/WebKit/WebKit/commit/77fcf93e91b03b5cda1c532d5d765088c7311e7e
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cocoa/QuartzCoreSPI.h
    A Source/WebKit/Platform/cocoa/CAFrameRateRangeUtilities.h
    M Source/WebKit/UIProcess/ios/WKKeyboardScrollingAnimator.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm

  Log Message:
  -----------
  Cherry-pick 0eec24ac3eff. rdar://122992668

    [iOS] run keyboard scrolling animations at a higher frame rate when possible
    https://bugs.webkit.org/show_bug.cgi?id=268850
    rdar://122323815

    Reviewed by Simon Fraser.

    In 273122 at main we opted into higher frame rate animations when performed by Core Animation on
    qualifying hardware. We now do the same with scrolling animations resulting from interacting
    with the keyboard (such as pressing the space bar) by setting similar properties on the
    `CADisplayLink` created by `WKKeyboardScrollingAnimator`. Because we now have two different
    places where we opt into a higher frame rate, we distinguish between the two cases by using
    a different `CAHighFrameRateReason` value.

    * Source/WebCore/PAL/pal/spi/cocoa/QuartzCoreSPI.h:
    * Source/WebKit/Platform/cocoa/CAFrameRateRangeUtilities.h: Added.
    (WebKit::highFrameRateRange):
    * Source/WebKit/UIProcess/ios/WKKeyboardScrollingAnimator.mm:
    (-[WKKeyboardScrollingAnimator startDisplayLinkIfNeeded]):
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm:
    (WebKit::createAnimation):
    (highFrameRateRange): Deleted.

    Canonical link: https://commits.webkit.org/274234@main

Identifier: 272448.581 at safari-7618-branch


  Commit: ff6fbf39d5fe2bdf9421843b25def8638762c794
      https://github.com/WebKit/WebKit/commit/ff6fbf39d5fe2bdf9421843b25def8638762c794
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/nalu_rewriter.cc

  Log Message:
  -----------
  Cherry-pick 875db7cbec49. rdar://122544744

    [Cocoa] WebCodecs H264 decoder is not always reordering frames according presentation time
    https://bugs.webkit.org/show_bug.cgi?id=268987
    rdar://122544744

    Reviewed by Eric Carlson.

    We needed to loop until lower or equal than cpb_cnt_minus1 as per spec.
    Manually tested using https://w3c.github.io/webcodecs/samples/video-decode-display.

    * Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/nalu_rewriter.cc:

    Canonical link: https://commits.webkit.org/274353@main

Identifier: 272448.582 at safari-7618-branch


  Commit: d38f6190532f4bfa9a1875162153868190156aeb
      https://github.com/WebKit/WebKit/commit/d38f6190532f4bfa9a1875162153868190156aeb
  Author: Eric Carlson <eric.carlson at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.h
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.mm
    M Source/WebKit/GPUProcess/GPUProcess.cpp
    M Source/WebKit/GPUProcess/GPUProcess.h
    M Source/WebKit/GPUProcess/GPUProcess.messages.in
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
    M Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp
    M Source/WebKit/UIProcess/UserMediaPermissionRequestProxy.h
    M Source/WebKit/UIProcess/mac/DisplayCaptureSessionManager.h
    M Source/WebKit/UIProcess/mac/DisplayCaptureSessionManager.mm
    M Source/WebKit/UIProcess/mac/UserMediaPermissionRequestProxyMac.h
    M Source/WebKit/UIProcess/mac/UserMediaPermissionRequestProxyMac.mm

  Log Message:
  -----------
  Cherry-pick 80f25d4770c9. rdar://114563662

    [Cocoa] Cancel pending getDisplayMedia prompt when page is reloaded
    https://bugs.webkit.org/show_bug.cgi?id=260795
    rdar://114563662

    Reviewed by Youenn Fablet.

    If the page is reloaded while the system prompt window/screen picker is active, cancel
    the picker instead waiting for the ScreenCaptureKitSharingSessionManager watchdog timer
    to go off and cancel it.

    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.h:
    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.mm:
    (WebCore::ScreenCaptureKitSharingSessionManager::cancelGetDisplayMediaPrompt):
    * Source/WebKit/GPUProcess/GPUProcess.cpp:
    (WebKit::GPUProcess::cancelGetDisplayMediaPrompt):
    * Source/WebKit/GPUProcess/GPUProcess.h:
    * Source/WebKit/GPUProcess/GPUProcess.messages.in:
    * Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
    (WebKit::GPUProcessProxy::cancelGetDisplayMediaPrompt):
    * Source/WebKit/UIProcess/GPU/GPUProcessProxy.h:
    * Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
    (WebKit::UserMediaPermissionRequestManagerProxy::resetAccess):
    * Source/WebKit/UIProcess/UserMediaPermissionRequestProxy.h:
    * Source/WebKit/UIProcess/mac/DisplayCaptureSessionManager.h:
    * Source/WebKit/UIProcess/mac/DisplayCaptureSessionManager.mm:
    (WebKit::DisplayCaptureSessionManager::cancelGetDisplayMediaPrompt):
    * Source/WebKit/UIProcess/mac/UserMediaPermissionRequestProxyMac.h:
    * Source/WebKit/UIProcess/mac/UserMediaPermissionRequestProxyMac.mm:
    (WebKit::UserMediaPermissionRequestProxyMac::invalidate):
    (WebKit::UserMediaPermissionRequestProxyMac::promptForGetDisplayMedia):

    Canonical link: https://commits.webkit.org/274439@main

Identifier: 272448.583 at safari-7618-branch


  Commit: 549b6f6dbe83ff5a555b3c1653b96372e65df5fc
      https://github.com/WebKit/WebKit/commit/549b6f6dbe83ff5a555b3c1653b96372e65df5fc
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/forms/WKDatePickerPopoverController.mm

  Log Message:
  -----------
  Cherry-pick 6579616b4bb7. rdar://121850106

    Maps sometimes crashes in -[NSPopover showRelativeToRect:ofView:preferredEdge:] when presenting a date picker
    https://bugs.webkit.org/show_bug.cgi?id=269513
    rdar://121850106

    Reviewed by Aditya Keerthi.

    The changes in https://commits.webkit.org/272922@main mitigated cases where rotating on iOS caused the date picker to
    lay out incorrectly. In previous iOS releases, this used to cause the date picker to dismiss altogether, so this change
    restored that behavior by adding logic to immediately dismiss the date picker when the size of the popover container is
    changing outside of the scope of presentation or dismissal (i.e. during rotation).

    However, on Catalyst, the `-isBeingPresented` flag is `NO` despite being in the middle of popover presentation, so we
    end up immediately dismissing the popover while it's in the middle of presenting, which causes a crash in AppKit.
    rdar://123039861 tracks the that the flag returns NO during presentation; for now, we'll address this by avoiding this
    codepath altogether on Catalyst, since it's only intended to kick in during device rotation on iOS anyways.

    * Source/WebKit/UIProcess/ios/forms/WKDatePickerPopoverController.mm:

    Canonical link: https://commits.webkit.org/274782@main

Identifier: 272448.584 at safari-7618-branch


  Commit: 1c59d554130ca8cb429bb7f73f78703219d06c01
      https://github.com/WebKit/WebKit/commit/1c59d554130ca8cb429bb7f73f78703219d06c01
  Author: Tim Horton <thorton at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm

  Log Message:
  -----------
  Cherry-pick da1f44819e66. rdar://121400620

    REGRESSION: Google search results are cropped when viewing in the smallest window size
    https://bugs.webkit.org/show_bug.cgi?id=268845
    rdar://121400620

    Reviewed by Aditya Keerthi.

    * Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
    (-[WKWebView _isWindowResizingEnabled]):
    _enhancedWindowingEnabled was recently flipped on (which is correct), but caused
    some unexpected viewport regressions on visionOS. To maintain the status quo,
    override it to NO for the time being.

    Canonical link: https://commits.webkit.org/274173@main

Identifier: 272448.585 at safari-7618-branch


  Commit: 2794f46ffd6de325e4989f5a6ab915e05587d547
      https://github.com/WebKit/WebKit/commit/2794f46ffd6de325e4989f5a6ab915e05587d547
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

  Log Message:
  -----------
  Cherry-pick db96b72c4ad3. rdar://121572842

    [visionOS] Safari can become unresponsive to pinches/gestures after exiting fullscreen
    https://bugs.webkit.org/show_bug.cgi?id=268970
    rdar://121572842

    Reviewed by Wenson Hsieh.

    Hit-test redirection is applied by the system whenever a view controller with
    a custom presentation style, such as WebKit's fullscreen view controller, is
    presented.

    Unlike on iOS, WebKit does not explicitly dismiss the view controller, since
    window hiding is used for the exit transition. In most cases, this is fine,
    since the `UIWindow` will also be deallocated on exit. However, there is no
    guarantee that `UIWindow` deallocation will occur, and its object lifetime
    cannot be relied upon for correctness. In this case, the system will still
    attempt to redirect hit-testing to the presented view controller. Consequently,
    pinches and gestures may get redirected to a hidden view controller, rather
    than the visible Safari window, resulting in unresponsiveness.

    Fix by explicitly dismissing the presented view controller on fullscreen exit.
    In the longer term, hit-test redirection logic should be updated by the system,
    to avoid hidden windows. However, as that is a riskier change, and dismissing
    the fullscreen view controller is good cleanup, that is the immediate solution.

    * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
    (-[WKFullScreenWindowController _performSpatialFullScreenTransition:completionHandler:]):

    Canonical link: https://commits.webkit.org/274309@main

Identifier: 272448.586 at safari-7618-branch


  Commit: f485891b90c6c0169e8b2e309ef94bc529c91b61
      https://github.com/WebKit/WebKit/commit/f485891b90c6c0169e8b2e309ef94bc529c91b61
  Author: Tim Horton <thorton at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebCore/SourcesCocoa.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/platform/graphics/ImageBuffer.h
    M Source/WebCore/platform/graphics/ImageBufferBackend.h
    M Source/WebCore/platform/graphics/cocoa/IOSurface.h
    A Source/WebCore/platform/graphics/re/DynamicContentScalingResourceCache.h
    A Source/WebCore/platform/graphics/re/DynamicContentScalingResourceCache.mm
    M Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingBifurcatedImageBuffer.mm
    M Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingImageBufferBackend.mm
    M Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.h
    M Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.mm

  Log Message:
  -----------
  Cherry-pick 03a60be8929d. rdar://122127093

    REGRESSION (271770 at main): visionOS: Significant regression on MotionMark
    https://bugs.webkit.org/show_bug.cgi?id=269010
    rdar://122127093

    Reviewed by Simon Fraser.

    Before 271770 at main, the dynamic content scaling image buffer was a sidecar, outside
    of the normal flow of the front/back buffer swapping. After that commit, it was moved
    inside the main image buffer, and thus is swapped like the base scale rendering.

    This had one unintended consequence: when we're discarding the back buffer
    (e.g. because it contains an IOSurface that is still in-use and can't be recycled),
    we will now *also* discard the dynamic content scaling image buffer, and, critically,
    its resource cache.

    The whole point of the resource cache is to maintain state between frames, so this is
    wildly counterproductive. Once you get into a state where you are discarding
    back buffers (which comes up frequently under load, like MotionMark), you're also
    losing all resource caching.

    Instead of trying to rearchitect the discarding code to avoid dropping the display
    list image buffer, just maintain the dynamic content scaling resource cache
    in a sidecar on the RemoteLayerBackingStore, like it was before, and pass it
    down to the image buffer.

    A subsequent patch will make a similar change for the remote rendering case.

    * Source/WebCore/SourcesCocoa.txt:
    * Source/WebCore/WebCore.xcodeproj/project.pbxproj:
    * Source/WebCore/platform/graphics/cocoa/IOSurface.h:
    * Source/WebCore/platform/graphics/re/DynamicContentScalingResourceCache.h: Added.
    (WebCore::DynamicContentScalingResourceCache::DynamicContentScalingResourceCache):
    * Source/WebCore/platform/graphics/re/DynamicContentScalingResourceCache.mm: Added.
    (WebCore::DynamicContentScalingResourceCache::create):
    * Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingBifurcatedImageBuffer.mm:
    * Source/WebKit/Shared/RemoteLayerTree/DynamicContentScalingImageBufferBackend.mm:
    * Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.h:
    * Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.mm:
    (WebKit::RemoteLayerWithInProcessRenderingBackingStore::ensureDynamicContentScalingResourceCache):
    (WebKit::RemoteLayerWithInProcessRenderingBackingStore::allocateBuffer):
    (WebKit::RemoteLayerWithInProcessRenderingBackingStore::allocateBuffer const): Deleted.

    * Source/WebCore/platform/graphics/ImageBuffer.h:
    * Source/WebCore/platform/graphics/ImageBufferBackend.h:
    Note that it is not safe in a unified-sources world to forward-declare WebCore::IOSurface
    because of the name conflict with ::IOSurface; we need to strictly order the declarations,
    which is easiest to achieve by just importing our header.

    Canonical link: https://commits.webkit.org/274319@main

Identifier: 272448.587 at safari-7618-branch


  Commit: 4032f9092a2861a87d4f641400e9bfd6405c9618
      https://github.com/WebKit/WebKit/commit/4032f9092a2861a87d4f641400e9bfd6405c9618
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width-expected.html
    A LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html
    M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 06f1371ababe. rdar://122586549

    [IFC][Ruby] Text are clipped at the bottom on some pages with ruby in Books
    https://bugs.webkit.org/show_bug.cgi?id=269079
    <rdar://122586549>

    Reviewed by Antti Koivisto.

    Take ruby width adjustment (annotation box is wider than base content) into account when non-trivial line breaking requires us to rebuild the current line.

    * LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
    (WebCore::Layout::LineBuilder::rebuildLineWithInlineContent): This is the exact copy of what we do in candidateContentForLine when collecting the content for current line.

    Canonical link: https://commits.webkit.org/274387@main

Identifier: 272448.588 at safari-7618-branch


  Commit: 01e322ed7f4cb33687c7a8553c66c31e81922ad4
      https://github.com/WebKit/WebKit/commit/01e322ed7f4cb33687c7a8553c66c31e81922ad4
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/net/bugzilla/attachment.py
    M Tools/Scripts/webkitpy/common/net/bugzilla/bug.py
    M Tools/Scripts/webkitpy/common/net/bugzilla/bug_unittest.py
    M Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla.py
    M Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla_mock.py
    M Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla_unittest.py
    M Tools/Scripts/webkitpy/w3c/common.py
    M Tools/Scripts/webkitpy/w3c/test_downloader.py
    M Tools/Scripts/webkitpy/w3c/test_exporter.py
    M Tools/Scripts/webkitpy/w3c/test_exporter_unittest.py
    M Tools/Scripts/webkitpy/w3c/test_importer.py
    M Tools/Scripts/webkitpy/w3c/test_importer_unittest.py
    M Tools/Scripts/webkitpy/w3c/test_parser.py
    M Tools/Scripts/webkitpy/w3c/wpt_github.py
    M Tools/Scripts/webkitpy/w3c/wpt_github_mock.py
    M Tools/Scripts/webkitpy/w3c/wpt_runner_unittest.py

  Log Message:
  -----------
  Cherry-pick 273556 at main (7841b2790f42). https://bugs.webkit.org/show_bug.cgi?id=268094

    Remove more webkitpy.common.net.bugzilla and webkitpy.w3c dead code
    https://bugs.webkit.org/show_bug.cgi?id=268094

    Reviewed by Jonathan Bedard.

    Largely found via `vulture webkitpy --exclude '.tox,*_unittest.py,*_integrationtest.py'`

    * Tools/Scripts/webkitpy/common/net/bugzilla/attachment.py:
    (Attachment):
    (Attachment.id):
    (Attachment.is_patch):
    (Attachment.name):
    (Attachment.attacher): Deleted.
    (Attachment.attacher_email): Deleted.
    (Attachment.is_obsolete): Deleted.
    (Attachment.is_revert): Deleted.
    (Attachment.attach_date): Deleted.
    * Tools/Scripts/webkitpy/common/net/bugzilla/bug.py:
    (Bug.is_closed):
    (Bug.patches):
    (Bug.reviewed_patches):
    (Bug.is_in_comments):
    (Bug.duplicate_of): Deleted.
    (Bug.unreviewed_patches): Deleted.
    (Bug.commit_queued_patches): Deleted.
    (Bug.commit_revision): Deleted.
    * Tools/Scripts/webkitpy/common/net/bugzilla/bug_unittest.py:
    (BugTest.test_is_in_comments):
    (BugTest.test_commit_revision): Deleted.
    * Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla.py:
    (BugzillaQueries.__init__):
    (BugzillaQueries._load_query):
    (BugzillaQueries.fetch_quips):
    (Bugzilla.__init__):
    (Bugzilla.open_url):
    (Bugzilla.bug_url_for_bug_id):
    (Bugzilla.attachment_url_for_id):
    (Bugzilla._parse_log_descr_element):
    (Bugzilla._filename_for_upload):
    (Bugzilla.clear_attachment_flags):
    (EditUsersParser): Deleted.
    (EditUsersParser.__init__): Deleted.
    (EditUsersParser._login_and_uid_from_row): Deleted.
    (EditUsersParser.login_userid_pairs_from_edit_user_results): Deleted.
    (EditUsersParser._group_name_and_string_from_row): Deleted.
    (EditUsersParser.user_dict_from_edit_user_page): Deleted.
    (EditUsersParser._group_rows_from_edit_user_page): Deleted.
    (EditUsersParser.group_string_from_name): Deleted.
    (BugzillaQueries._is_xml_bugs_form): Deleted.
    (BugzillaQueries._parse_result_count): Deleted.
    (BugzillaQueries._fetch_bugs_from_advanced_query): Deleted.
    (BugzillaQueries._fetch_bug): Deleted.
    (BugzillaQueries._fetch_bug_ids_advanced_query): Deleted.
    (BugzillaQueries._parse_attachment_ids_request_query): Deleted.
    (BugzillaQueries._fetch_attachment_ids_request_query): Deleted.
    (BugzillaQueries.fetch_bug_ids_from_pending_commit_list): Deleted.
    (BugzillaQueries.fetch_bugs_matching_quicksearch): Deleted.
    (BugzillaQueries.fetch_bugs_matching_search): Deleted.
    (BugzillaQueries.fetch_patches_from_pending_commit_list): Deleted.
    (BugzillaQueries.fetch_bugs_from_review_queue): Deleted.
    (BugzillaQueries.fetch_bug_ids_from_commit_queue): Deleted.
    (BugzillaQueries.fetch_patches_from_commit_queue): Deleted.
    (BugzillaQueries.fetch_bug_ids_from_review_queue): Deleted.
    (BugzillaQueries.fetch_patches_from_review_queue): Deleted.
    (BugzillaQueries.fetch_attachment_ids_from_review_queue): Deleted.
    (BugzillaQueries.fetch_login_userid_pairs_matching_substring): Deleted.
    (Bugzilla.fetch_user): Deleted.
    (Bugzilla.add_user_to_groups): Deleted.
    (Bugzilla.short_bug_url_for_bug_id): Deleted.
    (Bugzilla.edit_user_url_for_id): Deleted.
    (Bugzilla._parse_bugs_from_xml): Deleted.
    (Bugzilla.add_attachment_to_bug): Deleted.
    (Bugzilla.set_flag_on_attachment): Deleted.
    * Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla_mock.py:
    (MockBugzillaQueries.__init__):
    (MockBugzilla.fetch_bug):
    (MockBugzilla.reassign_bug):
    (MockBugzilla.post_comment_to_bug):
    (MockBugzillaQueries._all_bugs): Deleted.
    (MockBugzillaQueries.fetch_bug_ids_from_commit_queue): Deleted.
    (MockBugzillaQueries.fetch_attachment_ids_from_review_queue): Deleted.
    (MockBugzillaQueries.fetch_patches_from_commit_queue): Deleted.
    (MockBugzillaQueries.fetch_bug_ids_from_pending_commit_list): Deleted.
    (MockBugzillaQueries.fetch_bugs_from_review_queue): Deleted.
    (MockBugzillaQueries.fetch_patches_from_pending_commit_list): Deleted.
    (MockBugzillaQueries.fetch_bugs_matching_search): Deleted.
    (MockBugzillaQueries.fetch_bugs_matching_quicksearch): Deleted.
    (MockBugzilla.set_override_patch): Deleted.
    (MockBugzilla.set_flag_on_attachment): Deleted.
    (MockBugzilla.add_attachment_to_bug): Deleted.
    * Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla_unittest.py:
    (test_url_creation):
    (test_parse_bug_id):
    (test_user_dict_from_edit_user_page): Deleted.
    * Tools/Scripts/webkitpy/w3c/common.py:
    (read_credentials):
    (is_testharness_baseline): Deleted.
    (is_basename_skipped): Deleted.
    (is_file_exportable): Deleted.
    * Tools/Scripts/webkitpy/w3c/test_downloader.py:
    (TestDownloader.__init__):
    * Tools/Scripts/webkitpy/w3c/test_exporter.py:
    (WebPlatformTestExporter._ensure_new_branch_name):
    (WebPlatformTestExporter.download_and_commit_patch): Deleted.
    * Tools/Scripts/webkitpy/w3c/test_exporter_unittest.py:
    (TestExporterTest.MockGit.push):
    (TestExporterTest.MockGit.format_patch): Deleted.
    * Tools/Scripts/webkitpy/w3c/test_importer.py:
    * Tools/Scripts/webkitpy/w3c/test_importer_unittest.py:
    (TestImporterTest.import_downloaded_tests):
    (TestImporterTest.import_downloaded_tests.TestDownloaderMock): Deleted.
    (TestImporterTest.import_downloaded_tests.TestDownloaderMock.__init__): Deleted.
    (TestImporterTest.import_downloaded_tests.TestDownloaderMock._git_submodules_status): Deleted.
    * Tools/Scripts/webkitpy/w3c/test_parser.py:
    (TestParser.is_slow_test):
    (TestParser.has_fuzzy_metadata): Deleted.
    * Tools/Scripts/webkitpy/w3c/wpt_github.py:
    (WPTGitHub.__init__):
    (WPTGitHub.request):
    (WPTGitHub.create_pr):
    (WPTGitHub.add_label):
    (MergeError.__init__):
    (WPTGitHub.extract_link_next): Deleted.
    (WPTGitHub.update_pr): Deleted.
    (WPTGitHub.remove_label): Deleted.
    (WPTGitHub.make_pr_from_item): Deleted.
    (WPTGitHub.all_pull_requests): Deleted.
    (WPTGitHub.get_pr_branch): Deleted.
    (WPTGitHub.is_pr_merged): Deleted.
    (WPTGitHub.merge_pr): Deleted.
    (WPTGitHub.delete_remote_branch): Deleted.
    (WPTGitHub.pr_for_chromium_commit): Deleted.
    (WPTGitHub.pr_with_change_id): Deleted.
    (WPTGitHub.pr_with_position): Deleted.
    * Tools/Scripts/webkitpy/w3c/wpt_github_mock.py:
    (MockWPTGitHub.__init__):
    (MockWPTGitHub.create_pr):
    (MockWPTGitHub.add_label):
    (MockWPTGitHub.all_pull_requests): Deleted.
    (MockWPTGitHub.is_pr_merged): Deleted.
    (MockWPTGitHub.merge_pr): Deleted.
    (MockWPTGitHub.update_pr): Deleted.
    (MockWPTGitHub.delete_remote_branch): Deleted.
    (MockWPTGitHub.remove_label): Deleted.
    (MockWPTGitHub.get_pr_branch): Deleted.
    (MockWPTGitHub.pr_for_chromium_commit): Deleted.
    (MockWPTGitHub.pr_with_position): Deleted.
    (MockWPTGitHub.pr_with_change_id): Deleted.
    * Tools/Scripts/webkitpy/w3c/wpt_runner_unittest.py:

    Canonical link: https://commits.webkit.org/273556@main

Canonical link: https://commits.webkit.org/272448.589@safari-7618-branch


  Commit: e079fae430afa44cd1943b0a24435c1b2ad560d0
      https://github.com/WebKit/WebKit/commit/e079fae430afa44cd1943b0a24435c1b2ad560d0
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/port/base.py
    M Tools/Scripts/webkitpy/port/base_unittest.py
    M Tools/Scripts/webkitpy/port/config.py
    M Tools/Scripts/webkitpy/port/config_unittest.py
    M Tools/Scripts/webkitpy/port/darwin.py
    M Tools/Scripts/webkitpy/port/factory.py
    M Tools/Scripts/webkitpy/port/glib.py
    M Tools/Scripts/webkitpy/port/gtk.py
    M Tools/Scripts/webkitpy/port/gtk_unittest.py
    M Tools/Scripts/webkitpy/port/ios.py
    M Tools/Scripts/webkitpy/port/ios_device_unittest.py
    M Tools/Scripts/webkitpy/port/ios_simulator_unittest.py
    M Tools/Scripts/webkitpy/port/mac_unittest.py
    M Tools/Scripts/webkitpy/port/port_testcase.py
    M Tools/Scripts/webkitpy/port/server_process.py
    M Tools/Scripts/webkitpy/port/watch.py
    M Tools/Scripts/webkitpy/port/watch_simulator_unittest.py
    M Tools/Scripts/webkitpy/port/wpe.py
    M Tools/Scripts/webkitpy/port/wpe_unittest.py

  Log Message:
  -----------
  Cherry-pick 273681 at main (868bb52684d2). https://bugs.webkit.org/show_bug.cgi?id=268164

    Remove dead code from webkitpy/port
    https://bugs.webkit.org/show_bug.cgi?id=268164

    Reviewed by Jonathan Bedard.

    Largely from vulture.

    * Tools/Scripts/webkitpy/port/base.py:
    (Port.architecture):
    (Port.driver_name):
    (Port.reference_files):
    (Port._natural_sort_key):
    (Port.path_to_generic_test_expectations_file):
    (Port.abspath_for_test):
    (Port.perf_results_directory):
    (Port.clean_up_test_run):
    (Port.configuration_specifier_macros):
    (Port._path_to_user_cache_directory):
    (Port.logging_detectors_to_strip_text_start):
    (Port.set_architecture): Deleted.
    (Port.expected_baselines_by_extension): Deleted.
    (Port.baseline_extensions): Deleted.
    (Port.potential_test_names_from_expected_file): Deleted.
    (Port.test_dirs): Deleted.
    (Port.path_to_test_expectations_file): Deleted.
    (Port.jsc_results_directory): Deleted.
    (Port.bindings_results_directory): Deleted.
    (Port.python_unittest_results_directory): Deleted.
    (Port._value_or_default_from_environ): Deleted.
    (Port.all_baseline_variants): Deleted.
    (Port._path_to_webcore_library): Deleted.
    (Port.test_expectations_file_position): Deleted.
    * Tools/Scripts/webkitpy/port/base_unittest.py:
    (PortTest.test_setup_test_run):
    (PortTest.test_test_dirs): Deleted.
    * Tools/Scripts/webkitpy/port/config.py:
    (Config):
    (Config._determine_configuration):
    (clear_cached_configuration): Deleted.
    * Tools/Scripts/webkitpy/port/config_unittest.py:
    (ConfigTest):
    (ConfigTest.setUp): Deleted.
    (ConfigTest.tearDown): Deleted.
    * Tools/Scripts/webkitpy/port/darwin.py:
    (DarwinPort.print_leaks_summary):
    (DarwinPort._path_to_image_diff):
    (DarwinPort._path_to_webcore_library): Deleted.
    (DarwinPort.make_command): Deleted.
    (DarwinPort.xcrun_find): Deleted.
    * Tools/Scripts/webkitpy/port/factory.py:
    (configuration_options):
    (_builder_options): Deleted.
    * Tools/Scripts/webkitpy/port/glib.py:
    (GLibPort._built_executables_path):
    (GLibPort._built_libraries_path): Deleted.
    * Tools/Scripts/webkitpy/port/gtk.py:
    (GtkPort._path_to_default_image_diff):
    (GtkPort.check_sys_deps):
    (GtkPort._path_to_webcore_library): Deleted.
    (GtkPort.test_expectations_file_position): Deleted.
    * Tools/Scripts/webkitpy/port/gtk_unittest.py:
    (GtkPortTest.test_default_upload_configuration):
    * Tools/Scripts/webkitpy/port/ios.py:
    (IOSPort.default_baseline_search_path):
    (IOSPort.test_expectations_file_position): Deleted.
    * Tools/Scripts/webkitpy/port/ios_device_unittest.py:
    * Tools/Scripts/webkitpy/port/ios_simulator_unittest.py:
    (IOSSimulatorTest.test_sdk_name):
    (IOSSimulatorTest.test_default_upload_configuration):
    (IOSSimulatorTest.test_xcrun): Deleted.
    (IOSSimulatorTest.test_xcrun.throwing_run_command): Deleted.
    * Tools/Scripts/webkitpy/port/mac_unittest.py:
    (MacTest.test_sdk_name):
    (MacTest.test_xcrun): Deleted.
    (MacTest.test_xcrun.throwing_run_command): Deleted.
    * Tools/Scripts/webkitpy/port/port_testcase.py:
    (PortTestCase.test_expectations_ordering):
    (PortTestCase.test_path_to_test_expectations_file): Deleted.
    * Tools/Scripts/webkitpy/port/server_process.py:
    (ServerProcess._kill):
    (ServerProcess.replace_outputs): Deleted.
    * Tools/Scripts/webkitpy/port/watch.py:
    (WatchPort.version_name):
    (WatchPort.test_expectations_file_position): Deleted.
    * Tools/Scripts/webkitpy/port/watch_simulator_unittest.py:
    (WatchSimulatorTest.test_sdk_name):
    (WatchSimulatorTest.test_default_upload_configuration):
    (WatchSimulatorTest.test_xcrun): Deleted.
    (WatchSimulatorTest.test_xcrun.throwing_run_command): Deleted.
    * Tools/Scripts/webkitpy/port/wpe.py:
    (WPEPort._port_specific_expectations_files):
    (WPEPort.test_expectations_file_position): Deleted.
    * Tools/Scripts/webkitpy/port/wpe_unittest.py:
    (WPEPortTest.test_default_upload_configuration):

    Canonical link: https://commits.webkit.org/273681@main

Canonical link: https://commits.webkit.org/272448.590@safari-7618-branch


  Commit: 2583258038e3f978f565d030362820983f2eaaf9
      https://github.com/WebKit/WebKit/commit/2583258038e3f978f565d030362820983f2eaaf9
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/checkout/scm/git.py
    M Tools/Scripts/webkitpy/common/checkout/scm/scm.py
    M Tools/Scripts/webkitpy/common/checkout/scm/scm_unittest.py
    M Tools/Scripts/webkitpy/common/checkout/scm/svn.py

  Log Message:
  -----------
  Cherry-pick 273684 at main (05a7740784d6). https://bugs.webkit.org/show_bug.cgi?id=268165

    Remove dead code in webkitpy/common/checkout/scm
    https://bugs.webkit.org/show_bug.cgi?id=268165

    Reviewed by Jonathan Bedard.

    Largely from vulture.

    * Tools/Scripts/webkitpy/common/checkout/scm/git.py:
    (Git.find_checkout_root):
    (Git.merge_base):
    (Git._most_recent_log_matching):
    (Git.svn_branch):
    (Git.timestamp_of_native_revision):
    (Git.contents_at_revision):
    (Git.diff_for_file):
    (Git._commit_on_branch):
    (Git.last_svn_commit_log):
    (Git.remote_branch_ref):
    (Git.commit_message_for_local_commit):
    (Git.to_object_name): Deleted.
    (Git.modifications_staged_for_commit): Deleted.
    (Git._most_recent_log_for_revision): Deleted.
    (Git.svn_url): Deleted.
    (Git.svn_repository_url): Deleted.
    (Git.prepend_svn_revision): Deleted.
    (Git.diff_for_revision): Deleted.
    (Git.show_head): Deleted.
    (Git.svn_blame): Deleted.
    (Git.origin_url): Deleted.
    (Git.init_submodules): Deleted.
    (Git.submodules_status): Deleted.
    (Git.deinit_submodules): Deleted.
    (Git.cherrypick_merge): Deleted.
    (Git.files_changed_summary_for_commit): Deleted.
    * Tools/Scripts/webkitpy/common/checkout/scm/scm.py:
    (SCM.display_name):
    (SCM.contents_at_revision):
    (SCM.diff_for_file):
    (SCM.last_svn_commit_log):
    (SCM.commit_locally_with_message):
    (SCM.head_svn_revision): Deleted.
    (SCM.diff_for_revision): Deleted.
    (SCM.show_head): Deleted.
    (SCM.svn_blame): Deleted.
    (SCM.local_changes_exist): Deleted.
    * Tools/Scripts/webkitpy/common/checkout/scm/scm_unittest.py:
    (SCMTest._shared_test_reverse_diff):
    (SCMTest._shared_test_exists):
    (test_reverse_diff):
    (test_delete_recursively_or_not):
    (test_native_revision):
    (test_native_branch):
    (GitTest.test_exists):
    (GitSVNTest.test_delete_recursively_or_not):
    (GitSVNTest.test_native_branch):
    (SCMTest._shared_test_diff_for_revision): Deleted.
    (SCMTest._shared_test_head_svn_revision): Deleted.
    (test_diff_for_revision): Deleted.
    (test_head_svn_revision): Deleted.
    (test_propset_propget): Deleted.
    (test_show_head): Deleted.
    (test_show_head_binary): Deleted.
    (GitTest.test_head_svn_revision): Deleted.
    (GitSVNTest.test_head_svn_revision): Deleted.
    (GitSVNTest.test_to_object_name): Deleted.
    (GitSVNTest.test_show_head): Deleted.
    (GitSVNTest.test_show_head_binary): Deleted.
    * Tools/Scripts/webkitpy/common/checkout/scm/svn.py:
    (SVN.find_checkout_root):
    (SVN.contents_at_revision):
    (SVN.diff_for_file):
    (SVN.last_svn_commit_log):
    (SVN.diff_for_revision): Deleted.
    (SVN.show_head): Deleted.
    (SVN.svn_blame): Deleted.
    (SVN.propset): Deleted.
    (SVN.propget): Deleted.

    Canonical link: https://commits.webkit.org/273684@main

Canonical link: https://commits.webkit.org/272448.591@safari-7618-branch


  Commit: 28cd0f2b3835fdfcc32d010621e8c4e19d3552d8
      https://github.com/WebKit/WebKit/commit/28cd0f2b3835fdfcc32d010621e8c4e19d3552d8
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    R Tools/Scripts/webkitpy/layout_tests/servers/http_server.py
    M Tools/Scripts/webkitpy/layout_tests/servers/http_server_base.py
    R Tools/Scripts/webkitpy/layout_tests/servers/http_server_unittest.py
    R Tools/Scripts/webkitpy/layout_tests/servers/lighttpd.conf
    M Tools/Scripts/webkitpy/layout_tests/servers/websocket_server.py
    A Tools/Scripts/webkitpy/layout_tests/servers/websocket_server_unittest.py
    M Tools/Scripts/webkitpy/port/base.py
    M Tools/Scripts/webkitpy/port/test.py
    M Tools/Scripts/webkitpy/port/win.py
    M Tools/Scripts/webkitpy/test/main.py

  Log Message:
  -----------
  Cherry-pick 273698 at main (1ab755eeb7f0). https://bugs.webkit.org/show_bug.cgi?id=268292

    Drop support for Lighttpd
    https://bugs.webkit.org/show_bug.cgi?id=268292

    Reviewed by Alexey Proskuryakov.

    Every port nowadays has `_use_apache` returning True, so this is now all
    dead code.

    * Tools/Scripts/webkitpy/layout_tests/servers/http_server.py: Removed.
    * Tools/Scripts/webkitpy/layout_tests/servers/http_server_base.py:
    * Tools/Scripts/webkitpy/layout_tests/servers/lighttpd.conf: Removed.
    * Tools/Scripts/webkitpy/layout_tests/servers/websocket_server.py:
    (PyWebSocket):
    (PyWebSocket.__init__):
    (PyWebSocket._stop_running_server):
    (PyWebSocket._check_and_kill):
    (PyWebSocket._is_server_running_on_all_ports):
    * Tools/Scripts/webkitpy/layout_tests/servers/websocket_server_unittest.py: Renamed from Tools/Scripts/webkitpy/layout_tests/servers/http_server_unittest.py.
    (TestWebsocketServer):
    (TestWebsocketServer.test_start_cmd):
    (TestWebsocketServer.test_win32_start_and_stop):
    (TestWebsocketServer.test_win32_start_and_stop.wait_for_action):
    (TestWebsocketServer.test_win32_start_and_stop.mock_returns):
    (TestWebsocketServer.test_win32_start_and_stop.mock_returns.return_value_thunk):
    * Tools/Scripts/webkitpy/port/base.py:
    (Port.check_httpd):
    (Port.start_http_server):
    (Port):
    (Port.path_to_api_test_binaries):
    (Port._uses_apache): Deleted.
    (Port._path_to_lighttpd): Deleted.
    (Port._path_to_lighttpd_modules): Deleted.
    * Tools/Scripts/webkitpy/port/test.py:
    * Tools/Scripts/webkitpy/port/win.py:
    (WinPort):
    (WinPort._path_to_apache):
    (WinPort._uses_apache): Deleted.
    (WinPort._path_to_lighttpd): Deleted.
    (WinPort._path_to_lighttpd_modules): Deleted.
    * Tools/Scripts/webkitpy/test/main.py:
    (main):

    Canonical link: https://commits.webkit.org/273698@main

Canonical link: https://commits.webkit.org/272448.592@safari-7618-branch


  Commit: 4ab0984084ca604a69c7e2dd8114a7208f4beaf7
      https://github.com/WebKit/WebKit/commit/4ab0984084ca604a69c7e2dd8114a7208f4beaf7
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/checkout/diff_parser.py
    M Tools/Scripts/webkitpy/common/checkout/diff_parser_unittest.py
    M Tools/Scripts/webkitpy/common/checkout/scm/git.py
    M Tools/Scripts/webkitpy/common/checkout/scm/scm_unittest.py
    M Tools/Scripts/webkitpy/style/main.py

  Log Message:
  -----------
  Cherry-pick 273780 at main (81bfcf01ed2b). https://bugs.webkit.org/show_bug.cgi?id=265030

    [check-webkit-style] only check a diff from git
    https://bugs.webkit.org/show_bug.cgi?id=265030

    Reviewed by Jonathan Bedard.

    Previously, we passed commit_message=True, which led us to get
    git-format-tree output (an mbox, with patches formatted as a sequence of
    emails with commit messages and a diffstat prior to the actual patch)
    from Scm.create_patch, rather than the output of git-diff, which
    DiffParser can actually parse.

    Change the call to Scm.create_patch to ensure we only get a diff, and
    not other metadata.

    However, this exposed the fact that Git.create_patch didn't account for
    the difference in command-line arguments between git-format-tree and
    git-diff, thus we need to correctly pass the correct set of revisions we
    wish to obtain a diff for, nor did it correctly pass the order file.

    As a drive-by, add a test that we get an error from DiffParser given an
    mbox.

    Lastly, skip SCM tests that involve svn if it is not installed.

    * Tools/Scripts/webkitpy/common/checkout/diff_parser.py:
    (DiffParser._parse_into_diff_files):
    * Tools/Scripts/webkitpy/common/checkout/diff_parser_unittest.py:
    (DiffParserTest.setUp):
    (DiffParserTest):
    (DiffParserTest.tearDown):
    (test_git_format_patch_multiple):
    * Tools/Scripts/webkitpy/common/checkout/scm/git.py:
    (Git.create_patch):
    * Tools/Scripts/webkitpy/common/checkout/scm/scm_unittest.py:
    (SVNTest.setUp):
    (GitTest.test_create_patch_merge_base_without_commit_message):
    (GitTest):
    (GitTest.test_create_patch_merge_base_with_commit_message):
    (GitSVNTest.setUp):
    * Tools/Scripts/webkitpy/style/main.py:
    (CheckWebKitStyle.main):

    Canonical link: https://commits.webkit.org/273780@main

Canonical link: https://commits.webkit.org/272448.593@safari-7618-branch


  Commit: ab1ec43dbbab836c1969a104406428ae2b54a283
      https://github.com/WebKit/WebKit/commit/ab1ec43dbbab836c1969a104406428ae2b54a283
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py
    M Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_runner_unittest.py

  Log Message:
  -----------
  Cherry-pick 273789 at main (5d4d9c7ef39a). https://bugs.webkit.org/show_bug.cgi?id=268379

    TestShard should be able to pickle reference_files
    https://bugs.webkit.org/show_bug.cgi?id=268379

    Reviewed by Jonathan Bedard.

    Previously, this got the type of reference_files wrong. This happened to
    work because we never actually set it anywhere. However, on a local
    branch where it is set this unsurprisingly fails.

    * Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:
    (TestShard.pack):
    * Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_runner_unittest.py:
    (LayoutTestRunnerTests.test_interrupt_if_at_failure_limits): Drive-by, remove dead variable.
    (ShardTests):
    (ShardTests.test_pickle):

    Canonical link: https://commits.webkit.org/273789@main

Canonical link: https://commits.webkit.org/272448.594@safari-7618-branch


  Commit: 77a14b1296a386ad64fcf2f43457a3a0bd8f20c4
      https://github.com/WebKit/WebKit/commit/77a14b1296a386ad64fcf2f43457a3a0bd8f20c4
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/system/filesystem.py
    M Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_finder_legacy.py
    M Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_finder_legacy_unittest.py
    M Tools/Scripts/webkitpy/layout_tests/models/test.py
    M Tools/Scripts/webkitpy/port/base.py
    M Tools/Scripts/webkitpy/port/test.py

  Log Message:
  -----------
  Cherry-pick 273913 at main (24f491ae9489). https://bugs.webkit.org/show_bug.cgi?id=268524

    Increase LayoutTestFinder test coverage
    https://bugs.webkit.org/show_bug.cgi?id=268524

    Reviewed by Jonathan Bedard.

    As part of bug 220421, rewriting LayoutTestFinder, many new tests have
    been written. However, these can stand on their own as a useful increase
    in test coverage.

    With this, a `with_expectations` argument is added to
    LayoutTestFinder.find_tests which fully populates the Test object,
    similar to the new implementation. This is not enabled by default as it
    is very slow, having to read each directory many times.

    This also makes some minor changes to ensure the tests reliably pass, at
    least on non-Windows platforms. (Some of the LayoutTestFinder tests
    already fail on Windows; these new tests continue to demonstrate
    differences, which are almost all bugs in our current implementation.)

    * Tools/Scripts/webkitpy/common/system/filesystem.py:
    (FileSystem.__init__): Avoid storing os.sep/os.pardir at import time, so that pyfakefs can rewrite them.
    (FileSystem.remove): Ditto, but os.remove.
    * Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_finder_legacy.py:
    (LayoutTestFinder.find_tests): Add a with_expectations keyword argument that fully populates the Test object.
    (LayoutTestFinder.find_tests_by_path): Ditto.
    * Tools/Scripts/webkitpy/layout_tests/controllers/layout_test_finder_legacy_unittest.py:
    (LayoutTestFinderTests.setUp):
    (LayoutTestFinderTests.test_supported_test_extensions):
    (LayoutTestFinderTests.test_includes_other_platforms_fallback):
    (LayoutTestFinderTests.test_find_platform):
    (LayoutTestFinderTests.test_find_platform_self):
    (LayoutTestFinderTests.test_find_overridden):
    (LayoutTestFinderTests):
    (LayoutTestFinderTests.test_find_overridden_default):
    (LayoutTestFinderTests.test_find_overridden_platform_self):
    (LayoutTestFinderTests.test_find_overridden_platform_other):
    * Tools/Scripts/webkitpy/layout_tests/models/test.py:
    (Test): Fix defaults to be the correct types.
    * Tools/Scripts/webkitpy/port/base.py:
    (Port): Use a tuple, rather than a set, to give consistent enumeration order over _supported_reference_extensions.
    * Tools/Scripts/webkitpy/port/test.py:

    Canonical link: https://commits.webkit.org/273913@main

Canonical link: https://commits.webkit.org/272448.595@safari-7618-branch


  Commit: 1f0f20bf0d36581fd808436d8bc96cbe359ac22f
      https://github.com/WebKit/WebKit/commit/1f0f20bf0d36581fd808436d8bc96cbe359ac22f
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/layout_tests/models/test_run_results_unittest.py

  Log Message:
  -----------
  Cherry-pick 273948 at main (7df0ea213a3f). https://bugs.webkit.org/show_bug.cgi?id=268510

    Use a mock git for most of SummarizedResultsTest
    https://bugs.webkit.org/show_bug.cgi?id=268510

    Reviewed by Jonathan Bedard.

    None of these tests actually are looking at the output from git
    whatsoever, and with many remotes and branches actually querying git can
    be slow, so just use a mock git object instead.

    Lastly, mark the one test that still uses real git as slow.

    * Tools/Scripts/webkitpy/layout_tests/models/test_run_results_unittest.py:
    (SummarizedResultsTest.test_no_git_revision):
    (SummarizedResultsTest.test_summarized_results_wontfix):
    (SummarizedResultsTest.test_summarized_results_include_passes):
    (SummarizedResultsTest.test_summarized_results_world_leaks_disabled):
    (SummarizedResultsTest.test_summarized_run_metadata):
    (SummarizedResultsTest.test_git_revision_exists): Deleted.

    Canonical link: https://commits.webkit.org/273948@main

Canonical link: https://commits.webkit.org/272448.596@safari-7618-branch


  Commit: 427e706bf6c66db9fee5ad326345eca835ead98e
      https://github.com/WebKit/WebKit/commit/427e706bf6c66db9fee5ad326345eca835ead98e
  Author: Sam Sneddon <gsnedders at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/version_name_map_unittest.py

  Log Message:
  -----------
  Cherry-pick 274147 at main (4479cfaf0554). https://bugs.webkit.org/show_bug.cgi?id=268657

    Test that _automap_to_major_version works with a single version
    https://bugs.webkit.org/show_bug.cgi?id=268657

    Reviewed by Jonathan Bedard.

    Jonathan claimed it didn't work. I wrote a test to fix this and it
    passed. So let's keep the test.

    * Tools/Scripts/webkitpy/common/version_name_map_unittest.py:
    (VersionMapTestCase.test__automap_to_major_version):

    Canonical link: https://commits.webkit.org/274147@main

Canonical link: https://commits.webkit.org/272448.597@safari-7618-branch


  Commit: ff29773878ff6fa7b551cf857b33c9cc785d4ac4
      https://github.com/WebKit/WebKit/commit/ff29773878ff6fa7b551cf857b33c9cc785d4ac4
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    A Tools/Scripts/build-and-analyze
    A Tools/Scripts/generate-static-analysis-archive
    A Tools/Scripts/webkitpy/static_analysis/__init__.py
    A Tools/Scripts/webkitpy/static_analysis/results.py
    A Tools/Scripts/webkitpy/static_analysis/results_unittest.py

  Log Message:
  -----------
  Cherry-pick 274239 at main (723136dec2e8). rdar://122427584

    Add build-and-analyze and generate-static-analysis-archive for static analysis
    https://bugs.webkit.org/show_bug.cgi?id=268862
    rdar://problem/122427584

    Reviewed by David Kilzer.

    Added scripts with minor changes.

    * Tools/Scripts/build-and-analyze: Added.
    (args_for_additional_checkers):
    (make_analyzer_flags):
    (scan_build_path):
    (main):
    (parse_args): Added '--scan-build-dir' flag to override default scan-build path.
    * Tools/Scripts/generate-static-analysis-archive: Added.
    (parse_command_line):
    (get_project_name):
    (generate_results_page):
    (get_total_issue_count):
    (main):
    * Tools/Scripts/webkitpy/static_analysis/__init__.py: Added.
    * Tools/Scripts/webkitpy/static_analysis/results.py: Added.
    (get_project_issue_count_as_string): Used in generate-static-analysis-archive.
    * Tools/Scripts/webkitpy/static_analysis/results_unittest.py: Added.
    (StaticAnalysisResultsTest):
    (StaticAnalysisResultsTest.test_get_project_issue_count_as_string_no_file):
    (StaticAnalysisResultsTest.test_get_project_issue_count_as_string_invalid_long):
    (StaticAnalysisResultsTest.test_get_project_issue_count_as_string_invalid_short):
    (StaticAnalysisResultsTest.test_get_project_issue_count_as_string_valid):

    Canonical link: https://commits.webkit.org/274239@main

Canonical link: https://commits.webkit.org/272448.598@safari-7618-branch


  Commit: 6d9bbe95898053b16a5b59940825b6aa5be5b87c
      https://github.com/WebKit/WebKit/commit/6d9bbe95898053b16a5b59940825b6aa5be5b87c
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/APIAttachment.h
    M Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp

  Log Message:
  -----------
  Harden IPC endpoints for decoding images from arbitrary file wrappers when using the attachment API
https://bugs.webkit.org/show_bug.cgi?id=269877
rdar://99194803

Reviewed by Abrar Rahman Protyasha and Aditya Keerthi.

It's currently possible for a compromised web process to use two IPC endpoints:

• `WebPageProxy::RegisterAttachmentsFromSerializedData`
• `WebPageProxy::RequestAttachmentIcon`

...in order to force image decoding through an `NSFileWrapper` created from arbitrary data,
underneath a call to `-[NSFileWrapper icon]`. This icon image is only meant to be used to generate
icons for folder attachments (e.g. a bundle icon for bundle directories, or Xcode icon for Xcode
projects), and should only ever be exercised in the case where the file wrapper was created from an
existing file path on the system (as opposed to untrusted data directly from the web process).

As such, we can lock this down by:

1.  Adding a `m_isCreatedFromSerializedRepresentation` flag, to track whether an `API::Attachment`
    was created using an arbitrary serialized representation.

2.  Before asking for `-icon`, verify that the file wrapper doesn't have the flag set in (1), and
    that the file wrapper is also actually a directory.

* Source/WebKit/UIProcess/API/APIAttachment.h:
* Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm:
(API::Attachment::updateFromSerializedRepresentation):
(API::Attachment::cloneFileWrapperTo):
(API::Attachment::shouldUseFileWrapperIconForDirectory const):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::platformCloneAttachment):

Add logic here to ensure that a compromised web content process can't bypass the aforementioned
mitigation by cloning an attachment created from arbitrary data to an attachment that doesn't have
the `m_isCreatedFromSerializedRepresentation` flag.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::requestAttachmentIcon):

Canonical link: https://commits.webkit.org/272448.599@safari-7618-branch


  Commit: fc090f6ee88d7935298b088964152751c3d5b2ba
      https://github.com/WebKit/WebKit/commit/fc090f6ee88d7935298b088964152751c3d5b2ba
  Author: Nisha Jain <nisha_jain at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/fast/rendering/render-layer-with-providedbacking-crash-expected.txt
    A LayoutTests/fast/rendering/render-layer-with-providedbacking-crash.html
    M Source/WebCore/rendering/RenderLayer.cpp

  Log Message:
  -----------
  RenderLayer : Unbalanced begin/endTransparencyLayers with nested masked elements and backing sharing causes a crash.
https://bugs.webkit.org/show_bug.cgi?id=269865
rdar://113144444.

Reviewed by Simon Fraser.

In order to balance the begin/endTransparencyLayers call for a TransparencyLayer with nested masked elements and backing sharing, added 'provided backing/paint to' into account while doing 'ancestor' traversal.

* LayoutTests/fast/rendering/render-layer-with-providedbacking-crash-expected.txt: Added.
* LayoutTests/fast/rendering/render-layer-with-providedbacking-crash.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::transparentPaintingAncestor):

Canonical link: https://commits.webkit.org/272448.600@safari-7618-branch


  Commit: e4282b800e5aea19966f32adf5e41e5f37c4df69
      https://github.com/WebKit/WebKit/commit/e4282b800e5aea19966f32adf5e41e5f37c4df69
  Author: David Degazio <d_degazio at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/Assertions.cpp
    M Source/bmalloc/libpas/src/libpas/pas_utils.c

  Log Message:
  -----------
  Cherry-pick 0806bfc07433. rdar://121969027

    Avoid using x18 in WTF/libPAS assertions
    https://bugs.webkit.org/show_bug.cgi?id=268421
    rdar://121969027

    Reviewed by Michael Saboff and Justin Michaud.

    Stops using x18 as an error-reporting register in libPAS
    and WTF, since it's reserved by the ARM64 calling convention
    and shouldn't be clobbered by userspace programs.

    * Source/WTF/wtf/Assertions.cpp:
    * Source/bmalloc/libpas/src/libpas/pas_utils.c:

    Canonical link: https://commits.webkit.org/273835@main

Identifier: 272448.601 at safari-7618-branch


  Commit: 660f02feed4bd6569e8847e312ce7e9c77a1e274
      https://github.com/WebKit/WebKit/commit/660f02feed4bd6569e8847e312ce7e9c77a1e274
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in

  Log Message:
  -----------
  Cherry-pick 3fb72872a03a. rdar://88915314

    Fix sandbox compilation error related to empty parameters
    https://bugs.webkit.org/show_bug.cgi?id=268916
    rdar://88915314

    Reviewed by David Kilzer and Brent Fulgham.

    On rare occasions, see https://bugs.webkit.org/show_bug.cgi?id=222233 for more details, the sandbox string
    parameters provided to the Networking process' sandbox can be empty. This will cause the compilation of the
    sandbox to fail, and the Networking process will crash on startup being unable to apply the sandbox. We can
    guard against this in the sandbox by checking the string length of the parameters. We already do this for
    the GPU process and WebContent process.

    * Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:

    Canonical link: https://commits.webkit.org/274228@main

Identifier: 272448.602 at safari-7618-branch


  Commit: 7f9e099a60106286973e0df3702195ed2a862638
      https://github.com/WebKit/WebKit/commit/7f9e099a60106286973e0df3702195ed2a862638
  Author: Andy Estes <aestes at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm

  Log Message:
  -----------
  Cherry-pick e8c7841cdc9f. rdar://121813084

    [iOS] Remove User-Agent quirk for facebook.com
    https://bugs.webkit.org/show_bug.cgi?id=268841
    rdar://121813084

    Reviewed by Tim Horton.

    The User-Agent quirk for facebook.com is no longer necessary and can be removed.

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::shouldAvoidUsingIOS17UserAgentForFacebook const): Deleted.
    * Source/WebCore/page/Quirks.h:
    * Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::platformUserAgent const):

    Canonical link: https://commits.webkit.org/274245@main

Identifier: 272448.603 at safari-7618-branch


  Commit: 216816019879e9909f0dfc9a50c68f16d44c1b63
      https://github.com/WebKit/WebKit/commit/216816019879e9909f0dfc9a50c68f16d44c1b63
  Author: Tim Horton <timothy_horton at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.mm

  Log Message:
  -----------
  Cherry-pick 39d4937cd464. rdar://122524309

    REGRESSION (271747 at main): UI-side compositing repaint is broken with DOMGPUP off
    https://bugs.webkit.org/show_bug.cgi?id=268968

    Reviewed by Simon Fraser.

    * Source/WebKit/Shared/RemoteLayerTree/RemoteLayerWithInProcessRenderingBackingStore.mm:
    (WebKit::RemoteLayerWithInProcessRenderingBackingStore::createContextAndPaintContents):
    If DOMGPUP is off and UI-side compositing is on, we use RemoteLayerWithInProcessRenderingBackingStore.

    This is an uncommon situation to be in; as far as I have been able to determine,
    it requires changing default settings on all platforms (turning off DOMGPUP on macOS or iOS,
    or turning off dynamic content scaling on visionOS, which happens to accidentally work around this).

    The code to apply clipping for partial repaint was hoisted out of RemoteLayerBackingStore
    in 271747 at main, and sadly was also hoisted past the GraphicsContextStateSaver
    that would result in it not persisting forever. Thus, clips end up *accumulating*,
    breaking partial repaint.

    Put an extra GraphicsContextStateSaver above the clipping.

    Canonical link: https://commits.webkit.org/274312@main

Identifier: 272448.604 at safari-7618-branch


  Commit: a5571b57e613d4d364bb61aa6cd8de1dbba4e341
      https://github.com/WebKit/WebKit/commit/a5571b57e613d4d364bb61aa6cd8de1dbba4e341
  Author: Loïc Yhuel <loic.yhuel at softathome.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/page/DOMWindow.cpp

  Log Message:
  -----------
  Cherry-pick c4bb21451b14. rdar://122501631

    REGRESSION(262334 at main): Fix leak of SecurityOrigin with postMessage
    https://bugs.webkit.org/show_bug.cgi?id=268915

    Reviewed by Charlie Wolfe.

    DOMWindow::createTargetOriginForPostMessage could return a new
    SecurityOrigin with two refs.
    It is only used with RefPtr, so we only need to have one ref.

    * Source/WebCore/page/DOMWindow.cpp:
    (WebCore::DOMWindow::createTargetOriginForPostMessage):

    Canonical link: https://commits.webkit.org/274382@main

Identifier: 272448.605 at safari-7618-branch


  Commit: 73eee08bf7c1950b34f0d633345c161096db3aea
      https://github.com/WebKit/WebKit/commit/73eee08bf7c1950b34f0d633345c161096db3aea
  Author: Eric Carlson <eric.carlson at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/media/video-playback-system-interruption-expected.txt
    A LayoutTests/media/video-playback-system-interruption.html
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/platform/audio/PlatformMediaSession.cpp
    M Source/WebCore/platform/audio/PlatformMediaSession.h
    M Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp
    M Source/WebCore/platform/audio/PlatformMediaSessionManager.h

  Log Message:
  -----------
  Cherry-pick 537043c0738d. rdar://117928506

    Don't allow playback to start when in the background and interrupted by the system
    https://bugs.webkit.org/show_bug.cgi?id=269081
    rdar://117928506

    Reviewed by Jer Noble.

    Don't allow playback to begin when WebKit is in the background and has also been interrupted
    by the audio session. This can happen, for example, when playback is started from Control
    Center on the lock screen and the user switches to the camera app and activates the video
    camera. Allowing playback activates WebKit's AVAudioSession and prevents the camera app
    from using the volume buttons to trigger start/stop recording.

    * LayoutTests/media/video-playback-system-interruption-expected.txt: Added.
    * LayoutTests/media/video-playback-system-interruption.html: Added.

    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::couldPlayIfEnoughData const): Return false if the element
    needs an active audio session and it was paused by a system interruption.

    * Source/WebCore/platform/audio/PlatformMediaSession.cpp: Keep a vector of interruption types
    instead of an interruption count so we know the type of the most recent interruption.
    (WebCore::PlatformMediaSession::interruptionType const): Return the type of the most recent
    interruption, not the first.
    (WebCore::PlatformMediaSession::beginInterruption): Update for interruption stack.
    (WebCore::PlatformMediaSession::endInterruption): Ditto.
    (WebCore::PlatformMediaSession::isPlayingToWirelessPlaybackTargetChanged): Can no longer
    save and restore the interruption count, but the issue that caused the change appears to
    have been fixed.
    (WebCore::PlatformMediaSession::blockedBySystemInterruption const):
    * Source/WebCore/platform/audio/PlatformMediaSession.h:
    (WebCore::PlatformMediaSession::interruptionCount const):
    (WebCore::PlatformMediaSession::interruptionType const): Deleted.

    Canonical link: https://commits.webkit.org/274438@main

Identifier: 272448.606 at safari-7618-branch


  Commit: 266e0b31edca9a49179030e341e30b05b738ff46
      https://github.com/WebKit/WebKit/commit/266e0b31edca9a49179030e341e30b05b738ff46
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp

  Log Message:
  -----------
  Cherry-pick 8a0987250d87. rdar://120492434

    [iOS] youtube.com: Exiting fullscreen causes page to scroll down slightly, cropping top of video
    https://bugs.webkit.org/show_bug.cgi?id=269120
    rdar://120492434

    Reviewed by Aditya Keerthi.

    In 271567 at main, we added a call to `scrollIntoView()` to ensure the element which was exiting
    fullscreen was visible in the viewport, no matter how much layout shifted the element during
    the fullscreen transition. However, this has the side effect of "pinning" the fullscreen element
    to the top of the page, which for the case of YouTube, is under the YouTube header bar.

    Instead, call `scrollIntoViewIfNotVisible()` (passing in `true` to center the element if
    offscreen) which is a no-op if the element is already visible.

    * Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp:
    (WebKit::WebFullScreenManager::didExitFullScreen):

    Canonical link: https://commits.webkit.org/274460@main

Identifier: 272448.607 at safari-7618-branch


  Commit: 1ae7cded73d7791d760605f248391c80339249e0
      https://github.com/WebKit/WebKit/commit/1ae7cded73d7791d760605f248391c80339249e0
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

  Log Message:
  -----------
  Cherry-pick 1b857d6d2251. rdar://121898126

    [iOS] Pinch zooming then fullscreening causes fullscreen presentation to be zoomed unexpectedly
    https://bugs.webkit.org/show_bug.cgi?id=269195
    rdar://121898126

    Reviewed by Andy Estes.

    The intent of the fullscreen presentation on iOS is to disable zooming & lock the zoom level to an
    extent to which the entire contents of the fulscreen element are visible in the viewport. However,
    the web page itself can change the minimum and maximum zoom levels (and even the current zoom
    level). When this happens, it breaks the expected behavior of fullscreen mode, which is to show the
    entire contents of the fullscreen element in the viewport.

    The previous implementation attempted to save and restore the min, max, and current zoom levels when
    entering and exiting fullscreen, assuming those levels would not be re-set during fullscreen mode.
    This assumption was not met. Instead, add an IPI to override zoom levels sent by the page during
    rendering, and a matching IPI to remove that override. Only the current zoom level is saved and restored.

    * Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h:
    * Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h:
    * Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
    (-[WKWebView _updateScrollViewForTransaction:]):
    (-[WKWebView _overrideZoomScaleParametersWithMinimumZoomScale:maximumZoomScale:allowUserScaling:]):
    (-[WKWebView _clearOverrideZoomScaleParameters]):
    * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
    (WebKit::WKWebViewState::applyTo):
    (WebKit::WKWebViewState::store):
    (-[WKFullScreenWindowController enterFullScreen:]):
    (-[WKFullScreenWindowController _reinsertWebViewUnderPlaceholder]):

    Canonical link: https://commits.webkit.org/274503@main

Identifier: 272448.608 at safari-7618-branch


  Commit: 0df832d65bf66a98821405a66275b8fb7d3b2a72
      https://github.com/WebKit/WebKit/commit/0df832d65bf66a98821405a66275b8fb7d3b2a72
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp

  Log Message:
  -----------
  Cherry-pick c3b754f8cd59. rdar://118486861

    Crash under WebPage::close()
    https://bugs.webkit.org/show_bug.cgi?id=269373
    rdar://118486861

    Reviewed by Brent Fulgham.

    Add a null check for the LocalFrame given that nothing prevents it
    from being null and we're seeing null dereferences in the wild.

    * Source/WebKit/WebProcess/WebPage/WebPage.cpp:
    (WebKit::WebPage::close):

    Canonical link: https://commits.webkit.org/274641@main

Identifier: 272448.609 at safari-7618-branch


  Commit: 36cdc873c73a6f0547599152f19a55f2b488ff05
      https://github.com/WebKit/WebKit/commit/36cdc873c73a6f0547599152f19a55f2b488ff05
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm

  Log Message:
  -----------
  Cherry-pick ad9eeb0d8d0e. rdar://117099085

    [iOS] Address fullscreen warning UI feedback
    https://bugs.webkit.org/show_bug.cgi?id=269340
    rdar://117099085

    Reviewed by Aditya Keerthi.

    Address feedback re: the fullscreen warning panel is visible upon entering fullscreen
    by making two changes to the warning panel:

    1. Move the panel to the top third of the screen, to avoid both media controls in the
       center of the screen, as well as controls along the bottom.

    2. Allow the user to dismiss the warning panel by tapping on it; but ensure the panel
       is visible for a minimum amount of time, even if tapped.

    * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
    (-[WKFullScreenViewController invalidate]):
    (-[WKFullScreenViewController showBanner]):
    (-[WKFullScreenViewController hideBanner]):
    (-[WKFullScreenViewController _minimumHideDelayReached]):
    (-[WKFullScreenViewController _bannerDismissalRecognized:]):
    (-[WKFullScreenViewController loadView]):

    Canonical link: https://commits.webkit.org/274684@main

Identifier: 272448.610 at safari-7618-branch


  Commit: fedb8912495b689e4f8a78113aac92876c7feeb5
      https://github.com/WebKit/WebKit/commit/fedb8912495b689e4f8a78113aac92876c7feeb5
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/AccessCase.h
    M Source/JavaScriptCore/bytecode/InByStatus.cpp
    M Source/JavaScriptCore/bytecode/InByStatus.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/bytecode/Repatch.h
    M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.h
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
    M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGNode.cpp
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h
    M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
    M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    M Source/JavaScriptCore/runtime/MegamorphicCache.cpp
    M Source/JavaScriptCore/runtime/MegamorphicCache.h

  Log Message:
  -----------
  Cherry-pick b13bf4c34887. rdar://121083665

    [JSC] Introduce InBy megamorphic ICs
    https://bugs.webkit.org/show_bug.cgi?id=269255
    rdar://121083665

    Reviewed by Justin Michaud.

    This patch adds InBy megamorphic IC in all tiers. This is super similar to GetBy megamorphic IC.
    Similar to GetBy megamorphic IC, we store structure/uid pair and the result. And when prototype objects
    get changed, we bump the epoch (it is already done), and then all cache gets invalidated.

    The only conceptual difference is that we can say `true` for custom accessor gets found. This is not
    possible for GetBy megamorphic IC, but for InBy IC, it is OK since it is only asking whether it exists or not.

    * Source/JavaScriptCore/bytecode/AccessCase.cpp:
    (JSC::AccessCase::create):
    (JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const):
    (JSC::AccessCase::requiresIdentifierNameMatch const):
    (JSC::AccessCase::requiresInt32PropertyCheck const):
    (JSC::AccessCase::forEachDependentCell const):
    (JSC::AccessCase::doesCalls const):
    (JSC::AccessCase::canReplace const):
    (JSC::AccessCase::runWithDowncast):
    (JSC::AccessCase::canBeShared):
    * Source/JavaScriptCore/bytecode/AccessCase.h:
    * Source/JavaScriptCore/bytecode/InByStatus.cpp:
    (JSC::InByStatus::computeFor):
    (JSC::InByStatus::computeForStubInfo):
    (JSC::InByStatus::computeForStubInfoWithoutExitSiteFeedback):
    (JSC::InByStatus::merge):
    (JSC::InByStatus::dump const):
    * Source/JavaScriptCore/bytecode/InByStatus.h:
    * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
    (JSC::needsScratchFPR):
    (JSC::forInBy):
    (JSC::InlineCacheCompiler::generateWithGuard):
    (JSC::InlineCacheCompiler::generateImpl):
    (JSC::InlineCacheCompiler::regenerate):
    * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
    (JSC::canUseMegamorphicInById):
    * Source/JavaScriptCore/bytecode/Repatch.cpp:
    (JSC::repatchInBySlowPathCall):
    (JSC::tryCacheInBy):
    (JSC::repatchInBy):
    * Source/JavaScriptCore/bytecode/Repatch.h:
    * Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
    (JSC::StructureStubInfo::summary const):
    (JSC::SharedJITStubSet::getMegamorphic const):
    (JSC::SharedJITStubSet::setMegamorphic):
    * Source/JavaScriptCore/bytecode/StructureStubInfo.h:
    * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleInById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * Source/JavaScriptCore/dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    * Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
    (JSC::DFG::doesGC):
    * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * Source/JavaScriptCore/dfg/DFGNode.cpp:
    (JSC::DFG::Node::convertToInByIdMaybeMegamorphic):
    * Source/JavaScriptCore/dfg/DFGNode.h:
    (JSC::DFG::Node::hasCacheableIdentifier):
    (JSC::DFG::Node::cacheableIdentifier):
    (JSC::DFG::Node::hasArrayMode):
    (JSC::DFG::Node::convertToInById): Deleted.
    * Source/JavaScriptCore/dfg/DFGNodeType.h:
    * Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
    * Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    (JSC::DFG::SpeculativeJIT::compileInByIdMegamorphic):
    (JSC::DFG::SpeculativeJIT::compileInByValMegamorphic):
    * Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
    (JSC::DFG::StrengthReductionPhase::handleNode):
    * Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileNode):
    (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
    * Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
    (JSC::AssemblyHelpers::hasMegamorphicProperty):
    * Source/JavaScriptCore/jit/AssemblyHelpers.h:
    * Source/JavaScriptCore/jit/JITOperations.cpp:
    (JSC::inByIdMegamorphic):
    (JSC::JSC_DEFINE_JIT_OPERATION):
    (JSC::inByValMegamorphic):
    * Source/JavaScriptCore/jit/JITOperations.h:
    * Source/JavaScriptCore/runtime/MegamorphicCache.cpp:
    (JSC::MegamorphicCache::age):
    (JSC::MegamorphicCache::clearEntries):
    * Source/JavaScriptCore/runtime/MegamorphicCache.h:
    (JSC::MegamorphicCache::HasEntry::offsetOfUid):
    (JSC::MegamorphicCache::HasEntry::offsetOfStructureID):
    (JSC::MegamorphicCache::HasEntry::offsetOfEpoch):
    (JSC::MegamorphicCache::HasEntry::offsetOfResult):
    (JSC::MegamorphicCache::HasEntry::init):
    (JSC::MegamorphicCache::offsetOfHasCachePrimaryEntries):
    (JSC::MegamorphicCache::offsetOfHasCacheSecondaryEntries):
    (JSC::MegamorphicCache::hasCachePrimaryHash):
    (JSC::MegamorphicCache::hasCacheSecondaryHash):
    (JSC::MegamorphicCache::initAsHasHit):
    (JSC::MegamorphicCache::initAsHasMiss):

    Canonical link: https://commits.webkit.org/274687@main

Identifier: 272448.611 at safari-7618-branch


  Commit: 9471b773fae05d657241acd8b9ae1da10f549602
      https://github.com/WebKit/WebKit/commit/9471b773fae05d657241acd8b9ae1da10f549602
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-2-expected.html
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-2.html
    M Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 06901f025593. rdar://122988695

    [IFC][Ruby] Some characters are overlapped (Hiragana + Kanji character with Ruby) in Books
    https://bugs.webkit.org/show_bug.cgi?id=269624
    <rdar://122988695>

    Reviewed by Antti Koivisto.

    Neither 'before' nor 'after' overhanging (adjacent to ruby) content should shift justified content.

    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-2-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-2.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:
    (WebCore::Layout::InlineDisplayContentBuilder::applyRubyOverhang):

    Canonical link: https://commits.webkit.org/274944@main

Identifier: 272448.612 at safari-7618-branch


  Commit: b2c0d2da470e4fe0bf7faaf32d24522967309c17
      https://github.com/WebKit/WebKit/commit/b2c0d2da470e4fe0bf7faaf32d24522967309c17
  Author: Luming Yin <luming_yin at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

  Log Message:
  -----------
  Cherry-pick fef6284d4010. rdar://122487319

    Search buttons and search field are sometimes not visible on Google.com
    https://bugs.webkit.org/show_bug.cgi?id=269055
    rdar://122487319

    Reviewed by Per Arne Vollan.

    * Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:
    Allow looking up `com.apple.MTLCompilerService` without requiring com.apple.webkit.extension.mach
    extension only before macOS Sonoma where GPU DOM rendering is not enabled by default.

    Canonical link: https://commits.webkit.org/274634@main

Identifier: 272448.613 at safari-7618-branch


  Commit: a1253c15ed42ba22ec7dd4a5d77f49ce79d20a00
      https://github.com/WebKit/WebKit/commit/a1253c15ed42ba22ec7dd4a5d77f49ce79d20a00
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h

  Log Message:
  -----------
  Use-after-free in WebCore::AudioBufferSourceNode::renderFromBuffer
https://bugs.webkit.org/show_bug.cgi?id=270007
rdar://123510096

Reviewed by Jer Noble and Geoffrey Garen.

JS sets the AudioBufferSourceNode.buffer attribute on the main thread. This buffer is then used
on the audio thread for rendering. We were attempting to synchronize the threads via
m_processLock. However, this only synchronizes the audio thread with
AudioBufferSourceNode::setBuffer(). The JS could still modify the buffer's contents on the main
thread via locking. Since the buffer's channels are backed by JS ArrayBuffers, the JS could even
detach/transfer them. This could lead to use-after-free on the audio rendering thread when the
JS does so.

To address the issue, we improve the "acquire the buffer content" logic in the specification [1]
When the buffer gets set and the node is already playing, or when the node starts playing, we
copy the contents of the buffer provided by JS into m_outputChannels. The audio thread now only
ever interacts with the copy in m_outputChannels.

This is not as good performance-wise but it is needed for thread-safety.

[1] https://webaudio.github.io/web-audio-api/#acquire-the-content

* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore::AudioBufferSourceNode::process):
(WebCore::AudioBufferSourceNode::renderFromBuffer):
(WebCore::AudioBufferSourceNode::setBufferForBindings):
(WebCore::AudioBufferSourceNode::acquireBufferContent):
(WebCore::AudioBufferSourceNode::startPlaying):
(WebCore::AudioBufferSourceNode::adjustGrainParameters):
(WebCore::AudioBufferSourceNode::totalPitchRate):
(WebCore::AudioBufferSourceNode::propagatesSilence const):
* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h:

Canonical link: https://commits.webkit.org/272448.614@safari-7618-branch


  Commit: c4decfa67c5c5f3d02e6f3bd0ceecb94fbd63114
      https://github.com/WebKit/WebKit/commit/c4decfa67c5c5f3d02e6f3bd0ceecb94fbd63114
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M LayoutTests/media/media-source/media-source-video-playback-quality-expected.txt
    M LayoutTests/media/media-source/media-source-video-playback-quality.html
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/platform/PlatformMediaError.cpp
    M Source/WebCore/platform/PlatformMediaError.h
    M Source/WebCore/platform/graphics/MediaPlayer.cpp
    M Source/WebCore/platform/graphics/MediaPlayer.h
    M Source/WebCore/platform/graphics/MediaPlayerPrivate.cpp
    M Source/WebCore/platform/graphics/MediaPlayerPrivate.h
    M Source/WebCore/platform/graphics/VideoPlaybackQualityMetrics.h
    M Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm
    M Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp
    M Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.messages.in

  Log Message:
  -----------
  Cherry-pick d7e69a605f2a. rdar://123475215

    [AVFObjC] [AVPlayerLayer videoPerformanceMetrics] may deadlock
    https://bugs.webkit.org/show_bug.cgi?id=268136
    rdar://121637422

    Reviewed by Youenn Fablet.

    A call to [AVPlayerLayer videoPerformanceMetrics] may deadlock if the AVPlayer is
    also waiting in the main thread for more data to be delivered.
    This commonly occurs when there are lots of videos playing at once and result in
    a blocked GPU process.

    Dealing with getting the networking data being delivered on the main thread will be
    dealt in bug 235353.
    For now, call [AVPlayerLayer videoPerformanceMetrics] on a different WorkQueue.
    The RemoteMediaPlayerProxy already regularly polls the MediaPlayerPrivate for the
    videoPlaybackQualityMetrics, so performing the actions asynchronously doesn't have
    a measurable impact.
    And it does prevent the GPU process to be deadlock.

    Fly-by: While the VideoPlaybackQualityMetrics were properly calculated
    and updated in the GPU process at a set interval, the values weren't
    being sent to the Content Process except under some limited circumstances
    (video got paused, started playing or stall). As such, retrieving the
    VideoPlaybackQuality from the video element would typically always return
    the same values.

    * LayoutTests/media/media-source/media-source-video-playback-quality-expected.txt:
    * LayoutTests/media/media-source/media-source-video-playback-quality.html:
    The quality metrics are calculated every 0.25s (250ms) but we were only
    waiting for 50ms.
    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
    * Source/WebCore/platform/PlatformMediaError.cpp: Adding new error code.
    A prior change was incomplete and failed to add the serialisation data.
    (WebCore::convertEnumerationToString):
    * Source/WebCore/platform/PlatformMediaError.h:
    * Source/WebCore/platform/graphics/MediaPlayer.cpp:
    (WebCore::MediaPlayer::asyncVideoPlaybackQualityMetrics):
    * Source/WebCore/platform/graphics/MediaPlayer.h:
    * Source/WebCore/platform/graphics/MediaPlayerPrivate.cpp:
    (WebCore::MediaPlayerPrivateInterface::asyncVideoPlaybackQualityMetrics):
    * Source/WebCore/platform/graphics/MediaPlayerPrivate.h:
    * Source/WebCore/platform/graphics/VideoPlaybackQualityMetrics.h:
    (WebCore::VideoPlaybackQualityMetrics::operator+=):
    * Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::asyncVideoPlaybackQualityMetrics):
    * Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp:
    (WebKit::RemoteMediaPlayerProxy::maybeUpdateCachedVideoMetrics):
    (WebKit::RemoteMediaPlayerProxy::updateCachedVideoMetrics):
    * Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h:
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
    (WebKit::MediaPlayerPrivateRemote::updatePlaybackQualityMetrics):
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h:
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.messages.in:
    Add specific message for sending the VideoPlaybackQualityMetrics, as sending
    the entire cached state is expensive (particularly reading the video time).

    Canonical link: https://commits.webkit.org/273580@main

Identifier: 272448.615 at safari-7618-branch


  Commit: 7e4834d76b879d5480833decc7f6181a68d7ce20
      https://github.com/WebKit/WebKit/commit/7e4834d76b879d5480833decc7f6181a68d7ce20
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Configurations/libwebrtc.xcconfig
    M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderVTBVP9.mm
    M Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp

  Log Message:
  -----------
  Cherry-pick b5217d075329. rdar://123475343

    [Cocoa] Reenable WebCodecs VP9 hardware decoder for AS
    rdar://121693406
    https://bugs.webkit.org/show_bug.cgi?id=268298

    Reviewed by Eric Carlson.

