From a17d0c381b91c4db749a290c344e5c8943fbc658 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 13:28:44 -0800
Subject: [PATCH 001/174] Use more site-isolation friendly frame tree traversal
 in FullscreenManager https://bugs.webkit.org/show_bug.cgi?id=288213
 rdar://145304768

Reviewed by Ryosuke Niwa.

In a few places we were making assumptions like:

1. The main frame is in the same process as the current document
2. A document's owner element is in the same process as the document
3. When we are traversing, if we find a document without an owner element
in this process, we must be at the main frame.

All 3 assumptions are invalid when site isolation is on.  I've replaced
the traversal with traversing the FrameTree including LocalFrames and
RemoteFrames and only visiting the LocalFrames.

Before this change, exiting a fullscreen third party iframe would not actually
exit, as seen by the lack of UI process exitFullScreenForElement and
beganExitFullScreen calls in the test output.  That is fixed with this change.
The style and size isn't yet correct, but those will be fixed in future PRs.

I also replaced a few Deques with Vector+makeReversedRange to accomplish
the same reverse iteration without the overhead of a Deque.

FullscreenManager::exitFullscreen had an assumption that the exit mode is
NoResize unless we know we are exiting fullscreen in the main frame.  In
order for exiting fullscreen to work in iframes with site isolation on,
I needed to make the assumption that if the main frame is in another process
we are exiting with ExitMode::Resize.  This only applies with site isolation
on.

* LayoutTests/http/tests/site-isolation/fullscreen-expected.txt:
* LayoutTests/http/tests/site-isolation/fullscreen.html:
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::documentsToUnfullscreen):
(WebCore::FullscreenManager::exitFullscreen):
(WebCore::FullscreenManager::finishExitFullscreen):
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::didExitFullscreen):
* Source/WebCore/dom/FullscreenManager.h:

Canonical link: https://commits.webkit.org/290822@main
---
 .../site-isolation/fullscreen-expected.txt    |  8 +-
 .../http/tests/site-isolation/fullscreen.html |  5 +-
 ...t-fullscreen-nested-in-iframe-expected.txt |  2 +-
 Source/WebCore/dom/FullscreenManager.cpp      | 78 ++++++++++---------
 Source/WebCore/dom/FullscreenManager.h        |  2 +-
 5 files changed, 52 insertions(+), 43 deletions(-)

diff --git a/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt b/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
index 879bd9e58554a..70cf5b7cf5b6b 100644
--- a/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
+++ b/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
@@ -1,11 +1,17 @@
 supportsFullScreen() == true
 enterFullScreenForElement()
 beganEnterFullScreen() - initialRect.size: {300, 150}, finalRect.size: {300, 150}
+exitFullScreenForElement()
+beganExitFullScreen() - initialRect.size: {300, 150}, finalRect.size: {300, 150}
 
 FIXME: Size after entering should be 600x800 like it is with site isolation off.
 The size currently comes from screenRectOfContents.
-Also, there should be exitFullScreenForElement and beganExitFullScreen callbacks like there are with site isolation off.
+Also, the iframe's border 'inset' style should be 'none' after entering fullscreen.
 
 Size after entering fullscreen: 150x300
+iframe border style after transition: 0px inset rgb(0, 0, 0)
+
 Size after exiting fullscreen: 150x300
+iframe border style after transition: 0px inset rgb(0, 0, 0)
+
 
diff --git a/LayoutTests/http/tests/site-isolation/fullscreen.html b/LayoutTests/http/tests/site-isolation/fullscreen.html
index f01238da10f03..4e2a9d6beba75 100644
--- a/LayoutTests/http/tests/site-isolation/fullscreen.html
+++ b/LayoutTests/http/tests/site-isolation/fullscreen.html
@@ -7,12 +7,13 @@
     }
     addEventListener("message", (event) => {
         document.getElementById("mylog").innerHTML += event.data + "<br>";
+        document.getElementById("mylog").innerHTML += 'iframe border style after transition: ' + getComputedStyle(document.getElementById("frame")).getPropertyValue('border') + "<br><br>";
         if (event.data.startsWith('Size after exiting') && window.testRunner) { testRunner.notifyDone() }
     });
 </script>
-<iframe allowfullscreen src="http://localhost:8000/site-isolation/resources/fullscreen.html" frameborder=0></iframe>
+<iframe id='frame' allowfullscreen src="http://localhost:8000/site-isolation/resources/fullscreen.html" frameborder=0></iframe>
 <div id=mylog>
 FIXME: Size after entering should be 600x800 like it is with site isolation off.<br>
 The size currently comes from screenRectOfContents.<br>
-Also, there should be exitFullScreenForElement and beganExitFullScreen callbacks like there are with site isolation off.<br><br>
+Also, the iframe's border 'inset' style should be 'none' after entering fullscreen.<br><br>
 </div>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/document-exit-fullscreen-nested-in-iframe-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/document-exit-fullscreen-nested-in-iframe-expected.txt
index 6069b834e7b8f..52dfe7ac986f6 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/document-exit-fullscreen-nested-in-iframe-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/document-exit-fullscreen-nested-in-iframe-expected.txt
@@ -1,4 +1,4 @@
 
 
-FAIL Exit fullscreen for nested fullscreen inside an iframe assert_equals: expected null but got Element node <iframe allowfullscreen="" srcdoc="<div id='outer'><div i...
+PASS Exit fullscreen for nested fullscreen inside an iframe
 
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index de6c3c7948387..08f5e00c03020 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -284,23 +284,24 @@ void FullscreenManager::cancelFullscreen()
 }
 
 // https://fullscreen.spec.whatwg.org/#collect-documents-to-unfullscreen
-static Vector<Ref<Document>> documentsToUnfullscreen(Document& firstDocument)
+static Vector<Ref<Document>> documentsToUnfullscreen(Frame& firstFrame)
 {
-    Vector<Ref<Document>> documents { Ref { firstDocument } };
-    while (true) {
-        auto lastDocument = documents.last();
-        ASSERT(lastDocument->fullscreenManager().fullscreenElement());
-        if (!lastDocument->fullscreenManager().isSimpleFullscreenDocument())
-            break;
-        auto frame = lastDocument->frame();
-        if (!frame)
-            break;
-        auto frameOwner = frame->ownerElement();
-        if (!frameOwner)
+    Vector<Ref<Document>> documents;
+    if (RefPtr localFirstFrame = dynamicDowncast<LocalFrame>(firstFrame); localFirstFrame && localFirstFrame->document())
+        documents.append(*localFirstFrame->document());
+    for (RefPtr frame = firstFrame.tree().parent(); frame; frame = frame->tree().parent()) {
+        RefPtr localFrame = dynamicDowncast<LocalFrame>(frame);
+        if (!localFrame)
+            continue;
+        RefPtr document = localFrame->document();
+        if (!document)
+            continue;
+        ASSERT(document->fullscreenManager().fullscreenElement());
+        if (!document->fullscreenManager().isSimpleFullscreenDocument())
             break;
-        if (auto* iframe = dynamicDowncast<HTMLIFrameElement>(frameOwner); iframe && iframe->hasIFrameFullscreenFlag())
+        if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(document->ownerElement()); iframe && iframe->hasIFrameFullscreenFlag())
             break;
-        documents.append(frameOwner->document());
+        documents.append(*document);
     }
     return documents;
 }
@@ -318,18 +319,19 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
 
     Ref exitingDocument = document();
     auto mode = ExitMode::NoResize;
-    auto exitDocuments = documentsToUnfullscreen(exitingDocument);
+    Vector<Ref<Document>> exitDocuments;
+    if (RefPtr exitingFrame = exitingDocument->frame())
+        exitDocuments = documentsToUnfullscreen(*exitingFrame);
 
     RefPtr mainFrameDocument = this->mainFrameDocument();
-    if (!mainFrameDocument)
-        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::exitFullscreen() without access to the main frame document ");
 
     bool exitsTopDocument = exitDocuments.containsIf([&](auto& document) {
         return document.ptr() == mainFrameDocument.get();
     });
-    if (exitsTopDocument && mainFrameDocument && mainFrameDocument->fullscreenManager().isSimpleFullscreenDocument()) {
+    if (!mainFrameDocument || (exitsTopDocument && mainFrameDocument->fullscreenManager().isSimpleFullscreenDocument())) {
         mode = ExitMode::Resize;
-        exitingDocument = *mainFrameDocument;
+        if (mainFrameDocument)
+            exitingDocument = *mainFrameDocument;
     }
 
     if (RefPtr element = exitingDocument->fullscreenManager().fullscreenElement(); element && !element->isConnected()) {
@@ -373,7 +375,8 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
                 checkedThis->didExitFullscreen(WTFMove(completionHandler));
             });
         } else {
-            finishExitFullscreen(protectedDocument(), ExitMode::NoResize);
+            if (RefPtr frame = document().frame())
+                finishExitFullscreen(*frame, ExitMode::NoResize);
 
             // We just popped off one fullscreen element out of the top layer, query the new one.
             m_pendingFullscreenElement = fullscreenElement();
@@ -390,19 +393,20 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
     });
 }
 
-void FullscreenManager::finishExitFullscreen(Document& currentDocument, ExitMode mode)
+void FullscreenManager::finishExitFullscreen(Frame& currentFrame, ExitMode mode)
 {
-    if (!currentDocument.fullscreenManager().fullscreenElement())
+    RefPtr currentLocalFrame = dynamicDowncast<LocalFrame>(currentFrame);
+    if (currentLocalFrame && currentLocalFrame->document() && !currentLocalFrame->document()->fullscreenManager().fullscreenElement())
         return;
 
     // Let descendantDocs be an ordered set consisting of doc’s descendant browsing contexts' active documents whose fullscreen element is non-null, if any, in tree order.
-    Deque<Ref<Document>> descendantDocuments;
-    for (RefPtr descendant = currentDocument.frame() ? currentDocument.frame()->tree().traverseNext() : nullptr; descendant; descendant = descendant->tree().traverseNext()) {
+    Vector<Ref<Document>> descendantDocuments;
+    for (RefPtr descendant = currentFrame.tree().traverseNext(); descendant; descendant = descendant->tree().traverseNext()) {
         RefPtr localFrame = dynamicDowncast<LocalFrame>(descendant);
         if (!localFrame || !localFrame->document())
             continue;
         if (localFrame->document()->fullscreenManager().fullscreenElement())
-            descendantDocuments.prepend(*localFrame->document());
+            descendantDocuments.append(*localFrame->document());
     }
 
     auto unfullscreenDocument = [](const Ref<Document>& document) {
@@ -417,7 +421,7 @@ void FullscreenManager::finishExitFullscreen(Document& currentDocument, ExitMode
             element->removeFromTopLayer();
     };
 
-    auto exitDocuments = documentsToUnfullscreen(currentDocument);
+    auto exitDocuments = documentsToUnfullscreen(currentFrame);
     for (Ref exitDocument : exitDocuments) {
         queueFullscreenChangeEventForDocument(exitDocument);
         if (mode == ExitMode::Resize)
@@ -429,7 +433,7 @@ void FullscreenManager::finishExitFullscreen(Document& currentDocument, ExitMode
         }
     }
 
-    for (Ref descendantDocument : descendantDocuments) {
+    for (Ref descendantDocument : makeReversedRange(descendantDocuments)) {
         queueFullscreenChangeEventForDocument(descendantDocument);
         unfullscreenDocument(descendantDocument);
     }
@@ -496,13 +500,13 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
 
     m_fullscreenElement = &element;
 
-    Deque<RefPtr<Element>> ancestors;
-    RefPtr ancestor = &element;
-    do {
-        ancestors.append(ancestor);
-    } while ((ancestor = ancestor->document().ownerElement()));
+    Vector<Ref<Element>> ancestors { { element } };
+    for (RefPtr<Frame> frame = element.document().frame(); frame; frame = frame->tree().parent()) {
+        if (RefPtr ownerElement = frame->ownerElement())
+            ancestors.append(ownerElement.releaseNonNull());
+    }
 
-    for (auto ancestor : ancestors) {
+    for (auto ancestor : makeReversedRange(ancestors)) {
         auto hideUntil = ancestor->topmostPopoverAncestor(Element::TopLayerElementType::Other);
         ancestor->document().hideAllPopoversUntil(hideUntil, FocusPreviousElement::No, FireEvents::No);
 
@@ -523,7 +527,7 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
         RenderElement::markRendererDirtyAfterTopLayerChange(ancestor->checkedRenderer().get(), containingBlockBeforeStyleResolution.get());
     }
 
-    if (auto* iframe = dynamicDowncast<HTMLIFrameElement>(element))
+    if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(element))
         iframe->setIFrameFullscreenFlag(true);
 
     return { };
@@ -574,10 +578,8 @@ void FullscreenManager::didExitFullscreen(CompletionHandler<void(ExceptionOr<voi
     }
     INFO_LOG(LOGIDENTIFIER);
 
-    if (RefPtr mainFrameDocument = protectedMainFrameDocument())
-        finishExitFullscreen(*mainFrameDocument, ExitMode::Resize);
-    else
-        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::didExitFullscreen() without access to the main frame document ");
+    if (RefPtr frame = document().frame())
+        finishExitFullscreen(frame->mainFrame(), ExitMode::Resize);
 
     if (auto fullscreenElement = fullscreenOrPendingElement())
         fullscreenElement->didStopBeingFullscreenElement();
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index cc3283a9a70fb..84405d7a3a86a 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -81,7 +81,7 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     void dispatchPendingEvents();
 
     enum class ExitMode : bool { Resize, NoResize };
-    void finishExitFullscreen(Document&, ExitMode);
+    void finishExitFullscreen(Frame&, ExitMode);
 
     void exitRemovedFullscreenElement(Element&);
 

From ac88fd005ae0e756a4f29b37e02666a839975b77 Mon Sep 17 00:00:00 2001
From: Rupin Mittal <rupin@apple.com>
Date: Fri, 21 Feb 2025 13:30:39 -0800
Subject: [PATCH 002/174] Adopt more smart pointers in APISerializedScriptValue
 and VideoFrameCV https://bugs.webkit.org/show_bug.cgi?id=288023
 rdar://145174758

Reviewed by Chris Dumez.

Smart pointer adoption as per the static analyzer.

* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/platform/graphics/cv/VideoFrameCV.mm:
(WebCore::VideoFrame::createFromPixelBuffer):
* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/Shared/API/APISerializedScriptValue.h:

Canonical link: https://commits.webkit.org/290823@main
---
 .../UncountedLocalVarsCheckerExpectations                | 1 -
 Source/WebCore/platform/graphics/cv/VideoFrameCV.mm      | 9 +++++----
 .../UncountedCallArgsCheckerExpectations                 | 1 -
 Source/WebKit/Shared/API/APISerializedScriptValue.h      | 2 +-
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 1f4b005a5b97a..a035d2c5d7da6 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -607,7 +607,6 @@ platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm
 platform/graphics/cocoa/controls/ApplePayButtonCocoa.mm
 platform/graphics/coretext/ComplexTextControllerCoreText.mm
 platform/graphics/coretext/GlyphPageCoreText.cpp
-platform/graphics/cv/VideoFrameCV.mm
 platform/graphics/displaylists/DisplayListItem.cpp
 platform/graphics/displaylists/DisplayListItems.cpp
 platform/graphics/displaylists/DisplayListRecorder.cpp
diff --git a/Source/WebCore/platform/graphics/cv/VideoFrameCV.mm b/Source/WebCore/platform/graphics/cv/VideoFrameCV.mm
index 91ea53e1e9c65..49a0f05c11ba3 100644
--- a/Source/WebCore/platform/graphics/cv/VideoFrameCV.mm
+++ b/Source/WebCore/platform/graphics/cv/VideoFrameCV.mm
@@ -501,22 +501,23 @@ static void copyPlane(uint8_t* destination, const uint8_t* source, uint64_t sour
     auto size = pixelBuffer->size();
     auto width = size.width();
     auto height = size.height();
-
     auto dataBaseAddress = pixelBuffer->bytes().data();
-    auto leakedBuffer = &pixelBuffer.leakRef();
     
     auto derefBuffer = [] (void* context, const void*) {
         static_cast<PixelBuffer*>(context)->deref();
     };
 
     CVPixelBufferRef cvPixelBufferRaw = nullptr;
-    auto status = CVPixelBufferCreateWithBytes(kCFAllocatorDefault, width, height, kCVPixelFormatType_32BGRA, dataBaseAddress, width * 4, derefBuffer, leakedBuffer, nullptr, &cvPixelBufferRaw);
+    auto status = CVPixelBufferCreateWithBytes(kCFAllocatorDefault, width, height, kCVPixelFormatType_32BGRA, dataBaseAddress, width * 4, derefBuffer, pixelBuffer.ptr(), nullptr, &cvPixelBufferRaw);
 
     auto cvPixelBuffer = adoptCF(cvPixelBufferRaw);
     if (!cvPixelBuffer) {
-        derefBuffer(leakedBuffer, nullptr);
         return nullptr;
     }
+
+    // The CVPixelBuffer now owns the pixelBuffer and will call `deref()` on it when it gets destroyed.
+    pixelBuffer->ref();
+
     ASSERT_UNUSED(status, !status);
     return RefPtr { VideoFrameCV::create({ }, false, Rotation::None, WTFMove(cvPixelBuffer), WTFMove(colorSpace)) };
 }
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 97b9aa71ca827..665f39c161df0 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -26,7 +26,6 @@ NetworkProcess/storage/BackgroundFetchStoreManager.cpp
 NetworkProcess/storage/IDBStorageRegistry.cpp
 Platform/IPC/ArgumentCoders.h
 Shared/API/APIArray.h
-Shared/API/APISerializedScriptValue.h
 Shared/API/c/WKArray.cpp
 Shared/API/c/WKContextMenuItem.cpp
 Shared/API/c/WKData.cpp
diff --git a/Source/WebKit/Shared/API/APISerializedScriptValue.h b/Source/WebKit/Shared/API/APISerializedScriptValue.h
index 4c8e8360fcd53..cd5999a9f3e92 100644
--- a/Source/WebKit/Shared/API/APISerializedScriptValue.h
+++ b/Source/WebKit/Shared/API/APISerializedScriptValue.h
@@ -93,7 +93,7 @@ class SerializedScriptValue : public API::ObjectImpl<API::Object::Type::Serializ
     {
     }
 
-    Ref<WebCore::SerializedScriptValue> m_serializedScriptValue;
+    const Ref<WebCore::SerializedScriptValue> m_serializedScriptValue;
 };
     
 }

From 2103a91dc922a2a1fc4b6f8ebdb7ccace9dd3f88 Mon Sep 17 00:00:00 2001
From: Rupin Mittal <rupin@apple.com>
Date: Fri, 21 Feb 2025 13:31:45 -0800
Subject: [PATCH 003/174] Adopt more smart pointers in
 LocalSampleBufferDisplayLayer.mm
 https://bugs.webkit.org/show_bug.cgi?id=287917 rdar://145101954

Reviewed by Chris Dumez and Geoffrey Garen.

Smart pointer adoption as per the static analyzer.

* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations:
* Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.h:
* Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm:
(WebCore::LocalSampleBufferDisplayLayer::setShouldMaintainAspectRatio):
(WebCore::LocalSampleBufferDisplayLayer::layerStatusDidChange):
(WebCore::LocalSampleBufferDisplayLayer::layerErrorDidChange):
(WebCore::LocalSampleBufferDisplayLayer::updateSampleLayerBoundsAndPosition):
(WebCore::LocalSampleBufferDisplayLayer::flush):
(WebCore::LocalSampleBufferDisplayLayer::flushAndRemoveImage):
(WebCore::LocalSampleBufferDisplayLayer::enqueueVideoFrame):
(WebCore::LocalSampleBufferDisplayLayer::clearVideoFrames):
(WebCore::LocalSampleBufferDisplayLayer::requestNotificationWhenReadyForVideoData):

Canonical link: https://commits.webkit.org/290824@main
---
 .../UncountedCallArgsCheckerExpectations      |  1 -
 ...UncountedLambdaCapturesCheckerExpectations |  1 -
 .../objc/LocalSampleBufferDisplayLayer.h      |  2 +-
 .../objc/LocalSampleBufferDisplayLayer.mm     | 67 ++++++++++---------
 4 files changed, 37 insertions(+), 34 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index b63ab4cd714a0..9394d7644125a 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1065,7 +1065,6 @@ platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
 platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
-platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm
 platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm
 platform/graphics/avfoundation/objc/WebAVContentKeyGroup.mm
 platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 5884ca414861c..444df974d18c8 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -139,7 +139,6 @@ platform/encryptedmedia/clearkey/CDMClearKey.cpp
 platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
 platform/graphics/avfoundation/objc/InbandChapterTrackPrivateAVFObjC.mm
-platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm
 platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
 platform/graphics/cocoa/VideoMediaSampleRenderer.mm
 platform/graphics/filters/FilterOperation.cpp
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.h b/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.h
index f7cb367a76345..11fd65db5dfdd 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.h
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.h
@@ -105,7 +105,7 @@ class WEBCORE_EXPORT LocalSampleBufferDisplayLayer final : public SampleBufferDi
     RetainPtr<PlatformLayer> m_rootLayer;
     RenderPolicy m_renderPolicy { RenderPolicy::TimingInfo };
 
-    Ref<WorkQueue> m_processingQueue;
+    const Ref<WorkQueue> m_processingQueue;
 
     // Only accessed through m_processingQueue or if m_processingQueue is null.
     using PendingSampleQueue = Deque<Ref<VideoFrame>>;
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm b/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm
index 45b172ea88b63..a8a5c8284fef7 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/LocalSampleBufferDisplayLayer.mm
@@ -210,13 +210,13 @@ static void runWithoutAnimations(NOESCAPE const WTF::Function<void()>& function)
 
 void LocalSampleBufferDisplayLayer::setShouldMaintainAspectRatio(bool shouldMaintainAspectRatio)
 {
-    ensureOnMainThread([this, weakThis = ThreadSafeWeakPtr { *this }, shouldMaintainAspectRatio]() mutable {
+    ensureOnMainThread([weakThis = ThreadSafeWeakPtr { *this }, shouldMaintainAspectRatio]() mutable {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
         runWithoutAnimations([&] {
-            m_sampleBufferDisplayLayer.get().videoGravity = shouldMaintainAspectRatio ? AVLayerVideoGravityResizeAspect : AVLayerVideoGravityResize;
+            protectedThis->m_sampleBufferDisplayLayer.get().videoGravity = shouldMaintainAspectRatio ? AVLayerVideoGravityResizeAspect : AVLayerVideoGravityResize;
         });
     });
 }
@@ -225,12 +225,13 @@ static void runWithoutAnimations(NOESCAPE const WTF::Function<void()>& function)
 {
     ASSERT(isMainThread());
 ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-    if (m_client && m_sampleBufferDisplayLayer.get().status == AVQueuedSampleBufferRenderingStatusFailed) {
+    RefPtr client = m_client.get();
+    if (client && m_sampleBufferDisplayLayer.get().status == AVQueuedSampleBufferRenderingStatusFailed) {
 ALLOW_DEPRECATED_DECLARATIONS_END
         RELEASE_LOG_ERROR(WebRTC, "LocalSampleBufferDisplayLayer::layerStatusDidChange going to failed status (%{public}s) ", m_logIdentifier.utf8().data());
         if (!m_didFail) {
             m_didFail = true;
-            m_client->sampleBufferDisplayLayerStatusDidFail();
+            client->sampleBufferDisplayLayerStatusDidFail();
         }
     }
 }
@@ -239,10 +240,11 @@ static void runWithoutAnimations(NOESCAPE const WTF::Function<void()>& function)
 {
     ASSERT(isMainThread());
     RELEASE_LOG_ERROR(WebRTC, "LocalSampleBufferDisplayLayer::layerErrorDidChange (%{public}s) ", m_logIdentifier.utf8().data());
-    if (!m_client || m_didFail)
+    RefPtr client = m_client.get();
+    if (!client || m_didFail)
         return;
     m_didFail = true;
-    m_client->sampleBufferDisplayLayerStatusDidFail();
+    client->sampleBufferDisplayLayerStatusDidFail();
 }
 
 PlatformLayer* LocalSampleBufferDisplayLayer::displayLayer()
@@ -289,54 +291,57 @@ static void runWithoutAnimations(NOESCAPE const WTF::Function<void()>& function)
 
 void LocalSampleBufferDisplayLayer::updateSampleLayerBoundsAndPosition(std::optional<CGRect> bounds)
 {
-    ensureOnMainThread([this, weakThis = ThreadSafeWeakPtr { *this }, bounds, rotation = m_videoFrameRotation, affineTransform = m_affineTransform]() mutable {
+    ensureOnMainThread([weakThis = ThreadSafeWeakPtr { *this }, bounds, rotation = m_videoFrameRotation, affineTransform = m_affineTransform]() mutable {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
-        auto layerBounds = bounds.value_or(m_rootLayer.get().bounds);
+        RetainPtr rootLayer = protectedThis->m_rootLayer;
+        auto layerBounds = bounds.value_or(rootLayer.get().bounds);
         CGPoint layerPosition { layerBounds.size.width / 2, layerBounds.size.height / 2 };
         if (rotation == VideoFrame::Rotation::Right || rotation == VideoFrame::Rotation::Left)
             std::swap(layerBounds.size.width, layerBounds.size.height);
         runWithoutAnimations([&] {
             if (bounds) {
-                m_rootLayer.get().position = { bounds->size.width / 2, bounds->size.height / 2 };
-                m_rootLayer.get().bounds = *bounds;
+                rootLayer.get().position = { bounds->size.width / 2, bounds->size.height / 2 };
+                rootLayer.get().bounds = *bounds;
             }
-            m_sampleBufferDisplayLayer.get().affineTransform = affineTransform;
-            m_sampleBufferDisplayLayer.get().position = layerPosition;
-            m_sampleBufferDisplayLayer.get().bounds = layerBounds;
+
+            RetainPtr sampleBufferDisplayLayer = protectedThis->m_sampleBufferDisplayLayer;
+            sampleBufferDisplayLayer.get().affineTransform = affineTransform;
+            sampleBufferDisplayLayer.get().position = layerPosition;
+            sampleBufferDisplayLayer.get().bounds = layerBounds;
         });
     });
 }
 
 void LocalSampleBufferDisplayLayer::flush()
 {
-    m_processingQueue->dispatch([this, weakThis = ThreadSafeWeakPtr { *this }] {
+    m_processingQueue->dispatch([weakThis = ThreadSafeWeakPtr { *this }] {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
 ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-        [m_sampleBufferDisplayLayer flush];
+        [protectedThis->m_sampleBufferDisplayLayer flush];
 ALLOW_DEPRECATED_DECLARATIONS_END
     });
 }
 
 void LocalSampleBufferDisplayLayer::flushAndRemoveImage()
 {
-    m_processingQueue->dispatch([this, weakThis = ThreadSafeWeakPtr { *this }] {
+    m_processingQueue->dispatch([weakThis = ThreadSafeWeakPtr { *this }] {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
         @try {
 ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-            [m_sampleBufferDisplayLayer flushAndRemoveImage];
+            [protectedThis->m_sampleBufferDisplayLayer flushAndRemoveImage];
 ALLOW_DEPRECATED_DECLARATIONS_END
         } @catch(id exception) {
             RELEASE_LOG_ERROR(WebRTC, "LocalSampleBufferDisplayLayer::flushAndRemoveImage failed");
-            layerErrorDidChange();
+            protectedThis->layerErrorDidChange();
         }
     });
 }
@@ -381,13 +386,13 @@ static inline CGAffineTransform transformationMatrixForVideoFrame(VideoFrame& vi
         updateSampleLayerBoundsAndPosition({ });
     }
 
-    m_processingQueue->dispatch([this, weakThis = ThreadSafeWeakPtr { *this }, pixelBuffer = RetainPtr { videoFrame.pixelBuffer() }, presentationTime = videoFrame.presentationTime()]() mutable {
+    m_processingQueue->dispatch([weakThis = ThreadSafeWeakPtr { *this }, pixelBuffer = RetainPtr { videoFrame.pixelBuffer() }, presentationTime = videoFrame.presentationTime()]() mutable {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
-        assertIsCurrent(workQueue());
-        enqueueBufferInternal(pixelBuffer.get(), presentationTime);
+        assertIsCurrent(protectedThis->workQueue());
+        protectedThis->enqueueBufferInternal(pixelBuffer.get(), presentationTime);
     });
 }
 
@@ -462,14 +467,14 @@ static inline CGAffineTransform transformationMatrixForVideoFrame(VideoFrame& vi
 
 void LocalSampleBufferDisplayLayer::clearVideoFrames()
 {
-    m_processingQueue->dispatch([this, weakThis = ThreadSafeWeakPtr { *this }] {
+    m_processingQueue->dispatch([weakThis = ThreadSafeWeakPtr { *this }] {
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return;
 
-        assertIsCurrent(workQueue());
+        assertIsCurrent(protectedThis->workQueue());
 
-        m_pendingVideoFrameQueue.clear();
+        protectedThis->m_pendingVideoFrameQueue.clear();
     });
 }
 
@@ -484,20 +489,20 @@ static inline CGAffineTransform transformationMatrixForVideoFrame(VideoFrame& vi
         if (!protectedThis)
             return;
 
-        m_processingQueue->dispatch([this, weakThis] {
+        m_processingQueue->dispatch([weakThis] {
             auto protectedThis = weakThis.get();
             if (!protectedThis)
                 return;
 
-            [m_sampleBufferDisplayLayer stopRequestingMediaData];
+            [protectedThis->m_sampleBufferDisplayLayer stopRequestingMediaData];
 
-            while (!m_pendingVideoFrameQueue.isEmpty()) {
-                if (![m_sampleBufferDisplayLayer isReadyForMoreMediaData]) {
-                    requestNotificationWhenReadyForVideoData();
+            while (!protectedThis->m_pendingVideoFrameQueue.isEmpty()) {
+                if (![protectedThis->m_sampleBufferDisplayLayer isReadyForMoreMediaData]) {
+                    protectedThis->requestNotificationWhenReadyForVideoData();
                     return;
                 }
-                auto videoFrame = m_pendingVideoFrameQueue.takeFirst();
-                enqueueBufferInternal(videoFrame->pixelBuffer(), videoFrame->presentationTime());
+                auto videoFrame = protectedThis->m_pendingVideoFrameQueue.takeFirst();
+                protectedThis->enqueueBufferInternal(videoFrame->pixelBuffer(), videoFrame->presentationTime());
             }
         });
     }];

From 67d7e1c8fe788397d94bd9ece229ca4ee8ba58e0 Mon Sep 17 00:00:00 2001
From: Timothy Hatcher <timothy@apple.com>
Date: Fri, 21 Feb 2025 13:36:20 -0800
Subject: [PATCH 004/174] Refine the construction of WKWebExtension in Swift.
 https://webkit.org/b/288129 rdar://problem/145235810

Reviewed by Brian Weinstein.

Introduce a Swift overlay for WKWebExtension to define two async init() methods
that are more idiomatic in Swift.

Swift really does not like _init methods, so unprefix the existing private init
methods to keep the compiler happy when building the overlay. Retain prefixed
versions for ObjC compatability with existing clients.

* Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm:
(-[WKWebExtension _initWithAppExtensionBundle:error:]):
(-[WKWebExtension _initWithResourceBaseURL:error:]):
(-[WKWebExtension _initWithAppExtensionBundle:resourceBaseURL:error:]):
(-[WKWebExtension _initWithManifestDictionary:]):
(-[WKWebExtension _initWithManifestDictionary:resources:]):
(-[WKWebExtension _initWithResources:]):
(-[WKWebExtension initWithAppExtensionBundle:error:]):
(-[WKWebExtension initWithResourceBaseURL:error:]):
(-[WKWebExtension initWithAppExtensionBundle:resourceBaseURL:error:]):
(-[WKWebExtension initWithManifestDictionary:]):
(-[WKWebExtension initWithManifestDictionary:resources:]):
(-[WKWebExtension initWithResources:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift:

Canonical link: https://commits.webkit.org/290825@main
---
 .../UIProcess/API/Cocoa/WKWebExtension.h      |  4 +-
 .../UIProcess/API/Cocoa/WKWebExtension.mm     | 94 +++++++++++++------
 .../API/Cocoa/WKWebExtensionPrivate.h         | 21 +++--
 .../API/Cocoa/WebKitSwiftOverlay.swift        | 25 +++++
 4 files changed, 105 insertions(+), 39 deletions(-)

diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
index ec09fbf7509ce..2764447a5433d 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
@@ -82,7 +82,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The app extension bundle must contain a `manifest.json` file in its resources directory. If the manifest is invalid or missing,
  or the bundle is otherwise improperly configured, an error will be returned.
  */
-+ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
++ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL, which can point to either a directory or a ZIP archive.
@@ -91,7 +91,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The URL must be a file URL that points to either a directory with a `manifest.json` file or a ZIP archive containing a `manifest.json` file.
  If the manifest is invalid or missing, or the URL points to an unsupported format or invalid archive, an error will be returned.
  */
-+ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
++ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract An array of all errors that occurred during the processing of the extension.
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
index d3c153560a6f3..279bd260386f6 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
@@ -86,29 +86,47 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     });
 }
 
-// FIXME: Remove after Safari has adopted new methods.
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:appExtensionBundle error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-// FIXME: Remove after Safari has adopted new methods.
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+{
+    return [self initWithManifestDictionary:manifest resources:nil];
+}
+
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithManifestDictionary:manifest resources:resources];
+}
+
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
 {
-    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self initWithResources:resources];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
+}
+
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+}
+
+- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     NSParameterAssert(appExtensionBundle || resourceBaseURL);
 
@@ -138,14 +156,14 @@ - (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBun
     return self;
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
-    return [self _initWithManifestDictionary:manifest resources:nil];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
@@ -157,7 +175,7 @@ - (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)mani
     return self;
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([resources isKindOfClass:NSDictionary.class]);
 
@@ -349,44 +367,64 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     completionHandler(nil, [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil]);
 }
 
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:bundle error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
-    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithManifestDictionary:manifest resources:resources];
+}
+
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithResources:resources];
+}
+
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
+}
+
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+}
+
+- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     if (error)
         *error = [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil];
     return nil;
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
-    return [self _initWithManifestDictionary:manifest resources:nil];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
index 2e524adcc0fdb..6175d61ccf4fa 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
@@ -29,9 +29,12 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
 
 @interface WKWebExtension ()
 
-// FIXME: Remove after Safari has adopted new methods.
-- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
-- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
+- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:).");
+- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(resourceBaseURL:).");
+- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:resourceBaseURL:).");
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:).");
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:resources:).");
+- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(resources:).");
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle.
@@ -39,7 +42,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @param error Set to \c nil or an error instance if an error occurred.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
+- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL.
@@ -48,7 +51,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  @discussion The URL must be a file URL that points to either a directory containing a `manifest.json` file or a valid ZIP archive.
  */
-- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
+- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle and resource base URL.
@@ -59,14 +62,14 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion Either the app extension bundle or the resource base URL (which can point to a directory or a valid ZIP archive) must be provided.
  This initializer is useful when the extension resources are in a different location from the app extension bundle used for native messaging.
  */
-- (nullable instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary.
  @param manifest The dictionary containing the manifest data for the web extension.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
+- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary and resources.
@@ -76,7 +79,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary provides additional data required for the web extension. Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with specified resources.
@@ -85,7 +88,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary must provide at least the `manifest.json` resource.  Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*! @abstract A Boolean value indicating whether the extension background content is a service worker. */
 @property (readonly, nonatomic) BOOL _hasServiceWorkerBackgroundContent;
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
index 994071d3a2df9..80d29f01bae64 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
+++ b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
@@ -25,6 +25,10 @@
 
 #if !os(tvOS) && !os(watchOS)
 
+#if compiler(>=6.0)
+internal import WebKit_Private
+#endif
+
 #if USE_APPLE_INTERNAL_SDK
 @_spi(CTypeConversion) import Network
 #endif
@@ -85,7 +89,25 @@ extension WKWebView {
 }
 #endif
 
+#if compiler(>=6.0)
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
+extension WKWebExtension {
+    public convenience init(appExtensionBundle: Bundle) async throws {
+        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
+        try self.init(appExtensionBundle: appExtensionBundle, resourceBaseURL: nil)
+    }
+
+    public convenience init(resourceBaseURL: URL) async throws {
+        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
+        try self.init(appExtensionBundle: nil, resourceBaseURL: resourceBaseURL)
+    }
+}
+
+@available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
 extension WKWebExtensionController {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -101,6 +123,8 @@ extension WKWebExtensionController {
 }
 
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
 extension WKWebExtensionContext {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -114,6 +138,7 @@ extension WKWebExtensionContext {
         __didMove(movedTab, from: index, in: oldWindow)
     }
 }
+#endif
 
 // FIXME: Need to declare ProxyConfiguration SPI in order to build and test
 // this with public SDKs (https://bugs.webkit.org/show_bug.cgi?id=280911).

From 1b250632dd10ccbd858ea80f492228ce35148e8a Mon Sep 17 00:00:00 2001
From: Rupin Mittal <rupin@apple.com>
Date: Fri, 21 Feb 2025 13:43:29 -0800
Subject: [PATCH 005/174] [UnifiedPDF] [iOS] Possible for per-site zoom to get
 applied if it was previously set on a document
 https://bugs.webkit.org/show_bug.cgi?id=288176 rdar://145099940

Reviewed by Abrar Rahman Protyasha.

The expected behavior is that PDFs are always loaded with a view scale of 1x.
But there is a case where this isn't happening:

Safari does view scale adjustments. If we set the scale to be 2x on one tab
and then load a PDF in another tab, Safari will attempt to use the same scale
on the PDF. Currently it (wrongly) succeeds because we don't know that we what
we're loading is a PDF. If we did know, we would have rejected this adjustment
and kept the scale at 1x.

To fix this, as the last step of loading the PDF, the WebProcess will notify
the UIProcess that it's loading a PDF and the UIProcess will ensure that the
viewing scale is 1x.

* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _setViewScale:]):

_setViewScale is the function Safari calls to make a view scale adjument.
The current implementation of this function checks if what we're loading
should override the view scale (like a PDF) and do so if needed (PDFs
override to 1x). But if we don't know that we're loading a PDF, we won't
do this (hence our bug).

We move the overriding logic from here to it's own encapsulated function
and have _setViewScale call that function.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::pluginDidInstallPDFDocument):
(WebKit::WebPageProxy::resetViewportConfigurationForPDFPluginIfNeeded):

This is the new function that is called by both _setViewScale and
UnifiedPDFPlugin::installPDFDocument() to reset the view scale if needed.

* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::installPDFDocument):

Canonical link: https://commits.webkit.org/290826@main
---
 Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm |  5 +++--
 Source/WebKit/UIProcess/WebPageProxy.cpp       | 17 +++++++++++++++++
 Source/WebKit/UIProcess/WebPageProxy.h         | 18 ++++++++++--------
 .../WebKit/UIProcess/WebPageProxy.messages.in  |  2 +-
 .../Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm |  5 +++++
 5 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
index 4ac77c44b6aeb..ffcf8ac4b63f7 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
@@ -5212,8 +5212,9 @@ - (void)_setViewScale:(CGFloat)viewScale
     _impl->setViewScale(viewScale);
 #else
     if (_page->mainFramePluginOverridesViewScale()) {
-        if (_page->layoutSizeScaleFactorFromClient() != 1)
-            _page->setViewportConfigurationViewLayoutSize(_page->viewLayoutSize(), 1, _page->minimumEffectiveDeviceWidth());
+#if ENABLE(PDF_PLUGIN)
+        _page->resetViewportConfigurationForPDFPluginIfNeeded();
+#endif
         return;
     }
 
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 2a7a2c94577a5..b23393c84e6e2 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -16204,6 +16204,23 @@ bool WebPageProxy::canStartNavigationSwipeAtLastInteractionLocation() const
     return !client || client->canStartNavigationSwipeAtLastInteractionLocation();
 }
 
+#if ENABLE(PDF_PLUGIN)
+void WebPageProxy::pluginDidInstallPDFDocument()
+{
+    resetViewportConfigurationForPDFPluginIfNeeded();
+}
+
+void WebPageProxy::resetViewportConfigurationForPDFPluginIfNeeded()
+{
+#if PLATFORM(IOS_FAMILY)
+    if (mainFramePluginOverridesViewScale()) {
+        if (layoutSizeScaleFactorFromClient() != 1)
+            setViewportConfigurationViewLayoutSize(viewLayoutSize(), 1, minimumEffectiveDeviceWidth());
+    }
+#endif
+}
+#endif
+
 } // namespace WebKit
 
 #undef WEBPAGEPROXY_RELEASE_LOG
diff --git a/Source/WebKit/UIProcess/WebPageProxy.h b/Source/WebKit/UIProcess/WebPageProxy.h
index 7cf6e9ba97e26..deb82e0de6d58 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.h
+++ b/Source/WebKit/UIProcess/WebPageProxy.h
@@ -1787,9 +1787,18 @@ class WebPageProxy final : public API::ObjectImpl<API::Object::Type::Page>, publ
     void saveDataToFileInDownloadsFolder(String&& suggestedFilename, String&& mimeType, URL&& originatingURL, API::Data&);
     void savePDFToFileInDownloadsFolder(String&& suggestedFilename, URL&& originatingURL, std::span<const uint8_t>);
 
-#if ENABLE(PDF_PLUGIN) && PLATFORM(MAC)
+#if ENABLE(PDF_PLUGIN)
+    void pluginDidInstallPDFDocument();
+    void resetViewportConfigurationForPDFPluginIfNeeded();
+#if PLATFORM(MAC)
     void savePDFToTemporaryFolderAndOpenWithNativeApplication(const String& suggestedFilename, FrameInfoData&&, std::span<const uint8_t>, const String& pdfUUID);
     void showPDFContextMenu(const PDFContextMenu&, PDFPluginIdentifier, CompletionHandler<void(std::optional<int32_t>&&)>&&);
+
+    void pdfZoomIn(PDFPluginIdentifier);
+    void pdfZoomOut(PDFPluginIdentifier);
+    void pdfSaveToPDF(PDFPluginIdentifier);
+    void pdfOpenWithPreview(PDFPluginIdentifier);
+#endif
 #endif
 
     WebCore::IntRect visibleScrollerThumbRect() const;
@@ -2319,13 +2328,6 @@ class WebPageProxy final : public API::ObjectImpl<API::Object::Type::Page>, publ
     void removePDFHUD(PDFPluginIdentifier);
 #endif
 
-#if ENABLE(PDF_PLUGIN) && PLATFORM(MAC)
-    void pdfZoomIn(PDFPluginIdentifier);
-    void pdfZoomOut(PDFPluginIdentifier);
-    void pdfSaveToPDF(PDFPluginIdentifier);
-    void pdfOpenWithPreview(PDFPluginIdentifier);
-#endif
-
     Seconds mediaCaptureReportingDelay() const { return m_mediaCaptureReportingDelay; }
     void setMediaCaptureReportingDelay(Seconds captureReportingDelay) { m_mediaCaptureReportingDelay = captureReportingDelay; }
     size_t suspendMediaPlaybackCounter() { return m_suspendMediaPlaybackCounter; }
diff --git a/Source/WebKit/UIProcess/WebPageProxy.messages.in b/Source/WebKit/UIProcess/WebPageProxy.messages.in
index 37359149d4a53..b22603bafd000 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.messages.in
+++ b/Source/WebKit/UIProcess/WebPageProxy.messages.in
@@ -554,7 +554,7 @@ messages -> WebPageProxy {
 #endif
 
 #if ENABLE(PDF_PLUGIN)
-
+    PluginDidInstallPDFDocument()
 #if PLATFORM(MAC)
     ShowPDFContextMenu(struct WebKit::PDFContextMenu contextMenu, WebKit::PDFPluginIdentifier identifier) -> (std::optional<int32_t> selectedItem)
 #endif
diff --git a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
index b54820b2f291a..3a3a15ef3a33e 100644
--- a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
+++ b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
@@ -333,6 +333,11 @@ static String mutationObserverNotificationString()
     }
 
     sizeToFitContentsIfNeeded();
+
+    RefPtr frame = m_frame.get();
+    if (!frame || !frame->page())
+        return;
+    frame->protectedPage()->send(Messages::WebPageProxy::PluginDidInstallPDFDocument());
 }
 
 bool UnifiedPDFPlugin::shouldSizeToFitContent() const

From 6193c6af99a8fe429f51e5e380306ce8921ce9de Mon Sep 17 00:00:00 2001
From: Timothy Hatcher <timothy@apple.com>
Date: Fri, 21 Feb 2025 13:45:33 -0800
Subject: [PATCH 006/174] Crash under
 WebKit::WebExtensionSQLiteDatabase::openWithAccessType.
 https://webkit.org/b/288233 rdar://144820139

Reviewed by Brian Weinstein.

* Source/WebKit/Shared/Extensions/WebExtensionSQLiteDatabase.cpp:
(WebExtensionSQLiteDatabase::openWithAccessType): Don't store a temporary char *,
hold databasePath as a String. Also use FileSystem::fileSystemRepresentation().
* Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp:
(WebKit::toErrorString): Also don't store a temporary, pass it directly in the
call to formatString().

Canonical link: https://commits.webkit.org/290827@main
---
 .../Shared/Extensions/WebExtensionSQLiteDatabase.cpp  | 11 ++++++-----
 .../Shared/Extensions/WebExtensionUtilities.cpp       |  4 +---
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/Source/WebKit/Shared/Extensions/WebExtensionSQLiteDatabase.cpp b/Source/WebKit/Shared/Extensions/WebExtensionSQLiteDatabase.cpp
index 4f1adc7405faf..ecbb4d17481a9 100644
--- a/Source/WebKit/Shared/Extensions/WebExtensionSQLiteDatabase.cpp
+++ b/Source/WebKit/Shared/Extensions/WebExtensionSQLiteDatabase.cpp
@@ -149,15 +149,16 @@ bool WebExtensionSQLiteDatabase::openWithAccessType(AccessType accessType, Prote
     assertQueue();
     ASSERT(!m_db);
 
-    const char* databasePath;
+    String databasePath;
     if (m_url == inMemoryDatabaseURL())
-        databasePath = WebExtensionSQLiteInMemoryDatabaseName.span().data();
+        databasePath = WebExtensionSQLiteInMemoryDatabaseName;
     else if (m_url == privateOnDiskDatabaseURL())
-        databasePath = "";
+        databasePath = ""_s;
     else {
         ASSERT(!m_url.isEmpty());
 
-        databasePath = m_url.fileSystemPath().utf8().data();
+        databasePath = m_url.fileSystemPath();
+
         auto directory = m_url.truncatedForUseAsBase().fileSystemPath();
         if (!FileSystem::makeAllDirectories(directory) || FileSystem::fileType(directory) != FileSystem::FileType::Directory) {
             if (outError) {
@@ -169,7 +170,7 @@ bool WebExtensionSQLiteDatabase::openWithAccessType(AccessType accessType, Prote
         }
     }
 
-    int result = sqlite3_open_v2(databasePath, &m_db, flags, vfs.isEmpty() ? nullptr : vfs.utf8().data());
+    int result = sqlite3_open_v2(FileSystem::fileSystemRepresentation(databasePath).data(), &m_db, flags, vfs.isEmpty() ? nullptr : vfs.utf8().data());
     if (result == SQLITE_OK)
         return true;
 
diff --git a/Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp b/Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp
index 9706b1a1f9208..f1c9fbe795e3a 100644
--- a/Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp
+++ b/Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp
@@ -176,13 +176,11 @@ String toErrorString(const String& callingAPIName, const String& sourceKey, Stri
 {
     ASSERT(!underlyingErrorString.isEmpty());
 
-    const char* rawUnderlyingString = underlyingErrorString.utf8().data();
-
     va_list arguments;
     va_start(arguments, underlyingErrorString);
 
 ALLOW_NONLITERAL_FORMAT_BEGIN
-    String formattedUnderlyingErrorString = formatString(rawUnderlyingString, arguments).trim([](UChar character) -> bool {
+    String formattedUnderlyingErrorString = formatString(underlyingErrorString.utf8().data(), arguments).trim([](UChar character) -> bool {
         return character == '.';
     });
 ALLOW_NONLITERAL_FORMAT_END

From 52716b6f551e192a6aaa3d9e02b5be4513c51ed7 Mon Sep 17 00:00:00 2001
From: Lily Spiniolas <lily_spiniolas@apple.com>
Date: Fri, 21 Feb 2025 14:03:29 -0800
Subject: [PATCH 007/174] PathCG should support continuous rounded rectangles
 https://bugs.webkit.org/show_bug.cgi?id=288127 rdar://145233717

Reviewed by Aditya Keerthi.

Added a new path segment type `PathContinuousRoundedRect`
and support for drawing them via CoreGraphics.
For other platform paths, the segments will be drawn
as normal rounded rects.

* Source/WTF/wtf/PlatformHave.h:
* Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h:
* Source/WebCore/platform/graphics/Path.cpp:
(WebCore::Path::addContinuousRoundedRect):
(WebCore::Path::singleContinuousRoundedRect const):
* Source/WebCore/platform/graphics/Path.h:
* Source/WebCore/platform/graphics/PathImpl.h:
(WebCore::PathImpl::singleContinuousRoundedRect const):
* Source/WebCore/platform/graphics/PathSegment.h:
* Source/WebCore/platform/graphics/PathSegmentData.cpp:
(WebCore::PathContinuousRoundedRect::calculateEndPoint const):
(WebCore::PathContinuousRoundedRect::tryGetEndPointWithoutContext const):
(WebCore::PathContinuousRoundedRect::extendFastBoundingRect const):
(WebCore::PathContinuousRoundedRect::extendBoundingRect const):
(WebCore::operator<<):
* Source/WebCore/platform/graphics/PathSegmentData.h:
* Source/WebCore/platform/graphics/PathStream.cpp:
(WebCore::PathStream::add):
(WebCore::PathStream::singleContinuousRoundedRect const):
* Source/WebCore/platform/graphics/PathStream.h:
* Source/WebCore/platform/graphics/cairo/PathCairo.cpp:
(WebCore::PathCairo::add):
* Source/WebCore/platform/graphics/cairo/PathCairo.h:
* Source/WebCore/platform/graphics/cg/PathCG.cpp:
(WebCore::PathCG::add):
(WebCore::addToCGContextPath):
* Source/WebCore/platform/graphics/cg/PathCG.h:
* Source/WebCore/platform/graphics/skia/PathSkia.cpp:
(WebCore::PathSkia::add):
* Source/WebCore/platform/graphics/skia/PathSkia.h:
* Source/WebKit/GPUProcess/graphics/PathSegment.serialization.in:

Canonical link: https://commits.webkit.org/290828@main
---
 Source/WTF/wtf/PlatformHave.h                 |  9 ++++++
 .../WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h  |  4 +++
 Source/WebCore/platform/graphics/Path.cpp     | 24 +++++++++++++++
 Source/WebCore/platform/graphics/Path.h       |  2 ++
 Source/WebCore/platform/graphics/PathImpl.h   |  2 ++
 .../WebCore/platform/graphics/PathSegment.h   |  1 +
 .../platform/graphics/PathSegmentData.cpp     | 29 +++++++++++++++++++
 .../platform/graphics/PathSegmentData.h       | 20 +++++++++++++
 .../WebCore/platform/graphics/PathStream.cpp  | 10 +++++++
 Source/WebCore/platform/graphics/PathStream.h |  2 ++
 .../platform/graphics/cairo/PathCairo.cpp     |  6 ++++
 .../platform/graphics/cairo/PathCairo.h       |  1 +
 .../WebCore/platform/graphics/cg/PathCG.cpp   | 26 +++++++++++++++++
 Source/WebCore/platform/graphics/cg/PathCG.h  |  1 +
 .../platform/graphics/skia/PathSkia.cpp       |  7 +++++
 .../WebCore/platform/graphics/skia/PathSkia.h |  1 +
 .../graphics/PathSegment.serialization.in     |  8 ++++-
 17 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/Source/WTF/wtf/PlatformHave.h b/Source/WTF/wtf/PlatformHave.h
index 3786499c0ac2e..ccb514281eb35 100644
--- a/Source/WTF/wtf/PlatformHave.h
+++ b/Source/WTF/wtf/PlatformHave.h
@@ -1897,3 +1897,12 @@
     || (PLATFORM(COCOA) && !PLATFORM(MAC))
 #define HAVE_X25519_ZERO_CHECKS 1
 #endif
+
+#if !defined(HAVE_CG_PATH_CONTINUOUS_ROUNDED_RECT) \
+    && ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 150000) \
+    || ((PLATFORM(IOS) || PLATFORM(MACCATALYST)) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 180000) \
+    || (PLATFORM(VISION) && __VISION_OS_VERSION_MIN_REQUIRED >= 20000)) \
+    || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 110000) \
+    || (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 180000)
+#define HAVE_CG_CONTINUOUS_ROUNDED_RECT 1
+#endif
diff --git a/Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h b/Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
index c690c3933c1ec..ff2722a223814 100644
--- a/Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
+++ b/Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
@@ -422,6 +422,10 @@ CGStyleRef CGStyleCreateGaussianBlur(const CGGaussianBlurStyle*);
 CGStyleRef CGStyleCreateColorMatrix(const CGColorMatrixStyle*);
 #endif
 
+#if HAVE(CG_PATH_CONTINUOUS_ROUNDED_RECT)
+void CGPathAddContinuousRoundedRect(CGMutablePathRef, const CGAffineTransform*, CGRect, CGFloat, CGFloat);
+#endif
+
 #endif // PLATFORM(COCOA)
 
 #if PLATFORM(MAC)
diff --git a/Source/WebCore/platform/graphics/Path.cpp b/Source/WebCore/platform/graphics/Path.cpp
index 303590c2ea022..e062268bdd71e 100644
--- a/Source/WebCore/platform/graphics/Path.cpp
+++ b/Source/WebCore/platform/graphics/Path.cpp
@@ -306,6 +306,17 @@ void Path::addRoundedRect(const RoundedRect& rect)
     addRoundedRect(FloatRoundedRect(rect));
 }
 
+void Path::addContinuousRoundedRect(const FloatRect& rect, const float cornerWidth, const float cornerHeight)
+{
+    if (rect.isEmpty())
+        return;
+
+    if (isEmpty())
+        m_data = PathSegment(PathContinuousRoundedRect { rect, cornerWidth, cornerHeight });
+    else
+        ensureImpl().add(PathContinuousRoundedRect { rect, cornerWidth, cornerHeight });
+}
+
 void Path::closeSubpath()
 {
     if (isEmpty() || isClosed())
@@ -425,6 +436,19 @@ std::optional<PathRoundedRect> Path::singleRoundedRect() const
     return std::nullopt;
 }
 
+std::optional<PathContinuousRoundedRect> Path::singleContinuousRoundedRect() const
+{
+    if (auto segment = asSingle()) {
+        if (auto data = std::get_if<PathContinuousRoundedRect>(&segment->data()))
+            return *data;
+    }
+
+    if (auto impl = asImpl())
+        return impl->singleContinuousRoundedRect();
+
+    return std::nullopt;
+}
+
 std::optional<PathArc> Path::singleArc() const
 {
     if (auto segment = asSingle()) {
diff --git a/Source/WebCore/platform/graphics/Path.h b/Source/WebCore/platform/graphics/Path.h
index 9bfd6105eae0c..fc6c583892d76 100644
--- a/Source/WebCore/platform/graphics/Path.h
+++ b/Source/WebCore/platform/graphics/Path.h
@@ -70,6 +70,7 @@ class Path {
     WEBCORE_EXPORT void addRect(const FloatRect&);
     WEBCORE_EXPORT void addRoundedRect(const FloatRoundedRect&, PathRoundedRect::Strategy = PathRoundedRect::Strategy::PreferNative);
     void addRoundedRect(const FloatRect&, const FloatSize& roundingRadii, PathRoundedRect::Strategy = PathRoundedRect::Strategy::PreferNative);
+    void addContinuousRoundedRect(const FloatRect&, float cornerWidth, float cornerHeight);
     void addRoundedRect(const RoundedRect&);
 
     WEBCORE_EXPORT void closeSubpath();
@@ -89,6 +90,7 @@ class Path {
     std::optional<PathDataLine> singleDataLine() const;
     std::optional<PathRect> singleRect() const;
     std::optional<PathRoundedRect> singleRoundedRect() const;
+    std::optional<PathContinuousRoundedRect> singleContinuousRoundedRect() const;
     std::optional<PathArc> singleArc() const;
     std::optional<PathClosedArc> singleClosedArc() const;
     std::optional<PathDataQuadCurve> singleQuadCurve() const;
diff --git a/Source/WebCore/platform/graphics/PathImpl.h b/Source/WebCore/platform/graphics/PathImpl.h
index 4090b45ee5ef6..4f487536aea41 100644
--- a/Source/WebCore/platform/graphics/PathImpl.h
+++ b/Source/WebCore/platform/graphics/PathImpl.h
@@ -64,6 +64,7 @@ class PathImpl : public ThreadSafeRefCounted<PathImpl> {
     virtual void add(PathEllipseInRect) = 0;
     virtual void add(PathRect) = 0;
     virtual void add(PathRoundedRect) = 0;
+    virtual void add(PathContinuousRoundedRect) = 0;
     virtual void add(PathCloseSubpath) = 0;
 
     void addLinesForRect(const FloatRect&);
@@ -78,6 +79,7 @@ class PathImpl : public ThreadSafeRefCounted<PathImpl> {
     virtual std::optional<PathDataLine> singleDataLine() const { return std::nullopt; }
     virtual std::optional<PathRect> singleRect() const { return std::nullopt; }
     virtual std::optional<PathRoundedRect> singleRoundedRect() const { return std::nullopt; }
+    virtual std::optional<PathContinuousRoundedRect> singleContinuousRoundedRect() const { return std::nullopt; }
     virtual std::optional<PathArc> singleArc() const { return std::nullopt; }
     virtual std::optional<PathClosedArc> singleClosedArc() const { return std::nullopt; }
     virtual std::optional<PathDataQuadCurve> singleQuadCurve() const { return std::nullopt; }
diff --git a/Source/WebCore/platform/graphics/PathSegment.h b/Source/WebCore/platform/graphics/PathSegment.h
index e973a6ff5bbbe..6c879bec0aeba 100644
--- a/Source/WebCore/platform/graphics/PathSegment.h
+++ b/Source/WebCore/platform/graphics/PathSegment.h
@@ -46,6 +46,7 @@ class PathSegment {
         PathEllipseInRect,
         PathRect,
         PathRoundedRect,
+        PathContinuousRoundedRect,
 
         PathDataLine,
         PathDataQuadCurve,
diff --git a/Source/WebCore/platform/graphics/PathSegmentData.cpp b/Source/WebCore/platform/graphics/PathSegmentData.cpp
index fae8c986d34a6..6e16adc5f51e6 100644
--- a/Source/WebCore/platform/graphics/PathSegmentData.cpp
+++ b/Source/WebCore/platform/graphics/PathSegmentData.cpp
@@ -620,6 +620,35 @@ WTF::TextStream& operator<<(WTF::TextStream& ts, const PathRoundedRect& data)
     return ts;
 }
 
+FloatPoint PathContinuousRoundedRect::calculateEndPoint(const FloatPoint&, FloatPoint& lastMoveToPoint) const
+{
+    lastMoveToPoint = rect.location();
+    return lastMoveToPoint;
+}
+
+std::optional<FloatPoint> PathContinuousRoundedRect::tryGetEndPointWithoutContext() const
+{
+    FloatPoint lastMoveToPoint;
+    return calculateEndPoint({ }, lastMoveToPoint);
+}
+
+void PathContinuousRoundedRect::extendFastBoundingRect(const FloatPoint& currentPoint, const FloatPoint& lastMoveToPoint, FloatRect& boundingRect) const
+{
+    extendBoundingRect(currentPoint, lastMoveToPoint, boundingRect);
+}
+
+void PathContinuousRoundedRect::extendBoundingRect(const FloatPoint&, const FloatPoint&, FloatRect& boundingRect) const
+{
+    boundingRect.extend(rect.minXMinYCorner());
+    boundingRect.extend(rect.maxXMaxYCorner());
+}
+
+WTF::TextStream& operator<<(WTF::TextStream& ts, const PathContinuousRoundedRect& data)
+{
+    ts << "add continuous rounded rect " << data.rect << " " << data.cornerWidth << " " << data.cornerHeight;
+    return ts;
+}
+
 FloatPoint PathDataLine::calculateEndPoint(const FloatPoint&, FloatPoint& lastMoveToPoint) const
 {
     lastMoveToPoint = start;
diff --git a/Source/WebCore/platform/graphics/PathSegmentData.h b/Source/WebCore/platform/graphics/PathSegmentData.h
index e57cf79f26be1..68c836336d535 100644
--- a/Source/WebCore/platform/graphics/PathSegmentData.h
+++ b/Source/WebCore/platform/graphics/PathSegmentData.h
@@ -267,6 +267,26 @@ struct PathRoundedRect {
 
 WEBCORE_EXPORT WTF::TextStream& operator<<(WTF::TextStream&, const PathRoundedRect&);
 
+struct PathContinuousRoundedRect {
+    FloatRect rect;
+    float cornerWidth;
+    float cornerHeight;
+
+    static constexpr bool canApplyElements = false;
+    static constexpr bool canTransform = false;
+
+    bool operator==(const PathContinuousRoundedRect&) const = default;
+
+    FloatPoint calculateEndPoint(const FloatPoint& currentPoint, FloatPoint& lastMoveToPoint) const;
+    std::optional<FloatPoint> tryGetEndPointWithoutContext() const;
+
+    void extendFastBoundingRect(const FloatPoint& currentPoint, const FloatPoint& lastMoveToPoint, FloatRect& boundingRect) const;
+    void extendBoundingRect(const FloatPoint& currentPoint, const FloatPoint& lastMoveToPoint, FloatRect& boundingRect) const;
+
+};
+
+WEBCORE_EXPORT WTF::TextStream& operator<<(WTF::TextStream&, const PathContinuousRoundedRect&);
+
 struct PathDataLine {
     FloatPoint start;
     FloatPoint end;
diff --git a/Source/WebCore/platform/graphics/PathStream.cpp b/Source/WebCore/platform/graphics/PathStream.cpp
index f570706ca4523..f5929e12a4bf3 100644
--- a/Source/WebCore/platform/graphics/PathStream.cpp
+++ b/Source/WebCore/platform/graphics/PathStream.cpp
@@ -174,6 +174,11 @@ void PathStream::add(PathRoundedRect roundedRect)
     segments().append(roundedRect);
 }
 
+void PathStream::add(PathContinuousRoundedRect continuousRoundedRect)
+{
+    segments().append(continuousRoundedRect);
+}
+
 void PathStream::add(PathCloseSubpath)
 {
     segments().append(PathCloseSubpath { });
@@ -246,6 +251,11 @@ std::optional<PathRoundedRect> PathStream::singleRoundedRect() const
     return singleDataType<PathRoundedRect>();
 }
 
+std::optional<PathContinuousRoundedRect> PathStream::singleContinuousRoundedRect() const
+{
+    return singleDataType<PathContinuousRoundedRect>();
+}
+
 std::optional<PathArc> PathStream::singleArc() const
 {
     return singleDataType<PathArc>();
diff --git a/Source/WebCore/platform/graphics/PathStream.h b/Source/WebCore/platform/graphics/PathStream.h
index 1760885d0601c..1745ad50a260e 100644
--- a/Source/WebCore/platform/graphics/PathStream.h
+++ b/Source/WebCore/platform/graphics/PathStream.h
@@ -56,6 +56,7 @@ class PathStream final : public PathImpl {
     void add(PathEllipseInRect) final;
     void add(PathRect) final;
     void add(PathRoundedRect) final;
+    void add(PathContinuousRoundedRect) final;
     void add(PathCloseSubpath) final;
 
     const Vector<PathSegment>& segments() const { return m_segments; }
@@ -93,6 +94,7 @@ class PathStream final : public PathImpl {
     std::optional<PathDataLine> singleDataLine() const final;
     std::optional<PathRect> singleRect() const final;
     std::optional<PathRoundedRect> singleRoundedRect() const final;
+    std::optional<PathContinuousRoundedRect> singleContinuousRoundedRect() const final;
     std::optional<PathArc> singleArc() const final;
     std::optional<PathClosedArc> singleClosedArc() const final;
     std::optional<PathDataQuadCurve> singleQuadCurve() const final;
diff --git a/Source/WebCore/platform/graphics/cairo/PathCairo.cpp b/Source/WebCore/platform/graphics/cairo/PathCairo.cpp
index 6dec7142e4365..0db69702c336d 100644
--- a/Source/WebCore/platform/graphics/cairo/PathCairo.cpp
+++ b/Source/WebCore/platform/graphics/cairo/PathCairo.cpp
@@ -323,6 +323,12 @@ void PathCairo::add(PathRoundedRect roundedRect)
     addBeziersForRoundedRect(roundedRect.roundedRect);
 }
 
+void PathCairo::add(PathContinuousRoundedRect continuousRoundedRect)
+{
+    // Continuous rounded rects are unavailable. Paint a normal rounded rect instead.
+    add(PathRoundedRect { FloatRoundedRect { continuousRoundedRect.rect, FloatRoundedRect::Radii { continuousRoundedRect.cornerWidth, continuousRoundedRect.cornerHeight } }, PathRoundedRect::Strategy::PreferNative });
+}
+
 void PathCairo::add(PathCloseSubpath)
 {
     cairo_close_path(platformPath());
diff --git a/Source/WebCore/platform/graphics/cairo/PathCairo.h b/Source/WebCore/platform/graphics/cairo/PathCairo.h
index 946a14db0ec30..8e30949ba9976 100644
--- a/Source/WebCore/platform/graphics/cairo/PathCairo.h
+++ b/Source/WebCore/platform/graphics/cairo/PathCairo.h
@@ -64,6 +64,7 @@ class PathCairo final : public PathImpl {
     void add(PathEllipseInRect) final;
     void add(PathRect) final;
     void add(PathRoundedRect) final;
+    void add(PathContinuousRoundedRect) final;
     void add(PathCloseSubpath) final;
 
     bool applyElements(const PathElementApplier&) const final;
diff --git a/Source/WebCore/platform/graphics/cg/PathCG.cpp b/Source/WebCore/platform/graphics/cg/PathCG.cpp
index 60031cc343257..3230d617b1f05 100644
--- a/Source/WebCore/platform/graphics/cg/PathCG.cpp
+++ b/Source/WebCore/platform/graphics/cg/PathCG.cpp
@@ -32,6 +32,7 @@
 #include "CGUtilities.h"
 #include "GraphicsContextCG.h"
 #include "PathStream.h"
+#include <pal/spi/cg/CoreGraphicsSPI.h>
 #include <wtf/NeverDestroyed.h>
 #include <wtf/RetainPtr.h>
 #include <wtf/TZoneMallocInlines.h>
@@ -296,9 +297,34 @@ void PathCG::add(PathRoundedRect roundedRect)
     addBeziersForRoundedRect(roundedRect.roundedRect);
 }
 
+void PathCG::add(PathContinuousRoundedRect continuousRoundedRect)
+{
+#if HAVE(CG_PATH_CONTINUOUS_ROUNDED_RECT)
+    CGPathAddContinuousRoundedRect(ensureMutablePlatformPath(), nullptr, continuousRoundedRect.rect, continuousRoundedRect.cornerWidth, continuousRoundedRect.cornerHeight);
+#else
+    // Continuous rounded rects are unavailable. Paint a normal rounded rect instead.
+    // FIXME: Determine if PreferNative is the optimal strategy here.
+    add(PathRoundedRect { FloatRoundedRect { continuousRoundedRect.rect, FloatRoundedRect::Radii { continuousRoundedRect.cornerWidth, continuousRoundedRect.cornerHeight } }, PathRoundedRect::Strategy::PreferNative });
+#endif
+}
+
 static inline void addToCGContextPath(CGContextRef context, PathRoundedRect segment)
 {
     // No API to add rounded rects to context.
+    Ref path = PathCG::create();
+    path->add(WTFMove(segment));
+    // CGContextAddPath has a bug with existing MoveToPoints in context path.
+    // rdar://118395262
+    auto ctm = CGContextGetCTM(context);
+    auto transformedPath = adoptCF(CGPathCreateCopyByTransformingPath(path->platformPath(), &ctm));
+    CGContextSetCTM(context, CGAffineTransformIdentity);
+    CGContextAddPath(context, transformedPath.get());
+    CGContextSetCTM(context, ctm);
+}
+
+static inline void addToCGContextPath(CGContextRef context, PathContinuousRoundedRect segment)
+{
+    // No API to add continuous rounded rects to context.
     auto path = PathCG::create();
     path->add(WTFMove(segment));
     // CGContextAddPath has a bug with existing MoveToPoints in context path.
diff --git a/Source/WebCore/platform/graphics/cg/PathCG.h b/Source/WebCore/platform/graphics/cg/PathCG.h
index e6c6cab488d98..ba3279cbdfe65 100644
--- a/Source/WebCore/platform/graphics/cg/PathCG.h
+++ b/Source/WebCore/platform/graphics/cg/PathCG.h
@@ -66,6 +66,7 @@ class PathCG final : public PathImpl {
     void add(PathEllipseInRect) final;
     void add(PathRect) final;
     void add(PathRoundedRect) final;
+    void add(PathContinuousRoundedRect) final;
     void add(PathCloseSubpath) final;
 
     bool applyElements(const PathElementApplier&) const final;
diff --git a/Source/WebCore/platform/graphics/skia/PathSkia.cpp b/Source/WebCore/platform/graphics/skia/PathSkia.cpp
index f544c5c9d3595..a4cc88175b9ef 100644
--- a/Source/WebCore/platform/graphics/skia/PathSkia.cpp
+++ b/Source/WebCore/platform/graphics/skia/PathSkia.cpp
@@ -194,6 +194,13 @@ void PathSkia::add(PathRoundedRect roundedRect)
         addBeziersForRoundedRect(roundedRect.roundedRect);
 }
 
+void PathSkia::add(PathContinuousRoundedRect continuousRoundedRect)
+{
+    // Continuous rounded rects are unavailable. Paint a normal rounded rect instead.
+    // FIXME: Determine if PreferNative is the optimal strategy here.
+    add(PathRoundedRect { FloatRoundedRect { continuousRoundedRect.rect, FloatRoundedRect::Radii { continuousRoundedRect.cornerWidth, continuousRoundedRect.cornerHeight } }, PathRoundedRect::Strategy::PreferNative });
+}
+
 void PathSkia::add(PathCloseSubpath)
 {
     m_platformPath.close();
diff --git a/Source/WebCore/platform/graphics/skia/PathSkia.h b/Source/WebCore/platform/graphics/skia/PathSkia.h
index c75d953b693a9..c766359a4fb12 100644
--- a/Source/WebCore/platform/graphics/skia/PathSkia.h
+++ b/Source/WebCore/platform/graphics/skia/PathSkia.h
@@ -64,6 +64,7 @@ class PathSkia final : public PathImpl {
     void add(PathEllipseInRect) final;
     void add(PathRect) final;
     void add(PathRoundedRect) final;
+    void add(PathContinuousRoundedRect) final;
     void add(PathCloseSubpath) final;
 
     bool applyElements(const PathElementApplier&) const final;
diff --git a/Source/WebKit/GPUProcess/graphics/PathSegment.serialization.in b/Source/WebKit/GPUProcess/graphics/PathSegment.serialization.in
index 55a2f4a28f6db..c163534fb4f5a 100644
--- a/Source/WebKit/GPUProcess/graphics/PathSegment.serialization.in
+++ b/Source/WebKit/GPUProcess/graphics/PathSegment.serialization.in
@@ -86,6 +86,12 @@ header: <WebCore/PathSegmentData.h>
     WebCore::PathRoundedRect::Strategy strategy;
 };
 
+[AdditionalEncoder=StreamConnectionEncoder, CustomHeader] struct WebCore::PathContinuousRoundedRect {
+    WebCore::FloatRect rect;
+    float cornerWidth;
+    float cornerHeight;
+};
+
 [AdditionalEncoder=StreamConnectionEncoder, CustomHeader] struct WebCore::PathDataLine {
     WebCore::FloatPoint start;
     WebCore::FloatPoint end;
@@ -119,4 +125,4 @@ header: <WebCore/PathSegment.h>
     WebCore::PathSegment::Data data();
 };
 
-using WebCore::PathSegment::Data = std::variant<WebCore::PathMoveTo, WebCore::PathLineTo, WebCore::PathQuadCurveTo, WebCore::PathBezierCurveTo, WebCore::PathArcTo, WebCore::PathArc, WebCore::PathClosedArc, WebCore::PathEllipse, WebCore::PathEllipseInRect, WebCore::PathRect, WebCore::PathRoundedRect, WebCore::PathDataLine, WebCore::PathDataQuadCurve, WebCore::PathDataBezierCurve, WebCore::PathDataArc, WebCore::PathCloseSubpath>;
+using WebCore::PathSegment::Data = std::variant<WebCore::PathMoveTo, WebCore::PathLineTo, WebCore::PathQuadCurveTo, WebCore::PathBezierCurveTo, WebCore::PathArcTo, WebCore::PathArc, WebCore::PathClosedArc, WebCore::PathEllipse, WebCore::PathEllipseInRect, WebCore::PathRect, WebCore::PathRoundedRect, WebCore::PathContinuousRoundedRect, WebCore::PathDataLine, WebCore::PathDataQuadCurve, WebCore::PathDataBezierCurve, WebCore::PathDataArc, WebCore::PathCloseSubpath>;

From 67556ed539e7987c71c7d6eff0457b7ea7e41172 Mon Sep 17 00:00:00 2001
From: Dewei Zhu <dewei_zhu@apple.com>
Date: Fri, 21 Feb 2025 15:05:30 -0800
Subject: [PATCH 008/174] Allow run-benchmark to collect PGO profiles for other
 platforms. https://bugs.webkit.org/show_bug.cgi?id=288183 rdar://138666783

Reviewed by Alexey Proskuryakov.

Refactor run-benchmark script to allow collecting PGO profiles on different
platforms and browsers.

* Tools/Scripts/webkitpy/benchmark_runner/benchmark_runner.py:
(BenchmarkRunner.__init__):
(BenchmarkRunner._run_benchmark):
* Tools/Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver.py:
(BrowserDriver.webdriver_binary_path):
(BrowserDriver):
(BrowserDriver.pgo_profile_output_directory):
(BrowserDriver.prepare_pgo_profile_collection):
(BrowserDriver.collect_pgo_profile):
* Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py:
(OSXBrowserDriver._insert_url):
(OSXBrowserDriver):
(OSXBrowserDriver.prepare_pgo_profile_collection):
(OSXBrowserDriver.collect_pgo_profile):
* Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py:
(OSXSafariDriver._maximize_window):
(OSXSafariDriver):
(OSXSafariDriver.pgo_profile_output_directory):
* Tools/Scripts/webkitpy/benchmark_runner/run_benchmark.py:
(parse_args):
(run_benchmark_plan):

Canonical link: https://commits.webkit.org/290829@main
---
 .../benchmark_runner/benchmark_runner.py      | 19 +++++++++----------
 .../browser_driver/browser_driver.py          | 10 ++++++++++
 .../browser_driver/osx_browser_driver.py      |  8 ++++++++
 .../browser_driver/osx_safari_driver.py       |  4 ++++
 .../benchmark_runner/run_benchmark.py         |  7 +------
 5 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/Tools/Scripts/webkitpy/benchmark_runner/benchmark_runner.py b/Tools/Scripts/webkitpy/benchmark_runner/benchmark_runner.py
index 336d3cf81ae5a..b92c8f870b289 100755
--- a/Tools/Scripts/webkitpy/benchmark_runner/benchmark_runner.py
+++ b/Tools/Scripts/webkitpy/benchmark_runner/benchmark_runner.py
@@ -19,7 +19,10 @@ def istext(a):
 class BenchmarkRunner(object):
     name = 'benchmark_runner'
 
-    def __init__(self, plan_file, local_copy, count_override, timeout_override, build_dir, output_file, platform, browser, browser_path, subtests=None, scale_unit=True, show_iteration_values=False, device_id=None, diagnose_dir=None, pgo_profile_output_dir=None, profile_output_dir=None, trace_type=None, profiling_interval=None, browser_args=None):
+    def __init__(self, plan_file, local_copy, count_override, timeout_override, build_dir, output_file, platform,
+                 browser, browser_path, subtests=None, scale_unit=True, show_iteration_values=False, device_id=None,
+                 diagnose_dir=None, generate_pgo_profiles=False, profile_output_dir=None, trace_type=None,
+                 profiling_interval=None, browser_args=None):
         self._plan_name, self._plan = BenchmarkRunner._load_plan_data(plan_file)
         if 'options' not in self._plan:
             self._plan['options'] = {}
@@ -37,11 +40,8 @@ def __init__(self, plan_file, local_copy, count_override, timeout_override, buil
         if self._diagnose_dir:
             os.makedirs(self._diagnose_dir, exist_ok=True)
             _log.info('Collecting diagnostics to {}'.format(self._diagnose_dir))
-        self._pgo_profile_output_dir = os.path.abspath(pgo_profile_output_dir) if pgo_profile_output_dir else None
-        if self._pgo_profile_output_dir:
-            os.makedirs(self._pgo_profile_output_dir, exist_ok=True)
-            _log.info('Collecting PGO profiles to {}'.format(self._pgo_profile_output_dir))
         self._profile_output_dir = os.path.abspath(profile_output_dir) if profile_output_dir else None
+        self._generate_pgo_profiles = generate_pgo_profiles
         if self._profile_output_dir:
             os.makedirs(self._profile_output_dir, exist_ok=True)
             _log.info('Collecting profiles to {}'.format(self._profile_output_dir))
@@ -153,9 +153,8 @@ def _run_benchmark(self, count, web_root):
             self._browser_driver.prepare_initial_env(self._config)
             for iteration in range(1, count + 1):
                 _log.info('Start the iteration {current_iteration} of {iterations} for current benchmark'.format(current_iteration=iteration, iterations=count))
-                if self._pgo_profile_output_dir:
-                    shutil.rmtree(self._pgo_profile_output_dir, ignore_errors=True)
-                    os.mkdir(self._pgo_profile_output_dir)
+                if self._generate_pgo_profiles:
+                    self._browser_driver.prepare_pgo_profile_collection()
                 try:
                     self._browser_driver.prepare_env(self._config)
                     if 'entry_point' in self._plan:
@@ -182,8 +181,8 @@ def _run_benchmark(self, count, web_root):
                     raise error
                 else:
                     self._browser_driver.restore_env()
-                if self._pgo_profile_output_dir:
-                    shutil.copytree(self._pgo_profile_output_dir, self._diagnose_dir, dirs_exist_ok=True)
+                if self._generate_pgo_profiles:
+                    self._browser_driver.collect_pgo_profile(self._diagnose_dir)
 
                 _log.info('End the iteration {current_iteration} of {iterations} for current benchmark'.format(current_iteration=iteration, iterations=count))
         except Exception as error:
diff --git a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver.py b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver.py
index bfa366085063d..38fcdbe6486ae 100755
--- a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver.py
+++ b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/browser_driver.py
@@ -70,3 +70,13 @@ def profile(self, output_path, profile_filename, profiling_interval, trace_type=
     @property
     def webdriver_binary_path(self):
         return get_driver_binary_path(self.browser_name)
+
+    @property
+    def pgo_profile_output_directory(self):
+        raise NotImplementedError()
+
+    def prepare_pgo_profile_collection(self):
+        raise NotImplementedError()
+
+    def collect_pgo_profile(self, destination):
+        raise NotImplementedError()
diff --git a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py
index eed39f38d0544..09dbcb03c4013 100644
--- a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py
+++ b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_browser_driver.py
@@ -164,3 +164,11 @@ def _insert_url(cls, args, pos, url):
         temp_args = args[:]
         temp_args.insert(pos, url)
         return temp_args
+
+    def prepare_pgo_profile_collection(self):
+        shutil.rmtree(self.pgo_profile_output_directory, ignore_errors=True)
+        os.mkdir(self.pgo_profile_output_directory)
+
+    def collect_pgo_profile(self, destination):
+        _log.info(f'Copying PGO profiles from {self.pgo_profile_output_directory} to {destination}')
+        shutil.copytree(self.pgo_profile_output_directory, destination, dirs_exist_ok=True)
diff --git a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py
index 6a7a4497e5c58..63fd70648d1ba 100755
--- a/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py
+++ b/Tools/Scripts/webkitpy/benchmark_runner/browser_driver/osx_safari_driver.py
@@ -110,3 +110,7 @@ def _maximize_window(cls):
             subprocess.check_call(['/usr/bin/defaults', 'write', 'com.apple.Safari', 'NSWindow Frame BrowserWindowFrame', ' '.join(['0', '0', str(cls._screen_size().width), str(cls._screen_size().height)] * 2)])
         except Exception as error:
             _log.error('Reset safari window size failed - Error: {}'.format(error))
+
+    @property
+    def pgo_profile_output_directory(self):
+        return '/private/tmp/WebKitPGO'
diff --git a/Tools/Scripts/webkitpy/benchmark_runner/run_benchmark.py b/Tools/Scripts/webkitpy/benchmark_runner/run_benchmark.py
index 2c8c2ad87ed3d..34b848f5df1b9 100755
--- a/Tools/Scripts/webkitpy/benchmark_runner/run_benchmark.py
+++ b/Tools/Scripts/webkitpy/benchmark_runner/run_benchmark.py
@@ -19,8 +19,6 @@
     WebServerBenchmarkRunner.name: WebServerBenchmarkRunner,
 }
 
-WEBKIT_PGO_DIR = '/private/tmp/WebKitPGO'
-
 def default_platform():
     if sys.platform.startswith('linux'):
         return 'linux'
@@ -90,9 +88,6 @@ def parse_args(parser=None):
     if (args.generate_pgo_profiles or args.trace_type) and not args.diagnose_dir:
         raise Exception('Collecting profiles requires a diagnostic directory (--diagnose-directory) to be set.')
 
-    if args.generate_pgo_profiles and args.platform != 'osx':
-        raise Exception('PGO Profile generation is currently only supported on macOS.')
-
     return args
 
 
@@ -102,7 +97,7 @@ def run_benchmark_plan(args, plan):
                                     args.local_copy, args.count, args.timeout, args.build_dir, args.output_file,
                                     args.platform, args.browser, args.browser_path, args.subtests, args.scale_unit,
                                     args.show_iteration_values, args.device_id, args.diagnose_dir,
-                                    WEBKIT_PGO_DIR if args.generate_pgo_profiles else None,
+                                    args.generate_pgo_profiles,
                                     args.diagnose_dir if args.trace_type else None,
                                     args.trace_type, args.profiling_interval,
                                     args.browser_args, args.http_server_type)

From 9eb2c98a7cee3c25cd96369b3826360394f86100 Mon Sep 17 00:00:00 2001
From: Fujii Hironori <Hironori.Fujii@sony.com>
Date: Fri, 21 Feb 2025 15:07:10 -0800
Subject: [PATCH 009/174] [JSC] Move some inline functions from AirTmpWidth.h
 to AirTmpWidthInlines.h https://bugs.webkit.org/show_bug.cgi?id=288181

Reviewed by Yusuke Suzuki.

Non-unified source build couldn't compile:

> JavaScriptCore/b3/air/AirTmpWidth.h(109,20): error: inline function 'JSC::B3::Air::TmpWidth::widths' is not defined
> JavaScriptCore/b3/air/AirTmpWidth.h(64,28): note: used here
>    64 |         Widths tmpWidths = widths(tmp);
>       |                            ^

An inline function `requiredWidth` was using an inline function
`widths` which was defined in AirTmpWidthInlines.h.

Inline functions which use inline functions in *Inlines.h should move
into *Inlines.h.

* Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp:
* Source/JavaScriptCore/b3/air/AirTmpWidth.h:
(JSC::B3::Air::TmpWidth::width const): Deleted.
(JSC::B3::Air::TmpWidth::requiredWidth): Deleted.
(JSC::B3::Air::TmpWidth::defWidth const): Deleted.
(JSC::B3::Air::TmpWidth::useWidth const): Deleted.
(JSC::B3::Air::TmpWidth::widths const): Deleted.
(JSC::B3::Air::TmpWidth::addWidths): Deleted.
* Source/JavaScriptCore/b3/air/AirTmpWidthInlines.h:
(JSC::B3::Air::TmpWidth::widths const):
(JSC::B3::Air::TmpWidth::width const):
(JSC::B3::Air::TmpWidth::addWidths):
(JSC::B3::Air::TmpWidth::requiredWidth):
(JSC::B3::Air::TmpWidth::defWidth const):
(JSC::B3::Air::TmpWidth::useWidth const):

Canonical link: https://commits.webkit.org/290830@main
---
 .../b3/air/AirAllocateRegistersByGreedy.cpp   |  2 +-
 Source/JavaScriptCore/b3/air/AirTmpWidth.h    | 34 ++++---------------
 .../b3/air/AirTmpWidthInlines.h               | 32 +++++++++++++++++
 3 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
index dfa23aae2c9e0..a4cdb40b324c4 100644
--- a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
+++ b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
@@ -38,7 +38,7 @@
 #include "AirPhaseScope.h"
 #include "AirRegLiveness.h"
 #include "AirTmpMap.h"
-#include "AirTmpWidth.h"
+#include "AirTmpWidthInlines.h"
 #include "AirUseCounts.h"
 #include <wtf/IterationStatus.h>
 #include <wtf/ListDump.h>
diff --git a/Source/JavaScriptCore/b3/air/AirTmpWidth.h b/Source/JavaScriptCore/b3/air/AirTmpWidth.h
index 47b97011d6104..f1b77f55ce6f8 100644
--- a/Source/JavaScriptCore/b3/air/AirTmpWidth.h
+++ b/Source/JavaScriptCore/b3/air/AirTmpWidth.h
@@ -52,18 +52,10 @@ class TmpWidth {
     //
     // This doesn't tell you which of those properties holds, but you can query that using the other
     // methods.
-    Width width(Tmp tmp) const
-    {
-        Widths tmpWidths = widths(tmp);
-        return std::min(tmpWidths.use, tmpWidths.def);
-    }
+    inline Width width(Tmp) const;
 
     // Return the minimum required width for all defs/uses of this Tmp.
-    Width requiredWidth(Tmp tmp)
-    {
-        Widths tmpWidths = widths(tmp);
-        return std::max(tmpWidths.use, tmpWidths.def);
-    }
+    inline Width requiredWidth(Tmp);
 
     // This indirectly tells you how much of the tmp's high bits are guaranteed to be zero. The number of
     // high bits that are zero are:
@@ -71,16 +63,10 @@ class TmpWidth {
     //     TotalBits - defWidth(tmp)
     //
     // Where TotalBits are the total number of bits in the register, so 64 on a 64-bit system.
-    Width defWidth(Tmp tmp) const
-    {
-        return widths(tmp).def;
-    }
+    inline Width defWidth(Tmp) const;
 
     // This tells you how much of Tmp is going to be read.
-    Width useWidth(Tmp tmp) const
-    {
-        return widths(tmp).use;
-    }
+    inline Width useWidth(Tmp) const;
 
     void setWidths(Tmp, Width useWidth, Width defWidth);
 
@@ -107,16 +93,8 @@ class TmpWidth {
     };
 
     inline Widths& widths(Tmp);
-
-    const Widths& widths(Tmp tmp) const
-    {
-        return const_cast<TmpWidth*>(this)->widths(tmp);
-    }
-
-    void addWidths(Tmp tmp, Widths tmpWidths)
-    {
-        widths(tmp) = tmpWidths;
-    }
+    inline const Widths& widths(Tmp) const;
+    inline void addWidths(Tmp, Widths);
 
     Vector<Widths>& widthsVector(Bank bank)
     {
diff --git a/Source/JavaScriptCore/b3/air/AirTmpWidthInlines.h b/Source/JavaScriptCore/b3/air/AirTmpWidthInlines.h
index 4faba37f83e3d..f1eb503cb62dc 100644
--- a/Source/JavaScriptCore/b3/air/AirTmpWidthInlines.h
+++ b/Source/JavaScriptCore/b3/air/AirTmpWidthInlines.h
@@ -44,6 +44,38 @@ inline TmpWidth::Widths& TmpWidth::widths(Tmp tmp)
     return m_widthFP[index];
 }
 
+const TmpWidth::Widths& TmpWidth::widths(Tmp tmp) const
+{
+    return const_cast<TmpWidth*>(this)->widths(tmp);
+}
+
+Width TmpWidth::width(Tmp tmp) const
+{
+    Widths tmpWidths = widths(tmp);
+    return std::min(tmpWidths.use, tmpWidths.def);
+}
+
+void TmpWidth::addWidths(Tmp tmp, Widths tmpWidths)
+{
+    widths(tmp) = tmpWidths;
+}
+
+Width TmpWidth::requiredWidth(Tmp tmp)
+{
+    Widths tmpWidths = widths(tmp);
+    return std::max(tmpWidths.use, tmpWidths.def);
+}
+
+Width TmpWidth::defWidth(Tmp tmp) const
+{
+    return widths(tmp).def;
+}
+
+Width TmpWidth::useWidth(Tmp tmp) const
+{
+    return widths(tmp).use;
+}
+
 } } } // namespace JSC::B3::Air
 
 #endif // ENABLE(B3_JIT)

From 055d5a97c962454efc1124c46f7cac5b35812164 Mon Sep 17 00:00:00 2001
From: Matt Woodrow <mattwoodrow@apple.com>
Date: Fri, 21 Feb 2025 15:22:41 -0800
Subject: [PATCH 010/174] RenderObject::isOutOfFlowPositioned can be read
 before it gets set. https://bugs.webkit.org/show_bug.cgi?id=287778
 <rdar://144956226>

Reviewed by Alan Baradlay.

RenderBoxModelObject::updateFromStyle updates the cached position flags using
the new RenderStyle object.

RenderElement::styleDidChange (which happens earlier) can schedule layout, which
depends on the state of these flags.

Call updateFromStyle to update any cached state before continuing to handle the
post-style-change code.

As a result of this change, `RenderElement::styleDidChange` ancestor marking now
correctly sets the 'positioned child needs layout' bit on the container for
changed positioned children, rather than always setting 'normal child needs
layout'. This results in simplified layout happening more often.

This exposes a bug where changes to the display property may require static
positions to be recomputed, which doesn't get done with simplified layout. Adds
a check for this to ensure we don't use simplified layout for this subset.

This also exposes a second bug with intrusive scrollbars, where overflow changes
on positioned children may results in the addition/removal of scrollbars and
require a full layout to adjust to the new size. Adds checks for this at the two
entry points for simplified layout and switches back to regular layout requests.

Enables two existing tests (which were incorrectly disabled) that caught these
two bugs.

Since we now sometimes refuse simplified layout upfront, rename
setNeedsSimplifiedNormalFlowLayout to setNeedsLayoutForOverflowChange, and
StyleDifference::SimplifiedLayout to Overflow to better represent the request
being made (and have the details of what layout type happens be internal).

Deduplicate some StyleDifference -> layout request code into
setNeedsLayoutForStyleDifference.

Remove markFragmentsForOverflowLayoutIfNeeded since it was unused.

* LayoutTests/TestExpectations:
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::overflowChangesMayAffectLayout const):
* Source/WebCore/rendering/RenderBox.h:
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::adjustStyleDifference const):
(WebCore::RenderElement::repaintBeforeStyleChange):
(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::setNeedsLayoutForStyleDifference):
(WebCore::RenderElement::setNeedsLayoutForOverflowChange):
(WebCore::RenderElement::setNeedsSimplifiedNormalFlowLayout): Deleted.
* Source/WebCore/rendering/RenderElement.h:
(WebCore::RenderElement::overflowChangesMayAffectLayout const):
* Source/WebCore/rendering/RenderFragmentedFlow.cpp:
(WebCore::RenderFragmentedFlow::markFragmentsForOverflowLayoutIfNeeded): Deleted.
* Source/WebCore/rendering/RenderFragmentedFlow.h:
* Source/WebCore/rendering/RenderLayerModelObject.cpp:
(WebCore::RenderLayerModelObject::styleDidChange):
* Source/WebCore/rendering/RenderObject.cpp:
(WebCore::RenderObject::markContainingBlocksForLayout):
* Source/WebCore/rendering/style/RenderStyleConstants.cpp:
(WebCore::operator<<):
* Source/WebCore/rendering/style/RenderStyleConstants.h:
* Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:
(WebCore::repaintAndMarkContainingBlockDirtyBeforeTearDown):

Canonical link: https://commits.webkit.org/290831@main
---
 LayoutTests/TestExpectations                  |  2 -
 Source/WebCore/rendering/RenderBox.cpp        |  5 ++
 Source/WebCore/rendering/RenderBox.h          |  4 +-
 Source/WebCore/rendering/RenderElement.cpp    | 63 +++++++++++--------
 Source/WebCore/rendering/RenderElement.h      |  5 +-
 .../rendering/RenderFragmentedFlow.cpp        |  9 ---
 .../WebCore/rendering/RenderFragmentedFlow.h  |  2 -
 .../rendering/RenderLayerModelObject.cpp      |  2 +-
 Source/WebCore/rendering/RenderObject.cpp     |  3 +
 .../rendering/style/RenderStyleConstants.cpp  |  4 +-
 .../rendering/style/RenderStyleConstants.h    |  8 +--
 .../rendering/updating/RenderTreeUpdater.cpp  |  2 +-
 12 files changed, 60 insertions(+), 49 deletions(-)

diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations
index 47c9d35bf8361..274ffe8700063 100644
--- a/LayoutTests/TestExpectations
+++ b/LayoutTests/TestExpectations
@@ -4392,14 +4392,12 @@ imported/w3c/web-platform-tests/css/css-text-decor/text-underline-offset-scroll-
 webkit.org/b/203445 [ Debug ] imported/w3c/web-platform-tests/css/css-position/position-absolute-container-dynamic-002.html [ Skip ]
 webkit.org/b/203447 imported/w3c/web-platform-tests/css/css-position/position-absolute-dynamic-auto-overflow.html [ ImageOnlyFailure ]
 webkit.org/b/203447 imported/w3c/web-platform-tests/css/css-position/position-absolute-dynamic-overflow-001.html [ ImageOnlyFailure ]
-webkit.org/b/203447 imported/w3c/web-platform-tests/css/css-position/position-absolute-dynamic-overflow-002.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-iframe-print-001.sub.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-iframe-print-002.sub.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-in-inline-003.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-replaced-no-intrinsic-size.tentative.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-center-001.html [ ImageOnlyFailure ]
 webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-center-002.html [ ImageOnlyFailure ]
-webkit.org/b/228994 imported/w3c/web-platform-tests/css/css-position/position-absolute-dynamic-static-position-inline.html [ ImageOnlyFailure ]
 webkit.org/b/203449 imported/w3c/web-platform-tests/css/css-position/position-relative-001.html [ ImageOnlyFailure ]
 webkit.org/b/203449 imported/w3c/web-platform-tests/css/css-position/position-relative-002.html [ ImageOnlyFailure ]
 webkit.org/b/203449 imported/w3c/web-platform-tests/css/css-position/position-relative-011.html [ ImageOnlyFailure ]
diff --git a/Source/WebCore/rendering/RenderBox.cpp b/Source/WebCore/rendering/RenderBox.cpp
index 6bca95da4f30e..623e9189a0e8d 100644
--- a/Source/WebCore/rendering/RenderBox.cpp
+++ b/Source/WebCore/rendering/RenderBox.cpp
@@ -6107,4 +6107,9 @@ bool RenderBox::hasAutoHeightOrContainingBlockWithAutoHeight(UpdatePercentageHei
     return !containingBlock->hasDefiniteLogicalHeight();
 }
 
+bool RenderBox::overflowChangesMayAffectLayout() const
+{
+    return !canUseOverlayScrollbars() && (style().overflowY() == Overflow::Auto || style().overflowX() == Overflow::Auto);
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/rendering/RenderBox.h b/Source/WebCore/rendering/RenderBox.h
index d72835ff0c925..a9bbeedfdd58d 100644
--- a/Source/WebCore/rendering/RenderBox.h
+++ b/Source/WebCore/rendering/RenderBox.h
@@ -699,7 +699,9 @@ class RenderBox : public RenderBoxModelObject {
     void computePreferredLogicalWidths(const Length& minLogicalWidth, const Length& maxLogicalWidth, LayoutUnit borderAndPaddingLogicalWidth);
     
     bool isAspectRatioDegenerate(double aspectRatio) const { return !aspectRatio || isnan(aspectRatio); }
-    
+
+    bool overflowChangesMayAffectLayout() const final;
+
 private:
     bool replacedMinMaxLogicalHeightComputesAsNone(SizeType) const;
 
diff --git a/Source/WebCore/rendering/RenderElement.cpp b/Source/WebCore/rendering/RenderElement.cpp
index c1b50987841d1..cf61edfe49a5e 100644
--- a/Source/WebCore/rendering/RenderElement.cpp
+++ b/Source/WebCore/rendering/RenderElement.cpp
@@ -280,9 +280,9 @@ StyleDifference RenderElement::adjustStyleDifference(StyleDifference diff, Optio
             if (!hasLayer())
                 diff = std::max(diff, StyleDifference::Layout);
             else {
-                // We need to set at least SimplifiedLayout, but if PositionedMovementOnly is already set
-                // then we actually need SimplifiedLayoutAndPositionedMovement.
-                diff = std::max(diff, (diff == StyleDifference::LayoutPositionedMovementOnly) ? StyleDifference::SimplifiedLayoutAndPositionedMovement : StyleDifference::SimplifiedLayout);
+                // We need to set at least Overflow, but if PositionedMovementOnly is already set
+                // then we actually need OverflowAndPositionedMovement.
+                diff = std::max(diff, (diff == StyleDifference::LayoutPositionedMovementOnly) ? StyleDifference::OverflowAndPositionedMovement : StyleDifference::Overflow);
             }
         
         } else
@@ -423,7 +423,7 @@ bool RenderElement::repaintBeforeStyleChange(StyleDifference diff, const RenderS
             if (diff == StyleDifference::RepaintLayer)
                 return RequiredRepaint::RendererAndDescendantsRenderersWithLayers;
 
-            if (diff == StyleDifference::Layout || diff == StyleDifference::SimplifiedLayout) {
+            if (diff == StyleDifference::Layout || diff == StyleDifference::Overflow) {
                 // Certain style changes require layer repaint, since the layer could end up being destroyed.
                 auto layerMayGetDestroyed = oldStyle.position() != newStyle.position()
                     || oldStyle.usedZIndex() != newStyle.usedZIndex()
@@ -583,17 +583,8 @@ void RenderElement::setStyle(RenderStyle&& style, StyleDifference minimalStyleDi
     // check whether we should layout now, and decide if we need to repaint.
     StyleDifference updatedDiff = adjustStyleDifference(diff, contextSensitiveProperties);
     
-    if (diff <= StyleDifference::LayoutPositionedMovementOnly) {
-        if (updatedDiff == StyleDifference::Layout)
-            setNeedsLayoutAndPrefWidthsRecalc();
-        else if (updatedDiff == StyleDifference::LayoutPositionedMovementOnly)
-            setNeedsPositionedMovementLayout(&oldStyle);
-        else if (updatedDiff == StyleDifference::SimplifiedLayoutAndPositionedMovement) {
-            setNeedsPositionedMovementLayout(&oldStyle);
-            setNeedsSimplifiedNormalFlowLayout();
-        } else if (updatedDiff == StyleDifference::SimplifiedLayout)
-            setNeedsSimplifiedNormalFlowLayout();
-    }
+    if (diff <= StyleDifference::LayoutPositionedMovementOnly)
+        setNeedsLayoutForStyleDifference(updatedDiff, &oldStyle);
 
     if (!didRepaint && (updatedDiff == StyleDifference::RepaintLayer || shouldRepaintForStyleDifference(updatedDiff))) {
         // Do a repaint with the new style now, e.g., for example if we go from
@@ -1047,7 +1038,7 @@ void RenderElement::styleDidChange(StyleDifference diff, const RenderStyle* oldS
     if (!m_parent)
         return;
     
-    if (diff == StyleDifference::Layout || diff == StyleDifference::SimplifiedLayout) {
+    if (diff == StyleDifference::Layout || diff == StyleDifference::Overflow) {
         RenderCounter::rendererStyleChanged(*this, oldStyle, m_style);
 
         // If the object already needs layout, then setNeedsLayout won't do
@@ -1057,16 +1048,16 @@ void RenderElement::styleDidChange(StyleDifference diff, const RenderStyle* oldS
         // the position style.
         if (needsLayout() && oldStyle && oldStyle->position() != m_style.position())
             scheduleLayout(markContainingBlocksForLayout());
+    }
 
-        if (diff == StyleDifference::Layout)
-            setNeedsLayoutAndPrefWidthsRecalc();
-        else
-            setNeedsSimplifiedNormalFlowLayout();
-    } else if (diff == StyleDifference::SimplifiedLayoutAndPositionedMovement) {
-        setNeedsPositionedMovementLayout(oldStyle);
-        setNeedsSimplifiedNormalFlowLayout();
-    } else if (diff == StyleDifference::LayoutPositionedMovementOnly)
-        setNeedsPositionedMovementLayout(oldStyle);
+    setNeedsLayoutForStyleDifference(diff, oldStyle);
+
+    if (isOutOfFlowPositioned() && oldStyle && oldStyle->isOriginalDisplayBlockType() != style().isOriginalDisplayBlockType()) {
+        if (CheckedPtr ancestor = RenderObject::containingBlockForPositionType(PositionType::Static, *this)) {
+            ancestor->setNeedsLayout();
+            ancestor->setOutOfFlowChildNeedsStaticPositionLayout();
+        }
+    }
 
     // Don't check for repaint here; we need to wait until the layer has been
     // updated by subclasses before we know if we have to repaint (in setStyle()).
@@ -1224,9 +1215,29 @@ void RenderElement::clearChildNeedsLayout()
     setOutOfFlowChildNeedsStaticPositionLayoutBit(false);
 }
 
-void RenderElement::setNeedsSimplifiedNormalFlowLayout()
+void RenderElement::setNeedsLayoutForStyleDifference(StyleDifference diff, const RenderStyle* oldStyle)
+{
+    if (diff == StyleDifference::Layout)
+        setNeedsLayoutAndPrefWidthsRecalc();
+    else if (diff == StyleDifference::LayoutPositionedMovementOnly)
+        setNeedsPositionedMovementLayout(oldStyle);
+    else if (diff == StyleDifference::OverflowAndPositionedMovement) {
+        setNeedsPositionedMovementLayout(oldStyle);
+        setNeedsLayoutForOverflowChange();
+    } else if (diff == StyleDifference::Overflow)
+        setNeedsLayoutForOverflowChange();
+}
+
+void RenderElement::setNeedsLayoutForOverflowChange()
 {
     ASSERT(!isSetNeedsLayoutForbidden());
+    // FIXME: Eagerly preventing simplified layout due to the (unlikely) possibility of a size change
+    // is possibly wasteful. We could in theory detect an actual change during layout, and
+    // unwind back to restart proper layout.
+    if (overflowChangesMayAffectLayout()) {
+        setNeedsLayout();
+        return;
+    }
     if (needsSimplifiedNormalFlowLayout())
         return;
     setNeedsSimplifiedNormalFlowLayoutBit(true);
diff --git a/Source/WebCore/rendering/RenderElement.h b/Source/WebCore/rendering/RenderElement.h
index 68de3deb020c5..837951148cdd5 100644
--- a/Source/WebCore/rendering/RenderElement.h
+++ b/Source/WebCore/rendering/RenderElement.h
@@ -141,7 +141,8 @@ class RenderElement : public RenderObject {
     void setOutOfFlowChildNeedsStaticPositionLayout();
     void clearChildNeedsLayout();
     void setNeedsPositionedMovementLayout(const RenderStyle* oldStyle);
-    void setNeedsSimplifiedNormalFlowLayout();
+    void setNeedsLayoutForStyleDifference(StyleDifference, const RenderStyle* oldStyle);
+    void setNeedsLayoutForOverflowChange();
 
     // paintOffset is the offset from the origin of the GraphicsContext at which to paint the current object.
     virtual void paint(PaintInfo&, const LayoutPoint& paintOffset) = 0;
@@ -300,6 +301,8 @@ class RenderElement : public RenderObject {
     bool renderBoxHasShapeOutsideInfo() const { return m_renderBoxHasShapeOutsideInfo; }
     bool hasCachedSVGResource() const { return m_hasCachedSVGResource; }
 
+    virtual bool overflowChangesMayAffectLayout() const { return false; }
+
 protected:
     RenderElement(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
     RenderElement(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
diff --git a/Source/WebCore/rendering/RenderFragmentedFlow.cpp b/Source/WebCore/rendering/RenderFragmentedFlow.cpp
index 98600aa9c8712..c7b81783d33a0 100644
--- a/Source/WebCore/rendering/RenderFragmentedFlow.cpp
+++ b/Source/WebCore/rendering/RenderFragmentedFlow.cpp
@@ -741,15 +741,6 @@ void RenderFragmentedFlow::willBeDestroyed()
     RenderBlockFlow::willBeDestroyed();
 }
 
-void RenderFragmentedFlow::markFragmentsForOverflowLayoutIfNeeded()
-{
-    if (!hasFragments())
-        return;
-
-    for (auto& fragment : m_fragmentList)
-        fragment.setNeedsSimplifiedNormalFlowLayout();
-}
-
 void RenderFragmentedFlow::updateFragmentsFragmentedFlowPortionRect()
 {
     LayoutUnit logicalHeight;
diff --git a/Source/WebCore/rendering/RenderFragmentedFlow.h b/Source/WebCore/rendering/RenderFragmentedFlow.h
index 1e6ac16913778..a71568f8a6593 100644
--- a/Source/WebCore/rendering/RenderFragmentedFlow.h
+++ b/Source/WebCore/rendering/RenderFragmentedFlow.h
@@ -135,8 +135,6 @@ class RenderFragmentedFlow : public RenderBlockFlow {
     // Check if the object should be painted in this fragment and if the fragment is part of this flow thread.
     bool objectShouldFragmentInFlowFragment(const RenderObject*, const RenderFragmentContainer*) const;
 
-    void markFragmentsForOverflowLayoutIfNeeded();
-
     virtual bool addForcedFragmentBreak(const RenderBlock*, LayoutUnit, RenderBox* breakChild, bool isBefore, LayoutUnit* offsetBreakAdjustment = 0);
     virtual void applyBreakAfterContent(LayoutUnit) { }
 
diff --git a/Source/WebCore/rendering/RenderLayerModelObject.cpp b/Source/WebCore/rendering/RenderLayerModelObject.cpp
index 82bdd2a02a751..7c972df27a2d7 100644
--- a/Source/WebCore/rendering/RenderLayerModelObject.cpp
+++ b/Source/WebCore/rendering/RenderLayerModelObject.cpp
@@ -133,8 +133,8 @@ void RenderLayerModelObject::styleWillChange(StyleDifference diff, const RenderS
 
 void RenderLayerModelObject::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
 {
-    RenderElement::styleDidChange(diff, oldStyle);
     updateFromStyle();
+    RenderElement::styleDidChange(diff, oldStyle);
 
     // When an out-of-flow-positioned element changes its display between block and inline-block,
     // then an incremental layout on the element's containing block lays out the element through
diff --git a/Source/WebCore/rendering/RenderObject.cpp b/Source/WebCore/rendering/RenderObject.cpp
index 59050d1a20e5f..7007d8621b37a 100644
--- a/Source/WebCore/rendering/RenderObject.cpp
+++ b/Source/WebCore/rendering/RenderObject.cpp
@@ -621,6 +621,9 @@ RenderElement* RenderObject::markContainingBlocksForLayout(RenderElement* layout
             return { };
         }
 
+        if (simplifiedNormalFlowLayout && ancestor->overflowChangesMayAffectLayout())
+            simplifiedNormalFlowLayout = false;
+
         if (hasOutOfFlowPosition) {
             bool willSkipRelativelyPositionedInlines = !ancestor->isRenderBlock() || ancestor->isAnonymousBlock();
             // Skip relatively positioned inlines and anonymous blocks to get to the enclosing RenderBlock.
diff --git a/Source/WebCore/rendering/style/RenderStyleConstants.cpp b/Source/WebCore/rendering/style/RenderStyleConstants.cpp
index 31a24fd5ca195..b636067b092ca 100644
--- a/Source/WebCore/rendering/style/RenderStyleConstants.cpp
+++ b/Source/WebCore/rendering/style/RenderStyleConstants.cpp
@@ -1082,8 +1082,8 @@ TextStream& operator<<(TextStream& ts, StyleDifference diff)
     case StyleDifference::RepaintIfText: ts << "repaint if text"; break;
     case StyleDifference::RepaintLayer: ts << "repaint layer"; break;
     case StyleDifference::LayoutPositionedMovementOnly: ts << "layout positioned movement only"; break;
-    case StyleDifference::SimplifiedLayout: ts << "simplified layout"; break;
-    case StyleDifference::SimplifiedLayoutAndPositionedMovement: ts << "simplified layout and positioned movement"; break;
+    case StyleDifference::Overflow: ts << "overflow"; break;
+    case StyleDifference::OverflowAndPositionedMovement: ts << "overflow and positioned movement"; break;
     case StyleDifference::Layout: ts << "layout"; break;
     case StyleDifference::NewStyle: ts << "new style"; break;
     }
diff --git a/Source/WebCore/rendering/style/RenderStyleConstants.h b/Source/WebCore/rendering/style/RenderStyleConstants.h
index fda2075b39ab4..8b8afe7a1ce88 100644
--- a/Source/WebCore/rendering/style/RenderStyleConstants.h
+++ b/Source/WebCore/rendering/style/RenderStyleConstants.h
@@ -51,8 +51,8 @@ enum class PrintColorAdjust : bool {
 // - StyleDifference::RepaintIfText - The object needs to be repainted if it contains text.
 // - StyleDifference::RepaintLayer - The layer and its descendant layers needs to be repainted.
 // - StyleDifference::LayoutPositionedMovementOnly - Only the position of this positioned object has been updated
-// - StyleDifference::SimplifiedLayout - Only overflow needs to be recomputed
-// - StyleDifference::SimplifiedLayoutAndPositionedMovement - Both positioned movement and simplified layout updates are required.
+// - StyleDifference::Overflow - Only overflow needs to be recomputed
+// - StyleDifference::OverflowAndPositionedMovement - Both positioned movement and overflow updates are required.
 // - StyleDifference::Layout - A full layout is required.
 enum class StyleDifference : uint8_t {
     Equal,
@@ -61,8 +61,8 @@ enum class StyleDifference : uint8_t {
     RepaintIfText,
     RepaintLayer,
     LayoutPositionedMovementOnly,
-    SimplifiedLayout,
-    SimplifiedLayoutAndPositionedMovement,
+    Overflow,
+    OverflowAndPositionedMovement,
     Layout,
     NewStyle
 };
diff --git a/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp b/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
index 660ebe43e653d..97a54889ec900 100644
--- a/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
+++ b/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp
@@ -731,7 +731,7 @@ static std::optional<DidRepaintAndMarkContainingBlock> repaintAndMarkContainingB
             container->setPreferredLogicalWidthsDirty(true);
             return;
         }
-        container->setNeedsSimplifiedNormalFlowLayout();
+        container->setNeedsLayoutForOverflowChange();
     };
 
     auto repaintBackdropIfApplicable = [&](auto& renderer) {

From 5fb0bc3dd4265a5b0dc651012c01f532794531ce Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Fri, 21 Feb 2025 15:26:44 -0800
Subject: [PATCH 011/174] [Site Isolation] Session restore in a new WKWebView
 breaks when restoring from an existing WKWebView
 https://bugs.webkit.org/show_bug.cgi?id=288162 rdar://145257058
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Alex Christensen.

There's logic in WebPageProxy::goToBackForwardItem to send FrameState to the right frame process, but we
didn’t check if the frame actually belonged to the current page. So, after restoring session state from
another WKWebView, we could end up trying to send FrameState to a process belonging to a different page.
We should make sure the frame belongs to the current page before sending IPC to its process.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::goToBackForwardItem):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST(SiteIsolation, RestoreSessionFromAnotherWebView)):

Canonical link: https://commits.webkit.org/290832@main
---
 Source/WebKit/UIProcess/WebPageProxy.cpp          |  2 +-
 .../Tests/WebKitCocoa/SiteIsolation.mm            | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index b23393c84e6e2..92648c01bfce9 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -2582,7 +2582,7 @@ RefPtr<API::Navigation> WebPageProxy::goToBackForwardItem(WebBackForwardListFram
 
     Ref frameState = item->mainFrameState();
     if (protectedPreferences()->siteIsolationEnabled()) {
-        if (RefPtr frame = WebFrameProxy::webFrame(frameItem.frameID())) {
+        if (RefPtr frame = WebFrameProxy::webFrame(frameItem.frameID()); frame && frame->page() == this) {
             process = frame->process();
             frameState = frameItem.copyFrameStateWithChildren();
         }
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
index 1b3fed2224648..0ba88a9e3eee6 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
@@ -3061,6 +3061,21 @@ HTTPServer server({
     EXPECT_TRUE([webView canGoBack]);
 }
 
+TEST(SiteIsolation, RestoreSessionFromAnotherWebView)
+{
+    HTTPServer server({
+        { "/example"_s, { "<iframe src='https://webkit.org/frame'></iframe>"_s } },
+        { "/frame"_s, { "<script> alert('done'); </script>"_s } }
+    }, HTTPServer::Protocol::HttpsProxy);
+    auto [webView1, navigationDelegate] = siteIsolatedViewAndDelegate(server);
+    [webView1 loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://example.com/example"]]];
+    EXPECT_WK_STREQ([webView1 _test_waitForAlert], "done");
+
+    auto [webView2, navigationDelegate2] = siteIsolatedViewAndDelegate(server);
+    [webView2 _restoreSessionState:[webView1 _sessionState] andNavigate:YES];
+    EXPECT_WK_STREQ([webView2 _test_waitForAlert], "done");
+}
+
 static void testNavigateIframeBackForward(NSString *navigationURL, bool restoreSessionState)
 {
     HTTPServer server({

From a1c69c005cb386bb3efbf695ae77b0556ce4b78e Mon Sep 17 00:00:00 2001
From: Robert Jenner <jenner@apple.com>
Date: Fri, 21 Feb 2025 15:36:40 -0800
Subject: [PATCH 012/174] Unreviewed, reverting 290825@main (67d7e1c8fe78)
 https://bugs.webkit.org/show_bug.cgi?id=288233 rdar://145324925

Broke the build.

Reverted change:

    Refine the construction of WKWebExtension in Swift.
    https://bugs.webkit.org/show_bug.cgi?id=288129
    rdar://145235810
    290825@main (67d7e1c8fe78)

Canonical link: https://commits.webkit.org/290833@main
---
 .../UIProcess/API/Cocoa/WKWebExtension.h      |  4 +-
 .../UIProcess/API/Cocoa/WKWebExtension.mm     | 94 ++++++-------------
 .../API/Cocoa/WKWebExtensionPrivate.h         | 21 ++---
 .../API/Cocoa/WebKitSwiftOverlay.swift        | 25 -----
 4 files changed, 39 insertions(+), 105 deletions(-)

diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
index 2764447a5433d..ec09fbf7509ce 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
@@ -82,7 +82,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The app extension bundle must contain a `manifest.json` file in its resources directory. If the manifest is invalid or missing,
  or the bundle is otherwise improperly configured, an error will be returned.
  */
-+ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
++ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL, which can point to either a directory or a ZIP archive.
@@ -91,7 +91,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The URL must be a file URL that points to either a directory with a `manifest.json` file or a ZIP archive containing a `manifest.json` file.
  If the manifest is invalid or missing, or the URL points to an unsupported format or invalid archive, an error will be returned.
  */
-+ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
++ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
 
 /*!
  @abstract An array of all errors that occurred during the processing of the extension.
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
index 279bd260386f6..d3c153560a6f3 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
@@ -86,47 +86,29 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     });
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
-}
-
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
-}
-
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
-}
-
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
-{
-    return [self initWithManifestDictionary:manifest resources:nil];
-}
-
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+// FIXME: Remove after Safari has adopted new methods.
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self initWithManifestDictionary:manifest resources:resources];
+    return [self _initWithAppExtensionBundle:appExtensionBundle error:error];
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self initWithResources:resources];
+    return [self _initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+// FIXME: Remove after Safari has adopted new methods.
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
+    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     NSParameterAssert(appExtensionBundle || resourceBaseURL);
 
@@ -156,14 +138,14 @@ - (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBund
     return self;
 }
 
-- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
-    return [self initWithManifestDictionary:manifest resources:nil];
+    return [self _initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
@@ -175,7 +157,7 @@ - (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manif
     return self;
 }
 
-- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([resources isKindOfClass:NSDictionary.class]);
 
@@ -367,64 +349,44 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     completionHandler(nil, [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil]);
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
-}
-
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
-}
-
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
-{
-    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
-}
-
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
-{
-    return [self initWithManifestDictionary:manifest resources:nil];
-}
-
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
 {
-    return [self initWithManifestDictionary:manifest resources:resources];
+    return [self _initWithAppExtensionBundle:bundle error:error];
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
 {
-    return [self initWithResources:resources];
+    return [self _initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
+    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     if (error)
         *error = [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil];
     return nil;
 }
 
-- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
-    return [self initWithManifestDictionary:manifest resources:nil];
+    return [self _initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
 
-- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
index 6175d61ccf4fa..2e524adcc0fdb 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
@@ -29,12 +29,9 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
 
 @interface WKWebExtension ()
 
-- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:).");
-- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(resourceBaseURL:).");
-- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:resourceBaseURL:).");
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:).");
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:resources:).");
-- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(resources:).");
+// FIXME: Remove after Safari has adopted new methods.
+- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
+- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle.
@@ -42,7 +39,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @param error Set to \c nil or an error instance if an error occurred.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_REFINED_FOR_SWIFT;
+- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL.
@@ -51,7 +48,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  @discussion The URL must be a file URL that points to either a directory containing a `manifest.json` file or a valid ZIP archive.
  */
-- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_REFINED_FOR_SWIFT;
+- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle and resource base URL.
@@ -62,14 +59,14 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion Either the app extension bundle or the resource base URL (which can point to a directory or a valid ZIP archive) must be provided.
  This initializer is useful when the extension resources are in a different location from the app extension bundle used for native messaging.
  */
-- (nullable instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary.
  @param manifest The dictionary containing the manifest data for the web extension.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary and resources.
@@ -79,7 +76,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary provides additional data required for the web extension. Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with specified resources.
@@ -88,7 +85,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary must provide at least the `manifest.json` resource.  Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*! @abstract A Boolean value indicating whether the extension background content is a service worker. */
 @property (readonly, nonatomic) BOOL _hasServiceWorkerBackgroundContent;
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
index 80d29f01bae64..994071d3a2df9 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
+++ b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
@@ -25,10 +25,6 @@
 
 #if !os(tvOS) && !os(watchOS)
 
-#if compiler(>=6.0)
-internal import WebKit_Private
-#endif
-
 #if USE_APPLE_INTERNAL_SDK
 @_spi(CTypeConversion) import Network
 #endif
@@ -89,25 +85,7 @@ extension WKWebView {
 }
 #endif
 
-#if compiler(>=6.0)
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
-@available(watchOS, unavailable)
-@available(tvOS, unavailable)
-extension WKWebExtension {
-    public convenience init(appExtensionBundle: Bundle) async throws {
-        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
-        try self.init(appExtensionBundle: appExtensionBundle, resourceBaseURL: nil)
-    }
-
-    public convenience init(resourceBaseURL: URL) async throws {
-        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
-        try self.init(appExtensionBundle: nil, resourceBaseURL: resourceBaseURL)
-    }
-}
-
-@available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
-@available(watchOS, unavailable)
-@available(tvOS, unavailable)
 extension WKWebExtensionController {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -123,8 +101,6 @@ extension WKWebExtensionController {
 }
 
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
-@available(watchOS, unavailable)
-@available(tvOS, unavailable)
 extension WKWebExtensionContext {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -138,7 +114,6 @@ extension WKWebExtensionContext {
         __didMove(movedTab, from: index, in: oldWindow)
     }
 }
-#endif
 
 // FIXME: Need to declare ProxyConfiguration SPI in order to build and test
 // this with public SDKs (https://bugs.webkit.org/show_bug.cgi?id=280911).

From d2e94b018a5a96215b37f681db435b0f99b5e9a1 Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Fri, 21 Feb 2025 15:43:37 -0800
Subject: [PATCH 013/174] Fix memory leak in sandbox extension code
 https://bugs.webkit.org/show_bug.cgi?id=288172 rdar://145238621

Reviewed by Chris Dumez.

The function SandboxExtensionImpl::sandboxExtensionForType currently returns a C string that needs to
be deallocated by the caller. Not all callers of this function are deallocating the memory. This patch
addresses this issue by changing the function to return a CString. The caller does no longer have to
deallocate the C string returned from the sandbox functions that issued the extension. The deallocation
of the C string is now done inside the method itself.

* Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
* Source/WebKit/Shared/SandboxExtension.h:

Canonical link: https://commits.webkit.org/290834@main
---
 .../Shared/Cocoa/SandboxExtensionCocoa.mm     | 62 ++++++++++---------
 Source/WebKit/Shared/SandboxExtension.h       |  2 +-
 2 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm b/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
index a5a530cca83f2..3f4cd0f89c4a2 100644
--- a/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
+++ b/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
@@ -81,37 +81,41 @@
     return byteCast<uint8_t>(m_token.span());
 }
 
-char* SandboxExtensionImpl::sandboxExtensionForType(const char* path, SandboxExtension::Type type, std::optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
-{
-    uint32_t extensionFlags = 0;
-    if (flags & SandboxExtension::Flags::NoReport)
-        extensionFlags |= SANDBOX_EXTENSION_NO_REPORT;
-    if (flags & SandboxExtension::Flags::DoNotCanonicalize)
-        extensionFlags |= SANDBOX_EXTENSION_CANONICAL;
-
-    switch (type) {
-    case SandboxExtension::Type::ReadOnly:
-        return sandbox_extension_issue_file(APP_SANDBOX_READ, path, extensionFlags);
-    case SandboxExtension::Type::ReadWrite:
-        return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags);
-    case SandboxExtension::Type::Mach:
-        if (!auditToken)
-            return sandbox_extension_issue_mach("com.apple.webkit.extension.mach", path, extensionFlags);
-        return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach", path, extensionFlags, *auditToken);
-    case SandboxExtension::Type::IOKit:
-        if (!auditToken)
-            return sandbox_extension_issue_iokit_registry_entry_class("com.apple.webkit.extension.iokit", path, extensionFlags);
-        return sandbox_extension_issue_iokit_registry_entry_class_to_process("com.apple.webkit.extension.iokit", path, extensionFlags, *auditToken);
-    case SandboxExtension::Type::Generic:
-        return sandbox_extension_issue_generic(path, extensionFlags);
-    case SandboxExtension::Type::ReadByProcess:
-        if (!auditToken)
-            return nullptr;
+CString SandboxExtensionImpl::sandboxExtensionForType(const char* path, SandboxExtension::Type type, std::optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
+{
+    auto sandboxExtension = [&] {
+        uint32_t extensionFlags = 0;
+        if (flags & SandboxExtension::Flags::NoReport)
+            extensionFlags |= SANDBOX_EXTENSION_NO_REPORT;
+        if (flags & SandboxExtension::Flags::DoNotCanonicalize)
+            extensionFlags |= SANDBOX_EXTENSION_CANONICAL;
+
+        switch (type) {
+        case SandboxExtension::Type::ReadOnly:
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_file(APP_SANDBOX_READ, path, extensionFlags), free);
+        case SandboxExtension::Type::ReadWrite:
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags), free);
+        case SandboxExtension::Type::Mach:
+            if (!auditToken)
+                return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_mach("com.apple.webkit.extension.mach", path, extensionFlags), free);
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach", path, extensionFlags, *auditToken), free);
+        case SandboxExtension::Type::IOKit:
+            if (!auditToken)
+                return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_iokit_registry_entry_class("com.apple.webkit.extension.iokit", path, extensionFlags), free);
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_iokit_registry_entry_class_to_process("com.apple.webkit.extension.iokit", path, extensionFlags, *auditToken), free);
+        case SandboxExtension::Type::Generic:
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_generic(path, extensionFlags), free);
+        case SandboxExtension::Type::ReadByProcess:
+            if (!auditToken)
+                return std::unique_ptr<char, decltype(free)*>(nullptr, free);
 #if PLATFORM(MAC)
-        extensionFlags |= SANDBOX_EXTENSION_USER_INTENT;
+            extensionFlags |= SANDBOX_EXTENSION_USER_INTENT;
 #endif
-        return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, extensionFlags, *auditToken);
-    }
+            return std::unique_ptr<char, decltype(free)*>(sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, extensionFlags, *auditToken), free);
+        }
+    }();
+
+    return CString(sandboxExtension.get());
 }
 
 SandboxExtensionImpl::SandboxExtensionImpl(const char* path, SandboxExtension::Type type, std::optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
diff --git a/Source/WebKit/Shared/SandboxExtension.h b/Source/WebKit/Shared/SandboxExtension.h
index ad5ff9c23d197..9bacf72389734 100644
--- a/Source/WebKit/Shared/SandboxExtension.h
+++ b/Source/WebKit/Shared/SandboxExtension.h
@@ -69,7 +69,7 @@ class SandboxExtensionImpl {
         : m_token(std::exchange(other.m_token, CString()))
         , m_handle(std::exchange(other.m_handle, 0)) { }
 private:
-    char* sandboxExtensionForType(const char* path, SandboxExtensionType, std::optional<audit_token_t>, OptionSet<SandboxExtensionFlags>);
+    CString sandboxExtensionForType(const char* path, SandboxExtensionType, std::optional<audit_token_t>, OptionSet<SandboxExtensionFlags>);
 
     SandboxExtensionImpl(const char* path, SandboxExtensionType, std::optional<audit_token_t>, OptionSet<SandboxExtensionFlags>);
 

From 028359956b37e34c713794e96580dcdd52b7c83a Mon Sep 17 00:00:00 2001
From: Fujii Hironori <Hironori.Fujii@sony.com>
Date: Fri, 21 Feb 2025 16:05:42 -0800
Subject: [PATCH 014/174] [Win] Unreviewed test gardening

* LayoutTests/platform/win/TestExpectations:

Canonical link: https://commits.webkit.org/290835@main
---
 LayoutTests/platform/win/TestExpectations | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/LayoutTests/platform/win/TestExpectations b/LayoutTests/platform/win/TestExpectations
index 42a629ff394b9..28a2dec06089a 100644
--- a/LayoutTests/platform/win/TestExpectations
+++ b/LayoutTests/platform/win/TestExpectations
@@ -1082,6 +1082,10 @@ imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/layout-change
 imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/animation-with-animatable-interface.html [ ImageOnlyFailure ]
 imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/animation-with-display-none.html [ ImageOnlyFailure ]
 
+imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/animation-with-transform.html [ ImageOnlyFailure ]
+imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/two-animations-attach-to-same-scroll-timeline-cancel-one.html [ ImageOnlyFailure ]
+imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/two-animations-attach-to-same-scroll-timeline.html [ ImageOnlyFailure ]
+
 webkit.org/b/263870 imported/w3c/web-platform-tests/scroll-animations/css/animation-range-ignored.html [ Skip ]
 webkit.org/b/263870 imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/scroll-timeline-range.html [ Skip ]
 

From 32a639f3ab677e32649dd4a33fc80c313feb353e Mon Sep 17 00:00:00 2001
From: Nitin Mahendru <nitinmahendru@apple.com>
Date: Fri, 21 Feb 2025 16:12:08 -0800
Subject: [PATCH 015/174] Fix xcode file landed in 290795_main rdar://145328801
 https://bugs.webkit.org/show_bug.cgi?id=288255

Reviewed by Geoffrey Garen.