    WebCodecs allows to create decoders without width and height.
    In that case, for VP9, we retrieve this information from the input format that is parsed.

    We can also parse whether we should use video range or full range pixel formats.
    We update the buffer pool accordingly.

    Finally, we no longer remove the kCVImageBufferCGColorSpaceKey like is done for the H264 decoder as it is necessary to correctly render decoded video frames in canvas.
    We instead set it to sRGB.

    Covered by imported/w3c/web-platform-tests/webcodecs/full-cycle-test.https.any.html?vp9_p0 for the full range/video range fix.
    Covered by imported/w3c/web-platform-tests/webcodecs/videoFrame-createImageBitmap.https.any.worker.html for the creation of decoder without width and height,
    and the right color space usage.

    * Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderVTBVP9.mm:
    (computeInputFormat):
    (overrideVP9ColorSpaceAttachments):
    (-[RTCVideoDecoderVTBVP9 init]):
    (-[RTCVideoDecoderVTBVP9 decodeData:size:timeStamp:]):
    (-[RTCVideoDecoderVTBVP9 resetDecompressionSession]):
    * Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp:
    (WebKit::shouldUseLocalDecoder):

    Canonical link: https://commits.webkit.org/273733@main

Identifier: 272448.616 at safari-7618-branch


  Commit: a72205ee3951dba39357c9d84d08ebf7a41e6b1a
      https://github.com/WebKit/WebKit/commit/a72205ee3951dba39357c9d84d08ebf7a41e6b1a
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm

  Log Message:
  -----------
  Cherry-pick 0ac4c71a6f85. rdar://123475213

    Crash in fast/canvas/webgl/tex-image-and-uniform-binding test
    https://bugs.webkit.org/show_bug.cgi?id=268372
    rdar://121921205

    Reviewed by Youenn Fablet.

    It was possible for m_videoLayer to be set to zero before we accessed it in the VideoPlaybackQualityMetrics WorkQueue.

    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::platformSetVisible):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::videoPlaybackQualityMetrics):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::videoPlaybackQualityMetrics const):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::asyncVideoPlaybackQualityMetrics):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableHDR):

    Canonical link: https://commits.webkit.org/273785@main

Identifier: 272448.617 at safari-7618-branch


  Commit: a0a021c1e219b5074dd9f51b9c4efa2d0ea3ff94
      https://github.com/WebKit/WebKit/commit/a0a021c1e219b5074dd9f51b9c4efa2d0ea3ff94
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitCaptureSource.h
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitCaptureSource.mm
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.h
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.mm

  Log Message:
  -----------
  Cherry-pick 5a6b1df677bb. rdar://122187886

    [macOS] Screen or Window sharing in Safari stops working once paused, resume option does not work - WebRTC getDisplayMedia
    https://bugs.webkit.org/show_bug.cgi?id=269566
    rdar://122187886

    Reviewed by Eric Carlson.

    When muting the source, we stop it.
    At that point, we were forgetting which content filter we were using, which is necessary to restart the stream.
    We are now storing it in ScreenCaptureKitCaptureSource by querying ScreenCaptureKitSharingSessionManager.
    When unmuting, we already have it and we can construct successfully a new session source.

    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitCaptureSource.h:
    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitCaptureSource.mm:
    (WebCore::ScreenCaptureKitCaptureSource::startContentStream):
    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.h:
    * Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.mm:
    (WebCore::ScreenCaptureKitSharingSessionManager::cancelPendingSessionForDevice):
    (WebCore::ScreenCaptureKitSharingSessionManager::contentFilterFromCaptureDevice):
    (WebCore::ScreenCaptureKitSharingSessionManager::createSessionSourceForDevice):

    Canonical link: https://commits.webkit.org/274943@main

Identifier: 272448.618 at safari-7618-branch


  Commit: 7314ffe0d70affc28466157667deb280741fbf00
      https://github.com/WebKit/WebKit/commit/7314ffe0d70affc28466157667deb280741fbf00
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions-expected.txt
    A LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions.html
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm

  Log Message:
  -----------
  Cherry-pick 33ccda6e9a05. rdar://123018695

    [iOS] Extending selection with arrow keys before an inline prediction causes a MESSAGE_CHECK
    https://bugs.webkit.org/show_bug.cgi?id=269750
    rdar://123018695

    Reviewed by Ryosuke Niwa.

    When computing `selectedRangeInMarkedText`, we use `distanceBetweenPositions` to compute the
    location of the range, based on the number of characters from the start of the composition range to
    the start of the selection. When an inline prediction is active, however, it's possible to extend
    the selection backwards, before the start of the marked text representing the inline prediction. In
    this case, `distanceBetweenPositions` returns -1; this value is then interpreted as the `uint64_t`
    numeric max limit and sent over IPC in `DocumentEditingContext::Range`, where it fails to decode due
    to overflowing the max value which (subsequently) causes the web process to terminate.

    To avoid this, we clamp the `selectedRangeInMarkedText` to the marked text range, such that the
    endpoints of this range are both clamped to `[0, markedTextLength]`.

    * LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions-expected.txt: Added.
    * LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions.html: Added.
    * Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::requestDocumentEditingContext):

    Canonical link: https://commits.webkit.org/275017@main

Identifier: 272448.619 at safari-7618-branch


  Commit: a5b5204aca83551f52ecfe319a9db0ab2bfbbc15
      https://github.com/WebKit/WebKit/commit/a5b5204aca83551f52ecfe319a9db0ab2bfbbc15
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/fast/mediastream/applyConstraints-bad-constraints-expected.txt
    A LayoutTests/fast/mediastream/applyConstraints-bad-constraints.html
    M Source/WebCore/platform/mediastream/RealtimeMediaSource.cpp
    M Source/WebCore/platform/mediastream/RealtimeMediaSourceCapabilities.h

  Log Message:
  -----------
  Cherry-pick 5f7adde53ff6. rdar://121949844

    RealtimeMediaSource error logging is wrong for zoom and frame rate constraints
    rdar://121949844
    https://bugs.webkit.org/show_bug.cgi?id=269700

    Reviewed by Eric Carlson.

    Debug ASSERTs were changed into RELEASE_ASSERT in https://github.com/WebKit/WebKit/commit/f685afa11acafdf44fd60af91b837cb1f3bf85f9.
    But these asserts are hit since our loggings are mistakenly calling longRange() for double constraints.
    Update our logging code to use double constraints and add corresponding tests.
    We downgrade the two RELEASE_ASSERT to ASSERT like it was the case before https://github.com/WebKit/WebKit/commit/f685afa11acafdf44fd60af91b837cb1f3bf85f9.
    A future patch should further refactor this code to remove these ASSERTS.

    * LayoutTests/fast/mediastream/applyConstraints-bad-constraints-expected.txt: Added.
    * LayoutTests/fast/mediastream/applyConstraints-bad-constraints.html: Added.
    * Source/WebCore/platform/mediastream/RealtimeMediaSource.cpp:
    (WebCore::RealtimeMediaSource::hasInvalidSizeFrameRateAndZoomConstraints):

    Canonical link: https://commits.webkit.org/275036@main

Identifier: 272448.620 at safari-7618-branch


  Commit: 465cb87c8b1a29a92cea01d5cbe8369265849b35
      https://github.com/WebKit/WebKit/commit/465cb87c8b1a29a92cea01d5cbe8369265849b35
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/dom/EventPath.h

  Log Message:
  -----------
  Cherry-pick fc6c4ebadf58. rdar://123326028

    Use 32 for EventPath m_path
    https://bugs.webkit.org/show_bug.cgi?id=269803
    rdar://123326028

    Reviewed by Ryosuke Niwa.

    Adjust inline capacity for the cases we observed.

    * Source/WebCore/dom/EventPath.h:

    Canonical link: https://commits.webkit.org/275065@main

Identifier: 272448.621 at safari-7618-branch


  Commit: 00b5ed78270102f66d780b998ce1776b337dfa68
      https://github.com/WebKit/WebKit/commit/00b5ed78270102f66d780b998ce1776b337dfa68
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp

  Log Message:
  -----------
  Cherry-pick 3194a24ba7ab. rdar://99740304

    CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::drawPagesToPDFImpl
    https://bugs.webkit.org/show_bug.cgi?id=269881
    rdar://99740304

    Reviewed by Wenson Hsieh.

    Crash reports have been showing null derefs of `m_printContext` under
    `drawPagesToPDFImpl`. However, it is unclear exactly what results in this
    scenario, and a user reports have not been found.

    Fix by adding a null check.

    * Source/WebKit/WebProcess/WebPage/WebPage.cpp:
    (WebKit::WebPage::drawPagesToPDFImpl):

    Canonical link: https://commits.webkit.org/275149@main

Identifier: 272448.622 at safari-7618-branch


  Commit: 9049ab85d2d31daa60c630ccc800570e5b8ede92
      https://github.com/WebKit/WebKit/commit/9049ab85d2d31daa60c630ccc800570e5b8ede92
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.cpp
    M Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.h
    M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm
    M Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp
    M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp
    M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
    M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.h
    M Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm

  Log Message:
  -----------
  Cherry-pick 857b349b8403. rdar://121770895

    [iOS] Fail camera capture if there is no media environment
    https://bugs.webkit.org/show_bug.cgi?id=269837
    rdar://121770895

    Reviewed by Eric Carlson.

    Update UserMediaCaptureManagerProxy::startProducingData to fail capture early if there is the browser entitlement,
    capture is for camera and there is no media environment.

    We add an ASSERT to MockRealtimeVideoSource::startProducingData and logging in AVVideoCaptureSource::setupSession.

    * Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.cpp:
    (WebCore::RealtimeMediaSourceCenter::setCurrentMediaEnvironment):
    * Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.h:
    * Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm:
    (WebCore::AVVideoCaptureSource::setupSession):
    * Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp:
    (WebCore::MockRealtimeVideoSource::startProducingData):
    * Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp:
    * Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
    (WebKit::UserMediaCaptureManagerProxy::startProducingData):
    * Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.h:
    (WebKit::UserMediaCaptureManagerProxy::ConnectionProxy::setCurrentMediaEnvironment):
    * Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/275169@main

Identifier: 272448.623 at safari-7618-branch


  Commit: 4f038580f8fdc55ec9e98290681d12236160b53d
      https://github.com/WebKit/WebKit/commit/4f038580f8fdc55ec9e98290681d12236160b53d
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-02-23 (Fri, 23 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/media/hls/track-webvtt-multitracks-expected.txt
    A LayoutTests/http/tests/media/hls/track-webvtt-multitracks.html
    A LayoutTests/http/tests/media/resources/hls/test-webvtt-multitracks.m3u8
    M Source/WebCore/platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp
    M Source/WebCore/platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h
    M Source/WebCore/platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp
    M Source/WebCore/platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h
    M Source/WebCore/platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h

  Log Message:
  -----------
  Cherry-pick c8652ac395bc. rdar://122842659

    REGRESSION (271599 at main): espn.com: Closed captions aren't displaying in videos
    https://bugs.webkit.org/show_bug.cgi?id=269847
    rdar://122842659

    Reviewed by Eric Carlson.

    In this video, we had 2 text tracks, all with a track id of 0.
    The reasons for this is that it contained a InbandMetadataTextTrack and a InbandTextTrack
    and the MediaPlayerPrivateAVFoundation weren't assigning them unique trackID which
    would confuse the search in the hash table trying to match a TrackID to a track.

    A TrackID for an inband text track is an abstract concept, it doesn't reflect anything
    relevant to the user (Except that it must be unique).
    We only need that TrackID to be unique between all the tracks in a given MediaPlayer.

    So we assign them a unique TrackID at creation.

    Add a HLS file that contains both a metadata and a subtitle track and ensure
    that cues are added to the proper one.

    * LayoutTests/http/tests/media/hls/track-webvtt-multitracks-expected.txt: Added.
    * LayoutTests/http/tests/media/hls/track-webvtt-multitracks.html: Added.
    * LayoutTests/http/tests/media/resources/hls/test-webvtt-multitracks.m3u8: Added.
    * Source/WebCore/platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
    (WebCore::InbandMetadataTextTrackPrivateAVF::create):
    (WebCore::InbandMetadataTextTrackPrivateAVF::InbandMetadataTextTrackPrivateAVF):
    * Source/WebCore/platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
    * Source/WebCore/platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
    (WebCore::InbandTextTrackPrivateAVF::InbandTextTrackPrivateAVF):
    * Source/WebCore/platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h:
    (WebCore::InbandTextTrackPrivateAVFObjC::create):
    * Source/WebCore/platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
    (WebCore::InbandTextTrackPrivateAVFObjC::InbandTextTrackPrivateAVFObjC):
    (WebCore::InbandTextTrackPrivateAVFObjC::id const): Deleted.
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions):
    (WebCore::MediaPlayerPrivateAVFoundationObjC::processMetadataTrack):
    * Source/WebCore/platform/graphics/avfoundation/objc/OutOfBandTextTrackPrivateAVF.h:
    (WebCore::OutOfBandTextTrackPrivateAVF::create):
    (WebCore::OutOfBandTextTrackPrivateAVF::OutOfBandTextTrackPrivateAVF):

    Canonical link: https://commits.webkit.org/275201@main

Identifier: 272448.624 at safari-7618-branch


  Commit: 800c12a28deab1ed8183728f5b38724e51684b4f
      https://github.com/WebKit/WebKit/commit/800c12a28deab1ed8183728f5b38724e51684b4f
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-02-26 (Mon, 26 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/API/JSStringRef.cpp
    M Source/JavaScriptCore/API/tests/testapi.c
    M Source/WTF/wtf/unicode/UTF8Conversion.cpp

  Log Message:
  -----------
  JSStringGetUTF8CString writes beyond the provided buffer size
rdar://122388595

Reviewed by Yusuke Suzuki.

U8_APPEND only checks the capacity in the non-ascii case,
so we should make sure we always check.

* Source/WTF/wtf/unicode/UTF8Conversion.cpp:
(WTF::Unicode::convertLatin1ToUTF8):
(WTF::Unicode::convertUTF16ToUTF8):
* Source/WebCore/dom/TextEncoder.cpp:
(WebCore::TextEncoder::encodeInto):

Canonical link: https://commits.webkit.org/272448.625@safari-7618-branch


  Commit: 0b6e28662a19f191426c534856cae235a72d5a93
      https://github.com/WebKit/WebKit/commit/0b6e28662a19f191426c534856cae235a72d5a93
  Author: Nicole Rosario <nicole_rosario at apple.com>
  Date:   2024-02-26 (Mon, 26 Feb 2024)

  Changed paths:
    A LayoutTests/fast/css-grid-layout/css-grid-template-rows-invalid-length-expected.txt
    A LayoutTests/fast/css-grid-layout/css-grid-template-rows-invalid-length.html
    M Source/WebCore/style/StyleBuilderConverter.h

  Log Message:
  -----------
  Added default length to createGridTrackBreadth() when length is undefined
https://bugs.webkit.org/show_bug.cgi?id=269856
rdar://119619013

Reviewed by Sammy Gill.

`convertToLength` returned length undefined to `createGridTrackBreadth`
which causes an issue when creating GridLength. Added check to see if
length is undefined and if so returned a default length = 0 instead

* Source/WebCore/style/StyleBuilderConverter.h:
(WebCore::Style::BuilderConverter::createGridTrackBreadth):

Canonical link: https://commits.webkit.org/272448.626@safari-7618-branch


  Commit: 51293a58e9ddc80c1d08d757777afe7281f89c36
      https://github.com/WebKit/WebKit/commit/51293a58e9ddc80c1d08d757777afe7281f89c36
  Author: Matthieu Dubet <m_dubet at apple.com>
  Date:   2024-02-26 (Mon, 26 Feb 2024)

  Changed paths:
    A LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair-expected.txt
    A LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair.html
    M Source/WebCore/css/CSSValuePair.cpp
    M Source/WebCore/css/CSSValuePair.h
    M Source/WebCore/css/typedom/StylePropertyMap.cpp
    M Source/WebCore/style/StyleBuilderConverter.h

  Log Message:
  -----------
  [CSS] Fix bug when using a coalesced CSSValuePair with Typed OM
rdar://115346002

Reviewed by Chris Dumez.

We use the CSSParser and the serialization of CSSValue to validate the input of Typed OM set().
Unfortunately, sometimes a CSSValuePair serializes to a single value while it
actually contains two values: this confuses the StyleBuilder.

If the pair has the same values twice "10px 10px", it serializes to only "10px",
thus pass our string-based check (inside setProperty), but then crash when the actual value is a
pair of length instead of a simple length.

The more frequent case when the two values are distincts, such as "10px 30px", is
already prevented by the string-based check.

A proper fix would be to have validation method which doesn't work
on the serialized string value but on the actual typed CSSValue.

For the moment, we avoid crashing and warn the user with an error.

* LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair-expected.txt: Added.
* LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair.html: Added.
* Source/WebCore/css/CSSValuePair.cpp:
(WebCore::CSSValuePair::canBeCoalesced const):
* Source/WebCore/css/CSSValuePair.h:
* Source/WebCore/css/typedom/StylePropertyMap.cpp:
(WebCore::StylePropertyMap::set):
* Source/WebCore/style/StyleBuilderConverter.h:
(WebCore::Style::BuilderConverter::convertLengthSizing):

Canonical link: https://commits.webkit.org/272448.627@safari-7618-branch


  Commit: 483e5bbef7c522dfbc56fe95dc1a8e24307d7339
      https://github.com/WebKit/WebKit/commit/483e5bbef7c522dfbc56fe95dc1a8e24307d7339
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py

  Log Message:
  -----------
  Cherry-pick 275111 at main (e177e893ff98). rdar://120723182

    [git-webkit revert] Add relationships between issues when reverting
    https://bugs.webkit.org/show_bug.cgi?id=267276
    rdar://120723182

    Reviewed by Jonathan Bedard.

    Adds 'blocks' relationship between bugs and 'cause of' relationship between radars.
    This happens after reverting so the issues are only changed with a successful revert.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.get_commit_info):
    (Revert.get_issue_info):
    (Revert):
    (Revert.relate_issues):
    (Revert.main):

    Canonical link: https://commits.webkit.org/275111@main

Canonical link: https://commits.webkit.org/272448.628@safari-7618-branch


  Commit: 8410c235658687357505b60d84f522b1b183ddec
      https://github.com/WebKit/WebKit/commit/8410c235658687357505b60d84f522b1b183ddec
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 275327 at main (144fc8ec0f2c). rdar://123102260

    git-webkit revert --no-commit fails
    https://bugs.webkit.org/show_bug.cgi?id=269949
    rdar://problem/123102260

    Reviewed by Jonathan Bedard.

    Changes commits to be reverted arg to be commit_id.
    Sets webkitscmpy.program.pull_request args.commit default as True.
    If user passes --no-commit, args.commit is False and will trigger git revert --no-commit.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.parser):
    (Revert.get_commit_info):
    (Revert.create_revert_commit_msg):
    (Revert.revert_commit):
    (Revert.main):

    Canonical link: https://commits.webkit.org/275327@main

Canonical link: https://commits.webkit.org/272448.629@safari-7618-branch


  Commit: de5a584c3fee6088b3936d45a1468dd4b9509019
      https://github.com/WebKit/WebKit/commit/de5a584c3fee6088b3936d45a1468dd4b9509019
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py

  Log Message:
  -----------
  Cherry-pick 275336 at main (b5b2c45431e6). rdar://122033841

    [git-webkit revert] Should have an option to utilize landing with --unsafe
    https://bugs.webkit.org/show_bug.cgi?id=268729
    rdar://problem/122033841

    Reviewed by Jonathan Bedard.

    Adds arguments from git-webkit land to automatically land reverts with --safe and --unsafe.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.parser):
    (Revert.get_issue_info):
    (Revert.main):
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py:
    (TestRevert):
    (TestRevert.webserver):
    (test_land_safe):
    (test_land_unsafe):

    Canonical link: https://commits.webkit.org/275336@main

Canonical link: https://commits.webkit.org/272448.630@safari-7618-branch


  Commit: b747e31ec6105ab68bb0b149ebcca282e7fb8202
      https://github.com/WebKit/WebKit/commit/b747e31ec6105ab68bb0b149ebcca282e7fb8202
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py

  Log Message:
  -----------
  Cherry-pick 275397 at main (1decf3d3beaf). rdar://123655661

    [git-webkit revert] Default should not upload a PR
    https://bugs.webkit.org/show_bug.cgi?id=270129
    rdar://problem/123655661

    Reviewed by Jonathan Bedard.

    Sets PR argument default to False.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.parser):
    (Revert.main):
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/revert_unittest.py:
    (test_update):
    (test_pr):

    Canonical link: https://commits.webkit.org/275397@main

Canonical link: https://commits.webkit.org/272448.631@safari-7618-branch


  Commit: 7824b622022e52ddc198a5da86b993b92145b626
      https://github.com/WebKit/WebKit/commit/7824b622022e52ddc198a5da86b993b92145b626
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 275398 at main (8393b67886c2). rdar://123698369

    [git-webkit revert] Fix AttributeError when reason is passed in
    https://bugs.webkit.org/show_bug.cgi?id=270174
    rdar://problem/123698369

    Reviewed by Jonathan Bedard.

    Error handling for an incorrect issue link should occur *after* checking if it is None.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.get_issue_info):

    Canonical link: https://commits.webkit.org/275398@main

Canonical link: https://commits.webkit.org/272448.632@safari-7618-branch


  Commit: f25738c69a33d583f8ca83896557555d500f6226
      https://github.com/WebKit/WebKit/commit/f25738c69a33d583f8ca83896557555d500f6226
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    A JSTests/stress/decouple-calllinkinfo-from-access-case.js
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/AccessCase.h
    M Source/JavaScriptCore/bytecode/GetByStatus.cpp
    M Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp
    M Source/JavaScriptCore/bytecode/GetterSetterAccessCase.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
    M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp
    M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h
    M Source/JavaScriptCore/bytecode/PutByStatus.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.h
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h
    M Source/JavaScriptCore/jit/JITStubRoutine.cpp
    M Source/JavaScriptCore/jit/JITStubRoutine.h

  Log Message:
  -----------
  [JSC] AccessCase should not hold CallLinkInfo*
https://bugs.webkit.org/show_bug.cgi?id=268221
rdar://121733122

Reviewed by Justin Michaud.

AccessCase holds CallLinkInfo*. But when the underlying JITStubRoutine gets destroyed, this becomes invalid.
Previously, it does not matter since we always destroy CodeBlock first (synchronously), and then we clean up JITStubRoutine.
So there were strict ordering.  But now CodeBlock destruction can get delayed.

But fundamentally speaking, having CallLinkInfo* in AccessCase is not right. This is compiled code's data structure and
AccessCase should be just a data for IC feedback.

In this patch we decouple CallLinkInfo* from AccessCase. CallLinkInfo's lifetime should be correctly managed by visitWeak, so,
we add visitWeak iteration in MarkingGCAwareJITStubRoutine. Then we can remove CallLinkInfo from AccessCase.

* JSTests/stress/decouple-calllinkinfo-from-access-case.js: Added.
(F7):
(f25):
(f33):
(C20.prototype.valueOf):
(C20):
(f27):
* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::doesCalls const):
(JSC::AccessCase::visitWeak const):
(JSC::AccessCase::collectDependentCells const):
* Source/JavaScriptCore/bytecode/AccessCase.h:
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
* Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp:
(JSC::GetterSetterAccessCase::dumpImpl const):
* Source/JavaScriptCore/bytecode/GetterSetterAccessCase.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
(JSC::InlineCacheCompiler::generate):
(JSC::InlineCacheCompiler::generateImpl):
(JSC::InlineCacheCompiler::emitProxyObjectAccess):
(JSC::InlineCacheCompiler::regenerate):
(JSC::InlineCacheHandler::callLinkInfoAt):
(JSC::InlineCacheHandler::visitWeak const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp:
(JSC::ProxyObjectAccessCase::dumpImpl const):
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h:
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeForStubInfo):
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::callLinkInfoAt):
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::visitWeakImpl):
(JSC::MarkingGCAwareJITStubRoutine::callLinkInfoAtImpl):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::createICJITStubRoutine):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h:
* Source/JavaScriptCore/jit/JITStubRoutine.cpp:
(JSC::JITStubRoutine::callLinkInfoAt):
* Source/JavaScriptCore/jit/JITStubRoutine.h:
(JSC::JITStubRoutine::callLinkInfoAtImpl):

Canonical link: https://commits.webkit.org/272448.633@safari-7618-branch


  Commit: 897c2d7a069ce138271dbf95f2874ccc82a5e39d
      https://github.com/WebKit/WebKit/commit/897c2d7a069ce138271dbf95f2874ccc82a5e39d
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp
    M Source/JavaScriptCore/bytecode/Repatch.cpp

  Log Message:
  -----------
  Cherry-pick 617715243dc5. rdar://122611742

    [JSC] Clean up CallLinkInfo::unlinlkOrUpgradeImpl to make `remove` consistent
    https://bugs.webkit.org/show_bug.cgi?id=270004
    rdar://122611742

    Reviewed by Alexey Shvayka.

    1. In CallLinkInfo::unlinkOrUpgradeImpl, let's always start with removing it from the list. If we upgrade, we anyway re-chain it to the new CodeBlock.
       So there is no possible case that we would like to keep the current link.
    2. Let's make linked / unlinked state consistent more by moving `remove` code inside CallLinkInfo itself. And always check `isOnList` before calling it.

    * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp:
    (JSC::CallLinkInfo::unlinkOrUpgradeImpl):
    (JSC::CallLinkInfo::setStub):
    * Source/JavaScriptCore/bytecode/Repatch.cpp:
    (JSC::linkPolymorphicCall):

    Canonical link: https://commits.webkit.org/275256@main

Canonical link: https://commits.webkit.org/272448.634@safari-7618-branch


  Commit: 2b593117652de68b0dd381bf455b8fddbd538974
      https://github.com/WebKit/WebKit/commit/2b593117652de68b0dd381bf455b8fddbd538974
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/overhang-with-justified-content-in-vertical-mode-incorrect-size-expected.html
    A LayoutTests/fast/ruby/overhang-with-justified-content-in-vertical-mode-incorrect-size.html
    M Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 421383510002. rdar://122976536

    [IFC][Ruby] Text is clipped at the bottom on some pages in Books
    https://bugs.webkit.org/show_bug.cgi?id=270002
    <rdar://122976536>

    Reviewed by Antti Koivisto.

    Justified text runs are expanded on the wrong axis in vertical writing mode.

    * LayoutTests/fast/ruby/overhang-with-justified-content-in-vertical-mode-incorrect-size-expected.html: Added.
    * LayoutTests/fast/ruby/overhang-with-justified-content-in-vertical-mode-incorrect-size.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:
    (WebCore::Layout::InlineDisplayContentBuilder::applyRubyOverhang):

    Canonical link: https://commits.webkit.org/275258@main

Canonical link: https://commits.webkit.org/272448.635@safari-7618-branch


  Commit: 8b0c6118e9e1a8030c52cef648b0e370e56e04f9
      https://github.com/WebKit/WebKit/commit/8b0c6118e9e1a8030c52cef648b0e370e56e04f9
  Author: Andy Estes <aestes at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

  Log Message:
  -----------
  Cherry-pick d26e92fa4929. rdar://122838328

    [iOS] Element fullscreen window should not support pinch-to-dismiss
    https://bugs.webkit.org/show_bug.cgi?id=270001
    rdar://122838328

    Reviewed by Jer Noble.

    For parity with AVPlayerViewController on iOS, remove support for dismissing the element fullscreen
    window via pinch gesture. Pan dismissal remains supported.

    * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
    (-[WKFullScreenWindowController enterFullScreen:]):
    (-[WKFullScreenWindowController interactionControllerForDismissal:]):
    (-[WKFullScreenWindowController _interactiveDismissChanged:]):
    (-[WKFullScreenWindowController _interactivePinchDismissChanged:]): Deleted.

    Canonical link: https://commits.webkit.org/275288@main

Canonical link: https://commits.webkit.org/272448.636@safari-7618-branch


  Commit: 0b4f6f942102e706dff5d1f17fb6807b2cc492ab
      https://github.com/WebKit/WebKit/commit/0b4f6f942102e706dff5d1f17fb6807b2cc492ab
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/PAL/ThirdParty/libavif/CHANGELOG.md
    M Source/WebCore/PAL/ThirdParty/libavif/CMakeLists.txt
    M Source/WebCore/PAL/ThirdParty/libavif/Configurations/BaseTarget.xcconfig
    M Source/WebCore/PAL/ThirdParty/libavif/LICENSE
    M Source/WebCore/PAL/ThirdParty/libavif/README.md
    A Source/WebCore/PAL/ThirdParty/libavif/SECURITY.md
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/README.md
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/build.gradle
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/proguard-rules.pro
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/AndroidManifest.xml
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/README.md
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/Chimera-AV1-10bit-480x270.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/alpha_video.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/blue-and-magenta-crop.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.monochrome.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.monochrome.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.10bpc.yuv444.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.8bpc.yuv444.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.10bpc.yuv422.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.monochrome.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv422.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv444.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.8bpc.yuv422.avif
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/java/org/aomedia/avif/android/AvifDecoderTest.java
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/proguard-rules.pro
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/AndroidManifest.xml
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/java/org/aomedia/avif/android/AvifDecoder.java
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/CMakeLists.txt
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/libavif_jni.cc
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/build.gradle
    A Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.jar
    M Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.properties
    M Source/WebCore/PAL/ThirdParty/libavif/apps/avifdec.c
    M Source/WebCore/PAL/ThirdParty/libavif/apps/avifenc.c
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/.clang-format
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/avifgainmaputil.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/combine_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/combine_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/convert_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/convert_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/extractgainmap_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/extractgainmap_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/imageio.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/imageio.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/printmetadata_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/printmetadata_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/program_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/program_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/swapbase_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/swapbase_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/tonemap_command.cc
    A Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/tonemap_command.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifexif.c
    A Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifexif.h
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifjpeg.c
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifjpeg.h
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifpng.c
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifpng.h
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifutil.c
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifutil.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/shared/iccmaker.c
    A Source/WebCore/PAL/ThirdParty/libavif/apps/shared/iccmaker.h
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/y4m.c
    M Source/WebCore/PAL/ThirdParty/libavif/apps/shared/y4m.h
    A Source/WebCore/PAL/ThirdParty/libavif/apps/utf8.manifest
    A Source/WebCore/PAL/ThirdParty/libavif/apps/utf8.rc
    M Source/WebCore/PAL/ThirdParty/libavif/appveyor.yml
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findaom.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Finddav1d.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibgav1.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibsharpyuv.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibyuv.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findrav1e.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findsvt.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalAom.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalAvm.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalDav1d.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalGoogletest.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalJpeg.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibXml2.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibargparse.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibgav1.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibsharpyuv.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibyuv.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalRav1e.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalSvt.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalZlibpng.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/merge_static_libs.cmake
    A Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/.clang-format
    M Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/CMakeLists.txt
    M Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/loader.c
    M Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_file.c
    M Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_memory.c
    M Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_streaming.c
    M Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_encode.c
    M Source/WebCore/PAL/ThirdParty/libavif/ext/aom.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/avm.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/compliance_warden.sh
    M Source/WebCore/PAL/ThirdParty/libavif/ext/dav1d.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/dav1d_android.sh
    A Source/WebCore/PAL/ThirdParty/libavif/ext/fuzztest.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/googletest.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/libargparse.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/libgav1.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/libgav1_android.sh
    M Source/WebCore/PAL/ThirdParty/libavif/ext/libsharpyuv.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/libxml2.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/libyuv.cmd
    A Source/WebCore/PAL/ThirdParty/libavif/ext/libyuv_android.sh
    A Source/WebCore/PAL/ThirdParty/libavif/ext/mp4box.sh
    M Source/WebCore/PAL/ThirdParty/libavif/ext/rav1e.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/svt.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/ext/svt.sh
    M Source/WebCore/PAL/ThirdParty/libavif/ext/zlibpng.cmd
    M Source/WebCore/PAL/ThirdParty/libavif/include/avif/avif.h
    A Source/WebCore/PAL/ThirdParty/libavif/include/avif/avif_cxx.h
    M Source/WebCore/PAL/ThirdParty/libavif/include/avif/internal.h
    M Source/WebCore/PAL/ThirdParty/libavif/libavif.pc.cmake
    M Source/WebCore/PAL/ThirdParty/libavif/libavif.xcodeproj/project.pbxproj
    M Source/WebCore/PAL/ThirdParty/libavif/src/alpha.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/avif.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/codec_aom.c
    A Source/WebCore/PAL/ThirdParty/libavif/src/codec_avm.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/codec_dav1d.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/codec_libgav1.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/codec_rav1e.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/codec_svt.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/colr.c
    A Source/WebCore/PAL/ThirdParty/libavif/src/colrconvert.c
    A Source/WebCore/PAL/ThirdParty/libavif/src/compliance.cc
    M Source/WebCore/PAL/ThirdParty/libavif/src/diag.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/exif.c
    A Source/WebCore/PAL/ThirdParty/libavif/src/gainmap.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/io.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/mem.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/obu.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/rawdata.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/read.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/reformat.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/reformat_libsharpyuv.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/reformat_libyuv.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/scale.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/stream.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/utils.c
    M Source/WebCore/PAL/ThirdParty/libavif/src/write.c
    M Source/WebCore/PAL/ThirdParty/libavif/tests/CMakeLists.txt
    M Source/WebCore/PAL/ThirdParty/libavif/tests/aviftest.c
    M Source/WebCore/PAL/ThirdParty/libavif/tests/avifyuv.c
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-orig.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-red-green-swap-reference.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-red-green-swap.png
    M Source/WebCore/PAL/ThirdParty/libavif/tests/data/README.md
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/alpha_noispe.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/circle-trns-after-plte.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/circle-trns-before-plte.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_alpha_grid_gainmap_nogrid.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_alpha_nogrid.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_gainmap_different_grid.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_nogrid_alpha_nogrid_gainmap_grid.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors-animated-8bpc.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_p3.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_sdr_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_p3.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_sdr_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_wcg_hdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_wcg_sdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_wcg_hdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/draw_points.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-gamma1.6.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-gamma2.2.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-srgb.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffff-gamma1.6.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffff-gamma2.2.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/circle-trns-after-plte.png.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/dog_exif_extended_xmp_icc.jpg.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_23_animation.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_23_animation_keyframes.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_yuv420_8bpc.y4m.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_bigendian.jpg.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_bigendian_ignore.jpg.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_littleendian.jpg.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_icc_gainmap_bigendian.jpg.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_icc_exif_xmp.png.avif.xml
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/kodim03_grayscale_gamma1.6-reference.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/kodim03_grayscale_gamma1.6.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_gainmap_bigendian.jpg
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_gainmap_littleendian.jpg
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_icc_gainmap_bigendian.jpg
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_xmp_trailing_null.jpg
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/sRGB2014.icc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_gainmap_small_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_gainmap_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_rec2020.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_big_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_srgb.avif
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_srgb.jpg
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/sources/colors.psd
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/sources/seine.psd
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/weld_16bit.png
    A Source/WebCore/PAL/ThirdParty/libavif/tests/data/white_1x1.avif
    M Source/WebCore/PAL/ThirdParty/libavif/tests/docker/build.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/golden_test_common.sh
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/are_images_equal.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_dec.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_dec_incr.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_anim.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_experimental.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_incr.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_incr_experimental.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_helpers.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_helpers.h
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_read_image.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_yuvrgb.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifallocationtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifalphanoispetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifalphapremtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifanimationtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifavmtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifbasictest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifchangesettingtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifclaptest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcllitest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcodectest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcolrconverttest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcolrtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifdecodetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifencodetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifgainmaptest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifgridapitest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifimagetest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest_helpers.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest_helpers.h
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifiostatstest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifjpeggainmaptest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviflosslesstest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifmetadatatest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifminitest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifopaquetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifpng16bittest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifprogressivetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrangetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifreadimagetest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrgbtest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrgbtoyuvtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifscaletest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifstreamtest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftest_helpers.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftest_helpers.h
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftilingtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifutilstest.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avify4mtest.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/.clang-format
    M Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/avif_decode_fuzzer.cc
    A Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/build.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/repro_fuzz.cc
    M Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_animation.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avifgainmaputil.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avm.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avm_lossless.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_enc_boxes_golden.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_enc_gainmap_boxes_golden.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_gainmap.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_grid.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_icc_profile.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_lossless.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_metadata.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_progressive.sh
    A Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_targetsize.sh
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/README.md
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/iccjpeg/iccjpeg.c
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/iccjpeg/iccjpeg.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/AUTHORS
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/basic_types.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/planar_functions.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/row.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/scale.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/scale_row.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/version.h
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/planar_functions.c
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/row_common.c
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale.c
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale_any.c
    A Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale_common.c
    M Source/WebCore/platform/image-decoders/avif/AVIFImageReader.cpp

  Log Message:
  -----------
  Cherry-pick d102bc345038. rdar://119051513

    Downstream libavif 1.0.3
    https://bugs.webkit.org/show_bug.cgi?id=268503
    rdar://122044452

    Reviewed by Tim Horton.

    Update the WebKit libavif 0.11.0 with the latest libavif.

    * Source/WebCore/PAL/ThirdParty/libavif/CHANGELOG.md:
    * Source/WebCore/PAL/ThirdParty/libavif/CMakeLists.txt:
    * Source/WebCore/PAL/ThirdParty/libavif/Configurations/BaseTarget.xcconfig:
    * Source/WebCore/PAL/ThirdParty/libavif/LICENSE:
    * Source/WebCore/PAL/ThirdParty/libavif/README.md:
    * Source/WebCore/PAL/ThirdParty/libavif/SECURITY.md: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/README.md:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/build.gradle:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/proguard-rules.pro:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/AndroidManifest.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/README.md: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/Chimera-AV1-10bit-480x270.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/alpha_video.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/blue-and-magenta-crop.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.monochrome.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.monochrome.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.10bpc.yuv444.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.8bpc.yuv444.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.10bpc.yuv422.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.monochrome.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv422.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv444.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.8bpc.yuv422.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/java/org/aomedia/avif/android/AvifDecoderTest.java: Added.
    (AvifDecoderTest):
    (AvifDecoderTest.Image):
    (AvifDecoderTest.Image.Image):
    (AvifDecoderTest.Image.getBuffer):
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/proguard-rules.pro: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/AndroidManifest.xml:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/java/org/aomedia/avif/android/AvifDecoder.java:
    (AvifDecoder...AvifDecoder):
    (AvifDecoder...Info):
    (AvifDecoder...decode):
    (AvifDecoder...getWidth):
    (AvifDecoder...getHeight):
    (AvifDecoder...getDepth):
    (AvifDecoder...getAlphaPresent):
    (AvifDecoder...getFrameCount):
    (AvifDecoder...getRepetitionCount):
    (AvifDecoder...getFrameDurations):
    (AvifDecoder...release):
    (AvifDecoder...create):
    (AvifDecoder...nextFrame):
    (AvifDecoder...nextFrameIndex):
    (AvifDecoder...nthFrame):
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/CMakeLists.txt:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/libavif_jni.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/build.gradle:
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.jar: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.properties:
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifdec.c:
    (syntax):
    (main):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifenc.c:
    (intSettingsEntryOf):
    (boolSettingsEntryOf):
    (scalingModeSettingsEntryOf):
    (syntaxShort):
    (syntaxLong):
    (qualityString):
    (parseU32List):
    (parseOptionSuffix):
    (strpre):
    (avifInputAddCachedImage):
    (fileExists):
    (avifInputGetFile):
    (avifInputHasRemainingData):
    (avifInputReadImage):
    (readEntireFile):
    (avifStrdup):
    (avifCodecSpecificOptionsAdd):
    (avifCodecSpecificOptionsFree):
    (avifGetBestCellSize):
    (avifImageSplitGrid):
    (avifEncodeUpdateEncoderSettings):
    (avifEncoderVerifyImageCompatibility):
    (avifEncodeRestOfImageSequence):
    (avifEncodeRestOfLayeredImage):
    (avifEncodeImagesFixedQuality):
    (avifEncodeImages):
    (main):
    (syntax): Deleted.
    (quantizerString): Deleted.
    (parseCICP): Deleted.
    (avifInputGetNextFile): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/.clang-format: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/avifgainmaputil.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/combine_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/combine_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/convert_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/convert_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/extractgainmap_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/extractgainmap_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/imageio.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/imageio.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/printmetadata_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/printmetadata_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/program_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/program_command.h: Added.
    (avif::ProgramCommand::name const):
    (avif::ProgramCommand::description const):
    (avif::BasicImageEncodeArgs::Init):
    (avif::ImageReadArgs::Init):
    (avif::ParseList):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/swapbase_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/swapbase_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/tonemap_command.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/avifgainmaputil/tonemap_command.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifexif.c: Added.
    (avifImageGetExifOrientationFromIrotImir):
    (avifSetExifOrientation):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifexif.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifjpeg.c:
    (avifJPEGCopyPixels):
    (avifJPEGReadCopy):
    (avifJPEGReadUint32LittleEndian):
    (avifJPEGReadUint16BigEndian):
    (avifJPEGReadUint16LittleEndian):
    (avifJPEGReadBytes):
    (avifJPEGReadU32):
    (avifJPEGReadU16):
    (avifJPEGFindMpfSegmentOffset):
    (avifJPEGFindXMLNodeByName):
    (avifJPEGFindGainMapXMPNode):
    (avifJPEGHasGainMapXMPNode):
    (avifJPEGFindGainMapProperty):
    (avifJPEGFindGainMapPropertyDoubles):
    (SwapDoubles):
    (avifJPEGParseGainMapXMPProperties):
    (avifJPEGParseGainMapXMP):
    (avifJPEGExtractGainMapImageFromMpf):
    (avifJPEGExtractGainMapImage):
    (avifJPEGReadInternal):
    (avifJPEGRead):
    (avifJPEGWrite):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifjpeg.h:
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifpng.c:
    (avifHexStringToBytes):
    (avifCopyRawProfile):
    (avifExtractExifAndXMP):
    (avifPNGRead):
    (avifPNGWrite):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifpng.h:
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifutil.c:
    (avifImageDumpInternal):
    (avifImageDump):
    (avifContainerDump):
    (avifGuessFileFormat):
    (avifGuessBufferFileFormat):
    (avifReadImage):
    (avifImageFixXMP):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/avifutil.h:
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/iccmaker.c: Added.
    (writeLittleEndianU32):
    (writeBigEndianU16):
    (writeBigEndianU32):
    (putS15Fixed16):
    (putU8Fixed8):
    (putColorant):
    (xyToXYZ):
    (matInv):
    (matMul):
    (matDiag):
    (swap):
    (matTrans):
    (vecMul):
    (computeMD5):
    (avifGenerateGrayICC):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/iccmaker.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/y4m.c:
    (y4mReadUnsignedInt):
    (y4mClampSamples):
    (y4mRead):
    (y4mWrite):
    * Source/WebCore/PAL/ThirdParty/libavif/apps/shared/y4m.h:
    * Source/WebCore/PAL/ThirdParty/libavif/apps/utf8.manifest: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/apps/utf8.rc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/appveyor.yml:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findaom.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Finddav1d.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibgav1.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibsharpyuv.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findlibyuv.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findrav1e.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/Findsvt.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalAom.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalAvm.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalDav1d.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalGoogletest.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalJpeg.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibXml2.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibargparse.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibgav1.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibsharpyuv.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalLibyuv.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalRav1e.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalSvt.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/LocalZlibpng.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/cmake/Modules/merge_static_libs.cmake: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/.clang-format: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/CMakeLists.txt:
    * Source/WebCore/PAL/ThirdParty/libavif/contrib/gdk-pixbuf/loader.c:
    (avif_context_free):
    (avif_context_try_load):
    (begin_load):
    (stop_load):
    (load_increment):
    (avif_is_save_option_supported):
    (avif_image_saver):
    (fill_vtable):
    (fill_info):
    * Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_file.c:
    (main):
    * Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_memory.c:
    (main):
    * Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_decode_streaming.c:
    (avifIOStreamingReaderDestroy):
    (avifIOCreateStreamingReader):
    * Source/WebCore/PAL/ThirdParty/libavif/examples/avif_example_encode.c:
    (main):
    * Source/WebCore/PAL/ThirdParty/libavif/ext/aom.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/avm.cmd: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/compliance_warden.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/dav1d.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/dav1d_android.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/fuzztest.cmd: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/googletest.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libargparse.cmd: Copied from Source/WebCore/PAL/ThirdParty/libavif/ext/libsharpyuv.cmd.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libgav1.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libgav1_android.sh:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libsharpyuv.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libxml2.cmd: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libyuv.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/libyuv_android.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/mp4box.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/ext/rav1e.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/svt.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/svt.sh:
    * Source/WebCore/PAL/ThirdParty/libavif/ext/zlibpng.cmd:
    * Source/WebCore/PAL/ThirdParty/libavif/include/avif/avif.h:
    * Source/WebCore/PAL/ThirdParty/libavif/include/avif/avif_cxx.h: Added.
    (avif::UniquePtrDeleter::operator() const):
    * Source/WebCore/PAL/ThirdParty/libavif/include/avif/internal.h:
    * Source/WebCore/PAL/ThirdParty/libavif/libavif.pc.cmake:
    * Source/WebCore/PAL/ThirdParty/libavif/libavif.xcodeproj/project.pbxproj:
    * Source/WebCore/PAL/ThirdParty/libavif/src/alpha.c:
    (avifFillAlpha):
    (avifReformatAlpha):
    * Source/WebCore/PAL/ThirdParty/libavif/src/avif.c:
    (avifGetPixelFormatInfo):
    (avifResultToString):
    (avifImageSetDefaults):
    (avifImageCreate):
    (avifImageCopyNoAlloc):
    (avifImageCopySamples):
    (avifImageCopy):
    (avifImageSetViewRect):
    (avifImageDestroy):
    (avifImageSetProfileICC):
    (avifImageSetMetadataXMP):
    (avifImageAllocatePlanes):
    (avifImageIsOpaque):
    (avifImagePlane):
    (avifImagePlaneRowBytes):
    (avifImagePlaneWidth):
    (avifImagePlaneHeight):
    (avifRGBImageSetDefaults):
    (avifRGBImageAllocatePixels):
    (calcCenter):
    (avifCropRectIsValid):
    (avifCropRectConvertCleanApertureBox):
    (avifCleanApertureBoxConvertCropRect):
    (avifStrdup):
    (avifCodecSpecificOptionsCreate):
    (avifCodecSpecificOptionsDestroy):
    (avifCodecSpecificOptionsSet):
    (avifCodecTypeFromChoice):
    (avifCodecCreate):
    (avifGainMapCreate):
    (avifGainMapDestroy):
    (calcGCD): Deleted.
    (clapFractionSimplify): Deleted.
    (clapFractionCD): Deleted.
    (clapFractionAdd): Deleted.
    (clapFractionSub): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_aom.c:
    (aomCodecGetNextImage):
    (avifProcessAOMOptionsPreInit):
    (doesLevelMatch):
    (aomCodecEncodeImage):
    (aomCodecEncodeFinish):
    (avifCodecCreateAOM):
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_avm.c: Copied from Source/WebCore/PAL/ThirdParty/libavif/src/codec_aom.c.
    (avmCodecDestroyInternal):
    (avifCheckCodecVersionAVM):
    (avmCodecGetNextImage):
    (avifImageCalcAOMFmt):
    (aomOptionParseInt):
    (aomOptionParseUInt):
    (aomOptionParseEnum):
    (avifProcessAOMOptionsPreInit):
    (avmScaleQuantizer):
    (avmCodecEncodeImage):
    (avmCodecEncodeFinish):
    (avifCodecVersionAVM):
    (avifCodecCreateAVM):
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_dav1d.c:
    (dav1dCodecGetNextImage):
    (avifCodecCreateDav1d):
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_libgav1.c:
    (gav1CodecGetNextImage):
    (avifCodecCreateGav1):
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_rav1e.c:
    (rav1eCodecEncodeImage):
    (rav1eCodecEncodeFinish):
    (avifCodecCreateRav1e):
    * Source/WebCore/PAL/ThirdParty/libavif/src/codec_svt.c:
    (svtCodecEncodeImage):
    (avifCodecCreateSvt):
    (dequeue_frame):
    * Source/WebCore/PAL/ThirdParty/libavif/src/colr.c:
    (avifTransferCharacteristicsGetGamma):
    (avifTransferCharacteristicsFindByGamma):
    (avifToLinear709):
    (avifToGamma709):
    (avifToLinear470M):
    (avifToGamma470M):
    (avifToLinear470BG):
    (avifToGamma470BG):
    (avifToLinearSMPTE240):
    (avifToGammaSMPTE240):
    (avifToGammaLinear):
    (avifToLinearLog100):
    (avifToGammaLog100):
    (avifToLinearLog100Sqrt10):
    (avifToGammaLog100Sqrt10):
    (avifToLinearIEC61966):
    (avifToGammaIEC61966):
    (avifToLinearBT1361):
    (avifToGammaBT1361):
    (avifToLinearSRGB):
    (avifToGammaSRGB):
    (avifToLinearPQ):
    (avifToGammaPQ):
    (avifToLinearSMPTE428):
    (avifToGammaSMPTE428):
    (avifToLinearHLG):
    (avifToGammaHLG):
    (avifTransferCharacteristicsGetLinearToGammaFunction):
    (avifColorPrimariesComputeYCoeffs):
    * Source/WebCore/PAL/ThirdParty/libavif/src/colrconvert.c: Added.
    (avifXyToXYZ):
    (avifMatInv):
    (avifMatMul):
    (avifMatDiag):
    (avifVecMul):
    (avifColorPrimariesComputeXYZD50ToRGBMatrix):
    (avifColorPrimariesComputeRGBToRGBMatrix):
    (avifLinearRGBConvertColorSpace):
    * Source/WebCore/PAL/ThirdParty/libavif/src/compliance.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/src/diag.c:
    (avifDiagnosticsPrintf):
    * Source/WebCore/PAL/ThirdParty/libavif/src/exif.c:
    (avifGetExifTiffHeaderOffset):
    (avifGetExifOrientationOffset):
    (avifImageExtractExifOrientationToIrotImir):
    (avifImageSetMetadataExif):
    * Source/WebCore/PAL/ThirdParty/libavif/src/gainmap.c: Added.
    (avifGainMapMetadataDoubleToFractions):
    (avifGainMapMetadataFractionsToDouble):
    (avifGainMapMetadataSetDefaults):
    (avifGetGainMapWeight):
    (lerp):
    (avifRGBImageApplyGainMap):
    (avifImageApplyGainMap):
    (avifValueToBucketIdx):
    (avifBucketIdxToValue):
    (avifFindMinMaxWithoutOutliers):
    (avifChooseColorSpaceForGainMapMath):
    (avifRGBImageComputeGainMap):
    (avifImageComputeGainMap):
    * Source/WebCore/PAL/ThirdParty/libavif/src/io.c:
    (avifIOMemoryReaderRead):
    (avifIOCreateMemoryReader):
    (avifIOFileReaderRead):
    (avifIOCreateFileReader):
    * Source/WebCore/PAL/ThirdParty/libavif/src/mem.c:
    (avifAlloc):
    * Source/WebCore/PAL/ThirdParty/libavif/src/obu.c:
    (parseSequenceHeaderProfile):
    (parseSequenceHeaderFrameMaxDimensions):
    (parseSequenceHeaderEnabledFeatures):
    (parseSequenceHeaderColorConfig):
    (parseAV1SequenceHeader):
    (parseAV2SequenceHeader):
    (avifSequenceHeaderParse):
    (parseSequenceHeader): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/rawdata.c:
    (avifRWDataRealloc):
    (avifRWDataSet):
    * Source/WebCore/PAL/ThirdParty/libavif/src/read.c:
    (avifGetCodecType):
    (avifGetConfigurationPropertyName):
    (avifPropertyArrayFind):
    (avifSampleTableCreate):
    (avifSampleTableGetCodecType):
    (avifSampleTableGetProperties):
    (avifCodecDecodeInputCreate):
    (avifCodecDecodeInputFillFromSampleTable):
    (avifCodecDecodeInputFillFromDecoderItem):
    (avifMetaCreate):
    (avifMetaDestroy):
    (avifCheckItemID):
    (avifMetaFindOrCreateItem):
    (avifDecoderDataCreate):
    (avifDecoderDataResetCodec):
    (avifDecoderDataCreateTile):
    (avifDecoderDataCreateTrack):
    (avifDecoderDataClearTiles):
    (avifDecoderItemMaxExtent):
    (avifDecoderItemValidateProperties):
    (avifDecoderItemRead):
    (avifDecoderItemGetGridCodecType):
    (avifDecoderGenerateImageGridTiles):
    (avifDecoderDataAllocateGridImagePlanes):
    (avifDecoderDataCopyTileToImage):
    (avifDecoderFindMetadata):
    (avifParseItemLocationBox):
    (avifParseToneMappedImageBox):
    (avifDecoderItemReadAndParse):
    (avifParseImageSpatialExtentsProperty):
    (avifParseColourInformationBox):
    (avifParseContentLightLevelInformationBox):
    (avifParseCodecConfiguration):
    (avifParseCodecConfigurationBoxProperty):
    (avifParseImageRotationProperty):
    (avifParseImageMirrorProperty):
    (avifParseLayerSelectorProperty):
    (avifParseAV1LayeredImageIndexingProperty):
    (avifParseItemPropertyContainerBox):
    (avifParseItemPropertyAssociation):
    (avifParseItemDataBox):
    (avifParseItemPropertiesBox):
    (avifParseItemInfoEntry):
    (avifParseItemInfoBox):
    (avifParseItemReferenceBox):
    (avifParseMetaBox):
    (avifParseTrackHeaderBox):
    (avifParseChunkOffsetBox):
    (avifParseSampleToChunkBox):
    (avifParseSampleSizeBox):
    (avifParseSyncSampleBox):
    (avifParseTimeToSampleBox):
    (avifParseSampleDescriptionBox):
    (avifParseSampleTableBox):
    (avifParseMediaInformationBox):
    (avifParseMediaBox):
    (avifParseEditListBox):
    (avifParseEditBox):
    (avifParseTrackBox):
    (avifParseMovieBox):
    (avifParseExtendedMeta):
    (avifMetaCreateProperty):
    (avifDecoderItemAddProperty):
    (avifParseCondensedImageBox):
    (avifParseFileTypeBox):
    (avifSampleTableHasFormat): Deleted.
    (avifMetaFindItem): Deleted.
    (avifDecoderItemValidateAV1): Deleted.
    (avifDecoderDataFillImageGrid): Deleted.
    (avifParseAV1CodecConfigurationBox): Deleted.
    (avifParseAV1CodecConfigurationBoxProperty): Deleted.
    (avifParse): Deleted.
    (avifFileTypeHasBrand): Deleted.
    (avifFileTypeIsCompatible): Deleted.
    (avifPeekCompatibleFileType): Deleted.
    (avifDecoderCreate): Deleted.
    (avifDecoderCleanup): Deleted.
    (avifDecoderDestroy): Deleted.
    (avifDecoderSetSource): Deleted.
    (avifDecoderSetIO): Deleted.
    (avifDecoderSetIOMemory): Deleted.
    (avifDecoderSetIOFile): Deleted.
    (avifExtentMerge): Deleted.
    (avifDecoderNthImageMaxExtent): Deleted.
    (avifDecoderPrepareSample): Deleted.
    (avifDecoderParse): Deleted.
    (avifCodecCreateInternal): Deleted.
    (avifDecoderFlush): Deleted.
    (avifDecoderReset): Deleted.
    (avifDecoderPrepareTiles): Deleted.
    (avifImageLimitedToFullAlpha): Deleted.
    (avifDecoderDecodeTiles): Deleted.
    (avifDecoderNextImage): Deleted.
    (avifDecoderNthImageTiming): Deleted.
    (avifDecoderNthImage): Deleted.
    (avifDecoderIsKeyframe): Deleted.
    (avifDecoderNearestKeyframe): Deleted.
    (avifGetDecodedRowCount): Deleted.
    (avifDecoderDecodedRowCount): Deleted.
    (avifDecoderRead): Deleted.
    (avifDecoderReadMemory): Deleted.
    (avifDecoderReadFile): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/reformat.c:
    (avifGetRGBColorSpaceInfo):
    (avifGetYUVColorSpaceInfo):
    (avifPrepareReformatState):
    (avifYUVColorSpaceInfoYToUNorm):
    (avifYUVColorSpaceInfoUVToUNorm):
    (avifImageRGBToYUV):
    (avifCreateYUVToRGBLookUpTables):
    (avifFreeYUVToRGBLookUpTables):
    (avifGetRGB565):
    (avifImageYUVAnyToRGBAnySlow):
    (avifImageYUV16ToRGB16Color):
    (avifImageYUV16ToRGB16Mono):
    (avifImageYUV16ToRGB8Color):
    (avifImageYUV16ToRGB8Mono):
    (avifImageYUV8ToRGB16Color):
    (avifImageYUV8ToRGB16Mono):
    (avifImageIdentity8ToRGB8ColorFullRange):
    (avifImageYUV8ToRGB8Color):
    (avifImageYUV8ToRGB8Mono):
    (avifRGBImageToF16):
    (avifImageYUVToRGBImpl):
    (avifImageYUVToRGBThreadWorker):
    (avifCreateYUVToRGBThread):
    (avifJoinYUVToRGBThread):
    (avifImageYUVToRGB):
    (avifLimitedToFullY):
    (avifLimitedToFullUV):
    (avifFullToLimitedY):
    (avifFullToLimitedUV):
    (avifFloatToF16):
    (avifF16ToFloat):
    (avifGetRGBAPixel):
    (avifSetRGBAPixel):
    (avifReformatStateYToUNorm): Deleted.
    (avifReformatStateUVToUNorm): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/reformat_libsharpyuv.c:
    (avifImageRGBToYUVLibSharpYUV):
    * Source/WebCore/PAL/ThirdParty/libavif/src/reformat_libyuv.c:
    (avifImageYUVToRGBLibYUV):
    (getLibYUVConversionFunction):
    (getLibYUVConstants):
    (avifImageDownshiftTo8bpc):
    (avifImageYUVToRGBLibYUVHighBitDepth): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/scale.c:
    (avifImageScaleWithLimit):
    (avifImageScale):
    * Source/WebCore/PAL/ThirdParty/libavif/src/stream.c:
    (avifROStreamStart):
    (avifROStreamSetOffset):
    (avifROStreamSkip):
    (avifROStreamRead):
    (avifROStreamReadUX8):
    (avifROStreamReadU16):
    (avifROStreamReadU16Endianness):
    (avifROStreamReadU32):
    (avifROStreamReadU32Endianness):
    (avifROStreamReadU64):
    (avifROStreamReadBits8):
    (avifROStreamReadBits):
    (avifROStreamReadVarInt):
    (avifROStreamReadString):
    (makeRoom):
    (avifRWStreamStart):
    (avifRWStreamWrite):
    (avifRWStreamWriteChars):
    (avifRWStreamWriteFullBox):
    (avifRWStreamWriteBox):
    (avifRWStreamFinishBox):
    (avifRWStreamWriteU8):
    (avifRWStreamWriteU16):
    (avifRWStreamWriteU32):
    (avifRWStreamWriteU64):
    (avifRWStreamWriteZeros):
    (avifRWStreamWriteBits):
    (avifRWStreamWriteVarInt):
    * Source/WebCore/PAL/ThirdParty/libavif/src/utils.c:
    (avifHTONS):
    (avifHTONL):
    (avifHTON64):
    (avifArrayPush):
    (calcGCD):
    (avifFractionSimplify):
    (overflowsInt32):
    (avifFractionCD):
    (avifFractionAdd):
    (avifFractionSub):
    (avifDoubleToUnsignedFractionImpl):
    (avifDoubleToSignedFraction):
    (avifDoubleToUnsignedFraction):
    (avifArrayPushIndex): Deleted.
    (avifArrayPushPtr): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/src/write.c:
    (floorLog2):
    (avifCodecEncodeOutputCreate):
    (avifCodecEncodeOutputAddSample):
    (avifEncoderDataCreate):
    (avifEncoderDataCreateItem):
    (avifEncoderDataDestroy):
    (avifEncoderItemAddMdatFixup):
    (avifItemPropertyDedupCreate):
    (avifItemPropertyDedupFinish):
    (avifEncoderDestroy):
    (avifEncoderSetCodecSpecificOption):
    (avifEncoderBackupSettings):
    (avifEncoderDetectChanges):
    (avifEncoderWriteNclxProperty):
    (avifEncoderWriteColorProperties):
    (avifEncoderWriteHDRProperties):
    (avifEncoderWriteExtendedColorProperties):
    (avifEncoderWriteTrackMetaBox):
    (avifWriteGridPayload):
    (avifWriteToneMappedImagePayload):
    (avifEncoderGetGainMapSizeBytes):
    (avifImageCopyAltImageMetadata):
    (avifEncoderDataCreateExifItem):
    (avifEncoderDataCreateXMPItem):
    (avifImageCopyAndPad):
    (avifQualityToQuantizer):
    (avifEncoderAddImageItems):
    (avifEncoderGetCodecType):
    (avifEncoderDataShouldForceKeyframeForAlpha):
    (avifGetErrorForItemCategory):
    (avifValidateImageBasicProperties):
    (avifGridWidth):
    (avifGridHeight):
    (avifValidateGrid):
    (avifEncoderAddImageInternal):
    (avifEncoderAddImageGrid):
    (avifEncoderWriteMediaDataBox):
    (avifWriteAltrGroup):
    (avifImageWriteExtendedMeta):
    (avifEncoderIsCondensedImageBoxCompatible):
    (avifEncoderWriteFileTypeBoxAndCondensedImageBox):
    (avifEncoderWriteCondensedImageBox):
    (avifRWStreamWriteProperties):
    (avifEncoderFinish):
    (writeCodecConfig):
    (writeConfigBox):
    (ipmaPush): Deleted.
    (countLeadingZeros): Deleted.
    (avifEncoderCreate): Deleted.
    (avifCopyAndPadPlane): Deleted.
    (avifImageIsOpaque): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/CMakeLists.txt:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/aviftest.c:
    (runIOTests):
    * Source/WebCore/PAL/ThirdParty/libavif/tests/avifyuv.c:
    (main):
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-orig.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-red-green-swap-reference.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ArcTriomphe-cHRM-red-green-swap.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/README.md:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/alpha_noispe.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/circle-trns-after-plte.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/circle-trns-before-plte.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_alpha_grid_gainmap_nogrid.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_alpha_nogrid.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_grid_gainmap_different_grid.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/color_nogrid_alpha_nogrid_gainmap_grid.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors-animated-8bpc.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_p3.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_hdr_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_sdr_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_p3.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_hdr_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_sdr_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_wcg_hdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_text_wcg_sdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/colors_wcg_hdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/draw_points.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-gamma1.6.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-gamma2.2.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffcc-srgb.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffff-gamma1.6.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/ffffff-gamma2.2.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/circle-trns-after-plte.png.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/dog_exif_extended_xmp_icc.jpg.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_23_animation.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_23_animation_keyframes.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/kodim03_yuv420_8bpc.y4m.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_bigendian.jpg.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_bigendian_ignore.jpg.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_gainmap_littleendian.jpg.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_exif_xmp_icc_gainmap_bigendian.jpg.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/goldens/paris_icc_exif_xmp.png.avif.xml: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/kodim03_grayscale_gamma1.6-reference.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/kodim03_grayscale_gamma1.6.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_gainmap_bigendian.jpg: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_gainmap_littleendian.jpg: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_exif_xmp_icc_gainmap_bigendian.jpg: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/paris_xmp_trailing_null.jpg: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/sRGB2014.icc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_gainmap_small_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_gainmap_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_rec2020.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_hdr_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_big_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_srgb.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/seine_sdr_gainmap_srgb.jpg: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/sources/colors.psd: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/sources/seine.psd: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/weld_16bit.png: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/data/white_1x1.avif: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/docker/build.sh:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/golden_test_common.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/are_images_equal.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_dec.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_dec_incr.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_anim.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_experimental.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_incr.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_enc_dec_incr_experimental.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_helpers.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_helpers.h: Added.
    (avif::testutil::ArbitraryPixelFormat):
    (avif::testutil::ArbitraryAvifImage8b):
    (avif::testutil::ArbitraryAvifImage16b):
    (avif::testutil::ArbitraryAvifImage):
    (avif::testutil::ArbitraryAvifEncoder):
    (avif::testutil::ArbitraryBaseAvifDecoder):
    (avif::testutil::ArbitraryAvifDecoderWithGainMapOptions):
    (avif::testutil::ArbitraryAvifDecoder):
    (avif::testutil::SetStackLimitTo512x1024Bytes):
    (avif::testutil::ArbitraryImageWithSeeds):
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_read_image.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avif_fuzztest_yuvrgb.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifallocationtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifalphanoispetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifalphapremtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifanimationtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifavmtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifbasictest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifchangesettingtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifclaptest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcllitest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcodectest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcolrconverttest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifcolrtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifdecodetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifencodetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifgainmaptest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifgridapitest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifimagetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest_helpers.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifincrtest_helpers.h:
    (avif::testutil::avifBreakOnError):
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifiostatstest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifjpeggainmaptest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviflosslesstest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifmetadatatest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifminitest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifopaquetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifpng16bittest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifprogressivetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrangetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifreadimagetest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrgbtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifrgbtoyuvtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifscaletest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifstreamtest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftest_helpers.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftest_helpers.h:
    (avifBreakOnError):
    (libavif::testutil::AvifRwData::AvifRwData): Deleted.
    (libavif::testutil::AvifRwData::~AvifRwData): Deleted.
    (libavif::testutil::AvifRgbImage::~AvifRgbImage): Deleted.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/aviftilingtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avifutilstest.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/gtest/avify4mtest.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/.clang-format: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/avif_decode_fuzzer.cc:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/build.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/oss-fuzz/repro_fuzz.cc: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd.sh:
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_animation.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avifgainmaputil.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avm.sh: Copied from Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd.sh.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_avm_lossless.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_enc_boxes_golden.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_enc_gainmap_boxes_golden.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_gainmap.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_grid.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_icc_profile.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_lossless.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_metadata.sh: Copied from Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd.sh.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_progressive.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/tests/test_cmd_targetsize.sh: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/README.md: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/iccjpeg/iccjpeg.c: Added.
    (write_icc_profile):
    (setup_read_icc_profile):
    (marker_is_icc):
    (read_icc_profile):
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/iccjpeg/iccjpeg.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/AUTHORS: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/basic_types.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/planar_functions.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/row.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/scale.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/scale_row.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/include/libyuv/version.h: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/planar_functions.c: Added.
    (CopyPlane):
    (CopyPlane_16):
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/row_common.c: Added.
    (CopyRow_C):
    (HalfRow_C):
    (HalfRow_16_C):
    (InterpolateRow_C):
    (InterpolateRow_16_C):
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale.c: Added.
    (Abs):
    (SumPixels):
    (SumPixels_16):
    (ScaleAddCols2_C):
    (ScaleAddCols2_16_C):
    (ScaleAddCols0_C):
    (ScaleAddCols1_C):
    (ScaleAddCols1_16_C):
    (ScalePlaneBox):
    (ScalePlaneBox_16):
    (ScalePlaneBilinearDown):
    (ScalePlaneBilinearDown_16):
    (ScalePlaneBilinearUp):
    (ScalePlaneUp2_Linear):
    (ScalePlaneUp2_Bilinear):
    (ScalePlaneUp2_12_Linear):
    (ScalePlaneUp2_12_Bilinear):
    (ScalePlaneUp2_16_Linear):
    (ScalePlaneUp2_16_Bilinear):
    (ScalePlaneBilinearUp_16):
    (ScalePlaneSimple):
    (ScalePlaneSimple_16):
    (ScalePlane):
    (ScalePlane_16):
    (ScalePlane_12):
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale_any.c: Added.
    * Source/WebCore/PAL/ThirdParty/libavif/third_party/libyuv/source/scale_common.c: Added.
    (Abs):
    (ScaleRowUp2_Linear_C):
    (ScaleRowUp2_Bilinear_C):
    (ScaleRowUp2_Linear_16_C):
    (ScaleRowUp2_Bilinear_16_C):
    (ScaleCols_C):
    (ScaleCols_16_C):
    (ScaleColsUp2_C):
    (ScaleColsUp2_16_C):
    (ScaleFilterCols_C):
    (ScaleFilterCols64_C):
    (ScaleFilterCols_16_C):
    (ScaleFilterCols64_16_C):
    (ScaleAddRow_C):
    (ScaleAddRow_16_C):
    (ScalePlaneVertical):
    (ScalePlaneVertical_16):
    (ScaleFilterReduce):
    (FixedDiv_C):
    (FixedDiv1_C):
    (ScaleSlope):
    * Source/WebCore/platform/image-decoders/avif/AVIFImageReader.cpp:
    (WebCore::AVIFImageReader::decodeFrame):

    Canonical link: https://commits.webkit.org/275291@main

Canonical link: https://commits.webkit.org/272448.637@safari-7618-branch


  Commit: cf6f3aedde337c380b06cd1c9e8f2d01a2a8685f
      https://github.com/WebKit/WebKit/commit/cf6f3aedde337c380b06cd1c9e8f2d01a2a8685f
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/runtime/ScriptExecutable.cpp
    M Source/JavaScriptCore/runtime/ScriptExecutable.h

  Log Message:
  -----------
  Cherry-pick 4d9c892d5723. rdar://123651394

    [JSC] Do not upgrade CallLinkInfo when the target is also already dead
    https://bugs.webkit.org/show_bug.cgi?id=270119
    rdar://123651394

    Reviewed by Justin Michaud.

    Probably does not matter much but let's make it defensive. When running unlinkOrUpgrade,
    if it is invoked through jettisoning due to GC end-phase check, we should check whether the new target CodeBlock is also dead,
    and if it is dead, not passing it.

    * Source/JavaScriptCore/bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::jettison):
    * Source/JavaScriptCore/runtime/ScriptExecutable.cpp:
    (JSC::ScriptExecutable::installCode):
    (JSC::ScriptExecutable::prepareForExecutionImpl):
    * Source/JavaScriptCore/runtime/ScriptExecutable.h:

    Canonical link: https://commits.webkit.org/275356@main

Canonical link: https://commits.webkit.org/272448.638@safari-7618-branch


  Commit: 520088d2624647a4430c6ef332d2a67cf1f6f5d7
      https://github.com/WebKit/WebKit/commit/520088d2624647a4430c6ef332d2a67cf1f6f5d7
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    A LayoutTests/fast/forms/textfield-dark-color-scheme-expected-mismatch.html
    A LayoutTests/fast/forms/textfield-dark-color-scheme.html
    M Source/WebCore/platform/graphics/mac/controls/WebControlView.mm

  Log Message:
  -----------
  Cherry-pick 1f547d4ed188. rdar://123658326

    REGRESSION (macOS 14): Native text fields are invisible in dark mode
    https://bugs.webkit.org/show_bug.cgi?id=270134
    rdar://123658326

    Reviewed by Richard Robinson.

    201985 at main added logic to ensure that text fields are displayed correctly in
    dark mode, as they do not support "border only" painting. The detection of
    dark mode was performed by checking the appearance of the cell's control view.

    However, with the introduction of GPU process for DOM rendering on macOS, cells
    no longer have control views. Consequently, the appearance check always fails,
    and the light mode border treatment, which results in an invisible control in
    dark mode, is used.

    Fix by comparing against `-[NSAppearance currentDrawingAppearance]` rather than
    assuming there is a control view. This is correct, as the drawing appearance is
    always set (using `LocalDefaultSystemAppearance`) prior to drawing the control.

    * LayoutTests/fast/forms/textfield-dark-color-scheme-expected-mismatch.html: Added.
    * LayoutTests/fast/forms/textfield-dark-color-scheme.html: Added.
    * Source/WebCore/platform/graphics/mac/controls/WebControlView.mm:
    (-[WebControlTextFieldCell _adjustedCoreUIDrawOptionsForDrawingBordersOnly:]):

    Canonical link: https://commits.webkit.org/275363@main

Canonical link: https://commits.webkit.org/272448.639@safari-7618-branch


  Commit: b6258f037a889517a9a0585a8ab95e90e4e2994d
      https://github.com/WebKit/WebKit/commit/b6258f037a889517a9a0585a8ab95e90e4e2994d
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/style/StyleTreeResolver.cpp

  Log Message:
  -----------
  Apply patch. rdar://123547221

Canonical link: https://commits.webkit.org/272448.640@safari-7618-branch


  Commit: d0981d7b6c395e876c578b0077880bc7f861626c
      https://github.com/WebKit/WebKit/commit/d0981d7b6c395e876c578b0077880bc7f861626c
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Tools/TestWebKitAPI/Tests/ios/AutocorrectionTestsIOS.mm

  Log Message:
  -----------
  Cherry-pick 9e343906838f. rdar://123328041

    REGRESSION (271515 at main): Bold and Italic keyboard bar button items in the UCB never update
    https://bugs.webkit.org/show_bug.cgi?id=270169
    rdar://123328041

    Reviewed by Tim Horton.

    The changes in 271515 at main were meant to merge functionality in both the public API delegate method
    `-textStylingAtPosition:inDirection:` and the UIKit IPI `-fontForCaretSelection` into just the
    public API. However, this removed logic for setting symbolic traits on the font descriptor (bold,
    italic) with no replacement.

    Fix this by reinstating this code, and augmenting an existing API test to exercise this logic.

    Test: AutocorrectionTests.FontAtCaretWhenUsingUICTFontTextStyle

    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView textStylingAtPosition:inDirection:]):
    * Tools/TestWebKitAPI/Tests/ios/AutocorrectionTestsIOS.mm:
    (-[UIFont _test_systemFontWithSize:traits:]):

    Canonical link: https://commits.webkit.org/275396@main

Canonical link: https://commits.webkit.org/272448.641@safari-7618-branch


  Commit: d54742c42f9f8fbbe8925a9786a31189da47a384
      https://github.com/WebKit/WebKit/commit/d54742c42f9f8fbbe8925a9786a31189da47a384
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 7be7a65a49c1. rdar://122916282

    WebKit.GPU using an average of 57% CPU (2.0W estimated impact) for 2.1 hrs [+7%/hr]
    https://bugs.webkit.org/show_bug.cgi?id=270154
    rdar://122916282

    Reviewed by Eric Carlson.

    When the AVSampleBufferDisplaLayer notified the SourceBufferPrivateAVObjC that is was
    ready for more data, we checked via SourceBufferPrivate::isReadyForMoreSamples().

    If we had previously been interrupted with a layerRequiresFlushToResumeDecodingChanged
    error, and until we flushed the renderer, isReadyForMoreSamples() would have returned false
    and iwe would then immediately request the layer to notify us when ready again.
    Prior 268283 at main, requesting the AVSBDL to notify us if it was ready for more sample
    was the right thing to do.
    However, now that there's a flush pending, what it would do is make the AVSBDL call
    us immediately. This caused the code to run in an unlimited loop.

    We add a check if flushing is required and abort early if so.

    The ability to reproduce the case and to simulate is not possible with the current
    infrastructure. Problem was found through log analysis and code review only.

    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::flushIfNeeded): Add logging for when we are actually
    flushing the SourceBuffer. Not having logging made the investigation difficult as we had log
    that the AVSBDL required flushing, but no information about if we had log flushed or not
    (which can happen in two cases: page became visible again, or play() was called)
    (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples):

    Canonical link: https://commits.webkit.org/275415@main

Canonical link: https://commits.webkit.org/272448.642@safari-7618-branch


  Commit: 71f2ab08b936a7a94b6771d27f31ba269c394068
      https://github.com/WebKit/WebKit/commit/71f2ab08b936a7a94b6771d27f31ba269c394068
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/css/parser/SizesAttributeParser.h
    M Source/WebCore/dom/ConstantPropertyMap.h
    M Source/WebCore/dom/CurrentScriptIncrementer.h
    M Source/WebCore/dom/DOMImplementation.h
    M Source/WebCore/dom/DeviceOrientationAndMotionAccessController.h
    M Source/WebCore/dom/Document.h
    M Source/WebCore/dom/DocumentFontLoader.h
    M Source/WebCore/dom/DocumentMarkerController.h
    M Source/WebCore/dom/DocumentParser.h
    M Source/WebCore/dom/DocumentStorageAccess.h
    M Source/WebCore/dom/ElementIteratorAssertions.h
    M Source/WebCore/dom/EventPath.cpp
    M Source/WebCore/dom/ExtensionStyleSheets.h
    M Source/WebCore/dom/FullscreenManager.h
    M Source/WebCore/dom/Node.h
    M Source/WebCore/dom/ScriptRunner.h
    M Source/WebCore/dom/ScriptedAnimationController.h
    M Source/WebCore/dom/ShadowRoot.cpp
    M Source/WebCore/dom/ShadowRoot.h
    M Source/WebCore/dom/ShouldNotFireMutationEventsScope.h
    M Source/WebCore/dom/TreeScope.cpp
    M Source/WebCore/dom/TreeScope.h
    M Source/WebCore/dom/VisitedLinkState.h
    M Source/WebCore/editing/AlternativeTextController.h
    M Source/WebCore/editing/Editor.h
    M Source/WebCore/editing/FrameSelection.cpp
    M Source/WebCore/editing/FrameSelection.h
    M Source/WebCore/editing/SpellChecker.h
    M Source/WebCore/html/parser/HTMLConstructionSite.h
    M Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp
    M Source/WebCore/html/parser/HTMLPreloadScanner.cpp
    M Source/WebCore/html/parser/HTMLResourcePreloader.h
    M Source/WebCore/style/StyleScope.cpp
    M Source/WebCore/style/StyleScope.h

  Log Message:
  -----------
  Apply patch. rdar://123037271

Canonical link: https://commits.webkit.org/272448.643@safari-7618-branch


  Commit: 2afc48f9edbe73ef17c520d06974109dac0c8f10
      https://github.com/WebKit/WebKit/commit/2afc48f9edbe73ef17c520d06974109dac0c8f10
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
    M Source/WebCore/html/FeaturePolicy.cpp
    M Source/WebCore/html/FeaturePolicy.h
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/platform/network/ResourceRequestBase.cpp
    M Source/WebCore/platform/network/ResourceRequestBase.h
    M Source/WebCore/platform/network/cf/ResourceRequest.h
    M Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.serialization.in
    M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
    M Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.serialization.in
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm

  Log Message:
  -----------
  Cherry-pick c798343a0933. rdar://121621131

    Cherry-pick 273360 at main (2887eed67e7d). rdar://107854094

        Implement experimental allow="private-token" permissions policy
        https://bugs.webkit.org/show_bug.cgi?id=266549
        rdar://107854094

        Reviewed by Youenn Fablet.

        This patch implements a new experimental permissions policy that provides
        third-party contexts with access to using Private Tokens, as described in the
        explainer [0]. If a third-party context is not granted the permission, then it
        is not allowed to interact in the specified HTTP Authorization [1] flow. If the
        context is given permission, then that interaction happens at a lower layer
        than WebKit on Cocoa platforms.

        [0] https://github.com/WebKit/explainers/tree/main/ThirdPartyPrivateTokens
        [1] https://datatracker.ietf.org/doc/draft-ietf-privacypass-auth-scheme/

        * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
        * Source/WTF/wtf/PlatformHave.h:
        * Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:
        * Source/WebCore/html/FeaturePolicy.cpp:
        (WebCore::policyTypeName):
        (WebCore::FeaturePolicy::parse):
        (WebCore::FeaturePolicy::allows const):
        * Source/WebCore/html/FeaturePolicy.h:
        * Source/WebCore/loader/FrameLoader.cpp:
        (WebCore::FrameLoader::updateRequestAndAddExtraFields):
        * Source/WebCore/platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::setAsIsolatedCopy):
        (WebCore::ResourceRequestBase::setIsPrivateTokenUsageByThirdPartyAllowed):
        * Source/WebCore/platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::RequestData::RequestData):
        (WebCore::ResourceRequestBase::isPrivateTokenUsageByThirdPartyAllowed const):
        * Source/WebCore/platform/network/cf/ResourceRequest.h:
        * Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::ResourceRequest):
        (WebCore::ResourceRequest::getResourceRequestPlatformData const):
        * Source/WebKit/NetworkProcess/NetworkProcess.cpp:
        (WebKit::NetworkProcess::setShouldSendPrivateTokenIPCForTesting const):
        * Source/WebKit/NetworkProcess/NetworkProcess.h:
        * Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
        * Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
        (WebKit::NetworkResourceLoader::startNetworkLoad):
        * Source/WebKit/NetworkProcess/NetworkSession.cpp:
        (WebKit::NetworkSession::setShouldSendPrivateTokenIPCForTesting):
        * Source/WebKit/NetworkProcess/NetworkSession.h:
        (WebKit::NetworkSession::shouldSendPrivateTokenIPCForTesting const):
        * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h:
        * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.serialization.in:
        * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
        (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
        * Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.serialization.in:
        * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
        * Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
        (-[WKWebsiteDataStore _setPrivateTokenIPCForTesting:]):
        * Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
        * Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h:
        * Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
        (WebKit::NetworkProcessProxy::didAllowPrivateTokenUsageByThirdPartyForTesting):
        * Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
        * Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in:
        * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
        (WebKit::WebsiteDataStore::didAllowPrivateTokenUsageByThirdPartyForTesting):
        (WebKit::WebsiteDataStore::setPrivateTokenIPCForTesting):
        * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
        * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h:
        (WebKit::WebsiteDataStoreClient::didAllowPrivateTokenUsageByThirdPartyForTesting):
        * Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
        (-[NavigationDelegate websiteDataStore:didAllowPrivateTokenUsageByThirdPartyForTesting:forResourceURL:]):
        (setupWebViewForPrivateTokenTests):
        (TEST):

        Canonical link: https://commits.webkit.org/273360@main

Canonical link: https://commits.webkit.org/272448.644@safari-7618-branch


  Commit: def30df6fb1c1924066520ff0ccc50ae5ffab5b2
      https://github.com/WebKit/WebKit/commit/def30df6fb1c1924066520ff0ccc50ae5ffab5b2
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp

  Log Message:
  -----------
  Cherry-pick 5590366d49ca. rdar://123641381

    scanAttributeName doesn't need to check for "is" content attribute
    https://bugs.webkit.org/show_bug.cgi?id=270066

    Reviewed by Chris Dumez and Yusuke Suzuki.

    Since we don't support "is" content attribute, we don't need to check for its presence.

    * Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp:
    (WebCore::HTMLFastPathParser::scanAttributeName):

    Canonical link: https://commits.webkit.org/275331@main

Canonical link: https://commits.webkit.org/272448.645@safari-7618-branch


  Commit: 5b9cab4eb8fe6c2984dc26b5a2d29f359fc8a167
      https://github.com/WebKit/WebKit/commit/5b9cab4eb8fe6c2984dc26b5a2d29f359fc8a167
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/cache/DOMCacheStorage.cpp
    M Source/WebCore/Modules/cache/DOMCacheStorage.h

  Log Message:
  -----------
  Apply patch. rdar://122170377

Canonical link: https://commits.webkit.org/272448.646@safari-7618-branch


  Commit: 29dc10bd00d6db2b5212031fb6166fc814d84239
      https://github.com/WebKit/WebKit/commit/29dc10bd00d6db2b5212031fb6166fc814d84239
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-02-28 (Wed, 28 Feb 2024)

  Changed paths:
    M LayoutTests/fast/events/cancel-mousedown-and-drag-from-frame-to-other-frame.html
    M LayoutTests/fast/events/cancel-mousedown-and-drag-to-frame-expected.txt
    M LayoutTests/fast/events/cancel-mousedown-and-drag-to-frame.html
    M LayoutTests/fast/events/resources/mouse-drag-from-frame-target-subframe.html
    M Source/WebCore/page/EventHandler.cpp

  Log Message:
  -----------
  Cherry-pick 275157 at main (50f43b731d20). rdar://120540148

    REGRESSION (Safari 17.2): Does not respect mousemove events in an iframe when the mouse is clicked from outside of an iframe
    https://bugs.webkit.org/show_bug.cgi?id=269886
    rdar://120540148

    Reviewed by Wenson Hsieh.

    In 269246 at main, we introduced a behavior change where initiating a drag
    gesture from a cancelled mousedown event causes all mousemove events to
    be routed to the originating frame till the drag gesture terminates with
    a corresponding mouseup event. This was a web compatibility regression
    since users expect to receive mouse events in the inner frame when we
    are dragging the pointer over it.

    Instead, this patch limits this mouse event target capturing behavior to
    subframes only, and not the outer frame. This patch makes mouse event
    targets independent of mousedown event cancellation when the pointer is
    dragged out of a subframe. This change in behavior aligns us with other
    major browser vendors' behavior.

    Finally, we update cancel-mousedown-and-drag-to-frame.html since the new
    behavior is essentially the opposite of what the test had been
    expecting.

    * LayoutTests/fast/events/cancel-mousedown-and-drag-from-frame-to-other-frame.html:
    * LayoutTests/fast/events/cancel-mousedown-and-drag-to-frame-expected.txt:
    * LayoutTests/fast/events/cancel-mousedown-and-drag-to-frame.html:
    * LayoutTests/fast/events/resources/mouse-drag-from-frame-target-subframe.html:
    * Source/WebCore/page/EventHandler.cpp:
    (WebCore::EventHandler::handleMousePressEvent):

    Canonical link: https://commits.webkit.org/275157@main

Canonical link: https://commits.webkit.org/272448.647@safari-7618-branch


  Commit: 00414cbd744c6a8d14069691d347736da794662f
      https://github.com/WebKit/WebKit/commit/00414cbd744c6a8d14069691d347736da794662f
  Author: Claudio Saavedra <csaavedra at igalia.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    A LayoutTests/fast/block/multicolumn-with-outline-auto-expected.txt
    A LayoutTests/fast/block/multicolumn-with-outline-auto.html
    M Source/WebCore/rendering/updating/RenderTreeBuilder.cpp
    M Source/WebCore/rendering/updating/RenderTreeBuilder.h
    M Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp
    M Source/WebCore/rendering/updating/RenderTreeBuilderBlock.h
    M Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp

  Log Message:
  -----------
  Cherry-pick 274097.6 at webkit-2024.2-embargoed (446b237f7e06). rdar://115001663

    Prevent selection repaint in the middle of multicolumn flow destruction
    https://bugs.webkit.org/show_bug.cgi?id=263180

    Reviewed by Alan Baradlay.

    During multicolumn fragmented flow destruction, spanners are moved back
    to their original DOM position in the tree. This is done through calls
    to RenderTreeBuilderBlock::Block::detach(RenderBlockFlow&), which also
    calls the more general RenderBlock ::detach() method for each spanner.
    The former method results in the destruction of the spanner placeholders
    and the merging of the necessary multicolumn sets, but this is not done
    immediately, so the tree is temporarily inconsistent, before the
    RenderBlock detach() method is called.

    RenderTreeBuilderBlock::Block::detach(RenderBlock&), however,
    might inadvertely end up triggering a repaint of the selection that the
    tree is not ready for. I assume that this is an oversight from the possibility
    that this method gets called during RenderBlockFlow detachment. This repaint
    happens because RenderTreeBuilder::detachFromRenderElement() clears the
    selection if the child being detached is to be destroyed. As
    WillBeDestroyed::Yes is the default value in the definition of
    detachFromRenderElement(), this is assumed to be the case, even when
    that's not what happens during fragmented flow destruction.

    The problem with this is that the selection repaint will eventually find itself
    needing a consistent tree, and the fact that multicolumn sets are not merged
    yet and there are spanners without a placehoder will break assumptions made
    in RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded().

    Fix this by making it possible for both detach() methods to propagate
    WillBeDestroyed, with a default value of WillBeDestroyed::Yes to preserve
    current behavior everywhere, but explicitly passing WillBeDestroyed::No
    during fragmented flow destruction when detaching spanners, as this is what
    is actually happening. This prevents the selection repaint from happening
    before the tree is in a consistent state.

    * LayoutTests/fast/block/multicolumn-with-outline-auto-expected.txt: Added.
    * LayoutTests/fast/block/multicolumn-with-outline-auto.html: Added.
    * Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:
    (WebCore::RenderTreeBuilder::detach):
    * Source/WebCore/rendering/updating/RenderTreeBuilder.h:
    * Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp:
    (WebCore::RenderTreeBuilder::Block::detach):
    * Source/WebCore/rendering/updating/RenderTreeBuilderBlock.h:
    * Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp:
    (WebCore::RenderTreeBuilder::MultiColumn::destroyFragmentedFlow):

    Canonical link: https://commits.webkit.org/274097.6@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.648@safari-7618-branch


  Commit: da83fd39f0768052443b2a2452a483d319123b5a
      https://github.com/WebKit/WebKit/commit/da83fd39f0768052443b2a2452a483d319123b5a
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    A JSTests/wasm/stress/wasm-unreachable-br-block.js
    M Source/JavaScriptCore/wasm/WasmFunctionParser.h

  Log Message:
  -----------
  Cherry-pick 274097.7 at webkit-2024.2-embargoed (ab8e4a4470bb). rdar://103288466

    WASM unreachable code validation is broken https://bugs.webkit.org/show_bug.cgi?id=265425

    Reviewed by Keith Miller.

    This patch fixes an assertion failure in the unreachable code parser
    when the target of a br instruction is a block that was not added into
    the control stack.

    The code that checks the br target now takes into account the number of
    unreachable blocks, if the br instruction is also unreachable. This is
    similar to the solution employed by parseDelegateTarget and should
    support cases when block, if, try, and loop were not added to the control
    stack.

    * JSTests/wasm/stress/wasm-unreachable-br-block.js: Added.
    (async test):
    * Source/JavaScriptCore/wasm/WasmFunctionParser.h:
    (JSC::Wasm::FunctionParser<Context>::parseBranchTarget):
    (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):

    Canonical link: https://commits.webkit.org/274097.7@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.649@safari-7618-branch


  Commit: f6ed9e713c650ee3c89d66c73e970a1787b4126d
      https://github.com/WebKit/WebKit/commit/f6ed9e713c650ee3c89d66c73e970a1787b4126d
  Author: Žan Doberšek <zdobersek at igalia.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    A LayoutTests/fast/css/repeating-conic-gradient-small-range-expected.txt
    A LayoutTests/fast/css/repeating-conic-gradient-small-range.html
    A LayoutTests/fast/css/repeating-linear-gradient-small-range-expected.txt
    A LayoutTests/fast/css/repeating-linear-gradient-small-range.html
    A LayoutTests/fast/css/repeating-radial-gradient-small-range-expected.txt
    A LayoutTests/fast/css/repeating-radial-gradient-small-range.html
    M LayoutTests/platform/glib/TestExpectations
    M Source/WebCore/rendering/style/StyleGradientImage.cpp

  Log Message:
  -----------
  Cherry-pick 274097.8 at webkit-2024.2-embargoed (efd994a148b6). rdar://114069174

    ASAN_ILL | WTF::Vector::expandCapacity; WTF::Vector::expandCapacity; WebCore::StyleGradientImage::computeStops
    https://bugs.webkit.org/show_bug.cgi?id=264639

    Reviewed by Antti Koivisto.

    When working with repeating gradients, more care should be put into limiting the
    amount of stops that can be additionally generated. If the original gradient
    range is already too small, the extra stops are not generated. Once the number
    of additional stops is calculated, the generation proceeds only if that number
    is below some reasonable limit. That generation is also improved slightly by
    creating a separate Vector of gradient stops that then simply replaces the
    original one.

    * LayoutTests/fast/css/repeating-conic-gradient-small-range-expected.txt: Added.
    * LayoutTests/fast/css/repeating-conic-gradient-small-range.html: Added.
    * LayoutTests/fast/css/repeating-linear-gradient-small-range-expected.txt: Added.
    * LayoutTests/fast/css/repeating-linear-gradient-small-range.html: Added.
    * LayoutTests/fast/css/repeating-radial-gradient-small-range-expected.txt: Added.
    * LayoutTests/fast/css/repeating-radial-gradient-small-range.html: Added.
    * LayoutTests/platform/glib/TestExpectations:
    * Source/WebCore/rendering/style/StyleGradientImage.cpp:
    (WebCore::StyleGradientImage::computeStops const):

    Canonical link: https://commits.webkit.org/274097.8@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.650@safari-7618-branch


  Commit: 4e48bdad70450f80597260bbd7da2300551e4543
      https://github.com/WebKit/WebKit/commit/4e48bdad70450f80597260bbd7da2300551e4543
  Author: Yijia Huang <yijia_huang at apple.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    A JSTests/stress/dfg-ai-direct-get-by-id-attribute-change-transition.js
    M Source/JavaScriptCore/bytecode/PutByStatus.cpp
    M Source/JavaScriptCore/runtime/Structure.cpp
    M Source/JavaScriptCore/runtime/Structure.h

  Log Message:
  -----------
  [JSC] AI should observe attribute change transitions for PutByIdDirect in DFG compilation
https://bugs.webkit.org/show_bug.cgi?id=270265
rdar://122515736

Reviewed by Yusuke Suzuki.

Since DirectPutById can trigger and cache attribute change transitions,
the AI should observe these kinds of transitions when computing for
GetByStatus in the DFG compilation.

* JSTests/stress/dfg-ai-attribute-change-transition-1.js: Added.
(returnObject):
(Opt):
(createObjectA):
(createObjectB):
(initialize):
* JSTests/stress/dfg-ai-attribute-change-transition-2.js: Added.
(returnObject):
(Opt):
(createObject):
(getStructureID):
(main):
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeFor):
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::Structure::attributeChangeTransitionToExistingStructureImpl):
(JSC::Structure::attributeChangeTransitionToExistingStructure):
(JSC::Structure::attributeChangeTransitionToExistingStructureConcurrently):
* Source/JavaScriptCore/runtime/Structure.h:

Canonical link: https://commits.webkit.org/272448.651@safari-7618-branch


  Commit: 84f5b5cead0439d45c2177e42f3c4dff3fbde2b1
      https://github.com/WebKit/WebKit/commit/84f5b5cead0439d45c2177e42f3c4dff3fbde2b1
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    M Source/WebCore/rendering/RenderThemeIOS.mm

  Log Message:
  -----------
  Cherry-pick 30cda0740c6a. rdar://122956268

    Handle <input type=checkbox switch> disabled styling as part of the painting code
    https://bugs.webkit.org/show_bug.cgi?id=269378
    rdar://122956268

    Reviewed by Aditya Keerthi.

    Using opacity creates a stacking context which is not desirable.

    * LayoutTests/platform/ios-wk2/TestExpectations:
    * Source/WebCore/rendering/ios/RenderThemeIOS.mm:
    (WebCore::RenderThemeIOS::adjustSwitchStyle const):

    Canonical link: https://commits.webkit.org/275002@main

Identifier: 272448.652 at safari-7618-branch


  Commit: f6e2c3bb0a726318fdb5e7f749928bf5d11f3594
      https://github.com/WebKit/WebKit/commit/f6e2c3bb0a726318fdb5e7f749928bf5d11f3594
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    A JSTests/stress/hoist-get-wasm-exports.js
    M Source/JavaScriptCore/dfg/DFGSafeToExecute.h

  Log Message:
  -----------
  GetWebAssemblyInstanceExports nodes should not be blindly hoisted
https://bugs.webkit.org/show_bug.cgi?id=270259
rdar://123617167

Reviewed by Alexey Shvayka.

GetWebAssemblyInstanceExports nodes should not be blindly hoisted above
their structure check.

```
case WebAssemblyInstanceExportsIntrinsic:
    ...
    addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(variant.structureSet())), thisNode);
    set(result, addToGraph(GetWebAssemblyInstanceExports, Edge(thisNode, KnownCellUse)));
```

Similar to GetByOffset, we should only hoist this node if we have proven
that the child has the structure of a WebAssembly Instance.

* JSTests/stress/hoist-get-wasm-exports.js: Added.
(opt):
(main):
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):

Canonical link: https://commits.webkit.org/272448.653@safari-7618-branch


  Commit: 56d9f9a47f509942a9a0278ed6a30dbb6aa14d39
      https://github.com/WebKit/WebKit/commit/56d9f9a47f509942a9a0278ed6a30dbb6aa14d39
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    A LayoutTests/fast/block/inline-content-is-float-avoider-simple-expected.html
    A LayoutTests/fast/block/inline-content-is-float-avoider-simple.html
    M Source/WebCore/rendering/RenderBlock.cpp

  Log Message:
  -----------
  Cherry-pick 0e458e89455f. rdar://60358063

    detik.com: Menu text is not shown in safari at top left corner of header
    https://bugs.webkit.org/show_bug.cgi?id=268790
    <rdar://60358063>

    Reviewed by Antti Koivisto.

    Inline content by definition is "float avoider". This is the case when inline content is wrapped inside a block container to ensure block sibling rule.
    e.g.
      <div><div>
      <div float></div>
      float avoider content.

    where the "float avoider content" is wrapped inside an anon block container.

    This helps when computing min/max content width for block content where
    float avoiders get accumulated on inline direction axis (as opposed to block axis).

    * LayoutTests/fast/block/inline-content-is-float-avoider-simple-expected.html: Added.
    * LayoutTests/fast/block/inline-content-is-float-avoider-simple.html: Added.
    * Source/WebCore/rendering/RenderBox.cpp:
    (WebCore::RenderBox::avoidsFloats const):

    Canonical link: https://commits.webkit.org/274191@main

Canonical link: https://commits.webkit.org/272448.654@safari-7618-branch


  Commit: dbe4a4906397daf96fda2f72f0df023dec26a1d1
      https://github.com/WebKit/WebKit/commit/dbe4a4906397daf96fda2f72f0df023dec26a1d1
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Tools/TestWebKitAPI/SourcesCocoa.txt
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessInfo.mm

  Log Message:
  -----------
  Apply patch. rdar://122825184

Canonical link: https://commits.webkit.org/272448.655@safari-7618-branch


  Commit: b709e0f017ebd849196b5f23dd8a401d493ef746
      https://github.com/WebKit/WebKit/commit/b709e0f017ebd849196b5f23dd8a401d493ef746
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/css/css-color/light-dark-basic-expected.txt
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/css/CSSValueKeywords.in
    M Source/WebCore/css/color/CSSUnresolvedColor.cpp
    M Source/WebCore/css/color/CSSUnresolvedColor.h
    A Source/WebCore/css/color/CSSUnresolvedLightDark.cpp
    A Source/WebCore/css/color/CSSUnresolvedLightDark.h
    M Source/WebCore/css/parser/CSSParserContext.cpp
    M Source/WebCore/css/parser/CSSParserContext.h
    M Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp
    M Source/WebInspectorUI/UserInterface/Models/CSSKeywordCompletions.js

  Log Message:
  -----------
  Cherry-pick 9240183bbeb2. rdar://123854183

    [css-color-5] Implement light-dark() function for color values
    https://bugs.webkit.org/show_bug.cgi?id=266889
    rdar://120171629

    Reviewed by Tim Nguyen.

    `light-dark()` allows authors to easily specify colors that adjust depending on
    an element's used color scheme.

    Spec: https://drafts.csswg.org/css-color-5/#light-dark

    * LayoutTests/TestExpectations:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-color/light-dark-basic-expected.txt:
    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
    * Source/WebCore/Sources.txt:
    * Source/WebCore/WebCore.xcodeproj/project.pbxproj:
    * Source/WebCore/css/CSSValueKeywords.in:
    * Source/WebCore/css/color/CSSUnresolvedColor.cpp:
    (WebCore::CSSUnresolvedColor::containsCurrentColor const):
    (WebCore::CSSUnresolvedColor::createStyleColor const):
    * Source/WebCore/css/color/CSSUnresolvedColor.h:
    * Source/WebCore/css/color/CSSUnresolvedLightDark.cpp: Added.
    (WebCore::serializationForCSS):
    (WebCore::operator==):
    (WebCore::createStyleColor):
    * Source/WebCore/css/color/CSSUnresolvedLightDark.h: Added.
    * Source/WebCore/css/parser/CSSParserContext.cpp:
    (WebCore::CSSParserContext::CSSParserContext):
    (WebCore::add):
    * Source/WebCore/css/parser/CSSParserContext.h:
    * Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp:
    (WebCore::CSSPropertyParserHelpers::parseLightDarkFunctionParameters):
    (WebCore::CSSPropertyParserHelpers::parseColorFunctionRaw):

    Similar to system colors, there is not an existing mechanism to resolve dynamic
    colors in workers.

    (WebCore::CSSPropertyParserHelpers::parseColorFunction):
    * Source/WebInspectorUI/UserInterface/Models/CSSKeywordCompletions.js:

    Canonical link: https://commits.webkit.org/272560@main

Canonical link: https://commits.webkit.org/272448.656@safari-7618-branch


  Commit: 0e0347d20e35f93e682c93f702529b72137a6cb5
      https://github.com/WebKit/WebKit/commit/0e0347d20e35f93e682c93f702529b72137a6cb5
  Author: lexey Knyazev <3479527+lexaknyazev at users.noreply.github.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/platform/ios-simulator/webgl/webgl-draft-extensions-flag-default-expected.txt
    M LayoutTests/platform/ios-simulator/webgl/webgl-draft-extensions-flag-on-expected.txt
    M LayoutTests/webgl/resources/webgl-draft-extensions-flag.js
    M LayoutTests/webgl/webgl-draft-extensions-flag-default-expected.txt
    M LayoutTests/webgl/webgl-draft-extensions-flag-off-expected.txt
    M LayoutTests/webgl/webgl-draft-extensions-flag-on-expected.txt
    M Source/WebCore/html/canvas/WebGL2RenderingContext.cpp

  Log Message:
  -----------
  Cherry-pick eb38b24329a2. rdar://123854629

    Move approved WebGL extensions out of draft
    https://bugs.webkit.org/show_bug.cgi?id=267453

    Reviewed by Kimmo Kinnunen.

    Enabled support for the following approved extensions:
    * EXT_conservative_depth
    * NV_shader_noperspective_interpolation

    * LayoutTests/platform/ios-simulator/webgl/webgl-draft-extensions-flag-default-expected.txt:
    * LayoutTests/platform/ios-simulator/webgl/webgl-draft-extensions-flag-on-expected.txt:
    * LayoutTests/webgl/resources/webgl-draft-extensions-flag.js:
    * LayoutTests/webgl/webgl-draft-extensions-flag-default-expected.txt:
    * LayoutTests/webgl/webgl-draft-extensions-flag-off-expected.txt:
    * LayoutTests/webgl/webgl-draft-extensions-flag-on-expected.txt:
    * Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:
    (WebCore::WebGL2RenderingContext::getExtension):
    (WebCore::WebGL2RenderingContext::getSupportedExtensions):

    Canonical link: https://commits.webkit.org/272979@main

Canonical link: https://commits.webkit.org/272448.657@safari-7618-branch


  Commit: 6cc9a744e8942085a3efe7f4b905a570e6ad347d
      https://github.com/WebKit/WebKit/commit/6cc9a744e8942085a3efe7f4b905a570e6ad347d
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-name-defining-rules-expected.txt
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebCore/bindings/js/JSCSSRuleCustom.cpp
    M Source/WebCore/css/StyleRule.cpp
    M Source/WebCore/css/StyleRule.h
    M Source/WebCore/css/StyleRuleType.h
    M Source/WebCore/css/StyleSheetContents.cpp
    M Source/WebCore/css/parser/CSSAtRuleID.cpp
    M Source/WebCore/css/parser/CSSAtRuleID.h
    M Source/WebCore/css/parser/CSSParserContext.cpp
    M Source/WebCore/css/parser/CSSParserContext.h
    M Source/WebCore/css/parser/CSSParserImpl.cpp
    M Source/WebCore/css/parser/CSSParserImpl.h
    M Source/WebCore/inspector/InspectorStyleSheet.cpp
    M Source/WebCore/style/ElementRuleCollector.cpp
    M Source/WebCore/style/MatchResult.h
    M Source/WebCore/style/PropertyCascade.cpp
    M Source/WebCore/style/PropertyCascade.h
    M Source/WebCore/style/RuleData.cpp
    M Source/WebCore/style/RuleData.h
    M Source/WebCore/style/RuleSet.cpp
    M Source/WebCore/style/RuleSetBuilder.cpp
    M Source/WebCore/style/RuleSetBuilder.h

  Log Message:
  -----------
  Cherry-pick bfcf9bf5da23. rdar://123854485

    [@starting-style] Add parsing support
    https://bugs.webkit.org/show_bug.cgi?id=267855
    rdar://121373181

    Reviewed by Matthieu Dubet.

    Add support for parsing @starting-style rules.

    https://drafts.csswg.org/css-transitions-2/#at-ruledef-starting-style

    The styles are not actually used yet.

    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-name-defining-rules-expected.txt:
    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

    Add a setting. Not enabled yet.

    * Source/WebCore/bindings/js/JSCSSRuleCustom.cpp:
    (WebCore::toJSNewlyCreated):
    * Source/WebCore/css/StyleRule.cpp:
    (WebCore::StyleRuleBase::visitDerived):
    (WebCore::StyleRuleBase::createCSSOMWrapper const):
    (WebCore::StyleRuleScope::styleSheetContents const):
    (WebCore::StyleRuleScope::setStyleSheetContents):
    (WebCore::StyleRuleStartingStyle::create):
    (WebCore::StyleRuleStartingStyle::StyleRuleStartingStyle):

    Add a StyleRule.

    * Source/WebCore/css/StyleRule.h:
    (WebCore::StyleRuleBase::isGroupRule const):
    (WebCore::StyleRuleBase::isStartingStyleRule const):
    (isType):
    * Source/WebCore/css/StyleRuleType.h:
    * Source/WebCore/css/StyleSheetContents.cpp:
    (WebCore::StyleSheetContents::traverseSubresources const):
    * Source/WebCore/css/parser/CSSAtRuleID.cpp:
    (WebCore::cssAtRuleID):
    * Source/WebCore/css/parser/CSSAtRuleID.h:
    * Source/WebCore/css/parser/CSSParserContext.cpp:
    * Source/WebCore/css/parser/CSSParserContext.h:
    * Source/WebCore/css/parser/CSSParserImpl.cpp:
    (WebCore::CSSParserImpl::consumeAtRule):
    (WebCore::CSSParserImpl::consumeStartingStyleRule):

    Parse the rule. This is simple as there are no arguments to parse.

    * Source/WebCore/css/parser/CSSParserImpl.h:
    * Source/WebCore/inspector/InspectorStyleSheet.cpp:
    (WebCore::flatteningStrategyForStyleRuleType):
    * Source/WebCore/style/ElementRuleCollector.cpp:
    (WebCore::Style::ElementRuleCollector::transferMatchedRules):
    * Source/WebCore/style/MatchResult.h:
    (WebCore::Style::operator==):
    (WebCore::Style::add):

    Pass if a given declaration belongs to starting-style.

    * Source/WebCore/style/PropertyCascade.cpp:
    (WebCore::Style::PropertyCascade::addMatch):

    Skip @starting-style rules unless we are building a before-change RenderStyle.
    With this patch we always skip.

    * Source/WebCore/style/PropertyCascade.h:
    * Source/WebCore/style/RuleData.cpp:
    (WebCore::Style::RuleData::RuleData):
    * Source/WebCore/style/RuleData.h:
    (WebCore::Style::RuleData::isStartingStyle const):

    Remember if the rule is part of a starting-style.

    * Source/WebCore/style/RuleSet.cpp:
    (WebCore::Style::RuleSet::addRule):
    * Source/WebCore/style/RuleSetBuilder.cpp:
    (WebCore::Style::RuleSetBuilder::addChildRule):

    Gather child rules from @starting-style.

    (WebCore::Style::RuleSetBuilder::addStyleRuleWithSelectorList):
    * Source/WebCore/style/RuleSetBuilder.h:

    Canonical link: https://commits.webkit.org/273351@main

Canonical link: https://commits.webkit.org/272448.658@safari-7618-branch


  Commit: dbaa546d9657fdb5b2991c4a15d372b1eaa35e8d
      https://github.com/WebKit/WebKit/commit/dbaa546d9657fdb5b2991c4a15d372b1eaa35e8d
  Author: Matthieu Dubet <m_dubet at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/import-conditions.html
    M LayoutTests/imported/w3c/web-platform-tests/css/cssom/cssimportrule-expected.txt
    A LayoutTests/platform/gtk-wk2/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt
    A LayoutTests/platform/wpe/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt
    M Source/WebCore/css/CSSImportRule.cpp
    M Source/WebCore/css/CSSImportRule.h
    M Source/WebCore/css/CSSImportRule.idl
    M Source/WebCore/css/StyleRuleImport.cpp
    M Source/WebCore/css/StyleRuleImport.h
    M Source/WebCore/css/parser/CSSParser.cpp
    M Source/WebCore/css/parser/CSSParserImpl.cpp
    M Source/WebCore/css/parser/CSSSupportsParser.cpp
    M Source/WebCore/css/parser/CSSSupportsParser.h
    M Source/WebCore/style/RuleSetBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 8338db44d918. rdar://123854667

    [CSS] Implement supports() after @import rule
    https://bugs.webkit.org/show_bug.cgi?id=256180
    rdar://109060734

    Reviewed by Antti Koivisto.

    https://drafts.csswg.org/css-cascade-5/#conditional-import
    https://drafts.csswg.org/css-conditional-3/#typedef-supports-condition

    The syntax is: [ supports( [ <supports-condition> | <declaration> ] ) ]?

    Like for the CSS.window.supports API, the supports() after @import
    allows bare declaration.

    * LayoutTests/TestExpectations:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/import-conditions.html:
    * LayoutTests/imported/w3c/web-platform-tests/css/cssom/cssimportrule-expected.txt:
    * LayoutTests/platform/gtk-wk2/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt: Added.
    * LayoutTests/platform/wpe/imported/w3c/web-platform-tests/css/css-cascade/import-conditions-expected.txt: Added.
    * Source/WebCore/css/CSSImportRule.cpp:
    (WebCore::CSSImportRule::layerName const):
    (WebCore::CSSImportRule::supportsText const):
    (WebCore::CSSImportRule::cssTextInternal const):
    * Source/WebCore/css/CSSImportRule.h:
    * Source/WebCore/css/CSSImportRule.idl:
    * Source/WebCore/css/StyleRuleImport.cpp:
    (WebCore::StyleRuleImport::create):
    (WebCore::StyleRuleImport::StyleRuleImport):
    * Source/WebCore/css/StyleRuleImport.h:
    * Source/WebCore/css/parser/CSSParser.cpp:
    (WebCore::CSSParser::parseSupportsCondition):
    * Source/WebCore/css/parser/CSSParserImpl.cpp:
    (WebCore::CSSParserImpl::consumeImportRule):
    (WebCore::CSSParserImpl::consumeSupportsRule):
    * Source/WebCore/css/parser/CSSSupportsParser.cpp:
    (WebCore::CSSSupportsParser::supportsCondition):
    * Source/WebCore/css/parser/CSSSupportsParser.h:
    * Source/WebCore/style/RuleSetBuilder.cpp:
    (WebCore::Style::RuleSetBuilder::addRulesFromSheetContents):

    Canonical link: https://commits.webkit.org/273591@main

Canonical link: https://commits.webkit.org/272448.659@safari-7618-branch


  Commit: 109047fc7b4ed38c385bb9aa3b46d0191eab724a
      https://github.com/WebKit/WebKit/commit/109047fc7b4ed38c385bb9aa3b46d0191eab724a
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml

  Log Message:
  -----------
  Cherry-pick 42f9569ae95a. rdar://123854319

    [css-color-5] Enable light-dark() by default
    https://bugs.webkit.org/show_bug.cgi?id=262914
    rdar://117033939

    Reviewed by Wenson Hsieh.

    Enable support for light-dark(<color>, <color>). This function computes to the
    computed value of the first color, if the used color scheme is light or unknown,
    or to the computed value of the second color, if the used color scheme is dark.

    Spec: https://drafts.csswg.org/css-color-5/#light-dark

    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

    Canonical link: https://commits.webkit.org/273634@main

Canonical link: https://commits.webkit.org/272448.660@safari-7618-branch


  Commit: a3ef1a9a7136f790435498715a7b53c3c6b68f88
      https://github.com/WebKit/WebKit/commit/a3ef1a9a7136f790435498715a7b53c3c6b68f88
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/idlharness-2-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/interfaces/css-transitions-2.idl
    M Source/WebCore/CMakeLists.txt
    M Source/WebCore/DerivedSources-input.xcfilelist
    M Source/WebCore/DerivedSources-output.xcfilelist
    M Source/WebCore/DerivedSources.make
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/bindings/js/JSCSSRuleCustom.cpp
    M Source/WebCore/bindings/js/WebCoreBuiltinNames.h
    A Source/WebCore/css/CSSStartingStyleRule.cpp
    A Source/WebCore/css/CSSStartingStyleRule.h
    A Source/WebCore/css/CSSStartingStyleRule.idl
    M Source/WebCore/css/StyleRule.cpp
    M Source/WebCore/css/StyleRuleImport.cpp
    M Source/WebCore/inspector/InspectorStyleSheet.cpp

  Log Message:
  -----------
  Cherry-pick aa0c3c8b01ff. rdar://123854529

    [@starting-style] Add CSSOM
    https://bugs.webkit.org/show_bug.cgi?id=268306
    rdar://problem/121862449

    Reviewed by Tim Nguyen.

    Add CSSStartingStyleRule interface.

    https://drafts.csswg.org/css-transitions-2/#the-cssstartingstylerule-interface

    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/idlharness-2-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/interfaces/css-transitions-2.idl:
    * Source/WebCore/DerivedSources-input.xcfilelist:
    * Source/WebCore/DerivedSources-output.xcfilelist:
    * Source/WebCore/DerivedSources.make:
    * Source/WebCore/Sources.txt:
    * Source/WebCore/WebCore.xcodeproj/project.pbxproj:
    * Source/WebCore/bindings/js/JSCSSRuleCustom.cpp:
    (WebCore::toJSNewlyCreated):
    * Source/WebCore/bindings/js/WebCoreBuiltinNames.h:
    * Source/WebCore/css/CSSStartingStyleRule.cpp: Added.
    (WebCore::CSSStartingStyleRule::CSSStartingStyleRule):
    (WebCore::CSSStartingStyleRule::cssText const):
    * Source/WebCore/css/CSSStartingStyleRule.h: Added.
    * Source/WebCore/css/CSSStartingStyleRule.idl: Added.
    * Source/WebCore/css/StyleRule.cpp:
    (WebCore::StyleRuleBase::createCSSOMWrapper const):
    * Source/WebCore/css/StyleRuleImport.cpp:
    * Source/WebCore/inspector/InspectorStyleSheet.cpp:
    (WebCore::flatteningStrategyForStyleRuleType):

    Canonical link: https://commits.webkit.org/273690@main

Canonical link: https://commits.webkit.org/272448.661@safari-7618-branch


  Commit: a7d69997b2de6c4abaef3dc73597c30c8378a484
      https://github.com/WebKit/WebKit/commit/a7d69997b2de6c4abaef3dc73597c30c8378a484
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M Source/WebCore/layout/formattingContexts/block/BlockLayoutState.h
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.h
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp

  Log Message:
  -----------
  Cherry-pick c1353df4a27c. rdar://123854267

    text-wrap balance should consider line-clamp when balancing
    https://bugs.webkit.org/show_bug.cgi?id=268302
    rdar://121858978

    Reviewed by Alan Baradlay.

    According to spec resolution [1], if line-clamp
    is defined, text-wrap: balance should balance
    only within the clamped lines.

    Up to this patch, we would balance taking into
    consideration all the lines and we would clamp
    it after balance.

    This patches makes InlineContentBalancer::initialize()
    take the maximum number of visible lines into account,
    based into the line-clamp property.

    Also, this allows for a small optimization:
    If line-clamp clamps to 1 line, we can skip balacing.

    [1] https://github.com/w3c/csswg-drafts/issues/9310

    * LayoutTests/TestExpectations:
    * Source/WebCore/layout/formattingContexts/block/BlockLayoutState.h:
    (WebCore::Layout::BlockLayoutState::LineClamp::allowedLineCount const):
    * Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp:
    (WebCore::Layout::InlineContentBalancer::initialize):
    (WebCore::Layout::InlineContentBalancer::computeBalanceConstraints):
    * Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.h:
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:
    (WebCore::Layout::InlineFormattingContext::createDisplayContentForInlineContent):

    Canonical link: https://commits.webkit.org/273800@main

Canonical link: https://commits.webkit.org/272448.662@safari-7618-branch


  Commit: b36c04be9fbf5fe6839d55a2f7faa5d4776b2c87
      https://github.com/WebKit/WebKit/commit/b36c04be9fbf5fe6839d55a2f7faa5d4776b2c87
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    A LayoutTests/fast/text/whitespace/text-wrap-balance-shape-expected.html
    A LayoutTests/fast/text/whitespace/text-wrap-balance-shape.html
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp

  Log Message:
  -----------
  Cherry-pick 1be1a3ffb5a5. rdar://123854414

    text-wrap: balance, prefering longer lines at the beginning of block
    https://bugs.webkit.org/show_bug.cgi?id=268780
    rdar://122338948

    Reviewed by Alan Baradlay.

    When balancing, there are different results that produce the same score,
    i.e.: the overall deviation to the ideal line is the same for different
    layout configurations. The current implementation prefers to keep longer
    lines at the end of the block, rather than at the beginning. Although
    this is not a bug, since specification doesn't dictates the shape of
    balancing, this might look a bit weird for some authors, as we are used
    to the Greedy behavior of "wrap", which will have a shorter line at the
    end.

    Also, other UAs prefers to have longer lines at the beginning, so, although
    it is not a bug, it would make the feature less confusing for authors if we
    would match the same behavior.

    We are introducing a new test to track the behavior of WebKit shape, but since
    this is not dictate by specification, this should not be WPT test.

    * LayoutTests/fast/text/whitespace/text-wrap-balance-shape-expected.html: Added.
    * LayoutTests/fast/text/whitespace/text-wrap-balance-shape.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp:
    (WebCore::Layout::InlineContentBalancer::balanceRangeWithLineRequirement):

    Canonical link: https://commits.webkit.org/274125@main

Canonical link: https://commits.webkit.org/272448.663@safari-7618-branch


  Commit: 17b39cfbe3ebef79cd796038d15afd0a89dbe6e7
      https://github.com/WebKit/WebKit/commit/17b39cfbe3ebef79cd796038d15afd0a89dbe6e7
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml

  Log Message:
  -----------
  Cherry-pick ffb0528b08db. rdar://123854373

    Enable text-wrap-style by default
    https://bugs.webkit.org/show_bug.cgi?id=269098
    rdar://problem/122670666

    Reviewed by Brent Fulgham.

    This patches enables text-wrap-style by default.

    Notice that the property's "balance" value still
    doesn't support balancing blocks that contain
    floating objects.

    This and other improvements are being tracked by:
    https://bugs.webkit.org/show_bug.cgi?id=269101

    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

    Canonical link: https://commits.webkit.org/274415@main

Canonical link: https://commits.webkit.org/272448.664@safari-7618-branch


  Commit: dd48b52159ed29decf731a67dd9aa8449f05e60a
      https://github.com/WebKit/WebKit/commit/dd48b52159ed29decf731a67dd9aa8449f05e60a
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

  Log Message:
  -----------
  Cherry-pick c1124e4e8f4c. rdar://123841061

    [iOS] Flash of black while exiting fullscreen on youtube.com
    https://bugs.webkit.org/show_bug.cgi?id=269969
    rdar://117708957

    Reviewed by Jean-Yves Avenard.

    A single frame of black is sometimes shown when exiting fullscreen, after the fullscreen
    animation completes, but before the WKWebView is visible in its full inline state.

    Debugging shows this is due to the call to -makeKeyAndVisible in -_reinsertWebViewUnderPlaceholder.
    It's not clear why making the WKWebView's parent window key and visible causes a black flash, but
    it's also unnecessary at this point in the animation. Additionally, none of the operations in
    -_completedExitFullScreen are wrapped in a CATransaction, so add one that commits once the
    WKWebView has finished the repaint after re-inserting it in its original window.

    Additionally, Safari will steal the WKWebView out of its fullscreen presentation during layout,
    so long as -[WKFullScreenWindowController isFullScreen] returns false. So modify the meaning of
    that property to include "WaitingToExit" and "ExitingFullscreen", preventing Safari from stealing
    the view until the fullscreen animation completes.

    * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
    (-[WKFullScreenWindowController _reinsertWebViewUnderPlaceholder]):
    (-[WKFullScreenWindowController _completedExitFullScreen]):

    Canonical link: https://commits.webkit.org/275240@main

Canonical link: https://commits.webkit.org/272448.665@safari-7618-branch


  Commit: caf26c37ac0276f0bf6205e1529ab1f3836152d1
      https://github.com/WebKit/WebKit/commit/caf26c37ac0276f0bf6205e1529ab1f3836152d1
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WebCore/loader/cache/CachedImage.cpp
    M Source/WebCore/loader/cache/CachedImage.h
    M Source/WebCore/rendering/RenderImage.cpp

  Log Message:
  -----------
  Apply patch. rdar://123902002

Canonical link: https://commits.webkit.org/272448.666@safari-7618-branch


  Commit: d029a5c90fbe25a2c6122286652838c4df51627f
      https://github.com/WebKit/WebKit/commit/d029a5c90fbe25a2c6122286652838c4df51627f
  Author: Gerald Squelart <g_squelart at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/platform/mac-wk2/TestExpectations
    M LayoutTests/platform/mac-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt
    M LayoutTests/platform/mac/TestExpectations
    R LayoutTests/platform/mac/fast/attachment/mac/wide-attachment-image-controls-basic-expected.txt
    M Source/WebCore/rendering/RenderThemeMac.mm

  Log Message:
  -----------
  Cherry-pick f8ece4ab18cf. rdar://123475873

    Correct the CSSValueAppleSystemTertiaryFill fallback: alpha=12 instead of 13.
    https://bugs.webkit.org/show_bug.cgi?id=267838
    rdar://114294654

    Reviewed by Tim Nguyen.

    The original fallback value (in case it is not available in the SDK or in the
    AppKit framework) was originally computed by rounding 5% of 255 to its nearest
    integer value 13, but the value in the framework is actually 12.
    That caused test results to differ depending on the age of the SDK or framework.

    * LayoutTests/platform/mac-ventura/fast/attachment/mac/wide-attachment-image-controls-basic-expected.txt: Removed.
    * LayoutTests/platform/mac-wk2/TestExpectations:
    * LayoutTests/platform/mac-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt:
    * LayoutTests/platform/mac/TestExpectations:
    * Source/WebCore/rendering/RenderThemeMac.mm:
    (WebCore::RenderThemeMac::systemColor const):

    Canonical link: https://commits.webkit.org/273278@main

Canonical link: https://commits.webkit.org/272448.667@safari-7618-branch


  Commit: c6da162533b8401da99454df23239ff992a569fb
      https://github.com/WebKit/WebKit/commit/c6da162533b8401da99454df23239ff992a569fb
  Author: Ben Nham <nham at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/MemoryPressureHandler.cpp
    M Source/WTF/wtf/MemoryPressureHandler.h
    M Source/WebKit/Shared/WebProcessCreationParameters.h
    M Source/WebKit/Shared/WebProcessCreationParameters.serialization.in
    M Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.cpp
    M Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.h
    M Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
    M Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Source/WebKit/UIProcess/WebProcessProxy.messages.in
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Tools/TestWebKitAPI/SourcesCocoa.txt
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/MemoryFootprintThreshold.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/SnapshotStore.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPageHasMediaStreamingActivity.mm

  Log Message:
  -----------
  Cherry-pick 0951ebda6a7a. rdar://122908959

    Add memory footprint notification callbacks
    https://bugs.webkit.org/show_bug.cgi?id=269317
    rdar://problem/122908959

    Reviewed by Brady Eidson.

    We want to observe when sites in the field exceed various key memory footprint thresholds (e.g. 2GB,
    4GB, etc.). To do this, we let the embedder specify those thresholds in _WKProcessPoolConfiguration.
    We also add a _WKWebsiteDataStore delegate method that is called when WebContent's footprint exceeds
    those thresholds.

    Theis notification only works on the Mac, since they require the use of the periodic memory monitor
    (which is only enabled on Mac).

    * Source/WTF/wtf/MemoryPressureHandler.cpp:
    (WTF::MemoryPressureHandler::setMemoryFootprintPollIntervalForTesting):
    (WTF::MemoryPressureHandler::setMemoryFootprintNotificationThresholds):
    (WTF::MemoryPressureHandler::measurementTimerFired):
    * Source/WTF/wtf/MemoryPressureHandler.h:
    * Source/WebKit/Shared/WebProcessCreationParameters.h:
    * Source/WebKit/Shared/WebProcessCreationParameters.serialization.in:
    * Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.cpp:
    (API::ProcessPoolConfiguration::copy):
    * Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.h:
    * Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
    * Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
    * Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
    * Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:
    (-[_WKProcessPoolConfiguration setMemoryFootprintPollIntervalForTesting:]):
    (-[_WKProcessPoolConfiguration memoryFootprintPollIntervalForTesting]):
    (-[_WKProcessPoolConfiguration memoryFootprintNotificationThresholds]):
    (-[_WKProcessPoolConfiguration setMemoryFootprintNotificationThresholds:]):
    * Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h:
    * Source/WebKit/UIProcess/WebProcessPool.cpp:
    (WebKit::WebProcessPool::initializeNewWebProcess):
    * Source/WebKit/UIProcess/WebProcessProxy.cpp:
    (WebKit::WebProcessProxy::didExceedMemoryFootprintThreshold):
    * Source/WebKit/UIProcess/WebProcessProxy.h:
    * Source/WebKit/UIProcess/WebProcessProxy.messages.in:
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h:
    (WebKit::WebsiteDataStoreClient::didExceedMemoryFootprintThreshold):
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h:
    (WebKit::WebsiteDataStoreConfiguration::setMemoryFootprintNotificationThresholds):
    (WebKit::WebsiteDataStoreConfiguration::memoryFootprintNotificationThresholds):
    * Source/WebKit/WebProcess/WebProcess.cpp:
    (WebKit::WebProcess::initializeWebProcess):
    * Tools/TestWebKitAPI/SourcesCocoa.txt:
    * Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/MemoryFootprintThreshold.mm: Added.
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewSuspendAllMediaPlayback.mm:

    Canonical link: https://commits.webkit.org/274733@main

Canonical link: https://commits.webkit.org/272448.668@safari-7618-branch


  Commit: 1e74b68e8229319baa37c226162ab9889ba0c16c
      https://github.com/WebKit/WebKit/commit/1e74b68e8229319baa37c226162ab9889ba0c16c
  Author: Gerald Squelart <g_squelart at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M LayoutTests/fast/attachment/mac/wide-attachment-image-controls-basic-expected.txt
    M LayoutTests/platform/ios-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt
    R LayoutTests/platform/mac-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt
    M LayoutTests/platform/mac/fast/attachment/cocoa/wide-attachment-rendering-expected.txt
    M Source/WebCore/html/HTMLAttachmentElement.cpp
    M Source/WebCore/html/shadow/attachmentElementShadow.css

  Log Message:
  -----------
  Cherry-pick 58e3ab08228f. rdar://123475869

    Attachment: Use opaque background color to ensure readability
    https://bugs.webkit.org/show_bug.cgi?id=267253
    rdar://117749005

    Reviewed by Tim Nguyen.

    The system colors used for the attachment background are very transparent,
    which could render the attachment contents less readable if whatever is
    under the attachment is of a similar color as the attachment text.
    This issue can be prevented by making the background fully opaque.
    The original transparent color has been moved to a new child div.

    * LayoutTests/fast/attachment/mac/wide-attachment-image-controls-basic-expected.txt:
    * LayoutTests/platform/ios-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt:
    * LayoutTests/platform/mac-wk2/fast/attachment/cocoa/wide-attachment-rendering-expected.txt: Removed.
    * LayoutTests/platform/mac/fast/attachment/cocoa/wide-attachment-rendering-expected.txt:
    * Source/WebCore/html/HTMLAttachmentElement.cpp:
    (WebCore::attachmentBackgroundIdentifier):
    (WebCore::HTMLAttachmentElement::ensureWideLayoutShadowTree):
    * Source/WebCore/html/shadow/attachmentElementShadow.css:
    (div#attachment-container):
    (div#attachment-background):

    Canonical link: https://commits.webkit.org/273642@main

Canonical link: https://commits.webkit.org/272448.669@safari-7618-branch


  Commit: 4e42d28f8408ec99843c4806d0841e8a1179621a
      https://github.com/WebKit/WebKit/commit/4e42d28f8408ec99843c4806d0841e8a1179621a
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/FullscreenManager.cpp
    M Source/WebCore/dom/FullscreenManager.h
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/ios/FullscreenLayoutParameters.mm
    R Tools/TestWebKitAPI/Tests/ios/FullscreenOverriddenLayoutParameters.mm

  Log Message:
  -----------
  Apply patch. rdar://122981183

Canonical link: https://commits.webkit.org/272448.670@safari-7618-branch


  Commit: 6b90bda958ae92bf590d3c7bd507be52530ab85d
      https://github.com/WebKit/WebKit/commit/6b90bda958ae92bf590d3c7bd507be52530ab85d
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-01 (Fri, 01 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/MarketplaceKitWrapper.swift
    M Source/WebKit/UIProcess/Cocoa/NavigationState.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h

  Log Message:
  -----------
  Apply patch. rdar://123475774

Canonical link: https://commits.webkit.org/272448.671@safari-7618-branch


  Commit: 6b6d3d3e61f6736c4d961088a8a6d8c8952c198b
      https://github.com/WebKit/WebKit/commit/6b6d3d3e61f6736c4d961088a8a6d8c8952c198b
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2024-03-02 (Sat, 02 Mar 2024)

  Changed paths:
    M Source/WebCore/en.lproj/Localizable.strings
    M Source/WebCore/html/HTMLAnchorElement.cpp
    M Source/WebKit/UIProcess/Cocoa/SystemPreviewControllerCocoa.mm
    M Source/WebKit/UIProcess/SystemPreviewController.h

  Log Message:
  -----------
  Interactionless USDZ Popups in Vision Pro
<radar://122802255>

Reviewed by Tim Horton.

Show a pop-up asking the user to confirm they want to
quick look preview a USDZ file in WebKit.

Add a delay if the page constantly tries to open one such
file otherwise it can be difficult to exit out of the page.

* Source/WebCore/en.lproj/Localizable.strings:
* Source/WebKit/UIProcess/Cocoa/SystemPreviewControllerCocoa.mm:
* Source/WebKit/UIProcess/SystemPreviewController.h:
* Source/WebCore/html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):

Canonical link: https://commits.webkit.org/272448.672@safari-7618-branch


  Commit: a7638842d43d898d5bd81ee2ca98734a07033fe8
      https://github.com/WebKit/WebKit/commit/a7638842d43d898d5bd81ee2ca98734a07033fe8
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml

  Log Message:
  -----------
  Cherry-pick 1544606a8541. rdar://123854536

    [@starting-style] Enable by default
    https://bugs.webkit.org/show_bug.cgi?id=268369
    rdar://121918611

    Reviewed by Antoine Quint.

    Flip the switch.

    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

    Canonical link: https://commits.webkit.org/273740@main

Identifier: 272448.673 at safari-7618-branch


  Commit: 79d2d4904ab9bfb3d963309c4f6cb059e8594205
      https://github.com/WebKit/WebKit/commit/79d2d4904ab9bfb3d963309c4f6cb059e8594205
  Author: Gerald Squelart <g_squelart at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/html/shadow/attachmentElementShadow.css

  Log Message:
  -----------
  Cherry-pick 402445a10ad8. rdar://123670303

    Attachment: Add missing border-radius to the transparent-color div
    https://bugs.webkit.org/show_bug.cgi?id=270254
    rdar://123670303

    Reviewed by Tim Nguyen.

    Without this border-radius, the div extends to the full rectangle, so its
    transparent color may be visible against some email background colors.

    Note: I don't want to clip from the top element, in case some other/future
    issue could one day clip important information (mainly the title).

    * Source/WebCore/html/shadow/attachmentElementShadow.css:
    (div#attachment-background):

    Canonical link: https://commits.webkit.org/275484@main

Identifier: 272448.674 at safari-7618-branch


  Commit: bbafbac4e0cf772845d0effed4a1f4d88a84f73d
      https://github.com/WebKit/WebKit/commit/bbafbac4e0cf772845d0effed4a1f4d88a84f73d
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm

  Log Message:
  -----------
  Cherry-pick 616aa286262c. rdar://120988239

    WebsiteDataStore should know about network process when it is added to the process
    https://bugs.webkit.org/show_bug.cgi?id=270241
    rdar://120988239

    Reviewed by Chris Dumez.

    UI process sends all WebsiteDataStores to network process when creating it, but does not notify WebsiteDataStore about
    the creation of network process. The result is that WebsiteDataStore does not know network process already exists and
    will skip some operations, see the places where m_networkProcess is checked in WebsiteDataStore.cpp. This has caused
    problems like tracking prevention flag is not updated correctly in network process.

    API test: ResourceLoadStatistics.EnableResourceLoadStatisticsAfterNetworkProcessCreation

    * Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
    (WebKit::NetworkProcessProxy::sendCreationParametersToNewProcess):
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
    (WebKit::WebsiteDataStore::setNetworkProcess):
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm:
    (TEST):

    Canonical link: https://commits.webkit.org/275506@main

Identifier: 272448.675 at safari-7618-branch


  Commit: 3546fe5769a89215d0874fe9d9cb611261a691c4
      https://github.com/WebKit/WebKit/commit/3546fe5769a89215d0874fe9d9cb611261a691c4
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/DataLog.h

  Log Message:
  -----------
  Cherry-pick 8bc91f004ab4. rdar://123567317

    dataLogIf / dataLogLnIf should be macro
    https://bugs.webkit.org/show_bug.cgi?id=270309
    rdar://123567317

    Reviewed by Mark Lam and Keith Miller.

    dataLogIf and dataLogLnIf should not evaluate arguments when the first condition is not true!

    * Source/WTF/wtf/DataLog.h:
    (WTF::dataLogIf): Deleted.
    (WTF::dataLogLnIf): Deleted.

    Canonical link: https://commits.webkit.org/275521@main

Identifier: 272448.676 at safari-7618-branch


  Commit: ba173536a7dc0fe06fd3ba667399612e039b0d2d
      https://github.com/WebKit/WebKit/commit/ba173536a7dc0fe06fd3ba667399612e039b0d2d
  Author: Nikolaos Mouchtaris <nmouchtaris at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    A LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-snap/snap-to-visible-areas-both-pseudo-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-snap/snap-to-visible-areas-both-pseudo.html
    M LayoutTests/platform/mac/TestExpectations
    M Source/WebCore/page/scrolling/ScrollSnapOffsetsInfo.cpp

  Log Message:
  -----------
  Cherry-pick 2f88930ccc92. rdar://111579277

    [css-scroll-snap] Skip renderers with no element in updateSnapOffsetsForScrollableArea
    https://bugs.webkit.org/show_bug.cgi?id=263093
    rdar://111579277

    Reviewed by Simon Fraser.

    We should skip renderers in updateSnapOffsetsForScrollableArea if they have no related element.
    For generated content we do generate an associated element as well, so the only time a renderer's
    element is null is for anonymous renderers (as specified in RenderElement.h as well), which we
    shouldn't snap to.

    * Source/WebCore/page/scrolling/ScrollSnapOffsetsInfo.cpp:
    (WebCore::updateSnapOffsetsForScrollableArea):

    Canonical link: https://commits.webkit.org/275523@main

Identifier: 272448.677 at safari-7618-branch


  Commit: 98e53a5f07860121879b89159c1f3be20e5fce9f
      https://github.com/WebKit/WebKit/commit/98e53a5f07860121879b89159c1f3be20e5fce9f
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/mac/controls/MenuListButtonMac.mm

  Log Message:
  -----------
  Cherry-pick c957547e10de. rdar://123845293

    [macOS] Fallback native <select> rendering is incorrect in dark mode
    https://bugs.webkit.org/show_bug.cgi?id=270305
    rdar://123845293

    Reviewed by Abrar Rahman Protyasha and Megan Gardner.

    In configurations where `NSPopUpButton` cannot be used for rendering <select>,
    a WebKit draws its own control using a gradient. Currently these configurations
    include a `zoom` value different than 1, or use of a vertical writing mode.

    However, this fallback appearance was never updated for dark mode, resulting
    in an incorrect appearance when using a dark color scheme. Fix by inverting
    white/black in the gradient interpolation.

    * Source/WebCore/platform/graphics/mac/controls/MenuListButtonMac.mm:
    (WebCore::interpolateGradient):
    (WebCore::topGradientInterpolate):
    (WebCore::bottomGradientInterpolate):
    (WebCore::mainGradientInterpolate):
    (WebCore::darkTopGradientInterpolate):
    (WebCore::darkBottomGradientInterpolate):
    (WebCore::darkMainGradientInterpolate):
    (WebCore::drawMenuListBackground):

    Canonical link: https://commits.webkit.org/275532@main

Identifier: 272448.678 at safari-7618-branch


  Commit: 6581d984407b7419fddb809501d44ec66b67bb2c
      https://github.com/WebKit/WebKit/commit/6581d984407b7419fddb809501d44ec66b67bb2c
  Author: Nikolaos Mouchtaris <nmouchtaris at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/page/scrolling/ScrollingStateFixedNode.cpp

  Log Message:
  -----------
  Cherry-pick 0c592c9b1e0c. rdar://105887621

    Crash under ScrollingStateFixedNode::reconcileLayerPositionForViewportRect
    https://bugs.webkit.org/show_bug.cgi?id=270361
    rdar://105887621

    Reviewed by Simon Fraser.

    We need a similar fix to https://github.com/WebKit/WebKit/pull/17453 as there is
    the same crash signature under ScrollingStateFixedNode::reconcileLayerPositionForViewportRect
    this time.

    * Source/WebCore/page/scrolling/ScrollingStateFixedNode.cpp:
    (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):

    Canonical link: https://commits.webkit.org/275574@main

Identifier: 272448.679 at safari-7618-branch


  Commit: f6e19619ef5ff7b21142d0c3d1a3231a456ff8a2
      https://github.com/WebKit/WebKit/commit/f6e19619ef5ff7b21142d0c3d1a3231a456ff8a2
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/Headers.cmake
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    A Source/WebCore/platform/audio/SharedAudioDestination.cpp
    A Source/WebCore/platform/audio/SharedAudioDestination.h
    M Source/WebCore/platform/audio/cocoa/AudioDestinationCocoa.cpp
    M Source/WebCore/platform/graphics/MediaSourcePrivate.cpp
    M Source/WebKit/WebProcess/GPU/media/WebMediaStrategy.cpp

  Log Message:
  -----------
  Cherry-pick a78127adb38a. rdar://122590884

    [Cocoa] Audio distortion during media playback when many AudioContexts are created
    https://bugs.webkit.org/show_bug.cgi?id=269833
    rdar://122590884

    Reviewed by Chris Dumez.

    In WebKit, each AudioContext created results in an additional thread serving that context's
    AudioDestination. (In WebKitLegacy, each AudioContext will result in an additional
    AudioOutputUnit running on a single high-priority audio thread.) When many threads
    (or AudioOutputUnits) are created, the overhead alone can cause underruns. And when this
    happens on the high-priority audio thread, it affects all audio playback within that
    process.

    Rather than create new threads or AudioOutputUnits (that are all rendering on the same
    thread to the same buffer in the end) for each AudioContext, a shared AudioDestination
    can be used for multiple AudioContext's with the same number of channels and sample rate.
    For common scenarios, this means only one high-priority audio thread will be created
    and serviced by a single AudioDestination. Specifically for WebKit, it means a single
    RemoteAudioDestination/Proxy pair for each WebContent process.

    * Source/WebCore/platform/audio/SharedAudioDestination.cpp: Added.
    (WebCore::SharedAudioDestinationAdapter::framesPerBuffer const):
    (WebCore::SharedAudioDestinationAdapter::sharedMap):
    (WebCore::SharedAudioDestinationAdapter::ensureAdapter):
    (WebCore::SharedAudioDestinationAdapter::SharedAudioDestinationAdapter):
    (WebCore::m_configurationSemaphore):
    (WebCore::SharedAudioDestinationAdapter::addRenderer):
    (WebCore::SharedAudioDestinationAdapter::removeRenderer):
    (WebCore::SharedAudioDestinationAdapter::configureRenderThread):
    (WebCore::SharedAudioDestinationAdapter::render):
    (WebCore::SharedAudioDestination::create):
    (WebCore::SharedAudioDestination::SharedAudioDestination):
    (WebCore::SharedAudioDestination::~SharedAudioDestination):
    (WebCore::SharedAudioDestination::start):
    (WebCore::SharedAudioDestination::stop):
    (WebCore::SharedAudioDestination::framesPerBuffer const):
    (WebCore::SharedAudioDestination::setIsPlaying):
    * Source/WebCore/platform/audio/SharedAudioDestination.h: Added.
    * Source/WebCore/platform/audio/cocoa/AudioDestinationCocoa.cpp:
    (WebCore::AudioDestination::create):
    * Source/WebKit/WebProcess/GPU/media/WebMediaStrategy.cpp:
    (WebKit::WebMediaStrategy::createAudioDestination):

    Canonical link: https://commits.webkit.org/275262@main

Identifier: 272448.680 at safari-7618-branch


  Commit: b6aa90dfb2f8b6f18377b64be839ed8a4f50fe58
      https://github.com/WebKit/WebKit/commit/b6aa90dfb2f8b6f18377b64be839ed8a4f50fe58
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/Configurations/GPUExtension.xcconfig
    M Source/WebKit/Configurations/NetworkingExtension.xcconfig
    M Source/WebKit/Configurations/WebContentCaptivePortalExtension.xcconfig
    M Source/WebKit/Configurations/WebContentExtension.xcconfig
    R Source/WebKit/Shared/AuxiliaryProcessExtensions/AuxiliaryProcessExtension.entitlements
    A Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUProcessExtension.entitlements
    A Source/WebKit/Shared/AuxiliaryProcessExtensions/NetworkingProcessExtension.entitlements
    A Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentProcessExtension.entitlements
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 638c7e3dc408. rdar://123336279

    Fix layout tests in simulator after https://commits.webkit.org/274822@main
    https://bugs.webkit.org/show_bug.cgi?id=269800
    rdar://123322718

    Reviewed by Brent Fulgham.

    Entitlement changes related to process grants are required for simulator after <https://commits.webkit.org/274822@main>.

    * Source/WebKit/Configurations/BaseExtension.xcconfig:
    * Source/WebKit/Configurations/GPUExtension.xcconfig:
    * Source/WebKit/Configurations/NetworkingExtension.xcconfig:
    * Source/WebKit/Configurations/WebContentCaptivePortalExtension.xcconfig:
    * Source/WebKit/Configurations/WebContentExtension.xcconfig:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUProcessExtension.entitlements: Copied from Source/WebKit/Shared/AuxiliaryProcessExtensions/AuxiliaryProcessExtension.entitlements.
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/NetworkingProcessExtension.entitlements: Copied from Source/WebKit/Shared/AuxiliaryProcessExtensions/AuxiliaryProcessExtension.entitlements.
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentProcessExtension.entitlements: Renamed from Source/WebKit/Shared/AuxiliaryProcessExtensions/AuxiliaryProcessExtension.entitlements.
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/275072@main

Identifier: 272448.681 at safari-7618-branch


  Commit: a95648cc4a22071382f14d1232570b77162f82c3
      https://github.com/WebKit/WebKit/commit/a95648cc4a22071382f14d1232570b77162f82c3
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/audio/SharedAudioDestination.cpp

  Log Message:
  -----------
  Cherry-pick 98f2399f9450. rdar://123730196

    REGRESSION (275262 at main): Unable to play games in PBS Kids Games app
    https://bugs.webkit.org/show_bug.cgi?id=270284
    rdar://123811318

    Reviewed by Chris Dumez.

    The SharedAudioDestinationAdapter's configuration queue would become stuck, waiting on
    a semaphore which would never be triggered. This appears to be a latent bug in the
    RemoteAudioDestinationProxy/Manager, but one that has dire implications now that
    SharedAudioDestination depends on its Adapter's render() method being called.

    Rather than block on a Semaphore to ensure the Adapter is configured before calling
    the completion handlers, simply pass the completion handler into the Adapter's
    inner destination's start() or stop() methods. Only when the Adapter is already started
    (or when it's stopped and does not need to be restarted) should the completion
    handler get called explicitly.

    Now that blocking is not needed, neither is the Adapter's configuration queue; all
    the setup for configuration can happen on the main thread.

    * Source/WebCore/platform/audio/SharedAudioDestination.cpp:
    (WebCore::SharedAudioDestinationAdapter::protectedWorkBus):
    (WebCore::SharedAudioDestinationAdapter::~SharedAudioDestinationAdapter):
    (WebCore::SharedAudioDestinationAdapter::addRenderer):
    (WebCore::SharedAudioDestinationAdapter::removeRenderer):
    (WebCore::SharedAudioDestinationAdapter::configureRenderThread):
    (WebCore::SharedAudioDestinationAdapter::callAllConfigurationHandlers):
    (WebCore::SharedAudioDestinationAdapter::render):
    (WebCore::SharedAudioDestinationAdapter::protectedConfigurationQueue): Deleted.
    (WebCore::m_configurationSemaphore): Deleted.

    Canonical link: https://commits.webkit.org/275542@main

Identifier: 272448.682 at safari-7618-branch


  Commit: 6e9c0ea8de572946161803971378c0cb823e4734
      https://github.com/WebKit/WebKit/commit/6e9c0ea8de572946161803971378c0cb823e4734
  Author: Scott Marcy <mscott at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/ipc/removeMediaUsageManagerSession-test-expected.txt
    A LayoutTests/ipc/removeMediaUsageManagerSession-test.html

  Log Message:
  -----------
  Adds a simplified test case to verify an over-release in ScreenTime is fixed.
https://bugs.webkit.org/show_bug.cgi?id=270461
rdar://115279815

Reviewed by David Kilzer.

This test is currently disabled in TestExpectations due to rdar://120486467 (Provide a way to notify WebKitTestRunner when we hit a purposeful MESSAGE_CHECK (267714)).

* LayoutTests/TestExpectations:
* LayoutTests/ipc/removeMediaUsageManagerSession-test-expected.txt: Added.
* LayoutTests/ipc/removeMediaUsageManagerSession-test.html: Added.

Canonical link: https://commits.webkit.org/272448.683@safari-7618-branch


  Commit: cd62341b1ddaf97d088596092069750751dce0c4
      https://github.com/WebKit/WebKit/commit/cd62341b1ddaf97d088596092069750751dce0c4
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp

  Log Message:
  -----------
  Web Inspector: Crash in Inspector::InspectorDebuggerAgent::didScheduleAsyncCall on knowyourmeme.com
https://bugs.webkit.org/show_bug.cgi?id=270139
rdar://123667952

Reviewed by Pascoe.

Avoid reading past the end of `m_pendingAsyncCalls`.

* Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):

Canonical link: https://commits.webkit.org/272448.684@safari-7618-branch


  Commit: 028628cff47325ccf31051675ebdf0f1e6eb74fc
      https://github.com/WebKit/WebKit/commit/028628cff47325ccf31051675ebdf0f1e6eb74fc
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Document.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/WKBackForwardListTests.mm

  Log Message:
  -----------
  Calling evaluateJavaScript enables back-button hijacking
https://bugs.webkit.org/show_bug.cgi?id=261611
rdar://115561250

Reviewed by Ben Nham.

In 253405 at main, I updated our back/forward list hijacking prevention logic by
treating history items added by JS (e.g. via 'history.pushState()`) as having
a user gesture if a user gesture had occurred in the last 10 seconds. This was
needed for backward compatibility with some legit sites.

The issue now is that if the client app has called evaluateJavaScript on the
WKWebView in the last 10 seconds, the JS will be able to hijack the back/forward
list again.

In 265168 at main, we did some hardening so that the transient activation gets
consumed after the evaluateJavaScript call has completed. However, it didn't
fix the back/forward list hijacking prevention logic because it relies on
user gesture and not transient activation.

To address the issue, I updated out back/forward list hijacking prevention logic
to rely on transient user activation rather than whether or not there was a
user gesture in the last 10 minutes.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::hasRecentUserInteractionForNavigationFromJS const):
* Tools/TestWebKitAPI/Tests/WebKit/WKBackForwardListTests.mm:
(TEST):

Canonical link: https://commits.webkit.org/272448.685@safari-7618-branch


  Commit: 11c5ecc14fe9385a3e0c6ee8e2a35e1a6f240aa0
      https://github.com/WebKit/WebKit/commit/11c5ecc14fe9385a3e0c6ee8e2a35e1a6f240aa0
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
    M Source/WebKit/Platform/cocoa/AssertionCapability.h
    M Source/WebKit/Platform/cocoa/AssertionCapability.mm
    M Source/WebKit/Platform/cocoa/ExtensionCapability.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm
    M Source/WebKit/Platform/cocoa/MediaCapability.h
    M Source/WebKit/Platform/cocoa/MediaCapability.mm
    M Source/WebKit/Platform/spi/Cocoa/ExtensionKitSPI.h
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUExtension-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUProcessExtension.swift
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/NetworkingProcessExtension.swift
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-CaptivePortal-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentProcessExtension.swift
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/ExtensionCapabilityGranter.mm
    M Source/WebKit/UIProcess/Cocoa/ProcessAssertionCocoa.mm
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
    M Source/WebKit/UIProcess/Launcher/ProcessLauncher.h
    A Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.h
    A Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.mm
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/ProcessAssertion.h
    M Source/WebKit/UIProcess/ios/WKVisibilityPropagationView.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Apply patch. rdar://120427651

Identifier: 272448.685 at safari-7618-branch


  Commit: 40e25c5cc4f89f7c9de6641d744bed47af6f4b98
      https://github.com/WebKit/WebKit/commit/40e25c5cc4f89f7c9de6641d744bed47af6f4b98
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/imported/w3c/resources/resource-files.json
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/WEB_FEATURES.yml
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-opt-in-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-opt-in.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/gethtml.tentative-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/gethtml.tentative.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/getinnerhtml.tentative.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/innerhtml-before-closing-tag-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/innerhtml-before-closing-tag.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/w3c-import.log
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-01-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-01.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-02-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-02.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-03-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-03.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-04-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-04.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-05-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-05.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-06-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-06.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-07-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-07.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-08-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-08.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-09-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-09.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-10-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-10.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-11-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-11.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-12-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-12.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-13-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-13.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-14-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-14.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-15-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-15.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-16-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-16.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-17-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-17.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-18-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-18.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-19-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-19.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-20-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-20.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-21-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-21.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-22-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-22.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-23-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-23.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-24-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-24.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-25-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-25.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-26-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-26.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-27-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-27.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-28-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-28.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-29-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-29.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-30-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-30.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-31-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-31.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-32-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-32.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-33-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-33.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-34-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-34.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-35-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-35.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-36-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-36.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-37-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-37.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-38-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-38.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-39-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-39.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-40-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-40.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-41-expected.html
    R LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-41.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-fallback-default-tabindex.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-fallback.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-2levels.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-delegatesFocus.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-fallback.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-shadow-in-fallback.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-shadow-in-slot.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-with-tabindex.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slots-in-slot.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slots.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-with-delegatesFocus.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-nested-slots.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-reverse-unassignable-slot.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-with-negative-index.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/resources/focus-utils.js
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/resources/shadow-dom.js
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-within-shadow-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-within-shadow.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/w3c-import.log
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/offsetTop-offsetLeft-across-shadow-boundaries.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-collapse-and-extend.tentative-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-collapse-and-extend.tentative.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-direction.tentative-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-direction.tentative.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-getComposedRanges.tentative-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-getComposedRanges.tentative.html
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/w3c-import.log
    M LayoutTests/platform/gtk/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-web-component-radio-expected.txt
    A LayoutTests/platform/wpe/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus-expected.txt

  Log Message:
  -----------
  Cherry-pick 9cfcb5f7af27. rdar://122928754

    Synchronize shadow-dom WPT
    https://bugs.webkit.org/show_bug.cgi?id=269296

    Reviewed by Tim Nguyen.

    The removed tests are in html/dom/elements/global-attributes now.

    This aligns with this upstream commit:
    https://github.com/web-platform-tests/wpt/commit/33d11f1db34802fda00e64ddeb0b7ef040cf65be

    * LayoutTests/TestExpectations:
    * LayoutTests/imported/w3c/resources/resource-files.json:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/WEB_FEATURES.yml: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-opt-in-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-opt-in.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/gethtml.tentative-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/gethtml.tentative.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/getinnerhtml.tentative.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/innerhtml-before-closing-tag-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/innerhtml-before-closing-tag.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/w3c-import.log:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-01-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-01.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-02-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-02.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-03-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-03.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-04-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-04.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-05-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-05.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-06-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-06.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-07-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-07.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-08-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-08.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-09-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-09.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-10-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-10.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-11-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-11.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-12-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-12.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-13-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-13.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-14-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-14.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-15-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-15.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-16-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-16.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-17-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-17.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-18-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-18.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-19-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-19.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-20-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-20.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-21-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-21.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-22-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-22.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-23-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-23.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-24-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-24.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-25-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-25.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-26-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-26.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-27-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-27.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-28-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-28.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-29-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-29.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-30-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-30.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-31-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-31.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-32-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-32.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-33-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-33.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-34-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-34.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-35-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-35.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-36-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-36.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-37-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-37.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-38-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-38.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-39-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-39.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-40-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-40.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-41-expected.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/directionality/dir-shadow-41.html: Removed.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-fallback-default-tabindex.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-fallback.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-2levels.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-delegatesFocus.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested-fallback.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-nested.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-shadow-in-fallback.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-shadow-in-slot.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slot-with-tabindex.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slots-in-slot.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-slots.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-with-delegatesFocus.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-nested-slots.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-reverse-unassignable-slot.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-with-negative-index.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/resources/focus-utils.js:
    (navigateFocusForward):
    (async assert_focus_navigation_bidirectional):
    (async assert_focus_navigation_backward_with_shadow_root):
    (async assert_focus_navigation_bidirectional_with_shadow_root):
    (async navigateFocusForward): Deleted.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/resources/shadow-dom.js:
    (convertDeclarativeTemplatesToShadowRootsWithin): Deleted.
    (): Deleted.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-within-shadow-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus-within-shadow.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/focus/w3c-import.log:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/offsetTop-offsetLeft-across-shadow-boundaries.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-collapse-and-extend.tentative-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-collapse-and-extend.tentative.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-direction.tentative-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-direction.tentative.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-getComposedRanges.tentative-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/selection-getComposedRanges.tentative.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/w3c-import.log:
    * LayoutTests/platform/gtk/imported/w3c/web-platform-tests/shadow-dom/focus-navigation/focus-navigation-web-component-radio-expected.txt:
    * LayoutTests/platform/wpe/imported/w3c/web-platform-tests/shadow-dom/focus/text-selection-with-delegatesFocus-expected.txt: Added.