These edits happen as soon as I open the project in xcode.
So I am just committing them.
I talked to Gerald(author of 290795@main) and they mentioned that
they had manually edited the file and maybe that edit missed a sorting
rule that xcode likes.

* Source/WebCore/WebCore.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/290836@main
---
 Source/WebCore/WebCore.xcodeproj/project.pbxproj | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
index 48c1a4a75df74..825269af0e9b4 100644
--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -2851,8 +2851,8 @@
 		7261481C2A97C66F00B75E32 /* DisplayListItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 7261481B2A97BD9B00B75E32 /* DisplayListItem.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		7263D505292C472D00CA9D10 /* GraphicsStyle.h in Headers */ = {isa = PBXBuildFile; fileRef = 7263D503292C472B00CA9D10 /* GraphicsStyle.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		726516E62C9CB75600647895 /* ContentsFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 726516E42C9BB70E00647895 /* ContentsFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		726516F72CA4B4A300647895 /* ContentsFormatCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 726516F52CA4AEDC00647895 /* ContentsFormatCocoa.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		726516E62C9CB75600647896 /* PlatformDynamicRangeLimit.h in Headers */ = {isa = PBXBuildFile; fileRef = 726516E42C9BB70E00647896 /* PlatformDynamicRangeLimit.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		726516F72CA4B4A300647895 /* ContentsFormatCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 726516F52CA4AEDC00647895 /* ContentsFormatCocoa.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		726CDE202759735000A445B2 /* FilterEffectGeometry.h in Headers */ = {isa = PBXBuildFile; fileRef = 729661A2275960A500E7DF9B /* FilterEffectGeometry.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		726D56E2253AE28D0002EF90 /* PlatformImage.h in Headers */ = {isa = PBXBuildFile; fileRef = 726D56E1253AE0430002EF90 /* PlatformImage.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		726D56E3253AE3660002EF90 /* NativeImage.h in Headers */ = {isa = PBXBuildFile; fileRef = 55A336F61D8209F40022C4C7 /* NativeImage.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -13409,10 +13409,10 @@
 		7263D503292C472B00CA9D10 /* GraphicsStyle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GraphicsStyle.h; sourceTree = "<group>"; };
 		7263D504292C472C00CA9D10 /* GraphicsStyle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GraphicsStyle.cpp; sourceTree = "<group>"; };
 		726516E42C9BB70E00647895 /* ContentsFormat.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ContentsFormat.h; sourceTree = "<group>"; };
-		726516E52C9CB59900647895 /* ContentsFormat.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ContentsFormat.cpp; sourceTree = "<group>"; };
-		726516F52CA4AEDC00647895 /* ContentsFormatCocoa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ContentsFormatCocoa.h; sourceTree = "<group>"; };
 		726516E42C9BB70E00647896 /* PlatformDynamicRangeLimit.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = PlatformDynamicRangeLimit.h; sourceTree = "<group>"; };
+		726516E52C9CB59900647895 /* ContentsFormat.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ContentsFormat.cpp; sourceTree = "<group>"; };
 		726516E52C9CB59900647896 /* PlatformDynamicRangeLimit.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = PlatformDynamicRangeLimit.cpp; sourceTree = "<group>"; };
+		726516F52CA4AEDC00647895 /* ContentsFormatCocoa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ContentsFormatCocoa.h; sourceTree = "<group>"; };
 		7266F0132241BCE200833975 /* SVGPropertyAnimatorFactory.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SVGPropertyAnimatorFactory.h; sourceTree = "<group>"; };
 		7266F0142241BFB200833975 /* SVGPrimitivePropertyAnimatorImpl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SVGPrimitivePropertyAnimatorImpl.h; sourceTree = "<group>"; };
 		7266F0152241C09800833975 /* SVGPrimitivePropertyAnimator.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SVGPrimitivePropertyAnimator.h; sourceTree = "<group>"; };

From d1ed61f568c7dbcfca9b7f7f535618d03b6fa820 Mon Sep 17 00:00:00 2001
From: Ryan Fuller <ryanfuller@apple.com>
Date: Fri, 21 Feb 2025 16:14:51 -0800
Subject: [PATCH 016/174] Configure now playing media session to support
 external playback https://bugs.webkit.org/show_bug.cgi?id=287684
 rdar://137156850

Reviewed by Andy Estes.

Add a new visionOS WKWebView method to enable configuring the now playing media
session for external playback. This puts the visionOS media player into a
custom presentation (external) and returns the media player's view controller
to the caller who has the responsibility to present it. It also provides a method
to exit this external playback.

On entering presentation, it sets the playerIdentifier for the video element
which normally gets set as part of the fullscreen flow but we are bypassing that
route in this mode -- without this the media player will not be able to render.
It also puts LinearMediaPlayer in a new presentationState (.external) which
allows WebKit to configure the player as needed without affecting video playing
outside of this feature. Finally, it makes and returns the player view
controller.

On exiting presentation, it sets the state of linearMediaPlayer back to .inline
presentation and tears down the configuration. Importantly, it clears the video
receiver endpoint to allow the media session to render in its non-LMK
presentation.

While this mode is similar conceptually to fullscreen, it intentionally does not
latch onto the fullscreen element state, as it should be a separate mode and the
media element should not falsely believe it is in a fullscreen presentation.
While in external presentation, fullscreen mode is prevented from being entered.

Note: Remove LinearMediaPlayer's fullscreenSceneBehavior property until it is
able to be published (rdar://122435030).

* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::setPlayerIdentifierForVideoElement):
* Source/WebCore/html/HTMLMediaElement.h:
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::setPlayerIdentifierForVideoElement):
* Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h:
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
(WebCore::PlaybackSessionModelMediaElement::setPlayerIdentifierForVideoElement):
* Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.h:
* Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.mm:
(WebCore::PlaybackSessionInterfaceIOS::setVideoPresentationInterface):
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h:
* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm:
(WebCore::VideoPresentationInterfaceIOS::VideoPresentationInterfaceIOS):
(WebCore::VideoPresentationInterfaceIOS::enterExternalPlayback):
(WebCore::VideoPresentationInterfaceIOS::exitExternalPlayback):
* Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
* Source/WebKit/Platform/ios/PlaybackSessionInterfaceLMK.mm:
(-[WKLinearMediaPlayerDelegate linearMediaPlayerClearVideoReceiverEndpoint:]):
(WebKit::PlaybackSessionInterfaceLMK::supportsLinearMediaPlayerChanged):
* Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.h:
* Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm:
(WebKit::VideoPresentationInterfaceLMK::enterExternalPlayback):
(WebKit::VideoPresentationInterfaceLMK::exitExternalPlayback):
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _enterExternalPlaybackForNowPlayingMediaSessionWithCompletionHandler:]):
(-[WKWebView _exitExternalPlaybackWithCompletionHandler:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionModelContext::setPlayerIdentifierForVideoElement):
(WebKit::PlaybackSessionManagerProxy::setPlayerIdentifierForVideoElement):
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::enterExternalPlaybackForNowPlayingMediaSession):
(WebKit::WebPageProxy::exitExternalPlayback):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setPlayerIdentifierForVideoElement):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaPlayer.swift:
(SwiftOnlyData.fullscreenSceneBehaviors):
(WKSLinearMediaPlayer.enterExternalPresentation(_:(any Error)?) -> Void:)):
(WKSLinearMediaPlayer.exitExternalPresentation(_:(any Error)?) -> Void:)):
(WKSLinearMediaPlayer.enterFullscreen(_:(any Error)?) -> Void:)):
(WKSLinearMediaPlayer.exitFullscreen(_:(any Error)?) -> Void:)):
(WKSLinearMediaPlayer.presentationStateChanged(_:)):
(WKSLinearMediaPlayer.fullscreenSceneBehaviorsPublisher):
(WKSLinearMediaPlayer.toggleInlineMode):
(WKSLinearMediaPlayer.willEnterFullscreen):
(WKSLinearMediaPlayer.willExitFullscreen):
* Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaTypes.swift:
(WKSLinearMediaPresentationState.description):
* Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaPlayer.h:
* Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaTypes.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::setPlayerIdentifierForVideoElement):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in:
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
(WebKit::PlaybackSessionManager::setPlayerIdentifierForVideoElement):
* Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h:
* Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm:
(WebKit::VideoPresentationManager::setPlayerIdentifierForVideoElement):

Canonical link: https://commits.webkit.org/290837@main
---
 Source/WebCore/html/HTMLMediaElement.cpp      | 18 +++++++
 Source/WebCore/html/HTMLMediaElement.h        |  1 +
 Source/WebCore/page/ChromeClient.h            |  1 +
 .../platform/cocoa/PlaybackSessionModel.h     |  1 +
 .../cocoa/PlaybackSessionModelMediaElement.h  |  1 +
 .../cocoa/PlaybackSessionModelMediaElement.mm | 10 ++++
 .../ios/PlaybackSessionInterfaceIOS.h         |  4 ++
 .../ios/PlaybackSessionInterfaceIOS.mm        |  5 ++
 .../ios/VideoPresentationInterfaceIOS.h       |  5 ++
 .../ios/VideoPresentationInterfaceIOS.mm      | 17 +++++++
 .../ios/WebVideoFullscreenControllerAVKit.mm  |  1 +
 .../ios/PlaybackSessionInterfaceLMK.mm        | 13 +++++
 .../ios/VideoPresentationInterfaceLMK.h       |  3 ++
 .../ios/VideoPresentationInterfaceLMK.mm      | 51 +++++++++++++++++++
 .../UIProcess/API/Cocoa/WKWebViewPrivate.h    |  3 ++
 .../WebKit/UIProcess/API/ios/WKWebViewIOS.mm  | 29 +++++++++++
 .../Cocoa/PlaybackSessionManagerProxy.h       |  2 +
 .../Cocoa/PlaybackSessionManagerProxy.mm      | 13 +++++
 .../UIProcess/Cocoa/WebPageProxyCocoa.mm      | 36 ++++++++++++-
 Source/WebKit/UIProcess/WebPageProxy.cpp      | 17 +++++++
 Source/WebKit/UIProcess/WebPageProxy.h        |  7 +++
 .../LinearMediaKit/LinearMediaPlayer.swift    | 49 +++++++++++++++---
 .../LinearMediaKit/LinearMediaTypes.swift     |  2 +
 .../LinearMediaKit/WKSLinearMediaPlayer.h     |  4 +-
 .../LinearMediaKit/WKSLinearMediaTypes.h      |  3 +-
 .../WebCoreSupport/WebChromeClient.cpp        |  5 ++
 .../WebCoreSupport/WebChromeClient.h          |  3 +-
 .../WebProcess/cocoa/PlaybackSessionManager.h |  1 +
 .../cocoa/PlaybackSessionManager.messages.in  |  1 +
 .../cocoa/PlaybackSessionManager.mm           |  5 ++
 .../cocoa/VideoPresentationManager.h          |  1 +
 .../cocoa/VideoPresentationManager.mm         | 14 +++++
 .../LinearMediaKit.tbd                        |  4 ++
 .../LinearMediaKit.tbd                        |  4 ++
 34 files changed, 324 insertions(+), 10 deletions(-)

diff --git a/Source/WebCore/html/HTMLMediaElement.cpp b/Source/WebCore/html/HTMLMediaElement.cpp
index fe25a59430a7c..153c5a6b58427 100644
--- a/Source/WebCore/html/HTMLMediaElement.cpp
+++ b/Source/WebCore/html/HTMLMediaElement.cpp
@@ -7295,6 +7295,24 @@ bool HTMLMediaElement::videoUsesElementFullscreen() const
     return false;
 }
 
+void HTMLMediaElement::setPlayerIdentifierForVideoElement()
+{
+    ALWAYS_LOG(LOGIDENTIFIER);
+
+    RefPtr page = document().page();
+    if (!page || page->mediaPlaybackIsSuspended())
+        return;
+
+    RefPtr window = document().domWindow();
+    if (!window)
+        return;
+
+    if (RefPtr asVideo = dynamicDowncast<HTMLVideoElement>(*this)) {
+        auto& client = document().page()->chrome().client();
+        client.setPlayerIdentifierForVideoElement(*asVideo);
+    }
+}
+
 void HTMLMediaElement::enterFullscreen(VideoFullscreenMode mode)
 {
     ALWAYS_LOG(LOGIDENTIFIER, ", m_videoFullscreenMode = ", m_videoFullscreenMode, ", mode = ", mode);
diff --git a/Source/WebCore/html/HTMLMediaElement.h b/Source/WebCore/html/HTMLMediaElement.h
index bab869cfc1bf0..533867ff00255 100644
--- a/Source/WebCore/html/HTMLMediaElement.h
+++ b/Source/WebCore/html/HTMLMediaElement.h
@@ -512,6 +512,7 @@ class HTMLMediaElement
     VideoFullscreenMode fullscreenMode() const { return m_videoFullscreenMode; }
 
     void enterFullscreen(VideoFullscreenMode);
+    WEBCORE_EXPORT void setPlayerIdentifierForVideoElement();
     WEBCORE_EXPORT void enterFullscreen() override;
     WEBCORE_EXPORT void exitFullscreen();
     WEBCORE_EXPORT void prepareForVideoFullscreenStandby();
diff --git a/Source/WebCore/page/ChromeClient.h b/Source/WebCore/page/ChromeClient.h
index 4b2105d320fd2..3f5437b1e5dc6 100644
--- a/Source/WebCore/page/ChromeClient.h
+++ b/Source/WebCore/page/ChromeClient.h
@@ -472,6 +472,7 @@ class ChromeClient {
 #endif
 
 #if ENABLE(VIDEO)
+    virtual void setPlayerIdentifierForVideoElement(HTMLVideoElement&) { }
     virtual void enterVideoFullscreenForVideoElement(HTMLVideoElement&, HTMLMediaElementEnums::VideoFullscreenMode, bool standby) { UNUSED_PARAM(standby); }
     virtual void setUpPlaybackControlsManager(HTMLMediaElement&) { }
     virtual void clearPlaybackControlsManager() { }
diff --git a/Source/WebCore/platform/cocoa/PlaybackSessionModel.h b/Source/WebCore/platform/cocoa/PlaybackSessionModel.h
index 7b443bff0ce25..f4d7ed8578256 100644
--- a/Source/WebCore/platform/cocoa/PlaybackSessionModel.h
+++ b/Source/WebCore/platform/cocoa/PlaybackSessionModel.h
@@ -90,6 +90,7 @@ class PlaybackSessionModel : public CanMakeWeakPtr<PlaybackSessionModel> {
     virtual void togglePictureInPicture() = 0;
     virtual void enterInWindowFullscreen() = 0;
     virtual void exitInWindowFullscreen() = 0;
+    virtual void setPlayerIdentifierForVideoElement() = 0;
     virtual void enterFullscreen() = 0;
     virtual void exitFullscreen() = 0;
     virtual void toggleMuted() = 0;
diff --git a/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h b/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h
index 24c107f0d091f..0da74b3fa8df0 100644
--- a/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h
+++ b/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.h
@@ -93,6 +93,7 @@ class PlaybackSessionModelMediaElement final
     WEBCORE_EXPORT void enterInWindowFullscreen() final;
     WEBCORE_EXPORT void exitInWindowFullscreen() final;
     WEBCORE_EXPORT void enterFullscreen() final;
+    WEBCORE_EXPORT void setPlayerIdentifierForVideoElement() final;
     WEBCORE_EXPORT void exitFullscreen() final;
     WEBCORE_EXPORT void toggleMuted() final;
     WEBCORE_EXPORT void setMuted(bool) final;
diff --git a/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm b/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
index 0250af5da8d78..7eca562c2135c 100644
--- a/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
+++ b/Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
@@ -423,6 +423,16 @@
     element->enterFullscreenIgnoringPermissionsPolicy();
 }
 
+void PlaybackSessionModelMediaElement::setPlayerIdentifierForVideoElement()
+{
+    RefPtr element = dynamicDowncast<HTMLVideoElement>(m_mediaElement);
+    ASSERT(element);
+    if (!element)
+        return;
+
+    element->setPlayerIdentifierForVideoElement();
+}
+
 void PlaybackSessionModelMediaElement::exitFullscreen()
 {
     RefPtr element = dynamicDowncast<HTMLVideoElement>(m_mediaElement);
diff --git a/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.h b/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.h
index 497258a40c890..26ea40e954868 100644
--- a/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.h
+++ b/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.h
@@ -49,6 +49,7 @@ namespace WebCore {
 
 class IntRect;
 class PlaybackSessionModel;
+class VideoPresentationInterfaceIOS;
 class WebPlaybackSessionChangeObserver;
 
 class WEBCORE_EXPORT PlaybackSessionInterfaceIOS
@@ -81,6 +82,7 @@ class WEBCORE_EXPORT PlaybackSessionInterfaceIOS
 
     std::optional<MediaPlayerIdentifier> playerIdentifier() const;
     void setPlayerIdentifier(std::optional<MediaPlayerIdentifier>);
+    void setVideoPresentationInterface(WeakPtr<VideoPresentationInterfaceIOS>);
 
     virtual void startObservingNowPlayingMetadata();
     virtual void stopObservingNowPlayingMetadata();
@@ -108,6 +110,8 @@ class WEBCORE_EXPORT PlaybackSessionInterfaceIOS
     void incrementCheckedPtrCount() const final;
     void decrementCheckedPtrCount() const final;
 
+    WeakPtr<VideoPresentationInterfaceIOS> m_videoPresentationInterface;
+
 private:
     std::optional<MediaPlayerIdentifier> m_playerIdentifier;
 #if HAVE(SPATIAL_TRACKING_LABEL)
diff --git a/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.mm b/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.mm
index b5aef863baf96..03e6438f201ce 100644
--- a/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.mm
+++ b/Source/WebCore/platform/ios/PlaybackSessionInterfaceIOS.mm
@@ -108,6 +108,11 @@
     m_playerIdentifier = WTFMove(identifier);
 }
 
+void PlaybackSessionInterfaceIOS::setVideoPresentationInterface(WeakPtr<VideoPresentationInterfaceIOS> videoPresentationInterface)
+{
+    m_videoPresentationInterface = WTFMove(videoPresentationInterface);
+}
+
 void PlaybackSessionInterfaceIOS::startObservingNowPlayingMetadata()
 {
 }
diff --git a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h
index a5363b3dbb5af..e6900a3c13f82 100644
--- a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h
+++ b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.h
@@ -71,6 +71,8 @@ class VideoPresentationInterfaceIOS
     WTF_MAKE_TZONE_ALLOCATED_EXPORT(VideoPresentationInterfaceIOS, WEBCORE_EXPORT);
     WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(VideoPresentationInterfaceIOS);
 public:
+    USING_CAN_MAKE_WEAKPTR(VideoPresentationModelClient);
+
     WEBCORE_EXPORT ~VideoPresentationInterfaceIOS();
 
     // CheckedPtr interface
@@ -103,6 +105,8 @@ class VideoPresentationInterfaceIOS
     WEBCORE_EXPORT void preparedToReturnToStandby();
     bool changingStandbyOnly() { return m_changingStandbyOnly; }
     WEBCORE_EXPORT void failedToRestoreFullscreen();
+    WEBCORE_EXPORT virtual void enterExternalPlayback(CompletionHandler<void(bool, UIViewController *)>&&);
+    WEBCORE_EXPORT virtual void exitExternalPlayback(CompletionHandler<void(bool)>&&);
 
     enum class ExitFullScreenReason {
         DoneButtonTapped,
@@ -218,6 +222,7 @@ class VideoPresentationInterfaceIOS
     virtual void updateRouteSharingPolicy() = 0;
     virtual void setupPlayerViewController() = 0;
     virtual void invalidatePlayerViewController() = 0;
+    virtual bool cleanupExternalPlayback() { return false; }
     virtual UIViewController *playerViewController() const = 0;
     WEBCORE_EXPORT void doSetup();
 
diff --git a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
index 8517a53859c37..47e060079efdf 100644
--- a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
+++ b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
@@ -121,6 +121,7 @@ @interface UIViewController ()
     : m_watchdogTimer(RunLoop::main(), this, &VideoPresentationInterfaceIOS::watchdogTimerFired)
     , m_playbackSessionInterface(playbackSessionInterface)
 {
+    m_playbackSessionInterface->setVideoPresentationInterface(this);
 }
 
 VideoPresentationInterfaceIOS::~VideoPresentationInterfaceIOS()
@@ -369,6 +370,16 @@ @interface UIViewController ()
     [playerLayerView() setHidden:enabled];
 }
 
+void VideoPresentationInterfaceIOS::enterExternalPlayback(CompletionHandler<void(bool, UIViewController *)>&& completionHandler)
+{
+    completionHandler(false, nil);
+}
+
+void VideoPresentationInterfaceIOS::exitExternalPlayback(CompletionHandler<void(bool)>&& completionHandler)
+{
+    completionHandler(false);
+}
+
 void VideoPresentationInterfaceIOS::setInlineRect(const FloatRect& inlineRect, bool visible)
 {
     m_inlineRect = inlineRect;
@@ -583,6 +594,12 @@ @interface UIViewController ()
 void VideoPresentationInterfaceIOS::cleanupFullscreen()
 {
     LOG(Fullscreen, "VideoPresentationInterfaceIOS::cleanupFullscreen(%p)", this);
+
+    if (this->cleanupExternalPlayback()) {
+        ASSERT(m_currentMode == HTMLMediaElementEnums::VideoFullscreenModeNone);
+        return;
+    }
+
     m_shouldIgnoreAVKitCallbackAboutExitFullscreenReason = false;
 
     m_cleanupNeedsReturnVideoContentLayer = true;
diff --git a/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm b/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
index 3437ae9a0a5e9..c424bb38ad6f8 100644
--- a/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
+++ b/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
@@ -175,6 +175,7 @@ void togglePictureInPicture() override { }
     void enterInWindowFullscreen() override { }
     void exitInWindowFullscreen() override { }
     void enterFullscreen() override { }
+    void setPlayerIdentifierForVideoElement() final { }
     void toggleMuted() override;
     void setMuted(bool) final;
     void setVolume(double) final;
diff --git a/Source/WebKit/Platform/ios/PlaybackSessionInterfaceLMK.mm b/Source/WebKit/Platform/ios/PlaybackSessionInterfaceLMK.mm
index 1212db3d6fd78..8bd4dd0c45b2c 100644
--- a/Source/WebKit/Platform/ios/PlaybackSessionInterfaceLMK.mm
+++ b/Source/WebKit/Platform/ios/PlaybackSessionInterfaceLMK.mm
@@ -28,6 +28,7 @@
 
 #if ENABLE(LINEAR_MEDIA_PLAYER)
 
+#import "VideoPresentationInterfaceLMK.h"
 #import "WKSLinearMediaPlayer.h"
 #import "WKSLinearMediaTypes.h"
 #import <WebCore/MediaSelectionOption.h>
@@ -215,6 +216,12 @@ - (void)linearMediaPlayer:(WKSLinearMediaPlayer *)player setVideoReceiverEndpoin
         model->setVideoReceiverEndpoint(videoReceiverEndpoint);
 }
 
+- (void)linearMediaPlayerClearVideoReceiverEndpoint:(WKSLinearMediaPlayer *)player
+{
+    if (auto model = _model.get())
+        model->setVideoReceiverEndpoint(nullptr);
+}
+
 @end
 
 namespace WebKit {
@@ -358,6 +365,12 @@ - (void)linearMediaPlayer:(WKSLinearMediaPlayer *)player setVideoReceiverEndpoin
         if (m_playbackSessionModel)
             m_playbackSessionModel->exitFullscreen();
         break;
+    case WKSLinearMediaPresentationStateExternal:
+        // If the player is in external presentation (which uses LinearMediaPlayer) but the current
+        // media engine does not support it, exit external presentation.
+        if (RefPtr videoPresentationInterface = m_videoPresentationInterface.get())
+            videoPresentationInterface->exitExternalPlayback([](bool) { });
+        break;
     case WKSLinearMediaPresentationStateInline:
     case WKSLinearMediaPresentationStateExitingFullscreen:
         break;
diff --git a/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.h b/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.h
index 6fe2a5ea246d4..601ffcc528fe0 100644
--- a/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.h
+++ b/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.h
@@ -65,6 +65,8 @@ class VideoPresentationInterfaceLMK final : public WebCore::VideoPresentationInt
     void setupPlayerViewController() final;
     void invalidatePlayerViewController() final;
     UIViewController *playerViewController() const final;
+    void enterExternalPlayback(CompletionHandler<void(bool, UIViewController *)> &&) final;
+    void exitExternalPlayback(CompletionHandler<void(bool)>&&) final;
     void tryToStartPictureInPicture() final { }
     void stopPictureInPicture() final { }
     void presentFullscreen(bool animated, Function<void(BOOL, NSError *)>&&) final;
@@ -73,6 +75,7 @@ class VideoPresentationInterfaceLMK final : public WebCore::VideoPresentationInt
     void setContentDimensions(const WebCore::FloatSize&) final;
     void setAllowsPictureInPicturePlayback(bool) final { }
     bool isExternalPlaybackActive() const final { return false; }
+    bool cleanupExternalPlayback() final;
     bool willRenderToLayer() const final { return false; }
     AVPlayerViewController *avPlayerViewController() const final { return nullptr; }
     CALayer *captionsLayer() final;
diff --git a/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm b/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
index aff5807adc1d6..caa59754eeb10 100644
--- a/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
+++ b/Source/WebKit/Platform/ios/VideoPresentationInterfaceLMK.mm
@@ -156,6 +156,57 @@ - (void)layoutSublayers
     }).get()];
 }
 
+void VideoPresentationInterfaceLMK::enterExternalPlayback(CompletionHandler<void(bool, UIViewController *)>&& completionHandler)
+{
+    ALWAYS_LOG_IF_POSSIBLE(LOGIDENTIFIER);
+
+    if (linearMediaPlayer().presentationState != WKSLinearMediaPresentationStateInline) {
+        completionHandler(false, nil);
+        return;
+    }
+    setupPlayerViewController();
+
+    playbackSessionInterface().startObservingNowPlayingMetadata();
+    [linearMediaPlayer() enterExternalPresentationWithCompletionHandler:makeBlockPtr([this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable {
+        if (auto* playbackSessionModel = this->playbackSessionModel()) {
+            playbackSessionModel->setSpatialTrackingLabel(m_spatialTrackingLabel);
+            playbackSessionModel->setSoundStageSize(WebCore::AudioSessionSoundStageSize::Large);
+        }
+        completionHandler(success, m_playerViewController.get());
+    }).get()];
+}
+
+void VideoPresentationInterfaceLMK::exitExternalPlayback(CompletionHandler<void(bool)>&& completionHandler)
+{
+    ALWAYS_LOG_IF_POSSIBLE(LOGIDENTIFIER);
+
+    if (linearMediaPlayer().presentationState != WKSLinearMediaPresentationStateExternal) {
+        completionHandler(false);
+        return;
+    }
+
+    playbackSessionInterface().stopObservingNowPlayingMetadata();
+    [linearMediaPlayer() exitExternalPresentationWithCompletionHandler:makeBlockPtr([this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] (BOOL success, NSError *error) mutable {
+        if (auto* playbackSessionModel = this->playbackSessionModel()) {
+            playbackSessionModel->setSpatialTrackingLabel(nullString());
+            playbackSessionModel->setSoundStageSize(WebCore::AudioSessionSoundStageSize::Automatic);
+        }
+        invalidatePlayerViewController();
+        completionHandler(success);
+    }).get()];
+}
+
+bool VideoPresentationInterfaceLMK::cleanupExternalPlayback()
+{
+    if (linearMediaPlayer().presentationState != WKSLinearMediaPresentationStateExternal)
+        return false;
+
+    ALWAYS_LOG_IF_POSSIBLE(LOGIDENTIFIER);
+
+    exitExternalPlayback([](bool) { });
+    return true;
+}
+
 UIViewController *VideoPresentationInterfaceLMK::playerViewController() const
 {
     return m_playerViewController.get();
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
index fb3900d838d77..1250f7ecf0faf 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
@@ -760,6 +760,9 @@ typedef NS_OPTIONS(NSUInteger, _WKWebViewDataType) {
 #if TARGET_OS_VISION
 @interface WKWebView (WKPrivateVision)
 @property (copy, setter=_setDefaultSTSLabel:) NSString *_defaultSTSLabel;
+
+- (void)_enterExternalPlaybackForNowPlayingMediaSessionWithCompletionHandler:(void (^)(UIViewController *nowPlayingViewController, NSError *error))completionHandler WK_API_AVAILABLE(visionos(WK_XROS_TBA));
+- (void)_exitExternalPlaybackWithCompletionHandler:(void (^)(NSError *error))completionHandler WK_API_AVAILABLE(visionos(WK_XROS_TBA));
 @end
 #endif
 
diff --git a/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm b/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
index 8a2efd8678929..28f546f015e41 100644
--- a/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
+++ b/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
@@ -47,6 +47,7 @@
 #import "WKBackForwardListItemInternal.h"
 #import "WKContentViewInteraction.h"
 #import "WKDataDetectorTypesInternal.h"
+#import "WKErrorInternal.h"
 #import "WKPasswordView.h"
 #import "WKProcessPoolPrivate.h"
 #import "WKScrollView.h"
@@ -4942,6 +4943,34 @@ - (void)_setDefaultSTSLabel:(NSString *)defaultSTSLabel
 {
     _page->setDefaultSpatialTrackingLabel(defaultSTSLabel);
 }
+
+- (void)_enterExternalPlaybackForNowPlayingMediaSessionWithCompletionHandler:(void(^)(UIViewController *, NSError *))completionHandler
+{
+    if (!_page) {
+        completionHandler(nil, [NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
+        return;
+    }
+
+    _page->setPlayerIdentifierForVideoElement();
+    _page->enterExternalPlaybackForNowPlayingMediaSession([handler = makeBlockPtr(completionHandler)](bool entered, UIViewController *viewController) {
+        if (entered)
+            handler(viewController, nil);
+        else
+            handler(nil, createNSError(WKErrorUnknown).get());
+    });
+}
+
+- (void)_exitExternalPlaybackWithCompletionHandler:(void (^)(NSError *error))completionHandler
+{
+    if (!_page) {
+        completionHandler([NSError errorWithDomain:WKErrorDomain code:WKErrorUnknown userInfo:nil]);
+        return;
+    }
+
+    _page->exitExternalPlayback([handler = makeBlockPtr(completionHandler)](bool success) {
+        handler(success ? nil : createNSError(WKErrorUnknown).get());
+    });
+}
 @end
 #endif
 
diff --git a/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h b/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
index 9ffc8ae47e4ab..0a30f69f6254e 100644
--- a/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
+++ b/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
@@ -131,6 +131,7 @@ class PlaybackSessionModelContext final
     void enterInWindowFullscreen() final;
     void exitInWindowFullscreen() final;
     void enterFullscreen() final;
+    void setPlayerIdentifierForVideoElement() final;
     void exitFullscreen() final;
     void toggleMuted() final;
     void setMuted(bool) final;
@@ -320,6 +321,7 @@ class PlaybackSessionManagerProxy
     void selectLegibleMediaOption(PlaybackSessionContextIdentifier, uint64_t index);
     void togglePictureInPicture(PlaybackSessionContextIdentifier);
     void enterFullscreen(PlaybackSessionContextIdentifier);
+    void setPlayerIdentifierForVideoElement(PlaybackSessionContextIdentifier);
     void exitFullscreen(PlaybackSessionContextIdentifier);
     void enterInWindow(PlaybackSessionContextIdentifier);
     void exitInWindow(PlaybackSessionContextIdentifier);
diff --git a/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm b/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
index b94f1e81e5453..ebd5650780b54 100644
--- a/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
+++ b/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
@@ -256,6 +256,13 @@
         manager->enterFullscreen(m_contextId);
 }
 
+void PlaybackSessionModelContext::setPlayerIdentifierForVideoElement()
+{
+    ALWAYS_LOG_IF_POSSIBLE(LOGIDENTIFIER);
+    if (RefPtr manager = m_manager.get())
+        manager->setPlayerIdentifierForVideoElement(m_contextId);
+}
+
 void PlaybackSessionModelContext::exitFullscreen()
 {
     ALWAYS_LOG_IF_POSSIBLE(LOGIDENTIFIER);
@@ -915,6 +922,12 @@
         page->protectedLegacyMainFrameProcess()->send(Messages::PlaybackSessionManager::EnterFullscreen(contextId), page->webPageIDInMainFrameProcess());
 }
 
+void PlaybackSessionManagerProxy::setPlayerIdentifierForVideoElement(PlaybackSessionContextIdentifier contextId)
+{
+    if (RefPtr page = m_page.get())
+        page->protectedLegacyMainFrameProcess()->send(Messages::PlaybackSessionManager::SetPlayerIdentifierForVideoElement(contextId), page->webPageIDInMainFrameProcess());
+}
+
 void PlaybackSessionManagerProxy::exitFullscreen(PlaybackSessionContextIdentifier contextId)
 {
     if (RefPtr page = m_page.get())
diff --git a/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
index f82370a7b2ec9..c0c9d8098ce76 100644
--- a/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
+++ b/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
@@ -86,6 +86,7 @@
 #import <WebCore/TextAlternativeWithRange.h>
 #import <WebCore/TextAnimationTypes.h>
 #import <WebCore/ValidationBubble.h>
+#import <WebCore/VideoPresentationInterfaceIOS.h>
 #import <pal/spi/cocoa/LaunchServicesSPI.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
 #import <pal/spi/ios/BrowserEngineKitSPI.h>
@@ -632,6 +633,40 @@ static bool exceedsRenderTreeSizeSizeThreshold(uint64_t thresholdSize, uint64_t
 }
 #endif
 
+#if PLATFORM(VISION)
+void WebPageProxy::enterExternalPlaybackForNowPlayingMediaSession(CompletionHandler<void(bool, UIViewController *)>&& completionHandler)
+{
+    if (!m_videoPresentationManager) {
+        completionHandler(false, nil);
+        return;
+    }
+
+    RefPtr videoPresentationInterface = m_videoPresentationManager->controlsManagerInterface();
+    if (!videoPresentationInterface) {
+        completionHandler(false, nil);
+        return;
+    }
+
+    videoPresentationInterface->enterExternalPlayback(WTFMove(completionHandler));
+}
+
+void WebPageProxy::exitExternalPlayback(CompletionHandler<void(bool)>&& completionHandler)
+{
+    if (!m_videoPresentationManager) {
+        completionHandler(false);
+        return;
+    }
+
+    RefPtr videoPresentationInterface = m_videoPresentationManager->controlsManagerInterface();
+    if (!videoPresentationInterface) {
+        completionHandler(false);
+        return;
+    }
+
+    videoPresentationInterface->exitExternalPlayback(WTFMove(completionHandler));
+}
+#endif
+
 #if ENABLE(VIDEO_PRESENTATION_MODE)
 
 void WebPageProxy::didChangePlaybackRate(PlaybackSessionContextIdentifier identifier)
@@ -695,7 +730,6 @@ static bool exceedsRenderTreeSizeSizeThreshold(uint64_t thresholdSize, uint64_t
 #endif
     });
 }
-
 #endif // ENABLE(VIDEO_PRESENTATION_MODE)
 
 #if HAVE(QUICKLOOK_THUMBNAILING)
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 92648c01bfce9..e31ed810cb6dd 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -8562,6 +8562,23 @@ void WebPageProxy::enterFullscreen()
     playbackSessionModel->enterFullscreen();
 }
 
+void WebPageProxy::setPlayerIdentifierForVideoElement()
+{
+    RefPtr playbackSessionManager = m_playbackSessionManager;
+    if (!playbackSessionManager)
+        return;
+
+    RefPtr controlsManagerInterface = playbackSessionManager->controlsManagerInterface();
+    if (!controlsManagerInterface)
+        return;
+
+    CheckedPtr playbackSessionModel = controlsManagerInterface->playbackSessionModel();
+    if (!playbackSessionModel)
+        return;
+
+    playbackSessionModel->setPlayerIdentifierForVideoElement();
+}
+
 void WebPageProxy::didEnterFullscreen(PlaybackSessionContextIdentifier identifier)
 {
     if (RefPtr pageClient = this->pageClient())
diff --git a/Source/WebKit/UIProcess/WebPageProxy.h b/Source/WebKit/UIProcess/WebPageProxy.h
index deb82e0de6d58..ededc67599999 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.h
+++ b/Source/WebKit/UIProcess/WebPageProxy.h
@@ -398,6 +398,7 @@ OBJC_CLASS WKQLThumbnailLoadOperation;
 OBJC_CLASS WKQuickLookPreviewController;
 OBJC_CLASS WKWebView;
 OBJC_CLASS _WKRemoteObjectRegistry;
+OBJC_CLASS UIViewController;
 
 struct WKPageInjectedBundleClientBase;
 struct wpe_view_backend;
@@ -2295,7 +2296,13 @@ class WebPageProxy final : public API::ObjectImpl<API::Object::Type::Page>, publ
     void removeMediaUsageManagerSession(WebCore::MediaSessionIdentifier);
 #endif
 
+#if PLATFORM(VISION)
+    void enterExternalPlaybackForNowPlayingMediaSession(CompletionHandler<void(bool, UIViewController *)>&&);
+    void exitExternalPlayback(CompletionHandler<void(bool)>&&);
+#endif
+
 #if ENABLE(VIDEO_PRESENTATION_MODE)
+    void setPlayerIdentifierForVideoElement();
     bool canEnterFullscreen();
     void enterFullscreen();
 
diff --git a/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaPlayer.swift b/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaPlayer.swift
index d2400c8ef43fc..e843d62ff09ad 100644
--- a/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaPlayer.swift
+++ b/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaPlayer.swift
@@ -49,6 +49,9 @@ private class SwiftOnlyData: NSObject {
     @Published var presentationMode: PresentationMode = .inline
     @Published var presentationState: WKSLinearMediaPresentationState = .inline
 
+    // FIXME: Publish fullscreenSceneBehaviors once rdar://122435030 is resolved
+    var fullscreenBehaviorsSubject = CurrentValueSubject<[FullscreenBehaviors], Never>(FullscreenBehaviors.default)
+
     // Will be set to true if we entered via Docking Environment button (inline) or false otherwise.
     var enteredFromInline = false
 
@@ -117,7 +120,6 @@ enum LinearMediaPlayerErrors: Error {
     var allowFullScreenFromInline = true
     var isLiveStream = false
     var recommendedViewingRatio: NSNumber?
-    var fullscreenSceneBehaviors: WKSLinearMediaFullscreenBehaviors = []
     var startTime: Double = .nan
     var endTime: Double = .nan
     var spatialImmersive = false
@@ -193,6 +195,37 @@ enum LinearMediaPlayerErrors: Error {
         viewController.prefersAutoDimming = true
         return viewController
     }
+    
+    func enterExternalPresentation(completionHandler: @escaping (Bool, (any Error)?) -> Void) {
+        Logger.linearMediaPlayer.log("\(#function)")
+
+        switch presentationState {
+        case .enteringFullscreen, .exitingFullscreen, .fullscreen, .external:
+            completionHandler(false, LinearMediaPlayerErrors.invalidStateError)
+        case .inline:
+            swiftOnlyData.presentationState = .external
+            swiftOnlyData.fullscreenBehaviorsSubject.send([ .hostContentInline ])
+            completionHandler(true, nil)
+        @unknown default:
+            fatalError()
+        }
+    }
+    
+    func exitExternalPresentation(completionHandler: @escaping (Bool, (any Error)?) -> Void) {
+        Logger.linearMediaPlayer.log("\(#function)")
+
+        switch presentationState {
+        case .enteringFullscreen, .exitingFullscreen, .fullscreen, .inline:
+            completionHandler(false, LinearMediaPlayerErrors.invalidStateError)
+        case .external:
+            delegate?.linearMediaPlayerClearVideoReceiverEndpoint?(self)
+            swiftOnlyData.presentationState = .inline
+            swiftOnlyData.fullscreenBehaviorsSubject.send(FullscreenBehaviors.default)
+            completionHandler(true, nil)
+        @unknown default:
+            fatalError()
+        }
+    }
 
     func enterFullscreen(completionHandler: @escaping (Bool, (any Error)?) -> Void) {
         Logger.linearMediaPlayer.log("\(#function)")
@@ -211,6 +244,8 @@ enum LinearMediaPlayerErrors: Error {
             swiftOnlyData.presentationState = .fullscreen
         case .fullscreen:
             completionHandler(true, nil)
+        case .external:
+            completionHandler(false, LinearMediaPlayerErrors.invalidStateError)
         @unknown default:
             fatalError()
         }
@@ -231,6 +266,8 @@ enum LinearMediaPlayerErrors: Error {
             swiftOnlyData.presentationState = .inline
         case .inline:
             completionHandler(true, nil)
+        case .external:
+            completionHandler(false, LinearMediaPlayerErrors.invalidStateError)
         @unknown default:
             fatalError()
         }
@@ -246,7 +283,7 @@ extension WKSLinearMediaPlayer {
             swiftOnlyData.presentationMode = .inline
         case .enteringFullscreen:
             delegate?.linearMediaPlayerEnterFullscreen?(self)
-        case .fullscreen:
+        case .fullscreen, .external:
             swiftOnlyData.presentationMode = .fullscreenFromInline
         case .exitingFullscreen:
             delegate?.linearMediaPlayerExitFullscreen?(self)
@@ -538,7 +575,7 @@ extension WKSLinearMediaPlayer: @retroactive Playable {
 
     public var fullscreenSceneBehaviorsPublisher: AnyPublisher<[FullscreenBehaviors], Never> {
         // FIXME: Publish fullscreenSceneBehaviors once rdar://122435030 is resolved
-        Just(FullscreenBehaviors.default).eraseToAnyPublisher()
+        swiftOnlyData.fullscreenBehaviorsSubject.eraseToAnyPublisher()
     }
 
     public func updateRenderingConfiguration(_ config: RenderingConfiguration) {
@@ -649,7 +686,7 @@ extension WKSLinearMediaPlayer: @retroactive Playable {
             swiftOnlyData.presentationState = .enteringFullscreen
         case .fullscreen:
             swiftOnlyData.presentationState = .exitingFullscreen
-        case .enteringFullscreen, .exitingFullscreen:
+        case .enteringFullscreen, .exitingFullscreen, .external:
             break
         @unknown default:
             fatalError()
@@ -663,7 +700,7 @@ extension WKSLinearMediaPlayer: @retroactive Playable {
         case .inline:
             swiftOnlyData.enteredFromInline = true
             swiftOnlyData.presentationState = .enteringFullscreen
-        case .enteringFullscreen, .exitingFullscreen, .fullscreen:
+        case .enteringFullscreen, .exitingFullscreen, .fullscreen, .external:
             break
         @unknown default:
             fatalError()
@@ -690,7 +727,7 @@ extension WKSLinearMediaPlayer: @retroactive Playable {
         switch presentationState {
         case .fullscreen:
             swiftOnlyData.presentationState = .exitingFullscreen
-        case .inline, .enteringFullscreen, .exitingFullscreen:
+        case .inline, .enteringFullscreen, .exitingFullscreen, .external:
             break
         @unknown default:
             fatalError()
diff --git a/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaTypes.swift b/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaTypes.swift
index 758eb4bd61f07..af600d305e9a9 100644
--- a/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaTypes.swift
+++ b/Source/WebKit/WebKitSwift/LinearMediaKit/LinearMediaTypes.swift
@@ -149,6 +149,8 @@ extension WKSLinearMediaPresentationState: CustomStringConvertible {
             return "fullscreen"
         case .exitingFullscreen:
             return "exitingFullscreen"
+        case .external:
+            return "external"
         @unknown default:
             fatalError()
         }
diff --git a/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaPlayer.h b/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaPlayer.h
index b37d7a8b1cca8..4f7dd291e4bc2 100644
--- a/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaPlayer.h
+++ b/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaPlayer.h
@@ -95,6 +95,7 @@ API_AVAILABLE(visionos(1.0))
 - (void)linearMediaPlayer:(WKSLinearMediaPlayer *)player setThumbnailSize:(CGSize)size;
 - (void)linearMediaPlayer:(WKSLinearMediaPlayer *)player seekThumbnailToTime:(NSTimeInterval)time;
 - (void)linearMediaPlayer:(WKSLinearMediaPlayer *)player setVideoReceiverEndpoint:(xpc_object_t)videoReceiverEndpoint;
+- (void)linearMediaPlayerClearVideoReceiverEndpoint:(WKSLinearMediaPlayer *)player;
 @end
 
 API_AVAILABLE(visionos(1.0))
@@ -152,7 +153,6 @@ API_AVAILABLE(visionos(1.0))
 @property (nonatomic) BOOL allowFullScreenFromInline;
 @property (nonatomic) BOOL isLiveStream;
 @property (nonatomic, strong, nullable) NSNumber *recommendedViewingRatio;
-@property (nonatomic) WKSLinearMediaFullscreenBehaviors fullscreenSceneBehaviors;
 @property (nonatomic) double startTime;
 @property (nonatomic) double endTime;
 @property (nonatomic, strong, nullable) NSDate *startDate;
@@ -165,6 +165,8 @@ API_AVAILABLE(visionos(1.0))
 - (LMPlayableViewController *)makeViewController;
 - (void)enterFullscreenWithCompletionHandler:(void (^)(BOOL, NSError * _Nullable))completionHandler;
 - (void)exitFullscreenWithCompletionHandler:(void (^)(BOOL, NSError * _Nullable))completionHandler;
+- (void)enterExternalPresentationWithCompletionHandler:(void (^)(BOOL, NSError * _Nullable))completionHandler;
+- (void)exitExternalPresentationWithCompletionHandler:(void (^)(BOOL, NSError * _Nullable))completionHandler;
 @end
 
 NS_ASSUME_NONNULL_END
diff --git a/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaTypes.h b/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaTypes.h
index a2c79e7f25bae..719070abaff8d 100644
--- a/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaTypes.h
+++ b/Source/WebKit/WebKitSwift/LinearMediaKit/WKSLinearMediaTypes.h
@@ -48,7 +48,8 @@ typedef NS_ENUM(NSInteger, WKSLinearMediaPresentationState) {
     WKSLinearMediaPresentationStateInline = 0,
     WKSLinearMediaPresentationStateEnteringFullscreen,
     WKSLinearMediaPresentationStateFullscreen,
-    WKSLinearMediaPresentationStateExitingFullscreen
+    WKSLinearMediaPresentationStateExitingFullscreen,
+    WKSLinearMediaPresentationStateExternal
 };
 
 typedef NS_ENUM(NSInteger, WKSLinearMediaViewingMode) {
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
index 4951f5542891a..16f0f27a7e2b3 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
@@ -1264,6 +1264,11 @@ void WebChromeClient::enterVideoFullscreenForVideoElement(HTMLVideoElement& vide
     protectedPage()->videoPresentationManager().enterVideoFullscreenForVideoElement(videoElement, mode, standby);
 }
 
+void WebChromeClient::setPlayerIdentifierForVideoElement(HTMLVideoElement& videoElement)
+{
+    protectedPage()->videoPresentationManager().setPlayerIdentifierForVideoElement(videoElement);
+}
+
 void WebChromeClient::exitVideoFullscreenForVideoElement(HTMLVideoElement& videoElement, CompletionHandler<void(bool)>&& completionHandler)
 {
     protectedPage()->videoPresentationManager().exitVideoFullscreenForVideoElement(videoElement, WTFMove(completionHandler));
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
index 6f2c1b862320a..2d3795405f879 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
@@ -314,7 +314,8 @@ class WebChromeClient final : public WebCore::ChromeClient {
     bool supportsVideoFullscreen(WebCore::HTMLMediaElementEnums::VideoFullscreenMode) final;
     bool supportsVideoFullscreenStandby() final;
     void setMockVideoPresentationModeEnabled(bool) final;
-    void enterVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, WebCore::HTMLMediaElementEnums::VideoFullscreenMode, bool standby) final;
+    void enterVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, WebCore::HTMLMediaElementEnums::VideoFullscreenMode, bool) final;
+    void setPlayerIdentifierForVideoElement(WebCore::HTMLVideoElement&) final;
     void exitVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, WTF::CompletionHandler<void(bool)>&& = [](bool) { }) final;
     void setUpPlaybackControlsManager(WebCore::HTMLMediaElement&) final;
     void clearPlaybackControlsManager() final;
diff --git a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h
index 359ae90315280..0e55c8d39c102 100644
--- a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h
+++ b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.h
@@ -191,6 +191,7 @@ class PlaybackSessionManager : public RefCounted<PlaybackSessionManager>, privat
     void handleControlledElementIDRequest(PlaybackSessionContextIdentifier);
     void togglePictureInPicture(PlaybackSessionContextIdentifier);
     void enterFullscreen(PlaybackSessionContextIdentifier);
+    void setPlayerIdentifierForVideoElement(PlaybackSessionContextIdentifier);
     void exitFullscreen(PlaybackSessionContextIdentifier);
     void enterInWindow(PlaybackSessionContextIdentifier);
     void exitInWindow(PlaybackSessionContextIdentifier);
diff --git a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in
index 56b6b27f1f94a..0a406bb61c912 100644
--- a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in
+++ b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.messages.in
@@ -44,6 +44,7 @@ messages -> PlaybackSessionManager {
     HandleControlledElementIDRequest(WebKit::PlaybackSessionContextIdentifier contextId)
     TogglePictureInPicture(WebKit::PlaybackSessionContextIdentifier contextId)
     EnterFullscreen(WebKit::PlaybackSessionContextIdentifier contextId)
+    SetPlayerIdentifierForVideoElement(WebKit::PlaybackSessionContextIdentifier contextId)
     ExitFullscreen(WebKit::PlaybackSessionContextIdentifier contextId)
     EnterInWindow(WebKit::PlaybackSessionContextIdentifier contextId)
     ExitInWindow(WebKit::PlaybackSessionContextIdentifier contextId)
diff --git a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
index f1052f0b37e77..a3336e60e3cfc 100644
--- a/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
+++ b/Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
@@ -594,6 +594,11 @@
     ensureModel(contextId)->enterFullscreen();
 }
 
+void PlaybackSessionManager::setPlayerIdentifierForVideoElement(PlaybackSessionContextIdentifier contextId)
+{
+    ensureModel(contextId)->setPlayerIdentifierForVideoElement();
+}
+
 void PlaybackSessionManager::exitFullscreen(PlaybackSessionContextIdentifier contextId)
 {
     ensureModel(contextId)->exitFullscreen();
diff --git a/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h b/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h
index b646539cf960b..05ef0395a0c53 100644
--- a/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h
+++ b/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.h
@@ -157,6 +157,7 @@ class VideoPresentationManager
     bool supportsVideoFullscreen(WebCore::HTMLMediaElementEnums::VideoFullscreenMode) const;
     bool supportsVideoFullscreenStandby() const;
     void enterVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, WebCore::HTMLMediaElementEnums::VideoFullscreenMode, bool standby);
+    void setPlayerIdentifierForVideoElement(WebCore::HTMLVideoElement&);
     void exitVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, WTF::CompletionHandler<void(bool)>&& = [](bool) { });
     void exitVideoFullscreenToModeWithoutAnimation(WebCore::HTMLVideoElement&, WebCore::HTMLMediaElementEnums::VideoFullscreenMode);
     void setVideoFullscreenMode(WebCore::HTMLVideoElement&, WebCore::HTMLMediaElementEnums::VideoFullscreenMode);
diff --git a/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm b/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm
index b750b44a7cb0b..febf221ee5a83 100644
--- a/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm
+++ b/Source/WebKit/WebProcess/cocoa/VideoPresentationManager.mm
@@ -324,6 +324,20 @@ static FloatRect inlineVideoFrame(HTMLVideoElement& element)
     removeClientForContext(contextId);
 }
 
+void VideoPresentationManager::setPlayerIdentifierForVideoElement(HTMLVideoElement& videoElement)
+{
+    RefPtr player = videoElement.player();
+    if (!player)
+        return;
+
+    auto identifier = player->identifier();
+    if (!identifier)
+        return;
+
+    auto contextId = m_playbackSessionManager->contextIdForMediaElement(videoElement);
+    setPlayerIdentifier(contextId, identifier);
+}
+
 void VideoPresentationManager::swapFullscreenModes(WebCore::HTMLVideoElement& firstElement, WebCore::HTMLVideoElement& secondElement)
 {
     auto firstContextId = m_playbackSessionManager->contextIdForMediaElement(firstElement);
diff --git a/WebKitLibraries/SDKs/xros2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd b/WebKitLibraries/SDKs/xros2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
index 412fc57094508..7823e320e5124 100644
--- a/WebKitLibraries/SDKs/xros2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
+++ b/WebKitLibraries/SDKs/xros2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
@@ -19,6 +19,10 @@ exports:
                 _$s14LinearMediaKit15ContentMetadataV15displaySubtitleAC07DisplayG0Ovg, _$s14LinearMediaKit15ContentMetadataV15displaySubtitleAC07DisplayG0OvpMV,
                 _$s14LinearMediaKit15ContentMetadataVMa, _$s14LinearMediaKit15ContentMetadataVMn, _$s14LinearMediaKit16PresentationModeO20fullscreenFromInlineyA2CmFWC,
                 _$s14LinearMediaKit16PresentationModeO6inlineyA2CmFWC, _$s14LinearMediaKit16PresentationModeOMa, _$s14LinearMediaKit16PresentationModeOMn,
+                _$s14LinearMediaKit19FullscreenBehaviorsV11sceneResizeACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV17hostContentInlineACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV18sceneChromeOptionsACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV21sceneSizeRestrictionsACvgZ,
                 _$s14LinearMediaKit19FullscreenBehaviorsV7defaultSayACGvgZ, _$s14LinearMediaKit19FullscreenBehaviorsV8rawValueACSi_tcfC,
                 _$s14LinearMediaKit19FullscreenBehaviorsV8rawValueSivg, _$s14LinearMediaKit19FullscreenBehaviorsVMa, _$s14LinearMediaKit19FullscreenBehaviorsVMn,
                 _$s14LinearMediaKit22PlayableViewControllerC023environmentPickerButtoneF0So06UIViewF0CSgvgTj, _$s14LinearMediaKit22PlayableViewControllerC18prefersAutoDimmingSbvsTj,
diff --git a/WebKitLibraries/SDKs/xrsimulator2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd b/WebKitLibraries/SDKs/xrsimulator2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
index 8a4616c704f30..af5c84d94af5e 100644
--- a/WebKitLibraries/SDKs/xrsimulator2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
+++ b/WebKitLibraries/SDKs/xrsimulator2.0-additions.sdk/System/Library/PrivateFrameworks/LinearMediaKit.framework/LinearMediaKit.tbd
@@ -19,6 +19,10 @@ exports:
                 _$s14LinearMediaKit15ContentMetadataV15displaySubtitleAC07DisplayG0Ovg, _$s14LinearMediaKit15ContentMetadataV15displaySubtitleAC07DisplayG0OvpMV,
                 _$s14LinearMediaKit15ContentMetadataVMa, _$s14LinearMediaKit15ContentMetadataVMn, _$s14LinearMediaKit16PresentationModeO20fullscreenFromInlineyA2CmFWC,
                 _$s14LinearMediaKit16PresentationModeO6inlineyA2CmFWC, _$s14LinearMediaKit16PresentationModeOMa, _$s14LinearMediaKit16PresentationModeOMn,
+                _$s14LinearMediaKit19FullscreenBehaviorsV11sceneResizeACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV17hostContentInlineACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV18sceneChromeOptionsACvgZ,
+                _$s14LinearMediaKit19FullscreenBehaviorsV21sceneSizeRestrictionsACvgZ,
                 _$s14LinearMediaKit19FullscreenBehaviorsV7defaultSayACGvgZ, _$s14LinearMediaKit19FullscreenBehaviorsV8rawValueACSi_tcfC,
                 _$s14LinearMediaKit19FullscreenBehaviorsV8rawValueSivg, _$s14LinearMediaKit19FullscreenBehaviorsVMa, _$s14LinearMediaKit19FullscreenBehaviorsVMn,
                 _$s14LinearMediaKit22PlayableViewControllerC023environmentPickerButtoneF0So06UIViewF0CSgvgTj, _$s14LinearMediaKit22PlayableViewControllerC18prefersAutoDimmingSbvsTj,

From f5a697f57dea2175017d407e06f4c585e58aa237 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 16:45:31 -0800
Subject: [PATCH 017/174] Move WebFullScreenManagerProxy::willEnterFullScreen
 to a lambda https://bugs.webkit.org/show_bug.cgi?id=288220 rdar://145312937

Reviewed by Charlie Wolfe.

There's no need to find the WebFullScreenManagerProxy to give it the CompletionHandler.
Just call the CompletionHandler, and it has the context needed to do what it needs to do.

Also, the NSScreen given to WKFullScreenWindowController was only nil, so remove that parameter.
And make the signature of enterFullScreen no longer platform-dependent.

No change in behavior, this just makes the code more sane.

* Source/WebKit/UIProcess/API/C/WKPage.cpp:
(WKPageSetFullScreenClientForTesting):
* Source/WebKit/UIProcess/API/gtk/PageClientImpl.cpp:
(WebKit::PageClientImpl::enterFullScreen):
* Source/WebKit/UIProcess/API/gtk/PageClientImpl.h:
* Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseWillEnterFullScreen):
* Source/WebKit/UIProcess/API/wpe/PageClientImpl.h:
* Source/WebKit/UIProcess/API/wpe/WPEWebView.cpp:
(WKWPE::View::willEnterFullScreen):
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp:
(WebKit::WebFullScreenManagerProxy::enterFullScreen):
(WebKit::WebFullScreenManagerProxy::willEnterFullScreen): Deleted.
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.h:
(WebKit::WebFullScreenManagerProxy::fullscreenState const):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(-[WKFullScreenWindowController _enterFullScreen:windowScene:completionHandler:]):
* Source/WebKit/UIProcess/mac/PageClientImplMac.h:
* Source/WebKit/UIProcess/mac/PageClientImplMac.mm:
(WebKit::PageClientImpl::enterFullScreen):
* Source/WebKit/UIProcess/mac/WKFullScreenWindowController.h:
* Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm:
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController enterFullScreen:completionHandler:]): Deleted.
* Source/WebKit/UIProcess/playstation/PageClientImpl.cpp:
(WebKit::PageClientImpl::enterFullScreen):
* Source/WebKit/UIProcess/playstation/PageClientImpl.h:
* Source/WebKit/UIProcess/playstation/PlayStationWebView.cpp:
(WebKit::PlayStationWebView::willEnterFullScreen):
* Source/WebKit/UIProcess/win/PageClientImpl.cpp:
(WebKit::PageClientImpl::enterFullScreen):
* Source/WebKit/UIProcess/win/PageClientImpl.h:

Canonical link: https://commits.webkit.org/290838@main
---
 Source/WebKit/UIProcess/API/C/WKPage.cpp      |  6 +--
 .../UIProcess/API/gtk/PageClientImpl.cpp      |  2 +-
 .../WebKit/UIProcess/API/gtk/PageClientImpl.h |  2 +-
 .../UIProcess/API/gtk/WebKitWebViewBase.cpp   |  5 +--
 .../UIProcess/API/wpe/PageClientImpl.cpp      |  2 +-
 .../WebKit/UIProcess/API/wpe/PageClientImpl.h |  2 +-
 .../WebKit/UIProcess/API/wpe/WPEWebView.cpp   |  5 +--
 .../UIProcess/WebFullScreenManagerProxy.cpp   | 39 +++++++------------
 .../UIProcess/WebFullScreenManagerProxy.h     |  5 ---
 .../WKFullScreenWindowControllerIOS.mm        | 26 +++----------
 .../WebKit/UIProcess/mac/PageClientImplMac.h  |  2 +-
 .../WebKit/UIProcess/mac/PageClientImplMac.mm |  4 +-
 .../mac/WKFullScreenWindowController.h        |  2 +-
 .../mac/WKFullScreenWindowController.mm       |  7 ++--
 .../UIProcess/playstation/PageClientImpl.cpp  |  2 +-
 .../UIProcess/playstation/PageClientImpl.h    |  2 +-
 .../playstation/PlayStationWebView.cpp        |  2 +-
 .../WebKit/UIProcess/win/PageClientImpl.cpp   |  2 +-
 Source/WebKit/UIProcess/win/PageClientImpl.h  |  2 +-
 19 files changed, 40 insertions(+), 79 deletions(-)

diff --git a/Source/WebKit/UIProcess/API/C/WKPage.cpp b/Source/WebKit/UIProcess/API/C/WKPage.cpp
index 6034bcba893b7..261d3064b6cdc 100644
--- a/Source/WebKit/UIProcess/API/C/WKPage.cpp
+++ b/Source/WebKit/UIProcess/API/C/WKPage.cpp
@@ -1212,11 +1212,7 @@ void WKPageSetFullScreenClientForTesting(WKPageRef pageRef, const WKPageFullScre
         void closeFullScreenManager() override { }
         bool isFullScreen() override { return false; }
 
-        void enterFullScreen(
-#if PLATFORM(IOS_FAMILY)
-            WebCore::FloatSize,
-#endif
-            CompletionHandler<void(bool)>&& completionHandler) override
+        void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&& completionHandler) override
         {
             if (!m_client.willEnterFullScreen)
                 return completionHandler(false);
diff --git a/Source/WebKit/UIProcess/API/gtk/PageClientImpl.cpp b/Source/WebKit/UIProcess/API/gtk/PageClientImpl.cpp
index 74960c796233e..986edbe2d0b6f 100644
--- a/Source/WebKit/UIProcess/API/gtk/PageClientImpl.cpp
+++ b/Source/WebKit/UIProcess/API/gtk/PageClientImpl.cpp
@@ -413,7 +413,7 @@ bool PageClientImpl::isFullScreen()
     return webkitWebViewBaseIsFullScreen(WEBKIT_WEB_VIEW_BASE(m_viewWidget));
 }
 
-void PageClientImpl::enterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
+void PageClientImpl::enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&& completionHandler)
 {
     if (!m_viewWidget)
         return completionHandler(false);
diff --git a/Source/WebKit/UIProcess/API/gtk/PageClientImpl.h b/Source/WebKit/UIProcess/API/gtk/PageClientImpl.h
index 901667c226f59..bd11269e156a9 100644
--- a/Source/WebKit/UIProcess/API/gtk/PageClientImpl.h
+++ b/Source/WebKit/UIProcess/API/gtk/PageClientImpl.h
@@ -132,7 +132,7 @@ class PageClientImpl : public PageClient
     // WebFullScreenManagerProxyClient
     void closeFullScreenManager() override;
     bool isFullScreen() override;
-    void enterFullScreen(CompletionHandler<void(bool)>&&) override;
+    void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&&) override;
     void exitFullScreen(CompletionHandler<void()>&&) override;
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&) override;
     void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&) override;
diff --git a/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp b/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp
index aad41d0c83232..597dcdbd94e88 100644
--- a/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp
+++ b/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp
@@ -2624,10 +2624,7 @@ void webkitWebViewBaseWillEnterFullScreen(WebKitWebViewBase* webkitWebViewBase,
 {
     WebKitWebViewBasePrivate* priv = webkitWebViewBase->priv;
     ASSERT(priv->fullScreenState == WebFullScreenManagerProxy::FullscreenState::NotInFullscreen);
-    if (auto* fullScreenManagerProxy = priv->pageProxy->fullScreenManager())
-        fullScreenManagerProxy->willEnterFullScreen(WTFMove(completionHandler));
-    else
-        completionHandler(false);
+    completionHandler(true);
     priv->fullScreenState = WebFullScreenManagerProxy::FullscreenState::EnteringFullscreen;
 }
 
diff --git a/Source/WebKit/UIProcess/API/wpe/PageClientImpl.cpp b/Source/WebKit/UIProcess/API/wpe/PageClientImpl.cpp
index bb48ef101f68b..76f77a9a50f72 100644
--- a/Source/WebKit/UIProcess/API/wpe/PageClientImpl.cpp
+++ b/Source/WebKit/UIProcess/API/wpe/PageClientImpl.cpp
@@ -434,7 +434,7 @@ bool PageClientImpl::isFullScreen()
     return m_view.isFullScreen();
 }
 
-void PageClientImpl::enterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
+void PageClientImpl::enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&& completionHandler)
 {
     if (isFullScreen())
         return completionHandler(false);
diff --git a/Source/WebKit/UIProcess/API/wpe/PageClientImpl.h b/Source/WebKit/UIProcess/API/wpe/PageClientImpl.h
index f0de853a118e1..c9b5db9dc3005 100644
--- a/Source/WebKit/UIProcess/API/wpe/PageClientImpl.h
+++ b/Source/WebKit/UIProcess/API/wpe/PageClientImpl.h
@@ -167,7 +167,7 @@ class PageClientImpl final : public PageClient
 
     void closeFullScreenManager() override;
     bool isFullScreen() override;
-    void enterFullScreen(CompletionHandler<void(bool)>&&) override;
+    void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&&) override;
     void exitFullScreen(CompletionHandler<void()>&&) override;
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&) override;
     void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&) override;
diff --git a/Source/WebKit/UIProcess/API/wpe/WPEWebView.cpp b/Source/WebKit/UIProcess/API/wpe/WPEWebView.cpp
index 3e4f8087f77bf..6d6076e877be6 100644
--- a/Source/WebKit/UIProcess/API/wpe/WPEWebView.cpp
+++ b/Source/WebKit/UIProcess/API/wpe/WPEWebView.cpp
@@ -153,10 +153,7 @@ bool View::isFullScreen() const
 void View::willEnterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
 {
     ASSERT(m_fullscreenState == WebFullScreenManagerProxy::FullscreenState::NotInFullscreen);
-    if (auto* fullScreenManagerProxy = page().fullScreenManager())
-        fullScreenManagerProxy->willEnterFullScreen(WTFMove(completionHandler));
-    else
-        completionHandler(false);
+    completionHandler(true);
     m_fullscreenState = WebFullScreenManagerProxy::FullscreenState::EnteringFullscreen;
 }
 
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
index 48d09620d4342..ab744e5a4672f 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
@@ -88,16 +88,6 @@ std::optional<SharedPreferencesForWebProcess> WebFullScreenManagerProxy::sharedP
     return dynamicDowncast<WebProcessProxy>(AuxiliaryProcessProxy::fromConnection(connection))->sharedPreferencesForWebProcess();
 }
 
-void WebFullScreenManagerProxy::willEnterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
-{
-    ALWAYS_LOG(LOGIDENTIFIER);
-    m_fullscreenState = FullscreenState::EnteringFullscreen;
-
-    if (RefPtr page = m_page.get())
-        page->fullscreenClient().willEnterFullscreen(page.get());
-    completionHandler(true);
-}
-
 template<typename M> void WebFullScreenManagerProxy::sendToWebProcess(M&& message)
 {
     RefPtr page = m_page.get();
@@ -204,7 +194,6 @@ void WebFullScreenManagerProxy::enterFullScreen(IPC::Connection& connection, boo
     m_fullScreenProcess = dynamicDowncast<WebProcessProxy>(AuxiliaryProcessProxy::fromConnection(connection));
     m_blocksReturnToFullscreenFromPictureInPicture = blocksReturnToFullscreenFromPictureInPicture;
 #if PLATFORM(IOS_FAMILY)
-
 #if ENABLE(VIDEO_USES_ELEMENT_FULLSCREEN)
     m_isVideoElement = mediaDetails.type == FullScreenMediaDetails::Type::Video;
 #endif
@@ -215,20 +204,22 @@ void WebFullScreenManagerProxy::enterFullScreen(IPC::Connection& connection, boo
             m_imageBuffer = sharedMemoryBuffer->createSharedBuffer(sharedMemoryBuffer->size());
     }
     m_imageMIMEType = mediaDetails.mimeType;
-#endif // QUICKLOOK_FULLSCREEN
+#endif // ENABLE(QUICKLOOK_FULLSCREEN)
+#endif // PLATFORM(IOS_FAMILY)
 
-    auto mediaDimensions = mediaDetails.mediaDimensions;
-    if (CheckedPtr client = m_client)
-        client->enterFullScreen(mediaDimensions, WTFMove(completionHandler));
-    else
-        completionHandler(false);
-#else
-    UNUSED_PARAM(mediaDetails);
-    if (CheckedPtr client = m_client)
-        client->enterFullScreen(WTFMove(completionHandler));
-    else
-        completionHandler(false);
-#endif
+    CheckedPtr client = m_client;
+    if (!client)
+        return completionHandler(false);
+
+    client->enterFullScreen(mediaDetails.mediaDimensions, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), logIdentifier = LOGIDENTIFIER] (bool success) mutable {
+        ALWAYS_LOG(logIdentifier);
+        if (success) {
+            m_fullscreenState = FullscreenState::EnteringFullscreen;
+            if (RefPtr page = m_page.get())
+                page->fullscreenClient().willEnterFullscreen(page.get());
+        }
+        completionHandler(success);
+    });
 }
 
 #if ENABLE(QUICKLOOK_FULLSCREEN)
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
index b31d0e979a419..fa87e06845728 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
@@ -64,11 +64,7 @@ class WebFullScreenManagerProxyClient : public CanMakeCheckedPtr<WebFullScreenMa
 
     virtual void closeFullScreenManager() = 0;
     virtual bool isFullScreen() = 0;
-#if PLATFORM(IOS_FAMILY)
     virtual void enterFullScreen(WebCore::FloatSize mediaDimensions, CompletionHandler<void(bool)>&&) = 0;
-#else
-    virtual void enterFullScreen(CompletionHandler<void(bool)>&&) = 0;
-#endif
 #if ENABLE(QUICKLOOK_FULLSCREEN)
     virtual void updateImageSource() = 0;
 #endif
@@ -112,7 +108,6 @@ class WebFullScreenManagerProxy : public IPC::MessageReceiver, public CanMakeChe
         ExitingFullscreen,
     };
     FullscreenState fullscreenState() const { return m_fullscreenState; }
-    void willEnterFullScreen(CompletionHandler<void(bool)>&&);
     void setAnimatingFullScreen(bool);
     void requestRestoreFullScreen(CompletionHandler<void(bool)>&&);
     void requestExitFullScreen();
diff --git a/Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm b/Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
index b7793f702cd19..d079e865fc060 100644
--- a/Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
+++ b/Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
@@ -940,7 +940,7 @@ - (void)_enterFullScreen:(CGSize)mediaDimensions windowScene:(UIWindowScene *)wi
         _fullScreenState = WebKit::WaitingToEnterFullScreen;
 
         OBJC_ALWAYS_LOG(OBJC_LOGIDENTIFIER, "(QL) presentation updated");
-        manager->willEnterFullScreen(WTFMove(completionHandler));
+        completionHandler(true);
 
         manager->prepareQuickLookImageURL([strongSelf = retainPtr(self), self, window = retainPtr([webView window]), completionHandler = WTFMove(completionHandler), logIdentifier = OBJC_LOGIDENTIFIER] (URL&& url) mutable {
             UIWindowScene *scene = [window windowScene];
@@ -949,14 +949,8 @@ - (void)_enterFullScreen:(CGSize)mediaDimensions windowScene:(UIWindowScene *)wi
             [_previewWindowController presentWindow];
             _fullScreenState = WebKit::InFullScreen;
 
-            if (auto* manager = [strongSelf _manager]) {
-                OBJC_ALWAYS_LOG(logIdentifier, "(QL) presentation completed");
-                return completionHandler(true);
-            }
-
-            OBJC_ERROR_LOG(logIdentifier, "(QL) presentation completed, but manager missing");
-            [strongSelf _exitFullscreenImmediately];
-            ASSERT_NOT_REACHED();
+            OBJC_ALWAYS_LOG(logIdentifier, "(QL) presentation completed");
+            return completionHandler(true);
         });
         return;
     }
@@ -1098,17 +1092,9 @@ - (void)_enterFullScreen:(CGSize)mediaDimensions windowScene:(UIWindowScene *)wi
             }
 
             [self._webView _doAfterNextVisibleContentRectAndPresentationUpdate:makeBlockPtr([self, protectedSelf, logIdentifier, completionHandler = WTFMove(completionHandler)] mutable {
-                if (auto* manager = [protectedSelf _manager]) {
-                    OBJC_ALWAYS_LOG(logIdentifier, "presentation updated");
-                    WebKit::WKWebViewState().applyTo(self._webView);
-                    manager->willEnterFullScreen(WTFMove(completionHandler));
-                    return;
-                }
-
-                ASSERT_NOT_REACHED();
-                OBJC_ERROR_LOG(logIdentifier, "presentation updated, but manager missing");
-                [protectedSelf _exitFullscreenImmediately];
-                completionHandler(false);
+                OBJC_ALWAYS_LOG(logIdentifier, "presentation updated");
+                WebKit::WKWebViewState().applyTo(self._webView);
+                return completionHandler(true);
             }).get()];
         });
 
diff --git a/Source/WebKit/UIProcess/mac/PageClientImplMac.h b/Source/WebKit/UIProcess/mac/PageClientImplMac.h
index 0b09f15b4ff1e..51744982af6f5 100644
--- a/Source/WebKit/UIProcess/mac/PageClientImplMac.h
+++ b/Source/WebKit/UIProcess/mac/PageClientImplMac.h
@@ -222,7 +222,7 @@ class PageClientImpl final : public PageClientImplCocoa
     // WebFullScreenManagerProxyClient
     void closeFullScreenManager() override;
     bool isFullScreen() override;
-    void enterFullScreen(CompletionHandler<void(bool)>&&) override;
+    void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&&) override;
     void exitFullScreen(CompletionHandler<void()>&&) override;
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&) override;
     void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&) override;
diff --git a/Source/WebKit/UIProcess/mac/PageClientImplMac.mm b/Source/WebKit/UIProcess/mac/PageClientImplMac.mm
index 0c3012967fef6..6f5fd6287d435 100644
--- a/Source/WebKit/UIProcess/mac/PageClientImplMac.mm
+++ b/Source/WebKit/UIProcess/mac/PageClientImplMac.mm
@@ -824,11 +824,11 @@ static inline NSCorrectionResponse toCorrectionResponse(AutocorrectionResponse r
     return m_impl->fullScreenWindowController().isFullScreen;
 }
 
-void PageClientImpl::enterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
+void PageClientImpl::enterFullScreen(FloatSize, CompletionHandler<void(bool)>&& completionHandler)
 {
     if (!m_impl->fullScreenWindowController())
         return completionHandler(false);
-    [m_impl->fullScreenWindowController() enterFullScreen:nil completionHandler:WTFMove(completionHandler)];
+    [m_impl->fullScreenWindowController() enterFullScreen:WTFMove(completionHandler)];
 }
 
 void PageClientImpl::exitFullScreen(CompletionHandler<void()>&& completionHandler)
diff --git a/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.h b/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.h
index fb706b86b55fe..b6da54f5dcdc8 100644
--- a/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.h
+++ b/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.h
@@ -77,7 +77,7 @@ typedef enum FullScreenState : NSInteger FullScreenState;
 
 - (BOOL)isFullScreen;
 
-- (void)enterFullScreen:(NSScreen *)screen completionHandler:(CompletionHandler<void(bool)>&&)completionHandler;
+- (void)enterFullScreen:(CompletionHandler<void(bool)>&&)completionHandler;
 - (void)exitFullScreen:(CompletionHandler<void()>&&)completionHandler;
 - (void)exitFullScreenImmediately;
 - (void)requestExitFullScreen;
diff --git a/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm b/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm
index 596a85466b174..ff45b52851a67 100644
--- a/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm
+++ b/Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm
@@ -227,14 +227,13 @@ - (void)noResponderFor:(SEL)eventMethod
     return adoptCF(CGImageCreate(width, height, bitsPerComponent, bitsPerPixel, bytesPerRow, colorSpace, bitmapInfo, provider.get(), 0, shouldInterpolate, intent));
 }
 
-- (void)enterFullScreen:(NSScreen *)screen completionHandler:(CompletionHandler<void(bool)>&&)completionHandler
+- (void)enterFullScreen:(CompletionHandler<void(bool)>&&)completionHandler
 {
     if ([self isFullScreen])
         return completionHandler(false);
     _fullScreenState = WaitingToEnterFullScreen;
 
-    if (!screen)
-        screen = [NSScreen mainScreen];
+    NSScreen *screen = [NSScreen mainScreen];
 
     NSRect screenFrame = WebCore::safeScreenFrame(screen);
     NSRect webViewFrame = convertRectToScreen([_webView window], [_webView convertRect:[_webView frame] toView:nil]);
@@ -283,7 +282,7 @@ - (void)enterFullScreen:(NSScreen *)screen completionHandler:(CompletionHandler<
     _savedScale = _page->pageScaleFactor();
     _page->scalePageRelativeToScrollPosition(1, { });
     [self _manager]->setAnimatingFullScreen(true);
-    [self _manager]->willEnterFullScreen(WTFMove(completionHandler));
+    completionHandler(true);
 }
 
 - (void)beganEnterFullScreenWithInitialFrame:(NSRect)initialFrame finalFrame:(NSRect)finalFrame completionHandler:(CompletionHandler<void(bool)>&&)completionHandler
diff --git a/Source/WebKit/UIProcess/playstation/PageClientImpl.cpp b/Source/WebKit/UIProcess/playstation/PageClientImpl.cpp
index 8c24312e443cf..df5116147712b 100644
--- a/Source/WebKit/UIProcess/playstation/PageClientImpl.cpp
+++ b/Source/WebKit/UIProcess/playstation/PageClientImpl.cpp
@@ -261,7 +261,7 @@ bool PageClientImpl::isFullScreen()
     return m_view.isFullScreen();
 }
 
-void PageClientImpl::enterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
+void PageClientImpl::enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&& completionHandler)
 {
     m_view.enterFullScreen(WTFMove(completionHandler));
 }
diff --git a/Source/WebKit/UIProcess/playstation/PageClientImpl.h b/Source/WebKit/UIProcess/playstation/PageClientImpl.h
index e2f74554da80b..066da7e2bf276 100644
--- a/Source/WebKit/UIProcess/playstation/PageClientImpl.h
+++ b/Source/WebKit/UIProcess/playstation/PageClientImpl.h
@@ -137,7 +137,7 @@ class PageClientImpl final : public PageClient
 
     void closeFullScreenManager() override;
     bool isFullScreen() override;
-    void enterFullScreen(CompletionHandler<void(bool)>&&) override;
+    void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&&) override;
     void exitFullScreen(CompletionHandler<void()>&&) override;
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&) override;
     void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&) override;
diff --git a/Source/WebKit/UIProcess/playstation/PlayStationWebView.cpp b/Source/WebKit/UIProcess/playstation/PlayStationWebView.cpp
index 27001b6163ef6..97251bf8d467f 100644
--- a/Source/WebKit/UIProcess/playstation/PlayStationWebView.cpp
+++ b/Source/WebKit/UIProcess/playstation/PlayStationWebView.cpp
@@ -118,7 +118,7 @@ void PlayStationWebView::setViewNeedsDisplay(const WebCore::Region& region)
 void PlayStationWebView::willEnterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
 {
     m_isFullScreen = true;
-    m_page->fullScreenManager()->willEnterFullScreen(WTFMove(completionHandler));
+    completionHandler(true);
 }
 
 void PlayStationWebView::requestExitFullScreen()
diff --git a/Source/WebKit/UIProcess/win/PageClientImpl.cpp b/Source/WebKit/UIProcess/win/PageClientImpl.cpp
index 52fb0172a1215..afebb478e850d 100644
--- a/Source/WebKit/UIProcess/win/PageClientImpl.cpp
+++ b/Source/WebKit/UIProcess/win/PageClientImpl.cpp
@@ -318,7 +318,7 @@ bool PageClientImpl::isFullScreen()
     return false;
 }
 
-void PageClientImpl::enterFullScreen(CompletionHandler<void(bool)>&& completionHandler)
+void PageClientImpl::enterFullScreen(FloatSize, CompletionHandler<void(bool)>&& completionHandler)
 {
     notImplemented();
     completionHandler(false);
diff --git a/Source/WebKit/UIProcess/win/PageClientImpl.h b/Source/WebKit/UIProcess/win/PageClientImpl.h
index 7e03c1c5d04b3..bd1984fbf3c37 100644
--- a/Source/WebKit/UIProcess/win/PageClientImpl.h
+++ b/Source/WebKit/UIProcess/win/PageClientImpl.h
@@ -127,7 +127,7 @@ class PageClientImpl : public PageClient
     // WebFullScreenManagerProxyClient
     void closeFullScreenManager() override;
     bool isFullScreen() override;
-    void enterFullScreen(CompletionHandler<void(bool)>&&) override;
+    void enterFullScreen(WebCore::FloatSize, CompletionHandler<void(bool)>&&) override;
     void exitFullScreen(CompletionHandler<void()>&&) override;
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&) override;
     void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&) override;

From 9996e4031b794c1c166ff57020304d56e55291f7 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Fri, 21 Feb 2025 16:51:00 -0800
Subject: [PATCH 018/174] [JSC] DirectArguments::visitChildrenImpl calls
 JSObject::visitChildrenImpl twice
 https://bugs.webkit.org/show_bug.cgi?id=287502 rdar://145080419

Reviewed by Yijia Huang.

Avoid calling Base::visitChildren twice. We also rename GenericArguments
to GenericArgumentsImpl to make it clear that this is Impl interface for
JSCells.

* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations:
* Source/JavaScriptCore/runtime/DirectArguments.cpp:
(JSC::DirectArguments::DirectArguments):
(JSC::DirectArguments::visitChildrenImpl):
(JSC::DirectArguments::copyToArguments):
* Source/JavaScriptCore/runtime/DirectArguments.h:
* Source/JavaScriptCore/runtime/GenericArgumentsImpl.h: Renamed from Source/JavaScriptCore/runtime/GenericArguments.h.
(JSC::GenericArgumentsImpl::GenericArgumentsImpl):
* Source/JavaScriptCore/runtime/GenericArgumentsImplInlines.h: Renamed from Source/JavaScriptCore/runtime/GenericArgumentsInlines.h.
(JSC::GenericArgumentsImpl<Type>::visitChildrenImpl):
(JSC::GenericArgumentsImpl<Type>::getOwnPropertySlot):
(JSC::GenericArgumentsImpl<Type>::getOwnPropertySlotByIndex):
(JSC::GenericArgumentsImpl<Type>::getOwnPropertyNames):
(JSC::GenericArgumentsImpl<Type>::put):
(JSC::GenericArgumentsImpl<Type>::putByIndex):
(JSC::GenericArgumentsImpl<Type>::deleteProperty):
(JSC::GenericArgumentsImpl<Type>::deletePropertyByIndex):
(JSC::GenericArgumentsImpl<Type>::defineOwnProperty):
(JSC::GenericArgumentsImpl<Type>::initModifiedArgumentsDescriptor):
(JSC::GenericArgumentsImpl<Type>::initModifiedArgumentsDescriptorIfNecessary):
(JSC::GenericArgumentsImpl<Type>::setModifiedArgumentDescriptor):
(JSC::GenericArgumentsImpl<Type>::isModifiedArgumentDescriptor):
(JSC::GenericArgumentsImpl<Type>::copyToArguments):
* Source/JavaScriptCore/runtime/ScopedArguments.cpp:
(JSC::ScopedArguments::ScopedArguments):
(JSC::ScopedArguments::visitChildrenImpl):
(JSC::ScopedArguments::copyToArguments):
* Source/JavaScriptCore/runtime/ScopedArguments.h:

Canonical link: https://commits.webkit.org/290839@main
---
 Source/JavaScriptCore/CMakeLists.txt          |  2 +-
 .../JavaScriptCore.xcodeproj/project.pbxproj  | 16 ++---
 .../MemoryUnsafeCastCheckerExpectations       |  2 +-
 .../runtime/DirectArguments.cpp               |  9 ++-
 .../JavaScriptCore/runtime/DirectArguments.h  | 12 ++--
 ...ericArguments.h => GenericArgumentsImpl.h} |  8 +--
 ...nlines.h => GenericArgumentsImplInlines.h} | 64 +++++++++----------
 .../runtime/ScopedArguments.cpp               |  8 +--
 .../JavaScriptCore/runtime/ScopedArguments.h  | 12 ++--
 9 files changed, 66 insertions(+), 67 deletions(-)
 rename Source/JavaScriptCore/runtime/{GenericArguments.h => GenericArgumentsImpl.h} (95%)
 rename Source/JavaScriptCore/runtime/{GenericArgumentsInlines.h => GenericArgumentsImplInlines.h} (83%)

diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
index 1439537bc2a16..b52d8892843f6 100644
--- a/Source/JavaScriptCore/CMakeLists.txt
+++ b/Source/JavaScriptCore/CMakeLists.txt
@@ -1019,7 +1019,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
     runtime/FunctionRareData.h
     runtime/FuzzerAgent.h
     runtime/Gate.h
-    runtime/GenericArguments.h
+    runtime/GenericArgumentsImpl.h
     runtime/GenericOffset.h
     runtime/GenericTypedArrayView.h
     runtime/GenericTypedArrayViewInlines.h
diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index 1f3bdecf12a1d..bf871fddabd99 100644
--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -550,8 +550,8 @@
 		0FE050141AA9091100D33B33 /* ArgumentsMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FE050161AA9091100D33B33 /* DirectArgumentsOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0500E1AA9091100D33B33 /* DirectArgumentsOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FE050181AA9091100D33B33 /* DirectArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050101AA9091100D33B33 /* DirectArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0FE050191AA9091100D33B33 /* GenericArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050111AA9091100D33B33 /* GenericArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
-		0FE0501A1AA9091100D33B33 /* GenericArgumentsInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0FE050191AA9091100D33B33 /* GenericArgumentsImpl.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050111AA9091100D33B33 /* GenericArgumentsImpl.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0FE0501A1AA9091100D33B33 /* GenericArgumentsImplInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050121AA9091100D33B33 /* GenericArgumentsImplInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FE0501B1AA9091100D33B33 /* GenericOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050131AA9091100D33B33 /* GenericOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FE050261AA9095600D33B33 /* ClonedArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0501D1AA9095600D33B33 /* ClonedArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0FE050281AA9095600D33B33 /* ScopedArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0501F1AA9095600D33B33 /* ScopedArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -3387,8 +3387,8 @@
 		0FE0500E1AA9091100D33B33 /* DirectArgumentsOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DirectArgumentsOffset.h; sourceTree = "<group>"; };
 		0FE0500F1AA9091100D33B33 /* DirectArguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DirectArguments.cpp; sourceTree = "<group>"; };
 		0FE050101AA9091100D33B33 /* DirectArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DirectArguments.h; sourceTree = "<group>"; };
-		0FE050111AA9091100D33B33 /* GenericArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArguments.h; sourceTree = "<group>"; };
-		0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArgumentsInlines.h; sourceTree = "<group>"; };
+		0FE050111AA9091100D33B33 /* GenericArgumentsImpl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArgumentsImpl.h; sourceTree = "<group>"; };
+		0FE050121AA9091100D33B33 /* GenericArgumentsImplInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArgumentsImplInlines.h; sourceTree = "<group>"; };
 		0FE050131AA9091100D33B33 /* GenericOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericOffset.h; sourceTree = "<group>"; };
 		0FE0501C1AA9095600D33B33 /* ClonedArguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ClonedArguments.cpp; sourceTree = "<group>"; };
 		0FE0501D1AA9095600D33B33 /* ClonedArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClonedArguments.h; sourceTree = "<group>"; };
@@ -8278,8 +8278,8 @@
 				70B791891C024432002481E2 /* GeneratorPrototype.cpp */,
 				70B7918A1C024432002481E2 /* GeneratorPrototype.h */,
 				276B385D2A71D0B600252F4E /* GeneratorPrototypeInlines.h */,
-				0FE050111AA9091100D33B33 /* GenericArguments.h */,
-				0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */,
+				0FE050111AA9091100D33B33 /* GenericArgumentsImpl.h */,
+				0FE050121AA9091100D33B33 /* GenericArgumentsImplInlines.h */,
 				0FE050131AA9091100D33B33 /* GenericOffset.h */,
 				0F2B66B217B6B5AB00A7AE3F /* GenericTypedArrayView.h */,
 				0F2B66B317B6B5AB00A7AE3F /* GenericTypedArrayViewInlines.h */,
@@ -11108,8 +11108,8 @@
 				276B386B2A71D0B600252F4E /* GeneratorFunctionPrototypeInlines.h in Headers */,
 				70B791991C024A29002481E2 /* GeneratorPrototype.h in Headers */,
 				276B386C2A71D0B600252F4E /* GeneratorPrototypeInlines.h in Headers */,
-				0FE050191AA9091100D33B33 /* GenericArguments.h in Headers */,
-				0FE0501A1AA9091100D33B33 /* GenericArgumentsInlines.h in Headers */,
+				0FE050191AA9091100D33B33 /* GenericArgumentsImpl.h in Headers */,
+				0FE0501A1AA9091100D33B33 /* GenericArgumentsImplInlines.h in Headers */,
 				0FE0501B1AA9091100D33B33 /* GenericOffset.h in Headers */,
 				0F2B66E017B6B5AB00A7AE3F /* GenericTypedArrayView.h in Headers */,
 				0F2B66E117B6B5AB00A7AE3F /* GenericTypedArrayViewInlines.h in Headers */,
diff --git a/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
index 530eb85ff914d..dd9f2a3cb9335 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
@@ -69,7 +69,7 @@ runtime/Exception.cpp
 runtime/ExecutableBase.cpp
 runtime/FunctionExecutable.cpp
 runtime/FunctionRareData.cpp
-runtime/GenericArgumentsInlines.h
+runtime/GenericArgumentsImplInlines.h
 runtime/Identifier.cpp
 runtime/Identifier.h
 runtime/IdentifierInlines.h
diff --git a/Source/JavaScriptCore/runtime/DirectArguments.cpp b/Source/JavaScriptCore/runtime/DirectArguments.cpp
index ca321cdfedf8a..98968129ebf0d 100644
--- a/Source/JavaScriptCore/runtime/DirectArguments.cpp
+++ b/Source/JavaScriptCore/runtime/DirectArguments.cpp
@@ -27,7 +27,7 @@
 #include "DirectArguments.h"
 
 #include "CodeBlock.h"
-#include "GenericArgumentsInlines.h"
+#include "GenericArgumentsImplInlines.h"
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
 
@@ -38,7 +38,7 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(DirectArguments);
 const ClassInfo DirectArguments::s_info = { "Arguments"_s, &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(DirectArguments) };
 
 DirectArguments::DirectArguments(VM& vm, Structure* structure, unsigned length, unsigned capacity)
-    : GenericArguments(vm, structure)
+    : GenericArgumentsImpl(vm, structure)
     , m_length(length)
     , m_minCapacity(capacity)
 {
@@ -97,14 +97,13 @@ void DirectArguments::visitChildrenImpl(JSCell* thisCell, Visitor& visitor)
 {
     DirectArguments* thisObject = static_cast<DirectArguments*>(thisCell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    Base::visitChildren(thisObject, visitor);
+    GenericArgumentsImpl::visitChildren(thisCell, visitor); // Including Base::visitChildren.
 
     visitor.appendValues(thisObject->storage(), std::max(thisObject->m_length, thisObject->m_minCapacity));
     visitor.append(thisObject->m_callee);
 
     if (thisObject->m_mappedArguments)
         visitor.markAuxiliary(thisObject->m_mappedArguments.get());
-    GenericArguments<DirectArguments>::visitChildren(thisCell, visitor);
 }
 
 DEFINE_VISIT_CHILDREN(DirectArguments);
@@ -165,7 +164,7 @@ void DirectArguments::copyToArguments(JSGlobalObject* globalObject, JSValue* fir
         return;
     }
 
-    GenericArguments::copyToArguments(globalObject, firstElementDest, offset, length);
+    GenericArgumentsImpl::copyToArguments(globalObject, firstElementDest, offset, length);
 }
 
 unsigned DirectArguments::mappedArgumentsSize()
diff --git a/Source/JavaScriptCore/runtime/DirectArguments.h b/Source/JavaScriptCore/runtime/DirectArguments.h
index 783f7a07e9f76..c5d1e36bfb897 100644
--- a/Source/JavaScriptCore/runtime/DirectArguments.h
+++ b/Source/JavaScriptCore/runtime/DirectArguments.h
@@ -27,7 +27,7 @@
 
 #include "CagedBarrierPtr.h"
 #include "DirectArgumentsOffset.h"
-#include "GenericArguments.h"
+#include "GenericArgumentsImpl.h"
 #include <wtf/CagedPtr.h>
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
@@ -43,7 +43,7 @@ namespace JSC {
 //
 // To speed allocation, this object will hold all of the arguments in-place. The arguments as well
 // as a table of flags saying which arguments were overridden.
-class DirectArguments final : public GenericArguments<DirectArguments> {
+class DirectArguments final : public GenericArgumentsImpl<DirectArguments> {
 private:
     DirectArguments(VM&, Structure*, unsigned length, unsigned capacity);
     
@@ -125,7 +125,7 @@ class DirectArguments final : public GenericArguments<DirectArguments> {
         return storage()[offset.offset()];
     }
     
-    // Methods intended for use by the GenericArguments mixin.
+    // Methods intended for use by the GenericArgumentsImpl mixin.
     bool overrodeThings() const { return !!m_mappedArguments; }
     void overrideThings(JSGlobalObject*);
     void overrideThingsIfNecessary(JSGlobalObject*);
@@ -133,17 +133,17 @@ class DirectArguments final : public GenericArguments<DirectArguments> {
 
     void initModifiedArgumentsDescriptorIfNecessary(JSGlobalObject* globalObject)
     {
-        GenericArguments<DirectArguments>::initModifiedArgumentsDescriptorIfNecessary(globalObject, m_length);
+        GenericArgumentsImpl<DirectArguments>::initModifiedArgumentsDescriptorIfNecessary(globalObject, m_length);
     }
 
     void setModifiedArgumentDescriptor(JSGlobalObject* globalObject, unsigned index)
     {
-        GenericArguments<DirectArguments>::setModifiedArgumentDescriptor(globalObject, index, m_length);
+        GenericArgumentsImpl<DirectArguments>::setModifiedArgumentDescriptor(globalObject, index, m_length);
     }
 
     bool isModifiedArgumentDescriptor(unsigned index)
     {
-        return GenericArguments<DirectArguments>::isModifiedArgumentDescriptor(index, m_length);
+        return GenericArgumentsImpl<DirectArguments>::isModifiedArgumentDescriptor(index, m_length);
     }
 
     void copyToArguments(JSGlobalObject*, JSValue* firstElementDest, unsigned offset, unsigned length);
diff --git a/Source/JavaScriptCore/runtime/GenericArguments.h b/Source/JavaScriptCore/runtime/GenericArgumentsImpl.h
similarity index 95%
rename from Source/JavaScriptCore/runtime/GenericArguments.h
rename to Source/JavaScriptCore/runtime/GenericArgumentsImpl.h
index 731cdb7003ef1..975d52bd89f41 100644
--- a/Source/JavaScriptCore/runtime/GenericArguments.h
+++ b/Source/JavaScriptCore/runtime/GenericArgumentsImpl.h
@@ -33,13 +33,13 @@ namespace JSC {
 // This is a mixin for the two kinds of Arguments-class objects that arise when you say
 // "arguments" inside a function. This class doesn't show up in the JSCell inheritance hierarchy.
 template<typename Type>
-class GenericArguments : public JSNonFinalObject {
+class GenericArgumentsImpl : public JSNonFinalObject {
 public:
-    typedef JSNonFinalObject Base;
+    using Base = JSNonFinalObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetOwnPropertyNames | OverridesPut | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
 
 protected:
-    GenericArguments(VM& vm, Structure* structure)
+    GenericArgumentsImpl(VM& vm, Structure* structure)
         : Base(vm, structure)
     {
     }
@@ -53,7 +53,7 @@ class GenericArguments : public JSNonFinalObject {
     static bool deleteProperty(JSCell*, JSGlobalObject*, PropertyName, DeletePropertySlot&);
     static bool deletePropertyByIndex(JSCell*, JSGlobalObject*, unsigned propertyName);
     static bool defineOwnProperty(JSObject*, JSGlobalObject*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
-    
+
     void initModifiedArgumentsDescriptor(JSGlobalObject*, unsigned length);
     void initModifiedArgumentsDescriptorIfNecessary(JSGlobalObject*, unsigned length);
     void setModifiedArgumentDescriptor(JSGlobalObject*, unsigned index, unsigned length);
diff --git a/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h b/Source/JavaScriptCore/runtime/GenericArgumentsImplInlines.h
similarity index 83%
rename from Source/JavaScriptCore/runtime/GenericArgumentsInlines.h
rename to Source/JavaScriptCore/runtime/GenericArgumentsImplInlines.h
index d7d7675f4f7b4..88da6e5321b78 100644
--- a/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h
+++ b/Source/JavaScriptCore/runtime/GenericArgumentsImplInlines.h
@@ -25,7 +25,7 @@
 
 #pragma once
 
-#include "GenericArguments.h"
+#include "GenericArgumentsImpl.h"
 #include "JSCInlines.h"
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
@@ -34,24 +34,24 @@ namespace JSC {
 
 template<typename Type>
 template<typename Visitor>
-void GenericArguments<Type>::visitChildrenImpl(JSCell* thisCell, Visitor& visitor)
+void GenericArgumentsImpl<Type>::visitChildrenImpl(JSCell* thisCell, Visitor& visitor)
 {
     Type* thisObject = static_cast<Type*>(thisCell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     Base::visitChildren(thisCell, visitor);
-    
-    if (thisObject->m_modifiedArgumentsDescriptor)
-        visitor.markAuxiliary(thisObject->m_modifiedArgumentsDescriptor.getUnsafe());
+
+    if (auto* pointer = thisObject->m_modifiedArgumentsDescriptor.getUnsafe())
+        visitor.markAuxiliary(pointer);
 }
 
-DEFINE_VISIT_CHILDREN_WITH_MODIFIER(template<typename Type>, GenericArguments<Type>);
+DEFINE_VISIT_CHILDREN_WITH_MODIFIER(template<typename Type>, GenericArgumentsImpl<Type>);
 
 template<typename Type>
-bool GenericArguments<Type>::getOwnPropertySlot(JSObject* object, JSGlobalObject* globalObject, PropertyName ident, PropertySlot& slot)
+bool GenericArgumentsImpl<Type>::getOwnPropertySlot(JSObject* object, JSGlobalObject* globalObject, PropertyName ident, PropertySlot& slot)
 {
     Type* thisObject = jsCast<Type*>(object);
     VM& vm = globalObject->vm();
-    
+
     if (!thisObject->overrodeThings()) {
         if (ident == vm.propertyNames->length) {
             slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::DontEnum), jsNumber(thisObject->internalLength()));
@@ -66,36 +66,36 @@ bool GenericArguments<Type>::getOwnPropertySlot(JSObject* object, JSGlobalObject
             return true;
         }
     }
-    
+
     if (std::optional<uint32_t> index = parseIndex(ident))
-        return GenericArguments<Type>::getOwnPropertySlotByIndex(thisObject, globalObject, *index, slot);
+        return GenericArgumentsImpl<Type>::getOwnPropertySlotByIndex(thisObject, globalObject, *index, slot);
 
     return Base::getOwnPropertySlot(thisObject, globalObject, ident, slot);
 }
 
 template<typename Type>
-bool GenericArguments<Type>::getOwnPropertySlotByIndex(JSObject* object, JSGlobalObject* globalObject, unsigned index, PropertySlot& slot)
+bool GenericArgumentsImpl<Type>::getOwnPropertySlotByIndex(JSObject* object, JSGlobalObject* globalObject, unsigned index, PropertySlot& slot)
 {
     Type* thisObject = jsCast<Type*>(object);
-    
+
     if (!thisObject->isModifiedArgumentDescriptor(index) && thisObject->isMappedArgument(index)) {
         slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::None), thisObject->getIndexQuickly(index));
         return true;
     }
-    
+
     bool result = Base::getOwnPropertySlotByIndex(object, globalObject, index, slot);
-    
+
     if (thisObject->isMappedArgument(index)) {
         ASSERT(result);
         slot.setValue(thisObject, slot.attributes(), thisObject->getIndexQuickly(index));
         return true;
     }
-    
+
     return result;
 }
 
 template<typename Type>
-void GenericArguments<Type>::getOwnPropertyNames(JSObject* object, JSGlobalObject* globalObject, PropertyNameArray& array, DontEnumPropertiesMode mode)
+void GenericArgumentsImpl<Type>::getOwnPropertyNames(JSObject* object, JSGlobalObject* globalObject, PropertyNameArray& array, DontEnumPropertiesMode mode)
 {
     VM& vm = globalObject->vm();
     Type* thisObject = jsCast<Type*>(object);
@@ -118,12 +118,12 @@ void GenericArguments<Type>::getOwnPropertyNames(JSObject* object, JSGlobalObjec
 }
 
 template<typename Type>
-bool GenericArguments<Type>::put(JSCell* cell, JSGlobalObject* globalObject, PropertyName ident, JSValue value, PutPropertySlot& slot)
+bool GenericArgumentsImpl<Type>::put(JSCell* cell, JSGlobalObject* globalObject, PropertyName ident, JSValue value, PutPropertySlot& slot)
 {
     Type* thisObject = jsCast<Type*>(cell);
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
-    
+
     if (!thisObject->overrodeThings()
         && (ident == vm.propertyNames->length
             || ident == vm.propertyNames->callee
@@ -138,7 +138,7 @@ bool GenericArguments<Type>::put(JSCell* cell, JSGlobalObject* globalObject, Pro
     // Fall back to the OrdinarySet when the receiver is altered from the thisObject.
     if (UNLIKELY(slot.thisValue() != thisObject))
         RELEASE_AND_RETURN(scope, Base::put(thisObject, globalObject, ident, value, slot));
-    
+
     std::optional<uint32_t> index = parseIndex(ident);
     if (index && thisObject->isMappedArgument(index.value())) {
         thisObject->setIndexQuickly(vm, index.value(), value);
@@ -149,7 +149,7 @@ bool GenericArguments<Type>::put(JSCell* cell, JSGlobalObject* globalObject, Pro
 }
 
 template<typename Type>
-bool GenericArguments<Type>::putByIndex(JSCell* cell, JSGlobalObject* globalObject, unsigned index, JSValue value, bool shouldThrow)
+bool GenericArgumentsImpl<Type>::putByIndex(JSCell* cell, JSGlobalObject* globalObject, unsigned index, JSValue value, bool shouldThrow)
 {
     Type* thisObject = jsCast<Type*>(cell);
     VM& vm = globalObject->vm();
@@ -158,17 +158,17 @@ bool GenericArguments<Type>::putByIndex(JSCell* cell, JSGlobalObject* globalObje
         thisObject->setIndexQuickly(vm, index, value);
         return true;
     }
-    
+
     return Base::putByIndex(cell, globalObject, index, value, shouldThrow);
 }
 
 template<typename Type>
-bool GenericArguments<Type>::deleteProperty(JSCell* cell, JSGlobalObject* globalObject, PropertyName ident, DeletePropertySlot& slot)
+bool GenericArgumentsImpl<Type>::deleteProperty(JSCell* cell, JSGlobalObject* globalObject, PropertyName ident, DeletePropertySlot& slot)
 {
     Type* thisObject = jsCast<Type*>(cell);
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
-    
+
     if (!thisObject->overrodeThings()
         && (ident == vm.propertyNames->length
             || ident == vm.propertyNames->callee
@@ -178,13 +178,13 @@ bool GenericArguments<Type>::deleteProperty(JSCell* cell, JSGlobalObject* global
     }
 
     if (std::optional<uint32_t> index = parseIndex(ident))
-        RELEASE_AND_RETURN(scope, GenericArguments<Type>::deletePropertyByIndex(thisObject, globalObject, *index));
+        RELEASE_AND_RETURN(scope, GenericArgumentsImpl<Type>::deletePropertyByIndex(thisObject, globalObject, *index));
 
     RELEASE_AND_RETURN(scope, Base::deleteProperty(thisObject, globalObject, ident, slot));
 }
 
 template<typename Type>
-bool GenericArguments<Type>::deletePropertyByIndex(JSCell* cell, JSGlobalObject* globalObject, unsigned index)
+bool GenericArgumentsImpl<Type>::deletePropertyByIndex(JSCell* cell, JSGlobalObject* globalObject, unsigned index)
 {
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -214,12 +214,12 @@ bool GenericArguments<Type>::deletePropertyByIndex(JSCell* cell, JSGlobalObject*
 
 // https://tc39.es/ecma262/#sec-arguments-exotic-objects-defineownproperty-p-desc
 template<typename Type>
-bool GenericArguments<Type>::defineOwnProperty(JSObject* object, JSGlobalObject* globalObject, PropertyName ident, const PropertyDescriptor& descriptor, bool shouldThrow)
+bool GenericArgumentsImpl<Type>::defineOwnProperty(JSObject* object, JSGlobalObject* globalObject, PropertyName ident, const PropertyDescriptor& descriptor, bool shouldThrow)
 {
     Type* thisObject = jsCast<Type*>(object);
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
-    
+
     if (ident == vm.propertyNames->length
         || ident == vm.propertyNames->callee
         || ident == vm.propertyNames->iteratorSymbol) {
@@ -270,7 +270,7 @@ bool GenericArguments<Type>::defineOwnProperty(JSObject* object, JSGlobalObject*
 }
 
 template<typename Type>
-void GenericArguments<Type>::initModifiedArgumentsDescriptor(JSGlobalObject* globalObject, unsigned argsLength)
+void GenericArgumentsImpl<Type>::initModifiedArgumentsDescriptor(JSGlobalObject* globalObject, unsigned argsLength)
 {
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -291,14 +291,14 @@ void GenericArguments<Type>::initModifiedArgumentsDescriptor(JSGlobalObject* glo
 }
 
 template<typename Type>
-void GenericArguments<Type>::initModifiedArgumentsDescriptorIfNecessary(JSGlobalObject* globalObject, unsigned argsLength)
+void GenericArgumentsImpl<Type>::initModifiedArgumentsDescriptorIfNecessary(JSGlobalObject* globalObject, unsigned argsLength)
 {
     if (!m_modifiedArgumentsDescriptor)
         initModifiedArgumentsDescriptor(globalObject, argsLength);
 }
 
 template<typename Type>
-void GenericArguments<Type>::setModifiedArgumentDescriptor(JSGlobalObject* globalObject, unsigned index, unsigned length)
+void GenericArgumentsImpl<Type>::setModifiedArgumentDescriptor(JSGlobalObject* globalObject, unsigned index, unsigned length)
 {
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -310,7 +310,7 @@ void GenericArguments<Type>::setModifiedArgumentDescriptor(JSGlobalObject* globa
 }
 
 template<typename Type>
-bool GenericArguments<Type>::isModifiedArgumentDescriptor(unsigned index, unsigned length)
+bool GenericArgumentsImpl<Type>::isModifiedArgumentDescriptor(unsigned index, unsigned length)
 {
     if (!m_modifiedArgumentsDescriptor)
         return false;
@@ -320,7 +320,7 @@ bool GenericArguments<Type>::isModifiedArgumentDescriptor(unsigned index, unsign
 }
 
 template<typename Type>
-void GenericArguments<Type>::copyToArguments(JSGlobalObject* globalObject, JSValue* firstElementDest, unsigned offset, unsigned length)
+void GenericArgumentsImpl<Type>::copyToArguments(JSGlobalObject* globalObject, JSValue* firstElementDest, unsigned offset, unsigned length)
 {
     VM& vm = globalObject->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.cpp b/Source/JavaScriptCore/runtime/ScopedArguments.cpp
index 80bbe38c83472..122d4cf0c3537 100644
--- a/Source/JavaScriptCore/runtime/ScopedArguments.cpp
+++ b/Source/JavaScriptCore/runtime/ScopedArguments.cpp
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "ScopedArguments.h"
 
-#include "GenericArgumentsInlines.h"
+#include "GenericArgumentsImplInlines.h"
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
 
@@ -37,7 +37,7 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(ScopedArguments);
 const ClassInfo ScopedArguments::s_info = { "Arguments"_s, &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(ScopedArguments) };
 
 ScopedArguments::ScopedArguments(VM& vm, Structure* structure, WriteBarrier<Unknown>* storage, unsigned totalLength, JSFunction* callee, ScopedArgumentsTable* table, JSLexicalEnvironment* scope)
-    : GenericArguments(vm, structure)
+    : GenericArgumentsImpl(vm, structure)
     , m_totalLength(totalLength)
     , m_callee(callee, WriteBarrierEarlyInit)
     , m_table(table, WriteBarrierEarlyInit)
@@ -99,7 +99,7 @@ void ScopedArguments::visitChildrenImpl(JSCell* cell, Visitor& visitor)
 {
     ScopedArguments* thisObject = static_cast<ScopedArguments*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    Base::visitChildren(thisObject, visitor);
+    GenericArgumentsImpl::visitChildren(thisObject, visitor); // Including Base::visitChildren.
 
     visitor.append(thisObject->m_callee);
     visitor.append(thisObject->m_table);
@@ -159,7 +159,7 @@ void ScopedArguments::unmapArgument(JSGlobalObject* globalObject, uint32_t i)
 
 void ScopedArguments::copyToArguments(JSGlobalObject* globalObject, JSValue* firstElementDest, unsigned offset, unsigned length)
 {
-    GenericArguments::copyToArguments(globalObject, firstElementDest, offset, length);
+    GenericArgumentsImpl::copyToArguments(globalObject, firstElementDest, offset, length);
 }
 
 bool ScopedArguments::isIteratorProtocolFastAndNonObservable()
diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.h b/Source/JavaScriptCore/runtime/ScopedArguments.h
index 63e6d3b23b361..a04606f3400d1 100644
--- a/Source/JavaScriptCore/runtime/ScopedArguments.h
+++ b/Source/JavaScriptCore/runtime/ScopedArguments.h
@@ -25,7 +25,7 @@
 
 #pragma once
 
-#include "GenericArguments.h"
+#include "GenericArgumentsImpl.h"
 #include "JSLexicalEnvironment.h"
 #include "Watchpoint.h"
 
@@ -39,10 +39,10 @@ namespace JSC {
 // object will store the overflow arguments, if there are any. This object will use the symbol
 // table's ScopedArgumentsTable and the activation, or its overflow storage, to handle all indexed
 // lookups.
-class ScopedArguments final : public GenericArguments<ScopedArguments> {
+class ScopedArguments final : public GenericArgumentsImpl<ScopedArguments> {
 private:
     ScopedArguments(VM&, Structure*, WriteBarrier<Unknown>* storage, unsigned totalLength, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*);
-    using Base = GenericArguments<ScopedArguments>;
+    using Base = GenericArgumentsImpl<ScopedArguments>;
 
 public:
     template<typename CellType, SubspaceAccess>
@@ -139,17 +139,17 @@ class ScopedArguments final : public GenericArguments<ScopedArguments> {
     
     void initModifiedArgumentsDescriptorIfNecessary(JSGlobalObject* globalObject)
     {
-        GenericArguments<ScopedArguments>::initModifiedArgumentsDescriptorIfNecessary(globalObject, m_table->length());
+        GenericArgumentsImpl<ScopedArguments>::initModifiedArgumentsDescriptorIfNecessary(globalObject, m_table->length());
     }
 
     void setModifiedArgumentDescriptor(JSGlobalObject* globalObject, unsigned index)
     {
-        GenericArguments<ScopedArguments>::setModifiedArgumentDescriptor(globalObject, index, m_table->length());
+        GenericArgumentsImpl<ScopedArguments>::setModifiedArgumentDescriptor(globalObject, index, m_table->length());
     }
 
     bool isModifiedArgumentDescriptor(unsigned index)
     {
-        return GenericArguments<ScopedArguments>::isModifiedArgumentDescriptor(index, m_table->length());
+        return GenericArgumentsImpl<ScopedArguments>::isModifiedArgumentDescriptor(index, m_table->length());
     }
 
     void copyToArguments(JSGlobalObject*, JSValue* firstElementDest, unsigned offset, unsigned length);

From 441eaa11a2c6d54cd44ee145b4465fbec959f71c Mon Sep 17 00:00:00 2001
From: Ryan Fuller <ryanfuller@apple.com>
Date: Fri, 21 Feb 2025 17:42:23 -0800
Subject: [PATCH 019/174] [ Build-Failure ] Fix visionOS Build rdar://145334544
 https://bugs.webkit.org/show_bug.cgi?id=288265

Unreviewed build fix.

Enum not available on all SDKs.

* Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm:
(WebCore::VideoPresentationInterfaceIOS::cleanupFullscreen):

Canonical link: https://commits.webkit.org/290840@main
---
 Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
index 47e060079efdf..837d3c4e59e86 100644
--- a/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
+++ b/Source/WebCore/platform/ios/VideoPresentationInterfaceIOS.mm
@@ -596,7 +596,6 @@ @interface UIViewController ()
     LOG(Fullscreen, "VideoPresentationInterfaceIOS::cleanupFullscreen(%p)", this);
 
     if (this->cleanupExternalPlayback()) {
-        ASSERT(m_currentMode == HTMLMediaElementEnums::VideoFullscreenModeNone);
         return;
     }
 

From dfb8e11413ac661a8edc3576a86443523218ed19 Mon Sep 17 00:00:00 2001
From: Abrar Rahman Protyasha <a_protyasha@apple.com>
Date: Fri, 21 Feb 2025 18:01:33 -0800
Subject: [PATCH 020/174] REGRESSION(290757@main)[macOS Debug]: ASSERTION
 FAILED: ProcessCapabilities::canUseAcceleratedBuffers() in pdf tests (failure
 in EWS) https://bugs.webkit.org/show_bug.cgi?id=288264 rdar://145334282

Reviewed by Richard Robinson.

We can't mix and match accelerated drawing, and accessing the platform
context, because this tries to map IOSurfaces into the web content
process, which is denied by the sandbox.

This patch corrects the minor typo in layerNeedsPlatformContext since we
want to return true if shouldUseInProcessBackingStore is true, and not
if it's false.

* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::layerNeedsPlatformContext const):

Canonical link: https://commits.webkit.org/290841@main
---
 .../WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
index 3a3a15ef3a33e..27f2493e4e72c 100644
--- a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
+++ b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
@@ -4491,7 +4491,7 @@ static bool isEmpty(PDFSelection *selection)
 
 bool UnifiedPDFPlugin::layerNeedsPlatformContext(const GraphicsLayer* layer) const
 {
-    return !shouldUseInProcessBackingStore() && (layer == layerForHorizontalScrollbar() || layer == layerForVerticalScrollbar() || layer == layerForScrollCorner());
+    return shouldUseInProcessBackingStore() && (layer == layerForHorizontalScrollbar() || layer == layerForVerticalScrollbar() || layer == layerForScrollCorner());
 }
 
 ViewportConfiguration::Parameters UnifiedPDFPlugin::viewportParameters()

From 18cc91853d356a9f1af0de8568930cb806c6e05e Mon Sep 17 00:00:00 2001
From: Timothy Hatcher <timothy@apple.com>
Date: Fri, 21 Feb 2025 18:04:03 -0800
Subject: [PATCH 021/174] Refine the construction of WKWebExtension in Swift.
 https://webkit.org/b/288129 rdar://problem/145235810

Reviewed by Brian Weinstein and Richard Robinson.

Introduce a Swift overlay for WKWebExtension to define two async init() methods
that are more idiomatic in Swift.

Swift really does not like _init methods, so unprefix the existing private init
methods to keep the compiler happy when building the overlay. Retain prefixed
versions for ObjC compatability with existing clients.

* Source/WebKit/Configurations/Base.xcconfig: Define ENABLE_WEB_EXTENSION_API.
* Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm:
(-[WKWebExtension _initWithAppExtensionBundle:error:]):
(-[WKWebExtension _initWithResourceBaseURL:error:]):
(-[WKWebExtension _initWithAppExtensionBundle:resourceBaseURL:error:]):
(-[WKWebExtension _initWithManifestDictionary:]):
(-[WKWebExtension _initWithManifestDictionary:resources:]):
(-[WKWebExtension _initWithResources:]):
(-[WKWebExtension initWithAppExtensionBundle:error:]):
(-[WKWebExtension initWithResourceBaseURL:error:]):
(-[WKWebExtension initWithAppExtensionBundle:resourceBaseURL:error:]):
(-[WKWebExtension initWithManifestDictionary:]):
(-[WKWebExtension initWithManifestDictionary:resources:]):
(-[WKWebExtension initWithResources:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift:

Canonical link: https://commits.webkit.org/290842@main
---
 Source/WebKit/Configurations/Base.xcconfig    | 27 +++++-
 .../UIProcess/API/Cocoa/WKWebExtension.h      |  4 +-
 .../UIProcess/API/Cocoa/WKWebExtension.mm     | 94 +++++++++++++------
 .../API/Cocoa/WKWebExtensionPrivate.h         | 21 +++--
 .../API/Cocoa/WebKitSwiftOverlay.swift        | 25 +++++
 5 files changed, 130 insertions(+), 41 deletions(-)

diff --git a/Source/WebKit/Configurations/Base.xcconfig b/Source/WebKit/Configurations/Base.xcconfig
index 76549bdf11915..258bd934e780d 100644
--- a/Source/WebKit/Configurations/Base.xcconfig
+++ b/Source/WebKit/Configurations/Base.xcconfig
@@ -139,8 +139,31 @@ WK_ENABLE_SWIFTUI[sdk=xros2*] = NO;
 WK_ENABLE_SWIFTUI[sdk=xrsimulator1*] = NO;
 WK_ENABLE_SWIFTUI[sdk=xrsimulator2*] = NO;
 
-SWIFT_ACTIVE_COMPILATION_CONDITIONS = $(SWIFT_ACTIVE_COMPILATION_CONDITIONS_$(WK_ENABLE_SWIFTUI));
-SWIFT_ACTIVE_COMPILATION_CONDITIONS_YES = ENABLE_SWIFTUI;
+WK_ENABLE_WEB_EXTENSION_API = YES;
+WK_ENABLE_WEB_EXTENSION_API[sdk=watch*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=appletv*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*13*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*14*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*15.0*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*15.1*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*15.2*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=mac*15.3*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=iphone*17*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=iphone*18.0*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=iphone*18.1*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=iphone*18.2*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=iphone*18.3*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=xr*1*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=xr*2.0*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=xr*2.1*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=xr*2.2*] = NO;
+WK_ENABLE_WEB_EXTENSION_API[sdk=xr*2.3*] = NO;
+
+SWIFT_ACTIVE_COMPILATION_CONDITIONS = $(inherited) $(SWIFT_ACTIVE_COMPILATION_CONDITIONS_SWIFTUI_$(WK_ENABLE_SWIFTUI))
+SWIFT_ACTIVE_COMPILATION_CONDITIONS_SWIFTUI_YES = ENABLE_SWIFTUI
+
+SWIFT_ACTIVE_COMPILATION_CONDITIONS = $(inherited) $(SWIFT_ACTIVE_COMPILATION_CONDITIONS_WEB_EXTENSION_API_$(WK_ENABLE_WEB_EXTENSION_API))
+SWIFT_ACTIVE_COMPILATION_CONDITIONS_WEB_EXTENSION_API_YES = ENABLE_WEB_EXTENSION_API
 
 OTHER_CPLUSPLUSFLAGS = $(inherited) -isystem $(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders;
 
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
index ec09fbf7509ce..2764447a5433d 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.h
@@ -82,7 +82,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The app extension bundle must contain a `manifest.json` file in its resources directory. If the manifest is invalid or missing,
  or the bundle is otherwise improperly configured, an error will be returned.
  */
-+ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
++ (void)extensionWithAppExtensionBundle:(NSBundle *)appExtensionBundle completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL, which can point to either a directory or a ZIP archive.
@@ -91,7 +91,7 @@ WK_CLASS_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA)) WK
  @discussion The URL must be a file URL that points to either a directory with a `manifest.json` file or a ZIP archive containing a `manifest.json` file.
  If the manifest is invalid or missing, or the URL points to an unsupported format or invalid archive, an error will be returned.
  */
-+ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * WK_NULLABLE_RESULT extension, NSError * _Nullable error))completionHandler WK_SWIFT_ASYNC_THROWS_ON_FALSE(1);
++ (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:(void (^)(WKWebExtension * _Nullable extension, NSError * _Nullable error))completionHandler NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract An array of all errors that occurred during the processing of the extension.
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
index d3c153560a6f3..279bd260386f6 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtension.mm
@@ -86,29 +86,47 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     });
 }
 
-// FIXME: Remove after Safari has adopted new methods.
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:appExtensionBundle error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-// FIXME: Remove after Safari has adopted new methods.
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+{
+    return [self initWithManifestDictionary:manifest resources:nil];
+}
+
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithManifestDictionary:manifest resources:resources];
+}
+
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
 {
-    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self initWithResources:resources];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
+}
+
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+}
+
+- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     NSParameterAssert(appExtensionBundle || resourceBaseURL);
 
@@ -138,14 +156,14 @@ - (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBun
     return self;
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
-    return [self _initWithManifestDictionary:manifest resources:nil];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([manifest isKindOfClass:NSDictionary.class]);
 
@@ -157,7 +175,7 @@ - (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)mani
     return self;
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     NSParameterAssert([resources isKindOfClass:NSDictionary.class]);
 
@@ -349,44 +367,64 @@ + (void)extensionWithResourceBaseURL:(NSURL *)resourceBaseURL completionHandler:
     completionHandler(nil, [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil]);
 }
 
-- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:bundle error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:nil error:error];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
 {
-    return [self _initWithResourceBaseURL:resourceBaseURL error:error];
+    return [self initWithAppExtensionBundle:appExtensionBundle resourceBaseURL:resourceBaseURL error:error];
 }
 
-- (instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
-    return [self _initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
+- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithManifestDictionary:manifest resources:resources];
+}
+
+- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+{
+    return [self initWithResources:resources];
+}
+
+- (instancetype)initWithAppExtensionBundle:(NSBundle *)bundle error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:bundle resourceBaseURL:nil error:error];
+}
+
+- (instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error
+{
+    return [self initWithAppExtensionBundle:nil resourceBaseURL:resourceBaseURL error:error];
+}
+
+- (instancetype)initWithAppExtensionBundle:(nullable NSBundle *)bundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error
 {
     if (error)
         *error = [NSError errorWithDomain:NSCocoaErrorDomain code:NSFeatureUnsupportedError userInfo:nil];
     return nil;
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest
 {
-    return [self _initWithManifestDictionary:manifest resources:nil];
+    return [self initWithManifestDictionary:manifest resources:nil];
 }
 
-- (instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
 
-- (instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources
+- (instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources
 {
     return nil;
 }
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
index 2e524adcc0fdb..6175d61ccf4fa 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebExtensionPrivate.h
@@ -29,9 +29,12 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
 
 @interface WKWebExtension ()
 
-// FIXME: Remove after Safari has adopted new methods.
-- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
-- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
+- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:).");
+- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(resourceBaseURL:).");
+- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle resourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_SWIFT_UNAVAILABLE("Use init(appExtensionBundle:resourceBaseURL:).");
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:).");
+- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(manifestDictionary:resources:).");
+- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_SWIFT_UNAVAILABLE("Use init(resources:).");
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle.
@@ -39,7 +42,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @param error Set to \c nil or an error instance if an error occurred.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)_initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error;
+- (nullable instancetype)initWithAppExtensionBundle:(NSBundle *)appExtensionBundle error:(NSError **)error NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified resource base URL.
@@ -48,7 +51,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  @discussion The URL must be a file URL that points to either a directory containing a `manifest.json` file or a valid ZIP archive.
  */
-- (nullable instancetype)_initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error;
+- (nullable instancetype)initWithResourceBaseURL:(NSURL *)resourceBaseURL error:(NSError **)error NS_REFINED_FOR_SWIFT;
 
 /*!
  @abstract Returns a web extension initialized with a specified app extension bundle and resource base URL.
@@ -59,14 +62,14 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion Either the app extension bundle or the resource base URL (which can point to a directory or a valid ZIP archive) must be provided.
  This initializer is useful when the extension resources are in a different location from the app extension bundle used for native messaging.
  */
-- (nullable instancetype)_initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithAppExtensionBundle:(nullable NSBundle *)appExtensionBundle resourceBaseURL:(nullable NSURL *)resourceBaseURL error:(NSError **)error NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary.
  @param manifest The dictionary containing the manifest data for the web extension.
  @result An initialized web extension, or `nil` if the object could not be initialized due to an error.
  */
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
+- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest;
 
 /*!
  @abstract Returns a web extension initialized with a specified manifest dictionary and resources.
@@ -76,7 +79,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary provides additional data required for the web extension. Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)_initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithManifestDictionary:(NSDictionary<NSString *, id> *)manifest resources:(nullable NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*!
  @abstract Returns a web extension initialized with specified resources.
@@ -85,7 +88,7 @@ WK_HEADER_AUDIT_BEGIN(nullability, sendability)
  @discussion The resources dictionary must provide at least the `manifest.json` resource.  Paths in resources can
  have subdirectories, such as `_locales/en/messages.json`.
  */
-- (nullable instancetype)_initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithResources:(NSDictionary<NSString *, id> *)resources NS_DESIGNATED_INITIALIZER;
 
 /*! @abstract A Boolean value indicating whether the extension background content is a service worker. */
 @property (readonly, nonatomic) BOOL _hasServiceWorkerBackgroundContent;
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
index 994071d3a2df9..4bf6a4475d26e 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
+++ b/Source/WebKit/UIProcess/API/Cocoa/WebKitSwiftOverlay.swift
@@ -25,6 +25,10 @@
 
 #if !os(tvOS) && !os(watchOS)
 
+#if ENABLE_WEB_EXTENSION_API
+internal import WebKit_Private.WKWebExtensionPrivate
+#endif
+
 #if USE_APPLE_INTERNAL_SDK
 @_spi(CTypeConversion) import Network
 #endif
@@ -85,7 +89,25 @@ extension WKWebView {
 }
 #endif
 
+#if ENABLE_WEB_EXTENSION_API
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
+extension WKWebExtension {
+    public convenience init(appExtensionBundle: Bundle) async throws {
+        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
+        try self.init(appExtensionBundle: appExtensionBundle, resourceBaseURL: nil)
+    }
+
+    public convenience init(resourceBaseURL: URL) async throws {
+        // FIXME: <https://webkit.org/b/276194> Make the WebExtension class load data on a background thread.
+        try self.init(appExtensionBundle: nil, resourceBaseURL: resourceBaseURL)
+    }
+}
+
+@available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
 extension WKWebExtensionController {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -101,6 +123,8 @@ extension WKWebExtensionController {
 }
 
 @available(iOS 18.4, macOS 15.4, visionOS 2.4, *)
+@available(watchOS, unavailable)
+@available(tvOS, unavailable)
 extension WKWebExtensionContext {
     public func didCloseTab(_ closedTab: WKWebExtensionTab, windowIsClosing: Bool = false) {
         __didClose(closedTab, windowIsClosing: windowIsClosing)
@@ -114,6 +138,7 @@ extension WKWebExtensionContext {
         __didMove(movedTab, from: index, in: oldWindow)
     }
 }
+#endif
 
 // FIXME: Need to declare ProxyConfiguration SPI in order to build and test
 // this with public SDKs (https://bugs.webkit.org/show_bug.cgi?id=280911).