    Canonical link: https://commits.webkit.org/274605@main

Identifier: 272448.686 at safari-7618-branch


  Commit: 2f2cdf0d6d6bbf0b034f3371950963f870ca6695
      https://github.com/WebKit/WebKit/commit/2f2cdf0d6d6bbf0b034f3371950963f870ca6695
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/scroll-animations/css/scroll-timeline-name-shadow.html
    M LayoutTests/imported/w3c/web-platform-tests/scroll-animations/css/view-timeline-name-shadow.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-2-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-2.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats.html
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/w3c-import.log
    M LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable-expected.txt
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/Element.h
    M Source/WebCore/html/HTMLAttributeNames.in
    M Source/WebCore/html/HTMLTemplateElement.cpp
    M Source/WebCore/html/parser/HTMLConstructionSite.cpp

  Log Message:
  -----------
  Cherry-pick 79d2dec92cae. rdar://123006751

    Add shadowrootclonable and align with declarative shadow root changes
    https://bugs.webkit.org/show_bug.cgi?id=269361

    Reviewed by Ryosuke Niwa.

    This makes the following changes:

    - Adds the new shadowrootclonable attribute to opt into a declarative
      shadow root being clonable.
    - As a result, declarative shadow roots are no longer clonable by
      default. Web developers will have to explicitly opt in.
    - When attachShadow() is called on a shadow host with an existing
      declarative tree, throw if mode is a mismatch.
    - In attachShadow() throw first for mode being set to "user-agent" as
      this is to be caught by the binding layer in theory.
    - And finally, only attach a declarative shadow root successfully for
      the first template element.

    New tests are upstreamed here:
    https://github.com/web-platform-tests/wpt/pull/44568

    Specification changes are here (not all have landed yet as various nits
    are still being addressed, but all have agreement):

    - https://github.com/whatwg/html/pull/10117
    - https://github.com/whatwg/html/pull/10069
    - https://github.com/whatwg/dom/pull/1246

    * LayoutTests/imported/w3c/web-platform-tests/scroll-animations/css/scroll-timeline-name-shadow.html:
    * LayoutTests/imported/w3c/web-platform-tests/scroll-animations/css/view-timeline-name-shadow.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-attachment-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-basic-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-2-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-2.html: Added.
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/declarative-shadow-dom-repeats.html:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/declarative/w3c-import.log:
    * LayoutTests/imported/w3c/web-platform-tests/shadow-dom/shadow-root-clonable-expected.txt:
    * Source/WebCore/dom/Element.cpp:
    * Source/WebCore/dom/Element.h:
    * Source/WebCore/html/HTMLAttributeNames.in:
    * Source/WebCore/html/HTMLTemplateElement.cpp:
    (WebCore::HTMLTemplateElement::attachAsDeclarativeShadowRootIfNeeded):
    * Source/WebCore/html/parser/HTMLConstructionSite.cpp:
    (WebCore::HTMLConstructionSite::insertHTMLTemplateElement):

    Canonical link: https://commits.webkit.org/274727@main

Identifier: 272448.687 at safari-7618-branch


  Commit: ad8cbf47755654bdfb7e88d27a3ad40d8ccbd7a4
      https://github.com/WebKit/WebKit/commit/ad8cbf47755654bdfb7e88d27a3ad40d8ccbd7a4
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Cherry-pick 9ff5a32ea773. rdar://123385726

    Add nullptr check for ProcessLauncher client
    https://bugs.webkit.org/show_bug.cgi?id=269759
    rdar://122995875

    Reviewed by Brent Fulgham.

    This patch fixes a null pointer dereference crash that was introduced in <https://commits.webkit.org/274390@main>.
    The commit 274390 at main introduced a race condition by holding a reference to the Process launcher in the completion
    handler for starting WebKit extension processes. This reference was held througout the duration of the completion
    handler. This meant that on rare occasions, the Process launcher could be deleted at the end of the completion
    handler, instead of in the AuxiliaryProcessProxy destructor, where it normally is invalidated and deleted. The
    lambda to finish the launch scheduled from the completion handler on the main thread could then end up having a
    Process launcher that was invalidated but not deallocated. When the Process launcher is invalidated, the m_client
    member is set to nullptr. This member is later dereferenced in ProcessLauncher::finishLaunchingProcess, and caused
    a null pointer crash in this case. This patch is fixing the crash by reverting the change in 274390 at main that
    introduced the crash as well as adding a null pointer check for m_client, to guard against this race being
    reintroduced in the future.

    * Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
    (WebKit::ProcessLauncher::launchProcess):

    Canonical link: https://commits.webkit.org/275047@main

Identifier: 272448.688 at safari-7618-branch


  Commit: 30d3583fe0c293b2e4c74cc0c1b238eacf78edbb
      https://github.com/WebKit/WebKit/commit/30d3583fe0c293b2e4c74cc0c1b238eacf78edbb
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUExtension-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-CaptivePortal-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-Info.plist

  Log Message:
  -----------
  Cherry-pick 7301277d5018. rdar://123460280

    Update identifier for WebKit process extensions
    https://bugs.webkit.org/show_bug.cgi?id=269936
    rdar://123460280

    Reviewed by Timothy Hatcher and Chris Dumez.

    * Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUExtension-Info.plist:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-CaptivePortal-Info.plist:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-Info.plist:

    Canonical link: https://commits.webkit.org/275210@main

Identifier: 272448.689 at safari-7618-branch


  Commit: d114fc150d68fce7d2bc6ea2b18b6e772a4eb9b2
      https://github.com/WebKit/WebKit/commit/d114fc150d68fce7d2bc6ea2b18b6e772a4eb9b2
  Author: Andy Estes <aestes at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/MediaCapability.h
    M Source/WebKit/Platform/cocoa/MediaCapability.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick d97f5a09e4f1. rdar://123381737

    getUserMedia camera stream lost on history pushState in iOS 17.4 Beta 4
    https://bugs.webkit.org/show_bug.cgi?id=269846
    rdar://123381737

    Reviewed by Eric Carlson and Youenn Fablet.

    When WebKit adopted media capability grants for camera capture we chose to tie the lifetime of the
    media environment to the top frame document's current URL, such that if the URL changes (ignoring
    fragment identifiers) then the current media environment is destroyed and a new one is created. If
    a capture session is active when the media environment changes then the system will pause the
    capture session as it's no longer associated with the current media environment. The logic of
    comparing URLs was meant as a proxy for detecting cross-document navigations but failed to account
    for same-document navigations that changed the path of the current URL (e.g., via pushState). Since
    the origin associated with the media environment does not change during a same-document navigation
    there is no need to recreate the media environment.

    Addressed this by moving the logic for creating and destroying media environments to
    WebPageProxy::didChangeMainDocument. Further, since only the top document's origin is displayed to
    the user in iOS's privacy accounting UI, changed MediaCapability to only track a SecurityOrigin.
    The logic for when to activate and deactivate a media environment's capability remains unchanged.

    Manually verified that this resolves the issue reported in bug #269846. Unfortunately no new tests
    are possible since the underlying platform support for media capabilities is not available in
    iOS Simulator.

    * Source/WebKit/Platform/cocoa/MediaCapability.h:
    * Source/WebKit/Platform/cocoa/MediaCapability.mm:
    (WebKit::MediaCapability::MediaCapability):
    (WebKit::m_mediaEnvironment):
    (WebKit::MediaCapability::registrableDomain const): Deleted.
    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::setMediaCapability):
    (WebKit::WebPageProxy::deactivateMediaCapability):
    (WebKit::WebPageProxy::resetMediaCapability):
    (WebKit::WebPageProxy::updateMediaCapability):
    * Source/WebKit/UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::didCommitLoadForFrame):
    (WebKit::WebPageProxy::didChangeMainDocument):
    * Source/WebKit/UIProcess/WebPageProxy.h:
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/275244@main

Identifier: 272448.690 at safari-7618-branch


  Commit: 4de569c9ff52a3bbd838cc8c356a7a732e01e3fc
      https://github.com/WebKit/WebKit/commit/4de569c9ff52a3bbd838cc8c356a7a732e01e3fc
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Revert "Cherry-pick 994eca410af6. rdar://122422447"

This reverts commit bd932c1da52c83ccd987a35bd7fbf33358704a5f.

Identifier: 272448.691 at safari-7618-branch


  Commit: 9d3db4d1d3e476e9a762c1b26956a72bdd696ae6
      https://github.com/WebKit/WebKit/commit/9d3db4d1d3e476e9a762c1b26956a72bdd696ae6
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.2.2

Canonical link: https://commits.webkit.org/272448.693@safari-7618-branch


  Commit: ac7c1167179d59506135c52e9b6fe9035b59fdf3
      https://github.com/WebKit/WebKit/commit/ac7c1167179d59506135c52e9b6fe9035b59fdf3
  Author: Commit Queue <commit-queue at webkit.org>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUExtension-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-CaptivePortal-Info.plist
    M Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-Info.plist

  Log Message:
  -----------
  Cherry-pick 598136f50543. rdar://123483436

    Unreviewed, reverting 275210 at main.
    https://bugs.webkit.org/show_bug.cgi?id=269962

    Patch needs more work

    Reverted changeset:

    "Update identifier for WebKit process extensions"
    https://bugs.webkit.org/show_bug.cgi?id=269936
    https://commits.webkit.org/275210@main

    Canonical link: https://commits.webkit.org/275214@main

Canonical link: https://commits.webkit.org/272448.694@safari-7618-branch


  Commit: a2d26cb83008a7bcadec0b6d821de492d56a3c77
      https://github.com/WebKit/WebKit/commit/a2d26cb83008a7bcadec0b6d821de492d56a3c77
  Author: Rob Buis <rbuis at igalia.com>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    A LayoutTests/security/schedule-request-object-then-move-plugin-to-frameless-document-crash-expected.txt
    A LayoutTests/security/schedule-request-object-then-move-plugin-to-frameless-document-crash.html
    M Source/WebCore/html/HTMLPlugInImageElement.cpp

  Log Message:
  -----------
  Cherry-pick 274097.9 at webkit-2024.2-embargoed (f81d56c47751). rdar://121960561

    HTMLPlugInImageElement: verify that element is in same document before requesting a load
    https://bugs.webkit.org/show_bug.cgi?id=268769

    Reviewed by Ryosuke Niwa.

    The testcase shows a scenario where a plugin is set up to start loading the plugin contents
    from an event loop, however before the event loop is started the rest of the script will run, which
    moves the plugin to a different document, thus hitting an ASSERT in WebFrame::createSubframe when the load
    is performed. Protect against this by returning early when this situation is detected in the event loop.

    * LayoutTests/security/schedule-request-object-then-move-plugin-to-frameless-document-crash-expected.txt: Added.
    * LayoutTests/security/schedule-request-object-then-move-plugin-to-frameless-document-crash.html: Added.
    * Source/WebCore/html/HTMLPlugInImageElement.cpp:
    (WebCore::HTMLPlugInImageElement::requestObject):

    Canonical link: https://commits.webkit.org/274097.9@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.695@safari-7618-branch


  Commit: 88919522926c046b25cadcced83fce34e2a2a42c
      https://github.com/WebKit/WebKit/commit/88919522926c046b25cadcced83fce34e2a2a42c
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    A LayoutTests/fast/dom/set-attribute-and-normalize-in-event-expected.txt
    A LayoutTests/fast/dom/set-attribute-and-normalize-in-event.html
    M Source/WebCore/dom/ContainerNode.cpp

  Log Message:
  -----------
  Cherry-pick 274097.10 at webkit-2024.2-embargoed (65b1fae34533). rdar://122122623

    Use RefPtr local variable for nextChild in insertChildrenBeforeWithoutPreInsertionValidityCheck
    https://bugs.webkit.org/show_bug.cgi?id=268765

    Reviewed by Ryosuke Niwa and Chris Dumez.

    This patch adds a RefPtr to hold a reference to nextChild so that the
    pointer stay valid through the scope of the function.

    In the test case, the removeChild() call (from the before() call in the js
    script) triggers a DOMSubtreeModified event, which eventually calls normalize.
    The normalize() call can destroy text elements when normalizing the content of
    the node if there is no one holding the reference to that node, so holding
    nextChild in a RefPtr prevents us from reading an invalid pointer.

    * LayoutTests/fast/dom/set-attribute-and-normalize-in-event-expected.txt: Added.
    * LayoutTests/fast/dom/set-attribute-and-normalize-in-event.html: Added.
    * Source/WebCore/dom/ContainerNode.cpp:
    (WebCore::ContainerNode::insertChildrenBeforeWithoutPreInsertionValidityCheck):

    Canonical link: https://commits.webkit.org/274097.10@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.696@safari-7618-branch


  Commit: 12783e351e5bc94b47215475673abef117783da7
      https://github.com/WebKit/WebKit/commit/12783e351e5bc94b47215475673abef117783da7
  Author: Rob Buis <rbuis at igalia.com>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    A LayoutTests/security/schedule-request-object-then-disconnect-crash-expected.txt
    A LayoutTests/security/schedule-request-object-then-disconnect-crash.html

  Log Message:
  -----------
  Cherry-pick 274097.11 at webkit-2024.2-embargoed (22a024aa0b40). rdar://121959099

    Add test case for object loading crash
    https://bugs.webkit.org/show_bug.cgi?id=268771

    Reviewed by Ryosuke Niwa.

    This test case applies to this bug as well as bug 264626, meaning it will crash
    without the fix from bug 264626. Note that it makes more sense to land this test
    than the one from bug 264626 as that one is flaky and this one is small and
    reproduces every time.

    * LayoutTests/security/schedule-request-object-then-disconnect-crash-expected.txt: Added.
    * LayoutTests/security/schedule-request-object-then-disconnect-crash.html: Added.

    Canonical link: https://commits.webkit.org/274097.11@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.697@safari-7618-branch


  Commit: e6aa0aa96d5157a6ea1a54cf6c71245a20a07ddb
      https://github.com/WebKit/WebKit/commit/e6aa0aa96d5157a6ea1a54cf6c71245a20a07ddb
  Author: Yijia Huang <yijia_huang at apple.com>
  Date:   2024-03-07 (Thu, 07 Mar 2024)

  Changed paths:
    A JSTests/stress/ecs-store-with-loop.js
    M Source/JavaScriptCore/b3/B3EliminateCommonSubexpressions.cpp
    M Source/JavaScriptCore/b3/testb3.h
    M Source/JavaScriptCore/b3/testb3_3.cpp

  Log Message:
  -----------
  [JSC] B3::EliminateCommonSubexpression shouldn't remove reads info after processing each block
https://bugs.webkit.org/show_bug.cgi?id=265426
rdar://118832222

Reviewed by Yusuke Suzuki.

Eliminate common subexpressions in B3 is used to remove redundant B3 nodes.
Current algorithm removes block reads info after processing each block. This is wrong
since some B3 nodes may be deleted erroneously due to the missing reads info from
the processed blocks. To fix this issue, we should update block reads info after
processing each node.

* JSTests/stress/ecs-store-with-loop.js: Added.
(foo):
(main):
* Source/JavaScriptCore/b3/B3EliminateCommonSubexpressions.cpp:
* Source/JavaScriptCore/b3/testb3.h:
* Source/JavaScriptCore/b3/testb3_3.cpp:
(testCSEStoreWithLoop):
(addShrTests):

Canonical link: https://commits.webkit.org/272448.698@safari-7618-branch


  Commit: 96283e8a5f10d63b97bf661db2fd6a1f41f93365
      https://github.com/WebKit/WebKit/commit/96283e8a5f10d63b97bf661db2fd6a1f41f93365
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-03-07 (Thu, 07 Mar 2024)

  Changed paths:
    A JSTests/stress/bound-constructor-change-prototype-clears-cache.js
    A JSTests/stress/put-prototype-to-normal-function-shouldnt-be-cached.js
    M Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h
    M Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
    M Source/JavaScriptCore/runtime/FunctionRareData.h
    M Source/JavaScriptCore/runtime/InternalFunction.cpp
    M Source/JavaScriptCore/runtime/JSFunction.cpp
    M Source/JavaScriptCore/runtime/JSFunction.h
    M Source/JavaScriptCore/runtime/JSFunctionInlines.h

  Log Message:
  -----------
  Changing a JSFunction's prototype property should clear allocation caches
https://bugs.webkit.org/show_bug.cgi?id=270302
rdar://121657868

Reviewed by Alexey Shvayka and Yusuke Suzuki.

Right now we only clear the allocation watchpoint if a JSFunction `mayHaveNonReifiedPrototype()` when setting
the .prototype property. This is semantically incorrect in the case of `new.target` bound functions because we will cache
the wrong value.

This patch makes it so we always file the allocation profile watchpoint when turning either of the allocation profiles.
When turning the ObjectAllocationProfile (used by op_create_this) we assert the watchpoint has already been fired as it
should've already happened when the new .prototype value was set. When turning the InternalFunctionAllocationProfile (used
by createSubclassStructure when subclassing InternalFunction/Reflect.construct) its possible to pass the same JSFunction
to two different InternalFunctions, which will turn the profile.

* JSTests/stress/bound-constructor-change-prototype-clears-cache.js: Added.
(empty):
(test1.const.newTarget):
(test1):
(test2.const.newTarget):
(test2.Opt):
(test2):
(test3.const.newTarget):
(main):
* JSTests/stress/put-prototype-to-normal-function-shouldnt-be-cached.js: Added.
(opt):
(main.target):
(main):
* Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h:
(JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
* Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h:
(JSC::ObjectAllocationProfileBase<Derived>::initializeProfile):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
(JSC::createInternalFieldObject):
* Source/JavaScriptCore/runtime/FunctionRareData.h:
* Source/JavaScriptCore/runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
* Source/JavaScriptCore/runtime/JSFunction.cpp:
(JSC::JSFunction::prototypeForConstruction):
(JSC::JSFunction::allocateAndInitializeRareData):
(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
* Source/JavaScriptCore/runtime/JSFunction.h:
* Source/JavaScriptCore/runtime/JSFunctionInlines.h:
(JSC::JSFunction::canUseAllocationProfiles):
(JSC::JSFunction::ensureRareDataAndObjectAllocationProfile):
(JSC::JSFunction::canUseAllocationProfile): Deleted.
(JSC::JSFunction::ensureRareDataAndAllocationProfile): Deleted.

Canonical link: https://commits.webkit.org/272448.699@safari-7618-branch


  Commit: 8f46bcc48209a817048612801581244f9a5872c1
      https://github.com/WebKit/WebKit/commit/8f46bcc48209a817048612801581244f9a5872c1
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-03-08 (Fri, 08 Mar 2024)

  Changed paths:
    M Source/WebCore/Configurations/WebCore.xcconfig

  Log Message:
  -----------
  Cherry-pick 275519 at main (079924b7373a). <rdar://123837523>

    [WebCore] Disable -allowable_client switches when libFuzzer is enabled
    https://bugs.webkit.org/show_bug.cgi?id=270298
    <rdar://123837523>

    Reviewed by Alexey Proskuryakov.

    * Source/WebCore/Configurations/WebCore.xcconfig:
    (WEBCORE_ALLOWABLE_CLIENTS): Add.
    (WEBCORE_ALLOWABLE_CLIENTS_YES): Add.
    - Move -allowable_client switches from OTHER_LDFLAGS to here.
    - Disable -allowable_client switches when ENABLE_LIBFUZZER=YES.
    (WEBCORE_ALLOWABLE_CLIENTS_PLATFORM_cocoatouch): Add.
    (OTHER_LDFLAGS_PLATFORM_cocoatouch): Remove.
    - Rename OTHER_LDFLAGS_PLATFORM_cocoatouch to
      WEBCORE_ALLOWABLE_CLIENTS_PLATFORM_cocoatouch.
    (OTHER_LDFAGS):
    - Update to use $(WEBCORE_ALLOWABLE_CLIENTS).

    Canonical link: https://commits.webkit.org/275519@main

Canonical link: https://commits.webkit.org/272448.700@safari-7618-branch


  Commit: be630dbb12c999aeed47c3b8a18b824342aec7cb
      https://github.com/WebKit/WebKit/commit/be630dbb12c999aeed47c3b8a18b824342aec7cb
  Author: Darryl Parkinson <d_parkinson at apple.com>
  Date:   2024-03-08 (Fri, 08 Mar 2024)

  Changed paths:
    M Source/WebCore/workers/service/server/SWServerWorker.cpp
    M Source/WebCore/workers/service/server/SWServerWorker.h
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h

  Log Message:
  -----------
  Ensure that the SWServerWorker is in the correct state before finishing installation
rdar://121429889

Reviewed by Youenn Fablet.

Ensure that the SWServerWorker is in the expected state and bail if this method is triggered on a SWServerWorker in a different state. This method is callable over CoreIPC passing a ServiceWorkerIdentifier. Passing the ID of a service worker in any other state will reach the RELEASE_ASSERT

* Source/WebCore/workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::didFinishInstall):

Canonical link: https://commits.webkit.org/272448.701@safari-7618-branch


  Commit: f5ad578c3097d6e473cdd9fa6699fa5b9cbd7fda
      https://github.com/WebKit/WebKit/commit/f5ad578c3097d6e473cdd9fa6699fa5b9cbd7fda
  Author: Tim Horton <timothy_horton at apple.com>
  Date:   2024-03-08 (Fri, 08 Mar 2024)

  Changed paths:
    M Source/WebCore/inspector/CommandLineAPIHost.cpp
    M Source/WebCore/inspector/InspectorAuditResourcesObject.cpp
    M Source/WebCore/inspector/InspectorCanvas.cpp
    M Source/WebCore/inspector/InspectorStyleSheet.cpp
    M Source/WebCore/inspector/agents/InspectorAnimationAgent.cpp
    M Source/WebCore/inspector/agents/InspectorApplicationCacheAgent.cpp
    M Source/WebCore/inspector/agents/InspectorCPUProfilerAgent.cpp
    M Source/WebCore/inspector/agents/InspectorCSSAgent.cpp
    M Source/WebCore/inspector/agents/InspectorCanvasAgent.cpp
    M Source/WebCore/inspector/agents/InspectorDOMAgent.cpp
    M Source/WebCore/inspector/agents/InspectorDOMDebuggerAgent.cpp
    M Source/WebCore/inspector/agents/InspectorDOMStorageAgent.cpp
    M Source/WebCore/inspector/agents/InspectorDatabaseAgent.cpp
    M Source/WebCore/inspector/agents/InspectorIndexedDBAgent.cpp
    M Source/WebCore/inspector/agents/InspectorLayerTreeAgent.cpp
    M Source/WebCore/inspector/agents/InspectorMemoryAgent.cpp
    M Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp
    M Source/WebCore/inspector/agents/InspectorPageAgent.cpp
    M Source/WebCore/inspector/agents/InspectorTimelineAgent.cpp
    M Source/WebCore/inspector/agents/InspectorWorkerAgent.cpp
    M Source/WebCore/inspector/agents/WebHeapAgent.cpp
    M Source/WebCore/inspector/agents/page/PageAuditAgent.cpp
    M Source/WebCore/inspector/agents/page/PageCanvasAgent.cpp
    M Source/WebCore/inspector/agents/page/PageConsoleAgent.cpp
    M Source/WebCore/inspector/agents/page/PageDOMDebuggerAgent.cpp
    M Source/WebCore/inspector/agents/page/PageDebuggerAgent.cpp
    M Source/WebCore/inspector/agents/page/PageHeapAgent.cpp
    M Source/WebCore/inspector/agents/page/PageNetworkAgent.cpp
    M Source/WebCore/inspector/agents/page/PageRuntimeAgent.cpp
    M Source/WebCore/inspector/agents/worker/ServiceWorkerAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerAuditAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerCanvasAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerDOMDebuggerAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerDebuggerAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerNetworkAgent.cpp
    M Source/WebCore/inspector/agents/worker/WorkerRuntimeAgent.cpp
    M Source/WebCore/platform/graphics/cocoa/IOSurface.h

  Log Message:
  -----------
  Cherry-pick 274340 at main (a23acff183dd). rdar://122601623

    Try to avoid conflicts between ObjC's Protocol and Inspector::Protocol namespace
    https://bugs.webkit.org/show_bug.cgi?id=269040

    Reviewed by Wenson Hsieh and Patrick Angle.

    ObjC has a Protocol type; sometimes with various Unified Sources shuffling we
    end up getting that included in an Inspector file, which also has Inspector::Protocol,
    which it often uses without the Inspector:: namespace being mentioned explicitly,
    via `using namespace Inspector`.

    * Source/WebCore/inspector/CommandLineAPIHost.cpp:
    * Source/WebCore/inspector/InspectorAuditResourcesObject.cpp:
    * Source/WebCore/inspector/InspectorCanvas.cpp:
    * Source/WebCore/inspector/InspectorStyleSheet.cpp:
    * Source/WebCore/inspector/agents/InspectorAnimationAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorApplicationCacheAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorCPUProfilerAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorCSSAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorCanvasAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorDOMAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorDOMDebuggerAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorDOMStorageAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorDatabaseAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorIndexedDBAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorLayerTreeAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorMemoryAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorPageAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorTimelineAgent.cpp:
    * Source/WebCore/inspector/agents/InspectorWorkerAgent.cpp:
    * Source/WebCore/inspector/agents/WebHeapAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageAuditAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageCanvasAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageConsoleAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageDOMDebuggerAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageDebuggerAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageHeapAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageNetworkAgent.cpp:
    * Source/WebCore/inspector/agents/page/PageRuntimeAgent.cpp:
    * Source/WebCore/inspector/agents/worker/ServiceWorkerAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerAuditAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerCanvasAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerDOMDebuggerAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerDebuggerAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerNetworkAgent.cpp:
    * Source/WebCore/inspector/agents/worker/WorkerRuntimeAgent.cpp:
    Avoid this conflict by specifying Inspector:: in all cases.

    * Source/WebCore/platform/graphics/cocoa/IOSurface.h:
    Also remove one common cause of objc/objc.h getting included places,
    by removing it from IOSurface.h (the build still succeeds...).

    Canonical link: https://commits.webkit.org/274340@main

Canonical link: https://commits.webkit.org/272448.702@safari-7618-branch


  Commit: a3524e350ec963e6a9a7d30b736b898505cb1a4e
      https://github.com/WebKit/WebKit/commit/a3524e350ec963e6a9a7d30b736b898505cb1a4e
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-08 (Fri, 08 Mar 2024)

  Changed paths:
    A LayoutTests/fast/forms/ios/file-upload-panel-dismiss-when-view-removed-from-window-expected.txt
    A LayoutTests/fast/forms/ios/file-upload-panel-dismiss-when-view-removed-from-window.html
    M Source/WebKit/UIProcess/Cocoa/WKContactPicker.h
    M Source/WebKit/UIProcess/Cocoa/WKContactPicker.mm
    M Source/WebKit/UIProcess/ios/WKContentView.mm
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

  Log Message:
  -----------
  [iOS] File picker dialog remains after opening a new tab in 3rd-party browsers
https://bugs.webkit.org/show_bug.cgi?id=265602
rdar://119001046

Reviewed by Abrar Rahman Protyasha.

The file upload panel does not dismiss itself after a new tab is opened, and can
end up displayed over a site that's unrelated to the one requesting the upload.

The panel itself is a modal view controller that is presented from an appropriate
view controller containing the `WKWebView`. Safari has explicit logic to dismiss
presented modal view controllers on tab switch, but it is not reasonable to expect
other clients to guarantee this behavior.

Fix by dismissing all pickers if the `WKWebView` is removed from the hierarchy.

* LayoutTests/fast/forms/ios/file-upload-panel-dismiss-when-view-removed-from-window-expected.txt: Added.
* LayoutTests/fast/forms/ios/file-upload-panel-dismiss-when-view-removed-from-window.html: Added.
* Source/WebKit/UIProcess/Cocoa/WKContactPicker.h:
* Source/WebKit/UIProcess/Cocoa/WKContactPicker.mm:
(-[WKContactPicker dismiss]):

Add a new hook to dismiss the contact picker.

* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView willMoveToWindow:]):

If the content view has moved to a `nil` window, it has been removed from the
view hierarchy, and presented pickers should be dismissed.

* Source/WebKit/UIProcess/ios/WKContentViewInteraction.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView cleanUpInteraction]):

Factor out logic into `-[WKContentView dismissPickers]`.

(-[WKContentView dismissPickers]):

Dismiss all pickers that the content view is aware of.

Canonical link: https://commits.webkit.org/272448.703@safari-7618-branch


  Commit: 36930ea8be727616183ef7ed3846acd43247dea1
      https://github.com/WebKit/WebKit/commit/36930ea8be727616183ef7ed3846acd43247dea1
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-03-09 (Sat, 09 Mar 2024)

  Changed paths:
    A JSTests/wasm/stress/omg-stack-overflow.js
    A JSTests/wasm/stress/omg-stack-overflow.wasm
    M Source/JavaScriptCore/wasm/WasmOperations.cpp

  Log Message:
  -----------
  Add missing stack check to bbq->omg OSR
https://bugs.webkit.org/show_bug.cgi?id=270605
rdar://124060272

Reviewed by Keith Miller.

In https://commits.webkit.org/272448.466@safari-7618-branch, we turned
a stack overflow during OSR entry into a crash, preventing a security
issue. While the crash prevents memory corruption, it should never
happen. This patch fixes a case that was missed in the first patch.

Note: the test case currently runs forever, so it is skipped until
we fix the watchdog in wasm.

* JSTests/wasm/stress/omg-stack-overflow.js: Added.
(globalThis.callerIsBBQOrOMGCompiled.instantiateJsc):
(else.instantiateBrowser):
(async let):
* JSTests/wasm/stress/omg-stack-overflow.wasm: Added.
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):

Canonical link: https://commits.webkit.org/272448.704@safari-7618-branch


  Commit: 92b12366a51c12cfc4c9e663c51f8c051617b5e3
      https://github.com/WebKit/WebKit/commit/92b12366a51c12cfc4c9e663c51f8c051617b5e3
  Author: Andy Estes <aestes at apple.com>
  Date:   2024-03-11 (Mon, 11 Mar 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/MediaCapability.h
    M Source/WebKit/Platform/cocoa/MediaCapability.mm
    M Source/WebKit/SourcesCocoa.txt
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 144facca6435. rdar://123856265

    REGRESSION (275244 at main): Crash in MediaCapability::MediaCapability when loading 'about:blank'
    https://bugs.webkit.org/show_bug.cgi?id=270318
    rdar://123856265

    Reviewed by Jer Noble.

    In 275244 at main MediaCapability was changed to track a SecurityOrigin rather than a URL. Since
    'about:blank' is considered an opaque origin, a nil NSURL is returned by SecurityOrigin::toURL()
    (after implicit conversion). A crash occurs when MediaCapability attempts to instantiate a
    BEMediaEnvironment with the nil URL since -initWithWebPageURL: requires a nonnull NSURL.

    Fixed this by reverting MediaCapability to storing the webpage URL as a WebCore::URL, and instead
    using URL::protocolHostAndPort() and protocolHostAndPortAreEqual() to ensure that the
    MediaEnvironment is not reset during same-origin navigations.

    * Source/WebKit/Platform/cocoa/MediaCapability.h:
    * Source/WebKit/Platform/cocoa/MediaCapability.mm:
    (WebKit::createMediaEnvironment):
    (WebKit::MediaCapability::MediaCapability):
    * Source/WebKit/SourcesCocoa.txt:
    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::setMediaCapability):
    (WebKit::WebPageProxy::deactivateMediaCapability):
    (WebKit::WebPageProxy::resetMediaCapability):
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/275533@main


  Commit: 76b6d404008f24b46326eef4a13036b795e31af3
      https://github.com/WebKit/WebKit/commit/76b6d404008f24b46326eef4a13036b795e31af3
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-11 (Mon, 11 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebCore/Modules/webauthn/AuthenticatorResponse.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
    M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
    M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h

  Log Message:
  -----------
  Apply patch. rdar://124243030


  Commit: 3c7dd1781475b6eae08d9a5f4c201d713777930f
      https://github.com/WebKit/WebKit/commit/3c7dd1781475b6eae08d9a5f4c201d713777930f
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-03-11 (Mon, 11 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioBasicProcessorNode.h
    M Source/WebCore/Modules/webaudio/AudioBuffer.cpp
    M Source/WebCore/Modules/webaudio/AudioBuffer.h
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h
    M Source/WebCore/Modules/webaudio/AudioNode.h
    M Source/WebCore/Modules/webaudio/AudioNodeOutput.cpp
    M Source/WebCore/Modules/webaudio/AudioNodeOutput.h
    M Source/WebCore/Modules/webaudio/AudioWorkletNode.cpp
    M Source/WebCore/Modules/webaudio/BaseAudioContext.h
    M Source/WebCore/Modules/webaudio/DynamicsCompressorNode.h
    M Source/WebCore/Modules/webaudio/OfflineAudioContext.cpp
    M Source/WebCore/Modules/webaudio/OfflineAudioContext.h
    M Source/WebCore/Modules/webaudio/OscillatorNode.h
    M Source/WebCore/platform/audio/AudioUtilities.cpp
    M Source/WebCore/platform/audio/AudioUtilities.h
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/audio-fingerprinting.html

  Log Message:
  -----------
  AudioBuffer noise injection in Private Browsing can be negated using a looping audio buffer source
https://bugs.webkit.org/show_bug.cgi?id=270767
rdar://124156971

Reviewed by Chris Dumez, Charlie Wolfe and Matthew Finkel.

Implement several mitigations to make it impractical to reverse noise injection by looping a single
audio sample many times in a single audio buffer and averaging the results.

1.  Adjust noise injection to use normally-distributed noise, instead of a uniform random
    distribution. This raises the bar for "averaging-style" attacks, which can currently converge on
    a stable result by averaging the min/max values in the random distribution. A similar attack
    will now require more iterations to converge on the original value.

2.  Store previously-generated random values while applying noise, and reapply these random values
    to the values that are encountered repeatedly. This ensures that an attacker does not gain more
    information about the original value, by causing it to be computed repeatedly in the same audio
    buffer.

3.  Instead of uniformly applying a fixed noise level (0.001) for all readback using
    `OfflineAudioContext`, allow certain node types that are known to expose hardware or OS
    differences (i.e. `DynamicsCompressorNode` and `OscillatorNode`) to increase the amount of
    injected noise beyond the baseline of 0.1%. `AudioBufferSourceNode`, in particular, will amplify
    the noise level more, depending on the number of times the audio buffer is looped.

* Source/WebCore/Modules/webaudio/AudioBasicProcessorNode.h:
* Source/WebCore/Modules/webaudio/AudioBuffer.cpp:
(WebCore::AudioBuffer::releaseMemory):

Replace the single boolean flag (`m_needsAdditionalNoise`) with a `m_noiseInjectionMultiplier`,
which indicates the magnitude of noise injection (the standard deviation of the normal distribution
used to inject noise).

(WebCore::AudioBuffer::copyToChannel):
(WebCore::AudioBuffer::zero):
(WebCore::AudioBuffer::copyTo const):
(WebCore::AudioBuffer::applyNoiseIfNeeded):
* Source/WebCore/Modules/webaudio/AudioBuffer.h:
(WebCore::AudioBuffer::increaseNoiseInjectionMultiplier):
(WebCore::AudioBuffer::noiseInjectionMultiplier const):
(WebCore::AudioBuffer::setNeedsAdditionalNoise): Deleted.
* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore::AudioBufferSourceNode::noiseInjectionMultiplier const):

Increase the noise injection level for an audio buffer, if it's downstream from an
`AudioBufferSourceNode` that loops many times. For an audio buffer source that loops more than 200
times, this boosts the existing noise level for the audio buffer by a factor of 0.005 per loop,
leading to a massive amount of noise in the case where a tiny sample is looped back-to-back in a
large buffer.

* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h:
* Source/WebCore/Modules/webaudio/AudioNode.h:
(WebCore::AudioNode::noiseInjectionMultiplier const):

Add a subclassing hook that allows each `AudioNode` subclass to inject additional noise when reading
back the final `AudioBuffer`. This allows us to selectively increase the amount of injected noise
when using specific types of audio nodes, which are known to expose larger differences w.r.t. the
underlying OS or CPU architecture.

* Source/WebCore/Modules/webaudio/AudioNodeOutput.cpp:
(WebCore::AudioNodeOutput::forEachInputNode const):

Add a helper method to iterate over each input node (i.e. the next destination in the processing
graph) that's attached to this output. Note that this must be called from underneath the context's
graph lock.

* Source/WebCore/Modules/webaudio/AudioNodeOutput.h:
* Source/WebCore/Modules/webaudio/AudioWorkletNode.cpp:
(WebCore::AudioWorkletNode::process):

Increase the noise level when passing raw data into worklets, to adjust for the new normally-
distributed noise injection.

* Source/WebCore/Modules/webaudio/BaseAudioContext.h:
(WebCore::BaseAudioContext::referencedSourceNodes const):

Add a helper method to iterate over all source nodes in the audio context; must be called only when
the context's graph lock is held.

* Source/WebCore/Modules/webaudio/DynamicsCompressorNode.h:

Add additional buffer readback noise when using certain audio node types.

* Source/WebCore/Modules/webaudio/OfflineAudioContext.cpp:
(WebCore::OfflineAudioContext::OfflineAudioContext):
(WebCore::OfflineAudioContext::lazyInitialize):
(WebCore::OfflineAudioContext::increaseNoiseMultiplierIfNeeded):

Upon initialization, traverse the audio processing graph in search for audio nodes that warrant
additional noise injection, and accumulate this extra noise on the target buffer.

* Source/WebCore/Modules/webaudio/OfflineAudioContext.h:
* Source/WebCore/Modules/webaudio/OscillatorNode.h:
* Source/WebCore/platform/audio/AudioUtilities.cpp:
(WebCore::AudioUtilities::applyNoise):

Switch to normally-distributed noise injection, rather than uniformally random noise. Additionally,
ensure that if a value appears again in the same buffer, it'll use the same, previously computed
noise multiplier value instead of a newly generated random value.

* Source/WebCore/platform/audio/AudioUtilities.h:
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/audio-fingerprinting.html:

Add a new test case to exercise these mitigations.

Canonical link: https://commits.webkit.org/272448.707@safari-7618-branch


  Commit: b42cc4168b71df1d390fcf0552b9f30903dbac8e
      https://github.com/WebKit/WebKit/commit/b42cc4168b71df1d390fcf0552b9f30903dbac8e
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    A JSTests/stress/getter-setter-ai.js
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/runtime/Operations.cpp

  Log Message:
  -----------
  Difference in semantics between jsTypeStringForValueWithConcurrency and buildTypeOf
https://bugs.webkit.org/show_bug.cgi?id=270659
rdar://124116542

Reviewed by Yusuke Suzuki.

Consider the given test case:

Object1: 0x30000bba0 %DL (should never getByOffset p3 of this, it is a GetterSetter)
Object2: 0x30000bc10 %DS (p3 is fine)

 Before LICM:
32  0 40:   D at 26:<!0:->	FilterGetByStatus(Check:Untyped:D at 7, MustGen, (Simple, <id='uid:(p1)', [0x30000bc10:[0xbc10/48144, Function, (0/0, 3/4){p1:64, p2:65, p3:66}, NonArray, Proto:0x11706ddc8, Leaf (Watched)], 0x30000bba0:[0xbba0/48032, Function, (0/0, 3/4){p1:64, p2:65, p3:66}, NonArray, Proto:0x11706ddc8, Leaf (Watched)]], [], offset = 64>, seenInJIT = true), W:SideState, bc#4, ExitValid)
33  0 40:   D at 15:<!0:->	AssertNotEmpty(Check:Untyped:D at 7, MustGen, W:SideState, Exits, bc#4, ExitValid)
34  0 40:   D at 28:<!0:->	CheckStructure(Cell:D at 7, MustGen, [%DS:Function, %DL:Function], R:JSCell_structureID, Exits, bc#4, ExitValid)
35  0 40:   D at 29:< 2:->	GetButterfly(Cell:D at 7, Storage|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, Other, R:JSObject_butterfly, bc#4, ExitValid)
36  0 40:   D at 30:< 1:->	GetByOffset(Check:Untyped:D at 29, KnownCell:D at 7, JS|PureInt, Int32, id0{p1}, 64, R:NamedProperties(0), bc#4, ExitValid)  predicting Int32

... branching

6  7 40:   D at 87:<!0:->	FilterGetByStatus(Check:Untyped:D at 7, MustGen, (Simple, <id='uid:(p3)', [0x30000bc10:[0xbc10/48144, Function, (0/0, 3/4){p1:64, p2:65, p3:66}, NonArray, Proto:0x11706ddc8, Leaf (Watched)]], [], offset = 66>, seenInJIT = true), W:SideState, bc#45, ExitValid)
7  7 40:   D at 89:<!0:->	CheckStructure(Cell:D at 7, MustGen, [%DS:Function], R:JSCell_structureID, Exits, bc#45, ExitValid)
8  7 40:   D at 91:< 2:->	GetByOffset(Check:Untyped:D at 29, KnownCell:D at 7, JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, BoolInt32, id3{p3}, 66, R:NamedProperties(3), bc#45, ExitValid)  predicting BoolInt32
11  7 40:   D at 94:< 2:->	TypeOf(Check:Untyped:Kill:D at 91, JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, StringIdent, Exits, bc#51, ExitValid)

Note that we never get p3 of DL

After LICM blind hoist:
 34  0 41:   D at 28:<!0:->	CheckStructure(Cell:D at 7, MustGen, [%DS:Function, %DL:Function], R:JSCell_structureID, Exits, bc#4, ExitValid)
 35  0 41:   D at 29:< 2:->	GetButterfly(Cell:D at 7, Storage|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, Other, R:JSObject_butterfly, bc#4, ExitValid)
 36  0 41:   D at 30:< 1:->	GetByOffset(Check:Untyped:D at 29, KnownCell:D at 7, JS|PureInt, Int32, id0{p1}, 64, R:NamedProperties(0), bc#4, ExitValid)  predicting Int32
 44  0 41:   D at 48:<!0:->	CheckIsConstant(Cell:D at 7, MustGen, <0x13908f140, Function>, object1#B5FU55/<nogen>:[0x13909da00], Exits, bc#25, exit: bc#17, ExitValid, WasHoisted)
 45  0 41:   D at 91:< 2:->	GetByOffset(Check:Untyped:D at 29, KnownCell:D at 7, JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, BoolInt32, id3{p3}, 66, R:NamedProperties(3), bc#45, exit: bc#17, ExitValid)  predicting BoolInt32
 46  0 41:   D at 94:< 2:->	TypeOf(Check:Untyped:Kill:D at 91, JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, StringIdent, Exits, bc#51, exit: bc#17, ExitValid, WasHoisted)

The GetByOffset is hoisted without its guarding CheckStructure, and it accesses p3 unexpectedly. SafeToExecute says it is
safe because it won't crash or produce a malformed JSValue. Honestly, fair.

This patch fixes the semantic difference between AI and runtime for GetterSetter objects.
Stopping the GetterSetter from being hoisted may be too costly and restrictive, and it
doesn't get leaked anyway.

The string result (which was [object] but is now [symbol]) doesn't really matter, it should
never leak to user code anyway. Even if it does, it is just a string.

* JSTests/stress/getter-setter-ai.js: Added.
(opt):
(watchP3.cache):
(watchP3):
(main.let.object1):
(main.let.object2):
(main):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/Operations.cpp:
(JSC::jsTypeStringForValueWithConcurrency):

Canonical link: https://commits.webkit.org/272448.708@safari-7618-branch


  Commit: 8a80d7363fd76b4cc2d352d32ec276b89b217b63
      https://github.com/WebKit/WebKit/commit/8a80d7363fd76b4cc2d352d32ec276b89b217b63
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm

  Log Message:
  -----------
  Cherry-pick 0c1bf2e5136c. rdar://124406360

    Enable WKWebsiteDataStore.proxyConfigurations tests on iOS simulator
    https://bugs.webkit.org/show_bug.cgi?id=268888
    rdar://122444342

    Reviewed by Chris Dumez.

    * Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:

    Canonical link: https://commits.webkit.org/274219@main


  Commit: 5e07a34c9ec8a571191718b66158fc18c61e8642
      https://github.com/WebKit/WebKit/commit/5e07a34c9ec8a571191718b66158fc18c61e8642
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm

  Log Message:
  -----------
  Cherry-pick e12d22941da3. rdar://124406177

    [iOS 17.4] Chrome crashes in -[WKSelectPicker resetContextMenuPresenter]
    https://bugs.webkit.org/show_bug.cgi?id=269222
    rdar://122843112

    Reviewed by Aditya Keerthi.

    Mitigate crashes in (`WKWebView`-based) Chrome on iOS while dismissing compact context menus under
    `~CompactContextMenuPresenter`. Through means that are still unclear to me, Chrome prevents context
    menus from being shown when their webpage translation feature is invoked. This prevents the targeted
    preview container view from being added to the view hierarchy; the resulting context menu
    interaction is still considered "presented" even though nothing is shown on screen.

    In this state, if anything attempts to dismiss the menu with animation, we'll crash with an
    exception as UIKit internally (and incorrectly) assumes that the targeted preview container must
    still be in the view hierarchy from when it was presented, and attempts to create a preview target
    with this unparented preview container view.

    Since the call to `dismiss()` in this destructor is only here as a last resort to ensure that we
    clean up context menu interactions and don't leave context menu views (or the hidden button view)
    lingering around the view hierarchy, we can simply fix this by immediately dismissing the context
    menu interaction without animation. This skips the UIKit code described above that crashes unless
    the preview container view was parented, and allows us to keep this "last resort" cleanup logic
    without otherwise affecting the dismissal animation.

    * Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm:
    (WebKit::CompactContextMenuPresenter::~CompactContextMenuPresenter):

    Canonical link: https://commits.webkit.org/274559@main


  Commit: e5c4cfc3f413b86becc5eeee111f41f922763b5b
      https://github.com/WebKit/WebKit/commit/e5c4cfc3f413b86becc5eeee111f41f922763b5b
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGNode.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

  Log Message:
  -----------
  Cherry-pick a54c682f6b97. rdar://124077412

    [JSC] InByValMegamorphic does not need to be ObjectUse
    https://bugs.webkit.org/show_bug.cgi?id=269606
    rdar://123101705

    Reviewed by Justin Michaud.

    It can be just a CellUse. This patch fixes wrong assertion and use CellUse instead.
    Several debug tests already cover it (e.g. stress/proxy-has-property.js)

    * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * Source/JavaScriptCore/dfg/DFGNode.cpp:
    (JSC::DFG::Node::convertToInByIdMaybeMegamorphic):
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compileInByValMegamorphic):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):

    Canonical link: https://commits.webkit.org/274892@main


  Commit: 1256eb7742a616e4c8cbc39a51fab333d101a9d5
      https://github.com/WebKit/WebKit/commit/1256eb7742a616e4c8cbc39a51fab333d101a9d5
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    A LayoutTests/fast/css/viewport-unit-conversion-crash-expected.txt
    A LayoutTests/fast/css/viewport-unit-conversion-crash.html
    M Source/WebCore/css/CSSPrimitiveValue.cpp

  Log Message:
  -----------
  Cherry-pick 11d5d62ba36c. rdar://115485355

    Viewport unit conversion should work in empty frame
    https://bugs.webkit.org/show_bug.cgi?id=270289
    rdar://116715588

    Reviewed by Alan Baradlay.

    We hit a release assert in some cases.

    * LayoutTests/fast/css/viewport-unit-conversion-crash-expected.txt: Added.
    * LayoutTests/fast/css/viewport-unit-conversion-crash.html: Added.
    * Source/WebCore/css/CSSPrimitiveValue.cpp:
    (WebCore::CSSPrimitiveValue::convertingToLengthHasRequiredConversionData const):

    An empty viewport is a valid reference for resolving viewport units. The only requirement here is that we have access to one.
    Also test for non-fixed conversion first to make the code less confusing.

    Canonical link: https://commits.webkit.org/275620@main


  Commit: a7f78bda40509ca6745c1cc740d8109c781e59c3
      https://github.com/WebKit/WebKit/commit/a7f78bda40509ca6745c1cc740d8109c781e59c3
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebCore/loader/cache/AllowedFonts.cpp

  Log Message:
  -----------
  Cherry-pick 9b30f8d02ef6. rdar://123658932

    Update trusted fonts in lockdown mode
    https://bugs.webkit.org/show_bug.cgi?id=270501
    rdar://123658932

    Reviewed by Brent Fulgham.

    Update list of trusted fonts with fonts requested
    by mobile version of facebook.com

    * Source/WebCore/loader/cache/TrustedFonts.cpp:
    (WebCore::trustedFontHashesInLockdownMode):

    Canonical link: https://commits.webkit.org/275705@main


  Commit: 29e879e6dc6de94c991e4665c85ad73d601ae617
      https://github.com/WebKit/WebKit/commit/29e879e6dc6de94c991e4665c85ad73d601ae617
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/CustomElementReactionQueue.cpp
    M Source/WebCore/dom/CustomElementReactionQueue.h
    M Source/WebCore/dom/GCReachableRef.h

  Log Message:
  -----------
  Cherry-pick c602819ddeb1. rdar://124128482

    Inline CustomElementElementQueue into CustomElementReactionStack
    https://bugs.webkit.org/show_bug.cgi?id=270551

    Reviewed by Chris Dumez.

    Inline CustomElementElementQueue into CustomElementReactionStack to avoid heap allocation.

    * Source/WebCore/dom/CustomElementReactionQueue.cpp:
    (WebCore::CustomElementQueue::processQueue):
    (WebCore::CustomElementReactionQueue::enqueueElementOnAppropriateElementQueue):
    (WebCore::CustomElementReactionStack::processQueue): Deleted.
    (WebCore::CustomElementReactionStack::takeElements): Deleted.
    * Source/WebCore/dom/CustomElementReactionQueue.h:
    (WebCore::CustomElementQueue::CustomElementQueue): Inlined.
    (WebCore::CustomElementQueue::~CustomElementQueue): Ditto.
    (WebCore::CustomElementQueue::isEmpty const): Added.
    (WebCore::CustomElementReactionStack::~CustomElementReactionStack):
    (WebCore::CustomElementReactionStack::takeElements): Inlined.
    * Source/WebCore/dom/GCReachableRef.h:

    Canonical link: https://commits.webkit.org/275734@main


  Commit: e8bd7e415192a50c2ca0cc9df138585c96f8302f
      https://github.com/WebKit/WebKit/commit/e8bd7e415192a50c2ca0cc9df138585c96f8302f
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    A LayoutTests/fast/misc/out-of-flow-position-inside-mathml-crash-expected.txt
    A LayoutTests/fast/misc/out-of-flow-position-inside-mathml-crash.html
    M Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp
    M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp
    M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.h
    M Source/WebCore/rendering/RenderInline.cpp

  Log Message:
  -----------
  Cherry-pick 1bfbaa14e8a8. rdar://122491690

    [IFC][Integration] Unexpected render tree state may lead to querying nonexistent box geometry
    https://bugs.webkit.org/show_bug.cgi?id=269009
    <rdar://122491690>

    Reviewed by Antti Koivisto.

    This patch handles the case when the render tree gets into an unexpected state (dirty subtree after layout) and
    DOM queries for geometry of a renderer in this dirty subtree.

    * LayoutTests/TestExpectations:
    * LayoutTests/fast/misc/out-of-flow-position-inside-mathml-crash-expected.txt: Added.
    * LayoutTests/fast/misc/out-of-flow-position-inside-mathml-crash.html: Added.
    * Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp:
    (WebCore::LayoutIntegration::BoxTree::contains const):
    * Source/WebCore/layout/integration/LayoutIntegrationBoxTree.h:
    * Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:
    (WebCore::LayoutIntegration::LineLayout::contains const):
    * Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.h:
    * Source/WebCore/rendering/RenderInline.cpp:
    (WebCore::RenderInline::linesBoundingBox const):

    Canonical link: https://commits.webkit.org/274318@main


  Commit: 3855bdb7dfadb8b4867654d75b8a3b19facf34d7
      https://github.com/WebKit/WebKit/commit/3855bdb7dfadb8b4867654d75b8a3b19facf34d7
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext.h

  Log Message:
  -----------
  Apply patch. rdar://123400342


  Commit: 02a5c284178e4c4c9184cf721954243d59678a03
      https://github.com/WebKit/WebKit/commit/02a5c284178e4c4c9184cf721954243d59678a03
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.h
    M Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm

  Log Message:
  -----------
  Cherry-pick 0f76043f7852. rdar://106763672

    [iOS] Avoid transcoding images on file inputs unless the set of image types is explicitly restricted
    https://bugs.webkit.org/show_bug.cgi?id=267277
    rdar://106763672

    Reviewed by Abrar Rahman Protyasha.

    On iOS, when using an `<input type=file>` that supports images or videos, the
    user has the option to select content from their photo library. Historically,
    in WebKit, selected content has always been transcoded to JPEG (for images)
    and H.264 (for video).

    However, this can be undesirable for users that want to provide the image in
    its original form. In particular, this is important for photo editing applications.
    Furthermore, macOS does not have this general transcoding behavior.

    This patch changes the behavior on iOS so that transcoding to the compatible
    format for images is only performed if the `accept` attribute restricts the set
    of image types. Videos remain exempted from this behavior change due to known
    compatibility issues.

    Note that this change does have non-zero compatibility risk. However, it is more
    correct, and resolves known issues on image editing applications. Sites that
    want a compatibile representation are expected to use the `accept` attribute to
    indicate their need.

    * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

    Introduce a setting so the new behavior can easily be toggled off for testing.

    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView fileUploadPanelPhotoPickerPrefersOriginalImageFormat:]):
    * Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.h:
    * Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm:
    (-[WKFileUploadPanel _preferredAssetRepresentationMode]):

    Disable transcoding by the picker if the set of restricted types is empty,
    or contains all image types.

    (-[WKFileUploadPanel _showPhotoPicker]):
    (-[WKFileUploadPanel picker:didFinishPicking:]):

    Continue to transcode video, when the picker does not perform transcoding, for
    compatibility.

    Canonical link: https://commits.webkit.org/275726@main


  Commit: 198b1444fb1524c2811aaa85f94269e4dec66a58
      https://github.com/WebKit/WebKit/commit/198b1444fb1524c2811aaa85f94269e4dec66a58
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp

  Log Message:
  -----------
  Unreviewed build fix.
* Source/WebCore/layout/integration/LayoutIntegrationBoxTree.cpp:


  Commit: f7ff600375e4b2efbb84601a7d1547a023ac56e8
      https://github.com/WebKit/WebKit/commit/f7ff600375e4b2efbb84601a7d1547a023ac56e8
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH264.mm

  Log Message:
  -----------
  Cherry-pick 1392a12ad3f1. rdar://124406255

    REGRESSION (iOS 17.4 Beta): No incoming video in Teams VA
    rdar://122859173
    https://bugs.webkit.org/show_bug.cgi?id=269281

    Reviewed by Brent Fulgham.

    WebRTC applicartions typically do not care about reordering since it hits the latency.
    We are thus setting the window size to 0 when AVC is false, which is the case for libwebrtc decoders.
    WebCodecs websites that had issues with reordering are using AVC, so should not be broken by this change.

    * Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH264.mm:
    (-[RTCVideoDecoderH264 decodeData:size:timeStamp:]):

    Canonical link: https://commits.webkit.org/274581@main


  Commit: b15d7b97e5ef592fd410842e7f426ffc1ee11a0b
      https://github.com/WebKit/WebKit/commit/b15d7b97e5ef592fd410842e7f426ffc1ee11a0b
  Author: Chris Fleizach <cfleizach at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Cherry-pick 46a7bd3624b4. rdar://124421166

    AX: com.apple.WebKit.WebContent crash at WebCore: -[WebAccessibilityObjectWrapper handleNotificationRelayToChrome:notificationData:]
    https://bugs.webkit.org/show_bug.cgi?id=269319
    <rdar://problem/122688370>

    Reviewed by (OOPS).

    Ensure that we have a valid AXObjectCache before proceeding.

    * Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

    Canonical link: https://commits.webkit.org/274610@main


  Commit: 44a76bd9ca566f385fdb7d458c8f2029f7719db7
      https://github.com/WebKit/WebKit/commit/44a76bd9ca566f385fdb7d458c8f2029f7719db7
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

  Log Message:
  -----------
  Cherry-pick 5add71f66046. rdar://124421108

    Catalyst needs tccd access
    https://bugs.webkit.org/show_bug.cgi?id=269518
    rdar://122976577

    Reviewed by Brent Fulgham.

    Catalyst needs tccd access in the WebContent process sandbox.

    * Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:

    Canonical link: https://commits.webkit.org/274820@main


  Commit: a411a1adc40be2f23ac6e613c238e96926556016
      https://github.com/WebKit/WebKit/commit/a411a1adc40be2f23ac6e613c238e96926556016
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    A Source/ThirdParty/libwebrtc/Configurations/BaseTarget-libwebm.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/libwebm.xcconfig
    A Source/ThirdParty/libwebrtc/Configurations/webm_fuzzer.xcconfig
    M Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 275865 at main (3aba3902984e). <rdar://124294964>

    Add target for webm_fuzzer
    https://bugs.webkit.org/show_bug.cgi?id=270712
    <rdar://124294964>

    Reviewed by Alex Christensen.

    * Source/ThirdParty/libwebrtc/Configurations/BaseTarget-libwebm.xcconfig: Copied from Source/ThirdParty/libwebrtc/Configurations/libwebm.xcconfig.
    * Source/ThirdParty/libwebrtc/Configurations/libwebm.xcconfig:
    - Extract common variables from libwebm.xcconfig into
      BaseTarget-libwebm.xcconfig.
    * Source/ThirdParty/libwebrtc/Configurations/webm_fuzzer.xcconfig: Add.
    * Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj:
    - Drive-by fix to remove redundant PRODUCT_NAME variables from various
      targets.
    (Fuzzers (libwebrtc)):
    - Add webm_fuzzer as dependency to aggregate target.
    (webm_fuzzer target): Add.
    - Add target to build webm_fuzzer.

    Canonical link: https://commits.webkit.org/275865@main

Canonical link: https://commits.webkit.org/272448.722@safari-7618-branch


  Commit: 8068983d33db77d696a1c506e367fb021758bcdc
      https://github.com/WebKit/WebKit/commit/8068983d33db77d696a1c506e367fb021758bcdc
  Author: Zhifei Fang <zhifei_fang at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/timeline.js

  Log Message:
  -----------
  Cherry-pick 274303 at main (1d1806e4b2c7). https://bugs.webkit.org/show_bug.cgi?id=269008

    Fix typo: Regress->Regression
    https://bugs.webkit.org/show_bug.cgi?id=269008

    Reviewed by Tim Nguyen.

    Fix typo for results database

    * Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/timeline.js:

    Canonical link: https://commits.webkit.org/274303@main

Canonical link: https://commits.webkit.org/272448.723@safari-7618-branch


  Commit: e64d389b8833052844189b5025a920ab55ff6bc0
      https://github.com/WebKit/WebKit/commit/e64d389b8833052844189b5025a920ab55ff6bc0
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/canonicalize/__init__.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/land.py

  Log Message:
  -----------
  Cherry-pick 275417 at main (797bcc905aa6). rdar://123539145

    [git-webkit] Support repositories where commit signing enabled
    https://bugs.webkit.org/show_bug.cgi?id=270029
    rdar://123539145

    Reviewed by Dewei Zhu.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:
    (Git.commit_signing_enabled): Check if commit.gpgsign is set.
    (Git.rebase): Re-sign commits when setting committer.
    (Git.pull): Ditto.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/canonicalize/__init__.py:
    (Canonicalize.main): Re-sign commits when adding identifier.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/land.py:
    (Land.main): Re-sign commits when adding reviewer.

    Canonical link: https://commits.webkit.org/275417@main

Canonical link: https://commits.webkit.org/272448.724@safari-7618-branch


  Commit: 5db9b57e4b579a8530e12014a107040cd02a2cbe
      https://github.com/WebKit/WebKit/commit/5db9b57e4b579a8530e12014a107040cd02a2cbe
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 275642 at main (8a49f6daff37). rdar://123846231

    [git-webkit revert] Handle exception when trying to reopen a closed radar
    https://bugs.webkit.org/show_bug.cgi?id=270306
    rdar://problem/123846231

    Reviewed by Jonathan Bedard.

    Handles exception thrown when a radar cannot be reopened.
    Prints error message and continues.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.relate_issues):

    Canonical link: https://commits.webkit.org/275642@main

Canonical link: https://commits.webkit.org/272448.725@safari-7618-branch


  Commit: 98c7bab52b958b9faeb68011beff856dbfa8a775
      https://github.com/WebKit/WebKit/commit/98c7bab52b958b9faeb68011beff856dbfa8a775
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py

  Log Message:
  -----------
  Cherry-pick 275703 at main (839318cccbdf). rdar://123852726

    [git-webkit pr] Should prompt user if radar and bugs do not match
    https://bugs.webkit.org/show_bug.cgi?id=270314
    rdar://123852726

    Reviewed by Jonathan Bedard.

    Adds prompt for user to stop or continue the process when a radar and bug do not match.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
    (Tracker.cc_radar): Will throw an exception if radar and bug do not match and user inputs No.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:
    (PullRequest.create_pull_request): Catches the exception from cc_radar and halts.

    Canonical link: https://commits.webkit.org/275703@main

Canonical link: https://commits.webkit.org/272448.726@safari-7618-branch


  Commit: 5b5803eb4127f0dcf98c22469c9012005790d183
      https://github.com/WebKit/WebKit/commit/5b5803eb4127f0dcf98c22469c9012005790d183
  Author: Alex Atwater <alexandera_22 at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py

  Log Message:
  -----------
  Cherry-pick 275804 at main (2ff933793117). rdar://124227697

    Fix issue where Terminal could not be found in bugzilla.py
    rdar://124227697 (Terminal not found when attempting to `git webkit pr`)
    Reviewed by Brian Weinstein.

    Change 123852726 referenced Terminal from webkitcorepy but needed to reference the package.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:
    (Tracker.cc_radar):

    Canonical link: https://commits.webkit.org/275804@main

Canonical link: https://commits.webkit.org/272448.727@safari-7618-branch


  Commit: d3860ca5540c588925ea19b81a5b40e36d009a05
      https://github.com/WebKit/WebKit/commit/d3860ca5540c588925ea19b81a5b40e36d009a05
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/generate-xcfilelists

  Log Message:
  -----------
  Cherry-pick 276049 at main (f84f5a221f1e). rdar://102516630

    [generate-xcfilelists] Disable autoinstaller
    https://bugs.webkit.org/show_bug.cgi?id=270921
    rdar://102516630

    Reviewed by Elliott Williams.

    generate-xcfilelists doesn't require the autoinstaller,
    encode that assumption so no dependency is added in the future.

    * Tools/Scripts/generate-xcfilelists:

    Canonical link: https://commits.webkit.org/276049@main

Canonical link: https://commits.webkit.org/272448.728@safari-7618-branch


  Commit: ba29e4a6693dbbc0f9ba547477e07b018922f380
      https://github.com/WebKit/WebKit/commit/ba29e4a6693dbbc0f9ba547477e07b018922f380
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 275866 at main (cf72395f4ed4). rdar://124287051

    [git-webkit revert] Add tabs to separate reverted changes in commit message
    https://bugs.webkit.org/show_bug.cgi?id=270706
    rdar://problem/124287051

    Reviewed by Ryan Haddad.

    Adds indentation for the reverted changeset for better readability.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.create_revert_commit_msg):

    Canonical link: https://commits.webkit.org/275866@main

Canonical link: https://commits.webkit.org/272448.729@safari-7618-branch


  Commit: 9143c712f8809494daba88edca8c06f086a59469
      https://github.com/WebKit/WebKit/commit/9143c712f8809494daba88edca8c06f086a59469
  Author: Brianna Fan <bfan2 at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py

  Log Message:
  -----------
  Cherry-pick 275957 at main (6588b141aa98). rdar://124393291

    [git-webkit revert] Temporarily disable reopening radars automatically
    https://bugs.webkit.org/show_bug.cgi?id=270803
    rdar://124393291

    Reviewed by Ryan Haddad.

    Disable reopening radars until work in webkitbugspy is done.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/revert.py:
    (Revert.relate_issues):

    Canonical link: https://commits.webkit.org/275957@main

Canonical link: https://commits.webkit.org/272448.730@safari-7618-branch


  Commit: 2add35a476c679a73f4d6a4dc7c6548d0781c96d
      https://github.com/WebKit/WebKit/commit/2add35a476c679a73f4d6a4dc7c6548d0781c96d
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/hooks/pre-push
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_hooks.py

  Log Message:
  -----------
  Cherry-pick 276030 at main (305fc1b1cf59). rdar://107109166

    [hooks/pre-push] Make our pre-push hook case insensitive
    https://bugs.webkit.org/show_bug.cgi?id=254303
    rdar://107109166

    Reviewed by Aakash Jain.

    Make all our remote logic in our pre-push hook case insensitive.

    * Tools/Scripts/hooks/pre-push:
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/install_hooks.py:
    (InstallHooks._security_levels):
    (InstallHooks.main):

    Canonical link: https://commits.webkit.org/276030@main

Canonical link: https://commits.webkit.org/272448.731@safari-7618-branch


  Commit: 88863e8f5c539b4e20f7eb162e6527f330461b3b
      https://github.com/WebKit/WebKit/commit/88863e8f5c539b4e20f7eb162e6527f330461b3b
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py

  Log Message:
  -----------
  Cherry-pick 276051 at main (f657af17ad3a). rdar://124542328

    [webkitcorepy] Exit AutoInstall.install when disabled
    https://bugs.webkit.org/show_bug.cgi?id=270920
    rdar://124542328

    Reviewed by Elliott Williams.

    AutoInstall.install will fail if the autoinstaller is disabled.
    Programs shouldn't call AutoInstall.install if the autoinstaller
    is disabled, but the program may still complete, so we should
    just print an error message.

    * Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py:
    (AutoInstall.install): Exit and print error if AutoInstall is disabled.

    Canonical link: https://commits.webkit.org/276051@main

Canonical link: https://commits.webkit.org/272448.732@safari-7618-branch


  Commit: 7d7e9c948a3b9295403dd2af53e093d6d92d3544
      https://github.com/WebKit/WebKit/commit/7d7e9c948a3b9295403dd2af53e093d6d92d3544
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Verify range of ArrayBuffer when deserializing an ArrayBufferView
https://bugs.webkit.org/show_bug.cgi?id=270949
rdar://123906915

Reviewed by Chris Dumez.

byteOffset and length come from an untrusted source, and if out of bounds they
can lead to arbitrary reads.  If they are out of bounds, fail to deserialize.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readArrayBufferViewImpl):

Canonical link: https://commits.webkit.org/272448.733@safari-7618-branch


  Commit: e288277cdf0b80227642f3059c9532c833cbf843
      https://github.com/WebKit/WebKit/commit/e288277cdf0b80227642f3059c9532c833cbf843
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M metadata/trackers.json

  Log Message:
  -----------
  Cherry-pick 276123 at main (724a6c7f15cd). rdar://124637640

    [git-webkit] Add "Approved To Land" exemption
    https://bugs.webkit.org/show_bug.cgi?id=271004
    rdar://124637640

    Reviewed by John Wilander.

    * metadata/trackers.json: Add 'WebKit Security Approved
    To Land in Open Source' keyword.

    Canonical link: https://commits.webkit.org/276123@main

Canonical link: https://commits.webkit.org/272448.734@safari-7618-branch


  Commit: fc0db23bf6022911b1eb26381dad748a9f7c495d
      https://github.com/WebKit/WebKit/commit/fc0db23bf6022911b1eb26381dad748a9f7c495d
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M LayoutTests/fast/forms/switch/no-pixels-outside-the-box-vertical-lr-rtl.html
    M LayoutTests/fast/forms/switch/no-pixels-outside-the-box.html
    M Source/WebCore/platform/graphics/mac/controls/SwitchMacUtilities.h
    M Source/WebCore/platform/graphics/mac/controls/SwitchMacUtilities.mm
    M Source/WebCore/platform/graphics/mac/controls/SwitchThumbMac.mm
    M Source/WebCore/platform/graphics/mac/controls/SwitchTrackMac.mm

  Log Message:
  -----------
  Cherry-pick 275808 at main (5381f48e7a04). rdar://121579531

    <input type=checkbox switch> paints outside its box and the thumb is slightly misaligned on macOS
    https://bugs.webkit.org/show_bug.cgi?id=267679
    rdar://121579531

    Reviewed by Aditya Keerthi.

    This fixes two problems:

    1. The thumb was misplaced by half a pixel. The error here was not
       calculating the inflated box for the thumb independently and instead
       assuming it would be the inflated track's height squared. The new
       code calculates the thumb boxes (mostly) independently from the
       track boxes.

    2. Drawing the thumb was not masked in any way. This resulted in some
       pixel bleeding at the top of the control. This was noticed, but
       initially not deemed a problem. It's now deemed a problem and
       corrected by using the same masking code we use for the track. There
       remains some slight bleeding, though noticeably less.

    * LayoutTests/fast/forms/switch/no-pixels-outside-the-box-vertical-lr-rtl.html:
    * LayoutTests/fast/forms/switch/no-pixels-outside-the-box.html:
    * Source/WebCore/platform/graphics/mac/controls/SwitchMacUtilities.h:
    * Source/WebCore/platform/graphics/mac/controls/SwitchMacUtilities.mm:
    (WebCore::SwitchMacUtilities::visualCellSize):
    (WebCore::SwitchMacUtilities::trackMaskImage):
    * Source/WebCore/platform/graphics/mac/controls/SwitchThumbMac.mm:
    (WebCore::SwitchThumbMac::cellSize const):
    (WebCore::SwitchThumbMac::draw):
    * Source/WebCore/platform/graphics/mac/controls/SwitchTrackMac.mm:
    (WebCore::SwitchTrackMac::draw):
    (WebCore::trackMaskImage): Deleted.

    Canonical link: https://commits.webkit.org/275808@main


  Commit: 4fca92a21e9a0dbf8d5e1fe53c4b3e0e8948d145
      https://github.com/WebKit/WebKit/commit/4fca92a21e9a0dbf8d5e1fe53c4b3e0e8948d145
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h
    M Source/WebCore/dom/NameNodeList.cpp
    M Source/WebCore/dom/NameNodeList.h
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h

  Log Message:
  -----------
  Cherry-pick 275779 at main (290968e36d41). rdar://122548304

    Quirk getElementsByName() on older iPadOS apps
    https://bugs.webkit.org/show_bug.cgi?id=270229
    rdar://122548304

    Reviewed by Ryosuke Niwa.

    272530 at main aligned us with the HTML Standard for getElementsByName()
    by making it only work for HTML elements.

    There is at least one iPadOS app that is impacted by that change. This
    change should give them a bit of time to catch up by making
    getElementsByName() look at all elements again for older iPadOS apps.

    * Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h:
    * Source/WebCore/dom/NameNodeList.cpp:
    (WebCore::NameNodeList::NameNodeList):
    (WebCore::NameNodeList::elementMatches const):
    * Source/WebCore/dom/NameNodeList.h:
    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::needsGetElementsByNameQuirk const):
    * Source/WebCore/page/Quirks.h:

    Canonical link: https://commits.webkit.org/275779@main


  Commit: 038b868955ced0af93e6c393d6b38fcdfb388039
      https://github.com/WebKit/WebKit/commit/038b868955ced0af93e6c393d6b38fcdfb388039
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/.gitignore
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/README.md
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/.gitignore
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/build.gradle
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/proguard-rules.pro
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/AndroidManifest.xml
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/README.md
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/Chimera-AV1-10bit-480x270.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/alpha_video.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/blue-and-magenta-crop.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.monochrome.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.monochrome.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.10bpc.yuv444.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.8bpc.yuv444.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.10bpc.yuv422.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.monochrome.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv422.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv444.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.8bpc.yuv422.avif
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/java/org/aomedia/avif/android/AvifDecoderTest.java
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/proguard-rules.pro
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/AndroidManifest.xml
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/java/org/aomedia/avif/android/AvifDecoder.java
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/CMakeLists.txt
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/libavif_jni.cc
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/build.gradle
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle.properties
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.jar
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.properties
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradlew
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradlew.bat
    R Source/WebCore/PAL/ThirdParty/libavif/android_jni/settings.gradle

  Log Message:
  -----------
  Cherry-pick 01e3f96ac5ae. rdar://124330659

    Build fix: Remove Source/WebCore/PAL/ThirdParty/libavif/android_jni folder
    rdar://124330659
    https://bugs.webkit.org/show_bug.cgi?id=270747

    Reviewed by Alexey Proskuryakov.

    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/.gitignore: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/README.md: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/.gitignore: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/build.gradle: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/proguard-rules.pro: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/AndroidManifest.xml: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/README.md: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/Chimera-AV1-10bit-480x270.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/animated_avif/alpha_video.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/blue-and-magenta-crop.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.10bpc.yuv420.monochrome.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile0.8bpc.yuv420.monochrome.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.10bpc.yuv444.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile1.8bpc.yuv444.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.10bpc.yuv422.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv420.monochrome.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv422.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.12bpc.yuv444.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/assets/avif/fox.profile2.8bpc.yuv422.avif: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/java/org/aomedia/avif/android/AvifDecoderTest.java: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/androidTest/proguard-rules.pro: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/AndroidManifest.xml: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/java/org/aomedia/avif/android/AvifDecoder.java: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/CMakeLists.txt: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/avifandroidjni/src/main/jni/libavif_jni.cc: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/build.gradle: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle.properties: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.jar: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradle/wrapper/gradle-wrapper.properties: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradlew: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/gradlew.bat: Remove.
    * Source/WebCore/PAL/ThirdParty/libavif/android_jni/settings.gradle: Remove.

    Canonical link: https://commits.webkit.org/275928@main

Identifier: 272448.737 at safari-7618-branch


  Commit: 2892e42cd07f3859b8710d0f4d625fcac434477e
      https://github.com/WebKit/WebKit/commit/2892e42cd07f3859b8710d0f4d625fcac434477e
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-03-14 (Thu, 14 Mar 2024)

  Changed paths:
    A LayoutTests/media/media-source/media-managedmse-poster-expected.txt
    A LayoutTests/media/media-source/media-managedmse-poster.html
    M LayoutTests/platform/ios-wk2/TestExpectations
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLMediaElement.h
    M Source/WebCore/html/HTMLVideoElement.cpp
    M Source/WebCore/html/HTMLVideoElement.h
    M Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
    M Source/WebCore/rendering/RenderVideo.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp

  Log Message:
  -----------
  Cherry-pick 275158 at main (48c940370411). rdar://84531384

    Have HTMLVideoElement manage syschronisation of mediaPlayerRenderingCanBeAccelerated states
    https://bugs.webkit.org/show_bug.cgi?id=232125
    rdar://84531384

    Reviewed by Youenn Fablet and Philippe Normand.

    There are three conditions controlling if an accelerated layer is usable with a decoded video:
    1- Does the media player supports hardware accelerated rendering
    2- Is the renderer/compositor hardware accelerated
    3- Should the video playing in this renderer be accelerated (such as having a MediaPlayer, having a poster displayed etc)

    The information was contained at various levels and dealt as follow:
    - The MediaPlayerPrivate contains the information related to 1.
    - When the MediaPlayerPrivate needed to know 3) for the purpose of passing the value of 2) to the GPUP's MediaPlayer, it will would query the MediaPlayer, which queried the HTMLMediaElement client for 2), which itself queried RenderLayerCompositor which returned false if accelerated rendering was disabled and if not querid the RenderVideo, which itself queried the HTMLMediaElement which queried the MediaPlayer which queried the MediaElementPrivate to determine if the player itself supported accelerated rendering.
    It was also up to the MediaPlayerPrivateRemote to query the value during regular operations in order to make sure the value didn't change since it was last checked.

    This latter requirement or lack of check at the right time was the source of multiple bugs (232124, 230495, 21594, 220375, 267661, 268423 and most recently 269684).
    Each time the reason was the same, a failure to synchronise 1) 2) and 3) data, and each time the fix was calling `MediaPlaier::renderingModeChanged()`
    in various places.
    Calling renderingModeChanged() unnecessarily will cause the video layer in the MediaElement to be deleted and reconstructed, following
    by a full re-layout.

    We change this so that each element of the tree is the guardian of the information that matters to itself:
    1- The MediaPlayerPrivate knows 1)
    2- The Compositor knows 2)
    3- The HTMLMediaElement knows 3.

    The HTMLMediaElement is now the coordinator between the MediaPlayerPrivate and the Compositor/RenderVideo.
    The RenderVideo no longer queries directly the MediaPlayer, only the HTMLMediaElement.
    We change to a push model, where:
    1- the RenderVideo will notify the HTMLMediaElement if accelerated rendering
    status has changed.
    2- The MediaPlayerPrivate will notify the HTMLMediaElement if it supports accelerated rendering.
    3- The HTMLMediaElement will notify either the Compositor or the MediaPlayer when the rendering
    state relevant to them has changed and will manage to force a re-layout as needed.

    The requirement for the MediaPlayerPrivate to call "renderingModeChanged" is still there in order to
    minimise the extent of the changes; should it fail to call it, the side affects are minimised
    by checking the state once the MediaPlayer has been created.
    In a similar fashion, once the MediaPlayerPrivate gets notified by the HTMLMediaElement that
    the rendering state has changed, it has to call back into the HTMLMediaElement through a call
    to `HTMLMediaElement::renderingCanBeAccelerated()` in order to minimise the patch size.
    We could have instead pass the new rendering status as an argument.

    We move the handling of layers and its acceleration status to HTMLVideoElement class
    as if it was an audio element, repainting when the player change would be unnecessary
    and harmful to performance.