From 35d27af31ff0de0cf32b70ed86cf49ac80ef6a0b Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Fri, 21 Feb 2025 18:13:01 -0800
Subject: [PATCH 022/174] Remove
 NetworkProcess::webProcessIdentifierForConnection
 https://bugs.webkit.org/show_bug.cgi?id=288266

Reviewed by Alex Christensen.

* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::webProcessIdentifierForConnection const): Deleted.
* Source/WebKit/NetworkProcess/NetworkProcess.h:

Canonical link: https://commits.webkit.org/290843@main
---
 Source/WebKit/NetworkProcess/NetworkProcess.cpp | 9 ---------
 Source/WebKit/NetworkProcess/NetworkProcess.h   | 1 -
 2 files changed, 10 deletions(-)

diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
index 4ccc800172a28..40718b455299e 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -2925,15 +2925,6 @@ void NetworkProcess::connectionToWebProcessClosed(IPC::Connection& connection, P
         session->protectedStorageManager()->stopReceivingMessageFromConnection(connection);
 }
 
-std::optional<WebCore::ProcessIdentifier> NetworkProcess::webProcessIdentifierForConnection(IPC::Connection& connection) const
-{
-    for (auto& [processIdentifier, webConnection] : m_webProcessConnections) {
-        if (&webConnection->connection() == &connection)
-            return processIdentifier;
-    }
-    return std::nullopt;
-}
-
 NetworkConnectionToWebProcess* NetworkProcess::webProcessConnection(ProcessIdentifier identifier) const
 {
     return m_webProcessConnections.get(identifier);
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
index afeed5468d9eb..c6b478b2564a0 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.h
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h
@@ -382,7 +382,6 @@ class NetworkProcess final : public AuxiliaryProcess, private DownloadManager::C
 
     NetworkConnectionToWebProcess* webProcessConnection(WebCore::ProcessIdentifier) const;
     NetworkConnectionToWebProcess* webProcessConnection(const IPC::Connection&) const;
-    std::optional<WebCore::ProcessIdentifier> webProcessIdentifierForConnection(IPC::Connection&) const;
     WebCore::MessagePortChannelRegistry& messagePortChannelRegistry() { return m_messagePortChannelRegistry; }
 
     void setServiceWorkerFetchTimeoutForTesting(Seconds, CompletionHandler<void()>&&);

From 71573d3520b6bd7615c5d441c31cab644216783e Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa@webkit.org>
Date: Fri, 21 Feb 2025 18:34:31 -0800
Subject: [PATCH 023/174] Unreviewed. Update safer C++ expectations.

* Source/WTF/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:

Canonical link: https://commits.webkit.org/290844@main
---
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Source/WTF/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WTF/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index ea187187aa394..9406390babae1 100644
--- a/Source/WTF/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WTF/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1,7 +1,6 @@
 wtf/AutomaticThread.cpp
 wtf/JSONValues.cpp
 wtf/MemoryPressureHandler.cpp
-wtf/NativePromise.h
 wtf/ParallelHelperPool.cpp
 wtf/PrintStream.h
 wtf/ThreadGroup.cpp

From ad233b0aa06fc2ec5676b2a0547fb7b41ca9ae8f Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 18:37:16 -0800
Subject: [PATCH 024/174] Address Safer CPP failures in HTMLDocumentParser
 https://bugs.webkit.org/show_bug.cgi?id=288219

Reviewed by Ryosuke Niwa.

* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::prepareToStopParsing):
(WebCore::HTMLDocumentParser::isScheduledForResume const):
(WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
(WebCore::HTMLDocumentParser::pumpTokenizerLoop):
(WebCore::HTMLDocumentParser::pumpTokenizer):
(WebCore::HTMLDocumentParser::insert):
(WebCore::HTMLDocumentParser::append):
(WebCore::HTMLDocumentParser::appendCurrentInputStreamToPreloadScannerAndScan):
* Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp:
* Source/WebCore/html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::protectedScriptToProcess const):
* Source/WebCore/html/parser/HTMLTreeBuilder.h:

Canonical link: https://commits.webkit.org/290845@main
---
 .../UncountedCallArgsCheckerExpectations      |  2 -
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 .../html/parser/HTMLDocumentParser.cpp        | 41 +++++++++++--------
 .../parser/HTMLDocumentParserFastPath.cpp     |  4 +-
 .../WebCore/html/parser/HTMLTreeBuilder.cpp   |  5 +++
 Source/WebCore/html/parser/HTMLTreeBuilder.h  |  1 +
 6 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 9394d7644125a..7901a5caa8d70 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -808,8 +808,6 @@ html/canvas/WebGLVertexArrayObjectBase.cpp
 html/canvas/WebGLVertexArrayObjectOES.cpp
 html/parser/HTMLConstructionSite.cpp
 html/parser/HTMLConstructionSite.h
-html/parser/HTMLDocumentParser.cpp
-html/parser/HTMLDocumentParserFastPath.cpp
 html/parser/HTMLParserScheduler.cpp
 html/parser/HTMLScriptRunner.cpp
 html/parser/HTMLTreeBuilder.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index a035d2c5d7da6..ecca01894b88a 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -434,7 +434,6 @@ html/canvas/WebGLProvokingVertex.cpp
 html/canvas/WebGLRenderingContextBase.cpp
 html/canvas/WebGLUtilities.h
 html/parser/HTMLConstructionSite.cpp
-html/parser/HTMLDocumentParser.cpp
 html/shadow/DateTimeEditElement.cpp
 html/shadow/MediaControlTextTrackContainerElement.cpp
 html/shadow/SliderThumbElement.cpp
diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.cpp b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
index 884aa4132cfc3..ac728514e6c65 100644
--- a/Source/WebCore/html/parser/HTMLDocumentParser.cpp
+++ b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
@@ -142,10 +142,11 @@ void HTMLDocumentParser::prepareToStopParsing()
 
     // We will not have a scriptRunner when parsing a DocumentFragment.
     if (m_scriptRunner) {
-        document()->setReadyState(Document::ReadyState::Interactive);
+        RefPtr document = this->document();
+        document->setReadyState(Document::ReadyState::Interactive);
 
         if (!isDetached())
-            document()->processInternalResourceLinks();
+            document->processInternalResourceLinks();
     }
 
     // Setting the ready state above can fire mutation event and detach us
@@ -204,7 +205,8 @@ void HTMLDocumentParser::pumpTokenizerIfPossible(SynchronousMode mode)
 
 bool HTMLDocumentParser::isScheduledForResume() const
 {
-    return m_parserScheduler && m_parserScheduler->isScheduledForResume();
+    RefPtr scheduler = m_parserScheduler;
+    return scheduler && scheduler->isScheduledForResume();
 }
 
 // Used by HTMLParserScheduler
@@ -230,13 +232,14 @@ void HTMLDocumentParser::runScriptsForPausedTreeBuilder()
         // https://html.spec.whatwg.org/#create-an-element-for-the-token
         {
             // Prevent document.open/write during reactions by allocating the incrementer before the reactions stack.
-            ThrowOnDynamicMarkupInsertionCountIncrementer incrementer(*document());
+            RefPtr document = this->document();
+            ThrowOnDynamicMarkupInsertionCountIncrementer incrementer(*document);
 
-            document()->eventLoop().performMicrotaskCheckpoint();
+            document->eventLoop().performMicrotaskCheckpoint();
 
-            CustomElementReactionStack reactionStack(document()->globalObject());
-            auto& elementInterface = constructionData->elementInterface.get();
-            auto newElement = elementInterface.constructElementWithFallback(*document(), constructionData->registry, constructionData->name,
+            CustomElementReactionStack reactionStack(document->globalObject());
+            Ref elementInterface = constructionData->elementInterface.get();
+            auto newElement = elementInterface->constructElementWithFallback(*document, constructionData->registry, constructionData->name,
                 m_scriptRunner && !m_scriptRunner->isExecutingScript() ? ParserConstructElementWithEmptyStack::Yes : ParserConstructElementWithEmptyStack::No);
             m_treeBuilder->didCreateCustomOrFallbackElement(WTFMove(newElement), *constructionData);
         }
@@ -266,7 +269,7 @@ bool HTMLDocumentParser::pumpTokenizerLoop(SynchronousMode mode, bool parsingFra
     RefPtr parserScheduler = m_parserScheduler;
     do {
         if (UNLIKELY(isWaitingForScripts())) {
-            if (mode == SynchronousMode::AllowYield && parserScheduler->shouldYieldBeforeExecutingScript(m_treeBuilder->scriptToProcess(), session))
+            if (mode == SynchronousMode::AllowYield && parserScheduler->shouldYieldBeforeExecutingScript(m_treeBuilder->protectedScriptToProcess().get(), session))
                 return true;
             
             runScriptsForPausedTreeBuilder();
@@ -279,7 +282,7 @@ bool HTMLDocumentParser::pumpTokenizerLoop(SynchronousMode mode, bool parsingFra
         // how the parser has always handled stopping when the page assigns window.location. What should
         // happen instead is that assigning window.location causes the parser to stop parsing cleanly.
         // The problem is we're not prepared to do that at every point where we run JavaScript.
-        if (UNLIKELY(!parsingFragment && document()->frame() && document()->frame()->protectedNavigationScheduler()->locationChangePending()))
+        if (UNLIKELY(!parsingFragment && document()->frame() && document()->protectedFrame()->protectedNavigationScheduler()->locationChangePending()))
             return false;
 
         if (UNLIKELY(mode == SynchronousMode::AllowYield && parserScheduler->shouldYieldBeforeToken(session)))
@@ -327,17 +330,18 @@ void HTMLDocumentParser::pumpTokenizer(SynchronousMode mode)
     if (shouldResume)
         Ref { *m_parserScheduler }->scheduleForResume();
 
+    RefPtr document = this->document();
     if (isWaitingForScripts() && !isDetached()) {
         ASSERT(m_tokenizer.isInDataState());
         if (!m_preloadScanner) {
-            m_preloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document()->url(), document()->deviceScaleFactor());
+            m_preloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document->url(), document->deviceScaleFactor());
             m_preloadScanner->appendToEnd(m_input.current());
         }
-        m_preloadScanner->scan(*m_preloader, Ref { *document() });
+        m_preloadScanner->scan(*m_preloader, *document);
     }
     // The viewport definition is known here, so we can load link preloads with media attributes.
-    if (document()->loader())
-        LinkLoader::loadLinksFromHeader(document()->loader()->response().httpHeaderField(HTTPHeaderName::Link), document()->url(), *document(), LinkLoader::MediaAttributeCheck::MediaAttributeNotEmpty);
+    if (document->loader())
+        LinkLoader::loadLinksFromHeader(document->loader()->response().httpHeaderField(HTTPHeaderName::Link), document->url(), *document, LinkLoader::MediaAttributeCheck::MediaAttributeNotEmpty);
 }
 
 void HTMLDocumentParser::constructTreeFromHTMLToken(HTMLTokenizer::TokenPtr& rawToken)
@@ -386,12 +390,13 @@ void HTMLDocumentParser::insert(SegmentedString&& source)
     pumpTokenizerIfPossible(SynchronousMode::ForceSynchronous);
 
     if (isWaitingForScripts() && !isDetached()) {
+        RefPtr document = this->document();
         // Check the document.write() output with a separate preload scanner as
         // the main scanner can't deal with insertions.
         if (!m_insertionPreloadScanner)
-            m_insertionPreloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document()->url(), document()->deviceScaleFactor());
+            m_insertionPreloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document->url(), document->deviceScaleFactor());
         m_insertionPreloadScanner->appendToEnd(source);
-        m_insertionPreloadScanner->scan(*m_preloader, *document());
+        m_insertionPreloadScanner->scan(*m_preloader, *document);
     }
 
     endIfDelayed();
@@ -426,7 +431,7 @@ void HTMLDocumentParser::append(RefPtr<StringImpl>&& inputSource, SynchronousMod
         } else {
             m_preloadScanner->appendToEnd(source);
             if (isWaitingForScripts())
-                m_preloadScanner->scan(*m_preloader, *document());
+                m_preloadScanner->scan(*m_preloader, *protectedDocument());
         }
     }
 
@@ -571,7 +576,7 @@ void HTMLDocumentParser::appendCurrentInputStreamToPreloadScannerAndScan()
 {
     ASSERT(m_preloadScanner);
     m_preloadScanner->appendToEnd(m_input.current());
-    m_preloadScanner->scan(*m_preloader, *document());
+    m_preloadScanner->scan(*m_preloader, *protectedDocument());
 }
 
 void HTMLDocumentParser::notifyFinished(PendingScript& pendingScript)
diff --git a/Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp b/Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp
index 0d0dc0b3cf9c0..880abf6b4ce8f 100644
--- a/Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp
+++ b/Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp
@@ -230,8 +230,8 @@ class HTMLFastPathParser {
     HTMLFastPathResult parseResult() const { return m_parseResult; }
 
 private:
-    Ref<Document> m_document;
-    WeakRef<ContainerNode, WeakPtrImplWithEventTargetData> m_destinationParent;
+    const Ref<Document> m_document;
+    const Ref<ContainerNode> m_destinationParent;
 
     StringParsingBuffer<CharacterType> m_parsingBuffer;
 
diff --git a/Source/WebCore/html/parser/HTMLTreeBuilder.cpp b/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
index f3c7644e45851..64d213d254cda 100644
--- a/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
+++ b/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
@@ -3146,4 +3146,9 @@ bool HTMLTreeBuilder::isOnStackOfOpenElements(Element& element) const
     return m_tree.openElements().contains(element);
 }
 
+RefPtr<const ScriptElement> HTMLTreeBuilder::protectedScriptToProcess() const
+{
+    return m_scriptToProcess;
+}
+
 }
diff --git a/Source/WebCore/html/parser/HTMLTreeBuilder.h b/Source/WebCore/html/parser/HTMLTreeBuilder.h
index c4201989a5e14..ef418499a3720 100644
--- a/Source/WebCore/html/parser/HTMLTreeBuilder.h
+++ b/Source/WebCore/html/parser/HTMLTreeBuilder.h
@@ -71,6 +71,7 @@ class HTMLTreeBuilder {
     // Must be called to take the parser-blocking script before calling the parser again.
     RefPtr<ScriptElement> takeScriptToProcess(TextPosition& scriptStartPosition);
     const ScriptElement* scriptToProcess() const { return m_scriptToProcess.get(); }
+    RefPtr<const ScriptElement> protectedScriptToProcess() const;
 
     std::unique_ptr<CustomElementConstructionData> takeCustomElementConstructionData() { return WTFMove(m_customElementToConstruct); }
     void didCreateCustomOrFallbackElement(Ref<Element>&&, CustomElementConstructionData&);

From 5b3c393e88a115165f8ccfdd1e60a7b266fa0ab7 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa@webkit.org>
Date: Fri, 21 Feb 2025 19:20:07 -0800
Subject: [PATCH 025/174] Fix static analyzer warnings in
 WebLocalFrameLoaderClient.cpp https://bugs.webkit.org/show_bug.cgi?id=288258

Reviewed by Chris Dumez.

Deployed more smart pointers to address the unexpected static analyzer warnings.

* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::restoreViewState):
(WebKit::WebLocalFrameLoaderClient::objectContentType):

Canonical link: https://commits.webkit.org/290846@main
---
 .../WebCoreSupport/WebLocalFrameLoaderClient.cpp    | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
index 8beed6ae14e86..39d88ce2c7ba1 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
@@ -1415,13 +1415,14 @@ void WebLocalFrameLoaderClient::restoreViewState()
     double scaleFactor = m_localFrame->loader().history().protectedCurrentItem()->pageScaleFactor();
 
     // A scale factor of 0 means the history item has the default scale factor, thus we do not need to update it.
-    if (scaleFactor)
-        m_frame->page()->send(Messages::WebPageProxy::PageScaleFactorDidChange(scaleFactor));
+    RefPtr page = m_frame->page();
+    if (page && scaleFactor)
+        page->send(Messages::WebPageProxy::PageScaleFactorDidChange(scaleFactor));
 
     // FIXME: This should not be necessary. WebCore should be correctly invalidating
     // the view on restores from the back/forward cache.
-    if (m_frame->page() && m_frame.ptr() == &m_frame->page()->mainWebFrame())
-        m_frame->page()->protectedDrawingArea()->setNeedsDisplay();
+    if (page && m_frame.ptr() == &page->mainWebFrame())
+        page->protectedDrawingArea()->setNeedsDisplay();
 #endif
 }
 
@@ -1665,7 +1666,7 @@ ObjectContentType WebLocalFrameLoaderClient::objectContentType(const URL& url, c
         if (mimeType.isEmpty()) {
             // Check if there's a plug-in around that can handle the extension.
             if (RefPtr webPage = m_frame->page()) {
-                if (pluginSupportsExtension(webPage->protectedCorePage()->pluginData(), extension))
+                if (pluginSupportsExtension(webPage->protectedCorePage()->protectedPluginData(), extension))
                     return ObjectContentType::PlugIn;
             }
             return ObjectContentType::Frame;
@@ -1682,7 +1683,7 @@ ObjectContentType WebLocalFrameLoaderClient::objectContentType(const URL& url, c
 
     if (RefPtr webPage = m_frame->page()) {
         auto allowedPluginTypes = PluginData::OnlyApplicationPlugins;
-        if (webPage->corePage()->protectedPluginData()->supportsMimeType(mimeType, allowedPluginTypes))
+        if (webPage->protectedCorePage()->protectedPluginData()->supportsMimeType(mimeType, allowedPluginTypes))
             return ObjectContentType::PlugIn;
     }
 

From e31e39e35b2e3e92598bd6de2548d64d8bd3fa42 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 19:21:28 -0800
Subject: [PATCH 026/174] Address Safer CPP failures in QueuedVideoOutput.mm
 https://bugs.webkit.org/show_bug.cgi?id=288224

Reviewed by Ryosuke Niwa.

* Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations:
* Source/WebCore/platform/graphics/avfoundation/objc/QueuedVideoOutput.mm:
(isType):
(SPECIALIZE_TYPE_TRAITS_END):
(-[WebQueuedVideoOutputDelegate outputMediaDataWillChange:]):
(-[WebQueuedVideoOutputDelegate outputSequenceWasFlushed:]):

Canonical link: https://commits.webkit.org/290847@main
---
 .../MemoryUnsafeCastCheckerExpectations                |  1 -
 .../graphics/avfoundation/objc/QueuedVideoOutput.mm    | 10 ++++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations b/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
index f9c7db1ca5ecf..0db34133fab3e 100644
--- a/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
@@ -111,7 +111,6 @@ platform/encryptedmedia/clearkey/CDMClearKey.cpp
 platform/graphics/GraphicsLayer.cpp
 platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h
 platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h
-platform/graphics/avfoundation/objc/QueuedVideoOutput.mm
 platform/graphics/ca/GraphicsLayerCA.cpp
 platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm
 platform/graphics/mac/controls/ControlFactoryMac.mm
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/QueuedVideoOutput.mm b/Source/WebCore/platform/graphics/avfoundation/objc/QueuedVideoOutput.mm
index 07c7021a6a85a..cda959ab22cce 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/QueuedVideoOutput.mm
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/QueuedVideoOutput.mm
@@ -37,6 +37,10 @@
 
 #include <wtf/TZoneMallocInlines.h>
 
+SPECIALIZE_TYPE_TRAITS_BEGIN(AVPlayerItemVideoOutput)
+static bool isType(const AVPlayerItemOutput& output) { return [&output isKindOfClass:PAL::getAVPlayerItemVideoOutputClass()]; }
+SPECIALIZE_TYPE_TRAITS_END()
+
 @interface WebQueuedVideoOutputDelegate : NSObject<AVPlayerItemOutputPullDelegate> {
     WeakPtr<WebCore::QueuedVideoOutput> _parent;
 }
@@ -59,8 +63,7 @@ - (id)initWithParent:(WebCore::QueuedVideoOutput*)parent
 
 - (void)outputMediaDataWillChange:(AVPlayerItemOutput *)output
 {
-    ASSERT([output isKindOfClass:PAL::getAVPlayerItemVideoOutputClass()]);
-    auto* videoOutput = (AVPlayerItemVideoOutput*)output;
+    auto* videoOutput = downcast<AVPlayerItemVideoOutput>(output);
 
     Vector<WebCore::QueuedVideoOutput::VideoFrameEntry> videoFrameEntries;
     do {
@@ -86,8 +89,7 @@ - (void)outputMediaDataWillChange:(AVPlayerItemOutput *)output
 
 - (void)outputSequenceWasFlushed:(AVPlayerItemOutput *)output
 {
-    ASSERT([output isKindOfClass:PAL::getAVPlayerItemVideoOutputClass()]);
-    auto* videoOutput = (AVPlayerItemVideoOutput*)output;
+    auto* videoOutput = downcast<AVPlayerItemVideoOutput>(output);
     [videoOutput requestNotificationOfMediaDataChangeAsSoonAsPossible];
 
     callOnMainRunLoop([parent = _parent] {

From b14ff3e3b4c9d4cf77082b9523b7ca4fbc8fd344 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 19:22:45 -0800
Subject: [PATCH 027/174] Address safer CPP failures in ViewSnapshotStore.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288230

Reviewed by Ryosuke Niwa.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/UIProcess/ViewSnapshotStore.cpp:
(WebKit::ViewSnapshotStore::pruneSnapshots):
(WebKit::ViewSnapshotStore::discardSnapshotImages):

Canonical link: https://commits.webkit.org/290848@main
---
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations | 1 -
 Source/WebKit/UIProcess/ViewSnapshotStore.cpp                 | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 665f39c161df0..97d81ad726d2e 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -196,7 +196,6 @@ UIProcess/RemotePageProxy.cpp
 UIProcess/SpeechRecognitionPermissionManager.cpp
 UIProcess/SuspendedPageProxy.cpp
 UIProcess/UserMediaPermissionRequestManagerProxy.cpp
-UIProcess/ViewSnapshotStore.cpp
 UIProcess/WebAuthentication/AuthenticatorManager.cpp
 UIProcess/WebAuthentication/Cocoa/LocalService.mm
 UIProcess/WebAuthentication/Cocoa/NfcService.mm
diff --git a/Source/WebKit/UIProcess/ViewSnapshotStore.cpp b/Source/WebKit/UIProcess/ViewSnapshotStore.cpp
index bf0cf4a125740..05dcea72bc6ea 100644
--- a/Source/WebKit/UIProcess/ViewSnapshotStore.cpp
+++ b/Source/WebKit/UIProcess/ViewSnapshotStore.cpp
@@ -77,7 +77,7 @@ void ViewSnapshotStore::pruneSnapshots(WebPageProxy& webPageProxy)
 
     // FIXME: We have enough information to do smarter-than-LRU eviction (making use of the back-forward lists, etc.)
 
-    m_snapshotsWithImages.first()->clearImage();
+    Ref { m_snapshotsWithImages.first().get() }->clearImage();
 }
 
 void ViewSnapshotStore::recordSnapshot(WebPageProxy& webPageProxy, WebBackForwardListItem& item)
@@ -108,7 +108,7 @@ void ViewSnapshotStore::recordSnapshot(WebPageProxy& webPageProxy, WebBackForwar
 void ViewSnapshotStore::discardSnapshotImages()
 {
     while (!m_snapshotsWithImages.isEmpty())
-        m_snapshotsWithImages.first()->clearImage();
+        Ref { m_snapshotsWithImages.first().get() }->clearImage();
 }
 
 void ViewSnapshotStore::discardSnapshotImagesForOrigin(const WebCore::SecurityOriginData& origin)

From 23d60ee22b40b58ee7f3604d94d57cc479ce83f1 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 19:25:13 -0800
Subject: [PATCH 028/174] Address Safer CPP failures in WebBackForwardCache
 https://bugs.webkit.org/show_bug.cgi?id=288225

Reviewed by Geoffrey Garen.

* Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebKit/UIProcess/WebBackForwardCache.cpp:
(WebKit::WebBackForwardCache::removeEntriesMatching):
(WebKit::WebBackForwardCache::clear):
* Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp:
(WebKit::WebBackForwardCacheEntry::expirationTimerFired):

Canonical link: https://commits.webkit.org/290849@main
---
 .../UncountedLocalVarsCheckerExpectations              |  2 --
 Source/WebKit/UIProcess/WebBackForwardCache.cpp        | 10 +++++-----
 Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp   |  2 +-
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 038230958f093..ee68bee997fdc 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -36,8 +36,6 @@ UIProcess/Notifications/WebNotificationManagerProxy.cpp
 UIProcess/UserMediaPermissionRequestManagerProxy.cpp
 UIProcess/WebAuthentication/AuthenticatorManager.cpp
 UIProcess/WebAuthentication/Cocoa/NfcService.mm
-UIProcess/WebBackForwardCache.cpp
-UIProcess/WebBackForwardCacheEntry.cpp
 UIProcess/WebPreferences.cpp
 UIProcess/WebProcessCache.cpp
 UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
diff --git a/Source/WebKit/UIProcess/WebBackForwardCache.cpp b/Source/WebKit/UIProcess/WebBackForwardCache.cpp
index a05ea56b133c7..23ca8743262f5 100644
--- a/Source/WebKit/UIProcess/WebBackForwardCache.cpp
+++ b/Source/WebKit/UIProcess/WebBackForwardCache.cpp
@@ -170,11 +170,11 @@ void WebBackForwardCache::removeEntriesForPageAndProcess(WebPageProxy& page, Web
 void WebBackForwardCache::removeEntriesMatching(NOESCAPE const Function<bool(WebBackForwardListItem&)>& matches)
 {
     Vector<Ref<WebBackForwardListItem>> itemsWithEntriesToClear;
-    for (auto& item : m_itemsWithCachedPage) {
+    for (Ref item : m_itemsWithCachedPage) {
         if (matches(item))
-            itemsWithEntriesToClear.append(item);
+            itemsWithEntriesToClear.append(WTFMove(item));
     }
-    for (auto& item : itemsWithEntriesToClear) {
+    for (Ref item : itemsWithEntriesToClear) {
         m_itemsWithCachedPage.remove(item.get());
         item->setBackForwardCacheEntry(nullptr);
     }
@@ -184,8 +184,8 @@ void WebBackForwardCache::clear()
 {
     RELEASE_LOG(BackForwardCache, "WebBackForwardCache::clear");
     auto itemsWithCachedPage = WTFMove(m_itemsWithCachedPage);
-    for (auto& item : itemsWithCachedPage)
-        item.setBackForwardCacheEntry(nullptr);
+    for (Ref item : itemsWithCachedPage)
+        item->setBackForwardCacheEntry(nullptr);
 }
 
 void WebBackForwardCache::pruneToSize(unsigned newSize)
diff --git a/Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp b/Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp
index ff038fdde378b..0df22cbb3de05 100644
--- a/Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp
+++ b/Source/WebKit/UIProcess/WebBackForwardCacheEntry.cpp
@@ -87,7 +87,7 @@ void WebBackForwardCacheEntry::expirationTimerFired()
 {
     ASSERT(m_backForwardItemID);
     RELEASE_LOG(BackForwardCache, "%p - WebBackForwardCacheEntry::expirationTimerFired backForwardItemID=%s, hasSuspendedPage=%d", this, m_backForwardItemID->toString().utf8().data(), !!m_suspendedPage);
-    auto* item = WebBackForwardListItem::itemForID(*m_backForwardItemID);
+    RefPtr item = WebBackForwardListItem::itemForID(*m_backForwardItemID);
     ASSERT(item);
     if (RefPtr backForwardCache = m_backForwardCache.get())
         backForwardCache->removeEntry(*item);

From b47957d7891a2b461cf18eb5e627f8e368626905 Mon Sep 17 00:00:00 2001
From: Basuke Suzuki <basuke@apple.com>
Date: Fri, 21 Feb 2025 19:38:58 -0800
Subject: [PATCH 029/174] [ResourceMonitor] Add more meaningful release log
 information part 1. https://bugs.webkit.org/show_bug.cgi?id=288171
 rdar://145259890

Reviewed by Per Arne Vollan and Chris Dumez.

Adding new log category and move current release logs to that category. And also add more meaningful information
for the record.

This is part 1, targeting WebCore.

In this change, chances are:
- URL checks are most of two times per each iframe.
- One check generates several logs.
- When it hits the network limits, some extra logs is produced.
- If unloading happens, ~10 more logs.

One exception is for shared worker, which logs all network usage and this will be rare case. In case it causes an issue,
this will be removed. For now, it is required to observe the usage during development.

* LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt:
* LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt:
* LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt:
* LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt:
* LayoutTests/http/tests/iframe-monitor/throttler-expected.txt:
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::resourceMonitor):
* Source/WebCore/loader/ResourceLoadInfo.cpp:
(WebCore::ContentExtensions::resourceTypeToString):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Source/WebCore/loader/ResourceMonitor.cpp:
(WebCore::ResourceMonitor::setEligibility):
(WebCore::ResourceMonitor::didReceiveResponse):
(WebCore::eligibilityToString):
(WebCore::ResourceMonitor::continueAfterDidReceiveEligibility):
* Source/WebCore/loader/ResourceMonitor.h:
* Source/WebCore/loader/ResourceMonitorChecker.cpp:
(WebCore::ResourceMonitorChecker::checkEligibility):
* Source/WebCore/loader/ResourceMonitorPersistence.cpp:
(WebCore::ResourceMonitorPersistence::reportSQLError):
(WebCore::ResourceMonitorPersistence::openDatabase):
* Source/WebCore/loader/ResourceMonitorThrottler.cpp:
(WebCore::ResourceMonitorThrottler::~ResourceMonitorThrottler):
(WebCore::ResourceMonitorThrottler::tryAccess):
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::showResourceMonitoringError):
(WebCore::LocalFrame::reportResourceMonitoringWarning):
* Source/WebCore/platform/Logging.h:
* Source/WebCore/workers/shared/SharedWorker.cpp:
(WebCore::SharedWorker::reportNetworkUsage):

Canonical link: https://commits.webkit.org/290850@main
---
 .../iframe-monitor/dark-mode-expected.txt     |  6 ++--
 .../iframe-monitor/eligibility-expected.txt   |  2 +-
 .../iframe-monitor/iframe-unload-expected.txt |  2 +-
 .../iframe-monitor/shared-worker-expected.txt |  4 +--
 .../iframe-monitor/throttler-expected.txt     | 10 +++---
 Source/WebCore/dom/Document.cpp               |  6 ++--
 Source/WebCore/loader/ResourceLoadInfo.cpp    | 34 +++++++++++++++++++
 Source/WebCore/loader/ResourceLoadInfo.h      |  2 ++
 Source/WebCore/loader/ResourceMonitor.cpp     | 31 ++++++++++++++---
 Source/WebCore/loader/ResourceMonitor.h       |  3 +-
 .../WebCore/loader/ResourceMonitorChecker.cpp |  4 +--
 .../loader/ResourceMonitorPersistence.cpp     |  6 ++--
 .../loader/ResourceMonitorThrottler.cpp       | 17 ++++++++--
 Source/WebCore/page/LocalFrame.cpp            |  6 ++--
 Source/WebCore/platform/Logging.h             |  1 +
 .../WebCore/workers/shared/SharedWorker.cpp   |  4 ++-
 16 files changed, 108 insertions(+), 30 deletions(-)

diff --git a/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt b/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
index 708662c1638a2..d086e32f45df5 100644
--- a/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
@@ -1,6 +1,6 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
 Test unloaded HTML supports dark mode correctly.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt b/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
index 9258fbb9b648c..fb5caa5ae6476 100644
--- a/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 Test resource monitor.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt b/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
index 4bd3a346d730d..f72cd9305fd52 100644
--- a/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 Test iframe with huge resource usage is unloaded.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt b/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
index b868ca131fedf..733f7692b24f7 100644
--- a/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
@@ -5,8 +5,8 @@ CONSOLE MESSAGE: Launched shared worker
 CONSOLE MESSAGE: iframe is ready
 CONSOLE MESSAGE: Get message from parent window
 CONSOLE MESSAGE: Send fetch request to worker
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
 Test iframes using same shared worker are unloaded.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt b/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
index d61768888902b..883517849ae6b 100644
--- a/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit.
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 CONSOLE MESSAGE: Frame's network usage exceeded the limit.
 Test throttler prevents unloaded.
 
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index 818eaadfa9646..7f4225ce8672d 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -413,7 +413,7 @@
 #include "HTMLVideoElement.h"
 #endif
 
-#define DOCUMENT_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] Document::" fmt, this, pageID() ? pageID()->toUInt64() : 0, frameID() ? frameID()->object().toUInt64() : 0, this == &topDocument(), ##__VA_ARGS__)
+#define DOCUMENT_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] Document::" fmt, this, pageID() ? pageID()->toUInt64() : 0, frameID() ? frameID()->object().toUInt64() : 0, this->isTopDocument(), ##__VA_ARGS__)
 #define DOCUMENT_RELEASE_LOG_ERROR(channel, fmt, ...) RELEASE_LOG_ERROR(channel, "%p - [pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] Document::" fmt, this, pageID() ? pageID()->toUInt64() : 0, frameID() ? frameID()->object().toUInt64() : 0, this->isTopDocument(), ##__VA_ARGS__)
 
 namespace WebCore {
@@ -11331,8 +11331,10 @@ ResourceMonitor& Document::resourceMonitor()
 {
     ASSERT(!frame()->isMainFrame());
 
-    if (!m_resourceMonitor)
+    if (!m_resourceMonitor) {
         m_resourceMonitor = ResourceMonitor::create(*frame());
+        DOCUMENT_RELEASE_LOG(ResourceMonitoring, "ResourceMonitor is created for the document.");
+    }
     return *m_resourceMonitor.get();
 }
 
diff --git a/Source/WebCore/loader/ResourceLoadInfo.cpp b/Source/WebCore/loader/ResourceLoadInfo.cpp
index c14a0b49ea798..9b0a072a6d5ce 100644
--- a/Source/WebCore/loader/ResourceLoadInfo.cpp
+++ b/Source/WebCore/loader/ResourceLoadInfo.cpp
@@ -159,6 +159,40 @@ ResourceFlags ResourceLoadInfo::getResourceFlags() const
     return flags;
 }
 
+ASCIILiteral resourceTypeToString(OptionSet<ResourceType> resourceTypes)
+{
+    switch (*resourceTypes.begin()) {
+    case ResourceType::Document:
+        return "document"_s;
+    case ResourceType::Image:
+        return "image"_s;
+    case ResourceType::StyleSheet:
+        return "style-sheet"_s;
+    case ResourceType::Script:
+        return "script"_s;
+    case ResourceType::Font:
+        return "font"_s;
+    case ResourceType::WebSocket:
+        return "websocket"_s;
+    case ResourceType::Fetch:
+        return "fetch"_s;
+    case ResourceType::SVGDocument:
+        return "svg-document"_s;
+    case ResourceType::Media:
+        return "media"_s;
+    case ResourceType::Popup:
+        return "popup"_s;
+    case ResourceType::Ping:
+        return "ping"_s;
+    case ResourceType::CSPReport:
+        return "csp-report"_s;
+    case ResourceType::Other:
+        return "other"_s;
+    default:
+        return "raw"_s;
+    }
+}
+
 } // namespace WebCore::ContentExtensions
 
 #endif // ENABLE(CONTENT_EXTENSIONS)
diff --git a/Source/WebCore/loader/ResourceLoadInfo.h b/Source/WebCore/loader/ResourceLoadInfo.h
index 01ce3d870f0a9..74c3b3808a3af 100644
--- a/Source/WebCore/loader/ResourceLoadInfo.h
+++ b/Source/WebCore/loader/ResourceLoadInfo.h
@@ -85,6 +85,8 @@ std::optional<OptionSet<ResourceType>> readResourceType(StringView);
 std::optional<OptionSet<LoadType>> readLoadType(StringView);
 std::optional<OptionSet<LoadContext>> readLoadContext(StringView);
 
+ASCIILiteral resourceTypeToString(OptionSet<ResourceType>);
+
 struct ResourceLoadInfo {
     URL resourceURL;
     URL mainDocumentURL;
diff --git a/Source/WebCore/loader/ResourceMonitor.cpp b/Source/WebCore/loader/ResourceMonitor.cpp
index 8be7372cc4f4b..64995badb39d9 100644
--- a/Source/WebCore/loader/ResourceMonitor.cpp
+++ b/Source/WebCore/loader/ResourceMonitor.cpp
@@ -41,7 +41,7 @@ namespace WebCore {
 
 #if ENABLE(CONTENT_EXTENSIONS)
 
-#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceLoading, "%p - ResourceMonitor(frame %p)::" fmt, this, m_frame.get(), ##__VA_ARGS__)
+#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceMonitoring, "ResourceMonitor(frame %" PRIu64 ")::" fmt, m_frame->frameID().object().toUInt64(), ##__VA_ARGS__)
 
 Ref<ResourceMonitor> ResourceMonitor::create(LocalFrame& frame)
 {
@@ -61,9 +61,10 @@ void ResourceMonitor::setEligibility(Eligibility eligibility)
         return;
 
     m_eligibility = eligibility;
-    RESOURCEMONITOR_RELEASE_LOG("The frame is %" PUBLIC_LOG_STRING ".", (eligibility == Eligibility::Eligible ? "eligible" : "not eligible"));
 
     if (isEligible()) {
+        RESOURCEMONITOR_RELEASE_LOG("Frame (%" SENSITIVE_LOG_STRING ") was set as eligible.", m_frameURL.string().utf8().data());
+
         if (RefPtr resourceMonitor = parentResourceMonitorIfExists(); !resourceMonitor || !resourceMonitor->isEligible())
             checkNetworkUsageExcessIfNecessary();
     }
@@ -104,12 +105,34 @@ void ResourceMonitor::didReceiveResponse(const URL& url, OptionSet<ContentExtens
         .type = resourceType
     };
 
-    ResourceMonitorChecker::singleton().checkEligibility(WTFMove(info), [weakThis = WeakPtr { *this }](Eligibility eligibility) {
+    ResourceMonitorChecker::singleton().checkEligibility(WTFMove(info), [weakThis = WeakPtr { *this }, url, resourceType](Eligibility eligibility) {
         if (RefPtr protectedThis = weakThis.get())
-            protectedThis->setEligibility(eligibility);
+            protectedThis->continueAfterDidReceiveEligibility(eligibility, url, resourceType);
     });
 }
 
+static ASCIILiteral eligibilityToString(ResourceMonitorEligibility eligibility)
+{
+    return eligibility == ResourceMonitorEligibility::Eligible ? "eligible"_s : "not eligible"_s;
+}
+
+void ResourceMonitor::continueAfterDidReceiveEligibility(Eligibility eligibility, const URL& url, OptionSet<ContentExtensions::ResourceType> resourceType)
+{
+    RefPtr frame = m_frame.get();
+    RefPtr page = frame ? frame->mainFrame().page() : nullptr;
+    if (!page)
+        return;
+
+    RESOURCEMONITOR_RELEASE_LOG("resourceURL %" SENSITIVE_LOG_STRING " mainDocumentURL %" SENSITIVE_LOG_STRING " frameURL %" SENSITIVE_LOG_STRING " (%" PUBLIC_LOG_STRING ") is set as %" PUBLIC_LOG_STRING ".",
+        url.string().utf8().data(),
+        page->mainFrameURL().string().utf8().data(),
+        m_frameURL.string().utf8().data(),
+        ContentExtensions::resourceTypeToString(resourceType).characters(),
+        eligibilityToString(eligibility).characters()
+    );
+    setEligibility(eligibility);
+}
+
 void ResourceMonitor::addNetworkUsage(size_t bytes)
 {
     if (m_networkUsageExceed)
diff --git a/Source/WebCore/loader/ResourceMonitor.h b/Source/WebCore/loader/ResourceMonitor.h
index 1dce59e3f1eef..f68330a033090 100644
--- a/Source/WebCore/loader/ResourceMonitor.h
+++ b/Source/WebCore/loader/ResourceMonitor.h
@@ -46,12 +46,13 @@ class ResourceMonitor final : public RefCountedAndCanMakeWeakPtr<ResourceMonitor
     bool isEligible() const { return eligibility() == Eligibility::Eligible; }
 
     void setDocumentURL(URL&&);
-    void didReceiveResponse(const URL&, OptionSet<ContentExtensions::ResourceType>);
     WEBCORE_EXPORT void addNetworkUsage(size_t);
 
 private:
     explicit ResourceMonitor(LocalFrame&);
 
+    void didReceiveResponse(const URL&, OptionSet<ContentExtensions::ResourceType>);
+    void continueAfterDidReceiveEligibility(Eligibility, const URL&, OptionSet<ContentExtensions::ResourceType>);
     void checkNetworkUsageExcessIfNecessary();
     ResourceMonitor* parentResourceMonitorIfExists() const;
 
diff --git a/Source/WebCore/loader/ResourceMonitorChecker.cpp b/Source/WebCore/loader/ResourceMonitorChecker.cpp
index f54d445642a60..2a2eaa6d50272 100644
--- a/Source/WebCore/loader/ResourceMonitorChecker.cpp
+++ b/Source/WebCore/loader/ResourceMonitorChecker.cpp
@@ -33,7 +33,7 @@
 
 #if ENABLE(CONTENT_EXTENSIONS)
 
-#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceLoading, "%p - ResourceMonitorChecker::" fmt, this, ##__VA_ARGS__)
+#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceMonitoring, "ResourceMonitorChecker::" fmt, ##__VA_ARGS__)
 
 namespace WebCore {
 
@@ -95,7 +95,7 @@ ResourceMonitorChecker::Eligibility ResourceMonitorChecker::checkEligibility(con
     ASSERT(m_ruleList);
 
     auto matched = m_ruleList->processContentRuleListsForResourceMonitoring(info.resourceURL, info.mainDocumentURL, info.frameURL, info.type);
-    RESOURCEMONITOR_RELEASE_LOG("The url is %" PUBLIC_LOG_STRING ": %" SENSITIVE_LOG_STRING, (matched ? "eligible" : "not eligible"), info.resourceURL.string().utf8().data());
+    RESOURCEMONITOR_RELEASE_LOG("The url is %" PUBLIC_LOG_STRING ": %" SENSITIVE_LOG_STRING " (%" PUBLIC_LOG_STRING ")", (matched ? "eligible" : "not eligible"), info.resourceURL.string().utf8().data(), ContentExtensions::resourceTypeToString(info.type).characters());
 
     return matched ? Eligibility::Eligible : Eligibility::NotEligible;
 }
diff --git a/Source/WebCore/loader/ResourceMonitorPersistence.cpp b/Source/WebCore/loader/ResourceMonitorPersistence.cpp
index 48aa94ce362aa..494c087cd6ddb 100644
--- a/Source/WebCore/loader/ResourceMonitorPersistence.cpp
+++ b/Source/WebCore/loader/ResourceMonitorPersistence.cpp
@@ -35,7 +35,7 @@
 
 #if ENABLE(CONTENT_EXTENSIONS)
 
-#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceLoading, "%p - ResourceMonitorPersistence::" fmt, this, ##__VA_ARGS__)
+#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceMonitoring, "ResourceMonitorPersistence::" fmt, ##__VA_ARGS__)
 
 namespace WebCore {
 
@@ -78,7 +78,7 @@ static ContinuousApproximateTime doubleToContinuousApproximateTime(double timest
 
 void ResourceMonitorPersistence::reportSQLError(ASCIILiteral method, ASCIILiteral action)
 {
-    RESOURCEMONITOR_RELEASE_LOG("%" PUBLIC_LOG_STRING ": Failed to %" PUBLIC_LOG_STRING " (%d) - %" PUBLIC_LOG_STRING, method.characters(), action.characters(), m_sqliteDB->lastError(), m_sqliteDB->lastErrorMsg());
+    RELEASE_LOG_ERROR(ResourceMonitoring, "ResourceMonitorPersistence::%" PUBLIC_LOG_STRING ": Failed to %" PUBLIC_LOG_STRING " (%d) - %" PUBLIC_LOG_STRING, method.characters(), action.characters(), m_sqliteDB->lastError(), m_sqliteDB->lastErrorMsg());
 }
 
 bool ResourceMonitorPersistence::openDatabase(String&& path)
@@ -90,7 +90,7 @@ bool ResourceMonitorPersistence::openDatabase(String&& path)
     m_sqliteDB = makeUnique<SQLiteDatabase>();
 
     auto reportErrorAndCloseDatabase = [&](ASCIILiteral action) {
-        RESOURCEMONITOR_RELEASE_LOG("openDatabase: Failed to %" PUBLIC_LOG_STRING " at path '%" PUBLIC_LOG_STRING "' (%d) - %" PUBLIC_LOG_STRING, action.characters(), path.utf8().data(), m_sqliteDB->lastError(), m_sqliteDB->lastErrorMsg());
+        reportSQLError("openDatabase"_s, action);
         closeDatabase();
         return false;
     };
diff --git a/Source/WebCore/loader/ResourceMonitorThrottler.cpp b/Source/WebCore/loader/ResourceMonitorThrottler.cpp
index c2bb9d16bd855..65aaf46feacc8 100644
--- a/Source/WebCore/loader/ResourceMonitorThrottler.cpp
+++ b/Source/WebCore/loader/ResourceMonitorThrottler.cpp
@@ -34,6 +34,8 @@
 
 #if ENABLE(CONTENT_EXTENSIONS)
 
+#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceMonitoring, "ResourceMonitorThrottler::" fmt, ##__VA_ARGS__)
+
 namespace WebCore {
 
 ResourceMonitorThrottler::ResourceMonitorThrottler(String&& path, size_t count, Seconds duration, size_t maxHosts)
@@ -42,13 +44,18 @@ ResourceMonitorThrottler::ResourceMonitorThrottler(String&& path, size_t count,
     ASSERT(!isMainThread());
 
     ASSERT(maxHosts >= 1);
+    RESOURCEMONITOR_RELEASE_LOG("Throttler is launching, count=%zu, duration=%f, maxHosts=%zu", count, duration.value(), maxHosts);
 
+    RESOURCEMONITOR_RELEASE_LOG("Opening persistence for throttler.");
     auto persistence = makeUnique<ResourceMonitorPersistence>();
 
-    if (!persistence->openDatabase(WTFMove(path)))
+    if (!persistence->openDatabase(WTFMove(path))) {
+        RESOURCEMONITOR_RELEASE_LOG("Failed to setup persistence for throttler.");
         return;
+    }
 
     m_persistence = WTFMove(persistence);
+    RESOURCEMONITOR_RELEASE_LOG("Success to setup persistence for throttler.");
 
     auto now = ContinuousApproximateTime::now();
     m_persistence->deleteExpiredRecords(now, m_config.duration);
@@ -67,6 +74,7 @@ ResourceMonitorThrottler::~ResourceMonitorThrottler()
     ASSERT(!isMainThread());
 
     if (m_persistence) {
+        RESOURCEMONITOR_RELEASE_LOG("Closing persistence for throttler.");
         m_persistence->deleteExpiredRecords(ContinuousApproximateTime::now(), m_config.duration);
         m_persistence = nullptr;
     }
@@ -108,10 +116,13 @@ bool ResourceMonitorThrottler::tryAccess(const String& host, ContinuousApproxima
     bool wasGranted = throttler.tryAccessAndUpdateHistory(time, m_config);
 
     if (wasGranted) {
+        RESOURCEMONITOR_RELEASE_LOG("Throttler granted for unloading the resource for %" PUBLIC_LOG_STRING ".", host.utf8().data());
+
         maintainHosts(time);
         if (m_persistence)
             m_persistence->recordAccess(host, time);
-    }
+    } else
+        RESOURCEMONITOR_RELEASE_LOG("Throttler denied for unloading the resource for %" PUBLIC_LOG_STRING ".", host.utf8().data());
 
     return wasGranted;
 }
@@ -191,4 +202,6 @@ bool ResourceMonitorThrottler::AccessThrottler::tryExpire(ContinuousApproximateT
 
 } // namespace WebCore
 
+#undef RESOURCEMONITOR_RELEASE_LOG
+
 #endif
diff --git a/Source/WebCore/page/LocalFrame.cpp b/Source/WebCore/page/LocalFrame.cpp
index aa599fb3573d6..f335cc07b0a88 100644
--- a/Source/WebCore/page/LocalFrame.cpp
+++ b/Source/WebCore/page/LocalFrame.cpp
@@ -1463,9 +1463,9 @@ void LocalFrame::showResourceMonitoringError()
     if (RefPtr page = protectedPage())
         mainFrameURL = page->mainFrameURL();
 
-    FRAME_RELEASE_LOG(ResourceLoading, "Detected excessive network usage in frame at %" SENSITIVE_LOG_STRING " and main frame at %" SENSITIVE_LOG_STRING ": unloading", url.isValid() ? url.string().utf8().data() : "invalid", mainFrameURL.isValid() ? mainFrameURL.string().utf8().data() : "invalid");
+    FRAME_RELEASE_LOG(ResourceMonitoring, "Detected excessive network usage in frame at %" SENSITIVE_LOG_STRING " and main frame at %" SENSITIVE_LOG_STRING ": unloading", url.isValid() ? url.string().utf8().data() : "invalid", mainFrameURL.isValid() ? mainFrameURL.string().utf8().data() : "invalid");
 
-    document->addConsoleMessage(MessageSource::ContentBlocker, MessageLevel::Error, "Frame was unloaded because its network usage exceeded the limit."_s);
+    document->addConsoleMessage(MessageSource::ContentBlocker, MessageLevel::Error, makeString("Frame was unloaded because its network usage exceeded the limit: "_s, ResourceMonitorChecker::networkUsageThreshold, " bytes, url="_s, url.string()));
 
     for (RefPtr<Frame> frame = this; frame; frame = frame->tree().traverseNext()) {
         if (RefPtr localFrame = dynamicDowncast<LocalFrame>(frame)) {
@@ -1493,7 +1493,7 @@ void LocalFrame::reportResourceMonitoringWarning()
     if (RefPtr page = protectedPage())
         mainFrameURL = page->mainFrameURL();
 
-    FRAME_RELEASE_LOG(ResourceLoading, "Detected excessive network usage in frame at %" SENSITIVE_LOG_STRING " and main frame at %" SENSITIVE_LOG_STRING ": not unloading due to global limits", url.isValid() ? url.string().utf8().data() : "invalid", mainFrameURL.isValid() ? mainFrameURL.string().utf8().data() : "invalid");
+    FRAME_RELEASE_LOG(ResourceMonitoring, "Detected excessive network usage in frame at %" SENSITIVE_LOG_STRING " and main frame at %" SENSITIVE_LOG_STRING ": not unloading due to global limits", url.isValid() ? url.string().utf8().data() : "invalid", mainFrameURL.isValid() ? mainFrameURL.string().utf8().data() : "invalid");
 
     if (RefPtr document = this->document())
         document->addConsoleMessage(MessageSource::ContentBlocker, MessageLevel::Warning, "Frame's network usage exceeded the limit."_s);
diff --git a/Source/WebCore/platform/Logging.h b/Source/WebCore/platform/Logging.h
index 21df84b606056..e297884483c13 100644
--- a/Source/WebCore/platform/Logging.h
+++ b/Source/WebCore/platform/Logging.h
@@ -157,6 +157,7 @@ namespace WebCore {
     M(ResourceLoading) \
     M(ResourceLoadObserver) \
     M(ResourceLoadStatistics) \
+    M(ResourceMonitoring) \
     M(ScrollAnimations) \
     M(ScrollAnchoring) \
     M(ScrollSnap) \
diff --git a/Source/WebCore/workers/shared/SharedWorker.cpp b/Source/WebCore/workers/shared/SharedWorker.cpp
index 9a697d36d6b64..79ba586f21bc7 100644
--- a/Source/WebCore/workers/shared/SharedWorker.cpp
+++ b/Source/WebCore/workers/shared/SharedWorker.cpp
@@ -200,8 +200,10 @@ void SharedWorker::reportNetworkUsage(size_t bytesTransferredOverNetwork)
     ASSERT(!delta.hasOverflowed());
 
     if (delta) {
-        if (RefPtr resourceMonitor = m_resourceMonitor)
+        if (RefPtr resourceMonitor = m_resourceMonitor) {
+            RELEASE_LOG(ResourceMonitoring, "[identifier=%" PUBLIC_LOG_STRING "] SharedWorker::reportNetworkUsage to ResourceMonitor: %zu bytes", identifier().toString().utf8().data(), delta.value());
             resourceMonitor->addNetworkUsage(delta);
+        }
     }
 #endif
 

From 647aeaeed0cbcd4394f3466b6a0a30a7b4643b4a Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Fri, 21 Feb 2025 20:27:01 -0800
Subject: [PATCH 030/174] Silence syscall sandbox violations
 https://bugs.webkit.org/show_bug.cgi?id=288251 rdar://144654297

Reviewed by Chris Dumez.

Silence some yscall sandbox violations in the WebContent and Networking process that we have
never allowed.

* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

Canonical link: https://commits.webkit.org/290851@main
---
 .../SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in       | 2 ++
 .../SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in       | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in
index a86f844c408d1..d5166e179d93f 100644
--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in
+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in
@@ -710,6 +710,8 @@
     (when (defined? 'SYS_crossarch_trap)
         (deny syscall-unix (with no-report) (syscall-number
             SYS_crossarch_trap)))
+    (deny syscall-unix (with no-report) (syscall-number
+        SYS___nexus_set_opt))
     (allow syscall-unix (syscall-number
         SYS___channel_get_info
         SYS___channel_open
diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
index d19c35f165220..4ddc8b65db3bd 100644
--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
@@ -1120,6 +1120,7 @@
 
 (deny syscall-unix (with no-report) (syscall-number
     SYS_connect
+    SYS_persona
 #if !PLATFORM(WATCHOS)
     SYS_sigreturn
 #endif

From cd1c41746636cab4395e29106473e3dcea9c0817 Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Fri, 21 Feb 2025 20:29:19 -0800
Subject: [PATCH 031/174] Notification observer is not being removed
 https://bugs.webkit.org/show_bug.cgi?id=288140 rdar://145054761

Reviewed by Chris Dumez.

Notification observer is not being removed in WebProcessPool. This can cause crashes if
the notification is being posted after the WebProcessPool has been destroyed.

* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::unregisterNotificationObservers):

Canonical link: https://commits.webkit.org/290852@main
---
 Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
index 9cf62c259e9c3..d14a7dfa79daa 100644
--- a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
+++ b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
@@ -985,7 +985,6 @@ static void logProcessPoolState(const WebProcessPool& pool)
     [[NSWorkspace.sharedWorkspace notificationCenter] removeObserver:m_accessibilityDisplayOptionsNotificationObserver.get()];
     [[NSNotificationCenter defaultCenter] removeObserver:m_scrollerStyleNotificationObserver.get()];
     [[NSNotificationCenter defaultCenter] removeObserver:m_deactivationObserver.get()];
-    [[NSNotificationCenter defaultCenter] removeObserver:m_finishedMobileAssetFontDownloadObserver.get()];
     removeCFNotificationObserver(AppleColorPreferencesChangedNotification, CFNotificationCenterGetDistributedCenter());
     for (auto token : m_openDirectoryNotifyTokens)
         notify_cancel(token);
@@ -1011,7 +1010,9 @@ static void logProcessPoolState(const WebProcessPool& pool)
     [[NSNotificationCenter defaultCenter] removeObserver:m_activationObserver.get()];
 
     m_powerSourceNotifier = nullptr;
-    
+
+    [[NSNotificationCenter defaultCenter] removeObserver:m_finishedMobileAssetFontDownloadObserver.get()];
+
 #if PLATFORM(COCOA)
     removeCFNotificationObserver((__bridge CFStringRef)WKLockdownModeContainerConfigurationChangedNotification);
 #endif

From 32731b2f8e9688471cd6b5431e0fa710bdcf10b7 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 20:31:44 -0800
Subject: [PATCH 032/174] Address safer CPP failures in IDBBindingUtilities.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288232

Reviewed by Ryosuke Niwa.

* Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/bindings/js/IDBBindingUtilities.cpp:
(WebCore::get):
(WebCore::deserializeIDBValueToJSValue):
(WebCore::IDBSerializationContext::IDBSerializationContext):
(WebCore::IDBSerializationContext::~IDBSerializationContext):
(WebCore::IDBSerializationContext::globalObject):

Canonical link: https://commits.webkit.org/290853@main
---
 .../NoUncountedMemberCheckerExpectations      |  1 -
 .../UncountedCallArgsCheckerExpectations      |  1 -
 .../bindings/js/IDBBindingUtilities.cpp       | 23 +++++++++++--------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
index ca3589dcaa254..c19a3bce2decd 100644
--- a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
@@ -11,7 +11,6 @@ Modules/webdatabase/DatabaseTask.h
 Modules/webdatabase/SQLTransactionBackend.h
 accessibility/AXCoreObject.h
 accessibility/AXSearchManager.h
-bindings/js/IDBBindingUtilities.cpp
 bindings/js/JSEventTargetCustom.h
 bindings/js/JSLazyEventListener.cpp
 css/CSSFontFaceSource.h
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 7901a5caa8d70..17b0b1fbfa039 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -306,7 +306,6 @@ bindings/js/CachedModuleScriptLoader.cpp
 bindings/js/CommonVM.cpp
 bindings/js/DOMPromiseProxy.h
 bindings/js/DOMWrapperWorld.cpp
-bindings/js/IDBBindingUtilities.cpp
 bindings/js/JSAudioBufferCustom.cpp
 bindings/js/JSAudioBufferSourceNodeCustom.cpp
 bindings/js/JSAudioWorkletGlobalScopeCustom.cpp
diff --git a/Source/WebCore/bindings/js/IDBBindingUtilities.cpp b/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
index dd3b1bb435afc..82288c56a5900 100644
--- a/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
+++ b/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
@@ -83,7 +83,7 @@ static bool get(JSGlobalObject& lexicalGlobalObject, JSValue object, const Strin
     }
     if (obj->inherits<JSBlob>() && (keyPathElement == "size"_s || keyPathElement == "type"_s)) {
         if (keyPathElement == "size"_s) {
-            result = jsNumber(jsCast<JSBlob*>(obj)->wrapped().size());
+            result = jsNumber(jsCast<JSBlob*>(obj)->protectedWrapped()->size());
             return true;
         }
         if (keyPathElement == "type"_s) {
@@ -97,11 +97,11 @@ static bool get(JSGlobalObject& lexicalGlobalObject, JSValue object, const Strin
             return true;
         }
         if (keyPathElement == "lastModified"_s) {
-            result = jsNumber(jsCast<JSFile*>(obj)->wrapped().lastModified());
+            result = jsNumber(jsCast<JSFile*>(obj)->protectedWrapped()->lastModified());
             return true;
         }
         if (keyPathElement == "lastModifiedDate"_s) {
-            result = jsDate(lexicalGlobalObject, WallTime::fromRawSeconds(Seconds::fromMilliseconds(jsCast<JSFile*>(obj)->wrapped().lastModified()).value()));
+            result = jsDate(lexicalGlobalObject, WallTime::fromRawSeconds(Seconds::fromMilliseconds(jsCast<JSFile*>(obj)->protectedWrapped()->lastModified()).value()));
             return true;
         }
     }
@@ -405,10 +405,11 @@ static JSValue deserializeIDBValueToJSValue(JSGlobalObject& lexicalGlobalObject,
 
     auto serializedValue = SerializedScriptValue::createFromWireBytes(Vector<uint8_t>(data));
 
-    lexicalGlobalObject.vm().apiLock().lock();
+    Ref apiLock = lexicalGlobalObject.vm().apiLock();
+    apiLock->lock();
     Vector<Ref<MessagePort>> messagePorts;
     JSValue result = serializedValue->deserialize(lexicalGlobalObject, &globalObject, messagePorts, value.blobURLs(), value.blobFilePaths(), SerializationErrorMode::NonThrowing);
-    lexicalGlobalObject.vm().apiLock().unlock();
+    apiLock->unlock();
 
     return result;
 }
@@ -529,13 +530,15 @@ std::optional<JSC::JSValue> deserializeIDBValueWithKeyInjection(JSGlobalObject&
 class IDBSerializationContext {
 public:
     IDBSerializationContext()
-        : m_thread(Thread::current())
+#if ASSERT_ENABLED
+        : m_threadUID(Thread::current().uid())
+#endif
     {
     }
 
     ~IDBSerializationContext()
     {
-        ASSERT(&m_thread == &Thread::current());
+        ASSERT(m_threadUID == Thread::current().uid());
         if (!m_vm)
             return;
 
@@ -546,7 +549,7 @@ class IDBSerializationContext {
 
     JSC::JSGlobalObject& globalObject()
     {
-        ASSERT(&m_thread == &Thread::current());
+        ASSERT(m_threadUID == Thread::current().uid());
 
         initializeVM();
         return *m_globalObject.get();
@@ -569,7 +572,9 @@ class IDBSerializationContext {
 
     RefPtr<JSC::VM> m_vm;
     JSC::Strong<JSIDBSerializationGlobalObject> m_globalObject;
-    Thread& m_thread;
+#if ASSERT_ENABLED
+    uint32_t m_threadUID;
+#endif
 };
 
 void callOnIDBSerializationThreadAndWait(Function<void(JSC::JSGlobalObject&)>&& function)

From 8149eb6146fa9b5a9f42a30ca52a4d5c211b54b4 Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Fri, 21 Feb 2025 20:36:19 -0800
Subject: [PATCH 033/174] `FullscreenManager::exitRemovedFullscreenElement()`
 should not use `fullscreenOrPendingElement()`
 https://bugs.webkit.org/show_bug.cgi?id=287278 rdar://144401606

Reviewed by Brent Fulgham and Darin Adler.

Since the element has a fullscreen flag set, it's never going to be the pending element.

Stop using `fullscreenOrPendingElement()` to reduce usage of the inaccurate `m_fullscreenElement`.

* LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/move-to-fullscreen-iframe-expected.txt:
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::exitRemovedFullscreenElement):

Canonical link: https://commits.webkit.org/290854@main
---
 .../fullscreen/model/move-to-fullscreen-iframe-expected.txt   | 4 +---
 Source/WebCore/dom/FullscreenManager.cpp                      | 3 +--
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/move-to-fullscreen-iframe-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/move-to-fullscreen-iframe-expected.txt
index 254ab105dad91..8d15a783f6e89 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/move-to-fullscreen-iframe-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/move-to-fullscreen-iframe-expected.txt
@@ -1,5 +1,3 @@
 
-Harness Error (TIMEOUT), message = null
-
-TIMEOUT Moving fullscreen document's body into a fullscreen iframe Test timed out
+PASS Moving fullscreen document's body into a fullscreen iframe
 
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index 08f5e00c03020..ec54c1bd169c7 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -656,8 +656,7 @@ void FullscreenManager::exitRemovedFullscreenElement(Element& element)
 {
     ASSERT(element.hasFullscreenFlag());
 
-    auto fullscreenElement = fullscreenOrPendingElement();
-    if (fullscreenElement == &element) {
+    if (fullscreenElement() == &element) {
         INFO_LOG(LOGIDENTIFIER, "Fullscreen element removed; exiting fullscreen");
         exitFullscreen([] (auto) { });
     } else

From 9c1ec887f19b98af90245127c68af6143efe868b Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 21:03:33 -0800
Subject: [PATCH 034/174] Remove FullscreenManager's m_pendingFullscreenElement
 https://bugs.webkit.org/show_bug.cgi?id=288263 rdar://145333462

Reviewed by Tim Nguyen.

After all the CompletionHandler work I've done recently, it's not needed any more.

* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::requestFullscreenForElement):
(WebCore::FullscreenManager::cancelFullscreen):
(WebCore::FullscreenManager::exitFullscreen):
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::willExitFullscreen):
(WebCore::FullscreenManager::didExitFullscreen):
(WebCore::FullscreenManager::clear):
* Source/WebCore/dom/FullscreenManager.h:

Canonical link: https://commits.webkit.org/290855@main
---
 Source/WebCore/dom/FullscreenManager.cpp | 53 +++++-------------------
 Source/WebCore/dom/FullscreenManager.h   |  3 --
 2 files changed, 10 insertions(+), 46 deletions(-)

diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index ec54c1bd169c7..d4f550f73715b 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -165,18 +165,11 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
 
     INFO_LOG(identifier);
 
-    m_pendingFullscreenElement = RefPtr { element.ptr() };
-
     protectedDocument()->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WeakPtr { *this }, element = WTFMove(element), completionHandler = WTFMove(completionHandler), hasKeyboardAccess, fullscreenElementReadyCheck, handleError, identifier, mode] () mutable {
         CheckedPtr checkedThis = weakThis.get();
         if (!checkedThis)
             return completionHandler(Exception { ExceptionCode::TypeError });
 
-        // Don't allow fullscreen if it has been cancelled or a different fullscreen element
-        // has requested fullscreen.
-        if (m_pendingFullscreenElement != element.ptr())
-            return handleError("Fullscreen request aborted by a fullscreen request for another element."_s, EmitErrorEvent::Yes, WTFMove(completionHandler));
-
         // Don't allow fullscreen if we're inside an exitFullscreen operation.
         if (m_pendingExitFullscreen)
             return handleError("Fullscreen request aborted by a request to exit fullscreen."_s, EmitErrorEvent::Yes, WTFMove(completionHandler));
@@ -217,7 +210,7 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
                 return completionHandler(Exception { ExceptionCode::TypeError });
 
             RefPtr page = this->page();
-            if (!page || (this->document().hidden() && mode != HTMLMediaElementEnums::VideoFullscreenModeInWindow) || m_pendingFullscreenElement != element.ptr() || !element->isConnected())
+            if (!page || (this->document().hidden() && mode != HTMLMediaElementEnums::VideoFullscreenModeInWindow) || !element->isConnected())
                 return handleError("Invalid state when requesting fullscreen."_s, EmitErrorEvent::Yes, WTFMove(completionHandler));
 
             INFO_LOG(identifier, "task - success");
@@ -245,11 +238,7 @@ void FullscreenManager::cancelFullscreen()
         LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::cancelFullscreen() without access to the main frame document ");
 
     if (!mainFrameDocument || !mainFrameDocument->fullscreenManager().fullscreenElement()) {
-        // If there is a pending fullscreen element but no top document fullscreen element,
-        // there is a pending task in enterFullscreen(). Cause it to cancel and fire an error
-        // by clearing the pending fullscreen element.
-        m_pendingFullscreenElement = nullptr;
-        INFO_LOG(LOGIDENTIFIER, "Cancelling pending fullscreen request.");
+        INFO_LOG(LOGIDENTIFIER, "No element to unfullscreen.");
         return;
     }
 
@@ -355,13 +344,10 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
             return completionHandler({ });
         }
 
-        // If there is a pending fullscreen element but no fullscreen element
-        // there is a pending task in requestFullscreenForElement(). Cause it to cancel and fire an error
-        // by clearing the pending fullscreen element.
+        // If there is no fullscreen element, bail out early.
         RefPtr exitedFullscreenElement = fullscreenElement();
-        if (!exitedFullscreenElement && m_pendingFullscreenElement) {
-            INFO_LOG(identifier, "task - Cancelling pending fullscreen request.");
-            m_pendingFullscreenElement = nullptr;
+        if (!exitedFullscreenElement) {
+            INFO_LOG(identifier, "task - No fullscreen element.");
             m_pendingExitFullscreen = false;
             return completionHandler({ });
         }
@@ -379,9 +365,8 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
                 finishExitFullscreen(*frame, ExitMode::NoResize);
 
             // We just popped off one fullscreen element out of the top layer, query the new one.
-            m_pendingFullscreenElement = fullscreenElement();
-            if (m_pendingFullscreenElement) {
-                page->chrome().client().enterFullScreenForElement(*m_pendingFullscreenElement, HTMLMediaElementEnums::VideoFullscreenModeStandard, WTFMove(completionHandler), [weakThis = WTFMove(weakThis)] (bool success) {
+            if (RefPtr newFullscreenElement = fullscreenElement()) {
+                page->chrome().client().enterFullScreenForElement(*newFullscreenElement, HTMLMediaElementEnums::VideoFullscreenModeStandard, WTFMove(completionHandler), [weakThis = WTFMove(weakThis)] (bool success) {
                     CheckedPtr checkedThis = weakThis.get();
                     if (!checkedThis || !success)
                         return true;
@@ -472,19 +457,6 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
         return Exception { ExceptionCode::TypeError, "Cannot request fullscreen on an open popover."_s };
     }
 
-    // If pending fullscreen element is unset or another element's was requested,
-    // issue a cancel fullscreen request to the client
-    if (m_pendingFullscreenElement != &element) {
-        INFO_LOG(LOGIDENTIFIER, "Pending element mismatch; issuing exit fullscreen request");
-        page()->chrome().client().exitFullScreenForElement(&element, [weakThis = WeakPtr { *this }] {
-            CheckedPtr checkedThis = weakThis.get();
-            if (!checkedThis)
-                return;
-            checkedThis->didExitFullscreen([] (auto) { });
-        });
-        return Exception { ExceptionCode::TypeError, "Element requested for fullscreen has changed."_s };
-    }
-
     INFO_LOG(LOGIDENTIFIER);
     ASSERT(page()->isFullscreenManagerEnabled());
 
@@ -495,9 +467,6 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
 #endif
         element.willBecomeFullscreenElement();
 
-    ASSERT(&element == m_pendingFullscreenElement);
-    m_pendingFullscreenElement = nullptr;
-
     m_fullscreenElement = &element;
 
     Vector<Ref<Element>> ancestors { { element } };
@@ -553,9 +522,9 @@ bool FullscreenManager::didEnterFullscreen()
 
 bool FullscreenManager::willExitFullscreen()
 {
-    auto fullscreenElement = fullscreenOrPendingElement();
+    auto fullscreenElement = m_fullscreenElement;
     if (!fullscreenElement) {
-        ERROR_LOG(LOGIDENTIFIER, "No fullscreenOrPendingElement(); bailing");
+        ERROR_LOG(LOGIDENTIFIER, "No fullscreenElement, bailing");
         return false;
     }
 
@@ -581,13 +550,12 @@ void FullscreenManager::didExitFullscreen(CompletionHandler<void(ExceptionOr<voi
     if (RefPtr frame = document().frame())
         finishExitFullscreen(frame->mainFrame(), ExitMode::Resize);
 
-    if (auto fullscreenElement = fullscreenOrPendingElement())
+    if (auto fullscreenElement = m_fullscreenElement)
         fullscreenElement->didStopBeingFullscreenElement();
 
     m_areKeysEnabledInFullscreen = false;
 
     m_fullscreenElement = nullptr;
-    m_pendingFullscreenElement = nullptr;
     m_pendingExitFullscreen = false;
 
     completionHandler({ });
@@ -684,7 +652,6 @@ void FullscreenManager::setAnimatingFullscreen(bool flag)
 void FullscreenManager::clear()
 {
     m_fullscreenElement = nullptr;
-    m_pendingFullscreenElement = nullptr;
 }
 
 void FullscreenManager::emptyEventQueue()
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index 84405d7a3a86a..bc6ba8afcbe8e 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -110,14 +110,11 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     Document* mainFrameDocument() { return document().mainFrameDocument(); }
     RefPtr<Document> protectedMainFrameDocument() { return mainFrameDocument(); }
 
-    RefPtr<Element> fullscreenOrPendingElement() const { return m_fullscreenElement ? m_fullscreenElement : m_pendingFullscreenElement; }
-
     bool didEnterFullscreen();
     void addElementToChangeEventQueue(Node& target) { m_fullscreenChangeEventTargetQueue.append(GCReachableRef(target)); }
 
     WeakRef<Document, WeakPtrImplWithEventTargetData> m_document;
 
-    RefPtr<Element> m_pendingFullscreenElement;
     RefPtr<Element> m_fullscreenElement;
 
     Deque<GCReachableRef<Node>> m_fullscreenChangeEventTargetQueue;

From 88dc8b0d15913d5bf57441661d52c085ba39b520 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 21:29:08 -0800
Subject: [PATCH 035/174] Address safer CPP failures in
 DeviceIdHashSaltStorage.cpp https://bugs.webkit.org/show_bug.cgi?id=288237

Reviewed by Ryosuke Niwa.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations:
* Source/WebKit/UIProcess/DeviceIdHashSaltStorage.cpp:
(WebKit::DeviceIdHashSaltStorage::deviceIdHashSaltForOrigin):
(WebKit::DeviceIdHashSaltStorage::getDeviceIdHashSaltOrigins):
(WebKit::DeviceIdHashSaltStorage::deleteDeviceIdHashSaltForOrigins):
(WebKit::DeviceIdHashSaltStorage::deleteDeviceIdHashSaltOriginsModifiedSince):
* Source/WebKit/UIProcess/DeviceIdHashSaltStorage.h:

Canonical link: https://commits.webkit.org/290856@main
---
 .../UncountedCallArgsCheckerExpectations      |  1 -
 ...UncountedLambdaCapturesCheckerExpectations |  1 -
 .../UIProcess/DeviceIdHashSaltStorage.cpp     | 30 ++++++++++++-------
 .../UIProcess/DeviceIdHashSaltStorage.h       |  5 ++--
 4 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 97d81ad726d2e..3dc7387f7711b 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -175,7 +175,6 @@ UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm
 UIProcess/Cocoa/SOAuthorization/WKSOAuthorizationDelegate.mm
 UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm
 UIProcess/Cocoa/WKEditCommand.mm
-UIProcess/DeviceIdHashSaltStorage.cpp
 UIProcess/Extensions/Cocoa/WebExtensionActionCocoa.mm
 UIProcess/Extensions/Cocoa/WebExtensionCommandCocoa.mm
 UIProcess/Extensions/Cocoa/WebExtensionURLSchemeHandlerCocoa.mm
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 226c882aaacd6..c084aa525c19d 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -5,7 +5,6 @@ Platform/cocoa/WebPrivacyHelpers.mm
 UIProcess/Automation/SimulatedInputDispatcher.cpp
 UIProcess/Automation/WebAutomationSession.cpp
 UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm
-UIProcess/DeviceIdHashSaltStorage.cpp
 UIProcess/Extensions/Cocoa/WebExtensionURLSchemeHandlerCocoa.mm
 UIProcess/SpeechRecognitionPermissionManager.cpp
 UIProcess/UserMediaPermissionRequestManagerProxy.cpp
diff --git a/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.cpp b/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.cpp
index d2a9bbe13cc09..f930d6d60b312 100644
--- a/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.cpp
+++ b/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.cpp
@@ -235,8 +235,9 @@ void DeviceIdHashSaltStorage::deviceIdHashSaltForOrigin(const SecurityOrigin& do
     ASSERT(RunLoop::isMain());
 
     if (!m_isLoaded) {
-        m_pendingCompletionHandlers.append([this, documentOrigin = documentOrigin.data().isolatedCopy(), parentOrigin = parentOrigin.data().isolatedCopy(), completionHandler = WTFMove(completionHandler)]() mutable {
-            completeDeviceIdHashSaltForOriginCall(WTFMove(documentOrigin), WTFMove(parentOrigin), WTFMove(completionHandler));
+        m_pendingCompletionHandlers.append([weakThis = ThreadSafeWeakPtr { *this }, documentOrigin = documentOrigin.data().isolatedCopy(), parentOrigin = parentOrigin.data().isolatedCopy(), completionHandler = WTFMove(completionHandler)]() mutable {
+            if (RefPtr protectedThis = weakThis.get())
+                protectedThis->completeDeviceIdHashSaltForOriginCall(WTFMove(documentOrigin), WTFMove(parentOrigin), WTFMove(completionHandler));
         });
         return;
     }
@@ -249,8 +250,9 @@ void DeviceIdHashSaltStorage::getDeviceIdHashSaltOrigins(CompletionHandler<void(
     ASSERT(RunLoop::isMain());
 
     if (!m_isLoaded) {
-        m_pendingCompletionHandlers.append([this, completionHandler = WTFMove(completionHandler)]() mutable {
-            completePendingHandler(WTFMove(completionHandler));
+        m_pendingCompletionHandlers.append([weakThis = ThreadSafeWeakPtr { *this }, completionHandler = WTFMove(completionHandler)]() mutable {
+            if (RefPtr protectedThis = weakThis.get())
+                protectedThis->completePendingHandler(WTFMove(completionHandler));
         });
         return;
     }
@@ -273,11 +275,15 @@ void DeviceIdHashSaltStorage::deleteDeviceIdHashSaltForOrigins(const Vector<Secu
     ASSERT(RunLoop::isMain());
 
     if (!m_isLoaded) {
-        m_pendingCompletionHandlers.append([this, origins, completionHandler = WTFMove(completionHandler)]() mutable {
-            if (m_isClosed)
+        m_pendingCompletionHandlers.append([weakThis = ThreadSafeWeakPtr { *this }, origins, completionHandler = WTFMove(completionHandler)]() mutable {
+            RefPtr protectedThis = weakThis.get();
+            if (!protectedThis)
+                return;
+
+            if (protectedThis->m_isClosed)
                 return completionHandler();
 
-            deleteDeviceIdHashSaltForOrigins(origins, WTFMove(completionHandler));
+            protectedThis->deleteDeviceIdHashSaltForOrigins(origins, WTFMove(completionHandler));
         });
         return;
     }
@@ -299,11 +305,15 @@ void DeviceIdHashSaltStorage::deleteDeviceIdHashSaltOriginsModifiedSince(WallTim
     ASSERT(RunLoop::isMain());
 
     if (!m_isLoaded) {
-        m_pendingCompletionHandlers.append([this, time, completionHandler = WTFMove(completionHandler)]() mutable {
-            if (m_isClosed)
+        m_pendingCompletionHandlers.append([weakThis = ThreadSafeWeakPtr { *this }, time, completionHandler = WTFMove(completionHandler)]() mutable {
+            RefPtr protectedThis = weakThis.get();
+            if (!protectedThis)
+                return;
+
+            if (protectedThis->m_isClosed)
                 return completionHandler();
 
-            deleteDeviceIdHashSaltOriginsModifiedSince(time, WTFMove(completionHandler));
+            protectedThis->deleteDeviceIdHashSaltOriginsModifiedSince(time, WTFMove(completionHandler));
         });
         return;
     }
diff --git a/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.h b/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.h
index ac42483c65b54..8aec6f2aa975a 100644
--- a/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.h
+++ b/Source/WebKit/UIProcess/DeviceIdHashSaltStorage.h
@@ -32,11 +32,12 @@
 #include <wtf/HashMap.h>
 #include <wtf/HashSet.h>
 #include <wtf/Ref.h>
+#include <wtf/ThreadSafeWeakPtr.h>
 #include <wtf/WorkQueue.h>
 
 namespace WebKit {
 
-class DeviceIdHashSaltStorage : public ThreadSafeRefCounted<DeviceIdHashSaltStorage, WTF::DestructionThread::MainRunLoop> {
+class DeviceIdHashSaltStorage : public ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr<DeviceIdHashSaltStorage, WTF::DestructionThread::MainRunLoop> {
 public:
     static Ref<DeviceIdHashSaltStorage> create(const String& deviceIdHashSaltStorageDirectory);
     ~DeviceIdHashSaltStorage();
@@ -76,7 +77,7 @@ class DeviceIdHashSaltStorage : public ThreadSafeRefCounted<DeviceIdHashSaltStor
     void completePendingHandler(CompletionHandler<void(HashSet<WebCore::SecurityOriginData>&&)>&&);
     void completeDeviceIdHashSaltForOriginCall(WebCore::SecurityOriginData&& documentOrigin, WebCore::SecurityOriginData&& parentOrigin, CompletionHandler<void(String&&)>&&);
 
-    Ref<WorkQueue> m_queue;
+    const Ref<WorkQueue> m_queue;
     HashMap<String, std::unique_ptr<HashSaltForOrigin>> m_deviceIdHashSaltForOrigins;
     bool m_isLoaded { false };
     bool m_isClosed { false };

From 6a1bea9490ae15e546b0caaf83ba65857c88da05 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 21:33:30 -0800
Subject: [PATCH 036/174] Fix TestWebKitAPI.WKDownload.DownloadRequestFailure
 after 289946@main https://bugs.webkit.org/show_bug.cgi?id=288259
 rdar://145330588

Reviewed by Ryosuke Niwa.

"ftp:///" is a URL that NSURL thinks is valid but WTF::URL thinks is invalid.
Feeding such a URL into WKWebView.startDownloadUsingRequest shouldn't crash.
It should fail gracefully like it used to.

* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):

Canonical link: https://commits.webkit.org/290857@main
---
 Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
index 9af3d5b51bf40..f07ba92479bd0 100644
--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
@@ -194,6 +194,11 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
 {
     auto request = parameters.request;
     auto url = request.url();
+    if (url.isNull()) {
+        scheduleFailure(FailureType::InvalidURL);
+        return;
+    }
+
     if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use && url.protocolIsInHTTPFamily()) {
         m_user = url.user();
         m_password = url.password();

From b089d5f9e8e6d7966d4094f23a437b4bbe7de0f9 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 22:13:46 -0800
Subject: [PATCH 037/174] Fix some layout tests after 290596@main
 https://bugs.webkit.org/show_bug.cgi?id=288282

Unreviewed.

* LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt:
* LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html:
* LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt:

Canonical link: https://commits.webkit.org/290858@main
---
 .../tests/dom/noreferrer-window-not-targetable-expected.txt | 2 +-
 .../http/tests/dom/noreferrer-window-not-targetable.html    | 6 +-----
 .../sandboxed-iframe-download-not-allowed-expected.txt      | 2 --
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt b/LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt
index b69451ffbfc69..9ebeb73aeb2f7 100644
--- a/LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt
+++ b/LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt
@@ -4,7 +4,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 
 
 PASS w.location.href is "about:blank"
-PASS testRunner.windowCount() is 2
+PASS testRunner.windowCount() is 3
 PASS successfullyParsed is true
 
 TEST COMPLETE
diff --git a/LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html b/LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html
index 6a005e9f58530..c18e92711ac83 100644
--- a/LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html
+++ b/LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html
@@ -16,11 +16,7 @@
         shouldBeEqualToString("w.location.href", "about:blank");
         w.onload = function() {
             if (window.testRunner) {
-                if (testRunner.isWebKit2) {
-                    shouldBe("testRunner.windowCount()", "2");
-                } else {
-                    shouldBe("testRunner.windowCount()", "3");
-                }
+                shouldBe("testRunner.windowCount()", "3");
             }
             finishJSTest();
         }
diff --git a/LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt b/LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt
index 8b85242e322b0..298b234dfd829 100644
--- a/LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt
+++ b/LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt
@@ -1,7 +1,5 @@
 CONSOLE MESSAGE: Not allowed to download due to sandboxing
 CONSOLE MESSAGE: Not allowed to download due to sandboxing
-CONSOLE MESSAGE: Not allowed to download due to sandboxing
-CONSOLE MESSAGE: Not allowed to download due to sandboxing
 This test passes if no download is started.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

From a3dded6670b8b8cfda8658107a6dc97e6754753c Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 22:38:42 -0800
Subject: [PATCH 038/174] Always call completion handlers in
 FullscreenManager::exitFullscreen
 https://bugs.webkit.org/show_bug.cgi?id=288276 rdar://145343638

Reviewed by Tim Nguyen.

I made a mistake, resulting in timing-dependent assertions when run loops terminate.
This introduces CompletionHandlerScope to call the CompletionHandler if it goes out
of scope when the queueTask call is never queued.

* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::exitFullscreen):

Canonical link: https://commits.webkit.org/290859@main
---
 Source/WebCore/dom/FullscreenManager.cpp | 25 +++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index d4f550f73715b..f6c0daff57cdf 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -85,6 +85,22 @@ Element* FullscreenManager::fullscreenElement() const
     return nullptr;
 }
 
+class CompletionHandlerScope final {
+public:
+    CompletionHandlerScope(CompletionHandler<void(ExceptionOr<void>)>&& completionHandler)
+        : m_completionHandler(WTFMove(completionHandler)) { }
+    CompletionHandlerScope(CompletionHandlerScope&&) = default;
+    CompletionHandlerScope& operator=(CompletionHandlerScope&&) = default;
+    ~CompletionHandlerScope()
+    {
+        if (m_completionHandler)
+            m_completionHandler({ });
+    }
+    CompletionHandler<void(ExceptionOr<void>)> release() { return WTFMove(m_completionHandler); }
+private:
+    CompletionHandler<void(ExceptionOr<void>)> m_completionHandler;
+};
+
 // https://fullscreen.spec.whatwg.org/#dom-element-requestfullscreen
 void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, FullscreenCheckType checkType, CompletionHandler<void(ExceptionOr<void>)>&& completionHandler, HTMLMediaElementEnums::VideoFullscreenMode mode)
 {
@@ -165,7 +181,8 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
 
     INFO_LOG(identifier);
 
-    protectedDocument()->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WeakPtr { *this }, element = WTFMove(element), completionHandler = WTFMove(completionHandler), hasKeyboardAccess, fullscreenElementReadyCheck, handleError, identifier, mode] () mutable {
+    protectedDocument()->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WeakPtr { *this }, element = WTFMove(element), scope = CompletionHandlerScope(WTFMove(completionHandler)), hasKeyboardAccess, fullscreenElementReadyCheck, handleError, identifier, mode] () mutable {
+        auto completionHandler = scope.release();
         CheckedPtr checkedThis = weakThis.get();
         if (!checkedThis)
             return completionHandler(Exception { ExceptionCode::TypeError });
@@ -204,7 +221,8 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
         // 5. Return, and run the remaining steps asynchronously.
         // 6. Optionally, perform some animation.
         m_areKeysEnabledInFullscreen = hasKeyboardAccess;
-        document->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WTFMove(weakThis), element = WTFMove(element), completionHandler = WTFMove(completionHandler), handleError = WTFMove(handleError), identifier, mode] () mutable {
+        document->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WTFMove(weakThis), element = WTFMove(element), scope = CompletionHandlerScope(WTFMove(completionHandler)), handleError = WTFMove(handleError), identifier, mode] () mutable {
+            auto completionHandler = scope.release();
             CheckedPtr checkedThis = weakThis.get();
             if (!checkedThis)
                 return completionHandler(Exception { ExceptionCode::TypeError });
@@ -332,7 +350,8 @@ void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)
     m_pendingExitFullscreen = true;
 
     // Return promise, and run the remaining steps in parallel.
-    exitingDocument->eventLoop().queueTask(TaskSource::MediaElement, [this, completionHandler = WTFMove(completionHandler), weakThis = WeakPtr { *this }, mode, identifier = LOGIDENTIFIER] () mutable {
+    exitingDocument->eventLoop().queueTask(TaskSource::MediaElement, [this, scope = CompletionHandlerScope(WTFMove(completionHandler)), weakThis = WeakPtr { *this }, mode, identifier = LOGIDENTIFIER] () mutable {
+        auto completionHandler = scope.release();
         CheckedPtr checkedThis = weakThis.get();
         if (!checkedThis)
             return completionHandler({ });

From 6dd55289e6362820166b2296b07f6f3cbef97946 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Fri, 21 Feb 2025 22:40:43 -0800
Subject: [PATCH 039/174] Fix WKDownload.originatingFrame of downloads
 originated without a frame https://bugs.webkit.org/show_bug.cgi?id=288253
 rdar://145328556

Reviewed by Chris Dumez.

WKDownload.originatingFrame is a non-nullable property, and it has non-nullable properties
WKFrameInfo.request and securityOrigin.  We were returning null for those properties, which
could cause crashes in Swift.  This will fix those crashes by making a fake WKFrameInfo that
represents a frame that doesn't exist that has loaded about:blank.

* Source/WebKit/UIProcess/API/APINavigation.h:
(API::Navigation::originatingFrameInfo const):
* Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp:
(WebKit::legacyEmptyFrameInfo):
(WebKit::DownloadProxy::DownloadProxy):
* Source/WebKit/UIProcess/Downloads/DownloadProxy.h:
* Source/WebKit/UIProcess/Downloads/DownloadProxyMap.cpp:
(WebKit::DownloadProxyMap::createDownloadProxy):
* Source/WebKit/UIProcess/Downloads/DownloadProxyMap.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::createDownloadProxy):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedPolicyDecision):
(WebKit::WebPageProxy::receivedNavigationResponsePolicyDecision):
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::download):
(WebKit::WebProcessPool::createDownloadProxy):
* Source/WebKit/UIProcess/WebProcessPool.h:
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::createDownloadProxy):
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm:
(TestWebKitAPI::OriginatingFrameAndUserGesture)):

Canonical link: https://commits.webkit.org/290860@main
---
 Source/WebKit/UIProcess/API/APINavigation.h   |  4 +--
 .../UIProcess/Downloads/DownloadProxy.cpp     | 27 +++++++++++++++++--
 .../UIProcess/Downloads/DownloadProxy.h       |  2 +-
 .../UIProcess/Downloads/DownloadProxyMap.cpp  |  2 +-
 .../UIProcess/Downloads/DownloadProxyMap.h    |  2 +-
 .../UIProcess/Network/NetworkProcessProxy.cpp |  2 +-
 .../UIProcess/Network/NetworkProcessProxy.h   |  2 +-
 Source/WebKit/UIProcess/WebPageProxy.cpp      |  4 +--
 Source/WebKit/UIProcess/WebProcessPool.cpp    |  4 +--
 Source/WebKit/UIProcess/WebProcessPool.h      |  4 +--
 .../WebsiteData/WebsiteDataStore.cpp          |  2 +-
 .../UIProcess/WebsiteData/WebsiteDataStore.h  |  2 +-
 .../Tests/WebKitCocoa/Download.mm             |  4 ++-
 13 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/Source/WebKit/UIProcess/API/APINavigation.h b/Source/WebKit/UIProcess/API/APINavigation.h
index a39ef2ee49596..a45bbcf60f9f9 100644
--- a/Source/WebKit/UIProcess/API/APINavigation.h
+++ b/Source/WebKit/UIProcess/API/APINavigation.h
@@ -147,7 +147,7 @@ class Navigation : public ObjectImpl<Object::Type::Navigation> {
     const WebKit::NavigationActionData& lastNavigationAction() const { return m_lastNavigationAction; }
 
     void setOriginatingFrameInfo(const WebKit::FrameInfoData& frameInfo) { m_originatingFrameInfo = frameInfo; }
-    const WebKit::FrameInfoData& originatingFrameInfo() const { return m_originatingFrameInfo; }
+    const std::optional<WebKit::FrameInfoData>& originatingFrameInfo() const { return m_originatingFrameInfo; }
 
     void setDestinationFrameSecurityOrigin(const WebCore::SecurityOriginData& origin) { m_destinationFrameSecurityOrigin = origin; }
     const WebCore::SecurityOriginData& destinationFrameSecurityOrigin() const { return m_destinationFrameSecurityOrigin; }
@@ -199,7 +199,7 @@ class Navigation : public ObjectImpl<Object::Type::Navigation> {
     std::optional<WebCore::FrameLoadType> m_backForwardFrameLoadType;
     std::unique_ptr<SubstituteData> m_substituteData;
     WebKit::NavigationActionData m_lastNavigationAction;
-    WebKit::FrameInfoData m_originatingFrameInfo;
+    std::optional<WebKit::FrameInfoData> m_originatingFrameInfo;
     WebCore::SecurityOriginData m_destinationFrameSecurityOrigin;
     bool m_userContentExtensionsEnabled { true };
     WebKit::WebContentMode m_effectiveContentMode { WebKit::WebContentMode::Recommended };
diff --git a/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp b/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp
index 8fe224d8c374d..5d0385c213e49 100644
--- a/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp
+++ b/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp
@@ -55,14 +55,37 @@
 namespace WebKit {
 using namespace WebCore;
 
-DownloadProxy::DownloadProxy(DownloadProxyMap& downloadProxyMap, WebsiteDataStore& dataStore, API::DownloadClient& client, const ResourceRequest& resourceRequest, const FrameInfoData& frameInfoData, WebPageProxy* originatingPage)
+static FrameInfoData legacyEmptyFrameInfo()
+{
+    constexpr bool isMainFrame { false };
+    constexpr bool isFocused { false };
+    constexpr bool errorOccurred { false };
+
+    return FrameInfoData {
+        isMainFrame,
+        FrameType::Local,
+        ResourceRequest { aboutBlankURL() },
+        SecurityOriginData::createOpaque(),
+        String { },
+        FrameIdentifier::generate(),
+        std::nullopt,
+        std::nullopt,
+        CertificateInfo { },
+        getCurrentProcessID(),
+        isFocused,
+        errorOccurred,
+        WebFrameMetrics { }
+    };
+}
+
+DownloadProxy::DownloadProxy(DownloadProxyMap& downloadProxyMap, WebsiteDataStore& dataStore, API::DownloadClient& client, const ResourceRequest& resourceRequest, const std::optional<FrameInfoData>& frameInfoData, WebPageProxy* originatingPage)
     : m_downloadProxyMap(downloadProxyMap)
     , m_dataStore(&dataStore)
     , m_client(client)
     , m_downloadID(DownloadID::generate())
     , m_request(resourceRequest)
     , m_originatingPage(originatingPage)
-    , m_frameInfo(API::FrameInfo::create(FrameInfoData { frameInfoData }, originatingPage))
+    , m_frameInfo(frameInfoData ? API::FrameInfo::create(FrameInfoData { *frameInfoData }, originatingPage) : API::FrameInfo::create(legacyEmptyFrameInfo(), originatingPage))
 #if HAVE(MODERN_DOWNLOADPROGRESS)
     , m_assertion(ProcessAssertion::create(getCurrentProcessID(), "WebKit DownloadProxy DecideDestination"_s, ProcessAssertionType::FinishTaskInterruptable))
 #endif
diff --git a/Source/WebKit/UIProcess/Downloads/DownloadProxy.h b/Source/WebKit/UIProcess/Downloads/DownloadProxy.h
index 5c48a4c5f1747..d82b401d7d58a 100644
--- a/Source/WebKit/UIProcess/Downloads/DownloadProxy.h
+++ b/Source/WebKit/UIProcess/Downloads/DownloadProxy.h
@@ -131,7 +131,7 @@ class DownloadProxy : public API::ObjectImpl<API::Object::Type::Download>, publi
     void decideDestinationWithSuggestedFilename(const WebCore::ResourceResponse&, String&& suggestedFilename, DecideDestinationCallback&&);
 
 private:
-    explicit DownloadProxy(DownloadProxyMap&, WebsiteDataStore&, API::DownloadClient&, const WebCore::ResourceRequest&, const FrameInfoData&, WebPageProxy*);
+    explicit DownloadProxy(DownloadProxyMap&, WebsiteDataStore&, API::DownloadClient&, const WebCore::ResourceRequest&, const std::optional<FrameInfoData>&, WebPageProxy*);
 
     Ref<API::DownloadClient> protectedClient() const;
     RefPtr<WebsiteDataStore> protectedDataStore() { return m_dataStore; }
diff --git a/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.cpp b/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.cpp
index 67493062fdb43..272bcb3f827ea 100644
--- a/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.cpp
+++ b/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.cpp
@@ -87,7 +87,7 @@ void DownloadProxyMap::platformDestroy()
 }
 #endif
 
-Ref<DownloadProxy> DownloadProxyMap::createDownloadProxy(WebsiteDataStore& dataStore, Ref<API::DownloadClient>&& client, const WebCore::ResourceRequest& resourceRequest, const FrameInfoData& frameInfo, WebPageProxy* originatingPage)
+Ref<DownloadProxy> DownloadProxyMap::createDownloadProxy(WebsiteDataStore& dataStore, Ref<API::DownloadClient>&& client, const WebCore::ResourceRequest& resourceRequest, const std::optional<FrameInfoData>& frameInfo, WebPageProxy* originatingPage)
 {
     auto downloadProxy = DownloadProxy::create(*this, dataStore, WTFMove(client), resourceRequest, frameInfo, originatingPage);
     m_downloads.set(downloadProxy->downloadID(), downloadProxy.copyRef());
diff --git a/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.h b/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.h
index 6bed156c5e20d..a9de081d2478f 100644
--- a/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.h
+++ b/Source/WebKit/UIProcess/Downloads/DownloadProxyMap.h
@@ -60,7 +60,7 @@ class DownloadProxyMap : public CanMakeWeakPtr<DownloadProxyMap> {
     explicit DownloadProxyMap(NetworkProcessProxy&);
     ~DownloadProxyMap();
 
-    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, const FrameInfoData&, WebPageProxy* originatingPage);
+    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, const std::optional<FrameInfoData>&, WebPageProxy* originatingPage);
     void downloadFinished(DownloadProxy&);
 
     bool isEmpty() const { return m_downloads.isEmpty(); }
diff --git a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
index e952de7456d82..2adc88c448427 100644
--- a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
+++ b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
@@ -361,7 +361,7 @@ void NetworkProcessProxy::synthesizeAppIsBackground(bool background)
         applicationWillEnterForeground();
 }
 
-Ref<DownloadProxy> NetworkProcessProxy::createDownloadProxy(WebsiteDataStore& dataStore, Ref<API::DownloadClient>&& client, const ResourceRequest& resourceRequest, const FrameInfoData& frameInfo, WebPageProxy* originatingPage)
+Ref<DownloadProxy> NetworkProcessProxy::createDownloadProxy(WebsiteDataStore& dataStore, Ref<API::DownloadClient>&& client, const ResourceRequest& resourceRequest, const std::optional<FrameInfoData>& frameInfo, WebPageProxy* originatingPage)
 {
     if (!m_downloadProxyMap)
         m_downloadProxyMap = makeUniqueWithoutRefCountedCheck<DownloadProxyMap>(*this);
diff --git a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
index fa79d399917eb..4857537c69a60 100644
--- a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
+++ b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
@@ -137,7 +137,7 @@ class NetworkProcessProxy final : public AuxiliaryProcessProxy {
 
     void sharedPreferencesForWebProcessDidChange(WebProcessProxy&, SharedPreferencesForWebProcess&&, CompletionHandler<void()>&&);
 
-    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, const FrameInfoData&, WebPageProxy* originatingPage);
+    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, const std::optional<FrameInfoData>&, WebPageProxy* originatingPage);
     void dataTaskWithRequest(WebPageProxy&, PAL::SessionID, WebCore::ResourceRequest&&, const std::optional<WebCore::SecurityOriginData>& topOrigin, bool shouldRunAtForegroundPriority, CompletionHandler<void(API::DataTask&)>&&);
 
     void addAllowedFirstPartyForCookies(WebProcessProxy&, const WebCore::RegistrableDomain& firstPartyForCookies, LoadedWebArchive, CompletionHandler<void()>&&);
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index e31ed810cb6dd..dc56bbddb5e15 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -4987,7 +4987,7 @@ void WebPageProxy::receivedPolicyDecision(PolicyAction action, API::Navigation*
     std::optional<DownloadID> downloadID;
     if (action == PolicyAction::Download) {
         // Create a download proxy.
-        auto download = m_legacyMainFrameProcess->protectedProcessPool()->createDownloadProxy(m_websiteDataStore, navigationAction->request(), this, navigation ? navigation->originatingFrameInfo() : FrameInfoData { });
+        auto download = m_legacyMainFrameProcess->protectedProcessPool()->createDownloadProxy(m_websiteDataStore, navigationAction->request(), this, navigation ? std::optional(navigation->originatingFrameInfo()) : std::nullopt);
         download->setDidStartCallback([weakThis = WeakPtr { *this }, navigationAction = WTFMove(navigationAction)] (auto* downloadProxy) {
             RefPtr protectedThis = weakThis.get();
             if (!protectedThis || !downloadProxy)
@@ -5024,7 +5024,7 @@ void WebPageProxy::receivedNavigationResponsePolicyDecision(WebCore::PolicyActio
 
     std::optional<DownloadID> downloadID;
     if (action == PolicyAction::Download) {
-        auto download = m_legacyMainFrameProcess->protectedProcessPool()->createDownloadProxy(m_websiteDataStore, request, this, navigation ? navigation->originatingFrameInfo() : FrameInfoData { });
+        auto download = m_legacyMainFrameProcess->protectedProcessPool()->createDownloadProxy(m_websiteDataStore, request, this, navigation ? std::optional(navigation->originatingFrameInfo()) : std::nullopt);
         download->setDidStartCallback([weakThis = WeakPtr { *this }, navigationResponse = WTFMove(navigationResponse)] (auto* downloadProxy) {
             RefPtr protectedThis = weakThis.get();
             if (!protectedThis || !downloadProxy)
diff --git a/Source/WebKit/UIProcess/WebProcessPool.cpp b/Source/WebKit/UIProcess/WebProcessPool.cpp
index 17c3999389c9d..c035cc55b3810 100644
--- a/Source/WebKit/UIProcess/WebProcessPool.cpp
+++ b/Source/WebKit/UIProcess/WebProcessPool.cpp
@@ -1346,7 +1346,7 @@ bool WebProcessPool::hasPagesUsingWebsiteDataStore(WebsiteDataStore& dataStore)
     return m_sessionToPageIDsMap.contains(dataStore.sessionID());
 }
 
-Ref<DownloadProxy> WebProcessPool::download(WebsiteDataStore& dataStore, WebPageProxy* initiatingPage, const ResourceRequest& request, const FrameInfoData& frameInfo, const String& suggestedFilename)
+Ref<DownloadProxy> WebProcessPool::download(WebsiteDataStore& dataStore, WebPageProxy* initiatingPage, const ResourceRequest& request, const std::optional<FrameInfoData>& frameInfo, const String& suggestedFilename)
 {
     Ref downloadProxy = createDownloadProxy(dataStore, request, initiatingPage, frameInfo);
     dataStore.download(downloadProxy, suggestedFilename);
@@ -1569,7 +1569,7 @@ void WebProcessPool::setDefaultRequestTimeoutInterval(double timeoutInterval)
     sendToAllProcesses(Messages::WebProcess::SetDefaultRequestTimeoutInterval(timeoutInterval));
 }
 
-Ref<DownloadProxy> WebProcessPool::createDownloadProxy(WebsiteDataStore& dataStore, const ResourceRequest& request, WebPageProxy* originatingPage, const FrameInfoData& frameInfo)
+Ref<DownloadProxy> WebProcessPool::createDownloadProxy(WebsiteDataStore& dataStore, const ResourceRequest& request, WebPageProxy* originatingPage, const std::optional<FrameInfoData>& frameInfo)
 {
     Ref client = m_legacyDownloadClient ? Ref<API::DownloadClient>(*m_legacyDownloadClient) : adoptRef(*new API::DownloadClient);
     return dataStore.createDownloadProxy(WTFMove(client), request, originatingPage, frameInfo);
diff --git a/Source/WebKit/UIProcess/WebProcessPool.h b/Source/WebKit/UIProcess/WebProcessPool.h
index 8efef86f9fd7a..5e6648e40d7b5 100644
--- a/Source/WebKit/UIProcess/WebProcessPool.h
+++ b/Source/WebKit/UIProcess/WebProcessPool.h
@@ -251,7 +251,7 @@ class WebProcessPool final
 
     const String& injectedBundlePath() const { return m_configuration->injectedBundlePath(); }
 
-    Ref<DownloadProxy> download(WebsiteDataStore&, WebPageProxy* initiatingPage, const WebCore::ResourceRequest&, const FrameInfoData&, const String& suggestedFilename = { });
+    Ref<DownloadProxy> download(WebsiteDataStore&, WebPageProxy* initiatingPage, const WebCore::ResourceRequest&, const std::optional<FrameInfoData>&, const String& suggestedFilename = { });
     Ref<DownloadProxy> resumeDownload(WebsiteDataStore&, WebPageProxy* initiatingPage, const API::Data& resumeData, const String& path, CallDownloadDidStart);
 
     void setInjectedBundleInitializationUserData(RefPtr<API::Object>&& userData) { m_injectedBundleInitializationUserData = WTFMove(userData); }
@@ -319,7 +319,7 @@ class WebProcessPool final
     void setEnhancedAccessibility(bool);
     
     // Downloads.
-    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, const WebCore::ResourceRequest&, WebPageProxy* originatingPage, const FrameInfoData&);
+    Ref<DownloadProxy> createDownloadProxy(WebsiteDataStore&, const WebCore::ResourceRequest&, WebPageProxy* originatingPage, const std::optional<FrameInfoData>&);
 
     API::LegacyContextHistoryClient& historyClient() { return *m_historyClient; }
     WebContextClient& client() { return m_client; }
diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
index 5f08b9c25e998..460b0cafbe6d8 100644
--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
@@ -2683,7 +2683,7 @@ void WebsiteDataStore::setEmulatedConditions(std::optional<int64_t>&& bytesPerSe
 
 #endif // ENABLE(INSPECTOR_NETWORK_THROTTLING)
 
-Ref<DownloadProxy> WebsiteDataStore::createDownloadProxy(Ref<API::DownloadClient>&& client, const WebCore::ResourceRequest& request, WebPageProxy* originatingPage, const FrameInfoData& frameInfo)
+Ref<DownloadProxy> WebsiteDataStore::createDownloadProxy(Ref<API::DownloadClient>&& client, const WebCore::ResourceRequest& request, WebPageProxy* originatingPage, const std::optional<FrameInfoData>& frameInfo)
 {
     return protectedNetworkProcess()->createDownloadProxy(*this, WTFMove(client), request, frameInfo, originatingPage);
 }
diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
index fe994b5195e84..b495136083818 100644
--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
@@ -475,7 +475,7 @@ class WebsiteDataStore : public API::ObjectImpl<API::Object::Type::WebsiteDataSt
     void setServiceWorkerOverridePreferences(WebPreferences* preferences) { m_serviceWorkerOverridePreferences = preferences; }
     WebPreferences* serviceWorkerOverridePreferences() const { return m_serviceWorkerOverridePreferences.get(); }
 
-    Ref<DownloadProxy> createDownloadProxy(Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, WebPageProxy* originatingPage, const FrameInfoData&);
+    Ref<DownloadProxy> createDownloadProxy(Ref<API::DownloadClient>&&, const WebCore::ResourceRequest&, WebPageProxy* originatingPage, const std::optional<FrameInfoData>&);
     void download(const DownloadProxy&, const String& suggestedFilename);
     void resumeDownload(const DownloadProxy&, const API::Data&, const String& path, CallDownloadDidStart);
 
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
index 7e6f2a273bb87..9539dab03a136 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
@@ -3180,8 +3180,10 @@ HTTPServer childFrameServer({
     auto emptyWebView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:configuration]);
     checkedDownload = false;
     [emptyWebView startDownloadUsingRequest:request completionHandler:^(WKDownload *download) {
+        EXPECT_NOT_NULL(download.originatingFrame.securityOrigin);
         EXPECT_WK_STREQ(download.originatingFrame.securityOrigin.host, "");
-        EXPECT_WK_STREQ(download.originatingFrame.request.URL.absoluteString, "");
+        EXPECT_NOT_NULL(download.originatingFrame.request);
+        EXPECT_WK_STREQ(download.originatingFrame.request.URL.absoluteString, "about:blank");
         EXPECT_TRUE(download.isUserInitiated);
         checkedDownload = true;
     }];

From b0cdfcd9114c169203b45c79416cbdfc58a667da Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Fri, 21 Feb 2025 23:02:03 -0800
Subject: [PATCH 040/174] Address safer CPP failures in MediaSampleAVFObjC.mm
 https://bugs.webkit.org/show_bug.cgi?id=288229

Reviewed by Ryosuke Niwa.

* Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations:
* Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
(WebCore::MediaSampleAVFObjC::divide):

Canonical link: https://commits.webkit.org/290861@main
---
 .../UncountedLambdaCapturesCheckerExpectations                | 1 -
 .../platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 444df974d18c8..e9c5d4c2fc276 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -139,7 +139,6 @@ platform/encryptedmedia/clearkey/CDMClearKey.cpp
 platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
 platform/graphics/avfoundation/objc/InbandChapterTrackPrivateAVFObjC.mm
-platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
 platform/graphics/cocoa/VideoMediaSampleRenderer.mm
 platform/graphics/filters/FilterOperation.cpp
 platform/mediarecorder/MediaRecorderPrivateEncoder.cpp
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm b/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
index 7a12d600a65e5..234af467dadba 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
@@ -297,8 +297,8 @@ static bool isCMSampleBufferAttachmentNonDisplaying(CFDictionaryRef attachmentDi
 
     Vector<Ref<MediaSampleAVFObjC>> samples;
     samples.reserveInitialCapacity(numSamples);
-    PAL::CMSampleBufferCallBlockForEachSample(m_sample.get(), [&] (CMSampleBufferRef sampleBuffer, CMItemCount) -> OSStatus {
-        samples.append(MediaSampleAVFObjC::create(sampleBuffer, m_id));
+    PAL::CMSampleBufferCallBlockForEachSample(m_sample.get(), [&samples, id = m_id] (CMSampleBufferRef sampleBuffer, CMItemCount) -> OSStatus {
+        samples.append(MediaSampleAVFObjC::create(sampleBuffer, id));
         return noErr;
     });
     return samples;

From e2fd0631b1c4c99f3cbccfe0c8c88aa7c4b6ec09 Mon Sep 17 00:00:00 2001
From: Joshua Hoffman <jhoffman23@apple.com>
Date: Fri, 21 Feb 2025 23:03:15 -0800
Subject: [PATCH 041/174] AX: [AX-Thread Text APIs] Allow
 partialOrderByTraversal to return 'unordered'
 https://bugs.webkit.org/show_bug.cgi?id=288214 rdar://145305918

Reviewed by Tyler Wilcock.

This PR downgrades the release assert in partialOrderByTraversal to allow us to gracefully
handle the case when the isolated and live trees might not be synced, and we can't traverse
between nodes. Now that we return unordered, partialOrder callsites (text marker range
constructors) can be updated to handle this case.

* Source/WebCore/accessibility/AXTextMarker.cpp:
(WebCore::AXTextMarkerRange::AXTextMarkerRange):
(WebCore::AXTextMarker::wordRange const):
(WebCore::AXTextMarker::partialOrderByTraversal const):

Canonical link: https://commits.webkit.org/290862@main
---
 Source/WebCore/accessibility/AXTextMarker.cpp | 34 ++++++++++++++++---
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/Source/WebCore/accessibility/AXTextMarker.cpp b/Source/WebCore/accessibility/AXTextMarker.cpp
index c48583e7fa9ff..939e605b9f030 100644
--- a/Source/WebCore/accessibility/AXTextMarker.cpp
+++ b/Source/WebCore/accessibility/AXTextMarker.cpp
@@ -276,14 +276,28 @@ AXTextMarkerRange::AXTextMarkerRange(const std::optional<SimpleRange>& range)
 
 AXTextMarkerRange::AXTextMarkerRange(const AXTextMarker& start, const AXTextMarker& end)
 {
-    bool reverse = is_gt(partialOrder(start, end));
+    std::partial_ordering order = partialOrder(start, end);
+    if (order == std::partial_ordering::unordered) {
+        m_start = { };
+        m_end = { };
+        return;
+    }
+
+    bool reverse = is_gt(order);
     m_start = reverse ? end : start;
     m_end = reverse ? start : end;
 }
 
 AXTextMarkerRange::AXTextMarkerRange(AXTextMarker&& start, AXTextMarker&& end)
 {
-    bool reverse = is_gt(partialOrder(start, end));
+    std::partial_ordering order = partialOrder(start, end);
+    if (order == std::partial_ordering::unordered) {
+        m_start = { };
+        m_end = { };
+        return;
+    }
+
+    bool reverse = is_gt(order);
     m_start = reverse ? WTFMove(end) : WTFMove(start);
     m_end = reverse ? WTFMove(start) : WTFMove(end);
 }
@@ -1320,13 +1334,19 @@ AXTextMarkerRange AXTextMarker::wordRange(WordRangeType type) const
         endMarker = nextWordEnd();
         startMarker = endMarker.previousWordStart();
         // Don't return a right word if the word start is more than a position away from current text marker (e.g., there's a space between the word and current marker).
-        if (is_gt(partialOrder(startMarker, *this)))
+        std::partial_ordering order = partialOrder(startMarker, *this);
+        if (order == std::partial_ordering::unordered)
+            return { };
+        if (is_gt(order))
             return { *this, *this };
     } else {
         startMarker = previousWordStart();
         endMarker = startMarker.nextWordEnd();
         // Don't return a left word if the word end is more than a position away from current text marker.
-        if (is_lt(partialOrder(endMarker, *this)))
+        std::partial_ordering order = partialOrder(endMarker, *this);
+        if (order == std::partial_ordering::unordered)
+            return { };
+        if (is_lt(order))
             return { *this, *this };
     }
 
@@ -1403,7 +1423,11 @@ std::partial_ordering AXTextMarker::partialOrderByTraversal(const AXTextMarker&
     if (current)
         return std::partial_ordering::greater;
 
-    RELEASE_ASSERT_NOT_REACHED();
+    // It is possible to reach here if the live and isolated trees are not synced, and [next/previous]inPreOrder
+    // is unable to traverse between two nodes. This can happen when an element's parent or subtree is removed and
+    // those updates have not been fully applied.
+    // We don't release assert here, since the callers of partialOrder can now handle unordered ordering.
+    ASSERT_NOT_REACHED();
     return std::partial_ordering::unordered;
 }
 

From 13b9f7bb190fdf3927349d552cd510b271761eaf Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Fri, 21 Feb 2025 23:05:47 -0800
Subject: [PATCH 042/174] Remove `m_fullscreenElement` from `FullscreenManager`
 https://bugs.webkit.org/show_bug.cgi?id=288278 rdar://145344931

Reviewed by Alex Christensen.

Use `fullscreenElement()` instead of storing the element as a member.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::removedLastRef):
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::willExitFullscreen):
(WebCore::FullscreenManager::didExitFullscreen):
(WebCore::FullscreenManager::clear): Deleted.
* Source/WebCore/dom/FullscreenManager.h:

Canonical link: https://commits.webkit.org/290863@main
---
 Source/WebCore/dom/Document.cpp          |  4 ----
 Source/WebCore/dom/FullscreenManager.cpp | 18 ++++++------------
 Source/WebCore/dom/FullscreenManager.h   |  3 ---
 3 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index 7f4225ce8672d..5fdffaab9471f 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -862,10 +862,6 @@ void Document::removedLastRef()
         m_focusNavigationStartingNode = nullptr;
         m_userActionElements.clear();
         m_asyncNodeDeletionQueue.deleteNodesNow();
-#if ENABLE(FULLSCREEN_API)
-        if (CheckedPtr fullscreenManager = m_fullscreenManager.get())
-            m_fullscreenManager->clear();
-#endif
         m_associatedFormControls.clear();
         m_pendingRenderTreeUpdate = { };
 
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index f6c0daff57cdf..4ccda8697f164 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -486,8 +486,6 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
 #endif
         element.willBecomeFullscreenElement();
 
-    m_fullscreenElement = &element;
-
     Vector<Ref<Element>> ancestors { { element } };
     for (RefPtr<Frame> frame = element.document().frame(); frame; frame = frame->tree().parent()) {
         if (RefPtr ownerElement = frame->ownerElement())
@@ -541,9 +539,9 @@ bool FullscreenManager::didEnterFullscreen()
 
 bool FullscreenManager::willExitFullscreen()
 {
-    auto fullscreenElement = m_fullscreenElement;
+    RefPtr fullscreenElement = this->fullscreenElement();
     if (!fullscreenElement) {
-        ERROR_LOG(LOGIDENTIFIER, "No fullscreenElement, bailing");
+        ERROR_LOG(LOGIDENTIFIER, "No fullscreenElement; bailing");
         return false;
     }
 
@@ -566,15 +564,16 @@ void FullscreenManager::didExitFullscreen(CompletionHandler<void(ExceptionOr<voi
     }
     INFO_LOG(LOGIDENTIFIER);
 
+    // Get `fullscreenElement()` before `finishExitFullscreen` clears it.
+    RefPtr exitedFullscreenElement = fullscreenElement();
     if (RefPtr frame = document().frame())
         finishExitFullscreen(frame->mainFrame(), ExitMode::Resize);
 
-    if (auto fullscreenElement = m_fullscreenElement)
-        fullscreenElement->didStopBeingFullscreenElement();
+    if (exitedFullscreenElement)
+        exitedFullscreenElement->didStopBeingFullscreenElement();
 
     m_areKeysEnabledInFullscreen = false;
 
-    m_fullscreenElement = nullptr;
     m_pendingExitFullscreen = false;
 
     completionHandler({ });
@@ -668,11 +667,6 @@ void FullscreenManager::setAnimatingFullscreen(bool flag)
     m_isAnimatingFullscreen = flag;
 }
 
-void FullscreenManager::clear()
-{
-    m_fullscreenElement = nullptr;
-}
-
 void FullscreenManager::emptyEventQueue()
 {
     m_fullscreenChangeEventTargetQueue.clear();
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index bc6ba8afcbe8e..9e76fa0eebe0f 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -88,7 +88,6 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     WEBCORE_EXPORT bool isAnimatingFullscreen() const;
     WEBCORE_EXPORT void setAnimatingFullscreen(bool);
 
-    void clear();
     void emptyEventQueue();
 
 protected:
@@ -115,8 +114,6 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
 
     WeakRef<Document, WeakPtrImplWithEventTargetData> m_document;
 
-    RefPtr<Element> m_fullscreenElement;
-
     Deque<GCReachableRef<Node>> m_fullscreenChangeEventTargetQueue;
     Deque<GCReachableRef<Node>> m_fullscreenErrorEventTargetQueue;
 

From 7721708e4c99720795d94212a93e7ae46c19f427 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 21 Feb 2025 23:31:49 -0800
Subject: [PATCH 043/174] Align document.importNode() with the latest proposal
 https://bugs.webkit.org/show_bug.cgi?id=288193 rdar://145287338

Reviewed by Ryosuke Niwa.

When importNode() is used in the "modern" fashion we want it to clone
the children by default. Therefore we rename the options member from
deep to selfOnly.

New tests are proposed upstream here:
https://github.com/web-platform-tests/wpt/pull/50860

Variable rename from "internals" to "elementInternals" in existing
tests was a change made upstream to account for linting rules.

* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html:
* LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/w3c-import.log: Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::importNode):
* Source/WebCore/dom/Document.h:
* Source/WebCore/dom/Document.idl:
* Source/WebCore/dom/ImportNodeOptions.h:
* Source/WebCore/dom/ImportNodeOptions.idl:

Canonical link: https://commits.webkit.org/290864@main
---
 .../Construct.tentative.html                  |  4 +-
 ...ustomElementRegistry-define.tentative.html |  4 +-
 ...mElementRegistry-initialize.tentative.html |  4 +-
 ...stomElementRegistry-upgrade.tentative.html | 52 ++++++-------
 .../Document-createElement.tentative.html     |  4 +-
 ...Document-importNode.tentative-expected.txt |  9 +++
 .../Document-importNode.tentative.html        | 73 +++++++++++++++----
 ...t-customElements-exceptions.tentative.html |  4 +-
 .../Element-customElements.tentative.html     |  4 +-
 .../Element-innerHTML.tentative.html          |  4 +-
 ...dowRoot-init-customElements.tentative.html |  4 +-
 .../ShadowRoot-innerHTML.tentative.html       |  4 +-
 .../revamped-scoped-registry/w3c-import.log   | 27 +++++++
 Source/WebCore/dom/Document.cpp               | 21 +++---
 Source/WebCore/dom/Document.h                 |  2 +-
 Source/WebCore/dom/Document.idl               |  2 +-
 Source/WebCore/dom/ImportNodeOptions.h        |  2 +-
 Source/WebCore/dom/ImportNodeOptions.idl      |  4 +-
 18 files changed, 154 insertions(+), 74 deletions(-)
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/w3c-import.log

diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html
index b73d2c997455b..8233e6832eb92 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html
index 64a1704689ef3..9ade81bef0ca5 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html
index c7af61b9e2562..7ccc63e2077d6 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <div id="host">
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html
index b3e5b3146844c..575b23e0ee447 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <some-host id="host">
@@ -23,11 +23,11 @@
 <script>
 
 customElements.define('some-host', class SomeHost extends HTMLElement {
-    internals;
+    elementInternals;
 
     constructor() {
         super();
-        this.internals = this.attachInternals();
+        this.elementInternals = this.attachInternals();
     }
 });
 customElements.define('a-b', class GlobalABElement extends HTMLElement { });
@@ -43,28 +43,28 @@
     registry.define('a-b', class ABElement extends HTMLElement { });
 
     const clone = host.cloneNode(true);
-    registry.upgrade(clone.internals.shadowRoot);
-    assert_equals(clone.internals.shadowRoot.querySelector('a-b').__proto__.constructor.name, 'HTMLElement');
+    registry.upgrade(clone.elementInternals.shadowRoot);
+    assert_equals(clone.elementInternals.shadowRoot.querySelector('a-b').__proto__.constructor.name, 'HTMLElement');
 }, 'upgrade is a no-op when called on a shadow root with no association');
 
 test(() => {
     const registry = new CustomElementRegistry;
     registry.define('a-b', class ABElement extends HTMLElement {
-        internals;
+        elementInternals;
 
         constructor() {
             super();
-            this.internals = this.attachInternals();
+            this.elementInternals = this.attachInternals();
         }
     });
 
     const clone = host.cloneNode(true);
-    registry.initialize(clone.internals.shadowRoot);
-    registry.upgrade(clone.internals.shadowRoot);
-    const abElement = clone.internals.shadowRoot.querySelector('a-b');
+    registry.initialize(clone.elementInternals.shadowRoot);
+    registry.upgrade(clone.elementInternals.shadowRoot);
+    const abElement = clone.elementInternals.shadowRoot.querySelector('a-b');
     assert_equals(abElement.__proto__.constructor.name, 'ABElement');
-    assert_equals(abElement.internals.shadowRoot.customElements, null);
-    const cdElement = abElement.internals.shadowRoot.querySelector('c-d');
+    assert_equals(abElement.elementInternals.shadowRoot.customElements, null);
+    const cdElement = abElement.elementInternals.shadowRoot.querySelector('c-d');
     assert_equals(cdElement.__proto__.constructor.name, 'HTMLElement');
     assert_equals(cdElement.customElements, null);
 }, 'upgrade should upgrade a candidate element when called on a shadow root with an association');
@@ -72,39 +72,39 @@
 test(() => {
     const registry = new CustomElementRegistry;
     registry.define('a-b', class ScopedABElement extends HTMLElement {
-        internals;
+        elementInternals;
 
         constructor() {
             super();
-            this.internals = this.attachInternals();
+            this.elementInternals = this.attachInternals();
         }
     });
 
     const clone = host.cloneNode(true);
-    registry.initialize(clone.internals.shadowRoot);
-    registry.upgrade(clone.internals.shadowRoot);
-    const abElement = clone.internals.shadowRoot.querySelector('a-b');
+    registry.initialize(clone.elementInternals.shadowRoot);
+    registry.upgrade(clone.elementInternals.shadowRoot);
+    const abElement = clone.elementInternals.shadowRoot.querySelector('a-b');
     assert_equals(abElement.__proto__.constructor.name, 'ScopedABElement');
-    registry.initialize(abElement.internals.shadowRoot);
-    assert_equals(abElement.internals.shadowRoot.customElements, registry);
-    const cdElement = abElement.internals.shadowRoot.querySelector('c-d');
+    registry.initialize(abElement.elementInternals.shadowRoot);
+    assert_equals(abElement.elementInternals.shadowRoot.customElements, registry);
+    const cdElement = abElement.elementInternals.shadowRoot.querySelector('c-d');
     assert_equals(cdElement.customElements, registry);
 
     registry.define('c-d', class ScopedCDElement extends HTMLElement {
-        internals;
+        elementInternals;
 
         constructor() {
             super();
-            this.internals = this.attachInternals();
+            this.elementInternals = this.attachInternals();
         }
     });
     assert_equals(cdElement.__proto__.constructor.name, 'HTMLElement');
-    registry.upgrade(abElement.internals.shadowRoot);
+    registry.upgrade(abElement.elementInternals.shadowRoot);
     assert_equals(cdElement.__proto__.constructor.name, 'ScopedCDElement');
     assert_equals(cdElement.customElements, registry);
 
-    assert_equals(cdElement.internals.shadowRoot.customElements, window.customElements);
-    const innerAB = cdElement.internals.shadowRoot.querySelector('a-b');
+    assert_equals(cdElement.elementInternals.shadowRoot.customElements, window.customElements);
+    const innerAB = cdElement.elementInternals.shadowRoot.querySelector('a-b');
     assert_equals(innerAB.customElements, window.customElements);
     assert_equals(innerAB.__proto__.constructor.name, 'HTMLElement');
 }, 'upgrade should not upgrade a candidate element not associated with the registry');
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html
index 09b13ead59dde..26745cfd8f813 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative-expected.txt
index 588f622736237..cd940bba69550 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative-expected.txt
@@ -8,4 +8,13 @@ PASS importNode should clone an element originating from a scoped registry using
 PASS importNode should clone a template content using the global registry by default
 PASS importNode should clone a template content using a specified scoped registry
 PASS importNode should clone a template content with a nested template element using a scoped registry
+PASS importNode: don't pass options argument
+PASS importNode: pass options argument with value false
+PASS importNode: pass options argument with value true
+PASS importNode: pass options argument with value undefined
+PASS importNode: pass options argument with value { }
+PASS importNode: pass options argument with value { selfOnly: false }
+PASS importNode: pass options argument with value { selfOnly: true }
+PASS importNode: pass options argument with value { customElements: scopedRegistry }
+PASS importNode: pass options argument with value { customElements: null }
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html
index fa764a48203ff..989dea0b263ae 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <div id="host">
@@ -25,18 +25,21 @@
         </template>
     </some-element>
 </template>
+<div id="root">
+    <span></span>
+</div>
 <script>
 
 const scopedRegistry = new CustomElementRegistry();
 const emptyRegistry = new CustomElementRegistry();
 class GlobalSomeElement extends HTMLElement {
-    internals;
+    elementInternals;
 
     constructor() {
         super();
-        this.internals = this.attachInternals();
-        if (this.internals.shadowRoot)
-            scopedRegistry.initialize(this.internals.shadowRoot);
+        this.elementInternals = this.attachInternals();
+        if (this.elementInternals.shadowRoot)
+            scopedRegistry.initialize(this.elementInternals.shadowRoot);
     }
 };
 class GlobalOtherElement extends HTMLElement {};
@@ -54,7 +57,7 @@
 }, 'importNode should clone using the specified scoped regsitry');
 
 test(() => {
-    const clone = document.importNode(host, {deep: true, customElements: scopedRegistry});
+    const clone = document.importNode(host, {selfOnly: false, customElements: scopedRegistry});
     assert_equals(clone.shadowRoot.querySelector('some-element').__proto__.constructor.name, 'HTMLElement');
     assert_false(clone.shadowRoot.querySelector('some-element') instanceof GlobalSomeElement);
     assert_false(clone.shadowRoot.querySelector('some-element') instanceof ScopedSomeElement);
@@ -63,14 +66,14 @@
 }, 'importNode should preserve null-ness of custom element registry');
 
 test(() => {
-    const clone = document.importNode(host.shadowRoot.querySelector('div'), {deep: true});
+    const clone = document.importNode(host.shadowRoot.querySelector('div'), {selfOnly: false});
     assert_equals(clone.customElements, window.customElements);
     assert_true(clone.querySelector('some-element') instanceof GlobalSomeElement);
     assert_true(clone.querySelector('other-element') instanceof GlobalOtherElement);
 }, 'importNode should clone a shadow host with a declarative shadow DOM using the global registry by default');
 
 test(() => {
-    const clone = document.importNode(host.shadowRoot.querySelector('div'), {deep: true, customElements: scopedRegistry});
+    const clone = document.importNode(host.shadowRoot.querySelector('div'), {selfOnly: false, customElements: scopedRegistry});
     assert_equals(clone.customElements, scopedRegistry);
     assert_true(clone.querySelector('some-element') instanceof ScopedSomeElement);
     assert_false(clone.querySelector('other-element') instanceof GlobalOtherElement);
@@ -79,7 +82,7 @@
 test(() => {
     const element = document.createElement('div', {customElements: emptyRegistry});
     element.innerHTML = '<some-element></some-element><other-element></other-element>';
-    const clone = document.importNode(element, {deep: true, customElements: scopedRegistry});
+    const clone = document.importNode(element, {selfOnly: false, customElements: scopedRegistry});
     assert_equals(clone.customElements, scopedRegistry);
     assert_true(clone.querySelector('some-element') instanceof ScopedSomeElement);
     assert_false(clone.querySelector('other-element') instanceof GlobalOtherElement);
@@ -90,7 +93,7 @@
     template.innerHTML = '<div><some-element>hello</some-element><other-element>world</other-element></div>';
     assert_equals(template.content.querySelector('some-element').__proto__.constructor.name, 'HTMLElement');
     assert_equals(template.content.querySelector('other-element').__proto__.constructor.name, 'HTMLElement');
-    const clone = document.importNode(template.content, {deep: true});
+    const clone = document.importNode(template.content, {selfOnly: false});
     assert_equals(clone.querySelector('some-element').customElements, window.customElements);
     assert_equals(clone.querySelector('some-element').__proto__.constructor.name, 'GlobalSomeElement');
     assert_equals(clone.querySelector('other-element').__proto__.constructor.name, 'GlobalOtherElement');
@@ -101,7 +104,7 @@
     template.innerHTML = '<div><some-element>hello</some-element><other-element>world</other-element></div>';
     assert_equals(template.content.querySelector('some-element').__proto__.constructor.name, 'HTMLElement');
     assert_equals(template.content.querySelector('other-element').__proto__.constructor.name, 'HTMLElement');
-    const clone = document.importNode(template.content, {deep: true, customElements: scopedRegistry});
+    const clone = document.importNode(template.content, {selfOnly: false, customElements: scopedRegistry});
     assert_equals(clone.querySelector('some-element').customElements, scopedRegistry);
     assert_equals(clone.querySelector('some-element').__proto__.constructor.name, 'ScopedSomeElement');
     assert_equals(clone.querySelector('other-element').__proto__.constructor.name, 'HTMLElement');
@@ -124,7 +127,7 @@
 </div>`;
     assert_equals(template.content.querySelector('some-element').__proto__.constructor.name, 'HTMLElement');
     assert_equals(template.content.querySelector('other-element').__proto__.constructor.name, 'HTMLElement');
-    const clone = document.importNode(template.content, {deep: true});
+    const clone = document.importNode(template.content, {selfOnly: false});
     assert_equals(clone.querySelector('some-element').customElements, window.customElements);
     assert_equals(clone.querySelector('some-element').__proto__.constructor.name, 'GlobalSomeElement');
     const otherElementInTemplate = clone.querySelector('template').content.querySelector('other-element');
@@ -132,6 +135,50 @@
     assert_equals(clone.querySelector('other-element').__proto__.constructor.name, 'GlobalOtherElement');
 }, 'importNode should clone a template content with a nested template element using a scoped registry');
 
+test(() => {
+    const clone = document.importNode(root);
+    assert_false(clone.hasChildNodes());
+}, "importNode: don't pass options argument");
+
+test(() => {
+    const clone = document.importNode(root, false);
+    assert_false(clone.hasChildNodes());
+}, "importNode: pass options argument with value false");
+
+test(() => {
+    const clone = document.importNode(root, true);
+    assert_true(clone.hasChildNodes());
+}, "importNode: pass options argument with value true");
+
+test(() => {
+    const clone = document.importNode(root, undefined);
+    assert_false(clone.hasChildNodes());
+}, "importNode: pass options argument with value undefined");
+
+test(() => {
+    const clone = document.importNode(root, { });
+    assert_true(clone.hasChildNodes());
+}, "importNode: pass options argument with value { }");
+
+test(() => {
+    const clone = document.importNode(root, { selfOnly: false });
+    assert_true(clone.hasChildNodes());
+}, "importNode: pass options argument with value { selfOnly: false }");
+
+test(() => {
+    const clone = document.importNode(root, { selfOnly: true });
+    assert_false(clone.hasChildNodes());
+}, "importNode: pass options argument with value { selfOnly: true }");
+
+test(() => {
+    const clone = document.importNode(root, { customElements: scopedRegistry });
+    assert_true(clone.hasChildNodes());
+}, "importNode: pass options argument with value { customElements: scopedRegistry }");
+
+test(() => {
+    assert_throws_js(TypeError, () => document.importNode(root, { customElements: null }));
+}, "importNode: pass options argument with value { customElements: null }");
+
 </script>
 </body>
 </html>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html
index a4f29527cbc4f..4442c04c53de4 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <div id="host-window"><template shadowrootmode="open"><a-b></a-b></template></div>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html
index b1709c63e90ad..e27074d5eb650 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <div id="host-window"><template shadowrootmode="open" shadowrootclonable="true"><a-b></a-b></template></div>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html
index d5ec0f8c83808..dcbbbdcd673e7 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html
index 513011aadfd90..b9240d8666b2a 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html
index 8f37d4bd7dbeb..9cfa1759d391f 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html
@@ -3,8 +3,8 @@
 <head>
 <meta name="author" title="Ryosuke Niwa" href="mailto:rniwa@webkit.org">
 <link rel="help" href="https://github.com/whatwg/html/issues/10854">
-<script src="../../resources/testharness.js"></script>
-<script src="../../resources/testharnessreport.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
 </head>
 <body>
 <script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/w3c-import.log
new file mode 100644
index 0000000000000..291213dab94db
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/w3c-import.log
@@ -0,0 +1,27 @@
+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the WPT github:
+	https://github.com/web-platform-tests/wpt
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Construct.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-define.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-initialize.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/CustomElementRegistry-upgrade.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-createElement.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Document-importNode.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements-exceptions.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-customElements.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/Element-innerHTML.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-init-customElements.tentative.html
+/LayoutTests/imported/w3c/web-platform-tests/custom-elements/revamped-scoped-registry/ShadowRoot-innerHTML.tentative.html
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index 5fdffaab9471f..ff6b983dbac21 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -1591,19 +1591,16 @@ Ref<CSSStyleDeclaration> Document::createCSSStyleDeclaration()
     return propertySet->ensureCSSStyleDeclaration();
 }
 
-ExceptionOr<Ref<Node>> Document::importNode(Node& nodeToImport, std::optional<std::variant<bool, ImportNodeOptions>>&& argument)
+ExceptionOr<Ref<Node>> Document::importNode(Node& nodeToImport, std::variant<bool, ImportNodeOptions>&& argument)
 {
-    bool deep = false;
+    bool subtree = false;
     RefPtr<CustomElementRegistry> registry;
-    if (argument) {
-        auto argumentValue = argument.value();
-        if (std::holds_alternative<ImportNodeOptions>(argumentValue)) {
-            auto options = std::get<ImportNodeOptions>(argumentValue);
-            deep = options.deep;
-            registry = WTFMove(options.customElements);
-        } else if (std::get<bool>(argumentValue))
-            deep = true;
-    }
+    if (std::holds_alternative<ImportNodeOptions>(argument)) {
+        auto options = std::get<ImportNodeOptions>(argument);
+        subtree = !options.selfOnly;
+        registry = WTFMove(options.customElements);
+    } else if (std::get<bool>(argument))
+        subtree = true;
     if (!registry)
         registry = customElementRegistry();
     switch (nodeToImport.nodeType()) {
@@ -1616,7 +1613,7 @@ ExceptionOr<Ref<Node>> Document::importNode(Node& nodeToImport, std::optional<st
     case Node::CDATA_SECTION_NODE:
     case Node::PROCESSING_INSTRUCTION_NODE:
     case Node::COMMENT_NODE:
-        return nodeToImport.cloneNodeInternal(*this, deep ? Node::CloningOperation::Everything : Node::CloningOperation::OnlySelf, registry.get());
+        return nodeToImport.cloneNodeInternal(*this, subtree ? Node::CloningOperation::Everything : Node::CloningOperation::OnlySelf, registry.get());
 
     case Node::ATTRIBUTE_NODE: {
         auto& attribute = uncheckedDowncast<Attr>(nodeToImport);
diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h
index b6ff6a7d7f4b1..d1f0454ef3660 100644
--- a/Source/WebCore/dom/Document.h
+++ b/Source/WebCore/dom/Document.h
@@ -514,7 +514,7 @@ class Document
     WEBCORE_EXPORT ExceptionOr<Ref<ProcessingInstruction>> createProcessingInstruction(String&& target, String&& data);
     WEBCORE_EXPORT ExceptionOr<Ref<Attr>> createAttribute(const AtomString& name);
     WEBCORE_EXPORT ExceptionOr<Ref<Attr>> createAttributeNS(const AtomString& namespaceURI, const AtomString& qualifiedName, bool shouldIgnoreNamespaceChecks = false);
-    WEBCORE_EXPORT ExceptionOr<Ref<Node>> importNode(Node& nodeToImport, std::optional<std::variant<bool, ImportNodeOptions>>&&);
+    WEBCORE_EXPORT ExceptionOr<Ref<Node>> importNode(Node& nodeToImport, std::variant<bool, ImportNodeOptions>&&);
     WEBCORE_EXPORT ExceptionOr<Ref<Element>> createElementNS(const AtomString& namespaceURI, const AtomString& qualifiedName);
 
     WEBCORE_EXPORT Ref<Element> createElement(const QualifiedName&, bool createdByParser, CustomElementRegistry* = nullptr);
diff --git a/Source/WebCore/dom/Document.idl b/Source/WebCore/dom/Document.idl
index 61f041478dba7..5045b58c10177 100644
--- a/Source/WebCore/dom/Document.idl
+++ b/Source/WebCore/dom/Document.idl
@@ -68,7 +68,7 @@ typedef (HTMLScriptElement or SVGScriptElement) HTMLOrSVGScriptElement;
     [NewObject] Comment createComment(DOMString data);
     [NewObject] ProcessingInstruction createProcessingInstruction(DOMString target, DOMString data);
 
-    [CEReactions=Needed, NewObject] Node importNode(Node node, optional (boolean or ImportNodeOptions) options);
+    [CEReactions=Needed, NewObject] Node importNode(Node node, optional (boolean or ImportNodeOptions) options = false);
     [CEReactions=Needed] Node adoptNode(Node node);
 
     [NewObject] Attr createAttribute([AtomString] DOMString localName);
diff --git a/Source/WebCore/dom/ImportNodeOptions.h b/Source/WebCore/dom/ImportNodeOptions.h
index d78ea06f7eba6..f352825326083 100644
--- a/Source/WebCore/dom/ImportNodeOptions.h
+++ b/Source/WebCore/dom/ImportNodeOptions.h
@@ -32,7 +32,7 @@ namespace WebCore {
 class CustomElementRegistry;
 
 struct ImportNodeOptions {
-    bool deep { false };
+    bool selfOnly { false };
     RefPtr<CustomElementRegistry> customElements;
 };
 
diff --git a/Source/WebCore/dom/ImportNodeOptions.idl b/Source/WebCore/dom/ImportNodeOptions.idl
index 56611fb8f7b08..d26440a4e3413 100644
--- a/Source/WebCore/dom/ImportNodeOptions.idl
+++ b/Source/WebCore/dom/ImportNodeOptions.idl
@@ -24,6 +24,6 @@
  */
 
 dictionary ImportNodeOptions {
-    boolean deep = false;
-    CustomElementRegistry customElements = null;
+    boolean selfOnly = false;
+    CustomElementRegistry customElements;
 };

From 37a5e784e903f16752ea18649206a70e70f9d611 Mon Sep 17 00:00:00 2001
From: Tim Horton <thorton@apple.com>
Date: Fri, 21 Feb 2025 23:33:38 -0800
Subject: [PATCH 044/174] [UnifiedPDF] [iOS] PDFs are painted into enormous
 tiles https://bugs.webkit.org/show_bug.cgi?id=288281

Reviewed by Abrar Rahman Protyasha.

288932@main changed UnifiedPDFPlugin on iOS to expand the plugin to the size
of the PDF document. This made the plugin's internal ScrollableArea's
`allows{Vertical,Horizontal}Scrolling` always return NO. This resulted in
computeScrollability() returning `NotScrollable`, which, once plumbed to
TileController, resulted in us trying to allocate absolutely enormous tiles
(I managed to get 2048x8192 tiles on iPad).

If we're in `shouldSizeToFitContent` mode, delegate computeScrollability() to
the parent frame's scroller to fix this.

* Source/WebCore/page/LocalFrameView.h:
* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::computeScrollability const):

Canonical link: https://commits.webkit.org/290865@main
---
 Source/WebCore/page/LocalFrameView.h                        | 2 +-
 .../WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm   | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Source/WebCore/page/LocalFrameView.h b/Source/WebCore/page/LocalFrameView.h
index f4e4a7b6447e3..1001c69585422 100644
--- a/Source/WebCore/page/LocalFrameView.h
+++ b/Source/WebCore/page/LocalFrameView.h
@@ -634,7 +634,7 @@ class LocalFrameView final : public FrameView {
     WEBCORE_EXPORT void availableContentSizeChanged(AvailableSizeChangeReason) final;
 
     void updateTiledBackingAdaptiveSizing();
-    OptionSet<TiledBackingScrollability> computeScrollability() const;
+    WEBCORE_EXPORT OptionSet<TiledBackingScrollability> computeScrollability() const;
 
     void addPaintPendingMilestones(OptionSet<LayoutMilestone>);
     void firePaintRelatedMilestonesIfNeeded();
diff --git a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
index 27f2493e4e72c..33124585523ad 100644
--- a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
+++ b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
@@ -1589,6 +1589,12 @@ static String mutationObserverNotificationString()
 
 OptionSet<TiledBackingScrollability> UnifiedPDFPlugin::computeScrollability() const
 {
+    if (shouldSizeToFitContent()) {
+        RefPtr frameView = m_frame->coreLocalFrame()->view();
+        if (frameView)
+            return frameView->computeScrollability();
+    }
+
     OptionSet<TiledBacking::Scrollability> scrollability = TiledBacking::Scrollability::NotScrollable;
     if (allowsHorizontalScrolling())
         scrollability.add(TiledBacking::Scrollability::HorizontallyScrollable);

From 260e177ad19e8588d5f69c21f35d4b77b2ea743d Mon Sep 17 00:00:00 2001
From: Basuke Suzuki <basuke@apple.com>
Date: Sat, 22 Feb 2025 00:01:53 -0800
Subject: [PATCH 045/174] [ResourceMonitor] Move network usage threshold from
 Checker to ResourceMonitor. https://bugs.webkit.org/show_bug.cgi?id=288256
 rdar://145329002

Reviewed by Chris Dumez.

It was moved to ResourceMonitorChecker to modify the value for testing purpose, but it ended up that
all ResourceMonitor uses same randomness. Move back to make the all monitors using different values.

* LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt:
* LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt:
* LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt:
* LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt:
* LayoutTests/http/tests/iframe-monitor/throttler-expected.txt:
* Source/WebCore/loader/ResourceMonitor.cpp:
(WebCore::ResourceMonitor::ResourceMonitor):
(WebCore::ResourceMonitor::~ResourceMonitor):
(WebCore::ResourceMonitor::addNetworkUsage):
(WebCore::ResourceMonitor::updateNetworkUsageThreshold):
(WebCore::ResourceMonitor::checkNetworkUsageExcessIfNecessary):
* Source/WebCore/loader/ResourceMonitor.h:
* Source/WebCore/loader/ResourceMonitorChecker.cpp:
(WebCore::ResourceMonitorChecker::ResourceMonitorChecker):
(WebCore::ResourceMonitorChecker::registerResourceMonitor):
(WebCore::ResourceMonitorChecker::unregisterResourceMonitor):
(WebCore::ResourceMonitorChecker::networkUsageThresholdWithNoise const):
(WebCore::ResourceMonitorChecker::setNetworkUsageThreshold):
(WebCore::networkUsageThresholdWithRandomNoise): Deleted.
(): Deleted.
* Source/WebCore/loader/ResourceMonitorChecker.h:
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::showResourceMonitoringError):
* Source/WebCore/testing/Internals.h:

Canonical link: https://commits.webkit.org/290866@main
---
 .../iframe-monitor/dark-mode-expected.txt     |  6 +--
 .../iframe-monitor/eligibility-expected.txt   |  2 +-
 .../iframe-monitor/iframe-unload-expected.txt |  2 +-
 .../iframe-monitor/shared-worker-expected.txt |  4 +-
 .../iframe-monitor/throttler-expected.txt     | 10 ++---
 Source/WebCore/loader/ResourceMonitor.cpp     | 26 ++++++++++-
 Source/WebCore/loader/ResourceMonitor.h       |  6 ++-
 .../WebCore/loader/ResourceMonitorChecker.cpp | 45 ++++++++++++++-----
 .../WebCore/loader/ResourceMonitorChecker.h   | 18 +++++---
 Source/WebCore/page/LocalFrame.cpp            |  2 +-
 Source/WebCore/testing/Internals.h            |  2 +-
 11 files changed, 91 insertions(+), 32 deletions(-)

diff --git a/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt b/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
index d086e32f45df5..fe566f4c8d20f 100644
--- a/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/dark-mode-expected.txt
@@ -1,6 +1,6 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://127.0.0.1:8000/iframe-monitor/resources/--eligible--/iframe.html
 Test unloaded HTML supports dark mode correctly.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt b/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
index fb5caa5ae6476..bde4ec6657799 100644
--- a/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/eligibility-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 Test resource monitor.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt b/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
index f72cd9305fd52..532c44c05f8c6 100644
--- a/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/iframe-unload-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 Test iframe with huge resource usage is unloaded.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt b/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
index 733f7692b24f7..4bdbae36fdc69 100644
--- a/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/shared-worker-expected.txt
@@ -5,8 +5,8 @@ CONSOLE MESSAGE: Launched shared worker
 CONSOLE MESSAGE: iframe is ready
 CONSOLE MESSAGE: Get message from parent window
 CONSOLE MESSAGE: Send fetch request to worker
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/shared-worker.html
 Test iframes using same shared worker are unloaded.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
diff --git a/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt b/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
index 883517849ae6b..925e8334a060d 100644
--- a/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
+++ b/LayoutTests/http/tests/iframe-monitor/throttler-expected.txt
@@ -1,8 +1,8 @@
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
-CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 4194304 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
+CONSOLE MESSAGE: Frame was unloaded because its network usage exceeded the limit: 10240 bytes, url=http://localhost:8080/iframe-monitor/resources/--eligible--/iframe.html
 CONSOLE MESSAGE: Frame's network usage exceeded the limit.
 Test throttler prevents unloaded.
 
diff --git a/Source/WebCore/loader/ResourceMonitor.cpp b/Source/WebCore/loader/ResourceMonitor.cpp
index 64995badb39d9..c2d920c6a9030 100644
--- a/Source/WebCore/loader/ResourceMonitor.cpp
+++ b/Source/WebCore/loader/ResourceMonitor.cpp
@@ -50,11 +50,19 @@ Ref<ResourceMonitor> ResourceMonitor::create(LocalFrame& frame)
 
 ResourceMonitor::ResourceMonitor(LocalFrame& frame)
     : m_frame(frame)
+    , m_networkUsageThreshold { ResourceMonitorChecker::singleton().networkUsageThresholdWithNoise() }
 {
+    ResourceMonitorChecker::singleton().registerResourceMonitor(*this);
+
     if (RefPtr parentMonitor = parentResourceMonitorIfExists())
         m_eligibility = parentMonitor->eligibility();
 }
 
+ResourceMonitor::~ResourceMonitor()
+{
+    ResourceMonitorChecker::singleton().unregisterResourceMonitor(*this);
+}
+
 void ResourceMonitor::setEligibility(Eligibility eligibility)
 {
     if (m_eligibility == eligibility || m_eligibility == Eligibility::Eligible)
@@ -140,12 +148,26 @@ void ResourceMonitor::addNetworkUsage(size_t bytes)
 
     m_networkUsage += bytes;
 
-    if (RefPtr parentMonitor = parentResourceMonitorIfExists(); parentMonitor)
+    if (RefPtr parentMonitor = parentResourceMonitorIfExists())
         parentMonitor->addNetworkUsage(bytes);
     else if (isEligible())
         checkNetworkUsageExcessIfNecessary();
 }
 
+void ResourceMonitor::updateNetworkUsageThreshold(size_t threshold)
+{
+    if (m_networkUsageThreshold == threshold)
+        return;
+
+    RESOURCEMONITOR_RELEASE_LOG("Update network usage threshold: threshold=%zu", threshold);
+    m_networkUsageThreshold = threshold;
+
+    if (RefPtr parentMonitor = parentResourceMonitorIfExists())
+        parentMonitor->updateNetworkUsageThreshold(threshold);
+    else if (isEligible())
+        checkNetworkUsageExcessIfNecessary();
+}
+
 void ResourceMonitor::checkNetworkUsageExcessIfNecessary()
 {
     ASSERT(!parentResourceMonitorIfExists() || !parentResourceMonitorIfExists()->isEligible());
@@ -153,7 +175,7 @@ void ResourceMonitor::checkNetworkUsageExcessIfNecessary()
     if (m_networkUsageExceed)
         return;
 
-    if (m_networkUsage.hasOverflowed() || ResourceMonitorChecker::singleton().checkNetworkUsageExceedingThreshold(m_networkUsage)) {
+    if (m_networkUsage.hasOverflowed() || m_networkUsage > m_networkUsageThreshold) {
         m_networkUsageExceed = true;
 
         RefPtr frame = m_frame.get();
diff --git a/Source/WebCore/loader/ResourceMonitor.h b/Source/WebCore/loader/ResourceMonitor.h
index f68330a033090..72f8ded129060 100644
--- a/Source/WebCore/loader/ResourceMonitor.h
+++ b/Source/WebCore/loader/ResourceMonitor.h
@@ -40,6 +40,7 @@ class ResourceMonitor final : public RefCountedAndCanMakeWeakPtr<ResourceMonitor
     using Eligibility = ResourceMonitorEligibility;
 
     static Ref<ResourceMonitor> create(LocalFrame&);
+    WEBCORE_EXPORT ~ResourceMonitor();
 
     Eligibility eligibility() const { return m_eligibility; }
     void setEligibility(Eligibility);
@@ -48,6 +49,8 @@ class ResourceMonitor final : public RefCountedAndCanMakeWeakPtr<ResourceMonitor
     void setDocumentURL(URL&&);
     WEBCORE_EXPORT void addNetworkUsage(size_t);
 
+    void updateNetworkUsageThreshold(size_t);
+
 private:
     explicit ResourceMonitor(LocalFrame&);
 
@@ -58,9 +61,10 @@ class ResourceMonitor final : public RefCountedAndCanMakeWeakPtr<ResourceMonitor
 
     WeakPtr<LocalFrame> m_frame;
     URL m_frameURL;
+    size_t m_networkUsageThreshold;
+    CheckedSize m_networkUsage;
     Eligibility m_eligibility { Eligibility::Unsure };
     bool m_networkUsageExceed { false };
-    CheckedSize m_networkUsage;
 };
 
 } // namespace WebCore
diff --git a/Source/WebCore/loader/ResourceMonitorChecker.cpp b/Source/WebCore/loader/ResourceMonitorChecker.cpp
index 2a2eaa6d50272..1b0f0703f0284 100644
--- a/Source/WebCore/loader/ResourceMonitorChecker.cpp
+++ b/Source/WebCore/loader/ResourceMonitorChecker.cpp
@@ -27,6 +27,7 @@
 #include "ResourceMonitorChecker.h"
 
 #include "Logging.h"
+#include "ResourceMonitor.h"
 #include <wtf/CryptographicallyRandomNumber.h>
 #include <wtf/Seconds.h>
 #include <wtf/StdLibExtras.h>
@@ -37,11 +38,6 @@
 
 namespace WebCore {
 
-static size_t networkUsageThresholdWithRandomNoise(size_t threshold, double randomness)
-{
-    return static_cast<size_t>(threshold * (1 + randomness * cryptographicallyRandomUnitInterval()));
-}
-
 ResourceMonitorChecker& ResourceMonitorChecker::singleton()
 {
     static MainThreadNeverDestroyed<ResourceMonitorChecker> globalChecker;
@@ -50,13 +46,12 @@ ResourceMonitorChecker& ResourceMonitorChecker::singleton()
 
 ResourceMonitorChecker::ResourceMonitorChecker()
     : m_workQueue { WorkQueue::create("ResourceMonitorChecker Work Queue"_s) }
-    , m_networkUsageThreshold { networkUsageThresholdWithRandomNoise(networkUsageThreshold, networkUsageThresholdRandomness) }
 {
     protectedWorkQueue()->dispatchAfter(ruleListPreparationTimeout, [this] mutable {
         if (m_ruleList)
             return;
 
-        RESOURCEMONITOR_RELEASE_LOG("did not receive rule list in time, using default eligibility");
+        RESOURCEMONITOR_RELEASE_LOG("Did not receive rule list in time, using default eligibility");
 
         m_ruleListIsPreparing = false;
         finishPendingQueries([](const auto&) {
@@ -108,7 +103,7 @@ void ResourceMonitorChecker::setContentRuleList(ContentExtensions::ContentExtens
         m_ruleList = makeUnique<ContentExtensions::ContentExtensionsBackend>(WTFMove(backend));
         m_ruleListIsPreparing = false;
 
-        RESOURCEMONITOR_RELEASE_LOG("content rule list is set");
+        RESOURCEMONITOR_RELEASE_LOG("Content rule list is set");
 
         if (!m_pendingQueries.isEmpty()) {
             finishPendingQueries([this](const auto& info) {
@@ -120,7 +115,7 @@ void ResourceMonitorChecker::setContentRuleList(ContentExtensions::ContentExtens
 
 void ResourceMonitorChecker::finishPendingQueries(Function<Eligibility(const ContentExtensions::ResourceLoadInfo&)> checker)
 {
-    RESOURCEMONITOR_RELEASE_LOG("finish pending queries: count %lu", m_pendingQueries.size());
+    RESOURCEMONITOR_RELEASE_LOG("Finish pending queries: count %lu", m_pendingQueries.size());
 
     for (auto& pair : m_pendingQueries) {
         auto& [info, completionHandler] = pair;
@@ -134,9 +129,39 @@ void ResourceMonitorChecker::finishPendingQueries(Function<Eligibility(const Con
     m_pendingQueries.clear();
 }
 
+void ResourceMonitorChecker::registerResourceMonitor(ResourceMonitor& resourceMonitor)
+{
+    m_resourceMonitors.add(resourceMonitor);
+}
+
+void ResourceMonitorChecker::unregisterResourceMonitor(ResourceMonitor& resourceMonitor)
+{
+    m_resourceMonitors.remove(resourceMonitor);
+}
+
+size_t ResourceMonitorChecker::networkUsageThreshold() const
+{
+    return m_networkUsageThreshold;
+}
+
+size_t ResourceMonitorChecker::networkUsageThresholdWithNoise() const
+{
+    return static_cast<size_t>(m_networkUsageThreshold * (1 + m_networkUsageThresholdRandomness * cryptographicallyRandomUnitInterval()));
+}
+
 void ResourceMonitorChecker::setNetworkUsageThreshold(size_t threshold, double randomness)
 {
-    m_networkUsageThreshold = networkUsageThresholdWithRandomNoise(threshold, randomness);
+    if (m_networkUsageThreshold == threshold && m_networkUsageThresholdRandomness == randomness)
+        return;
+
+    RESOURCEMONITOR_RELEASE_LOG("Update network usage threshold: threshold=%zu, randomness=%.3f", threshold, randomness);
+
+    m_networkUsageThreshold = threshold;
+    m_networkUsageThresholdRandomness = randomness;
+
+    m_resourceMonitors.forEach([this](auto& resourceMonitor) {
+        resourceMonitor.updateNetworkUsageThreshold(networkUsageThresholdWithNoise());
+    });
 }
 
 } // namespace WebCore
diff --git a/Source/WebCore/loader/ResourceMonitorChecker.h b/Source/WebCore/loader/ResourceMonitorChecker.h
index 4680a40bf6eb7..1c613a7a08c68 100644
--- a/Source/WebCore/loader/ResourceMonitorChecker.h
+++ b/Source/WebCore/loader/ResourceMonitorChecker.h
@@ -37,6 +37,7 @@
 namespace WebCore {
 
 class LocalFrame;
+class ResourceMonitor;
 
 enum class ResourceMonitorEligibility : uint8_t { Unsure, NotEligible, Eligible };
 
@@ -49,16 +50,21 @@ class ResourceMonitorChecker final {
 
     ~ResourceMonitorChecker();
 
+    void registerResourceMonitor(ResourceMonitor&);
+    void unregisterResourceMonitor(ResourceMonitor&);
+
     void checkEligibility(ContentExtensions::ResourceLoadInfo&&, CompletionHandler<void(Eligibility)>&&);
-    bool checkNetworkUsageExceedingThreshold(size_t usage) const { return usage >= m_networkUsageThreshold; }
 
     WEBCORE_EXPORT void setContentRuleList(ContentExtensions::ContentExtensionsBackend&&);
-    WEBCORE_EXPORT void setNetworkUsageThreshold(size_t threshold, double randomness = networkUsageThresholdRandomness);
+    WEBCORE_EXPORT void setNetworkUsageThreshold(size_t threshold, double randomness = defaultNetworkUsageThresholdRandomness);
+
+    WEBCORE_EXPORT size_t networkUsageThreshold() const;
+    WEBCORE_EXPORT size_t networkUsageThresholdWithNoise() const;
 
     static constexpr Seconds ruleListPreparationTimeout = 10_s;
     static constexpr auto defaultEligibility = ResourceMonitorEligibility::NotEligible;
-    WEBCORE_EXPORT static constexpr size_t networkUsageThreshold = 4 * MB;
-    WEBCORE_EXPORT static constexpr double networkUsageThresholdRandomness = 0.0325;
+    WEBCORE_EXPORT static constexpr size_t defaultNetworkUsageThreshold = 4 * MB;
+    WEBCORE_EXPORT static constexpr double defaultNetworkUsageThresholdRandomness = 0.0325;
 
 private:
     ResourceMonitorChecker();
@@ -71,8 +77,10 @@ class ResourceMonitorChecker final {
     Ref<WorkQueue> m_workQueue;
     std::unique_ptr<ContentExtensions::ContentExtensionsBackend> m_ruleList;
     Vector<std::pair<ContentExtensions::ResourceLoadInfo, CompletionHandler<void(Eligibility)>>> m_pendingQueries;
+    WeakHashSet<ResourceMonitor> m_resourceMonitors;
+    size_t m_networkUsageThreshold { defaultNetworkUsageThreshold };
+    double m_networkUsageThresholdRandomness { defaultNetworkUsageThresholdRandomness };
     bool m_ruleListIsPreparing { true };
-    size_t m_networkUsageThreshold;
 };
 
 } // namespace WebCore
diff --git a/Source/WebCore/page/LocalFrame.cpp b/Source/WebCore/page/LocalFrame.cpp
index f335cc07b0a88..090657b2602a0 100644
--- a/Source/WebCore/page/LocalFrame.cpp
+++ b/Source/WebCore/page/LocalFrame.cpp
@@ -1465,7 +1465,7 @@ void LocalFrame::showResourceMonitoringError()
 
     FRAME_RELEASE_LOG(ResourceMonitoring, "Detected excessive network usage in frame at %" SENSITIVE_LOG_STRING " and main frame at %" SENSITIVE_LOG_STRING ": unloading", url.isValid() ? url.string().utf8().data() : "invalid", mainFrameURL.isValid() ? mainFrameURL.string().utf8().data() : "invalid");
 
-    document->addConsoleMessage(MessageSource::ContentBlocker, MessageLevel::Error, makeString("Frame was unloaded because its network usage exceeded the limit: "_s, ResourceMonitorChecker::networkUsageThreshold, " bytes, url="_s, url.string()));
+    document->addConsoleMessage(MessageSource::ContentBlocker, MessageLevel::Error, makeString("Frame was unloaded because its network usage exceeded the limit: "_s, ResourceMonitorChecker::singleton().networkUsageThreshold(), " bytes, url="_s, url.string()));
 
     for (RefPtr<Frame> frame = this; frame; frame = frame->tree().traverseNext()) {
         if (RefPtr localFrame = dynamicDowncast<LocalFrame>(frame)) {
diff --git a/Source/WebCore/testing/Internals.h b/Source/WebCore/testing/Internals.h
index b02df72fa2c93..a15b7f0a0df1b 100644
--- a/Source/WebCore/testing/Internals.h
+++ b/Source/WebCore/testing/Internals.h
@@ -1553,7 +1553,7 @@ class Internals final
     void setResourceCachingDisabledByWebInspector(bool);
 
 #if ENABLE(CONTENT_EXTENSIONS)
-    void setResourceMonitorNetworkUsageThreshold(size_t threshold, double randomness = ResourceMonitorChecker::networkUsageThresholdRandomness);
+    void setResourceMonitorNetworkUsageThreshold(size_t threshold, double randomness = ResourceMonitorChecker::defaultNetworkUsageThresholdRandomness);
     bool shouldSkipResourceMonitorThrottling() const;
     void setShouldSkipResourceMonitorThrottling(bool);
 #endif

From 79be31770ecbcb8c002e277afa4f479188227cce Mon Sep 17 00:00:00 2001
From: Tim Horton <thorton@apple.com>
Date: Sat, 22 Feb 2025 00:27:49 -0800
Subject: [PATCH 046/174] [UnifiedPDF] [iOS] Reenable accelerated drawing and
 GPUP-owned layers after finding the cause of the memory spikes
 https://bugs.webkit.org/show_bug.cgi?id=288284 rdar://145350306

Reviewed by Wenson Hsieh.

* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::shouldUseInProcessBackingStore const):
The memory spikes were primarily caused by massively oversized layers,
which we have now fixed; we can revert to GPUP-owned backing store and
accelerated drawing without the excessive jetsams.

Canonical link: https://commits.webkit.org/290867@main
---
 .../WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm  | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
index 33124585523ad..3cc4cc48ec445 100644
--- a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
+++ b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
@@ -4485,14 +4485,7 @@ static bool isEmpty(PDFSelection *selection)
 
 bool UnifiedPDFPlugin::shouldUseInProcessBackingStore() const
 {
-    // FIXME: We should allow GPUP-owned backing store on platforms that have
-    // memory limits only once we figure out why there are spikes of unattributed
-    // memory when zooming (see bug 287478).
-#if PLATFORM(IOS_FAMILY)
-    return true;
-#else
     return false;
-#endif
 }
 
 bool UnifiedPDFPlugin::layerNeedsPlatformContext(const GraphicsLayer* layer) const

From 66ad1c7ee3fbf16dc3510cc32797c9bbd71dc387 Mon Sep 17 00:00:00 2001
From: Alan Baradlay <zalan@apple.com>
Date: Sat, 22 Feb 2025 04:47:00 -0800
Subject: [PATCH 047/174] [FFC] Mark modern flex layout stable
 https://bugs.webkit.org/show_bug.cgi?id=288206

Reviewed by Antti Koivisto.

While FFC itself can support wide range of flex content, due to missing integration pieces, let's enable only a subset of it.

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/layout/integration/LayoutIntegrationCoverage.cpp:
(WebCore::LayoutIntegration::canUseForFlexLayoutWithReason):

Canonical link: https://commits.webkit.org/290868@main
---
 .../Scripts/Preferences/UnifiedWebPreferences.yaml   |  8 ++++----
 .../layout/integration/LayoutIntegrationCoverage.cpp | 12 +++++++-----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
index d57b51a7eac63..0140e85691b80 100644
--- a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
+++ b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
@@ -3077,17 +3077,17 @@ FixedFontFamily:
 
 FlexFormattingContextIntegrationEnabled:
   type: bool
-  status: unstable
+  status: stable
   category: dom
   humanReadableName: "Next-generation flex layout integration (FFC)"
   humanReadableDescription: "Enable next-generation flex layout integration (FFC)"
   defaultValue:
     WebKitLegacy:
-      default: false
+      default: true
     WebKit:
-      default: false
+      default: true
     WebCore:
-      default: false
+      default: true
 
 ForceAlwaysUserScalable:
   type: bool
diff --git a/Source/WebCore/layout/integration/LayoutIntegrationCoverage.cpp b/Source/WebCore/layout/integration/LayoutIntegrationCoverage.cpp
index 45fdc0c21db4d..5dc2f5e7b155c 100644
--- a/Source/WebCore/layout/integration/LayoutIntegrationCoverage.cpp
+++ b/Source/WebCore/layout/integration/LayoutIntegrationCoverage.cpp
@@ -158,6 +158,13 @@ static OptionSet<AvoidanceReason> canUseForFlexLayoutWithReason(const RenderFlex
     }
 
     for (auto& flexItem : childrenOfType<RenderElement>(flexBox)) {
+        auto& flexItemStyle = flexItem.style();
+
+        if (!flexItemStyle.flexBasis().isFixed()) {
+            // Note that percentage values of flex-basis are resolved against the flex item's containing block and if that containing block's size is indefinite, the used value for flex-basis is content.
+            ADD_REASON_AND_RETURN_IF_NEEDED(FlexItemHasIntrinsicFlexBasis, reasons, includeReasons);
+        }
+
         if (!is<RenderBlock>(flexItem) || flexItem.isFieldset() || flexItem.isRenderTextControl() || flexItem.isRenderTable())
             ADD_REASON_AND_RETURN_IF_NEEDED(FlexBoxHasUnsupportedTypeOfRenderer, reasons, includeReasons);
 
@@ -173,17 +180,12 @@ static OptionSet<AvoidanceReason> canUseForFlexLayoutWithReason(const RenderFlex
         if (flexItem.isFlexibleBoxIncludingDeprecated())
             ADD_REASON_AND_RETURN_IF_NEEDED(FlexBoxHasNestedFlex, reasons, includeReasons);
 
-        auto& flexItemStyle = flexItem.style();
         if (!flexItemStyle.height().isFixed())
             ADD_REASON_AND_RETURN_IF_NEEDED(FlexItemHasNonFixedHeight, reasons, includeReasons);
 
         if (flexItemStyle.minHeight() != RenderStyle::initialMinSize() || flexItemStyle.maxHeight() != RenderStyle::initialMaxSize())
             ADD_REASON_AND_RETURN_IF_NEEDED(FlexWithNonInitialMinMaxHeight, reasons, includeReasons);
 
-        // Percentage values of flex-basis are resolved against the flex item's containing block and if that containing block's size is indefinite, the used value for flex-basis is content.
-        if (flexItemStyle.flexBasis().isIntrinsic() || (flexItemStyle.flexBasis().isPercent() && isColumnDirection))
-            ADD_REASON_AND_RETURN_IF_NEEDED(FlexItemHasIntrinsicFlexBasis, reasons, includeReasons);
-
         if (flexItemStyle.containsSize())
             ADD_REASON_AND_RETURN_IF_NEEDED(FlexItemHasContainsSize, reasons, includeReasons);
 

From a4248b6482a3d37d21fe8e3883d2cc6ca9b1a493 Mon Sep 17 00:00:00 2001
From: Claudio Saavedra <csaavedra@igalia.com>
Date: Sat, 22 Feb 2025 06:03:56 -0800
Subject: [PATCH 048/174] Address safer C++ warnings in RenderLayerCompositor
 https://bugs.webkit.org/show_bug.cgi?id=288198

Reviewed by Ryosuke Niwa.

* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::BackingSharingState::backingProviderCandidateForLayer):
(WebCore::RenderLayerCompositor::cacheAcceleratedCompositingFlags):
(WebCore::RenderLayerCompositor::customPositionForVisibleRectComputation const):
(WebCore::RenderLayerCompositor::scheduleRenderingUpdate):
(WebCore::RenderLayerCompositor::visibleRectForLayerFlushing const):
(WebCore::RenderLayerCompositor::flushPendingLayerChanges):
(WebCore::RenderLayerCompositor::didPaintBacking):
(WebCore::RenderLayerCompositor::didChangeVisibleRect):
(WebCore::frameHostingNodeForFrame):
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::allowBackingStoreDetachingForFixedPosition):
(WebCore::RenderLayerCompositor::collectViewTransitionNewContentLayers):
(WebCore::RenderLayerCompositor::updateBackingAndHierarchy):
(WebCore::RenderLayerCompositor::adjustOverflowScrollbarContainerLayers):
(WebCore::RenderLayerCompositor::layerBecameNonComposited):
(WebCore::RenderLayerCompositor::updateRootContentLayerClipping):
(WebCore::RenderLayerCompositor::updateBacking):
(WebCore::RenderLayerCompositor::repaintOnCompositingChange):
(WebCore::RenderLayerCompositor::repaintInCompositedAncestor):
(WebCore::RenderLayerCompositor::computeExtent const):
(WebCore::RenderLayerCompositor::hasCoordinatedScrolling const):
(WebCore::RenderLayerCompositor::updateScrollLayerPosition):
(WebCore::RenderLayerCompositor::updateScrollLayerClipping):
(WebCore::RenderLayerCompositor::positionForClipLayer const):
(WebCore::RenderLayerCompositor::updateCompositingForLayerTreeAsTextDump):
(WebCore::RenderLayerCompositor::layerTreeAsText):
(WebCore::frameContentsRenderView):
(WebCore::RenderLayerCompositor::attachWidgetContentLayersIfNecessary):
(WebCore::RenderLayerCompositor::setIsInWindow):
(WebCore::RenderLayerCompositor::invalidateEventRegionForAllFrames):
(WebCore::RenderLayerCompositor::updateRootLayerPosition):
(WebCore::isDescendantOfFullScreenLayer):
(WebCore::RenderLayerCompositor::requiresCompositingForTransform const):
(WebCore::RenderLayerCompositor::requiresCompositingForCanvas const):
(WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame const):
(WebCore::RenderLayerCompositor::fixedLayerIntersectsViewport const):
(WebCore::RenderLayerCompositor::computeCoordinatedPositioningForLayer const):
(WebCore::RenderLayerCompositor::isLayerForIFrameWithScrollCoordinatedContents const):
(WebCore::RenderLayerCompositor::requiresScrollLayer const):
(WebCore::RenderLayerCompositor::paintContents):
(WebCore::RenderLayerCompositor::resetTrackedRepaintRects):
(WebCore::RenderLayerCompositor::isRootFrameCompositor const):
(WebCore::RenderLayerCompositor::isMainFrameCompositor const):
(WebCore::RenderLayerCompositor::shouldCompositeOverflowControls const):
(WebCore::RenderLayerCompositor::requiresScrollCornerLayer const):
(WebCore::RenderLayerCompositor::requiresOverhangAreasLayer const):
(WebCore::RenderLayerCompositor::updateLayerForTopOverhangArea):
(WebCore::RenderLayerCompositor::updateLayerForBottomOverhangArea):
(WebCore::RenderLayerCompositor::updateLayerForHeader):
(WebCore::RenderLayerCompositor::updateLayerForFooter):
(WebCore::RenderLayerCompositor::updateLayerForOverhangAreasBackgroundColor):
(WebCore::RenderLayerCompositor::viewHasTransparentBackground const):
(WebCore::RenderLayerCompositor::updateRootContentsLayerBackgroundColor):
(WebCore::RenderLayerCompositor::updateSizeAndPositionForOverhangAreaLayer):
(WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
(WebCore::RenderLayerCompositor::ensureRootLayer):
(WebCore::RenderLayerCompositor::destroyRootLayer):
(WebCore::RenderLayerCompositor::attachRootLayer):
(WebCore::RenderLayerCompositor::detachRootLayer):
(WebCore::RenderLayerCompositor::rootLayerAttachmentChanged):
(WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange):
(WebCore::RenderLayerCompositor::deviceOrPageScaleFactorChanged):
(WebCore::RenderLayerCompositor::computeFixedViewportConstraints const):
(WebCore::RenderLayerCompositor::computeStickyViewportConstraints const):
(WebCore::RenderLayerCompositor::attachScrollingNode):
(WebCore::RenderLayerCompositor::registerScrollingNodeID):
(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):
(WebCore::RenderLayerCompositor::parentRelativeScrollableRect const):
(WebCore::RenderLayerCompositor::updateScrollingNodeLayers):
(WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingRole):
(WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole):
(WebCore::RenderLayerCompositor::updateScrollingNodeForPositioningRole):
(WebCore::RenderLayerCompositor::resolveScrollingTreeRelationships):
(WebCore::RenderLayerCompositor::updateSynchronousScrollingNodes):
(WebCore::RenderLayerCompositor::scrollableAreaForScrollingNodeID const):
(WebCore::RenderLayerCompositor::scrollingCoordinator const):
(WebCore::RenderLayerCompositor::protectedPage const):
* Source/WebCore/rendering/RenderLayerCompositor.h:
* Source/WebCore/rendering/RenderWidget.h:
(WebCore::RenderWidget::protectedFrameOwnerElement const):

Canonical link: https://commits.webkit.org/290869@main
---
 .../UncheckedCallArgsCheckerExpectations      |   1 -
 .../UncheckedLocalVarsCheckerExpectations     |   1 -
 .../UncountedCallArgsCheckerExpectations      |   1 -
 .../UncountedLocalVarsCheckerExpectations     |   1 -
 .../rendering/RenderLayerCompositor.cpp       | 406 +++++++++---------
 .../WebCore/rendering/RenderLayerCompositor.h |   3 +-
 Source/WebCore/rendering/RenderWidget.h       |   1 +
 7 files changed, 216 insertions(+), 198 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
index 9df26875a9b58..063f5fab3c2ea 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
@@ -75,7 +75,6 @@ rendering/RenderElement.cpp
 rendering/RenderEmbeddedObject.cpp
 rendering/RenderLayer.cpp
 rendering/RenderLayerBacking.cpp
-rendering/RenderLayerCompositor.cpp
 rendering/RenderLayerModelObject.cpp
 rendering/RenderListBox.cpp
 rendering/RenderMenuList.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
index c38238d625d7b..5eb643b6cb2a4 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
@@ -62,7 +62,6 @@ rendering/RenderBox.cpp
 rendering/RenderBoxModelObject.cpp
 rendering/RenderLayer.cpp
 rendering/RenderLayerBacking.cpp
-rendering/RenderLayerCompositor.cpp
 rendering/RenderLayerModelObject.cpp
 rendering/RenderListBox.cpp
 rendering/RenderMarquee.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 17b0b1fbfa039..88902354364f0 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1185,7 +1185,6 @@ rendering/RenderImageResourceStyleImage.cpp
 rendering/RenderImageResourceStyleImage.h
 rendering/RenderLayer.cpp
 rendering/RenderLayerBacking.cpp
-rendering/RenderLayerCompositor.cpp
 rendering/RenderLayerFilters.cpp
 rendering/RenderLayerModelObject.cpp
 rendering/RenderListBox.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index ecca01894b88a..ea1946984e160 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -650,7 +650,6 @@ rendering/RenderImage.cpp
 rendering/RenderImageResource.cpp
 rendering/RenderLayer.cpp
 rendering/RenderLayerBacking.cpp
-rendering/RenderLayerCompositor.cpp
 rendering/RenderLayerFilters.cpp
 rendering/RenderLayerModelObject.cpp
 rendering/RenderListBox.cpp
diff --git a/Source/WebCore/rendering/RenderLayerCompositor.cpp b/Source/WebCore/rendering/RenderLayerCompositor.cpp
index 69cdf8762e8a4..07b41e3762bdb 100644
--- a/Source/WebCore/rendering/RenderLayerCompositor.cpp
+++ b/Source/WebCore/rendering/RenderLayerCompositor.cpp
@@ -467,13 +467,13 @@ auto RenderLayerCompositor::BackingSharingState::backingProviderCandidateForLaye
 
     auto& providerLayer = *candidate.providerLayer;
     LayoutRect overlapBounds = candidate.absoluteBounds;
-    if (providerLayer.canUseCompositedScrolling() && providerLayer.scrollableArea() && providerLayer.scrollableArea()->hasScrollableHorizontalOverflow() != providerLayer.scrollableArea()->hasScrollableVerticalOverflow()) {
+    if (CheckedPtr scrollableArea = providerLayer.scrollableArea(); scrollableArea && providerLayer.canUseCompositedScrolling() && scrollableArea->hasScrollableHorizontalOverflow() != scrollableArea->hasScrollableVerticalOverflow()) {
         // If the provider uses composited scrolling but only supports scrolling
         // in one axis, we can use the clipped overlap bounds in the other axis,
         // when checking for overlap.
         auto clippedOverlapBounds = compositor.computeClippedOverlapBounds(overlapMap, layer, overlap);
         LOG_WITH_STREAM(Compositing, stream << "Candidate provider supports composited scrolling in a single axis; using layer bounds in opposite axis: clippedOverlapBounds(" << clippedOverlapBounds << ")");
-        if (providerLayer.scrollableArea()->hasScrollableHorizontalOverflow()) {
+        if (scrollableArea->hasScrollableHorizontalOverflow()) {
             overlapBounds.setY(clippedOverlapBounds.y());
             overlapBounds.setHeight(clippedOverlapBounds.height());
         } else {
@@ -626,8 +626,8 @@ void RenderLayerCompositor::enableCompositingMode(bool enable /* = true */)
 
 void RenderLayerCompositor::cacheAcceleratedCompositingFlags()
 {
-    auto& settings = m_renderView.settings();
-    bool hasAcceleratedCompositing = settings.acceleratedCompositingEnabled();
+    Ref settings = m_renderView.settings();
+    bool hasAcceleratedCompositing = settings->acceleratedCompositingEnabled();
 
     // We allow the chrome to override the settings, in case the page is rendered
     // on a chrome that doesn't allow accelerated compositing.
@@ -636,9 +636,9 @@ void RenderLayerCompositor::cacheAcceleratedCompositingFlags()
         hasAcceleratedCompositing = m_compositingTriggers;
     }
 
-    bool showDebugBorders = settings.showDebugBorders();
-    bool showRepaintCounter = settings.showRepaintCounter();
-    bool acceleratedDrawingEnabled = settings.acceleratedDrawingEnabled();
+    bool showDebugBorders = settings->showDebugBorders();
+    bool showRepaintCounter = settings->showRepaintCounter();
+    bool acceleratedDrawingEnabled = settings->acceleratedDrawingEnabled();
 
     // forceCompositingMode for subframes can only be computed after layout.
     bool forceCompositingMode = m_forceCompositingMode;
@@ -751,9 +751,10 @@ void RenderLayerCompositor::customPositionForVisibleRectComputation(const Graphi
         return;
 
     FloatPoint scrollPosition = -position;
+    Ref frameView = m_renderView.frameView();
 
-    if (m_renderView.frameView().scrollBehaviorForFixedElements() == ScrollBehaviorForFixedElements::StickToDocumentBounds)
-        scrollPosition = m_renderView.frameView().constrainScrollPositionForOverhang(roundedIntPoint(scrollPosition));
+    if (frameView->scrollBehaviorForFixedElements() == ScrollBehaviorForFixedElements::StickToDocumentBounds)
+        scrollPosition = frameView->constrainScrollPositionForOverhang(roundedIntPoint(scrollPosition));
 
     position = -scrollPosition;
 }
@@ -783,7 +784,7 @@ void RenderLayerCompositor::scheduleRenderingUpdate()
 {
     ASSERT(!m_flushingLayers);
 
-    page().scheduleRenderingUpdate(RenderingUpdateStep::LayerFlush);
+    protectedPage()->scheduleRenderingUpdate(RenderingUpdateStep::LayerFlush);
 }
 
 static inline ScrollableArea::VisibleContentRectIncludesScrollbars scrollbarInclusionForVisibleRect()
@@ -797,15 +798,15 @@ static inline ScrollableArea::VisibleContentRectIncludesScrollbars scrollbarIncl
 
 FloatRect RenderLayerCompositor::visibleRectForLayerFlushing() const
 {
-    const LocalFrameView& frameView = m_renderView.frameView();
+    const Ref frameView = m_renderView.frameView();
 #if PLATFORM(IOS_FAMILY)
-    return frameView.exposedContentRect();
+    return frameView->exposedContentRect();
 #else
 
     // Having a m_scrolledContentsLayer indicates that we're doing scrolling via GraphicsLayers.
-    FloatRect visibleRect = m_scrolledContentsLayer ? FloatRect({ }, frameView.sizeForVisibleContent(scrollbarInclusionForVisibleRect())) : frameView.visibleContentRect();
+    FloatRect visibleRect = m_scrolledContentsLayer ? FloatRect({ }, frameView->sizeForVisibleContent(scrollbarInclusionForVisibleRect())) : frameView->visibleContentRect();
 
-    if (auto exposedRect = frameView.viewExposedRect())
+    if (auto exposedRect = frameView->viewExposedRect())
         visibleRect.intersect(*exposedRect);
 
     return visibleRect;
@@ -830,7 +831,7 @@ void RenderLayerCompositor::flushPendingLayerChanges(bool isFlushRoot)
     {
         SetForScope flushingLayersScope(m_flushingLayers, true);
 
-        if (auto* rootLayer = rootGraphicsLayer()) {
+        if (RefPtr rootLayer = rootGraphicsLayer()) {
 #if ENABLE(ASYNC_SCROLLING) && ENABLE(SCROLLING_THREAD)
             LayerTreeHitTestLocker layerLocker(scrollingCoordinator());
 #endif
@@ -917,15 +918,15 @@ void RenderLayerCompositor::didChangePlatformLayerForLayer(RenderLayer& layer, c
 
 void RenderLayerCompositor::didPaintBacking(RenderLayerBacking*)
 {
-    auto& frameView = m_renderView.frameView();
-    frameView.setLastPaintTime(MonotonicTime::now());
-    if (frameView.milestonesPendingPaint())
-        frameView.firePaintRelatedMilestonesIfNeeded();
+    Ref frameView = m_renderView.frameView();
+    frameView->setLastPaintTime(MonotonicTime::now());
+    if (frameView->milestonesPendingPaint())
+        frameView->firePaintRelatedMilestonesIfNeeded();
 }
 
 void RenderLayerCompositor::didChangeVisibleRect()
 {
-    auto* rootLayer = rootGraphicsLayer();
+    RefPtr rootLayer = rootGraphicsLayer();
     if (!rootLayer)
         return;
 
@@ -1008,7 +1009,7 @@ static std::optional<ScrollingNodeID> frameHostingNodeForFrame(LocalFrame& frame
         return { };
 
     // Find the frame's enclosing layer in our render tree.
-    auto* ownerElement = frame.document()->ownerElement();
+    RefPtr ownerElement = frame.protectedDocument()->ownerElement();
     if (!ownerElement)
         return { };
 
@@ -1137,7 +1138,7 @@ bool RenderLayerCompositor::updateCompositingLayers(CompositingUpdateType update
         scrollingTreeState.hasParent = true;
 
         if (!m_renderView.frame().isMainFrame()) {
-            scrollingTreeState.parentNodeID = frameHostingNodeForFrame(m_renderView.frame());
+            scrollingTreeState.parentNodeID = frameHostingNodeForFrame(m_renderView.protectedFrame());
             scrollingTreeState.hasParent = !!scrollingTreeState.parentNodeID;
         }
 
@@ -1157,8 +1158,8 @@ bool RenderLayerCompositor::updateCompositingLayers(CompositingUpdateType update
         // composited layers that we didn't hit in our traversal (e.g. because of visibility:hidden).
         if (childList.isEmpty() && !needsCompositingForContentOrOverlays())
             destroyRootLayer();
-        else if (m_rootContentsLayer)
-            m_rootContentsLayer->setChildren(WTFMove(childList));
+        else if (RefPtr rootContentsLayer = m_rootContentsLayer)
+            rootContentsLayer->setChildren(WTFMove(childList));
 
         if (scrollingCoordinator && scrollingCoordinator->hasSubscrollers(m_renderView.frame().rootFrame().frameID()) != hadSubscrollers)
             invalidateEventRegionForAllFrames();
@@ -1187,7 +1188,7 @@ bool RenderLayerCompositor::updateCompositingLayers(CompositingUpdateType update
     }
 #endif
 
-    InspectorInstrumentation::layerTreeDidChange(&page());
+    InspectorInstrumentation::layerTreeDidChange(protectedPage().ptr());
 
     if (m_renderView.needsRepaintHackAfterCompositingLayerUpdateForDebugOverlaysOnly()) {
         m_renderView.repaintRootContents();
@@ -1216,12 +1217,12 @@ bool RenderLayerCompositor::allowBackingStoreDetachingForFixedPosition(RenderLay
 
     // We'll allow detaching if the layer is outside the layout viewport. Fixed layers inside
     // the layout viewport can be revealed by async scrolling, so we want to pin their backing store.
-    LocalFrameView& frameView = m_renderView.frameView();
+    Ref frameView = m_renderView.frameView();
     LayoutRect fixedLayoutRect;
-    if (frameView.useFixedLayout())
+    if (frameView->useFixedLayout())
         fixedLayoutRect = m_renderView.unscaledDocumentRect();
     else
-        fixedLayoutRect = frameView.rectForFixedPositionLayout();
+        fixedLayoutRect = frameView->rectForFixedPositionLayout();
 
     bool allowDetaching = !fixedLayoutRect.intersects(absoluteBounds);
     LOG_WITH_STREAM(Compositing, stream << "RenderLayerCompositor (layer " << &layer << ") allowsBackingStoreDetaching - absoluteBounds " << absoluteBounds << " layoutViewportRect " << fixedLayoutRect << ", allowDetaching " << allowDetaching);
@@ -1644,7 +1645,7 @@ void RenderLayerCompositor::collectViewTransitionNewContentLayers(RenderLayer& l
     if (!downcast<RenderViewTransitionCapture>(layer.renderer()).canUseExistingLayers())
         return;
 
-    RefPtr activeViewTransition = layer.renderer().document().activeViewTransition();
+    RefPtr activeViewTransition = layer.renderer().protectedDocument()->activeViewTransition();
     if (!activeViewTransition)
         return;
 
@@ -1762,7 +1763,7 @@ void RenderLayerCompositor::updateBackingAndHierarchy(RenderLayer& layer, Vector
         // If a negative z-order child is compositing, we get a foreground layer which needs to get parented.
         if (layer.negativeZOrderLayers().size()) {
             if (layerBacking && layerBacking->foregroundLayer())
-                childList.append(*layerBacking->foregroundLayer());
+                childList.append(Ref { *layerBacking->foregroundLayer() });
         }
     };
 
@@ -1798,23 +1799,23 @@ void RenderLayerCompositor::updateBackingAndHierarchy(RenderLayer& layer, Vector
                 // If the layer has a clipping layer the overflow controls layers will be siblings of the clipping layer.
                 // Otherwise, the overflow control layers are normal children.
                 if (!layerBacking->hasClippingLayer() && !layerBacking->hasScrollingLayer()) {
-                    if (auto* overflowControlLayer = layerBacking->overflowControlsContainer())
+                    if (RefPtr overflowControlLayer = layerBacking->overflowControlsContainer())
                         layerChildren.append(*overflowControlLayer);
                 }
 
                 adjustOverflowScrollbarContainerLayers(layer, compositedOverflowScrollLayers, layersClippedByScrollers, layerChildren);
-                layerBacking->parentForSublayers()->setChildren(WTFMove(layerChildren));
+                RefPtr { layerBacking->parentForSublayers() }->setChildren(WTFMove(layerChildren));
             }
         }
 
         // Layers that are captured in a view transition get manually parented to their pseudo in collectViewTransitionNewContentLayers.
         // The view transition root (when the document element is captured) gets parented in RenderLayerBacking::childForSuperlayers.
         bool skipAddToEnclosing = layer.renderer().capturedInViewTransition() && !layer.renderer().isDocumentElementRenderer();
-        if (layer.renderer().isViewTransitionRoot() && layer.renderer().document().activeViewTransitionCapturedDocumentElement())
+        if (layer.renderer().isViewTransitionRoot() && layer.renderer().protectedDocument()->activeViewTransitionCapturedDocumentElement())
             skipAddToEnclosing = true;
 
         if (!skipAddToEnclosing)
-            childLayersOfEnclosingLayer.append(*layerBacking->childForSuperlayers());
+            childLayersOfEnclosingLayer.append(Ref { *layerBacking->childForSuperlayers() });
 
         if (layerBacking->hasAncestorClippingLayers() && layerBacking->ancestorClippingStack()->hasAnyScrollingLayers())
             traversalState.layersClippedByScrollers->append(&layer);
@@ -1948,7 +1949,7 @@ void RenderLayerCompositor::adjustOverflowScrollbarContainerLayers(RenderLayer&
         if (!overflowBacking)
             continue;
         
-        auto* overflowContainerLayer = overflowBacking->overflowControlsContainer();
+        RefPtr overflowContainerLayer = overflowBacking->overflowControlsContainer();
         if (!overflowContainerLayer)
             continue;
 
@@ -1958,17 +1959,17 @@ void RenderLayerCompositor::adjustOverflowScrollbarContainerLayers(RenderLayer&
             overflowBacking->ensureOverflowControlsHostLayerAncestorClippingStack(&stackingContextLayer);
 
         if (auto* overflowControlsAncestorClippingStack = overflowBacking->overflowControlsHostLayerAncestorClippingStack()) {
-            overflowControlsAncestorClippingStack->lastLayer()->setChildren({ Ref { *overflowContainerLayer } });
+            RefPtr { overflowControlsAncestorClippingStack->lastLayer() }->setChildren({ Ref { *overflowContainerLayer } });
             overflowContainerLayer = overflowControlsAncestorClippingStack->firstLayer();
         }
 
-        auto* lastDescendantGraphicsLayer = lastContainedDescendantBacking->childForSuperlayers();
-        auto* overflowScrollerGraphicsLayer = overflowBacking->childForSuperlayers();
+        RefPtr lastDescendantGraphicsLayer = lastContainedDescendantBacking->childForSuperlayers();
+        RefPtr overflowScrollerGraphicsLayer = overflowBacking->childForSuperlayers();
         
         std::optional<size_t> lastDescendantLayerIndex;
         std::optional<size_t> scrollerLayerIndex;
         for (size_t i = 0; i < layerChildren.size(); ++i) {
-            const auto* graphicsLayer = layerChildren[i].ptr();
+            const RefPtr graphicsLayer = layerChildren[i].ptr();
             if (graphicsLayer == lastDescendantGraphicsLayer)
                 lastDescendantLayerIndex = i;
             else if (graphicsLayer == overflowScrollerGraphicsLayer)
@@ -2012,7 +2013,7 @@ void RenderLayerCompositor::layerBecameNonComposited(const RenderLayer& layer)
 {
     // Inform the inspector that the given RenderLayer was destroyed.
     // FIXME: "destroyed" is a misnomer.
-    InspectorInstrumentation::renderLayerDestroyed(&page(), layer);
+    InspectorInstrumentation::renderLayerDestroyed(protectedPage().ptr(), layer);
 
     if (&layer != m_renderView.layer()) {
         ASSERT(m_contentLayersCount > 0);
@@ -2333,7 +2334,7 @@ static RenderLayerModelObject& rendererForCompositingTests(const RenderLayer& la
 
 void RenderLayerCompositor::updateRootContentLayerClipping()
 {
-    m_rootContentsLayer->setMasksToBounds(!m_renderView.settings().backgroundShouldExtendBeyondPage());
+    RefPtr { m_rootContentsLayer }->setMasksToBounds(!m_renderView.settings().backgroundShouldExtendBeyondPage());
 }
 
 
@@ -2372,17 +2373,17 @@ bool RenderLayerCompositor::updateBacking(RenderLayer& layer, RequiresCompositin
             layer.ensureBacking();
 
             if (layer.isRenderViewLayer() && useCoordinatedScrollingForLayer(layer)) {
-                auto& frameView = m_renderView.frameView();
+                Ref frameView = m_renderView.frameView();
                 if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
                     scrollingCoordinator->frameViewRootLayerDidChange(frameView);
 #if HAVE(RUBBER_BANDING)
-                updateLayerForHeader(frameView.headerHeight());
-                updateLayerForFooter(frameView.footerHeight());
+                updateLayerForHeader(frameView->headerHeight());
+                updateLayerForFooter(frameView->footerHeight());
 #endif
                 updateRootContentLayerClipping();
 
                 if (auto* tiledBacking = layer.backing()->tiledBacking())
-                    tiledBacking->setObscuredContentInsets(frameView.obscuredContentInsets());
+                    tiledBacking->setObscuredContentInsets(frameView->obscuredContentInsets());
             }
 
             layer.setNeedsCompositingGeometryUpdate();
@@ -2400,7 +2401,7 @@ bool RenderLayerCompositor::updateBacking(RenderLayer& layer, RequiresCompositin
                 auto* sourceLayer = downcast<RenderLayerModelObject>(*layer.renderer().parent()).layer();
                 if (auto* backing = sourceLayer->backing()) {
                     ASSERT(backing->graphicsLayer()->replicaLayer() == layer.backing()->graphicsLayer());
-                    backing->graphicsLayer()->setReplicatedByLayer(nullptr);
+                    RefPtr { backing->graphicsLayer() }->setReplicatedByLayer(nullptr);
                 }
             }
 
@@ -2441,7 +2442,7 @@ bool RenderLayerCompositor::updateBacking(RenderLayer& layer, RequiresCompositin
         }
         if (layerChanged) {
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-                scrollingCoordinator->frameViewFixedObjectsDidChange(m_renderView.frameView());
+                scrollingCoordinator->frameViewFixedObjectsDidChange(m_renderView.protectedFrameView());
         }
     } else
         layer.setViewportConstrainedNotCompositedReason(RenderLayer::NoNotCompositedReason);
@@ -2484,7 +2485,7 @@ void RenderLayerCompositor::repaintOnCompositingChange(RenderLayer& layer)
         // The contents of this layer may be moving between the window
         // and a GraphicsLayer, so we need to make sure the window system
         // synchronizes those changes on the screen.
-        m_renderView.frameView().setNeedsOneShotDrawingSynchronization();
+        m_renderView.protectedFrameView()->setNeedsOneShotDrawingSynchronization();
     }
 }
 
@@ -2503,7 +2504,7 @@ void RenderLayerCompositor::repaintInCompositedAncestor(RenderLayer& layer, cons
     // The contents of this layer may be moving from a GraphicsLayer to the window,
     // so we need to make sure the window system synchronizes those changes on the screen.
     if (compositedAncestor->isRenderViewLayer())
-        m_renderView.frameView().setNeedsOneShotDrawingSynchronization();
+        m_renderView.protectedFrameView()->setNeedsOneShotDrawingSynchronization();
 }
 
 void RenderLayerCompositor::layerWillBeRemoved(RenderLayer& parent, RenderLayer& child)
@@ -2559,7 +2560,7 @@ void RenderLayerCompositor::computeExtent(const LayerOverlapMap& overlapMap, con
         // Because fixed elements get moved around without re-computing overlap, we have to compute an overlap
         // rect that covers all the locations that the fixed element could move to.
         // FIXME: need to handle sticky too.
-        extent.bounds = m_renderView.frameView().fixedScrollableAreaBoundsInflatedForScrolling(extent.bounds);
+        extent.bounds = m_renderView.protectedFrameView()->fixedScrollableAreaBoundsInflatedForScrolling(extent.bounds);
     }
 
     extent.extentComputed = true;
@@ -2787,7 +2788,7 @@ void RenderLayerCompositor::widgetDidChangeSize(RenderWidget& widget)
 bool RenderLayerCompositor::hasCoordinatedScrolling() const
 {
     RefPtr scrollingCoordinator = this->scrollingCoordinator();
-    return scrollingCoordinator && scrollingCoordinator->coordinatesScrollingForFrameView(m_renderView.frameView());
+    return scrollingCoordinator && scrollingCoordinator->coordinatesScrollingForFrameView(m_renderView.protectedFrameView());
 }
 
 void RenderLayerCompositor::updateScrollLayerPosition()
@@ -2795,23 +2796,23 @@ void RenderLayerCompositor::updateScrollLayerPosition()
     ASSERT(!hasCoordinatedScrolling());
     ASSERT(m_scrolledContentsLayer);
 
-    auto& frameView = m_renderView.frameView();
-    IntPoint scrollPosition = frameView.scrollPosition();
+    Ref frameView = m_renderView.frameView();
+    IntPoint scrollPosition = frameView->scrollPosition();
 
     // We use scroll position here because the root content layer is offset to account for scrollOrigin (see LocalFrameView::positionForRootContentLayer).
     m_scrolledContentsLayer->setPosition(FloatPoint(-scrollPosition.x(), -scrollPosition.y()));
 
-    if (auto* fixedBackgroundLayer = fixedRootBackgroundLayer())
-        fixedBackgroundLayer->setPosition(frameView.scrollPositionForFixedPosition());
+    if (RefPtr fixedBackgroundLayer = fixedRootBackgroundLayer())
+        fixedBackgroundLayer->setPosition(frameView->scrollPositionForFixedPosition());
 }
 
 void RenderLayerCompositor::updateScrollLayerClipping()
 {
-    auto* layerForClipping = this->layerForClipping();
+    RefPtr layerForClipping = this->layerForClipping();
     if (!layerForClipping)
         return;
 
-    auto layerSize = m_renderView.frameView().sizeForVisibleContent();
+    auto layerSize = m_renderView.protectedFrameView()->sizeForVisibleContent();
     layerForClipping->setSize(layerSize);
     layerForClipping->setPosition(positionForClipLayer());
 
@@ -2823,17 +2824,17 @@ void RenderLayerCompositor::updateScrollLayerClipping()
 #if ENABLE(INTERACTION_REGIONS_IN_EVENT_REGION)
         eventRegionContext.copyInteractionRegionsToEventRegion(m_renderView.settings().interactionRegionMinimumCornerRadius());
 #endif
-        m_clipLayer->setEventRegion(WTFMove(eventRegion));
+        RefPtr { m_clipLayer }->setEventRegion(WTFMove(eventRegion));
     }
 #endif
 }
 
 FloatPoint RenderLayerCompositor::positionForClipLayer() const
 {
-    auto& frameView = m_renderView.frameView();
+    Ref frameView = m_renderView.frameView();
 
-    auto clipLayerPosition = LocalFrameView::positionForInsetClipLayer(frameView.scrollPosition(), frameView.obscuredContentInsets());
-    return FloatPoint(frameView.insetForLeftScrollbarSpace() + clipLayerPosition.x(), clipLayerPosition.y());
+    auto clipLayerPosition = LocalFrameView::positionForInsetClipLayer(frameView->scrollPosition(), frameView->obscuredContentInsets());
+    return FloatPoint(frameView->insetForLeftScrollbarSpace() + clipLayerPosition.x(), clipLayerPosition.y());
 }
 
 void RenderLayerCompositor::frameViewDidScroll()
@@ -2874,14 +2875,14 @@ void RenderLayerCompositor::rootLayerConfigurationChanged()
 
 void RenderLayerCompositor::updateCompositingForLayerTreeAsTextDump()
 {
-    auto& frameView = m_renderView.frameView();
+    Ref frameView = m_renderView.frameView();
 
-    frameView.updateLayoutAndStyleIfNeededRecursive(LayoutOptions::UpdateCompositingLayers);
+    frameView->updateLayoutAndStyleIfNeededRecursive(LayoutOptions::UpdateCompositingLayers);
 
     updateEventRegions();
 
-    for (auto* child = frameView.frame().tree().firstRenderedChild(); child; child = child->tree().traverseNextRendered()) {
-        auto* localChild = dynamicDowncast<LocalFrame>(child);
+    for (RefPtr child = frameView->frame().tree().firstRenderedChild(); child; child = child->tree().traverseNextRendered()) {
+        RefPtr localChild = dynamicDowncast<LocalFrame>(child);
         if (!localChild)
             continue;
         if (auto* renderer = localChild->contentRenderer())
@@ -2896,7 +2897,7 @@ void RenderLayerCompositor::updateCompositingForLayerTreeAsTextDump()
     flushPendingLayerChanges(true);
     // We need to trigger an update because the flushPendingLayerChanges() will have pushed changes to platform layers,
     // which may cause painting to happen in the current runloop.
-    page().triggerRenderingUpdateForTesting();
+    protectedPage()->triggerRenderingUpdateForTesting();
 }
 
 String RenderLayerCompositor::layerTreeAsText(OptionSet<LayerTreeAsTextOptions> options, uint32_t baseIndent)
@@ -2923,7 +2924,7 @@ String RenderLayerCompositor::layerTreeAsText(OptionSet<LayerTreeAsTextOptions>
     // The true root layer is not included in the dump, so if we want to report
     // its repaint rects, they must be included here.
     if (options & LayerTreeAsTextOptions::IncludeRepaintRects)
-        return makeString(m_renderView.frameView().trackedRepaintRectsAsText(), layerTreeText);
+        return makeString(m_renderView.protectedFrameView()->trackedRepaintRectsAsText(), layerTreeText);
 
     return layerTreeText;
 }
@@ -2946,7 +2947,7 @@ std::optional<String> RenderLayerCompositor::platformLayerTreeAsText(Element& el
 
 static RenderView* frameContentsRenderView(RenderWidget& renderer)
 {
-    if (auto* contentDocument = renderer.frameOwnerElement().contentDocument())
+    if (RefPtr contentDocument = renderer.protectedFrameOwnerElement()->contentDocument())
         return contentDocument->renderView();
 
     return nullptr;
@@ -2986,7 +2987,7 @@ auto RenderLayerCompositor::attachWidgetContentLayersIfNecessary(RenderWidget& r
 
     WidgetLayerAttachment result;
     if (isCompositedPlugin(renderer)) {
-        if (auto* contentsLayer = backing->layerForContents()) {
+        if (RefPtr contentsLayer = backing->layerForContents()) {
             result.widgetLayersAttachedAsChildren = isVisible;
             result.layerHierarchyChanged = addContentsLayerChildIfNecessary(*contentsLayer, isVisible);
             if (!isLayerForPluginWithScrollCoordinatedContents(*layer))
@@ -3005,7 +3006,7 @@ auto RenderLayerCompositor::attachWidgetContentLayersIfNecessary(RenderWidget& r
 
             if (auto pluginScrollingNodeID = renderEmbeddedObject->scrollingNodeID()) {
                 if (isVisible) {
-                    scrollingCoordinator->insertNode(m_renderView.frameView().frame().rootFrame().frameID(), ScrollingNodeType::PluginScrolling, *pluginScrollingNodeID, *pluginHostingNodeID, 0);
+                    scrollingCoordinator->insertNode(m_renderView.protectedFrameView()->frame().rootFrame().frameID(), ScrollingNodeType::PluginScrolling, *pluginScrollingNodeID, *pluginHostingNodeID, 0);
                     renderEmbeddedObject->didAttachScrollingNode();
                 } else
                     scrollingCoordinator->unparentNode(*pluginScrollingNodeID);
@@ -3019,7 +3020,7 @@ auto RenderLayerCompositor::attachWidgetContentLayersIfNecessary(RenderWidget& r
         return result;
 
     result.widgetLayersAttachedAsChildren = isVisible;
-    if (auto* iframeRootLayer = innerCompositor->rootGraphicsLayer())
+    if (RefPtr iframeRootLayer = innerCompositor->rootGraphicsLayer())
         result.layerHierarchyChanged = addContentsLayerChildIfNecessary(*iframeRootLayer, isVisible);
 
     if (auto frameHostingNodeID = backing->scrollingNodeIDForRole(ScrollCoordinationRole::FrameHosting)) {
@@ -3028,9 +3029,9 @@ auto RenderLayerCompositor::attachWidgetContentLayersIfNecessary(RenderWidget& r
             return result;
 
         auto* contentsRenderView = frameContentsRenderView(renderer);
-        if (auto frameRootScrollingNodeID = contentsRenderView->frameView().scrollingNodeID()) {
+        if (auto frameRootScrollingNodeID = contentsRenderView->protectedFrameView()->scrollingNodeID()) {
             if (isVisible)
-                scrollingCoordinator->insertNode(m_renderView.frameView().frame().rootFrame().frameID(), ScrollingNodeType::Subframe, *frameRootScrollingNodeID, *frameHostingNodeID, 0);
+                scrollingCoordinator->insertNode(m_renderView.protectedFrameView()->frame().rootFrame().frameID(), ScrollingNodeType::Subframe, *frameRootScrollingNodeID, *frameHostingNodeID, 0);
             else
                 scrollingCoordinator->unparentNode(*frameRootScrollingNodeID);
         }
@@ -3106,7 +3107,7 @@ void RenderLayerCompositor::setIsInWindow(bool isInWindow)
     if (!usesCompositing())
         return;
 
-    if (auto* rootLayer = rootGraphicsLayer()) {
+    if (RefPtr rootLayer = rootGraphicsLayer()) {
         GraphicsLayer::traverse(*rootLayer, [isInWindow](GraphicsLayer& layer) {
             layer.setIsInWindow(isInWindow);
         });
@@ -3140,8 +3141,8 @@ void RenderLayerCompositor::setIsInWindow(bool isInWindow)
 
 void RenderLayerCompositor::invalidateEventRegionForAllFrames()
 {
-    for (Frame* frame = &page().mainFrame(); frame; frame = frame->tree().traverseNext()) {
-        auto* localFrame = dynamicDowncast<LocalFrame>(frame);
+    for (RefPtr frame = &page().mainFrame(); frame; frame = frame->tree().traverseNext()) {
+        RefPtr localFrame = dynamicDowncast<LocalFrame>(frame);
         if (!localFrame)
             continue;
         if (auto* view = localFrame->contentRenderer())
@@ -3163,10 +3164,11 @@ void RenderLayerCompositor::clearBackingForAllLayers()
 
 void RenderLayerCompositor::updateRootLayerPosition()
 {
-    if (m_rootContentsLayer) {
-        m_rootContentsLayer->setSize(m_renderView.frameView().contentsSize());
-        m_rootContentsLayer->setPosition(m_renderView.frameView().positionForRootContentLayer());
-        m_rootContentsLayer->setAnchorPoint(FloatPoint3D());
+    if (RefPtr rootContentsLayer = m_rootContentsLayer) {
+        Ref frameView = m_renderView.frameView();
+        rootContentsLayer->setSize(frameView->contentsSize());
+        rootContentsLayer->setPosition(frameView->positionForRootContentLayer());
+        rootContentsLayer->setAnchorPoint(FloatPoint3D());
     }
 
     updateScrollLayerClipping();
@@ -3174,7 +3176,7 @@ void RenderLayerCompositor::updateRootLayerPosition()
 #if HAVE(RUBBER_BANDING)
     if (m_contentShadowLayer && m_rootContentsLayer) {
         m_contentShadowLayer->setPosition(m_rootContentsLayer->position());
-        m_contentShadowLayer->setSize(m_rootContentsLayer->size());
+        RefPtr { m_contentShadowLayer }->setSize(m_rootContentsLayer->size());
     }
 
     updateLayerForTopOverhangArea(m_layerForTopOverhangArea != nullptr);
@@ -3253,12 +3255,11 @@ bool RenderLayerCompositor::canBeComposited(const RenderLayer& layer) const
 enum class FullScreenDescendant { Yes, No, NotApplicable };
 static FullScreenDescendant isDescendantOfFullScreenLayer(const RenderLayer& layer)
 {
-    auto& document = layer.renderer().document();
-    CheckedPtr manager = document.fullscreenManagerIfExists();
+    CheckedPtr manager = layer.renderer().document().fullscreenManagerIfExists();
     if (!manager)
         return FullScreenDescendant::NotApplicable;
 
-    auto* fullScreenElement = manager->fullscreenElement();
+    RefPtr fullScreenElement = manager->fullscreenElement();
     if (!fullScreenElement)
         return FullScreenDescendant::NotApplicable;
 
@@ -3803,7 +3804,7 @@ bool RenderLayerCompositor::requiresCompositingForTransform(RenderLayerModelObje
 
     auto compositingPolicy = m_compositingPolicy;
 #if !USE(COMPOSITING_FOR_SMALL_CANVASES)
-    if (auto* canvas = dynamicDowncast<HTMLCanvasElement>(renderer.element())) {
+    if (RefPtr canvas = dynamicDowncast<HTMLCanvasElement>(renderer.element())) {
         auto canvasArea = canvas->size().area<RecordOverflow>();
         if (!canvasArea.hasOverflowed() && canvasArea < canvasAreaThresholdRequiringCompositing)
             compositingPolicy = CompositingPolicy::Conservative;
@@ -3874,7 +3875,7 @@ bool RenderLayerCompositor::requiresCompositingForCanvas(RenderLayerModelObject&
 
     bool isCanvasLargeEnoughToForceCompositing = true;
 #if !USE(COMPOSITING_FOR_SMALL_CANVASES)
-    auto* canvas = downcast<HTMLCanvasElement>(renderer.element());
+    RefPtr canvas = downcast<HTMLCanvasElement>(renderer.element());
     auto canvasArea = canvas->size().area<RecordOverflow>();
     isCanvasLargeEnoughToForceCompositing = !canvasArea.hasOverflowed() && canvasArea >= canvasAreaThresholdRequiringCompositing;
 #endif
@@ -4002,7 +4003,7 @@ bool RenderLayerCompositor::requiresCompositingForScrollableFrame(RequiresCompos
         return m_renderView.isComposited();
     }
 
-    return m_renderView.frameView().isScrollable();
+    return m_renderView.protectedFrameView()->isScrollable();
 }
 
 bool RenderLayerCompositor::requiresCompositingForPosition(RenderLayerModelObject& renderer, const RenderLayer& layer, RequiresCompositingData& queryData) const
@@ -4187,10 +4188,11 @@ bool RenderLayerCompositor::fixedLayerIntersectsViewport(const RenderLayer& laye
     // Fixed position elements that are invisible in the current view don't get their own layer.
     // FIXME: We shouldn't have to check useFixedLayout() here; one of the viewport rects needs to give the correct answer.
     LayoutRect viewBounds;
-    if (m_renderView.frameView().useFixedLayout())
+    Ref frameView = m_renderView.frameView();
+    if (frameView->useFixedLayout())
         viewBounds = m_renderView.unscaledDocumentRect();
     else
-        viewBounds = m_renderView.frameView().rectForFixedPositionLayout();
+        viewBounds = frameView->rectForFixedPositionLayout();
 
     LayoutRect layerBounds = layer.calculateLayerBounds(&layer, LayoutSize(), { RenderLayer::UseLocalClipRectIfPossible, RenderLayer::IncludeFilterOutsets, RenderLayer::UseFragmentBoxesExcludingCompositing,
         RenderLayer::ExcludeHiddenDescendants, RenderLayer::DontConstrainForMask, RenderLayer::IncludeCompositedDescendants });
@@ -4281,7 +4283,7 @@ ScrollPositioningBehavior RenderLayerCompositor::computeCoordinatedPositioningFo
     if (!layer.hasCompositedScrollingAncestor())
         return ScrollPositioningBehavior::None;
 
-    auto* scrollingCoordinator = this->scrollingCoordinator();
+    RefPtr scrollingCoordinator = this->scrollingCoordinator();
     if (!scrollingCoordinator)
         return ScrollPositioningBehavior::None;
 
@@ -4320,11 +4322,11 @@ bool RenderLayerCompositor::isLayerForIFrameWithScrollCoordinatedContents(const
     if (!renderWidget)
         return false;
 
-    auto* frame = renderWidget->frameOwnerElement().contentFrame();
+    RefPtr frame = renderWidget->frameOwnerElement().contentFrame();
     if (frame && is<RemoteFrame>(frame))
         return renderWidget->hasLayer() && renderWidget->layer()->isComposited();
 
-    auto* contentDocument = renderWidget->frameOwnerElement().contentDocument();
+    RefPtr contentDocument = renderWidget->protectedFrameOwnerElement()->contentDocument();
     if (!contentDocument)
         return false;
 
@@ -4333,7 +4335,7 @@ bool RenderLayerCompositor::isLayerForIFrameWithScrollCoordinatedContents(const
         return false;
 
     if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-        return scrollingCoordinator->coordinatesScrollingForFrameView(view->frameView());
+        return scrollingCoordinator->coordinatesScrollingForFrameView(view->protectedFrameView());
 
     return false;
 }
@@ -4377,14 +4379,14 @@ bool RenderLayerCompositor::needsContentsCompositingLayer(const RenderLayer& lay
 
 bool RenderLayerCompositor::requiresScrollLayer(RootLayerAttachment attachment) const
 {
-    auto& frameView = m_renderView.frameView();
+    Ref frameView = m_renderView.frameView();
 
     // This applies when the application UI handles scrolling, in which case RenderLayerCompositor doesn't need to manage it.
-    if (frameView.delegatedScrollingMode() == DelegatedScrollingMode::DelegatedToNativeScrollView && isMainFrameCompositor())
+    if (frameView->delegatedScrollingMode() == DelegatedScrollingMode::DelegatedToNativeScrollView && isMainFrameCompositor())
         return false;
 
     // We need to handle our own scrolling if we're:
-    return !m_renderView.frameView().platformWidget() // viewless (i.e. non-Mac, or Mac in WebKit2)
+    return !m_renderView.protectedFrameView()->platformWidget() // viewless (i.e. non-Mac, or Mac in WebKit2)
         || attachment == RootLayerAttachedViaEnclosingFrame; // a composited frame on Mac
 }
 
@@ -4416,16 +4418,17 @@ void RenderLayerCompositor::paintContents(const GraphicsLayer* graphicsLayer, Gr
 
     IntRect pixelSnappedRectForIntegralPositionedItems = snappedIntRect(LayoutRect(clip));
     if (graphicsLayer == layerForHorizontalScrollbar())
-        paintScrollbar(m_renderView.frameView().horizontalScrollbar(), context, pixelSnappedRectForIntegralPositionedItems, m_viewBackgroundColor);
+        paintScrollbar(RefPtr { m_renderView.frameView().horizontalScrollbar() }.get(), context, pixelSnappedRectForIntegralPositionedItems, m_viewBackgroundColor);
     else if (graphicsLayer == layerForVerticalScrollbar())
-        paintScrollbar(m_renderView.frameView().verticalScrollbar(), context, pixelSnappedRectForIntegralPositionedItems, m_viewBackgroundColor);
+        paintScrollbar(RefPtr { m_renderView.frameView().verticalScrollbar() }.get(), context, pixelSnappedRectForIntegralPositionedItems, m_viewBackgroundColor);
     else if (graphicsLayer == layerForScrollCorner()) {
-        const IntRect& scrollCorner = m_renderView.frameView().scrollCornerRect();
+        Ref frameView = m_renderView.frameView();
+        const IntRect& scrollCorner = frameView->scrollCornerRect();
         context.save();
         context.translate(-scrollCorner.location());
         IntRect transformedClip = pixelSnappedRectForIntegralPositionedItems;
         transformedClip.moveBy(scrollCorner.location());
-        m_renderView.frameView().paintScrollCorner(context, transformedClip);
+        frameView->paintScrollCorner(context, transformedClip);
         context.restore();
     }
 }
@@ -4462,7 +4465,7 @@ GraphicsLayer* RenderLayerCompositor::fixedRootBackgroundLayer() const
 
 void RenderLayerCompositor::resetTrackedRepaintRects()
 {
-    if (auto* rootLayer = rootGraphicsLayer()) {
+    if (RefPtr rootLayer = rootGraphicsLayer()) {
         GraphicsLayer::traverse(*rootLayer, [](GraphicsLayer& layer) {
             layer.resetTrackedRepaints();
         });
@@ -4516,19 +4519,19 @@ bool RenderLayerCompositor::documentUsesTiledBacking() const
 
 bool RenderLayerCompositor::isRootFrameCompositor() const
 {
-    return m_renderView.frameView().frame().isRootFrame();
+    return m_renderView.protectedFrameView()->frame().isRootFrame();
 }
 
 bool RenderLayerCompositor::isMainFrameCompositor() const
 {
-    return m_renderView.frameView().frame().isMainFrame();
+    return m_renderView.protectedFrameView()->frame().isMainFrame();
 }
 
 bool RenderLayerCompositor::shouldCompositeOverflowControls() const
 {
-    auto& frameView = m_renderView.frameView();
+    Ref frameView = m_renderView.frameView();
 
-    if (!frameView.managesScrollbars())
+    if (!frameView->managesScrollbars())
         return false;
 
     if (documentUsesTiledBacking())
@@ -4538,7 +4541,7 @@ bool RenderLayerCompositor::shouldCompositeOverflowControls() const
         return true;
 
 #if !USE(COORDINATED_GRAPHICS)
-    if (!frameView.hasOverlayScrollbars())
+    if (!frameView->hasOverlayScrollbars())
         return false;
 #endif
 
@@ -4557,7 +4560,7 @@ bool RenderLayerCompositor::requiresVerticalScrollbarLayer() const
 
 bool RenderLayerCompositor::requiresScrollCornerLayer() const
 {
-    return shouldCompositeOverflowControls() && m_renderView.frameView().isScrollCornerVisible();
+    return shouldCompositeOverflowControls() && m_renderView.protectedFrameView()->isScrollCornerVisible();
 }
 
 #if HAVE(RUBBER_BANDING)
@@ -4567,7 +4570,8 @@ bool RenderLayerCompositor::requiresOverhangAreasLayer() const
         return false;
 
     // We do want a layer if we're using tiled drawing and can scroll.
-    if (documentUsesTiledBacking() && m_renderView.frameView().hasOpaqueBackground() && !m_renderView.frameView().prohibitsScrolling())
+    Ref frameView = m_renderView.frameView();
+    if (documentUsesTiledBacking() && frameView->hasOpaqueBackground() && !frameView->prohibitsScrolling())
         return true;
 
     return false;
@@ -4607,7 +4611,7 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForTopOverhangArea(bool wantsLa
     if (!m_layerForTopOverhangArea) {
         m_layerForTopOverhangArea = GraphicsLayer::create(graphicsLayerFactory(), *this);
         m_layerForTopOverhangArea->setName(MAKE_STATIC_STRING_IMPL("top overhang"));
-        m_scrolledContentsLayer->addChildBelow(*m_layerForTopOverhangArea, m_rootContentsLayer.get());
+        RefPtr { m_scrolledContentsLayer }->addChildBelow(*m_layerForTopOverhangArea, m_rootContentsLayer.get());
     }
 
     return m_layerForTopOverhangArea.get();
@@ -4626,11 +4630,12 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForBottomOverhangArea(bool want
     if (!m_layerForBottomOverhangArea) {
         m_layerForBottomOverhangArea = GraphicsLayer::create(graphicsLayerFactory(), *this);
         m_layerForBottomOverhangArea->setName(MAKE_STATIC_STRING_IMPL("bottom overhang"));
-        m_scrolledContentsLayer->addChildBelow(*m_layerForBottomOverhangArea, m_rootContentsLayer.get());
+        RefPtr { m_scrolledContentsLayer }->addChildBelow(*m_layerForBottomOverhangArea, m_rootContentsLayer.get());
     }
 
-    m_layerForBottomOverhangArea->setPosition(FloatPoint(0, m_rootContentsLayer->size().height() + m_renderView.frameView().headerHeight()
-        + m_renderView.frameView().footerHeight() + m_renderView.frameView().obscuredContentInsets().top()));
+    Ref frameView = m_renderView.frameView();
+    m_layerForBottomOverhangArea->setPosition(FloatPoint(0, m_rootContentsLayer->size().height() + frameView->headerHeight()
+        + frameView->footerHeight() + frameView->obscuredContentInsets().top()));
     return m_layerForBottomOverhangArea.get();
 }
 
@@ -4646,7 +4651,7 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForHeader(bool wantsLayer)
             // The ScrollingTree knows about the header layer, and the position of the root layer is affected
             // by the header layer, so if we remove the header, we need to tell the scrolling tree.
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-                scrollingCoordinator->frameViewRootLayerDidChange(m_renderView.frameView());
+                scrollingCoordinator->frameViewRootLayerDidChange(m_renderView.protectedFrameView());
         }
         return nullptr;
     }
@@ -4654,16 +4659,17 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForHeader(bool wantsLayer)
     if (!m_layerForHeader) {
         m_layerForHeader = GraphicsLayer::create(graphicsLayerFactory(), *this);
         m_layerForHeader->setName(MAKE_STATIC_STRING_IMPL("header"));
-        m_scrolledContentsLayer->addChildAbove(*m_layerForHeader, m_rootContentsLayer.get());
+        RefPtr { m_scrolledContentsLayer }->addChildAbove(*m_layerForHeader, m_rootContentsLayer.get());
     }
 
+    Ref frameView = m_renderView.frameView();
     m_layerForHeader->setPosition(FloatPoint(0,
-        LocalFrameView::yPositionForHeaderLayer(m_renderView.frameView().scrollPosition(), m_renderView.frameView().obscuredContentInsets().top())));
+        LocalFrameView::yPositionForHeaderLayer(frameView->scrollPosition(), frameView->obscuredContentInsets().top())));
     m_layerForHeader->setAnchorPoint(FloatPoint3D());
-    m_layerForHeader->setSize(FloatSize(m_renderView.frameView().visibleWidth(), m_renderView.frameView().headerHeight()));
+    RefPtr { m_layerForHeader }->setSize(FloatSize(frameView->visibleWidth(), frameView->headerHeight()));
 
     if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-        scrollingCoordinator->frameViewRootLayerDidChange(m_renderView.frameView());
+        scrollingCoordinator->frameViewRootLayerDidChange(frameView);
 
     page().chrome().client().didAddHeaderLayer(*m_layerForHeader);
 
@@ -4675,6 +4681,8 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForFooter(bool wantsLayer)
     if (!isMainFrameCompositor())
         return nullptr;
 
+    Ref frameView = m_renderView.frameView();
+
     if (!wantsLayer) {
         if (m_layerForFooter) {
             GraphicsLayer::unparentAndClear(m_layerForFooter);
@@ -4682,7 +4690,7 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForFooter(bool wantsLayer)
             // The ScrollingTree knows about the footer layer, and the total scrollable size is affected
             // by the footer layer, so if we remove the footer, we need to tell the scrolling tree.
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-                scrollingCoordinator->frameViewRootLayerDidChange(m_renderView.frameView());
+                scrollingCoordinator->frameViewRootLayerDidChange(frameView);
         }
         return nullptr;
     }
@@ -4690,17 +4698,17 @@ GraphicsLayer* RenderLayerCompositor::updateLayerForFooter(bool wantsLayer)
     if (!m_layerForFooter) {
         m_layerForFooter = GraphicsLayer::create(graphicsLayerFactory(), *this);
         m_layerForFooter->setName(MAKE_STATIC_STRING_IMPL("footer"));
-        m_scrolledContentsLayer->addChildAbove(*m_layerForFooter, m_rootContentsLayer.get());
+        RefPtr { m_scrolledContentsLayer }->addChildAbove(*m_layerForFooter, m_rootContentsLayer.get());
     }
 
-    float totalContentHeight = m_rootContentsLayer->size().height() + m_renderView.frameView().headerHeight() + m_renderView.frameView().footerHeight();
-    m_layerForFooter->setPosition(FloatPoint(0, LocalFrameView::yPositionForFooterLayer(m_renderView.frameView().scrollPosition(),
-        m_renderView.frameView().obscuredContentInsets().top(), totalContentHeight, m_renderView.frameView().footerHeight())));
+    float totalContentHeight = m_rootContentsLayer->size().height() + frameView->headerHeight() + frameView->footerHeight();
+    m_layerForFooter->setPosition(FloatPoint(0, LocalFrameView::yPositionForFooterLayer(frameView->scrollPosition(),
+        frameView->obscuredContentInsets().top(), totalContentHeight, frameView->footerHeight())));
     m_layerForFooter->setAnchorPoint(FloatPoint3D());
-    m_layerForFooter->setSize(FloatSize(m_renderView.frameView().visibleWidth(), m_renderView.frameView().footerHeight()));
+    RefPtr { m_layerForFooter }->setSize(FloatSize(frameView->visibleWidth(), frameView->footerHeight()));
 
     if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-        scrollingCoordinator->frameViewRootLayerDidChange(m_renderView.frameView());
+        scrollingCoordinator->frameViewRootLayerDidChange(frameView);
 
     page().chrome().client().didAddFooterLayer(*m_layerForFooter);
 
@@ -4716,12 +4724,12 @@ void RenderLayerCompositor::updateLayerForOverhangAreasBackgroundColor()
 
     if (m_renderView.settings().backgroundShouldExtendBeyondPage()) {
         backgroundColor = ([&] {
-            if (auto underPageBackgroundColorOverride = page().underPageBackgroundColorOverride(); underPageBackgroundColorOverride.isValid())
+            if (auto underPageBackgroundColorOverride = protectedPage()->underPageBackgroundColorOverride(); underPageBackgroundColorOverride.isValid())
                 return underPageBackgroundColorOverride;
 
             return m_rootExtendedBackgroundColor;
         })();
-        m_layerForOverhangAreas->setBackgroundColor(backgroundColor);
+        RefPtr { m_layerForOverhangAreas }->setBackgroundColor(backgroundColor);
     }
 }
 
@@ -4737,15 +4745,16 @@ bool RenderLayerCompositor::viewNeedsToInvalidateEventRegionOfEnclosingCompositi
 
 bool RenderLayerCompositor::viewHasTransparentBackground(Color* backgroundColor) const
 {
-    if (m_renderView.frameView().isTransparent()) {
+    Ref frameView = m_renderView.frameView();
+    if (frameView->isTransparent()) {
         if (backgroundColor)
             *backgroundColor = Color(); // Return an invalid color.
         return true;
     }
 
-    Color documentBackgroundColor = m_renderView.frameView().documentBackgroundColor();
+    Color documentBackgroundColor = frameView->documentBackgroundColor();
     if (!documentBackgroundColor.isValid())
-        documentBackgroundColor = m_renderView.frameView().baseBackgroundColor();
+        documentBackgroundColor = frameView->baseBackgroundColor();
 
     ASSERT(documentBackgroundColor.isValid());
 
@@ -4791,10 +4800,12 @@ void RenderLayerCompositor::updateRootContentsLayerBackgroundColor()
 {
     if (!m_rootContentsLayer)
         return;
+
+    RefPtr rootContentsLayer = m_rootContentsLayer;
     if (m_rootElementCapturedInViewTransition)
-        m_rootContentsLayer->setBackgroundColor(m_viewBackgroundColor);
+        rootContentsLayer->setBackgroundColor(m_viewBackgroundColor);
     else
-        m_rootContentsLayer->setBackgroundColor(Color());
+        rootContentsLayer->setBackgroundColor(Color());
 }
 
 void RenderLayerCompositor::rootBackgroundColorOrTransparencyChanged()
@@ -4838,11 +4849,12 @@ void RenderLayerCompositor::updateSizeAndPositionForOverhangAreaLayer()
     if (!m_layerForOverhangAreas)
         return;
 
-    auto obscuredContentInsets = m_renderView.frameView().obscuredContentInsets();
-    IntSize overhangAreaSize = m_renderView.frameView().frameRect().size();
+    Ref frameView = m_renderView.frameView();
+    auto obscuredContentInsets = frameView->obscuredContentInsets();
+    IntSize overhangAreaSize = frameView->frameRect().size();
     overhangAreaSize.contract(obscuredContentInsets.left(), obscuredContentInsets.top());
     overhangAreaSize.clampNegativeToZero();
-    m_layerForOverhangAreas->setSize(overhangAreaSize);
+    RefPtr { m_layerForOverhangAreas }->setSize(overhangAreaSize);
     m_layerForOverhangAreas->setPosition({ obscuredContentInsets.left(), obscuredContentInsets.top() });
 }
 #endif
@@ -4854,7 +4866,7 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
         if (!m_layerForOverhangAreas) {
             m_layerForOverhangAreas = GraphicsLayer::create(graphicsLayerFactory(), *this);
             m_layerForOverhangAreas->setName(MAKE_STATIC_STRING_IMPL("overhang areas"));
-            m_layerForOverhangAreas->setDrawsContent(false);
+            RefPtr { m_layerForOverhangAreas }->setDrawsContent(false);
 
             updateSizeAndPositionForOverhangAreaLayer();
             m_layerForOverhangAreas->setAnchorPoint(FloatPoint3D());
@@ -4862,7 +4874,7 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
 
             // We want the overhang areas layer to be positioned below the frame contents,
             // so insert it below the clip layer.
-            m_overflowControlsHostLayer->addChildBelow(*m_layerForOverhangAreas, layerForClipping());
+            RefPtr { m_overflowControlsHostLayer }->addChildBelow(*m_layerForOverhangAreas, RefPtr { layerForClipping() }.get());
         }
     } else
         GraphicsLayer::unparentAndClear(m_layerForOverhangAreas);
@@ -4871,12 +4883,12 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
         if (!m_contentShadowLayer) {
             m_contentShadowLayer = GraphicsLayer::create(graphicsLayerFactory(), *this);
             m_contentShadowLayer->setName(MAKE_STATIC_STRING_IMPL("content shadow"));
-            m_contentShadowLayer->setSize(m_rootContentsLayer->size());
+            RefPtr { m_contentShadowLayer }->setSize(m_rootContentsLayer->size());
             m_contentShadowLayer->setPosition(m_rootContentsLayer->position());
             m_contentShadowLayer->setAnchorPoint(FloatPoint3D());
             m_contentShadowLayer->setCustomAppearance(GraphicsLayer::CustomAppearance::ScrollingShadow);
 
-            m_scrolledContentsLayer->addChildBelow(*m_contentShadowLayer, m_rootContentsLayer.get());
+            RefPtr { m_scrolledContentsLayer }->addChildBelow(*m_contentShadowLayer, m_rootContentsLayer.get());
         }
     } else
         GraphicsLayer::unparentAndClear(m_contentShadowLayer);
@@ -4892,7 +4904,7 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
 #if USE(CA)
             m_layerForHorizontalScrollbar->setAcceleratesDrawing(acceleratedDrawingEnabled());
 #endif
-            m_overflowControlsHostLayer->addChild(*m_layerForHorizontalScrollbar);
+            RefPtr { m_overflowControlsHostLayer }->addChild(*m_layerForHorizontalScrollbar);
 
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
                 scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(m_renderView.frameView(), ScrollbarOrientation::Horizontal);
@@ -4914,7 +4926,7 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
 #if USE(CA)
             m_layerForVerticalScrollbar->setAcceleratesDrawing(acceleratedDrawingEnabled());
 #endif
-            m_overflowControlsHostLayer->addChild(*m_layerForVerticalScrollbar);
+            RefPtr { m_overflowControlsHostLayer }->addChild(*m_layerForVerticalScrollbar);
 
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
                 scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(m_renderView.frameView(), ScrollbarOrientation::Vertical);
@@ -4935,12 +4947,12 @@ void RenderLayerCompositor::updateOverflowControlsLayers()
 #if USE(CA)
             m_layerForScrollCorner->setAcceleratesDrawing(acceleratedDrawingEnabled());
 #endif
-            m_overflowControlsHostLayer->addChild(*m_layerForScrollCorner);
+            RefPtr { m_overflowControlsHostLayer }->addChild(*m_layerForScrollCorner);
         }
     } else
         GraphicsLayer::unparentAndClear(m_layerForScrollCorner);
 
-    m_renderView.frameView().positionScrollbarLayers();
+    m_renderView.protectedFrameView()->positionScrollbarLayers();
 }
 
 void RenderLayerCompositor::ensureRootLayer()
@@ -4953,12 +4965,12 @@ void RenderLayerCompositor::ensureRootLayer()
         m_rootContentsLayer = GraphicsLayer::create(graphicsLayerFactory(), *this);
         m_rootContentsLayer->setName(MAKE_STATIC_STRING_IMPL("content root"));
         IntRect overflowRect = snappedIntRect(m_renderView.layoutOverflowRect());
-        m_rootContentsLayer->setSize(FloatSize(overflowRect.maxX(), overflowRect.maxY()));
+        RefPtr { m_rootContentsLayer }->setSize(FloatSize(overflowRect.maxX(), overflowRect.maxY()));
         m_rootContentsLayer->setPosition(FloatPoint());
 
 #if PLATFORM(IOS_FAMILY)
         // Page scale is applied above this on iOS, so we'll just say that our root layer applies it.
-        if (m_renderView.frameView().frame().isRootFrame())
+        if (m_renderView.protectedFrameView()->frame().isRootFrame())
             m_rootContentsLayer->setAppliesPageScale();
 #endif
 
@@ -4996,15 +5008,16 @@ void RenderLayerCompositor::ensureRootLayer()
             // account for clipping and top content inset (see LocalFrameView::positionForInsetClipLayer()).
             if (!m_scrollContainerLayer) {
                 m_clipLayer = GraphicsLayer::create(graphicsLayerFactory(), *this);
-                m_clipLayer->setName(MAKE_STATIC_STRING_IMPL("frame clipping"));
-                m_clipLayer->setMasksToBounds(true);
-                m_clipLayer->setAnchorPoint({ });
+                RefPtr clipLayer = m_clipLayer;
+                clipLayer->setName(MAKE_STATIC_STRING_IMPL("frame clipping"));
+                clipLayer->setMasksToBounds(true);
+                clipLayer->setAnchorPoint({ });
 
-                m_clipLayer->addChild(*m_scrolledContentsLayer);
-                m_overflowControlsHostLayer->addChild(*m_clipLayer);
+                clipLayer->addChild(*m_scrolledContentsLayer);
+                RefPtr { m_overflowControlsHostLayer }->addChild(*m_clipLayer);
             }
 
-            m_scrolledContentsLayer->addChild(*m_rootContentsLayer);
+            RefPtr { m_scrolledContentsLayer }->addChild(*m_rootContentsLayer);
 
             updateScrollLayerClipping();
             updateOverflowControlsLayers();
@@ -5041,25 +5054,27 @@ void RenderLayerCompositor::destroyRootLayer()
     GraphicsLayer::unparentAndClear(m_layerForOverhangAreas);
 #endif
 
+    Ref frameView = m_renderView.frameView();
+
     if (m_layerForHorizontalScrollbar) {
         GraphicsLayer::unparentAndClear(m_layerForHorizontalScrollbar);
         if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-            scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(m_renderView.frameView(), ScrollbarOrientation::Horizontal);
-        if (auto* horizontalScrollbar = m_renderView.frameView().horizontalScrollbar())
-            m_renderView.frameView().invalidateScrollbar(*horizontalScrollbar, IntRect(IntPoint(0, 0), horizontalScrollbar->frameRect().size()));
+            scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(frameView, ScrollbarOrientation::Horizontal);
+        if (RefPtr horizontalScrollbar = frameView->horizontalScrollbar())
+            frameView->invalidateScrollbar(*horizontalScrollbar, IntRect(IntPoint(0, 0), horizontalScrollbar->frameRect().size()));
     }
 
     if (m_layerForVerticalScrollbar) {
         GraphicsLayer::unparentAndClear(m_layerForVerticalScrollbar);
         if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
-            scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(m_renderView.frameView(), ScrollbarOrientation::Vertical);
-        if (auto* verticalScrollbar = m_renderView.frameView().verticalScrollbar())
-            m_renderView.frameView().invalidateScrollbar(*verticalScrollbar, IntRect(IntPoint(0, 0), verticalScrollbar->frameRect().size()));
+            scrollingCoordinator->scrollableAreaScrollbarLayerDidChange(frameView, ScrollbarOrientation::Vertical);
+        if (RefPtr verticalScrollbar = frameView->verticalScrollbar())
+            frameView->invalidateScrollbar(*verticalScrollbar, IntRect(IntPoint(0, 0), verticalScrollbar->frameRect().size()));
     }
 
     if (m_layerForScrollCorner) {
         GraphicsLayer::unparentAndClear(m_layerForScrollCorner);
-        m_renderView.frameView().invalidateScrollCorner(m_renderView.frameView().scrollCornerRect());
+        frameView->invalidateScrollCorner(frameView->scrollCornerRect());
     }
 
     if (m_overflowControlsHostLayer) {
@@ -5084,13 +5099,13 @@ void RenderLayerCompositor::attachRootLayer(RootLayerAttachment attachment)
             ASSERT_NOT_REACHED();
             break;
         case RootLayerAttachedViaChromeClient: {
-            page().chrome().client().attachRootGraphicsLayer(m_renderView.frameView().frame(), rootGraphicsLayer());
+            page().chrome().client().attachRootGraphicsLayer(m_renderView.protectedFrameView()->protectedFrame(), RefPtr { rootGraphicsLayer() }.get());
             break;
         }
         case RootLayerAttachedViaEnclosingFrame: {
             // The layer will get hooked up via RenderLayerBacking::updateConfiguration()
             // for the frame's renderer in the parent document.
-            if (RefPtr ownerElement = m_renderView.document().ownerElement())
+            if (RefPtr ownerElement = m_renderView.protectedDocument()->ownerElement())
                 ownerElement->scheduleInvalidateStyleAndLayerComposition();
             break;
         }
@@ -5117,15 +5132,15 @@ void RenderLayerCompositor::detachRootLayer()
     case RootLayerAttachedViaEnclosingFrame: {
         // The layer will get unhooked up via RenderLayerBacking::updateConfiguration()
         // for the frame's renderer in the parent document.
-        if (m_overflowControlsHostLayer)
-            m_overflowControlsHostLayer->removeFromParent();
+        if (RefPtr layer = m_overflowControlsHostLayer)
+            layer->removeFromParent();
         else
-            m_rootContentsLayer->removeFromParent();
+            RefPtr { m_rootContentsLayer }->removeFromParent();
 
-        if (RefPtr ownerElement = m_renderView.document().ownerElement())
+        if (RefPtr ownerElement = m_renderView.protectedDocument()->ownerElement())
             ownerElement->scheduleInvalidateStyleAndLayerComposition();
 
-        if (auto frameRootScrollingNodeID = m_renderView.frameView().scrollingNodeID()) {
+        if (auto frameRootScrollingNodeID = m_renderView.protectedFrameView()->scrollingNodeID()) {
             if (RefPtr scrollingCoordinator = this->scrollingCoordinator()) {
                 scrollingCoordinator->frameViewWillBeDetached(m_renderView.frameView());
                 scrollingCoordinator->unparentNode(*frameRootScrollingNodeID);
@@ -5136,7 +5151,7 @@ void RenderLayerCompositor::detachRootLayer()
     case RootLayerAttachedViaChromeClient: {
         if (RefPtr scrollingCoordinator = this->scrollingCoordinator())
             scrollingCoordinator->frameViewWillBeDetached(m_renderView.frameView());
-        page().chrome().client().attachRootGraphicsLayer(m_renderView.frameView().frame(), nullptr);
+        page().chrome().client().attachRootGraphicsLayer(m_renderView.protectedFrameView()->protectedFrame(), nullptr);
     }
     break;
     case RootLayerUnattached:
@@ -5166,18 +5181,18 @@ void RenderLayerCompositor::rootLayerAttachmentChanged()
     if (auto* backing = layer ? layer->backing() : nullptr)
         backing->updateDrawsContent();
 
-    if (!m_renderView.frameView().frame().isMainFrame())
+    if (!m_renderView.protectedFrameView()->frame().isMainFrame())
         return;
 
     Ref<GraphicsLayer> overlayHost = page().pageOverlayController().layerWithDocumentOverlays();
-    m_rootContentsLayer->addChild(WTFMove(overlayHost));
+    RefPtr { m_rootContentsLayer }->addChild(WTFMove(overlayHost));
 }
 
 void RenderLayerCompositor::notifyIFramesOfCompositingChange()
 {
     // Compositing affects the answer to RenderIFrame::requiresAcceleratedCompositing(), so
     // we need to schedule a style recalc in our parent document.
-    if (RefPtr ownerElement = m_renderView.document().ownerElement())
+    if (RefPtr ownerElement = m_renderView.protectedDocument()->ownerElement())
         ownerElement->scheduleInvalidateStyleAndLayerComposition();
 }
 
@@ -5216,7 +5231,7 @@ void RenderLayerCompositor::deviceOrPageScaleFactorChanged()
 {
     // Page scale will only be applied at to the RenderView and sublayers, but the device scale factor
     // needs to be applied at the level of rootGraphicsLayer().
-    if (auto* rootLayer = rootGraphicsLayer())
+    if (RefPtr rootLayer = rootGraphicsLayer())
         rootLayer->noteDeviceOrPageScaleFactorChangedIncludingDescendants();
 }
 
@@ -5234,7 +5249,7 @@ FixedPositionViewportConstraints RenderLayerCompositor::computeFixedViewportCons
 {
     ASSERT(layer.isComposited());
 
-    auto* anchorLayer = layer.backing()->viewportAnchorLayer();
+    RefPtr anchorLayer = layer.backing()->viewportAnchorLayer();
     if (!anchorLayer) {
         ASSERT_NOT_REACHED();
         return { };
@@ -5242,7 +5257,7 @@ FixedPositionViewportConstraints RenderLayerCompositor::computeFixedViewportCons
 
     FixedPositionViewportConstraints constraints;
     constraints.setLayerPositionAtLastLayout(anchorLayer->position());
-    constraints.setViewportRectAtLastLayout(m_renderView.frameView().rectForFixedPositionLayout());
+    constraints.setViewportRectAtLastLayout(m_renderView.protectedFrameView()->rectForFixedPositionLayout());
     constraints.setAlignmentOffset(anchorLayer->pixelAlignmentOffset());
 
     const RenderStyle& style = layer.renderer().style();
@@ -5275,7 +5290,7 @@ StickyPositionViewportConstraints RenderLayerCompositor::computeStickyViewportCo
 
     auto& renderer = downcast<RenderBoxModelObject>(layer.renderer());
 
-    auto* anchorLayer = layer.backing()->viewportAnchorLayer();
+    RefPtr anchorLayer = layer.backing()->viewportAnchorLayer();
     if (!anchorLayer) {
         ASSERT_NOT_REACHED();
         return { };
@@ -5317,7 +5332,7 @@ static inline ScrollCoordinationRole scrollCoordinationRoleForNodeType(Scrolling
 
 std::optional<ScrollingNodeID> RenderLayerCompositor::attachScrollingNode(RenderLayer& layer, ScrollingNodeType nodeType, ScrollingTreeState& treeState)
 {
-    auto* scrollingCoordinator = this->scrollingCoordinator();
+    RefPtr scrollingCoordinator = this->scrollingCoordinator();
     if (!scrollingCoordinator)
         return std::nullopt;
 
@@ -5345,7 +5360,7 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::attachScrollingNode(Render
 
 #if ENABLE(SCROLLING_THREAD)
     if (nodeType == ScrollingNodeType::Subframe)
-        m_clipLayer->setScrollingNodeID(*nodeID);
+        RefPtr { m_clipLayer }->setScrollingNodeID(*nodeID);
 #endif
 
     m_scrollingNodeToLayerMap.add(*nodeID, layer);
@@ -5359,9 +5374,9 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::registerScrollingNodeID(Sc
         nodeID = scrollingCoordinator.uniqueScrollingNodeID();
 
     if (nodeType == ScrollingNodeType::Subframe && !treeState.hasParent)
-        nodeID = scrollingCoordinator.createNode(m_renderView.frameView().frame().rootFrame().frameID(), nodeType, *nodeID);
+        nodeID = scrollingCoordinator.createNode(m_renderView.protectedFrameView()->frame().rootFrame().frameID(), nodeType, *nodeID);
     else {
-        auto newNodeID = scrollingCoordinator.insertNode(m_renderView.frameView().frame().rootFrame().frameID(), nodeType, *nodeID, treeState.parentNodeID, treeState.nextChildIndex);
+        auto newNodeID = scrollingCoordinator.insertNode(m_renderView.protectedFrameView()->frame().rootFrame().frameID(), nodeType, *nodeID, treeState.parentNodeID, treeState.nextChildIndex);
         if (newNodeID != nodeID) {
             // We'll get a new nodeID if the type changed (and not if the node is new).
             scrollingCoordinator.unparentChildrenAndDestroyNode(*nodeID);
@@ -5414,7 +5429,7 @@ void RenderLayerCompositor::detachScrollCoordinatedLayer(RenderLayer& layer, Opt
     if (!backing)
         return;
 
-    auto* scrollingCoordinator = this->scrollingCoordinator();
+    RefPtr scrollingCoordinator = this->scrollingCoordinator();
     if (!scrollingCoordinator)
         return;
 
@@ -5583,7 +5598,7 @@ RoundedRect RenderLayerCompositor::parentRelativeScrollableRect(const RenderLaye
     if (!ancestorLayer) {
         if (!layer.scrollableArea())
             return RoundedRect { LayoutRect { } };
-        return RoundedRect { LayoutRect({ }, LayoutSize(layer.scrollableArea()->visibleSize())) };
+        return RoundedRect { LayoutRect({ }, LayoutSize(CheckedPtr { layer.scrollableArea() }->visibleSize())) };
     }
 
     RoundedRect scrollableRect(LayoutRect { });
@@ -5613,13 +5628,13 @@ void RenderLayerCompositor::updateScrollingNodeLayers(ScrollingNodeID nodeID, Re
         return;
 
     if (layer.isRenderViewLayer()) {
-        LocalFrameView& frameView = m_renderView.frameView();
+        Ref frameView = m_renderView.frameView();
         scrollingCoordinator.setNodeLayers(nodeID, { nullptr,
             scrollContainerLayer(), scrolledContentsLayer(),
             fixedRootBackgroundLayer(), clipLayer(), rootContentsLayer(),
-            frameView.layerForHorizontalScrollbar(), frameView.layerForVerticalScrollbar() });
+            frameView->layerForHorizontalScrollbar(), frameView->layerForVerticalScrollbar() });
     } else {
-        auto* scrollableArea = layer.scrollableArea();
+        CheckedPtr scrollableArea = layer.scrollableArea();
         ASSERT(scrollableArea);
 
         auto& backing = *layer.backing();
@@ -5637,7 +5652,7 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::updateScrollingNodeForScro
     std::optional<ScrollingNodeID> newNodeID;
 
     if (layer.isRenderViewLayer()) {
-        LocalFrameView& frameView = m_renderView.frameView();
+        Ref frameView = m_renderView.frameView();
         ASSERT_UNUSED(frameView, scrollingCoordinator->coordinatesScrollingForFrameView(frameView));
 
         newNodeID = attachScrollingNode(*m_renderView.layer(), m_renderView.frame().isMainFrame() ? ScrollingNodeType::MainFrame : ScrollingNodeType::Subframe, treeState);
@@ -5654,7 +5669,7 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::updateScrollingNodeForScro
             scrollingCoordinator->setScrollingNodeScrollableAreaGeometry(*newNodeID, frameView);
             scrollingCoordinator->setFrameScrollingNodeState(*newNodeID, frameView);
         }
-        page().chrome().client().ensureScrollbarsController(page(), frameView, true);
+        page().chrome().client().ensureScrollbarsController(protectedPage(), frameView, true);
 
     } else {
         newNodeID = attachScrollingNode(layer, ScrollingNodeType::Overflow, treeState);
@@ -5671,11 +5686,11 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::updateScrollingNodeForScro
             updateScrollingNodeLayers(*newNodeID, layer, *scrollingCoordinator);
 
         if (changes & ScrollingNodeChangeFlags::LayerGeometry && treeState.hasParent) {
-            if (auto* scrollableArea = layer.scrollableArea())
+            if (CheckedPtr scrollableArea = layer.scrollableArea())
                 scrollingCoordinator->setScrollingNodeScrollableAreaGeometry(*newNodeID, *scrollableArea);
         }
-        if (auto* scrollableArea = layer.scrollableArea())
-            page().chrome().client().ensureScrollbarsController(page(), *scrollableArea, true);
+        if (CheckedPtr scrollableArea = layer.scrollableArea())
+            page().chrome().client().ensureScrollbarsController(protectedPage(), *scrollableArea, true);
     }
 
     return newNodeID;
@@ -5714,8 +5729,8 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::updateScrollingNodeForScro
         }
         entry.overflowScrollProxyNodeID = *nodeID;
 #if ENABLE(SCROLLING_THREAD)
-        if (entry.scrollingLayer)
-            entry.scrollingLayer->setScrollingNodeID(*nodeID);
+        if (RefPtr scrollingLayer = entry.scrollingLayer)
+            scrollingLayer->setScrollingNodeID(*nodeID);
 #endif
 
         if (changes & ScrollingNodeChangeFlags::Layer)
@@ -5794,7 +5809,7 @@ std::optional<ScrollingNodeID> RenderLayerCompositor::updateScrollingNodeForPosi
         auto relatedNodeIDs = collectRelatedCoordinatedScrollingNodes(layer, positioningBehavior);
         scrollingCoordinator->setRelatedOverflowScrollingNodes(*newNodeID, WTFMove(relatedNodeIDs));
 
-        auto* graphicsLayer = layer.backing()->graphicsLayer();
+        RefPtr graphicsLayer = layer.backing()->graphicsLayer();
         AbsolutePositionConstraints constraints;
         constraints.setAlignmentOffset(graphicsLayer->pixelAlignmentOffset());
         constraints.setLayerPositionAtLastLayout(graphicsLayer->position());
@@ -5809,7 +5824,7 @@ void RenderLayerCompositor::resolveScrollingTreeRelationships()
     if (m_layersWithUnresolvedRelations.isEmptyIgnoringNullReferences())
         return;
 
-    auto* scrollingCoordinator = this->scrollingCoordinator();
+    RefPtr scrollingCoordinator = this->scrollingCoordinator();
 
     for (auto& layer : m_layersWithUnresolvedRelations) {
         LOG_WITH_STREAM(ScrollingTree, stream << "RenderLayerCompositor::resolveScrollingTreeRelationships - resolving relationship for layer " << &layer);
@@ -5842,7 +5857,7 @@ void RenderLayerCompositor::updateSynchronousScrollingNodes()
     RefPtr scrollingCoordinator = this->scrollingCoordinator();
     ASSERT(scrollingCoordinator);
 
-    auto rootScrollingNodeID = m_renderView.frameView().scrollingNodeID();
+    auto rootScrollingNodeID = m_renderView.protectedFrameView()->scrollingNodeID();
     UncheckedKeyHashSet<ScrollingNodeID> nodesToClear;
     nodesToClear.reserveInitialCapacity(m_scrollingNodeToLayerMap.size());
     for (auto key : m_scrollingNodeToLayerMap.keys())
@@ -5918,7 +5933,7 @@ ScrollableArea* RenderLayerCompositor::scrollableAreaForScrollingNodeID(std::opt
     if (!nodeID)
         return nullptr;
 
-    if (*nodeID == m_renderView.frameView().scrollingNodeID())
+    if (*nodeID == m_renderView.protectedFrameView()->scrollingNodeID())
         return &m_renderView.frameView();
 
     if (auto weakLayer = m_scrollingNodeToLayerMap.get(*nodeID))
@@ -5959,7 +5974,7 @@ void RenderLayerCompositor::didAddScrollingLayer(RenderLayer& layer)
 
 ScrollingCoordinator* RenderLayerCompositor::scrollingCoordinator() const
 {
-    return page().scrollingCoordinator();
+    return protectedPage()->scrollingCoordinator();
 }
 
 GraphicsLayerFactory* RenderLayerCompositor::graphicsLayerFactory() const
@@ -5978,6 +5993,11 @@ Page& RenderLayerCompositor::page() const
     return m_renderView.page();
 }
 
+Ref<Page> RenderLayerCompositor::protectedPage() const
+{
+    return page();
+}
+
 TextStream& operator<<(TextStream& ts, CompositingUpdateType updateType)
 {
     switch (updateType) {
diff --git a/Source/WebCore/rendering/RenderLayerCompositor.h b/Source/WebCore/rendering/RenderLayerCompositor.h
index d9226baa1a80a..a6269d09cbdac 100644
--- a/Source/WebCore/rendering/RenderLayerCompositor.h
+++ b/Source/WebCore/rendering/RenderLayerCompositor.h
@@ -519,7 +519,8 @@ class RenderLayerCompositor final : public GraphicsLayerClient, public CanMakeCh
     FloatRect visibleRectForLayerFlushing() const;
     
     Page& page() const;
-    
+    Ref<Page> protectedPage() const;
+
     GraphicsLayerFactory* graphicsLayerFactory() const;
     ScrollingCoordinator* scrollingCoordinator() const;
 
diff --git a/Source/WebCore/rendering/RenderWidget.h b/Source/WebCore/rendering/RenderWidget.h
index 920d1c723b88e..d87eff80fbc4b 100644
--- a/Source/WebCore/rendering/RenderWidget.h
+++ b/Source/WebCore/rendering/RenderWidget.h
@@ -69,6 +69,7 @@ class RenderWidget : public RenderReplaced, private OverlapTestRequestClient, pu
     virtual ~RenderWidget();
 
     HTMLFrameOwnerElement& frameOwnerElement() const { return downcast<HTMLFrameOwnerElement>(nodeForNonAnonymous()); }
+    Ref<HTMLFrameOwnerElement> protectedFrameOwnerElement() const { return frameOwnerElement(); }
 
     Widget* widget() const { return m_widget.get(); }
     RefPtr<Widget> protectedWidget() const { return m_widget; }

From 1065b79ccc3cd0c7e7cd3526c20cbe84464bd4be Mon Sep 17 00:00:00 2001
From: Rob Buis <rbuis@igalia.com>
Date: Sat, 22 Feb 2025 06:22:40 -0800
Subject: [PATCH 049/174] Use smart pointers in RemoteGraphicsContextGL
 https://bugs.webkit.org/show_bug.cgi?id=287794

Reviewed by Ryosuke Niwa.