    Added test.

    * LayoutTests/media/media-source/media-managedmse-poster-expected.txt: Added.
    * LayoutTests/media/media-source/media-managedmse-poster.html: Added.
    We use ManagedMSE instead of plain MSE so that we can test on iOS.
    * LayoutTests/platform/ios/TestExpectations: Make new test runs on iOS as media-source tests are disabled by default
    * LayoutTests/platform/mac-wk1/TestExpectations: Skip test as ManagedMSE isn't enabled on wk1
    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::didDetachRenderers):
    (WebCore::HTMLMediaElement::stopPeriodicTimers):
    (WebCore::HTMLMediaElement::setFullscreenMode):
    (WebCore::HTMLMediaElement::mediaPlayerRenderingCanBeAccelerated): Deleted.
    (WebCore::HTMLMediaElement::mediaPlayerRenderingModeChanged): Deleted.
    * Source/WebCore/html/HTMLMediaElement.h:
    (WebCore::HTMLMediaElement::maybeSyncAcceleratedRenderingState):
    (WebCore::HTMLMediaElement::supportsAcceleratedRendering const): Deleted.
    * Source/WebCore/html/HTMLVideoElement.cpp:
    (WebCore::HTMLVideoElement::acceleratedRenderingStateChanged):
    (WebCore::HTMLVideoElement::supportsAcceleratedRendering const):
    (WebCore::HTMLVideoElement::mediaPlayerRenderingModeChanged):
    (WebCore::HTMLVideoElement::maybeSyncAcceleratedRenderingState):
    (WebCore::HTMLVideoElement::mediaPlayerEngineUpdated):
    * Source/WebCore/html/HTMLVideoElement.h:
    * Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
    (WebCore::MediaPlayerPrivateGStreamer::createVideoSink): Call renderingModeChanged as the creation
    of the video sink can change the status of MediaPlayer::supportsAcceleratedRendering.
    * Source/WebCore/rendering/RenderVideo.cpp:
    (WebCore::RenderVideo::acceleratedRenderingStateChanged):
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
    (WebKit::MediaPlayerPrivateRemote::updateVideoFullscreenInlineImage):
    (WebKit::MediaPlayerPrivateRemote::setVideoFullscreenLayer): We no longer need
    to refresh the value of acceleratedRendering. This will be done by the HTMLMediaElement as needed.
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
    (WebKit::MediaPlayerPrivateRemote::updateConfiguration): We no longer need to
    check the value of `supportsAcceleratedRendering`; this is managed by the HTMLMediaElement

    Canonical link: https://commits.webkit.org/275158@main

Canonical link: https://commits.webkit.org/272448.738@safari-7618-branch


  Commit: f84cad4b3a0d37474351eeffc03087847f482d59
      https://github.com/WebKit/WebKit/commit/f84cad4b3a0d37474351eeffc03087847f482d59
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/clone_unittest.py

  Log Message:
  -----------
  Cherry-pick 276124 at main (846605f3fbe8). rdar://124627200

    [git-webkit] Detect merge-back clone
    https://bugs.webkit.org/show_bug.cgi?id=270986
    rdar://124627200

    Reviewed by Aakash Jain.

    If the user doesn't specify a merge-back behavior when cloning,
    we can infer that behavior based on bug comments.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py:
    (Clone.parser): Add --no-merge-back option.
    (Clone.main): Push reason resolution below issue resolution. Attempt
    to determine the branch issue was committed to, and assume merge-back
    if the issue was not committed to the default branch.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/clone_unittest.py:
    (TestClone.test_infer_merge_back):

    Canonical link: https://commits.webkit.org/276124@main

Canonical link: https://commits.webkit.org/272448.739@safari-7618-branch


  Commit: c369f5018e91ac56a31fca89e6a297485046f1f2
      https://github.com/WebKit/WebKit/commit/c369f5018e91ac56a31fca89e6a297485046f1f2
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm

  Log Message:
  -----------
  PDFs should be downloaded in lockdown mode
https://bugs.webkit.org/show_bug.cgi?id=271003
rdar://124636755

Reviewed by Chris Dumez.

This functionality was first introduced in https://bugs.webkit.org/show_bug.cgi?id=237245, but
was disabled for macOS in https://bugs.webkit.org/show_bug.cgi?id=241741. This patch is to re-enable it.

This functionality should be covered by WKDownload.LockdownModePDF. Which is also fixed in this change
such that it fails whenever the conditional doesn't exist.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForResponseShared):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm:

Canonical link: https://commits.webkit.org/272448.740@safari-7618-branch


  Commit: 3ef9d189e9c9a5c710fb1144b9b5dd15f17fa835
      https://github.com/WebKit/WebKit/commit/3ef9d189e9c9a5c710fb1144b9b5dd15f17fa835
  Author: Alex Atwater <alexandera_22 at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/__init__.py

  Log Message:
  -----------
  Cherry-pick 275564 at main (8865cdb1ab93). rdar://123836656

    [webkitpy] Check if directory is writeable before installing required libraries
    rdar://123836656

    Reviewed by Jonathan Bedard.

    If tooling is mounted in a read-only location, it should instead install tooling at ~/Library/webkitpy

    * Tools/Scripts/webkitpy/__init__.py:

    Canonical link: https://commits.webkit.org/275564@main

Canonical link: https://commits.webkit.org/272448.741@safari-7618-branch


  Commit: 5a8d168a311d54800d4c6e24fd7188a2b47ad856
      https://github.com/WebKit/WebKit/commit/5a8d168a311d54800d4c6e24fd7188a2b47ad856
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/__init__.py

  Log Message:
  -----------
  Cherry-pick 276170 at main (8acea81e85c0). rdar://124694958

    [webkitpy] Don't require urllib3
    https://bugs.webkit.org/show_bug.cgi?id=271062
    rdar://124694958

    Reviewed by Elliott Williams.

    * Tools/Scripts/webkitpy/__init__.py:
    (create_connection): Only override default timeout behavior if urllib3
    is available.

    Canonical link: https://commits.webkit.org/276170@main

Canonical link: https://commits.webkit.org/272448.742@safari-7618-branch


  Commit: 5e2b7d568474d743f25418d0eece5757195de665
      https://github.com/WebKit/WebKit/commit/5e2b7d568474d743f25418d0eece5757195de665
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm
    M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h

  Log Message:
  -----------
  Cherry-pick e232e61bcffb. rdar://124406028

    Apply patch. rdar://123190795


  Commit: 455fb12980725d9d50d43eeafef74ceb8491f9fd
      https://github.com/WebKit/WebKit/commit/455fb12980725d9d50d43eeafef74ceb8491f9fd
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/image-decoders/avif/AVIFImageReader.cpp

  Log Message:
  -----------
  Cherry-pick 345ed1bf70a2. rdar://116808395

    [AVIF Downlevels] Allow pixi property to be missing in AVIF images
    https://bugs.webkit.org/show_bug.cgi?id=270180
    rdar://116808395

    Reviewed by Cameron McCormack.

    If an image is missing the pixi property, decoding its frames will fail because
    we enable AVIF_STRICT_PIXI_REQUIRED when avifDecoder is created. So we need to
    remove this restriction to be compatible with newer OSs and other browsers.

    * Source/WebCore/platform/image-decoders/avif/AVIFImageReader.cpp:
    (WebCore::AVIFImageReader::AVIFImageReader):

    Canonical link: https://commits.webkit.org/275608@main


  Commit: 65f5e31a37a48095d060bcf41a89e1d738e428d3
      https://github.com/WebKit/WebKit/commit/65f5e31a37a48095d060bcf41a89e1d738e428d3
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    A LayoutTests/fast/text/hanging-punctuation-with-bidi-expected.html
    A LayoutTests/fast/text/hanging-punctuation-with-bidi.html
    M Source/WebCore/layout/formattingContexts/inline/InlineLine.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineLine.h
    M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp
    M Source/WebCore/layout/formattingContexts/inline/LineLayoutResult.h
    M Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 722de1a0a5f5. rdar://124386802

    Using ruby tag within a hanging-punctuation specifies element, hanging appears not to apply.
    https://bugs.webkit.org/show_bug.cgi?id=270780
    <rdar://problem/124386802>

    Reviewed by Antti Koivisto.

    Let's take punctuation offset into account when processing (left-to-right) bidi based inline content.

    1. Pass leading punctuation width over to display content build as part of the line layout result
    2. Offset "visual left start position" with the punctuation width (negative offset)
    - non-bidi content works fine as we already take this negative offset into account while building the line -which we lose when dealing with bidi reordering
    - right-to-left is also fine as punctuation width being visually trailing does not contribute to visual left

    * LayoutTests/fast/text/hanging-punctuation-with-bidi-expected.html: Added.
    * LayoutTests/fast/text/hanging-punctuation-with-bidi.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineLine.cpp:
    (WebCore::Layout::Line::close):
    * Source/WebCore/layout/formattingContexts/inline/InlineLine.h:
    (WebCore::Layout::Line::HangingContent::leadingPunctuationWidth const):
    * Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
    (WebCore::Layout::LineBuilder::layoutInlineContent):
    * Source/WebCore/layout/formattingContexts/inline/LineLayoutResult.h:
    * Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:
    (WebCore::Layout::InlineDisplayContentBuilder::processBidiContent):

    Canonical link: https://commits.webkit.org/276026@main


  Commit: b835ecb3c7fbcd4bc605e40234a8220d57733b16
      https://github.com/WebKit/WebKit/commit/b835ecb3c7fbcd4bc605e40234a8220d57733b16
  Author: Eric Carlson <eric.carlson at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M LayoutTests/media/audio-background-playback-playlist-expected.txt
    M LayoutTests/media/audio-background-playback-playlist.html
    M Source/WebCore/html/MediaElementSession.cpp
    M Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp
    M Source/WebCore/platform/audio/cocoa/AudioSessionCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebProcessPool.cpp

  Log Message:
  -----------
  Cherry-pick b39392ba956e. rdar://121268089

    REGRESSION (iOS 17.2) Script can not always start audio playback in the background
    https://bugs.webkit.org/show_bug.cgi?id=269938
    rdar://121268089

    Reviewed by Andy Estes.

    Don't deactivate the media activity during the 10 second foreground activity "grace period"
    so script has a chance to start playback, e.g. for a playlist, when the application is in
    the background.

    * LayoutTests/media/audio-background-playback-playlist-expected.txt:
    * LayoutTests/media/audio-background-playback-playlist.html: Update test to wait for the
    'error' event before checking NowPlaying eligibility.

    * Source/WebCore/html/MediaElementSession.cpp:
    (WebCore::MediaElementSession::canShowControlsManager const): Don't say an element that
    has a source and is not in an error state is ineligible to activate NowPlaying if we are
    already registered as the NowPlaying app.

    * Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp:
    (WebCore::PlatformMediaSessionManager::maybeActivateAudioSession): Log when we return
    `false` because an active audio session is not needed to make future debugging easier.

    * Source/WebCore/platform/audio/cocoa/AudioSessionCocoa.mm:
    (WebCore::AudioSessionCocoa::tryToSetActiveInternal): Log when activating or deactivating
    the audio session fails.

    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::setMediaCapability): log when the media capability is cleared.
    (WebKit::WebPageProxy::shouldDeactivateMediaCapability const): Return false if there is
    valid audio activity so we wait to deactivate the capability while the foreground
    activity timer is active.

    * Source/WebKit/UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::updateThrottleState): Log when starting or stopping the foreground
    activity "grace period" timer.
    (WebKit::WebPageProxy::clearAudibleActivity): Fix logging. Call `updateMediaCapability`.
    (WebKit::WebPageProxy::hasValidAudibleActivity const):
    * Source/WebKit/UIProcess/WebPageProxy.h:

    * Source/WebKit/UIProcess/WebProcessPool.cpp:
    (WebKit::WebProcessPool::clearAudibleActivity): Add logging.
    (WebKit::WebProcessPool::updateAudibleMediaAssertions): Clarify log message.

    Canonical link: https://commits.webkit.org/275285@main


  Commit: 0a46d57e5811495482fde25a7f93709ade6df74b
      https://github.com/WebKit/WebKit/commit/0a46d57e5811495482fde25a7f93709ade6df74b
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/animation/AnimationEffect.cpp
    M Source/WebCore/animation/CSSAnimation.cpp
    M Source/WebCore/animation/CSSAnimation.h
    M Source/WebCore/animation/CSSAnimationEvent.cpp
    M Source/WebCore/animation/CSSAnimationEvent.h
    M Source/WebCore/animation/CSSTransition.cpp
    M Source/WebCore/animation/CSSTransition.h
    M Source/WebCore/animation/CSSTransitionEvent.cpp
    M Source/WebCore/animation/CSSTransitionEvent.h
    R Source/WebCore/animation/DeclarativeAnimation.cpp
    R Source/WebCore/animation/DeclarativeAnimation.h
    R Source/WebCore/animation/DeclarativeAnimationEvent.cpp
    R Source/WebCore/animation/DeclarativeAnimationEvent.h
    M Source/WebCore/animation/DocumentTimeline.cpp
    M Source/WebCore/animation/KeyframeEffect.cpp
    M Source/WebCore/animation/KeyframeEffect.h
    A Source/WebCore/animation/StyleOriginatedAnimation.cpp
    A Source/WebCore/animation/StyleOriginatedAnimation.h
    A Source/WebCore/animation/StyleOriginatedAnimationEvent.cpp
    A Source/WebCore/animation/StyleOriginatedAnimationEvent.h
    M Source/WebCore/animation/WebAnimation.cpp
    M Source/WebCore/animation/WebAnimation.h
    M Source/WebCore/animation/WebAnimationUtilities.cpp
    M Source/WebCore/dom/ContentVisibilityDocumentState.cpp
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/inspector/InspectorInstrumentation.h
    M Source/WebCore/inspector/agents/InspectorAnimationAgent.cpp
    M Source/WebCore/inspector/agents/InspectorAnimationAgent.h
    M Source/WebCore/platform/animation/AcceleratedEffect.cpp
    M Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
    M Source/WebCore/style/Styleable.cpp
    M Source/WebCore/style/Styleable.h

  Log Message:
  -----------
  Apply patch. rdar://124038873


  Commit: f91ae916ce7e290be3178bd54e1fc6b8d6cfc80e
      https://github.com/WebKit/WebKit/commit/f91ae916ce7e290be3178bd54e1fc6b8d6cfc80e
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cocoa/CoreTelephonySPI.h

  Log Message:
  -----------
  Cherry-pick 4c56ee9123b0. rdar://124171004

    Fix the macOS build after 275656 at main
    https://bugs.webkit.org/show_bug.cgi?id=270491
    rdar://124039964

    Unreviewed build fix.

    This patch fixes the macOS build after 275656 at main, which
    unconditionally included the
    CoreTelephony/CoreTelephonyClient+CellularPlanManager.h header. Said
    header is only available on iOS targets, so we should gate its inclusion
    behind the appropriate HAVE(ESIM_AUTOFILL_SYSTEM_SUPPORT) flag.

    * Source/WebCore/PAL/pal/spi/cocoa/CoreTelephonySPI.h:

    Canonical link: https://commits.webkit.org/275659@main


  Commit: 5412b72fea967ad98cd41a758adc2ff66c430283
      https://github.com/WebKit/WebKit/commit/5412b72fea967ad98cd41a758adc2ff66c430283
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/bindings/js/JSNodeCustom.cpp
    M Source/WebCore/dom/CustomElementReactionQueue.cpp
    M Source/WebCore/dom/CustomElementReactionQueue.h
    M Source/WebCore/dom/Node.h

  Log Message:
  -----------
  Apply patch. rdar://124253994


  Commit: 5972f0e725d11e91edc0ebbc2884ded52ab7dda6
      https://github.com/WebKit/WebKit/commit/5972f0e725d11e91edc0ebbc2884ded52ab7dda6
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.serialization.in
    M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
    M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm

  Log Message:
  -----------
  Cherry-pick eb352590aabe. rdar://124405549

    Proxy configuration should apply after a network process crash
    https://bugs.webkit.org/show_bug.cgi?id=268952
    rdar://122361008

    Reviewed by Brady Eidson.

    * Source/WebKit/NetworkProcess/NetworkSession.h:
    (WebKit::NetworkSession::setProxyConfigData):
    * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h:
    * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.serialization.in:
    * Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:
    * Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
    (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
    (WebKit::NetworkSessionCocoa::setProxyConfigData):
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
    (WebKit::WebsiteDataStore::parameters):
    (WebKit::WebsiteDataStore::setProxyConfigData):
    * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/274287@main


  Commit: d3846a0db97c4e06357231ede292f2dd98890cea
      https://github.com/WebKit/WebKit/commit/d3846a0db97c4e06357231ede292f2dd98890cea
  Author: Timothy Hatcher <timothy at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    A LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts-expected.txt
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html
    M LayoutTests/platform/mac/TestExpectations
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 12dd6bd4eb2d. rdar://124406016

    [Cocoa] EME with encrypted MPEG2-TS fails to begin playback
    https://bugs.webkit.org/show_bug.cgi?id=268948
    rdar://122030589

    Reviewed by Andy Estes.

    When encrypted samples are parsed from containers by AVStreamDataParser, those samples have
    their associated initialization data attached to their CMFormatDescription as extensions.
    WebKit then reads those initialization data from the format description to determine the
    keyID needed to decrypt that key. For MPEG2-TS files, the initialization data is stored
    in a different key/value pair. Explicitly support this initData type as 'mpts'.

    * LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts: Added.
    * LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html: Added.
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp:
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsSinf):
    (WebCore::CDMPrivateFairPlayStreaming::mptsName):
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsMpts):
    (WebCore::CDMPrivateFairPlayStreaming::sanitizeMpts):
    (WebCore::CDMPrivateFairPlayStreaming::mptsKeyIDs):
    (WebCore::validInitDataTypes):
    (WebCore::CDMFactory::platformRegisterFactories):
    (WebCore::CDMPrivateFairPlayStreaming::supportsInitData const):
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::keyIDsForRequest):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::requestLicense):
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
    (WebCore::MediaSampleAVFObjC::commonInit):
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID):

    Canonical link: https://commits.webkit.org/274351@main


  Commit: 904fdc168547c7771220ce45668cbc75c1fe3385
      https://github.com/WebKit/WebKit/commit/904fdc168547c7771220ce45668cbc75c1fe3385
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/html/HTMLSelectElement.cpp
    M Source/WebCore/rendering/RenderMenuList.cpp

  Log Message:
  -----------
  Cherry-pick 35318b4d5407. rdar://124409462

    Crash under ~RenderMenuList due to CheckedPtr usage
    https://bugs.webkit.org/show_bug.cgi?id=269322
    rdar://119790256

    Reviewed by Alan Baradlay.

    From the crash trace, we can see that HTMLSelectElement::defaultEventHandler()
    holds a CheckedPtr to its RenderMenuList renderer and calls showPopup() on
    the renderer. This ends up running JS, which removes the select element from
    the DOM and in turns destroys the renderer. The usage is currently safe since
    nothing is using the renderer after the JS has run. However, it was tripping
    the CheckedPtr assertion.

    To address the issue, switch to using WeakPtr for now and add comments to
    clarify lifetime. We should consider refactoring this in a follow up though.

    * Source/WebCore/html/HTMLSelectElement.cpp:
    (WebCore::HTMLSelectElement::platformHandleKeydownEvent):
    (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
    (WebCore::HTMLSelectElement::showPicker):
    * Source/WebCore/rendering/RenderMenuList.cpp:
    (RenderMenuList::showPopup):

    Canonical link: https://commits.webkit.org/274586@main


  Commit: aef93328873dc104454935172e99309b318cd883
      https://github.com/WebKit/WebKit/commit/aef93328873dc104454935172e99309b318cd883
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    A JSTests/wasm/stress/omg-osr-stack-check-2.js
    A JSTests/wasm/stress/omg-osr-stack-check-2.wasm
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmCallee.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp

  Log Message:
  -----------
  Stack check size can be zero if omg skips stack checks.
https://bugs.webkit.org/show_bug.cgi?id=271011
rdar://124390384

Reviewed by Yusuke Suzuki.

For leaf functions that have really small stacks, this stack check can
be skipped and the ASSERT(stackCheckSize()) is wrong.

We change the assert to ensure that the stack check size is set, but
if it is not needed, we can skip the stack check.

* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::parseAndCompileB3):
* Source/JavaScriptCore/wasm/WasmCallee.h:

Canonical link: https://commits.webkit.org/272448.753@safari-7618-branch


  Commit: d92a2810d021a520e99221f52a4a8c4795183b02
      https://github.com/WebKit/WebKit/commit/d92a2810d021a520e99221f52a4a8c4795183b02
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-starting-style-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-cascade-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-rule-basic-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-rule-pseudo-elements-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-size-container-expected.txt
    M Source/WebCore/style/ElementRuleCollector.cpp
    M Source/WebCore/style/MatchResult.h
    M Source/WebCore/style/PropertyCascade.cpp
    M Source/WebCore/style/PropertyCascade.h
    M Source/WebCore/style/StyleBuilder.h
    M Source/WebCore/style/StyleResolver.cpp
    M Source/WebCore/style/StyleTreeResolver.cpp
    M Source/WebCore/style/StyleTreeResolver.h
    M Source/WebCore/style/Styleable.cpp

  Log Message:
  -----------
  Cherry-pick b28edead7c0c. rdar://123854487

    [@starting-style] Use starting style as before-change style for animations
    https://bugs.webkit.org/show_bug.cgi?id=268285
    rdar://121844935

    Reviewed by Darin Adler and Matthieu Dubet.

    Compute the starting style if needed and use it.

    https://drafts.csswg.org/css-transitions-2/#at-ruledef-starting-style

    * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-starting-style-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-cascade-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-rule-basic-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-rule-pseudo-elements-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-size-container-expected.txt:
    * Source/WebCore/style/ElementRuleCollector.cpp:
    (WebCore::Style::ElementRuleCollector::addMatchedProperties):
    * Source/WebCore/style/MatchResult.h:

    Track if MatchResult contains any starting style rules for quick testing.

    * Source/WebCore/style/StyleTreeResolver.cpp:
    (WebCore::Style::TreeResolver::createAnimatedElementUpdate):

    Try to compute a starting style if we don't have an existing before-change style.

    (WebCore::Style::TreeResolver::resolveStartingStyle const):

    Resolve the starting style by re-applying the matched properties with @starting-style rules enabled.

    * Source/WebCore/style/StyleTreeResolver.h:
    * Source/WebCore/style/Styleable.cpp:
    (WebCore::Styleable::cancelStyleOriginatedAnimations const):

    Take care to also clear the lastStyleChangeEventStyle when canceling animations.

    Canonical link: https://commits.webkit.org/273734@main


  Commit: c482637cbd76daf1f4562d64a9b5a4853c2a5a54
      https://github.com/WebKit/WebKit/commit/c482637cbd76daf1f4562d64a9b5a4853c2a5a54
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M LayoutTests/platform/glib/TestExpectations
    A LayoutTests/webanimations/accelerated-animation-immediate-prevetion-direction-reverse-expected.txt
    A LayoutTests/webanimations/accelerated-animation-immediate-prevetion-direction-reverse.html
    M Source/WebCore/animation/KeyframeEffect.cpp
    M Source/WebCore/animation/KeyframeEffect.h
    M Source/WebCore/animation/KeyframeEffectStack.cpp

  Log Message:
  -----------
  Cherry-pick 9d57f1f6519a. rdar://117815004

    REGRESSION (iOS 17): Animation flicker with multiple accelerated animations and direction change
    https://bugs.webkit.org/show_bug.cgi?id=263996
    rdar://117815004

    Reviewed by Dean Jackson.

    While we have a mechanism to deal with changes in ability to accelerate effects based on logic ran
    at the KeyframeEffect level (see `KeyframeEffect::canBeAccelerated()`) we do not have anything
    specific in place to deal with the inability to accelerate effects at the GraphicsLayerCA level.

    In the case of reversed animations, or any playback rate other than 1, we reject acceleration
    in GraphicsLayerCA in the static function `animationCanBeAccelerated()`. This happens while
    accelerated actions are applied throughout a keyframe effect stack. With the existing system
    in place, this would result in preventing acceleration in the next animation frame. This bug
    showed this with animations being in an incorrect state for one single frame.

    We now check in `KeyframeEffectStack::applyPendingAcceleratedActions()` whether the application
    of pending accelerated actions resulted in an effect preventing acceleration of the effect
    stack and now immediately stop all effects in that stack.

    The newly added test would reliably fail prior to this patch.

    * LayoutTests/platform/glib/TestExpectations:
    * LayoutTests/webanimations/accelerated-animation-immediate-prevetion-direction-reverse-expected.txt: Added.
    * LayoutTests/webanimations/accelerated-animation-immediate-prevetion-direction-reverse.html: Added.
    * Source/WebCore/animation/KeyframeEffect.cpp:
    (WebCore::KeyframeEffect::effectStackNoLongerAllowsAccelerationDuringAcceleratedActionApplication):
    * Source/WebCore/animation/KeyframeEffect.h:
    * Source/WebCore/animation/KeyframeEffectStack.cpp:
    (WebCore::KeyframeEffectStack::applyPendingAcceleratedActions const):

    Canonical link: https://commits.webkit.org/275773@main


  Commit: 7fc9d0eb3a2baec4a8841ffb347dcc4ce9cc54e8
      https://github.com/WebKit/WebKit/commit/7fc9d0eb3a2baec4a8841ffb347dcc4ce9cc54e8
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/Element.h
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLInputElement.h

  Log Message:
  -----------
  Apply patch. rdar://123901171


  Commit: d4764ae567570464902d73ee6cb79245d39060d6
      https://github.com/WebKit/WebKit/commit/d4764ae567570464902d73ee6cb79245d39060d6
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-03-15 (Fri, 15 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://124406329


  Commit: 09fb3100497ae03f641efef5316fb7737e4d2438
      https://github.com/WebKit/WebKit/commit/09fb3100497ae03f641efef5316fb7737e4d2438
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.3

Identifier: 272448.758 at safari-7618-branch


  Commit: 364048ddfe73a7b7143e3c24906e4df23c62c01f
      https://github.com/WebKit/WebKit/commit/364048ddfe73a7b7143e3c24906e4df23c62c01f
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/WebCore/css/MutableStyleProperties.cpp
    M Source/WebCore/css/MutableStyleProperties.h
    M Source/WebCore/css/StyleProperties.cpp
    M Source/WebCore/dom/StyledElement.cpp
    M Source/WebCore/style/ElementRuleCollector.cpp

  Log Message:
  -----------
  Cherry-pick 20f1c3fa6bbf. rdar://124719608

    Don't try to deduplicate SVG presentation attribute style that is likely unique
    https://bugs.webkit.org/show_bug.cgi?id=269439
    <rdar://problem/122994878>

    Reviewed by Ryosuke Niwa.

    * Source/WebCore/css/MutableStyleProperties.cpp:
    (WebCore::MutableStyleProperties::immutableCopy const):
    (WebCore::MutableStyleProperties::immutableDeduplicatedCopy const):
    * Source/WebCore/css/MutableStyleProperties.h:
    * Source/WebCore/css/StyleProperties.cpp:
    (WebCore::StyleProperties::immutableCopyIfNeeded const):
    * Source/WebCore/dom/StyledElement.cpp:
    (WebCore::StyledElement::rebuildPresentationalHintStyle):

    SVG x/y attributes rarely repeat so avoid deduplication work if they are present.

    * Source/WebCore/style/ElementRuleCollector.cpp:
    (WebCore::Style::ElementRuleCollector::matchAllRules):

    Mark SVG properties that are shared much between elements uncacheable to avoid cache bloat.

    Canonical link: https://commits.webkit.org/274715@main

Identifier: 272448.759 at safari-7618-branch


  Commit: 98dfe74ac8345f0f215ef6bbe348ce7c60f4de22
      https://github.com/WebKit/WebKit/commit/98dfe74ac8345f0f215ef6bbe348ce7c60f4de22
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cocoa/MetalSPI.h
    M Source/WebKit/GPUProcess/GPUProcessCreationParameters.h
    M Source/WebKit/GPUProcess/GPUProcessCreationParameters.serialization.in
    M Source/WebKit/GPUProcess/cocoa/GPUProcessCocoa.mm
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp

  Log Message:
  -----------
  Cherry-pick dbe12dc3a338. rdar://123609465

    Override Metal cache path
    https://bugs.webkit.org/show_bug.cgi?id=270269
    rdar://123609465

    Reviewed by Brent Fulgham and Chris Dumez.

    Override Metal cache path to match the path of the sandbox extension. This is only
    required when WebKit processes are launched as extensions, since they will have their
    own container then where Metal will try to write cache files. The path of the sandbox
    extension is in the UI process' container, so overriding the Metal cache path is
    needed for them to match.

    * Source/WebCore/PAL/pal/spi/cocoa/MetalSPI.h:
    * Source/WebKit/GPUProcess/GPUProcessCreationParameters.h:
    * Source/WebKit/GPUProcess/GPUProcessCreationParameters.serialization.in:
    * Source/WebKit/GPUProcess/cocoa/GPUProcessCocoa.mm:
    (WebKit::GPUProcess::platformInitializeGPUProcess):
    * Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
    (WebKit::GPUProcessProxy::GPUProcessProxy):

    Canonical link: https://commits.webkit.org/275511@main

Identifier: 272448.760 at safari-7618-branch


  Commit: 62e1f244c8949e5087707f1da23e7288aa808f19
      https://github.com/WebKit/WebKit/commit/62e1f244c8949e5087707f1da23e7288aa808f19
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.h
    M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp

  Log Message:
  -----------
  Cherry-pick 448446ef4d14. rdar://124631514

    Account for identity in UserMediaCaptureManagerProxy::startProducingData for camera
    https://bugs.webkit.org/show_bug.cgi?id=270995
    rdar://124631514

    Reviewed by Eric Carlson.

    When media environment is not available, we can still rely on identity safely.
    The camera check is only accounting for media environment so we update it to check for identity as well,
    so that it does not unnecessarily fail capture.

    * Source/WebCore/platform/mediastream/RealtimeMediaSourceCenter.h:
    * Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
    (WebKit::UserMediaCaptureManagerProxy::startProducingData):

    Canonical link: https://commits.webkit.org/276147@main

Identifier: 272448.761 at safari-7618-branch


  Commit: 6ce91a5d911657059cfb5aef52f5a33315a57b7b
      https://github.com/WebKit/WebKit/commit/6ce91a5d911657059cfb5aef52f5a33315a57b7b
  Author: David Degazio <d_degazio at apple.com>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    M Source/WebCore/bindings/js/JSExecState.h
    M Source/WebCore/bindings/js/ScriptController.cpp
    M Source/WebCore/workers/WorkerOrWorkletScriptController.cpp

  Log Message:
  -----------
  Cherry-pick 20cd6e8fdcc8. rdar://121268593

    JSExecState::loadModule can dereference null result
    https://bugs.webkit.org/show_bug.cgi?id=270934
    rdar://121268593

    Reviewed by Yusuke Suzuki.

    Fixes a bug where JSExecState::loadModule always dereferenced the
    result of JSC::loadModule, even though JSC::loadModule will return
    null if there is an exception. This patch changes the return type
    of JSExecState::loadModule to a raw pointer, so callers of it can
    detect and handle null results returned from deeper calls.

    * Source/WebCore/bindings/js/JSExecState.h:
    (WebCore::JSExecState::loadModule):
    * Source/WebCore/bindings/js/ScriptController.cpp:
    (WebCore::ScriptController::loadModuleScriptInWorld):
    * Source/WebCore/workers/WorkerOrWorkletScriptController.cpp:
    (WebCore::WorkerOrWorkletScriptController::loadModuleSynchronously):
    (WebCore::WorkerOrWorkletScriptController::loadAndEvaluateModule):

    Canonical link: https://commits.webkit.org/276190@main

Identifier: 272448.762 at safari-7618-branch


  Commit: df9629adcf830c54fac0a680506a3dd273191487
      https://github.com/WebKit/WebKit/commit/df9629adcf830c54fac0a680506a3dd273191487
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-19 (Tue, 19 Mar 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-continuation-crash-expected.txt
    A LayoutTests/fast/ruby/ruby-continuation-crash.html
    M Source/WebCore/rendering/updating/RenderTreeBuilder.cpp

  Log Message:
  -----------
  Crash with ruby and continuations
https://bugs.webkit.org/show_bug.cgi?id=271167
rdar://124432235

Reviewed by Ryosuke Niwa.

* LayoutTests/fast/ruby/ruby-continuation-crash-expected.txt: Added.
* LayoutTests/fast/ruby/ruby-continuation-crash.html: Added.
* Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:
(WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers):

Improve robustness by using WeakPtr for destroyRoot and null checking before calling destroy(*destroyRoot)
as it might get deleted by an earlier destroy() call.

Canonical link: https://commits.webkit.org/272448.763@safari-7618-branch


  Commit: e285de6f4a70c879e56c5be89f7d1fcc1f647f61
      https://github.com/WebKit/WebKit/commit/e285de6f4a70c879e56c5be89f7d1fcc1f647f61
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-03-19 (Tue, 19 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/dom/EmptyScriptExecutionContext.h
    M Source/WebCore/dom/ScriptExecutionContext.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/workers/Worker.cpp
    M Source/WebCore/workers/WorkerGlobalScope.cpp
    M Source/WebCore/workers/WorkerInitializationData.h
    M Source/WebCore/workers/WorkerMessagingProxy.cpp
    M Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp
    M Source/WebCore/workers/WorkerOrWorkletGlobalScope.h
    M Source/WebCore/workers/WorkerScriptLoader.cpp
    M Source/WebCore/workers/WorkerScriptLoader.h
    M Source/WebCore/workers/WorkerThread.cpp
    M Source/WebCore/workers/WorkerThread.h
    M Source/WebCore/workers/service/ServiceWorkerClientData.cpp
    M Source/WebCore/workers/service/ServiceWorkerClientData.h
    M Source/WebCore/workers/service/context/ServiceWorkerThread.cpp
    M Source/WebCore/workers/service/context/ServiceWorkerThread.h
    M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
    M Source/WebCore/workers/service/server/SWServer.cpp
    M Source/WebCore/workers/service/server/SWServer.h
    M Source/WebCore/workers/service/server/SWServerToContextConnection.h
    M Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp
    M Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp
    M Source/WebCore/worklets/WorkletGlobalScope.cpp
    M Source/WebCore/worklets/WorkletParameters.h
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in
    M Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  [Private Browsing] Noise injection doesn't apply when using OffscreenCanvas in shared/service workers
https://bugs.webkit.org/show_bug.cgi?id=271159
rdar://124702163

Reviewed by Sihui Liu and Chris Dumez.

In Private Browsing mode in Safari 17, each `ScriptExecutionContext` has a noise injection hash salt
(unique by security origin) and `AdvancedPrivacyProtections` flags, sourced from the document
loader. These are used to generate noise when reading pixels back from `canvas` or `OffscreenCanvas`.
For dedicated workers, plumbing already exists to propagate the hash salt via `WorkerParameters` to
`WorkerGlobalScope`, where they apply to `OffscreenCanvas`. However, for both shared workers and
service workers, this is insufficient, since the `OffscreenCanvas` APIs are called in a separate,
potentially-remote `Page` (which currently has neither a hash salt nor the requisite
`AdvancedPrivacyProtections` flags).

To fix this, we extend `AdvancedPrivacyProtection` flag plumbing to work for these two remaining
types of workers; see below for more details.

Test: AdvancedPrivacyProtections.NoiseInjectionForOffscreenCanvasInSharedWorker

* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
(WebCore::generateWorkletParameters):
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::noiseInjectionPolicy const):
(WebCore::Document::advancedPrivacyProtections const):
* Source/WebCore/dom/Document.h:
* Source/WebCore/dom/EmptyScriptExecutionContext.h:
* Source/WebCore/dom/ScriptExecutionContext.h:

Add an override point to return the set of active advanced privacy protection flags. For `Document`,
this goes through the top document's loader. For worklets and workers, this state is passed in via
`WorkerParameters` and `WorkletParameters`.

* Source/WebCore/page/Page.cpp:
(WebCore::Page::setupForRemoteWorker):

Allow shared/service workers to pass in privacy protections when initializing the remote `Page`.

* Source/WebCore/page/Page.h:
* Source/WebCore/workers/Worker.cpp:
(WebCore::Worker::notifyFinished):
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope):
* Source/WebCore/workers/WorkerInitializationData.h:
(WebCore::WorkerInitializationData::isolatedCopy const):
* Source/WebCore/workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.h:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
* Source/WebCore/workers/WorkerScriptLoader.h:
(WebCore::WorkerScriptLoader::advancedPrivacyProtections const):

Add a member as well as a getter to keep track of the active privacy protections for the currently
loading (or loaded) worker. Later consulted in `SharedWorkerScriptLoader` to plumb the protection
options into `WorkerInitializationData`, when spinning up shared workers.

* Source/WebCore/workers/WorkerThread.cpp:
(WebCore::WorkerParameters::isolatedCopy const):
* Source/WebCore/workers/WorkerThread.h:
* Source/WebCore/workers/service/ServiceWorkerClientData.cpp:
(WebCore::ServiceWorkerClientData::isolatedCopy const):
(WebCore::ServiceWorkerClientData::isolatedCopy):
(WebCore::ServiceWorkerClientData::from):
* Source/WebCore/workers/service/ServiceWorkerClientData.h:
* Source/WebCore/workers/service/context/ServiceWorkerThread.cpp:
(WebCore::generateWorkerParameters):
(WebCore::ServiceWorkerThread::ServiceWorkerThread):
* Source/WebCore/workers/service/context/ServiceWorkerThread.h:
* Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp:
(WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
* Source/WebCore/workers/service/server/SWServer.cpp:
(WebCore::forEachClientForOriginImpl):
(WebCore::SWServer::forEachClientForOrigin const):
(WebCore::SWServer::forEachClientForOrigin):
(WebCore::SWServer::advancedPrivacyProtectionsFromClient const):

When installing a new service worker, consult the set of matching clients (by client origin), to
check if any clients of the service worker have active privacy protections; pass along the union of
these active policies when installing the service worker.

(WebCore::SWServer::installContextData):

Pass in `AdvancedPrivacyProtections` when spinning up a new service worker.

(WebCore::SWServer::runServiceWorker):
* Source/WebCore/workers/service/server/SWServer.h:
* Source/WebCore/workers/service/server/SWServerToContextConnection.h:
* Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp:
(WebCore::SharedWorkerScriptLoader::notifyFinished):
* Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp:
(WebCore::generateWorkerParameters):
* Source/WebCore/worklets/WorkletGlobalScope.cpp:
(WebCore::WorkletGlobalScope::WorkletGlobalScope):
* Source/WebCore/worklets/WorkletParameters.h:
(WebCore::WorkletParameters::isolatedCopy const):
(WebCore::WorkletParameters::isolatedCopy):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::controlClient):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:
(WebKit::WebSWServerToContextConnection::installServiceWorkerContext):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::installServiceWorker):

Call `setupForRemoteWorker` with the privacy protection flags.

* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in:
* Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp:
(WebKit::WebSharedWorkerContextManagerConnection::launchSharedWorker):

Call `setupForRemoteWorker` with the privacy protection flags.

* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::sharedWorkerMainBytes):

Add a new API test.

Canonical link: https://commits.webkit.org/272448.764@safari-7618-branch


  Commit: 7bc9e1400df51d9aaea2feabd9598789f197b1ec
      https://github.com/WebKit/WebKit/commit/7bc9e1400df51d9aaea2feabd9598789f197b1ec
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/MemoryFootprintThreshold.mm

  Log Message:
  -----------
  Cherry-pick 48ca65b18. rdar://123799163

Identifier: 272448.765 at safari-7618-branch


  Commit: 463ddf9e19c355eefff32fb30951f560aba493d0
      https://github.com/WebKit/WebKit/commit/463ddf9e19c355eefff32fb30951f560aba493d0
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp

  Log Message:
  -----------
  Cherry-pick 12aecd574. rdar://124180748

Identifier: 272448.766 at safari-7618-branch


  Commit: 25dca49a5d6799995bd5f8fd9bee25cb2c92c7de
      https://github.com/WebKit/WebKit/commit/25dca49a5d6799995bd5f8fd9bee25cb2c92c7de
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/editing/FrameSelection.cpp
    M Source/WebCore/editing/VisibleSelection.cpp
    M Source/WebCore/editing/VisibleSelection.h
    M Source/WebCore/editing/cocoa/DictionaryLookup.mm
    M Source/WebCore/history/CachedPage.cpp
    M Source/WebCore/html/BaseDateAndTimeInputType.cpp
    M Source/WebCore/inspector/InspectorFrontendHost.cpp
    M Source/WebCore/page/DragController.cpp
    M Source/WebCore/page/EventHandler.cpp
    M Source/WebCore/page/FocusController.cpp
    M Source/WebCore/page/FocusController.h
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/page/ios/EventHandlerIOS.mm
    M Source/WebCore/page/mac/EventHandlerMac.mm
    M Source/WebCore/page/mac/ServicesOverlayController.mm
    M Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundleFrame.cpp
    M Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/mac/WebEditorClientMac.mm
    M Source/WebKit/WebProcess/WebPage/Cocoa/TextCheckingControllerProxy.mm
    M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
    M Source/WebKit/WebProcess/WebPage/FindController.cpp
    M Source/WebKit/WebProcess/WebPage/WebFoundTextRangeController.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
    M Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm
    M Source/WebKitLegacy/mac/Misc/WebSharingServicePickerController.mm
    M Source/WebKitLegacy/mac/WebView/WebView.mm

  Log Message:
  -----------
  Cherry-pick b99b4d6f85.rdar://116201648
Cherry-pick 36e218fb0. rdar://116201648

Identifier: 272448.767 at safari-7618-branch


  Commit: 95db1246b0be91c4b30222b6f7ff32e11bef213b
      https://github.com/WebKit/WebKit/commit/95db1246b0be91c4b30222b6f7ff32e11bef213b
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    M Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/decode.c
    M Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/internal.h

  Log Message:
  -----------
  Cherry-pick 4c23f1a14c60. rdar://124974991

    [dav1d] Fix tile_start_off calculations for extremely large frame sizes
    https://bugs.webkit.org/show_bug.cgi?id=271068
    <rdar://124700924>

    Unreviewed upstream merge of 2b475307dc11be9a1c3cc4358102c76a7f386a51.

    * Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/decode.c:
    (dav1d_decode_frame_init):
    * Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/internal.h:

    Canonical link: https://commits.webkit.org/276207@main

Identifier: 272448.768 at safari-7618-branch


  Commit: 30b6bed597899664d76dd16962897932e9adcef5
      https://github.com/WebKit/WebKit/commit/30b6bed597899664d76dd16962897932e9adcef5
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm
    M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h

  Log Message:
  -----------
  Revert "Cherry-pick e232e61bcffb. rdar://124406028"

This reverts commit 5e2b7d568474d743f25418d0eece5757195de665.

Identifier: 272448.769 at safari-7618-branch


  Commit: 6d311cd7fefc87c61b75db7c0e707d2317afdfbb
      https://github.com/WebKit/WebKit/commit/6d311cd7fefc87c61b75db7c0e707d2317afdfbb
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-03-20 (Wed, 20 Mar 2024)

  Changed paths:
    A JSTests/wasm/stress/many-calls-results-on-stack.js
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp

  Log Message:
  -----------
  BBQ needs to move stack results from a call to their canonical location
https://bugs.webkit.org/show_bug.cgi?id=271175
rdar://124060867

Reviewed by Yusuke Suzuki.

Right now we can end up clobbering a value, `X`, on the stack in BBQ because it gets left in a
`StackArgument` `Location` after a call. This breaks when a later call before `X` has been consumed
would set the same `StackArgument` location as `X`. The fix is to just always move stack results
to their canonical location. This is probably fine because stack results are super rare in practice.

* JSTests/wasm/stress/many-calls-results-on-stack.js: Added.
(repeat):
(check):
(async test):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::returnValuesFromCall):

Canonical link: https://commits.webkit.org/272448.770@safari-7618-branch


  Commit: 789990487bd6ed6b69af72c5f50e89480e09a398
      https://github.com/WebKit/WebKit/commit/789990487bd6ed6b69af72c5f50e89480e09a398
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-03-21 (Thu, 21 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/GroupActivities/WKGroupSession.swift

  Log Message:
  -----------
  Cherry-pick 276365 at main (56adf027a1d8). rdar://125035625

    Unreviewed, build fix with newer SDK
    https://bugs.webkit.org/show_bug.cgi?id=271267
    rdar://125035625

    * Source/WebKit/WebKitSwift/GroupActivities/GroupSession.swift:

    Canonical link: https://commits.webkit.org/276365@main

Canonical link: https://commits.webkit.org/272448.771@safari-7618-branch


  Commit: 7ae96f19b44353b449135f8726f98bb7e6e27b47
      https://github.com/WebKit/WebKit/commit/7ae96f19b44353b449135f8726f98bb7e6e27b47
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-03-21 (Thu, 21 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WKBaseScrollView.mm

  Log Message:
  -----------
  Fix Internal visionOS build.
rdar://125168558

Unreviewed build-fx.

* Source/WebKit/UIProcess/ios/WKBaseScrollView.mm:
(-[WKBaseScrollView initWithFrame:]):

Canonical link: https://commits.webkit.org/272448.772@safari-7618-branch


  Commit: 052845bc6c5cd974e9500a6d71f307eaa8356f5c
      https://github.com/WebKit/WebKit/commit/052845bc6c5cd974e9500a6d71f307eaa8356f5c
  Author: Simon Fraser <simon.fraser at apple.com>
  Date:   2024-03-21 (Thu, 21 Mar 2024)

  Changed paths:
    M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp
    M Source/WebCore/page/scrolling/ScrollingStateOverflowScrollProxyNode.cpp
    M Source/WebCore/page/scrolling/ScrollingStateStickyNode.cpp
    M Source/WebCore/page/scrolling/ScrollingTreeOverflowScrollProxyNode.cpp
    M Source/WebCore/page/scrolling/ScrollingTreeStickyNode.cpp

  Log Message:
  -----------
  [UIProcess] Unsafe downcast in ScrollingTreeStickyNode::computeLayerPosition leading to type confusion.
https://bugs.webkit.org/show_bug.cgi?id=271395
rdar://125084284

Reviewed by Chris Dumez.

Fix various places in scrolling tree-related code where we do unchecked `downcast<>`s of
scrolling tree types.

* Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:
(WebCore::AsyncScrollingCoordinator::frameViewVisualViewportChanged):
(WebCore::AsyncScrollingCoordinator::setViewportConstraintedNodeConstraints):
* Source/WebCore/page/scrolling/ScrollingStateOverflowScrollProxyNode.cpp:
(WebCore::ScrollingStateOverflowScrollProxyNode::dumpProperties const):
* Source/WebCore/page/scrolling/ScrollingStateStickyNode.cpp:
(WebCore::ScrollingStateStickyNode::computeLayerPosition const):
* Source/WebCore/page/scrolling/ScrollingTreeOverflowScrollProxyNode.cpp:
(WebCore::ScrollingTreeOverflowScrollProxyNode::dumpProperties const):
* Source/WebCore/page/scrolling/ScrollingTreeStickyNode.cpp:
(WebCore::ScrollingTreeStickyNode::computeLayerPosition const):

Canonical link: https://commits.webkit.org/272448.773@safari-7618-branch


  Commit: 694c610fd6381daf26fdb828fafbbc01459fa00d
      https://github.com/WebKit/WebKit/commit/694c610fd6381daf26fdb828fafbbc01459fa00d
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.2.4

Canonical link: https://commits.webkit.org/272448.774@safari-7618-branch


  Commit: b888637419f28fbf9599a83ab5dc5d62c3c73c45
      https://github.com/WebKit/WebKit/commit/b888637419f28fbf9599a83ab5dc5d62c3c73c45
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://124959411

Canonical link: https://commits.webkit.org/272448.775@safari-7618-branch


  Commit: c603f9c63f4f779b3ca078df41877929d84d3a17
      https://github.com/WebKit/WebKit/commit/c603f9c63f4f779b3ca078df41877929d84d3a17
  Author: Garrett Davidson <garrett_davidson at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Cherry-pick 1d32f0c70849. rdar://124409492

    Add some missing null checks for WebAuthn extension options
    rdar://123161979

    Reviewed by Brent Fulgham.

    Add some missing null checks for WebAuthn extension options.

    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
    (WebKit::WebAuthenticatorCoordinatorProxy::requestsForRegisteration):
    (WebKit::WebAuthenticatorCoordinatorProxy::requestsForAssertion):

    Canonical link: https://commits.webkit.org/274952@main

Canonical link: https://commits.webkit.org/272448.776@safari-7618-branch


  Commit: 8c121b17f94560c9f49f26241968d180f9fd648b
      https://github.com/WebKit/WebKit/commit/8c121b17f94560c9f49f26241968d180f9fd648b
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M LayoutTests/fast/forms/ios/select-option-removed-update.html
    A LayoutTests/fast/forms/ios/select-option-update-1000-expected.txt
    A LayoutTests/fast/forms/ios/select-option-update-1000.html
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm

  Log Message:
  -----------
  Cherry-pick cfd86982fcdf. rdar://124722402

    REGRESSION (271805 at main): [iOS] Updating options in a visible <select> menu can result in hangs
    https://bugs.webkit.org/show_bug.cgi?id=271138
    rdar://124576235

    Reviewed by Abrar Rahman Protyasha.

    271805 at main introduced logic that would update a visible <select> menu's options
    as they are changed. Currently, the logic sends an update every time an option is
    added or removed. This is problematic when options are added in a loop, as (n - 1)
    unnecessary IPC messages are sent, and O(n^2) menu items are constructed in the UI
    process. Additionally, there is further overhead from auto layout. Consequently,
    adding options in a loop can result in a hang when there is a visible <select> menu.

    Fix by adding a debouncing mechanism, so that changes to options can be coalesced
    into a single update.

    * LayoutTests/fast/forms/ios/select-option-removed-update.html:
    * LayoutTests/fast/forms/ios/select-option-update-1000-expected.txt: Added.
    * LayoutTests/fast/forms/ios/select-option-update-1000.html: Added.
    * Source/WebKit/WebProcess/WebPage/WebPage.cpp:
    (WebKit::WebPage::close):
    (WebKit::WebPage::elementDidFocus):
    (WebKit::WebPage::focusedSelectElementDidChangeOptions):
    * Source/WebKit/WebProcess/WebPage/WebPage.h:

    Use a `DeferrableOneShotTimer` to ensure that any changes that happen within 100ms
    are coalesced into a single update.

    * Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::updateFocusedElementInformation):

    Canonical link: https://commits.webkit.org/276349@main

Canonical link: https://commits.webkit.org/272448.777@safari-7618-branch


  Commit: 6a45d4f2d1b89af8812564dd3eee3c3bd8f0bde1
      https://github.com/WebKit/WebKit/commit/6a45d4f2d1b89af8812564dd3eee3c3bd8f0bde1
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/MemoryPressureHandler.cpp
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h
    M Source/WebKit/UIProcess/ProcessThrottler.cpp
    M Source/WebKit/UIProcess/ProcessThrottler.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/MemoryFootprintThreshold.mm

  Log Message:
  -----------
  Apply patch. rdar://124165615

	Provide canSuspend info to didExceedMemoryFootprintThreshold event https://bugs.webkit.org/show_bug.cgi?id=270646 rdar://124165615

	Reviewed by Chris Dumez.

	We fire the didExceedMemoryFootprintThreshold analytics event to detect sites and/or processes with
	excessive memory usage. We also want to log whether or not those sites are ever allowed to suspend
	in the event.

	I also changed the event to log the threshold being violated rather than the actual footprint value
	of the process. This works better with the way we want to analyze the data.

	* Source/WTF/wtf/MemoryPressureHandler.cpp:
	(WTF::MemoryPressureHandler::measurementTimerFired):
	* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
	* Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreDelegate.h:
	* Source/WebKit/UIProcess/WebPageProxy.cpp:
	(WebKit::WebPageProxy::hasAllowedToRunInTheBackgroundActivity const):
	* Source/WebKit/UIProcess/WebPageProxy.h:
	* Source/WebKit/UIProcess/WebProcessProxy.cpp:
	(WebKit::WebProcessProxy::didExceedMemoryFootprintThreshold):
	* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h:
	(WebKit::WebsiteDataStoreClient::didExceedMemoryFootprintThreshold):
	* Tools/TestWebKitAPI/Tests/WebKitCocoa/MemoryFootprintThreshold.mm:
	(-[MemoryFootprintDelegate websiteDataStore:domain:didExceedMemoryFootprintThreshold:withPageCount:processLifetime:inForeground:wasPrivateRelayed:canSuspend:]):
	(-[MemoryFootprintDelegate websiteDataStore:domain:didExceedMemoryFootprintThreshold:withPageCount:processLifetime:inForeground:wasPrivateRelayed:]): Deleted.

	Canonical link: https://commits.webkit.org/276032@main

Canonical link: https://commits.webkit.org/272448.778@safari-7618-branch


  Commit: 038e2066af1a4a6eb4a30724aa7d97da84d8b50d
      https://github.com/WebKit/WebKit/commit/038e2066af1a4a6eb4a30724aa7d97da84d8b50d
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Source/WebCore/rendering/RenderObject.cpp
    M Source/WebCore/rendering/RenderObject.h
    M Source/WebCore/rendering/svg/RenderSVGBlock.cpp
    M Source/WebCore/rendering/svg/RenderSVGInline.cpp
    M Source/WebCore/rendering/svg/RenderSVGText.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGContainer.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGContainer.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGForeignObject.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGImage.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGImage.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGModelObject.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGRoot.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGRoot.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGViewportContainer.cpp

  Log Message:
  -----------
  Cherry-pick 276201 at main (e6d4d4d2b750). https://bugs.webkit.org/show_bug.cgi?id=271010

    RenderObject::setNeedsBoundariesUpdate() should avoid work in non-SVG elements
    https://bugs.webkit.org/show_bug.cgi?id=271010

    Reviewed by Simon Fraser.

    This PR refactors RenderObject::setNeedsBoundariesUpdate() into two functions
    invalidateCachedBoundaries which invalidates the ancestor with boundary box cache,
    and setNeedsBoundariesUpdate, which sets a dirty bit on this boundary box cache.

    This avoids the overhead of recursive function calls in setNeedsBoundariesUpdate(),
    and avoids traversing upwards of non-SVG render objects. Each render SVG objects
    which has a non-trivial setNeedsBoundariesUpdate now sets UsesBoundaryCaching flag
    in type specific flags (ReplacedFlag or SVGModelObjectFlag).

    A number of call sites of RenderObject::setNeedsBoundariesUpdate now need to call
    invalidateCachedBoundaries on its parent since invalidateCachedBoundaries stops at
    the first render SVG object which uses boundary box cache.

    This PR also removes the unused RenderObject::needsBoundariesUpdate and its overrides.

    * Source/WebCore/rendering/RenderObject.cpp:
    (WebCore::RenderObject::willBeRemovedFromTree):
    (WebCore::RenderObject::setNeedsBoundariesUpdate):
    (WebCore::RenderObject::invalidateCachedBoundaries): Inline the code to walk up
    the ancestor objects here along with an early exit for when we're out of SVG subtree.

    * Source/WebCore/rendering/RenderObject.h:
    (WebCore::RenderObject::isSVGRenderer const): Added.
    (WebCore::RenderObject::setNeedsTransformUpdate):
    (WebCore::RenderObject::needsBoundariesUpdate): Deleted.
    (WebCore::RenderObject): Shuffled type flags so that TypeSpecificFlags can be now
    16-bits instead of 8-bit like it used to be prior to this PR.
    (WebCore::RenderObject::usesBoundaryCaching const): Added.

    * Source/WebCore/rendering/svg/RenderSVGBlock.cpp:
    (WebCore::RenderSVGBlock::styleDidChange):

    * Source/WebCore/rendering/svg/RenderSVGInline.cpp:
    (WebCore::RenderSVGInline::styleDidChange):

    * Source/WebCore/rendering/svg/RenderSVGText.cpp:
    (WebCore::RenderSVGText::layout):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGContainer.cpp:
    (WebCore::LegacyRenderSVGContainer::LegacyRenderSVGContainer):
    (WebCore::LegacyRenderSVGContainer::layout):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGContainer.h:
    (WebCore::LegacyRenderSVGContainer::needsBoundariesUpdate): Deleted.

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGForeignObject.cpp:
    (WebCore::LegacyRenderSVGForeignObject::layout):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGImage.cpp:
    (WebCore::LegacyRenderSVGImage::LegacyRenderSVGImage):
    (WebCore::LegacyRenderSVGImage::layout):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGImage.h:
    (WebCore::LegacyRenderSVGImage::needsBoundariesUpdate): Deleted.

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGModelObject.cpp:
    (WebCore::LegacyRenderSVGModelObject::LegacyRenderSVGModelObject):
    (WebCore::LegacyRenderSVGModelObject::styleDidChange):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp:
    (WebCore::LegacyRenderSVGResourceContainer::markClientForInvalidation):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGRoot.cpp:
    (WebCore::LegacyRenderSVGRoot::LegacyRenderSVGRoot):
    (WebCore::LegacyRenderSVGRoot::styleDidChange):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGRoot.h:
    (WebCore::LegacyRenderSVGRoot::needsBoundariesUpdate): Deleted.

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.cpp:
    (WebCore::LegacyRenderSVGShape::LegacyRenderSVGShape):
    (WebCore::LegacyRenderSVGShape::layout):

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGShape.h:
    (WebCore::LegacyRenderSVGShape::needsBoundariesUpdate): Deleted.

    * Source/WebCore/rendering/svg/legacy/LegacyRenderSVGViewportContainer.cpp:
    (WebCore::LegacyRenderSVGViewportContainer::calcViewport):

    Canonical link: https://commits.webkit.org/276201@main

Canonical link: https://commits.webkit.org/272448.779@safari-7618-branch


  Commit: c57347c1c44fac492a89341b9f24b41b1ebf9ffc
      https://github.com/WebKit/WebKit/commit/c57347c1c44fac492a89341b9f24b41b1ebf9ffc
  Author: Erica Li <lerica at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change.html

  Log Message:
  -----------
  Fix flakey splitText-crash-during-tear-down-renderers-after-slot-change.
rdar://125264773

Reviewed by Jonathan Bedard.

Fix text difference on some release builds.

* LayoutTests/fast/text/splitText-crash-during-tear-down-renderers-after-slot-change.html:

Canonical link: https://commits.webkit.org/272448.780@safari-7618-branch


  Commit: bc1031419c11da25e8689183091afa25b9ab1777
      https://github.com/WebKit/WebKit/commit/bc1031419c11da25e8689183091afa25b9ab1777
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/WaveShaperNode.cpp
    M Source/WebCore/Modules/webaudio/WaveShaperNode.h

  Log Message:
  -----------
  Use-after-free in WebCore::WaveShaperDSPKernel::processCurve()
https://bugs.webkit.org/show_bug.cgi?id=271654
rdar://123631199

Reviewed by Jer Noble.

Make sure WaveShaperNode::curveForBindings() clones our internal array
before returning it to JS. This is important so that the JS cannot
modify our internal array on the main thread while the audio thread is
using it for rendering.

* Source/WebCore/Modules/webaudio/WaveShaperNode.cpp:
(WebCore::WaveShaperNode::curveForBindings):
* Source/WebCore/Modules/webaudio/WaveShaperNode.h:

Canonical link: https://commits.webkit.org/272448.781@safari-7618-branch


  Commit: d8876a147cbcdb8338242020c782fb734e398daa
      https://github.com/WebKit/WebKit/commit/d8876a147cbcdb8338242020c782fb734e398daa
  Author: Ben Schwartz <ben_schwartz at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/bugzilla.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/data.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/github.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/github_unittest.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py

  Log Message:
  -----------
  Cherry-pick 276428 at main (7a79cecafe05). rdar://125039020

    Add modified time to webkitbugspy.
    https://bugs.webkit.org/show_bug.cgi?id=271272
    rdar://125039020

    Reviewed by Jonathan Bedard.

    Currently, webkitbugspy does not have a method to retrieve the last modified time of an Issue
    object. This change adds this information into the Issue object such that it is callable.

    Added getters/setters for the new modified property:
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py

    Added the new modified property into the mocks:
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/bugzilla.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/data.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/github.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py

    Added new webkitbugspy unit tests:
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/github_unittest.py
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py

    Canonical link: https://commits.webkit.org/276428@main

Canonical link: https://commits.webkit.org/272448.782@safari-7618-branch


  Commit: 83115e22e68b144f9700dbb430baac1c4621030e
      https://github.com/WebKit/WebKit/commit/83115e22e68b144f9700dbb430baac1c4621030e
  Author: Žan Doberšek <zdobersek at igalia.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    A LayoutTests/fast/css/line-break-fixed-position-container-expected.txt
    A LayoutTests/fast/css/line-break-fixed-position-container.html
    M Source/WebCore/rendering/RenderObject.cpp

  Log Message:
  -----------
  Cherry-pick 274097.12 at webkit-2024.2-embargoed (5bd3a1c2b0ac). rdar://114719845

    Special case treatment of out-of-flow RenderLineBreak
    https://bugs.webkit.org/show_bug.cgi?id=264631
    rdar://114719845

    Reviewed by Alan Baradlay.

    Out-of-flow RenderLineBreaks have problems when relying on default out-of-flow support of the render
    tree, see https://bugs.webkit.org/show_bug.cgi?id=270977.

    To fix the problem we change containerForElement and containingBlock to treat RenderLineBreak that are out-of-flow as
    if they have position: static.

    * LayoutTests/fast/css/line-break-fixed-position-container-expected.txt: Added.
    * LayoutTests/fast/css/line-break-fixed-position-container.html: Added.
    * Source/WebCore/rendering/RenderObject.cpp:
    (WebCore::RenderObject::containingBlock const):
    (WebCore::containerForElement):

    Canonical link: https://commits.webkit.org/274097.12@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.783@safari-7618-branch


  Commit: c3f94c3bd00bb6da26d6c0175fe02e9877b9b9a8
      https://github.com/WebKit/WebKit/commit/c3f94c3bd00bb6da26d6c0175fe02e9877b9b9a8
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick bd932c1da52c. rdar://123087943

    Cherry-pick 994eca410af6. rdar://122422447

        Change install location of WebKit process extensions
        https://bugs.webkit.org/show_bug.cgi?id=268946
        rdar://122422447

        Reviewed by Elliott Williams.

        * Source/WebKit/Configurations/BaseExtension.xcconfig:
        * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

        Canonical link: https://commits.webkit.org/274425@main

    Identifier: 272448.525 at safari-7618-branch

Identifier: 272448.784 at safari-7618-branch


  Commit: b9ef77616851ab872bcb436b5ef703313e055a88
      https://github.com/WebKit/WebKit/commit/b9ef77616851ab872bcb436b5ef703313e055a88
  Author: Joshua Hoffman <jhoffman23 at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    A LayoutTests/accessibility/ios-simulator/destroy-on-press-expected.txt
    A LayoutTests/accessibility/ios-simulator/destroy-on-press.html
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Cherry-pick fcc36e12e4cb. rdar://122491194

    AX: Backing object can be destroyed in _accessibilityActivate
    https://bugs.webkit.org/show_bug.cgi?id=268997
    rdar://122491194

    Reviewed by Chris Fleizach.

    Calling AccessibilityObject::press() on the backing object is non-trivial, and could cause
    the object to be destroyed, resulting a null dereference in _accessibilityActivate when
    calling `isStaticText`. This patch protects that backing object with a RefPtr.

    * LayoutTests/accessibility/ios-simulator/destroy-on-press-expected.txt: Added.
    * LayoutTests/accessibility/ios-simulator/destroy-on-press.html: Added.
    * Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
    (-[WebAccessibilityObjectWrapper _accessibilityActivate]):

    Canonical link: https://commits.webkit.org/274477@main

Identifier: 272448.785 at safari-7618-branch


  Commit: 44496438766e6f8ae84229a6cbd967bf0082a15e
      https://github.com/WebKit/WebKit/commit/44496438766e6f8ae84229a6cbd967bf0082a15e
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebCore/accessibility/AccessibilitySVGElement.cpp

  Log Message:
  -----------
  Cherry-pick 6d542b7a2a83. rdar://123016231

    AX: AccessibilitySVGElement::description() is missing several null-checks, causing crashes
    https://bugs.webkit.org/show_bug.cgi?id=269530
    rdar://123016231

    Reviewed by Chris Fleizach.

    * Source/WebCore/accessibility/AccessibilitySVGElement.cpp:
    (WebCore::AccessibilitySVGElement::description const):

    Canonical link: https://commits.webkit.org/274934@main

Identifier: 272448.786 at safari-7618-branch


  Commit: 51ae116cadf9105abc191b1c8b6a2753b5cab8e0
      https://github.com/WebKit/WebKit/commit/51ae116cadf9105abc191b1c8b6a2753b5cab8e0
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLInputElement.h
    M Source/WebCore/html/ValidatedFormListedElement.h

  Log Message:
  -----------
  Cherry-pick f6dbc5c5c725. rdar://123465932

    Delay creation of InputType and user agent shadow trees during cloning
    https://bugs.webkit.org/show_bug.cgi?id=269900

    Reviewed by Yusuke Suzuki.

    This PR delays the construction of InputType and user agent shadow tree when cloning an input element
    such that InputType is initialized after all the attributes are cloned, and its shadow tree is
    constructed as the element becomes connected to a document.

    * Source/WebCore/dom/Element.cpp:
    (WebCore::Element::parserSetAttributes):
    (WebCore::Element::cloneAttributesFromElement): Call initializeInputTypeAfterParsingOrCloning.
    (WebCore::Element::cloneDataFromElement): Added an assertion to make sure the UA shadow tree's
    construction has not happened yet.
    * Source/WebCore/html/HTMLInputElement.cpp:
    (WebCore::HTMLInputElement::HTMLInputElement):
    (WebCore::HTMLInputElement::create):
    (WebCore::HTMLInputElement::cloneElementWithoutAttributesAndChildren): Added.
    (WebCore::HTMLInputElement::initializeInputTypeAfterParsingOrCloning): Renamed from
    parserInitializeInputType.
    (WebCore::HTMLInputElement::attributeChanged):
    (WebCore::HTMLInputElement::copyNonAttributePropertiesFromElement): Don't update the shadow tree unless
    we have already created it.
    * Source/WebCore/html/HTMLInputElement.h:
    * Source/WebCore/html/ValidatedFormListedElement.h:

    Canonical link: https://commits.webkit.org/275200@main

Identifier: 272448.787 at safari-7618-branch


  Commit: 2b973ca9c2305ea1f4bc9f9ce82cedf8d7404b5b
      https://github.com/WebKit/WebKit/commit/2b973ca9c2305ea1f4bc9f9ce82cedf8d7404b5b
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    A LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/radio-disconnected-group-owner-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/radio-disconnected-group-owner.html
    M Source/WebCore/html/HTMLInputElement.cpp

  Log Message:
  -----------
  Cherry-pick d8a8923dfc32. rdar://124090681

    REGRESSION(273523 at main): A test case in html/semantics/forms/the-input-element/radio-disconnected-group-owner.html fails
    https://bugs.webkit.org/show_bug.cgi?id=270478

    Reviewed by Chris Dumez.

    Add the input element to tree scope's radio group after insertion if it didn't result in becoming connected.

    * LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/radio-disconnected-group-owner-expected.txt: Added.
    * LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/radio-disconnected-group-owner.html: Added.
    * Source/WebCore/html/HTMLInputElement.cpp:
    (WebCore::HTMLInputElement::insertedIntoAncestor):

    Canonical link: https://commits.webkit.org/275708@main

Identifier: 272448.788 at safari-7618-branch


  Commit: 18e6020fedab2c977788ae2212dc396621a789c2
      https://github.com/WebKit/WebKit/commit/18e6020fedab2c977788ae2212dc396621a789c2
  Author: Qianlang Chen <qianlangchen at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebInspectorUI/UserInterface/Views/LogContentView.js

  Log Message:
  -----------
  Cherry-pick eaa47ea7c85e. rdar://122923625

    Web Inspector: Infos and Debugs buttons don't appear in Console tab until new console messages are displayed
    rdar://122923625
    https://bugs.webkit.org/show_bug.cgi?id=268881

    Reviewed by Devin Rousso.

    The original code hides the Infos and Debugs scope bar items until
    the console receives the first message coming a non-default channel.

    Make it so that the Infos and Debugs buttons' visibility syncs with
    with whether there are messages with those two levels respectively,
    regardless of what channels the messages came from.

    Call the Infos and Debugs buttons "conditionally visible" and make a
    group for their IDs. This way the code controlling their visibility
    becomes more extendable.

    Also clean up some unused dead code near the primary changes.

    * Source/WebInspectorUI/UserInterface/Views/LogContentView.js:
    (WI.LogContentView.prototype._scopeFromMessageLevel):
      - The levels Infos and Debugs no longer depend on
        _hasNonDefaultLogChannelMessage.

    (WI.LogContentView.prototype._messageAdded):
    (WI.LogContentView.prototype._logCleared):
    (WI.LogContentView.prototype._scopeBarSelectionDidChange):
    (WI.LogContentView.prototype._showOrHideConditionallyVisibleScopeBarItemsAsNeeded):
      - Show or hide the conditionally-visible buttons as needed.

    (WI.LogContentView):
      - In the constructor, hide the newly created Infos and Debugs buttons
        if they're unselected.

    (WI.LogContentView.prototype._messageSourceBarSelectionDidChange):
    (WI.LogContentView.prototype._scopeBarSelectionDidChange):
      - Clean up unused local variable `items`.

    Canonical link: https://commits.webkit.org/275914@main

Identifier: 272448.789 at safari-7618-branch


  Commit: d7d0326531b76109ac616aadc285d88d4e3e9bc4
      https://github.com/WebKit/WebKit/commit/d7d0326531b76109ac616aadc285d88d4e3e9bc4
  Author: Matt Woodrow <mattwoodrow at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    A LayoutTests/fast/clip/offscreen-transparency-clip-expected.html
    A LayoutTests/fast/clip/offscreen-transparency-clip.html
    M Source/WebCore/rendering/RenderLayer.cpp

  Log Message:
  -----------
  Cherry-pick afd16103076c. rdar://123983879

    REGRESSION(268173 at main) Safari rendered bdiusa.com as all white.
    https://bugs.webkit.org/show_bug.cgi?id=270926
    <rdar://123983879>

    Reviewed by Simon Fraser.

    We're using transparencyClipBox to determine the size of the transparency layer to push,
    and it's returning an empty rectangle.

    It recurses through descendants, and finds a child layer positioned way off to the left
    of the screen (at -33553151).

    Due to limits of int32, adding the bounds of that child into the original rect
    (0,0) width=1686 height=18933.45, results in (-33554430,0) width=33554432 height=18933.45
    which no longer includes the visible area of the screen (except for the very left edge).

    This fix moves the intersection with the dirty rect down to happen per-layer, so that
    we clip before unioning the descendants in, and avoid this problem.

    As the existing code comment mentions, it would still be preferable to take CSS clips
    into account when computing these rectangles.

    * LayoutTests/fast/clip/offscreen-transparency-clip-expected.html: Added.
    * LayoutTests/fast/clip/offscreen-transparency-clip.html: Added.
    * Source/WebCore/rendering/RenderLayer.cpp:
    (WebCore::transparencyClipBox):
    (WebCore::expandClipRectForDescendantsAndReflection):
    (WebCore::RenderLayer::beginTransparencyLayers):
    (WebCore::paintingExtent): Deleted.

    Canonical link: https://commits.webkit.org/276294@main

Identifier: 272448.790 at safari-7618-branch


  Commit: 037bb2a28e52ad166da903a7fdcd92d4dda4a40f
      https://github.com/WebKit/WebKit/commit/037bb2a28e52ad166da903a7fdcd92d4dda4a40f
  Author: Matthieu Dubet <m_dubet at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M LayoutTests/fast/css/scope-at-rule-expected.html
    M LayoutTests/fast/css/scope-at-rule.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-implicit-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-implicit.html
    M Source/WebCore/style/ElementRuleCollector.cpp

  Log Message:
  -----------
  Cherry-pick 7b99ea4ee244. rdar://124640124

    [CSS] Fix wrong proximity calculation for implicit @scope
    https://bugs.webkit.org/show_bug.cgi?id=270900
    rdar://124640124

    Reviewed by Antti Koivisto.

    The previous code was wrongly trying to locate the distance
    of the element to the @scope owner node (the <style> node),
    while it should locate the distance to the parent of the owner node.

    * LayoutTests/fast/css/scope-at-rule-expected.html:
    * LayoutTests/fast/css/scope-at-rule.html:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-implicit-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-implicit.html:
    * Source/WebCore/style/ElementRuleCollector.cpp:
    (WebCore::Style::ElementRuleCollector::scopeRulesMatch):

    Canonical link: https://commits.webkit.org/276345@main

Identifier: 272448.791 at safari-7618-branch


  Commit: 7dcbc70310148f62c86502bf199fc7e0a4a3d175
      https://github.com/WebKit/WebKit/commit/7dcbc70310148f62c86502bf199fc7e0a4a3d175
  Author: Matthieu Dubet <m_dubet at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M LayoutTests/fast/css/scope-at-rule-expected.html
    M LayoutTests/fast/css/scope-at-rule.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-evaluation-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-evaluation.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-invalidation-expected.txt
    M Source/WebCore/style/ElementRuleCollector.cpp

  Log Message:
  -----------
  Cherry-pick 432386fb902b. rdar://124956673

    [CSS] Any @scope limit makes the element out of scope
    https://bugs.webkit.org/show_bug.cgi?id=270806
    rdar://124956673

    Reviewed by Antti Koivisto.

    <scope-end> is a relative selector list, any valid complex selector
    inside it represents a scope limit : for an element to be in scope,
    it needs to not have any of those selectors matching one of its ancestors.

     * LayoutTests/fast/css/scope-at-rule-expected.html:
     * LayoutTests/fast/css/scope-at-rule.html:
     * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-evaluation-expected.txt:
     * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-evaluation.html:
     * LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/scope-invalidation-expected.txt:
     * Source/WebCore/style/ElementRuleCollector.cpp:
     (WebCore::Style::ElementRuleCollector::scopeRulesMatch):

    Canonical link: https://commits.webkit.org/276359@main

Identifier: 272448.792 at safari-7618-branch


  Commit: 0a841874f32663ab0b7908de711f4df2c77ae525
      https://github.com/WebKit/WebKit/commit/0a841874f32663ab0b7908de711f4df2c77ae525
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebKit/GPUProcess/cocoa/GPUConnectionToWebProcessCocoa.mm

  Log Message:
  -----------
  Cherry-pick 9a7846e7b496. rdar://122836442

    GPUConnectionToWebProcess::setTCCIdentity need to check that it has a bundle identifier before calling tcc_identity_create
    https://bugs.webkit.org/show_bug.cgi?id=271459
    rdar://122836442

    Reviewed by Eric Carlson.

    As can be seen from crash logs, we are sometimes calling tcc_identity_create with a nullptr identifier.
    This identifier is coming from the bundle proxy created by [LSBundleProxy bundleProxyWithAuditToken:error:].
    This function can probably return nil without an error, or the returned bundle proxy has a nullptr identifier.
    We add an if check that covers both cases and add release logging to know the exact issue.

    * Source/WebKit/GPUProcess/cocoa/GPUConnectionToWebProcessCocoa.mm:
    (WebKit::GPUConnectionToWebProcess::setTCCIdentity):

    Canonical link: https://commits.webkit.org/276549@main

Identifier: 272448.793 at safari-7618-branch


  Commit: be491e4d6d65f4322ff8a40d16aeb72396273048
      https://github.com/WebKit/WebKit/commit/be491e4d6d65f4322ff8a40d16aeb72396273048
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebCore/bindings/js/JSDOMWrapperCache.h

  Log Message:
  -----------
  Cherry-pick de25b66294c4. rdar://125277776

    getCachedWrapper always does HashMap lookup when the wrapper doesn't exist
    https://bugs.webkit.org/show_bug.cgi?id=271505

    Reviewed by Yusuke Suzuki.

    This PR eliminates the hash map lookup for an object object which inherits from
    ScriptWrappable when the wrapper doesn't exist for the main world.

    * Source/WebCore/bindings/js/JSDOMWrapperCache.h:
    (WebCore::getCachedWrapper):
    (WebCore::getInlineCachedWrapper): Deleted.

    Canonical link: https://commits.webkit.org/276583@main

Identifier: 272448.794 at safari-7618-branch


  Commit: 2c7feabdefaf57a9da9f90fa858da9203d337f9a
      https://github.com/WebKit/WebKit/commit/2c7feabdefaf57a9da9f90fa858da9203d337f9a
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-25 (Mon, 25 Mar 2024)

  Changed paths:
    M Source/WebCore/cssjit/SelectorCompiler.cpp
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/Node.cpp
    M Source/WebCore/dom/Node.h
    M Source/WebCore/domjit/JSNodeDOMJIT.cpp

  Log Message:
  -----------
  Cherry-pick 276596 at main (aff386a1b75b). https://bugs.webkit.org/show_bug.cgi?id=271498

    Introduce ElementStateFlag to Node
    https://bugs.webkit.org/show_bug.cgi?id=271498

    Reviewed by Yusuke Suzuki.

    Make Node::m_previous store 16-bit bit flags and use that in Element::~Element to avoid hash map lookup
    for the element identifier.

    * Source/WebCore/cssjit/SelectorCompiler.cpp:
    (WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacentElement):
    * Source/WebCore/dom/Element.cpp:
    (WebCore::Element::~Element):
    (WebCore::Element::identifier const):
    * Source/WebCore/dom/Node.cpp:
    (WebCore::Node::~Node):
    * Source/WebCore/dom/Node.h:
    (WebCore::Node::previousSibling const):
    (WebCore::Node::protectedPreviousSibling const):
    (WebCore::Node::previousSiblingPointerMask):
    (WebCore::Node::setPreviousSibling):
    (WebCore::Node::hasElementStateFlag const):
    (WebCore::Node::clearElementStateFlag const):
    (WebCore::Node::setElementStateFlag const):
    * Source/WebCore/domjit/JSNodeDOMJIT.cpp:
    (WebCore::createCallDOMGetterForOffsetAccess):
    (WebCore::compileNodePreviousSiblingAttribute):

    Canonical link: https://commits.webkit.org/276596@main

Canonical link: https://commits.webkit.org/272448.795@safari-7618-branch


  Commit: 8d5ba1eecf30eff5ac648f34823e935c639fef60
      https://github.com/WebKit/WebKit/commit/8d5ba1eecf30eff5ac648f34823e935c639fef60
  Author: Justin Michaud <justin at justinmichaud.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A JSTests/stress/get-by-val-hoist-above-structure-2.js
    A JSTests/stress/get-by-val-hoist-above-structure.js
    M Source/JavaScriptCore/dfg/DFGBasicBlock.h
    M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
    M Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp
    M Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.h

  Log Message:
  -----------
  DFG Constant Folding phase can see inconsistent view of world, causing LICM to miscompile
https://bugs.webkit.org/show_bug.cgi?id=271435
rdar://124506508

Reviewed by Yusuke Suzuki.

Consider the following example:

============================================================================================================
FIRST SLEEP (before performCFA)

     D at 80:< 10:->	JSConstant(JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, Final, Weak:Object: 0x13a0e8140 with butterfly 0x0(base=0xfffffffffffffff8) (Structure %AJ:Object), StructureID: 40640, bc#0, ExitValid)

     D at 126:<!0:->	FilterGetByStatus(Check:Untyped:D at 80, MustGen, (Simple, <id='uid:(x)', [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){x:0, toJSON:1}, NonArray, Proto:0x1180348d8]], [], offset = 0>, seenInJIT = true), W:SideState, bc#112, ExitValid)
     D at 128:<!0:->	CheckStructure(Cell:D at 80, MustGen, [%AJ:Object], R:JSCell_structureID, Exits, bc#112, ExitValid)
     D at 133:<!0:->	FilterGetByStatus(Check:Untyped:D at 80, MustGen, (Simple, <id='uid:(toJSON),cell:(String (atomic),8Bit:(1),length:(6): toJSON, StructureID: 16976)', [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){x:0, toJSON:1}, NonArray, Proto:0x1180348d8]], [], offset = 1>, seenInJIT = true), W:SideState, bc#118, ExitValid)
     D at 136:< 4:->	GetByOffset(KnownCell:D at 80, KnownCell:D at 80, JS|PureNum|NeedsNaNOrInfinity|UseAsOther|ReallyWantsInt, BoolInt32, id6{toJSON}, 1, R:NamedProperties(6), bc#118, ExitValid)  predicting BoolInt32
     D at 138:<!0:->	Check(Check:Int32:D at 136, MustGen, Exits, bc#118, exit: bc#124, ExitValid)
     D at 140:<!0:->	Branch(Boolean:D at 35, MustGen, T:#9/w:10.000000, F:#12/w:10.000000, W:SideState, bc#124, ExitValid)

     D at 4:< 1:->	GetButterfly(Cell:D at 104, Storage|PureInt, R:JSObject_butterfly, bc#127, ExitValid)
     D at 1:<!1:->	CheckInBounds(Int32:D at 136, KnownInt32:D at 151, JS|MustGen|PureInt, Int32, Exits, bc#127, ExitValid)
     D at 143:< 3:->	GetByVal(KnownCell:D at 104, Int32:Kill:D at 136, Check:Untyped:Kill:D at 4, Check:Untyped:Kill:D at 1, JS|VarArgs|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, StringIdent, Contiguous+OriginalCopyOnWriteArray+InBoundsSaneChain+AsIs+Read, R:Butterfly_publicLength,IndexedContiguousProperties, Exits, bc#127, ExitValid)  predicting StringIdent

     %AJ:Object                                  = 0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){x:0, toJSON:1}, NonArray, Proto:0x1180348d8]

Execution:
     AI GetByOffset D at 136 AI says (BoolInt32, Int32: 0, none:StructuresAreClobbered) base: (Final, NonArray, [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){x:0, toJSON:1}, NonArray, Proto:0x1180348d8]], Object: 0x13a0e8140 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){x:0, toJSON:1}, NonArray, Proto:0x1180348d8]), StructureID: 40640, 1:StructuresAreWatched) state StructuresAreWatched
     AI CheckInBounds D at 1 AI says left Int32:D at 136 is Int32: 0

SECOND SLEEP (after performCFA, before performConstantFolding)

Note that the jsconstant has a structure transition at this point.

     D at 80:< 10:->	JSConstant(JS|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, Final, Weak:Object: 0x13a0e8140 with butterfly 0x8014002388(base=0x8014002380) (Structure %AR:Object), StructureID: 40976, bc#0, ExitValid)

     D at 126:<!0:->	FilterGetByStatus(Check:Untyped:D at 80, MustGen, (Simple, <id='uid:(x)', [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){toJSON:1, x:0}, NonArray, Proto:0x1180348d8]], [], offset = 0>, seenInJIT = true), W:SideState, bc#112, ExitValid)
     D at 128:<!0:->	CheckStructure(Cell:D at 80, MustGen, [%AR:Object], R:JSCell_structureID, Exits, bc#112, ExitValid)
     D at 133:<!0:->	FilterGetByStatus(Check:Untyped:D at 80, MustGen, (Simple, <id='uid:(toJSON),cell:(String (atomic),8Bit:(1),length:(6): toJSON, StructureID: 16976)', [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){toJSON:1, x:0}, NonArray, Proto:0x1180348d8]], [], offset = 1>, seenInJIT = true), W:SideState, bc#118, ExitValid)
     D at 136:< 4:->	GetByOffset(KnownCell:D at 80, KnownCell:D at 80, JS|PureNum|NeedsNaNOrInfinity|UseAsOther|ReallyWantsInt, BoolInt32, id6{toJSON}, 1, R:NamedProperties(6), bc#118, ExitValid)  predicting BoolInt32

     D at 4:< 1:->	GetButterfly(Cell:D at 104, Storage|PureInt, R:JSObject_butterfly, bc#127, ExitValid)
     D at 1:<!1:->	CheckInBounds(Int32:D at 136, KnownInt32:D at 151, JS|MustGen|PureInt, Int32, Exits, bc#127, ExitValid)
     D at 143:< 3:->	GetByVal(KnownCell:D at 104, Int32:Kill:D at 136, Check:Untyped:Kill:D at 4, Check:Untyped:Kill:D at 1, JS|VarArgs|PureNum|NeedsNegZero|NeedsNaNOrInfinity|UseAsOther, StringIdent, Contiguous+OriginalCopyOnWriteArray+InBoundsSaneChain+AsIs+Read, R:Butterfly_publicLength,IndexedContiguousProperties, Exits, bc#127, ExitValid)  predicting StringIdent

     %AR:Object                                  = 0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){toJSON:1, x:0}, NonArray, Proto:0x1180348d8]
     %B6:Object                                  = 0x30000a010:[0xa010/40976, Object, (2/2, 1/4){y:64, toJSON:1, x:0}, NonArray, Proto:0x1180348d8, Leaf (Watched)]

Execution:
     AI GetByOffset D at 136 AI says (HeapTop, TOP, TOP, none:StructuresAreClobbered) base: (Final, NonArray, [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){toJSON:1, x:0}, NonArray, Proto:0x1180348d8]], Object: 0x13a0e8140 with butterfly 0x8014002388(base=0x8014002360) (Structure 0x30000a010:[0xa010/40976, Object, (2/2, 1/4){y:64, toJSON:1, x:0}, NonArray, Proto:0x1180348d8, Leaf (Watched)]), StructureID: 40976, 1:StructuresAreWatched) state StructuresAreWatched
     GetByOffset D at 136 AI says (HeapTop, TOP, TOP, 1:StructuresAreWatched)
     CheckInBounds D at 1 AI says left Int32:D at 136 is Int32: 0
     AI GetByOffset D at 136 AI says (HeapTop, TOP, TOP, none:StructuresAreClobbered) base: (Final, NonArray, [0x300009ec0:[0x9ec0/40640, Object, (2/2, 0/0){toJSON:1, x:0}, NonArray, Proto:0x1180348d8]], Object: 0x13a0e8140 with butterfly 0x8014002388(base=0x8014002360) (Structure 0x30000a010:[0xa010/40976, Object, (2/2, 1/4){y:64, toJSON:1, x:0}, NonArray, Proto:0x1180348d8, Leaf (Watched)]), StructureID: 40976, 1:StructuresAreWatched) state StructuresAreWatched

SLEEP DONE
============================================================================================================

The constant folding phase chooses to fold the CheckInBounds, but not the GetByOffset. At this point, this is still correct (although sub-optimal).

1) Why does AI disagree in these two places?

The constant folding phase doesn't re-run AI. It runs it from top to bottom on certain blocks only.
In this example, The CheckInBounds AI proof is read directly from the block, but the GetByOffset
has its value computed.

1) Why can the JSConstant's structure change without triggering a watchpoint?

The constant remains constant. We never used the fact that that it had a certain
structure anywhere, our proofs stem from the fact that we have a CheckStructure.

1) Why does the re-run AI pass in performConstantFolding not predict the GetByOffset to be constant?

The structure change causes GetPropertyConcurrently to fail to get the value concurrently.
We must assume that it is always safe to produce a more conservative result in this phase.

Note though that if the phase returned the same value as the first time around, that would still have been
correct! The answer to this question didn't change, we just lost the ability to compute it.

============================================================================================================
Why this is a problem

This is a classic example of a broad class of bugs affecting the JIT. Different passes can see different values as the mutator
changes the object graph, even for the same pass. Normally this is fine, because the compiler is always narrowing its assumptions.

Specifically, with each pass we assume more and more detailed things about the code, and guard against these assumptions
being wrong either with watchpoints or runtime checks.

In this example, we see that we CheckStructure. Then, as a result, we can elide nodes that are dominated by that check (like the
GetByOffset or the CheckInBounds). As long as we never loosen that assumption again, we are fine.

In this example, our CFA pass assumes that the GetByOffset is constant. The Constant Folding phase then assumes sometimes that it is constant,
and sometimes that it is not. This puts us in opposition to another principle, that is the idea that we should always
be able to answer any question asked of us conservatively and be safe. Up until this point, both of these ideas are holding true.

Unfortunately, we also need LICM. LICM needs to run after many assumptions have already been made, and it dramatically loosens
assumptions. In this example, LICM comes along and hoists the GetByVal(GetByOffset()) above the CheckStructure.

If we had indeed constant folded the GetByOffset too, we would be fine to do.

We should always be able to avoid constant folding safely.

LICM should be able to hoist constant values safely.

============================================================================================================
How to fix this generally

1) If AI says something is constant, just make it constant then.

This is the simplest solution, and should just work. This makes sure that what AI says is true, even if LICM moves stuff around.

This would require some re-work of the AI phase though.

1) LCIM should see that this isn't safe to move

The effects here are super specific. If LICM asked the question "If I move this, is this still safe to execute?" it would
have answered "no" in this case (without the structure check). Of course, if we hadn't removed the CheckInBounds, the answer
would be "yes," which is also fine.

One could imagine that this analysis would be pretty difficult.

1) Always run the constant folder on each block.

```
// This method is evil - it causes a huge maintenance headache and there is a gross amount of
// code devoted to it. It would be much nicer to just always run the constant folder on each
// block. But, the last time we did it, it was a 1% SunSpider regression:
// https://bugs.webkit.org/show_bug.cgi?id=133947
// So, we should probably keep this method.
void setShouldTryConstantFolding(bool tryConstantFolding) { m_shouldTryConstantFolding = tryConstantFolding; }
```

This would fix the issue though, as a failure to prove something at any point in time would not permit
that proof to be used later on.

This patch chooses the third option.

This appears to be perf-neutral on modern hardware on JS2/3 and SP2/3.

* JSTests/stress/get-by-val-hoist-above-structure.js: Added.
(opt):
(createObjectOfS1):
(createObjectOfS2):
(main):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):

Canonical link: https://commits.webkit.org/272448.796@safari-7618-branch


  Commit: d7ad67d3fe10bda297b50c9072af5e79a101ab05
      https://github.com/WebKit/WebKit/commit/d7ad67d3fe10bda297b50c9072af5e79a101ab05
  Author: Justin Michaud <justin at justinmichaud.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A JSTests/stress/sbfx-offset-overflow.js
    M Source/JavaScriptCore/b3/B3LowerToAir.cpp

  Log Message:
  -----------
  SBFX should not allow imm overflow
https://bugs.webkit.org/show_bug.cgi?id=271491
rdar://125127373

Reviewed by Yusuke Suzuki.

These isel patterns should be a bit more careful with overflow.

* JSTests/stress/sbfx-offset-overflow.js: Added.
(foo):
* Source/JavaScriptCore/b3/B3LowerToAir.cpp:

Canonical link: https://commits.webkit.org/272448.797@safari-7618-branch


  Commit: 21d9fc39e036642eccee38c9015e3e922fbd9da9
      https://github.com/WebKit/WebKit/commit/21d9fc39e036642eccee38c9015e3e922fbd9da9
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.cpp
    M Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.h
    M Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.messages.in
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.messages.in
    M Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferSetProxy.cpp
    M Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferSetProxy.h
    M Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://123661156

    Speedometer 3: buildTransaction spends a lot of time destroying mach port objects. https://bugs.webkit.org/show_bug.cgi?id=270549 <rdar://123661156>

    Reviewed by Kimmo Kinnunen.

    Flusing a RemoteImageBufferSetProxy waits on both the `didPrepareForDisplay` message
    to be delivered to the WorkQueue, and the semaphore to be signaled when drawing command
    flushing is completed.

    This was previously required, since building of the transaction on the main thread was
    blocked on the didPrepareForDisplay message, so it was delivered as early as possible.

    The current state is that all waiting happens on a background thread, so there's no
    longer any benefit to having two separate notifications.

    This changes moves sending of the didPrepareForDisplay message to happen once drawing
    flushing is completed, and removes the seamphore signaling.

    This should be a small performance win in some cases, since we no longer need to allocate
    and destroy the semaphore objects.

    * Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.cpp:
    (WebKit::RemoteImageBufferSet::RemoteImageBufferSet):
    (WebKit::RemoteImageBufferSet::endPrepareForDisplay):
    (WebKit::RemoteImageBufferSet::ensureBufferForDisplay):
    (WebKit::RemoteImageBufferSet::setFlushSignal): Deleted.
    (WebKit::RemoteImageBufferSet::flush): Deleted.
    * Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.h:
    * Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.messages.in:
    * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
    (WebKit::RemoteRenderingBackend::prepareImageBufferSetsForDisplay):
    (WebKit::RemoteRenderingBackend::prepareImageBufferSetsForDisplaySync):
    * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h:
    * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.messages.in:
    * Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferSetProxy.cpp:
    (WebKit::RemoteImageBufferSetProxyFlushFence::create):
    (WebKit::RemoteImageBufferSetProxyFlushFence::waitFor):
    (WebKit::RemoteImageBufferSetProxyFlushFence::RemoteImageBufferSetProxyFlushFence):
    (WebKit::RemoteImageBufferSetProxy::flushFrontBufferAsync):
    (WebKit::RemoteImageBufferSetProxy::willPrepareForDisplay):
    (WebKit::RemoteImageBufferSetProxyFlushFence::~RemoteImageBufferSetProxyFlushFence): Deleted.
    (WebKit::RemoteImageBufferSetProxyFlushFence::tryTakeEvent): Deleted.
    (WebKit::RemoteImageBufferSetProxyFlushFence::setWaitingForSignal): Deleted.
    (): Deleted.
    (WebKit::RemoteImageBufferSetProxy::createFlushFence): Deleted.
    * Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferSetProxy.h:
    * Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
    (WebKit::RemoteRenderingBackendProxy::prepareImageBufferSetsForDisplay):

    Canonical link: https://commits.webkit.org/276421@main

Identifier: 272448.798 at safari-7618-branch


  Commit: 1f9ed5fe5ea8d36888370f26a2a251197cf8d79c
      https://github.com/WebKit/WebKit/commit/1f9ed5fe5ea8d36888370f26a2a251197cf8d79c
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/VideoDecoder.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm
    M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm
    M Source/WebCore/platform/graphics/cocoa/VideoMediaSampleRenderer.h
    M Source/WebCore/platform/graphics/cocoa/VideoMediaSampleRenderer.mm
    M Source/WebCore/platform/graphics/cocoa/WebCoreDecompressionSession.h
    M Source/WebCore/platform/graphics/cocoa/WebCoreDecompressionSession.mm
    M Source/WebCore/platform/libwebrtc/LibWebRTCVPXVideoDecoder.cpp

  Log Message:
  -----------
  Apply patch. rdar://123795173

    VP8 WebCoreDecompressionSession should attribute its IOSurfaces to the media player resource owner https://bugs.webkit.org/show_bug.cgi?id=271144 rdar://123795173

    Reviewed by Jean-Yves Avenard.

    When WebCoreDecompressionSession uses a VideoDecoder to do its decoding, it uses an IOSurface pixel buffer pool.
    We then need to attribute these buffers to the corresponding resource owner.
    To do so, we are setting a resourceOwner in WebCoreDecompressionSession from VideoMediaSampleRenderer, which gets it from MediaPlayerPrivateWebM.
    The WebCoreDecompressionSession is creating a VideoDecoder that is given the resourceOwner so that,
    everytime we have a pixel buffer coming from the buffer pool, we then do the attribution.

    We also do this for MediaPlayerPrivateMediaSourceAVFObjC's session.
    This means piping the resource owner to MediaSourcePrivate -> SourceBufferPrivate.

    * Source/WebCore/platform/VideoDecoder.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
    (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load):
    (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureDecompressionSession):
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
    (WebCore::MediaSourcePrivateAVFObjC::addSourceBuffer):
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::setVideoRenderer):
    * Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm:
    (WebCore::MediaPlayerPrivateWebM::ensureLayer):
    (WebCore::MediaPlayerPrivateWebM::ensureDecompressionSession):
    * Source/WebCore/platform/graphics/cocoa/VideoMediaSampleRenderer.h:
    (WebCore::VideoMediaSampleRenderer::setResourceOwner):
    * Source/WebCore/platform/graphics/cocoa/VideoMediaSampleRenderer.mm:
    (WebCore::VideoMediaSampleRenderer::initializeDecompressionSession):
    * Source/WebCore/platform/graphics/cocoa/WebCoreDecompressionSession.h:
    * Source/WebCore/platform/graphics/cocoa/WebCoreDecompressionSession.mm:
    (WebCore::WebCoreDecompressionSession::initializeVideoDecoder):
    * Source/WebCore/platform/libwebrtc/LibWebRTCVPXVideoDecoder.cpp:
    (WebCore::LibWebRTCVPXInternalVideoDecoder::LibWebRTCVPXInternalVideoDecoder):
    (WebCore::LibWebRTCVPXInternalVideoDecoder::Decoded):

    Canonical link: https://commits.webkit.org/276270@main

Identifier: 272448.799 at safari-7618-branch


  Commit: 8687d2fe0f7c30bbe3aca538c82d2ac738243f08
      https://github.com/WebKit/WebKit/commit/8687d2fe0f7c30bbe3aca538c82d2ac738243f08
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A LayoutTests/accessibility/dynamic-text-expected.txt
    A LayoutTests/accessibility/dynamic-text.html
    A LayoutTests/platform/glib/accessibility/dynamic-text-expected.txt
    M LayoutTests/platform/ios/TestExpectations
    A LayoutTests/platform/ios/accessibility/dynamic-text-expected.txt
    M Source/WebCore/accessibility/AXCoreObject.h
    M Source/WebCore/accessibility/AXLogger.cpp
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/AXObjectCache.h
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
    M Source/WebCore/accessibility/AccessibilityObject.cpp
    M Source/WebCore/accessibility/AccessibilityObject.h
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h

  Log Message:
  -----------
  Apply patch. rdar://123741292

    AX: AccessibilityText is not updated when static text descendant changes https://bugs.webkit.org/show_bug.cgi?id=270356 rdar://123741292

    Reviewed by Chris Fleizach.

    Add a new TextUnderElementChanged notification to represent this
    scenario so we can make precise updates to the isolated tree.

    * LayoutTests/accessibility/dynamic-text-expected.txt: Added.
    * LayoutTests/accessibility/dynamic-text.html: Added.
    * LayoutTests/platform/ios/accessibility/dynamic-text-expected.txt: Added.
    * LayoutTests/platform/ios/TestExpectations: Enable new test.

    * Source/WebCore/accessibility/AXCoreObject.h:
    * Source/WebCore/accessibility/AXLogger.cpp:
    (WebCore::operator<<):
    * Source/WebCore/accessibility/AXObjectCache.cpp:
    (WebCore::AXObjectCache::handleTextChanged):
    (WebCore::AXObjectCache::updateIsolatedTree):
    * Source/WebCore/accessibility/AXObjectCache.h:
    * Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
    (WebCore::AccessibilityNodeObject::visibleText const):
    * Source/WebCore/accessibility/AccessibilityObject.cpp:
    (WebCore::AccessibilityObject::dependsOnTextUnderElement const):
    * Source/WebCore/accessibility/AccessibilityObject.h:
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
    (WebCore::AXIsolatedTree::updateNodeProperties):
    (WebCore::AXIsolatedTree::updateDependentProperties):
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h:
    (WebCore::AXIsolatedTree::updateNodeProperty):

    Canonical link: https://commits.webkit.org/275693@main

Identifier: 272448.800 at safari-7618-branch


  Commit: bf48da0d1a8887bdfd09acfcfbabfefbcb87b9a1
      https://github.com/WebKit/WebKit/commit/bf48da0d1a8887bdfd09acfcfbabfefbcb87b9a1
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/URL.cpp
    M Source/WTF/wtf/URL.h
    M Source/WTF/wtf/text/StringView.h
    M Source/WebCore/Modules/fetch/FetchLoader.cpp
    M Source/WebCore/Modules/reporting/ReportingScope.cpp
    M Source/WebCore/html/HTMLImageElement.cpp
    M Source/WebCore/html/HTMLImageElement.h
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/parser/HTMLPreloadScanner.cpp
    M Source/WebCore/html/parser/HTMLSrcsetParser.cpp
    M Source/WebCore/html/parser/HTMLSrcsetParser.h
    M Source/WebCore/loader/CrossOriginAccessControl.cpp
    M Source/WebCore/loader/CrossOriginAccessControl.h
    M Source/WebCore/loader/CrossOriginPreflightChecker.cpp
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/FrameLoader.h
    M Source/WebCore/loader/ImageLoader.cpp
    M Source/WebCore/loader/LinkLoader.cpp
    M Source/WebCore/loader/PingLoader.cpp
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/SubframeLoader.h
    M Source/WebCore/loader/SubresourceLoader.cpp
    M Source/WebCore/loader/WorkerThreadableLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceRequest.cpp
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/SecurityPolicy.cpp
    M Source/WebCore/page/SecurityPolicy.h
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/platform/network/ResourceRequestBase.cpp
    M Source/WebKit/WebProcess/Plugins/PluginView.cpp

  Log Message:
  -----------
  Apply patch. rdar://123492927

    Do not reparse the same URL repeatedly for HTMLImageElement src attribute setter https://bugs.webkit.org/show_bug.cgi?id=269975 rdar://123492927

    Reviewed by Ryosuke Niwa.

    This patch cleans up a lot of HTMLImageElement src attribute setter path.

    1. HTMLImageElement should not make m_currentSrc AtomString eagerly. This is rarely accessed. So we should defer it.
    2. HTMLImageElement should have super fast path for no `sizes` attribute case since this is common. We should not invoke SizesAttributeParser.
    3. ImageCandidate should carry underlying AtomString if possible. Attributes are AtomString. So by carrying it,
       we can avoid AtomString creation for `m_bestFitImageURL = candidate.string.toAtomString()`.
    4. We should use HTMLImageElement::currentURL if possible in ImageLoader, avoiding repeated parsing of the same URL string.
    5. FrameLoader should keep m_outgoingReferrerURL. Then subsequent code can use this URL instead of parsing it repeatedly.
       We enhance URL::strippedForUseAsReferrer to further avoid reparsing URL from stripped string.

    * Source/WTF/wtf/URL.cpp:
    (WTF::URL::strippedForUseAsReferrer const):
    (WTF::URL::strippedForUseAsReferrerWithExplicitPort const):
    * Source/WTF/wtf/URL.h:
    * Source/WTF/wtf/text/StringView.h:
    (WTF::StringViewWithUnderlyingString::toAtomString const):
    * Source/WebCore/Modules/fetch/FetchLoader.cpp:
    (WebCore::FetchLoader::start):
    * Source/WebCore/Modules/reporting/ReportingScope.cpp:
    (WebCore::ReportingScope::generateTestReport):
    * Source/WebCore/html/HTMLImageElement.cpp:
    (WebCore::HTMLImageElement::currentSrc):
    (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
    (WebCore::HTMLImageElement::selectImageSource):
    * Source/WebCore/html/HTMLImageElement.h:
    (WebCore::HTMLImageElement::currentSrc const): Deleted.
    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::mediaPlayerReferrer const):
    * Source/WebCore/html/parser/HTMLPreloadScanner.cpp:
    (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
    * Source/WebCore/html/parser/HTMLSrcsetParser.cpp:
    (WebCore::parseImageCandidatesFromSrcsetAttribute):
    (WebCore::pickBestImageCandidate):
    (WebCore::bestFitSourceForImageAttributes):
    * Source/WebCore/html/parser/HTMLSrcsetParser.h:
    (WebCore::ImageCandidate::ImageCandidate):
    (WebCore::ImageCandidate::isEmpty const):
    * Source/WebCore/loader/CrossOriginAccessControl.cpp:
    (WebCore::updateRequestReferrer):
    * Source/WebCore/loader/CrossOriginAccessControl.h:
    * Source/WebCore/loader/CrossOriginPreflightChecker.cpp:
    (WebCore::CrossOriginPreflightChecker::doPreflight):
    * Source/WebCore/loader/FrameLoader.cpp:
    (WebCore::FrameLoader::setOutgoingReferrer):
    (WebCore::FrameLoader::outgoingReferrerURL):
    (WebCore::FrameLoader::loadFrameRequest):
    (WebCore::FrameLoader::loadResourceSynchronously):
    (WebCore::createWindow):
    * Source/WebCore/loader/FrameLoader.h:
    * Source/WebCore/loader/ImageLoader.cpp:
    (WebCore::ImageLoader::updateFromElement):
    * Source/WebCore/loader/LinkLoader.cpp:
    (WebCore::LinkLoader::preloadIfNeeded):
    * Source/WebCore/loader/PingLoader.cpp:
    (WebCore::PingLoader::loadImage):
    (WebCore::PingLoader::sendViolationReport):
    * Source/WebCore/loader/SubframeLoader.cpp:
    (WebCore::FrameLoader::SubframeLoader::loadOrRedirectSubframe):
    (WebCore::FrameLoader::SubframeLoader::loadSubframe):
    * Source/WebCore/loader/SubframeLoader.h:
    * Source/WebCore/loader/SubresourceLoader.cpp:
    (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
    * Source/WebCore/loader/WorkerThreadableLoader.cpp:
    (WebCore::WorkerThreadableLoader::WorkerThreadableLoader):
    * Source/WebCore/loader/cache/CachedResourceRequest.cpp:
    (WebCore::CachedResourceRequest::updateReferrerAndOriginHeaders):
    * Source/WebCore/page/LocalDOMWindow.cpp:
    (WebCore::LocalDOMWindow::setLocation):
    (WebCore::LocalDOMWindow::createWindow):
    * Source/WebCore/page/SecurityPolicy.cpp:
    (WebCore::SecurityPolicy::shouldHideReferrer):
    (WebCore::SecurityPolicy::referrerToOriginString):
    (WebCore::SecurityPolicy::generateReferrerHeader):
    * Source/WebCore/page/SecurityPolicy.h:
    * Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
    (WebCore::ContentSecurityPolicy::createURLForReporting const):
    (WebCore::ContentSecurityPolicy::reportViolation const):
    * Source/WebCore/platform/network/ResourceRequestBase.cpp:
    (WebCore::ResourceRequestBase::setExistingHTTPReferrerToOriginString):
    * Source/WebKit/WebProcess/Plugins/PluginView.cpp:
    (WebKit::PluginView::loadMainResource):

    Canonical link: https://commits.webkit.org/275281@main

Identifier: 272448.801 at safari-7618-branch


  Commit: b6274645ac60fb9ef0a7029f45682f15cb0569f4
      https://github.com/WebKit/WebKit/commit/b6274645ac60fb9ef0a7029f45682f15cb0569f4
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
    M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://123724533

    Password manager UI can cause conditional requests to pause https://bugs.webkit.org/show_bug.cgi?id=270135 rdar://123659147

    Reviewed by Charlie Wolfe and Chris Dumez.

    The API for autofill assisted passkey requests only allows one request ongoing per UI process.
    In order to handle this behavior, we currently pause requests whenever their page is not active
    and resume them whenever the page becomes active.

    However, bringing up password manager UI as part of an conditional mediation may cause the page to
    become not active, therefore pausing the request the user is selecting a credential for in the UI.

    To fix this issue, we don't pause requests whenever a page becomes inactive. Instead we pause the active
    request whenever another page becomes active. This will result in no pause when brining up password manager
    UI.

    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
    (WebKit::WebAuthenticatorCoordinatorProxy::pauseConditionalAssertion):
    (WebKit::WebAuthenticatorCoordinatorProxy::makeActiveConditionalAssertion):
    (WebKit::WebAuthenticatorCoordinatorProxy::performRequest):
    * Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h:
    * Source/WebKit/UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::dispatchActivityStateChange):

    Canonical link: https://commits.webkit.org/275414@main

Identifier: 272448.802 at safari-7618-branch


  Commit: 89ee93bd2ea4b69ebb3808a153bfdca07b01ee67
      https://github.com/WebKit/WebKit/commit/89ee93bd2ea4b69ebb3808a153bfdca07b01ee67
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
    M Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.h
    M Tools/TestWebKitAPI/Tests/WebCore/cocoa/TestGraphicsContextGLCocoa.mm

  Log Message:
  -----------
  GraphicsContextGLANGLE does not validate clearBuffers value length
https://bugs.webkit.org/show_bug.cgi?id=271634
rdar://125222153

Reviewed by Dan Glastonbury.

Avoid passing too long or small arrays as GL_clearBuffer*v values.

* Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
(WebCore::GraphicsContextGLANGLE::clearBufferiv):
(WebCore::GraphicsContextGLANGLE::clearBufferuiv):
(WebCore::GraphicsContextGLANGLE::clearBufferfv):
(WebCore::GraphicsContextGLANGLE::validateClearBufferv):
* Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.h:
* Tools/TestWebKitAPI/Tests/WebCore/cocoa/TestGraphicsContextGLCocoa.mm:
(TestWebKitAPI::TEST_F):

Canonical link: https://commits.webkit.org/272448.803@safari-7618-branch


  Commit: b98e3e61b32da918c8ca1a4bd329c587368f0855
      https://github.com/WebKit/WebKit/commit/b98e3e61b32da918c8ca1a4bd329c587368f0855
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/SpaceSplitString.cpp

  Log Message:
  -----------
  Cherry-pick 9772004a3682. rdar://125386513

    Add a fast path for SpaceSplitString
    https://bugs.webkit.org/show_bug.cgi?id=269272

    Reviewed by Yusuke Suzuki.

    Avoid looking up AtomString table when the entire string constitutes a single token.

    * Source/WebCore/dom/SpaceSplitString.cpp:
    (WebCore::TokenAtomStringInitializer::TokenAtomStringInitializer):
    (WebCore::TokenAtomStringInitializer::processToken):
    (WebCore::SpaceSplitStringData::create):

    Canonical link: https://commits.webkit.org/274576@main

Identifier: 272448.804 at safari-7618-branch


  Commit: fb0120598b7dd07c278339a65a547ec9da472a39
      https://github.com/WebKit/WebKit/commit/fb0120598b7dd07c278339a65a547ec9da472a39
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/ContainerNodeAlgorithms.cpp

  Log Message:
  -----------
  Cherry-pick e69275aaafe2. rdar://125386608

    Make notifyNodeInsertedInto* and notifyNodeRemovedFrom* iterative
    https://bugs.webkit.org/show_bug.cgi?id=270022

    Reviewed by Yusuke Suzuki.

    Made these functions iterative instead of recursive.

    * Source/WebCore/dom/ContainerNodeAlgorithms.cpp:
    (WebCore::notifyNodeInsertedIntoDocument):
    (WebCore::notifyNodeInsertedIntoTree):
    (WebCore::notifyNodeRemovedFromDocument):
    (WebCore::notifyNodeRemovedFromTree):

    Canonical link: https://commits.webkit.org/275269@main

Identifier: 272448.805 at safari-7618-branch


  Commit: 65550a485bbdc9b4ef2c1852f6ac423625c09dd0
      https://github.com/WebKit/WebKit/commit/65550a485bbdc9b4ef2c1852f6ac423625c09dd0
  Author: Joshua Hoffman <jhoffman23 at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A LayoutTests/accessibility/mac/selected-text-range-unconnected-object.html
    A LayoutTests/platform/mac/accessibility/mac/selected-text-range-unconnected-object-expected.txt
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h

  Log Message:
  -----------
  Cherry-pick a8f281f89e75. rdar://122451549

    AX: NULL attributed string returned for text markers that contain unconnected nodes
    https://bugs.webkit.org/show_bug.cgi?id=270499
    rdar://122451549

    Reviewed by Tyler Wilcock.

    If a node is unconnected and we queue up a node change for it, nothing will happen, since
    shouldCreateNodeChange will return false. This means that if we request a text marker range
    that points to a stale, unconnected node, we may get a null attributed string since the range
    being requested is invalid.

    This change adds a new condition to shouldCreateNodeChange for unconnected nodes, and adds a
    new test to verify this behavior.

    * LayoutTests/accessibility/mac/selected-text-range-unconnected-object.html: Added.
    * LayoutTests/platform/mac/accessibility/mac/selected-text-range-unconnected-object-expected.txt: Added.
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:
    (WebCore::AXIsolatedTree::shouldCreateNodeChange):
    (WebCore::AXIsolatedTree::addUnconnectedNode):
    (WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):
    (WebCore::shouldCreateNodeChange): Deleted.
    * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h:

    Canonical link: https://commits.webkit.org/275694@main

Identifier: 272448.806 at safari-7618-branch


  Commit: c204ca6fb24411fdb613d829ad75057a8abe348f
      https://github.com/WebKit/WebKit/commit/c204ca6fb24411fdb613d829ad75057a8abe348f
  Author: Antti Koivisto <antti at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A LayoutTests/fast/animation/animation-with-DOM-mutation-and-display-none-expected.html
    A LayoutTests/fast/animation/animation-with-DOM-mutation-and-display-none.html
    M Source/WebCore/style/StyleTreeResolver.cpp

  Log Message:
  -----------
  Cherry-pick d83537abc7e7. rdar://124289418

    REGRESSION (iOS 17.4, macOS 14.4, 270890 at main): Animating element with display: none still remain visible
    https://bugs.webkit.org/show_bug.cgi?id=270697
    rdar://124289418

    Reviewed by Antoine Quint and Darin Adler.

    The page sets the root of the overlay containing tree to display:none and immediately (before style recall) reinserts
    it into another position in the document, causing render tree teardown. When we recompute the style (applying display:none)
    we don't consider it a style change since there was no existing style due to the earlier teardown.
    In this case we fail to clear lastStyleChangeEventStyle which has been set by an animation on the element.

    Another animation triggered style recalc comes along, takes the optimized AnimationOnly code path and picks up
    the lastStyleChangeEventStyle (which doesn't have display:none) bringing the element back alive.

    * LayoutTests/fast/animation/animation-with-DOM-mutation-and-display-none-expected.html: Added.
    * LayoutTests/fast/animation/animation-with-DOM-mutation-and-display-none.html: Added.
    * Source/WebCore/style/StyleTreeResolver.cpp:
    (WebCore::Style::TreeResolver::resolveElement):

    Fix by clearing lastStyleChangeEventStyle also when we have a style change to display:none without existing renderer.

    Canonical link: https://commits.webkit.org/276035@main

Identifier: 272448.807 at safari-7618-branch


  Commit: 3f2acc3561d25342fe9d390239fc1dc36bb3e91d
      https://github.com/WebKit/WebKit/commit/3f2acc3561d25342fe9d390239fc1dc36bb3e91d
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    A LayoutTests/fast/ruby/tight-line-spacing-with-line-height-expected.html
    A LayoutTests/fast/ruby/tight-line-spacing-with-line-height.html
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp

  Log Message:
  -----------
  Cherry-pick 983282c29f7d. rdar://122436686

    [IFC][Ruby] Line spacing is not even for contents that has ruby
    https://bugs.webkit.org/show_bug.cgi?id=271295
    <rdar://122436686>

    Reviewed by Antti Koivisto.

    Let annotation spill into previous/next line's half-leading to keep vertical (horizontal) rhythm (i.e. do not stretch lines with ruby too much even if it means overlapping adjacent line boxes).

    * LayoutTests/fast/ruby/tight-line-spacing-with-line-height-expected.html: Added.
    * LayoutTests/fast/ruby/tight-line-spacing-with-line-height.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp:
    (WebCore::Layout::RubyFormattingContext::adjustLayoutBoundsAndStretchAncestorRubyBase):

    Canonical link: https://commits.webkit.org/276402@main

Identifier: 272448.808 at safari-7618-branch


  Commit: 177cff26a7e4b8b0348e747a6be821823f3d9f93
      https://github.com/WebKit/WebKit/commit/177cff26a7e4b8b0348e747a6be821823f3d9f93
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://124491466

Identifier: 272448.809 at safari-7618-branch


  Commit: a8f8aa7794d46ca6257494af7afebd9ae2a1280d
      https://github.com/WebKit/WebKit/commit/a8f8aa7794d46ca6257494af7afebd9ae2a1280d
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-26 (Tue, 26 Mar 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.6

Identifier: 272448.810 at safari-7618-branch


  Commit: f30fe9754d1522cec58bb520458bf86e3c360c4b
      https://github.com/WebKit/WebKit/commit/f30fe9754d1522cec58bb520458bf86e3c360c4b
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-27 (Wed, 27 Mar 2024)

  Changed paths:
    M Source/WebCore/SourcesCocoa.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h
    A Source/WebCore/platform/graphics/avfoundation/objc/CDMFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm
    M Source/WebCore/platform/graphics/coreimage/SourceGraphicCoreImageApplier.mm
    M Source/WebCore/platform/mac/PasteboardMac.mm
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.h
    M Source/WebCore/platform/mediastream/mac/ScreenCaptureKitSharingSessionManager.mm

  Log Message:
  -----------
  Apply patch. rdar://123089013

Canonical link: https://commits.webkit.org/272448.811@safari-7618-branch


  Commit: 4af244411e9de0da7efd2bd19b549347272c9f41
      https://github.com/WebKit/WebKit/commit/4af244411e9de0da7efd2bd19b549347272c9f41
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-27 (Wed, 27 Mar 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/css/css-transitions/starting-style-cascade-expected.txt
    M Source/WebCore/style/StyleTreeResolver.cpp
    M Source/WebCore/style/StyleTreeResolver.h

  Log Message:
  -----------
  Apply patch. rdar://123854493

Canonical link: https://commits.webkit.org/272448.812@safari-7618-branch


  Commit: fa7d728a65079b1a20d7969d3ade0991d5eb06da
      https://github.com/WebKit/WebKit/commit/fa7d728a65079b1a20d7969d3ade0991d5eb06da
  Author: Sammy Gill <sammy.gill at apple.com>
  Date:   2024-03-27 (Wed, 27 Mar 2024)

  Changed paths:
    A PerformanceTests/Layout/nested-grid-subgrid-free-space-columns.html
    M Source/WebCore/Headers.cmake
    M Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp
    M Source/WebCore/rendering/RenderGrid.cpp
    M Source/WebCore/rendering/style/RenderStyle.h
    M Source/WebCore/rendering/style/RenderStyleInlines.h

  Log Message:
  -----------
  Cherry-pick ba849a630cec. rdar://124713418

    [css-grid] Grid track sizing algorithm logical height computation unnecessarily dirties grid items.
    https://bugs.webkit.org/show_bug.cgi?id=271083
    rdar://124713418

    Reviewed by Matt Woodrow.

    In certain situations when trying to compute the logical height for a
    grid item, the grid track sizing algorithm will update the grid item's
    overriding containing block size and mark it dirty for layout. This
    dirtying would occur even it we end up setting the override size to the
    same value and could result in bad performance with particular types
    of content. For example, nested grid content would run grid layout
    multiple times which is currently expensive.

    In this patch we avoid this extra call to layout by checking to see if
    the override size is already set to the value we are attempting to set
    it to. If it is then we will avoid dirtying the renderer.

    This also ended up exposing an invalidation bug in which we were not
    properly invalidating the grid items when there was a style change on
    the grid related to its column or row sizes. This was demonstrated with
    new failures in css-grid/layout-algorithm/grid-intrinsic-track-sizes-001.html
    which was performing this behavior. Now when the grid style changes we
    will check to see if any of the sizes for the columns or the rows are
    different. If this occurs we should mark the grid items as dirty. This
    is likely to be more than necessary since we could probably try to
    identify the exact set of grid items that need to be invalidated, but
    this approach is the least risky for now. Future patches should attempt
    to reign this invalidation in a bit more.

    Without this patch I was getting about 2 runs/s and afterwards I was
    able to get about ~690 runs/s.

    * PerformanceTests/Layout/nested-grid-subgrid-free-space-columns.html: Added.
    * Source/WebCore/Headers.cmake:
    * Source/WebCore/rendering/GridTrackSizingAlgorithm.cpp:
    (WebCore::GridTrackSizingAlgorithmStrategy::logicalHeightForChild const):
    * Source/WebCore/rendering/RenderGrid.cpp:
    (WebCore::RenderGrid::styleDidChange):
    * Source/WebCore/rendering/style/RenderStyle.h:
    * Source/WebCore/rendering/style/RenderStyleInlines.h:
    (WebCore::RenderStyle::gridTrackSizes const):

    Canonical link: https://commits.webkit.org/276633@main

Canonical link: https://commits.webkit.org/272448.813@safari-7618-branch


  Commit: 34d2dd89442d37c0582404ebefc5ec2c758bbf90
      https://github.com/WebKit/WebKit/commit/34d2dd89442d37c0582404ebefc5ec2c758bbf90
  Author: Justin Michaud <justin at justinmichaud.com>
  Date:   2024-03-27 (Wed, 27 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/Scripts/process-entitlements.sh
    M Source/WebKit/Scripts/process-entitlements.sh

  Log Message:
  -----------
  Cherry-pick 569a5bc33cff. rdar://125261792

    Adopt Fatal Exceptions Entitlement (2)
    https://bugs.webkit.org/show_bug.cgi?id=271663
    rdar://125261792

    Reviewed by Mark Lam.

    Adopt Fatal Exceptions Entitlement. This entitlement should be safe to adopt
    on all Apple platforms.

    The first version of this patch broke EWS, so we remove the simulator changes.

    * Source/JavaScriptCore/Scripts/process-entitlements.sh:
    * Source/JavaScriptCore/entitlements.plist:
    * Source/WebKit/Scripts/process-entitlements.sh:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentProcessExtension.entitlements:

    Canonical link: https://commits.webkit.org/276691@main

Canonical link: https://commits.webkit.org/272448.814@safari-7618-branch


  Commit: 493520248f455538eeda59eb3885fbf4db67d41d
      https://github.com/WebKit/WebKit/commit/493520248f455538eeda59eb3885fbf4db67d41d
  Author: Brady Eidson <beidson at apple.com>
  Date:   2024-03-27 (Wed, 27 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/highlight/AppHighlight.h
    M Source/WebCore/Modules/highlight/AppHighlightStorage.cpp
    M Source/WebCore/Modules/highlight/AppHighlightStorage.h
    M Source/WebCore/loader/EmptyClients.cpp
    M Source/WebCore/loader/EmptyClients.h
    M Source/WebCore/page/Chrome.cpp
    M Source/WebCore/page/Chrome.h
    M Source/WebCore/page/ChromeClient.h
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.messages.in
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
    M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h
    M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm

  Log Message:
  -----------
  Refactor StoreAppHighlight message to be a reply to CreateAppHighlightInSelectedRange
https://bugs.webkit.org/show_bug.cgi?id=271768
rdar://125081140

Reviewed by Chris Dumez.

StoreAppHighlight is logically a reply to CreateAppHighlightInSelectedRange that is always expected.
The messages.in machinery allows us to express this explicitly.
This helps clean up other ChromeClient code, etc, as well.

* Source/WebCore/Modules/highlight/AppHighlight.h:
(IPC::AsyncReplyError<WebCore::AppHighlight>::create):

* Source/WebCore/Modules/highlight/AppHighlightStorage.cpp:
(WebCore::AppHighlightStorage::storeAppHighlight):
* Source/WebCore/Modules/highlight/AppHighlightStorage.h:

* Source/WebCore/loader/EmptyClients.cpp:
(WebCore::EmptyChromeClient::storeAppHighlight const): Deleted.
* Source/WebCore/loader/EmptyClients.h:

* Source/WebCore/page/Chrome.cpp:
(WebCore::Chrome::storeAppHighlight const): Deleted.
* Source/WebCore/page/Chrome.h:
* Source/WebCore/page/ChromeClient.h:

* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::createAppHighlightInSelectedRange):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::storeAppHighlight): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:

* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::storeAppHighlight const): Deleted.
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:

* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::createAppHighlightInSelectedRange):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:

* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::storeAppHighlight const): Deleted.

Canonical link: https://commits.webkit.org/272448.815@safari-7618-branch


  Commit: 63e5787d715cb01e16e2ef4bf4c1c76189409e26
      https://github.com/WebKit/WebKit/commit/63e5787d715cb01e16e2ef4bf4c1c76189409e26
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A LayoutTests/ipc/dirty-region-overflow-expected.txt
    A LayoutTests/ipc/dirty-region-overflow.html
    M Source/WebCore/platform/graphics/Region.cpp
    M Source/WebCore/platform/graphics/Region.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in

  Log Message:
  -----------
  Add IPC validation for `WebCore::Region::Shape`
https://bugs.webkit.org/show_bug.cgi?id=271741
rdar://125348548

Reviewed by Matt Woodrow.

* LayoutTests/ipc/dirty-region-overflow-expected.txt: Added.
* LayoutTests/ipc/dirty-region-overflow.html: Added.
* Source/WebCore/platform/graphics/Region.cpp:
(WebCore::Region::Shape::isValid const):
* Source/WebCore/platform/graphics/Region.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:

Canonical link: https://commits.webkit.org/272448.816@safari-7618-branch


  Commit: a734205bc9a9895536c9529670fd7a83ec62081b
      https://github.com/WebKit/WebKit/commit/a734205bc9a9895536c9529670fd7a83ec62081b
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A LayoutTests/ipc/validate-media-constraint-expected.txt
    A LayoutTests/ipc/validate-media-constraint.html
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in

  Log Message:
  -----------
  Add IPC validation for `WebCore::MediaConstraint`
https://bugs.webkit.org/show_bug.cgi?id=271816
rdar://125343106

Reviewed by Pascoe.

* LayoutTests/ipc/validate-media-constraint-expected.txt: Added.
* LayoutTests/ipc/validate-media-constraint.html: Added.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:

Canonical link: https://commits.webkit.org/272448.817@safari-7618-branch


  Commit: 1db2f6a6a042b0908e63a247a5302ab8f77695ff
      https://github.com/WebKit/WebKit/commit/1db2f6a6a042b0908e63a247a5302ab8f77695ff
  Author: Aditya Keerthi <akeerthi at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A Source/WebKit/UIProcess/Cocoa/PickerDismissalReason.h
    M Source/WebKit/UIProcess/Cocoa/WKContactPicker.h
    M Source/WebKit/UIProcess/Cocoa/WKContactPicker.mm
    M Source/WebKit/UIProcess/Cocoa/WKShareSheet.h
    M Source/WebKit/UIProcess/Cocoa/WKShareSheet.mm
    M Source/WebKit/UIProcess/ios/UIKitUtilities.h
    M Source/WebKit/UIProcess/ios/UIKitUtilities.mm
    M Source/WebKit/UIProcess/ios/WKContentView.mm
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Source/WebKit/UIProcess/ios/WKPDFView.mm
    M Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.h
    M Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  REGRESSION (272448.703 at safari-7618-branch): [iOS] <input type=file> camera capture instantly dismisses
rdar://125046135

Reviewed by Abrar Rahman Protyasha and Wenson Hsieh.

272448.703 at safari-7618-branch added logic to dismiss presented pickers, such as
the file upload panel, when the `WKWebView` was removed from the hierarchy. The
behavior is necessary to avoid scenarios where a picker can be displayed over a
site that's unrelated to the one requesting the information.

While that solution is correct for modal presentations, it is incorrect for
fullscreen presentations, which remove views from the hierarchy following
presentation. The camera view controller uses a fullscreen presentation.
Consequently, once it gets presented, the web view is removed from the
hierarchy, and following 272448.703 at safari-7618-branch, it is instantly
dismissed.

To fix, reduce the scope of the previous fix to exclude fullscreen presentations.
In this case, there is no need to dismiss presented view controllers, as the
web view content is already hidden.

Note that there is no way to detect whether a view was removed from the hierarchy
due to a fullscreen presentation. Consequently, the solution checks the status
of various presented pickers.

* Source/WebKit/UIProcess/Cocoa/PickerDismissalReason.h:

Introduce `PickerDismissalReason`s to control the dimissal behavior.

In particular, `ViewRemoved` now checks for fullscreen presentations, to avoid
instant dismissal.

* Source/WebKit/UIProcess/Cocoa/WKContactPicker.h:
* Source/WebKit/UIProcess/Cocoa/WKContactPicker.mm:
(-[WKContactPicker dismissIfNeededWithReason:]):
* Source/WebKit/UIProcess/Cocoa/WKShareSheet.h:
* Source/WebKit/UIProcess/Cocoa/WKShareSheet.mm:
(-[WKShareSheet dismissIfNeededWithReason:]):
* Source/WebKit/UIProcess/ios/UIKitUtilities.h:
* Source/WebKit/UIProcess/ios/UIKitUtilities.mm:
(-[UIViewController _wk_isInFullscreenPresentation]):
* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView willMoveToWindow:]):
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.h:
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView cleanUpInteraction]):
(-[WKContentView dismissFilePicker]):
(-[WKContentView _showShareSheet:inRect:completionHandler:]):
(-[WKContentView dismissPickersIfNeededWithReason:]):
(-[WKContentView dismissPickers]): Deleted.
* Source/WebKit/UIProcess/ios/WKPDFView.mm:
(-[WKPDFView dealloc]):

`ProcessExited` is used here, since it has the desired semantics.

In effect, the remote process of the host view controller is exited here.

(-[WKPDFView actionSheetAssistant:shareElementWithURL:rect:]):
* Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.h:
* Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm:
(-[WKFileUploadPanel dismissIfNeededWithReason:]):
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::showShareSheet):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/272448.818@safari-7618-branch


  Commit: 359ebc5511d5759ef4eb5c6da210a3d1c4e14e5b
      https://github.com/WebKit/WebKit/commit/359ebc5511d5759ef4eb5c6da210a3d1c4e14e5b
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/Vector.h
    M Source/WTF/wtf/text/StringView.h
    M Source/WebCore/editing/cocoa/DataDetection.mm
    M Source/WebCore/platform/graphics/GlyphBuffer.h
    M Source/WebCore/platform/graphics/coretext/FontCoreText.cpp
    M Source/WebCore/platform/text/cocoa/LocaleCocoa.h
    M Source/WebCore/platform/text/cocoa/LocaleCocoa.mm
    M Tools/TestWebKitAPI/Tests/WTF/Vector.cpp

  Log Message:
  -----------
  Apply patch. rdar://123961009

Identifier: 272448.818 at safari-7618-branch


  Commit: 6d02f7d32c25188eb4136b8924fc67b866a7c8a3
      https://github.com/WebKit/WebKit/commit/6d02f7d32c25188eb4136b8924fc67b866a7c8a3
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A LayoutTests/accessibility/dynamic-aria-hidden-cell-expected.txt
    A LayoutTests/accessibility/dynamic-aria-hidden-cell.html
    M Source/WebCore/accessibility/AXLogger.cpp
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/AXObjectCache.h
    M Source/WebCore/accessibility/AccessibilityObject.cpp
    M Source/WebCore/accessibility/AccessibilityRenderObject.cpp
    M Source/WebCore/accessibility/AccessibilityTable.cpp
    M Source/WebCore/accessibility/AccessibilityTableCell.cpp
    M Source/WebCore/accessibility/AccessibilityTableCell.h

  Log Message:
  -----------
  Apply patch. rdar://124046227

Identifier: 272448.819 at safari-7618-branch


  Commit: f3567ff8417c6f285e54d3a18d9d0fd6606a16c9
      https://github.com/WebKit/WebKit/commit/f3567ff8417c6f285e54d3a18d9d0fd6606a16c9
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/accessibility/AXCoreObject.h
    M Source/WebCore/accessibility/AccessibilityObject.h
    M Source/WebCore/accessibility/ios/AccessibilityObjectIOS.mm
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Apply patch. rdar://122375537

Identifier: 272448.820 at safari-7618-branch


  Commit: 2368888e84c35cf18bacc08119e00dfe71fef189
      https://github.com/WebKit/WebKit/commit/2368888e84c35cf18bacc08119e00dfe71fef189
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A LayoutTests/fast/ruby/can-break-before-after-expected.html
    A LayoutTests/fast/ruby/can-break-before-after.html
    M LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html
    M Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp

  Log Message:
  -----------
  Cherry-pick b8f448e7fd86. rdar://122663646

    [IFC][Ruby] Failure to line break before/between ruby sequences
    https://bugs.webkit.org/show_bug.cgi?id=271209
    <rdar://122663646>

    Reviewed by Antti Koivisto.

    Not all "do not break before" characters have "do not break after" meaning. (e.g. no line should begin with KATAKANA MIDDLE DOT but it's ok to have it at the end of the line).
    Let's divide them into 2 categories as seen in https://www.w3.org/TR/jlreq.

    *LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html: use different punctuation to force line breaking at the right position.
    * LayoutTests/fast/ruby/can-break-before-after-expected.html: Added.
    * LayoutTests/fast/ruby/can-break-before-after.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp:
    (WebCore::Layout::canBreakBefore):
    (WebCore::Layout::canBreakAfter):
    (WebCore::Layout::RubyFormattingContext::isAtSoftWrapOpportunity):
    (WebCore::Layout::canBreakAtCharacter): Deleted.

    Canonical link: https://commits.webkit.org/276353@main

Identifier: 272448.821 at safari-7618-branch


  Commit: 241291e9839594a83516b841875b731604f29f24
      https://github.com/WebKit/WebKit/commit/241291e9839594a83516b841875b731604f29f24
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/layout/formattingContexts/inline/text/TextUtil.cpp
    M Source/WebCore/platform/graphics/FontCascade.cpp
    M Source/WebCore/platform/graphics/FontCascade.h
    M Source/WebCore/platform/graphics/WidthCache.h

  Log Message:
  -----------
  Apply patch. rdar://125141619

Identifier: 272448.822 at safari-7618-branch


  Commit: 4dcb84b320a03dc5271cc51a51200740f6fc2b39
      https://github.com/WebKit/WebKit/commit/4dcb84b320a03dc5271cc51a51200740f6fc2b39
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/style/StyleTreeResolver.cpp

  Log Message:
  -----------
  Apply patch. rdar://125085007

Identifier: 272448.823 at safari-7618-branch


  Commit: 2fdf54ceebe223f232ed18162da02468e1880cb7
      https://github.com/WebKit/WebKit/commit/2fdf54ceebe223f232ed18162da02468e1880cb7
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/Element.h
    M Source/WebCore/html/HTMLImageElement.cpp
    M Source/WebCore/html/HTMLImageElement.h

  Log Message:
  -----------
  Apply patch. rdar://125386652

Identifier: 272448.824 at safari-7618-branch


  Commit: cf79da8ab66160680ab36d9b9593cfd0da8cb0ad
      https://github.com/WebKit/WebKit/commit/cf79da8ab66160680ab36d9b9593cfd0da8cb0ad
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.h

  Log Message:
  -----------
  Apply patch. rdar://125366762

Identifier: 272448.825 at safari-7618-branch


  Commit: 90e974bbbf306be0a4307d8587c40a38f8f21b93
      https://github.com/WebKit/WebKit/commit/90e974bbbf306be0a4307d8587c40a38f8f21b93
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/css/parser/CSSParserContext.cpp
    M Source/WebCore/css/parser/CSSParserContext.h
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/style/StyleScope.cpp

  Log Message:
  -----------
  Apply patch. rdar://124719234

Identifier: 272448.827 at safari-7618-branch


  Commit: f67193f45900775031aeb7520217c948e881ec14
      https://github.com/WebKit/WebKit/commit/f67193f45900775031aeb7520217c948e881ec14
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    A LayoutTests/fast/text/min-max-content-negative-text-indent-expected.html
    A LayoutTests/fast/text/min-max-content-negative-text-indent.html
    M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp

  Log Message:
  -----------
  Cherry-pick b2ec60c7d5b8. rdar://124784190

    [IFC][Intrinsic width] Incorrect shrink-to-fit box logical width when negative text-indent is present
    https://bugs.webkit.org/show_bug.cgi?id=271113
    <rdar://problem/124784190>

    Reviewed by Antti Koivisto.

    Negative text-indent value could confuse the min/max inline size computation as running layout with 0 constraint
    may produce wider content than running layout with infinite constraint.

    Consider the following case:

    <div style="text-indent: -100px;">some content</div>

    With infinite constraint this content produce only one line with the line box width of 0 (assume the measured content width of "some content" is < 100px)
    It simply means that [some content] visually overflows on the left due to this implicit negative content margin.
                  _
    some content |_|

    However when computing the minimum content size we have to take into account all the possible soft wrap opportunities with the constraint value of 0.
    Now we end up constructing 2 lines where the second line has 0px used text-indent.
                  _
    some         |_|
                  ________
                 |content |
                  --------
    which clearly computes a content value > 0px.

    Let's fix this by making sure minimum width is never larger than maximum width. This behavior also seems to match with other rendering engines.

    * LayoutTests/fast/text/min-max-content-negative-text-indent-expected.html: Added.
    * LayoutTests/fast/text/min-max-content-negative-text-indent.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:
    (WebCore::Layout::InlineFormattingContext::minimumMaximumContentSize):
    (WebCore::Layout::InlineFormattingContext::minimumContentSize):

    Canonical link: https://commits.webkit.org/276246@main

Identifier: 272448.828 at safari-7618-branch


  Commit: 970aeff5d8a82dcbe45f3ef8d11a364c3aa42e81
      https://github.com/WebKit/WebKit/commit/970aeff5d8a82dcbe45f3ef8d11a364c3aa42e81
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WTF/wtf/HashTraits.h
    M Source/WebCore/platform/graphics/WidthCache.h

  Log Message:
  -----------
  Cherry-pick 50f118c27cfa. rdar://125141520

    [WebCore] Optimize WidthCache further
    https://bugs.webkit.org/show_bug.cgi?id=270901
    rdar://124512596

    Reviewed by Ryosuke Niwa.

    This patch further optimizes WidthCache.

    1. Ensure that SmallStringKey constructor is always inlined.
    2. Add copySmallCharacters. We know that this string is <= 16, very small. Just doing for-loop is faster for this level of size.
    3. Add FloatWithZeroEmptyKeyHashTraits. float / double uses infinity for empty value. But this means that we cannot use zeroed empty value
       for HashMap<T, float> even though T's empty value is zero. We add FloatWithZeroEmptyKeyHashTraits which uses 0 for empty value, so that
       we can ensure that KeyValuePair<T, float>'s empty value is zero. Also, using character + 1 for key in SingleCharMap so that it can make
       empty value zero too.

    * Source/WTF/wtf/HashTraits.h:
    (WTF::FloatWithZeroEmptyKeyHashTraits::emptyValue):
    (WTF::FloatWithZeroEmptyKeyHashTraits::constructDeletedValue):
    (WTF::FloatWithZeroEmptyKeyHashTraits::isDeletedValue):
    * Source/WebCore/platform/graphics/WidthCache.h:
    (WebCore::WidthCache::SmallStringKey::SmallStringKey):
    (WebCore::WidthCache::SmallStringKey::copySmallCharacters):
    (WebCore::WidthCache::addSlowCase):

    Canonical link: https://commits.webkit.org/276034@main

Identifier: 272448.829 at safari-7618-branch


  Commit: 97db19bd1b8408543114a4017c8642b364470bae
      https://github.com/WebKit/WebKit/commit/97db19bd1b8408543114a4017c8642b364470bae
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/EventPath.cpp

  Log Message:
  -----------
  Cherry-pick 26bc2e2bb52f. rdar://121268633

    nullptr crash in moveOutOfAllShadowRoots
    https://bugs.webkit.org/show_bug.cgi?id=271849
    <rdar://121268633>

    Reviewed by Chris Dumez.

    Add a nullptr check.

    * Source/WebCore/dom/EventPath.cpp:
    (WebCore::moveOutOfAllShadowRoots):

    Canonical link: https://commits.webkit.org/276815@main

Identifier: 272448.830 at safari-7618-branch


  Commit: 08343c2a5ee2f129dcbdeb044412c17a060de2eb
      https://github.com/WebKit/WebKit/commit/08343c2a5ee2f129dcbdeb044412c17a060de2eb
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebCore/loader/cache/CachedImage.cpp
    M Source/WebCore/page/ContextMenuController.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/platform/graphics/BitmapImage.cpp
    M Source/WebCore/platform/graphics/Image.cpp
    M Source/WebCore/platform/graphics/Image.h
    M Source/WebCore/testing/Internals.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
    M Tools/TestWebKitAPI/Tests/WebKit/AnimationControl.mm

  Log Message:
  -----------
  Apply patch. rdar://109646792

Identifier: 272448.831 at safari-7618-branch


  Commit: 61f821826ece7bbac696c41b160bfe31746640a9
      https://github.com/WebKit/WebKit/commit/61f821826ece7bbac696c41b160bfe31746640a9
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2024-03-28 (Thu, 28 Mar 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm

  Log Message:
  -----------
  [cocoa] Explicitly check the file extension for webarchives when deciding quarantine
https://bugs.webkit.org/show_bug.cgi?id=271793
rdar://123902597

Reviewed by Brent Fulgham and Sihui Liu.

Currently we only check the string suffix to see if the requested file path is
a webarchive, but this isn't sufficient because the file extension isn't
guaranteed to be at the end of the string. This patch parses the string as a
file URL and then checks the file extension.

* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::isQuarantinedAndNotUserApproved):

Canonical link: https://commits.webkit.org/272448.832@safari-7618-branch


  Commit: 45d19dbc9663c764c2eadddff18ea041c7833ea2
      https://github.com/WebKit/WebKit/commit/45d19dbc9663c764c2eadddff18ea041c7833ea2
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    A LayoutTests/fast/scrolling/mac/scrollbars/rtl-scrollbar-state-expected.txt
    A LayoutTests/fast/scrolling/mac/scrollbars/rtl-scrollbar-state.html
    M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp
    M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.h
    M Source/WebCore/page/scrolling/ScrollingCoordinator.h
    M Source/WebCore/page/scrolling/ScrollingStateFrameScrollingNode.cpp
    M Source/WebCore/page/scrolling/ScrollingStateFrameScrollingNode.h
    M Source/WebCore/page/scrolling/ScrollingStateNode.h
    M Source/WebCore/page/scrolling/ScrollingStateOverflowScrollingNode.cpp
    M Source/WebCore/page/scrolling/ScrollingStateOverflowScrollingNode.h
    M Source/WebCore/page/scrolling/ScrollingStatePluginScrollingNode.cpp
    M Source/WebCore/page/scrolling/ScrollingStatePluginScrollingNode.h
    M Source/WebCore/page/scrolling/ScrollingStateScrollingNode.cpp
    M Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h
    M Source/WebCore/page/scrolling/mac/ScrollerMac.h
    M Source/WebCore/page/scrolling/mac/ScrollerMac.mm
    M Source/WebCore/page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm
    M Source/WebCore/platform/ScrollbarsController.h
    M Source/WebCore/platform/mac/ScrollbarsControllerMac.mm
    M Source/WebCore/rendering/RenderBox.cpp
    M Source/WebKit/Shared/RemoteLayerTree/RemoteScrollingCoordinatorTransaction.serialization.in
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.h
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.mm

  Log Message:
  -----------
  Apply patch. rdar://117355120

Canonical link: https://commits.webkit.org/272448.833@safari-7618-branch


  Commit: e4bb4c15249ec33e8dce8e0849104082b59e439a
      https://github.com/WebKit/WebKit/commit/e4bb4c15249ec33e8dce8e0849104082b59e439a
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    A LayoutTests/fast/scrolling/ios/video-atop-overflow-scroll-expected.txt
    A LayoutTests/fast/scrolling/ios/video-atop-overflow-scroll.html
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm

  Log Message:
  -----------
  Cherry-pick 3ee555da60e6. rdar://118936715

    REGRESSION (iOS 17): Video bug z-index pointer-events doesn't work well
    https://bugs.webkit.org/show_bug.cgi?id=265520
    rdar://118936715

    Reviewed by Eric Carlson.

    When a video is placed atop a scrolling element, the hit test machinery walks over the compositing
    views that make up the compositing heirarchy, searching for views which are "hit test" targets.
    For any view which is a subclass of WKCompositingView, collectDescendantViewsInRect() will query
    that view's associated Node to tell if it's a hit test target. Any UIView that is _not_ a subclass
    of WKCompositingView is assumed to be a hit-test target unless it specifically opts-out of hit
    testing via -isUserInteractionEnabled. The subviews of WKVideoView (itself a subclass of
    WKCompositingView) have not opted out of hit testing, so are selected as a hit testing view.

    Opt out these utility views by setting their userInteractionEnabled property to NO.

    * LayoutTests/fast/scrolling/ios/video-atop-overflow-scroll-expected.txt: Added.
    * LayoutTests/fast/scrolling/ios/video-atop-overflow-scroll.html: Added.
    * Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm:
    (WebKit::VideoPresentationManagerProxy::createLayerHostViewWithID):
    (WebKit::VideoPresentationManagerProxy::createViewWithID):

    Canonical link: https://commits.webkit.org/276807@main

Canonical link: https://commits.webkit.org/272448.834@safari-7618-branch


  Commit: 812732cb916f78c1179e178380f26187b3122554
      https://github.com/WebKit/WebKit/commit/812732cb916f78c1179e178380f26187b3122554
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Cherry-pick 21dc5d50d70c. rdar://125622008

    Pass along clientDataJSON in legacy flow
    https://bugs.webkit.org/show_bug.cgi?id=270111
    rdar://123457653

    Reviewed by Brent Fulgham.

    We started passing along the raw clientDataJSON in the modern flow. We need to do
    the same in the legacy flow to keep it working since we don't use clientDataHash anymore.

    * Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
    (WebKit::configureRegistrationRequestContext):
    (WebKit::configureAssertionOptions):
    (WebKit::configurationAssertionRequestContext):
    (WebKit::WebAuthenticatorCoordinatorProxy::contextForRequest):
    (WebKit::continueAfterRequest):

    Canonical link: https://commits.webkit.org/275345@main

Canonical link: https://commits.webkit.org/272448.835@safari-7618-branch


  Commit: 2714ca909e0694a3a9ee2afc06c6650b425c1ef6
      https://github.com/WebKit/WebKit/commit/2714ca909e0694a3a9ee2afc06c6650b425c1ef6
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.mm
    M Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.cpp

  Log Message:
  -----------
  Cherry-pick aef6a763596a. rdar://125623287

    WebCodecs remote video encoders get timestamps in microseconds and not nanoseconds
    rdar://123684436
    https://bugs.webkit.org/show_bug.cgi?id=270159

    Reviewed by Eric Carlson.

    In WebRTC code path, we are getting a microsecond timestamp.
    We were converting it to a MediaTime in LibWebRTCCodecs which was then converted back to
    a nanosecond timestamp in LibWebRTCCodecsProxy.
    A factor of 1000 was applied in LibWebRTCCodecs and handled correctly on LibWebRTCCodecsProxy.

    The WebCodecs path is getting a MediaTime directly but without the 1000 factor.
    This was causing the timestamps given to WebCodecs encoder to be in microseconds and not nanoseconds.
    This can have an impact on encoders in some circumstances.

    We fix this by using Seconds/MediaTime routines on WebProcess WebRTC side (this removes the 1000 factor),
    and we update LibWebRTCCodecsProxy to do the same.

    * Source/WebKit/GPUProcess/webrtc/LibWebRTCCodecsProxy.mm:
    (WebKit::LibWebRTCCodecsProxy::encodeFrame):
    * Source/WebKit/WebProcess/GPU/webrtc/LibWebRTCCodecs.cpp:
    (WebKit::LibWebRTCCodecs::encodeFrame):

    Canonical link: https://commits.webkit.org/275392@main

Canonical link: https://commits.webkit.org/272448.836@safari-7618-branch


  Commit: 6bb527f779a5d646f6eb1f49cf57af592e95bae2
      https://github.com/WebKit/WebKit/commit/6bb527f779a5d646f6eb1f49cf57af592e95bae2
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.h
    M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm

  Log Message:
  -----------
  Cherry-pick 7d9473d140a1. rdar://124434403

    Camera is paused occasionally when torch is enabled
    https://bugs.webkit.org/show_bug.cgi?id=270831
    rdar://124434403

    Reviewed by Andy Estes.

    We do not want to update AV capture devices before the session is running, as it may trigger interruption.
    We now apply changes to device as soon as the session is running, but not before.
    We apply this to torch, white balance, resolution and frame rate.

    Whenever we want to update any of these, if the session is not running, we exit early and we remember to reconfigure.
    When the session resumes, we check whether we need to reconfigure and do so.

    * Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.h:
    * Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm:
    (WebCore::AVVideoCaptureSource::setSessionSizeFrameRateAndZoom):
    (WebCore::AVVideoCaptureSource::updateWhiteBalanceMode):
    (WebCore::AVVideoCaptureSource::updateTorch):
    (WebCore::AVVideoCaptureSource::reconfigure):
    (WebCore::AVVideoCaptureSource::captureSessionIsRunningDidChange):

    Canonical link: https://commits.webkit.org/276773@main

Canonical link: https://commits.webkit.org/272448.837@safari-7618-branch


  Commit: f68122ed00577f2db41d84ec6c811754b1f26dd0
      https://github.com/WebKit/WebKit/commit/f68122ed00577f2db41d84ec6c811754b1f26dd0
  Author: Justin Michaud <justin at justinmichaud.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/b3/air/AirOpcode.opcodes

  Log Message:
  -----------
  Cherry-pick 58389979b17a. rdar://122959696

    Signed loads should not zero-def their destination.
    https://bugs.webkit.org/show_bug.cgi?id=271866
    rdar://122959696

    Reviewed by Yusuke Suzuki.

    This fixes a hang in Google Meet when applying the Black Noir filter.

    Suppose we have:

    ```
    @a = Load8SignedExtendTo32(@x)

    @b = Trunc(ZExt32(@a))
    ```

    B3 reduceStrength will convert @b to @a. The Air register allocator will
    see that we ZDef 64 bits in @a, but on ARM64, we actually sign-extend them.

    This was caught by changing reduceStrength:

    ```
    case Trunc:
        // Turn this: Trunc(SExt32(value)) or Trunc(ZExt32(value))
        // Into this: value
        if (m_value->child(0)->opcode() == SExt32 || m_value->child(0)->opcode() == ZExt32) {
            auto* value = m_value->child(0)->child(0);
            auto* patchpoint = m_insertionSet.insert<PatchpointValue>(
                m_index, m_value->type(), m_value->origin());

            patchpoint->effects = Effects();
            patchpoint->effects.reads = HeapRange::top();
            patchpoint->effects.exitsSideways = true;

            patchpoint->append(value);
            patchpoint->setGenerator([&] (CCallHelpers& jit, const StackmapGenerationParams& params) {
                RELEASE_ASSERT(params.size() == 2);
                RELEASE_ASSERT(params[0].isGPR());
                RELEASE_ASSERT(params[1].isGPR());
                auto dst = params[0].gpr();
                auto a = params[1].gpr();
                auto branch = jit.branchTest64(CCallHelpers::Zero, a, MacroAssembler::TrustedImm64(0xFFFFFFFF00000000));
                jit.breakpoint();
                jit.breakpoint(0);
                jit.breakpoint(1);
                jit.breakpoint(2);
                branch.link(&jit);
                jit.move(a, dst);
            });

            replaceWithNew<Value>(Identity, m_value->origin(), patchpoint);
    ```

    * Source/JavaScriptCore/b3/air/AirOpcode.opcodes:

    Canonical link: https://commits.webkit.org/276829@main

Canonical link: https://commits.webkit.org/272448.838@safari-7618-branch


  Commit: 75732b85bc84c3109260616fa9bfee28d2a21df1
      https://github.com/WebKit/WebKit/commit/75732b85bc84c3109260616fa9bfee28d2a21df1
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M Source/WebCore/dom/Node.cpp
    M Source/WebCore/dom/Node.h
    M Source/WebCore/editing/FrameSelection.cpp
    M Source/WebCore/editing/FrameSelection.h

  Log Message:
  -----------
  Cherry-pick 276766 at main (f5e6dd1893d0). rdar://125554643

    Avoid tree traversal in FrameSelection::nodeWillBeRemoved in most cases
    https://bugs.webkit.org/show_bug.cgi?id=271748

    Reviewed by Wenson Hsieh and Yusuke Suzuki.

    This PR introduces a new node flag, StateFlag::ContainsSelectionEndPoint, which indicates whether
    a given node contains a selection end point (start, end, base, extent, focus, or anchor), and uses
    it to avoid tree walks in FrameSelection::nodeWillBeRemoved.

    * Source/WebCore/dom/Node.cpp:
    (WebCore::Node::insertedIntoAncestor): Assert that the node flag isn't set when a node is just
    inserted into a DOM tree.
    (WebCore::Node::removedFromAncestor): Ditto for removal.

    * Source/WebCore/dom/Node.h:
    (WebCore::Node::containsSelectionEndPoint const): Added.
    (WebCore::Node::setContainsSelectionEndPoint): Added.

    * Source/WebCore/editing/FrameSelection.cpp:
    (WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance):
    (WebCore::setNodeContainsSelectionEndPoint): Added. Sets the node flag on all ancestor nodes given
    a position.
    (WebCore::FrameSelection::setNodeFlags): Added. Sets the node flag on ancestor nodes of each
    selection end points: start, end, base, extent, focus, or anchor.
    (WebCore::FrameSelection::nodeWillBeRemoved): Added the optimization.
    (WebCore::FrameSelection::respondToNodeModification):
    (WebCore::FrameSelection::willBeModified):

    * Source/WebCore/editing/FrameSelection.h:

    Canonical link: https://commits.webkit.org/276766@main

Canonical link: https://commits.webkit.org/272448.839@safari-7618-branch


  Commit: 5a9c7db119accb8c38447a3a652d28f5b4d00d5a
      https://github.com/WebKit/WebKit/commit/5a9c7db119accb8c38447a3a652d28f5b4d00d5a
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cocoa/CoreTelephonySPI.h

  Log Message:
  -----------
  Revert "Cherry-pick 4c56ee9123b0. rdar://124171004"

This reverts commit f91ae916ce7e290be3178bd54e1fc6b8d6cfc80e.

Identifier: 272448.840 at safari-7618-branch


  Commit: 25d34a68eae19ab72e238e3aa8ff14e34d917102
      https://github.com/WebKit/WebKit/commit/25d34a68eae19ab72e238e3aa8ff14e34d917102
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebKit/UIProcess/Cocoa/CoreTelephonyUtilities.mm
    M Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm

  Log Message:
  -----------
  Apply patch. rdar://124171004

Identifier: 272448.841 at safari-7618-branch


  Commit: e6485ea5b2f1c0d46e1fb256b23a1ec6bcc0faa0
      https://github.com/WebKit/WebKit/commit/e6485ea5b2f1c0d46e1fb256b23a1ec6bcc0faa0
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    A LayoutTests/accessibility/dynamic-table-row-column-indices-expected.txt
    A LayoutTests/accessibility/dynamic-table-row-column-indices.html
    A LayoutTests/accessibility/table-insert-second-thead-expected.txt
    A LayoutTests/accessibility/table-insert-second-thead.html
    M LayoutTests/platform/glib/TestExpectations
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/AXObjectCache.h
    M Source/WebCore/accessibility/AccessibilityTableColumn.cpp
    M Source/WebCore/accessibility/AccessibilityTableColumn.h
    M Source/WebCore/accessibility/AccessibilityTableRow.cpp
    M Source/WebCore/accessibility/AccessibilityTableRow.h
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp

  Log Message:
  -----------
  Apply patch. rdar://118240861

Identifier: 272448.842 at safari-7618-branch


  Commit: 20125eadfbfa8d26f96a312f7e0937ffcd5c5fe6
      https://github.com/WebKit/WebKit/commit/20125eadfbfa8d26f96a312f7e0937ffcd5c5fe6
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebCore/loader/ImageLoader.cpp

  Log Message:
  -----------
  Apply patch. rdar://125543680

Identifier: 272448.843 at safari-7618-branch


  Commit: e1c1abdd134b7d202c9e37f83d4235a1d5f0a5e0
      https://github.com/WebKit/WebKit/commit/e1c1abdd134b7d202c9e37f83d4235a1d5f0a5e0
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://124405037

Identifier: 272448.844 at safari-7618-branch


  Commit: 622c7561c92405d19bc8fbb65ae55bdd9154d5c0
      https://github.com/WebKit/WebKit/commit/622c7561c92405d19bc8fbb65ae55bdd9154d5c0
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Cherry-pick fd02524abbb7. rdar://124627462

    [WebAuthn] Pass appid extension in modern AS flow
    https://bugs.webkit.org/show_bug.cgi?id=270989
    rdar://124627462

    Reviewed by Brent Fulgham.