Use smart pointers in RemoteGraphicsContextGL to address the
remaining [webkit.UncountedLambdaCapturesChecker] warning.

* Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp:
(WebKit::RemoteGraphicsContextGL::paintNativeImageToImageBuffer):
* Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations:

Canonical link: https://commits.webkit.org/290870@main
---
 Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp | 4 ++--
 .../UncountedLambdaCapturesCheckerExpectations                | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp b/Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp
index ab6517058b177..2318423b1e06b 100644
--- a/Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp
+++ b/Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp
@@ -229,11 +229,11 @@ void RemoteGraphicsContextGL::paintNativeImageToImageBuffer(NativeImage& image,
     bool isFinished = false;
 
     Ref renderingBackend = m_renderingBackend;
-    renderingBackend->dispatch([renderingBackend, &image, imageBufferIdentifier, &lock, &conditionVariable, &isFinished]() mutable {
+    renderingBackend->dispatch([renderingBackend, image = RefPtr { &image }, imageBufferIdentifier, &lock, &conditionVariable, &isFinished]() mutable {
         if (auto imageBuffer = renderingBackend->imageBuffer(imageBufferIdentifier)) {
             // Here we do not try to play back pending commands for imageBuffer. Currently this call is only made for empty
             // image buffers and there's no good way to add display lists.
-            GraphicsContextGL::paintToCanvas(image, imageBuffer->backendSize(), imageBuffer->context());
+            GraphicsContextGL::paintToCanvas(*image, imageBuffer->backendSize(), imageBuffer->context());
 
 
             // We know that the image might be updated afterwards, so flush the drawing so that read back does not occur.
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index c084aa525c19d..5fa3ff00e7916 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -1,4 +1,3 @@
-GPUProcess/graphics/RemoteGraphicsContextGL.cpp
 NetworkProcess/cache/NetworkCacheStorage.cpp
 Platform/IPC/HandleMessage.h
 Platform/cocoa/WebPrivacyHelpers.mm

From e25e1c371d81d00aa1c7905372e05b4936378b7d Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sat, 22 Feb 2025 07:56:00 -0800
Subject: [PATCH 050/174] [GLib] Ensure WebKitCookieManager APIs keep cookie
 cache up to date https://bugs.webkit.org/show_bug.cgi?id=288142

Reviewed by Carlos Garcia Campos.

Every time the cookie manager replaces the cookie list or cookie jar we
now inform the webprocess cache that everything was removed.

* Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp:
(WebCore::NetworkStorageSession::setCookieStorage):
(WebCore::NetworkStorageSession::deleteAllCookies):
* Tools/TestWebKitAPI/Tests/WebKitGLib/TestCookieManager.cpp:
(testCookieSyncWithWebView):
(beforeAll):

Canonical link: https://commits.webkit.org/290871@main
---
 .../soup/NetworkStorageSessionSoup.cpp        | 11 ++++
 .../Tests/WebKitGLib/TestCookieManager.cpp    | 51 +++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp b/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
index a24b74b3776bc..c191cdc193019 100644
--- a/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
+++ b/Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
@@ -136,6 +136,11 @@ void NetworkStorageSession::setCookieStorage(GRefPtr<SoupCookieJar>&& jar)
     soup_cookie_jar_set_accept_policy(jar.get(), soup_cookie_jar_get_accept_policy(m_cookieStorage.get()));
     m_cookieStorage = WTFMove(jar);
     g_signal_connect_swapped(m_cookieStorage.get(), "changed", G_CALLBACK(cookiesDidChange), this);
+
+    for (auto& [host, observers] : m_cookieChangeObservers) {
+        for (auto& observer : observers)
+            observer.allCookiesDeleted();
+    }
 }
 
 void NetworkStorageSession::setCookieObserverHandler(Function<void ()>&& handler)
@@ -561,6 +566,12 @@ void NetworkStorageSession::deleteAllCookies(CompletionHandler<void()>&& complet
         auto* cookie = static_cast<SoupCookie*>(item->data);
         soup_cookie_jar_delete_cookie(cookieJar, cookie);
     }
+
+    for (auto& [host, observers] : m_cookieChangeObservers) {
+        for (auto& observer : observers)
+            observer.allCookiesDeleted();
+    }
+
     completionHandler();
 }
 
diff --git a/Tools/TestWebKitAPI/Tests/WebKitGLib/TestCookieManager.cpp b/Tools/TestWebKitAPI/Tests/WebKitGLib/TestCookieManager.cpp
index f06a1e40b1a15..baba389c19c94 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitGLib/TestCookieManager.cpp
+++ b/Tools/TestWebKitAPI/Tests/WebKitGLib/TestCookieManager.cpp
@@ -859,6 +859,56 @@ static void testCookieManagerLongExpires(CookieManagerTest* test, gconstpointer)
     g_assert_cmpint(g_strv_length(test->getDomains()), ==, 0);
 }
 
+static void testCookieSyncWithWebView(CookiePersistentStorageTest* test, gconstpointer)
+{
+    g_unlink(test->m_cookiesTextFile.get());
+    g_unlink(test->m_cookiesSQLiteFile.get());
+    test->m_cookiesTextFile.reset(g_build_filename(Test::dataDirectory(), "cookies.txt", nullptr));
+
+    // When COOKIE_CHANGE_LISTENER_API is defined the WebCookieCache is enabled which requires
+    // on every change NetworkStorageSessionSoup sends messages to the WebProcess to keep it updated.
+    // So here we are testing webkit_cookie_manager_replace_cookies() and webkit_cookie_manager_set_persistent_storage() removes everything from the cache.
+    // Some waits have been added just to be more reliable as there is a lot of IPC (UI -> Network -> WebProcess).
+
+    test->initializeWebView();
+    test->setPersistentStorage(WEBKIT_COOKIE_PERSISTENT_STORAGE_SQLITE);
+
+    GUniquePtr<SoupCookie> cookie(soup_cookie_new(kCookieName, kCookieValue, kFirstPartyDomain, kCookiePath, SOUP_COOKIE_MAX_AGE_ONE_DAY));
+    test->addCookie(cookie.get());
+
+    test->loadURI(kServer->getURIForPath("/index.html").data());
+    test->waitUntilLoadFinished();
+
+    auto* value = test->runJavaScriptAndWaitUntilFinished("document.cookie", nullptr);
+    GUniquePtr<char> cookieString(jsc_value_to_string(value));
+    g_assert_cmpstr(cookieString.get(), ==, "foo=bar");
+
+    GUniquePtr<SoupCookie> newCookie(soup_cookie_new(kCookieName, kCookieValueNew, kFirstPartyDomain, kCookiePath, SOUP_COOKIE_MAX_AGE_ONE_DAY));
+    GUniquePtr<SoupCookie> thirdPartyCookie(soup_cookie_new(kCookiePathNew, kCookieName, kThirdPartyDomain, kCookiePath, SOUP_COOKIE_MAX_AGE_ONE_DAY));
+    GUniquePtr<GList> cookies(g_list_append(g_list_append(nullptr, newCookie.get()), thirdPartyCookie.get()));
+
+    bool callbackDone = false;
+    webkit_cookie_manager_replace_cookies(test->m_cookieManager, cookies.get(), nullptr, (GAsyncReadyCallback)+[](WebKitCookieManager* manager, GAsyncResult* result, bool* done) {
+        g_assert_true(webkit_cookie_manager_replace_cookies_finish(manager, result, nullptr));
+        *done = true;
+    }, &callbackDone);
+    while (!callbackDone)
+        g_main_context_iteration(g_main_loop_get_context(test->m_mainLoop), TRUE);
+
+    test->wait(1.0);
+    value = test->runJavaScriptAndWaitUntilFinished("document.cookie", nullptr);
+    cookieString.reset(jsc_value_to_string(value));
+    g_assert_cmpstr(cookieString.get(), ==, "foo=new-value");
+
+    g_assert_true(g_file_set_contents(test->m_cookiesTextFile.get(), "127.0.0.1\tFALSE\t/\tFALSE\t-1\tbaz\tvalue\n", -1, nullptr));
+    test->setPersistentStorage(WEBKIT_COOKIE_PERSISTENT_STORAGE_TEXT);
+
+    test->wait(1.0);
+    value = test->runJavaScriptAndWaitUntilFinished("document.cookie", nullptr);
+    cookieString.reset(jsc_value_to_string(value));
+    g_assert_cmpstr(cookieString.get(), ==, "baz=value");
+}
+
 #if USE(SOUP2)
 static void serverCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer)
 #else
@@ -903,6 +953,7 @@ void beforeAll()
     CookieManagerTest::add("WebKitCookieManager", "persistent-storage-delete-all", testCookieManagerPersistentStorageDeleteAll);
     CookieManagerTest::add("WebKitCookieManager", "ephemeral", testCookieManagerEphemeral);
     CookieManagerTest::add("WebKitCookieManager", "long-expires", testCookieManagerLongExpires);
+    CookiePersistentStorageTest::add("WebKitCookieManager", "sync-with-webview", testCookieSyncWithWebView);
 }
 
 void afterAll()

From bc4cb9e7454ee85a794a7fa32df1c88df850e711 Mon Sep 17 00:00:00 2001
From: Alex Christensen <achristensen@apple.com>
Date: Sat, 22 Feb 2025 08:01:31 -0800
Subject: [PATCH 051/174] Update fullscreen state in other processes when
 entering and exiting fullscreen with site isolation
 https://bugs.webkit.org/show_bug.cgi?id=288280

Reviewed by Tim Nguyen.

When entering fullscreen, we need to send IPC to other processes along the frame's ancestor chain
and tell them to enter fullscreen to make the HTMLFrameOwnerElement take the entirety of the screen.
Similarly when exiting fullscreen, we need to tell the processes to undo that state change.

* LayoutTests/http/tests/site-isolation/fullscreen-expected.txt:
* LayoutTests/http/tests/site-isolation/fullscreen.html:
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::elementEnterFullscreen):
* Source/WebCore/dom/FullscreenManager.h:
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp:
(WebKit::WebFullScreenManagerProxy::enterFullScreen):
(WebKit::WebFullScreenManagerProxy::enterFullScreenForOwnerElementsInOtherProcesses):
(WebKit::WebFullScreenManagerProxy::beganExitFullScreen):
(WebKit::WebFullScreenManagerProxy::exitFullScreenInOtherProcesses):
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.h:
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.messages.in:
* Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp:
(WebKit::WebFullScreenManager::enterFullScreenForElement):
(WebKit::WebFullScreenManager::willExitFullScreen):
(WebKit::WebFullScreenManager::enterFullScreenForOwnerElements):
(WebKit::WebFullScreenManager::exitFullScreenInMainFrame):
* Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.h:
* Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.messages.in:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::webFrame):
* Source/WebKit/WebProcess/WebPage/WebFrame.h:

Canonical link: https://commits.webkit.org/290872@main
---
 .../site-isolation/fullscreen-expected.txt    |  8 +--
 .../http/tests/site-isolation/fullscreen.html |  1 -
 Source/WebCore/dom/FullscreenManager.cpp      | 40 ++++++-----
 Source/WebCore/dom/FullscreenManager.h        |  6 +-
 .../UIProcess/WebFullScreenManagerProxy.cpp   | 71 ++++++++++++++++---
 .../UIProcess/WebFullScreenManagerProxy.h     |  7 +-
 .../WebFullScreenManagerProxy.messages.in     |  4 +-
 .../FullScreen/WebFullScreenManager.cpp       | 42 +++++++++--
 .../FullScreen/WebFullScreenManager.h         |  3 +
 .../WebFullScreenManager.messages.in          |  2 +
 Source/WebKit/WebProcess/WebPage/WebFrame.cpp |  5 ++
 Source/WebKit/WebProcess/WebPage/WebFrame.h   |  1 +
 12 files changed, 144 insertions(+), 46 deletions(-)

diff --git a/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt b/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
index 70cf5b7cf5b6b..4a1154fdd715f 100644
--- a/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
+++ b/LayoutTests/http/tests/site-isolation/fullscreen-expected.txt
@@ -2,14 +2,12 @@ supportsFullScreen() == true
 enterFullScreenForElement()
 beganEnterFullScreen() - initialRect.size: {300, 150}, finalRect.size: {300, 150}
 exitFullScreenForElement()
-beganExitFullScreen() - initialRect.size: {300, 150}, finalRect.size: {300, 150}
+beganExitFullScreen() - initialRect.size: {800, 600}, finalRect.size: {300, 150}
 
 FIXME: Size after entering should be 600x800 like it is with site isolation off.
 The size currently comes from screenRectOfContents.
-Also, the iframe's border 'inset' style should be 'none' after entering fullscreen.
-
-Size after entering fullscreen: 150x300
-iframe border style after transition: 0px inset rgb(0, 0, 0)
+Size after entering fullscreen: 600x800
+iframe border style after transition: 0px none rgb(0, 0, 0)
 
 Size after exiting fullscreen: 150x300
 iframe border style after transition: 0px inset rgb(0, 0, 0)
diff --git a/LayoutTests/http/tests/site-isolation/fullscreen.html b/LayoutTests/http/tests/site-isolation/fullscreen.html
index 4e2a9d6beba75..520cb9d0ce0aa 100644
--- a/LayoutTests/http/tests/site-isolation/fullscreen.html
+++ b/LayoutTests/http/tests/site-isolation/fullscreen.html
@@ -15,5 +15,4 @@
 <div id=mylog>
 FIXME: Size after entering should be 600x800 like it is with site isolation off.<br>
 The size currently comes from screenRectOfContents.<br>
-Also, the iframe's border 'inset' style should be 'none' after entering fullscreen.<br><br>
 </div>
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index 4ccda8697f164..4f6939558582e 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -492,31 +492,35 @@ ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLM
             ancestors.append(ownerElement.releaseNonNull());
     }
 
-    for (auto ancestor : makeReversedRange(ancestors)) {
-        auto hideUntil = ancestor->topmostPopoverAncestor(Element::TopLayerElementType::Other);
-        ancestor->document().hideAllPopoversUntil(hideUntil, FocusPreviousElement::No, FireEvents::No);
+    for (auto ancestor : makeReversedRange(ancestors))
+        elementEnterFullscreen(ancestor);
 
-        auto containingBlockBeforeStyleResolution = SingleThreadWeakPtr<RenderBlock> { };
-        if (auto* renderer = ancestor->renderer())
-            containingBlockBeforeStyleResolution = renderer->containingBlock();
+    if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(element))
+        iframe->setIFrameFullscreenFlag(true);
+
+    return { };
+}
 
-        ancestor->setFullscreenFlag(true);
-        ancestor->document().resolveStyle(Document::ResolveStyleType::Rebuild);
+void FullscreenManager::elementEnterFullscreen(Element& element)
+{
+    auto hideUntil = element.topmostPopoverAncestor(Element::TopLayerElementType::Other);
+    element.document().hideAllPopoversUntil(hideUntil, FocusPreviousElement::No, FireEvents::No);
 
-        // Remove before adding, so we always add at the end of the top layer.
-        if (ancestor->isInTopLayer())
-            ancestor->removeFromTopLayer();
-        ancestor->addToTopLayer();
+    auto containingBlockBeforeStyleResolution = SingleThreadWeakPtr<RenderBlock> { };
+    if (CheckedPtr renderer = element.renderer())
+        containingBlockBeforeStyleResolution = renderer->containingBlock();
 
-        queueFullscreenChangeEventForDocument(ancestor->document());
+    element.setFullscreenFlag(true);
+    element.document().resolveStyle(Document::ResolveStyleType::Rebuild);
 
-        RenderElement::markRendererDirtyAfterTopLayerChange(ancestor->checkedRenderer().get(), containingBlockBeforeStyleResolution.get());
-    }
+    // Remove before adding, so we always add at the end of the top layer.
+    if (element.isInTopLayer())
+        element.removeFromTopLayer();
+    element.addToTopLayer();
 
-    if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(element))
-        iframe->setIFrameFullscreenFlag(true);
+    queueFullscreenChangeEventForDocument(element.document());
 
-    return { };
+    RenderElement::markRendererDirtyAfterTopLayerChange(element.checkedRenderer().get(), containingBlockBeforeStyleResolution.get());
 }
 
 bool FullscreenManager::didEnterFullscreen()
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index 9e76fa0eebe0f..174a5b1316f2d 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -78,10 +78,12 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     WEBCORE_EXPORT bool willExitFullscreen();
     WEBCORE_EXPORT void didExitFullscreen(CompletionHandler<void(ExceptionOr<void>)>&&);
 
+    WEBCORE_EXPORT static void elementEnterFullscreen(Element&);
+
     void dispatchPendingEvents();
 
     enum class ExitMode : bool { Resize, NoResize };
-    void finishExitFullscreen(Frame&, ExitMode);
+    WEBCORE_EXPORT static void finishExitFullscreen(Frame&, ExitMode);
 
     void exitRemovedFullscreenElement(Element&);
 
@@ -96,7 +98,6 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     enum class EventType : bool { Change, Error };
     void dispatchFullscreenChangeOrErrorEvent(Deque<GCReachableRef<Node>>&, EventType, bool shouldNotifyMediaElement);
     void dispatchEventForNode(Node&, EventType);
-    void queueFullscreenChangeEventForDocument(Document&);
 
 private:
 #if !RELEASE_LOG_DISABLED
@@ -110,6 +111,7 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     RefPtr<Document> protectedMainFrameDocument() { return mainFrameDocument(); }
 
     bool didEnterFullscreen();
+    static void queueFullscreenChangeEventForDocument(Document&);
     void addElementToChangeEventQueue(Node& target) { m_fullscreenChangeEventTargetQueue.append(GCReachableRef(target)); }
 
     WeakRef<Document, WeakPtrImplWithEventTargetData> m_document;
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
index ab744e5a4672f..4fcac5b93338d 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
@@ -189,7 +189,7 @@ bool WebFullScreenManagerProxy::blocksReturnToFullscreenFromPictureInPicture() c
     return m_blocksReturnToFullscreenFromPictureInPicture;
 }
 
-void WebFullScreenManagerProxy::enterFullScreen(IPC::Connection& connection, bool blocksReturnToFullscreenFromPictureInPicture, FullScreenMediaDetails&& mediaDetails, CompletionHandler<void(bool)>&& completionHandler)
+void WebFullScreenManagerProxy::enterFullScreen(IPC::Connection& connection, FrameIdentifier frameID, bool blocksReturnToFullscreenFromPictureInPicture, FullScreenMediaDetails&& mediaDetails, CompletionHandler<void(bool)>&& completionHandler)
 {
     m_fullScreenProcess = dynamicDowncast<WebProcessProxy>(AuxiliaryProcessProxy::fromConnection(connection));
     m_blocksReturnToFullscreenFromPictureInPicture = blocksReturnToFullscreenFromPictureInPicture;
@@ -211,17 +211,44 @@ void WebFullScreenManagerProxy::enterFullScreen(IPC::Connection& connection, boo
     if (!client)
         return completionHandler(false);
 
-    client->enterFullScreen(mediaDetails.mediaDimensions, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), logIdentifier = LOGIDENTIFIER] (bool success) mutable {
+    client->enterFullScreen(mediaDetails.mediaDimensions, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), frameID, logIdentifier = LOGIDENTIFIER] (bool success) mutable {
         ALWAYS_LOG(logIdentifier);
-        if (success) {
-            m_fullscreenState = FullscreenState::EnteringFullscreen;
-            if (RefPtr page = m_page.get())
-                page->fullscreenClient().willEnterFullscreen(page.get());
-        }
-        completionHandler(success);
+        if (!success)
+            return completionHandler(false);
+        m_fullscreenState = FullscreenState::EnteringFullscreen;
+        if (RefPtr page = m_page.get())
+            page->fullscreenClient().willEnterFullscreen(page.get());
+        enterFullScreenForOwnerElementsInOtherProcesses(frameID, [completionHandler = WTFMove(completionHandler)] mutable {
+            completionHandler(true);
+        });
     });
 }
 
+void WebFullScreenManagerProxy::enterFullScreenForOwnerElementsInOtherProcesses(FrameIdentifier frameID, CompletionHandler<void()>&& completionHandler)
+{
+    Ref aggregator = CallbackAggregator::create(WTFMove(completionHandler));
+
+    RefPtr webFrame = WebFrameProxy::webFrame(frameID);
+    if (!webFrame)
+        return;
+    RefPtr page = m_page.get();
+    if (!page)
+        return;
+
+    // Traverse from the frame's parent to the main frame and tell each unique process the lowest frame to start fullscreening.
+    HashSet<ProcessIdentifier> processes { webFrame->process().coreProcessIdentifier() };
+    for (RefPtr currentFrame = webFrame; currentFrame; currentFrame = currentFrame->parentFrame()) {
+        RefPtr ancestor = currentFrame->parentFrame();
+        if (!ancestor)
+            break;
+        auto addResult = processes.add(ancestor->process().coreProcessIdentifier());
+        if (addResult.isNewEntry) {
+            Ref process = ancestor->process();
+            process->sendWithAsyncReply(Messages::WebFullScreenManager::EnterFullScreenForOwnerElements(currentFrame->frameID()), [aggregator] { }, page->webPageIDInProcess(process));
+        }
+    }
+}
+
 #if ENABLE(QUICKLOOK_FULLSCREEN)
 void WebFullScreenManagerProxy::updateImageSource(FullScreenMediaDetails&& mediaDetails)
 {
@@ -293,19 +320,19 @@ void WebFullScreenManagerProxy::beganEnterFullScreen(const IntRect& initialFrame
     });
 }
 
-void WebFullScreenManagerProxy::beganExitFullScreen(const IntRect& initialFrame, const IntRect& finalFrame, CompletionHandler<void()>&& completionHandler)
+void WebFullScreenManagerProxy::beganExitFullScreen(FrameIdentifier frameID, const IntRect& initialFrame, const IntRect& finalFrame, CompletionHandler<void()>&& completionHandler)
 {
     CheckedPtr client = m_client;
     if (!client)
         return completionHandler();
-    client->beganExitFullScreen(initialFrame, finalFrame, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), logIdentifier = LOGIDENTIFIER] mutable {
+    client->beganExitFullScreen(initialFrame, finalFrame, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), frameID, logIdentifier = LOGIDENTIFIER] mutable {
         m_fullscreenState = FullscreenState::NotInFullscreen;
         RefPtr page = m_page.get();
         if (!page)
             return completionHandler();
         ALWAYS_LOG(logIdentifier);
         page->fullscreenClient().didExitFullscreen(page.get());
-        completionHandler();
+        exitFullScreenInOtherProcesses(frameID, WTFMove(completionHandler));
 
         if (page->isControlledByAutomation()) {
             if (RefPtr automationSession = page->configuration().processPool().automationSession())
@@ -315,6 +342,28 @@ void WebFullScreenManagerProxy::beganExitFullScreen(const IntRect& initialFrame,
     });
 }
 
+void WebFullScreenManagerProxy::exitFullScreenInOtherProcesses(FrameIdentifier frameID, CompletionHandler<void()>&& completionHandler)
+{
+    Ref aggregator = CallbackAggregator::create(WTFMove(completionHandler));
+
+    RefPtr webFrame = WebFrameProxy::webFrame(frameID);
+    if (!webFrame)
+        return;
+    RefPtr page = m_page.get();
+    if (!page)
+        return;
+
+    // Traverse from the frame's parent to the main frame and tell each unique process start unfullscreening.
+    HashSet<ProcessIdentifier> processes { webFrame->process().coreProcessIdentifier() };
+    for (RefPtr ancestor = webFrame->parentFrame(); ancestor; ancestor = ancestor->parentFrame()) {
+        auto addResult = processes.add(ancestor->process().coreProcessIdentifier());
+        if (addResult.isNewEntry) {
+            Ref process = ancestor->process();
+            process->sendWithAsyncReply(Messages::WebFullScreenManager::ExitFullScreenInMainFrame(), [aggregator] { }, page->webPageIDInProcess(process));
+        }
+    }
+}
+
 bool WebFullScreenManagerProxy::lockFullscreenOrientation(WebCore::ScreenOrientationType orientation)
 {
     if (CheckedPtr client = m_client)
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
index fa87e06845728..7c7cc9d4fe69d 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.h
@@ -101,6 +101,9 @@ class WebFullScreenManagerProxy : public IPC::MessageReceiver, public CanMakeChe
     void detachFromClient();
     void attachToNewClient(WebFullScreenManagerProxyClient&);
 
+    void enterFullScreenForOwnerElementsInOtherProcesses(WebCore::FrameIdentifier, CompletionHandler<void()>&&);
+    void exitFullScreenInOtherProcesses(WebCore::FrameIdentifier, CompletionHandler<void()>&&);
+
     enum class FullscreenState : uint8_t {
         NotInFullscreen,
         EnteringFullscreen,
@@ -122,14 +125,14 @@ class WebFullScreenManagerProxy : public IPC::MessageReceiver, public CanMakeChe
 private:
     WebFullScreenManagerProxy(WebPageProxy&, WebFullScreenManagerProxyClient&);
 
-    void enterFullScreen(IPC::Connection&, bool blocksReturnToFullscreenFromPictureInPicture, FullScreenMediaDetails&&, CompletionHandler<void(bool)>&&);
+    void enterFullScreen(IPC::Connection&, WebCore::FrameIdentifier, bool blocksReturnToFullscreenFromPictureInPicture, FullScreenMediaDetails&&, CompletionHandler<void(bool)>&&);
     void didEnterFullScreen(CompletionHandler<void(bool)>&&);
 #if ENABLE(QUICKLOOK_FULLSCREEN)
     void updateImageSource(FullScreenMediaDetails&&);
 #endif
     void exitFullScreen(CompletionHandler<void()>&&);
     void beganEnterFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void(bool)>&&);
-    void beganExitFullScreen(const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&);
+    void beganExitFullScreen(WebCore::FrameIdentifier, const WebCore::IntRect& initialFrame, const WebCore::IntRect& finalFrame, CompletionHandler<void()>&&);
     void callCloseCompletionHandlers();
     template<typename M> void sendToWebProcess(M&&);
 
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.messages.in b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.messages.in
index 535b6c1c579e3..1867061a035dd 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.messages.in
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.messages.in
@@ -28,13 +28,13 @@
     EnabledBy=FullScreenEnabled || VideoFullscreenRequiresElementFullscreen
 ]
 messages -> WebFullScreenManagerProxy {
-    EnterFullScreen(bool blocksReturnToFullscreenFromPictureInPicture, struct WebKit::FullScreenMediaDetails mediaDetails) -> (bool success)
+    EnterFullScreen(WebCore::FrameIdentifier frameID, bool blocksReturnToFullscreenFromPictureInPicture, struct WebKit::FullScreenMediaDetails mediaDetails) -> (bool success)
 #if ENABLE(QUICKLOOK_FULLSCREEN)
     UpdateImageSource(struct WebKit::FullScreenMediaDetails mediaDetails)
 #endif
     ExitFullScreen() -> ()
     BeganEnterFullScreen(WebCore::IntRect initialRect, WebCore::IntRect finalRect) -> (bool success)
-    BeganExitFullScreen(WebCore::IntRect initialRect, WebCore::IntRect finalRect) -> ()
+    BeganExitFullScreen(WebCore::FrameIdentifier frameID, WebCore::IntRect initialRect, WebCore::IntRect finalRect) -> ()
     Close()
 }
 #endif
diff --git a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
index 754446ee564c4..85f7adf6b8e4b 100644
--- a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
+++ b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
@@ -251,12 +251,14 @@ FullScreenMediaDetails WebFullScreenManager::getImageMediaDetails(CheckedPtr<Ren
 }
 #endif // ENABLE(QUICKLOOK_FULLSCREEN)
 
-void WebFullScreenManager::enterFullScreenForElement(WebCore::Element& element, WebCore::HTMLMediaElementEnums::VideoFullscreenMode mode, CompletionHandler<void(ExceptionOr<void>)>&& willEnterFullScreenCallback, CompletionHandler<bool(bool)>&& didEnterFullScreenCallback)
+void WebFullScreenManager::enterFullScreenForElement(Element& element, HTMLMediaElementEnums::VideoFullscreenMode mode, CompletionHandler<void(ExceptionOr<void>)>&& willEnterFullScreenCallback, CompletionHandler<bool(bool)>&& didEnterFullScreenCallback)
 {
     ALWAYS_LOG(LOGIDENTIFIER, "<", element.tagName(), " id=\"", element.getIdAttribute(), "\">");
 
     setElement(element);
 
+    auto frameID = element.document().frame()->frameID();
+
     FullScreenMediaDetails mediaDetails;
 #if PLATFORM(IOS_FAMILY) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE))
     if (m_page->videoPresentationManager().videoElementInPictureInPicture() && m_element->document().quirks().blocksEnteringStandardFullscreenFromPictureInPictureQuirk()) {
@@ -303,11 +305,11 @@ void WebFullScreenManager::enterFullScreenForElement(WebCore::Element& element,
 
     m_page->prepareToEnterElementFullScreen();
 
-    if (mode == WebCore::HTMLMediaElementEnums::VideoFullscreenModeInWindow) {
+    if (mode == HTMLMediaElementEnums::VideoFullscreenModeInWindow) {
         willEnterFullScreen(WTFMove(willEnterFullScreenCallback), WTFMove(didEnterFullScreenCallback), mode);
         m_inWindowFullScreenMode = true;
     } else {
-        m_page->sendWithAsyncReply(Messages::WebFullScreenManagerProxy::EnterFullScreen(m_element->document().quirks().blocksReturnToFullscreenFromPictureInPictureQuirk(), WTFMove(mediaDetails)), [
+        m_page->sendWithAsyncReply(Messages::WebFullScreenManagerProxy::EnterFullScreen(frameID, m_element->document().quirks().blocksReturnToFullscreenFromPictureInPictureQuirk(), WTFMove(mediaDetails)), [
             this,
             protectedThis = Ref { *this },
             willEnterFullScreenCallback = WTFMove(willEnterFullScreenCallback),
@@ -468,7 +470,7 @@ void WebFullScreenManager::updateMainVideoElement()
 
 void WebFullScreenManager::willExitFullScreen(CompletionHandler<void()>&& completionHandler)
 {
-    if (!m_element)
+    if (!m_element || !m_element->document().frame())
         return completionHandler();
     ALWAYS_LOG(LOGIDENTIFIER, "<", m_element->tagName(), " id=\"", m_element->getIdAttribute(), "\">");
 
@@ -486,7 +488,7 @@ void WebFullScreenManager::willExitFullScreen(CompletionHandler<void()>&& comple
 #endif
     // FIXME: The order of these frames is switched, but that is kept for historical reasons.
     // It should probably be fixed to be consistent at some point.
-    m_page->sendWithAsyncReply(Messages::WebFullScreenManagerProxy::BeganExitFullScreen(m_finalFrame, m_initialFrame), [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] mutable {
+    m_page->sendWithAsyncReply(Messages::WebFullScreenManagerProxy::BeganExitFullScreen(m_element->document().frame()->frameID(), m_finalFrame, m_initialFrame), [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] mutable {
         didExitFullScreen(WTFMove(completionHandler));
     });
 }
@@ -719,6 +721,36 @@ WTFLogChannel& WebFullScreenManager::logChannel() const
 }
 #endif
 
+void WebFullScreenManager::enterFullScreenForOwnerElements(WebCore::FrameIdentifier frameID, CompletionHandler<void()>&& completionHandler)
+{
+    RefPtr webFrame = WebFrame::webFrame(frameID);
+    if (!webFrame)
+        return completionHandler();
+    RefPtr coreFrame = webFrame->coreFrame();
+    if (!coreFrame)
+        return completionHandler();
+
+    Vector<Ref<Element>> elements;
+    for (RefPtr frame = coreFrame; frame; frame = frame->tree().parent()) {
+        if (RefPtr element = frame->ownerElement())
+            elements.append(element.releaseNonNull());
+    }
+    for (auto element : makeReversedRange(elements))
+        FullscreenManager::elementEnterFullscreen(element);
+
+    completionHandler();
+}
+
+void WebFullScreenManager::exitFullScreenInMainFrame(CompletionHandler<void()>&& completionHandler)
+{
+    RefPtr mainFrame = m_page->mainFrame();
+    if (!mainFrame)
+        return completionHandler();
+
+    FullscreenManager::finishExitFullscreen(*mainFrame, FullscreenManager::ExitMode::Resize);
+    completionHandler();
+}
+
 } // namespace WebKit
 
 #endif // ENABLE(FULLSCREEN_API)
diff --git a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.h b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.h
index dbe913f19b2ea..5ae597f249c2a 100644
--- a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.h
+++ b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.h
@@ -76,6 +76,9 @@ class WebFullScreenManager final : public WebCore::EventListener {
     void willExitFullScreen(CompletionHandler<void()>&&);
     void didExitFullScreen(CompletionHandler<void()>&&);
 
+    void enterFullScreenForOwnerElements(WebCore::FrameIdentifier, CompletionHandler<void()>&&);
+    void exitFullScreenInMainFrame(CompletionHandler<void()>&&);
+
     WebCore::Element* element();
 
     void videoControlsManagerDidChange();
diff --git a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.messages.in b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.messages.in
index cffc397f09b2a..0710d82725e4b 100644
--- a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.messages.in
+++ b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.messages.in
@@ -31,5 +31,7 @@ messages -> WebFullScreenManager {
     SetAnimatingFullScreen(bool animating)
     SetFullscreenInsets(WebCore::FloatBoxExtent insets)
     SetFullscreenAutoHideDuration(Seconds duration)
+    EnterFullScreenForOwnerElements(WebCore::FrameIdentifier frameID) -> ()
+    ExitFullScreenInMainFrame() -> ()
 }
 #endif
diff --git a/Source/WebKit/WebProcess/WebPage/WebFrame.cpp b/Source/WebKit/WebProcess/WebPage/WebFrame.cpp
index 3c37620303863..fb0bbb04b2403 100644
--- a/Source/WebKit/WebProcess/WebPage/WebFrame.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebFrame.cpp
@@ -1429,4 +1429,9 @@ String WebFrame::frameTextForTesting(bool includeSubframes)
     return builder.toString();
 }
 
+WebFrame* WebFrame::webFrame(std::optional<WebCore::FrameIdentifier> frameID)
+{
+    return WebProcess::singleton().webFrame(frameID);
+}
+
 } // namespace WebKit
diff --git a/Source/WebKit/WebProcess/WebPage/WebFrame.h b/Source/WebKit/WebProcess/WebPage/WebFrame.h
index a08b774619b10..ff30b38d6b5c5 100644
--- a/Source/WebKit/WebProcess/WebPage/WebFrame.h
+++ b/Source/WebKit/WebProcess/WebPage/WebFrame.h
@@ -98,6 +98,7 @@ class WebFrame : public API::ObjectImpl<API::Object::Type::BundleFrame>, public
     WebPage* page() const;
     RefPtr<WebPage> protectedPage() const;
 
+    static WebFrame* webFrame(std::optional<WebCore::FrameIdentifier>);
     static RefPtr<WebFrame> fromCoreFrame(const WebCore::Frame&);
     WebCore::LocalFrame* coreLocalFrame() const;
     RefPtr<WebCore::LocalFrame> protectedCoreLocalFrame() const;

From 61945ab1d3d8a820cb98b2f8e7623ae1d679ea9f Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Sat, 22 Feb 2025 08:07:27 -0800
Subject: [PATCH 052/174] [JSC] Add heuristics for approx bytecode cost for FTL
 compiled code https://bugs.webkit.org/show_bug.cgi?id=288164 rdar://145257367

Reviewed by Yijia Huang.

Bytecode cost is good approximation for inlining cost in DFG / FTL.
However this does not work when some bytecode is taking huge size while
its generated code is actually very small. One example is
op_resolve_scope which typically becomes zero-code-emission since we
fold it into constant scope or one ResolveScope and reuse it in the
entire code. Another example of the problem is that it may be true that
most of the bytecode is not executed actually. For example, jQuery's $
function has many code which is designed for each type of input, but
typically, only a few types of inputs are passed to this function in one
web page. So most of code becomes dead code while it is counted as
inlining cost.

In this patch, we integrate a heuristics which computes approx bytecode
cost from compiled # of FTL DFG nodes. Since FTL already knows dead code
information, it is offering much precise view of the code size when it
gets inlined. We collect information of baseline-code-size / bytecode
v.s. FTL-code-size / FTL-DFG-nodes (by using [1]) and construct a
formula (x * 1.8) to quickly create an approx bytecode cost from FTL
code. This illustrates inlining cost more accurately and useful for
inlining decision from FTL.

[1]: https://gist.github.com/Constellation/9c115b4b9d0b716ae85395bc777d4ef1

* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::bytecodeCost const):
* Source/JavaScriptCore/bytecode/CodeBlock.h:
(JSC::CodeBlock::bytecodeCost const): Deleted.
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
* Source/JavaScriptCore/ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::size):
* Source/JavaScriptCore/ftl/FTLJITCode.h:
(JSC::FTL::JITCode::setSize):
(JSC::FTL::JITCode::numberOfCompiledDFGNodes const):
(JSC::FTL::JITCode::setNumberOfCompiledDFGNodes):
* Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileBlock):
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
* Source/JavaScriptCore/runtime/OptionsList.h:

Canonical link: https://commits.webkit.org/290873@main
---
 Source/JavaScriptCore/bytecode/CodeBlock.cpp  | 11 ++++++
 Source/JavaScriptCore/bytecode/CodeBlock.h    |  2 +-
 .../JavaScriptCore/dfg/DFGByteCodeParser.cpp  | 16 +++++----
 Source/JavaScriptCore/ftl/FTLJITCode.cpp      |  2 +-
 Source/JavaScriptCore/ftl/FTLJITCode.h        |  9 +++++
 Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp | 10 +++++-
 Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp | 36 +++++++++++++------
 Source/JavaScriptCore/runtime/OptionsList.h   |  3 ++
 8 files changed, 69 insertions(+), 20 deletions(-)

diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index 8341704282a11..2672242034d79 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -3480,6 +3480,17 @@ CodePtr<JSEntryPtrTag> CodeBlock::addressForCallConcurrently(const ConcurrentJSL
     return m_jitCode->addressForCall(arityCheck);
 }
 
+unsigned CodeBlock::bytecodeCost() const
+{
+#if ENABLE(FTL_JIT)
+    if (jitType() == JITType::FTLJIT) {
+        if (auto* jitCode = static_cast<FTL::JITCode*>(m_jitCode.get()))
+            return std::min(static_cast<unsigned>(jitCode->numberOfCompiledDFGNodes() * Options::ratioFTLNodesToBytecodeCost()), m_bytecodeCost);
+    }
+#endif
+    return m_bytecodeCost;
+}
+
 bool CodeBlock::hasInstalledVMTrapsBreakpoints() const
 {
 #if ENABLE(SIGNAL_BASED_VM_TRAPS)
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index d96aa7513b826..1cba56293536e 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -306,7 +306,7 @@ class CodeBlock : public JSCell {
     size_t predictedMachineCodeSize();
 
     unsigned instructionsSize() const { return instructions().size(); }
-    unsigned bytecodeCost() const { return m_bytecodeCost; }
+    unsigned bytecodeCost() const;
 
     // Exactly equivalent to codeBlock->ownerExecutable()->newReplacementCodeBlockFor(codeBlock->specializationKind())
     CodeBlock* newReplacement();
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
index a10991851cec1..866df01f8490a 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
@@ -1684,6 +1684,10 @@ std::tuple<unsigned, InlineAttribute> ByteCodeParser::inliningCost(CallVariant c
         return { UINT_MAX, InlineAttribute::None };
     }
 
+    CodeBlock* targetCodeBlock = executable->codeBlockFor(specializationKind);
+    if (!m_graph.m_plan.isFTL())
+        targetCodeBlock = codeBlock;
+
     if (codeBlock->couldBeTainted() != m_codeBlock->couldBeTainted()) {
         VERBOSE_LOG("    Failing because taintedness of callee does not match the caller");
         return { UINT_MAX, InlineAttribute::None };
@@ -1696,14 +1700,14 @@ std::tuple<unsigned, InlineAttribute> ByteCodeParser::inliningCost(CallVariant c
         }
     }
 
-    CapabilityLevel capabilityLevel = inlineFunctionForCapabilityLevel(m_graph.m_plan.jitType(), codeBlock, specializationKind, callee.isClosureCall());
+    CapabilityLevel capabilityLevel = inlineFunctionForCapabilityLevel(m_graph.m_plan.jitType(), targetCodeBlock, specializationKind, callee.isClosureCall());
     VERBOSE_LOG("    Call mode: ", callMode, "\n");
     VERBOSE_LOG("    Is closure call: ", callee.isClosureCall(), "\n");
     VERBOSE_LOG("    Capability level: ", capabilityLevel, "\n");
-    VERBOSE_LOG("    Might inline function: ", mightInlineFunctionFor(m_graph.m_plan.jitType(), codeBlock, specializationKind), "\n");
-    VERBOSE_LOG("    Might compile function: ", mightCompileFunctionFor(codeBlock, specializationKind), "\n");
-    VERBOSE_LOG("    Is supported for inlining: ", isSupportedForInlining(codeBlock), "\n");
-    VERBOSE_LOG("    Is inlining candidate: ", codeBlock->ownerExecutable()->isInliningCandidate(), "\n");
+    VERBOSE_LOG("    Might inline function: ", mightInlineFunctionFor(m_graph.m_plan.jitType(), targetCodeBlock, specializationKind), "\n");
+    VERBOSE_LOG("    Might compile function: ", mightCompileFunctionFor(targetCodeBlock, specializationKind), "\n");
+    VERBOSE_LOG("    Is supported for inlining: ", isSupportedForInlining(targetCodeBlock), "\n");
+    VERBOSE_LOG("    Is inlining candidate: ", targetCodeBlock->ownerExecutable()->isInliningCandidate(), "\n");
     if (!canInline(capabilityLevel)) {
         VERBOSE_LOG("    Failing because the function is not inlineable.\n");
         return { UINT_MAX, InlineAttribute::None };
@@ -1753,7 +1757,7 @@ std::tuple<unsigned, InlineAttribute> ByteCodeParser::inliningCost(CallVariant c
     VERBOSE_LOG("    Inlining should be possible.\n");
     
     // It might be possible to inline.
-    return { codeBlock->bytecodeCost(), codeBlock->ownerExecutable()->inlineAttribute() };
+    return { targetCodeBlock->bytecodeCost(), codeBlock->ownerExecutable()->inlineAttribute() };
 }
 
 template<typename ChecksFunctor>
diff --git a/Source/JavaScriptCore/ftl/FTLJITCode.cpp b/Source/JavaScriptCore/ftl/FTLJITCode.cpp
index b3f3ee8f0616b..c63b3f8477199 100644
--- a/Source/JavaScriptCore/ftl/FTLJITCode.cpp
+++ b/Source/JavaScriptCore/ftl/FTLJITCode.cpp
@@ -111,7 +111,7 @@ size_t JITCode::size()
 {
     // We don't know the size of FTL code, yet. Make a wild guess. This is mostly used for
     // GC load estimates.
-    return 1000;
+    return m_size;
 }
 
 bool JITCode::contains(void*)
diff --git a/Source/JavaScriptCore/ftl/FTLJITCode.h b/Source/JavaScriptCore/ftl/FTLJITCode.h
index f2ac5b570295b..1ff361f8a81e2 100644
--- a/Source/JavaScriptCore/ftl/FTLJITCode.h
+++ b/Source/JavaScriptCore/ftl/FTLJITCode.h
@@ -49,6 +49,7 @@ class JITCode : public JSC::JITCode {
     void* dataAddressAtOffset(size_t offset) override;
     unsigned offsetOf(void* pointerIntoCode) override;
     size_t size() override;
+    void setSize(size_t size) { m_size = size; }
     bool contains(void*) override;
 
     void initializeB3Code(CodeRef<JSEntryPtrTag>);
@@ -75,6 +76,12 @@ class JITCode : public JSC::JITCode {
     PCToCodeOriginMap* pcToCodeOriginMap() override { return common.m_pcToCodeOriginMap.get(); }
 
     const RegisterAtOffsetList* calleeSaveRegisters() const { return &m_calleeSaveRegisters; }
+
+    unsigned numberOfCompiledDFGNodes() const { return m_numberOfCompiledDFGNodes; }
+    void setNumberOfCompiledDFGNodes(unsigned numberOfCompiledDFGNodes)
+    {
+        m_numberOfCompiledDFGNodes = numberOfCompiledDFGNodes;
+    }
     
     DFG::CommonData common;
     Vector<OSRExit> m_osrExit;
@@ -86,6 +93,8 @@ class JITCode : public JSC::JITCode {
     CodeRef<JSEntryPtrTag> m_b3Code;
     std::unique_ptr<OpaqueByproducts> m_b3Byproducts;
     CodePtr<JSEntryPtrTag> m_addressForArityCheck;
+    size_t m_size { 1000 };
+    unsigned m_numberOfCompiledDFGNodes { 0 };
 };
 
 } } // namespace JSC::FTL
diff --git a/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp b/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp
index c275f83aeacc0..d9e69a34e9253 100644
--- a/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp
+++ b/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp
@@ -59,9 +59,17 @@ bool JITFinalizer::finalize()
     m_plan.runMainThreadFinalizationTasks();
 
     CodeBlock* codeBlock = m_plan.codeBlock();
-
+    m_jitCode->setSize(m_codeSize);
     codeBlock->setJITCode(*m_jitCode);
 
+    if (UNLIKELY(Options::dumpFTLCodeSize())) {
+        auto* baselineCodeBlock = codeBlock->baselineAlternative();
+        size_t baselineCodeSize = 0;
+        if (auto jitCode = baselineCodeBlock->jitCode())
+            baselineCodeSize = jitCode->size();
+        dataLogLn("FTL: codeSize:(", m_jitCode->size(), "),nodes:(", m_jitCode->numberOfCompiledDFGNodes(), "),baselineCodeSize:(", baselineCodeSize, "),bytecodeCost:(", baselineCodeBlock->bytecodeCost(), ")");
+    }
+
     if (UNLIKELY(m_plan.compilation()))
         vm.m_perBytecodeProfiler->addCompilation(codeBlock, *m_plan.compilation());
 
diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
index ee76f242b8027..830c23c3de385 100644
--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
@@ -418,8 +418,10 @@ class LowerDFGToB3 {
             });
         m_out.unreachable();
 
+        unsigned numberOfCompiledDFGNodes = 0;
         for (DFG::BasicBlock* block : preOrder)
-            compileBlock(block);
+            numberOfCompiledDFGNodes += compileBlock(block);
+        m_ftlState.jitCode->setNumberOfCompiledDFGNodes(numberOfCompiledDFGNodes);
 
         // Make sure everything is decorated. This does a bunch of deferred decorating. This has
         // to happen last because our abstract heaps are generated lazily. They have to be
@@ -480,10 +482,15 @@ class LowerDFGToB3 {
         }
     }
 
-    void compileBlock(DFG::BasicBlock* block)
+    enum class CodeGenerationResult : uint8_t {
+        NotGenerated,
+        Generated,
+    };
+
+    unsigned compileBlock(DFG::BasicBlock* block)
     {
         if (!block)
-            return;
+            return 0;
 
         dataLogLnIf(verboseCompilationEnabled(), "Compiling block ", *block);
 
@@ -516,7 +523,7 @@ class LowerDFGToB3 {
         if (!m_highBlock->cfaHasVisited) {
             dataLogLnIf(verboseCompilationEnabled(), "Bailing because CFA didn't reach.");
             crash(m_highBlock, nullptr);
-            return;
+            return 0;
         }
 
         m_aiCheckedNodes.clear();
@@ -545,10 +552,15 @@ class LowerDFGToB3 {
                 m_out.store(m_out.int32Zero, m_out.absolute(&vm().didEnterVM));
         }
 
+        unsigned codeGeneratedNodes = 0;
         for (unsigned nodeIndex = 0; nodeIndex < m_highBlock->size(); ++nodeIndex) {
-            if (!compileNode(nodeIndex))
-                break;
+            auto [notTerminated, result] = compileNode(nodeIndex);
+            if (result == CodeGenerationResult::Generated)
+                ++codeGeneratedNodes;
+            if (!notTerminated)
+                return codeGeneratedNodes;
         }
+        return codeGeneratedNodes;
     }
 
     void safelyInvalidateAfterTermination()
@@ -709,11 +721,11 @@ class LowerDFGToB3 {
         }
     }
 
-    bool compileNode(unsigned nodeIndex)
+    std::tuple<bool, CodeGenerationResult> compileNode(unsigned nodeIndex)
     {
         if (!m_state.isValid()) {
             safelyInvalidateAfterTermination();
-            return false;
+            return { false, CodeGenerationResult::NotGenerated };
         }
 
         m_node = m_highBlock->at(nodeIndex);
@@ -736,6 +748,7 @@ class LowerDFGToB3 {
             }
         }
 
+        CodeGenerationResult codeGenerationResult = CodeGenerationResult::Generated;
         switch (m_node->op()) {
         case DFG::Upsilon:
             compileUpsilon();
@@ -1867,6 +1880,7 @@ class LowerDFGToB3 {
         case BottomValue:
         case KillStack:
         case InitializeEntrypointArguments:
+            codeGenerationResult = CodeGenerationResult::NotGenerated;
             break;
         default:
             DFG_CRASH(m_graph, m_node, "Unrecognized node in FTL backend");
@@ -1891,17 +1905,17 @@ class LowerDFGToB3 {
         }
 
         if (m_node->isTerminal())
-            return false;
+            return { false, codeGenerationResult };
 
         if (!m_state.isValid()) {
             safelyInvalidateAfterTermination();
-            return false;
+            return { false, codeGenerationResult };
         }
 
         m_availabilityCalculator.executeNode(m_node);
         m_interpreter.executeEffects(nodeIndex);
 
-        return true;
+        return { true, codeGenerationResult };
     }
 
     void compileUpsilon()
diff --git a/Source/JavaScriptCore/runtime/OptionsList.h b/Source/JavaScriptCore/runtime/OptionsList.h
index 4f2dde66901c4..4842d250a28a0 100644
--- a/Source/JavaScriptCore/runtime/OptionsList.h
+++ b/Source/JavaScriptCore/runtime/OptionsList.h
@@ -297,6 +297,8 @@ bool hasCapacityToUseLargeGigacage();
     \
     v(Unsigned, maximumFTLCandidateBytecodeCost, 20000, Normal, nullptr) \
     \
+    v(Double, ratioFTLNodesToBytecodeCost, 1.8, Normal, "Ratio converting FTL # of DFG nodes to approx bytecode cost") \
+    \
     /* Depth of inline stack, so 1 = no inlining, 2 = one level, etc. */ \
     v(Unsigned, maximumInliningDepth, 5, Normal, "maximum allowed inlining depth.  Depth of 1 means no inlining"_s) \
     v(Unsigned, maximumInliningRecursion, 2, Normal, nullptr) \
@@ -603,6 +605,7 @@ bool hasCapacityToUseLargeGigacage();
     v(Bool, useOMGInlining, true, Normal, "Use OMG inlining"_s) \
     v(Bool, freeRetiredWasmCode, true, Normal, "free BBQ/OMG-OSR wasm code once it's no longer reachable."_s) \
     v(Bool, useArrayAllocationSinking, true, Normal, "free BBQ/OMG-OSR wasm code once it's no longer reachable."_s) \
+    v(Bool, dumpFTLCodeSize, false, Normal, nullptr) \
     \
     /* Feature Flags */\
     \

From 9d5cda618299e1c0da62878c9efb94da55bad26a Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Sat, 22 Feb 2025 08:25:31 -0800
Subject: [PATCH 053/174] Clean-up `FullscreenManager` and add spec references
 https://bugs.webkit.org/show_bug.cgi?id=288285 rdar://145351421

Reviewed by Alex Christensen.

This PR does not contain any C++ code changes, and purely moves code around.

- Re-orders methods into sections that clearly correspond to spec algorithms:
   - Enter fullscreen flow is now grouped in one section
   - Exit fullscreen flow is now grouped in one section
   - Event dispatching methods are now grouped
- Adds spec references.
- Moves code less relevant to the understanding of the code to the header file.

This will make the code easier to read and cross-reference with the spec, especially after it is refactored for site isolation.

* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::isFullscreenEnabled const):
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::didEnterFullscreen):
(WebCore::FullscreenManager::isSimpleFullscreenDocument const):
(WebCore::FullscreenManager::exitRemovedFullscreenElement):
(WebCore::FullscreenManager::cancelFullscreen):
(WebCore::FullscreenManager::queueFullscreenChangeEventForDocument):
(WebCore::FullscreenManager::emptyEventQueue):
(): Deleted.
* Source/WebCore/dom/FullscreenManager.h:

Canonical link: https://commits.webkit.org/290874@main
---
 Source/WebCore/dom/FullscreenManager.cpp | 387 ++++++++++++-----------
 Source/WebCore/dom/FullscreenManager.h   |  18 +-
 2 files changed, 215 insertions(+), 190 deletions(-)

diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index 4f6939558582e..0fa72480891ca 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2025 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -39,7 +39,6 @@
 #include "HTMLDialogElement.h"
 #include "HTMLIFrameElement.h"
 #include "HTMLMediaElement.h"
-#include "HTMLNames.h"
 #include "JSDOMPromiseDeferred.h"
 #include "LocalDOMWindow.h"
 #include "LocalFrame.h"
@@ -61,9 +60,9 @@
 
 namespace WebCore {
 
-WTF_MAKE_TZONE_ALLOCATED_IMPL(FullscreenManager);
+// MARK: - Constructor.
 
-using namespace HTMLNames;
+WTF_MAKE_TZONE_ALLOCATED_IMPL(FullscreenManager);
 
 FullscreenManager::FullscreenManager(Document& document)
     : m_document(document)
@@ -73,7 +72,20 @@ FullscreenManager::FullscreenManager(Document& document)
 {
 }
 
-FullscreenManager::~FullscreenManager() = default;
+// MARK: - fullscreenEnabled attribute.
+// https://fullscreen.spec.whatwg.org/#dom-document-fullscreenenabled
+
+bool FullscreenManager::isFullscreenEnabled() const
+{
+    // The fullscreenEnabled attribute must return true if the context object and all ancestor
+    // browsing context's documents have their fullscreen enabled flag set, or false otherwise.
+
+    // Top-level browsing contexts are implied to have their allowFullscreen attribute set.
+    return PermissionsPolicy::isFeatureEnabled(PermissionsPolicy::Feature::Fullscreen, protectedDocument());
+}
+
+// MARK: - Fullscreen element.
+// https://fullscreen.spec.whatwg.org/#fullscreen-element
 
 Element* FullscreenManager::fullscreenElement() const
 {
@@ -85,23 +97,9 @@ Element* FullscreenManager::fullscreenElement() const
     return nullptr;
 }
 
-class CompletionHandlerScope final {
-public:
-    CompletionHandlerScope(CompletionHandler<void(ExceptionOr<void>)>&& completionHandler)
-        : m_completionHandler(WTFMove(completionHandler)) { }
-    CompletionHandlerScope(CompletionHandlerScope&&) = default;
-    CompletionHandlerScope& operator=(CompletionHandlerScope&&) = default;
-    ~CompletionHandlerScope()
-    {
-        if (m_completionHandler)
-            m_completionHandler({ });
-    }
-    CompletionHandler<void(ExceptionOr<void>)> release() { return WTFMove(m_completionHandler); }
-private:
-    CompletionHandler<void(ExceptionOr<void>)> m_completionHandler;
-};
-
+// MARK: - requestFullscreen() steps.
 // https://fullscreen.spec.whatwg.org/#dom-element-requestfullscreen
+
 void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, FullscreenCheckType checkType, CompletionHandler<void(ExceptionOr<void>)>&& completionHandler, HTMLMediaElementEnums::VideoFullscreenMode mode)
 {
     auto identifier = LOGIDENTIFIER;
@@ -245,52 +243,114 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
     });
 }
 
-void FullscreenManager::cancelFullscreen()
+ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLMediaElementEnums::VideoFullscreenMode mode)
 {
-    // The Mozilla "cancelFullscreen()" API behaves like the W3C "fully exit fullscreen" behavior, which
-    // is defined as:
-    // "To fully exit fullscreen act as if the exitFullscreen() method was invoked on the top-level browsing
-    // context's document and subsequently empty that document's fullscreen element stack."
-    RefPtr mainFrameDocument = this->mainFrameDocument();
-    if (!mainFrameDocument)
-        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::cancelFullscreen() without access to the main frame document ");
+#if !ENABLE(VIDEO)
+    UNUSED_PARAM(mode);
+#endif
 
-    if (!mainFrameDocument || !mainFrameDocument->fullscreenManager().fullscreenElement()) {
-        INFO_LOG(LOGIDENTIFIER, "No element to unfullscreen.");
-        return;
+    if (backForwardCacheState() != Document::NotInBackForwardCache) {
+        ERROR_LOG(LOGIDENTIFIER, "Document in the BackForwardCache; bailing");
+        return Exception { ExceptionCode::TypeError };
     }
 
-    INFO_LOG(LOGIDENTIFIER);
+    // Protect against being called after the document has been removed from the page.
+    RefPtr protectedPage = page();
+    if (!protectedPage) {
+        ERROR_LOG(LOGIDENTIFIER, "Document no longer in page; bailing");
+        return Exception { ExceptionCode::TypeError };
+    }
 
-    m_pendingExitFullscreen = true;
+    // The element is an open popover.
+    if (element.isPopoverShowing()) {
+        ERROR_LOG(LOGIDENTIFIER, "Element to fullscreen is an open popover; bailing.");
+        return Exception { ExceptionCode::TypeError, "Cannot request fullscreen on an open popover."_s };
+    }
 
-    protectedDocument()->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WeakPtr { *this }, mainFrameDocument = WTFMove(mainFrameDocument), identifier = LOGIDENTIFIER] {
-#if RELEASE_LOG_DISABLED
-        UNUSED_PARAM(this);
+    INFO_LOG(LOGIDENTIFIER);
+    ASSERT(page()->isFullscreenManagerEnabled());
+
+#if ENABLE(VIDEO)
+    if (RefPtr mediaElement = dynamicDowncast<HTMLMediaElement>(element))
+        mediaElement->willBecomeFullscreenElement(mode);
+    else
 #endif
-        CheckedPtr checkedThis = weakThis.get();
-        if (!checkedThis)
-            return;
+        element.willBecomeFullscreenElement();
 
-        if (!mainFrameDocument->page()) {
-            INFO_LOG(identifier, "Top document has no page.");
-            return;
-        }
+    Vector<Ref<Element>> ancestors { { element } };
+    for (RefPtr<Frame> frame = element.document().frame(); frame; frame = frame->tree().parent()) {
+        if (RefPtr ownerElement = frame->ownerElement())
+            ancestors.append(ownerElement.releaseNonNull());
+    }
 
-        // This triggers finishExitFullscreen with ExitMode::Resize, which fully exits the document.
-        if (RefPtr fullscreenElement = mainFrameDocument->fullscreenManager().fullscreenElement()) {
-            mainFrameDocument->page()->chrome().client().exitFullScreenForElement(fullscreenElement.get(), [weakThis = WeakPtr { *this }] {
-                CheckedPtr checkedThis = weakThis.get();
-                if (!checkedThis)
-                    return;
-                checkedThis->didExitFullscreen([] (auto) { });
-            });
-        } else
-            INFO_LOG(identifier, "Top document has no fullscreen element");
-    });
+    for (auto ancestor : makeReversedRange(ancestors))
+        elementEnterFullscreen(ancestor);
+
+    if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(element))
+        iframe->setIFrameFullscreenFlag(true);
+
+    return { };
 }
 
+void FullscreenManager::elementEnterFullscreen(Element& element)
+{
+    auto hideUntil = element.topmostPopoverAncestor(Element::TopLayerElementType::Other);
+    element.document().hideAllPopoversUntil(hideUntil, FocusPreviousElement::No, FireEvents::No);
+
+    auto containingBlockBeforeStyleResolution = SingleThreadWeakPtr<RenderBlock> { };
+    if (CheckedPtr renderer = element.renderer())
+        containingBlockBeforeStyleResolution = renderer->containingBlock();
+
+    element.setFullscreenFlag(true);
+    element.document().resolveStyle(Document::ResolveStyleType::Rebuild);
+
+    // Remove before adding, so we always add at the end of the top layer.
+    if (element.isInTopLayer())
+        element.removeFromTopLayer();
+    element.addToTopLayer();
+
+    queueFullscreenChangeEventForDocument(element.document());
+
+    RenderElement::markRendererDirtyAfterTopLayerChange(element.checkedRenderer().get(), containingBlockBeforeStyleResolution.get());
+}
+
+bool FullscreenManager::didEnterFullscreen()
+{
+    RefPtr fullscreenElement = this->fullscreenElement();
+    if (!fullscreenElement) {
+        ERROR_LOG(LOGIDENTIFIER, "No fullscreenElement; bailing");
+        return false;
+    }
+
+    if (backForwardCacheState() != Document::NotInBackForwardCache) {
+        ERROR_LOG(LOGIDENTIFIER, "Document in the BackForwardCache; bailing");
+        return false;
+    }
+    INFO_LOG(LOGIDENTIFIER);
+
+    fullscreenElement->didBecomeFullscreenElement();
+    return true;
+}
+
+// MARK: - Simple fullscreen document (exit helper).
+// https://fullscreen.spec.whatwg.org/#simple-fullscreen-document
+
+bool FullscreenManager::isSimpleFullscreenDocument() const
+{
+    bool foundFullscreenFlag = false;
+    for (Ref element : document().topLayerElements()) {
+        if (element->hasFullscreenFlag()) {
+            if (foundFullscreenFlag)
+                return false;
+            foundFullscreenFlag = true;
+        }
+    }
+    return foundFullscreenFlag;
+}
+
+// MARK: - Collect documents to unfullscreen (exit helper).
 // https://fullscreen.spec.whatwg.org/#collect-documents-to-unfullscreen
+
 static Vector<Ref<Document>> documentsToUnfullscreen(Frame& firstFrame)
 {
     Vector<Ref<Document>> documents;
@@ -313,6 +373,9 @@ static Vector<Ref<Document>> documentsToUnfullscreen(Frame& firstFrame)
     return documents;
 }
 
+// MARK: - Clear fullscreen flags (exit helper).
+// https://fullscreen.spec.whatwg.org/#unfullscreen-an-element
+
 static void clearFullscreenFlags(Element& element)
 {
     element.setFullscreenFlag(false);
@@ -320,6 +383,9 @@ static void clearFullscreenFlags(Element& element)
         iframe->setIFrameFullscreenFlag(false);
 }
 
+// MARK: - Exit fullscreen.
+// https://fullscreen.spec.whatwg.org/#exit-fullscreen
+
 void FullscreenManager::exitFullscreen(CompletionHandler<void(ExceptionOr<void>)>&& completionHandler)
 {
     INFO_LOG(LOGIDENTIFIER);
@@ -443,104 +509,6 @@ void FullscreenManager::finishExitFullscreen(Frame& currentFrame, ExitMode mode)
     }
 }
 
-bool FullscreenManager::isFullscreenEnabled() const
-{
-    // 4. The fullscreenEnabled attribute must return true if the context object and all ancestor
-    // browsing context's documents have their fullscreen enabled flag set, or false otherwise.
-
-    // Top-level browsing contexts are implied to have their allowFullscreen attribute set.
-    return PermissionsPolicy::isFeatureEnabled(PermissionsPolicy::Feature::Fullscreen, protectedDocument());
-}
-
-ExceptionOr<void> FullscreenManager::willEnterFullscreen(Element& element, HTMLMediaElementEnums::VideoFullscreenMode mode)
-{
-#if !ENABLE(VIDEO)
-    UNUSED_PARAM(mode);
-#endif
-
-    if (backForwardCacheState() != Document::NotInBackForwardCache) {
-        ERROR_LOG(LOGIDENTIFIER, "Document in the BackForwardCache; bailing");
-        return Exception { ExceptionCode::TypeError };
-    }
-
-    // Protect against being called after the document has been removed from the page.
-    RefPtr protectedPage = page();
-    if (!protectedPage) {
-        ERROR_LOG(LOGIDENTIFIER, "Document no longer in page; bailing");
-        return Exception { ExceptionCode::TypeError };
-    }
-
-    // The element is an open popover.
-    if (element.isPopoverShowing()) {
-        ERROR_LOG(LOGIDENTIFIER, "Element to fullscreen is an open popover; bailing.");
-        return Exception { ExceptionCode::TypeError, "Cannot request fullscreen on an open popover."_s };
-    }
-
-    INFO_LOG(LOGIDENTIFIER);
-    ASSERT(page()->isFullscreenManagerEnabled());
-
-#if ENABLE(VIDEO)
-    if (RefPtr mediaElement = dynamicDowncast<HTMLMediaElement>(element))
-        mediaElement->willBecomeFullscreenElement(mode);
-    else
-#endif
-        element.willBecomeFullscreenElement();
-
-    Vector<Ref<Element>> ancestors { { element } };
-    for (RefPtr<Frame> frame = element.document().frame(); frame; frame = frame->tree().parent()) {
-        if (RefPtr ownerElement = frame->ownerElement())
-            ancestors.append(ownerElement.releaseNonNull());
-    }
-
-    for (auto ancestor : makeReversedRange(ancestors))
-        elementEnterFullscreen(ancestor);
-
-    if (RefPtr iframe = dynamicDowncast<HTMLIFrameElement>(element))
-        iframe->setIFrameFullscreenFlag(true);
-
-    return { };
-}
-
-void FullscreenManager::elementEnterFullscreen(Element& element)
-{
-    auto hideUntil = element.topmostPopoverAncestor(Element::TopLayerElementType::Other);
-    element.document().hideAllPopoversUntil(hideUntil, FocusPreviousElement::No, FireEvents::No);
-
-    auto containingBlockBeforeStyleResolution = SingleThreadWeakPtr<RenderBlock> { };
-    if (CheckedPtr renderer = element.renderer())
-        containingBlockBeforeStyleResolution = renderer->containingBlock();
-
-    element.setFullscreenFlag(true);
-    element.document().resolveStyle(Document::ResolveStyleType::Rebuild);
-
-    // Remove before adding, so we always add at the end of the top layer.
-    if (element.isInTopLayer())
-        element.removeFromTopLayer();
-    element.addToTopLayer();
-
-    queueFullscreenChangeEventForDocument(element.document());
-
-    RenderElement::markRendererDirtyAfterTopLayerChange(element.checkedRenderer().get(), containingBlockBeforeStyleResolution.get());
-}
-
-bool FullscreenManager::didEnterFullscreen()
-{
-    RefPtr fullscreenElement = this->fullscreenElement();
-    if (!fullscreenElement) {
-        ERROR_LOG(LOGIDENTIFIER, "No fullscreenElement; bailing");
-        return false;
-    }
-
-    if (backForwardCacheState() != Document::NotInBackForwardCache) {
-        ERROR_LOG(LOGIDENTIFIER, "Document in the BackForwardCache; bailing");
-        return false;
-    }
-    INFO_LOG(LOGIDENTIFIER);
-
-    fullscreenElement->didBecomeFullscreenElement();
-    return true;
-}
-
 bool FullscreenManager::willExitFullscreen()
 {
     RefPtr fullscreenElement = this->fullscreenElement();
@@ -583,7 +551,68 @@ void FullscreenManager::didExitFullscreen(CompletionHandler<void(ExceptionOr<voi
     completionHandler({ });
 }
 
+// MARK: - Removing steps.
+// https://fullscreen.spec.whatwg.org/#removing-steps
+
+void FullscreenManager::exitRemovedFullscreenElement(Element& element)
+{
+    ASSERT(element.hasFullscreenFlag());
+
+    if (fullscreenElement() == &element) {
+        INFO_LOG(LOGIDENTIFIER, "Fullscreen element removed; exiting fullscreen");
+        exitFullscreen([] (auto) { });
+    } else
+        clearFullscreenFlags(element);
+}
+
+// MARK: - Cancel fullscreen.
+// The Mozilla "cancelFullscreen()" API behaves like the "fully exit fullscreen" algorithm:
+// https://fullscreen.spec.whatwg.org/#fully-exit-fullscreen
+
+void FullscreenManager::cancelFullscreen()
+{
+    RefPtr mainFrameDocument = this->mainFrameDocument();
+    if (!mainFrameDocument)
+        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::cancelFullscreen() without access to the main frame document ");
+
+    if (!mainFrameDocument || !mainFrameDocument->fullscreenManager().fullscreenElement()) {
+        INFO_LOG(LOGIDENTIFIER, "No element to unfullscreen.");
+        return;
+    }
+
+    INFO_LOG(LOGIDENTIFIER);
+
+    m_pendingExitFullscreen = true;
+
+    protectedDocument()->eventLoop().queueTask(TaskSource::MediaElement, [this, weakThis = WeakPtr { *this }, mainFrameDocument = WTFMove(mainFrameDocument), identifier = LOGIDENTIFIER] {
+#if RELEASE_LOG_DISABLED
+        UNUSED_PARAM(this);
+#endif
+        CheckedPtr checkedThis = weakThis.get();
+        if (!checkedThis)
+            return;
+
+        if (!mainFrameDocument->page()) {
+            INFO_LOG(identifier, "Top document has no page.");
+            return;
+        }
+
+        // This triggers finishExitFullscreen with ExitMode::Resize, which fully exits the document.
+        if (RefPtr fullscreenElement = mainFrameDocument->fullscreenManager().fullscreenElement()) {
+            mainFrameDocument->page()->chrome().client().exitFullScreenForElement(fullscreenElement.get(), [weakThis = WeakPtr { *this }] {
+                CheckedPtr checkedThis = weakThis.get();
+                if (!checkedThis)
+                    return;
+                checkedThis->didExitFullscreen([] (auto) { });
+            });
+        } else
+            INFO_LOG(identifier, "Top document has no fullscreen element");
+    });
+}
+
+// MARK: - Fullscreen rendering update steps / event dispatching.
 // https://fullscreen.spec.whatwg.org/#run-the-fullscreen-steps
+
 void FullscreenManager::dispatchPendingEvents()
 {
     // Since we dispatch events in this function, it's possible that the
@@ -642,17 +671,25 @@ void FullscreenManager::dispatchFullscreenChangeOrErrorEvent(Deque<GCReachableRe
     }
 }
 
-void FullscreenManager::exitRemovedFullscreenElement(Element& element)
+void FullscreenManager::queueFullscreenChangeEventForDocument(Document& document)
 {
-    ASSERT(element.hasFullscreenFlag());
+    RefPtr target = document.fullscreenManager().fullscreenElement();
+    if (!target) {
+        ASSERT_NOT_REACHED();
+        return;
+    }
+    document.fullscreenManager().addElementToChangeEventQueue(*target);
+    document.scheduleRenderingUpdate(RenderingUpdateStep::Fullscreen);
+}
 
-    if (fullscreenElement() == &element) {
-        INFO_LOG(LOGIDENTIFIER, "Fullscreen element removed; exiting fullscreen");
-        exitFullscreen([] (auto) { });
-    } else
-        clearFullscreenFlags(element);
+void FullscreenManager::emptyEventQueue()
+{
+    m_fullscreenChangeEventTargetQueue.clear();
+    m_fullscreenErrorEventTargetQueue.clear();
 }
 
+// MARK: - Fullscreen animation pseudo-class.
+
 bool FullscreenManager::isAnimatingFullscreen() const
 {
     return m_isAnimatingFullscreen;
@@ -671,35 +708,7 @@ void FullscreenManager::setAnimatingFullscreen(bool flag)
     m_isAnimatingFullscreen = flag;
 }
 
-void FullscreenManager::emptyEventQueue()
-{
-    m_fullscreenChangeEventTargetQueue.clear();
-    m_fullscreenErrorEventTargetQueue.clear();
-}
-
-void FullscreenManager::queueFullscreenChangeEventForDocument(Document& document)
-{
-    RefPtr target = document.fullscreenManager().fullscreenElement();
-    if (!target) {
-        ASSERT_NOT_REACHED();
-        return;
-    }
-    document.fullscreenManager().addElementToChangeEventQueue(*target);
-    document.scheduleRenderingUpdate(RenderingUpdateStep::Fullscreen);
-}
-
-bool FullscreenManager::isSimpleFullscreenDocument() const
-{
-    bool foundFullscreenFlag = false;
-    for (Ref element : document().topLayerElements()) {
-        if (element->hasFullscreenFlag()) {
-            if (foundFullscreenFlag)
-                return false;
-            foundFullscreenFlag = true;
-        }
-    }
-    return foundFullscreenFlag;
-}
+// MARK: - Log channel.
 
 #if !RELEASE_LOG_DISABLED
 WTFLogChannel& FullscreenManager::logChannel() const
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index 174a5b1316f2d..8f9250bc5a186 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -47,7 +47,7 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(FullscreenManager);
 public:
     FullscreenManager(Document&);
-    ~FullscreenManager();
+    ~FullscreenManager() = default;
 
     Document& document() { return m_document.get(); }
     const Document& document() const { return m_document.get(); }
@@ -126,6 +126,22 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
 #if !RELEASE_LOG_DISABLED
     const uint64_t m_logIdentifier;
 #endif
+
+    class CompletionHandlerScope final {
+    public:
+        CompletionHandlerScope(CompletionHandler<void(ExceptionOr<void>)>&& completionHandler)
+            : m_completionHandler(WTFMove(completionHandler)) { }
+        CompletionHandlerScope(CompletionHandlerScope&&) = default;
+        CompletionHandlerScope& operator=(CompletionHandlerScope&&) = default;
+        ~CompletionHandlerScope()
+        {
+            if (m_completionHandler)
+                m_completionHandler({ });
+        }
+        CompletionHandler<void(ExceptionOr<void>)> release() { return WTFMove(m_completionHandler); }
+    private:
+        CompletionHandler<void(ExceptionOr<void>)> m_completionHandler;
+    };
 };
 
 }

From 94c637751ff29d9b2bb055edcde12ec71ea24f50 Mon Sep 17 00:00:00 2001
From: Geoffrey Garen <ggaren@apple.com>
Date: Sat, 22 Feb 2025 08:46:03 -0800
Subject: [PATCH 054/174] Some RetainPtr cleanup
 https://bugs.webkit.org/show_bug.cgi?id=288269 <rdar://problem/145371472>

Reviewed by Ryosuke Niwa.

Removed implicit conversion to pointer, which was an old-school not 100%
type-safe way to do boolean tests.

Updated call sites to convert to boolean or load a pointer explicitly.

Added autorelease pools so that the OptionalRetainPtrNS API test passes in
debug builds with ARC, even though ARC autoreleases all intermediate pointers.

Added a test for leakRef() in ARC. This test currently fails (!!), so it's
disabled for now.

* Source/WTF/wtf/RetainPtr.h:
(WTF::RetainPtr::operator UnspecifiedBoolType const): Deleted.
* Source/WebCore/editing/cocoa/WebCoreTextAttachment.mm:
(WebCore::webCoreTextAttachmentMissingPlatformImage):
* Source/WebCore/platform/cf/RunLoopObserverCF.cpp:
(WebCore::RunLoopObserver::isScheduled const):
* Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h:
(WebCore::CDMSessionAVContentKeySession::hasContentKeySession const):
* Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
(WebCore::CDMSessionAVContentKeySession::update):
(WebCore::CDMSessionAVContentKeySession::hasContentKeyRequest const):
* Source/WebCore/platform/graphics/cocoa/UnrealizedCoreTextFont.cpp:
(WebCore::UnrealizedCoreTextFont::operator bool const):
* Source/WebCore/platform/text/cf/HyphenationCF.cpp:
(WebCore::canHyphenate):
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(IPC::isSerializableFont):
* Source/WebKit/UIProcess/mac/CorrectionPanel.h:
(WebKit::CorrectionPanel::isShowing const):
* Source/WebKit/UIProcess/mac/WebPageProxyMac.mm:
(WebKit::temporaryPDFDirectoryPath):
* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::isEditingCommandEnabled):
* Source/WebKitLegacy/mac/WebCoreSupport/CorrectionPanel.h:
(CorrectionPanel::isShowing const):
* Source/WebKitLegacy/mac/WebView/WebHTMLView.mm:
(-[WebHTMLView _plainTextFromPasteboard:]):
(-[WebHTMLView namesOfPromisedFilesDroppedAtDestination:]):
(-[WebHTMLView _fontAttributesFromFontPasteboard]):
* Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm:
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, OptionalRetainPtrNS)):
* Tools/TestWebKitAPI/Tests/WebCore/cg/GraphicsContextCGTests.mm:
(TestWebKitAPI::TEST(GraphicsContextTests, CGBitmapRenderingModeIsUnaccelerated)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadDelegate.mm:
(LoadInfo)):

Canonical link: https://commits.webkit.org/290875@main
---
 Source/WTF/wtf/RetainPtr.h                    |  5 --
 .../editing/cocoa/WebCoreTextAttachment.mm    |  2 +-
 .../WebCore/platform/cf/RunLoopObserverCF.cpp |  2 +-
 .../cocoa/ContentFilterUnblockHandlerCocoa.mm |  2 +-
 .../objc/CDMSessionAVContentKeySession.h      |  2 +-
 .../objc/CDMSessionAVContentKeySession.mm     |  8 +-
 .../graphics/cocoa/GraphicsContextGLCocoa.mm  |  2 +-
 .../graphics/cocoa/UnrealizedCoreTextFont.cpp |  4 +-
 .../WebCore/platform/ios/wak/WebCoreThread.mm |  2 +-
 .../platform/text/cf/HyphenationCF.cpp        |  2 +-
 .../Shared/Cocoa/ArgumentCodersCocoa.mm       |  2 +-
 .../UIProcess/ios/WKActionSheetAssistant.mm   |  2 +-
 .../UIProcess/ios/WKContentViewInteraction.mm |  2 +-
 Source/WebKit/UIProcess/mac/CorrectionPanel.h |  2 +-
 .../WebKit/UIProcess/mac/WebPageProxyMac.mm   |  4 +-
 .../PDF/UnifiedPDF/UnifiedPDFPlugin.mm        |  2 +-
 .../mac/WebCoreSupport/CorrectionPanel.h      |  2 +-
 .../WebKitLegacy/mac/WebView/WebHTMLView.mm   |  6 +-
 Source/WebKitLegacy/mac/WebView/WebView.mm    |  4 +-
 Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm | 87 ++++++++++++++-----
 .../WebCore/cg/GraphicsContextCGTests.mm      |  2 +-
 .../Tests/WebKitCocoa/ResourceLoadDelegate.mm |  6 +-
 22 files changed, 97 insertions(+), 55 deletions(-)

diff --git a/Source/WTF/wtf/RetainPtr.h b/Source/WTF/wtf/RetainPtr.h
index d16717117a304..e124e142d9f5a 100644
--- a/Source/WTF/wtf/RetainPtr.h
+++ b/Source/WTF/wtf/RetainPtr.h
@@ -136,11 +136,6 @@ template<typename T> class RetainPtr {
 
     constexpr bool operator!() const { return !m_ptr; }
 
-    // This conversion operator allows implicit conversion to bool but not to other integer types.
-    // FIXME: Eventually we should remove this; it's an outdated technique and less needed since we have explicit operator bool.
-    typedef CFTypeRef RetainPtr::*UnspecifiedBoolType;
-    operator UnspecifiedBoolType() const { return m_ptr ? &RetainPtr::m_ptr : nullptr; }
-
     RetainPtr& operator=(const RetainPtr&);
     template<typename U> RetainPtr& operator=(const RetainPtr<U>&);
     RetainPtr& operator=(PtrType);
diff --git a/Source/WebCore/editing/cocoa/WebCoreTextAttachment.mm b/Source/WebCore/editing/cocoa/WebCoreTextAttachment.mm
index 49feda8e761b6..495c3788ce7c1 100644
--- a/Source/WebCore/editing/cocoa/WebCoreTextAttachment.mm
+++ b/Source/WebCore/editing/cocoa/WebCoreTextAttachment.mm
@@ -50,7 +50,7 @@
 #else
         RetainPtr image = [webCoreBundle imageForResource:@"missingImage"];
 #endif
-        ASSERT_WITH_MESSAGE(image != nil, "Unable to find missingImage.");
+        ASSERT_WITH_MESSAGE(!!image, "Unable to find missingImage.");
         webCoreTextAttachmentMissingPlatformImageIfExists() = WTFMove(image);
     });
 
diff --git a/Source/WebCore/platform/cf/RunLoopObserverCF.cpp b/Source/WebCore/platform/cf/RunLoopObserverCF.cpp
index 8cf905bf2ec52..68e95c18db6aa 100644
--- a/Source/WebCore/platform/cf/RunLoopObserverCF.cpp
+++ b/Source/WebCore/platform/cf/RunLoopObserverCF.cpp
@@ -99,7 +99,7 @@ void RunLoopObserver::invalidate()
 
 bool RunLoopObserver::isScheduled() const
 {
-    return m_runLoopObserver;
+    return !!m_runLoopObserver;
 }
 
 } // namespace WebCore
diff --git a/Source/WebCore/platform/cocoa/ContentFilterUnblockHandlerCocoa.mm b/Source/WebCore/platform/cocoa/ContentFilterUnblockHandlerCocoa.mm
index 4e60a069b78f4..200eacf678307 100644
--- a/Source/WebCore/platform/cocoa/ContentFilterUnblockHandlerCocoa.mm
+++ b/Source/WebCore/platform/cocoa/ContentFilterUnblockHandlerCocoa.mm
@@ -116,7 +116,7 @@
 bool ContentFilterUnblockHandler::needsUIProcess() const
 {
 #if HAVE(PARENTAL_CONTROLS_WITH_UNBLOCK_HANDLER)
-    return m_webFilterEvaluator;
+    return !!m_webFilterEvaluator;
 #else
     return false;
 #endif
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h b/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h
index d759e52f5e403..d57a690c52407 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h
@@ -80,7 +80,7 @@ class CDMSessionAVContentKeySession : public CDMSessionMediaSourceAVFObjC, publi
 
     void didProvideContentKeyRequest(AVContentKeyRequest *);
 
-    bool hasContentKeySession() const { return m_contentKeySession; }
+    bool hasContentKeySession() const { return !!m_contentKeySession; }
     AVContentKeySession* contentKeySession();
 
     bool hasContentKeyRequest() const;
diff --git a/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm b/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
index 43c75f45eba57..5cc3d0b451e7d 100644
--- a/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
+++ b/Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
@@ -323,7 +323,11 @@ static bool isEqual(Uint8Array* data, ASCIILiteral literal)
 
         errorCode = MediaPlayer::NoError;
         systemCode = 0;
-        RetainPtr nsIdentifier = m_identifier ? RetainPtr<id>(toNSData(m_identifier->span())) : retainPtr(contentKeyRequest.get().identifier);
+        RetainPtr<id> nsIdentifier;
+        if (m_identifier)
+            nsIdentifier = toNSData(m_identifier->span());
+        else
+            nsIdentifier = contentKeyRequest.get().identifier;
 
         RetainPtr<NSError> error;
         RetainPtr<NSData> requestData;
@@ -438,7 +442,7 @@ static bool isEqual(Uint8Array* data, ASCIILiteral literal)
 bool CDMSessionAVContentKeySession::hasContentKeyRequest() const
 {
     Locker holder { m_keyRequestLock };
-    return m_keyRequest;
+    return !!m_keyRequest;
 }
 
 RetainPtr<AVContentKeyRequest> CDMSessionAVContentKeySession::contentKeyRequest() const
diff --git a/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm b/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm
index ab9c97266030b..0c15121273950 100644
--- a/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm
+++ b/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLCocoa.mm
@@ -601,7 +601,7 @@ static EGLDisplay initializeEGLDisplay(const GraphicsContextGLAttributes& attrs)
 bool GraphicsContextGLCocoa::addFoveation(IntSize physicalSizeLeft, IntSize physicalSizeRight, IntSize screenSize, std::span<const GCGLfloat> horizontalSamplesLeft, std::span<const GCGLfloat> verticalSamplesLeft, std::span<const GCGLfloat> horizontalSamplesRight)
 {
     m_rasterizationRateMap[PlatformXR::Layout::Shared] = newRasterizationRateMap(m_displayObj, physicalSizeLeft, physicalSizeRight, screenSize, horizontalSamplesLeft, verticalSamplesLeft, horizontalSamplesRight);
-    return m_rasterizationRateMap[PlatformXR::Layout::Shared];
+    return !!m_rasterizationRateMap[PlatformXR::Layout::Shared];
 }
 
 void GraphicsContextGLCocoa::enableFoveation(PlatformGLObject rbo)
diff --git a/Source/WebCore/platform/graphics/cocoa/UnrealizedCoreTextFont.cpp b/Source/WebCore/platform/graphics/cocoa/UnrealizedCoreTextFont.cpp
index 4104b895ac496..402027f95011f 100644
--- a/Source/WebCore/platform/graphics/cocoa/UnrealizedCoreTextFont.cpp
+++ b/Source/WebCore/platform/graphics/cocoa/UnrealizedCoreTextFont.cpp
@@ -71,9 +71,9 @@ CGFloat UnrealizedCoreTextFont::getSize() const
 UnrealizedCoreTextFont::operator bool() const
 {
     return WTF::switchOn(m_baseFont, [](const RetainPtr<CTFontRef>& font) -> bool {
-        return font;
+        return !!font;
     }, [](const RetainPtr<CTFontDescriptorRef>& fontDescriptor) -> bool {
-        return fontDescriptor;
+        return !!fontDescriptor;
     });
 }
 
diff --git a/Source/WebCore/platform/ios/wak/WebCoreThread.mm b/Source/WebCore/platform/ios/wak/WebCoreThread.mm
index 125cfc8b989b3..cbb74e3f43418 100644
--- a/Source/WebCore/platform/ios/wak/WebCoreThread.mm
+++ b/Source/WebCore/platform/ios/wak/WebCoreThread.mm
@@ -329,7 +329,7 @@ void WebThreadAdoptAndRelease(id obj)
 
     Locker locker { webThreadReleaseLock };
 
-    if (webThreadReleaseObjArray() == nil)
+    if (!webThreadReleaseObjArray())
         webThreadReleaseObjArray() = adoptCF(CFArrayCreateMutable(kCFAllocatorSystemDefault, 0, nullptr));
     CFArrayAppendValue(webThreadReleaseObjArray().get(), obj);
     CFRunLoopSourceSignal(webThreadReleaseSource().get());
diff --git a/Source/WebCore/platform/text/cf/HyphenationCF.cpp b/Source/WebCore/platform/text/cf/HyphenationCF.cpp
index b72df7bd34d1d..66eb0df94d095 100644
--- a/Source/WebCore/platform/text/cf/HyphenationCF.cpp
+++ b/Source/WebCore/platform/text/cf/HyphenationCF.cpp
@@ -71,7 +71,7 @@ bool canHyphenate(const AtomString& localeIdentifier)
 {
     if (localeIdentifier.isNull())
         return false;
-    return TinyLRUCachePolicy<AtomString, RetainPtr<CFLocaleRef>>::cache().get(localeIdentifier);
+    return !!TinyLRUCachePolicy<AtomString, RetainPtr<CFLocaleRef>>::cache().get(localeIdentifier);
 }
 
 size_t lastHyphenLocation(StringView text, size_t beforeIndex, const AtomString& localeIdentifier)
diff --git a/Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm b/Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
index 3d26710567da3..3f335b41f5360 100644
--- a/Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
+++ b/Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
@@ -428,7 +428,7 @@ NSType typeFromObject(id object)
 
 static inline bool isSerializableFont(CTFontRef font)
 {
-    return adoptCF(CTFontCopyAttribute(font, kCTFontURLAttribute));
+    return !!adoptCF(CTFontCopyAttribute(font, kCTFontURLAttribute));
 }
 
 bool isSerializableValue(id value)
diff --git a/Source/WebKit/UIProcess/ios/WKActionSheetAssistant.mm b/Source/WebKit/UIProcess/ios/WKActionSheetAssistant.mm
index 40cbe3f42bef0..6e6860036751c 100644
--- a/Source/WebKit/UIProcess/ios/WKActionSheetAssistant.mm
+++ b/Source/WebKit/UIProcess/ios/WKActionSheetAssistant.mm
@@ -293,7 +293,7 @@ - (void)updateSheetPosition
 
 - (BOOL)isShowingSheet
 {
-    return _interactionSheet != nil;
+    return !!_interactionSheet;
 }
 
 - (void)interactionDidStartWithPositionInformation:(const WebKit::InteractionInformationAtPosition&)information
diff --git a/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm b/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
index 69d55a1fa88a3..c3b505755dd24 100644
--- a/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
+++ b/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
@@ -8950,7 +8950,7 @@ - (BOOL)_isPresentingFullScreenInputView
     if (_presentedQuickboardController)
         return YES;
 #endif // HAVE(QUICKBOARD_CONTROLLER)
-    return _presentedFullScreenInputViewController;
+    return !!_presentedFullScreenInputViewController;
 }
 
 - (void)dismissAllInputViewControllers:(BOOL)animated
diff --git a/Source/WebKit/UIProcess/mac/CorrectionPanel.h b/Source/WebKit/UIProcess/mac/CorrectionPanel.h
index 4979ce396404d..8afb6132fad82 100644
--- a/Source/WebKit/UIProcess/mac/CorrectionPanel.h
+++ b/Source/WebKit/UIProcess/mac/CorrectionPanel.h
@@ -47,7 +47,7 @@ class CorrectionPanel {
     static void recordAutocorrectionResponse(WebViewImpl&, NSInteger spellCheckerDocumentTag, NSCorrectionResponse, const String& replacedString, const String& replacementString);
 
 private:
-    bool isShowing() const { return m_view; }
+    bool isShowing() const { return !!m_view; }
     String dismissInternal(WebCore::ReasonForDismissingAlternativeText, bool dismissingExternally);
     void handleAcceptedReplacement(WebViewImpl&, NSString* acceptedReplacement, NSString* replaced, NSString* proposedReplacement, NSCorrectionIndicatorType);
 
diff --git a/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm b/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm
index 5ae72ae930d3f..aa55dceed5a25 100644
--- a/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm
+++ b/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm
@@ -503,8 +503,8 @@ static inline bool expectsLegacyImplicitRubberBandControl()
         auto temporaryDirectoryTemplate = [NSTemporaryDirectory() stringByAppendingPathComponent:@"WebKitPDFs-XXXXXX"];
         CString templateRepresentation = [temporaryDirectoryTemplate fileSystemRepresentation];
         if (mkdtemp(templateRepresentation.mutableSpanIncludingNullTerminator().data()))
-            return adoptNS([[[NSFileManager defaultManager] stringWithFileSystemRepresentation:templateRepresentation.data() length:templateRepresentation.length()] copy]);
-        return RetainPtr<id> { };
+            return adoptNS((NSString *)[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:templateRepresentation.data() length:templateRepresentation.length()] copy]);
+        return RetainPtr<NSString> { };
     }();
     return path.get().get();
 }
diff --git a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
index 3cc4cc48ec445..cf74bf57053ea 100644
--- a/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
+++ b/Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
@@ -2724,7 +2724,7 @@ static bool isContextMenuEvent(const WebMouseEvent& event)
         return true;
 
     if (equalLettersIgnoringASCIICase(commandName, "copy"_s) || equalLettersIgnoringASCIICase(commandName, "takefindstringfromselection"_s))
-        return m_currentSelection;
+        return !!m_currentSelection;
 
     return false;
 }
diff --git a/Source/WebKitLegacy/mac/WebCoreSupport/CorrectionPanel.h b/Source/WebKitLegacy/mac/WebCoreSupport/CorrectionPanel.h
index df8b4136d88ce..71f34dabb6879 100644
--- a/Source/WebKitLegacy/mac/WebCoreSupport/CorrectionPanel.h
+++ b/Source/WebKitLegacy/mac/WebCoreSupport/CorrectionPanel.h
@@ -44,7 +44,7 @@ class CorrectionPanel {
     static void recordAutocorrectionResponse(NSInteger spellCheckerDocumentTag, NSCorrectionResponse, const String& replacedString, const String& replacementString);
 
 private:
-    bool isShowing() const { return m_view; }
+    bool isShowing() const { return !!m_view; }
     String dismissInternal(WebCore::ReasonForDismissingAlternativeText, bool dismissingExternally);
     void handleAcceptedReplacement(NSString* acceptedReplacement, NSString* replaced, NSString* proposedReplacement, NSCorrectionIndicatorType);
 
diff --git a/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm b/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm
index 17fbe816e0a3b..60dc8836dbd8e 100644
--- a/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm
+++ b/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm
@@ -1221,7 +1221,7 @@ - (NSString *)_plainTextFromPasteboard:(NSPasteboard *)pasteboard
     RetainPtr<NSAttributedString> attributedString;
     if ([types containsObject:WebCore::legacyRTFDPasteboardType()])
         attributedString = adoptNS([[NSAttributedString alloc] initWithRTFD:[pasteboard dataForType:WebCore::legacyRTFDPasteboardType()] documentAttributes:NULL]);
-    if (attributedString == nil && [types containsObject:WebCore::legacyRTFPasteboardType()])
+    if (!attributedString && [types containsObject:WebCore::legacyRTFPasteboardType()])
         attributedString = adoptNS([[NSAttributedString alloc] initWithRTF:[pasteboard dataForType:WebCore::legacyRTFPasteboardType()] documentAttributes:NULL]);
     if (attributedString)
         return adoptNS([[attributedString string] copy]).autorelease();
@@ -4389,7 +4389,7 @@ - (NSArray *)namesOfPromisedFilesDroppedAtDestination:(NSURL *)dropDestination
         wrapper = [[self _dataSource] _fileWrapperForURL:draggingElementURL];
     }
     
-    if (wrapper == nil) {
+    if (!wrapper) {
         LOG_ERROR("Failed to create image file.");
         return nil;
     }
@@ -5092,7 +5092,7 @@ - (NSDictionary *)_fontAttributesFromFontPasteboard
         return nil;
     // NSTextView does something more efficient by parsing the attributes only, but that's not available in API.
     auto string = adoptNS([[NSAttributedString alloc] initWithRTF:data documentAttributes:NULL]);
-    if (string == nil || [string length] == 0)
+    if (!string || [string length] == 0)
         return nil;
     return [string fontAttributesInRange:NSMakeRange(0, 1)];
 }
diff --git a/Source/WebKitLegacy/mac/WebView/WebView.mm b/Source/WebKitLegacy/mac/WebView/WebView.mm
index e8774db538270..96d41f2d097ba 100644
--- a/Source/WebKitLegacy/mac/WebView/WebView.mm
+++ b/Source/WebKitLegacy/mac/WebView/WebView.mm
@@ -3537,7 +3537,7 @@ - (NSSet *)caretChangeListeners
 
 - (void)addCaretChangeListener:(id <WebCaretChangeListener>)listener
 {
-    if (_private->_caretChangeListeners == nil) {
+    if (!_private->_caretChangeListeners) {
         _private->_caretChangeListeners = adoptNS([[NSMutableSet alloc] init]);
     }
 
@@ -3591,7 +3591,7 @@ - (NSURL *)_displayURL
     if (!dataSource)
         dataSource = [frame dataSource];
     auto unreachableURL = retainPtr([dataSource unreachableURL]);
-    auto url = unreachableURL != nil ? unreachableURL : retainPtr([[dataSource request] URL]);
+    auto url = !!unreachableURL ? unreachableURL : retainPtr([[dataSource request] URL]);
     return url.autorelease();
 }
 #endif // PLATFORM(IOS_FAMILY)
diff --git a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
index 23259568206e4..5caf6d606d54d 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
@@ -248,42 +248,63 @@
 TEST(RETAIN_PTR_TEST_NAME, OptionalRetainPtrNS)
 {
     // Test assignment from adoptNS().
-    std::optional<RetainPtr<NSObject>> optionalObject1 = adoptNS([NSObject new]);
-    auto optionalObjectPtr1 = reinterpret_cast<uintptr_t>(optionalObject1.value().get());
+    std::optional<RetainPtr<NSObject>> optionalObject1;
+
+    uintptr_t optionalObjectPtr1 = 0;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        optionalObject1 = adoptNS([NSObject new]);
+        optionalObjectPtr1 = reinterpret_cast<uintptr_t>(optionalObject1.value().get());
+    }
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)optionalObjectPtr1));
-    RetainPtr<NSObject> object1 = optionalObject1.value();
-    EXPECT_EQ(optionalObject1.value(), object1);
+
+    RetainPtr<NSObject> object1;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        object1 = optionalObject1.value();
+        EXPECT_EQ(optionalObject1.value(), object1);
+    }
 
     // Test assignment from retainPtr().
     std::optional<RetainPtr<NSObject>> optionalObject2;
     @autoreleasepool {
         optionalObject2 = retainPtr([[NSObject new] autorelease]);
     }
-    auto optionalObjectPtr2 = reinterpret_cast<uintptr_t>(optionalObject2.value().get());
+
+    uintptr_t optionalObjectPtr2 = 0;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        optionalObjectPtr2 = reinterpret_cast<uintptr_t>(optionalObject2.value().get());
+    }
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)optionalObjectPtr2));
-    RetainPtr<NSObject> object2 = optionalObject2.value();
-    auto objectPtr2 = reinterpret_cast<uintptr_t>(object2.get());
-    EXPECT_EQ(optionalObject2.value(), object2);
 
-    EXPECT_NE(object1, object2);
+    RetainPtr<NSObject> object2;
+    uintptr_t objectPtr2 = 0;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        object2 = optionalObject2.value();
+        objectPtr2 = reinterpret_cast<uintptr_t>(object2.get());
 
-    // Test assignment from std::optional<RetainPtr<NSObject>>.
-    optionalObject1 = optionalObject2;
-    EXPECT_TRUE(optionalObject1.value());
-    EXPECT_TRUE(optionalObject1.value().get());
-    EXPECT_EQ(optionalObject1.value(), object2);
-    EXPECT_TRUE(optionalObject2.value());
-    EXPECT_TRUE(optionalObject2.value().get());
-    EXPECT_EQ(optionalObject2.value(), object2);
+        EXPECT_EQ(optionalObject2.value(), object2);
+
+        EXPECT_NE(object1, object2);
 
-    // Reset after assignment test.
-    optionalObject1 = object1;
-    EXPECT_EQ(optionalObject1.value(), object1);
-    EXPECT_EQ(optionalObject2.value(), object2);
+        // Test assignment from std::optional<RetainPtr<NSObject>>.
+        optionalObject1 = optionalObject2;
+        EXPECT_TRUE(optionalObject1.value());
+        EXPECT_TRUE(optionalObject1.value().get());
+        EXPECT_EQ(optionalObject1.value(), object2);
+        EXPECT_TRUE(optionalObject2.value());
+        EXPECT_TRUE(optionalObject2.value().get());
+        EXPECT_EQ(optionalObject2.value(), object2);
+
+        // Reset after assignment test.
+        optionalObject1 = object1;
+        EXPECT_EQ(optionalObject1.value(), object1);
+        EXPECT_EQ(optionalObject2.value(), object2);
+    }
 
     // Test move from std::optional<RetainPtr<NSObject>>.
     EXPECT_EQ(2L, CFGetRetainCount((CFTypeRef)objectPtr2));
-    optionalObject1 = WTFMove(optionalObject2);
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        optionalObject1 = WTFMove(optionalObject2);
+    }
     EXPECT_EQ(2L, CFGetRetainCount((CFTypeRef)objectPtr2));
     EXPECT_TRUE(optionalObject1.value());
     EXPECT_TRUE(optionalObject1.value().get());
@@ -323,4 +344,26 @@
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectPtr3));
 }
 
+/* This test is disabled for now because it fails (!!).
+TEST(RETAIN_PTR_TEST_NAME, LeakRef)
+{
+    RetainPtr<NSObject> foo;
+    uintptr_t fooPtr;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        foo = adoptNS([[NSObject alloc] init]);
+        fooPtr = reinterpret_cast<uintptr_t>(foo.get());
+    }
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)fooPtr));
+
+    NSObject *object;
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        object = foo.leakRef();
+    }
+    EXPECT_EQ(nullptr, foo.get());
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)object));
+
+    (void)adoptNS(object);
+}
+*/
+
 } // namespace TestWebKitAPI
diff --git a/Tools/TestWebKitAPI/Tests/WebCore/cg/GraphicsContextCGTests.mm b/Tools/TestWebKitAPI/Tests/WebCore/cg/GraphicsContextCGTests.mm
index f8d0a01ec57fe..187ec31bc30ed 100644
--- a/Tools/TestWebKitAPI/Tests/WebCore/cg/GraphicsContextCGTests.mm
+++ b/Tools/TestWebKitAPI/Tests/WebCore/cg/GraphicsContextCGTests.mm
@@ -99,7 +99,7 @@ - (void)drawInContext:(CGContextRef)cgContext
 {
     auto srgb = DestinationColorSpace::SRGB();
     auto cgContext = adoptCF(CGBitmapContextCreate(nullptr, 3, 3, 8, 4 * 3, srgb.platformColorSpace(), kCGImageAlphaPremultipliedLast));
-    ASSERT_NE(cgContext, nullptr);
+    ASSERT_NE(cgContext.get(), nullptr);
     GraphicsContextCG context(cgContext.get());
     EXPECT_EQ(context.renderingMode(), RenderingMode::Unaccelerated);
 }
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadDelegate.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadDelegate.mm
index 38123b256403b..2d07acad628ff 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadDelegate.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadDelegate.mm
@@ -314,7 +314,7 @@ function loadMoreThingsAfterFetchAndXHR() {
     EXPECT_WK_STREQ([otherParameters[0] URL].path, "/");
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[1] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[1] URL].path, "/");
-    EXPECT_EQ(otherParameters[2], nil);
+    EXPECT_EQ(otherParameters[2].get(), nil);
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[3] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[3] URL].path, "/");
 
@@ -322,7 +322,7 @@ function loadMoreThingsAfterFetchAndXHR() {
     EXPECT_WK_STREQ([otherParameters[4] URL].path, "/iframeSrc");
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[5] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[5] URL].path, "/iframeSrc");
-    EXPECT_EQ(otherParameters[6], nil);
+    EXPECT_EQ(otherParameters[6].get(), nil);
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[7] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[7] URL].path, "/iframeSrc");
 
@@ -331,7 +331,7 @@ function loadMoreThingsAfterFetchAndXHR() {
     EXPECT_WK_STREQ(adoptNS([[NSString alloc] initWithData:[otherParameters[8] HTTPBody] encoding:NSUTF8StringEncoding]).get(), "a=b&c=d");
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[9] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[9] URL].path, "/fetchTarget");
-    EXPECT_EQ(otherParameters[10], nil);
+    EXPECT_EQ(otherParameters[10].get(), nil);
     EXPECT_WK_STREQ(NSStringFromClass([otherParameters[11] class]), "NSHTTPURLResponse");
     EXPECT_WK_STREQ([otherParameters[11] URL].path, "/fetchTarget");
 

From c0eb637ff43aeda8300785849eddc497dfa78502 Mon Sep 17 00:00:00 2001
From: Ahmad Saleem <ahmad.saleem792+github@gmail.com>
Date: Sat, 22 Feb 2025 08:59:07 -0800
Subject: [PATCH 055/174] [MiniBrowser] Sync user agents with Web Inspector
 https://bugs.webkit.org/show_bug.cgi?id=288257 rdar://145329551

Reviewed by Abrar Rahman Protyasha.

The User Agent strings for Minibrowser were last updated in 264269@main (May 2023),
this patch is to update them in sync with Web Inspector as done in 280732@main and 287092@main.

As a result, this also adds ChromeOS, Edge (Android), Chrome (Android) and Firefox (Android).

* Tools/MiniBrowser/mac/SettingsController.m:
(+[SettingsController userAgentData]):

Canonical link: https://commits.webkit.org/290876@main
---
 Tools/MiniBrowser/mac/SettingsController.m | 47 ++++++++++++++--------
 1 file changed, 31 insertions(+), 16 deletions(-)

diff --git a/Tools/MiniBrowser/mac/SettingsController.m b/Tools/MiniBrowser/mac/SettingsController.m
index f23d6600f14c3..d385a8345a8bc 100644
--- a/Tools/MiniBrowser/mac/SettingsController.m
+++ b/Tools/MiniBrowser/mac/SettingsController.m
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2025 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -248,27 +248,27 @@ + (NSArray *)userAgentData
 {
     return @[
         @{
-            @"label" : @"Safari 16.4",
+            @"label" : @"Safari 18.0",
             @"identifier" : @"safari",
-            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15"
+            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15"
         },
         @{
             @"label" : @"-",
         },
         @{
-            @"label" : @"Safari—iOS 16.4—iPhone",
+            @"label" : @"Safari—iOS 18.0—iPhone",
             @"identifier" : @"iphone-safari",
-            @"userAgent" : @"Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1"
+            @"userAgent" : @"Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1"
         },
         @{
-            @"label" : @"Safari—iPadOS 16.4—iPad mini",
+            @"label" : @"Safari—iPadOS 18.0—iPad mini",
             @"identifier" : @"ipad-mini-safari",
-            @"userAgent" : @"Mozilla/5.0 (iPad; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1"
+            @"userAgent" : @"Mozilla/5.0 (iPad; CPU OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1"
         },
         @{
-            @"label" : @"Safari—iPadOS 16.4—iPad",
+            @"label" : @"Safari—iPadOS 18.0—iPad",
             @"identifier" : @"ipad-safari",
-            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15"
+            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15"
         },
         @{
             @"label" : @"-",
@@ -276,12 +276,17 @@ + (NSArray *)userAgentData
         @{
             @"label" : @"Firefox—macOS",
             @"identifier" : @"firefox",
-            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0"
+            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0"
         },
         @{
             @"label" : @"Firefox—Windows",
             @"identifier" : @"windows-firefox",
-            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"
+            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0"
+        },
+        @{
+            @"label" : @"Firefox—Android",
+            @"identifier" : @"android-firefox",
+            @"userAgent" : @"Mozilla/5.0 (Android 15; Mobile; rv:68.0) Gecko/68.0 Firefox/132.0"
         },
         @{
             @"label" : @"-",
@@ -289,17 +294,22 @@ + (NSArray *)userAgentData
         @{
             @"label" : @"Chrome—macOS",
             @"identifier" : @"chrome",
-            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
+            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
         },
         @{
             @"label" : @"Chrome—Windows",
             @"identifier" : @"windows-chrome",
-            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
+            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
         },
         @{
             @"label" : @"Chrome—Android",
             @"identifier" : @"android-chrome",
-            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
+            @"userAgent" : @"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"
+        },
+        @{
+            @"label" : @"ChromeOS",
+            @"identifier" : @"chromeOS",
+            @"userAgent" : @"Mozilla/5.0 (X11; CrOS x86_64 15917.71.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
         },
         @{
             @"label" : @"-",
@@ -307,12 +317,17 @@ + (NSArray *)userAgentData
         @{
             @"label" : @"Edge—macOS",
             @"identifier" : @"edge",
-            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41"
+            @"userAgent" : @"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"
         },
         @{
             @"label" : @"Edge—Windows",
             @"identifier" : @"windows-edge",
-            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41"
+            @"userAgent" : @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"
+        },
+        @{
+            @"label" : @"Edge—Android",
+            @"identifier" : @"android-edge",
+            @"userAgent" : @"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36 EdgA/131.0.0.0"
         },
     ];
 }

From 4c6223ced622acfc758bddcfa46b71ac45e5c9eb Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Sat, 22 Feb 2025 09:25:45 -0800
Subject: [PATCH 056/174] Add sandbox extension requirement for registering
 service https://bugs.webkit.org/show_bug.cgi?id=287957 rdar://144787086

Reviewed by Sihui Liu.

The sandbox extension needs to be granted for registering this service.

* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

Canonical link: https://commits.webkit.org/290877@main
---
 .../SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
index 4ddc8b65db3bd..fbd397bada146 100644
--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
@@ -113,7 +113,9 @@
 
 (define-once (accessibility-support)
     (allow mach-register
-        (local-name "com.apple.iphone.axserver"))
+        (require-all
+            (extension "com.apple.webkit.mach-bootstrap")
+            (local-name "com.apple.iphone.axserver")))
     (mobile-preferences-read "com.apple.Accessibility")
     
     ;; <rdar://problem/10809394>

From 49006e8eaf452f45a0575333273ab2b36f4cafed Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 10:28:46 -0800
Subject: [PATCH 057/174] Address safer cpp failures in
 WebMAudioUtilitiesCocoa.mm https://bugs.webkit.org/show_bug.cgi?id=288268

Reviewed by Geoffrey Garen.

* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm:
(WebCore::cookieFromOpusCookieContents):

Canonical link: https://commits.webkit.org/290878@main
---
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations   | 1 -
 .../WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm  | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 88902354364f0..fabd1e98a3304 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1078,7 +1078,6 @@ platform/graphics/cocoa/FontCacheCoreText.cpp
 platform/graphics/cocoa/ImageAdapterCocoa.mm
 platform/graphics/cocoa/SourceBufferParser.cpp
 platform/graphics/cocoa/VideoMediaSampleRenderer.mm
-platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm
 platform/graphics/cocoa/WebProcessGraphicsContextGLCocoa.mm
 platform/graphics/controls/ApplePayButtonPart.cpp
 platform/graphics/controls/ButtonPart.h
diff --git a/Source/WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm b/Source/WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm
index a7fa98788df18..796dd173ecc61 100644
--- a/Source/WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm
+++ b/Source/WebCore/platform/graphics/cocoa/WebMAudioUtilitiesCocoa.mm
@@ -334,7 +334,7 @@ bool parseOpusTOCData(std::span<const uint8_t> frameData, OpusCookieContents& co
 static Vector<uint8_t> cookieFromOpusCookieContents(const OpusCookieContents& cookie)
 {
 #if HAVE(AUDIOFORMATPROPERTY_VARIABLEPACKET_SUPPORTED)
-    return { cookie.cookieData->span() };
+    return { Ref { *cookie.cookieData }->span() };
 #else
     auto samplesPerPacket = cookie.framesPerPacket * (cookie.frameDuration.seconds() * cookie.sampleRate);
 

From c0afa4f4c6ec12ad65d9524336daeedaf60f8700 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 10:30:40 -0800
Subject: [PATCH 058/174] Address safer cpp failures in WKNSDictionary
 https://bugs.webkit.org/show_bug.cgi?id=288270

Reviewed by Geoffrey Garen.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/Shared/Cocoa/WKNSDictionary.mm:
(-[WKNSDictionary _protectedDictionary]):
(-[WKNSDictionary dealloc]):
(-[WKNSDictionary objectForKey:]):
(-[WKNSDictionary keyEnumerator]):

Canonical link: https://commits.webkit.org/290879@main
---
 .../UncountedCallArgsCheckerExpectations              |  1 -
 Source/WebKit/Shared/Cocoa/WKNSDictionary.mm          | 11 ++++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 3dc7387f7711b..7328ae48cd68f 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -56,7 +56,6 @@ Shared/APIWebArchiveResource.mm
 Shared/BlobDataFileReferenceWithSandboxExtension.cpp
 Shared/Cocoa/APIObject.mm
 Shared/Cocoa/WKNSData.mm
-Shared/Cocoa/WKNSDictionary.mm
 Shared/Cocoa/WKNSString.mm
 Shared/Cocoa/WKNSURL.mm
 Shared/ContextMenuContextData.cpp
diff --git a/Source/WebKit/Shared/Cocoa/WKNSDictionary.mm b/Source/WebKit/Shared/Cocoa/WKNSDictionary.mm
index eec8a693b2e04..7c347960baac0 100644
--- a/Source/WebKit/Shared/Cocoa/WKNSDictionary.mm
+++ b/Source/WebKit/Shared/Cocoa/WKNSDictionary.mm
@@ -36,12 +36,17 @@ @implementation WKNSDictionary {
     AlignedStorage<API::Dictionary> _dictionary;
 }
 
+- (Ref<API::Dictionary>)_protectedDictionary
+{
+    return *_dictionary;
+}
+
 - (void)dealloc
 {
     if (WebCoreObjCScheduleDeallocateOnMainRunLoop(WKNSDictionary.class, self))
         return;
 
-    _dictionary->~Dictionary();
+    self._protectedDictionary->~Dictionary();
 
     [super dealloc];
 }
@@ -67,7 +72,7 @@ - (id)objectForKey:(id)key
         return nil;
 
     bool exists;
-    RefPtr value = _dictionary->get(str, exists);
+    RefPtr value = self._protectedDictionary->get(str, exists);
     if (!exists)
         return nil;
 
@@ -76,7 +81,7 @@ - (id)objectForKey:(id)key
 
 - (NSEnumerator *)keyEnumerator
 {
-    return [wrapper(_dictionary->keys()) objectEnumerator];
+    return [wrapper(self._protectedDictionary->keys()) objectEnumerator];
 }
 
 #pragma mark NSCopying protocol implementation

From 427933132d9f530c289b36b4b569bb34e2f27575 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 10:32:33 -0800
Subject: [PATCH 059/174] Address Safer cpp failures in SuspendedPageProxy.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288273

Reviewed by Geoffrey Garen.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::protectedBackForwardCache const):
(WebKit::SuspendedPageProxy::suspensionTimedOut):
* Source/WebKit/UIProcess/SuspendedPageProxy.h:

Canonical link: https://commits.webkit.org/290880@main
---
 .../UncountedCallArgsCheckerExpectations                   | 1 -
 Source/WebKit/UIProcess/SuspendedPageProxy.cpp             | 7 ++++++-
 Source/WebKit/UIProcess/SuspendedPageProxy.h               | 1 +
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 7328ae48cd68f..3ac2202398e81 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -192,7 +192,6 @@ UIProcess/ProvisionalFrameProxy.cpp
 UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
 UIProcess/RemotePageProxy.cpp
 UIProcess/SpeechRecognitionPermissionManager.cpp
-UIProcess/SuspendedPageProxy.cpp
 UIProcess/UserMediaPermissionRequestManagerProxy.cpp
 UIProcess/WebAuthentication/AuthenticatorManager.cpp
 UIProcess/WebAuthentication/Cocoa/LocalService.mm
diff --git a/Source/WebKit/UIProcess/SuspendedPageProxy.cpp b/Source/WebKit/UIProcess/SuspendedPageProxy.cpp
index 6e3d562bb92cc..235af66d41f2a 100644
--- a/Source/WebKit/UIProcess/SuspendedPageProxy.cpp
+++ b/Source/WebKit/UIProcess/SuspendedPageProxy.cpp
@@ -179,6 +179,11 @@ void SuspendedPageProxy::didDestroyNavigation(WebCore::NavigationIdentifier navi
         page->didDestroyNavigationShared(m_process.copyRef(), navigationID);
 }
 
+Ref<WebBackForwardCache> SuspendedPageProxy::protectedBackForwardCache() const
+{
+    return backForwardCache();
+}
+
 WebBackForwardCache& SuspendedPageProxy::backForwardCache() const
 {
     return process().processPool().backForwardCache();
@@ -279,7 +284,7 @@ void SuspendedPageProxy::didProcessRequestToSuspend(SuspensionState newSuspensio
 void SuspendedPageProxy::suspensionTimedOut()
 {
     RELEASE_LOG_ERROR(ProcessSwapping, "%p - SuspendedPageProxy::suspensionTimedOut() destroying the suspended page because it failed to suspend in time", this);
-    backForwardCache().removeEntry(*this); // Will destroy |this|.
+    protectedBackForwardCache()->removeEntry(*this); // Will destroy |this|.
 }
 
 WebPageProxy* SuspendedPageProxy::page() const
diff --git a/Source/WebKit/UIProcess/SuspendedPageProxy.h b/Source/WebKit/UIProcess/SuspendedPageProxy.h
index cf11f0fc8ce1f..6acffd4b69f85 100644
--- a/Source/WebKit/UIProcess/SuspendedPageProxy.h
+++ b/Source/WebKit/UIProcess/SuspendedPageProxy.h
@@ -75,6 +75,7 @@ class SuspendedPageProxy final: public IPC::MessageReceiver, public RefCounted<S
     BrowsingContextGroup& browsingContextGroup() { return m_browsingContextGroup.get(); }
 
     WebBackForwardCache& backForwardCache() const;
+    Ref<WebBackForwardCache> protectedBackForwardCache() const;
 
     bool pageIsClosedOrClosing() const;
 

From a3dee9ff7e3227579bc5371d4aab41c9c8fd9e06 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 10:34:36 -0800
Subject: [PATCH 060/174] Address safer cpp failures in
 ScriptedAnimationController.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288274

Reviewed by Geoffrey Garen.

* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/dom/ScriptedAnimationController.cpp:
(WebCore::ScriptedAnimationController::preferredScriptedAnimationInterval const):
(WebCore::ScriptedAnimationController::isThrottledRelativeToPage const):
(WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks):

Canonical link: https://commits.webkit.org/290881@main
---
 .../UncountedCallArgsCheckerExpectations                  | 1 -
 .../UncountedLocalVarsCheckerExpectations                 | 1 -
 Source/WebCore/dom/ScriptedAnimationController.cpp        | 8 ++++----
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index fabd1e98a3304..7d8e525bb5a0b 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -594,7 +594,6 @@ dom/RejectedPromiseTracker.cpp
 dom/ScriptExecutionContext.cpp
 dom/ScriptExecutionContext.h
 dom/ScriptRunner.cpp
-dom/ScriptedAnimationController.cpp
 dom/SecurityContext.cpp
 dom/SelectorQuery.cpp
 dom/ShadowRoot.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index ea1946984e160..238f32dbd93de 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -304,7 +304,6 @@ dom/RadioButtonGroups.cpp
 dom/Range.cpp
 dom/RejectedPromiseTracker.cpp
 dom/ScriptExecutionContext.cpp
-dom/ScriptedAnimationController.cpp
 dom/SelectorQuery.cpp
 dom/ShadowRoot.cpp
 dom/SimpleRange.cpp
diff --git a/Source/WebCore/dom/ScriptedAnimationController.cpp b/Source/WebCore/dom/ScriptedAnimationController.cpp
index 8c9d67b52a852..394cb29f8aa59 100644
--- a/Source/WebCore/dom/ScriptedAnimationController.cpp
+++ b/Source/WebCore/dom/ScriptedAnimationController.cpp
@@ -73,7 +73,7 @@ Seconds ScriptedAnimationController::interval() const
 
 Seconds ScriptedAnimationController::preferredScriptedAnimationInterval() const
 {
-    auto* page = this->page();
+    RefPtr page = this->page();
     if (!page)
         return FullSpeedAnimationInterval;
 
@@ -90,7 +90,7 @@ OptionSet<ThrottlingReason> ScriptedAnimationController::throttlingReasons() con
 
 bool ScriptedAnimationController::isThrottledRelativeToPage() const
 {
-    if (auto* page = this->page())
+    if (RefPtr page = this->page())
         return preferredScriptedAnimationInterval() > page->preferredRenderingUpdateInterval();
     return false;
 }
@@ -165,13 +165,13 @@ void ScriptedAnimationController::serviceRequestAnimationFrameCallbacks(ReducedR
             continue;
         callback->m_firedOrCancelled = true;
 
-        if (userGestureTokenToForward && userGestureTokenToForward->hasExpired(UserGestureToken::maximumIntervalForUserGestureForwarding))
+        if (userGestureTokenToForward && Ref { *userGestureTokenToForward }->hasExpired(UserGestureToken::maximumIntervalForUserGestureForwarding))
             userGestureTokenToForward = nullptr;
         UserGestureIndicator gestureIndicator(userGestureTokenToForward);
 
         auto identifier = callback->m_id;
         InspectorInstrumentation::willFireAnimationFrame(document, identifier);
-        callback->handleEvent(highResNowMs);
+        Ref { callback }->handleEvent(highResNowMs);
         InspectorInstrumentation::didFireAnimationFrame(document, identifier);
     }
 

From d67d36afa34ac87781e935cafd75a758aa2309b4 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 10:36:38 -0800
Subject: [PATCH 061/174] Address safer CPP failures in DocumentLoader.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288244

Reviewed by Geoffrey Garen.

* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::mainResourceData const):
(WebCore::DocumentLoader::stopLoading):
(WebCore::DocumentLoader::notifyFinished):
(WebCore::DocumentLoader::finishedLoading):
(WebCore::DocumentLoader::handleSubstituteDataLoadNow):
(WebCore::DocumentLoader::matchRegistration):
(WebCore::DocumentLoader::redirectReceived):
(WebCore::DocumentLoader::willSendRequest):
(WebCore::DocumentLoader::doCrossOriginOpenerHandlingOfResponse):
(WebCore::DocumentLoader::tryLoadingSubstituteData):
(WebCore::DocumentLoader::tryLoadingRedirectRequestFromApplicationCache):
(WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):
(WebCore::DocumentLoader::responseReceived):
(WebCore::DocumentLoader::continueAfterContentPolicy):
(WebCore::DocumentLoader::commitLoad):
(WebCore::DocumentLoader::commitData):
(WebCore::DocumentLoader::setupForReplace):
(WebCore::DocumentLoader::checkLoadComplete):
(WebCore::DocumentLoader::detachFromFrame):
(WebCore::DocumentLoader::loadApplicationManifest):
(WebCore::DocumentLoader::isLoadingInAPISense const):
(WebCore::DocumentLoader::maybeCreateArchive):
(WebCore::DocumentLoader::setArchive):
(WebCore::DocumentLoader::archiveResourceForURL const):
(WebCore::DocumentLoader::subresource const):
(WebCore::DocumentLoader::scheduleArchiveLoad):
(WebCore::DocumentLoader::documentURL const):
(WebCore::DocumentLoader::setDefersLoading):
(WebCore::DocumentLoader::isMultipartReplacingLoad const):
(WebCore::DocumentLoader::startLoadingMainResource):
(WebCore::DocumentLoader::unregisterReservedServiceWorkerClient):
(WebCore::DocumentLoader::loadMainResource):
(WebCore::DocumentLoader::cancelMainResourceLoad):
(WebCore::DocumentLoader::startIconLoading):
(WebCore::DocumentLoader::shouldOpenExternalURLsPolicyToPropagate const):
(WebCore::DocumentLoader::addConsoleMessage):
(WebCore::DocumentLoader::enqueueSecurityPolicyViolationEvent):
* Source/WebCore/loader/DocumentLoader.h:
* Source/WebCore/loader/SubresourceLoader.h:
* Source/WebCore/loader/SubstituteData.h:
(WebCore::SubstituteData::content const):
(WebCore::SubstituteData::protectedContent const):
* Source/WebCore/loader/SubstituteResource.h:
(WebCore::SubstituteResource::protectedData const):
* Source/WebCore/page/Frame.cpp:
(WebCore::Frame::pageID const): Deleted.
* Source/WebCore/page/Frame.h:
* Source/WebCore/page/Page.h:
(WebCore::Frame::pageID const):
* Source/WebCore/workers/service/ServiceWorkerProvider.cpp:
(WebCore::ServiceWorkerProvider::protectedServiceWorkerConnection):
* Source/WebCore/workers/service/ServiceWorkerProvider.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:

Canonical link: https://commits.webkit.org/290882@main
---
 .../UncountedCallArgsCheckerExpectations      |   1 -
 ...UncountedLambdaCapturesCheckerExpectations |   1 -
 .../UncountedLocalVarsCheckerExpectations     |   1 -
 Source/WebCore/loader/DocumentLoader.cpp      | 346 +++++++++---------
 Source/WebCore/loader/DocumentLoader.h        |   4 +-
 Source/WebCore/loader/ImageLoader.cpp         |   1 +
 Source/WebCore/loader/SubresourceLoader.h     |  10 +-
 Source/WebCore/loader/SubstituteData.h        |   3 +-
 Source/WebCore/loader/SubstituteResource.h    |   1 +
 Source/WebCore/page/Frame.cpp                 |   7 -
 Source/WebCore/page/Frame.h                   |   2 +-
 Source/WebCore/page/Page.h                    |   7 +
 .../workers/service/ServiceWorkerProvider.cpp |   5 +
 .../workers/service/ServiceWorkerProvider.h   |   1 +
 .../WebCoreArgumentCoders.serialization.in    |   2 +-
 .../WebResourceLoadScheduler.cpp              |   1 +
 16 files changed, 210 insertions(+), 183 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 7d8e525bb5a0b..f8aae76ed5592 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -881,7 +881,6 @@ loader/ApplicationManifestLoader.cpp
 loader/CrossOriginAccessControl.cpp
 loader/CrossOriginOpenerPolicy.cpp
 loader/CrossOriginPreflightChecker.cpp
-loader/DocumentLoader.cpp
 loader/DocumentThreadableLoader.cpp
 loader/DocumentWriter.cpp
 loader/FormSubmission.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index e9c5d4c2fc276..968c1cbaba467 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -112,7 +112,6 @@ html/track/TrackListBase.cpp
 html/track/VTTCue.cpp
 inspector/InspectorOverlay.cpp
 inspector/agents/page/PageDOMDebuggerAgent.cpp
-loader/DocumentLoader.cpp
 loader/FrameLoader.cpp
 loader/NetscapePlugInStreamLoader.cpp
 loader/ResourceLoader.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 238f32dbd93de..5257588866d69 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -485,7 +485,6 @@ layout/formattingContexts/inline/InlineLineBoxBuilder.cpp
 layout/integration/inline/LayoutIntegrationLineLayout.cpp
 layout/layouttree/LayoutTreeBuilder.cpp
 loader/ApplicationManifestLoader.cpp
-loader/DocumentLoader.cpp
 loader/FrameLoader.cpp
 loader/NavigationAction.cpp
 loader/NavigationScheduler.cpp
diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
index 1dec32ca97919..858e5866d005b 100644
--- a/Source/WebCore/loader/DocumentLoader.cpp
+++ b/Source/WebCore/loader/DocumentLoader.cpp
@@ -228,7 +228,7 @@ DocumentLoader::~DocumentLoader()
 RefPtr<FragmentedSharedBuffer> DocumentLoader::mainResourceData() const
 {
     if (m_substituteData.isValid())
-        return m_substituteData.content()->copy();
+        return m_substituteData.protectedContent()->copy();
     if (m_mainResource)
         return m_mainResource->resourceBuffer();
     return nullptr;
@@ -329,11 +329,11 @@ void DocumentLoader::stopLoading()
 {
     DOCUMENTLOADER_RELEASE_LOG_FORWARDABLE(DOCUMENTLOADER_STOPLOADING);
 
-    ASSERT(m_frame);
-    if (!m_frame)
+    RefPtr frame = m_frame.get();
+    ASSERT(frame);
+    if (!frame)
         return;
 
-    RefPtr protectedFrame { m_frame.get() };
     Ref<DocumentLoader> protectedThis(*this);
 
     // In some rare cases, calling FrameLoader::stopLoading could cause isLoading() to return false.
@@ -344,10 +344,9 @@ void DocumentLoader::stopLoading()
     if (m_committed) {
         // Attempt to stop the frame if the document loader is loading, or if it is done loading but
         // still  parsing. Failure to do so can cause a world leak.
-        Document* doc = m_frame->document();
-        
-        if (loading || doc->parsing())
-            m_frame->loader().stopLoading(UnloadEventPolicy::None);
+        RefPtr document = frame->document();
+        if (loading || document->parsing())
+            frame->loader().stopLoading(UnloadEventPolicy::None);
     }
 
     for (auto& callback : m_iconLoaders.values())
@@ -364,11 +363,11 @@ void DocumentLoader::stopLoading()
     // Always cancel multipart loaders
     cancelAll(m_multipartSubresourceLoaders);
 
-    if (auto* document = this->document())
+    if (RefPtr document = this->document())
         document->suspendFontLoading();
 
     // Appcache uses ResourceHandle directly, DocumentLoader doesn't count these loads.
-    m_applicationCacheHost->stopLoadingInFrame(*m_frame);
+    m_applicationCacheHost->stopLoadingInFrame(*frame);
     
 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
     clearArchiveResources();
@@ -448,7 +447,7 @@ void DocumentLoader::notifyFinished(CachedResource& resource, const NetworkLoadM
 
     if (RefPtr document = this->document()) {
         if (RefPtr domWindow = document->domWindow())
-            domWindow->performance().navigationFinished(metrics);
+            domWindow->protectedPerformance()->navigationFinished(metrics);
     }
 
     ASSERT_UNUSED(resource, m_mainResource == &resource);
@@ -494,7 +493,8 @@ void DocumentLoader::finishedLoading()
     timing().markEndTime();
     
     commitIfReady();
-    if (!frameLoader())
+    RefPtr frameLoader = this->frameLoader();
+    if (!frameLoader)
         return;
 
     if (!maybeCreateArchive()) {
@@ -503,9 +503,10 @@ void DocumentLoader::finishedLoading()
         if (!m_gotFirstByte)
             commitData(SharedBuffer::create());
 
-        if (!frameLoader())
+        frameLoader = this->frameLoader();
+        if (!frameLoader)
             return;
-        Ref frameLoaderClient = frameLoader()->client();
+        Ref frameLoaderClient = frameLoader->client();
         frameLoaderClient->finishedLoading(this);
         frameLoaderClient->loadStorageAccessQuirksIfNeeded();
     }
@@ -514,10 +515,12 @@ void DocumentLoader::finishedLoading()
     if (!m_mainDocumentError.isNull())
         return;
     clearMainResourceLoader();
-    if (!frameLoader())
+
+    frameLoader = this->frameLoader();
+    if (!frameLoader)
         return;
-    if (!protectedFrameLoader()->stateMachine().creatingInitialEmptyDocument())
-        frameLoader()->checkLoadComplete();
+    if (!frameLoader->stateMachine().creatingInitialEmptyDocument())
+        frameLoader->checkLoadComplete();
 
     m_applicationCacheHost->finishedLoadingMainResource();
 }
@@ -561,7 +564,7 @@ void DocumentLoader::handleSubstituteDataLoadNow()
         response = ResourceResponse(m_request.url(), m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
 
 #if ENABLE(CONTENT_EXTENSIONS)
-    if (auto* page = m_frame ? m_frame->page() : nullptr) {
+    if (RefPtr page = m_frame ? m_frame->page() : nullptr) {
         // We intentionally do nothing with the results of this call.
         // We want the CSS to be loaded for us, but we ignore any attempt to block or upgrade the connection since there is no connection.
         page->protectedUserContentProvider()->processContentRuleListsForLoad(*page, response.url(), ContentExtensions::ResourceType::Document, *this);
@@ -589,14 +592,15 @@ void DocumentLoader::matchRegistration(const URL& url, SWClientConnection::Regis
         return;
     }
 
-    auto origin = (!m_frame->isMainFrame() && m_frame->document()) ? m_frame->document()->topOrigin().data() : SecurityOriginData::fromURL(url);
-    if (!ServiceWorkerProvider::singleton().serviceWorkerConnection().mayHaveServiceWorkerRegisteredForOrigin(origin)) {
+    RefPtr frame = m_frame.get();
+    auto origin = (!frame->isMainFrame() && frame->document()) ? frame->protectedDocument()->topOrigin().data() : SecurityOriginData::fromURL(url);
+    if (!ServiceWorkerProvider::singleton().protectedServiceWorkerConnection()->mayHaveServiceWorkerRegisteredForOrigin(origin)) {
         callback(std::nullopt);
         return;
     }
 
-    auto& connection = ServiceWorkerProvider::singleton().serviceWorkerConnection();
-    connection.matchRegistration(WTFMove(origin), url, WTFMove(callback));
+    Ref connection = ServiceWorkerProvider::singleton().serviceWorkerConnection();
+    connection->matchRegistration(WTFMove(origin), url, WTFMove(callback));
 }
 
 void DocumentLoader::redirectReceived(CachedResource& resource, ResourceRequest&& request, const ResourceResponse& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
@@ -622,7 +626,7 @@ void DocumentLoader::redirectReceived(ResourceRequest&& request, const ResourceR
         if (m_applicationCacheHost->canLoadMainResource(request)) {
             auto url = request.url();
             // Let's check service worker registration to see whether loading from network or not.
-            this->matchRegistration(url, [request = WTFMove(request), completionHandler = WTFMove(completionHandler), protectedThis = WTFMove(protectedThis), this](auto&& registrationData) mutable {
+            this->matchRegistration(url, [request = WTFMove(request), completionHandler = WTFMove(completionHandler), protectedThis = Ref { *this }, this](auto&& registrationData) mutable {
                 if (!m_mainDocumentError.isNull() || !m_frame) {
                     completionHandler({ });
                     return;
@@ -658,11 +662,12 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
         return completionHandler(WTFMove(newRequest));
     }
 
+    RefPtr frame = m_frame.get();
     if (auto requester = m_triggeringAction.requester(); requester && requester->documentIdentifier) {
         if (RefPtr requestingDocument = Document::allDocumentsMap().get(requester->documentIdentifier); requestingDocument && requestingDocument->frame()) {
-            if (m_frame && requestingDocument->isNavigationBlockedByThirdPartyIFrameRedirectBlocking(*m_frame, newRequest.url())) {
+            if (frame && requestingDocument->isNavigationBlockedByThirdPartyIFrameRedirectBlocking(*frame, newRequest.url())) {
                 DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - cross-site redirect of top frame triggered by third-party iframe");
-                if (RefPtr document = m_frame->document()) {
+                if (RefPtr document = frame->document()) {
                     auto message = makeString("Unsafe JavaScript attempt to initiate navigation for frame with URL '"_s
                         , document->url().string()
                         , "' from frame with URL '"_s
@@ -681,8 +686,8 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
         if (newRequest.url().protocolIsAbout() || newRequest.url().protocolIsData()) {
             DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - redirecting URL scheme is not allowed");
             loadErrorDocument();
-            if (m_frame && m_frame->document())
-                m_frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Not allowed to redirect to "_s, newRequest.url().stringCenterEllipsizedToLength(), " due to its scheme"_s));
+            if (frame && frame->document())
+                frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Not allowed to redirect to "_s, newRequest.url().stringCenterEllipsizedToLength(), " due to its scheme"_s));
 
             if (RefPtr frameLoader = this->frameLoader())
                 cancelMainResourceLoad(frameLoader->blockedError(newRequest));
@@ -693,41 +698,42 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
         Ref<SecurityOrigin> redirectingOrigin(SecurityOrigin::create(redirectResponse.url()));
         if (!redirectingOrigin.get().canDisplay(newRequest.url(), OriginAccessPatternsForWebProcess::singleton())) {
             DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - redirecting URL not allowed to display content from target");
-            FrameLoader::reportLocalLoadFailed(m_frame.get(), newRequest.url().string());
+            FrameLoader::reportLocalLoadFailed(frame.get(), newRequest.url().string());
             cancelMainResourceLoad(protectedFrameLoader()->cancelledError(newRequest));
             return completionHandler(WTFMove(newRequest));
         }
         if (!portAllowed(newRequest.url())) {
             DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - redirecting to a URL with a blocked port");
-            if (m_frame)
-                FrameLoader::reportBlockedLoadFailed(*m_frame, newRequest.url());
+            if (frame)
+                FrameLoader::reportBlockedLoadFailed(*frame, newRequest.url());
             cancelMainResourceLoad(protectedFrameLoader()->blockedError(newRequest));
             return completionHandler(WTFMove(newRequest));
         }
         if (isIPAddressDisallowed(newRequest.url())) {
             DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - redirecting to a URL with a disallowed IP address");
-            if (m_frame)
-                FrameLoader::reportBlockedLoadFailed(*m_frame, newRequest.url());
+            if (frame)
+                FrameLoader::reportBlockedLoadFailed(*frame, newRequest.url());
             cancelMainResourceLoad(protectedFrameLoader()->blockedError(newRequest));
             return completionHandler(WTFMove(newRequest));
         }
     }
 
-    ASSERT(m_frame);
+    ASSERT(frame);
 
-    auto* topFrame = dynamicDowncast<LocalFrame>(m_frame->tree().top());
+    RefPtr topFrame = dynamicDowncast<LocalFrame>(frame->tree().top());
 
-    ASSERT(m_frame->document());
+    RefPtr document = frame->document();
+    ASSERT(document);
     
     // Update cookie policy base URL as URL changes, except for subframes, which use the
     // URL of the main frame which doesn't change when we redirect.
-    if (m_frame->isMainFrame())
+    if (frame->isMainFrame())
         newRequest.setFirstPartyForCookies(newRequest.url());
 
-    FrameLoader::addSameSiteInfoToRequestIfNeeded(newRequest, m_frame->document());
+    FrameLoader::addSameSiteInfoToRequestIfNeeded(newRequest, document.get());
 
     if (!didReceiveRedirectResponse)
-        protectedFrameLoader()->protectedClient()->dispatchWillChangeDocument(m_frame->document()->url(), newRequest.url());
+        protectedFrameLoader()->protectedClient()->dispatchWillChangeDocument(document->url(), newRequest.url());
 
     // If we're fielding a redirect in response to a POST, force a load from origin, since
     // this is a common site technique to return to a page viewing some data that the POST
@@ -739,9 +745,9 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
     if (isRedirectToGetAfterPost(m_request, newRequest))
         newRequest.clearHTTPOrigin();
 
-    if (topFrame && topFrame != m_frame) {
+    if (topFrame && topFrame != frame.get()) {
         // We shouldn't check for mixed content against the current frame when navigating; we only need to be concerned with the ancestor frames.
-        auto* parentFrame = dynamicDowncast<LocalFrame>(m_frame->tree().parent());
+        RefPtr parentFrame = dynamicDowncast<LocalFrame>(frame->tree().parent());
         if (!parentFrame)
             return completionHandler(WTFMove(newRequest));
 
@@ -767,7 +773,7 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
     if (!didReceiveRedirectResponse)
         return completionHandler(WTFMove(newRequest));
 
-    auto navigationPolicyCompletionHandler = [this, protectedThis = Ref { *this }, protectedFrame = Ref { *m_frame }, completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request, WeakPtr<FormState>&&, NavigationPolicyDecision navigationPolicyDecision) mutable {
+    auto navigationPolicyCompletionHandler = [this, protectedThis = Ref { *this }, frame, completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request, WeakPtr<FormState>&&, NavigationPolicyDecision navigationPolicyDecision) mutable {
         m_waitingForNavigationPolicy = false;
         switch (navigationPolicyDecision) {
         case NavigationPolicyDecision::IgnoreLoad:
@@ -786,7 +792,7 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
 
     // FIXME: Add a load type check.
     auto& policyChecker = frameLoader()->policyChecker();
-    RELEASE_ASSERT(!isBackForwardLoadType(policyChecker.loadType()) || m_frame->loader().history().provisionalItem());
+    RELEASE_ASSERT(!isBackForwardLoadType(policyChecker.loadType()) || frame->loader().history().provisionalItem());
     policyChecker.checkNavigationPolicy(WTFMove(newRequest), redirectResponse, WTFMove(navigationPolicyCompletionHandler));
 }
 
@@ -794,19 +800,21 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
 std::optional<CrossOriginOpenerPolicyEnforcementResult> DocumentLoader::doCrossOriginOpenerHandlingOfResponse(const ResourceResponse& response)
 {
     // COOP only applies to top-level browsing contexts.
-    if (!m_frame->isMainFrame())
+    RefPtr frame = m_frame.get();
+    if (!frame->isMainFrame())
         return std::nullopt;
 
-    if (!m_frame->document() || !m_frame->document()->settings().crossOriginOpenerPolicyEnabled())
+    RefPtr document = frame->document();
+    if (!document || !frame->document()->settings().crossOriginOpenerPolicyEnabled())
         return std::nullopt;
 
     URL openerURL;
-    if (auto openerFrame = dynamicDowncast<LocalFrame>(m_frame->opener()))
+    if (RefPtr openerFrame = dynamicDowncast<LocalFrame>(frame->opener()))
         openerURL = openerFrame->document() ? openerFrame->document()->url() : URL();
 
-    auto currentCoopEnforcementResult = CrossOriginOpenerPolicyEnforcementResult::from(m_frame->document()->url(), m_frame->document()->securityOrigin(), m_frame->document()->crossOriginOpenerPolicy(), m_triggeringAction.requester(), openerURL);
+    auto currentCoopEnforcementResult = CrossOriginOpenerPolicyEnforcementResult::from(document->url(), document->securityOrigin(), document->crossOriginOpenerPolicy(), m_triggeringAction.requester(), openerURL);
 
-    auto newCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(*m_frame->document(), response, m_triggeringAction.requester(), m_contentSecurityPolicy.get(), m_frame->effectiveSandboxFlags(), m_request.httpReferrer(), frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), currentCoopEnforcementResult);
+    auto newCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(*document, response, m_triggeringAction.requester(), m_contentSecurityPolicy.get(), frame->effectiveSandboxFlags(), m_request.httpReferrer(), frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), currentCoopEnforcementResult);
     if (!newCoopEnforcementResult) {
         cancelMainResourceLoad(protectedFrameLoader()->cancelledError(m_request));
         return std::nullopt;
@@ -840,11 +848,11 @@ bool DocumentLoader::tryLoadingSubstituteData()
     if (!m_deferMainResourceDataLoad || protectedFrameLoader()->loadsSynchronously())
         handleSubstituteDataLoadNow();
     else {
-        auto loadData = [this, weakDataLoadToken = WeakPtr { m_dataLoadToken }] {
-            if (!weakDataLoadToken)
-                return;
-            m_dataLoadToken.clear();
-            handleSubstituteDataLoadNow();
+        auto loadData = [weakThis = WeakPtr { *this }] {
+            if (RefPtr protectedThis = weakThis.get()) {
+                protectedThis->m_dataLoadToken.clear();
+                protectedThis->handleSubstituteDataLoadNow();
+            }
         };
 
 #if USE(COCOA_EVENT_LOOP)
@@ -864,7 +872,7 @@ bool DocumentLoader::tryLoadingRedirectRequestFromApplicationCache(const Resourc
         return false;
 
     RELEASE_ASSERT(m_mainResource);
-    auto* loader = m_mainResource->loader();
+    RefPtr loader = m_mainResource->loader();
     m_identifierForLoadWithoutResourceLoader = loader ? loader->identifier() : m_mainResource->identifierForLoadWithoutResourceLoader();
 
     // We need to remove our reference to the CachedResource in favor of a SubstituteData load, which can triger the cancellation of the underyling ResourceLoader.
@@ -889,7 +897,7 @@ bool DocumentLoader::tryLoadingRedirectRequestFromApplicationCache(const Resourc
 void DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(ResourceLoaderIdentifier identifier, const ResourceResponse& response)
 {
     Ref<DocumentLoader> protectedThis { *this };
-    InspectorInstrumentation::continueAfterXFrameOptionsDenied(*m_frame, identifier, *this, response);
+    InspectorInstrumentation::continueAfterXFrameOptionsDenied(*protectedFrame(), identifier, *this, response);
 
     loadErrorDocument();
 
@@ -912,31 +920,32 @@ void DocumentLoader::responseReceived(CachedResource& resource, const ResourceRe
 {
     ASSERT_UNUSED(resource, m_mainResource == &resource);
 
+    RefPtr frame = m_frame.get();
     if (shouldClearContentSecurityPolicyForResponse(response))
         m_contentSecurityPolicy = nullptr;
     else {
         ReportingClient* reportingClient = nullptr;
-        if (m_frame && m_frame->document())
-            reportingClient = m_frame->document();
+        if (frame && frame->document())
+            reportingClient = frame->document();
 
         if (!m_contentSecurityPolicy)
             m_contentSecurityPolicy = makeUnique<ContentSecurityPolicy>(URL { response.url() }, nullptr, reportingClient);
         m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders { response }, m_request.httpReferrer(), ContentSecurityPolicy::ReportParsingErrors::No);
     }
-    if (m_frame && m_frame->document() && m_frame->document()->settings().crossOriginOpenerPolicyEnabled())
+    if (frame && frame->document() && frame->document()->settings().crossOriginOpenerPolicyEnabled())
         m_responseCOOP = obtainCrossOriginOpenerPolicy(response);
 
-    if (m_frame->settings().clearSiteDataHTTPHeaderEnabled())
+    if (frame->settings().clearSiteDataHTTPHeaderEnabled())
         m_responseClearSiteDataValues = parseClearSiteDataHeader(response);
 
     // FIXME(218779): Remove this quirk once microsoft.com completes their login flow redesign.
-    if (m_frame && m_frame->document()) {
-        auto& document = *m_frame->document();
+    if (frame && frame->document()) {
+        Ref document = *frame->document();
         if (Quirks::isMicrosoftTeamsRedirectURL(response.url())) {
             auto firstPartyDomain = RegistrableDomain(response.url());
             if (auto loginDomains = NetworkStorageSession::subResourceDomainsInNeedOfStorageAccessForFirstParty(firstPartyDomain)) {
                 if (!Quirks::hasStorageAccessForAllLoginDomains(*loginDomains, firstPartyDomain)) {
-                    m_frame->protectedNavigationScheduler()->scheduleRedirect(document, 0, microsoftTeamsRedirectURL(), IsMetaRefresh::No);
+                    frame->protectedNavigationScheduler()->scheduleRedirect(document, 0, microsoftTeamsRedirectURL(), IsMetaRefresh::No);
                     return;
                 }
             }
@@ -984,9 +993,10 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi
 
     if (m_substituteData.isValid() || !platformStrategies()->loaderStrategy()->havePerformedSecurityChecks(response)) {
         auto url = response.url();
-        ContentSecurityPolicy contentSecurityPolicy(URL { url }, this, m_frame->document());
+        RefPtr frame = m_frame.get();
+        ContentSecurityPolicy contentSecurityPolicy(URL { url }, this, frame->document());
         contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders { response }, m_request.httpReferrer());
-        if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) {
+        if (!contentSecurityPolicy.allowFrameAncestors(*frame, url)) {
             stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response);
             return;
         }
@@ -996,7 +1006,7 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi
             if (!frameOptions.isNull()) {
                 if (protectedFrameLoader()->shouldInterruptLoadForXFrameOptions(frameOptions, url, identifier)) {
                     auto message = makeString("Refused to display '"_s, url.stringCenterEllipsizedToLength(), "' in a frame because it set 'X-Frame-Options' to '"_s, frameOptions, "'."_s);
-                    m_frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier.toUInt64());
+                    frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier.toUInt64());
                     stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response);
                     return;
                 }
@@ -1118,7 +1128,8 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
     if (isStopping())
         return;
 
-    if (!m_frame) {
+    RefPtr frame = m_frame.get();
+    if (!frame) {
         DOCUMENTLOADER_RELEASE_LOG("continueAfterContentPolicy: policyAction=%i received by DocumentLoader with null frame", (int)policy);
         return;
     }
@@ -1142,10 +1153,10 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
             return;
         }
 
-        if (ResourceLoader* mainResourceLoader = this->mainResourceLoader())
-            InspectorInstrumentation::continueWithPolicyDownload(*m_frame, *mainResourceLoader->identifier(), *this, m_response);
+        if (RefPtr mainResourceLoader = this->mainResourceLoader())
+            InspectorInstrumentation::continueWithPolicyDownload(*frame, *mainResourceLoader->identifier(), *this, m_response);
 
-        if (!m_frame->effectiveSandboxFlags().contains(SandboxFlag::Downloads)) {
+        if (!frame->effectiveSandboxFlags().contains(SandboxFlag::Downloads)) {
             // When starting the request, we didn't know that it would result in download and not navigation. Now we know that main document URL didn't change.
             // Download may use this knowledge for purposes unrelated to cookies, notably for setting file quarantine data.
             protectedFrameLoader()->setOriginalURLForDownloadRequest(m_request);
@@ -1155,12 +1166,12 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
                 protectedFrameLoader()->protectedClient()->startDownload(m_request);
             } else
                 protectedFrameLoader()->protectedClient()->convertMainResourceLoadToDownload(this, m_request, m_response);
-        } else if (m_frame && m_frame->document())
-            m_frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to download due to sandboxing"_s);
+        } else if (frame->document())
+            frame->protectedDocument()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to download due to sandboxing"_s);
 
         // The main resource might be loading from the memory cache, or its loader might have gone missing.
-        if (mainResourceLoader()) {
-            static_cast<ResourceLoader*>(mainResourceLoader())->didFail(interruptedForPolicyChangeError());
+        if (RefPtr loader = mainResourceLoader()) {
+            loader->didFail(interruptedForPolicyChangeError());
             return;
         }
 
@@ -1175,8 +1186,8 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
         FALLTHROUGH;
 #endif
     case PolicyAction::Ignore:
-        if (ResourceLoader* mainResourceLoader = this->mainResourceLoader())
-            InspectorInstrumentation::continueWithPolicyIgnore(*m_frame, *mainResourceLoader->identifier(), *this, m_response);
+        if (RefPtr mainResourceLoader = this->mainResourceLoader())
+            InspectorInstrumentation::continueWithPolicyIgnore(*frame, *mainResourceLoader->identifier(), *this, m_response);
         stopLoadingForPolicyChange();
         return;
     }
@@ -1184,7 +1195,7 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
     if (m_response.isInHTTPFamily()) {
         int status = m_response.httpStatusCode(); // Status may be zero when loading substitute data, in particular from a WebArchive.
         if (status && (status < 200 || status >= 300)) {
-            if (RefPtr owner = dynamicDowncast<HTMLObjectElement>(m_frame->ownerElement())) {
+            if (RefPtr owner = dynamicDowncast<HTMLObjectElement>(frame->ownerElement())) {
                 owner->renderFallbackContent();
                 // object elements are no longer rendered after we fallback, so don't
                 // keep trying to process data from their load
@@ -1194,7 +1205,7 @@ void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
     }
 
     if (!isStopping() && m_substituteData.isValid() && isLoadingMainResource()) {
-        auto content = m_substituteData.content();
+        RefPtr content = m_substituteData.content();
         if (content && content->size()) {
             content->forEachSegmentAsSharedBuffer([&](auto&& buffer) {
                 dataReceived(buffer);
@@ -1225,10 +1236,11 @@ void DocumentLoader::commitLoad(const SharedBuffer& data)
     if (ArchiveFactory::isArchiveMIMEType(response().mimeType()))
         return;
 #endif
-    frameLoader->client().committedLoad(this, data);
+    Ref client = frameLoader->client();
+    client->committedLoad(this, data);
 
     if (isMultipartReplacingLoad())
-        frameLoader->client().didReplaceMultipartContent();
+        client->didReplaceMultipartContent();
 }
 
 ResourceError DocumentLoader::interruptedForPolicyChangeError() const
@@ -1278,14 +1290,14 @@ void DocumentLoader::commitData(const SharedBuffer& data)
         RefPtr frame = m_frame.get();
         RefPtr documentOrNull = frame ? frame->document() : nullptr;
 
-        auto scope = makeScopeExit([&] {
+        auto scope = makeScopeExit([this, protectedThis = Ref { *this }, documentOrNull] {
             if (auto createdCallback = std::exchange(m_whenDocumentIsCreatedCallback, { }))
                 createdCallback(isInFinishedLoadingOfEmptyDocument() ? nullptr : documentOrNull.get());
         });
 
         if (!documentOrNull)
             return;
-        auto& document = *documentOrNull;
+        Ref document = *documentOrNull;
         ASSERT(frame);
 
 #if ENABLE(CONTENT_EXTENSIONS)
@@ -1293,7 +1305,7 @@ void DocumentLoader::commitData(const SharedBuffer& data)
             URL url = documentURL();
 
             if (!url.isEmpty() && url.protocolIsInHTTPFamily())
-                document.protectedResourceMonitor()->setDocumentURL(WTFMove(url));
+                document->protectedResourceMonitor()->setDocumentURL(WTFMove(url));
         }
 #endif
 
@@ -1302,36 +1314,36 @@ void DocumentLoader::commitData(const SharedBuffer& data)
             // load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756
             // and https://bugs.webkit.org/show_bug.cgi?id=19760 for further
             // discussion.
-            document.securityOrigin().grantLoadLocalResources();
+            document->protectedSecurityOrigin()->grantLoadLocalResources();
         }
 
         if (protectedFrameLoader()->stateMachine().creatingInitialEmptyDocument())
             return;
 
 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
-        if (m_archive && m_archive->shouldOverrideBaseURL())
-            document.setBaseURLOverride(m_archive->mainResource()->url());
+        if (RefPtr archive = m_archive; archive && archive->shouldOverrideBaseURL())
+            document->setBaseURLOverride(archive->mainResource()->url());
 #endif
         if (m_canUseServiceWorkers) {
-            if (!document.securityOrigin().isOpaque()) {
+            if (!document->securityOrigin().isOpaque()) {
                 if (m_serviceWorkerRegistrationData && m_serviceWorkerRegistrationData->activeWorker) {
-                    document.setActiveServiceWorker(ServiceWorker::getOrCreate(document, WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
+                    document->setActiveServiceWorker(ServiceWorker::getOrCreate(document, WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
                     m_serviceWorkerRegistrationData = { };
-                } else if (auto* parent = document.parentDocument()) {
+                } else if (RefPtr parent = document->parentDocument()) {
                     if (shouldUseActiveServiceWorkerFromParent(document, *parent))
-                        document.setActiveServiceWorker(parent->activeServiceWorker());
+                        document->setActiveServiceWorker(parent->activeServiceWorker());
                 }
             } else if (m_resultingClientId) {
                 // In case document has an opaque origin, say due to sandboxing, we should have created a new context, let's create a new identifier instead.
-                if (document.securityOrigin().isOpaque())
-                    document.createNewIdentifier();
+                if (document->securityOrigin().isOpaque())
+                    document->createNewIdentifier();
             }
 
-            if (m_frame->document()->activeServiceWorker() || document.url().protocolIsInHTTPFamily() || (document.page() && document.page()->isServiceWorkerPage()) || (document.parentDocument() && shouldUseActiveServiceWorkerFromParent(document, *document.parentDocument())))
-                document.setServiceWorkerConnection(&ServiceWorkerProvider::singleton().serviceWorkerConnection());
+            if (m_frame->document()->activeServiceWorker() || document->url().protocolIsInHTTPFamily() || (document->page() && document->page()->isServiceWorkerPage()) || (document->parentDocument() && shouldUseActiveServiceWorkerFromParent(document, *document->protectedParentDocument())))
+                document->setServiceWorkerConnection(&ServiceWorkerProvider::singleton().serviceWorkerConnection());
 
             if (m_resultingClientId) {
-                if (*m_resultingClientId != document.identifier())
+                if (*m_resultingClientId != document->identifier())
                     unregisterReservedServiceWorkerClient();
                 scriptExecutionContextIdentifierToLoaderMap().remove(*m_resultingClientId);
                 m_resultingClientId = std::nullopt;
@@ -1346,12 +1358,12 @@ void DocumentLoader::commitData(const SharedBuffer& data)
         if (!isLoading())
             return;
 
-        if (RefPtr window = document.domWindow()) {
+        if (RefPtr window = document->domWindow()) {
             window->prewarmLocalStorageIfNecessary();
 
             if (m_mainResource) {
                 auto* metrics = m_response.deprecatedNetworkLoadMetricsOrNull();
-                window->performance().addNavigationTiming(*this, document, *m_mainResource, timing(), metrics ? *metrics : NetworkLoadMetrics::emptyMetrics());
+                window->protectedPerformance()->addNavigationTiming(*this, document, *m_mainResource, timing(), metrics ? *metrics : NetworkLoadMetrics::emptyMetrics());
             }
         }
 
@@ -1361,8 +1373,8 @@ void DocumentLoader::commitData(const SharedBuffer& data)
             userChosen = DocumentWriter::IsEncodingUserChosen::No;
             encoding = response().textEncodingName();
 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
-            if (m_archive && m_archive->shouldUseMainResourceEncoding())
-                encoding = m_archive->mainResource()->textEncoding();
+            if (RefPtr archive = m_archive; archive && archive->shouldUseMainResourceEncoding())
+                encoding = archive->mainResource()->textEncoding();
 #endif
         } else {
             userChosen = DocumentWriter::IsEncodingUserChosen::Yes;
@@ -1374,9 +1386,9 @@ void DocumentLoader::commitData(const SharedBuffer& data)
 
 #if ENABLE(CONTENT_EXTENSIONS)
     if (!m_pendingNamedContentExtensionStyleSheets.isEmpty() || !m_pendingContentExtensionDisplayNoneSelectors.isEmpty()) {
-        auto& extensionStyleSheets = m_frame->document()->extensionStyleSheets();
+        auto& extensionStyleSheets = m_frame->protectedDocument()->extensionStyleSheets();
         for (auto& pendingStyleSheet : m_pendingNamedContentExtensionStyleSheets)
-            extensionStyleSheets.maybeAddContentExtensionSheet(pendingStyleSheet.key, *pendingStyleSheet.value);
+            extensionStyleSheets.maybeAddContentExtensionSheet(pendingStyleSheet.key, Ref { *pendingStyleSheet.value });
         for (auto& pendingSelectorEntry : m_pendingContentExtensionDisplayNoneSelectors) {
             for (const auto& pendingSelector : pendingSelectorEntry.value)
                 extensionStyleSheets.addDisplayNoneSelector(pendingSelectorEntry.key, pendingSelector.first, pendingSelector.second);
@@ -1431,7 +1443,7 @@ void DocumentLoader::setupForReplace()
     maybeFinishLoadingMultipartContent();
     maybeCreateArchive();
     m_writer.end();
-    frameLoader()->setReplacing();
+    protectedFrameLoader()->setReplacing();
     m_gotFirstByte = false;
 
     unregisterReservedServiceWorkerClient();
@@ -1453,7 +1465,7 @@ void DocumentLoader::checkLoadComplete()
         return;
 
     ASSERT(this == frameLoader()->activeDocumentLoader());
-    m_frame->document()->domWindow()->finishedLoading();
+    m_frame->protectedDocument()->protectedWindow()->finishedLoading();
 }
 
 void DocumentLoader::applyPoliciesToSettings()
@@ -1527,13 +1539,13 @@ void DocumentLoader::detachFromFrame(LoadWillContinueInAnotherProcess loadWillCo
 {
     DOCUMENTLOADER_RELEASE_LOG_FORWARDABLE(DOCUMENTLOADER_DETACHFROMFRAME);
 
+    RefPtr frame = m_frame.get();
 #if ASSERT_ENABLED
     if (m_hasEverBeenAttached)
-        ASSERT_WITH_MESSAGE(m_frame, "detachFromFrame() is being called on a DocumentLoader twice without an attachToFrame() inbetween");
+        ASSERT_WITH_MESSAGE(frame, "detachFromFrame() is being called on a DocumentLoader twice without an attachToFrame() inbetween");
     else
-        ASSERT_WITH_MESSAGE(m_frame, "detachFromFrame() is being called on a DocumentLoader that has never attached to any Frame");
+        ASSERT_WITH_MESSAGE(frame, "detachFromFrame() is being called on a DocumentLoader that has never attached to any Frame");
 #endif
-    RefPtr protectedFrame { m_frame.get() };
     Ref protectedThis { *this };
 
     // It never makes sense to have a document loader that is detached from its
@@ -1554,13 +1566,14 @@ void DocumentLoader::detachFromFrame(LoadWillContinueInAnotherProcess loadWillCo
     // is stopped, resulting in a recursive call into this detachFromFrame.
     // If m_frame is nullptr after cancelPolicyCheckIfNeeded, our work is
     // already done so just return.
-    if (!m_frame)
+    frame = m_frame.get();
+    if (!frame)
         return;
 
     if (auto navigationID = std::exchange(m_navigationID, { }))
-        m_frame->loader().client().documentLoaderDetached(*navigationID, loadWillContinueInAnotherProcess);
+        frame->loader().client().documentLoaderDetached(*navigationID, loadWillContinueInAnotherProcess);
 
-    InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
+    InspectorInstrumentation::loaderDetachedFromFrame(*frame, *this);
 
     observeFrame(nullptr);
 }
@@ -1592,7 +1605,7 @@ void DocumentLoader::loadApplicationManifest(CompletionHandler<void(const std::o
         m_loadApplicationManifestCallbacks.append(WTFMove(completionHandler));
 
     bool isLoading = !!m_applicationManifestLoader;
-    auto notifyIfUnableToLoad = makeScopeExit([&] {
+    auto notifyIfUnableToLoad = makeScopeExit([this, protectedThis = Ref { *this }, &isLoading] {
         if (!isLoading || m_finishedLoadingApplicationManifest)
             notifyFinishedLoadingApplicationManifest();
     });
@@ -1600,7 +1613,7 @@ void DocumentLoader::loadApplicationManifest(CompletionHandler<void(const std::o
     if (isLoading)
         return;
 
-    auto* document = this->document();
+    RefPtr document = this->document();
     if (!document)
         return;
 
@@ -1610,25 +1623,25 @@ void DocumentLoader::loadApplicationManifest(CompletionHandler<void(const std::o
     if (document->url().isEmpty() || document->url().protocolIsAbout())
         return;
 
-    auto head = document->head();
+    RefPtr head = document->head();
     if (!head)
         return;
 
     URL manifestURL;
     bool useCredentials = false;
-    for (const auto& link : childrenOfType<HTMLLinkElement>(*head)) {
-        if (!link.isApplicationManifest())
+    for (Ref link : childrenOfType<HTMLLinkElement>(*head)) {
+        if (!link->isApplicationManifest())
             continue;
 
-        auto href = link.href();
+        auto href = link->href();
         if (href.isEmpty() || !href.isValid())
             continue;
 
-        if (!link.mediaAttributeMatches())
+        if (!link->mediaAttributeMatches())
             continue;
 
         manifestURL = href;
-        useCredentials = equalLettersIgnoringASCIICase(link.attributeWithoutSynchronization(HTMLNames::crossoriginAttr), "use-credentials"_s);
+        useCredentials = equalLettersIgnoringASCIICase(link->attributeWithoutSynchronization(HTMLNames::crossoriginAttr), "use-credentials"_s);
         break;
     }
 
@@ -1672,18 +1685,18 @@ bool DocumentLoader::isLoadingInAPISense() const
     // but we still need to consider subframes.
     if (frameLoader()->state() != FrameState::Complete) {
         ASSERT(m_frame->document());
-        auto& document = *m_frame->document();
-        if ((isLoadingMainResource() || !document.loadEventFinished()) && isLoading())
+        Ref document = *m_frame->document();
+        if ((isLoadingMainResource() || !document->loadEventFinished()) && isLoading())
             return true;
         if (m_cachedResourceLoader->requestCount())
             return true;
-        if (document.isDelayingLoadEvent())
+        if (document->isDelayingLoadEvent())
             return true;
-        if (document.processingLoadEvent())
+        if (document->processingLoadEvent())
             return true;
-        if (document.hasActiveParser())
+        if (document->hasActiveParser())
             return true;
-        auto* scriptableParser = document.scriptableDocumentParser();
+        RefPtr scriptableParser = document->scriptableDocumentParser();
         if (scriptableParser && scriptableParser->hasScriptsWaitingForStylesheets())
             return true;
     }
@@ -1696,18 +1709,20 @@ bool DocumentLoader::maybeCreateArchive()
     return false;
 #else
     // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
-    m_archive = ArchiveFactory::create(m_response.url(), mainResourceData().get(), m_response.mimeType());
-    if (!m_archive)
+    RefPtr archive = ArchiveFactory::create(m_response.url(), mainResourceData().get(), m_response.mimeType());
+    m_archive = archive.copyRef();
+    if (!archive)
         return false;
     
-    addAllArchiveResources(*m_archive);
-    ASSERT(m_archive->mainResource());
-    auto& mainResource = *m_archive->mainResource();
-    m_parsedArchiveData = mainResource.data().makeContiguous();
-    m_writer.setMIMEType(mainResource.mimeType());
+    addAllArchiveResources(*archive);
+    ASSERT(archive->mainResource());
+    Ref mainResource = *archive->mainResource();
+    Ref parsedArchiveData = mainResource->protectedData()->makeContiguous();
+    m_parsedArchiveData = parsedArchiveData.copyRef();
+    m_writer.setMIMEType(mainResource->mimeType());
 
     ASSERT(m_frame->document());
-    commitData(*m_parsedArchiveData);
+    commitData(parsedArchiveData);
     return true;
 #endif
 }
@@ -1716,8 +1731,8 @@ bool DocumentLoader::maybeCreateArchive()
 
 void DocumentLoader::setArchive(Ref<Archive>&& archive)
 {
-    m_archive = WTFMove(archive);
-    addAllArchiveResources(*m_archive);
+    m_archive = archive.copyRef();
+    addAllArchiveResources(archive);
 }
 
 void DocumentLoader::addAllArchiveResources(Archive& archive)
@@ -1754,11 +1769,11 @@ SharedBuffer* DocumentLoader::parsedArchiveData() const
 
 #endif // ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
 
-ArchiveResource* DocumentLoader::archiveResourceForURL(const URL& url) const
+RefPtr<ArchiveResource> DocumentLoader::archiveResourceForURL(const URL& url) const
 {
     if (!m_archiveResourceCollection)
         return nullptr;
-    auto* resource = m_archiveResourceCollection->archiveResourceForURL(url);
+    RefPtr resource = m_archiveResourceCollection->archiveResourceForURL(url);
     if (!resource || resource->shouldIgnoreWhenUnarchiving())
         return nullptr;
     return resource;
@@ -1785,11 +1800,11 @@ RefPtr<ArchiveResource> DocumentLoader::subresource(const URL& url) const
     if (resource->type() == CachedResource::Type::MainResource)
         return nullptr;
 
-    auto* data = resource->resourceBuffer();
+    RefPtr data = resource->resourceBuffer();
     if (!data)
         return nullptr;
 
-    return ArchiveResource::create(data, url, resource->response());
+    return ArchiveResource::create(data.get(), url, resource->response());
 }
 
 Vector<Ref<ArchiveResource>> DocumentLoader::subresources() const
@@ -1862,12 +1877,13 @@ void DocumentLoader::cancelPendingSubstituteLoad(ResourceLoader* loader)
 
 bool DocumentLoader::scheduleArchiveLoad(ResourceLoader& loader, const ResourceRequest& request)
 {
-    if (auto* resource = archiveResourceForURL(request.url())) {
+    if (RefPtr resource = archiveResourceForURL(request.url())) {
         scheduleSubstituteResourceLoad(loader, *resource);
         return true;
     }
 
-    if (!m_archive)
+    RefPtr archive = m_archive;
+    if (!archive)
         return false;
 
 #if ENABLE(WEB_ARCHIVE)
@@ -1879,7 +1895,7 @@ bool DocumentLoader::scheduleArchiveLoad(ResourceLoader& loader, const ResourceR
 
     // If we want to load from the archive only, then we should always return true so that the caller
     // does not try to fetch from the network.
-    return m_archive->shouldLoadFromArchiveOnly();
+    return archive->shouldLoadFromArchiveOnly();
 }
 
 #endif
@@ -1945,8 +1961,8 @@ URL DocumentLoader::documentURL() const
 {
     URL url = substituteData().response().url();
 #if ENABLE(WEB_ARCHIVE)
-    if (url.isEmpty() && m_archive && m_archive->shouldUseMainResourceURL())
-        url = m_archive->mainResource()->url();
+    if (RefPtr archive = m_archive; url.isEmpty() && archive && archive->shouldUseMainResourceURL())
+        url = archive->mainResource()->url();
 #endif
     if (url.isEmpty())
         url = m_request.url();
@@ -1970,8 +1986,8 @@ void DocumentLoader::setDefersLoading(bool defers)
     // Multiple frames may be loading the same main resource simultaneously. If deferral state changes,
     // each frame's DocumentLoader will try to send a setDefersLoading() to the same underlying ResourceLoader. Ensure only
     // the "owning" DocumentLoader does so, as setDefersLoading() is not resilient to setting the same value repeatedly.
-    if (mainResourceLoader() && mainResourceLoader()->documentLoader() == this)
-        mainResourceLoader()->setDefersLoading(defers);
+    if (RefPtr loader = mainResourceLoader(); loader && loader->documentLoader() == this)
+        loader->setDefersLoading(defers);
 
     setAllDefersLoading(m_subresourceLoaders, defers);
     setAllDefersLoading(m_plugInStreamLoaders, defers);
@@ -2061,7 +2077,7 @@ void DocumentLoader::removePlugInStreamLoader(ResourceLoader& loader)
 
 bool DocumentLoader::isMultipartReplacingLoad() const
 {
-    return isLoadingMultipartContent() && frameLoader()->isReplacing();
+    return isLoadingMultipartContent() && protectedFrameLoader()->isReplacing();
 }
 
 bool DocumentLoader::maybeLoadEmpty()
@@ -2138,7 +2154,8 @@ static bool shouldCancelLoadingAboutURL(const URL& url)
 
 void DocumentLoader::startLoadingMainResource()
 {
-    m_canUseServiceWorkers = canUseServiceWorkers(m_frame.get());
+    RefPtr frame = m_frame.get();
+    m_canUseServiceWorkers = canUseServiceWorkers(frame.get());
     m_mainDocumentError = ResourceError();
     timing().markStartTime();
     ASSERT(!m_mainResource);
@@ -2159,7 +2176,7 @@ void DocumentLoader::startLoadingMainResource()
 
 #if ENABLE(CONTENT_FILTERING)
     // Always filter in WK1
-    contentFilterInDocumentLoader() = m_frame && m_frame->view() && m_frame->view()->platformWidget();
+    contentFilterInDocumentLoader() = frame && frame->view() && frame->protectedView()->platformWidget();
     if (contentFilterInDocumentLoader())
         m_contentFilter = !m_substituteData.isValid() ? ContentFilter::create(*this) : nullptr;
 #endif
@@ -2168,8 +2185,9 @@ void DocumentLoader::startLoadingMainResource()
     auto fragmentDirective = url.consumeFragmentDirective();
 
     m_request.setURL(url, m_request.didFilterLinkDecoration());
-    if (m_frame) {
-        RefPtr page = m_frame->protectedPage();
+    frame = m_frame.get();
+    if (frame) {
+        RefPtr page = frame->protectedPage();
         if (page)
             page->setMainFrameURLFragment(WTFMove(fragmentDirective));
     }
@@ -2180,7 +2198,7 @@ void DocumentLoader::startLoadingMainResource()
 
     ASSERT(timing().startTime());
 
-    willSendRequest(ResourceRequest(m_request), ResourceResponse(), [this, protectedThis = WTFMove(protectedThis)] (ResourceRequest&& request) mutable {
+    willSendRequest(ResourceRequest(m_request), ResourceResponse(), [this, protectedThis = Ref { *this }] (ResourceRequest&& request) mutable {
         request.setRequester(ResourceRequestRequester::Main);
 
         m_request = request;
@@ -2199,7 +2217,7 @@ void DocumentLoader::startLoadingMainResource()
 
         if (m_applicationCacheHost->canLoadMainResource(request) || m_substituteData.isValid()) {
             auto url = request.url();
-            matchRegistration(url, [request = WTFMove(request), protectedThis = WTFMove(protectedThis), this] (auto&& registrationData) mutable {
+            matchRegistration(url, [request = WTFMove(request), protectedThis = Ref { *this }, this] (auto&& registrationData) mutable {
                 if (!m_mainDocumentError.isNull()) {
                     DOCUMENTLOADER_RELEASE_LOG("startLoadingMainResource callback: Load canceled because of main document error (type=%d, code=%d)", static_cast<int>(m_mainDocumentError.type()), m_mainDocumentError.errorCode());
                     return;
@@ -2234,7 +2252,7 @@ void DocumentLoader::unregisterReservedServiceWorkerClient()
     if (!m_resultingClientId)
         return;
 
-    if (auto* serviceWorkerConnection = ServiceWorkerProvider::singleton().existingServiceWorkerConnection())
+    if (RefPtr serviceWorkerConnection = ServiceWorkerProvider::singleton().existingServiceWorkerConnection())
         serviceWorkerConnection->unregisterServiceWorkerClient(*m_resultingClientId);
 }
 
@@ -2258,7 +2276,8 @@ void DocumentLoader::loadMainResource(ResourceRequest&& request)
         return !(flags.contains(SandboxFlag::Origin)) && !(flags.contains(SandboxFlag::Scripts));
     };
 
-    if (!m_canUseServiceWorkers || !isSandboxingAllowingServiceWorkerFetchHandling(m_frame->effectiveSandboxFlags()))
+    RefPtr frame = m_frame.get();
+    if (!m_canUseServiceWorkers || !isSandboxingAllowingServiceWorkerFetchHandling(frame->effectiveSandboxFlags()))
         mainResourceLoadOptions.serviceWorkersMode = ServiceWorkersMode::None;
     else {
         // The main navigation load will trigger the registration of the client.
@@ -2274,11 +2293,11 @@ void DocumentLoader::loadMainResource(ResourceRequest&& request)
     }
 
     CachedResourceRequest mainResourceRequest(WTFMove(request), mainResourceLoadOptions);
-    if (!m_frame->isMainFrame() && m_frame->document()) {
+    if (!frame->isMainFrame() && frame->document()) {
         // If we are loading the main resource of a subframe, use the cache partition of the main document.
-        mainResourceRequest.setDomainForCachePartition(*m_frame->document());
+        mainResourceRequest.setDomainForCachePartition(*frame->protectedDocument());
     } else {
-        if (frameLoader()->frame().settings().storageBlockingPolicy() != StorageBlockingPolicy::BlockThirdParty)
+        if (protectedFrameLoader()->frame().settings().storageBlockingPolicy() != StorageBlockingPolicy::BlockThirdParty)
             mainResourceRequest.setDomainForCachePartition(emptyString());
         else {
             auto origin = SecurityOrigin::create(mainResourceRequest.resourceRequest().url());
@@ -2291,7 +2310,8 @@ void DocumentLoader::loadMainResource(ResourceRequest&& request)
     if (!mainResourceOrError) {
         // The frame may have gone away if this load was cancelled synchronously and this was the last pending load.
         // This is because we may have fired the load event in a parent frame.
-        if (!m_frame) {
+        frame = m_frame.get();
+        if (!frame) {
             DOCUMENTLOADER_RELEASE_LOG("loadMainResource: Unable to load main resource, frame has gone away");
             return;
         }
@@ -2324,10 +2344,10 @@ void DocumentLoader::loadMainResource(ResourceRequest&& request)
 
     m_mainResource = mainResourceOrError.value();
 
-    ASSERT(m_frame);
+    ASSERT(frame);
 
 #if ENABLE(CONTENT_EXTENSIONS)
-    if (m_mainResource->errorOccurred() && m_frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) {
+    if (m_mainResource->errorOccurred() && frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) {
         DOCUMENTLOADER_RELEASE_LOG("loadMainResource: Blocked by content blocker error");
         cancelMainResourceLoad(protectedFrameLoader()->blockedByContentBlockerError(m_request));
         return;
@@ -2372,8 +2392,8 @@ void DocumentLoader::cancelMainResourceLoad(const ResourceError& resourceError,
 
     cancelPolicyCheckIfNeeded();
 
-    if (mainResourceLoader())
-        mainResourceLoader()->cancel(error, loadWillContinueInAnotherProcess);
+    if (RefPtr loader = mainResourceLoader())
+        loader->cancel(error, loadWillContinueInAnotherProcess);
 
     clearMainResource();
 
@@ -2432,7 +2452,7 @@ void DocumentLoader::startIconLoading()
 {
     static uint64_t nextIconCallbackID = 1;
 
-    auto* document = this->document();
+    RefPtr document = this->document();
     if (!document)
         return;
 
@@ -2508,7 +2528,7 @@ ShouldOpenExternalURLsPolicy DocumentLoader::shouldOpenExternalURLsPolicyToPropa
     if (m_frame->isMainFrame())
         return m_shouldOpenExternalURLsPolicy;
 
-    if (document() && document()->isSameOriginAsTopDocument())
+    if (RefPtr document = this->document(); document && document->isSameOriginAsTopDocument())
         return m_shouldOpenExternalURLsPolicy;
 
     return ShouldOpenExternalURLsPolicy::ShouldNotAllow;
@@ -2590,12 +2610,12 @@ PreviewConverter* DocumentLoader::previewConverter() const
 
 void DocumentLoader::addConsoleMessage(MessageSource messageSource, MessageLevel messageLevel, const String& message, unsigned long requestIdentifier)
 {
-    static_cast<ScriptExecutionContext*>(m_frame->document())->addConsoleMessage(messageSource, messageLevel, message, requestIdentifier);
+    protectedFrame()->protectedDocument()->addConsoleMessage(messageSource, messageLevel, message, requestIdentifier);
 }
 
 void DocumentLoader::enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEventInit&& eventInit)
 {
-    m_frame->document()->enqueueSecurityPolicyViolationEvent(WTFMove(eventInit));
+    protectedFrame()->protectedDocument()->enqueueSecurityPolicyViolationEvent(WTFMove(eventInit));
 }
 
 #if ENABLE(CONTENT_FILTERING)
diff --git a/Source/WebCore/loader/DocumentLoader.h b/Source/WebCore/loader/DocumentLoader.h
index 9481d754c1358..564f944a63868 100644
--- a/Source/WebCore/loader/DocumentLoader.h
+++ b/Source/WebCore/loader/DocumentLoader.h
@@ -298,7 +298,7 @@ class DocumentLoader
     WEBCORE_EXPORT void frameDestroyed() final;
 
     // Return the ArchiveResource for the URL only when loading an Archive
-    WEBCORE_EXPORT ArchiveResource* archiveResourceForURL(const URL&) const;
+    WEBCORE_EXPORT RefPtr<ArchiveResource> archiveResourceForURL(const URL&) const;
 
     WEBCORE_EXPORT RefPtr<ArchiveResource> mainResource() const;
 
@@ -631,7 +631,7 @@ class DocumentLoader
     bool disallowWebArchive() const;
     bool disallowDataRequest() const;
 
-    Ref<CachedResourceLoader> m_cachedResourceLoader;
+    const Ref<CachedResourceLoader> m_cachedResourceLoader;
 
     CachedResourceHandle<CachedRawResource> m_mainResource;
     ResourceLoaderMap m_subresourceLoaders;
diff --git a/Source/WebCore/loader/ImageLoader.cpp b/Source/WebCore/loader/ImageLoader.cpp
index 7bfd63bdc365a..87e75f7b4c1ce 100644
--- a/Source/WebCore/loader/ImageLoader.cpp
+++ b/Source/WebCore/loader/ImageLoader.cpp
@@ -22,6 +22,7 @@
 #include "config.h"
 #include "ImageLoader.h"
 
+#include "ArchiveResource.h"
 #include "BitmapImage.h"
 #include "CachedImage.h"
 #include "CachedResourceLoader.h"
diff --git a/Source/WebCore/loader/SubresourceLoader.h b/Source/WebCore/loader/SubresourceLoader.h
index beaf107f1e836..a147d392510fa 100644
--- a/Source/WebCore/loader/SubresourceLoader.h
+++ b/Source/WebCore/loader/SubresourceLoader.h
@@ -74,11 +74,6 @@ class SubresourceLoader final : public ResourceLoader {
     void clearRequestCountTracker() { m_requestCountTracker = std::nullopt; }
     void resetRequestCountTracker(CachedResourceLoader& loader, const CachedResource& resource) { m_requestCountTracker = RequestCountTracker { loader, resource }; }
 
-private:
-    SubresourceLoader(LocalFrame&, CachedResource&, const ResourceLoaderOptions&);
-
-    void init(ResourceRequest&&, CompletionHandler<void(bool)>&&) final;
-
     void willSendRequestInternal(ResourceRequest&&, const ResourceResponse& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&&) final;
     void didSendData(unsigned long long bytesSent, unsigned long long totalBytesToBeSent) final;
     void didReceiveResponse(const ResourceResponse&, CompletionHandler<void()>&& policyCompletionHandler) final;
@@ -87,6 +82,11 @@ class SubresourceLoader final : public ResourceLoader {
     void didFail(const ResourceError&) final;
     void willCancel(const ResourceError&) final;
     void didCancel(LoadWillContinueInAnotherProcess) final;
+
+private:
+    SubresourceLoader(LocalFrame&, CachedResource&, const ResourceLoaderOptions&);
+
+    void init(ResourceRequest&&, CompletionHandler<void(bool)>&&) final;
     
     void updateReferrerPolicy(const String&);
 
diff --git a/Source/WebCore/loader/SubstituteData.h b/Source/WebCore/loader/SubstituteData.h
index 53749405b768d..dcc61d8677d4b 100644
--- a/Source/WebCore/loader/SubstituteData.h
+++ b/Source/WebCore/loader/SubstituteData.h
@@ -50,7 +50,8 @@ class SubstituteData {
     bool isValid() const { return m_content != nullptr; }
     SessionHistoryVisibility shouldRevealToSessionHistory() const { return m_shouldRevealToSessionHistory; }
 
-    const RefPtr<FragmentedSharedBuffer>& content() const { return m_content; }
+    FragmentedSharedBuffer* content() const { return m_content.get(); }
+    RefPtr<FragmentedSharedBuffer> protectedContent() const { return m_content; }
     const String& mimeType() const { return m_response.mimeType(); }
     const String& textEncoding() const { return m_response.textEncodingName(); }
     const URL& failingURL() const { return m_failingURL; }
diff --git a/Source/WebCore/loader/SubstituteResource.h b/Source/WebCore/loader/SubstituteResource.h
index d62bf496ca19f..e7e31a150bf39 100644
--- a/Source/WebCore/loader/SubstituteResource.h
+++ b/Source/WebCore/loader/SubstituteResource.h
@@ -38,6 +38,7 @@ class SubstituteResource : public RefCounted<SubstituteResource> {
     const URL& url() const { return m_url; }
     const ResourceResponse& response() const { return m_response; }
     FragmentedSharedBuffer& data() const { return *m_data.get(); }
+    Ref<FragmentedSharedBuffer> protectedData() const { return data(); }
     void append(const SharedBuffer& buffer) { m_data.append(buffer); }
     void clear() { m_data.empty(); }
 
diff --git a/Source/WebCore/page/Frame.cpp b/Source/WebCore/page/Frame.cpp
index 37d65dd4dc9b6..ac5015974cd8c 100644
--- a/Source/WebCore/page/Frame.cpp
+++ b/Source/WebCore/page/Frame.cpp
@@ -139,13 +139,6 @@ Frame::~Frame()
 #endif
 }
 
-std::optional<PageIdentifier> Frame::pageID() const
-{
-    if (auto* page = this->page())
-        return page->identifier();
-    return std::nullopt;
-}
-
 void Frame::resetWindowProxy()
 {
     m_windowProxy = WindowProxy::create(*this);
diff --git a/Source/WebCore/page/Frame.h b/Source/WebCore/page/Frame.h
index 6bb49968c1988..295fb5c0594ef 100644
--- a/Source/WebCore/page/Frame.h
+++ b/Source/WebCore/page/Frame.h
@@ -73,7 +73,7 @@ class Frame : public ThreadSafeRefCounted<Frame, WTF::DestructionThread::Main>,
     FrameIdentifier frameID() const { return m_frameID; }
     inline Page* page() const; // Defined in Page.h.
     inline RefPtr<Page> protectedPage() const; // Defined in Page.h.
-    WEBCORE_EXPORT std::optional<PageIdentifier> pageID() const;
+    inline std::optional<PageIdentifier> pageID() const; // Defined in Page.h.
     Settings& settings() const { return m_settings.get(); }
     Frame& mainFrame() { return *m_mainFrame; }
     const Frame& mainFrame() const { return *m_mainFrame; }
diff --git a/Source/WebCore/page/Page.h b/Source/WebCore/page/Page.h
index 28c71e2f280fc..26ab756e88799 100644
--- a/Source/WebCore/page/Page.h
+++ b/Source/WebCore/page/Page.h
@@ -1766,6 +1766,13 @@ inline Page* Frame::page() const
     return m_page.get();
 }
 
+inline std::optional<PageIdentifier> Frame::pageID() const
+{
+    if (auto* page = this->page())
+        return page->identifier();
+    return std::nullopt;
+}
+
 inline RefPtr<Page> Frame::protectedPage() const
 {
     return m_page.get();
diff --git a/Source/WebCore/workers/service/ServiceWorkerProvider.cpp b/Source/WebCore/workers/service/ServiceWorkerProvider.cpp
index b8b3bc1ba3176..76fab5b4ad060 100644
--- a/Source/WebCore/workers/service/ServiceWorkerProvider.cpp
+++ b/Source/WebCore/workers/service/ServiceWorkerProvider.cpp
@@ -54,4 +54,9 @@ void ServiceWorkerProvider::setSharedProvider(ServiceWorkerProvider& newProvider
     sharedProvider = &newProvider;
 }
 
+Ref<SWClientConnection> ServiceWorkerProvider::protectedServiceWorkerConnection()
+{
+    return serviceWorkerConnection();
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/workers/service/ServiceWorkerProvider.h b/Source/WebCore/workers/service/ServiceWorkerProvider.h
index 7edeb7c4cae59..b78fd3d42a69b 100644
--- a/Source/WebCore/workers/service/ServiceWorkerProvider.h
+++ b/Source/WebCore/workers/service/ServiceWorkerProvider.h
@@ -41,6 +41,7 @@ class WEBCORE_EXPORT ServiceWorkerProvider {
     static void setSharedProvider(ServiceWorkerProvider&);
 
     virtual SWClientConnection& serviceWorkerConnection() = 0;
+    Ref<SWClientConnection> protectedServiceWorkerConnection();
     virtual SWClientConnection* existingServiceWorkerConnection() = 0;
     virtual void terminateWorkerForTesting(ServiceWorkerIdentifier, CompletionHandler<void()>&&) = 0;
 
diff --git a/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in b/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
index 740851faeae85..8dd1e9f693251 100644
--- a/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
+++ b/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
@@ -5341,7 +5341,7 @@ struct WebCore::PolicyContainer {
 [Nested] enum class WebCore::SubstituteData::SessionHistoryVisibility : bool
 
 class WebCore::SubstituteData {
-    RefPtr<WebCore::FragmentedSharedBuffer> content();
+    RefPtr<WebCore::FragmentedSharedBuffer> protectedContent();
     URL failingURL();
     WebCore::ResourceResponse response();
     WebCore::SubstituteData::SessionHistoryVisibility shouldRevealToSessionHistory();
diff --git a/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp b/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp
index 2e428d8299a75..66cc0e76c4e76 100644
--- a/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp
+++ b/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp
@@ -25,6 +25,7 @@
 #include "WebResourceLoadScheduler.h"
 
 #include "PingHandle.h"
+#include <WebCore/ArchiveResource.h>
 #include <WebCore/CachedResource.h>
 #include <WebCore/Document.h>
 #include <WebCore/DocumentLoader.h>

From 0bcdd2231ae8852bfa95de0310c9931c44746ed3 Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Sat, 22 Feb 2025 10:54:08 -0800
Subject: [PATCH 062/174] Rename `cancelFullscreen` to `fullyExitFullscreen` in
 `FullscreenManager` https://bugs.webkit.org/show_bug.cgi?id=288286
 rdar://145374210

Reviewed by Simon Fraser.

Match terminology in the spec, which is more descriptive than "cancel fullscreen".

https://fullscreen.spec.whatwg.org/#fully-exit-fullscreen

* Source/WebCore/dom/DocumentFullscreen.cpp:
(WebCore::DocumentFullscreen::webkitCancelFullScreen):
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::fullyExitFullscreen):
(WebCore::FullscreenManager::cancelFullscreen): Deleted.
* Source/WebCore/dom/FullscreenManager.h:
* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::exitFullscreen):
* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::internalKeyEvent):
* Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp:
(WebKit::WebFullScreenManager::requestExitFullScreen):
* Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp:
(webkit_dom_document_webkit_cancel_fullscreen):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::createWindow):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::elementDidFocus):
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::createWindow):
* Source/WebKitLegacy/mac/WebView/WebFullScreenController.mm:
(-[WebFullScreenController requestExitFullScreen]):

Canonical link: https://commits.webkit.org/290883@main
---
 Source/WebCore/dom/DocumentFullscreen.cpp                 | 2 +-
 Source/WebCore/dom/FullscreenManager.cpp                  | 8 ++++----
 Source/WebCore/dom/FullscreenManager.h                    | 4 ++--
 Source/WebCore/html/HTMLMediaElement.cpp                  | 2 +-
 Source/WebCore/page/EventHandler.cpp                      | 2 +-
 .../WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp | 2 +-
 .../InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp   | 2 +-
 .../WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp  | 2 +-
 Source/WebKit/WebProcess/WebPage/WebPage.cpp              | 2 +-
 Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm | 2 +-
 .../WebKitLegacy/mac/WebView/WebFullScreenController.mm   | 2 +-
 11 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/Source/WebCore/dom/DocumentFullscreen.cpp b/Source/WebCore/dom/DocumentFullscreen.cpp
index 8fd1b5d2c4c22..9a35d7f05f811 100644
--- a/Source/WebCore/dom/DocumentFullscreen.cpp
+++ b/Source/WebCore/dom/DocumentFullscreen.cpp
@@ -63,7 +63,7 @@ Element* DocumentFullscreen::webkitCurrentFullScreenElement(Document& document)
 
 void DocumentFullscreen::webkitCancelFullScreen(Document& document)
 {
-    document.fullscreenManager().cancelFullscreen();
+    document.fullscreenManager().fullyExitFullscreen();
 }
 
 // https://fullscreen.spec.whatwg.org/#exit-fullscreen
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index 0fa72480891ca..0a57c9ee2fdd0 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -565,15 +565,15 @@ void FullscreenManager::exitRemovedFullscreenElement(Element& element)
         clearFullscreenFlags(element);
 }
 
-// MARK: - Cancel fullscreen.
-// The Mozilla "cancelFullscreen()" API behaves like the "fully exit fullscreen" algorithm:
+// MARK: - Fully exit fullscreen.
+// Removes all fullscreen elements from the top layer for all documents.
 // https://fullscreen.spec.whatwg.org/#fully-exit-fullscreen
 
-void FullscreenManager::cancelFullscreen()
+void FullscreenManager::fullyExitFullscreen()
 {
     RefPtr mainFrameDocument = this->mainFrameDocument();
     if (!mainFrameDocument)
-        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::cancelFullscreen() without access to the main frame document ");
+        LOG_ONCE(SiteIsolation, "Unable to fully perform FullscreenManager::fullyExitFullscreen() without access to the main frame document ");
 
     if (!mainFrameDocument || !mainFrameDocument->fullscreenManager().fullscreenElement()) {
         INFO_LOG(LOGIDENTIFIER, "No element to unfullscreen.");
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index 8f9250bc5a186..8d2d2237fb30f 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -63,11 +63,11 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     RefPtr<Element> protectedFullscreenElement() const { return fullscreenElement(); }
     WEBCORE_EXPORT bool isFullscreenEnabled() const;
     WEBCORE_EXPORT void exitFullscreen(CompletionHandler<void(ExceptionOr<void>)>&&);
+    WEBCORE_EXPORT void fullyExitFullscreen();
 
-    // Mozilla versions.
+    // Legacy Mozilla API.
     bool isFullscreen() const { return fullscreenElement(); }
     bool isFullscreenKeyboardInputAllowed() const { return fullscreenElement() && m_areKeysEnabledInFullscreen; }
-    WEBCORE_EXPORT void cancelFullscreen();
 
     enum FullscreenCheckType {
         EnforceIFrameAllowFullscreenRequirement,
diff --git a/Source/WebCore/html/HTMLMediaElement.cpp b/Source/WebCore/html/HTMLMediaElement.cpp
index 153c5a6b58427..f91571d29cff1 100644
--- a/Source/WebCore/html/HTMLMediaElement.cpp
+++ b/Source/WebCore/html/HTMLMediaElement.cpp
@@ -7412,7 +7412,7 @@ void HTMLMediaElement::exitFullscreen()
     if (document().fullscreenManager().fullscreenElement() == this) {
         if (document().fullscreenManager().isFullscreen()) {
             m_changingVideoFullscreenMode = true;
-            protectedDocument()->checkedFullscreenManager()->cancelFullscreen();
+            protectedDocument()->checkedFullscreenManager()->fullyExitFullscreen();
         }
 
         if (isInWindowOrStandardFullscreen(m_videoFullscreenMode))
diff --git a/Source/WebCore/page/EventHandler.cpp b/Source/WebCore/page/EventHandler.cpp
index 09c3603017890..e38fd9a3c94b8 100644
--- a/Source/WebCore/page/EventHandler.cpp
+++ b/Source/WebCore/page/EventHandler.cpp
@@ -3903,7 +3903,7 @@ bool EventHandler::internalKeyEvent(const PlatformKeyboardEvent& initialKeyEvent
     RefPtr document = frame->document();
     if (CheckedPtr fullscreenManager = document->fullscreenManagerIfExists(); fullscreenManager && fullscreenManager->isFullscreen()) {
         if (initialKeyEvent.type() == PlatformEvent::Type::KeyDown && initialKeyEvent.windowsVirtualKeyCode() == VK_ESCAPE) {
-            fullscreenManager->cancelFullscreen();
+            fullscreenManager->fullyExitFullscreen();
             return true;
         }
 
diff --git a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
index 85f7adf6b8e4b..2ca39548824ab 100644
--- a/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
+++ b/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp
@@ -587,7 +587,7 @@ void WebFullScreenManager::requestExitFullScreen()
     }
 
     ALWAYS_LOG(LOGIDENTIFIER);
-    m_element->document().fullscreenManager().cancelFullscreen();
+    m_element->document().fullscreenManager().fullyExitFullscreen();
 }
 
 void WebFullScreenManager::close()
diff --git a/Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp b/Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp
index f9147be1ce029..f535998ceee79 100644
--- a/Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp
+++ b/Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp
@@ -1314,7 +1314,7 @@ void webkit_dom_document_webkit_cancel_fullscreen(WebKitDOMDocument* self)
     g_return_if_fail(WEBKIT_DOM_IS_DOCUMENT(self));
 #if ENABLE(FULLSCREEN_API)
     WebCore::Document* item = WebKit::core(self);
-    item->fullscreenManager().cancelFullscreen();
+    item->fullscreenManager().fullyExitFullscreen();
 #endif
 }
 
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
index 16f0f27a7e2b3..5bd4fa062d7a1 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
@@ -318,7 +318,7 @@ RefPtr<Page> WebChromeClient::createWindow(LocalFrame& frame, const String& open
 {
 #if ENABLE(FULLSCREEN_API)
     if (RefPtr document = frame.document())
-        document->fullscreenManager().cancelFullscreen();
+        document->fullscreenManager().fullyExitFullscreen();
 #endif
 
     auto& webProcess = WebProcess::singleton();
diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
index b0c4ba09c14d1..196665502c834 100644
--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
@@ -7430,7 +7430,7 @@ void WebPage::elementDidFocus(Element& element, const FocusOptions& options)
 
 #if ENABLE(FULLSCREEN_API)
         if (element.document().fullscreenManager().isFullscreen())
-            element.document().fullscreenManager().cancelFullscreen();
+            element.document().fullscreenManager().fullyExitFullscreen();
 #endif
         if (isChangingFocusedElement && (m_userIsInteracting || m_keyboardIsAttached))
             m_sendAutocorrectionContextAfterFocusingElement = true;
diff --git a/Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm b/Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
index 849504d2b68b6..04c77a60506b8 100644
--- a/Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
+++ b/Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
@@ -262,7 +262,7 @@ - (void)setIsSelected:(BOOL)isSelected;
     if (RefPtr document = frame.document()) {
         if (CheckedPtr fullscreenManager = document->fullscreenManagerIfExists()) {
             if (fullscreenManager->fullscreenElement())
-                fullscreenManager->cancelFullscreen();
+                fullscreenManager->fullyExitFullscreen();
         }
     }
 #endif
diff --git a/Source/WebKitLegacy/mac/WebView/WebFullScreenController.mm b/Source/WebKitLegacy/mac/WebView/WebFullScreenController.mm
index de54f946b2a71..fd3ddc4b0b11f 100644
--- a/Source/WebKitLegacy/mac/WebView/WebFullScreenController.mm
+++ b/Source/WebKitLegacy/mac/WebView/WebFullScreenController.mm
@@ -302,7 +302,7 @@ - (void)requestExitFullScreen
 {
     if (!_element)
         return;
-    _element->document().fullscreenManager().cancelFullscreen();
+    _element->document().fullscreenManager().fullyExitFullscreen();
 }
 
 - (void)exitFullScreen:(CompletionHandler<void()>&&)completionHandler

From e545ad9bea97e169eacbf787938b6d53e9895780 Mon Sep 17 00:00:00 2001
From: Claudio Saavedra <csaavedra@igalia.com>
Date: Sat, 22 Feb 2025 11:00:19 -0800
Subject: [PATCH 063/174] Address remaining safer C++ warning in
 RenderLayerCompositor https://bugs.webkit.org/show_bug.cgi?id=288289

Reviewed by Chris Dumez.

This slip through in 290869@main.

* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::collectViewTransitionNewContentLayers):

Canonical link: https://commits.webkit.org/290884@main
---
 Source/WebCore/rendering/RenderLayerCompositor.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebCore/rendering/RenderLayerCompositor.cpp b/Source/WebCore/rendering/RenderLayerCompositor.cpp
index 07b41e3762bdb..ce6378a1b4b1f 100644
--- a/Source/WebCore/rendering/RenderLayerCompositor.cpp
+++ b/Source/WebCore/rendering/RenderLayerCompositor.cpp
@@ -1668,7 +1668,7 @@ void RenderLayerCompositor::collectViewTransitionNewContentLayers(RenderLayer& l
 
     auto& modelObject = downcast<RenderLayerModelObject>(*capturedRenderer);
     if (RenderLayerBacking* backing = modelObject.layer()->backing())
-        childList.append(*backing->childForSuperlayersExcludingViewTransitions());
+        childList.append(Ref { *backing->childForSuperlayersExcludingViewTransitions() });
 }
 
 void RenderLayerCompositor::updateBackingAndHierarchy(RenderLayer& layer, Vector<Ref<GraphicsLayer>>& childLayersOfEnclosingLayer, UpdateBackingTraversalState& traversalState, ScrollingTreeState& scrollingTreeState, OptionSet<UpdateLevel> updateLevel)

From 075cc18c58a3ebdd1074093a5dae9dc483cf6b91 Mon Sep 17 00:00:00 2001
From: David Quesada <david_quesada@apple.com>
Date: Sat, 22 Feb 2025 11:15:13 -0800
Subject: [PATCH 064/174] WKWebView sometimes allows app links to open when
 reloading after a web process crash
 https://bugs.webkit.org/show_bug.cgi?id=288159 rdar://141515904

Reviewed by Alex Christensen.

In some cases, reloading the web view after a web process crash can result in the
WKWebView opening the current URL as an app link and punching out to the app, which
can be quite annoying for the user. Ordinarily, web view reloads arent't be eligible
for opening app links because doing so requires that the navigation is from one host
to a different one. But when performing a reload after a web process crash, the main
frame's URL has been reset to null after the process termination, and having a null
URL technically satisifies the different-host requirement because the previously
loaded URL's host is *anything except null*.

Prevent these unexpected app launches by adding a requirement that `shouldOpenAppLinks`
can only be true when the main frame's URL is non-null, since opening app links
automatically only makes sense when there is actual content loaded in the web view
that the user might have explicitly interacted with. An exception to this requirement
is made if the web view has never committed any provisional navigations, as is the
case when one web view opens another to a URL that ends up resolving to an app link.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
    Implement the aforementioned check.
* Tools/TestWebKitAPI/SourcesCocoa.txt:
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ShouldOpenAppLinks.mm: Added.
(-[ShouldOpenAppLinksTestNavigationDelegate init]):
    Set up a navigation delegate for the tests that retains the most recent
    WKNavigationAction and reloads the web view on web process crash. Manually
    performing this reload is necessary because the WebPageProxy doesn't internally
    do this reload itself if the crash was requested by the client.
(shouldOpenAppLinksTestServer):
(TEST(ShouldOpenAppLinks, DisallowAppLinksWhenReloadingAfterWebProcessCrash)):
(TEST(ShouldOpenAppLinks, DisallowAppLinksWhenReloadingAfterWebProcessCrashAfterFollowingLink)):
    Verify that WKNavigationAction._shouldOpenAppLinks (which reflects the same
    underlying effective policy that WebKit internally uses to decide whether to
    try opening URLs as app links) is false when deciding the navigatiom policy
    for a reload being performed after a web process crash. Add a distinct test
    case for the case where the web view has been navigated by the user clicking
    a link. In that case, unlike the first, it appears the user-initiated nature
    of the navigation to a second page attaches a policy of
    ShouldOpenExternalURLsPolicy::ShouldAllow to the HistoryItem being reloaded,
    which was previously allowing `shouldOpenAppLinks` to evaluate to true.

Canonical link: https://commits.webkit.org/290885@main
---
 Source/WebKit/UIProcess/WebPageProxy.cpp      |   2 +-
 Tools/TestWebKitAPI/SourcesCocoa.txt          |   1 +
 .../TestWebKitAPI.xcodeproj/project.pbxproj   |   6 +-
 .../Tests/WebKitCocoa/ShouldOpenAppLinks.mm   | 107 ++++++++++++++++++
 4 files changed, 113 insertions(+), 3 deletions(-)
 create mode 100644 Tools/TestWebKitAPI/Tests/WebKitCocoa/ShouldOpenAppLinks.mm

diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index dc56bbddb5e15..d0f4cb5248462 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -7814,7 +7814,7 @@ void WebPageProxy::decidePolicyForNavigationAction(Ref<WebProcessProxy>&& proces
 
     bool shouldOpenAppLinks = !m_shouldSuppressAppLinksInNextNavigationPolicyDecision
     && destinationFrameInfo->isMainFrame()
-    && (m_mainFrame && m_mainFrame->url().host() != request.url().host())
+    && (m_mainFrame && (!m_mainFrame->url().isNull() || !m_hasCommittedAnyProvisionalLoads) && m_mainFrame->url().host() != request.url().host())
     && navigationActionData.navigationType != WebCore::NavigationType::BackForward;
 
     RefPtr userInitiatedActivity = process->userInitiatedActivity(navigationActionData.userGestureTokenIdentifier);
diff --git a/Tools/TestWebKitAPI/SourcesCocoa.txt b/Tools/TestWebKitAPI/SourcesCocoa.txt
index 90a8c96c9f595..dcd372c962b50 100644
--- a/Tools/TestWebKitAPI/SourcesCocoa.txt
+++ b/Tools/TestWebKitAPI/SourcesCocoa.txt
@@ -255,6 +255,7 @@ Tests/WebKitCocoa/SessionStorage.mm
 Tests/WebKitCocoa/ShouldGoToBackForwardListItem.mm
 Tests/WebKitCocoa/ShouldOpenExternalURLsInNewWindowActions.mm
 Tests/WebKitCocoa/ShrinkToFit.mm
+Tests/WebKitCocoa/ShouldOpenAppLinks.mm
 Tests/WebKitCocoa/SimulateClickOverText.mm
 Tests/WebKitCocoa/SiteIsolation.mm
 Tests/WebKitCocoa/SnapshotStore.mm
diff --git a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
index 87462b7ac71f4..c19d8d057d2f3 100644
--- a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
+++ b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
@@ -360,10 +360,10 @@
 		7A7B0E7F1EAFE4C3006AB8AE /* LimitTitleSize.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */; };
 		7A89BB682331643A0042CB1E /* BundleFormDelegatePlugIn.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A89BB662331635D0042CB1E /* BundleFormDelegatePlugIn.mm */; };
 		7A909A7D1D877480007E10F8 /* AffineTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A6F1D877475007E10F8 /* AffineTransform.cpp */; };
-		7A909A801D877480007E10F9 /* PlatformDynamicRangeLimitTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A721D877475007E10F9 /* PlatformDynamicRangeLimitTests.cpp */; };
 		7A909A7E1D877480007E10F8 /* FloatPointTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A701D877475007E10F8 /* FloatPointTests.cpp */; };
 		7A909A7F1D877480007E10F8 /* FloatRectTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A711D877475007E10F8 /* FloatRectTests.cpp */; };
 		7A909A801D877480007E10F8 /* FloatSizeTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A721D877475007E10F8 /* FloatSizeTests.cpp */; };
+		7A909A801D877480007E10F9 /* PlatformDynamicRangeLimitTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A721D877475007E10F9 /* PlatformDynamicRangeLimitTests.cpp */; };
 		7A909A811D877480007E10F8 /* IntPointTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A731D877475007E10F8 /* IntPointTests.cpp */; };
 		7A909A821D877480007E10F8 /* IntRectTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A741D877475007E10F8 /* IntRectTests.cpp */; };
 		7A909A831D877480007E10F8 /* IntSizeTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A751D877475007E10F8 /* IntSizeTests.cpp */; };
@@ -2990,6 +2990,7 @@
 		6354F4D01F7C3AB500D89DF3 /* ApplicationManifestParser.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ApplicationManifestParser.cpp; sourceTree = "<group>"; };
 		6356FB211EC4E0BA0044BF18 /* VisibleContentRect.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = VisibleContentRect.mm; sourceTree = "<group>"; };
 		636353A61E9861940009F8AF /* GeolocationGetCurrentPositionResult.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = GeolocationGetCurrentPositionResult.html; sourceTree = "<group>"; };
+		636FA56E2D67F86400F73CB2 /* ShouldOpenAppLinks.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = ShouldOpenAppLinks.mm; sourceTree = "<group>"; };
 		637281A621AE1386009E0DE6 /* DownloadProgress.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = DownloadProgress.mm; sourceTree = "<group>"; };
 		63A33C552A339ED500EF94B8 /* WKWebViewInspection.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WKWebViewInspection.mm; sourceTree = "<group>"; };
 		63A61B8A1FAD204D00F06885 /* display-mode.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "display-mode.html"; sourceTree = "<group>"; };
@@ -3039,10 +3040,10 @@
 		7A89BB662331635D0042CB1E /* BundleFormDelegatePlugIn.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = BundleFormDelegatePlugIn.mm; sourceTree = "<group>"; };
 		7A89BB69233165650042CB1E /* BundleFormDelegateProtocol.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BundleFormDelegateProtocol.h; sourceTree = "<group>"; };
 		7A909A6F1D877475007E10F8 /* AffineTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AffineTransform.cpp; sourceTree = "<group>"; };
-		7A909A721D877475007E10F9 /* PlatformDynamicRangeLimitTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PlatformDynamicRangeLimitTests.cpp; sourceTree = "<group>"; };
 		7A909A701D877475007E10F8 /* FloatPointTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatPointTests.cpp; sourceTree = "<group>"; };
 		7A909A711D877475007E10F8 /* FloatRectTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatRectTests.cpp; sourceTree = "<group>"; };
 		7A909A721D877475007E10F8 /* FloatSizeTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatSizeTests.cpp; sourceTree = "<group>"; };
+		7A909A721D877475007E10F9 /* PlatformDynamicRangeLimitTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PlatformDynamicRangeLimitTests.cpp; sourceTree = "<group>"; };
 		7A909A731D877475007E10F8 /* IntPointTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntPointTests.cpp; sourceTree = "<group>"; };
 		7A909A741D877475007E10F8 /* IntRectTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntRectTests.cpp; sourceTree = "<group>"; };
 		7A909A751D877475007E10F8 /* IntSizeTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntSizeTests.cpp; sourceTree = "<group>"; };
@@ -4553,6 +4554,7 @@
 				460C2FC827039D7D0047EF11 /* ServiceWorkerPageProtocol.h */,
 				46A46A192575645600A1B118 /* SessionStorage.mm */,
 				5CCB10DF2134579D00AC5AF0 /* ShouldGoToBackForwardListItem.mm */,
+				636FA56E2D67F86400F73CB2 /* ShouldOpenAppLinks.mm */,
 				37BCA61B1B596BA9002012CA /* ShouldOpenExternalURLsInNewWindowActions.mm */,
 				2D9A53AE1B31FA8D0074D5AA /* ShrinkToFit.mm */,
 				F4C3F29A2C447EB50029A47D /* SimulateClickOverText.mm */,
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/ShouldOpenAppLinks.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ShouldOpenAppLinks.mm
new file mode 100644
index 0000000000000..0fad0cf9b85d8
--- /dev/null
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ShouldOpenAppLinks.mm
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "HTTPServer.h"
+#import "TestNavigationDelegate.h"
+#import "Utilities.h"
+#import <WebKit/WKNavigationActionPrivate.h>
+#import <WebKit/WKWebViewPrivate.h>
+#import <WebKit/WebKit.h>
+
+@interface ShouldOpenAppLinksTestNavigationDelegate: TestNavigationDelegate
+@property (nonatomic) RetainPtr<WKNavigationAction> lastNavigationAction;
+@end
+
+@implementation ShouldOpenAppLinksTestNavigationDelegate
+
+- (instancetype)init
+{
+    [super init];
+
+    __unsafe_unretained ShouldOpenAppLinksTestNavigationDelegate *unretainedSelf = self;
+    self.decidePolicyForNavigationAction = ^(WKNavigationAction *action, void (^decisionHandler)(WKNavigationActionPolicy)) {
+        unretainedSelf.lastNavigationAction = action;
+        decisionHandler(WKNavigationActionPolicyAllow);
+    };
+
+    self.webContentProcessDidTerminate = ^(WKWebView *webView, _WKProcessTerminationReason) {
+        [webView reload];
+    };
+
+    return self;
+}
+
+@end
+
+static TestWebKitAPI::HTTPServer shouldOpenAppLinksTestServer()
+{
+    return TestWebKitAPI::HTTPServer({
+        { "/1"_s, { "<a href=\"2\" id=\"test_link\">Go to page 2</a>"_s } },
+        { "/2"_s, { ""_s } },
+    });
+}
+
+TEST(ShouldOpenAppLinks, DisallowAppLinksWhenReloadingAfterWebProcessCrash)
+{
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
+    auto delegate = adoptNS([ShouldOpenAppLinksTestNavigationDelegate new]);
+    [webView setNavigationDelegate:delegate.get()];
+
+    auto server = shouldOpenAppLinksTestServer();
+
+    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/1", server.port()]]];
+    [webView loadRequest:request];
+    [delegate waitForDidFinishNavigation];
+
+    [webView _killWebContentProcess];
+    [delegate waitForDidFinishNavigation];
+
+    EXPECT_NOT_NULL([delegate lastNavigationAction]);
+    EXPECT_FALSE([[delegate lastNavigationAction] _shouldOpenAppLinks]);
+}
+
+TEST(ShouldOpenAppLinks, DisallowAppLinksWhenReloadingAfterWebProcessCrashAfterFollowingLink)
+{
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
+    auto delegate = adoptNS([ShouldOpenAppLinksTestNavigationDelegate new]);
+    [webView setNavigationDelegate:delegate.get()];
+
+    auto server = shouldOpenAppLinksTestServer();
+
+    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/1", server.port()]]];
+    [webView loadRequest:request];
+    [delegate waitForDidFinishNavigation];
+
+    [webView evaluateJavaScript:@"document.getElementById(\"test_link\").click()" completionHandler:nil];
+    [delegate waitForDidFinishNavigation];
+
+    [webView _killWebContentProcess];
+    [delegate waitForDidFinishNavigation];
+
+    EXPECT_NOT_NULL([delegate lastNavigationAction]);
+    EXPECT_FALSE([[delegate lastNavigationAction] _shouldOpenAppLinks]);
+}

From 6d977257b8177aba888d0eb0b7deee16ef3a7817 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 11:28:53 -0800
Subject: [PATCH 065/174] Address safer cpp failures in
 LocalFrameViewLayoutContext.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288271

Reviewed by Geoffrey Garen.

* Source/WebCore/page/LocalFrameViewLayoutContext.cpp:
(WebCore::LayoutScope::LayoutScope):
(WebCore::LayoutScope::~LayoutScope):
(WebCore::LocalFrameViewLayoutContext::layout):
(WebCore::LocalFrameViewLayoutContext::performLayout):
(WebCore::LocalFrameViewLayoutContext::scheduleLayout):
(WebCore::LocalFrameViewLayoutContext::applyTextSizingIfNeeded):
(WebCore::LocalFrameViewLayoutContext::renderView const):
(WebCore::LocalFrameViewLayoutContext::protectedDocument const):
* Source/WebCore/page/LocalFrameViewLayoutContext.h:

Canonical link: https://commits.webkit.org/290886@main
---
 .../NoUncheckedPtrMemberCheckerExpectations   |  1 -
 .../UncheckedCallArgsCheckerExpectations      |  1 -
 .../UncountedCallArgsCheckerExpectations      |  1 -
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 .../page/LocalFrameViewLayoutContext.cpp      | 38 +++++++++++--------
 .../page/LocalFrameViewLayoutContext.h        |  1 +
 6 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations b/Source/WebCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations
index 9043f83f36a94..7bdb25154a5c2 100644
--- a/Source/WebCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations
@@ -1,7 +1,6 @@
 Modules/websockets/WorkerThreadableWebSocketChannel.h
 html/parser/HTMLTreeBuilder.h
 loader/WorkerThreadableLoader.h
-page/LocalFrameViewLayoutContext.cpp
 page/scrolling/ScrollAnchoringController.h
 platform/ScrollAnimator.h
 platform/Scrollbar.h
diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
index 063f5fab3c2ea..604ca3e756079 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
@@ -41,7 +41,6 @@ page/EventHandler.cpp
 page/FrameSnapshotting.cpp
 page/IntersectionObserver.cpp
 page/LocalFrameView.cpp
-page/LocalFrameViewLayoutContext.cpp
 page/NavigateEvent.cpp
 page/PageColorSampler.cpp
 page/PageConsoleClient.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index f8aae76ed5592..f08570b2ea182 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -942,7 +942,6 @@ page/IntersectionObserver.cpp
 page/LocalDOMWindow.cpp
 page/LocalFrame.cpp
 page/LocalFrameView.cpp
-page/LocalFrameViewLayoutContext.cpp
 page/Location.cpp
 page/Navigation.cpp
 page/NavigationDestination.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 5257588866d69..d7feec90a14e3 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -522,7 +522,6 @@ page/IntersectionObserver.cpp
 page/LocalDOMWindow.cpp
 page/LocalFrame.cpp
 page/LocalFrameView.cpp
-page/LocalFrameViewLayoutContext.cpp
 page/Location.cpp
 page/Navigation.cpp
 page/Navigator.cpp
diff --git a/Source/WebCore/page/LocalFrameViewLayoutContext.cpp b/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
index 2ed81de9d2a62..9ef5c52442c47 100644
--- a/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
+++ b/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
@@ -116,16 +116,16 @@ class LayoutScope {
         , m_schedulingIsEnabled(layoutContext.m_layoutSchedulingIsEnabled, false)
         , m_previousScrollType(layoutContext.view().currentScrollType())
     {
-        m_view.setCurrentScrollType(ScrollType::Programmatic);
+        m_view->setCurrentScrollType(ScrollType::Programmatic);
     }
         
     ~LayoutScope()
     {
-        m_view.setCurrentScrollType(m_previousScrollType);
+        m_view->setCurrentScrollType(m_previousScrollType);
     }
         
 private:
-    LocalFrameView& m_view;
+    const Ref<LocalFrameView> m_view;
     SetForScope<LocalFrameViewLayoutContext::LayoutNestedState> m_nestedState;
     SetForScope<bool> m_schedulingIsEnabled;
     ScrollType m_previousScrollType;
@@ -160,7 +160,7 @@ void LocalFrameViewLayoutContext::layout(bool canDeferUpdateLayerPositions)
 
     Style::Scope::LayoutDependencyUpdateContext layoutDependencyUpdateContext;
     while (document() && document()->styleScope().invalidateForLayoutDependencies(layoutDependencyUpdateContext)) {
-        document()->updateStyleIfNeeded();
+        protectedDocument()->updateStyleIfNeeded();
 
         if (!needsLayout())
             break;
@@ -207,7 +207,7 @@ void LocalFrameViewLayoutContext::performLayout(bool canDeferUpdateLayerPosition
     {
         SetForScope layoutPhase(m_layoutPhase, LayoutPhase::InPreLayout);
 
-        if (!document()->isInStyleInterleavedLayoutForSelfOrAncestor()) {
+        if (!protectedDocument()->isInStyleInterleavedLayoutForSelfOrAncestor()) {
             // If this is a new top-level layout and there are any remaining tasks from the previous layout, finish them now.
             if (!isLayoutNested() && m_postLayoutTaskTimer.isActive())
                 runPostLayoutTasks();
@@ -462,7 +462,8 @@ void LocalFrameViewLayoutContext::scheduleLayout()
     // FIXME: We should assert the page is not in the back/forward cache, but that is causing
     // too many false assertions. See <rdar://problem/7218118>.
     ASSERT(frame().view() == &view());
-    if (!document())
+    RefPtr document = this->document();
+    if (!document)
         return;
 
     if (subtreeLayoutRoot())
@@ -471,14 +472,14 @@ void LocalFrameViewLayoutContext::scheduleLayout()
     if (isLayoutPending())
         return;
 
-    if (!isLayoutSchedulingEnabled() || !document()->shouldScheduleLayout())
+    if (!isLayoutSchedulingEnabled() || !document->shouldScheduleLayout())
         return;
     if (!needsLayout())
         return;
 
 #if !LOG_DISABLED
-    if (!document()->ownerElement())
-        LOG(Layout, "LocalFrameView %p layout timer scheduled at %.3fs", this, document()->timeSinceDocumentCreation().value());
+    if (!document->ownerElement())
+        LOG(Layout, "LocalFrameView %p layout timer scheduled at %.3fs", this, document->timeSinceDocumentCreation().value());
 #endif
 
     InspectorInstrumentation::didInvalidateLayout(protectedFrame());
@@ -599,17 +600,17 @@ bool LocalFrameViewLayoutContext::canPerformLayout() const
 void LocalFrameViewLayoutContext::applyTextSizingIfNeeded(RenderElement& layoutRoot)
 {
     ASSERT(document());
-    if (document()->quirks().shouldIgnoreTextAutoSizing())
+    if (protectedDocument()->quirks().shouldIgnoreTextAutoSizing())
         return;
-    auto& settings = layoutRoot.settings();
-    bool idempotentMode = settings.textAutosizingUsesIdempotentMode();
-    if (!settings.textAutosizingEnabled() || idempotentMode || renderView()->printing())
+    Ref settings = layoutRoot.settings();
+    bool idempotentMode = settings->textAutosizingUsesIdempotentMode();
+    if (!settings->textAutosizingEnabled() || idempotentMode || renderView()->printing())
         return;
-    auto minimumZoomFontSize = settings.minimumZoomFontSize();
+    auto minimumZoomFontSize = settings->minimumZoomFontSize();
     if (!idempotentMode && !minimumZoomFontSize)
         return;
     auto textAutosizingWidth = layoutRoot.page().textAutosizingWidth();
-    if (auto overrideWidth = settings.textAutosizingWindowSizeOverrideWidth())
+    if (auto overrideWidth = settings->textAutosizingWindowSizeOverrideWidth())
         textAutosizingWidth = overrideWidth;
     if (!idempotentMode && !textAutosizingWidth)
         return;
@@ -785,7 +786,7 @@ Ref<LocalFrameView> LocalFrameViewLayoutContext::protectedView() const
 
 RenderView* LocalFrameViewLayoutContext::renderView() const
 {
-    return view().renderView();
+    return protectedView()->renderView();
 }
 
 Document* LocalFrameViewLayoutContext::document() const
@@ -793,4 +794,9 @@ Document* LocalFrameViewLayoutContext::document() const
     return frame().document();
 }
 
+RefPtr<Document> LocalFrameViewLayoutContext::protectedDocument() const
+{
+    return document();
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/page/LocalFrameViewLayoutContext.h b/Source/WebCore/page/LocalFrameViewLayoutContext.h
index ab48431d627db..a37555a5b8bcf 100644
--- a/Source/WebCore/page/LocalFrameViewLayoutContext.h
+++ b/Source/WebCore/page/LocalFrameViewLayoutContext.h
@@ -209,6 +209,7 @@ class LocalFrameViewLayoutContext final : public CanMakeCheckedPtr<LocalFrameVie
     Ref<LocalFrameView> protectedView() const;
     RenderView* renderView() const;
     Document* document() const;
+    RefPtr<Document> protectedDocument() const;
 
     SingleThreadWeakRef<LocalFrameView> m_frameView;
     Timer m_layoutTimer;

From 7aff9134ae33408154331ba744d698c806e984af Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 11:30:18 -0800
Subject: [PATCH 066/174] Address safer cpp failures in
 SerializedScriptValue.cpp https://bugs.webkit.org/show_bug.cgi?id=288275

Reviewed by Geoffrey Garen.

* Source/WebCore/bindings/js/JSExecState.cpp:
(WebCore::protectedExecutionContext):
* Source/WebCore/bindings/js/JSExecState.h:
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::serializeAndWrapCryptoKey):
(WebCore::unwrapCryptoKey):
(WebCore::CloneSerializer::dumpDOMPoint):
(WebCore::CloneSerializer::dumpDOMRect):
(WebCore::CloneSerializer::dumpDOMMatrix):
(WebCore::CloneSerializer::dumpDOMQuad):
(WebCore::CloneSerializer::dumpImageBitmap):
(WebCore::CloneSerializer::dumpWebCodecsEncodedVideoChunk):
(WebCore::CloneSerializer::dumpWebCodecsEncodedAudioChunk):
(WebCore::CloneSerializer::dumpDOMException):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::readFile):
(WebCore::CloneDeserializer::readTransferredImageBitmap):
(WebCore::CloneDeserializer::readOffscreenCanvas):
(WebCore::CloneDeserializer::readRTCDataChannel):
(WebCore::CloneDeserializer::readWebCodecsVideoFrame):
(WebCore::CloneDeserializer::readWebCodecsAudioData):
(WebCore::CloneDeserializer::readMediaStreamTrack):
(WebCore::CloneDeserializer::readImageBitmap):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::writeBlobsToDiskForIndexedDBSynchronously):
* Source/WebCore/dom/DOMQuad.h:

Canonical link: https://commits.webkit.org/290887@main
---
 .../Modules/mediastream/RTCCertificate.h      |   1 +
 .../UncountedCallArgsCheckerExpectations      |   2 -
 ...UncountedLambdaCapturesCheckerExpectations |   1 -
 .../UncountedLocalVarsCheckerExpectations     |   1 -
 Source/WebCore/bindings/js/JSExecState.cpp    |   5 +
 Source/WebCore/bindings/js/JSExecState.h      |   1 +
 .../bindings/js/SerializedScriptValue.cpp     | 177 +++++++++---------
 Source/WebCore/dom/DOMQuad.h                  |   8 +-
 .../platform/graphics/ByteArrayPixelBuffer.h  |   1 +
 9 files changed, 101 insertions(+), 96 deletions(-)

diff --git a/Source/WebCore/Modules/mediastream/RTCCertificate.h b/Source/WebCore/Modules/mediastream/RTCCertificate.h
index 486fd345b6aad..6c3f38196fcdc 100644
--- a/Source/WebCore/Modules/mediastream/RTCCertificate.h
+++ b/Source/WebCore/Modules/mediastream/RTCCertificate.h
@@ -47,6 +47,7 @@ class RTCCertificate : public RefCounted<RTCCertificate> {
     const String& pemCertificate() const { return m_pemCertificate; }
     const String& pemPrivateKey() const { return m_pemPrivateKey; }
     const SecurityOrigin& origin() const { return m_origin.get(); }
+    Ref<SecurityOrigin> protectedOrigin() const { return m_origin; }
 
 private:
     RTCCertificate(Ref<SecurityOrigin>&&, double expires, Vector<DtlsFingerprint>&&, String&& pemCertificate, String&& pemPrivateKey);
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index f08570b2ea182..6769a54aaa747 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -332,7 +332,6 @@ bindings/js/JSDOMIterator.h
 bindings/js/JSDOMMapLike.h
 bindings/js/JSDOMPromiseDeferred.cpp
 bindings/js/JSDOMPromiseDeferred.h
-bindings/js/JSDOMQuadCustom.cpp
 bindings/js/JSDOMSetLike.h
 bindings/js/JSDOMWindowBase.cpp
 bindings/js/JSDOMWindowCustom.cpp
@@ -402,7 +401,6 @@ bindings/js/ScriptBufferSourceProvider.h
 bindings/js/ScriptCachedFrameData.cpp
 bindings/js/ScriptModuleLoader.cpp
 bindings/js/ScriptSourceCode.h
-bindings/js/SerializedScriptValue.cpp
 bindings/js/WebAssemblyScriptBufferSourceProvider.h
 bindings/js/WebCoreJSClientData.cpp
 bindings/js/WebCoreTypedArrayController.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 968c1cbaba467..04582eb8d4158 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -69,7 +69,6 @@ accessibility/mac/WebAccessibilityObjectWrapperMac.mm
 animation/BlendingKeyframes.cpp
 animation/KeyframeEffect.cpp
 bindings/js/JSDOMPromiseDeferred.cpp
-bindings/js/SerializedScriptValue.cpp
 contentextensions/ContentExtensionsBackend.cpp
 crypto/SubtleCrypto.cpp
 css/CSSFontFace.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index d7feec90a14e3..2e5bf5106a97d 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -203,7 +203,6 @@ bindings/js/JSWorkerGlobalScopeCustom.cpp
 bindings/js/JSXMLHttpRequestCustom.cpp
 bindings/js/ScriptCachedFrameData.cpp
 bindings/js/ScriptModuleLoader.cpp
-bindings/js/SerializedScriptValue.cpp
 bindings/js/WebCoreJSClientData.cpp
 bindings/js/WindowProxy.cpp
 bridge/objc/WebScriptObject.mm
diff --git a/Source/WebCore/bindings/js/JSExecState.cpp b/Source/WebCore/bindings/js/JSExecState.cpp
index eb63340367b03..0b70757622e69 100644
--- a/Source/WebCore/bindings/js/JSExecState.cpp
+++ b/Source/WebCore/bindings/js/JSExecState.cpp
@@ -58,4 +58,9 @@ ScriptExecutionContext* executionContext(JSC::JSGlobalObject* globalObject)
     return JSC::jsCast<JSDOMGlobalObject*>(globalObject)->scriptExecutionContext();
 }
 
+RefPtr<ScriptExecutionContext> protectedExecutionContext(JSC::JSGlobalObject* globalObject)
+{
+    return executionContext(globalObject);
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/bindings/js/JSExecState.h b/Source/WebCore/bindings/js/JSExecState.h
index 6843f58c4a32e..193a1ac37c5ea 100644
--- a/Source/WebCore/bindings/js/JSExecState.h
+++ b/Source/WebCore/bindings/js/JSExecState.h
@@ -219,5 +219,6 @@ JSC::JSValue functionCallHandlerFromAnyThread(JSC::JSGlobalObject*, JSC::JSValue
 JSC::JSValue evaluateHandlerFromAnyThread(JSC::JSGlobalObject*, const JSC::SourceCode&, JSC::JSValue thisValue, NakedPtr<JSC::Exception>& returnedException);
 
 ScriptExecutionContext* executionContext(JSC::JSGlobalObject*);
+RefPtr<ScriptExecutionContext> protectedExecutionContext(JSC::JSGlobalObject*);
 
 } // namespace WebCore
diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
index 9fd8ef7991945..51e8980876142 100644
--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
@@ -967,7 +967,7 @@ class CloneBase {
 
 static std::optional<Vector<uint8_t>> serializeAndWrapCryptoKey(JSGlobalObject* lexicalGlobalObject, WebCore::CryptoKeyData&& key)
 {
-    auto context = executionContext(lexicalGlobalObject);
+    RefPtr context = executionContext(lexicalGlobalObject);
     if (!context)
         return std::nullopt;
 
@@ -976,7 +976,7 @@ static std::optional<Vector<uint8_t>> serializeAndWrapCryptoKey(JSGlobalObject*
 
 static std::optional<Vector<uint8_t>> unwrapCryptoKey(JSGlobalObject* lexicalGlobalObject, const Vector<uint8_t>& wrappedKey)
 {
-    auto context = executionContext(lexicalGlobalObject);
+    RefPtr context = executionContext(lexicalGlobalObject);
     if (!context)
         return std::nullopt;
 
@@ -1566,7 +1566,7 @@ class CloneSerializer : public CloneBase {
         else
             write(DOMPointReadOnlyTag);
 
-        dumpDOMPoint(jsCast<JSDOMPointReadOnly*>(obj)->wrapped());
+        dumpDOMPoint(jsCast<JSDOMPointReadOnly*>(obj)->protectedWrapped());
     }
 
     void dumpDOMRect(JSObject* obj)
@@ -1576,11 +1576,11 @@ class CloneSerializer : public CloneBase {
         else
             write(DOMRectReadOnlyTag);
 
-        auto& rect = jsCast<JSDOMRectReadOnly*>(obj)->wrapped();
-        write(rect.x());
-        write(rect.y());
-        write(rect.width());
-        write(rect.height());
+        Ref rect = jsCast<JSDOMRectReadOnly*>(obj)->wrapped();
+        write(rect->x());
+        write(rect->y());
+        write(rect->width());
+        write(rect->height());
     }
 
     void dumpDOMMatrix(JSObject* obj)
@@ -1590,33 +1590,33 @@ class CloneSerializer : public CloneBase {
         else
             write(DOMMatrixReadOnlyTag);
 
-        auto& matrix = jsCast<JSDOMMatrixReadOnly*>(obj)->wrapped();
-        bool is2D = matrix.is2D();
+        Ref matrix = jsCast<JSDOMMatrixReadOnly*>(obj)->wrapped();
+        bool is2D = matrix->is2D();
         write(is2D);
         if (is2D) {
-            write(matrix.m11());
-            write(matrix.m12());
-            write(matrix.m21());
-            write(matrix.m22());
-            write(matrix.m41());
-            write(matrix.m42());
+            write(matrix->m11());
+            write(matrix->m12());
+            write(matrix->m21());
+            write(matrix->m22());
+            write(matrix->m41());
+            write(matrix->m42());
         } else {
-            write(matrix.m11());
-            write(matrix.m12());
-            write(matrix.m13());
-            write(matrix.m14());
-            write(matrix.m21());
-            write(matrix.m22());
-            write(matrix.m23());
-            write(matrix.m24());
-            write(matrix.m31());
-            write(matrix.m32());
-            write(matrix.m33());
-            write(matrix.m34());
-            write(matrix.m41());
-            write(matrix.m42());
-            write(matrix.m43());
-            write(matrix.m44());
+            write(matrix->m11());
+            write(matrix->m12());
+            write(matrix->m13());
+            write(matrix->m14());
+            write(matrix->m21());
+            write(matrix->m22());
+            write(matrix->m23());
+            write(matrix->m24());
+            write(matrix->m31());
+            write(matrix->m32());
+            write(matrix->m33());
+            write(matrix->m34());
+            write(matrix->m41());
+            write(matrix->m42());
+            write(matrix->m43());
+            write(matrix->m44());
         }
     }
 
@@ -1624,32 +1624,32 @@ class CloneSerializer : public CloneBase {
     {
         write(DOMQuadTag);
 
-        auto& quad = jsCast<JSDOMQuad*>(obj)->wrapped();
-        dumpDOMPoint(quad.p1());
-        dumpDOMPoint(quad.p2());
-        dumpDOMPoint(quad.p3());
-        dumpDOMPoint(quad.p4());
+        Ref quad = jsCast<JSDOMQuad*>(obj)->wrapped();
+        dumpDOMPoint(quad->p1());
+        dumpDOMPoint(quad->p2());
+        dumpDOMPoint(quad->p3());
+        dumpDOMPoint(quad->p4());
     }
 
     void dumpImageBitmap(JSObject* obj, SerializationReturnCode& code)
     {
-        auto& imageBitmap = jsCast<JSImageBitmap*>(obj)->wrapped();
+        Ref imageBitmap = jsCast<JSImageBitmap*>(obj)->wrapped();
         auto index = m_transferredImageBitmaps.find(obj);
         if (index != m_transferredImageBitmaps.end()) {
 #if USE(SKIA)
-            imageBitmap.prepareForCrossThreadTransfer();
+            imageBitmap->prepareForCrossThreadTransfer();
 #endif
             write(ImageBitmapTransferTag);
             write(index->value);
             return;
         }
 
-        if (!imageBitmap.originClean()) {
+        if (!imageBitmap->originClean()) {
             code = SerializationReturnCode::DataCloneError;
             return;
         }
 
-        auto* buffer = imageBitmap.buffer();
+        RefPtr buffer = imageBitmap->buffer();
         if (!buffer) {
             code = SerializationReturnCode::ValidationError;
             return;
@@ -1664,7 +1664,7 @@ class CloneSerializer : public CloneBase {
             return;
         }
 
-        auto arrayBuffer = pixelBuffer->data().possiblySharedBuffer();
+        auto arrayBuffer = pixelBuffer->protectedData()->possiblySharedBuffer();
         if (!arrayBuffer) {
             code = SerializationReturnCode::ValidationError;
             return;
@@ -1673,9 +1673,9 @@ class CloneSerializer : public CloneBase {
         // Origin must be clean to transfer, but the check was not always in place. Ensure tainted ImageBitmaps are not
         // loaded anymore.
         flags.add(ImageBitmapSerializationFlags::OriginClean);
-        if (imageBitmap.premultiplyAlpha())
+        if (imageBitmap->premultiplyAlpha())
             flags.add(ImageBitmapSerializationFlags::PremultiplyAlpha);
-        if (imageBitmap.forciblyPremultiplyAlpha())
+        if (imageBitmap->forciblyPremultiplyAlpha())
             flags.add(ImageBitmapSerializationFlags::ForciblyPremultiplyAlpha);
         write(ImageBitmapTag);
         write(static_cast<uint8_t>(flags.toRaw()));
@@ -1728,12 +1728,12 @@ class CloneSerializer : public CloneBase {
 #if ENABLE(WEB_CODECS)
     void dumpWebCodecsEncodedVideoChunk(JSObject* obj)
     {
-        auto& videoChunk = jsCast<JSWebCodecsEncodedVideoChunk*>(obj)->wrapped();
+        Ref videoChunk = jsCast<JSWebCodecsEncodedVideoChunk*>(obj)->wrapped();
 
-        auto index = m_serializedVideoChunks.find(&videoChunk.storage());
+        auto index = m_serializedVideoChunks.find(&videoChunk->storage());
         if (index == notFound) {
             index = m_serializedVideoChunks.size();
-            m_serializedVideoChunks.append(&videoChunk.storage());
+            m_serializedVideoChunks.append(&videoChunk->storage());
         }
 
         write(WebCodecsEncodedVideoChunkTag);
@@ -1758,12 +1758,12 @@ class CloneSerializer : public CloneBase {
 
     void dumpWebCodecsEncodedAudioChunk(JSObject* obj)
     {
-        auto& audioChunk = jsCast<JSWebCodecsEncodedAudioChunk*>(obj)->wrapped();
+        Ref audioChunk = jsCast<JSWebCodecsEncodedAudioChunk*>(obj)->wrapped();
 
-        auto index = m_serializedAudioChunks.find(&audioChunk.storage());
+        auto index = m_serializedAudioChunks.find(&audioChunk->storage());
         if (index == notFound) {
             index = m_serializedAudioChunks.size();
-            m_serializedAudioChunks.append(&audioChunk.storage());
+            m_serializedAudioChunks.append(&audioChunk->storage());
         }
 
         write(WebCodecsEncodedAudioChunkTag);
@@ -1817,7 +1817,7 @@ class CloneSerializer : public CloneBase {
 
     void dumpDOMException(JSObject* obj, SerializationReturnCode& code)
     {
-        if (auto* exception = JSDOMException::toWrapped(m_lexicalGlobalObject->vm(), obj)) {
+        if (RefPtr exception = JSDOMException::toWrapped(m_lexicalGlobalObject->vm(), obj)) {
             write(DOMExceptionTag);
             write(exception->message());
             write(exception->name());
@@ -1893,19 +1893,19 @@ class CloneSerializer : public CloneBase {
                 dumpBigIntData(bigIntValue);
                 return true;
             }
-            if (auto* file = JSFile::toWrapped(vm, obj)) {
+            if (RefPtr file = JSFile::toWrapped(vm, obj)) {
                 write(FileTag);
                 write(*file);
                 return true;
             }
-            if (auto* list = JSFileList::toWrapped(vm, obj)) {
+            if (RefPtr list = JSFileList::toWrapped(vm, obj)) {
                 write(FileListTag);
                 write(list->length());
                 for (auto& file : list->files())
                     write(file.get());
                 return true;
             }
-            if (auto* blob = JSBlob::toWrapped(vm, obj)) {
+            if (RefPtr blob = JSBlob::toWrapped(vm, obj)) {
                 write(BlobTag);
                 m_blobHandles.append(blob->handle().isolatedCopy());
                 write(blob->url().string());
@@ -1917,7 +1917,7 @@ class CloneSerializer : public CloneBase {
                 write(memoryCost);
                 return true;
             }
-            if (auto* data = JSImageData::toWrapped(vm, obj)) {
+            if (RefPtr data = JSImageData::toWrapped(vm, obj)) {
                 write(ImageDataTag);
                 auto addResult = m_imageDataPool.add(*data, m_imageDataPool.size());
                 if (!addResult.isNewEntry) {
@@ -1966,7 +1966,7 @@ class CloneSerializer : public CloneBase {
                 } else if (m_context == SerializationContext::CloneAcrossWorlds) {
                     write(InMemoryMessagePortTag);
                     write(static_cast<uint32_t>(m_inMemoryMessagePorts.size()));
-                    m_inMemoryMessagePorts.append(jsCast<JSMessagePort*>(obj)->wrapped());
+                    m_inMemoryMessagePorts.append(jsCast<JSMessagePort*>(obj)->protectedWrapped());
                     return true;
                 }
                 // MessagePort object could not be found in transferred message ports
@@ -2029,7 +2029,7 @@ class CloneSerializer : public CloneBase {
                 addToObjectPool<ArrayBufferViewTag>(obj);
                 return success;
             }
-            if (auto* key = JSCryptoKey::toWrapped(vm, obj)) {
+            if (RefPtr key = JSCryptoKey::toWrapped(vm, obj)) {
                 write(CryptoKeyTag);
                 auto wrappedKey = serializeAndWrapCryptoKey(m_lexicalGlobalObject, key->data());
                 if (!wrappedKey) {
@@ -2041,11 +2041,11 @@ class CloneSerializer : public CloneBase {
                 return true;
             }
 #if ENABLE(WEB_RTC)
-            if (auto* rtcCertificate = JSRTCCertificate::toWrapped(vm, obj)) {
+            if (RefPtr rtcCertificate = JSRTCCertificate::toWrapped(vm, obj)) {
                 write(RTCCertificateTag);
                 write(rtcCertificate->expires());
                 write(rtcCertificate->pemCertificate());
-                write(rtcCertificate->origin().toString());
+                write(rtcCertificate->protectedOrigin()->toString());
                 write(rtcCertificate->pemPrivateKey());
                 write(static_cast<unsigned>(rtcCertificate->getFingerprints().size()));
                 for (const auto& fingerprint : rtcCertificate->getFingerprints()) {
@@ -3645,7 +3645,7 @@ class CloneDeserializer : public CloneBase {
         if (!m_canCreateDOMObject)
             return true;
 
-        file = File::deserialize(executionContext(m_lexicalGlobalObject), filePath, URL { url->string() }, type->string(), name->string(), optionalLastModified);
+        file = File::deserialize(protectedExecutionContext(m_lexicalGlobalObject).get(), filePath, URL { url->string() }, type->string(), name->string(), optionalLastModified);
         return true;
     }
 
@@ -4450,13 +4450,13 @@ class CloneDeserializer : public CloneBase {
         }
 
         if (!m_imageBitmaps[index] && m_detachedImageBitmaps.at(index))
-            m_imageBitmaps[index] = ImageBitmap::create(*executionContext(m_lexicalGlobalObject), WTFMove(*m_detachedImageBitmaps.at(index)));
+            m_imageBitmaps[index] = ImageBitmap::create(*protectedExecutionContext(m_lexicalGlobalObject).get(), WTFMove(*m_detachedImageBitmaps.at(index)));
 
-        auto bitmap = m_imageBitmaps[index].get();
+        RefPtr bitmap = m_imageBitmaps[index];
 #if USE(SKIA)
         bitmap->finalizeCrossThreadTransfer();
 #endif
-        return getJSValue(bitmap);
+        return getJSValue(bitmap.get());
     }
 
 #if ENABLE(OFFSCREEN_CANVAS_IN_WORKERS)
@@ -4471,10 +4471,10 @@ class CloneDeserializer : public CloneBase {
         }
 
         if (!m_offscreenCanvases[index])
-            m_offscreenCanvases[index] = OffscreenCanvas::create(*executionContext(m_lexicalGlobalObject), WTFMove(m_detachedOffscreenCanvases.at(index)));
+            m_offscreenCanvases[index] = OffscreenCanvas::create(*protectedExecutionContext(m_lexicalGlobalObject), WTFMove(m_detachedOffscreenCanvases.at(index)));
 
-        auto offscreenCanvas = m_offscreenCanvases[index].get();
-        return getJSValue(offscreenCanvas);
+        RefPtr offscreenCanvas = m_offscreenCanvases[index];
+        return getJSValue(offscreenCanvas.get());
     }
 
     JSValue readInMemoryOffscreenCanvas()
@@ -4556,7 +4556,7 @@ class CloneDeserializer : public CloneBase {
 
         if (!m_rtcDataChannels[index]) {
             auto detachedChannel = WTFMove(m_detachedRTCDataChannels.at(index));
-            m_rtcDataChannels[index] = RTCDataChannel::create(*executionContext(m_lexicalGlobalObject), detachedChannel->identifier, WTFMove(detachedChannel->label), WTFMove(detachedChannel->options), detachedChannel->state);
+            m_rtcDataChannels[index] = RTCDataChannel::create(*protectedExecutionContext(m_lexicalGlobalObject), detachedChannel->identifier, WTFMove(detachedChannel->label), WTFMove(detachedChannel->options), detachedChannel->state);
         }
 
         return getJSValue(m_rtcDataChannels[index].get());
@@ -4590,7 +4590,7 @@ class CloneDeserializer : public CloneBase {
         }
 
         if (!m_videoFrames[index])
-            m_videoFrames[index] = WebCodecsVideoFrame::create(*executionContext(m_lexicalGlobalObject), WTFMove(m_serializedVideoFrames.at(index)));
+            m_videoFrames[index] = WebCodecsVideoFrame::create(*protectedExecutionContext(m_lexicalGlobalObject), WTFMove(m_serializedVideoFrames.at(index)));
 
         return getJSValue(m_videoFrames[index].get());
     }
@@ -4620,7 +4620,7 @@ class CloneDeserializer : public CloneBase {
         }
 
         if (!m_audioData[index])
-            m_audioData[index] = WebCodecsAudioData::create(*executionContext(m_lexicalGlobalObject), WTFMove(m_serializedAudioData.at(index)));
+            m_audioData[index] = WebCodecsAudioData::create(*protectedExecutionContext(m_lexicalGlobalObject), WTFMove(m_serializedAudioData.at(index)));
 
         return getJSValue(m_audioData[index].get());
     }
@@ -4637,7 +4637,7 @@ class CloneDeserializer : public CloneBase {
         }
 
         if (!m_mediaStreamTracks[index])
-            m_mediaStreamTracks[index] = MediaStreamTrack::create(*executionContext(m_lexicalGlobalObject), makeUniqueRefFromNonNullUniquePtr(std::exchange(m_serializedMediaStreamTracks.at(index), { })));
+            m_mediaStreamTracks[index] = MediaStreamTrack::create(*protectedExecutionContext(m_lexicalGlobalObject), makeUniqueRefFromNonNullUniquePtr(std::exchange(m_serializedMediaStreamTracks.at(index), { })));
 
         return getJSValue(m_mediaStreamTracks[index].get());
     }
@@ -4684,7 +4684,7 @@ class CloneDeserializer : public CloneBase {
         auto imageDataSize = logicalSize;
         imageDataSize.scale(resolutionScale);
 
-        auto buffer = ImageBitmap::createImageBuffer(*executionContext(m_lexicalGlobalObject), logicalSize, RenderingMode::Unaccelerated, colorSpace, resolutionScale);
+        auto buffer = ImageBitmap::createImageBuffer(*protectedExecutionContext(m_lexicalGlobalObject), logicalSize, RenderingMode::Unaccelerated, colorSpace, resolutionScale);
         if (!buffer) {
             SERIALIZE_TRACE("FAIL deserialize");
             fail();
@@ -4987,7 +4987,7 @@ class CloneDeserializer : public CloneBase {
                 return JSValue();
             if (!m_canCreateDOMObject)
                 return jsNull();
-            return getJSValue(Blob::deserialize(executionContext(m_lexicalGlobalObject), URL { url->string() }, type->string(), size, memoryCost, blobFilePathForBlobURL(url->string())).get());
+            return getJSValue(Blob::deserialize(protectedExecutionContext(m_lexicalGlobalObject).get(), URL { url->string() }, type->string(), size, memoryCost, blobFilePathForBlobURL(url->string())).get());
         }
         case StringTag: {
             CachedStringRef cachedString;
@@ -6080,14 +6080,14 @@ ExceptionOr<Ref<SerializedScriptValue>> SerializedScriptValue::create(JSGlobalOb
             arrayBuffers.append(WTFMove(arrayBuffer));
             continue;
         }
-        if (auto port = JSMessagePort::toWrapped(vm, transferable.get())) {
+        if (RefPtr port = JSMessagePort::toWrapped(vm, transferable.get())) {
             if (port->isDetached())
                 return Exception { ExceptionCode::DataCloneError, "MessagePort is detached"_s };
-            messagePorts.append(*port);
+            messagePorts.append(port.releaseNonNull());
             continue;
         }
 
-        if (auto imageBitmap = JSImageBitmap::toWrapped(vm, transferable.get())) {
+        if (RefPtr imageBitmap = JSImageBitmap::toWrapped(vm, transferable.get())) {
             if (imageBitmap->isDetached())
                 return Exception { ExceptionCode::DataCloneError };
             if (!imageBitmap->originClean())
@@ -6098,48 +6098,48 @@ ExceptionOr<Ref<SerializedScriptValue>> SerializedScriptValue::create(JSGlobalOb
         }
 
 #if ENABLE(OFFSCREEN_CANVAS_IN_WORKERS)
-        if (auto offscreenCanvas = JSOffscreenCanvas::toWrapped(vm, transferable.get())) {
+        if (RefPtr offscreenCanvas = JSOffscreenCanvas::toWrapped(vm, transferable.get())) {
             offscreenCanvases.append(WTFMove(offscreenCanvas));
             continue;
         }
 #endif
 
 #if ENABLE(WEB_RTC)
-        if (auto channel = JSRTCDataChannel::toWrapped(vm, transferable.get())) {
-            dataChannels.append(*channel);
+        if (RefPtr channel = JSRTCDataChannel::toWrapped(vm, transferable.get())) {
+            dataChannels.append(channel.releaseNonNull());
             continue;
         }
 #endif
 
 #if ENABLE(MEDIA_SOURCE_IN_WORKERS)
-        if (auto handle = JSMediaSourceHandle::toWrapped(vm, transferable.get())) {
+        if (RefPtr handle = JSMediaSourceHandle::toWrapped(vm, transferable.get())) {
             if (handle->isDetached())
                 return Exception { ExceptionCode::DataCloneError };
-            mediaSourceHandles.append(*handle);
+            mediaSourceHandles.append(handle.releaseNonNull());
             continue;
         }
 #endif
 
 #if ENABLE(WEB_CODECS)
-        if (auto videoFrame = JSWebCodecsVideoFrame::toWrapped(vm, transferable.get())) {
+        if (RefPtr videoFrame = JSWebCodecsVideoFrame::toWrapped(vm, transferable.get())) {
             if (videoFrame->isDetached())
                 return Exception { ExceptionCode::DataCloneError };
-            transferredVideoFrames.append(*videoFrame);
+            transferredVideoFrames.append(videoFrame.releaseNonNull());
             continue;
         }
-        if (auto audioData = JSWebCodecsAudioData::toWrapped(vm, transferable.get())) {
+        if (RefPtr audioData = JSWebCodecsAudioData::toWrapped(vm, transferable.get())) {
             if (audioData->isDetached())
                 return Exception { ExceptionCode::DataCloneError };
-            transferredAudioData.append(*audioData);
+            transferredAudioData.append(audioData.releaseNonNull());
             continue;
         }
 #endif
 
 #if ENABLE(MEDIA_STREAM)
-        if (auto track = JSMediaStreamTrack::toWrapped(vm, transferable.get())) {
+        if (RefPtr track = JSMediaStreamTrack::toWrapped(vm, transferable.get())) {
             if (track->isDetached())
                 return Exception { ExceptionCode::DataCloneError };
-            transferredMediaStreamTracks.append(*track);
+            transferredMediaStreamTracks.append(track.releaseNonNull());
             continue;
         }
 #endif
@@ -6438,8 +6438,9 @@ IDBValue SerializedScriptValue::writeBlobsToDiskForIndexedDBSynchronously(bool i
 
     BinarySemaphore semaphore;
     IDBValue value;
-    callOnMainThread([this, &semaphore, &value, isEphemeral] {
-        writeBlobsToDiskForIndexedDB(isEphemeral, [&semaphore, &value](IDBValue&& result) {
+    Ref protectedThis { *this };
+    callOnMainThread([&protectedThis, &semaphore, &value, isEphemeral] {
+        protectedThis->writeBlobsToDiskForIndexedDB(isEphemeral, [&semaphore, &value](IDBValue&& result) {
             ASSERT(isMainThread());
             value.setAsIsolatedCopy(result);
 
diff --git a/Source/WebCore/dom/DOMQuad.h b/Source/WebCore/dom/DOMQuad.h
index 29085672a0b11..cb6d62997abfc 100644
--- a/Source/WebCore/dom/DOMQuad.h
+++ b/Source/WebCore/dom/DOMQuad.h
@@ -55,10 +55,10 @@ class DOMQuad : public ScriptWrappable, public RefCounted<DOMQuad> {
     DOMQuad(const DOMPointInit&, const DOMPointInit&, const DOMPointInit&, const DOMPointInit&);
     explicit DOMQuad(const DOMRectInit&);
     
-    Ref<DOMPoint> m_p1;
-    Ref<DOMPoint> m_p2;
-    Ref<DOMPoint> m_p3;
-    Ref<DOMPoint> m_p4;
+    const Ref<DOMPoint> m_p1;
+    const Ref<DOMPoint> m_p2;
+    const Ref<DOMPoint> m_p3;
+    const Ref<DOMPoint> m_p4;
 };
 
 }
diff --git a/Source/WebCore/platform/graphics/ByteArrayPixelBuffer.h b/Source/WebCore/platform/graphics/ByteArrayPixelBuffer.h
index a99f5e5b00db4..0653f858f2a3c 100644
--- a/Source/WebCore/platform/graphics/ByteArrayPixelBuffer.h
+++ b/Source/WebCore/platform/graphics/ByteArrayPixelBuffer.h
@@ -39,6 +39,7 @@ class ByteArrayPixelBuffer : public PixelBuffer {
     WEBCORE_EXPORT static RefPtr<ByteArrayPixelBuffer> tryCreate(const PixelBufferFormat&, const IntSize&, Ref<JSC::ArrayBuffer>&&);
 
     JSC::Uint8ClampedArray& data() const { return m_data.get(); }
+    Ref<JSC::Uint8ClampedArray> protectedData() const { return m_data; }
     Ref<JSC::Uint8ClampedArray>&& takeData() { return WTFMove(m_data); }
     WEBCORE_EXPORT std::span<const uint8_t> span() const;
 

From f85f48a446aaf33d07c1173e53b336d761b01785 Mon Sep 17 00:00:00 2001
From: Timothy Hatcher <timothy@apple.com>
Date: Sat, 22 Feb 2025 11:34:48 -0800
Subject: [PATCH 067/174] Fix and enable multiple web extension tests that now
 pass. https://webkit.org/b/287490, https://webkit.org/b/279081,
 https://webkit.org/b/285543 rdar://144626088, rdar://135213974,
 rdar://142487203

Unreviewed test gardening.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RedirectRule)): Crash was fixed.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDevTools.mm: Updated FIXME comments.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIMenus.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIMenus, MacImageContextMenuItems)): Use local resource.
(TestWebKitAPI::TEST(WKWebExtensionAPIMenus, MacVideoContextMenuItems)): Ditto.
(TestWebKitAPI::TEST(WKWebExtensionAPIMenus, MacAudioContextMenuItems)): Ditto.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, GrantOnlySomePermissions)): No longer fails.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIRuntime, ConnectFromContentScriptWithImmediateMessage)):
Stop using setTimeout and use test.sendMessage to trigger the load.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionDataRecord.mm: Added FIXMEs.