    This patch starts to pass the appID extension in the modern flow using
    AuthenticationServices.framework.

    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h:
    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
    (WebKit::WebAuthenticatorCoordinatorProxy::requestsForAssertion):
    (WebKit::WebAuthenticatorCoordinatorProxy::performRequest):

    Canonical link: https://commits.webkit.org/276199@main

Identifier: 272448.845 at safari-7618-branch


  Commit: b7900710376e8b537e12a342fb3eb8fa3491dea8
      https://github.com/WebKit/WebKit/commit/b7900710376e8b537e12a342fb3eb8fa3491dea8
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm

  Log Message:
  -----------
  Cherry-pick 2f857be7d42f. rdar://122811153

    Add more quirks for `consent.google.*` when applying the third party IP address cookie expiry cap
    https://bugs.webkit.org/show_bug.cgi?id=271952
    rdar://122811153

    Reviewed by John Wilander.

    Add a couple more quirks for requests to `consent.google.*` and `consent.youtube.com`, when checking
    whether we should apply the cookie expiration cap for requests coming from potential third party IP
    addresses.

    * Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm:
    (WebKit::NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking):

    Clean up this capture block, so that the individual captured variables are much easier to read.

    Canonical link: https://commits.webkit.org/276888@main

Identifier: 272448.846 at safari-7618-branch


  Commit: f9736e1c186e0b9df2ba634adb1a3550f8038c8b
      https://github.com/WebKit/WebKit/commit/f9736e1c186e0b9df2ba634adb1a3550f8038c8b
  Author: Dawn Morningstar <morningstar at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp

  Log Message:
  -----------
  Build Fix for Use of undeclared identifier 'page'
rdar://125741072

Reviewed by Simon Fraser.

ASSERT(m_page); should be called rather than ASSERT(page());

* Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:
(WebCore::AsyncScrollingCoordinator::setScrollbarLayoutDirection):

Canonical link: https://commits.webkit.org/272448.847@safari-7618-branch


  Commit: b69fae7339a05f0e54d2db7463dfa80418ba5f0b
      https://github.com/WebKit/WebKit/commit/b69fae7339a05f0e54d2db7463dfa80418ba5f0b
  Author: Simon Fraser <simon.fraser at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    A LayoutTests/compositing/shared-backing/composited-descendants-should-prevent-sharing-expected.html
    A LayoutTests/compositing/shared-backing/composited-descendants-should-prevent-sharing.html
    M LayoutTests/platform/ios-wk2/scrollingcoordinator/scrolling-tree/absolute-in-nested-overflow-scroll-expected.txt
    M LayoutTests/scrollingcoordinator/scrolling-tree/absolute-in-nested-overflow-scroll-expected.txt
    M Source/WebCore/rendering/RenderLayerCompositor.cpp

  Log Message:
  -----------
  Cherry-pick 6fa1d3b94cd7. rdar://124483601

    REGRESSION (273999 at main): Elements fail to render in Spinnaker
    https://bugs.webkit.org/show_bug.cgi?id=271710
    rdar://124483601

    Reviewed by Alan Baradlay.

    273999 at main reverted some backing sharing behavior to an older configuration, but this brought back
    a bug which affects Spinnaker dashboards. The test reduction has a series of overflow scrollers, both
    siblings and nested, and an element later in the tree that ends up obscured when the bug occurs.

    A simplified paint-order tree dump (via the Compositing log channel) looks like this:

    -S---------C-c-- 0x118000810 RenderView 0x1180002c0
    -S-----------c--   + 0x118001850 RenderBlock 0x118001700 HTML 0x118001050
    -S---------C-c--     + 0x1180044a0 RenderBlock (relative positioned) 0x118004350 DIV 0x118003350 class='container'
    -S-O-----XxC----       - 0x118004740 RenderTextControl 0x118005460 TEXTAREA 0x118003c20 class='fixed'
    ---O-------CPc--       + 0x1180049e0 RenderBlock (relative positioned) 0x1180045f0 DIV 0x1180033d0 id='main'
    --NO-------C-c--         n 0x118004dd0 RenderBlock 0x118004890 DIV 0x118003530 class='outer-scroller'
    --NO-------C--s-           n 0x118005070 RenderBlock 0x118004c80 DIV 0x1180035b0 class='scroller'
    ------------p-s-       + 0x1180055b0 RenderBlock (relative positioned) 0x1180051c0 DIV 0x118003790 class='indicator'

    Note the P on '0x1180049e0' indicating that it's a shared backing provider, and the p on '0x1180055b0' showing that
    it paints into that shared backing. However, the normal flow descendant layers of 0x1180049e0 (0x118004dd0 and 0x118005070)
    are both [C]composited, so they appear on top of 0x1180055b0, which is the bug.

    A composited layer normally interrupts a backing sharing sequence. However, we only determined that 0x1180049e0 could
    be a backing provider after traversing its descendant layers in `updateBackingSharingAfterDescendantTraversal()`,
    and made it one despite it having composited descendants. So fix `updateBackingSharingAfterDescendantTraversal()`
    to check that.

    This undoes the backing sharing that happened in `scrollingcoordinator/scrolling-tree/absolute-in-nested-overflow-scroll`,
    but that sharing was undone on scrolling anyway.

    * LayoutTests/compositing/shared-backing/composited-descendants-should-prevent-sharing-expected.html: Added.
    * LayoutTests/compositing/shared-backing/composited-descendants-should-prevent-sharing.html: Added.
    * Source/WebCore/rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::updateBackingSharingAfterDescendantTraversal):

    Canonical link: https://commits.webkit.org/276720@main

Identifier: 272448.848 at safari-7618-branch


  Commit: 0b59e3f5e9ff1b807adf88decac8410ae65cf7b7
      https://github.com/WebKit/WebKit/commit/0b59e3f5e9ff1b807adf88decac8410ae65cf7b7
  Author: David Degazio <d_degazio at apple.com>
  Date:   2024-04-01 (Mon, 01 Apr 2024)

  Changed paths:
    A JSTests/wasm/stress/catch-should-keep-alive-inline-parent-expression-stack.js
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

  Log Message:
  -----------
  [JSC] Catch should preserve top expression stack of inline parents in OMG
https://bugs.webkit.org/show_bug.cgi?id=271987
rdar://125145754

Reviewed by Justin Michaud.

This patch makes it so we include the top-level expression stack
(m_parser->expressionStack()) among the values we consider live when figuring
out which values need to be reloaded at a catch entrypoint. Previously, we only
considered the enclosed expression stacks buried in the control entries for
each inline parent, which only captures values live in enclosing blocks and not
the current block being executed.

* JSTests/wasm/stress/catch-should-keep-alive-inline-parent-expression-stack.js: Added.
(async test):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::preparePatchpointForExceptions):
(JSC::Wasm::B3IRGenerator::emitCatchImpl):

Canonical link: https://commits.webkit.org/272448.849@safari-7618-branch


  Commit: e70c48eaf71f6f5791ba0d1b280410765f5a223b
      https://github.com/WebKit/WebKit/commit/e70c48eaf71f6f5791ba0d1b280410765f5a223b
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://124265507

Identifier: 272448.850 at safari-7618-branch


  Commit: 57a4cf511f13c8f73fb1524ea02715430e733b52
      https://github.com/WebKit/WebKit/commit/57a4cf511f13c8f73fb1524ea02715430e733b52
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/mediasession/MediaSession.cpp
    M Source/WebCore/Modules/mediasession/MediaSession.h
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLMediaElement.h
    M Source/WebCore/html/MediaElementSession.cpp
    M Source/WebCore/html/MediaElementSession.h
    M Source/WebCore/platform/audio/PlatformMediaSession.cpp
    M Source/WebCore/platform/audio/PlatformMediaSession.h
    M Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp
    M Source/WebCore/platform/audio/PlatformMediaSessionManager.h
    M Source/WebCore/platform/audio/cocoa/MediaSessionManagerCocoa.h
    M Source/WebCore/platform/audio/cocoa/MediaSessionManagerCocoa.mm

  Log Message:
  -----------
  Apply patch. rdar://123632916

Identifier: 272448.851 at safari-7618-branch


  Commit: 7def06c2e48af5cd163ff1359fb75925663aa188
      https://github.com/WebKit/WebKit/commit/7def06c2e48af5cd163ff1359fb75925663aa188
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    A LayoutTests/accessibility/iframe-tree-update-with-dirty-layout-expected.txt
    A LayoutTests/accessibility/iframe-tree-update-with-dirty-layout.html
    M LayoutTests/platform/glib/TestExpectations
    M LayoutTests/platform/ios/TestExpectations
    A LayoutTests/platform/ios/accessibility/iframe-tree-update-with-dirty-layout-expected.txt
    A LayoutTests/platform/mac-wk1/accessibility/iframe-tree-update-with-dirty-layout-expected.txt
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/AXObjectCache.h
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl

  Log Message:
  -----------
  Apply patch. rdar://103616732

Identifier: 272448.852 at safari-7618-branch


  Commit: 9b53d910caa6fe22b1e8171d743890e36c03dd95
      https://github.com/WebKit/WebKit/commit/9b53d910caa6fe22b1e8171d743890e36c03dd95
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.7

Identifier: 272448.853 at safari-7618-branch


  Commit: 9ca008522dcbaa16ee84269e402e6823c5228a34
      https://github.com/WebKit/WebKit/commit/9ca008522dcbaa16ee84269e402e6823c5228a34
  Author: Eric Carlson <eric.carlson at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/platform/graphics/MediaPlayer.cpp
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm

  Log Message:
  -----------
  Cherry-pick cac2e6433cf3. rdar://116689080

    Legacy EME WebKitMediaKeys createSessions unknown error
    https://bugs.webkit.org/show_bug.cgi?id=262874
    rdar://116689080

    Reviewed by Jer Noble.

    If a media resource protected with the legacy EME API loads very quickly, the media player
    in GPU process may try to generate a key request before the HTMLMediaElement in the web
    process has signaled it is OK to continue after a key request. Have HTMLMediaElement
    call player->setShouldContinueAfterKeyNeeded as soon as the media player is allocaged so
    it will know before media data loading begins.

    No new test added because the problem is extremely timing dependent and I was never able
    to reproduce in a layout test.

    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::createMediaPlayer): Call updateShouldContinueAfterNeedKey.

    * Source/WebCore/platform/graphics/MediaPlayer.cpp:
    (WebCore::MediaPlayer::loadWithNextMediaEngine): Call shouldWaitForLoadingOfResource.
    (WebCore::MediaPlayer::setShouldContinueAfterKeyNeeded):

    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
    (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): Add logging.
    (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): Check
    m_shouldContinueAfterKeyNeeded instead of calling up to the player.
    (WebCore::MediaPlayerPrivateAVFoundationObjC::didCancelLoadingRequest): Add logging.
    (WebCore::MediaPlayerPrivateAVFoundationObjC::didStopLoadingRequest): Ditto.
    (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldContinueAfterKeyNeeded): Check
    m_shouldContinueAfterKeyNeeded instead of calling up to the player.
    (WebCore::MediaPlayerPrivateAVFoundationObjC::keyAdded): Add logging.

    Canonical link: https://commits.webkit.org/275647@main

Identifier: 272448.854 at safari-7618-branch


  Commit: c058d2e7519b399790b641d26086f22d14f37135
      https://github.com/WebKit/WebKit/commit/c058d2e7519b399790b641d26086f22d14f37135
  Author: Nikolaos Mouchtaris <nmouchtaris at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    A LayoutTests/fast/scrolling/mac/scrollable-area-size-for-overlay-scrollbars-expected.txt
    A LayoutTests/fast/scrolling/mac/scrollable-area-size-for-overlay-scrollbars.html
    M Source/WebCore/page/LocalFrameView.cpp
    M Source/WebCore/page/LocalFrameView.h
    M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp
    M Source/WebCore/platform/Scrollbar.cpp
    M Source/WebCore/platform/Scrollbar.h
    M Source/WebCore/platform/ScrollbarsController.cpp
    M Source/WebCore/platform/ScrollbarsController.h
    M Source/WebCore/platform/mac/ScrollbarsControllerMac.h
    M Source/WebCore/platform/mac/ScrollbarsControllerMac.mm
    M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl
    M Source/WebCore/testing/Internals.mm
    M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeDrawingAreaProxyMac.h
    M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeDrawingAreaProxyMac.mm
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.h
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.mm
    M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

  Log Message:
  -----------
  Cherry-pick 81451dabde97. rdar://117507268

    REGRESSION (UI-side compositing) changing between non-overlay and overlay scrollbars should adjust the size of the scrollable area
    https://bugs.webkit.org/show_bug.cgi?id=263618
    rdar://117507268

    Reviewed by Simon Fraser.

    This patch fixes a couple bugs related to switching back and forth dynamically between
    overlay and non-overlay scrollbars. First, setFrameScrollingNodeState() was not always
    called when switching the default, so iterate through each page and call
    LocalFrameView::overlayScrollbarDefaultDidChange to force a scrolling commit to plumb
    across this state change. Second, when we get the state change on the ui-process side,
    we call _updateAllScrollerImpPairsForNewRecommendedScrollerStyle, which notifies all the
    scroller imp pairs in the process of the new style. On the web process side, we had code
    to adjust the scrollbar thickness and force a relayout, which now doesn't work since there
    are no NSScrollerImpPairs in the web process. Instead, replicate this code in
    RemoteScrollbarsController and loop through the scrollable areas in the FrameView. This
    takes care of updating scrollable areas with overflow, while
    https://github.com/WebKit/WebKit/pull/19561 will take care of updating scrollable areas
    without overflow. Also add some additional testing infrastructure to compare the size of
    the scrollable area before and after toggling scrollbar style.

    * Source/WebCore/page/LocalFrameView.cpp:
    (WebCore::LocalFrameView::usesOverlayScrollbars const):
    (WebCore::LocalFrameView::overlayScrollbarDefaultDidChange):
    * Source/WebCore/page/LocalFrameView.h:
    * Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:
    (WebCore::AsyncScrollingCoordinator::setFrameScrollingNodeState):
    * Source/WebCore/page/scrolling/ScrollingTree.h:
    (WebCore::ScrollingTree::scrollingTreeNodeMarkScrollbarStyleChange):
    (WebCore::ScrollingTree::scrollingTreeNodesWithScrollbarStyleChange):
    (WebCore::ScrollingTree::clearScrollingTreeNodesWithScrollbarStyleChange):
    * Source/WebCore/page/scrolling/ScrollingTreeScrollingNode.cpp:
    (WebCore::ScrollingTreeScrollingNode::markHasScrollbarStyleChange):
    * Source/WebCore/page/scrolling/ScrollingTreeScrollingNode.h:
    * Source/WebCore/page/scrolling/mac/ScrollerPairMac.mm:
    (-[WebScrollerImpPairDelegateMac scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
    * Source/WebCore/platform/Scrollbar.cpp:
    (WebCore::Scrollbar::updateScrollbarThickness):
    * Source/WebCore/platform/Scrollbar.h:
    * Source/WebCore/platform/ScrollbarsController.cpp:
    (WebCore::ScrollbarsController::updateScrollbarsThickness):
    * Source/WebCore/platform/ScrollbarsController.h:
    (WebCore::ScrollbarsController::updateScrollerStyle):
    * Source/WebCore/platform/mac/ScrollbarsControllerMac.h:
    * Source/WebCore/platform/mac/ScrollbarsControllerMac.mm:
    (WebCore::ScrollbarsControllerMac::updateScrollerStyle):
    * Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.cpp:
    (WebKit::RemoteScrollingCoordinatorProxy::scrollingNodesHaveScrollbarStyleChange):
    * Source/WebKit/UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h:
    * Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeDrawingAreaProxyMac.h:
    * Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeDrawingAreaProxyMac.mm:
    (WebKit::RemoteLayerTreeDrawingAreaProxyMac::didCommitLayerTree):
    * Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingTreeMac.h:
    * Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingTreeMac.mm:
    (WebKit::RemoteScrollingTreeMac::scrollingTreeNodeMarkScrollbarStyleChange):
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.h:
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollbarsController.mm:
    (WebKit::macScrollbarTheme):
    (WebKit::RemoteScrollbarsController::updateScrollerStyle):
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.h:
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.messages.in:
    * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.mm:
    (WebKit::RemoteScrollingCoordinator::scrollingTreeNodesHaveScrollbarsWithStyleChange):
    * Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
    (WebKit::WebProcess::scrollerStylePreferenceChanged):

    Canonical link: https://commits.webkit.org/276439@main

Canonical link: https://commits.webkit.org/272448.855@safari-7618-branch


  Commit: 3c96fa5dd76105288927922b3296ad068953dd82
      https://github.com/WebKit/WebKit/commit/3c96fa5dd76105288927922b3296ad068953dd82
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

  Log Message:
  -----------
  Cherry-pick c0e1cd6ea54e. rdar://125804257

    [WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 day grace period
    https://bugs.webkit.org/show_bug.cgi?id=264097
    rdar://118182303

    Reviewed by Charlie Wolfe.

    In order to avoid matching recently deleted passkeys in the local authenticator, we match only
    against the group "com.apple.webkit.webauthn." This works because recently deleted passkeys
    are moved to another group, "com.apple.webkit.webauthn-recently-deleted."

    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
    (WebKit::LocalAuthenticatorInternal::getExistingCredentials):

    Canonical link: https://commits.webkit.org/275711@main

Canonical link: https://commits.webkit.org/272448.856@safari-7618-branch


  Commit: 95d9ceea9e0c3b6ccdca7a3c313ea2803155ca70
      https://github.com/WebKit/WebKit/commit/95d9ceea9e0c3b6ccdca7a3c313ea2803155ca70
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-04-02 (Tue, 02 Apr 2024)

  Changed paths:
    M Source/JavaScriptCore/inspector/InspectorBackendDispatcher.h

  Log Message:
  -----------
  Cherry-pick 790c37c321c3. rdar://125810111

    Fix the internal build with recent SDKs - InspectorBackendDispatcher::getPropertyValue() is a weak external symbol
    https://bugs.webkit.org/show_bug.cgi?id=269622
    rdar://123120005

    Unreviewed build fix.

    With recent SDKs, we were getting this build error on multiple
    platforms:

    ```
    ERROR: A weak external symbol is generated when a symbol is defined in multiple compilation units and is also marked as being exported from the library.
    ERROR: A common cause of weak external symbols is when an inline function is listed in the linker export file.
    ERROR: symbol __ZN9Inspector17BackendDispatcher16getPropertyValueINSt3__18optionalIbEEEET_PN3WTF8JSONImpl6ObjectERKNS6_6StringEbNS2_8functionIFS5_RNS7_5ValueEEEEPKc
    ERROR: symbol __ZN9Inspector17BackendDispatcher16getPropertyValueINSt3__18optionalIdEEEET_PN3WTF8JSONImpl6ObjectERKNS6_6StringEbNS2_8functionIFS5_RNS7_5ValueEEEEPKc
    ERROR: symbol __ZN9Inspector17BackendDispatcher16getPropertyValueINSt3__18optionalIiEEEET_PN3WTF8JSONImpl6ObjectERKNS6_6StringEbNS2_8functionIFS5_RNS7_5ValueEEEEPKc
    ```

    This patch adresses the issue by specifying hidden visibility for said
    symbol.

    * Source/JavaScriptCore/inspector/InspectorBackendDispatcher.h:

    Canonical link: https://commits.webkit.org/274901@main

Canonical link: https://commits.webkit.org/272448.857@safari-7618-branch


  Commit: ce10225c68020e4835323409fc104f309287d5d6
      https://github.com/WebKit/WebKit/commit/ce10225c68020e4835323409fc104f309287d5d6
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2024-04-03 (Wed, 03 Apr 2024)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemoteProperties.serialization.in

  Log Message:
  -----------
  Validate key paths of animations in an animation group sent over IPC
https://bugs.webkit.org/show_bug.cgi?id=271476
rdar://125216664

Reviewed by Simon Fraser.

Assert that the key path of animations created within an animation group is valid
when receiving them from an IPC connection in the same spirit as 259066 at main.

Additionally, we add a `Validator` for the `PlatformCAAnimationRemoteProperties::animationType`
member such that it calls `PlatformCAAnimation::isValidKeyPath()` during the decoding
process and trigger a `MESSAGE_CHECK` if the key is not valid. It is important to do this for
`animationType` and not `keyPath` since we need both members to have been decoded first.

* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm:
(WebKit::createAnimation):
* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemoteProperties.serialization.in:

Canonical link: https://commits.webkit.org/272448.858@safari-7618-branch


  Commit: e5f73b83b7d8bdfd17ca5c78ebbaa35558b759b2
      https://github.com/WebKit/WebKit/commit/e5f73b83b7d8bdfd17ca5c78ebbaa35558b759b2
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-03 (Wed, 03 Apr 2024)

  Changed paths:
    A LayoutTests/fast/images/async-image-intersect-different-size-for-drawing-expected.txt
    A LayoutTests/fast/images/async-image-intersect-different-size-for-drawing.html
    M Source/WebCore/loader/cache/CachedImage.h
    M Source/WebCore/platform/graphics/BitmapImage.cpp
    M Source/WebCore/platform/graphics/BitmapImage.h
    M Source/WebCore/platform/graphics/ImageObserver.h
    M Source/WebCore/rendering/RenderBoxModelObject.cpp
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl

  Log Message:
  -----------
  Apply patch. rdar://117533495

Canonical link: https://commits.webkit.org/272448.859@safari-7618-branch


  Commit: f4c9b33c21cbf29f23ae0d72521839ed0248084c
      https://github.com/WebKit/WebKit/commit/f4c9b33c21cbf29f23ae0d72521839ed0248084c
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-04-03 (Wed, 03 Apr 2024)

  Changed paths:
    A LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content-expected.html
    A LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content.html
    M Source/WebCore/layout/floats/FloatingContext.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.h
    M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp
    M Source/WebCore/layout/formattingContexts/inline/IntrinsicWidthHandler.cpp

  Log Message:
  -----------
  Cherry-pick 9f7e229a0663. rdar://125853546

    REGRESSION: A floating element can cause the latter half of a hyphenated word to disappear
    https://bugs.webkit.org/show_bug.cgi?id=268346
    <rdar://problem/121889487>

    Reviewed by Antti Koivisto.

    It's okay to not being able to advance on the inline content even when it is partial (either through hyphenation or arbitrary breaking position) when
    there is an intrusive float on the line.

    * LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content-expected.html: Added.
    * LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content.html: Added.
    * Source/WebCore/layout/floats/FloatingContext.cpp:
    (WebCore::Layout::FloatingContext::constraints const):
    * Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp:
    (WebCore::Layout::InlineContentBalancer::initialize):
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:
    (WebCore::Layout::InlineFormattingContext::lineLayout):
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp:
    (WebCore::Layout::InlineFormattingUtils::leadingInlineItemPositionForNextLine):
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.h:
    * Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
    (WebCore::Layout::LineBuilder::placeInlineAndFloatContent):
    * Source/WebCore/layout/formattingContexts/inline/IntrinsicWidthHandler.cpp:
    (WebCore::Layout::IntrinsicWidthHandler::computedIntrinsicWidthForConstraint):

    Canonical link: https://commits.webkit.org/273836@main

Canonical link: https://commits.webkit.org/272448.860@safari-7618-branch


  Commit: cf7ab1a6c06747de82f11e95f95ec3a028bd7258
      https://github.com/WebKit/WebKit/commit/cf7ab1a6c06747de82f11e95f95ec3a028bd7258
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-04-03 (Wed, 03 Apr 2024)

  Changed paths:
    M Source/WebCore/dom/Element.cpp

  Log Message:
  -----------
  Cherry-pick 08da24e33a25. rdar://120933131

    Element::boundingClientRect should check the state of the tree
    https://bugs.webkit.org/show_bug.cgi?id=271934
    <rdar://problem/125740711>

    Reviewed by Simon Fraser.

    Check if we can get away with not running layout.

    * Source/WebCore/dom/Element.cpp:
    (WebCore::Element::boundingClientRect):
    * Tools/Scripts/webkitpy/benchmark_runner/data/plans/speedometer3.plan:

    Canonical link: https://commits.webkit.org/276918@main

Canonical link: https://commits.webkit.org/272448.861@safari-7618-branch


  Commit: 131221acb5b9186f508fa88b71d4f96e9fcc08cc
      https://github.com/WebKit/WebKit/commit/131221acb5b9186f508fa88b71d4f96e9fcc08cc
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-04-03 (Wed, 03 Apr 2024)

  Changed paths:
    M Source/WebCore/dom/Traversal.cpp
    M Source/WebCore/dom/Traversal.h
    M Source/WebCore/dom/TreeWalker.cpp

  Log Message:
  -----------
  Cherry-pick ff897caf5ad2. rdar://123733686

    Extract a portion of NodeIteratorBase::acceptNode which checks bit flags into its own function
    https://bugs.webkit.org/show_bug.cgi?id=270210
    <rdar://problem/123733686>

    Reviewed by Chris Dumez.

    Extracted matchesWhatToShow out of acceptNode and deployed in TreeWalker::nextNode and
    TreeWalker::previousNode.

    * Source/WebCore/dom/Traversal.cpp:
    (WebCore::NodeIteratorBase::acceptNodeSlowCase):
    * Source/WebCore/dom/Traversal.h:
    (WebCore::NodeIteratorBase::acceptNode):
    (WebCore::NodeIteratorBase::matchesWhatToShow):
    * Source/WebCore/dom/TreeWalker.cpp:
    (WebCore::TreeWalker::previousNode):
    (WebCore::TreeWalker::nextNode):

    Canonical link: https://commits.webkit.org/275468@main

Canonical link: https://commits.webkit.org/272448.862@safari-7618-branch


  Commit: 21771a7de8c8870daa1cf41659636665b89865f3
      https://github.com/WebKit/WebKit/commit/21771a7de8c8870daa1cf41659636665b89865f3
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-04-04 (Thu, 04 Apr 2024)

  Changed paths:
    M LayoutTests/ipc/dirty-region-overflow.html

  Log Message:
  -----------
  Running `ipc/dirty-region-overflow.html` and `ipc/invalid-message-to-web-process.html` in succession causes a crash
https://bugs.webkit.org/show_bug.cgi?id=272126
rdar://125851088

Reviewed by Kimmo Kinnunen.

Receive and set semaphores after creating a rendering backend.

* LayoutTests/ipc/dirty-region-overflow.html:

Canonical link: https://commits.webkit.org/272448.863@safari-7618-branch


  Commit: a1e0326cfb33b69ca3a133b798d8d05727fb1b25
      https://github.com/WebKit/WebKit/commit/a1e0326cfb33b69ca3a133b798d8d05727fb1b25
  Author: Elliott Williams <emw at apple.com>
  Date:   2024-04-04 (Thu, 04 Apr 2024)

  Changed paths:
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/AppServerSupport.framework/AppServerSupport.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/AppSupport.framework/AppSupport.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices.tbd
    A WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/IconServices.framework/IconServices.tbd
    A WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/InstallCoordination.framework/InstallCoordination.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices.tbd
    A WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/ServiceExtensions.framework/ServiceExtensions.tbd
    M WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/URLFormatting.framework/URLFormatting.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/AppServerSupport.framework/AppServerSupport.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/AppSupport.framework/AppSupport.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices.tbd
    A WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/IconServices.framework/IconServices.tbd
    A WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/InstallCoordination.framework/InstallCoordination.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices.tbd
    A WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/ServiceExtensions.framework/ServiceExtensions.tbd
    M WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/URLFormatting.framework/URLFormatting.tbd

  Log Message:
  -----------
  [Release branch only] Update TBDs for building safari-7618-branch on public iOS 17.4 SDK
rdar://125917251

Reviewed by Jonathan Bedard.

safari-7618-branch did not get the BrowserEngineKit upstreaming change
in https://commits.webkit.org/273582@main. It didn't need to, because
the build of WebKit which shipped in iOS 17.4 used private frameworks
like ServiceExtensions before they were renamed to BEK.

Now, to build against the public SDK for security EWS, check in stubs
for those private frameworks, and regenerate existing TBDs.

This DOES NOT need to be picked back into main after release, as main
has adopting BrowserEngineKit and other new API.

* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/AppServerSupport.framework/AppServerSupport.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/AppSupport.framework/AppSupport.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/IconServices.framework/IconServices.tbd: Added.
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices.tbd: Copied from WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/AppServerSupport.framework/AppServerSupport.tbd.
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/InstallCoordination.framework/InstallCoordination.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices.tbd:
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/ServiceExtensions.framework/ServiceExtensions.tbd: Added.
* WebKitLibraries/SDKs/iphoneos17.0-additions.sdk/System/Library/PrivateFrameworks/URLFormatting.framework/URLFormatting.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/AppServerSupport.framework/AppServerSupport.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/AppSupport.framework/AppSupport.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/IconServices.framework/IconServices.tbd: Copied from WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/AppSupport.framework/AppSupport.tbd.
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices.tbd: Added.
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/InstallCoordination.framework/InstallCoordination.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices.tbd:
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/ServiceExtensions.framework/ServiceExtensions.tbd: Added.
* WebKitLibraries/SDKs/iphonesimulator17.0-additions.sdk/System/Library/PrivateFrameworks/URLFormatting.framework/URLFormatting.tbd:

Canonical link: https://commits.webkit.org/272448.864@safari-7618-branch


  Commit: 034eeede07abdbfcff8a11c9d683d5bae07c424a
      https://github.com/WebKit/WebKit/commit/034eeede07abdbfcff8a11c9d683d5bae07c424a
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-04 (Thu, 04 Apr 2024)

  Changed paths:
    R LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content-expected.html
    R LayoutTests/fast/inline/intrusive-float-with-no-available-space-and-partial-content.html
    M Source/WebCore/layout/floats/FloatingContext.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.h
    M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp
    M Source/WebCore/layout/formattingContexts/inline/IntrinsicWidthHandler.cpp

  Log Message:
  -----------
  Revert "Cherry-pick 9f7e229a0663. rdar://125853546"

This reverts commit f4c9b33c21cbf29f23ae0d72521839ed0248084c.

Identifier: 272448.864 at safari-7618-branch


  Commit: c13ed137a51a3067699e33e4e84bef95160ee265
      https://github.com/WebKit/WebKit/commit/c13ed137a51a3067699e33e4e84bef95160ee265
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-04-04 (Thu, 04 Apr 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h

  Log Message:
  -----------
  Cherry-pick 276746 at main (9a4220e2fa83). rdar://125933932

    Unreviewed, fix the watchOS 10.4 build
    rdar://125492034

    Set `HAVE_BROWSER_ENGINE_SUPPORTING_API` to avoid duplicate declarations in the SDK.

    * Source/WTF/wtf/PlatformHave.h:

    Canonical link: https://commits.webkit.org/276746@main

Canonical link: https://commits.webkit.org/272448.866@safari-7618-branch


  Commit: b4edd8f7193f1f77f000a7431829f53cf2437131
      https://github.com/WebKit/WebKit/commit/b4edd8f7193f1f77f000a7431829f53cf2437131
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/crypto/CryptoKey.h
    M Source/WebCore/crypto/SerializedCryptoKeyWrap.h
    M Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm
    M Source/WebKit/Scripts/webkit/messages.py
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.messages.in
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp

  Log Message:
  -----------
  Serialize CryptoKey using CoreIPC
https://bugs.webkit.org/show_bug.cgi?id=272064
rdar://125341497

Reviewed by Alex Christensen and David Kilzer.

Over-the-wire bytes will now be serialized/deserialized using CoreIPC ::encode/::decode.
Note: Serialization in wrapCryptoKey is still a property list to maintain backward
compatibility with serialized CryptoKeys on-disk of existing users.  No new tests since
existing tests that put/get keys from IndexedDB will also exercise this change.

Combined changes:
* Source/WebCore/crypto/CryptoKey.h:
* Source/WebCore/crypto/SerializedCryptoKeyWrap.h:
* Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm:
(WebCore::wrapSerializedCryptoKey):
(WebCore::readSerializedCryptoKey):
(WebCore::unwrapCryptoKey):
(WebCore::unwrapSerializedCryptoKey):
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::unwrapCryptoKey):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::unwrapCryptoKey const):

Canonical link: https://commits.webkit.org/272448.867@safari-7618-branch


  Commit: f75794e30ca0e3e92a507a10f74dfca9812c461d
      https://github.com/WebKit/WebKit/commit/f75794e30ca0e3e92a507a10f74dfca9812c461d
  Author: Elika Etemad <fantasai.bugs at inkedblade.net>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/css/css-align/blocks/align-content-block-overflow-000-expected.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-align/blocks/align-content-block-overflow-000-ref.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-overflow/overflow-alignment-block-001.html
    M Source/WebCore/rendering/RenderBlockFlow.cpp

  Log Message:
  -----------
  Cherry-pick fd49ec9a3044. rdar://125742095

    Make default safety of align-content on block containers that are scroll containers unsafe.
    https://bugs.webkit.org/show_bug.cgi?id=272002
    rdar://problem/125742095

    Reviewed by Simon Fraser.

    Tweaks the align-content safety checks for RenderBlockFlow to assume
    "unsafe" rather than "safe" alignment on scroll containers.

    * LayoutTests/imported/w3c/web-platform-tests/css/css-align/blocks/align-content-block-overflow-000-expected.html: Adjust expectations.
    * LayoutTests/imported/w3c/web-platform-tests/css/css-align/blocks/align-content-block-overflow-000-ref.html: Adjust expectations.
    * LayoutTests/imported/w3c/web-platform-tests/css/css-overflow/overflow-alignment-block-001.html: Adjust expectations.
    * Source/WebCore/rendering/RenderBlockFlow.cpp:
    (WebCore::RenderBlockFlow::shiftForAlignContent): Check for 'safe' and content distribution explicitly, limit default safety check to non-scroll-containers.
    (WebCore::RenderBlockFlow::allowedLayoutOverflow const): Simplify short-circuit alignment check.

    Canonical link: https://commits.webkit.org/276929@main

Canonical link: https://commits.webkit.org/272448.867@safari-7618-branch


  Commit: 0a5be7c4621abff334686059bfcd5dcaacf27eec
      https://github.com/WebKit/WebKit/commit/0a5be7c4621abff334686059bfcd5dcaacf27eec
  Author: Ben Nham <nham at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/ProcessAssertionCocoa.mm
    M Source/WebKit/UIProcess/ProcessAssertion.cpp
    M Source/WebKit/UIProcess/ProcessAssertion.h
    M Source/WebKit/UIProcess/ProcessThrottler.cpp

  Log Message:
  -----------
  Cherry-pick b77155f9e2ec. rdar://125037124

    Prevent locked files assertion from taking a power assertion
    https://bugs.webkit.org/show_bug.cgi?id=272009
    rdar://125037124

    Reviewed by Per Arne Vollan and Chris Dumez.

    The locked files assertion in NetworkProcess can sometimes take a power assertion, because
    FinishTaskInterruptable assertions take power assertions. (There are cases where the system allows
    you to create a FinishTaskInterruptable but doesn't actually immediately activate it, so it doesn't
    *always* take a power assertion, but it can and does create a power assertion in various
    circumstances.) This is bad because even taking and then immediately releasing a power assertion can
    reset the idle timer for the whole device for several seconds.

    To fix this, take a FinishTaskCanSleep assertion instead.

    * Source/WebKit/NetworkProcess/NetworkProcess.cpp:
    (WebKit::NetworkProcess::setIsHoldingLockedFiles):
    * Source/WebKit/NetworkProcess/NetworkProcess.h:
    * Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm:
    (WebKit::NetworkProcess::acquireLockedFileActivity): Deleted.
    (WebKit::NetworkProcess::invalidateFileActivity): Deleted.
    (WebKit::NetworkProcess::hasAcquiredFileActivity const): Deleted.
    * Source/WebKit/UIProcess/Cocoa/ProcessAssertionCocoa.mm:
    (WebKit::runningBoardNameForAssertionType):
    (WebKit::runningBoardDomainForAssertionType):
    * Source/WebKit/UIProcess/ProcessAssertion.cpp:
    (WebKit::processAssertionTypeDescription):
    * Source/WebKit/UIProcess/ProcessAssertion.h:
    * Source/WebKit/UIProcess/ProcessThrottler.cpp:
    (WebKit::ProcessThrottler::assertionName const):

    Canonical link: https://commits.webkit.org/276985@main

Canonical link: https://commits.webkit.org/272448.868@safari-7618-branch


  Commit: ad907bb418e0a67cfd0f71f364265f9a1d3e279c
      https://github.com/WebKit/WebKit/commit/ad907bb418e0a67cfd0f71f364265f9a1d3e279c
  Author: Tim Nguyen <ntim at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/dom/RadioButtonGroups.cpp

  Log Message:
  -----------
  Cherry-pick 1870b119a450. rdar://117727866

    CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::ValidatedFormListedElement::updateValidity
    https://bugs.webkit.org/show_bug.cgi?id=272044
    rdar://117727866

    Reviewed by Ryosuke Niwa.

    It speculatively fixes a bug that RadioButtonGroup::m_members may contain a nullptr WeakRef.

    * Source/WebCore/dom/RadioButtonGroups.cpp:
    (WebCore::RadioButtonGroup::isEmpty const):
    (WebCore::RadioButtonGroup::remove):
    (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
    (WebCore::RadioButtonGroup::updateValidityForAllButtons):

    Canonical link: https://commits.webkit.org/277007@main

Canonical link: https://commits.webkit.org/272448.869@safari-7618-branch


  Commit: 73400af8db7520ff77ca2a8af27ca484b085aced
      https://github.com/WebKit/WebKit/commit/73400af8db7520ff77ca2a8af27ca484b085aced
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm

  Log Message:
  -----------
  Cherry-pick 0e6ba3e0f23c. rdar://125791668

    Add SPI for creating _WKApplicationManifest with data
    https://bugs.webkit.org/show_bug.cgi?id=272075
    rdar://125791668

    Reviewed by Chris Dumez.

    Test: WKApplicationManifest.EmptyJSONData
          WKApplicationManifest.JSONDataEncoding

    * Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.h:
    * Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.mm:
    (-[_WKApplicationManifest initWithJSONData:manifestURL:documentURL:]):
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm:
    (TestWebKitAPI::TEST(WKApplicationManifest, EmptyJSONData)):
    (TestWebKitAPI::TEST(WKApplicationManifest, JSONDataEncoding)):

    Canonical link: https://commits.webkit.org/277014@main

Canonical link: https://commits.webkit.org/272448.870@safari-7618-branch


  Commit: 854912a088879437128523424a5dc8b4c07386c8
      https://github.com/WebKit/WebKit/commit/854912a088879437128523424a5dc8b4c07386c8
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.8

Canonical link: https://commits.webkit.org/272448.872@safari-7618-branch


  Commit: e6123d8a8215fdc3202d5df9254feda49951a5eb
      https://github.com/WebKit/WebKit/commit/e6123d8a8215fdc3202d5df9254feda49951a5eb
  Author: Yijia Huang <yijia_huang at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    A JSTests/wasm/stress/try-and-block-with-v128-results.js
    A JSTests/wasm/stress/try-and-block-with-v128-results.wasm
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmConstExprGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmFunctionParser.h
    M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.h

  Log Message:
  -----------
  [WASM] Block with v128 results should notify SIMD uses
https://bugs.webkit.org/show_bug.cgi?id=271494
rdar://125146449

Reviewed by Justin Michaud.

We should notify the SIMD use when wasm block within the code has v128 results.

* JSTests/wasm/stress/try-and-block-with-v128-results.js: Added.
(globalThis.callerIsBBQOrOMGCompiled.instantiateJsc):
(else.instantiateBrowser):
(async let):
* JSTests/wasm/stress/try-and-block-with-v128-results.wasm: Added.

Canonical link: https://commits.webkit.org/272448.873@safari-7618-branch


  Commit: a092821318c3f5c268be606c0b34abe394668a87
      https://github.com/WebKit/WebKit/commit/a092821318c3f5c268be606c0b34abe394668a87
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesForwardDeclarations.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://125794592

Canonical link: https://commits.webkit.org/272448.874@safari-7618-branch


  Commit: 837341cc6662be0f0cba1a4116bd98d7999e5b77
      https://github.com/WebKit/WebKit/commit/837341cc6662be0f0cba1a4116bd98d7999e5b77
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    A JSTests/microbenchmarks/uint8-clamped-array-out-of-bounds.js
    A JSTests/stress/typed-array-out-of-bounds.js
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGArrayMode.cpp
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

  Log Message:
  -----------
  Cherry-pick de77ddb828e1. rdar://125863449

    [JSC] Handle OutOfBounds GetByVal of TypedArray
    https://bugs.webkit.org/show_bug.cgi?id=272107
    rdar://problem/125863449

    Reviewed by Justin Michaud.

    Previously, DFG / FTL are not tolerant against OutOfBounds access of TypedArray: whenever we encounter this, we did OSR exit.
    But this is not so great, and we should make it work well since there are legit cases which does OutOfBounds access to TypedArray.

    This patch integrates OutOfBounds GetByVal access to TypedArray, which is similar to what we have for the other arrays.
    Based on ArrayProfile information, we annotate DFG::ArrayMode with OutOfBounds. And then DFG / FTL handle this case gracefully.
    InBounds case is still fastest since we can put strong type prediction / invariant on the returned value too. But still, OutOfBounds
    handling is better than just doing OSR exit repeatedly.
    One of the interesting aspect is that TypedArray does not propagate access of OutOfBounds to [[Prototype]], which is specified in the spec.
    As a result, we can say that the result is `undefined` when OutOfBounds access happens, which makes slow path case significantly simpler.

                                                      ToT                     Patched

        uint8-clamped-array-out-of-bounds       18.8348+-0.0251     ^      1.3021+-0.0190        ^ definitely 14.4654x faster

    * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * Source/JavaScriptCore/dfg/DFGArrayMode.cpp:
    (JSC::DFG::ArrayMode::refine const):
    * Source/JavaScriptCore/dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::setIntTypedArrayLoadResult):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
    (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): Deleted.
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):

    Canonical link: https://commits.webkit.org/277050@main

Canonical link: https://commits.webkit.org/272448.875@safari-7618-branch


  Commit: 54d4ecbb24a9e90d7f7153c41c0a239954f16d74
      https://github.com/WebKit/WebKit/commit/54d4ecbb24a9e90d7f7153c41c0a239954f16d74
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    A JSTests/stress/ftl-purify-nan-oob.js
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

  Log Message:
  -----------
  Cherry-pick 383ab3463ca7. rdar://125925062

    [JSC] Follow-up after 277050 at main
    https://bugs.webkit.org/show_bug.cgi?id=272178
    rdar://125925062

    Reviewed by Keith Miller.

    When returning boxed JSValue in FTL for GetByVal, we should do purifyNaN to make it pure NaN.

    * JSTests/stress/ftl-purify-nan-oob.js: Added.
    (shouldBe):
    (test):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):

    Canonical link: https://commits.webkit.org/277089@main

Canonical link: https://commits.webkit.org/272448.876@safari-7618-branch


  Commit: 76b90c1c9dbdd09ba272e3173c370acbeb888aa2
      https://github.com/WebKit/WebKit/commit/76b90c1c9dbdd09ba272e3173c370acbeb888aa2
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h

  Log Message:
  -----------
  Apply patch. rdar://125794592 (Follow-up)
rdar://125794592

Unreviewed build fix.

* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h: Include AuthenticatorTransport.h.

Canonical link: https://commits.webkit.org/272448.877@safari-7618-branch


  Commit: 58b544976f7f3eae423120613332462971954b84
      https://github.com/WebKit/WebKit/commit/58b544976f7f3eae423120613332462971954b84
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h

  Log Message:
  -----------
  Fix build after rdar://125794592
https://bugs.webkit.org/show_bug.cgi?id=272254
rdar://125993884

Unreviewed.

* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h:

Canonical link: https://commits.webkit.org/272448.878@safari-7618-branch


  Commit: 1e8464baa968c1e71f3f94dff750cba44dcc1234
      https://github.com/WebKit/WebKit/commit/1e8464baa968c1e71f3f94dff750cba44dcc1234
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    A LayoutTests/ipc/send-filter-expected.txt
    A LayoutTests/ipc/send-filter.html
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp

  Log Message:
  -----------
  Cherry-pick 274097.15 at webkit-2024.2-embargoed (977618344850). rdar://122378065

    [GPU Process] Cache the Filter only if it has a valid resource identifier
    https://bugs.webkit.org/show_bug.cgi?id=270324

    Reviewed by Said Abou-Hallawa.

    Filter is a RenderingResource and it can be cached by DisplayList,
    however, every resource needs an identifier to be cached and a Filter
    can be created without an identifier.

    This patch prevents Filters without identifiers from being cached.

    * LayoutTests/TestExpectations:
    * LayoutTests/ipc/send-filter-expected.txt: Added.
    * LayoutTests/ipc/send-filter.html: Added.
    * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
    (WebKit::RemoteRenderingBackend::cacheFilter):

    Canonical link: https://commits.webkit.org/274097.15@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.879@safari-7618-branch


  Commit: beb97ad546bd2d900b05168444bbb42bab8350f4
      https://github.com/WebKit/WebKit/commit/beb97ad546bd2d900b05168444bbb42bab8350f4
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    A LayoutTests/ipc/ui-send-empty-uuid-expected.txt
    A LayoutTests/ipc/ui-send-empty-uuid.html
    M Source/WebKit/UIProcess/Cocoa/ModelElementControllerCocoa.mm

  Log Message:
  -----------
  Cherry-pick 274097.13 at webkit-2024.2-embargoed (8105acb3cedb). rdar://122379657

    Missing return when uuid is empty
    https://bugs.webkit.org/show_bug.cgi?id=270481

    Reviewed by John Wilander.

    When sending a message to WebPageProxy_ModelElementLoadRemotePreview,
    the uuid cannot be empty. There is already a check for that but if an empty
    uuid is indeed sent, we never return the error. This patch adds the missing
    return.

    * LayoutTests/ipc/ui-send-empty-uuid-expected.txt: Added.
    * LayoutTests/ipc/ui-send-empty-uuid.html: Added.
    * Source/WebKit/UIProcess/Cocoa/ModelElementControllerCocoa.mm:
    (WebKit::ModelElementController::modelElementLoadRemotePreview):

    Canonical link: https://commits.webkit.org/274097.13@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.880@safari-7618-branch


  Commit: 638de896ddeb092286a09716f1cddb6a42858d0b
      https://github.com/WebKit/WebKit/commit/638de896ddeb092286a09716f1cddb6a42858d0b
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/ipc/send-gradient-expected.txt
    A LayoutTests/ipc/send-gradient.html
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp
    M Source/WebKit/Platform/Logging.h

  Log Message:
  -----------
  Cherry-pick 274097.14 at webkit-2024.2-embargoed (0bfbed0e1d1a). rdar://122181237

    Always build a Gradient identifier to enable resource caching
    https://bugs.webkit.org/show_bug.cgi?id=270480

    Reviewed by Said Abou-Hallawa.

    Gradient is a RenderingResource and it can be cached by DisplayList,
    however, every resource needs an identifier to be cached and a Gradient
    can be created withouth an identifier.

    This patch prevents Gradients without identifiers from being cached.

    * LayoutTests/TestExpectations:
    * LayoutTests/ipc/send-gradient-expected.txt: Added.
    * LayoutTests/ipc/send-gradient.html: Added.
    * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
    (WebKit::RemoteRenderingBackend::cacheGradient):

    Canonical link: https://commits.webkit.org/274097.14@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.881@safari-7618-branch


  Commit: 833c66b2696408b399a8eb45b95c792de3a47307
      https://github.com/WebKit/WebKit/commit/833c66b2696408b399a8eb45b95c792de3a47307
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm

  Log Message:
  -----------
  REGRESSION: 272448.767 at safari-7618-branch broke TestWebKitAPI.SiteIsolation tests
rdar://125978231

Reviewed by Charlie Wolfe.

Rebase tests for the security branch only.

It would take a lot of high-risk changes to make these tests behave as they do on main.
They are also not important because site isolation is off.  They do not indicate
any issues a user would hit.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/272448.882@safari-7618-branch


  Commit: 520661c1a1ae663152b4bf91bd9540a3dc299cc7
      https://github.com/WebKit/WebKit/commit/520661c1a1ae663152b4bf91bd9540a3dc299cc7
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-04-05 (Fri, 05 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/applicationmanifest/ApplicationManifestParser.cpp
    M Source/WebCore/Modules/applicationmanifest/ApplicationManifestParser.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm

  Log Message:
  -----------
  Cherry-pick fa54f7ce3cd9. rdar://125913241

    Make _WKApplicationManifest initializer return nil when jsonData is not valid JSON
    https://bugs.webkit.org/show_bug.cgi?id=272161
    rdar://125913241

    Reviewed by Chris Dumez.

    API Test: WKApplicationManifest.InvalidJSONData

    * Source/WebCore/Modules/applicationmanifest/ApplicationManifestParser.cpp:
    (WebCore::ApplicationManifestParser::parse):
    (WebCore::ApplicationManifestParser::parseWithValidation):
    (WebCore::ApplicationManifestParser::createJSONObject):
    (WebCore::ApplicationManifestParser::parseManifest):
    * Source/WebCore/Modules/applicationmanifest/ApplicationManifestParser.h:
    * Source/WebKit/UIProcess/API/Cocoa/_WKApplicationManifest.mm:
    (-[_WKApplicationManifest initWithJSONData:manifestURL:documentURL:]):
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm:
    (TestWebKitAPI::TEST(WKApplicationManifest, InvalidJSONData)):

    Canonical link: https://commits.webkit.org/277098@main

Canonical link: https://commits.webkit.org/272448.877@safari-7618-branch


  Commit: 0def173953335728c507dc212351cae0f7b88997
      https://github.com/WebKit/WebKit/commit/0def173953335728c507dc212351cae0f7b88997
  Author: Brady Eidson <beidson at apple.com>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/APISerializedScriptValueCocoa.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKUserContentController.mm

  Log Message:
  -----------
  Cherry-pick ca760255d2d5. rdar://125652518

    Speculative improvements for rdar://125652518
    rdar://125652518
    https://bugs.webkit.org/show_bug.cgi?id=272201

    Reviewed by Per Arne Vollan and Ryosuke Niwa.

    While we continue to explore this crash tracer (while deserializing a postMessage to a script message handler),
    I spotted some room for improvements.

    * Source/WebKit/UIProcess/API/Cocoa/APISerializedScriptValueCocoa.mm:
    (API::SharedJSContext::ensureContext):
    (API::sharedContext):
    (API::SerializedScriptValue::deserialize):
    (API::coreValueFromNSObject):
    * Source/WebKit/UIProcess/API/Cocoa/WKUserContentController.mm:

    Canonical link: https://commits.webkit.org/277131@main

Canonical link: https://commits.webkit.org/272448.884@safari-7618-branch


  Commit: 9192181bee23f37a569e024bceca70d5dd204565
      https://github.com/WebKit/WebKit/commit/9192181bee23f37a569e024bceca70d5dd204565
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-08 (Mon, 08 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm

  Log Message:
  -----------
  Apply patch. rdar://125984025

	[iOS 17.5 beta] Crash in WebKit::ExtensionCapabilityGrant::operator= https://bugs.webkit.org/show_bug.cgi?id=272170 rdar://125984025

	Reviewed by Sihui Liu.

	We need to invalidate the grant before deallocating it.

	* Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h:
	* Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm:
	(WebKit::ExtensionCapabilityGrant::operator=):

	Canonical link: https://commits.webkit.org/277141@main

Canonical link: https://commits.webkit.org/272448.885@safari-7618-branch


  Commit: 726257d5fabe68dd6a826d4398b4d487eb23547c
      https://github.com/WebKit/WebKit/commit/726257d5fabe68dd6a826d4398b4d487eb23547c
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    A LayoutTests/http/tests/media/video-src-mp4-blob-expected.txt
    A LayoutTests/http/tests/media/video-src-mp4-blob.html
    A LayoutTests/http/tests/media/video-src-webm-blob-expected.txt
    A LayoutTests/http/tests/media/video-src-webm-blob.html
    A LayoutTests/http/tests/media/video-srcobject-webm-blob-expected.txt
    A LayoutTests/http/tests/media/video-srcobject-webm-blob.html
    M LayoutTests/http/tests/media/white.webm
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/fileapi/ThreadableBlobRegistry.cpp
    M Source/WebCore/fileapi/ThreadableBlobRegistry.h
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLMediaElement.h
    M Source/WebCore/platform/network/BlobRegistry.h
    M Source/WebCore/platform/network/BlobRegistryImpl.cpp
    M Source/WebCore/platform/network/BlobRegistryImpl.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    M Source/WebKit/NetworkProcess/NetworkProcessPlatformStrategies.cpp
    M Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.cpp
    M Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.h
    M Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm

  Log Message:
  -----------
  Apply patch. rdar://124939608

Canonical link: https://commits.webkit.org/272448.886@safari-7618-branch


  Commit: 3a29edb0fc2a29b0519e185842b601b9cb1126ea
      https://github.com/WebKit/WebKit/commit/3a29edb0fc2a29b0519e185842b601b9cb1126ea
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/text/EncodingTables.cpp

  Log Message:
  -----------
  Cherry-pick 6e7fffdeac955986ee20f2a860d754e7f494ec00 rdar://124720057

    Skip gb18030 table correction on platforms with ICU 74
    https://bugs.webkit.org/show_bug.cgi?id=271101
    rdar://124720057

    Reviewed by Yusuke Suzuki.

    On the Sonoma 23E214 build released last week, ICU 74 is present as indicated by
    the updated gb18030 table.  However, uvernum.h is not in the public SDK so open
    source builds use the definition of U_ICU_VERSION_MAJOR_NUM in our copy of uvernum.h
    in Source/WTF/icu/unicode/uvernum.h which has U_ICU_VERSION_MAJOR_NUM defined to 70.
    Change the compile check to a runtime check.

    * Source/WTF/wtf/PlatformHave.h:
    * Source/WebCore/PAL/pal/text/EncodingTables.cpp:
    (PAL::gb18030):

    Canonical link: https://commits.webkit.org/276229@main

* Source/WebCore/PAL/pal/text/EncodingTables.cpp:
(PAL::gb18030):

Canonical link: https://commits.webkit.org/272448.887@safari-7618-branch


  Commit: 9cc3d154247b98480a79e086313ade68b2a7bb40
      https://github.com/WebKit/WebKit/commit/9cc3d154247b98480a79e086313ade68b2a7bb40
  Author: Rob Buis <rbuis at igalia.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    A LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent-expected.txt
    A LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent.html
    M Source/WebCore/rendering/style/StyleGradientImage.cpp

  Log Message:
  -----------
  Cherry-pick 274097.16 at webkit-2024.2-embargoed (c2f3e54dfeed). rdar://125579928

    ASAN_TRAP | WTF::Vector::expandCapacity; WTF::Vector::expandCapacity; WTF::Vector::appendSlowCase
    https://bugs.webkit.org/show_bug.cgi?id=271904

    Reviewed by Antti Koivisto.

    For https://bugs.webkit.org/show_bug.cgi?id=264639 a fix was done to deal with repeating gradients
    where a tiny offset range was repeated, causing a large number of items to be added to the stop vector.
    That fix does not apply when the offset range is reasonable but the maxExtent is large. So, also take the
    maxExtent into account when deciding whether to produce extra gradient stops.

    * LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent-expected.txt: Added.
    * LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent.html: Added.
    * Source/WebCore/rendering/style/StyleGradientImage.cpp:
    (WebCore::StyleGradientImage::computeStops const):

    Canonical link: https://commits.webkit.org/274097.16@webkit-2024.2-embargoed

Canonical link: https://commits.webkit.org/272448.888@safari-7618-branch


  Commit: 7e9184c87123a5628dab7b582dea59eb8255e8f5
      https://github.com/WebKit/WebKit/commit/7e9184c87123a5628dab7b582dea59eb8255e8f5
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
    M Source/WebCore/platform/network/cf/DNSResolveQueueCFNet.cpp

  Log Message:
  -----------
  Use nw_context_privacy_level_silent for DNS lookup
https://bugs.webkit.org/show_bug.cgi?id=272190

Reviewed by Matthew Finkel, Brent Fulgham and Youenn Fablet.

DNSServiceGetAddrInfo logs the domain name in internal builds, which is undesirable
when using WKWebsiteDataStore.nonPersistentDataStore.  This redacts those logs.
Public OSes should be unaffected.

* Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h:
* Source/WebCore/platform/network/cf/DNSResolveQueueCFNet.cpp:
(WebCore::DNSResolveQueueCFNet::CompletionHandlerWrapper::complete):
(WebCore::extractIPAddress):
(WebCore::DNSResolveQueueCFNet::performDNSLookup):
(WebCore::DNSResolveQueueCFNet::stopResolve):
(WebCore::DNSResolveQueueCFNet::CompletionHandlerWrapper::addIPAddress): Deleted.
(WebCore::DNSResolveQueueCFNet::CompletionHandlerWrapper::receivedIPv4AndIPv6 const): Deleted.
(): Deleted.
(WebCore::dnsLookupCallback): Deleted.

Canonical link: https://commits.webkit.org/272448.889@safari-7618-branch


  Commit: 5f1654c570e894a8f03b298188a2773a969dbb6e
      https://github.com/WebKit/WebKit/commit/5f1654c570e894a8f03b298188a2773a969dbb6e
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm
    M Source/WebKit/UIProcess/Cocoa/ExtensionCapabilityGranter.mm

  Log Message:
  -----------
  Apply patch. rdar://125984025

Canonical link: https://commits.webkit.org/272448.890@safari-7618-branch


  Commit: 2d5d49aa3ada96d9a66b1c1d7c8afc75a373dfd9
      https://github.com/WebKit/WebKit/commit/2d5d49aa3ada96d9a66b1c1d7c8afc75a373dfd9
  Author: Jean-Yves Avenard <jya at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    A LayoutTests/http/tests/media/audio-load-loadeddata-expected.txt
    A LayoutTests/http/tests/media/audio-load-loadeddata.html
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/platform/graphics/MediaPlayer.cpp
    M Source/WebCore/platform/graphics/MediaPlayer.h
    M Source/WebCore/platform/graphics/MediaPlayerPrivate.h
    M Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp
    M Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h
    M Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.messages.in
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h

  Log Message:
  -----------
  Cherry-pick c0a2b3040d2d. rdar://124079735

    <audio> and <video> loadeddata events not fired on page load
    https://bugs.webkit.org/show_bug.cgi?id=270837
    rdar://124079735

    Reviewed by Eric Carlson.

    The HTMLMediaElement would call MediaPlayer::prepareToPlay() on the first MediaPlayerPrivate
    created which may not be the one we end up using.
    The code assumed that as soon as a MediaPlayer was created, we could call prepareToPlay on
    it which in the case of the MediaPlayerPrivateAVFobjC would start loading the content.
    Since we enabled the WebM player, the assumption no longer applied, multiple players could
    be used until we find one that can play the content.
    If the GPU process was enabled, the behaviour was racy as the GPUP's MediaPlayer
    may not have been created yet.

    The site would set a HTMLMediaElement's source to a mp3 file, without using an explicit
    extension nor having the server provide the mime-type. As such, we have to try in
    succession all MediaPlayerPrivate until we can find one that can load the content.
    We cache the call to prepareToPlay() and re-issue it on all new MediaPlayerPrivate once
    created.

    Added test.

    * LayoutTests/http/tests/media/audio-load-loadeddata-expected.txt: Added.
    * LayoutTests/http/tests/media/audio-load-loadeddata.html: Added.
    * LayoutTests/platform/ios/TestExpectations: All media tests are disabled on iOS, force this one to run.
    * Source/WebCore/platform/graphics/MediaPlayer.cpp:
    (WebCore::MediaPlayer::loadWithNextMediaEngine):
    (WebCore::MediaPlayer::prepareToPlay):
    * Source/WebCore/platform/graphics/MediaPlayer.h:
    * Source/WebCore/platform/graphics/MediaPlayerPrivate.h:
    (WebCore::MediaPlayerPrivateInterface::prepareForPlayback):
    * Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp:
    (WebKit::RemoteMediaPlayerProxy::prepareForPlayback):
    * Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h:
    * Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.messages.in:
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
    (WebKit::MediaPlayerPrivateRemote::prepareForPlayback):
    * Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h:

    Canonical link: https://commits.webkit.org/275997@main

Canonical link: https://commits.webkit.org/272448.891@safari-7618-branch


  Commit: b53cc7cedea8d3f89d93eb66eb315b279c86c3a6
      https://github.com/WebKit/WebKit/commit/b53cc7cedea8d3f89d93eb66eb315b279c86c3a6
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/SystemPreviewControllerCocoa.mm

  Log Message:
  -----------
  Potential UAF in SystemPreviewController::begin
https://bugs.webkit.org/show_bug.cgi?id=272342
<radar://124988039>

Reviewed by Aditya Keerthi.

SystemPreviewController::begin was calling functions asychronously but
directly using both an Objective-C object and a C++ object without checking
to see if their lifetime's expired.

This code also used the name 'protectedThis' to refer to a raw C++ pointer
which seems a little confusing, so just drop the protectedThis and use this
directly after ensuring the object has not been destructed based on the result
of WeakPtr::get().

* Source/WebKit/UIProcess/Cocoa/SystemPreviewControllerCocoa.mm:

Canonical link: https://commits.webkit.org/272448.892@safari-7618-branch


  Commit: bdf0905ed610db4f851fdbb589c35f549e3c844b
      https://github.com/WebKit/WebKit/commit/bdf0905ed610db4f851fdbb589c35f549e3c844b
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.9

Canonical link: https://commits.webkit.org/272448.893@safari-7618-branch


  Commit: 71185889c4bb4e491ef8088f07463dc221aba38c
      https://github.com/WebKit/WebKit/commit/71185889c4bb4e491ef8088f07463dc221aba38c
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py

  Log Message:
  -----------
  Cherry-pick 276551 at main (4666c5a78b42). rdar://125203035

    [webkitscmpy] Fix commits(..., include_identifier=False)
    https://bugs.webkit.org/show_bug.cgi?id=271431
    rdar://125203035

    Reviewed by Aakash Jain.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:
    (Git.commits): Allow for an undefined identifier when include_identifier=False.

    Canonical link: https://commits.webkit.org/276551@main

Canonical link: https://commits.webkit.org/272448.894@safari-7618-branch


  Commit: 390b73a17eac8ac738b736e5c8895ccacf3021d8
      https://github.com/WebKit/WebKit/commit/390b73a17eac8ac738b736e5c8895ccacf3021d8
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py

  Log Message:
  -----------
  Cherry-pick 276572 at main (05e61ced8d3d). rdar://121450457

    [git-webkit] Automatically make merge-back tasks of umbrella radar (Follow-up)
    https://bugs.webkit.org/show_bug.cgi?id=267933
    rdar://121450457

    Unreviewed follow-up.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/clone.py:
    (Clone.main): Link is a property, not a function.

    Canonical link: https://commits.webkit.org/276572@main

Canonical link: https://commits.webkit.org/272448.895@safari-7618-branch


  Commit: 014de59d2b7a9e95ffa914aa3d6cfdd38d86701f
      https://github.com/WebKit/WebKit/commit/014de59d2b7a9e95ffa914aa3d6cfdd38d86701f
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py

  Log Message:
  -----------
  Cherry-pick 276575 at main (ccde402d5dbe). rdar://120013230

    [webkitbugspy] Implement ability to relate radars (Follow-up)
    rdar://120013230
    https://bugs.webkit.org/show_bug.cgi?id=266790

    Unreviewed follow-up fix.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py:
    (Tracker): Include 'clone' relationship.
    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:

    Canonical link: https://commits.webkit.org/276575@main

Canonical link: https://commits.webkit.org/272448.896@safari-7618-branch


  Commit: 54d88072a5ecfe0dda600017553c94fef58c30f6
      https://github.com/WebKit/WebKit/commit/54d88072a5ecfe0dda600017553c94fef58c30f6
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py

  Log Message:
  -----------
  Cherry-pick 276780 at main (664d22e6961c). rdar://111696020

    [webkitbugspy] Surpress login errors in unit tests
    https://bugs.webkit.org/show_bug.cgi?id=258817
    rdar://111696020

    Reviewed by Dewei Zhu.

    * Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:
    (TestRadar.test_encoding): Surpress loging errors.
    (TestRadar.test_decoding): Ditto.

    Canonical link: https://commits.webkit.org/276780@main

Canonical link: https://commits.webkit.org/272448.897@safari-7618-branch


  Commit: 07d29e82a7b0b8a3135338934e4157b19451c774
      https://github.com/WebKit/WebKit/commit/07d29e82a7b0b8a3135338934e4157b19451c774
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/ios/NetworkConnectionToWebProcessIOS.mm
    M Source/WebKit/Shared/ApplePay/WebPaymentCoordinatorProxy.h
    M Source/WebKit/Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm
    M Source/WebKit/Shared/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm
    M Source/WebKit/Shared/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
    M Source/WebKit/UIProcess/Network/NetworkProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxyInternals.h

  Log Message:
  -----------
  Cherry-pick 276712 at main (6e4f73ab3bd2). rdar://125267234

    [Apple Pay] PKPaymentRequest instances are vended generic user agent string on iOS
    https://bugs.webkit.org/show_bug.cgi?id=271503
    rdar://125267234

    Reviewed by Aditya Keerthi.

    WebPaymentCoordinatorProxy either lives in the UI process (macOS) or in
    the network process (iOS). In 270312 at main, we unconditionally consulted
    WebPageProxy::userAgent() when populating PKPaymentRequest instances
    with originating user agent strings. This approach is not valid for iOS
    because we would be trying to access a WebPageProxy (lives in the UI
    process) directly from an object that lives in the network process. As a
    result, we ended up supplying the fallback, generic UA strings on iOS.

    This patch addresses this bug by instead delegating the work of
    procuring a UA string to WebPaymentCoordinatorProxy::Client. On macOS,
    the client can simply query WebPageProxy::userAgent() since it lives in
    the UI process. On iOS, we add plumbing to be able to send an async
    message from the network process across the UI process connection asking
    for an appropriate UA string.

    * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
    * Source/WebKit/NetworkProcess/ios/NetworkConnectionToWebProcessIOS.mm:
    (WebKit::NetworkConnectionToWebProcess::getPaymentCoordinatorEmbeddingUserAgent):
    * Source/WebKit/Shared/ApplePay/WebPaymentCoordinatorProxy.h:
    * Source/WebKit/Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:
    (WebKit::WebPaymentCoordinatorProxy::platformSetPaymentRequestUserAgent):

    * Source/WebKit/Shared/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm:
    (WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):
    * Source/WebKit/Shared/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm:
    (WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):

    On both platforms, delegate work that needs to be performed with the
    payment authorization presenter to the completion handler executed by
    WebPaymentCoordinatorProxy::Client once it receives the user agent
    string. We do so because the payment authorization presenter must only
    be used after our PKPaymentRequest instance is fully fleshed out, which
    includes having had its userAgent property assigned correctly.

    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::Internals::getPaymentCoordinatorEmbeddingUserAgent):
    * Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
    * Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in:
    * Source/WebKit/UIProcess/Network/NetworkProcessProxyCocoa.mm:
    (WebKit::NetworkProcessProxy::getPaymentCoordinatorEmbeddingUserAgent):
    * Source/WebKit/UIProcess/WebPageProxyInternals.h:

    Canonical link: https://commits.webkit.org/276712@main

Canonical link: https://commits.webkit.org/272448.898@safari-7618-branch


  Commit: 48d5c62d7d15cdf09143188e121d9687db920b0c
      https://github.com/WebKit/WebKit/commit/48d5c62d7d15cdf09143188e121d9687db920b0c
  Author: Darryl Parkinson <d_parkinson at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Source/WebCore/editing/Editor.cpp
    M Source/WebCore/editing/Editor.h
    M Source/WebCore/editing/cocoa/EditorCocoa.mm
    M Source/WebCore/editing/ios/EditorIOS.mm
    M Source/WebCore/loader/EmptyClients.cpp
    M Source/WebCore/page/EditorClient.h
    M Source/WebCore/platform/Pasteboard.h
    M Source/WebCore/platform/PasteboardWriterData.h
    M Source/WebCore/platform/PromisedAttachmentInfo.h
    M Source/WebCore/platform/ios/PlatformPasteboardIOS.mm
    M Source/WebCore/platform/mac/PasteboardMac.mm
    M Source/WebCore/platform/mac/PasteboardWriter.mm
    M Source/WebKit/Shared/Pasteboard.serialization.in
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm
    M Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.h
    M Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.h
    M Source/WebKitLegacy/mac/WebCoreSupport/WebEditorClient.mm

  Log Message:
  -----------
  Change 2 related Vectors to use Vector Pair to prevent OOB.
rdar://122621756

Reviewed by Ryosuke Niwa, Alex Christensen and Brady Eidson

Changing two related Vectors to use a Vector pair which means they are always the same length, preventing an OOB on one of the vectors.
* Source/WebKit/Shared/Pasteboard.serialization.in:

Canonical link: https://commits.webkit.org/272448.899@safari-7618-branch


  Commit: 8678ac180923d6e38f3d796cdd7f35c8b3b19751
      https://github.com/WebKit/WebKit/commit/8678ac180923d6e38f3d796cdd7f35c8b3b19751
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/indexeddb/IDBValue.h
    M Source/WebCore/bindings/js/IDBBindingUtilities.h

  Log Message:
  -----------
  Cherry-pick 76dc1d42c421. rdar://125785355

    Make WebCore::IDBSerializationContext testable
    https://bugs.webkit.org/show_bug.cgi?id=272032
    <rdar://125785355>

    Reviewed by Sihui Liu.

    Original patch by Jesse Hertz.

    * Source/WebCore/Modules/indexeddb/IDBValue.h:
    (WebCore::IDBValue::IDBValue):
    * Source/WebCore/bindings/js/IDBBindingUtilities.h:
    (WebCore::deserializeIDBValueToJSValue):
    (WebCore::callOnIDBSerializationThreadAndWait):
    - Export methods to make the code testable.

    Canonical link: https://commits.webkit.org/277032@main

Canonical link: https://commits.webkit.org/272448.900@safari-7618-branch


  Commit: f35591cd46ef37abd549840dc30f01b3b0a2a2d1
      https://github.com/WebKit/WebKit/commit/f35591cd46ef37abd549840dc30f01b3b0a2a2d1
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Source/WTF/wtf/cocoa/Entitlements.h
    M Source/WTF/wtf/cocoa/Entitlements.mm
    M Source/WTF/wtf/spi/cocoa/SecuritySPI.h
    M Source/WebKit/Platform/Logging.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
    M Source/WebKit/UIProcess/PageClient.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/ios/PageClientImplIOS.h
    M Source/WebKit/UIProcess/ios/PageClientImplIOS.mm

  Log Message:
  -----------
  Apply patch. rdar://125788604

Canonical link: https://commits.webkit.org/272448.901@safari-7618-branch


  Commit: 907ee0e687ca40e105fa6f8c1a3ffdc397b65906
      https://github.com/WebKit/WebKit/commit/907ee0e687ca40e105fa6f8c1a3ffdc397b65906
  Author: Alex Atwater <alexandera_22 at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py

  Log Message:
  -----------
  Cherry-pick 277008 at main (a1f01fd352d0). rdar://125792901

    Github api should not assume the current user as the fork owner.
    https://bugs.webkit.org/show_bug.cgi?id=272054
    rdar://125792901 (Github api should not assume the current user as the fork owner)

    Reviewed by Jonathan Bedard.

    Canonical link: https://commits.webkit.org/277008@main

Canonical link: https://commits.webkit.org/272448.902@safari-7618-branch


  Commit: 84e6be5523eb608f5ad2abfbdbba3007c58d881c
      https://github.com/WebKit/WebKit/commit/84e6be5523eb608f5ad2abfbdbba3007c58d881c
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/scm.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/land.py
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/git_unittest.py

  Log Message:
  -----------
  Cherry-pick 277213 at main (3608a480f439). rdar://118901053

    [webkitscmpy] Optionally include commit message in diff
    https://bugs.webkit.org/show_bug.cgi?id=265481
    rdar://118901053

    Reviewed by Dewei Zhu.

    Programs generating diffs may want to include commit messages
    in patch format.

    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:
    (Git.diff): Return lines in a diff, use format-patch if caller
    requests commit message be included.
    (Git.diff_lines): Renamed 'diff'.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/scm.py:
    (Scm.diff): Added.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py:
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/land.py:
    (Land.main): Call 'diff' instead of 'diff_lines'
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/git_unittest.py:

    Canonical link: https://commits.webkit.org/277213@main

Canonical link: https://commits.webkit.org/272448.903@safari-7618-branch


  Commit: edea83a937968cde0b9c159907b3ddc17974681c
      https://github.com/WebKit/WebKit/commit/edea83a937968cde0b9c159907b3ddc17974681c
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-04-10 (Wed, 10 Apr 2024)

  Changed paths:
    A LayoutTests/svg/filters/filter-on-root-tile-boundary-expected.html
    A LayoutTests/svg/filters/filter-on-root-tile-boundary.html
    M Source/WebCore/platform/graphics/filters/FilterOperations.cpp
    M Source/WebCore/platform/graphics/filters/FilterOperations.h
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/svg/SVGRenderingContext.cpp

  Log Message:
  -----------
  Cherry-pick cb5290644a69. rdar://118938065

    REGRESSION(267236 at main): SVG may incorrectly be clipped when an SVGFilter is applied to its root
    https://bugs.webkit.org/show_bug.cgi?id=265465
    rdar://118938065

    Reviewed by Nikolas Zimmermann.

    Ensure the SVGFilter is applied only once to the RenderSVGRoot through the SVG
    rendering code.

    But use the RenderLayerFilters to repaint the referenced SVGFilter clients when
    its effects are changed.

    * LayoutTests/svg/filters/filter-on-root-tile-boundary-expected.html: Added.
    * LayoutTests/svg/filters/filter-on-root-tile-boundary.html: Added.
    * Source/WebCore/platform/graphics/filters/FilterOperations.cpp:
    (WebCore::FilterOperations::isReferenceFilter const):
    * Source/WebCore/platform/graphics/filters/FilterOperations.h:
    * Source/WebCore/rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::paintsWithFilters const):
    (WebCore::RenderLayer::calculateClipRects const):
    * Source/WebCore/rendering/svg/SVGRenderingContext.cpp:
    (WebCore::SVGRenderingContext::prepareToRenderSVGContent):

    Canonical link: https://commits.webkit.org/277325@main

Canonical link: https://commits.webkit.org/272448.904@safari-7618-branch


  Commit: 5e1f73f046fa90dcef1f3cffbb33a4ed6b96484c
      https://github.com/WebKit/WebKit/commit/5e1f73f046fa90dcef1f3cffbb33a4ed6b96484c
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-04-11 (Thu, 11 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h

  Log Message:
  -----------
  Unreviewed, reverting 614 at safari-7618-branch
https://bugs.webkit.org/show_bug.cgi?id=272569
rdar://126093014

Caused jetsams on gaming sites.

Reverted change:

    Use-after-free in WebCore::AudioBufferSourceNode::renderFromBuffer
    https://bugs.webkit.org/show_bug.cgi?id=270007
    rdar://123510096
    https://commits.webkit.org/614@safari-7618-branch

Canonical link: https://commits.webkit.org/272448.905@safari-7618-branch


  Commit: cb2f03208aa63909879ddccff0133332613724d5
      https://github.com/WebKit/WebKit/commit/cb2f03208aa63909879ddccff0133332613724d5
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-04-11 (Thu, 11 Apr 2024)

  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp

  Log Message:
  -----------
  Removing unbounded resize of Vector
https://bugs.webkit.org/show_bug.cgi?id=272491
rdar://126132559

Reviewed by Alex Christensen.

Resize the vector with an option to fallback to default value.
Test Case has been added to verify the fix.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readRTCCertificate):
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp: Added.
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/272448.906@safari-7618-branch


  Commit: e75016c236e57d90bd397fdf607edc0fba1dfc2f
      https://github.com/WebKit/WebKit/commit/e75016c236e57d90bd397fdf607edc0fba1dfc2f
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebCore/cssjit/SelectorCompiler.cpp
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/EventTarget.h
    M Source/WebCore/dom/Node.cpp
    M Source/WebCore/dom/Node.h
    M Source/WebCore/domjit/JSNodeDOMJIT.cpp

  Log Message:
  -----------
  Crash in Style::commitRelations
https://bugs.webkit.org/show_bug.cgi?id=272543

Reviewed by Antti Koivisto.

A partial revert of 272448.795 at safari-7618-branch. Use the EventTargetFlag that's available
instead of making m_previous CompactPointerTuple.