Canonical link: https://commits.webkit.org/290888@main
---
 .../WKWebExtensionAPIDeclarativeNetRequest.mm |  3 +-
 .../WebKitCocoa/WKWebExtensionAPIDevTools.mm  |  9 +++---
 .../WebKitCocoa/WKWebExtensionAPIMenus.mm     | 24 ++++++++--------
 .../WKWebExtensionAPIPermissions.mm           |  5 ----
 .../WebKitCocoa/WKWebExtensionAPIRuntime.mm   | 28 +++++++++----------
 .../WebKitCocoa/WKWebExtensionDataRecord.mm   |  2 ++
 6 files changed, 33 insertions(+), 38 deletions(-)

diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm
index 5908ad1eb1187..46ce43c24ebfb 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm
@@ -586,8 +586,7 @@
     Util::run(&receivedActionNotification);
 }
 
-// FIXME: rdar://116459903 (Web Process is crashing when using declarativeNetRequest to redirect a page)
-TEST(WKWebExtensionAPIDeclarativeNetRequest, DISABLED_RedirectRule)
+TEST(WKWebExtensionAPIDeclarativeNetRequest, RedirectRule)
 {
     auto *pageScript = Util::constructScript(@[
         @"<script>",
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDevTools.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDevTools.mm
index 0e1451d28d650..c396a97a6ef2a 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDevTools.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDevTools.mm
@@ -85,7 +85,7 @@
     [manager run];
 }
 
-// FIX-ME: rdar://137268889
+// FIXME: rdar://137268889 (4x TestWebKitAPI.WKWebExtensionAPIDevTools* (api-tests) are near constant timeouts)
 TEST(WKWebExtensionAPIDevTools, DISABLED_CreatePanel)
 {
     TestWebKitAPI::HTTPServer server({
@@ -155,7 +155,7 @@
     [manager runUntilTestMessage:@"Panel Hidden"];
 }
 
-// FIX-ME: rdar://137268889
+// FIXME: rdar://137268889 (4x TestWebKitAPI.WKWebExtensionAPIDevTools* (api-tests) are near constant timeouts)
 TEST(WKWebExtensionAPIDevTools, DISABLED_InspectedWindowEval)
 {
     TestWebKitAPI::HTTPServer server({
@@ -238,7 +238,7 @@
     EXPECT_TRUE(server.totalRequests() == 1lu || server.totalRequests() == 2lu);
 }
 
-// FIX-ME: rdar://137268889
+// FIXME: rdar://137268889 (4x TestWebKitAPI.WKWebExtensionAPIDevTools* (api-tests) are near constant timeouts)
 TEST(WKWebExtensionAPIDevTools, DISABLED_InspectedWindowReloadIgnoringCache)
 {
     TestWebKitAPI::HTTPServer server({
@@ -487,7 +487,8 @@
     [manager run];
 }
 
-TEST(WKWebExtensionAPIDevTools, PortMessagePassingToBackground)
+// FIXME: rdar://137268889 (4x TestWebKitAPI.WKWebExtensionAPIDevTools* (api-tests) are near constant timeouts)
+TEST(WKWebExtensionAPIDevTools, DISABLED_PortMessagePassingToBackground)
 {
     TestWebKitAPI::HTTPServer server({
         { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, ""_s } },
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIMenus.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIMenus.mm
index 94a1742f92803..14db4e54649e1 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIMenus.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIMenus.mm
@@ -1918,8 +1918,7 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager run];
 }
 
-// rdar://144626088 ([ macOS ] 3x TestWebKitAPI.WKWebExtensionAPIMenus.* (api-tests) are flaky timeouts (287490))
-TEST(WKWebExtensionAPIMenus, DISABLED_MacImageContextMenuItems)
+TEST(WKWebExtensionAPIMenus, MacImageContextMenuItems)
 {
     auto *backgroundScript = Util::constructScript(@[
         @"browser.menus.create({",
@@ -1935,7 +1934,7 @@ static inline void performMenuItemAction(auto *menuItem)
         @"  browser.test.assertEq(info.menuItemId, 'image-menu-item')",
         @"  browser.test.assertEq(info.parentMenuItemId, undefined)",
         @"  browser.test.assertEq(info.mediaType, 'image')",
-        @"  browser.test.assertEq(info.srcUrl, 'http://example.com/example.png')",
+        @"  browser.test.assertTrue(info.srcUrl.endsWith('/test.png'))",
         @"  browser.test.assertEq(typeof info.pageUrl, 'string')",
         @"  browser.test.assertTrue(info.pageUrl.startsWith('http://localhost:'))",
         @"  browser.test.assertEq(info.frameId, 0)",
@@ -1976,7 +1975,8 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager runUntilTestMessage:@"Menus Created"];
 
     TestWebKitAPI::HTTPServer server({
-        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<img src='http://example.com/example.png' style='width: 400px; height: 400px'>"_s } },
+        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<img src='test.png' style='width: 400px; height: 400px'>"_s } },
+        { "/test.png"_s, [NSData dataWithContentsOfURL:[NSBundle.test_resourcesBundle URLForResource:@"400x400-green" withExtension:@"png"]] },
     }, TestWebKitAPI::HTTPServer::Protocol::Http);
 
     auto *urlRequest = server.requestWithLocalhost();
@@ -2003,8 +2003,7 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager run];
 }
 
-// rdar://144626088 ([ macOS ] 3x TestWebKitAPI.WKWebExtensionAPIMenus.* (api-tests) are flaky timeouts (287490))
-TEST(WKWebExtensionAPIMenus, DISABLED_MacVideoContextMenuItems)
+TEST(WKWebExtensionAPIMenus, MacVideoContextMenuItems)
 {
     auto *backgroundScript = Util::constructScript(@[
         @"browser.menus.create({",
@@ -2020,7 +2019,7 @@ static inline void performMenuItemAction(auto *menuItem)
         @"  browser.test.assertEq(info.menuItemId, 'video-menu-item')",
         @"  browser.test.assertEq(info.parentMenuItemId, undefined)",
         @"  browser.test.assertEq(info.mediaType, 'video')",
-        @"  browser.test.assertEq(info.srcUrl, 'http://example.com/example.mp4')",
+        @"  browser.test.assertTrue(info.srcUrl.endsWith('/test.mp4'))",
         @"  browser.test.assertEq(typeof info.pageUrl, 'string')",
         @"  browser.test.assertTrue(info.pageUrl.startsWith('http://localhost:'))",
         @"  browser.test.assertEq(info.frameId, 0)",
@@ -2061,7 +2060,8 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager runUntilTestMessage:@"Menus Created"];
 
     TestWebKitAPI::HTTPServer server({
-        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<video src='http://example.com/example.mp4' style='width: 400px; height: 400px' controls></video>"_s } },
+        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<video src='test.mp4' style='width: 400px; height: 400px' controls></video>"_s } },
+        { "/test.mp4"_s, [NSData dataWithContentsOfURL:[NSBundle.test_resourcesBundle URLForResource:@"test" withExtension:@"mp4"]] },
     }, TestWebKitAPI::HTTPServer::Protocol::Http);
 
     auto *urlRequest = server.requestWithLocalhost();
@@ -2088,8 +2088,7 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager run];
 }
 
-// rdar://144626088 ([ macOS ] 3x TestWebKitAPI.WKWebExtensionAPIMenus.* (api-tests) are flaky timeouts (287490))
-TEST(WKWebExtensionAPIMenus, DISABLED_MacAudioContextMenuItems)
+TEST(WKWebExtensionAPIMenus, MacAudioContextMenuItems)
 {
     auto *backgroundScript = Util::constructScript(@[
         @"browser.menus.create({",
@@ -2105,7 +2104,7 @@ static inline void performMenuItemAction(auto *menuItem)
         @"  browser.test.assertEq(info.menuItemId, 'audio-menu-item')",
         @"  browser.test.assertEq(info.parentMenuItemId, undefined)",
         @"  browser.test.assertEq(info.mediaType, 'audio')",
-        @"  browser.test.assertEq(info.srcUrl, 'http://example.com/example.mp3')",
+        @"  browser.test.assertTrue(info.srcUrl.endsWith('/test.m4a'))",
         @"  browser.test.assertEq(typeof info.pageUrl, 'string')",
         @"  browser.test.assertTrue(info.pageUrl.startsWith('http://localhost:'))",
         @"  browser.test.assertEq(info.frameId, 0)",
@@ -2146,7 +2145,8 @@ static inline void performMenuItemAction(auto *menuItem)
     [manager runUntilTestMessage:@"Menus Created"];
 
     TestWebKitAPI::HTTPServer server({
-        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<audio src='http://example.com/example.mp3' style='width: 400px; height: 400px' controls></audio>"_s } },
+        { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, "<audio src='test.m4a' style='width: 400px; height: 400px' controls></audio>"_s } },
+        { "/test.m4a"_s, [NSData dataWithContentsOfURL:[NSBundle.test_resourcesBundle URLForResource:@"silence-long" withExtension:@"m4a"]] },
     }, TestWebKitAPI::HTTPServer::Protocol::Http);
 
     auto *urlRequest = server.requestWithLocalhost();
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm
index 19e9e8d3b5915..a42c2ef166e91 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm
@@ -339,12 +339,7 @@
     TestWebKitAPI::Util::run(&requestComplete);
 }
 
-// rdar://142487203
-#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED > 140000
-TEST(WKWebExtensionAPIPermissions, DISABLED_GrantOnlySomePermissions)
-#else
 TEST(WKWebExtensionAPIPermissions, GrantOnlySomePermissions)
-#endif
 {
     auto *manifest = @{
         @"manifest_version": @3,
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm
index 6506ca48555fb..3fd46e2f650f9 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm
@@ -923,12 +923,7 @@
     [manager run];
 }
 
-// FIXME when rdar://135213974 is resolved.
-#if PLATFORM(IOS)
-TEST(WKWebExtensionAPIRuntime, DISABLED_ConnectFromContentScriptWithImmediateMessage)
-#else
 TEST(WKWebExtensionAPIRuntime, ConnectFromContentScriptWithImmediateMessage)
-#endif
 {
     TestWebKitAPI::HTTPServer server({
         { "/"_s, { { { "Content-Type"_s, "text/html"_s } }, ""_s } },
@@ -940,21 +935,21 @@
         @"  browser.test.assertEq(port.error, null, 'Port error should be null')",
 
         @"  port.postMessage('Hello from Background')",
-        @"})"
+        @"})",
+
+        @"browser.test.sendMessage('Load Tab')"
     ]);
 
     auto *contentScript = Util::constructScript(@[
-        @"setTimeout(() => {",
-        @"  const port = browser.runtime.connect({ name: 'testPort' })",
-        @"  browser.test.assertEq(typeof port, 'object', 'Port should be an object')",
-        @"  browser.test.assertEq(port.name, 'testPort', 'Port name should be testPort')",
+        @"const port = browser.runtime.connect({ name: 'testPort' })",
+        @"browser.test.assertEq(typeof port, 'object', 'Port should be an object')",
+        @"browser.test.assertEq(port.name, 'testPort', 'Port name should be testPort')",
 
-        @"  port.onMessage.addListener((message) => {",
-        @"    browser.test.assertEq(message, 'Hello from Background', 'Should receive the correct message content from the background script')",
+        @"port.onMessage.addListener((message) => {",
+        @"  browser.test.assertEq(message, 'Hello from Background', 'Should receive the correct message content from the background script')",
 
-        @"    browser.test.notifyPass()",
-        @"  })",
-        @"}, 1000)"
+        @"  browser.test.notifyPass()",
+        @"})",
     ]);
 
     auto *resources = @{
@@ -966,6 +961,9 @@
 
     auto *urlRequest = server.requestWithLocalhost();
     [manager.get().context setPermissionStatus:WKWebExtensionContextPermissionStatusGrantedExplicitly forURL:urlRequest.URL];
+
+    [manager runUntilTestMessage:@"Load Tab"];
+
     [manager.get().defaultTab.webView loadRequest:urlRequest];
 
     [manager run];
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionDataRecord.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionDataRecord.mm
index c25955d68feb8..92fa9bda4a697 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionDataRecord.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionDataRecord.mm
@@ -167,6 +167,7 @@
     TestWebKitAPI::Util::run(&fetchComplete);
 }
 
+// FIXME: rdar://125926932 (Enable the WKWebExtensionDataRecord.RemoveDataRecords test (272236))
 TEST(WKWebExtensionDataRecord, DISABLED_RemoveDataRecords)
 {
     auto *backgroundScript = Util::constructScript(@[
@@ -211,6 +212,7 @@
     TestWebKitAPI::Util::run(&removalComplete);
 }
 
+// FIXME: rdar://125926932 (Enable the WKWebExtensionDataRecord.RemoveDataRecords test (272236))
 TEST(WKWebExtensionDataRecord, DISABLED_RemoveDataRecordsForMultipleContexts)
 {
     auto *backgroundScriptOne = Util::constructScript(@[

From bfb10c81a4c29203f7eb9e4d8f40d2aae5e23028 Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Sat, 22 Feb 2025 12:46:57 -0800
Subject: [PATCH 068/174] Migrate more WebContent logging to efficient version
 https://bugs.webkit.org/show_bug.cgi?id=287888 rdar://143154803

Reviewed by Sihui Liu.

To improve performance, migrate more WebContent logging to the efficient version. When the logging daemon is
blocked in the WebContent process sandbox, we need to forward these logs to the UI process and log with the
OS log API there. There are two ways that logs are being forwarded. One way is through a log hook, which is
inefficient, since the logs are precomposed in the WebContent process. The second method is more efficient,
since it avoids precomposing. This patch migrates more WebContent logging to the efficient version.

* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::load):
* Source/WebCore/loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::scheduleResizeEventIfNeeded):
(WebCore::LocalFrameView::paintContents):
(WebCore::LocalFrameView::fireLayoutRelatedMilestonesIfNeeded):
* Source/WebCore/page/PerformanceLogging.cpp:
(WebCore::PerformanceLogging::didReachPointOfInterest):
* Source/WebCore/page/PerformanceMonitor.cpp:
(WebCore::PerformanceMonitor::measurePostLoadCPUUsage):
(WebCore::PerformanceMonitor::measurePostLoadMemoryUsage):
(WebCore::PerformanceMonitor::measurePostBackgroundingMemoryUsage):
(WebCore::PerformanceMonitor::measurePostBackgroundingCPUUsage):
(WebCore::PerformanceMonitor::measureCPUUsageInActivityState):
* Source/WebCore/platform/LogMessages.in:
* Source/WebKit/Platform/LogMessages.in:
* Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
(WebKit::RemoteRenderingBackendProxy::create):
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoad):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::completePageTransitionIfNeeded):
(WebKit::WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadRequest):
(WebKit::WebPage::freezeLayerTree):
(WebKit::WebPage::unfreezeLayerTree):
(WebKit::WebPage::markLayersVolatile):
(WebKit::WebPage::tryMarkLayersVolatileCompletionHandler):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::prepareToSuspend):
(WebKit::WebProcess::markAllLayersVolatile):
(WebKit::WebProcess::freezeAllLayerTrees):
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::destroyRenderingResources):

Canonical link: https://commits.webkit.org/290889@main
---
 Source/WebCore/loader/FrameLoader.cpp         |  4 ++--
 Source/WebCore/loader/PolicyChecker.cpp       |  5 +++--
 Source/WebCore/page/LocalFrameView.cpp        |  8 ++++----
 Source/WebCore/page/PerformanceLogging.cpp    |  4 ++--
 Source/WebCore/page/PerformanceMonitor.cpp    | 12 +++++------
 Source/WebCore/platform/LogMessages.in        | 18 +++++++++++++++++
 Source/WebKit/Platform/LogMessages.in         | 20 +++++++++++++++++++
 .../graphics/RemoteRenderingBackendProxy.cpp  |  2 +-
 .../WebProcess/Network/WebLoaderStrategy.cpp  |  2 +-
 .../WebLocalFrameLoaderClient.cpp             |  9 +++++----
 Source/WebKit/WebProcess/WebPage/WebPage.cpp  | 11 +++++-----
 Source/WebKit/WebProcess/WebProcess.cpp       | 13 +++++++-----
 .../WebProcess/cocoa/WebProcessCocoa.mm       |  3 ++-
 13 files changed, 78 insertions(+), 33 deletions(-)

diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 8778836c6ce43..78a5f1e332111 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -1673,7 +1673,7 @@ SubstituteData FrameLoader::defaultSubstituteDataForURL(const URL& url)
 
 void FrameLoader::load(FrameLoadRequest&& request)
 {
-    FRAMELOADER_RELEASE_LOG(ResourceLoading, "load (FrameLoadRequest): frame load started");
+    FRAMELOADER_RELEASE_LOG_FORWARDABLE(FRAMELOADER_LOAD_FRAMELOADREQUEST);
 
     m_errorOccurredInLoading = false;
 
@@ -1758,7 +1758,7 @@ void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, Navig
 
 void FrameLoader::load(DocumentLoader& newDocumentLoader, const SecurityOrigin* requesterOrigin)
 {
-    FRAMELOADER_RELEASE_LOG(ResourceLoading, "load (DocumentLoader): frame load started");
+    FRAMELOADER_RELEASE_LOG_FORWARDABLE(FRAMELOADER_LOAD_DOCUMENTLOADER);
 
     m_errorOccurredInLoading = false;
 
diff --git a/Source/WebCore/loader/PolicyChecker.cpp b/Source/WebCore/loader/PolicyChecker.cpp
index 8c6e736fe7de9..4375f361a3f3e 100644
--- a/Source/WebCore/loader/PolicyChecker.cpp
+++ b/Source/WebCore/loader/PolicyChecker.cpp
@@ -64,6 +64,7 @@
 #define PAGE_ID (m_frame->pageID() ? m_frame->pageID()->toUInt64() : 0)
 #define FRAME_ID (m_frame->loader().frameID().object().toUInt64())
 #define POLICYCHECKER_RELEASE_LOG(fmt, ...) RELEASE_LOG(Loading, "%p - [pageID=%" PRIu64 ", frameID=%" PRIu64 "] PolicyChecker::" fmt, this, PAGE_ID, FRAME_ID, ##__VA_ARGS__)
+#define POLICYCHECKER_RELEASE_LOG_FORWARDABLE(fmt, ...) RELEASE_LOG_FORWARDABLE(Loading, fmt, PAGE_ID, FRAME_ID, ##__VA_ARGS__)
 
 namespace WebCore {
 
@@ -250,7 +251,7 @@ void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, const Resou
             POLICYCHECKER_RELEASE_LOG("checkNavigationPolicy: ignoring because policyAction from dispatchDecidePolicyForNavigationAction is Ignore");
             return function({ }, nullptr, NavigationPolicyDecision::IgnoreLoad);
         case PolicyAction::LoadWillContinueInAnotherProcess:
-            POLICYCHECKER_RELEASE_LOG("checkNavigationPolicy: stopping because policyAction from dispatchDecidePolicyForNavigationAction is LoadWillContinueInAnotherProcess");
+            POLICYCHECKER_RELEASE_LOG_FORWARDABLE(POLICYCHECKIER_CHECKNAVIGATIONPOLICY_CONTINUE_LOAD_IN_ANOTHER_PROCESS);
             function({ }, nullptr, NavigationPolicyDecision::LoadWillContinueInAnotherProcess);
             return;
         case PolicyAction::Use:
@@ -260,7 +261,7 @@ void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, const Resou
                 return function({ }, { }, NavigationPolicyDecision::IgnoreLoad);
             }
             if (isInitialEmptyDocumentLoad)
-                POLICYCHECKER_RELEASE_LOG("checkNavigationPolicy: continuing because this is an initial empty document");
+                POLICYCHECKER_RELEASE_LOG_FORWARDABLE(POLICYCHECKIER_CHECKNAVIGATIONPOLICY_CONTINUE_INITIAL_EMPTY_DOCUMENT);
             else
                 POLICYCHECKER_RELEASE_LOG("checkNavigationPolicy: continuing because this policyAction from dispatchDecidePolicyForNavigationAction is Use");
             return function(WTFMove(request), formState, NavigationPolicyDecision::ContinueLoad);
diff --git a/Source/WebCore/page/LocalFrameView.cpp b/Source/WebCore/page/LocalFrameView.cpp
index e4438c49e827a..98f346b7d3bd8 100644
--- a/Source/WebCore/page/LocalFrameView.cpp
+++ b/Source/WebCore/page/LocalFrameView.cpp
@@ -146,7 +146,7 @@
 
 #define PAGE_ID (m_frame->pageID() ? m_frame->pageID()->toUInt64() : 0)
 #define FRAME_ID m_frame->frameID().object().toUInt64()
-#define FRAMEVIEW_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] LocalFrameView::" fmt, this, PAGE_ID, FRAME_ID, m_frame->isMainFrame(), ##__VA_ARGS__)
+#define FRAMEVIEW_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG_FORWARDABLE(channel, fmt, PAGE_ID, FRAME_ID, m_frame->isMainFrame(), ##__VA_ARGS__)
 
 namespace WebCore {
 
@@ -3914,7 +3914,7 @@ void LocalFrameView::scheduleResizeEventIfNeeded()
     RefPtr document = m_frame->document();
     if (document->quirks().shouldSilenceWindowResizeEventsDuringApplicationSnapshotting()) {
         document->addConsoleMessage(MessageSource::Other, MessageLevel::Info, "Window resize events silenced due to: http://webkit.org/b/258597"_s);
-        FRAMEVIEW_RELEASE_LOG(Events, "scheduleResizeEventIfNeeded: Not firing resize events because they are temporarily disabled for this page");
+        FRAMEVIEW_RELEASE_LOG(Events, LOCALFRAMEVIEW_FIRING_RESIZE_EVENTS_DISABLED_FOR_PAGE);
         return;
     }
 
@@ -4792,7 +4792,7 @@ void LocalFrameView::paintContents(GraphicsContext& context, const IntRect& dirt
 
     ASSERT(!needsLayout());
     if (needsLayout()) {
-        FRAMEVIEW_RELEASE_LOG(Layout, "paintContents: Not painting because render tree needs layout");
+        FRAMEVIEW_RELEASE_LOG(Layout, LOCALFRAMEVIEW_NOT_PAINTING_LAYOUT_NEEDED);
         return;
     }
 
@@ -5713,7 +5713,7 @@ void LocalFrameView::fireLayoutRelatedMilestonesIfNeeded()
 
     if (milestonesAchieved && m_frame->isMainFrame()) {
         if (milestonesAchieved.contains(LayoutMilestone::DidFirstVisuallyNonEmptyLayout))
-            FRAMEVIEW_RELEASE_LOG(Layout, "fireLayoutRelatedMilestonesIfNeeded: Firing first visually non-empty layout milestone on the main frame");
+            FRAMEVIEW_RELEASE_LOG(Layout, LOCALFRAMEVIEW_FIRING_FIRST_VISUALLY_NON_EMPTY_LAYOUT_MILESTONE);
         m_frame->loader().didReachLayoutMilestone(milestonesAchieved);
     }
 }
diff --git a/Source/WebCore/page/PerformanceLogging.cpp b/Source/WebCore/page/PerformanceLogging.cpp
index 81ab136003bec..560ea749c8639 100644
--- a/Source/WebCore/page/PerformanceLogging.cpp
+++ b/Source/WebCore/page/PerformanceLogging.cpp
@@ -103,9 +103,9 @@ void PerformanceLogging::didReachPointOfInterest(PointOfInterest poi)
             return;
     }
 
-    RELEASE_LOG(PerformanceLogging, "Memory usage info dump at %s:", toString(poi).characters());
+    RELEASE_LOG_FORWARDABLE(PerformanceLogging, PERFORMANCELOGGING_MEMORY_USAGE_INFO, toString(poi).characters());
     for (auto& [key, value] : memoryUsageStatistics(ShouldIncludeExpensiveComputations::No))
-        RELEASE_LOG(PerformanceLogging, "  %s: %zu", key.characters(), value);
+        RELEASE_LOG_FORWARDABLE(PerformanceLogging, PERFORMANCELOGGING_MEMORY_USAGE_FOR_KEY, key.characters(), value);
 #endif
 }
 
diff --git a/Source/WebCore/page/PerformanceMonitor.cpp b/Source/WebCore/page/PerformanceMonitor.cpp
index 02d59c87f3160..d31246e92b5f5 100644
--- a/Source/WebCore/page/PerformanceMonitor.cpp
+++ b/Source/WebCore/page/PerformanceMonitor.cpp
@@ -42,7 +42,7 @@ namespace WebCore {
 
 WTF_MAKE_TZONE_ALLOCATED_IMPL(PerformanceMonitor);
 
-#define PERFMONITOR_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - PerformanceMonitor::" fmt, this, ##__VA_ARGS__)
+#define PERFMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG_FORWARDABLE(PerformanceLogging, fmt, ##__VA_ARGS__)
 
 static constexpr const Seconds cpuUsageMeasurementDelay { 5_s };
 static constexpr const Seconds postLoadCPUUsageMeasurementDuration { 10_s };
@@ -189,7 +189,7 @@ void PerformanceMonitor::measurePostLoadCPUUsage()
         return;
 
     double cpuUsage = cpuTime.value().percentageCPUUsageSince(*m_postLoadCPUTime);
-    PERFMONITOR_RELEASE_LOG(PerformanceLogging, "measurePostLoadCPUUsage: Process was using %.1f%% CPU after the page load.", cpuUsage);
+    PERFMONITOR_RELEASE_LOG(PERFORMANCEMONITOR_MEASURE_POSTLOAD_CPUUSAGE, cpuUsage);
     page->diagnosticLoggingClient().logDiagnosticMessage(DiagnosticLoggingKeys::postPageLoadCPUUsageKey(), DiagnosticLoggingKeys::foregroundCPUUsageToDiagnosticLoggingKey(cpuUsage), ShouldSample::No);
 
     if (cpuUsage > postPageLoadCPUUsageDomainReportingThreshold)
@@ -206,7 +206,7 @@ void PerformanceMonitor::measurePostLoadMemoryUsage()
     if (!memoryUsage)
         return;
 
-    PERFMONITOR_RELEASE_LOG(PerformanceLogging, "measurePostLoadMemoryUsage: Process was using %" PRIu64 " bytes of memory after the page load.", memoryUsage.value());
+    PERFMONITOR_RELEASE_LOG(PERFORMANCEMONITOR_MEASURE_POSTLOAD_MEMORYUSAGE, memoryUsage.value());
     page->diagnosticLoggingClient().logDiagnosticMessage(DiagnosticLoggingKeys::postPageLoadMemoryUsageKey(), DiagnosticLoggingKeys::memoryUsageToDiagnosticLoggingKey(memoryUsage.value()), ShouldSample::No);
 
     // On iOS, we report actual Jetsams instead.
@@ -226,7 +226,7 @@ void PerformanceMonitor::measurePostBackgroundingMemoryUsage()
     if (!memoryUsage)
         return;
 
-    PERFMONITOR_RELEASE_LOG(PerformanceLogging, "measurePostBackgroundingMemoryUsage: Process was using %" PRIu64 " bytes of memory after becoming non visible.", memoryUsage.value());
+    PERFMONITOR_RELEASE_LOG(PERFORMANCEMONITOR_MEASURE_POSTBACKGROUND_MEMORYUSAGE, memoryUsage.value());
     page->diagnosticLoggingClient().logDiagnosticMessage(DiagnosticLoggingKeys::postPageBackgroundingMemoryUsageKey(), DiagnosticLoggingKeys::memoryUsageToDiagnosticLoggingKey(memoryUsage.value()), ShouldSample::No);
 }
 
@@ -249,7 +249,7 @@ void PerformanceMonitor::measurePostBackgroundingCPUUsage()
         return;
 
     double cpuUsage = cpuTime.value().percentageCPUUsageSince(*m_postBackgroundingCPUTime);
-    PERFMONITOR_RELEASE_LOG(PerformanceLogging, "measurePostBackgroundingCPUUsage: Process was using %.1f%% CPU after becoming non visible.", cpuUsage);
+    PERFMONITOR_RELEASE_LOG(PERFORMANCEMONITOR_MEASURE_POSTBACKGROUND_CPUUSAGE, cpuUsage);
     page->diagnosticLoggingClient().logDiagnosticMessage(DiagnosticLoggingKeys::postPageBackgroundingCPUUsageKey(), DiagnosticLoggingKeys::backgroundCPUUsageToDiagnosticLoggingKey(cpuUsage), ShouldSample::No);
 }
 
@@ -297,7 +297,7 @@ void PerformanceMonitor::measureCPUUsageInActivityState(ActivityStateForCPUSampl
 
 #if !RELEASE_LOG_DISABLED
     double cpuUsage = cpuTime.value().percentageCPUUsageSince(*m_perActivityStateCPUTime);
-    PERFMONITOR_RELEASE_LOG(PerformanceLogging, "measureCPUUsageInActivityState: Process is using %.1f%% CPU in state: %s", cpuUsage, stringForCPUSamplingActivityState(activityState).characters());
+    PERFMONITOR_RELEASE_LOG(PERFORMANCEMONITOR_MEASURE_CPUUSAGE_IN_ACTIVITYSTATE, cpuUsage, stringForCPUSamplingActivityState(activityState).characters());
 #endif
     page->chrome().client().reportProcessCPUTime((cpuTime.value().systemTime + cpuTime.value().userTime) - (m_perActivityStateCPUTime.value().systemTime + m_perActivityStateCPUTime.value().userTime), activityState);
 
diff --git a/Source/WebCore/platform/LogMessages.in b/Source/WebCore/platform/LogMessages.in
index 7218a6ebb01a8..7027f8ad8021a 100644
--- a/Source/WebCore/platform/LogMessages.in
+++ b/Source/WebCore/platform/LogMessages.in
@@ -72,6 +72,8 @@ FRAMELOADER_LOAD_URL, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] F
 FRAMELOADER_LOADWITHNAVIGATIONACTION, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] FrameLoader::loadWithNavigationAction: frame load started", (uint64_t, uint64_t, int), DEFAULT, ResourceLoading
 FRAMELOADER_LOADURLINTOCHILDFRAME, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] FrameLoader::loadURLIntoChildFrame: frame load started", (uint64_t, uint64_t, int), DEFAULT, ResourceLoading
 FRAMELOADER_CONTINUELOADAFTERNAVIGATIONPOLICY_CANNOT_CONTINUE, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] FrameLoader::continueLoadAfterNavigationPolicy: can't continue loading frame due to the following reasons (allowNavigationToInvalidURL = %d, requestURLIsValid = %d, navigationPolicyDecision = %d)", (uint64_t, uint64_t, int, int, int, int), DEFAULT, ResourceLoading
+FRAMELOADER_LOAD_FRAMELOADREQUEST, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] FrameLoader::load (FrameLoadRequest): frame load started", (uint64_t, uint64_t, int), DEFAULT, ResourceLoading
+FRAMELOADER_LOAD_DOCUMENTLOADER, "[pageID=%" PRIu64 " frameID=%" PRIu64 " isMainFrame=%d] FrameLoader::load (DocumentLoader): frame load started", (uint64_t, uint64_t, int), DEFAULT, ResourceLoading
 
 RESOURCELOADER_WILLSENDREQUESTINTERNAL, "[pageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 "] ResourceLoader::willSendRequestInternal: calling completion handler", (uint64_t, uint64_t, uint64_t), DEFAULT, Network
 
@@ -107,3 +109,19 @@ HTMLMEDIAELEMENT_VISIBILITYSTATECHANGED, "HTMLMediaElement::visibilityStateChang
 HTMLMEDIAELEMENT_CREATEMEDIAPLAYER, "HTMLMediaElement::createMediaPlayer(%" PRIu64 ")", (uint64_t), DEFAULT, Media
 
 HTMLVIDEOELEMENT_MEDIAPLAYERRENDERINGMODECHANGED, "HTMLVideoElement::mediaPlayerRenderingModeChanged(%" PRIu64 ")", (uint64_t), DEFAULT, Media
+
+PERFORMANCELOGGING_MEMORY_USAGE_INFO, "Memory usage info dump at %s:", (CString), DEFAULT, PerformanceLogging
+PERFORMANCELOGGING_MEMORY_USAGE_FOR_KEY, "  %s: %zu", (CString, size_t), DEFAULT, PerformanceLogging
+
+PERFORMANCEMONITOR_MEASURE_POSTLOAD_CPUUSAGE, "PerformanceMonitor::measurePostLoadCPUUsage: Process was using %.1f%% CPU after the page load.", (double), DEFAULT, PerformanceLogging
+PERFORMANCEMONITOR_MEASURE_POSTLOAD_MEMORYUSAGE, "PerformanceMonitor::measurePostLoadMemoryUsage: Process was using %" PRIu64 " bytes of memory after the page load.", (uint64_t), DEFAULT, PerformanceLogging
+PERFORMANCEMONITOR_MEASURE_POSTBACKGROUND_MEMORYUSAGE, "PerformanceMonitor:measurePostBackgroundingMemoryUsage: Process was using %" PRIu64 " bytes of memory after becoming non visible.", (uint64_t), DEFAULT, PerformanceLogging
+PERFORMANCEMONITOR_MEASURE_POSTBACKGROUND_CPUUSAGE, "PerformanceMonitor::measurePostBackgroundingCPUUsage: Process was using %.1f%% CPU after becoming non visible.", (double), DEFAULT, PerformanceLogging
+PERFORMANCEMONITOR_MEASURE_CPUUSAGE_IN_ACTIVITYSTATE, "PerformanceMonitor::measureCPUUsageInActivityState: Process is using %.1f%% CPU in state: %s", (double, CString), DEFAULT, PerformanceLogging
+
+POLICYCHECKIER_CHECKNAVIGATIONPOLICY_CONTINUE_LOAD_IN_ANOTHER_PROCESS, "[pageID=%" PRIu64 ", frameID=%" PRIu64 "] PolicyChecker::checkNavigationPolicy: stopping because policyAction from dispatchDecidePolicyForNavigationAction is LoadWillContinueInAnotherProcess", (uint64_t, uint64_t), DEFAULT, Loading
+POLICYCHECKIER_CHECKNAVIGATIONPOLICY_CONTINUE_INITIAL_EMPTY_DOCUMENT, "[pageID=%" PRIu64 ", frameID=%" PRIu64 "] PolicyChecker::checkNavigationPolicy: continuing because this is an initial empty document", (uint64_t, uint64_t), DEFAULT, Loading
+
+LOCALFRAMEVIEW_FIRING_FIRST_VISUALLY_NON_EMPTY_LAYOUT_MILESTONE, "[pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] LocalFrameView::fireLayoutRelatedMilestonesIfNeeded: Firing first visually non-empty layout milestone on the main frame", (uint64_t, uint64_t, int), DEFAULT, Layout
+LOCALFRAMEVIEW_FIRING_RESIZE_EVENTS_DISABLED_FOR_PAGE, "[pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] LocalFrameView::scheduleResizeEventIfNeeded: Not firing resize events because they are temporarily disabled for this page", (uint64_t, uint64_t, int), DEFAULT, Events
+LOCALFRAMEVIEW_NOT_PAINTING_LAYOUT_NEEDED, "    [pageID=%" PRIu64 ", frameID=%" PRIu64 ", isMainFrame=%d] LocalFrameView::paintContents: Not painting because render tree needs layout", (uint64_t, uint64_t, int), DEFAULT, Layout
diff --git a/Source/WebKit/Platform/LogMessages.in b/Source/WebKit/Platform/LogMessages.in
index 65faad63f9963..8ac408d73976f 100644
--- a/Source/WebKit/Platform/LogMessages.in
+++ b/Source/WebKit/Platform/LogMessages.in
@@ -47,6 +47,7 @@ WEBRESOURCELOADER_DIDRECEIVERESOURCE, "[webPageID=%" PRIu64 ", frameID=%" PRIu64
 WEBRESOURCELOADER_DIDRECEIVERESOURCE_UNABLE_TO_CREATE_FRAGMENTEDSHAREDBUFFER, "[webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 "] WebResourceLoader::didReceiveResource: Unable to create FragmentedSharedBuffer", (uint64_t, uint64_t, uint64_t), DEFAULT, Network
 
 WEBLOADERSTRATEGY_SCHEDULELOAD, "[webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 "] WebLoaderStrategy::scheduleLoad: URL will be scheduled with the NetworkProcess", (uint64_t, uint64_t, uint64_t), DEFAULT, Network
+WEBLOADERSTRATEGY_SCHEDULELOAD_URL_LOADED_AS_DATA, "[webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 "] WebLoaderStrategy::scheduleLoad: URL will be loaded as data", (uint64_t, uint64_t, uint64_t), DEFAULT, Network
 WEBLOADERSTRATEGY_SCHEDULELOAD_RESOURCE_SCHEDULED_WITH_NETWORKPROCESS, "[webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 "] WebLoaderStrategy::scheduleLoad: Resource is being scheduled with the NetworkProcess (priority=%d, existingNetworkResourceLoadIdentifierToResume=%" PRIu64 ")", (uint64_t, uint64_t, uint64_t, int, uint64_t), DEFAULT, Network
 
 WEBFRAMELOADERCLIENT_NAVIGATIONACTIONDATA_NO_WEBPAGE, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebFrameLoaderClient::navigationActionData: returning std::nullopt because there's no web page", (uint64_t, uint64_t), DEFAULT, Network
@@ -55,3 +56,22 @@ WEBFRAMELOADERCLIENT_NAVIGATIONACTIONDATA_NO_FRAME, "[webFrameID=%" PRIu64 ", we
 WEBFRAMELOADERCLIENT_DISPATCHDECIDEPOLICYFORNAVIGATIONACTION_SYNC_IPC_FAILED, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction: ignoring because of failing to send sync IPC, error = %hhu", (uint64_t, uint64_t, uint8_t), DEFAULT, Network
 WEBFRAMELOADERCLIENT_DISPATCHDECIDEPOLICYFORNAVIGATIONACTION_GOT_POLICYACTION_FROM_SYNC_IPC, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction: Got policyAction %u from sync IPC", (uint64_t, uint64_t, unsigned), DEFAULT, Network
 WEBFRAMELOADERCLIENT_DISPATCHDECIDEPOLICYFORNAVIGATIONACTION_GOT_POLICYACTION_FROM_ASYNC_IPC, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction: Got policyAction %u from async IPC", (uint64_t, uint64_t, unsigned), DEFAULT, Network
+
+WEBPAGE_MARK_LAYERS_VOLATILE, "[webPageID=%" PRIu64 "] WebPage::markLayersVolatile", (uint64_t), DEFAULT, Layers
+WEBPAGE_FREEZE_LAYER_TREE, "[webPageID=%" PRIu64 "] WebPage::freezeLayerTree: Adding a reason to freeze layer tree (reason=%d, new=%d, old=%d)", (uint64_t, int, int, int), DEFAULT, ProcessSuspension
+WEBPAGE_UNFREEZE_LAYER_TREE, "[webPageID=%" PRIu64 "] WebPage::unfreezeLayerTree: Removing a reason to freeze layer tree (reason=%d, new=%d, old=%d)", (uint64_t, int, int, int), DEFAULT, ProcessSuspension
+WEBPAGE_FAILED_TO_MARK_ALL_LAYERS_VOLATILE, "[webPageID=%" PRIu64 "] WebPage::markLayersVolatile: Failed to mark all layers as volatile, will retry in %g ms", (uint64_t, double), DEFAULT, ProcessSuspension
+WEBPAGE_LOADREQUEST, "[webPageID=%" PRIu64 "] WebPage::loadRequest: navigationID=%" PRIu64 ", shouldTreatAsContinuingLoad=%u, lastNavigationWasAppInitiated=%d, existingNetworkResourceLoadIdentifierToResume=%" PRIu64, (uint64_t, uint64_t, unsigned, int, uint64_t), DEFAULT, Loading
+
+WEBPROCESS_PREPARE_TO_SUSPEND, "[sessionID=%" PRIu64 "] WebProcess::prepareToSuspend: isSuspensionImminent=%d, remainingRunTime=%fs", (uint64_t, int, double), DEFAULT, ProcessSuspension
+WEBPROCESS_FREEZE_ALL_LAYER_TREES, "[sessionID=%" PRIu64 "] WebProcess::freezeAllLayerTrees: WebProcess is freezing all layer trees", (uint64_t), DEFAULT, ProcessSuspension
+WEBPROCESS_DESTROY_RENDERING_RESOURCES, "[sessionID=%" PRIu64 "] WebProcess::destroyRenderingResources: took %.2fms", (uint64_t, double), DEFAULT, ProcessSuspension
+WEBPROCESS_MARK_ALL_LAYERS_VOLATILE, "[sessionID=%" PRIu64 "] WebProcess::markAllLayersVolatile:", (uint64_t), DEFAULT, ProcessSuspension
+WEBPROCESS_READY_TO_SUSPEND, "[sessionID=%" PRIu64 "] WebProcess::prepareToSuspend: Process is ready to suspend", (uint64_t), DEFAULT, ProcessSuspension
+
+WEBLOCALFRAMELOADERCLIENT_COMPLETE_PAGE_TRANSITION_IF_NEEDED, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebLocalFrameLoaderClient::completePageTransitionIfNeeded: dispatching didCompletePageTransition", (uint64_t, uint64_t), DEFAULT, Layout
+WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_FIRST_LAYOUT_FOR_FRAME, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone: dispatching DidFirstLayoutForFrame", (uint64_t, uint64_t), DEFAULT, Layout
+WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_REACH_LAYOUT_MILESTONE, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone: dispatching DidReachLayoutMilestone (milestones=%{public}s)", (uint64_t, uint64_t, CString), DEFAULT, Layout
+WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_FIRST_VISUALLY_NONEMPTY_LAYOUT, "[webFrameID=%" PRIu64 ", webPageID=%" PRIu64 "] WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone: dispatching DidFirstVisuallyNonEmptyLayoutForFrame", (uint64_t, uint64_t), DEFAULT, Layout
+
+REMOTE_RENDERING_BACKEND_PROXY_CREATED_RENDERING_BACKEND, "[renderingBackend=%" PRIu64 "] Created rendering backend for pageProxyID=%" PRIu64 ", webPageID=%" PRIu64, (uint64_t, uint64_t, uint64_t), DEFAULT, RemoteLayerBuffers
diff --git a/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp b/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp
index 296cd5ee766aa..e86a0acc93b4d 100644
--- a/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp
+++ b/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp
@@ -64,7 +64,7 @@ using namespace WebCore;
 Ref<RemoteRenderingBackendProxy> RemoteRenderingBackendProxy::create(WebPage& webPage)
 {
     Ref instance = adoptRef(*new RemoteRenderingBackendProxy(RunLoop::main()));
-    RELEASE_LOG(RemoteLayerBuffers, "[renderingBackend=%" PRIu64 "] Created rendering backend for pageProxyID=%" PRIu64 ", webPageID=%" PRIu64, instance->renderingBackendIdentifier().toUInt64(),  webPage.webPageProxyIdentifier().toUInt64(), webPage.identifier().toUInt64());
+    RELEASE_LOG_FORWARDABLE(RemoteLayerBuffers, REMOTE_RENDERING_BACKEND_PROXY_CREATED_RENDERING_BACKEND, instance->renderingBackendIdentifier().toUInt64(),  webPage.webPageProxyIdentifier().toUInt64(), webPage.identifier().toUInt64());
     return instance;
 }
 
diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
index a57e6c1402c23..ac0032c3bf918 100644
--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
@@ -222,7 +222,7 @@ void WebLoaderStrategy::scheduleLoad(ResourceLoader& resourceLoader, CachedResou
 
     if (resourceLoader.request().url().protocolIsData()) {
         LOG(NetworkScheduling, "(WebProcess) WebLoaderStrategy::scheduleLoad, url '%s' will be loaded as data.", resourceLoader.url().string().utf8().data());
-        WEBLOADERSTRATEGY_RELEASE_LOG("scheduleLoad: URL will be loaded as data");
+        WEBLOADERSTRATEGY_RELEASE_LOG_FORWARDABLE(WEBLOADERSTRATEGY_SCHEDULELOAD_URL_LOADED_AS_DATA);
         startLocalLoad(resourceLoader);
         return;
     }
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
index 39d88ce2c7ba1..ea76f07e27fbc 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
@@ -118,6 +118,7 @@
 #define WEBPAGEID (WEBPAGE ? WEBPAGE->identifier().toUInt64() : 0)
 
 #define WebLocalFrameLoaderClient_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, PREFIX_PARAMETERS fmt, this, WEBFRAME, WEBFRAMEID, WEBPAGE, WEBPAGEID, ##__VA_ARGS__)
+#define WebLocalFrameLoaderClient_RELEASE_LOG_FORWARDABLE(channel, fmt, ...) RELEASE_LOG_FORWARDABLE(channel, fmt, WEBFRAMEID, WEBPAGEID, ##__VA_ARGS__)
 #define WebLocalFrameLoaderClient_RELEASE_LOG_FAULT(channel, fmt, ...) RELEASE_LOG_FAULT(channel, PREFIX_PARAMETERS fmt, this, WEBFRAME, WEBFRAMEID, WEBPAGE, WEBPAGEID, ##__VA_ARGS__)
 
 namespace WebKit {
@@ -791,7 +792,7 @@ void WebLocalFrameLoaderClient::completePageTransitionIfNeeded()
 
     webPage->didCompletePageTransition();
     m_didCompletePageTransition = true;
-    WebLocalFrameLoaderClient_RELEASE_LOG(Layout, "completePageTransitionIfNeeded: dispatching didCompletePageTransition");
+    WebLocalFrameLoaderClient_RELEASE_LOG_FORWARDABLE(Layout, WEBLOCALFRAMELOADERCLIENT_COMPLETE_PAGE_TRANSITION_IF_NEEDED);
 }
 
 void WebLocalFrameLoaderClient::setDocumentVisualUpdatesAllowed(bool allowed)
@@ -815,7 +816,7 @@ void WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone(OptionSet<WebCor
     RefPtr<API::Object> userData;
 
     if (milestones & WebCore::LayoutMilestone::DidFirstLayout) {
-        WebLocalFrameLoaderClient_RELEASE_LOG(Layout, "dispatchDidReachLayoutMilestone: dispatching DidFirstLayoutForFrame");
+        WebLocalFrameLoaderClient_RELEASE_LOG_FORWARDABLE(Layout, WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_FIRST_LAYOUT_FOR_FRAME);
 
         // FIXME: We should consider removing the old didFirstLayout API since this is doing double duty with the
         // new didLayout API.
@@ -842,7 +843,7 @@ void WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone(OptionSet<WebCor
     addIfSet(WebCore::LayoutMilestone::DidRenderSignificantAmountOfText, "DidRenderSignificantAmountOfText"_s);
     addIfSet(WebCore::LayoutMilestone::DidFirstMeaningfulPaint, "DidFirstMeaningfulPaint"_s);
 
-    WebLocalFrameLoaderClient_RELEASE_LOG(Layout, "dispatchDidReachLayoutMilestone: dispatching DidReachLayoutMilestone (milestones=%" PUBLIC_LOG_STRING ")", builder.toString().utf8().data());
+    WebLocalFrameLoaderClient_RELEASE_LOG_FORWARDABLE(Layout, WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_REACH_LAYOUT_MILESTONE, builder.toString().utf8().data());
 #endif
 
     // Send this after DidFirstLayout-specific calls since some clients expect to get those messages first.
@@ -851,7 +852,7 @@ void WebLocalFrameLoaderClient::dispatchDidReachLayoutMilestone(OptionSet<WebCor
     if (milestones & WebCore::LayoutMilestone::DidFirstVisuallyNonEmptyLayout) {
         ASSERT(!m_frame->isMainFrame() || webPage->corePage()->settings().suppressesIncrementalRendering() || m_didCompletePageTransition);
         // FIXME: We should consider removing the old didFirstVisuallyNonEmptyLayoutForFrame API since this is doing double duty with the new didLayout API.
-        WebLocalFrameLoaderClient_RELEASE_LOG(Layout, "dispatchDidReachLayoutMilestone: dispatching DidFirstVisuallyNonEmptyLayoutForFrame");
+        WebLocalFrameLoaderClient_RELEASE_LOG_FORWARDABLE(Layout, WEBLOCALFRAMELOADERCLIENT_DISPATCH_DID_FIRST_VISUALLY_NONEMPTY_LAYOUT);
         webPage->injectedBundleLoaderClient().didFirstVisuallyNonEmptyLayoutForFrame(*webPage, m_frame, userData);
         webPage->send(Messages::WebPageProxy::DidFirstVisuallyNonEmptyLayoutForFrame(m_frame->frameID(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()), WallTime::now()));
     }
diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
index 196665502c834..e895b8500cff3 100644
--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
@@ -500,6 +500,7 @@ static constexpr Seconds updateLayoutViewportHeightExpansionTimerInterval { 200_
 #endif
 
 #define WEBPAGE_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [webPageID=%" PRIu64 "] WebPage::" fmt, this, m_identifier.toUInt64(), ##__VA_ARGS__)
+#define WEBPAGE_RELEASE_LOG_FORWARDABLE(channel, fmt, ...) RELEASE_LOG_FORWARDABLE(channel, fmt, m_identifier.toUInt64(), ##__VA_ARGS__)
 #define WEBPAGE_RELEASE_LOG_ERROR(channel, fmt, ...) RELEASE_LOG_ERROR(channel, "%p - [webPageID=%" PRIu64 "] WebPage::" fmt, this, m_identifier.toUInt64(), ##__VA_ARGS__)
 
 class SendStopResponsivenessTimer {
@@ -2095,7 +2096,7 @@ void WebPage::loadDidCommitInAnotherProcess(WebCore::FrameIdentifier frameID, st
 
 void WebPage::loadRequest(LoadParameters&& loadParameters)
 {
-    WEBPAGE_RELEASE_LOG(Loading, "loadRequest: navigationID=%" PRIu64 ", shouldTreatAsContinuingLoad=%u, lastNavigationWasAppInitiated=%d, existingNetworkResourceLoadIdentifierToResume=%" PRIu64, loadParameters.navigationID ? loadParameters.navigationID->toUInt64() : 0, static_cast<unsigned>(loadParameters.shouldTreatAsContinuingLoad), loadParameters.request.isAppInitiated(), loadParameters.existingNetworkResourceLoadIdentifierToResume ? loadParameters.existingNetworkResourceLoadIdentifierToResume->toUInt64() : 0);
+    WEBPAGE_RELEASE_LOG_FORWARDABLE(Loading, WEBPAGE_LOADREQUEST, loadParameters.navigationID ? loadParameters.navigationID->toUInt64() : 0, static_cast<unsigned>(loadParameters.shouldTreatAsContinuingLoad), loadParameters.request.isAppInitiated(), loadParameters.existingNetworkResourceLoadIdentifierToResume ? loadParameters.existingNetworkResourceLoadIdentifierToResume->toUInt64() : 0);
 
     RefPtr frame = loadParameters.frameIdentifier ? WebProcess::singleton().webFrame(*loadParameters.frameIdentifier) : m_mainFrame.ptr();
     if (!frame) {
@@ -3316,7 +3317,7 @@ void WebPage::freezeLayerTree(LayerTreeFreezeReason reason)
     auto oldReasons = m_layerTreeFreezeReasons.toRaw();
     UNUSED_PARAM(oldReasons);
     m_layerTreeFreezeReasons.add(reason);
-    WEBPAGE_RELEASE_LOG(ProcessSuspension, "freezeLayerTree: Adding a reason to freeze layer tree (reason=%d, new=%d, old=%d)", static_cast<unsigned>(reason), m_layerTreeFreezeReasons.toRaw(), oldReasons);
+    WEBPAGE_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPAGE_FREEZE_LAYER_TREE, static_cast<unsigned>(reason), m_layerTreeFreezeReasons.toRaw(), oldReasons);
     updateDrawingAreaLayerTreeFreezeState();
 }
 
@@ -3325,7 +3326,7 @@ void WebPage::unfreezeLayerTree(LayerTreeFreezeReason reason)
     auto oldReasons = m_layerTreeFreezeReasons.toRaw();
     UNUSED_PARAM(oldReasons);
     m_layerTreeFreezeReasons.remove(reason);
-    WEBPAGE_RELEASE_LOG(ProcessSuspension, "unfreezeLayerTree: Removing a reason to freeze layer tree (reason=%d, new=%d, old=%d)", static_cast<unsigned>(reason), m_layerTreeFreezeReasons.toRaw(), oldReasons);
+    WEBPAGE_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPAGE_UNFREEZE_LAYER_TREE, static_cast<unsigned>(reason), m_layerTreeFreezeReasons.toRaw(), oldReasons);
     updateDrawingAreaLayerTreeFreezeState();
 }
 
@@ -3426,7 +3427,7 @@ void WebPage::layerVolatilityTimerFired()
 
 void WebPage::markLayersVolatile(CompletionHandler<void(bool)>&& completionHandler)
 {
-    WEBPAGE_RELEASE_LOG(Layers, "markLayersVolatile:");
+    WEBPAGE_RELEASE_LOG_FORWARDABLE(Layers, WEBPAGE_MARK_LAYERS_VOLATILE);
 
     if (m_layerVolatilityTimer.isActive())
         m_layerVolatilityTimer.stop();
@@ -3475,7 +3476,7 @@ void WebPage::tryMarkLayersVolatileCompletionHandler(MarkLayersVolatileDontRetry
         return;
     }
 
-    WEBPAGE_RELEASE_LOG(Layers, "markLayersVolatile: Failed to mark all layers as volatile, will retry in %g ms", m_layerVolatilityTimerInterval.milliseconds());
+    WEBPAGE_RELEASE_LOG_FORWARDABLE(Layers, WEBPAGE_FAILED_TO_MARK_ALL_LAYERS_VOLATILE, m_layerVolatilityTimerInterval.milliseconds());
     m_layerVolatilityTimer.startOneShot(m_layerVolatilityTimerInterval);
 }
 
diff --git a/Source/WebKit/WebProcess/WebProcess.cpp b/Source/WebKit/WebProcess/WebProcess.cpp
index e9d3d1f183751..162fc63b3b73a 100644
--- a/Source/WebKit/WebProcess/WebProcess.cpp
+++ b/Source/WebKit/WebProcess/WebProcess.cpp
@@ -246,9 +246,11 @@
 #define RELEASE_LOG_SESSION_ID (m_sessionID ? m_sessionID->toUInt64() : 0)
 #if RELEASE_LOG_DISABLED
 #define WEBPROCESS_RELEASE_LOG(channel, fmt, ...) UNUSED_VARIABLE(this)
+#define WEBPROCESS_RELEASE_LOG_FORWARDABLE(channel, fmt, ...) UNUSED_VARIABLE(this)
 #define WEBPROCESS_RELEASE_LOG_ERROR(channel, fmt, ...) UNUSED_VARIABLE(this)
 #else
 #define WEBPROCESS_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
+#define WEBPROCESS_RELEASE_LOG_FORWARDABLE(channel, fmt, ...) RELEASE_LOG_FORWARDABLE(channel, fmt, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
 #define WEBPROCESS_RELEASE_LOG_ERROR(channel, fmt, ...) RELEASE_LOG_ERROR(channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
 #endif
 
@@ -1674,7 +1676,8 @@ void WebProcess::prepareToSuspend(bool isSuspensionImminent, MonotonicTime estim
     auto nowTime = MonotonicTime::now();
     double remainingRunTime = nowTime > estimatedSuspendTime ? (nowTime - estimatedSuspendTime).value() : 0.0;
 #endif
-    WEBPROCESS_RELEASE_LOG(ProcessSuspension, "prepareToSuspend: isSuspensionImminent=%d, remainingRunTime=%fs", isSuspensionImminent, remainingRunTime);
+
+    WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_PREPARE_TO_SUSPEND, isSuspensionImminent, remainingRunTime);
     SetForScope allowExitScope(m_allowExitOnMemoryPressure, false);
     m_processIsSuspended = true;
 
@@ -1682,7 +1685,7 @@ void WebProcess::prepareToSuspend(bool isSuspensionImminent, MonotonicTime estim
 
 #if PLATFORM(COCOA)
     if (m_processType == ProcessType::PrewarmedWebContent) {
-        WEBPROCESS_RELEASE_LOG(ProcessSuspension, "prepareToSuspend: Process is ready to suspend");
+        WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_READY_TO_SUSPEND);
         return completionHandler();
     }
 #endif
@@ -1714,7 +1717,7 @@ void WebProcess::prepareToSuspend(bool isSuspensionImminent, MonotonicTime estim
 #endif
 
     markAllLayersVolatile([this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)]() mutable {
-        WEBPROCESS_RELEASE_LOG(ProcessSuspension, "prepareToSuspend: Process is ready to suspend");
+        WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_READY_TO_SUSPEND);
         completionHandler();
     });
 }
@@ -1735,7 +1738,7 @@ void WebProcess::accessibilityRelayProcessSuspended(bool suspended)
 
 void WebProcess::markAllLayersVolatile(CompletionHandler<void()>&& completionHandler)
 {
-    WEBPROCESS_RELEASE_LOG(ProcessSuspension, "markAllLayersVolatile:");
+    WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_MARK_ALL_LAYERS_VOLATILE);
     auto callbackAggregator = CallbackAggregator::create(WTFMove(completionHandler));
     for (auto& page : m_pageMap.values()) {
         page->markLayersVolatile([this, protectedThis = Ref { *this }, callbackAggregator, pageID = page->identifier()] (bool succeeded) {
@@ -1756,7 +1759,7 @@ void WebProcess::cancelMarkAllLayersVolatile()
 
 void WebProcess::freezeAllLayerTrees()
 {
-    WEBPROCESS_RELEASE_LOG(ProcessSuspension, "freezeAllLayerTrees: WebProcess is freezing all layer trees");
+    WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_FREEZE_ALL_LAYER_TREES);
     for (auto& page : m_pageMap.values())
         page->freezeLayerTree(WebPage::LayerTreeFreezeReason::ProcessSuspended);
 }
diff --git a/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm b/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
index 3e8f40a7b1d8e..222058e727724 100644
--- a/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
+++ b/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
@@ -193,6 +193,7 @@
 
 #define RELEASE_LOG_SESSION_ID (m_sessionID ? m_sessionID->toUInt64() : 0)
 #define WEBPROCESS_RELEASE_LOG(channel, fmt, ...) RELEASE_LOG(channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
+#define WEBPROCESS_RELEASE_LOG_FORWARDABLE(channel, fmt, ...) RELEASE_LOG_FORWARDABLE(channel, fmt, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
 #define WEBPROCESS_RELEASE_LOG_ERROR(channel, fmt, ...) RELEASE_LOG_ERROR(channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
 
 #if PLATFORM(MAC) || PLATFORM(MACCATALYST)
@@ -1103,7 +1104,7 @@ static void prewarmLogs()
 #if !RELEASE_LOG_DISABLED
     MonotonicTime endTime = MonotonicTime::now();
 #endif
-    WEBPROCESS_RELEASE_LOG(ProcessSuspension, "destroyRenderingResources: took %.2fms", (endTime - startTime).milliseconds());
+    WEBPROCESS_RELEASE_LOG_FORWARDABLE(ProcessSuspension, WEBPROCESS_DESTROY_RENDERING_RESOURCES, (endTime - startTime).milliseconds());
 }
 
 void WebProcess::releaseSystemMallocMemory()

From 17169d32e21511adf937e578e812e76f574500c1 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 12:52:58 -0800
Subject: [PATCH 069/174] Update RobinhoodHashTable to validate its key in
 release builds https://bugs.webkit.org/show_bug.cgi?id=288207

Reviewed by Ryosuke Niwa.

Update RobinhoodHashTable to validate its key in release builds, as security hardening.

* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::CachedHashMap::encode):
(JSC::CachedHashMap::decode const):
* Source/WTF/wtf/RobinHoodHashMap.h:
* Source/WTF/wtf/RobinHoodHashTable.h:
(WTF::shouldValidateKey>::checkKey):
(WTF::shouldValidateKey>::lookup):
(WTF::shouldValidateKey>::inlineLookup):
(WTF::shouldValidateKey>::initializeBucket):
(WTF::shouldValidateKey>::add):
(WTF::shouldValidateKey>::maintainProbeDistanceForAdd):
(WTF::shouldValidateKey>::addPassingHashCode):
(WTF::shouldValidateKey>::reinsert):
(WTF::shouldValidateKey>::find):
(WTF::shouldValidateKey>::find const):
(WTF::shouldValidateKey>::contains const):
(WTF::shouldValidateKey>::removeAndInvalidateWithoutEntryConsistencyCheck):
(WTF::shouldValidateKey>::removeAndInvalidate):
(WTF::shouldValidateKey>::remove):
(WTF::shouldValidateKey>::removeWithoutEntryConsistencyCheck):
(WTF::shouldValidateKey>::allocateTable):
(WTF::shouldValidateKey>::deallocateTable):
(WTF::shouldValidateKey>::expand):
(WTF::shouldValidateKey>::computeBestTableSize):
(WTF::shouldValidateKey>::shrinkToBestSize):
(WTF::shouldValidateKey>::rehash):
(WTF::shouldValidateKey>::clear):
(WTF::shouldValidateKey>::RobinHoodHashTable):
(WTF::shouldValidateKey>::swap):
(WTF::=):
(WTF::shouldValidateKey>::checkTableConsistency const):
(WTF::shouldValidateKey>::checkTableConsistencyExceptSize const):
(WTF::SizePolicy>::checkKey): Deleted.
(WTF::SizePolicy>::lookup): Deleted.
(WTF::SizePolicy>::inlineLookup): Deleted.
(WTF::SizePolicy>::initializeBucket): Deleted.
(WTF::SizePolicy>::add): Deleted.
(WTF::SizePolicy>::maintainProbeDistanceForAdd): Deleted.
(WTF::SizePolicy>::addPassingHashCode): Deleted.
(WTF::SizePolicy>::reinsert): Deleted.
(WTF::SizePolicy>::find): Deleted.
(WTF::SizePolicy>::find const): Deleted.
(WTF::SizePolicy>::contains const): Deleted.
(WTF::SizePolicy>::removeAndInvalidateWithoutEntryConsistencyCheck): Deleted.
(WTF::SizePolicy>::removeAndInvalidate): Deleted.
(WTF::SizePolicy>::remove): Deleted.
(WTF::SizePolicy>::removeWithoutEntryConsistencyCheck): Deleted.
(WTF::SizePolicy>::allocateTable): Deleted.
(WTF::SizePolicy>::deallocateTable): Deleted.
(WTF::SizePolicy>::expand): Deleted.
(WTF::SizePolicy>::computeBestTableSize): Deleted.
(WTF::SizePolicy>::shrinkToBestSize): Deleted.
(WTF::SizePolicy>::rehash): Deleted.
(WTF::SizePolicy>::clear): Deleted.
(WTF::SizePolicy>::RobinHoodHashTable): Deleted.
(WTF::SizePolicy>::swap): Deleted.
(WTF::SizePolicy>::checkTableConsistency const): Deleted.
(WTF::SizePolicy>::checkTableConsistencyExceptSize const): Deleted.

Canonical link: https://commits.webkit.org/290890@main
---
 Source/JavaScriptCore/runtime/CachedTypes.cpp |  12 +-
 Source/WTF/wtf/RobinHoodHashMap.h             |   6 +-
 Source/WTF/wtf/RobinHoodHashTable.h           | 157 +++++++++---------
 3 files changed, 84 insertions(+), 91 deletions(-)

diff --git a/Source/JavaScriptCore/runtime/CachedTypes.cpp b/Source/JavaScriptCore/runtime/CachedTypes.cpp
index 57e0226fa35dd..1a008fc328795 100644
--- a/Source/JavaScriptCore/runtime/CachedTypes.cpp
+++ b/Source/JavaScriptCore/runtime/CachedTypes.cpp
@@ -670,12 +670,13 @@ class CachedPair : public CachedObject<std::pair<SourceType<First>, SourceType<S
 };
 
 template<typename Key, typename Value, typename HashArg = DefaultHash<SourceType<Key>>, typename KeyTraitsArg = HashTraits<SourceType<Key>>, typename MappedTraitsArg = HashTraits<SourceType<Value>>, typename TableTraits = WTF::HashTableTraits>
-class CachedHashMap : public VariableLengthObject<UncheckedKeyHashMap<SourceType<Key>, SourceType<Value>, HashArg, KeyTraitsArg, MappedTraitsArg, TableTraits>> {
-    template<typename K, typename V>
-    using Map = UncheckedKeyHashMap<K, V, HashArg, KeyTraitsArg, MappedTraitsArg, TableTraits>;
+class CachedHashMap : public VariableLengthObject<HashMap<SourceType<Key>, SourceType<Value>, HashArg, KeyTraitsArg, MappedTraitsArg, TableTraits>> {
+    template<typename K, typename V, WTF::ShouldValidateKey shouldValidateKey>
+    using Map = HashMap<K, V, HashArg, KeyTraitsArg, MappedTraitsArg, TableTraits, shouldValidateKey>;
 
 public:
-    void encode(Encoder& encoder, const Map<SourceType<Key>, SourceType<Value>>& map)
+    template<WTF::ShouldValidateKey shouldValidateKey>
+    void encode(Encoder& encoder, const Map<SourceType<Key>, SourceType<Value>, shouldValidateKey>& map)
     {
         SourceType<decltype(m_entries)> entriesVector(map.size());
         unsigned i = 0;
@@ -684,7 +685,8 @@ class CachedHashMap : public VariableLengthObject<UncheckedKeyHashMap<SourceType
         m_entries.encode(encoder, entriesVector);
     }
 
-    void decode(Decoder& decoder, Map<SourceType<Key>, SourceType<Value>>& map) const
+    template<WTF::ShouldValidateKey shouldValidateKey>
+    void decode(Decoder& decoder, Map<SourceType<Key>, SourceType<Value>, shouldValidateKey>& map) const
     {
         SourceType<decltype(m_entries)> decodedEntries;
         m_entries.decode(decoder, decodedEntries);
diff --git a/Source/WTF/wtf/RobinHoodHashMap.h b/Source/WTF/wtf/RobinHoodHashMap.h
index a681aa70591de..154ced929b5bb 100644
--- a/Source/WTF/wtf/RobinHoodHashMap.h
+++ b/Source/WTF/wtf/RobinHoodHashMap.h
@@ -31,15 +31,15 @@ namespace WTF {
 
 // 95% load-factor.
 template<typename KeyArg, typename MappedArg, typename HashArg = DefaultHash<KeyArg>, typename KeyTraitsArg = HashTraits<KeyArg>, typename MappedTraitsArg = HashTraits<MappedArg>>
-using MemoryCompactLookupOnlyRobinHoodHashMap = UncheckedKeyHashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, MemoryCompactLookupOnlyRobinHoodHashTableTraits>;
+using MemoryCompactLookupOnlyRobinHoodHashMap = HashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, MemoryCompactLookupOnlyRobinHoodHashTableTraits>;
 
 // 90% load-factor.
 template<typename KeyArg, typename MappedArg, typename HashArg = DefaultHash<KeyArg>, typename KeyTraitsArg = HashTraits<KeyArg>, typename MappedTraitsArg = HashTraits<MappedArg>>
-using MemoryCompactRobinHoodHashMap = UncheckedKeyHashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, MemoryCompactRobinHoodHashTableTraits>;
+using MemoryCompactRobinHoodHashMap = HashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, MemoryCompactRobinHoodHashTableTraits>;
 
 // 75% load-factor.
 template<typename KeyArg, typename MappedArg, typename HashArg = DefaultHash<KeyArg>, typename KeyTraitsArg = HashTraits<KeyArg>, typename MappedTraitsArg = HashTraits<MappedArg>>
-using FastRobinHoodHashMap = UncheckedKeyHashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, FastRobinHoodHashTableTraits>;
+using FastRobinHoodHashMap = HashMap<KeyArg, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg, FastRobinHoodHashTableTraits>;
 
 } // namespace WTF
 
diff --git a/Source/WTF/wtf/RobinHoodHashTable.h b/Source/WTF/wtf/RobinHoodHashTable.h
index 6303df8a3799b..6e6e6f4902acd 100644
--- a/Source/WTF/wtf/RobinHoodHashTable.h
+++ b/Source/WTF/wtf/RobinHoodHashTable.h
@@ -59,7 +59,7 @@ WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
 
 namespace WTF {
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 class RobinHoodHashTable;
 
 // 95% load factor. This a bit regress "insertion" performance, while it keeps lookup performance sane.
@@ -103,10 +103,10 @@ struct FastRobinHoodHashTableSizePolicy {
 // [1]: https://codecapsule.com/2013/11/11/robin-hood-hashing/
 // [2]: https://codecapsule.com/2013/11/17/robin-hood-hashing-backward-shift-deletion/
 // [3]: https://accidentallyquadratic.tumblr.com/post/153545455987/rust-hash-iteration-reinsertion
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 class RobinHoodHashTable {
 public:
-    using HashTableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>;
+    using HashTableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>;
     using iterator = HashTableIterator<HashTableType, Key, Value, Extractor, HashFunctions, Traits, KeyTraits>;
     using const_iterator = HashTableConstIterator<HashTableType, Key, Value, Extractor, HashFunctions, Traits, KeyTraits>;
     using ValueTraits = Traits;
@@ -309,41 +309,32 @@ class RobinHoodHashTable {
 #endif
 };
 
-#if !ASSERT_ENABLED
-
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template<typename HashTranslator, typename T>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::checkKey(const T&)
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::checkKey(const T& key)
 {
-}
-
-#else // ASSERT_ENABLED
+    if constexpr (!ASSERT_ENABLED && shouldValidateKey == ShouldValidateKey::No)
+        return;
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-template<typename HashTranslator, typename T>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::checkKey(const T& key)
-{
     if (!HashFunctions::safeToCompareToEmptyOrDeleted)
         return;
-    ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
+    RELEASE_ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
     AlignedStorage<ValueType> deletedValueBuffer;
     auto& deletedValue = *deletedValueBuffer;
     Traits::constructDeletedValue(deletedValue);
-    ASSERT(!HashTranslator::equal(Extractor::extract(deletedValue), key));
+    RELEASE_ASSERT(!HashTranslator::equal(Extractor::extract(deletedValue), key));
 }
 
-#endif // ASSERT_ENABLED
-
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template<typename HashTranslator, typename T>
-inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::lookup(const T& key) -> ValueType*
+inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::lookup(const T& key) -> ValueType*
 {
     return inlineLookup<HashTranslator>(key);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template<typename HashTranslator, typename T>
-ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::inlineLookup(const T& key) -> ValueType*
+ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::inlineLookup(const T& key) -> ValueType*
 {
     checkKey<HashTranslator>(key);
 
@@ -378,15 +369,15 @@ ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Trai
     }
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::initializeBucket(ValueType& bucket)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::initializeBucket(ValueType& bucket)
 {
     HashTableBucketInitializer<Traits::emptyValueIsZero>::template initialize<Traits>(bucket);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template<typename HashTranslator, typename T>
-ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::add(T&& key, NOESCAPE const std::invocable<> auto& functor) -> AddResult
+ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::add(T&& key, NOESCAPE const std::invocable<> auto& functor) -> AddResult
 {
     checkKey<HashTranslator>(key);
 
@@ -447,8 +438,8 @@ ALWAYS_INLINE auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Trai
     return AddResult(makeKnownGoodIterator(entry), true);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-ALWAYS_INLINE void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::maintainProbeDistanceForAdd(ValueType&& value, unsigned index, unsigned distance, unsigned size, unsigned sizeMask, unsigned tableHash)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+ALWAYS_INLINE void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::maintainProbeDistanceForAdd(ValueType&& value, unsigned index, unsigned distance, unsigned size, unsigned sizeMask, unsigned tableHash)
 {
     using std::swap; // For C++ ADL.
     index = (index + 1) & sizeMask;
@@ -474,9 +465,9 @@ ALWAYS_INLINE void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Trai
 }
 
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template<typename HashTranslator, typename T>
-inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::addPassingHashCode(T&& key, NOESCAPE const std::invocable<> auto& functor) -> AddResult
+inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::addPassingHashCode(T&& key, NOESCAPE const std::invocable<> auto& functor) -> AddResult
 {
     checkKey<HashTranslator>(key);
 
@@ -538,8 +529,8 @@ inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
     return AddResult(makeKnownGoodIterator(entry), true);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::reinsert(ValueType&& value)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::reinsert(ValueType&& value)
 {
     using std::swap; // For C++ ADL.
     unsigned size = tableSize();
@@ -568,9 +559,9 @@ inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
     }
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template <typename HashTranslator, typename T>
-auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::find(const T& key) -> iterator
+auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::find(const T& key) -> iterator
 {
     if (!m_table)
         return end();
@@ -582,9 +573,9 @@ auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     return makeKnownGoodIterator(entry);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template <typename HashTranslator, typename T>
-auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::find(const T& key) const -> const_iterator
+auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::find(const T& key) const -> const_iterator
 {
     if (!m_table)
         return end();
@@ -596,9 +587,9 @@ auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     return makeKnownGoodConstIterator(entry);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
 template <typename HashTranslator, typename T>
-bool RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::contains(const T& key) const
+bool RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::contains(const T& key) const
 {
     if (!m_table)
         return false;
@@ -606,23 +597,23 @@ bool RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     return const_cast<RobinHoodHashTable*>(this)->lookup<HashTranslator>(key);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::removeAndInvalidateWithoutEntryConsistencyCheck(ValueType* pos)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::removeAndInvalidateWithoutEntryConsistencyCheck(ValueType* pos)
 {
     invalidateIterators(this);
     remove(pos);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::removeAndInvalidate(ValueType* pos)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::removeAndInvalidate(ValueType* pos)
 {
     invalidateIterators(this);
     internalCheckTableConsistency();
     remove(pos);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::remove(ValueType* pos)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::remove(ValueType* pos)
 {
     // This is removal via "backward-shift-deletion". This basically shift existing entries to removed empty entry place so that we make
     // the table as if no removal happened so far. This decreases distance-to-initial-bucket (DIB) of the subsequent entries by 1. This maintains
@@ -664,8 +655,8 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::remove(iterator it)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::remove(iterator it)
 {
     if (it == end())
         return;
@@ -673,8 +664,8 @@ inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
     removeAndInvalidate(const_cast<ValueType*>(it.m_iterator.m_position));
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::removeWithoutEntryConsistencyCheck(iterator it)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::removeWithoutEntryConsistencyCheck(iterator it)
 {
     if (it == end())
         return;
@@ -682,8 +673,8 @@ inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
     removeAndInvalidateWithoutEntryConsistencyCheck(const_cast<ValueType*>(it.m_iterator.m_position));
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::removeWithoutEntryConsistencyCheck(const_iterator it)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::removeWithoutEntryConsistencyCheck(const_iterator it)
 {
     if (it == end())
         return;
@@ -691,14 +682,14 @@ inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
     removeAndInvalidateWithoutEntryConsistencyCheck(const_cast<ValueType*>(it.m_position));
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::remove(const KeyType& key)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::remove(const KeyType& key)
 {
     remove(find(key));
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::allocateTable(unsigned size) -> ValueType*
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::allocateTable(unsigned size) -> ValueType*
 {
     // would use a template member function with explicit specializations here, but
     // gcc doesn't appear to support that
@@ -711,16 +702,16 @@ auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     return result;
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::deallocateTable(ValueType* table, unsigned size)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::deallocateTable(ValueType* table, unsigned size)
 {
     for (unsigned i = 0; i < size; ++i)
         table[i].~ValueType();
     HashTableMalloc::free(table);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::expand()
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::expand()
 {
     unsigned newSize;
     unsigned oldSize = tableSize();
@@ -732,8 +723,8 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     rehash(newSize);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-constexpr unsigned RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::computeBestTableSize(unsigned keyCount)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+constexpr unsigned RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::computeBestTableSize(unsigned keyCount)
 {
     unsigned bestTableSize = WTF::roundUpToPowerOfTwo(keyCount);
 
@@ -761,15 +752,15 @@ constexpr unsigned RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Trai
     return std::max(bestTableSize, minimumTableSize);
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::shrinkToBestSize()
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::shrinkToBestSize()
 {
     unsigned minimumTableSize = KeyTraits::minimumTableSize;
     rehash(std::max(minimumTableSize, computeBestTableSize(keyCount())));
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::rehash(unsigned newTableSize)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::rehash(unsigned newTableSize)
 {
     internalCheckTableConsistencyExceptSize();
 
@@ -794,8 +785,8 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::clear()
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::clear()
 {
     invalidateIterators(this);
     if (!m_table)
@@ -810,8 +801,8 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::RobinHoodHashTable(const RobinHoodHashTable& other)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::RobinHoodHashTable(const RobinHoodHashTable& other)
 {
     if (!other.m_tableSize || !other.m_keyCount)
         return;
@@ -832,8 +823,8 @@ RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, Size
     internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::swap(RobinHoodHashTable& other)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::swap(RobinHoodHashTable& other)
 {
     using std::swap; // For C++ ADL.
     invalidateIterators(this);
@@ -849,16 +840,16 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
     other.internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::operator=(const RobinHoodHashTable& other) -> RobinHoodHashTable&
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::operator=(const RobinHoodHashTable& other) -> RobinHoodHashTable&
 {
     RobinHoodHashTable tmp(other);
     swap(tmp);
     return *this;
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::RobinHoodHashTable(RobinHoodHashTable&& other)
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::RobinHoodHashTable(RobinHoodHashTable&& other)
 {
     invalidateIterators(&other);
 
@@ -872,8 +863,8 @@ inline RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTrait
     other.internalCheckTableConsistency();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::operator=(RobinHoodHashTable&& other) -> RobinHoodHashTable&
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::operator=(RobinHoodHashTable&& other) -> RobinHoodHashTable&
 {
     RobinHoodHashTable temp(WTFMove(other));
     swap(temp);
@@ -883,14 +874,14 @@ inline auto RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, Key
 
 #if ASSERT_ENABLED
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::checkTableConsistency() const
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::checkTableConsistency() const
 {
     checkTableConsistencyExceptSize();
 }
 
-template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy>
-void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy>::checkTableConsistencyExceptSize() const
+template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, typename SizePolicy, ShouldValidateKey shouldValidateKey>
+void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, SizePolicy, shouldValidateKey>::checkTableConsistencyExceptSize() const
 {
     if (!m_table)
         return;
@@ -920,17 +911,17 @@ void RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits,
 
 struct MemoryCompactLookupOnlyRobinHoodHashTableTraits {
     template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, ShouldValidateKey shouldValidateKey>
-    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, MemoryCompactLookupOnlyRobinHoodHashTableSizePolicy>;
+    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, MemoryCompactLookupOnlyRobinHoodHashTableSizePolicy, shouldValidateKey>;
 };
 
 struct MemoryCompactRobinHoodHashTableTraits {
     template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, ShouldValidateKey shouldValidateKey>
-    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, MemoryCompactRobinHoodHashTableSizePolicy>;
+    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, MemoryCompactRobinHoodHashTableSizePolicy, shouldValidateKey>;
 };
 
 struct FastRobinHoodHashTableTraits {
     template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits, ShouldValidateKey shouldValidateKey>
-    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, FastRobinHoodHashTableSizePolicy>;
+    using TableType = RobinHoodHashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits, FastRobinHoodHashTableSizePolicy, shouldValidateKey>;
 };
 
 } // namespace WTF

From d86d00141e75e84612b84cd452cc15f54a7cecb2 Mon Sep 17 00:00:00 2001
From: Antti Koivisto <antti@apple.com>
Date: Sat, 22 Feb 2025 12:54:05 -0800
Subject: [PATCH 070/174] [css-anchor-position-1] Evaluate
 position-try-fallbacks with try-tactic
 https://bugs.webkit.org/show_bug.cgi?id=288287 rdar://145359529

Reviewed by Alan Baradlay.

Implement basic avaluation support for position-try-fallbacks property.
Only <try-tactic> values flip-inline and flip-block are supported by this patch.

https://drafts.csswg.org/css-anchor-position-1/#position-try-fallbacks

* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor.html: Added.

Add a basic test. Almost all existing WPTs for <try-tactic> also use @position-try rules.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::resolveStyle):
* Source/WebCore/page/LocalFrameViewLayoutContext.cpp:
(WebCore::LocalFrameViewLayoutContext::interleavedLayout):

Add a simpified layout entry point for interleaving.

* Source/WebCore/page/LocalFrameViewLayoutContext.h:
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed):
(WebCore::RenderBox::styleWillChange):
* Source/WebCore/rendering/RenderView.cpp:
(WebCore::RenderView::registerPositionTryBox):
(WebCore::RenderView::unregisterPositionTryBox):

Track boxes with position-try for invalidation.

* Source/WebCore/rendering/RenderView.h:
* Source/WebCore/style/AnchorPositionEvaluator.cpp:
(WebCore::Style::computeInsetValue):
(WebCore::Style::AnchorPositionEvaluator::evaluate):

Flip the sides used in anchor();

(WebCore::Style::flipHorizontal):
(WebCore::Style::flipVertical):
(WebCore::Style::AnchorPositionEvaluator::resolvePositionTryFallbackProperty):

Property flip helper.

(WebCore::Style::AnchorPositionEvaluator::overflowsContainingBlock):

Helper to test for overlow.

* Source/WebCore/style/AnchorPositionEvaluator.h:
* Source/WebCore/style/StyleBuilder.cpp:
(WebCore::Style::Builder::Builder):
(WebCore::Style::Builder::applyProperty):

Flip the property as needed when building position option styles.

* Source/WebCore/style/StyleBuilder.h:
* Source/WebCore/style/StyleBuilderState.cpp:
(WebCore::Style::BuilderState::BuilderState):
* Source/WebCore/style/StyleBuilderState.h:
(WebCore::Style::BuilderState::positionTryFallback const):
* Source/WebCore/style/StyleScope.cpp:
(WebCore::Style::Scope::invalidateForLayoutDependencies):
(WebCore::Style::Scope::invalidateForPositionTryFallbacks):

Invalidation support.

* Source/WebCore/style/StyleScope.h:
* Source/WebCore/style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::styleForStyleable):

If we have position options return the next option instead of computing the style.

(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::TreeResolver::resolveStartingStyle const):
(WebCore::Style::TreeResolver::resolveAfterChangeStyleForNonAnimated const):
(WebCore::Style::TreeResolver::resolveAgainInDifferentContext const):

Add argument and rename to use in fallback resolution.

(WebCore::Style::TreeResolver::resolveComposedTree):
(WebCore::Style::TreeResolver::resolve):

Invalidate for interleaving if we have positions options we haven't chosen yet.

(WebCore::Style::TreeResolver::resolveElement):

Generate position options from position-try-fallbacks after resolving the style.

(WebCore::Style::TreeResolver::generatePositionOptionsIfNeeded):

Go through position-try-fallbacks and generate a position option for each as needed.

(WebCore::Style::TreeResolver::generatePositionOption):

Spin the style builder to generate a position option.

(WebCore::Style::TreeResolver::tryChoosePositionOption):

See if the current style overflows the containing block and try the next option if it does.

* Source/WebCore/style/StyleTreeResolver.h:

Canonical link: https://commits.webkit.org/290891@main
---
 .../try-tactic-basic-anchor-expected.txt      |   5 +
 .../try-tactic-basic-anchor.html              |  78 +++++++++++++
 Source/WebCore/dom/Document.cpp               |   2 +-
 .../page/LocalFrameViewLayoutContext.cpp      |  12 ++
 .../page/LocalFrameViewLayoutContext.h        |   2 +
 Source/WebCore/rendering/RenderBox.cpp        |   7 ++
 Source/WebCore/rendering/RenderView.cpp       |  10 ++
 Source/WebCore/rendering/RenderView.h         |   5 +
 .../WebCore/style/AnchorPositionEvaluator.cpp | 103 ++++++++++++++++-
 .../WebCore/style/AnchorPositionEvaluator.h   |   6 +
 Source/WebCore/style/StyleBuilder.cpp         |   3 +
 Source/WebCore/style/StyleBuilderState.h      |   4 +
 Source/WebCore/style/StyleScope.cpp           |  32 +++++-
 Source/WebCore/style/StyleScope.h             |   1 +
 Source/WebCore/style/StyleTreeResolver.cpp    | 104 +++++++++++++++++-
 Source/WebCore/style/StyleTreeResolver.h      |  15 ++-
 16 files changed, 377 insertions(+), 12 deletions(-)
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor-expected.txt
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor.html

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor-expected.txt
new file mode 100644
index 0000000000000..9a1a7e4de706b
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor-expected.txt
@@ -0,0 +1,5 @@
+
+PASS Uses flip-block
+PASS Uses flip-inline
+PASS Uses flip-block flip-inline
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor.html b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor.html
new file mode 100644
index 0000000000000..c3b7701292784
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-anchor.html
@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<title>CSS Anchor Positioning: simple try-tactic with anchor</title>
+<link rel="help" href="https://drafts.csswg.org/css-anchor-position-1/#typedef-position-try-fallbacks-try-tactic">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<style>
+  #cb {
+    position: absolute;
+    width: 200px;
+    height: 200px;
+    border: 1px solid black;
+  }
+  #anchor {
+    position: absolute;
+    left: 100px;
+    top: 100px;
+    width: 50px;
+    height: 50px;
+    background-color:red;
+    anchor-name: --anchor;
+  }
+  #target1 {
+    position: absolute;
+    width: 100px;
+    height: 100px;
+    /* Does not fit ... */
+    left: anchor(--anchor left);
+    top: anchor(--anchor bottom);
+    /* flip-block fits */
+    position-try-fallbacks: flip-block, flip-inline, flip-block flip-inline;
+    background-color: coral;
+  }
+  #target2 {
+    position: absolute;
+    width: 100px;
+    height: 100px;
+    /* Does not fit ... */
+    left: anchor(--anchor right);
+    top: anchor(--anchor top);
+    /* flip-inline fits */
+    position-try-fallbacks: flip-block, flip-inline, flip-block flip-inline;
+    background-color: blue;
+  }
+  #target3 {
+    position: absolute;
+    width: 100px;
+    height: 100px;
+    /* Does not fit ... */
+    left: anchor(--anchor right);
+    top: anchor(--anchor bottom);
+    /* flip-block flip-inline fits */
+    position-try-fallbacks: flip-block, flip-inline, flip-block flip-inline;
+    background-color: green;
+  }
+</style>
+<div id=cb>
+  <div id=anchor></div>
+  <div id=target1></div>
+  <div id=target2></div>
+  <div id=target3></div>
+</div>
+<script>
+  test(() => {
+    let cs = getComputedStyle(target1);
+    assert_equals(cs.left, '100px');
+    assert_equals(cs.top, '0px');
+  }, 'Uses flip-block');
+  test(() => {
+    let cs = getComputedStyle(target2);
+    assert_equals(cs.left, '0px');
+    assert_equals(cs.top, '100px');
+  }, 'Uses flip-inline');
+  test(() => {
+    let cs = getComputedStyle(target3);
+    assert_equals(cs.left, '0px');
+    assert_equals(cs.top, '0px');
+  }, 'Uses flip-block flip-inline');
+</script>
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index ff6b983dbac21..2b28063c7a5f9 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -2756,7 +2756,7 @@ void Document::resolveStyle(ResolveStyleType type)
                 updateRenderTree(WTFMove(styleUpdate));
 
                 if (frameView->layoutContext().needsLayout())
-                    frameView->layoutContext().layout();
+                    frameView->layoutContext().interleavedLayout();
             }
 
             styleUpdate = resolver.resolve();
diff --git a/Source/WebCore/page/LocalFrameViewLayoutContext.cpp b/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
index 9ef5c52442c47..e07586015e47b 100644
--- a/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
+++ b/Source/WebCore/page/LocalFrameViewLayoutContext.cpp
@@ -172,6 +172,18 @@ void LocalFrameViewLayoutContext::layout(bool canDeferUpdateLayerPositions)
     }
 }
 
+void LocalFrameViewLayoutContext::interleavedLayout()
+{
+    LOG_WITH_STREAM(Layout, stream << "LocalFrameView " << &view() << " LocalFrameViewLayoutContext::interleavedLayout() with size " << view().layoutSize());
+
+    Ref protectedView(view());
+
+    performLayout(false);
+
+    Style::Scope::LayoutDependencyUpdateContext layoutDependencyUpdateContext;
+    document()->styleScope().invalidateForLayoutDependencies(layoutDependencyUpdateContext);
+}
+
 void LocalFrameViewLayoutContext::performLayout(bool canDeferUpdateLayerPositions)
 {
     Ref frame = this->frame();
diff --git a/Source/WebCore/page/LocalFrameViewLayoutContext.h b/Source/WebCore/page/LocalFrameViewLayoutContext.h
index a37555a5b8bcf..ceed9a01271ec 100644
--- a/Source/WebCore/page/LocalFrameViewLayoutContext.h
+++ b/Source/WebCore/page/LocalFrameViewLayoutContext.h
@@ -70,6 +70,8 @@ class LocalFrameViewLayoutContext final : public CanMakeCheckedPtr<LocalFrameVie
     WEBCORE_EXPORT void layout(bool canDeferUpdateLayerPositions = false);
     bool needsLayout(OptionSet<LayoutOptions> layoutOptions = { }) const;
 
+    void interleavedLayout();
+
     // We rely on the side-effects of layout, like compositing updates, to update state in various subsystems
     // whose dependencies are poorly defined. This call triggers such updates.
     void setNeedsLayoutAfterViewConfigurationChange();
diff --git a/Source/WebCore/rendering/RenderBox.cpp b/Source/WebCore/rendering/RenderBox.cpp
index 623e9189a0e8d..fd95e7772dab5 100644
--- a/Source/WebCore/rendering/RenderBox.cpp
+++ b/Source/WebCore/rendering/RenderBox.cpp
@@ -166,6 +166,8 @@ void RenderBox::willBeDestroyed()
             view().unregisterContainerQueryBox(*this);
         if (!style().anchorNames().isEmpty())
             view().unregisterAnchor(*this);
+        if (!style().positionTryFallbacks().isEmpty())
+            view().unregisterPositionTryBox(*this);
     }
 
     RenderBoxModelObject::willBeDestroyed();
@@ -300,6 +302,11 @@ void RenderBox::styleWillChange(StyleDifference diff, const RenderStyle& newStyl
     else if (oldStyle && !oldStyle->anchorNames().isEmpty())
         view().unregisterAnchor(*this);
 
+    if (!style().positionTryFallbacks().isEmpty() && style().hasOutOfFlowPosition())
+        view().registerPositionTryBox(*this);
+    else if (oldStyle && !oldStyle->positionTryFallbacks().isEmpty() && oldStyle->hasOutOfFlowPosition())
+        view().unregisterPositionTryBox(*this);
+
     RenderBoxModelObject::styleWillChange(diff, newStyle);
 }
 
diff --git a/Source/WebCore/rendering/RenderView.cpp b/Source/WebCore/rendering/RenderView.cpp
index fc077af82e394..12f8d043564d3 100644
--- a/Source/WebCore/rendering/RenderView.cpp
+++ b/Source/WebCore/rendering/RenderView.cpp
@@ -1100,6 +1100,16 @@ void RenderView::unregisterAnchor(const RenderBoxModelObject& renderer)
     m_anchors.remove(renderer);
 }
 
+void RenderView::registerPositionTryBox(const RenderBox& box)
+{
+    m_positionTryBoxes.add(box);
+}
+
+void RenderView::unregisterPositionTryBox(const RenderBox& box)
+{
+    m_positionTryBoxes.remove(box);
+}
+
 void RenderView::addCounterNeedingUpdate(RenderCounter& renderer)
 {
     m_countersNeedingUpdate.add(renderer);
diff --git a/Source/WebCore/rendering/RenderView.h b/Source/WebCore/rendering/RenderView.h
index c69eab050e403..c3f6edb23f0cf 100644
--- a/Source/WebCore/rendering/RenderView.h
+++ b/Source/WebCore/rendering/RenderView.h
@@ -212,6 +212,10 @@ class RenderView final : public RenderBlockFlow {
     void unregisterAnchor(const RenderBoxModelObject&);
     const SingleThreadWeakHashSet<const RenderBoxModelObject>& anchors() const { return m_anchors; }
 
+    void registerPositionTryBox(const RenderBox&);
+    void unregisterPositionTryBox(const RenderBox&);
+    const SingleThreadWeakHashSet<const RenderBox>& positionTryBoxes() const { return m_positionTryBoxes; }
+
     SingleThreadWeakPtr<RenderElement> viewTransitionRoot() const;
     void setViewTransitionRoot(RenderElement& renderer);
 
@@ -287,6 +291,7 @@ class RenderView final : public RenderBlockFlow {
     SingleThreadWeakHashSet<const RenderBox> m_boxesWithScrollSnapPositions;
     SingleThreadWeakHashSet<const RenderBox> m_containerQueryBoxes;
     SingleThreadWeakHashSet<const RenderBoxModelObject> m_anchors;
+    SingleThreadWeakHashSet<const RenderBox> m_positionTryBoxes;
 
     SingleThreadWeakPtr<RenderElement> m_viewTransitionRoot;
     HashMap<AtomString, SingleThreadWeakPtr<RenderElement>> m_viewTransitionGroups;
diff --git a/Source/WebCore/style/AnchorPositionEvaluator.cpp b/Source/WebCore/style/AnchorPositionEvaluator.cpp
index 8426d6a78efb5..eee1ddf57eb6e 100644
--- a/Source/WebCore/style/AnchorPositionEvaluator.cpp
+++ b/Source/WebCore/style/AnchorPositionEvaluator.cpp
@@ -32,6 +32,7 @@
 #include "DocumentInlines.h"
 #include "Element.h"
 #include "Node.h"
+#include "RenderBoxInlines.h"
 #include "RenderBlock.h"
 #include "RenderBoxModelObjectInlines.h"
 #include "RenderFragmentedFlow.h"
@@ -276,15 +277,41 @@ LayoutRect AnchorPositionEvaluator::computeAnchorRectRelativeToContainingBlock(C
 // align the edge of the positioned elements' inset-modified containing block corresponding to the
 // property the function appears in with the specified border edge of the target anchor element..."
 // See: https://drafts.csswg.org/css-anchor-position-1/#anchor-pos
-static LayoutUnit computeInsetValue(CSSPropertyID insetPropertyID, CheckedRef<const RenderBoxModelObject> anchorBox, CheckedRef<const RenderElement> anchorPositionedRenderer, AnchorPositionEvaluator::Side anchorSide)
+static LayoutUnit computeInsetValue(CSSPropertyID insetPropertyID, CheckedRef<const RenderBoxModelObject> anchorBox, CheckedRef<const RenderElement> anchorPositionedRenderer, AnchorPositionEvaluator::Side anchorSide, const std::optional<PositionTryFallback>& positionTryFallback)
 {
     CheckedPtr containingBlock = anchorPositionedRenderer->containingBlock();
     ASSERT(containingBlock);
 
-    auto insetPropertySide = mapInsetPropertyToPhysicalSide(insetPropertyID, anchorPositionedRenderer->writingMode());
+    auto writingMode = anchorPositionedRenderer->writingMode();
+    auto insetPropertySide = mapInsetPropertyToPhysicalSide(insetPropertyID, writingMode);
     auto anchorSideID = std::holds_alternative<CSSValueID>(anchorSide) ? std::get<CSSValueID>(anchorSide) : CSSValueInvalid;
     auto anchorRect = AnchorPositionEvaluator::computeAnchorRectRelativeToContainingBlock(anchorBox, *containingBlock);
 
+    bool shouldFlipForPositionTryFallback = [&] {
+        if (!positionTryFallback)
+            return false;
+
+        auto shouldFlipForAxis = [&](LogicalBoxAxis logicalAxis) {
+            auto axis = mapAxisLogicalToPhysical(writingMode, logicalAxis);
+            if (axis == BoxAxis::Horizontal) {
+                if (insetPropertySide == BoxSide::Left || insetPropertySide == BoxSide::Right)
+                    return true;
+            } else if (insetPropertySide == BoxSide::Top || insetPropertySide == BoxSide::Bottom)
+                return true;
+            return false;
+        };
+
+        if (positionTryFallback->tactics.contains(PositionTryFallback::Tactic::FlipInline)) {
+            if (shouldFlipForAxis(LogicalBoxAxis::Inline))
+                return true;
+        }
+        if (positionTryFallback->tactics.contains(PositionTryFallback::Tactic::FlipBlock)) {
+            if (shouldFlipForAxis(LogicalBoxAxis::Block))
+                return true;
+        }
+        return false;
+    }();
+
     // Explicitly deal with the center/percentage value here.
     // "Refers to a position a corresponding percentage between the start and end sides, with
     // 0% being equivalent to start and 100% being equivalent to end. center is equivalent to 50%."
@@ -297,8 +324,11 @@ static LayoutUnit computeInsetValue(CSSPropertyID insetPropertyID, CheckedRef<co
         if (startSide == BoxSide::Bottom || startSide == BoxSide::Right)
             percentage = 1 - percentage;
 
+        if (shouldFlipForPositionTryFallback)
+            percentage = 1 - percentage;
+
         LayoutUnit insetValue;
-        auto insetPropertyAxis = mapInsetPropertyToPhysicalAxis(insetPropertyID, anchorPositionedRenderer->writingMode());
+        auto insetPropertyAxis = mapInsetPropertyToPhysicalAxis(insetPropertyID, writingMode);
         if (insetPropertyAxis == BoxAxis::Vertical) {
             insetValue = anchorRect.location().y() + anchorRect.height() * percentage;
             if (insetPropertySide == BoxSide::Bottom)
@@ -350,6 +380,11 @@ static LayoutUnit computeInsetValue(CSSPropertyID insetPropertyID, CheckedRef<co
         break;
     }
 
+    if (shouldFlipForPositionTryFallback) {
+        boxSide = flipBoxSide(boxSide);
+        insetPropertySide = flipBoxSide(insetPropertySide);
+    }
+
     // Compute inset from the containing block
     LayoutUnit insetValue;
     switch (boxSide) {
@@ -498,7 +533,7 @@ std::optional<double> AnchorPositionEvaluator::evaluate(const BuilderState& buil
 
     // Proceed with computing the inset value for the specified inset property.
     CheckedRef anchorBox = downcast<RenderBoxModelObject>(*anchorRenderer);
-    return computeInsetValue(propertyID, anchorBox, *anchorPositionedRenderer, side);
+    return computeInsetValue(propertyID, anchorBox, *anchorPositionedRenderer, side, builderState.positionTryFallback());
 }
 
 // Returns the default anchor size dimension to use when it is not specified in
@@ -858,6 +893,66 @@ bool AnchorPositionEvaluator::isLayoutTimeAnchorPositioned(const RenderStyle& st
     return style.justifySelf().position() == ItemPosition::AnchorCenter || style.alignSelf().position() == ItemPosition::AnchorCenter;
 }
 
+static CSSPropertyID flipHorizontal(CSSPropertyID propertyID)
+{
+    switch (propertyID) {
+    case CSSPropertyLeft:
+        return CSSPropertyRight;
+    case CSSPropertyRight:
+        return CSSPropertyLeft;
+    case CSSPropertyMarginLeft:
+        return CSSPropertyMarginRight;
+    case CSSPropertyMarginRight:
+        return CSSPropertyMarginLeft;
+    default:
+        return propertyID;
+    }
+}
+
+static CSSPropertyID flipVertical(CSSPropertyID propertyID)
+{
+    switch (propertyID) {
+    case CSSPropertyTop:
+        return CSSPropertyBottom;
+    case CSSPropertyBottom:
+        return CSSPropertyTop;
+    case CSSPropertyMarginTop:
+        return CSSPropertyMarginBottom;
+    case CSSPropertyMarginBottom:
+        return CSSPropertyMarginTop;
+    default:
+        return propertyID;
+    }
+}
+
+CSSPropertyID AnchorPositionEvaluator::resolvePositionTryFallbackProperty(CSSPropertyID propertyID, WritingMode writingMode, const PositionTryFallback& fallback)
+{
+    ASSERT(!CSSProperty::isDirectionAwareProperty(propertyID));
+
+    for (auto tactic : fallback.tactics) {
+        switch (tactic) {
+        case PositionTryFallback::Tactic::FlipInline:
+            propertyID = writingMode.isHorizontal() ? flipHorizontal(propertyID) : flipVertical(propertyID);
+            break;
+        case PositionTryFallback::Tactic::FlipBlock:
+            propertyID = writingMode.isHorizontal() ? flipVertical(propertyID) : flipHorizontal(propertyID);
+            break;
+        case PositionTryFallback::Tactic::FlipStart:
+            break;
+        }
+    }
+    return propertyID;
+}
+
+bool AnchorPositionEvaluator::overflowsContainingBlock(const RenderBox& anchoredBox)
+{
+    auto containingBlockRect = anchoredBox.containingBlock()->contentBoxRect();
+
+    auto marginRect = anchoredBox.marginBoxRect();
+    marginRect.moveBy(anchoredBox.location());
+
+    return !containingBlockRect.contains(marginRect);
+}
 
 WTF::TextStream& operator<<(WTF::TextStream& ts, PositionTryOrder order)
 {
diff --git a/Source/WebCore/style/AnchorPositionEvaluator.h b/Source/WebCore/style/AnchorPositionEvaluator.h
index 96fe532dc4b38..d1ba22221e307 100644
--- a/Source/WebCore/style/AnchorPositionEvaluator.h
+++ b/Source/WebCore/style/AnchorPositionEvaluator.h
@@ -28,6 +28,7 @@
 #include "EventTarget.h"
 #include "LayoutUnit.h"
 #include "ScopedName.h"
+#include "WritingMode.h"
 #include <wtf/HashMap.h>
 #include <wtf/TZoneMalloc.h>
 #include <wtf/WeakHashMap.h>
@@ -40,8 +41,10 @@ class Document;
 class Element;
 class LayoutRect;
 class RenderBlock;
+class RenderBox;
 class RenderBoxModelObject;
 class RenderStyle;
+struct PositionTryFallback;
 
 enum CSSPropertyID : uint16_t;
 
@@ -116,6 +119,9 @@ class AnchorPositionEvaluator {
     static AnchorToAnchorPositionedMap makeAnchorPositionedForAnchorMap(Document&);
 
     static bool isLayoutTimeAnchorPositioned(const RenderStyle&);
+    static CSSPropertyID resolvePositionTryFallbackProperty(CSSPropertyID, WritingMode, const PositionTryFallback&);
+
+    static bool overflowsContainingBlock(const RenderBox& anchoredBox);
 
 private:
     static AnchorElements findAnchorsForAnchorPositionedElement(const Element&, const UncheckedKeyHashSet<AtomString>& anchorNames, const AnchorsForAnchorName&);
diff --git a/Source/WebCore/style/StyleBuilder.cpp b/Source/WebCore/style/StyleBuilder.cpp
index 5c0c24607252c..cc5d89294655c 100644
--- a/Source/WebCore/style/StyleBuilder.cpp
+++ b/Source/WebCore/style/StyleBuilder.cpp
@@ -295,6 +295,9 @@ void Builder::applyProperty(CSSPropertyID id, CSSValue& value, SelectorChecker::
         return applyProperty(newId, valueToApply.get(), linkMatchMask, cascadeLevel);
     }
 
+    if (m_state.positionTryFallback())
+        id = AnchorPositionEvaluator::resolvePositionTryFallbackProperty(id, style.writingMode(), *m_state.positionTryFallback());
+
     auto valueID = WebCore::valueID(valueToApply.get());
 
     const CSSCustomPropertyValue* customPropertyValue = nullptr;
diff --git a/Source/WebCore/style/StyleBuilderState.h b/Source/WebCore/style/StyleBuilderState.h
index e117c2e4175a3..f6c4834f597b4 100644
--- a/Source/WebCore/style/StyleBuilderState.h
+++ b/Source/WebCore/style/StyleBuilderState.h
@@ -28,6 +28,7 @@
 #include "CSSToLengthConversionData.h"
 #include "CSSToStyleMap.h"
 #include "CascadeLevel.h"
+#include "PositionTryFallback.h"
 #include "PropertyCascade.h"
 #include "RuleSet.h"
 #include "SelectorChecker.h"
@@ -66,6 +67,7 @@ struct BuilderContext {
     const RenderStyle& parentStyle;
     const RenderStyle* rootElementStyle = nullptr;
     RefPtr<const Element> element = nullptr;
+    std::optional<PositionTryFallback> positionTryFallback { };
 };
 
 class BuilderState {
@@ -130,6 +132,8 @@ class BuilderState {
 
     Ref<Calculation::RandomKeyMap> randomKeyMap(bool perElement) const;
 
+    const std::optional<PositionTryFallback>& positionTryFallback() const { return m_context.positionTryFallback; }
+
 private:
     // See the comment in maybeUpdateFontForLetterSpacing() about why this needs to be a friend.
     friend void maybeUpdateFontForLetterSpacing(BuilderState&, CSSValue&);
diff --git a/Source/WebCore/style/StyleScope.cpp b/Source/WebCore/style/StyleScope.cpp
index 1f8dd1805a69f..fa69791be46f2 100644
--- a/Source/WebCore/style/StyleScope.cpp
+++ b/Source/WebCore/style/StyleScope.cpp
@@ -926,7 +926,9 @@ bool Scope::isForUserAgentShadowTree() const
 
 bool Scope::invalidateForLayoutDependencies(LayoutDependencyUpdateContext& context)
 {
-    return invalidateForContainerDependencies(context) || invalidateForAnchorDependencies(context);
+    return invalidateForContainerDependencies(context)
+        || invalidateForAnchorDependencies(context)
+        || invalidateForPositionTryFallbacks(context);
 }
 
 bool Scope::invalidateForContainerDependencies(LayoutDependencyUpdateContext& context)
@@ -1028,6 +1030,34 @@ bool Scope::invalidateForAnchorDependencies(LayoutDependencyUpdateContext& conte
     return !anchoredElementsToInvalidate.isEmpty();
 }
 
+bool Scope::invalidateForPositionTryFallbacks(LayoutDependencyUpdateContext& context)
+{
+    ASSERT(!m_shadowRoot);
+
+    if (!m_document->renderView())
+        return false;
+
+    bool invalidated = false;
+
+    for (auto& box : m_document->renderView()->positionTryBoxes()) {
+        if (!AnchorPositionEvaluator::overflowsContainingBlock(box))
+            continue;
+
+        CheckedPtr element = box.element();
+        if (auto* pseudoElement = dynamicDowncast<PseudoElement>(element.get()))
+            element = pseudoElement->hostElement();
+
+        if (element) {
+            if (!context.invalidatedAnchorPositioned.add(*element).isNewEntry)
+                continue;
+            element->invalidateForAnchorRectChange();
+            invalidated = true;
+        }
+    }
+
+    return invalidated;
+}
+
 const MatchResult* Scope::cachedMatchResult(const Element& element)
 {
     auto it = m_cachedMatchResults.find(element);
diff --git a/Source/WebCore/style/StyleScope.h b/Source/WebCore/style/StyleScope.h
index a2d48e22cc7cf..db1dd2706cb18 100644
--- a/Source/WebCore/style/StyleScope.h
+++ b/Source/WebCore/style/StyleScope.h
@@ -216,6 +216,7 @@ class Scope final : public CanMakeWeakPtr<Scope>, public CanMakeCheckedPtr<Scope
 
     bool invalidateForContainerDependencies(LayoutDependencyUpdateContext&);
     bool invalidateForAnchorDependencies(LayoutDependencyUpdateContext&);
+    bool invalidateForPositionTryFallbacks(LayoutDependencyUpdateContext&);
 
     CheckedRef<Document> m_document;
     ShadowRoot* m_shadowRoot { nullptr };
diff --git a/Source/WebCore/style/StyleTreeResolver.cpp b/Source/WebCore/style/StyleTreeResolver.cpp
index 4304eda510474..2b4198ac40c85 100644
--- a/Source/WebCore/style/StyleTreeResolver.cpp
+++ b/Source/WebCore/style/StyleTreeResolver.cpp
@@ -45,6 +45,7 @@
 #include "NodeRenderStyle.h"
 #include "Page.h"
 #include "PlatformStrategies.h"
+#include "PositionTryFallback.h"
 #include "Quirks.h"
 #include "RenderElement.h"
 #include "RenderStyleSetters.h"
@@ -150,6 +151,9 @@ ResolvedStyle TreeResolver::styleForStyleable(const Styleable& styleable, Resolu
 
     auto& element = styleable.element;
 
+    if (auto optionStyle = tryChoosePositionOption(styleable, existingStyle))
+        return WTFMove(*optionStyle);
+
     if (element.hasCustomStyleResolveCallbacks()) {
         RenderStyle* shadowHostStyle = scope().shadowRoot ? m_update->elementStyle(*scope().shadowRoot->host()) : nullptr;
         if (auto customStyle = element.resolveCustomStyle(resolutionContext, shadowHostStyle)) {
@@ -279,6 +283,9 @@ auto TreeResolver::resolveElement(Element& element, const RenderStyle* existingS
 
     Styleable styleable { element, { } };
     auto resolvedStyle = styleForStyleable(styleable, resolutionType, resolutionContext, existingStyle);
+
+    generatePositionOptionsIfNeeded(resolvedStyle, styleable, resolutionContext);
+
     auto update = createAnimatedElementUpdate(WTFMove(resolvedStyle), styleable, parent().change, resolutionContext, parent().isInDisplayNoneTree);
 
     if (!affectsRenderedSubtree(element, *update.style)) {
@@ -807,7 +814,7 @@ std::unique_ptr<RenderStyle> TreeResolver::resolveStartingStyle(const ResolvedSt
     // We now resolve the starting style by applying all rules (including @starting-style ones) again.
     // We could compute it along with the primary style and include it in MatchedPropertiesCache but it is not
     // clear this would be benefitial as it is typically only used once.
-    return resolveAgainWithParentStyle(resolvedStyle, styleable, parentStyle, PropertyCascade::startingStyleProperties(), resolutionContext);
+    return resolveAgainInDifferentContext(resolvedStyle, styleable, parentStyle, PropertyCascade::startingStyleProperties(), { }, resolutionContext);
 }
 
 std::unique_ptr<RenderStyle> TreeResolver::resolveAfterChangeStyleForNonAnimated(const ResolvedStyle& resolvedStyle, const Styleable& styleable, const ResolutionContext& resolutionContext) const
@@ -828,10 +835,10 @@ std::unique_ptr<RenderStyle> TreeResolver::resolveAfterChangeStyleForNonAnimated
 
     // "Likewise, define the after-change style as.. and inheriting from the after-change style of the parent."
     auto& parentStyle = parentAfterChangeStyle(styleable, resolutionContext);
-    return resolveAgainWithParentStyle(resolvedStyle, styleable, parentStyle, PropertyCascade::normalProperties(), resolutionContext);
+    return resolveAgainInDifferentContext(resolvedStyle, styleable, parentStyle, PropertyCascade::normalProperties(), { }, resolutionContext);
 }
 
-std::unique_ptr<RenderStyle> TreeResolver::resolveAgainWithParentStyle(const ResolvedStyle& resolvedStyle, const Styleable& styleable, const RenderStyle& parentStyle, OptionSet<PropertyCascade::PropertyType> properties, const ResolutionContext& resolutionContext) const
+std::unique_ptr<RenderStyle> TreeResolver::resolveAgainInDifferentContext(const ResolvedStyle& resolvedStyle, const Styleable& styleable, const RenderStyle& parentStyle, OptionSet<PropertyCascade::PropertyType> properties, const std::optional<PositionTryFallback>& positionTryFallback, const ResolutionContext& resolutionContext) const
 {
     ASSERT(resolvedStyle.matchResult);
 
@@ -845,7 +852,8 @@ std::unique_ptr<RenderStyle> TreeResolver::resolveAgainWithParentStyle(const Res
         m_document.get(),
         parentStyle,
         resolutionContext.documentElementStyle,
-        &styleable.element
+        &styleable.element,
+        positionTryFallback
     };
 
     auto styleBuilder = Builder {
@@ -1175,7 +1183,7 @@ void TreeResolver::resolveComposedTree()
             it.traverseNextSkippingChildren();
             continue;
         }
-        
+
         resetDescendantStyleRelations(element, descendantsToResolve);
 
         auto isInDisplayNoneTree = parent.isInDisplayNoneTree == IsInDisplayNoneTree::Yes || !style || style->display() == DisplayType::None;
@@ -1279,6 +1287,13 @@ std::unique_ptr<Update> TreeResolver::resolve()
         }
     }
 
+    for (auto& elementAndOptions : m_positionOptions) {
+        if (!elementAndOptions.value.chosen) {
+            elementAndOptions.key->invalidateForResumingAnchorPositionedElementResolution();
+            m_hasUnresolvedAnchorPositionedElements = true;
+        }
+    }
+
     if (m_update->roots().isEmpty())
         return { };
 
@@ -1305,6 +1320,85 @@ auto TreeResolver::updateAnchorPositioningState(Element& element, const RenderSt
     return AnchorPositionedElementAction::SkipDescendants;
 }
 
+void TreeResolver::generatePositionOptionsIfNeeded(const ResolvedStyle& resolvedStyle, const Styleable& styleable, const ResolutionContext& resolutionContext)
+{
+    // https://drafts.csswg.org/css-anchor-position-1/#fallback-apply
+
+    if (!resolvedStyle.style || resolvedStyle.style->positionTryFallbacks().isEmpty())
+        return;
+
+    auto* anchorPositionedState = m_document->styleScope().anchorPositionedStates().get(styleable.element);
+    if (anchorPositionedState && anchorPositionedState->stage < AnchorPositionResolutionStage::Resolved)
+        return;
+
+    m_positionOptions.ensure(styleable.element, [&] {
+        auto options = PositionOptions { .originalStyle = RenderStyle::clonePtr(*resolvedStyle.style) };
+        options.optionStyles.reserveInitialCapacity(resolvedStyle.style->positionTryFallbacks().size());
+        for (auto& fallback : resolvedStyle.style->positionTryFallbacks()) {
+            auto optionStyle = generatePositionOption(fallback, resolvedStyle, styleable, resolutionContext);
+            if (!optionStyle)
+                continue;
+            options.optionStyles.append(WTFMove(optionStyle));
+        }
+        return options;
+    });
+}
+
+std::unique_ptr<RenderStyle> TreeResolver::generatePositionOption(const PositionTryFallback& fallback, const ResolvedStyle& resolvedStyle, const Styleable& styleable, const ResolutionContext& resolutionContext)
+{
+    // https://drafts.csswg.org/css-anchor-position-1/#fallback-apply
+
+    if (!resolvedStyle.matchResult)
+        return { };
+
+    return resolveAgainInDifferentContext(resolvedStyle, styleable, *resolutionContext.parentStyle, PropertyCascade::normalProperties(), fallback, resolutionContext);
+}
+
+std::optional<ResolvedStyle> TreeResolver::tryChoosePositionOption(const Styleable& styleable, const RenderStyle* existingStyle)
+{
+    // https://drafts.csswg.org/css-anchor-position-1/#fallback-apply
+
+    if (!existingStyle)
+        return { };
+
+    auto optionIt = m_positionOptions.find(styleable.element);
+    if (optionIt == m_positionOptions.end())
+        return { };
+
+    auto& options = optionIt->value;
+
+    auto renderer = dynamicDowncast<RenderBox>(styleable.element.renderer());
+    if (!renderer) {
+        options.chosen = true;
+        return ResolvedStyle { RenderStyle::clonePtr(*options.originalStyle) };
+    }
+
+    if (!AnchorPositionEvaluator::overflowsContainingBlock(*renderer)) {
+        // We don't overflow anymore so this is a good style.
+        options.chosen = true;
+        return ResolvedStyle { RenderStyle::clonePtr(*existingStyle) };
+    }
+
+    if (options.chosen) {
+        // We have already chosen.
+        return ResolvedStyle { RenderStyle::clonePtr(*existingStyle) };
+    }
+
+    if (options.index >= options.optionStyles.size()) {
+        // None of the options worked, return back to the original.
+        options.chosen = true;
+        return ResolvedStyle { RenderStyle::clonePtr(*options.originalStyle) };
+    }
+
+    auto& optionStyle = options.optionStyles[options.index];
+
+    // Next option to try if this doesn't work.
+    ++options.index;
+
+    return ResolvedStyle { RenderStyle::clonePtr(*optionStyle) };
+}
+
+
 static Vector<Function<void ()>>& postResolutionCallbackQueue()
 {
     static NeverDestroyed<Vector<Function<void ()>>> vector;
diff --git a/Source/WebCore/style/StyleTreeResolver.h b/Source/WebCore/style/StyleTreeResolver.h
index ce0d322e8fbe4..57eef8b3e7a69 100644
--- a/Source/WebCore/style/StyleTreeResolver.h
+++ b/Source/WebCore/style/StyleTreeResolver.h
@@ -43,6 +43,7 @@ class Element;
 class Node;
 class RenderStyle;
 class ShadowRoot;
+struct PositionTryFallback;
 
 namespace Style {
 
@@ -84,7 +85,7 @@ class TreeResolver {
     ElementUpdate createAnimatedElementUpdate(ResolvedStyle&&, const Styleable&, Change, const ResolutionContext&, IsInDisplayNoneTree = IsInDisplayNoneTree::No);
     std::unique_ptr<RenderStyle> resolveStartingStyle(const ResolvedStyle&, const Styleable&, const ResolutionContext&) const;
     std::unique_ptr<RenderStyle> resolveAfterChangeStyleForNonAnimated(const ResolvedStyle&, const Styleable&, const ResolutionContext&) const;
-    std::unique_ptr<RenderStyle> resolveAgainWithParentStyle(const ResolvedStyle&, const Styleable&, const RenderStyle& parentStyle,  OptionSet<PropertyCascade::PropertyType>, const ResolutionContext&) const;
+    std::unique_ptr<RenderStyle> resolveAgainInDifferentContext(const ResolvedStyle&, const Styleable&, const RenderStyle& parentStyle,  OptionSet<PropertyCascade::PropertyType>, const std::optional<PositionTryFallback>&, const ResolutionContext&) const;
     const RenderStyle& parentAfterChangeStyle(const Styleable&, const ResolutionContext&) const;
 
     UncheckedKeyHashSet<AnimatableCSSProperty> applyCascadeAfterAnimation(RenderStyle&, const UncheckedKeyHashSet<AnimatableCSSProperty>&, bool isTransition, const MatchResult&, const Element&, const ResolutionContext&);
@@ -148,6 +149,10 @@ class TreeResolver {
 
     AnchorPositionedElementAction updateAnchorPositioningState(Element&, const RenderStyle*);
 
+    void generatePositionOptionsIfNeeded(const ResolvedStyle&, const Styleable&, const ResolutionContext&);
+    std::unique_ptr<RenderStyle> generatePositionOption(const PositionTryFallback&, const ResolvedStyle&, const Styleable&, const ResolutionContext&);
+    std::optional<ResolvedStyle> tryChoosePositionOption(const Styleable&, const RenderStyle* existingStyle);
+
     struct QueryContainerState {
         Change change { Change::None };
         DescendantsToResolve descendantsToResolve { DescendantsToResolve::None };
@@ -164,6 +169,14 @@ class TreeResolver {
     bool m_hasUnresolvedQueryContainers { false };
     bool m_hasUnresolvedAnchorPositionedElements { false };
 
+    struct PositionOptions {
+        std::unique_ptr<RenderStyle> originalStyle;
+        Vector<std::unique_ptr<RenderStyle>> optionStyles { };
+        size_t index { 0 };
+        bool chosen { false };
+    };
+    HashMap<Ref<Element>, PositionOptions> m_positionOptions;
+
     std::unique_ptr<Update> m_update;
 };
 

From 92ab86c96733339731d0c2abfeec831624851035 Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Sat, 22 Feb 2025 13:22:36 -0800
Subject: [PATCH 071/174] REGRESSION(288357@main): Crash in
 `WebHistoryItemClient::historyItemChanged`
 https://bugs.webkit.org/show_bug.cgi?id=288279 rdar://142947060

Reviewed by Alex Christensen.