* Source/WebCore/cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateWalkToPreviousAdjacentElement):
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::~Element):
(WebCore::Element::identifier const):
* Source/WebCore/dom/EventTarget.h:
* Source/WebCore/dom/Node.cpp:
(WebCore::Node::~Node):
* Source/WebCore/dom/Node.h:
(WebCore::Node::previousSibling const):
(WebCore::Node::protectedPreviousSibling const):
(WebCore::Node::previousSiblingMemoryOffset):
(WebCore::Node::setPreviousSibling):
(WebCore::Node::previousSiblingPointerMask): Deleted.
(WebCore::Node::hasElementStateFlag const): Deleted.
(WebCore::Node::clearElementStateFlag const): Deleted.
(WebCore::Node::setElementStateFlag const): Deleted.
* Source/WebCore/domjit/JSNodeDOMJIT.cpp:
(WebCore::createCallDOMGetterForOffsetAccess):
(WebCore::compileNodePreviousSiblingAttribute):

Canonical link: https://commits.webkit.org/272448.907@safari-7618-branch


  Commit: 9a9141f61295e2fd367bc83cc5f7839a8f1d6162
      https://github.com/WebKit/WebKit/commit/9a9141f61295e2fd367bc83cc5f7839a8f1d6162
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/ThirdParty/ANGLE/.gitignore
    M Source/ThirdParty/ANGLE/.gitmodules
    M Source/ThirdParty/ANGLE/.gn
    M Source/ThirdParty/ANGLE/ANGLE.plist
    M Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj
    M Source/ThirdParty/ANGLE/BUILD.gn
    M Source/ThirdParty/ANGLE/CONTRIBUTORS
    M Source/ThirdParty/ANGLE/Compiler.cmake
    M Source/ThirdParty/ANGLE/DEPS
    M Source/ThirdParty/ANGLE/GLESv2.cmake
    M Source/ThirdParty/ANGLE/WebKit/ANGLEShaderProgramVersion.h
    M Source/ThirdParty/ANGLE/WebKit/angle_commit.h
    M Source/ThirdParty/ANGLE/build_overrides/angle.gni
    M Source/ThirdParty/ANGLE/build_overrides/clspv.gni
    A Source/ThirdParty/ANGLE/build_overrides/dawn.gni
    M Source/ThirdParty/ANGLE/build_overrides/glslang.gni
    A Source/ThirdParty/ANGLE/build_overrides/tint.gni
    M Source/ThirdParty/ANGLE/changes.diff
    M Source/ThirdParty/ANGLE/doc/DevSetup.md
    M Source/ThirdParty/ANGLE/doc/ExtensionSupport.md
    R Source/ThirdParty/ANGLE/extensions/ANGLE_timer_query.txt
    A Source/ThirdParty/ANGLE/extensions/EGL_ANGLE_global_fence_sync.txt
    M Source/ThirdParty/ANGLE/extensions/EGL_ANGLE_metal_texture_client_buffer.txt
    A Source/ThirdParty/ANGLE/extensions/EGL_ANGLE_platform_angle_webgpu.txt
    M Source/ThirdParty/ANGLE/gni/angle.gni
    M Source/ThirdParty/ANGLE/include/CL/cl.h
    M Source/ThirdParty/ANGLE/include/CL/cl_d3d10.h
    M Source/ThirdParty/ANGLE/include/CL/cl_d3d11.h
    M Source/ThirdParty/ANGLE/include/CL/cl_dx9_media_sharing.h
    M Source/ThirdParty/ANGLE/include/CL/cl_egl.h
    M Source/ThirdParty/ANGLE/include/CL/cl_ext.h
    A Source/ThirdParty/ANGLE/include/CL/cl_function_types.h
    M Source/ThirdParty/ANGLE/include/CL/cl_gl.h
    M Source/ThirdParty/ANGLE/include/CL/cl_gl_ext.h
    M Source/ThirdParty/ANGLE/include/CL/cl_icd.h
    M Source/ThirdParty/ANGLE/include/CL/cl_layer.h
    M Source/ThirdParty/ANGLE/include/CL/cl_platform.h
    M Source/ThirdParty/ANGLE/include/CL/cl_va_api_media_sharing_intel.h
    M Source/ThirdParty/ANGLE/include/EGL/eglext_angle.h
    M Source/ThirdParty/ANGLE/include/GLSLANG/ShaderLang.h
    M Source/ThirdParty/ANGLE/include/platform/autogen/FeaturesGL_autogen.h
    M Source/ThirdParty/ANGLE/include/platform/autogen/FeaturesMtl_autogen.h
    M Source/ThirdParty/ANGLE/include/platform/autogen/FeaturesVk_autogen.h
    M Source/ThirdParty/ANGLE/include/platform/gl_features.json
    M Source/ThirdParty/ANGLE/include/platform/mtl_features.json
    M Source/ThirdParty/ANGLE/include/platform/vk_features.json
    M Source/ThirdParty/ANGLE/infra/config/generated/cr-buildbucket.cfg
    M Source/ThirdParty/ANGLE/infra/config/generated/luci-milo.cfg
    M Source/ThirdParty/ANGLE/infra/config/generated/luci-scheduler.cfg
    M Source/ThirdParty/ANGLE/infra/config/generated/project.cfg
    M Source/ThirdParty/ANGLE/infra/config/main.star
    M Source/ThirdParty/ANGLE/infra/specs/angle.json
    M Source/ThirdParty/ANGLE/infra/specs/angle_mb_config.pyl
    M Source/ThirdParty/ANGLE/infra/specs/generate_test_spec_json.py
    M Source/ThirdParty/ANGLE/infra/specs/mixins.pyl
    M Source/ThirdParty/ANGLE/infra/specs/test_suites.pyl
    M Source/ThirdParty/ANGLE/infra/specs/waterfalls.pyl
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/Extension_files.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/GL_CTS_(dEQP)_build_files.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/GL_EGL_WGL_loader.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/GL_EGL_entry_points.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/GL_copy_conversion_table.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/GLenum_value_to_string_map.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/Vulkan_mandatory_format_support_table.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/interpreter_utils.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/proc_table.json
    M Source/ThirdParty/ANGLE/scripts/code_generation_hashes/restricted_traces.json
    M Source/ThirdParty/ANGLE/scripts/egl_angle_ext.xml
    M Source/ThirdParty/ANGLE/scripts/entry_point_packed_gl_enums.json
    M Source/ThirdParty/ANGLE/scripts/export_targets.py
    M Source/ThirdParty/ANGLE/scripts/generate_android_bp.py
    M Source/ThirdParty/ANGLE/scripts/generate_entry_points.py
    M Source/ThirdParty/ANGLE/scripts/gl_angle_ext.xml
    M Source/ThirdParty/ANGLE/scripts/process_angle_perf_results.py
    M Source/ThirdParty/ANGLE/scripts/registry_xml.py
    M Source/ThirdParty/ANGLE/scripts/roll_aosp.sh
    A Source/ThirdParty/ANGLE/scripts/winappsdk_setup.py
    M Source/ThirdParty/ANGLE/src/android_system_settings/README.md
    M Source/ThirdParty/ANGLE/src/android_system_settings/assets/a4a_rules.json
    M Source/ThirdParty/ANGLE/src/android_system_settings/src/com/android/angle/common/AngleRuleHelper.java
    M Source/ThirdParty/ANGLE/src/android_system_settings/src/com/android/angle/common/GlobalSettings.java
    M Source/ThirdParty/ANGLE/src/android_system_settings/src/com/android/angle/common/MainFragment.java
    M Source/ThirdParty/ANGLE/src/android_system_settings/src/com/android/angle/common/Receiver.java
    M Source/ThirdParty/ANGLE/src/android_system_settings/src/com/android/angle/common/SearchProvider.java
    M Source/ThirdParty/ANGLE/src/commit_id.py
    M Source/ThirdParty/ANGLE/src/common/CompiledShaderState.cpp
    M Source/ThirdParty/ANGLE/src/common/CompiledShaderState.h
    M Source/ThirdParty/ANGLE/src/common/PoolAlloc.cpp
    M Source/ThirdParty/ANGLE/src/common/apple_platform_utils.h
    M Source/ThirdParty/ANGLE/src/common/apple_platform_utils.mm
    M Source/ThirdParty/ANGLE/src/common/base/anglebase/sys_byteorder.h
    M Source/ThirdParty/ANGLE/src/common/bitset_utils.h
    M Source/ThirdParty/ANGLE/src/common/bitset_utils_unittest.cpp
    M Source/ThirdParty/ANGLE/src/common/entry_points_enum_autogen.cpp
    M Source/ThirdParty/ANGLE/src/common/entry_points_enum_autogen.h
    M Source/ThirdParty/ANGLE/src/common/frame_capture_utils.cpp
    M Source/ThirdParty/ANGLE/src/common/frame_capture_utils.h
    M Source/ThirdParty/ANGLE/src/common/gl_enum_utils_autogen.cpp
    M Source/ThirdParty/ANGLE/src/common/gl_enum_utils_autogen.h
    M Source/ThirdParty/ANGLE/src/common/matrix_utils.cpp
    M Source/ThirdParty/ANGLE/src/common/platform.h
    M Source/ThirdParty/ANGLE/src/common/utilities.h
    M Source/ThirdParty/ANGLE/src/common/utilities_unittest.cpp
    M Source/ThirdParty/ANGLE/src/common/vector_utils.h
    M Source/ThirdParty/ANGLE/src/common/vulkan/vk_headers.h
    M Source/ThirdParty/ANGLE/src/compiler.gni
    M Source/ThirdParty/ANGLE/src/compiler/preprocessor/MacroExpander.cpp
    M Source/ThirdParty/ANGLE/src/compiler/preprocessor/MacroExpander.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/BaseTypes.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/Compiler.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/Compiler.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/ImmutableString.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/ImmutableStringBuilder.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ImmutableStringBuilder.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/IntermNode.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/IntermNode.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/OutputTree.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ParseContext.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ParseContext.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/ShaderLang.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ValidateAST.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ValidateClipCullDistance.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/ValidateLimitations.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/glsl/TranslatorESSL.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/hlsl/OutputHLSL.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/AstHelpers.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/AstHelpers.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/IntermRebuild.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/ModifyStruct.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/ProgramPrelude.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/RewritePipelines.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/ToposortStructs.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/spirv/OutputSPIRV.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/spirv/TranslatorSPIRV.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/spirv/TranslatorSPIRV.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/MonomorphizeUnsupportedFunctions.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/RemoveUnreferencedVariables.cpp
    A Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/SeparateStructFromFunctionDeclarations.cpp
    A Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/SeparateStructFromFunctionDeclarations.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/SimplifyLoopConditions.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/glsl/apple/RewriteDoWhile.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/hlsl/AggregateAssignArraysInSSBOs.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/msl/ReduceInterfaceBlocks.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/msl/SeparateCompoundStructDeclarations.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/spirv/EmulateAdvancedBlendEquations.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/spirv/EmulateAdvancedBlendEquations.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/spirv/EmulateFramebufferFetch.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_ops/spirv/EmulateFramebufferFetch.h
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_util/IntermNode_util.cpp
    M Source/ThirdParty/ANGLE/src/compiler/translator/tree_util/IntermNode_util.h
    M Source/ThirdParty/ANGLE/src/gpu_info_util/SystemInfo.cpp
    M Source/ThirdParty/ANGLE/src/gpu_info_util/SystemInfo.h
    M Source/ThirdParty/ANGLE/src/gpu_info_util/SystemInfo_internal.h
    M Source/ThirdParty/ANGLE/src/gpu_info_util/SystemInfo_macos.mm
    M Source/ThirdParty/ANGLE/src/gpu_info_util/SystemInfo_unittest.cpp
    M Source/ThirdParty/ANGLE/src/image_util/loadimage.inc
    M Source/ThirdParty/ANGLE/src/libANGLE/BlobCache.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/BlobCache.h
    M Source/ThirdParty/ANGLE/src/libANGLE/BlobCache_unittest.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Buffer.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Buffer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/CLCommandQueue.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/CLCommandQueue.h
    M Source/ThirdParty/ANGLE/src/libANGLE/CLImage.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/CLImage.h
    M Source/ThirdParty/ANGLE/src/libANGLE/CLObject.h
    M Source/ThirdParty/ANGLE/src/libANGLE/CLPlatform.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/CLPlatform.h
    M Source/ThirdParty/ANGLE/src/libANGLE/CLProgram.h
    R Source/ThirdParty/ANGLE/src/libANGLE/CLtypes.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Caps.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Caps.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Constants.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Context.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Context.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Context.inl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Context_gles_ext_autogen.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Display.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Display.h
    M Source/ThirdParty/ANGLE/src/libANGLE/EGLSync.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/ErrorStrings.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Framebuffer.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Framebuffer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/FramebufferAttachment.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Image.h
    M Source/ThirdParty/ANGLE/src/libANGLE/MemoryProgramCache.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/MemoryProgramCache.h
    M Source/ThirdParty/ANGLE/src/libANGLE/MemoryShaderCache.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/MemoryShaderCache.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Observer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/PixelLocalStorage.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Program.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Program.h
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramExecutable.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramExecutable.h
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramLinkedResources.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramLinkedResources.h
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramPipeline.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/ProgramPipeline.h
    M Source/ThirdParty/ANGLE/src/libANGLE/RefCountObject.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Shader.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/State.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/State.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Surface.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Surface.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Texture.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Texture.h
    M Source/ThirdParty/ANGLE/src/libANGLE/Uniform.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/Uniform.h
    M Source/ThirdParty/ANGLE/src/libANGLE/angletypes.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/angletypes.h
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/FrameCapture.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/FrameCapture.h
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/capture_gles_ext_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/capture_gles_ext_autogen.h
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/capture_gles_ext_params.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/capture/serialize.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/cl_types.h
    M Source/ThirdParty/ANGLE/src/libANGLE/cl_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/es3_copy_conversion_formats.json
    M Source/ThirdParty/ANGLE/src/libANGLE/es3_copy_conversion_table_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/gles_extensions_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/gles_extensions_autogen.h
    M Source/ThirdParty/ANGLE/src/libANGLE/queryconversions.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/queryconversions.h
    M Source/ThirdParty/ANGLE/src/libANGLE/queryutils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLCommandQueueImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLEventImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLExtensions.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLKernelImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLMemoryImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLSamplerImpl.h
    R Source/ThirdParty/ANGLE/src/libANGLE/renderer/CLtypes.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/ContextImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/DisplayImpl.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/DisplayImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/ProgramImpl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/cl/CLCommandQueueCL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/cl/CLCommandQueueCL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/cl/cl_types.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/cl/cl_util.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/cl_types.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/BUILD.gn
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/ProgramD3D.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/ProgramD3D.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/TextureD3D.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/TextureStorage.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Context11.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Context11.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Program11.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Program11.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/Renderer11.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/StateManager11.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/TextureStorage11.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/TextureStorage11.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/CoreWindowNativeWindow.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/InspectableNativeWindow.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/InspectableNativeWindow.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/NativeWindow11WinRT.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/SwapChainPanelNativeWindow.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d11/winrt/SwapChainPanelNativeWindow.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d9/Context9.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d9/Context9.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d9/Renderer9.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d9/TextureStorage9.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/d3d/d3d9/TextureStorage9.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/driver_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/driver_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/BUILD.gn
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/BlitGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/BlitGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/BufferGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/BufferGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ContextGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ContextGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/FramebufferGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ProgramExecutableGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ProgramExecutableGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ProgramGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/ProgramGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/RendererGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/StateManagerGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/egl/FunctionsEGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/egl/FunctionsEGL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/gl_backend.gni
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/DisplayGLX.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/DisplayGLX.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/DisplayGLX_api.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/PbufferSurfaceGLX.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/PixmapSurfaceGLX.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/glx/WindowSurfaceGLX.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/renderergl_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/DisplayMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ImageMtl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ImageMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramExecutableMtl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramExecutableMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ShaderMtl.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_command_buffer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_command_buffer.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_common.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_library_cache.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_msl_utils.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_resources.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_utils.mm
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/null/ContextNULL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/null/ContextNULL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/null/ProgramNULL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/null/ProgramNULL.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/renderer_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/renderer_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/AllocatorHelperPool.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/BUILD.gn
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/BufferVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLCommandQueueVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLCommandQueueVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLContextVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLContextVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLDeviceVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLDeviceVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLKernelVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLPlatformVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLPlatformVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLProgramVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CLProgramVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/CommandProcessor.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ContextVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ContextVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/DisplayVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/DisplayVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/FenceNVVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/FramebufferVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/FramebufferVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/MemoryObjectVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ProgramExecutableVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ProgramExecutableVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ProgramVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ProgramVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/RenderbufferVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/RendererVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/RendererVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SecondaryCommandBuffer.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SecondaryCommandBuffer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SemaphoreVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ShaderVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ShareGroupVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/ShareGroupVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SurfaceVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SurfaceVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SyncVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/SyncVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/TextureVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/UtilsVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/VertexArrayVk.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/VertexArrayVk.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/VulkanSecondaryCommandBuffer.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/android/DisplayVkAndroid.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/android/HardwareBufferImageSiblingVkAndroid.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/android/vk_android_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/android/vk_android_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/cl_types.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/DisplayVkOffscreen.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/DisplayVkOffscreen.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/DmaBufImageSiblingVkLinux.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/gbm/DisplayVkGbm.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/gbm/DisplayVkGbm.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/wayland/DisplayVkWayland.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/wayland/DisplayVkWayland.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/xcb/DisplayVkXcb.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/linux/xcb/DisplayVkXcb.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/null/DisplayVkNull.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/null/DisplayVkNull.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/spv_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_cache_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_cache_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_caps_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_format_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_format_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_helpers.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_helpers.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_utils.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_utils.h
    M Source/ThirdParty/ANGLE/src/libANGLE/renderer/vulkan/vk_wrapper.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/BUILD.gn
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/BufferWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/BufferWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/CompilerWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/CompilerWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ContextWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ContextWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/DeviceWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/DeviceWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/DisplayWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/DisplayWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/DisplayWgpu_api.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/FenceNVWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/FenceNVWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/FramebufferWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/FramebufferWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ImageWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ImageWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramExecutableWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramExecutableWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramPipelineWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramPipelineWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ProgramWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/QueryWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/QueryWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/RenderbufferWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/RenderbufferWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SamplerWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SamplerWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ShaderWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/ShaderWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SurfaceWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SurfaceWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SyncWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/SyncWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/TextureWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/TextureWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/TransformFeedbackWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/TransformFeedbackWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/VertexArrayWgpu.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/VertexArrayWgpu.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/wgpu_helpers.cpp
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/wgpu_helpers.h
    A Source/ThirdParty/ANGLE/src/libANGLE/renderer/wgpu/wgpu_sources.gni
    M Source/ThirdParty/ANGLE/src/libANGLE/validationCL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationEGL.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationES.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationES2.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationES3.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationESEXT.cpp
    M Source/ThirdParty/ANGLE/src/libANGLE/validationESEXT_autogen.h
    M Source/ThirdParty/ANGLE/src/libGLESv2.gni
    M Source/ThirdParty/ANGLE/src/libGLESv2/cl_stubs.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/cl_stubs_autogen.h
    M Source/ThirdParty/ANGLE/src/libGLESv2/egl_ext_stubs.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/entry_points_gles_ext_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/entry_points_gles_ext_autogen.h
    M Source/ThirdParty/ANGLE/src/libGLESv2/libGLESv2_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/libGLESv2_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/libGLESv2_no_capture_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/libGLESv2_vulkan_secondaries_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/libGLESv2_with_capture_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/opengl32_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/opengl32_with_wgl_autogen.def
    M Source/ThirdParty/ANGLE/src/libGLESv2/proc_table_egl_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/proc_table_glx_autogen.cpp
    M Source/ThirdParty/ANGLE/src/libGLESv2/proc_table_wgl_autogen.cpp
    M Source/ThirdParty/ANGLE/src/tests/BUILD.gn
    M Source/ThirdParty/ANGLE/src/tests/angle_android_test_runner.py
    M Source/ThirdParty/ANGLE/src/tests/angle_end2end_tests.gni
    M Source/ThirdParty/ANGLE/src/tests/angle_end2end_tests_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/angle_traces.gni
    M Source/ThirdParty/ANGLE/src/tests/angle_unittests.gni
    M Source/ThirdParty/ANGLE/src/tests/capture_replay_tests.py
    M Source/ThirdParty/ANGLE/src/tests/capture_replay_tests/capture_replay_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/compiler_tests/ImmutableString_test.cpp
    M Source/ThirdParty/ANGLE/src/tests/compiler_tests/MSLOutput_test.cpp
    A Source/ThirdParty/ANGLE/src/tests/compiler_tests/Parse_test.cpp
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/README.md
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/angle_deqp_gtest.cpp
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/angle_deqp_libtester_main.cpp
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_egl_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_gles2_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_gles31_multisample_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_gles31_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_gles3_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_khr_gles2_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_khr_gles31_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_khr_gles32_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/deqp_support/deqp_khr_gles3_test_expectations.txt
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLBlobCacheTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLContextSharingTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLDisplayTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLPreRotationTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLPrintEGLinfoTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLSurfaceTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLSurfacelessContextTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLSyncTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/egl_tests/EGLX11VisualTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ClearTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ClipDistanceTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ComputeShaderTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/CopyTexImageTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/CopyTextureTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/D3DTextureTest.cpp
    A Source/ThirdParty/ANGLE/src/tests/gl_tests/DrawElementsIndirectTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/FormatPrintTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/FramebufferFetchTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/FramebufferTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ImageTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ImageTestMetal.mm
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/MipmapTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/MultisampledRenderToTextureTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/MultithreadingTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/OcclusionQueriesTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/PbufferTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/PixelLocalStorageTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ProgramBinaryTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/RendererTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/ShaderAlgorithmTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/StateChangeTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/TextureTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/TransformFeedbackTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VertexAttributeTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VulkanExternalImageTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VulkanFormatTablesTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VulkanFramebufferTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VulkanPerformanceCounterTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/VulkanUniformUpdatesTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/WebGLCompatibilityTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/gl_tests/gles1/MatrixBuiltinsTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/perf_tests/ANGLEPerfTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/perf_tests/ParallelLinkProgramPerfTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/perf_tests/TextureUploadPerf.cpp
    M Source/ThirdParty/ANGLE/src/tests/perf_tests/TracePerfTest.cpp
    A Source/ThirdParty/ANGLE/src/tests/perf_tests/media/etc2bc_rgba8.inc
    M Source/ThirdParty/ANGLE/src/tests/preprocessor_tests/define_test.cpp
    M Source/ThirdParty/ANGLE/src/tests/py_utils/android_helper.py
    M Source/ThirdParty/ANGLE/src/tests/restricted_traces/README.md
    M Source/ThirdParty/ANGLE/src/tests/restricted_traces/gen_restricted_traces.py
    M Source/ThirdParty/ANGLE/src/tests/restricted_traces/restricted_trace_perf.py
    M Source/ThirdParty/ANGLE/src/tests/restricted_traces/restricted_traces.json
    M Source/ThirdParty/ANGLE/src/tests/test_expectations/GPUTestConfig.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_expectations/GPUTestConfig.h
    M Source/ThirdParty/ANGLE/src/tests/test_expectations/GPUTestExpectationsParser.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_expectations/GPUTestExpectationsTest.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_utils/ANGLETest.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_utils/angle_test_configs.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_utils/angle_test_configs.h
    M Source/ThirdParty/ANGLE/src/tests/test_utils/angle_test_instantiate.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_utils/angle_test_instantiate.h
    M Source/ThirdParty/ANGLE/src/tests/test_utils/runner/TestSuite.cpp
    M Source/ThirdParty/ANGLE/src/tests/test_utils/runner/android/java/AndroidManifest.xml.jinja2
    M Source/ThirdParty/ANGLE/third_party/clspv/BUILD.gn
    M Source/ThirdParty/ANGLE/third_party/clspv/gn/README.md
    M Source/ThirdParty/ANGLE/third_party/clspv/gn/llvm/config/BUILD.gn
    M Source/ThirdParty/ANGLE/third_party/clspv/gn/llvm/sources/BUILD.gn
    M Source/ThirdParty/ANGLE/third_party/clspv/gn/triples.gni
    M Source/ThirdParty/ANGLE/third_party/libpng/BUILD.gn
    M Source/ThirdParty/ANGLE/tools/flex-bison/third_party/m4sugar/README.chromium
    M Source/ThirdParty/ANGLE/tools/flex-bison/third_party/skeletons/README.chromium
    M Source/ThirdParty/ANGLE/tools/ubsan/ignorelist.txt
    M Source/ThirdParty/ANGLE/util/autogen/angle_features_autogen.cpp
    M Source/ThirdParty/ANGLE/util/autogen/angle_features_autogen.h
    M Source/ThirdParty/ANGLE/util/capture/frame_capture_replay_autogen.cpp
    M Source/ThirdParty/ANGLE/util/capture/frame_capture_test_utils.cpp
    M Source/ThirdParty/ANGLE/util/capture/trace_fixture.cpp
    M Source/ThirdParty/ANGLE/util/capture/trace_fixture.h
    M Source/ThirdParty/ANGLE/util/capture/trace_gles_loader_autogen.cpp
    M Source/ThirdParty/ANGLE/util/capture/trace_gles_loader_autogen.h
    M Source/ThirdParty/ANGLE/util/capture/trace_interpreter_autogen.cpp
    M Source/ThirdParty/ANGLE/util/gles_loader_autogen.cpp
    M Source/ThirdParty/ANGLE/util/gles_loader_autogen.h
    M Source/ThirdParty/ANGLE/util/linux/LinuxWindow.cpp
    M Source/ThirdParty/ANGLE/util/linux/x11/X11Window.cpp
    M Source/ThirdParty/ANGLE/util/linux/x11/X11Window.h

  Log Message:
  -----------
  Update ANGLE to 2024-03-10 (f16eea308ae114f363d854d69f4a3020e4e404f5)
rdar://126143832

Reviewed by Antti Koivisto

Contains upstream commits:
git log --oneline eb77635a5d3f45228513faf2752c1ab422114312..f16eea308ae114f363d854d69f4a3020e4e404f5 --pretty=%h %s
f16eea308a Vulkan: Enable QCOM foveated rendering extensions
e904e37ba3 Vulkan: Enable imageless framebuffer on Samsung drivers
11a2d27f32 Check array index against unsigned array size
26da3174dd Make 2024-03-05 changes compile with clang 15 pt.2
90ae6cbe39 Avoid assert at main prototype when monomorphizing
0f110098cc Avoid assert with multiple memory qualifiers
c55c8ad21c extension XML cleanup
6ba49977d8 CL: Update OpenCL Headers
1452c19542 Android: Add Qualcomm Mobile Reference Device support
a40eeaa9e0 Roll Chromium from 15a5ccdeffb7 to 93f3c55ed974 (614 revisions)
ecaefce00c Vulkan: Disable optimizeWithLoadOp if there is unresolve
4667201495 Vulkan: Add test for midRenderPass clear for MSRTT
aba3705ba7 Vulkan: Completely remove egl::Display from RendererVk
7e065b6f4d Fix SRV and RTV confliction
74af31adca GL: Add ClearsWithGapsNeedFlush workaround
4a5b9307be android_helper: support angle_deqp_egl_tests
49abf72f61 Roll vulkan-deps from 9cd617cb0454 to 3b14ca63bd7b (6 revisions)
dcc79a2764 Roll Chromium from 632158ced47e to 15a5ccdeffb7 (1166 revisions)
91ddf851c4 Vulkan: support QCOM foveated rendering extensions
39f29f65c4 Ensure unary math op parse to an node on error
c71de8688c Add workaround for ext dynamic state on Win/Intel
4e9fbb36f2 Metal: Remove AccessField(.., ImmutableString)
e38cf95a58 Metal: Release prov. vertex buffers on event set
51702d791d Make 2024-03-05 changes compile with clang 15
d76505b8c3 Manual roll vulkan-deps from 12f9cddb3ff7 to 9cd617cb0454 (42 revisions)
b2773c110f Vulkan: Bug fix in immutable sampler pipeline layout recreation
3c08d69612 CL: Add DEVICE_NOT_FOUND case for context creation
f044aaf821 Vulkan: Create instance/device without access to Display
47cd0529f1 Fix assert invoking #line during macro invocation
27423bffff Metal: Generate names for rewritten inputs
2ad7b23b13 Add a missing #include.
545e3f6e11 Vulkan: Decouple RendererVk from egl::BlobCache
95294b2468 Android: Add Galaxy S22 support (Xclipse)
5678ad09aa Roll Chromium from 43d81add625d to 632158ced47e (570 revisions)
0ad73958dc Deduplicate and fix ConstStrLen implementations
258b751f57 OpenCL/Vulkan: Fix processedOptions whitespace
b978974d98 Update frontend support for QCOM foveated extensions
3fa8d578ad Make appendDecimal use the last char of the buffer
39040b0b89 Vulkan: Decouple RendererVk from EGL attributes
4e6fe5e0db Vulkan: Cache ImageLoadContext in context
871a309c72 Fix layout(index=) parse assert on es 100 shaders
ec6d628863 egl: Add logic to select preferred display
799997d427 Roll Chromium from 40412b90c691 to 43d81add625d (324 revisions)
fc440afa62 Vulkan: Move DS builder class to Vk utils
f85b6970a9 OpenCL/Vulkan: Implement program get[Build]Info
0ed0de4f0b OpenCL/Vulkan: Add initial program build support
1c2d2417c9 Bugfix in CreateWithEGLConfig1010102Support test
f26c8d0874 Roll VK-GL-CTS from d023c17ac299 to 1918ab4d4806 (13 revisions)
21381f5e1c Roll Chromium from 6b34297e693d to 40412b90c691 (533 revisions)
2ee295b475 Vulkan: Add per-level image update tracker
1ceddbf697 OpenCL/Vulkan: Add createProgram routines
f7cd1c5606 Tests: Add Toca Life World trace
56a291e819 Rework external image capture
8142dde7f4 Tests: Add Pokemon Masters Ex trace
b45b350ade Add skip for Pokemon Masters Ex validation warning
69f5e9ca60 Roll vulkan-deps from f43c5512f6d7 to 12f9cddb3ff7 (6 revisions)
19e725e49c Roll Chromium from 579e74402476 to 6b34297e693d (578 revisions)
4d36224267 Vulkan: Remove call to angle::GetSystemInfo()
cdf6220c28 Reland "Vulkan: Feature addition for QCOM foveated rendering extensions"
a971e5b42e Account for zero vector axes in Mat4::Rotate(...)
434a5b0170 Fix #2 upload_results_to_perf_dashboard usage
057db6ef57 Add ANGLE experimental S22 build and test
f8dac42e95 Fix upload_results_to_perf_dashboard usage
dbbcf33eeb Roll vulkan-deps from 28960bf4a098 to f43c5512f6d7 (13 revisions)
d334a6f265 Roll Chromium from cc3c5664ec19 to 579e74402476 (619 revisions)
a627dd8976 Revert "Vulkan: Feature addition for QCOM foveated rendering extensions"
6eaaad7c60 Create ImageHelper.
75c8ef1c63 Update cached component type masks on attachment redefinitions
6f2daf0588 Context: Limit max vtx uniform vectors to 256 during capture
2fb425d284 Roll vulkan-deps from dd6c2371c85d to 28960bf4a098 (10 revisions)
b0215166ed Roll SwiftShader from 0f69b790c7a4 to bbe6452b420c (1 revision)
9100f2ec79 Roll Chromium from 16b5225bad88 to cc3c5664ec19 (580 revisions)
f0af4730d9 Vulkan: Catch misuse of AddToPNextChain
72cf9915f5 Vulkan: Feature addition for QCOM foveated rendering extensions
0afcac60ed Handle count = 0 in DrawElementsIndirect
3c517e457a Vulkan: Process ClearEmulatedChannels update first
38cc4cf099 Vulkan: Update flushStagedUpdate to use switchcase
58c20052bb Fix build error when git history not fully available
d354c4dca1 Roll VK-GL-CTS from d15e5faec700 to d023c17ac299 (1 revision)
425be99db6 Roll vulkan-deps from 602ab4120d74 to dd6c2371c85d (8 revisions)
1fe63fecab Roll SwiftShader from eb75201a4e03 to 0f69b790c7a4 (1 revision)
834ca37fa6 Roll Chromium from b54ff9b1d5ed to 16b5225bad88 (644 revisions)
acba61cb3e Fix Vulkan driver version for Win/Intel
c758dc03c4 GL: Adjust disableRenderSnorm condition
6a88437dc1 Roll VK-GL-CTS from cf5313984f57 to d15e5faec700 (1 revision)
db88630858 Roll VK-GL-CTS from c402aa4fc1f1 to cf5313984f57 (7 revisions)
bd1b918a5a Roll vulkan-deps from 004d9803b30c to 602ab4120d74 (6 revisions)
33a3395599 Roll Chromium from cc824ffe820c to b54ff9b1d5ed (616 revisions)
5a4bfd61fd Metal: Separate struct definition from function return
7f29c70360 Roll vulkan-deps from b040470c0fde to 004d9803b30c (5 revisions)
b06dbffd1c Roll Chromium from 5f0b8ba66cd4 to cc824ffe820c (635 revisions)
cd63c5d477 Fix build failures targetting iOS 17.4
8c503c1b05 Add skip for 07753 validation error in trace
bcf814fda5 Vulkan: Constrain the dependency on ContextVk in BufferHelper
f43b9f87cf Roll vulkan-deps from 5fa0abb9413b to b040470c0fde (5 revisions)
0f6386a82e Roll Chromium from 98827507560a to 5f0b8ba66cd4 (624 revisions)
f546983cc8 Add test and skip for 07753 validation error
8346addbd0 Contain X11 includes and free usage of common terms
1ee04579b4 Metal: Re-enable asm inejction into loops on MacOS 12+
21c0d31cd6 OpenCL: Only build clspv for Vk backend
b7bacdb746 GL: Generate mipmaps through draw calls on Pixel7/Pixel8.
2b1ef00ad5 Metal: Fix validation for anonymous struct arrays
19e21b1e0b OpenCL/Vulkan: Add initial support for cmdQueue
f4d5644c9f Instantiate dawn backend in angle_end2end_tests
b7d0a18bb1 Roll vulkan-deps from 13783d616289 to 5fa0abb9413b (10 revisions)
9f16b585cb Roll Chromium from 2905059a5737 to 98827507560a (299 revisions)
e17dd5a408 Roll vulkan-deps from 063ea20a64fc to 13783d616289 (25 revisions)
e3badd04cc Roll Chromium from 9d4a35b46e1e to 2905059a5737 (725 revisions)
e04b7c7392 Vulkan: Expand feature to enable sample usage for all AHBs
e08e82b6de CL: On kernel arg validation use right sizes
9d453e579e Fix ASSERT in non-global precise var decls
bde26cc4de Roll VK-GL-CTS from b9ec0d4bdf99 to c402aa4fc1f1 (13 revisions)
372876879b Android: support running angle_unittests via android_helper
a6616081f2 Add missing include
af56ca61bb OpenCL/Vulkan: Initial support for context
298abbc156 Roll Chromium from 29bec8631d2f to 9d4a35b46e1e (1220 revisions)
3ca8befb24 Vulkan: Handle multi-context apps in pipeline cache graphs
6607a2b98d Vulkan: Add support for VK_EXT_vertex_input_dynamic_state
bff0b1e43d Change enum value for webgpu to unused value.
6d4706bfb9 WGPU: Add a angle_dawn_dir build override.
aa244358af Reland "Vulkan: Get rid of X11 include in DisplayVkXcb.cpp"
6d589ff6a3 Trace perf: support custom thermal throttling for tests
ec2603d69f Fix build in absence of SSE support
b380ed1f98 Vulkan: Add EGL_ANGLE_global_fence_sync
40dfb3a8bd Fix length() translation for clip/cull distance arrays
d6ceac9159 Metal: Add support for binding slices to images
195c142d7e GLSL test for side effects in prune-able loop
e8a3493f80 Initialize DisplayWgpu
2cae27c296 Vulkan: Enable the doubleDepthBiasConstantFactor feature on NV
197beb4de8 Metal: Crash if for loop body is optimized away
dbc6bd9d4e Reland "Vulkan: Fix alignment issues with SecondaryCommandBuffer"
c673c83758 OpenCL/Vulkan: Initial support for platform/device
b8e56d5d6d Fix an assert when overwriting TexImage binding
243f8ad99f Revert "Vulkan: Fix alignment issues with SecondaryCommandBuffer"
7490ad4d79 Roll vulkan-deps from 2cedf06e4cdf to 063ea20a64fc (7 revisions)
d8340c15c7 Roll Chromium from b650d7fcd665 to 29bec8631d2f (631 revisions)
e53270c9ca Vulkan: Fix alignment issues with SecondaryCommandBuffer
e45b2fd89d Vulkan: Implement ANGLE_translated_shader_source
d9665098a3 Do not use hardcoded ".cr.so" extension for android component builds
9d344b5c82 Uniform block reference in constuctors crash
ebc151d514 Roll vulkan-deps from 4985acbd814d to 2cedf06e4cdf (12 revisions)
2cbf6613c1 Roll Chromium from 3009d13b1e1a to b650d7fcd665 (3044 revisions)
cb7d3cc206 Treat clip/cull distance built-ins as having side effects
e784b1ec82 Manual roll dawn
239e8caa44 Capture/Replay: Disallow concurrent ninja processes.
9fd5167e1f Roll vulkan-deps from 3834da2004ec to 4985acbd814d (77 revisions)
eaddd3baa5 Vulkan: use linear chroma filter for ycbcr by default
1d752a10a7 Roll Chromium from c1ca24b91ed5 to 3009d13b1e1a (567 revisions)
275e6f4fc5 D3D: Add multiplanar support to d3d11 glTexSubImage2D
e489dac03a Allow BGRA -> RGBA for glCopyTex[Sub]Image
5d9abeca4a Revert "Suppress VUID-VkGraphicsPipelineCreateInfo-dynamicRendering-06576"
56e5fa804b Mark bison deps as not shipped
58ccdab977 Roll VK-GL-CTS from b3344240e7fc to b9ec0d4bdf99 (8 revisions)
c3d06480e5 Add dawn to IGNORED_DIRECTORIES.
73fa1b08d0 Use -fno-define-target-os-macros for libpng
3ad163d091 Vulkan: Don't attach format features 2 version of AHB structure
475784f5a6 suppress VUID-VkPipelineVertexInputStateCreateInfo-pNext-pNext
c603a4f199 Don't perf warn about ETC1->ETC2 emulation as it is efficient
ef78e57015 Revert "Vulkan: disable warmUpPipelineCacheAtLink for Venus"
f431641a94 Revert "Vulkan: Get rid of X11 include in DisplayVkXcb.cpp"
ab71d75104 Fix an assert on multidim array constructors
8abbe2836b Vulkan: Get rid of X11 include in DisplayVkXcb.cpp
98d3f32722 Change python import conditions to match dawn's.
cf77126a7f Turn off ADC explicitly
e62bd70a6c Metal: Disable Metal on older Mac models with GPU family 1.
d05c9a5ee6 Frontend support for QCOM foveated extensions
11eb5eb7ac Traces: support checkout of individual traces
9d165231e1 Roll Chromium from 37f9e1b14cf7 to c1ca24b91ed5 (609 revisions)
5a0615588a Vulkan: Update dynamic buffer size policy
efd35e3dfe Roll VK-GL-CTS from 1aeae2d1d57e to b3344240e7fc (2 revisions)
39b9d94750 Suppress VUID-VkGraphicsPipelineCreateInfo-dynamicRendering-06576
f5f3304a2b Vulkan: Simplify handling of YUV filtering support
d5720c8653 Reland "Add third_party/perfetto"
c70c329e10 Vulkan: Fix texture copy vs pre-rotation
ffe758b16b Roll VK-GL-CTS from fe0d0f90469f to 1aeae2d1d57e (11 revisions)
82ba79ffea OpenCL: Update CLtypes.h to cl_types.h
0c3a6aa6dc Roll SwiftShader from d040a5bab638 to eb75201a4e03 (5 revisions)
a45a6c1d31 Roll Chromium from 861058c0b131 to 37f9e1b14cf7 (513 revisions)
f8c06f103a OpenCL: Add types to cl_mem origin and region
ecc35205ee Move uniform block dirty bits to State
ea1cea778c Roll Chromium from d3635c12e43a to 861058c0b131 (574 revisions)
1abfdc3732 Remove suppression of VVL error
6340ed68d9 Revert "Add third_party/perfetto"
157088ad5f Add EGL extension for WebGPU
a70b6f56fd Add support for WinUI3/Windows App SDK
0640f65195 USE GCE Credentials for Chrome Bot
be8d1c2467 Roll Chromium from 84709e977bd1 to d3635c12e43a (585 revisions)
0ada0b7f1f Test: Add Plague Inc. trace
b514d7733a Manual roll vulkan-deps from 97f44eb2b9df to 3834da2004ec (22 revisions)
dcffb53ec1 Revert "Clean up ANGLE on system build configuration."
9ca81c7e65 FrameCapture: Handle zero vertex count draws
98846aa8f9 Metal: Temporarily disable asm injection.
e849802953 Roll Chromium from 0fdef08dd9c7 to 84709e977bd1 (621 revisions)
ab4aed3fce Bugfix in PixelLocalStorageTest
5c2fc02b8d Vulkan: Bugfix in ImageFormat
349e75cc37 Suppress VUID-VkFramebufferAttachmentImageInfo-viewFormatCount-09536
0c4d644649 Rework uniform block <-> uniform buffer mapping
4b76bead8f Add third_party/perfetto
4a5abf6d06 Add Dawn checkout condition to .gitmodules
98e0266851 Clean up ANGLE on system build configuration.
c6d827e445 Disable the Context shared lock on Android for Chrome.
3fdf576a0c Vulkan: Workaround Nvidia driver bug with OpSelect
0ea24ef2eb Unsuppress passing tests
863d48627e Work around MSAN complaint with pool allocator - Part 2
3fe4252740 OpenCL: Fix input -> inputs for clspv_c_strings
351b85f222 Roll SwiftShader from 3bc9ccd923da to d040a5bab638 (1 revision)
9545bdbd7f Roll Chromium from 70e6bcc15839 to 0fdef08dd9c7 (58 revisions)
2f4f3dcfb8 Manual roll Chromium from 4d771baa2602 to 70e6bcc15839 (609 revisions)
9318a143b0 Add __asm__("") statements to loop bodies in MSL.
0beed7535d Work around MSAN complaint with pool allocator
6367f5415e Vulkan: supply YcbcrConversionDesc earlier
eaf15b354f Manual roll VK-GL-CTS from 03517cba39ae to fe0d0f90469f (2 revisions)
66517b0b02 Revert "Use ADC for GCE VM"
f405b99905 Make RefCountObject use atomics for the reference count
6c23a4230b Tests: skip one of dEQP texture_border_clamp tests on SwS
02aa605af8 Metal: Include only the <metal_stdlib> header
8034d09c11 Manual roll VK-GL-CTS from 0f6fd3de8110 to 03517cba39ae (14 revisions)
36013d998a Improve build for UWP/Windows 10
cbdbe3bd6e deqp: Unused test expectations do not cause failure, only log
5fb6cfa051 Roll vulkan-deps from 52f65da37e07 to 97f44eb2b9df (17 revisions)
f00263e282 Roll Chromium from 60c7e3d68ae8 to 4d771baa2602 (575 revisions)
e9bd169c05 Vulkan: Fix nullptr in Diagnostics
d0f5a66208 Bugfix in entry points for QCOM foveated extensions
d20c693a84 Android.bp: add empty lines as bpfmt wants
2dfbedee7d Use ADC for GCE VM
127dabe556 Android.bp: Move cflags repeated in each target to cc_defaults
6fcca069eb Add a note on why ANGLE is pinned to C++17
c7ed7da640 Roll vulkan-deps from a2b38a7bbea9 to 52f65da37e07 (8 revisions)
7d30cf9f69 Metal: Simplify sign function translation
52527b8fd1 Roll Chromium from 5bfb2faa963e to 60c7e3d68ae8 (652 revisions)
8e2678463d gn: Enable clspv build on angle_enable_cl
4761bd7c14 Manual roll vulkan-deps from 167fd9d49add to a2b38a7bbea9 (17 revisions)
ac71a59239 Vulkan: updates to pipeline cache graph dumping logic
2978450af1 Vulkan: add etc to bc transcoding perf test.
b007c74dcd GL: Separate dirty bits leading to glUniformBlockBinding
66de849281 GL: Fix UBO binding mapping change
886d0260cf Don't pull Dawn in chromium builds
5857e0d63b Metal: Adjust raster order groups AMD workaround condition
a76e279851 Suppress VUID-vkCmdEndDebugUtilsLabelEXT-commandBuffer-01912
2c8784c9ff Roll Chromium from 2e1050880b38 to 5bfb2faa963e (609 revisions)
600a1a80da Metal: Clamp vector element index references
1100cc5c72 Rename ShaderVariableBuffer
81a43bd703 Tests: skip TexelFetchLodOutOfBounds on SwS
3f56817745 Add third_party/dawn to .gitignore
4cda949b4b Trace tests: extend warmup to at least 1.5s
755372c87a Tests: skip UniformUsageCombinations test on SwS
f794c9c2bb Tests for out-of-bounds LOD in texelFetch
43ecc0312a Roll SwiftShader from 5ab5177fc72d to 3bc9ccd923da (1 revision)
9519348b86 Roll Chromium from 6d5cc7186844 to 2e1050880b38 (298 revisions)
341906d568 Vulkan: Never delay device and queue selection
2431d4dfc9 Metal: Skip array index clamp for constant values
6975fbdfba Manual roll Chromium from 32cda1ad29f0 to 6d5cc7186844 (1322 revisions)
2ba5bb12ab android_helper: fix corner-case byte/string mismatch
c6fbf93dec Vulkan: Fix input attachments leaking into uniform list
317108d6ac Vulkan: Enable recordable bit for RGBA8 and RGB10_A2
f43db42ccf Enable LogGles32Capabilities test for vulkan backend
16a5e8f133 Revert "Prefer linear filtering for YUV for Pixel6+"
3217caa1b9 Roll SwiftShader from 328e794f0c8b to 5ab5177fc72d (1 revision)
e27af543b6 Roll vulkan-deps from c00c99b8e979 to 167fd9d49add (6 revisions)
151c157198 Vulkan: Clean up RGB8-to-RGBA8 ubyte function
fc742305e0 Metal: Simplify geometry functions translation
8a47d6b14f Roll VK-GL-CTS from 04d7f781e691 to 0f6fd3de8110 (15 revisions)
175514c64e Translator: Bundle metadata flags coming out of the translator
07e41ef0e0 Roll vulkan-deps from 9b8079729ca3 to c00c99b8e979 (2 revisions)
0da6522524 Prefer linear filtering for YUV for Pixel6+
291490e291 Manual roll Chromium from 84fab30ecd66 to 32cda1ad29f0 (2747 revisions)
dd936c2314 Android: Build angle libs with a shared copy of libz
f2c00e8c98 Adding Dawn stub backend to ANGLE
fad2adb209 Vulkan: Fix importing external object and using as storage image
f1150231f1 Track WebGL buffer type in gl::Buffer state.
40b6739712 Roll vulkan-deps from 5803e963cb95 to 9b8079729ca3 (7 revisions)
87fb3bf312 Roll SwiftShader from f4819d2276b7 to 328e794f0c8b (1 revision)
d093c3d3c2 Add entry points for QCOM foveated extensions
42d75c7e99 Metal: Fix raster order group AMD workaround
ed2a8ef865 Vulkan: Defer QFOT when acquiring texture with GL_NONE layout
05cd0b4c20 Tests: Add Asphalt 9 2024 trace
b00481fc58 Roll vulkan-deps from 41ee13a742db to 5803e963cb95 (7 revisions)
2e167e0922 Adding Dawn
3a33cbb029 Test for making context current before surface creation
91c981c503 Robust shader compile after shader binary is rejected
eedf3e9e9e Metal: Limit raster order groups workaround to affected GPUs
efeb6570af Suppress ParallelLinkProgramBenchmark.Run/gl_* on Linux
7bc0fa21d2 Roll vulkan-deps from b8c02f610c1d to 41ee13a742db (14 revisions)
572323ccbb Fix program link after backend rejects program binary
e9aa41f567 Trace/Replay: Add multi-context call grouping
3461be1ae8 Version check usages of getPackageInfo() and of()
7d9c1d5fb0 Add a test to check eglInitialize works in multithread
aa309a65e3 Roll VK-GL-CTS from 75a6a8315e20 to 04d7f781e691 (13 revisions)
250b2f681d Add imports for use_resource_processor: true
a06f5f892e Android: Apply rules to global settings on boot
99ca7f240b Android: Add ANGLE to rules so it is non-empty
28290eae4b Metal: Do not try to create buffers exceeding device limits
126d7b10bf Roll vulkan-deps from 124ff11a5e15 to b8c02f610c1d (6 revisions)

Canonical link: https://commits.webkit.org/272448.908@safari-7618-branch


  Commit: b50f1990af6e37c7cbfcfe39cb7e8b852a6a1688
      https://github.com/WebKit/WebKit/commit/b50f1990af6e37c7cbfcfe39cb7e8b852a6a1688
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    A LayoutTests/http/wpt/webcodecs/copyTo-same-decoder-expected.txt
    A LayoutTests/http/wpt/webcodecs/copyTo-same-decoder.html
    M Source/WebCore/platform/libwebrtc/LibWebRTCVPXVideoDecoder.cpp

  Log Message:
  -----------
  Race condition in LibWebRTCVPXInternalVideoDecoder::pixelBufferPool leading to memory corruption
rdar://125957410

Reviewed by Chris Dumez.

Add a lock to make sure creation of the pixel buffer happens correctly.

* LayoutTests/http/wpt/webcodecs/copyTo-same-decoder-expected.txt: Added.
* LayoutTests/http/wpt/webcodecs/copyTo-same-decoder.html: Added.
* Source/WebCore/platform/libwebrtc/LibWebRTCVPXVideoDecoder.cpp:
(WebCore::LibWebRTCVPXInternalVideoDecoder::createPixelBuffer):
(WebCore::LibWebRTCVPXInternalVideoDecoder::Decoded):

Canonical link: https://commits.webkit.org/272448.909@safari-7618-branch


  Commit: 0a1de0e6e65587351b2f463efaa42fcf3a1f7041
      https://github.com/WebKit/WebKit/commit/0a1de0e6e65587351b2f463efaa42fcf3a1f7041
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

  Log Message:
  -----------
  Cherry-pick 33a35fe4026c. rdar://126248892

    [Cocoa] WebProcessPool::notifyPreferencesChanged() may notify the network process several times
    https://bugs.webkit.org/show_bug.cgi?id=272493

    Reviewed by Ben Nham and Per Arne Vollan.

    WebProcessPool::notifyPreferencesChanged() may notify the network process
    several times for the same preference change.

    On Cocoa ports, the NetworkProcessProxy is a singleton object. As a result,
    iterating over each data store and notifying the data store's network process
    keep notifying the same network process.

    * Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
    (WebKit::WebProcessPool::notifyPreferencesChanged):

    Canonical link: https://commits.webkit.org/277348@main

Canonical link: https://commits.webkit.org/272448.910@safari-7618-branch


  Commit: 67b6542ceda5a6d0b0cffaac51fdbb91fcc49f5f
      https://github.com/WebKit/WebKit/commit/67b6542ceda5a6d0b0cffaac51fdbb91fcc49f5f
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/IPC/Connection.cpp
    M Source/WebKit/Platform/IPC/Connection.h
    M Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm

  Log Message:
  -----------
  Cherry-pick 4ef72e9956da. rdar://125523305

    Reduce IPC queue size from 1024 to 128
    https://bugs.webkit.org/show_bug.cgi?id=272487
    rdar://125523305

    Reviewed by Ben Nham.

    Reduce IPC queue size from 1024 to 128, to reduce memory usage. Once the queue
    size is reached, we wake up the process to give it a chance to process the
    queue. Also wake up processes at most once every 20s, instead of 30s.

    * Source/WebKit/Platform/IPC/Connection.cpp:

    Canonical link: https://commits.webkit.org/277383@main

Canonical link: https://commits.webkit.org/272448.911@safari-7618-branch


  Commit: 031936e88c82947ba70a0b754754ce6c2fef8117
      https://github.com/WebKit/WebKit/commit/031936e88c82947ba70a0b754754ce6c2fef8117
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.10

Canonical link: https://commits.webkit.org/272448.912@safari-7618-branch


  Commit: f25c7f41fcb4264fcc55f37faa030877df5e16b0
      https://github.com/WebKit/WebKit/commit/f25c7f41fcb4264fcc55f37faa030877df5e16b0
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/mac/WebViewImpl.h
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm

  Log Message:
  -----------
  Cherry-pick e2e4c3958516. rdar://125534586

    Potential crash related to WKWindowVisibilityObserver
    https://bugs.webkit.org/show_bug.cgi?id=272559

    Reviewed by Wenson Hsieh.

    Be sure to always stop observing the window when destroying WebViewImpl.

    * Source/WebKit/UIProcess/mac/WebViewImpl.h:
    * Source/WebKit/UIProcess/mac/WebViewImpl.mm:
    (WebKit::WebViewImpl::~WebViewImpl):
    (WebKit::WebViewImpl::viewWillMoveToWindowImpl):

    Canonical link: https://commits.webkit.org/277414@main

Canonical link: https://commits.webkit.org/272448.913@safari-7618-branch


  Commit: b235591a40dcb546744ebb1f6e6e8cee8567eb8a
      https://github.com/WebKit/WebKit/commit/b235591a40dcb546744ebb1f6e6e8cee8567eb8a
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/GPUProcess/GPUProcess.h
    M Source/WebKit/GPUProcess/GPUProcess.messages.in
    M Source/WebKit/GPUProcess/cocoa/GPUProcessCocoa.mm
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
    M Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
    M Source/WebKit/Shared/AuxiliaryProcess.h
    M Source/WebKit/Shared/AuxiliaryProcess.messages.in
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/PreferenceObserver.mm
    M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
    M Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp
    M Source/WebKit/WebProcess/WebProcess.h
    M Source/WebKit/WebProcess/WebProcess.messages.in
    M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

  Log Message:
  -----------
  Apply patch. rdar://126261957

	[Cocoa] WebProcessPool::notifyPreferencesChanged() may notify the Network / GPU process too many times https://bugs.webkit.org/show_bug.cgi?id=272503

	Reviewed by Per Arne Vollan.

	WebProcessPool::notifyPreferencesChanged() may notify the Network / GPU process too many times.
	The GPUProcess and the network process are singletons, therefore, we shouldn't notify them once
	per process pool.

	Also avoid duplicating the IPC for each AuxiliaryProcess subclass by moving the IPC to
	AuxiliaryProcess itself. This simplifies things a bit and will avoid duplicating code when
	I introduce a cache in a follow-up.

	* Source/WebKit/GPUProcess/GPUProcess.h:
	* Source/WebKit/GPUProcess/GPUProcess.messages.in:
	* Source/WebKit/ModelProcess/ModelProcess.h:
	* Source/WebKit/ModelProcess/ModelProcess.messages.in:
	* Source/WebKit/NetworkProcess/NetworkProcess.h:
	* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
	* Source/WebKit/Shared/AuxiliaryProcess.h:
	* Source/WebKit/Shared/AuxiliaryProcess.messages.in:
	* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
	* Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
	(WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged):
	* Source/WebKit/UIProcess/Cocoa/PreferenceObserver.mm:
	(-[WKPreferenceObserver preferenceDidChange:key:encodedValue:]):
	* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
	(WebKit::WebProcessPool::notifyPreferencesChanged):
	* Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm:
	* Source/WebKit/WebProcess/WebProcess.h:

	Canonical link: https://commits.webkit.org/277369@main

Canonical link: https://commits.webkit.org/272448.914@safari-7618-branch


  Commit: 78526b778148e4541eac4401160c7614d6c14091
      https://github.com/WebKit/WebKit/commit/78526b778148e4541eac4401160c7614d6c14091
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/Shared/AuxiliaryProcess.h
    M Source/WebKit/Shared/AuxiliaryProcess.messages.in
    M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/WebProcessProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://126350340

Canonical link: https://commits.webkit.org/272448.915@safari-7618-branch


  Commit: 3ef2f105930bb31750b381d82907679af7ed5c5b
      https://github.com/WebKit/WebKit/commit/3ef2f105930bb31750b381d82907679af7ed5c5b
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/mac/WebViewImpl.h
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm

  Log Message:
  -----------
  Revert "Cherry-pick e2e4c3958516. rdar://125534586"

This reverts commit f25c7f41fcb4264fcc55f37faa030877df5e16b0.

Canonical link: https://commits.webkit.org/272448.916@safari-7618-branch


  Commit: 1e58c9386ed9b5087d3ea1dc14d1eeeb02e9439b
      https://github.com/WebKit/WebKit/commit/1e58c9386ed9b5087d3ea1dc14d1eeeb02e9439b
  Author: David Degazio <d_degazio at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    A JSTests/wasm/stress/inlinee-may-have-exception-handlers.js
    A JSTests/wasm/stress/rethrow-should-set-callsite-index.js
    A JSTests/wasm/stress/throw-should-set-callsite-index.js
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h
    M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
    M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
    M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp

  Log Message:
  -----------
  [JSC] Inlined functions in OMG may have exception handlers
https://bugs.webkit.org/show_bug.cgi?id=272106
rdar://125181187

Reviewed by Justin Michaud and Yusuke Suzuki.

Primarily fixes a bug where any WebAssembly function inlined in OMG was
assumed to not have exception handlers. We now propagate a reference to
the Wasm::CalleeGroup from the OMGPlan/OSREntryPlan to the B3IRGenerator,
and read the hasExceptionHandlers() property from the inlined function's
callee, similar to how the top-level function's generator is initialized
in the plan.

In addition to this, we also change when we set the callsite index.
Currently we don't set the callsite index for any call or throw outside
of a try block, which means that we might throw with an old callsite
index set, and erroneously catch the exception in a previous block. To
fix this, we now set a bool in the IR generator after a try or catch block
ends, and set the callsite index for the first call/throw after a try/catch
ends.

Finally, consistent with BBQ, we don't write invalid callsite indices
except for during the function prologue (before our first call/throw). We
also don't write the callsite index at all in the case that we are known
to be in a function without exception handlers.

* JSTests/wasm/stress/inlinee-may-have-exception-handlers.js: Added.
(async test):
* JSTests/wasm/stress/rethrow-should-set-callsite-index.js: Added.
(async test):
* JSTests/wasm/stress/throw-should-set-callsite-index.js: Added.
(async test):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::shouldSetCallSiteIndexAfterTry const):
(JSC::Wasm::B3IRGenerator::didSetCallSiteIndexAfterTry):
(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::B3IRGenerator::preparePatchpointForExceptions):
(JSC::Wasm::B3IRGenerator::addThrow):
(JSC::Wasm::B3IRGenerator::addRethrow):
(JSC::Wasm::B3IRGenerator::addEndToUnreachable):
(JSC::Wasm::B3IRGenerator::emitInlineDirectCall):
(JSC::Wasm::parseAndCompileB3):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.h:
* Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h:
(JSC::Wasm::PatchpointExceptionHandle::PatchpointExceptionHandle):
(JSC::Wasm::PatchpointExceptionHandle::generate const):
* Source/JavaScriptCore/wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
* Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp:
(JSC::Wasm::OSREntryPlan::work):

Canonical link: https://commits.webkit.org/272448.917@safari-7618-branch


  Commit: fe35964ae2b9d357230d652ad43c6313ff2eb04a
      https://github.com/WebKit/WebKit/commit/fe35964ae2b9d357230d652ad43c6313ff2eb04a
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebCore/html/HTMLAnchorElement.cpp

  Log Message:
  -----------
  Remove processing user gesture check before displaying prompt for usdz
https://bugs.webkit.org/show_bug.cgi?id=272321
<radar://126078233>

Reviewed by Alexey Proskuryakov.

Opening a usdz blob isn't considered to be processing a user gesture,
so having the UserGestureIndicator::processingUserGesture() check results
in the download path being taken instead of the prompt and open to ARQL.

Since we already have the prompt, we can remove the user gesture check.

* Source/WebCore/html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):

Canonical link: https://commits.webkit.org/272448.918@safari-7618-branch


  Commit: 6654d9c763aa251c186befdb488159811b92ebf9
      https://github.com/WebKit/WebKit/commit/6654d9c763aa251c186befdb488159811b92ebf9
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick 2cce8526360d. rdar://126250485

    Cherry-pick 31136601a244. rdar://122892811

        Null pointer dereference in elementHasClassInClosestAncestors
        https://bugs.webkit.org/show_bug.cgi?id=269308
        rdar://122892811

        Reviewed by Brent Fulgham.

        Ensure ancestor is non-null before accessing it.

        * Source/WebCore/page/Quirks.cpp:
        (WebCore::elementHasClassInClosestAncestors):

        Canonical link: https://commits.webkit.org/274575@main

    Canonical link: https://commits.webkit.org/272448.548@safari-7618.1.15.14-branch

Canonical link: https://commits.webkit.org/272448.919@safari-7618-branch


  Commit: ba691b7a85cdb62393d972c43d811ec9c05b0b10
      https://github.com/WebKit/WebKit/commit/ba691b7a85cdb62393d972c43d811ec9c05b0b10
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformUse.h
    M Source/WebKit/Configurations/WebKit.xcconfig

  Log Message:
  -----------
  Cherry-pick 276550 at main (e0a393ed719c). rdar://126300127

    Include WebKit process extension source files for all SDK variants
    https://bugs.webkit.org/show_bug.cgi?id=271418
    rdar://125195321

    Reviewed by Sihui Liu.

    * Source/WTF/wtf/PlatformUse.h:
    * Source/WebKit/Configurations/WebKit.xcconfig:

    Canonical link: https://commits.webkit.org/276550@main

Canonical link: https://commits.webkit.org/272448.920@safari-7618-branch


  Commit: ed0d1f2b4e694a108e3b54da539801f4fce6243d
      https://github.com/WebKit/WebKit/commit/ed0d1f2b4e694a108e3b54da539801f4fce6243d
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig

  Log Message:
  -----------
  Cherry-pick 276415 at main (6a907ad049ed). rdar://126300127

    Build WebKit process extensions for all SDK variants
    https://bugs.webkit.org/show_bug.cgi?id=271315
    rdar://125062966

    Reviewed by Chris Dumez.

    * Source/WebKit/Configurations/BaseExtension.xcconfig:

    Canonical link: https://commits.webkit.org/276415@main

Canonical link: https://commits.webkit.org/272448.921@safari-7618-branch


  Commit: e55d41a2b602f4884bb8b0b047ba01508743906c
      https://github.com/WebKit/WebKit/commit/e55d41a2b602f4884bb8b0b047ba01508743906c
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/AssertionCapability.mm

  Log Message:
  -----------
  Cherry-pick 275758 at main (50f99f636b17). rdar://126300127

    Assertion not taken when falling back to legacy process launch path in Simulator
    https://bugs.webkit.org/show_bug.cgi?id=270594
    rdar://124158739

    Reviewed by Chris Dumez.

    * Source/WebKit/Platform/cocoa/AssertionCapability.mm:

    Canonical link: https://commits.webkit.org/275758@main

Canonical link: https://commits.webkit.org/272448.922@safari-7618-branch


  Commit: e82929d4645dc5a2ea7f46ba73aafb46b42b478e
      https://github.com/WebKit/WebKit/commit/e82929d4645dc5a2ea7f46ba73aafb46b42b478e
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformUse.h
    M Source/WebKit/Platform/cocoa/ExtensionCapability.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h
    M Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm
    M Source/WebKit/UIProcess/Cocoa/ExtensionCapabilityGranter.mm
    M Source/WebKit/UIProcess/Cocoa/ProcessAssertionCocoa.mm
    M Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.h
    M Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.mm
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/ProcessAssertion.h

  Log Message:
  -----------
  Cherry-pick 275590 at main (5ca67b41a22f). rdar://126300127

    Add fallback code for launching WebKit process extensions
    https://bugs.webkit.org/show_bug.cgi?id=270238
    rdar://123774804

    Reviewed by Timothy Hatcher and Chris Dumez.

    Add fallback code for launching WebKit process extensions. This is required to run layout tests in Simulator with WebKit ToT
    in certain older configurations. This fallback code is only needed on Simulator and only enabled there.

    * Source/WebKit/Platform/cocoa/ExtensionCapability.h:
    (WebKit::ExtensionCapability::platformCapability const):
    (WebKit::ExtensionCapability::hasPlatformCapability const):
    (WebKit::ExtensionCapability::platformCapabilityIsValid):
    (WebKit::ExtensionCapability::setPlatformCapability):
    * Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.h:
    * Source/WebKit/Platform/cocoa/ExtensionCapabilityGrant.mm:
    (WebKit::platformInvalidate):
    (WebKit::ExtensionCapabilityGrant::ExtensionCapabilityGrant):
    (WebKit::ExtensionCapabilityGrant::~ExtensionCapabilityGrant):
    (WebKit::ExtensionCapabilityGrant::isEmpty const):
    (WebKit::ExtensionCapabilityGrant::isValid const):
    (WebKit::ExtensionCapabilityGrant::setPlatformGrant):
    (WebKit::ExtensionCapabilityGrant::invalidate):
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/GPUExtension-Info.plist:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-CaptivePortal-Info.plist:
    * Source/WebKit/Shared/AuxiliaryProcessExtensions/WebContentExtension-Info.plist:
    * Source/WebKit/UIProcess/Cocoa/ExtensionCapabilityGranter.mm:
    (WebKit::grantCapability):
    (WebKit::grantCapabilityInternal):
    (WebKit::ExtensionCapabilityGranter::grant):
    (WebKit::ExtensionCapabilityGranter::setMediaCapabilityActive):
    (WebKit::ExtensionCapabilityGranter::invalidateGrants):
    * Source/WebKit/UIProcess/Cocoa/ProcessAssertionCocoa.mm:
    (WebKit::ProcessAssertion::ProcessAssertion):
    (WebKit::ProcessAssertion::acquireSync):
    (WebKit::ProcessAssertion::~ProcessAssertion):
    * Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.h:
    * Source/WebKit/UIProcess/Launcher/cocoa/ExtensionProcess.mm:
    (WebKit::ExtensionProcess::ExtensionProcess):
    (WebKit::ExtensionProcess::grantCapability const):
    (WebKit::ExtensionProcess::createVisibilityPropagationInteraction const):
    * Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
    (WebKit::serviceNameAndIdentifier):
    (WebKit::launchWithExtensionKitFallback):
    (WebKit::launchWithExtensionKit):
    * Source/WebKit/UIProcess/ProcessAssertion.h:

    Canonical link: https://commits.webkit.org/275590@main

Canonical link: https://commits.webkit.org/272448.923@safari-7618-branch


  Commit: 19eab2f424d5c3e8578a7448d9eb526c824052db
      https://github.com/WebKit/WebKit/commit/19eab2f424d5c3e8578a7448d9eb526c824052db
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Cherry-pick 275723 at main (45c65b492d2e). rdar://126300127

    Always use process launch fallback for Simulator on older OS versions
    https://bugs.webkit.org/show_bug.cgi?id=270518
    rdar://124070357

    Reviewed by Chris Dumez and Brady Eidson.

    For performance reasons, there is no need to try the main process launch path on Simulator for
    older OS versions, since it will fail in that case.

    * Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
    (WebKit::launchWithExtensionKit):

    Canonical link: https://commits.webkit.org/275723@main

Canonical link: https://commits.webkit.org/272448.924@safari-7618-branch


  Commit: 4201e96638f01d448c96ecc8f2cf9ec78e78ee96
      https://github.com/WebKit/WebKit/commit/4201e96638f01d448c96ecc8f2cf9ec78e78ee96
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-04-12 (Fri, 12 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioBuffer.cpp
    M Source/WebCore/Modules/webaudio/AudioBuffer.h
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp
    M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h

  Log Message:
  -----------
  [WebAudio] Use-after-free in WebCore::AudioBufferSourceNode::renderFromBuffer
https://bugs.webkit.org/show_bug.cgi?id=272607
rdar://126326144

Reviewed by Yusuke Suzuki.

The JS on the main thread can detach the AudioBuffer's channels while
it is being read by the audio rendering thread, causing use-after-frees.

In a previous fix attempt, we starting copying the AudioBuffer's channels
so that the audio thread would read a copy instead. However, the increased
memory usage resulted in increased jetsams on gaming sites.

As a temporary stop gap measure, this patch simply marks the AudioBuffer's
channels as non-detachable to prevent the issue. This is not quite spec
compliant but it addresses the security issue until we can implement the
specification correctly without causing jetsams.

* Source/WebCore/Modules/webaudio/AudioBuffer.cpp:
(WebCore::AudioBuffer::markBuffersAsNonDetachable):
* Source/WebCore/Modules/webaudio/AudioBuffer.h:
* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore::AudioBufferSourceNode::acquireBufferContent):
(WebCore::AudioBufferSourceNode::setBufferForBindings):
(WebCore::AudioBufferSourceNode::startPlaying):
* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.h:

Canonical link: https://commits.webkit.org/272448.925@safari-7618-branch


  Commit: a76aaa768a189f4dd7c369d7107dfe972c4c0abc
      https://github.com/WebKit/WebKit/commit/a76aaa768a189f4dd7c369d7107dfe972c4c0abc
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2024-04-13 (Sat, 13 Apr 2024)

  Changed paths:
    A LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-balance-empty-range-crash-expected.html
    A LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-balance-empty-range-crash.html
    M Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp

  Log Message:
  -----------
  Guard balanceRangeWithLineRequirement against empty/invalid ranges
rdar://126011869

Reviewed by Brent Fulgham.

InlineItemRange is used for calculating the
number of line break opportunities (NLBO),

We always insert at least 1 dummy item to the Vector
tracking line break opportunities for algorithm purposes,
so NLBO is never zero. However, when initializing
SlidingWidth, balanceRangeWithLineRequirement starts
counting line break opportunities from startIndex = 1,
assuming that the received range had at least 1 item.

We should consider that an empty or invalid range
can be received and guard against it.

* LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-balance-empty-range-crash-expected.html: Added.
* LayoutTests/fast/css3-text/css3-text-wrap/text-wrap-balance-empty-range-crash.html: Added.
* Source/WebCore/layout/formattingContexts/inline/InlineContentBalancer.cpp:
(WebCore::Layout::InlineContentBalancer::computeBalanceConstraints):
(WebCore::Layout::InlineContentBalancer::balanceRangeWithLineRequirement):
(WebCore::Layout::InlineContentBalancer::balanceRangeWithNoLineRequirement):

Canonical link: https://commits.webkit.org/272448.926@safari-7618-branch


  Commit: 5435e56291f1e69102a8af42d170d006328be8d4
      https://github.com/WebKit/WebKit/commit/5435e56291f1e69102a8af42d170d006328be8d4
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.11

Identifier: 272448.927 at safari-7618-branch


  Commit: 702b9d32f197ec91f6ceb89cf0b2f3806329bf5e
      https://github.com/WebKit/WebKit/commit/702b9d32f197ec91f6ceb89cf0b2f3806329bf5e
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    A LayoutTests/fast/dom/dispatch-event-without-event-listener-expected.txt
    A LayoutTests/fast/dom/dispatch-event-without-event-listener.html
    M Source/WebCore/dom/EventDispatcher.cpp

  Log Message:
  -----------
  Cherry-pick 5b488a0a1b57. rdar://126311287

    REGRESSION(272801 at main): CustomEvent.target is not set when dispatching event
    https://bugs.webkit.org/show_bug.cgi?id=272552
    <rdar://126311287>

    Reviewed by Yusuke Suzuki.

    Set Event's target even when there is no relevant event listener since this is observable by scripts.

    * LayoutTests/fast/dom/dispatch-event-without-event-listener-expected.txt: Added.
    * LayoutTests/fast/dom/dispatch-event-without-event-listener.html: Added.
    * Source/WebCore/dom/EventDispatcher.cpp:
    (WebCore::EventDispatcher::dispatchEvent):

    Canonical link: https://commits.webkit.org/277435@main

Identifier: 272448.928 at safari-7618-branch


  Commit: c5d1a2b2b7c087c478cffc15cfc51e65938c8fa9
      https://github.com/WebKit/WebKit/commit/c5d1a2b2b7c087c478cffc15cfc51e65938c8fa9
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    M LayoutTests/platform/ios/css1/box_properties/acid_test-expected.txt
    M LayoutTests/platform/ios/css2.1/t09-c5526c-display-00-e-expected.txt
    M LayoutTests/platform/ios/fast/block/basic/011-expected.txt
    M LayoutTests/platform/ios/fast/block/basic/minheight-expected.txt
    M LayoutTests/platform/ios/fast/block/margin-collapse/103-expected.txt
    M LayoutTests/platform/ios/fast/css/002-expected.txt
    M LayoutTests/platform/ios/fast/forms/search-styled-expected.txt
    M LayoutTests/platform/ios/fast/invalid/008-expected.txt
    M LayoutTests/platform/ios/fast/overflow/003-expected.txt
    M LayoutTests/platform/ios/fast/text/capitalize-boundaries-expected.txt
    M LayoutTests/platform/ios/fast/text/international/bidi-explicit-embedding-expected.txt
    M LayoutTests/platform/ios/scrollbars/overflow-scrollbar-combinations-expected.txt
    M LayoutTests/platform/ios/svg/custom/svg-fonts-in-html-expected.txt

  Log Message:
  -----------
  [Gardening] Rebaseline various iOS tests
rdar://126497698

Unreviewed test gardening.

* LayoutTests/platform/ios/css1/box_properties/acid_test-expected.txt:
* LayoutTests/platform/ios/css2.1/t09-c5526c-display-00-e-expected.txt:
* LayoutTests/platform/ios/fast/block/basic/011-expected.txt:
* LayoutTests/platform/ios/fast/block/basic/minheight-expected.txt:
* LayoutTests/platform/ios/fast/block/margin-collapse/103-expected.txt:
* LayoutTests/platform/ios/fast/css/002-expected.txt:
* LayoutTests/platform/ios/fast/forms/search-styled-expected.txt:
* LayoutTests/platform/ios/fast/invalid/008-expected.txt:
* LayoutTests/platform/ios/fast/overflow/003-expected.txt:
* LayoutTests/platform/ios/fast/text/capitalize-boundaries-expected.txt:
* LayoutTests/platform/ios/fast/text/international/bidi-explicit-embedding-expected.txt:
* LayoutTests/platform/ios/scrollbars/overflow-scrollbar-combinations-expected.txt:
* LayoutTests/platform/ios/svg/custom/svg-fonts-in-html-expected.txt:

Canonical link: https://commits.webkit.org/272448.929@safari-7618-branch


  Commit: 2c478327c1fa9b6569b098cdc2ccd4feb8e5caee
      https://github.com/WebKit/WebKit/commit/2c478327c1fa9b6569b098cdc2ccd4feb8e5caee
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    M Tools/Scripts/webkitpy/common/version_name_map.py
    M Tools/Scripts/webkitpy/common/version_name_map_unittest.py
    M Tools/Scripts/webkitpy/port/factory.py
    A Tools/Scripts/webkitpy/port/visionos.py
    A Tools/Scripts/webkitpy/port/visionos_simulator.py
    A Tools/Scripts/webkitpy/port/visionos_simulator_unittest.py
    A Tools/Scripts/webkitpy/port/visionos_testcase.py
    M Tools/Scripts/webkitpy/test/main.py
    M Tools/Scripts/webkitpy/xcode/device_type.py
    M Tools/Scripts/webkitpy/xcode/device_type_unittest.py

  Log Message:
  -----------
  Cherry-pick 274484 at main (3159d8008436). rdar://126511627

    [run-webkit-tests] Add visionOS
    https://bugs.webkit.org/show_bug.cgi?id=268567
    rdar://112615351

    Reviewed by Ryan Haddad.

    * Tools/Scripts/webkitpy/common/version_name_map.py:
    (VersionNameMap.__init__): Add visionOS.
    * Tools/Scripts/webkitpy/port/factory.py:
    (platform_options): Add --visionos-simulator flag.
    (PortFactory): Add visionOS port.
    * Tools/Scripts/webkitpy/port/visionos.py: Added.
    (VisionOSPort): Added.
    * Tools/Scripts/webkitpy/port/visionos_simulator.py: Added.
    (VisionOSSimulatorPort): Added.
    * Tools/Scripts/webkitpy/port/visionos_simulator_unittest.py: Added.
    (VisionOSSimulatorTest): Added.
    * Tools/Scripts/webkitpy/port/visionos_testcase.py: Added.
    (VisionOSTest): Added.
    * Tools/Scripts/webkitpy/xcode/device_type.py:
    (DeviceType._define_software_variant_from_hardware_family): Handle Vision Pro.
    (DeviceType.standardize_hardware_type): Strip 'Apple' from 'Apple Vision Pro'
    to match naming conventions of other simulated hardware.
    * Tools/Scripts/webkitpy/xcode/device_type_unittest.py:
    (DeviceTypeTest.test_visionos): Added.

    Canonical link: https://commits.webkit.org/274484@main

Canonical link: https://commits.webkit.org/272448.930@safari-7618-branch


  Commit: 595fc4594d77f7f3f408a800db39d6184df052c5
      https://github.com/WebKit/WebKit/commit/595fc4594d77f7f3f408a800db39d6184df052c5
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp

  Log Message:
  -----------
  Fix issue in createFidoAttestationStatementFromU2fRegisterResponse
https://bugs.webkit.org/show_bug.cgi?id=272698
rdar://125024119

Reviewed by Charlie Wolfe.

Since the x509 length here is user supplied, the addition of the offset
could overflow. We fix this issue by using the CheckedArithmetic header.

Canonical link: https://commits.webkit.org/272448.931@safari-7618-branch


Compare: https://github.com/WebKit/WebKit/compare/356ee012f3bb...595fc4594d77

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list