WebHistoryItemClient can outlive its WebPage, so it should hold a WeakPtr to WebPage instead of a
WeakRef.

* Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp:
(WebKit::WebHistoryItemClient::historyItemChanged):
(WebKit::WebHistoryItemClient::clearChildren const):
* Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h:

Canonical link: https://commits.webkit.org/290892@main
---
 Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp | 6 ++++--
 Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h   | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp b/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp
index 985044c1265b4..e8efeb1e5bc80 100644
--- a/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp
@@ -52,14 +52,16 @@ void WebHistoryItemClient::historyItemChanged(const WebCore::HistoryItem& item)
 {
     if (m_shouldIgnoreChanges)
         return;
-    m_page->send(Messages::WebPageProxy::BackForwardUpdateItem(toFrameState(item)));
+    if (RefPtr page = m_page.get())
+        page->send(Messages::WebPageProxy::BackForwardUpdateItem(toFrameState(item)));
 }
 
 void WebHistoryItemClient::clearChildren(const WebCore::HistoryItem& item) const
 {
     if (m_shouldIgnoreChanges)
         return;
-    m_page->send(Messages::WebPageProxy::BackForwardClearChildren(item.itemID(), item.frameItemID()));
+    if (RefPtr page = m_page.get())
+        page->send(Messages::WebPageProxy::BackForwardClearChildren(item.itemID(), item.frameItemID()));
 }
 
 }
diff --git a/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h b/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h
index 069acbdd0069c..f3fc5c28e74bb 100644
--- a/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h
+++ b/Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h
@@ -43,7 +43,7 @@ class WebHistoryItemClient final : public WebCore::HistoryItemClient {
     void historyItemChanged(const WebCore::HistoryItem&) final;
     void clearChildren(const WebCore::HistoryItem&) const final;
 
-    const WeakRef<WebPage> m_page;
+    const WeakPtr<WebPage> m_page;
     bool m_shouldIgnoreChanges { false };
 };
 

From 0aca7bdaf628ee0b9ddf5d444df66f14e3dbd515 Mon Sep 17 00:00:00 2001
From: Tyler Wilcock <tyler_w@apple.com>
Date: Sat, 22 Feb 2025 15:43:29 -0800
Subject: [PATCH 072/174] AX: After dynamic page changes, WebKit can report the
 wrong AXEmptyGroup subrole state to assistive technologies
 https://bugs.webkit.org/show_bug.cgi?id=288215 rdar://145306055

Reviewed by Chris Fleizach.

We cache AXProperty::SubrolePlatformString, but never update it after dynamic page changes, meaning we can return
a stale value when considering AXEmptyGroup, which is dependent on whether an object has unignored children.

This was never a problem prior to ENABLE(INCLUDE_IGNORED_IN_CORE_TREE), as anytime an object's unignored chlidren changed,
we created a whole new node change for it. But with this feature, we no longer do that, since each object's unignored
children is dependent on arbitrary layers of descendants underneath it.

Fix this by computing isEmptyGroup lazily off the main-thread, ensuring we never use stale information.

* LayoutTests/accessibility/mac/dynamic-empty-group-expected.txt: Added.
* LayoutTests/accessibility/mac/dynamic-empty-group.html: Added.
* Source/WebCore/accessibility/AXCoreObject.cpp:
(WebCore::isValidChildForTable):
(WebCore::AXCoreObject::unignoredChildren):
* Source/WebCore/accessibility/AXCoreObject.h:
(WebCore::AXCoreObject::onlyAddsUnignoredChildren const):
* Source/WebCore/accessibility/AXSearchManager.cpp:
(WebCore::appendChildrenToArray):
* Source/WebCore/accessibility/cocoa/AXCoreObjectCocoa.mm:
(WebCore::renderWidgetChildren):
(WebCore::AXCoreObject::isEmptyGroup):
* Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm:
(WebCore::AccessibilityObject::subrolePlatformString const):
(WebCore::isEmptyGroup): Deleted.
(WebCore::renderWidgetChildren): Deleted.
* Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(subroleString):

Canonical link: https://commits.webkit.org/290893@main
---
 .../mac/dynamic-empty-group-expected.txt      |  9 +++++
 .../mac/dynamic-empty-group.html              | 34 ++++++++++++++++++
 Source/WebCore/accessibility/AXCoreObject.cpp | 31 ++++++++++++----
 Source/WebCore/accessibility/AXCoreObject.h   | 11 +++++-
 .../accessibility/cocoa/AXCoreObjectCocoa.mm  | 33 +++++++++++++++++
 .../mac/AccessibilityObjectMac.mm             | 35 -------------------
 .../mac/WebAccessibilityObjectWrapperMac.mm   |  3 ++
 7 files changed, 114 insertions(+), 42 deletions(-)
 create mode 100644 LayoutTests/accessibility/mac/dynamic-empty-group-expected.txt
 create mode 100644 LayoutTests/accessibility/mac/dynamic-empty-group.html

diff --git a/LayoutTests/accessibility/mac/dynamic-empty-group-expected.txt b/LayoutTests/accessibility/mac/dynamic-empty-group-expected.txt
new file mode 100644
index 0000000000000..3b697ecb345fd
--- /dev/null
+++ b/LayoutTests/accessibility/mac/dynamic-empty-group-expected.txt
@@ -0,0 +1,9 @@
+This test ensures we report or don't report the AXEmptyGroup subrole after dynamic page changes.
+
+PASS: accessibilityController.accessibleElementById('target').subrole === 'AXSubrole: AXEmptyGroup'
+PASS: accessibilityController.accessibleElementById('target').subrole === 'AXSubrole: AXApplicationGroup'
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+Press
diff --git a/LayoutTests/accessibility/mac/dynamic-empty-group.html b/LayoutTests/accessibility/mac/dynamic-empty-group.html
new file mode 100644
index 0000000000000..90a102f12e2ac
--- /dev/null
+++ b/LayoutTests/accessibility/mac/dynamic-empty-group.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/accessibility-helper.js"></script>
+<script src="../../resources/js-test.js"></script>
+</head>
+<body>
+
+<div id="target" role="group" aria-label="Group here!">
+    <div id="container">
+    </div>
+</div>
+
+<script>
+var output = "This test ensures we report or don't report the AXEmptyGroup subrole after dynamic page changes.\n\n";
+
+if (window.accessibilityController) {
+    window.jsTestIsAsync = true;
+
+    output += expect("accessibilityController.accessibleElementById('target').subrole", "'AXSubrole: AXEmptyGroup'");
+    let button = document.createElement("button");
+    button.innerText = "Press";
+    document.getElementById("container").appendChild(button);
+    setTimeout(async function() {
+        output += await expectAsync("accessibilityController.accessibleElementById('target').subrole", "'AXSubrole: AXApplicationGroup'");
+
+        debug(output);
+        finishJSTest();
+    }, 0);
+}
+</script>
+</body>
+</html>
+
diff --git a/Source/WebCore/accessibility/AXCoreObject.cpp b/Source/WebCore/accessibility/AXCoreObject.cpp
index 652a5830ada8e..a55168098e094 100644
--- a/Source/WebCore/accessibility/AXCoreObject.cpp
+++ b/Source/WebCore/accessibility/AXCoreObject.cpp
@@ -215,6 +215,13 @@ AXCoreObject::AccessibilityChildrenVector AXCoreObject::tabChildren()
 }
 
 #if ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
+static bool isValidChildForTable(AXCoreObject& object)
+{
+    auto role = object.roleValue();
+    // Tables can only have these roles as exposed-to-AT children.
+    return role == AccessibilityRole::Row || role == AccessibilityRole::Column || role == AccessibilityRole::TableHeaderContainer || role == AccessibilityRole::Caption;
+}
+
 AXCoreObject::AccessibilityChildrenVector AXCoreObject::unignoredChildren(bool updateChildrenIfNeeded)
 {
     if (onlyAddsUnignoredChildren())
@@ -227,12 +234,7 @@ AXCoreObject::AccessibilityChildrenVector AXCoreObject::unignoredChildren(bool u
     const auto& children = childrenIncludingIgnored(updateChildrenIfNeeded);
     RefPtr descendant = children.size() ? children[0].ptr() : nullptr;
     while (descendant && descendant != this) {
-        bool childIsValid = true;
-        if (isExposedTable) {
-            auto role = descendant->roleValue();
-            // Tables can only have these roles as exposed-to-AT children.
-            childIsValid = role == AccessibilityRole::Row || role == AccessibilityRole::Column || role == AccessibilityRole::TableHeaderContainer || role == AccessibilityRole::Caption;
-        }
+        bool childIsValid = !isExposedTable || isValidChildForTable(*descendant);
         if (!childIsValid || descendant->isIgnored()) {
             descendant = descendant->nextInPreOrder(updateChildrenIfNeeded, /* stayWithin */ this);
             continue;
@@ -248,6 +250,23 @@ AXCoreObject::AccessibilityChildrenVector AXCoreObject::unignoredChildren(bool u
     }
     return unignoredChildren;
 }
+
+AXCoreObject* AXCoreObject::firstUnignoredChild()
+{
+    const auto& children = childrenIncludingIgnored(/* updateChildrenIfNeeded */ true);
+    RefPtr descendant = children.size() ? children[0].ptr() : nullptr;
+    if (onlyAddsUnignoredChildren())
+        return descendant.get();
+
+    bool isExposedTable = isTable() && isExposable();
+    while (descendant && descendant != this) {
+        bool childIsValid = !isExposedTable || isValidChildForTable(*descendant);
+        if (childIsValid && !descendant->isIgnored())
+            return descendant.get();
+        descendant = descendant->nextInPreOrder(/* updateChildrenIfNeeded */ true, /* stayWithin */ this);
+    }
+    return nullptr;
+}
 #endif // ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
 
 AXCoreObject* AXCoreObject::nextInPreOrder(bool updateChildrenIfNeeded, AXCoreObject* stayWithin)
diff --git a/Source/WebCore/accessibility/AXCoreObject.h b/Source/WebCore/accessibility/AXCoreObject.h
index 8d0fd24ff244e..f43a8cfa68a21 100644
--- a/Source/WebCore/accessibility/AXCoreObject.h
+++ b/Source/WebCore/accessibility/AXCoreObject.h
@@ -895,6 +895,9 @@ class AXCoreObject : public ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr<AXCo
 
     virtual bool isFieldset() const = 0;
     bool isGroup() const;
+#if PLATFORM(MAC)
+    bool isEmptyGroup();
+#endif
 
     // Native spin buttons.
     bool isSpinButton() const { return roleValue() == AccessibilityRole::SpinButton; }
@@ -1263,9 +1266,15 @@ class AXCoreObject : public ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr<AXCo
     };
 #if ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
     bool onlyAddsUnignoredChildren() const { return isTableColumn() || roleValue() == AccessibilityRole::TableHeaderContainer; }
-    virtual AccessibilityChildrenVector unignoredChildren(bool updateChildrenIfNeeded = true);
+    AccessibilityChildrenVector unignoredChildren(bool updateChildrenIfNeeded = true);
+    AXCoreObject* firstUnignoredChild();
 #else
     const AccessibilityChildrenVector& unignoredChildren(bool updateChildrenIfNeeded = true) { return children(updateChildrenIfNeeded); }
+    AXCoreObject* firstUnignoredChild()
+    {
+        const auto& children = this->children();
+        return children.size() ? children[0].ptr() : nullptr;
+    }
 #endif // ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
 
     // When ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE) is true, this returns IDs of ignored children.
diff --git a/Source/WebCore/accessibility/cocoa/AXCoreObjectCocoa.mm b/Source/WebCore/accessibility/cocoa/AXCoreObjectCocoa.mm
index b1f718f9d284c..bceb7ffe31dc8 100644
--- a/Source/WebCore/accessibility/cocoa/AXCoreObjectCocoa.mm
+++ b/Source/WebCore/accessibility/cocoa/AXCoreObjectCocoa.mm
@@ -263,6 +263,39 @@ static void attributedStringSetStyle(NSMutableAttributedString *attributedString
 
     return string;
 }
+
+NSArray *renderWidgetChildren(const AXCoreObject& object)
+{
+    if (LIKELY(!object.isWidget()))
+        return nil;
+
+    id child = Accessibility::retrieveAutoreleasedValueFromMainThread<id>([object = Ref { object }] () -> RetainPtr<id> {
+        RefPtr widget = object->widget();
+        return widget ? widget->accessibilityObject() : nil;
+    });
+
+    if (child)
+        return @[child];
+ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+    return [object.platformWidget() accessibilityAttributeValue:NSAccessibilityChildrenAttribute];
+ALLOW_DEPRECATED_DECLARATIONS_END
+}
+
+bool AXCoreObject::isEmptyGroup()
+{
+#if ENABLE(MODEL_ELEMENT)
+    if (UNLIKELY(isModel()))
+        return false;
+#endif
+
+    if (UNLIKELY(isRemoteFrame()))
+        return false;
+
+    return [rolePlatformString() isEqual:NSAccessibilityGroupRole]
+        && !firstUnignoredChild()
+        && ![renderWidgetChildren(*this) count];
+}
+
 #endif // PLATFORM(MAC)
 
 } // namespace WebCore
diff --git a/Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm b/Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm
index 532745b1d4783..c0c3b0e661c1f 100644
--- a/Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm
+++ b/Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm
@@ -205,43 +205,8 @@
     return Accessibility::roleToPlatformString(role);
 }
 
-static bool isEmptyGroup(AccessibilityObject& object)
-{
-#if ENABLE(MODEL_ELEMENT)
-    if (object.isModel())
-        return false;
-#endif
-
-    if (object.isRemoteFrame())
-        return false;
-
-    return [object.rolePlatformString() isEqual:NSAccessibilityGroupRole]
-        && object.unignoredChildren().isEmpty()
-        && ![renderWidgetChildren(object) count];
-}
-
-NSArray *renderWidgetChildren(const AXCoreObject& object)
-{
-    if (!object.isWidget())
-        return nil;
-
-    id child = Accessibility::retrieveAutoreleasedValueFromMainThread<id>([object = Ref { object }] () -> RetainPtr<id> {
-        auto* widget = object->widget();
-        return widget ? widget->accessibilityObject() : nil;
-    });
-
-    if (child)
-        return @[child];
-ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-    return [object.platformWidget() accessibilityAttributeValue:NSAccessibilityChildrenAttribute];
-ALLOW_DEPRECATED_DECLARATIONS_END
-}
-
 String AccessibilityObject::subrolePlatformString() const
 {
-    if (isEmptyGroup(*const_cast<AccessibilityObject*>(this)))
-        return NSAccessibilityEmptyGroupSubrole;
-
     if (isSecureField())
         return NSAccessibilitySecureTextFieldSubrole;
     if (isSearchField())
diff --git a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
index 8268664516738..1962038f7f4e7 100644
--- a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
+++ b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
@@ -1106,6 +1106,9 @@ - (NSBezierPath *)path
 
 static NSString *subroleString(AXCoreObject& backingObject)
 {
+    if (backingObject.isEmptyGroup())
+        return NSAccessibilityEmptyGroupSubrole;
+
     String subrole = backingObject.subrolePlatformString();
     if (!subrole.isEmpty())
         return subrole;

From 04c766519a71e85e84f1fbb81b469874553eec96 Mon Sep 17 00:00:00 2001
From: Daniel Liu <daniel_liu4@apple.com>
Date: Sat, 22 Feb 2025 15:45:26 -0800
Subject: [PATCH 073/174] Improve arrayStableSort using Powersort and binary
 insertion sort https://bugs.webkit.org/show_bug.cgi?id=288130
 rdar://145235779

Reviewed by Yusuke Suzuki.

Currently, JSC uses mergesort and naive insertion sort to sort a JSArray.
We can improve this by implementing Powersort, and updating our insertion
sort to use binary search to find the insertion position.

tagcloud-SP: average ~3% better (significant with 98% probability)
UniPoker: average ~1% better (significant with 98% probability)

* JSTests/microbenchmarks/sort-custom-comparator.js: Added.
(randArray):
(comparator):
(iteration.i.comparator):
* Source/JavaScriptCore/runtime/StableSort.h:
(JSC::arrayInsertionSort):
(JSC::mergePowersortRuns):
(JSC::arrayStableSort):
(JSC::arrayMerge): Deleted.

Canonical link: https://commits.webkit.org/290894@main
---
 .../microbenchmarks/sort-custom-comparator.js |  32 +++
 Source/JavaScriptCore/runtime/StableSort.h    | 190 ++++++++++++++----
 2 files changed, 185 insertions(+), 37 deletions(-)
 create mode 100644 JSTests/microbenchmarks/sort-custom-comparator.js

diff --git a/JSTests/microbenchmarks/sort-custom-comparator.js b/JSTests/microbenchmarks/sort-custom-comparator.js
new file mode 100644
index 0000000000000..c9d65152bb1e1
--- /dev/null
+++ b/JSTests/microbenchmarks/sort-custom-comparator.js
@@ -0,0 +1,32 @@
+
+let arraySize = 20000;
+
+function randArray(min, max) {
+    let a = [];
+    for (let i = 0; i < arraySize; ++i) {
+        a.push(min + Math.floor(Math.random() * (max - min)));
+    }
+    return a;
+}
+
+let comparatorCalls = 0;
+
+function comparator(a, b) {
+    ++comparatorCalls;
+    return (a % 1337) - (b % 1337);
+}
+
+for (let iteration = 0; iteration < 30; ++iteration) {
+    let arr = randArray(0, 1048576);
+    let tmp = arr.sort();
+    // Partially sorted with HUGE runs
+    let sorted = tmp.sort(comparator);
+    for (let i = 0; i < sorted.length - 1; ++i) {
+        if (comparator(sorted[i], sorted[i+1]) > 0) {
+            throw new Error("bad");
+        }
+    }
+}
+
+print(comparatorCalls);
+
diff --git a/Source/JavaScriptCore/runtime/StableSort.h b/Source/JavaScriptCore/runtime/StableSort.h
index 07b5eeafad89e..352aaf2511b8b 100644
--- a/Source/JavaScriptCore/runtime/StableSort.h
+++ b/Source/JavaScriptCore/runtime/StableSort.h
@@ -26,6 +26,7 @@
 #pragma once
 
 #include "ArgList.h"
+#include <wtf/Int128.h>
 #include <wtf/StdLibExtras.h>
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
@@ -45,54 +46,47 @@ static ALWAYS_INLINE bool coerceComparatorResultToBoolean(JSGlobalObject* global
 }
 
 template<typename ElementType, typename Functor>
-static ALWAYS_INLINE void arrayInsertionSort(VM& vm, std::span<ElementType> span, const Functor& comparator)
+static ALWAYS_INLINE void arrayInsertionSort(VM& vm, std::span<ElementType> span, const Functor& comparator, size_t sortedHeader = 0)
 {
     auto scope = DECLARE_THROW_SCOPE(vm);
 
     auto* array = span.data();
     size_t length = span.size();
-    for (size_t i = 1; i < length; ++i) {
+    for (size_t i = sortedHeader + 1; i < length; ++i) {
         auto value = array[i];
-        size_t j = i;
-        for (; j > 0; --j) {
-            auto target = array[j - 1];
+
+        // [l, r)
+        size_t left = 0;
+        size_t right = i;
+        for (; left < right;) {
+            size_t m = left + (right - left) / 2;
+            auto target = array[m];
             bool result = comparator(value, target);
             RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, void());
             if (!result)
-                break;
-            array[j] = target;
+                left = m + 1;
+            else
+                right = m;
         }
-        array[j] = value;
+        ElementType t = value;
+        for (size_t j = left; j < i; ++j)
+            std::swap(array[j], t);
+        array[i] = t;
     }
 }
 
 template<typename ElementType, typename Functor>
-static ALWAYS_INLINE void arrayMerge(VM& vm, std::span<ElementType> dst, std::span<const ElementType> src, size_t srcIndex, size_t srcEnd, size_t width, const Functor& comparator)
+static ALWAYS_INLINE void mergePowersortRuns(VM& vm, std::span<ElementType> dst, std::span<const ElementType> src, size_t srcIndex1, size_t srcEnd1, size_t srcIndex2, size_t srcEnd2, const Functor& comparator)
 {
     auto scope = DECLARE_THROW_SCOPE(vm);
 
-    size_t left = srcIndex;
-    size_t leftEnd = std::min<size_t>(left + width, srcEnd);
-    size_t right = leftEnd;
-    size_t rightEnd = std::min<size_t>(right + width, srcEnd);
-
-    if (right >= rightEnd) {
-        // The right subarray does not exist. Just copy src to dst.
-        // This is OK to use WTF::copyElements since both src and dst comes from MarkedArgumentBuffer when using this function for EncodedJSValue,
-        // thus marking happens after suspending the main thread completely.
-        WTF::copyElements(dst.subspan(left), src.subspan(left, rightEnd - left));
-        return;
-    }
+    size_t left = srcIndex1;
+    size_t leftEnd = srcEnd1;
+    size_t right = srcIndex2;
+    size_t rightEnd = srcEnd2;
 
-    bool result = comparator(src[right], src[right - 1]);
-    RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, void());
-    if (!result) {
-        // This entire array is already sorted.
-        // This is OK to use WTF::copyElements since both src and dst comes from MarkedArgumentBuffer when using this function for EncodedJSValue,
-        // thus marking happens after suspending the main thread completely.
-        WTF::copyElements(dst.subspan(left), src.subspan(left, rightEnd - left));
-        return;
-    }
+    ASSERT(leftEnd <= right);
+    ASSERT(rightEnd <= src.size());
 
     for (size_t dstIndex = left; dstIndex < rightEnd; ++dstIndex) {
         if (right < rightEnd) {
@@ -112,25 +106,147 @@ static ALWAYS_INLINE void arrayMerge(VM& vm, std::span<ElementType> dst, std::sp
     }
 }
 
-template<typename ElementType, typename Functor, size_t initialWidth = 4>
+// J. Ian Munro and Sebastian Wild. Nearly-Optimal Mergesorts: Fast, Practical Sorting Methods That
+// Optimally Adapt to Existing Runs. In 26th Annual European Symposium on Algorithms (ESA 2018).
+// Leibniz International Proceedings in Informatics (LIPIcs), Volume 112, pp. 63:1-63:16, Schloss
+// Dagstuhl – Leibniz-Zentrum für Informatik (2018) https://doi.org/10.4230/LIPIcs.ESA.2018.63
+
+struct SortedRun {
+    size_t m_begin;
+    size_t m_end;
+};
+
+template<typename ElementType, typename Functor, size_t forceRunLength = 64>
 static ALWAYS_INLINE std::span<ElementType> arrayStableSort(VM& vm, std::span<ElementType> src, std::span<ElementType> dst, const Functor& comparator)
 {
+    constexpr size_t extendRunCutoff = 8;
+
     auto scope = DECLARE_THROW_SCOPE(vm);
 
+    const size_t numElements = src.size();
+
+    if (!numElements)
+        return src;
+
+    // If the array is small, Powersort probably isn't worth it. Just insertion sort.
+    if (numElements < extendRunCutoff) {
+        scope.release();
+        arrayInsertionSort(vm, src.subspan(0, src.size()), comparator);
+        return src;
+    }
+
+    // power takes in [left, middle-1] and [middle, right]
+    auto power = [](size_t left, size_t middle, size_t right, size_t n) -> unsigned {
+        UInt128 n1 = middle - left;
+        UInt128 n2 = right - middle + 1;
+        // a and b are 2*midpoints of the two ranges, so always within [0, 2n)
+        UInt128 a = left * 2 + n1;
+        UInt128 b = middle * 2 + n2;
+        // n <= 2^64, so n << 62 <= 2^126
+        // n << 62 must be <= 2^126, so a << 62 must be < 2^127. thus, we don't end up with overflow
+        a <<= 62;
+        b <<= 62;
+
+        // a is within [0, 2n), so a << 62 is within [0, 2^63 n). Thus, (when we calculate a / n, it must be within [0, 2^63)
+        UInt128 differingBits = (a / n) ^ (b / n);
+        ASSERT(!(differingBits >> 64));
+        return clz(static_cast<uint64_t>(differingBits));
+    };
+
     auto to = dst;
     auto from = src;
 
-    for (size_t i = 0; i < src.size(); i += initialWidth) {
-        arrayInsertionSort(vm, from.subspan(i, std::min(i + initialWidth, src.size()) - i), comparator);
+    WTF::copyElements(to, spanConstCast<const ElementType>(from));
+
+    struct PowersortStackEntry {
+        SortedRun run;
+        unsigned power;
+    };
+
+    WTF::Vector<PowersortStackEntry, 64> powerstack;
+    // floor(lg(n)) + 1
+    powerstack.reserveCapacity(8 * sizeof(numElements) - WTF::clz(numElements));
+
+    SortedRun run1 { 0, 0 };
+
+    // ExtendRunRight(run1.start, n)
+    while (run1.m_end + 1 < numElements) {
+        bool result = comparator(from[run1.m_end + 1], from[run1.m_end]);
         RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+        if (result)
+            break;
+        ++run1.m_end;
     }
 
-    for (size_t width = initialWidth; width < src.size(); width *= 2) {
-        for (size_t srcIndex = 0; srcIndex < src.size(); srcIndex += 2 * width) {
-            arrayMerge(vm, to, spanConstCast<const ElementType>(from), srcIndex, src.size(), width, comparator);
+    if (run1.m_end - run1.m_begin < extendRunCutoff) {
+        // If the run is too short, insertion sort a bit
+        auto size = std::min(forceRunLength, numElements - run1.m_begin);
+        arrayInsertionSort(vm, from.subspan(run1.m_begin, size), comparator, run1.m_end - run1.m_begin);
+        RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+        run1.m_end = run1.m_begin + size - 1;
+    }
+
+    // See if we can extend the run any more.
+    while (run1.m_end + 1 < numElements) {
+        bool result = comparator(from[run1.m_end + 1], from[run1.m_end]);
+        RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+        if (result)
+            break;
+        ++run1.m_end;
+    }
+
+    while (run1.m_end + 1 < numElements) {
+        SortedRun run2 { run1.m_end + 1, run1.m_end + 1 };
+
+        // ExtendRunRight(run2.start, n)
+        while (run2.m_end + 1 < numElements) {
+            bool result = comparator(from[run2.m_end + 1], from[run2.m_end]);
+            RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+            if (result)
+                break;
+            ++run2.m_end;
+        }
+
+        if (run2.m_end - run2.m_begin < extendRunCutoff) {
+            // If the run is too short, insertion sort a bit
+            auto size = std::min(forceRunLength, numElements - run2.m_begin);
+            arrayInsertionSort(vm, from.subspan(run2.m_begin, size), comparator, run2.m_end - run2.m_begin);
+            RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+            run2.m_end = run2.m_begin + size - 1;
+        }
+
+        // See if we can extend the run any more.
+        while (run2.m_end + 1 < numElements) {
+            bool result = comparator(from[run2.m_end + 1], from[run2.m_end]);
             RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+            if (result)
+                break;
+            ++run2.m_end;
+        }
+
+        unsigned p = power(run1.m_begin, run2.m_begin, run2.m_end, numElements);
+        while (!powerstack.isEmpty() && powerstack.last().power > p) {
+            auto rangeToMerge = powerstack.takeLast().run;
+            ASSERT(rangeToMerge.m_end == run1.m_begin - 1);
+
+            mergePowersortRuns(vm, to, spanConstCast<const ElementType>(from), rangeToMerge.m_begin, rangeToMerge.m_end + 1, run1.m_begin, run1.m_end + 1, comparator);
+            RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+            WTF::copyElements(from.subspan(rangeToMerge.m_begin, run1.m_end + 1 - rangeToMerge.m_begin), spanConstCast<const ElementType>(to).subspan(rangeToMerge.m_begin, run1.m_end + 1 - rangeToMerge.m_begin));
+            run1.m_begin = rangeToMerge.m_begin;
         }
-        std::swap(to, from);
+
+        powerstack.append({ run1, p });
+        run1 = run2;
+    }
+
+    while (!powerstack.isEmpty()) {
+        auto rangeToMerge = powerstack.takeLast().run;
+        ASSERT(rangeToMerge.m_end == run1.m_begin - 1);
+
+        mergePowersortRuns(vm, to, spanConstCast<const ElementType>(from), rangeToMerge.m_begin, rangeToMerge.m_end + 1, run1.m_begin, run1.m_end + 1, comparator);
+        RETURN_IF_EXCEPTION_WITH_TRAPS_DEFERRED(scope, src);
+        WTF::copyElements(from.subspan(rangeToMerge.m_begin, run1.m_end + 1 - rangeToMerge.m_begin), spanConstCast<const ElementType>(to).subspan(rangeToMerge.m_begin, run1.m_end + 1 - rangeToMerge.m_begin));
+        run1.m_begin = rangeToMerge.m_begin;
     }
 
     return from.data() == src.data() ? src : dst;

From cbd90d50a0ecf36a64c7ed9aed6cb8ad24f4c194 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 15:55:10 -0800
Subject: [PATCH 074/174] Address safer cpp failures in WebsiteDataStore
 https://bugs.webkit.org/show_bug.cgi?id=288272

Reviewed by Geoffrey Garen.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebKit/UIProcess/API/C/WKNotificationManager.cpp:
(WKNotificationManagerGetSharedServiceWorkerNotificationManager):
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
(+[WKWebsiteDataStore _sharedServiceWorkerNotificationManager]):
* Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:
(webkit_web_context_class_init):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::processPushMessage):
* Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.cpp:
(WebKit::WebNotificationManagerProxy::serviceWorkerManagerSingleton):
(WebKit::WebNotificationManagerProxy::providerDidUpdateNotificationPolicy):
(WebKit::WebNotificationManagerProxy::providerDidRemoveNotificationPolicies):
(WebKit::WebNotificationManagerProxy::sharedServiceWorkerManager): Deleted.
(WebKit::WebNotificationManagerProxy::protectedSharedServiceWorkerManager): Deleted.
* Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::getNotifications):
* Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
(WebKit::managedDomainQueueSingleton):
(WebKit::WebsiteDataStore::fetchAllDataStoreIdentifiers):
(WebKit::WebsiteDataStore::removeDataStoreWithIdentifier):
(WebKit::WebsiteDataStore::initializeManagedDomains):
(WebKit::WebsiteDataStore::ensureManagedDomains const):
(WebKit::managedDomainQueue): Deleted.
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::websiteDataStoreIOQueueSingleton):
(WebKit::WebsiteDataStore::soAuthorizationCoordinator):
(WebKit::WebsiteDataStore::forwardManagedDomainsToITPIfInitialized):
(WebKit::WebsiteDataStore::showPersistentNotification):
(WebKit::WebsiteDataStore::cancelServiceWorkerNotification):
(WebKit::WebsiteDataStore::clearServiceWorkerNotification):
(WebKit::WebsiteDataStore::didDestroyServiceWorkerNotification):
(WebKit::WebsiteDataStore::openWindowFromServiceWorker):
(WebKit::WebsiteDataStore::updateServiceWorkerInspectability):
(WebKit::WebsiteDataStore::builtInNotificationsEnabled const):
(WebKit::WebsiteDataStore::websiteDataStoreIOQueue): Deleted.
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h:
(WebKit::WebsiteDataStoreClient::didReceiveAuthenticationChallenge):

Canonical link: https://commits.webkit.org/290895@main
---
 .../UncountedCallArgsCheckerExpectations      |  3 ---
 .../UncountedLocalVarsCheckerExpectations     |  2 --
 .../UIProcess/API/C/WKNotificationManager.cpp |  2 +-
 .../UIProcess/API/Cocoa/WKWebsiteDataStore.mm |  2 +-
 .../UIProcess/API/glib/WebKitWebContext.cpp   |  2 +-
 .../UIProcess/Network/NetworkProcessProxy.cpp |  2 +-
 .../WebNotificationManagerProxy.cpp           | 11 +++-----
 .../WebNotificationManagerProxy.h             |  3 +--
 Source/WebKit/UIProcess/WebProcessProxy.cpp   |  2 +-
 .../Cocoa/WebsiteDataStoreCocoa.mm            | 14 +++++-----
 .../WebsiteData/WebsiteDataStore.cpp          | 26 +++++++++----------
 .../UIProcess/WebsiteData/WebsiteDataStore.h  |  6 ++---
 .../WebsiteData/WebsiteDataStoreClient.h      |  2 +-
 13 files changed, 33 insertions(+), 44 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 3ac2202398e81..7d02df52db488 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -212,10 +212,7 @@ UIProcess/WebPreferences.h
 UIProcess/WebProcessActivityState.cpp
 UIProcess/WebURLSchemeHandler.cpp
 UIProcess/WebURLSchemeTask.cpp
-UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
 UIProcess/WebsiteData/WebDeviceOrientationAndMotionAccessController.cpp
-UIProcess/WebsiteData/WebsiteDataStore.cpp
-UIProcess/WebsiteData/WebsiteDataStoreClient.h
 UIProcess/mac/CorrectionPanel.mm
 UIProcess/mac/DisplayCaptureSessionManager.mm
 UIProcess/mac/UserMediaPermissionRequestProxyMac.mm
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index ee68bee997fdc..4ad5d8e215e6c 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -38,8 +38,6 @@ UIProcess/WebAuthentication/AuthenticatorManager.cpp
 UIProcess/WebAuthentication/Cocoa/NfcService.mm
 UIProcess/WebPreferences.cpp
 UIProcess/WebProcessCache.cpp
-UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
-UIProcess/WebsiteData/WebsiteDataStore.cpp
 UIProcess/mac/DisplayCaptureSessionManager.mm
 UIProcess/mac/WKImmediateActionController.mm
 UIProcess/mac/WebContextMenuProxyMac.mm
diff --git a/Source/WebKit/UIProcess/API/C/WKNotificationManager.cpp b/Source/WebKit/UIProcess/API/C/WKNotificationManager.cpp
index 146cccf84ed2c..1602588a52525 100644
--- a/Source/WebKit/UIProcess/API/C/WKNotificationManager.cpp
+++ b/Source/WebKit/UIProcess/API/C/WKNotificationManager.cpp
@@ -81,5 +81,5 @@ void WKNotificationManagerProviderDidRemoveNotificationPolicies(WKNotificationMa
 
 WKNotificationManagerRef WKNotificationManagerGetSharedServiceWorkerNotificationManager()
 {
-    return toAPI(&WebNotificationManagerProxy::sharedServiceWorkerManager());
+    return toAPI(&WebNotificationManagerProxy::serviceWorkerManagerSingleton());
 }
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
index 8e57628559f12..97a87094e648a 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
@@ -1058,7 +1058,7 @@ - (_WKWebsiteDataStoreConfiguration *)_configuration
 + (WKNotificationManagerRef)_sharedServiceWorkerNotificationManager
 {
     LOG(Push, "Accessing _sharedServiceWorkerNotificationManager");
-    return WebKit::toAPI(&WebKit::WebNotificationManagerProxy::sharedServiceWorkerManager());
+    return WebKit::toAPI(&WebKit::WebNotificationManagerProxy::serviceWorkerManagerSingleton());
 }
 
 - (void)_allowTLSCertificateChain:(NSArray *)certificateChain forHost:(NSString *)host
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
index 2bb3b85fecc39..5479cf466e1ba 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
@@ -515,7 +515,7 @@ static void webkit_web_context_class_init(WebKitWebContextClass* webContextClass
     bindtextdomain(GETTEXT_PACKAGE, LOCALEDIR);
     bind_textdomain_codeset(GETTEXT_PACKAGE, "UTF-8");
 
-    s_serviceWorkerNotificationProvider = makeUnique<WebKitNotificationProvider>(&WebNotificationManagerProxy::sharedServiceWorkerManager(), nullptr);
+    s_serviceWorkerNotificationProvider = makeUnique<WebKitNotificationProvider>(&WebNotificationManagerProxy::serviceWorkerManagerSingleton(), nullptr);
 
     gObjectClass->get_property = webkitWebContextGetProperty;
     gObjectClass->set_property = webkitWebContextSetProperty;
diff --git a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
index 2adc88c448427..35d43c25c3dc6 100644
--- a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
+++ b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
@@ -1800,7 +1800,7 @@ void NetworkProcessProxy::processPushMessage(PAL::SessionID sessionID, const Web
         permission = PushPermissionState::Prompt;
         auto permissions = dataStore->client().notificationPermissions();
         if (permissions.isEmpty())
-            permissions = WebNotificationManagerProxy::protectedSharedServiceWorkerManager()->notificationPermissions();
+            permissions = WebNotificationManagerProxy::serviceWorkerManagerSingleton().notificationPermissions();
 
         auto origin = SecurityOriginData::fromURL(pushMessage.registrationURL).toString();
         if (auto it = permissions.find(origin); it != permissions.end())
diff --git a/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.cpp b/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.cpp
index a6c26f011d2e7..ec37d1329ac64 100644
--- a/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.cpp
+++ b/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.cpp
@@ -53,18 +53,13 @@ Ref<WebNotificationManagerProxy> WebNotificationManagerProxy::create(WebProcessP
     return adoptRef(*new WebNotificationManagerProxy(processPool));
 }
 
-WebNotificationManagerProxy& WebNotificationManagerProxy::sharedServiceWorkerManager()
+WebNotificationManagerProxy& WebNotificationManagerProxy::serviceWorkerManagerSingleton()
 {
     ASSERT(isMainRunLoop());
     static NeverDestroyed<Ref<WebNotificationManagerProxy>> sharedManager = adoptRef(*new WebNotificationManagerProxy(nullptr));
     return sharedManager->get();
 }
 
-Ref<WebNotificationManagerProxy> WebNotificationManagerProxy::protectedSharedServiceWorkerManager()
-{
-    return sharedServiceWorkerManager();
-}
-
 WebNotificationManagerProxy::WebNotificationManagerProxy(WebProcessPool* processPool)
     : WebContextSupplement(processPool)
     , m_provider(makeUnique<API::NotificationProvider>())
@@ -340,7 +335,7 @@ void WebNotificationManagerProxy::providerDidUpdateNotificationPolicy(const API:
     if (originString.isEmpty())
         return;
 
-    if (this == &sharedServiceWorkerManager()) {
+    if (this == &serviceWorkerManagerSingleton()) {
         setPushesAndNotificationsEnabledForOrigin(origin->securityOrigin(), enabled);
         WebProcessPool::sendToAllRemoteWorkerProcesses(Messages::WebNotificationManager::DidUpdateNotificationDecision(originString, enabled));
         return;
@@ -356,7 +351,7 @@ void WebNotificationManagerProxy::providerDidRemoveNotificationPolicies(API::Arr
     if (!size)
         return;
 
-    if (this == &sharedServiceWorkerManager()) {
+    if (this == &serviceWorkerManagerSingleton()) {
         removePushSubscriptionsForOrigins(apiArrayToSecurityOrigins(origins));
         WebProcessPool::sendToAllRemoteWorkerProcesses(Messages::WebNotificationManager::DidRemoveNotificationDecisions(apiArrayToSecurityOriginStrings(origins)));
         return;
diff --git a/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.h b/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.h
index b2e68d6ea141b..b4cf4401acab8 100644
--- a/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.h
+++ b/Source/WebKit/UIProcess/Notifications/WebNotificationManagerProxy.h
@@ -62,8 +62,7 @@ class WebNotificationManagerProxy : public API::ObjectImpl<API::Object::Type::No
 
     static Ref<WebNotificationManagerProxy> create(WebProcessPool*);
 
-    static WebNotificationManagerProxy& sharedServiceWorkerManager();
-    static Ref<WebNotificationManagerProxy> protectedSharedServiceWorkerManager();
+    static WebNotificationManagerProxy& serviceWorkerManagerSingleton();
 
     virtual ~WebNotificationManagerProxy();
 
diff --git a/Source/WebKit/UIProcess/WebProcessProxy.cpp b/Source/WebKit/UIProcess/WebProcessProxy.cpp
index 15cebe342fff5..1ac3aeb446910 100644
--- a/Source/WebKit/UIProcess/WebProcessProxy.cpp
+++ b/Source/WebKit/UIProcess/WebProcessProxy.cpp
@@ -2809,7 +2809,7 @@ void WebProcessProxy::getNotifications(const URL& registrationURL, const String&
         return;
     }
 
-    WebNotificationManagerProxy::protectedSharedServiceWorkerManager()->getNotifications(registrationURL, tag, sessionID(), WTFMove(callback));
+    WebNotificationManagerProxy::serviceWorkerManagerSingleton().getNotifications(registrationURL, tag, sessionID(), WTFMove(callback));
 }
 
 void WebProcessProxy::getWebCryptoMasterKey(CompletionHandler<void(std::optional<Vector<uint8_t>>&&)>&& completionHandler)
diff --git a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
index 3ff311c0393df..f2d8b394de378 100644
--- a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
+++ b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
@@ -94,10 +94,10 @@ - (void)fetchAllHistoryWithCompletionHandler:(void (^)(NSSet<NSURL *> *urls, NSE
 #endif
 
 #if ENABLE(MANAGED_DOMAINS)
-static WorkQueue& managedDomainQueue()
+static WorkQueue& managedDomainQueueSingleton()
 {
-    static auto& queue = WorkQueue::create("com.apple.WebKit.ManagedDomains"_s).leakRef();
-    return queue;
+    static MainThreadNeverDestroyed<Ref<WorkQueue>> queue = WorkQueue::create("com.apple.WebKit.ManagedDomains"_s);
+    return queue.get();
 }
 static std::atomic<bool> hasInitializedManagedDomains = false;
 static std::atomic<bool> managedKeyExists = false;
@@ -298,7 +298,7 @@ static String defaultWebsiteDataStoreRootDirectory()
 {
     ASSERT(isMainRunLoop());
 
-    websiteDataStoreIOQueue().dispatch([completionHandler = WTFMove(completionHandler), directory = defaultWebsiteDataStoreRootDirectory().isolatedCopy()]() mutable {
+    websiteDataStoreIOQueueSingleton().dispatch([completionHandler = WTFMove(completionHandler), directory = defaultWebsiteDataStoreRootDirectory().isolatedCopy()]() mutable {
         auto identifiers = WTF::compactMap(FileSystem::listDirectory(directory), [](auto&& identifierString) {
             return WTF::UUID::parse(identifierString);
         });
@@ -324,7 +324,7 @@ static String defaultWebsiteDataStoreRootDirectory()
             return completionHandler("Data store is in use (by network process)"_s);
     }
 
-    websiteDataStoreIOQueue().dispatch([completionHandler = WTFMove(completionHandler), identifier, directory = defaultWebsiteDataStoreDirectory(identifier).isolatedCopy()]() mutable {
+    websiteDataStoreIOQueueSingleton().dispatch([completionHandler = WTFMove(completionHandler), identifier, directory = defaultWebsiteDataStoreDirectory(identifier).isolatedCopy()]() mutable {
         RetainPtr nsCredentialStorage = adoptNS([[NSURLCredentialStorage alloc] _initWithIdentifier:identifier.toString() private:NO]);
         auto* credentials = [nsCredentialStorage allCredentials];
         for (NSURLProtectionSpace *space in credentials) {
@@ -837,7 +837,7 @@ static NavigatingToAppBoundDomain schemeOrDomainIsAppBound(const String& host, c
     if (hasInitializedManagedDomains && forceReinitialization != ForceReinitialization::Yes)
         return;
 
-    managedDomainQueue().dispatch([forceReinitialization] () mutable {
+    managedDomainQueueSingleton().dispatch([forceReinitialization] () mutable {
         if (hasInitializedManagedDomains && forceReinitialization != ForceReinitialization::Yes)
             return;
         static const auto maxManagedDomainCount = 10;
@@ -906,7 +906,7 @@ static NavigatingToAppBoundDomain schemeOrDomainIsAppBound(const String& host, c
 
     // Hopping to the background thread then back to the main thread
     // ensures that initializeManagedDomains() has finished.
-    managedDomainQueue().dispatch([protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] () mutable {
+    managedDomainQueueSingleton().dispatch([protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler)] () mutable {
         RunLoop::protectedMain()->dispatch([protectedThis = WTFMove(protectedThis), completionHandler = WTFMove(completionHandler)] () mutable {
             ASSERT(hasInitializedManagedDomains);
             completionHandler(managedDomains());
diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
index 460b0cafbe6d8..7b9780cb47d82 100644
--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
@@ -129,10 +129,10 @@ static String computeMediaKeyFile(const String& mediaKeyDirectory)
     return FileSystem::pathByAppendingComponent(mediaKeyDirectory, "SecureStop.plist"_s);
 }
 
-WorkQueue& WebsiteDataStore::websiteDataStoreIOQueue()
+WorkQueue& WebsiteDataStore::websiteDataStoreIOQueueSingleton()
 {
-    static auto& queue = WorkQueue::create("com.apple.WebKit.WebsiteDataStoreIO"_s).leakRef();
-    return queue;
+    static MainThreadNeverDestroyed<Ref<WorkQueue>> queue = WorkQueue::create("com.apple.WebKit.WebsiteDataStoreIO"_s);
+    return queue.get();
 }
 
 void WebsiteDataStore::forEachWebsiteDataStore(NOESCAPE Function<void(WebsiteDataStore&)>&& function)
@@ -304,7 +304,7 @@ WebsiteDataStore* WebsiteDataStore::existingDataStoreForSessionID(PAL::SessionID
 #if HAVE(APP_SSO)
 SOAuthorizationCoordinator& WebsiteDataStore::soAuthorizationCoordinator(const WebPageProxy& pageProxy)
 {
-    RELEASE_ASSERT(pageProxy.preferences().isExtensibleSSOEnabled());
+    RELEASE_ASSERT(pageProxy.protectedPreferences()->isExtensibleSSOEnabled());
     if (!m_soAuthorizationCoordinator)
         m_soAuthorizationCoordinator = WTF::makeUnique<SOAuthorizationCoordinator>();
 
@@ -2564,7 +2564,7 @@ void WebsiteDataStore::forwardManagedDomainsToITPIfInitialized(CompletionHandler
         store->setManagedDomainsForITP(domains, [callbackAggregator] { });
     };
 
-    propagateManagedDomains(globalDefaultDataStore().get(), *managedDomains);
+    propagateManagedDomains(protectedDefaultDataStore().get(), *managedDomains);
 
     for (auto& store : allDataStores().values())
         propagateManagedDomains(Ref { store.get() }.ptr(), *managedDomains);
@@ -2608,23 +2608,23 @@ bool WebsiteDataStore::showPersistentNotification(IPC::Connection* connection, c
     if (m_client->showNotification(notificationData))
         return true;
 
-    return WebNotificationManagerProxy::sharedServiceWorkerManager().showPersistent(*this, connection, notificationData, nullptr);
+    return WebNotificationManagerProxy::serviceWorkerManagerSingleton().showPersistent(*this, connection, notificationData, nullptr);
 }
 
 void WebsiteDataStore::cancelServiceWorkerNotification(const WTF::UUID& notificationID)
 {
-    WebNotificationManagerProxy::sharedServiceWorkerManager().cancel(nullptr, notificationID);
+    WebNotificationManagerProxy::serviceWorkerManagerSingleton().cancel(nullptr, notificationID);
 }
 
 void WebsiteDataStore::clearServiceWorkerNotification(const WTF::UUID& notificationID)
 {
     Vector<WTF::UUID> notifications = { notificationID };
-    WebNotificationManagerProxy::sharedServiceWorkerManager().clearNotifications(nullptr, notifications);
+    WebNotificationManagerProxy::serviceWorkerManagerSingleton().clearNotifications(nullptr, notifications);
 }
 
 void WebsiteDataStore::didDestroyServiceWorkerNotification(const WTF::UUID& notificationID)
 {
-    WebNotificationManagerProxy::sharedServiceWorkerManager().didDestroyNotification(nullptr, notificationID);
+    WebNotificationManagerProxy::serviceWorkerManagerSingleton().didDestroyNotification(nullptr, notificationID);
 }
 
 void WebsiteDataStore::openWindowFromServiceWorker(const String& urlString, const WebCore::SecurityOriginData& serviceWorkerOrigin, CompletionHandler<void(std::optional<WebCore::PageIdentifier>)>&& callback)
@@ -2635,7 +2635,7 @@ void WebsiteDataStore::openWindowFromServiceWorker(const String& urlString, cons
             return;
         }
 
-        if (!newPage->pageLoadState().isLoading()) {
+        if (!newPage->protectedPageLoadState()->isLoading()) {
             RELEASE_LOG(Loading, "The WKWebView provided in response to a ServiceWorker openWindow request was not in the loading state");
             callback(std::nullopt);
             return;
@@ -2787,8 +2787,8 @@ void WebsiteDataStore::updateServiceWorkerInspectability()
     bool wasInspectable = m_inspectionForServiceWorkersAllowed;
     m_inspectionForServiceWorkersAllowed = [&] {
 #if ENABLE(REMOTE_INSPECTOR)
-        for (auto& page : m_pages) {
-            if (page.inspectable())
+        for (Ref page : m_pages) {
+            if (page->inspectable())
                 return true;
         }
 #endif // ENABLE(REMOTE_INSPECTOR)
@@ -2894,7 +2894,7 @@ bool WebsiteDataStore::builtInNotificationsEnabled() const
         return defaultBuiltInNotificationsEnabled();
 
     for (Ref page : m_pages) {
-        if (page->preferences().builtInNotificationsEnabled())
+        if (page->protectedPreferences()->builtInNotificationsEnabled())
             return true;
     }
     return false;
diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
index b495136083818..0439774485211 100644
--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
@@ -532,7 +532,7 @@ class WebsiteDataStore : public API::ObjectImpl<API::Object::Type::WebsiteDataSt
     void removeRecentSearches(WallTime, CompletionHandler<void()>&&);
 
     WebsiteDataStore();
-    static WorkQueue& websiteDataStoreIOQueue();
+    static WorkQueue& websiteDataStoreIOQueueSingleton();
 
     Ref<WorkQueue> protectedQueue() const;
 
@@ -586,7 +586,7 @@ class WebsiteDataStore : public API::ObjectImpl<API::Object::Type::WebsiteDataSt
     bool m_hasDispatchedResolveDirectories { false };
     std::optional<WebsiteDataStoreConfiguration::Directories> m_resolvedDirectories WTF_GUARDED_BY_LOCK(m_resolveDirectoriesLock);
     FileSystem::Salt m_mediaKeysStorageSalt WTF_GUARDED_BY_LOCK(m_resolveDirectoriesLock);
-    Ref<const WebsiteDataStoreConfiguration> m_configuration;
+    const Ref<const WebsiteDataStoreConfiguration> m_configuration;
     bool m_hasResolvedDirectories { false };
     RefPtr<DeviceIdHashSaltStorage> m_deviceIdHashSaltStorage;
 #if ENABLE(ENCRYPTED_MEDIA)
@@ -604,7 +604,7 @@ class WebsiteDataStore : public API::ObjectImpl<API::Object::Type::WebsiteDataSt
     TrackingPreventionEnabled m_trackingPreventionEnabled { TrackingPreventionEnabled::Default };
     Function<void(const String&)> m_statisticsTestingCallback;
 
-    Ref<WorkQueue> m_queue;
+    const Ref<WorkQueue> m_queue;
 
 #if PLATFORM(COCOA)
     Vector<uint8_t> m_uiProcessCookieStorageIdentifier;
diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
index 3fe956cbe7483..4b056178bcb2f 100644
--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
@@ -64,7 +64,7 @@ class WebsiteDataStoreClient {
 
     virtual void didReceiveAuthenticationChallenge(Ref<AuthenticationChallengeProxy>&& challenge)
     {
-        challenge->listener().completeChallenge(AuthenticationChallengeDisposition::PerformDefaultHandling);
+        challenge->protectedListener()->completeChallenge(AuthenticationChallengeDisposition::PerformDefaultHandling);
     }
 
     virtual void openWindowFromServiceWorker(const String&, const WebCore::SecurityOriginData&, CompletionHandler<void(WebPageProxy*)>&& completionHandler)

From 5f42dd57877220f5d9d574e11feb19ecf52212e9 Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Sat, 22 Feb 2025 16:19:16 -0800
Subject: [PATCH 075/174] Remove sandbox extension to Web Inspector daemon in
 the WebContent process rdar://135814632
 https://bugs.webkit.org/show_bug.cgi?id=287347

Reviewed by Chris Dumez.

When access to the Web Inspector daemon is blocked in the WebContent process sandbox, we cannot create
the Service Worker inspection target in the WebContent process anymore. Instead, we create the inspection
target in the UI process. We also create a bidirectional communication channel over IPC between the
Service worker in the WebContent process and the new inspection target in the UI process. The new
inspection target in the UI process will then communicate with the Web Inspector daemon and enable
inspection of the Service Worker. Messages from the Service Worker to the UI process are sent via
WebProcessProxy, and messages from the Inspector to the Service Worker are being sent through
WebSWContextManagerConnection.

* Source/JavaScriptCore/inspector/remote/RemoteInspector.h:
* Source/WebCore/workers/service/context/ServiceWorkerInspectorProxy.h:
* Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm:
(WebKit::WebProcessProxy::createServiceWorkerDebuggable):
(WebKit::WebProcessProxy::deleteServiceWorkerDebuggable):
(WebKit::WebProcessProxy::sendMessageToInspector):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/UIProcess/WebProcessProxy.messages.in:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.cpp: Added.
(WebKit::ServiceWorkerDebuggableFrontendChannel::create):
(WebKit::ServiceWorkerDebuggableFrontendChannel::ServiceWorkerDebuggableFrontendChannel):
(WebKit::ServiceWorkerDebuggableFrontendChannel::sendMessageToFrontend):
* Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.h: Added..
* Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.cpp: Added.
(WebKit::ServiceWorkerDebuggableProxy::create):
(WebKit::ServiceWorkerDebuggableProxy::ServiceWorkerDebuggableProxy):
(WebKit::ServiceWorkerDebuggableProxy::connect):
(WebKit::ServiceWorkerDebuggableProxy::disconnect):
(WebKit::ServiceWorkerDebuggableProxy::dispatchMessageFromRemote):
* Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.h: Added.
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::installServiceWorker):
(WebKit::WebSWContextManagerConnection::terminateWorker):
(WebKit::WebSWContextManagerConnection::connectToInspector):
(WebKit::WebSWContextManagerConnection::disconnectFromInspector):
(WebKit::WebSWContextManagerConnection::dispatchMessageFromInspector):
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
* Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:
* Tools/MiniBrowser/MiniBrowser.entitlements:

Canonical link: https://commits.webkit.org/290896@main
---
 .../inspector/remote/RemoteInspector.h        |  2 +-
 .../context/ServiceWorkerInspectorProxy.h     |  6 +-
 .../UIProcess/Cocoa/WebProcessProxyCocoa.mm   | 39 +++++++++
 Source/WebKit/UIProcess/WebProcessProxy.h     | 14 +++-
 .../UIProcess/WebProcessProxy.messages.in     |  6 ++
 .../WebKit/WebKit.xcodeproj/project.pbxproj   | 16 ++++
 ...ServiceWorkerDebuggableFrontendChannel.cpp | 52 ++++++++++++
 .../ServiceWorkerDebuggableFrontendChannel.h  | 54 +++++++++++++
 .../ServiceWorkerDebuggableProxy.cpp          | 79 +++++++++++++++++++
 .../Inspector/ServiceWorkerDebuggableProxy.h  | 67 ++++++++++++++++
 .../Storage/WebSWContextManagerConnection.cpp | 34 ++++++++
 .../Storage/WebSWContextManagerConnection.h   | 10 +++
 .../WebSWContextManagerConnection.messages.in |  6 ++
 Source/WebKit/WebProcess/WebProcess.cpp       |  2 +-
 .../WebProcess/com.apple.WebProcess.sb.in     |  2 +
 Tools/MiniBrowser/MiniBrowser.entitlements    |  1 +
 16 files changed, 384 insertions(+), 6 deletions(-)
 create mode 100644 Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.cpp
 create mode 100644 Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.h
 create mode 100644 Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.cpp
 create mode 100644 Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.h

diff --git a/Source/JavaScriptCore/inspector/remote/RemoteInspector.h b/Source/JavaScriptCore/inspector/remote/RemoteInspector.h
index f8f65fb48de14..671a45d22e90d 100644
--- a/Source/JavaScriptCore/inspector/remote/RemoteInspector.h
+++ b/Source/JavaScriptCore/inspector/remote/RemoteInspector.h
@@ -136,7 +136,7 @@ class RemoteInspector final
     void registerTarget(RemoteControllableTarget*);
     void unregisterTarget(RemoteControllableTarget*);
     void updateTarget(RemoteControllableTarget*);
-    void sendMessageToRemote(TargetID, const String& message);
+    JS_EXPORT_PRIVATE void sendMessageToRemote(TargetID, const String& message);
 
     RemoteInspector::Client* client() const { return m_client; }
     JS_EXPORT_PRIVATE void setClient(RemoteInspector::Client*);
diff --git a/Source/WebCore/workers/service/context/ServiceWorkerInspectorProxy.h b/Source/WebCore/workers/service/context/ServiceWorkerInspectorProxy.h
index d7be3f3dead8c..79ca0ebdcee0c 100644
--- a/Source/WebCore/workers/service/context/ServiceWorkerInspectorProxy.h
+++ b/Source/WebCore/workers/service/context/ServiceWorkerInspectorProxy.h
@@ -50,9 +50,9 @@ class ServiceWorkerInspectorProxy {
 
     void serviceWorkerTerminated();
 
-    void connectToWorker(Inspector::FrontendChannel&);
-    void disconnectFromWorker(Inspector::FrontendChannel&);
-    void sendMessageToWorker(String&&);
+    WEBCORE_EXPORT void connectToWorker(Inspector::FrontendChannel&);
+    WEBCORE_EXPORT void disconnectFromWorker(Inspector::FrontendChannel&);
+    WEBCORE_EXPORT void sendMessageToWorker(String&&);
     void sendMessageFromWorkerToFrontend(String&&);
 
 private:
diff --git a/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
index 6a24ab4ade129..7ab3ff7fc8150 100644
--- a/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
+++ b/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
@@ -55,6 +55,7 @@
 
 #if ENABLE(REMOTE_INSPECTOR)
 #import "WebInspectorUtilities.h"
+#import <JavaScriptCore/RemoteInspector.h>
 #import <JavaScriptCore/RemoteInspectorConstants.h>
 #endif
 
@@ -70,6 +71,9 @@
 #import "TCCSoftLink.h"
 #endif
 
+#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, connection())
+#define MESSAGE_CHECK_URL(url) MESSAGE_CHECK_BASE(checkURLReceivedFromWebProcess(url), connection())
+
 namespace WebKit {
 
 static const Seconds unexpectedActivityDuration = 10_s;
@@ -268,5 +272,40 @@
 }
 #endif // ENABLE(LOGD_BLOCKING_IN_WEBCONTENT)
 
+#if ENABLE(REMOTE_INSPECTOR)
+void WebProcessProxy::createServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier identifier, URL&& url)
+{
+    MESSAGE_CHECK_URL(url);
+    RELEASE_LOG(Inspector, "WebProcessProxy::createServiceWorkerDebuggable");
+    if (!shouldEnableRemoteInspector())
+        return;
+    Ref serviceWorkerDebuggableProxy = ServiceWorkerDebuggableProxy::create(url.string(), identifier, *this);
+    serviceWorkerDebuggableProxy->setInspectable(true);
+    serviceWorkerDebuggableProxy->init();
+    m_serviceWorkerDebuggableProxies.add(identifier, serviceWorkerDebuggableProxy);
+}
+
+void WebProcessProxy::deleteServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier identifier)
+{
+    RELEASE_LOG(Inspector, "WebProcessProxy::deleteServiceWorkerDebuggable");
+    if (!shouldEnableRemoteInspector())
+        return;
+    m_serviceWorkerDebuggableProxies.remove(identifier);
+}
+
+void WebProcessProxy::sendMessageToInspector(WebCore::ServiceWorkerIdentifier identifier, String&& message)
+{
+    RELEASE_LOG(Inspector, "WebProcessProxy::sendMessageToInspector");
+    if (!shouldEnableRemoteInspector())
+        return;
+    if (RefPtr serviceWorkerDebuggableProxy = m_serviceWorkerDebuggableProxies.get(identifier)) {
+        auto targetID = serviceWorkerDebuggableProxy->targetIdentifier();
+        Inspector::RemoteInspector::singleton().sendMessageToRemote(targetID, WTFMove(message));
+    }
+}
+#endif
+
 }
 
+#undef MESSAGE_CHECK_URL
+#undef MESSAGE_CHECK
diff --git a/Source/WebKit/UIProcess/WebProcessProxy.h b/Source/WebKit/UIProcess/WebProcessProxy.h
index ff27c5ad578db..b82965d62515b 100644
--- a/Source/WebKit/UIProcess/WebProcessProxy.h
+++ b/Source/WebKit/UIProcess/WebProcessProxy.h
@@ -79,6 +79,10 @@
 #include "LogStreamIdentifier.h"
 #endif
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+#include "ServiceWorkerDebuggableProxy.h"
+#endif
+
 namespace API {
 class Navigation;
 class PageConfiguration;
@@ -672,6 +676,12 @@ class WebProcessProxy final : public AuxiliaryProcessProxy {
     void setupLogStream(uint32_t pid, IPC::StreamServerConnectionHandle&&, LogStreamIdentifier, CompletionHandler<void(IPC::Semaphore& streamWakeUpSemaphore, IPC::Semaphore& streamClientWaitSemaphore)>&&);
 #endif
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    void createServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier, URL&&);
+    void deleteServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier);
+    void sendMessageToInspector(WebCore::ServiceWorkerIdentifier, String&& message);
+#endif
+
     enum class IsWeak : bool { No, Yes };
     template<typename T> class WeakOrStrongPtr {
     public:
@@ -844,7 +854,9 @@ class WebProcessProxy final : public AuxiliaryProcessProxy {
     bool m_resourceMonitorRuleListRequestedBySomePage { false };
     RefPtr<WebCompiledContentRuleList> m_resourceMonitorRuleList;
 #endif
-
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    HashMap<WebCore::ServiceWorkerIdentifier, Ref<ServiceWorkerDebuggableProxy>> m_serviceWorkerDebuggableProxies;
+#endif
 };
 
 WTF::TextStream& operator<<(WTF::TextStream&, const WebProcessProxy&);
diff --git a/Source/WebKit/UIProcess/WebProcessProxy.messages.in b/Source/WebKit/UIProcess/WebProcessProxy.messages.in
index 6aab8a3a6da93..9ce6ddb5dce0a 100644
--- a/Source/WebKit/UIProcess/WebProcessProxy.messages.in
+++ b/Source/WebKit/UIProcess/WebProcessProxy.messages.in
@@ -100,4 +100,10 @@ messages -> WebProcessProxy WantsDispatchMessage {
 #if ENABLE(LOGD_BLOCKING_IN_WEBCONTENT)
     SetupLogStream(uint32_t pid, IPC::StreamServerConnectionHandle serverConnection, WebKit::LogStreamIdentifier identifier) -> (IPC::Semaphore streamWakeUpSemaphore, IPC::Semaphore streamClientWaitSemaphore)
 #endif
+
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    CreateServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier identifier, URL url)
+    DeleteServiceWorkerDebuggable(WebCore::ServiceWorkerIdentifier identifier)
+    SendMessageToInspector(WebCore::ServiceWorkerIdentifier identifier, String message));
+#endif
 }
diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
index 963d0784f4c79..6f91c07e92055 100644
--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj
+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
@@ -2379,6 +2379,10 @@
 		E3C6727329D4A3AD00AD4452 /* TextTrackRepresentationCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = E36A00E129CF4EBA00AC4E8A /* TextTrackRepresentationCocoa.h */; };
 		E3C788F22D035CED00D6C13D /* LogClient.h in Headers */ = {isa = PBXBuildFile; fileRef = E3C788EF2D035CED00D6C13D /* LogClient.h */; };
 		E3CAAA442413279900CED2E2 /* AccessibilitySupportSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = E3CAAA432413278A00CED2E2 /* AccessibilitySupportSPI.h */; };
+		E3D0A9412D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.h in Headers */ = {isa = PBXBuildFile; fileRef = E3D0A93F2D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.h */; };
+		E3D0A9422D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3D0A9402D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.cpp */; };
+		E3E6297E2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = E3E6297C2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.h */; };
+		E3E6297F2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3E6297D2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.cpp */; };
 		E3E84BDA2AE0AAE50091B3C2 /* XPCEndpoint.h in Copy Testing Headers */ = {isa = PBXBuildFile; fileRef = C14D306724B794E700480387 /* XPCEndpoint.h */; };
 		E3E84BDB2AE0AAE50091B3C2 /* XPCEndpointClient.h in Copy Testing Headers */ = {isa = PBXBuildFile; fileRef = C14D306824B794E700480387 /* XPCEndpointClient.h */; };
 		E3E84BEE2AE1AA5A0091B3C2 /* ExtensionKitSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = E3E84BED2AE1AA5A0091B3C2 /* ExtensionKitSPI.h */; };
@@ -8113,7 +8117,11 @@
 		E3C788F02D035CED00D6C13D /* LogClient.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = LogClient.cpp; sourceTree = "<group>"; };
 		E3C788FE2D039A4F00D6C13D /* LogMessages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = LogMessages.in; sourceTree = "<group>"; };
 		E3CAAA432413278A00CED2E2 /* AccessibilitySupportSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AccessibilitySupportSPI.h; sourceTree = "<group>"; };
+		E3D0A93F2D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ServiceWorkerDebuggableFrontendChannel.h; sourceTree = "<group>"; };
+		E3D0A9402D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ServiceWorkerDebuggableFrontendChannel.cpp; sourceTree = "<group>"; };
 		E3DC5B1A2C9AE09700D73BB3 /* LogStreamIdentifier.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LogStreamIdentifier.h; sourceTree = "<group>"; };
+		E3E6297C2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ServiceWorkerDebuggableProxy.h; sourceTree = "<group>"; };
+		E3E6297D2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ServiceWorkerDebuggableProxy.cpp; sourceTree = "<group>"; };
 		E3E84BED2AE1AA5A0091B3C2 /* ExtensionKitSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExtensionKitSPI.h; sourceTree = "<group>"; };
 		E3EFB02C2550617C003C2F96 /* WebSystemSoundDelegate.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebSystemSoundDelegate.cpp; sourceTree = "<group>"; };
 		E3EFB02D2550617C003C2F96 /* WebSystemSoundDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebSystemSoundDelegate.h; sourceTree = "<group>"; };
@@ -13624,6 +13632,10 @@
 				A55BA8121BA23E05007CD33D /* RemoteWebInspectorUI.cpp */,
 				A55BA8131BA23E05007CD33D /* RemoteWebInspectorUI.h */,
 				A55BA8141BA23E05007CD33D /* RemoteWebInspectorUI.messages.in */,
+				E3D0A9402D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.cpp */,
+				E3D0A93F2D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.h */,
+				E3E6297D2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.cpp */,
+				E3E6297C2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.h */,
 				1C8E2A1C1277833F00BC7BD0 /* WebInspector.messages.in */,
 				BC111A59112F4FBB00337BAB /* WebInspectorClient.cpp */,
 				BC032D6D10F4378D0058C15A /* WebInspectorClient.h */,
@@ -17166,6 +17178,8 @@
 				E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */,
 				570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */,
 				514D9F5719119D35000063A7 /* ServicesController.h in Headers */,
+				E3D0A9412D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.h in Headers */,
+				E3E6297E2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.h in Headers */,
 				5164658027A9C77400E1F2BA /* ServiceWorkerNotificationHandler.h in Headers */,
 				3A7D62D629D38DD300D57DAC /* ServiceWorkerStorageManager.h in Headers */,
 				1AFDE65A1954A42B00C48FFA /* SessionState.h in Headers */,
@@ -20069,6 +20083,8 @@
 				2DC18FB4218A6E9E0025A88D /* RemoteLayerTreeViews.mm in Sources */,
 				0701789E23BE9CFC005F0FAA /* RemoteMediaPlayerMIMETypeCache.cpp in Sources */,
 				7BCF70DE2615D06E00E4FB70 /* ScopedRenderingResourcesRequestCocoa.mm in Sources */,
+				E3D0A9422D62B1C90094538A /* ServiceWorkerDebuggableFrontendChannel.cpp in Sources */,
+				E3E6297F2D5FA8F200DAE50C /* ServiceWorkerDebuggableProxy.cpp in Sources */,
 				93468E6D2714AF88009983E3 /* SharedFileHandleCocoa.cpp in Sources */,
 				9BF622522C3E8559007F7021 /* SharedPreferencesForWebProcess.cpp in Sources */,
 				575B1BB923CE9C0B0020639A /* SimulatedInputDispatcher.cpp in Sources */,
diff --git a/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.cpp b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.cpp
new file mode 100644
index 0000000000000..0a5023fd00fb7
--- /dev/null
+++ b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.cpp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ServiceWorkerDebuggableFrontendChannel.h"
+
+#include "MessageSenderInlines.h"
+#include "WebProcess.h"
+#include "WebProcessProxyMessages.h"
+
+namespace WebKit {
+
+WTF_MAKE_TZONE_ALLOCATED_IMPL(ServiceWorkerDebuggableFrontendChannel);
+
+Ref<ServiceWorkerDebuggableFrontendChannel> ServiceWorkerDebuggableFrontendChannel::create(WebCore::ServiceWorkerIdentifier identifier)
+{
+    return adoptRef(*new ServiceWorkerDebuggableFrontendChannel(identifier));
+}
+
+ServiceWorkerDebuggableFrontendChannel::ServiceWorkerDebuggableFrontendChannel(WebCore::ServiceWorkerIdentifier identifier)
+    : m_identifier(identifier)
+{
+}
+
+void ServiceWorkerDebuggableFrontendChannel::sendMessageToFrontend(const String& message)
+{
+    WebProcess::singleton().send(Messages::WebProcessProxy::SendMessageToInspector(m_identifier, message));
+}
+
+} // namespace WebKit
diff --git a/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.h b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.h
new file mode 100644
index 0000000000000..652363c006f1e
--- /dev/null
+++ b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableFrontendChannel.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <JavaScriptCore/InspectorFrontendChannel.h>
+#include <WebCore/ServiceWorkerIdentifier.h>
+#include <wtf/RefCounted.h>
+#include <wtf/TZoneMalloc.h>
+#include <wtf/ThreadSafeRefCounted.h>
+#include <wtf/WeakRef.h>
+#include <wtf/text/WTFString.h>
+
+namespace WebKit {
+
+class ServiceWorkerDebuggableFrontendChannel final : public ThreadSafeRefCounted<ServiceWorkerDebuggableFrontendChannel>, public Inspector::FrontendChannel {
+    WTF_MAKE_TZONE_ALLOCATED(ServiceWorkerDebuggableFrontendChannel);
+    WTF_MAKE_NONCOPYABLE(ServiceWorkerDebuggableFrontendChannel);
+public:
+    static Ref<ServiceWorkerDebuggableFrontendChannel> create(WebCore::ServiceWorkerIdentifier);
+    virtual ~ServiceWorkerDebuggableFrontendChannel() = default;
+
+private:
+    explicit ServiceWorkerDebuggableFrontendChannel(WebCore::ServiceWorkerIdentifier);
+
+    ConnectionType connectionType() const final { return Inspector::FrontendChannel::ConnectionType::Remote; }
+    void sendMessageToFrontend(const String& message) final;
+
+    WebCore::ServiceWorkerIdentifier m_identifier;
+};
+
+} // namespace WebKit
diff --git a/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.cpp b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.cpp
new file mode 100644
index 0000000000000..b4511a49cd152
--- /dev/null
+++ b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ServiceWorkerDebuggableProxy.h"
+
+#include "Logging.h"
+#include "WebProcessProxy.h"
+#include "WebSWContextManagerConnectionMessages.h"
+#include <JavaScriptCore/RemoteConnectionToTarget.h>
+
+#if ENABLE(REMOTE_INSPECTOR)
+
+#include <wtf/TZoneMallocInlines.h>
+
+namespace WebKit {
+
+WTF_MAKE_TZONE_ALLOCATED_IMPL(ServiceWorkerDebuggableProxy);
+
+using namespace Inspector;
+
+Ref<ServiceWorkerDebuggableProxy> ServiceWorkerDebuggableProxy::create(const String& url, WebCore::ServiceWorkerIdentifier identifier, WebProcessProxy& webProcessProxy)
+{
+    return adoptRef(*new ServiceWorkerDebuggableProxy(url, identifier, webProcessProxy));
+}
+
+ServiceWorkerDebuggableProxy::ServiceWorkerDebuggableProxy(const String& url, WebCore::ServiceWorkerIdentifier identifier, WebProcessProxy& webProcessProxy)
+    : m_scopeURL(url)
+    , m_identifier(identifier)
+    , m_webProcessProxy(webProcessProxy)
+{
+}
+
+void ServiceWorkerDebuggableProxy::connect(FrontendChannel& channel, bool, bool)
+{
+    RELEASE_LOG(Inspector, "ServiceWorkerDebuggableProxy::connect");
+    if (RefPtr webProcessProxy = m_webProcessProxy.get())
+        webProcessProxy->send(Messages::WebSWContextManagerConnection::ConnectToInspector(m_identifier), 0);
+}
+
+void ServiceWorkerDebuggableProxy::disconnect(FrontendChannel& channel)
+{
+    RELEASE_LOG(Inspector, "ServiceWorkerDebuggableProxy::disconnect");
+    if (RefPtr webProcessProxy = m_webProcessProxy.get())
+        webProcessProxy->send(Messages::WebSWContextManagerConnection::DisconnectFromInspector(m_identifier), 0);
+}
+
+void ServiceWorkerDebuggableProxy::dispatchMessageFromRemote(String&& message)
+{
+    RELEASE_LOG(Inspector, "ServiceWorkerDebuggableProxy::dispatchMessageFromRemote");
+    if (RefPtr webProcessProxy = m_webProcessProxy.get())
+        webProcessProxy->send(Messages::WebSWContextManagerConnection::DispatchMessageFromInspector(m_identifier, WTFMove(message)), 0);
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(REMOTE_INSPECTOR)
diff --git a/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.h b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.h
new file mode 100644
index 0000000000000..cdb52e2aec40a
--- /dev/null
+++ b/Source/WebKit/WebProcess/Inspector/ServiceWorkerDebuggableProxy.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if ENABLE(REMOTE_INSPECTOR)
+
+#include <JavaScriptCore/RemoteInspectionTarget.h>
+#include <WebCore/ServiceWorkerIdentifier.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/TZoneMalloc.h>
+
+
+namespace WebKit {
+
+class WebProcessProxy;
+
+class ServiceWorkerDebuggableProxy final : public Inspector::RemoteInspectionTarget {
+    WTF_MAKE_TZONE_ALLOCATED(ServiceWorkerDebuggableProxy);
+    WTF_MAKE_NONCOPYABLE(ServiceWorkerDebuggableProxy);
+public:
+    static Ref<ServiceWorkerDebuggableProxy> create(const String& url, WebCore::ServiceWorkerIdentifier, WebProcessProxy&);
+    ~ServiceWorkerDebuggableProxy() = default;
+
+    Inspector::RemoteControllableTarget::Type type() const final { return Inspector::RemoteControllableTarget::Type::ServiceWorker; }
+
+    String name() const final { return "ServiceWorker"_s; }
+    String url() const final { return m_scopeURL; }
+    bool hasLocalDebugger() const final { return false; }
+
+    void connect(Inspector::FrontendChannel&, bool isAutomaticConnection = false, bool immediatelyPause = false) final;
+    void disconnect(Inspector::FrontendChannel&) final;
+    void dispatchMessageFromRemote(String&& message) final;
+
+private:
+    ServiceWorkerDebuggableProxy(const String& url, WebCore::ServiceWorkerIdentifier, WebProcessProxy&);
+
+    String m_scopeURL;
+    WebCore::ServiceWorkerIdentifier m_identifier;
+    WeakPtr<WebProcessProxy> m_webProcessProxy;
+};
+
+} // namespace WebKit
+
+#endif // ENABLE(REMOTE_INSPECTOR)
diff --git a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
index 4e134c4353252..2cd985f818773 100644
--- a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
+++ b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
@@ -76,6 +76,10 @@
 #include <WebCore/LegacyPreviewLoaderClient.h>
 #endif
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+#include "ServiceWorkerDebuggableFrontendChannel.h"
+#endif
+
 namespace WebKit {
 using namespace PAL;
 using namespace WebCore;
@@ -203,6 +207,10 @@ void WebSWContextManagerConnection::installServiceWorker(ServiceWorkerContextDat
         notificationClient = makeUnique<WebNotificationClient>(nullptr);
 #endif
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+        WebProcess::singleton().send(Messages::WebProcessProxy::CreateServiceWorkerDebuggable(serviceWorkerIdentifier, contextData.registration.scopeURL));
+#endif
+
         auto serviceWorkerThreadProxy = ServiceWorkerThreadProxy::create(Ref { page }, WTFMove(contextData), WTFMove(workerData), WTFMove(effectiveUserAgent), workerThreadMode, WebProcess::singleton().cacheStorageProvider(), WTFMove(notificationClient));
 
         auto workerClient = WebWorkerClient::create(WTFMove(page), serviceWorkerThreadProxy->thread());
@@ -477,6 +485,9 @@ void WebSWContextManagerConnection::setScriptResource(ServiceWorkerIdentifier se
 void WebSWContextManagerConnection::workerTerminated(ServiceWorkerIdentifier serviceWorkerIdentifier)
 {
     RELEASE_LOG(ServiceWorker, "WebSWContextManagerConnection::workerTerminated %" PRIu64, serviceWorkerIdentifier.toUInt64());
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    WebProcess::singleton().send(Messages::WebProcessProxy::DeleteServiceWorkerDebuggable(serviceWorkerIdentifier));
+#endif
     m_connectionToNetworkProcess->send(Messages::WebSWServerToContextConnection::WorkerTerminated(serviceWorkerIdentifier), 0);
 }
 
@@ -592,4 +603,27 @@ void WebSWContextManagerConnection::removeNavigationFetch(WebCore::SWServerConne
     });
 }
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+void WebSWContextManagerConnection::connectToInspector(WebCore::ServiceWorkerIdentifier serviceWorkerIdentifier)
+{
+    Ref channel = ServiceWorkerDebuggableFrontendChannel::create(serviceWorkerIdentifier);
+    m_channels.add(serviceWorkerIdentifier, channel);
+    if (RefPtr serviceWorkerThreadProxy = SWContextManager::singleton().serviceWorkerThreadProxy(serviceWorkerIdentifier))
+        serviceWorkerThreadProxy->inspectorProxy().connectToWorker(channel);
+}
+
+void WebSWContextManagerConnection::disconnectFromInspector(WebCore::ServiceWorkerIdentifier serviceWorkerIdentifier)
+{
+    RefPtr channel = m_channels.take(serviceWorkerIdentifier);
+    if (RefPtr serviceWorkerThreadProxy = SWContextManager::singleton().serviceWorkerThreadProxy(serviceWorkerIdentifier))
+        serviceWorkerThreadProxy->inspectorProxy().disconnectFromWorker(*channel);
+}
+
+void WebSWContextManagerConnection::dispatchMessageFromInspector(WebCore::ServiceWorkerIdentifier identifier, String&& message)
+{
+    if (RefPtr serviceWorkerThreadProxy = SWContextManager::singleton().serviceWorkerThreadProxy(identifier))
+        serviceWorkerThreadProxy->inspectorProxy().sendMessageToWorker(WTFMove(message));
+}
+#endif
+
 } // namespace WebCore
diff --git a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
index 6a99fce0a1233..9e2749de9ec5f 100644
--- a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
+++ b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
@@ -58,6 +58,7 @@ struct ServiceWorkerContextData;
 namespace WebKit {
 
 class RemoteWorkerFrameLoaderClient;
+class ServiceWorkerDebuggableFrontendChannel;
 class WebServiceWorkerFetchTaskClient;
 class WebUserContentController;
 struct RemoteWorkerInitializationData;
@@ -134,6 +135,12 @@ class WebSWContextManagerConnection final : public WebCore::SWContextManager::Co
     void setRegistrationLastUpdateTime(WebCore::ServiceWorkerRegistrationIdentifier, WallTime);
     void setRegistrationUpdateViaCache(WebCore::ServiceWorkerRegistrationIdentifier, WebCore::ServiceWorkerUpdateViaCache);
 
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    void connectToInspector(WebCore::ServiceWorkerIdentifier);
+    void disconnectFromInspector(WebCore::ServiceWorkerIdentifier);
+    void dispatchMessageFromInspector(WebCore::ServiceWorkerIdentifier, String&&);
+#endif
+
     Ref<IPC::Connection> m_connectionToNetworkProcess;
     const WebCore::Site m_site;
     std::optional<WebCore::ScriptExecutionContextIdentifier> m_serviceWorkerPageIdentifier;
@@ -150,6 +157,9 @@ class WebSWContextManagerConnection final : public WebCore::SWContextManager::Co
 
     using FetchKey = std::pair<WebCore::SWServerConnectionIdentifier, WebCore::FetchIdentifier>;
     HashMap<FetchKey, Ref<WebServiceWorkerFetchTaskClient>> m_ongoingNavigationFetchTasks WTF_GUARDED_BY_CAPABILITY(m_queue.get());
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    HashMap<WebCore::ServiceWorkerIdentifier, Ref<ServiceWorkerDebuggableFrontendChannel>> m_channels;
+#endif
 };
 
 } // namespace WebKit
diff --git a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in
index 917d188a412aa..b25785c14b072 100644
--- a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in
+++ b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in
@@ -58,4 +58,10 @@ messages -> WebSWContextManagerConnection {
     FireUpdateFoundEvent(WebCore::ServiceWorkerRegistrationIdentifier identifier)
     SetRegistrationLastUpdateTime(WebCore::ServiceWorkerRegistrationIdentifier identifier, WallTime lastUpdateTime)
     SetRegistrationUpdateViaCache(WebCore::ServiceWorkerRegistrationIdentifier identifier, enum:uint8_t WebCore::ServiceWorkerUpdateViaCache updateViaCache)
+
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+    ConnectToInspector(WebCore::ServiceWorkerIdentifier serviceWorkerIdentifier)
+    DisconnectFromInspector(WebCore::ServiceWorkerIdentifier serviceWorkerIdentifier)
+    DispatchMessageFromInspector(WebCore::ServiceWorkerIdentifier serviceWorkerIdentifier, String message)
+#endif
 }
diff --git a/Source/WebKit/WebProcess/WebProcess.cpp b/Source/WebKit/WebProcess/WebProcess.cpp
index 162fc63b3b73a..2b4dc1a8ec58e 100644
--- a/Source/WebKit/WebProcess/WebProcess.cpp
+++ b/Source/WebKit/WebProcess/WebProcess.cpp
@@ -632,7 +632,7 @@ void WebProcess::initializeWebProcess(WebProcessCreationParameters&& parameters,
     setEnabledServices(parameters.hasImageServices, parameters.hasSelectionServices, parameters.hasRichContentServices);
 #endif
 
-#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA) && !ENABLE(REMOVE_XPC_AND_MACH_SANDBOX_EXTENSIONS_IN_WEBCONTENT)
     if (std::optional<audit_token_t> auditToken = protectedParentProcessConnection()->getAuditToken()) {
         RetainPtr<CFDataRef> auditData = adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
         Inspector::RemoteInspector::singleton().setParentProcessInformation(legacyPresentingApplicationPID(), auditData);
diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
index 31fb983a5279b..e55a73710a839 100644
--- a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
+++ b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
@@ -1358,11 +1358,13 @@
 (deny mach-lookup (with telemetry-backtrace)
     (global-name "com.apple.webinspector"))
 
+#if !ENABLE(REMOVE_XPC_AND_MACH_SANDBOX_EXTENSIONS_IN_WEBCONTENT)
 (with-filter (require-not (state-flag "BlockWebInspectorInWebContentSandbox"))
     (allow mach-lookup (with telemetry-backtrace)
         (require-all
             (extension "com.apple.webkit.extension.mach")
             (global-name "com.apple.webinspector"))))
+#endif
 
 (deny mach-lookup (with telemetry-backtrace)
     (global-name
diff --git a/Tools/MiniBrowser/MiniBrowser.entitlements b/Tools/MiniBrowser/MiniBrowser.entitlements
index f28830aead50a..384527db10b0f 100644
--- a/Tools/MiniBrowser/MiniBrowser.entitlements
+++ b/Tools/MiniBrowser/MiniBrowser.entitlements
@@ -23,6 +23,7 @@
 		<string>com.apple.PIPAgent</string>
 		<string>com.apple.Safari.SafeBrowsing.Service</string>
 		<string>com.apple.WebKit.NetworkingDaemon</string>
+		<string>com.apple.webinspector</string>
 	</array>
 	<key>com.apple.security.temporary-exception.sbpl</key>
 	<array>

From 7ce1585cdfca3841ed6fe9935c731f014423e621 Mon Sep 17 00:00:00 2001
From: Kiet Ho <kiet.ho@apple.com>
Date: Sat, 22 Feb 2025 16:35:34 -0800
Subject: [PATCH 076/174] Fix size of aggregates indexed by CSSPropertyID
 https://bugs.webkit.org/show_bug.cgi?id=288168 rdar://145259581

Reviewed by Yusuke Suzuki.

CSSProperty::numCSSProperties (generated by process-css-properties.py)
is not the *total* number of CSS properties defined in the CSSPropertyID
enum. It's rather the number of *real* CSS properties, which excludes
CSSPropertyInvalid and CSSPropertyCustom. Hence numCSSProperties is
always *smaller* than the largest value in CSSPropertyID enum.

Because of the confusing name though, some aggregates (arrays and
WTF::BitSet) in the codebase use this value as the size, and index into
the aggregate using CSSPropertyID values. Therefore, it's possible to
cause an OOB by indexing using a value in CSSPropertyID that's larger
than numCSSProperties. This is done in e.g CSSProperty::isColorProperty.

Fix this by introducing a new variable, cssPropertyIDEnumValueCount,
that accurately describes the number of values defined in
CSSPropertyID (which is also the largest value in the enum, plus 1)
Then change aggregates to use cssPropertyIDEnumValueCount as the size
instead.

* Source/WebCore/animation/WebAnimationTypes.h:
* Source/WebCore/css/CSSProperty.h:
* Source/WebCore/css/process-css-properties.py:
(GenerationContext.generate_property_id_bit_set):
(GenerateCSSPropertyNames._generate_css_property_names_gperf_prelude):
(GenerateCSSPropertyNames):
* Source/WebCore/rendering/style/WillChangeData.h:
* Source/WebCore/style/StyleBuilderState.h:

Canonical link: https://commits.webkit.org/290897@main
---
 Source/WebCore/animation/WebAnimationTypes.h  |  2 +-
 Source/WebCore/css/CSSProperty.h              |  4 ++--
 Source/WebCore/css/process-css-properties.py  | 20 ++++++++++++++-----
 .../WebCore/rendering/style/WillChangeData.h  |  2 +-
 Source/WebCore/style/StyleBuilderState.h      |  4 ++--
 5 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/Source/WebCore/animation/WebAnimationTypes.h b/Source/WebCore/animation/WebAnimationTypes.h
index 50d0cbaa21ce1..ec4ad79b0c5a7 100644
--- a/Source/WebCore/animation/WebAnimationTypes.h
+++ b/Source/WebCore/animation/WebAnimationTypes.h
@@ -110,7 +110,7 @@ constexpr OptionSet<AcceleratedEffectProperty> transformRelatedAcceleratedProper
 };
 
 struct CSSPropertiesBitSet {
-    WTF::BitSet<numCSSProperties> m_properties { };
+    WTF::BitSet<cssPropertyIDEnumValueCount> m_properties { };
 };
 
 using TimelineRangeValue = std::variant<TimelineRangeOffset, RefPtr<CSSNumericValue>, RefPtr<CSSKeywordValue>, String>;
diff --git a/Source/WebCore/css/CSSProperty.h b/Source/WebCore/css/CSSProperty.h
index 5419fdd339c15..99ace36004e67 100644
--- a/Source/WebCore/css/CSSProperty.h
+++ b/Source/WebCore/css/CSSProperty.h
@@ -117,8 +117,8 @@ class CSSProperty {
         return colorProperties.get(propertyId);
     }
 
-    static const WEBCORE_EXPORT WTF::BitSet<numCSSProperties> colorProperties;
-    static const WEBCORE_EXPORT WTF::BitSet<numCSSProperties> physicalProperties;
+    static const WEBCORE_EXPORT WTF::BitSet<cssPropertyIDEnumValueCount> colorProperties;
+    static const WEBCORE_EXPORT WTF::BitSet<cssPropertyIDEnumValueCount> physicalProperties;
 
     bool operator==(const CSSProperty& other) const
     {
diff --git a/Source/WebCore/css/process-css-properties.py b/Source/WebCore/css/process-css-properties.py
index da182d3f0a5ae..de7509914447b 100755
--- a/Source/WebCore/css/process-css-properties.py
+++ b/Source/WebCore/css/process-css-properties.py
@@ -2413,10 +2413,10 @@ def generate_property_id_switch_function_bool(self, *, to, signature, iterable,
         to.newline()
 
     def generate_property_id_bit_set(self, *, to, name, iterable, mapping_to_property=lambda p: p):
-        to.write(f"const WTF::BitSet<numCSSProperties> {name} = ([]() -> WTF::BitSet<numCSSProperties> {{")
+        to.write(f"const WTF::BitSet<cssPropertyIDEnumValueCount> {name} = ([]() -> WTF::BitSet<cssPropertyIDEnumValueCount> {{")
 
         with to.indent():
-            to.write(f"WTF::BitSet<numCSSProperties> result;")
+            to.write(f"WTF::BitSet<cssPropertyIDEnumValueCount> result;")
 
             for item in iterable:
                 to.write(f"result.set({mapping_to_property(item).id});")
@@ -2494,7 +2494,7 @@ def _generate_css_property_names_gperf_prelude(self, *, to):
         )
 
         to.write_block("""\
-            static_assert(numCSSProperties + 1 <= std::numeric_limits<uint16_t>::max(), "CSSPropertyID should fit into uint16_t.");
+            static_assert(cssPropertyIDEnumValueCount <= (std::numeric_limits<uint16_t>::max() + 1), "CSSPropertyID should fit into uint16_t.");
             """)
 
         all_computed_property_ids = (f"{property.id}," for property in self.properties_and_descriptors.style_properties.all_computed)
@@ -2693,7 +2693,7 @@ def _generate_is_exposed_functions(self, *, to):
     def _generate_is_inherited_property(self, *, to):
         all_inherited_and_ids = (f'{"true " if hasattr(property, "inherited") and property.inherited else "false"}, // {property.id}' for property in self.properties_and_descriptors.all_unique)
 
-        to.write(f"constexpr bool isInheritedPropertyTable[numCSSProperties + {GenerationContext.number_of_predefined_properties}] = {{")
+        to.write(f"constexpr bool isInheritedPropertyTable[cssPropertyIDEnumValueCount] = {{")
         with to.indent():
             to.write(f"false, // CSSPropertyID::CSSPropertyInvalid")
             to.write(f"true , // CSSPropertyID::CSSPropertyCustom")
@@ -2703,7 +2703,7 @@ def _generate_is_inherited_property(self, *, to):
         to.write_block("""
             bool CSSProperty::isInheritedProperty(CSSPropertyID id)
             {
-                ASSERT(id < firstCSSProperty + numCSSProperties);
+                ASSERT(id < cssPropertyIDEnumValueCount);
                 ASSERT(id != CSSPropertyID::CSSPropertyInvalid);
                 return isInheritedPropertyTable[id];
             }
@@ -3014,8 +3014,18 @@ def _generate_css_property_names_h_property_constants(self, *, to):
         to.write(f"}};")
         to.newline()
 
+        to.write(f"// Enum value of the first \"real\" CSS property, which excludes")
+        to.write(f"// CSSPropertyInvalid and CSSPropertyCustom.")
         to.write(f"constexpr uint16_t firstCSSProperty = {first};")
+
+        to.write(f"// Total number of enum values in the CSSPropertyID enum. If making an array")
+        to.write(f"// that can be indexed into using the enum value, use this as the size.")
+        to.write(f"constexpr uint16_t cssPropertyIDEnumValueCount = {count};")
+
+        to.write(f"// Number of \"real\" CSS properties. This differs from cssPropertyIDEnumValueCount,")
+        to.write(f"// as this doesn't consider CSSPropertyInvalid and CSSPropertyCustom.")
         to.write(f"constexpr uint16_t numCSSProperties = {num};")
+
         to.write(f"constexpr unsigned maxCSSPropertyNameLength = {max_length};")
         to.write(f"constexpr auto firstTopPriorityProperty = {first_top_priority_property.id};")
         to.write(f"constexpr auto lastTopPriorityProperty = {last_top_priority_property.id};")
diff --git a/Source/WebCore/rendering/style/WillChangeData.h b/Source/WebCore/rendering/style/WillChangeData.h
index 3b21fc5a77aa0..12fb1ad0da70f 100644
--- a/Source/WebCore/rendering/style/WillChangeData.h
+++ b/Source/WebCore/rendering/style/WillChangeData.h
@@ -77,7 +77,7 @@ class WillChangeData : public RefCounted<WillChangeData> {
 
     struct AnimatableFeature {
         static const int numCSSPropertyIDBits = 14;
-        static_assert(numCSSProperties < (1 << numCSSPropertyIDBits), "CSSPropertyID should fit in 14_bits");
+        static_assert(cssPropertyIDEnumValueCount <= (1 << numCSSPropertyIDBits), "CSSPropertyID should fit in 14 bits");
 
         Feature m_feature { Feature::Property };
         unsigned m_cssPropertyID : numCSSPropertyIDBits { CSSPropertyInvalid };
diff --git a/Source/WebCore/style/StyleBuilderState.h b/Source/WebCore/style/StyleBuilderState.h
index f6c4834f597b4..cdd4fdeb47068 100644
--- a/Source/WebCore/style/StyleBuilderState.h
+++ b/Source/WebCore/style/StyleBuilderState.h
@@ -161,8 +161,8 @@ class BuilderState {
     UncheckedKeyHashSet<AtomString> m_appliedCustomProperties;
     UncheckedKeyHashSet<AtomString> m_inProgressCustomProperties;
     UncheckedKeyHashSet<AtomString> m_inCycleCustomProperties;
-    WTF::BitSet<numCSSProperties> m_inProgressProperties;
-    WTF::BitSet<numCSSProperties> m_invalidAtComputedValueTimeProperties;
+    WTF::BitSet<cssPropertyIDEnumValueCount> m_inProgressProperties;
+    WTF::BitSet<cssPropertyIDEnumValueCount> m_invalidAtComputedValueTimeProperties;
 
     const PropertyCascade::Property* m_currentProperty { nullptr };
     SelectorChecker::LinkMatchMask m_linkMatch { };

From 0b476fcbb873dbc513bdc6ec486c0fc69097b1f4 Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Sat, 22 Feb 2025 17:04:57 -0800
Subject: [PATCH 077/174] [fullscreen] Use a single queue for event dispatching
 https://bugs.webkit.org/show_bug.cgi?id=288292 rdar://145372389

Reviewed by Alex Christensen.

https://fullscreen.spec.whatwg.org/#run-the-fullscreen-steps specifies a single queue should be used.

This slightly changes the order of change events relative to the error events.

Other stylistic changes:
- Merge some helper methods back into `dispatchPendingEvents`, since they're only used once after 289984@main.
- Rename variables to match spec terminology
- Simply check the event type instead of having a separate `shouldNotifyMediaElement` bool argument

* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/remove-last-expected.txt:
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::commonTeardown):
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::requestFullscreenForElement):
(WebCore::FullscreenManager::dispatchPendingEvents):
(WebCore::FullscreenManager::queueFullscreenChangeEventForDocument):
(WebCore::FullscreenManager::dispatchEventForNode): Deleted.
(WebCore::FullscreenManager::dispatchFullscreenChangeOrErrorEvent): Deleted.
(WebCore::FullscreenManager::emptyEventQueue): Deleted.
* Source/WebCore/dom/FullscreenManager.h:

Canonical link: https://commits.webkit.org/290898@main
---
 LayoutTests/TestExpectations                  |  2 -
 ...-not-allowed-cross-origin.sub-expected.txt |  2 -
 ...t-fullscreen-cross-origin.sub-expected.txt |  2 -
 .../fullscreen/model/remove-last-expected.txt |  4 +-
 Source/WebCore/dom/Document.cpp               |  2 +-
 Source/WebCore/dom/FullscreenManager.cpp      | 80 ++++++++-----------
 Source/WebCore/dom/FullscreenManager.h        | 13 ++-
 7 files changed, 39 insertions(+), 66 deletions(-)

diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations
index 274ffe8700063..85ab823dadca2 100644
--- a/LayoutTests/TestExpectations
+++ b/LayoutTests/TestExpectations
@@ -6317,9 +6317,7 @@ imported/w3c/web-platform-tests/fetch/sec-metadata/redirect/multiple-redirect-sa
 imported/w3c/web-platform-tests/fetch/sec-metadata/redirect/same-origin-redirect.tentative.https.sub.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/sec-metadata/track.tentative.https.sub.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/sec-metadata/window-open.tentative.https.sub.html [ Skip ]
-imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub.html [ Skip ]
 imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub.html [ Skip ]
-imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-timing.html [ Skip ]
 imported/w3c/web-platform-tests/geolocation/non-fully-active.https.html [ Skip ]
 webkit.org/b/274950 imported/w3c/web-platform-tests/geolocation/enabled-by-permission-policy-attribute.https.sub.html [ Slow Skip ]
 webkit.org/b/274950 imported/w3c/web-platform-tests/geolocation/disabled-by-permissions-policy.https.sub.html [ Slow Skip ]
diff --git a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub-expected.txt
index 69ea10f44def3..009a3baa37c3c 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-ready-check-not-allowed-cross-origin.sub-expected.txt
@@ -1,6 +1,4 @@
 
 
-Harness Error (FAIL), message = Timeout while running cleanup for test named "Cross-origin element ready check with no allowfullscreen or allow attribute".
-
 FAIL Cross-origin element ready check with no allowfullscreen or allow attribute assert_false: cross-origin-default frame entered fullscreen, but allowfullscreen was not set expected false got true
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub-expected.txt
index f8cf81d4a2f5a..3621b288e378a 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-cross-origin.sub-expected.txt
@@ -1,6 +1,4 @@
 
 
-Harness Error (FAIL), message = Timeout while running cleanup for test named "Element#requestFullscreen() works properly with a tree of cross-origin iframes".
-
 PASS Element#requestFullscreen() works properly with a tree of cross-origin iframes
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/remove-last-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/remove-last-expected.txt
index 0c357ae423270..c443f03b9fcf5 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/remove-last-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/fullscreen/model/remove-last-expected.txt
@@ -1,5 +1,3 @@
 
-FAIL Remove the last element on the fullscreen element stack assert_equals: expected Document node with 2 children but got Element node <div id="first">
-
-</div>
+PASS Remove the last element on the fullscreen element stack
 
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index 2b28063c7a5f9..b3859b03630d3 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -913,7 +913,7 @@ void Document::commonTeardown()
 
 #if ENABLE(FULLSCREEN_API)
     if (CheckedPtr fullscreenManager = m_fullscreenManager.get())
-        fullscreenManager->emptyEventQueue();
+        fullscreenManager->clearPendingEvents();
 #endif
 
     if (CheckedPtr svgExtensions = svgExtensionsIfExists())
diff --git a/Source/WebCore/dom/FullscreenManager.cpp b/Source/WebCore/dom/FullscreenManager.cpp
index 0a57c9ee2fdd0..5c3aabbe641fd 100644
--- a/Source/WebCore/dom/FullscreenManager.cpp
+++ b/Source/WebCore/dom/FullscreenManager.cpp
@@ -111,7 +111,7 @@ void FullscreenManager::requestFullscreenForElement(Ref<Element>&& element, Full
             return completionHandler(Exception { ExceptionCode::TypeError, message });
         ERROR_LOG(identifier, message);
         if (emitErrorEvent == EmitErrorEvent::Yes) {
-            m_fullscreenErrorEventTargetQueue.append(WTFMove(element));
+            m_pendingEvents.append(std::pair { EventType::Error, WTFMove(element) });
             protectedDocument()->scheduleRenderingUpdate(RenderingUpdateStep::Fullscreen);
         }
         completionHandler(Exception { ExceptionCode::TypeError, message });
@@ -619,55 +619,45 @@ void FullscreenManager::dispatchPendingEvents()
     // document will be detached and GC'd. We protect it here to make sure we
     // can finish the function successfully.
     Ref<Document> protectedDocument(document());
-    Deque<GCReachableRef<Node>> changeQueue;
-    m_fullscreenChangeEventTargetQueue.swap(changeQueue);
-    Deque<GCReachableRef<Node>> errorQueue;
-    m_fullscreenErrorEventTargetQueue.swap(errorQueue);
 
-    dispatchFullscreenChangeOrErrorEvent(changeQueue, EventType::Change, /* shouldNotifyMediaElement */ true);
-    dispatchFullscreenChangeOrErrorEvent(errorQueue, EventType::Error, /* shouldNotifyMediaElement */ false);
-}
+    // Steps 1-2:
+    auto pendingEvents = std::exchange(m_pendingEvents, { });
 
-void FullscreenManager::dispatchEventForNode(Node& node, EventType eventType)
-{
-    switch (eventType) {
-    case EventType::Change: {
-        node.dispatchEvent(Event::create(eventNames().fullscreenchangeEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
-        bool shouldEmitUnprefixed = !(node.hasEventListeners(eventNames().webkitfullscreenchangeEvent) && node.hasEventListeners(eventNames().fullscreenchangeEvent)) && !(node.document().hasEventListeners(eventNames().webkitfullscreenchangeEvent) && node.document().hasEventListeners(eventNames().fullscreenchangeEvent));
-        if (shouldEmitUnprefixed)
-            node.dispatchEvent(Event::create(eventNames().webkitfullscreenchangeEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
-        break;
-    }
-    case EventType::Error:
-        node.dispatchEvent(Event::create(eventNames().fullscreenerrorEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
-        node.dispatchEvent(Event::create(eventNames().webkitfullscreenerrorEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
-        break;
-    }
-}
-
-void FullscreenManager::dispatchFullscreenChangeOrErrorEvent(Deque<GCReachableRef<Node>>& queue, EventType eventType, bool shouldNotifyMediaElement)
-{
-    // Step 3 of https://fullscreen.spec.whatwg.org/#run-the-fullscreen-steps
-    while (!queue.isEmpty()) {
-        auto node = queue.takeFirst();
+    // Step 3:
+    while (!pendingEvents.isEmpty()) {
+        auto [eventType, element] = pendingEvents.takeFirst();
 
         // Gaining or losing fullscreen state may change viewport arguments
-        node->protectedDocument()->updateViewportArguments();
+        element->protectedDocument()->updateViewportArguments();
+        if (&element->document() != &document())
+            protectedDocument->updateViewportArguments();
 
 #if ENABLE(VIDEO)
-        if (shouldNotifyMediaElement) {
-            if (RefPtr mediaElement = dynamicDowncast<HTMLMediaElement>(node.get()))
+        if (eventType == EventType::Change) {
+            if (RefPtr mediaElement = dynamicDowncast<HTMLMediaElement>(element.get()))
                 mediaElement->enteredOrExitedFullscreen();
         }
-#else
-        UNUSED_PARAM(shouldNotifyMediaElement);
 #endif
-        // If the element was removed from our tree, also message the documentElement. Since we may
-        // have a document hierarchy, check that node isn't in another document.
-        if (!node->isConnected() || &node->document() != &document())
-            queue.append(document());
-        else
-            dispatchEventForNode(node.get(), eventType);
+        // Let target be element if element is connected and its node document is document, and otherwise let target be document.
+        Ref target = [&]() -> Node& {
+            if (element->isConnected() && &element->document() == &document())
+                return element;
+            return document();
+        }();
+
+        switch (eventType) {
+        case EventType::Change: {
+            target->dispatchEvent(Event::create(eventNames().fullscreenchangeEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
+            bool shouldEmitUnprefixed = !(target->hasEventListeners(eventNames().webkitfullscreenchangeEvent) && target->hasEventListeners(eventNames().fullscreenchangeEvent)) && !(target->document().hasEventListeners(eventNames().webkitfullscreenchangeEvent) && target->document().hasEventListeners(eventNames().fullscreenchangeEvent));
+            if (shouldEmitUnprefixed)
+                target->dispatchEvent(Event::create(eventNames().webkitfullscreenchangeEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
+            break;
+        }
+        case EventType::Error:
+            target->dispatchEvent(Event::create(eventNames().fullscreenerrorEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
+            target->dispatchEvent(Event::create(eventNames().webkitfullscreenerrorEvent, Event::CanBubble::Yes, Event::IsCancelable::No, Event::IsComposed::Yes));
+            break;
+        }
     }
 }
 
@@ -678,16 +668,10 @@ void FullscreenManager::queueFullscreenChangeEventForDocument(Document& document
         ASSERT_NOT_REACHED();
         return;
     }
-    document.fullscreenManager().addElementToChangeEventQueue(*target);
+    document.fullscreenManager().queueFullscreenChangeEventForElement(*target);
     document.scheduleRenderingUpdate(RenderingUpdateStep::Fullscreen);
 }
 
-void FullscreenManager::emptyEventQueue()
-{
-    m_fullscreenChangeEventTargetQueue.clear();
-    m_fullscreenErrorEventTargetQueue.clear();
-}
-
 // MARK: - Fullscreen animation pseudo-class.
 
 bool FullscreenManager::isAnimatingFullscreen() const
diff --git a/Source/WebCore/dom/FullscreenManager.h b/Source/WebCore/dom/FullscreenManager.h
index 8d2d2237fb30f..4fc171b0dc924 100644
--- a/Source/WebCore/dom/FullscreenManager.h
+++ b/Source/WebCore/dom/FullscreenManager.h
@@ -90,14 +90,10 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     WEBCORE_EXPORT bool isAnimatingFullscreen() const;
     WEBCORE_EXPORT void setAnimatingFullscreen(bool);
 
-    void emptyEventQueue();
-
 protected:
     friend class Document;
 
-    enum class EventType : bool { Change, Error };
-    void dispatchFullscreenChangeOrErrorEvent(Deque<GCReachableRef<Node>>&, EventType, bool shouldNotifyMediaElement);
-    void dispatchEventForNode(Node&, EventType);
+    void clearPendingEvents() { m_pendingEvents.clear(); }
 
 private:
 #if !RELEASE_LOG_DISABLED
@@ -111,13 +107,14 @@ class FullscreenManager final : public CanMakeWeakPtr<FullscreenManager>, public
     RefPtr<Document> protectedMainFrameDocument() { return mainFrameDocument(); }
 
     bool didEnterFullscreen();
+
+    enum class EventType : bool { Change, Error };
     static void queueFullscreenChangeEventForDocument(Document&);
-    void addElementToChangeEventQueue(Node& target) { m_fullscreenChangeEventTargetQueue.append(GCReachableRef(target)); }
+    void queueFullscreenChangeEventForElement(Element& target) { m_pendingEvents.append({ EventType::Change, GCReachableRef(target) }); }
 
     WeakRef<Document, WeakPtrImplWithEventTargetData> m_document;
 
-    Deque<GCReachableRef<Node>> m_fullscreenChangeEventTargetQueue;
-    Deque<GCReachableRef<Node>> m_fullscreenErrorEventTargetQueue;
+    Deque<std::pair<EventType, GCReachableRef<Element>>> m_pendingEvents;
 
     bool m_areKeysEnabledInFullscreen { false };
     bool m_isAnimatingFullscreen { false };

From 36514def01eb1550439a9edf6651654ca8967be6 Mon Sep 17 00:00:00 2001
From: Geoffrey Garen <ggaren@apple.com>
Date: Sat, 22 Feb 2025 17:39:02 -0800
Subject: [PATCH 078/174] Some RetainPtr cleanup [v2]
 https://bugs.webkit.org/show_bug.cgi?id=288291 rdar://145371975

Reviewed by Timothy Hatcher.

Fixed a series of bugs where is_convertible_v tests attempting to distinguish id
from CFTypeRef were incorrect because they were testing e.g. NSString == id
instead of NSString* == id.

Added a helper for IsNSType, to simplify is_convertible_v tests.

Tightened type requirements so that e.g. RetainPtr<NSString> is supported but
RetainPtr<NSString*> is not.

Renamed HelperPtrType to RetainPtrType and pulled it outside the class for
clarity. The old model of RetainPtr<NSString*>::HelperPtrType == NSString was a
bit mind-bending because
    * RetainPtr<NSString*> is malformed
    * NSString is not a pointer type

Added #defines for CF_RETURNS_RETAINED and NS_RETURNS_RETAINED, to
reduce #ifdefs inside the class.

Removed support for ObjC GC because it's the year 2025 and the future is now.

* Source/WTF/wtf/RetainPtr.h:
(WTF::RetainPtr::fromStorageTypeHelper):
(WTF::RetainPtr<T>::autorelease):
(WTF::RetainPtr<T>::bridgingAutorelease):
(WTF::adoptCF):
(WTF::adoptNS):
(WTF::retainPtr):

Canonical link: https://commits.webkit.org/290899@main
---
 Source/WTF/wtf/RetainPtr.h | 72 +++++++++++++++++---------------------
 1 file changed, 32 insertions(+), 40 deletions(-)

diff --git a/Source/WTF/wtf/RetainPtr.h b/Source/WTF/wtf/RetainPtr.h
index e124e142d9f5a..96333b2875ef0 100644
--- a/Source/WTF/wtf/RetainPtr.h
+++ b/Source/WTF/wtf/RetainPtr.h
@@ -45,10 +45,18 @@
 #define CF_RELEASES_ARGUMENT
 #endif
 
+#ifndef CF_RETURNS_RETAINED
+#define CF_RETURNS_RETAINED
+#endif
+
 #ifndef NS_RELEASES_ARGUMENT
 #define NS_RELEASES_ARGUMENT
 #endif
 
+#ifndef NS_RETURNS_RETAINED
+#define NS_RETURNS_RETAINED
+#endif
+
 #ifndef __OBJC__
 typedef struct objc_object *id;
 #endif
@@ -62,15 +70,17 @@ typedef struct objc_object *id;
 
 namespace WTF {
 
-// Unlike most most of our smart pointers, RetainPtr can take either the pointer type or the pointed-to type,
-// so both RetainPtr<NSDictionary> and RetainPtr<CFDictionaryRef> will work.
+// RetainPtr can point to NS or CF objects, e.g. RetainPtr<NSDictionary> or RetainPtr<CFDictionaryRef>.
 
 template<typename T> class RetainPtr;
 
+template<typename T> constexpr bool IsNSType = std::is_convertible_v<T, id>;
+template<typename T> using RetainPtrType = std::conditional_t<IsNSType<T>, std::remove_pointer_t<T>, T>;
+
 template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 #ifdef __OBJC__
-template<typename T> RetainPtr<typename RetainPtr<T>::HelperPtrType> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 #endif
 
 template<typename T> class RetainPtr {
@@ -78,12 +88,6 @@ template<typename T> class RetainPtr {
     using ValueType = std::remove_pointer_t<T>;
     using PtrType = ValueType*;
 
-#ifdef __OBJC__
-    using HelperPtrType = typename std::conditional_t<std::is_convertible_v<T, id> && !std::is_same_v<T, id>, std::remove_pointer_t<T>, T>;
-#else
-    using HelperPtrType = PtrType;
-#endif
-
     RetainPtr() = default;
     RetainPtr(PtrType);
 
@@ -101,23 +105,13 @@ template<typename T> class RetainPtr {
 
     void clear();
 
-#ifdef __OBJC__
-    template<typename U = T>
-    std::enable_if_t<std::is_convertible_v<U, id>, PtrType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        static_assert(std::is_same_v<T, U>, "explicit specialization not allowed");
+    template<typename U = PtrType>
+    std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
         return fromStorageType(std::exchange(m_ptr, nullptr));
     }
-#else
-    template<typename U = T>
-    std::enable_if_t<std::is_same_v<U, id>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        static_assert(std::is_same_v<T, U>, "explicit specialization not allowed");
-        return fromStorageType(std::exchange(m_ptr, nullptr));
-    }
-#endif
 
-    template<typename U = T>
-    std::enable_if_t<!std::is_convertible_v<U, id>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        static_assert(std::is_same_v<T, U>, "explicit specialization not allowed");
+    template<typename U = PtrType>
+    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
         return fromStorageType(std::exchange(m_ptr, nullptr));
     }
 
@@ -149,7 +143,7 @@ template<typename T> class RetainPtr {
     template<typename U> friend constexpr RetainPtr<U> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 #ifdef __OBJC__
-    template<typename U> friend RetainPtr<typename RetainPtr<U>::HelperPtrType> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+    template<typename U> friend RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 #endif
 
 private:
@@ -158,14 +152,17 @@ template<typename T> class RetainPtr {
 
     static constexpr PtrType checkType(PtrType ptr) { return ptr; }
 
+    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_registerTaggedPointerClass.
     static constexpr PtrType hashTableDeletedValue() { return fromStorageType(reinterpret_cast<CFTypeRef>(-1)); }
 
 #ifdef __OBJC__
-    template<typename U> static constexpr std::enable_if_t<std::is_convertible_v<U, id>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
     {
         return (__bridge PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
     }
-    template<typename U> static constexpr std::enable_if_t<!std::is_convertible_v<U, id>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
     {
         return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
     }
@@ -183,10 +180,10 @@ template<typename T> class RetainPtr {
     CFTypeRef m_ptr { nullptr };
 };
 
-template<typename T> RetainPtr(T) -> RetainPtr<std::remove_pointer_t<T>>;
+template<typename T> RetainPtr(T) -> RetainPtr<RetainPtrType<T>>;
 
 // Helper function for creating a RetainPtr using template argument deduction.
-template<typename T> RetainPtr<typename RetainPtr<T>::HelperPtrType> retainPtr(T) WARN_UNUSED_RETURN;
+template<typename T> RetainPtr<RetainPtrType<T>> retainPtr(T) WARN_UNUSED_RETURN;
 
 template<typename T> inline RetainPtr<T>::~RetainPtr()
 {
@@ -221,7 +218,7 @@ template<typename T> inline void RetainPtr<T>::clear()
 template<typename T> inline auto RetainPtr<T>::autorelease() -> PtrType
 {
 #ifdef __OBJC__
-    if constexpr (std::is_convertible_v<PtrType, id>)
+    if constexpr (IsNSType<PtrType>)
         return CFBridgingRelease(std::exchange(m_ptr, nullptr));
 #endif
     if (m_ptr)
@@ -235,7 +232,7 @@ template<typename T> inline auto RetainPtr<T>::autorelease() -> PtrType
 // FIXME: It would be better if we could base the return type on the type that is toll-free bridged with T rather than using id.
 template<typename T> inline id RetainPtr<T>::bridgingAutorelease()
 {
-    static_assert(!std::is_convertible_v<PtrType, id>, "Don't use bridgingAutorelease for Objective-C pointer types.");
+    static_assert(!IsNSType<PtrType>, "Don't use bridgingAutorelease for Objective-C pointer types.");
     return CFBridgingRelease(leakRef());
 }
 
@@ -311,29 +308,24 @@ template<typename T, typename U> constexpr bool operator==(T* a, const RetainPtr
 template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT ptr)
 {
 #ifdef __OBJC__
-    static_assert(!std::is_convertible_v<T, id>, "Don't use adoptCF with Objective-C pointer types, use adoptNS.");
+    static_assert(!IsNSType<T>, "Don't use adoptCF with Objective-C pointer types, use adoptNS.");
 #endif
     return RetainPtr<T>(ptr, RetainPtr<T>::Adopt);
 }
 
 #ifdef __OBJC__
-template<typename T> inline RetainPtr<typename RetainPtr<T>::HelperPtrType> adoptNS(T NS_RELEASES_ARGUMENT ptr)
+template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
 {
-    static_assert(std::is_convertible_v<T, id>, "Don't use adoptNS with Core Foundation pointer types, use adoptCF.");
+    static_assert(IsNSType<T>, "Don't use adoptNS with Core Foundation pointer types, use adoptCF.");
 #if __has_feature(objc_arc)
     return ptr;
-#elif defined(OBJC_NO_GC)
-    using ReturnType = RetainPtr<typename RetainPtr<T>::HelperPtrType>;
-    return ReturnType { ptr, ReturnType::Adopt };
 #else
-    RetainPtr<typename RetainPtr<T>::HelperPtrType> result = ptr;
-    [ptr release];
-    return result;
+    return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
 #endif
 }
 #endif
 
-template<typename T> inline RetainPtr<typename RetainPtr<T>::HelperPtrType> retainPtr(T ptr)
+template<typename T> inline RetainPtr<RetainPtrType<T>> retainPtr(T ptr)
 {
     return ptr;
 }

From ed0f5af4757894f976e19c3afa63d7542dee9817 Mon Sep 17 00:00:00 2001
From: Alan Baradlay <zalan@apple.com>
Date: Sat, 22 Feb 2025 19:48:31 -0800
Subject: [PATCH 079/174] [Cleanup] Remove RenderListItem::layout
 https://bugs.webkit.org/show_bug.cgi?id=288288

Reviewed by Antti Koivisto.

1. Remove layout function. All it does is call base class layout.
2. Do not check map unless style diff is layout (style diffing already checks the map).

* Source/WebCore/rendering/RenderListItem.cpp:
(WebCore::RenderListItem::styleDidChange):
(WebCore::RenderListItem::layout): Deleted.
* Source/WebCore/rendering/RenderListItem.h:

Canonical link: https://commits.webkit.org/290900@main
---
 Source/WebCore/rendering/RenderListItem.cpp | 14 ++------------
 Source/WebCore/rendering/RenderListItem.h   |  1 -
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/Source/WebCore/rendering/RenderListItem.cpp b/Source/WebCore/rendering/RenderListItem.cpp
index 7afd754665c65..a37cb7dbabe54 100644
--- a/Source/WebCore/rendering/RenderListItem.cpp
+++ b/Source/WebCore/rendering/RenderListItem.cpp
@@ -263,18 +263,8 @@ void RenderListItem::styleDidChange(StyleDifference diff, const RenderStyle* old
 {
     RenderBlockFlow::styleDidChange(diff, oldStyle);
 
-    if (!oldStyle || oldStyle->counterDirectives().map.get("list-item"_s) == style().counterDirectives().map.get("list-item"_s))
-        return;
-
-    counterDirectivesChanged();
-}
-
-void RenderListItem::layout()
-{
-    StackStats::LayoutCheckPoint layoutCheckPoint;
-    ASSERT(needsLayout());
-
-    RenderBlockFlow::layout();
+    if (diff == StyleDifference::Layout && oldStyle && oldStyle->counterDirectives().map.get("list-item"_s) != style().counterDirectives().map.get("list-item"_s))
+        counterDirectivesChanged();
 }
 
 void RenderListItem::computePreferredLogicalWidths()
diff --git a/Source/WebCore/rendering/RenderListItem.h b/Source/WebCore/rendering/RenderListItem.h
index 7d37f04e553c8..be9815fa4f7f6 100644
--- a/Source/WebCore/rendering/RenderListItem.h
+++ b/Source/WebCore/rendering/RenderListItem.h
@@ -62,7 +62,6 @@ class RenderListItem final : public RenderBlockFlow {
     void paint(PaintInfo&, const LayoutPoint&) final;
 
     void styleDidChange(StyleDifference, const RenderStyle* oldStyle) final;
-    void layout() final;
 
     void computePreferredLogicalWidths() final;
 

From 9035c8b753bb153097bdf8cd05277a97e5f313a0 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 20:26:04 -0800
Subject: [PATCH 080/174] Address safer cpp failures in
 RemoteMediaEngineConfigurationFactory.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288294

Reviewed by Charlie Wolfe.

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp:
(WebKit::RemoteMediaEngineConfigurationFactory::createDecodingConfiguration):
(WebKit::RemoteMediaEngineConfigurationFactory::createEncodingConfiguration):

Canonical link: https://commits.webkit.org/290901@main
---
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations | 1 -
 .../GPU/media/RemoteMediaEngineConfigurationFactory.cpp       | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 7d02df52db488..a2fcd8d91a87e 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -267,7 +267,6 @@ WebProcess/GPU/media/RemoteImageDecoderAVFManager.cpp
 WebProcess/GPU/media/RemoteLegacyCDM.cpp
 WebProcess/GPU/media/RemoteLegacyCDMFactory.cpp
 WebProcess/GPU/media/RemoteLegacyCDMSession.cpp
-WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp
 WebProcess/GPU/media/RemoteMediaPlayerMIMETypeCache.cpp
 WebProcess/GPU/media/RemoteMediaPlayerManager.cpp
 WebProcess/GPU/media/RemoteRemoteCommandListener.cpp
diff --git a/Source/WebKit/WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp b/Source/WebKit/WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp
index 370ed8c25ac76..d00d27039044c 100644
--- a/Source/WebKit/WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp
+++ b/Source/WebKit/WebProcess/GPU/media/RemoteMediaEngineConfigurationFactory.cpp
@@ -94,7 +94,7 @@ void RemoteMediaEngineConfigurationFactory::createDecodingConfiguration(MediaDec
     if (!m_webProcess->mediaPlaybackEnabled())
         return callback({ });
 
-    gpuProcessConnection().connection().sendWithAsyncReply(Messages::RemoteMediaEngineConfigurationFactoryProxy::CreateDecodingConfiguration(WTFMove(configuration)), [callback = WTFMove(callback)] (MediaCapabilitiesDecodingInfo&& info) mutable {
+    gpuProcessConnection().protectedConnection()->sendWithAsyncReply(Messages::RemoteMediaEngineConfigurationFactoryProxy::CreateDecodingConfiguration(WTFMove(configuration)), [callback = WTFMove(callback)] (MediaCapabilitiesDecodingInfo&& info) mutable {
         callback(WTFMove(info));
     });
 }
@@ -104,7 +104,7 @@ void RemoteMediaEngineConfigurationFactory::createEncodingConfiguration(MediaEnc
     if (!m_webProcess->mediaPlaybackEnabled())
         return callback({ });
 
-    gpuProcessConnection().connection().sendWithAsyncReply(Messages::RemoteMediaEngineConfigurationFactoryProxy::CreateEncodingConfiguration(WTFMove(configuration)), [callback = WTFMove(callback)] (MediaCapabilitiesEncodingInfo&& info) mutable {
+    gpuProcessConnection().protectedConnection()->sendWithAsyncReply(Messages::RemoteMediaEngineConfigurationFactoryProxy::CreateEncodingConfiguration(WTFMove(configuration)), [callback = WTFMove(callback)] (MediaCapabilitiesEncodingInfo&& info) mutable {
         callback(WTFMove(info));
     });
 }

From b836cc672c50eb995d6ac6413adbb45a3316c0eb Mon Sep 17 00:00:00 2001
From: David Kilzer <ddkilzer@apple.com>
Date: Sat, 22 Feb 2025 21:16:25 -0800
Subject: [PATCH 081/174] [bmalloc] Remove workaround for ASan false positive
 stack-buffer-underflow in pas_large_free_create_merged()
 <https://bugs.webkit.org/show_bug.cgi?id=288303> <rdar://145391616>

Reviewed by Yusuke Suzuki.

Remove workaround since WebKit no longer builds with Xcode 13 on
macOS 12 Monterey.

* Configurations/Sanitizers.xcconfig:
(WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES):
(WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND_FOR_bmalloc_YES): Delete.
(WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_0800): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_0900): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1000): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1100): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1200): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1300): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1300_1300): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1300_1310): Delete.
(WK_XCODE_VERSION_BEFORE_13_3_1300_1320): Delete.
(WK_XCODE_VERSION_AFTER_13_3_1400): Delete.
(WK_XCODE_VERSION_AFTER_13_3_1500): Delete.
(WK_XCODE_VERSION_AFTER_13_3_1600): Delete.
(WK_XCODE_VERSION_AFTER_13_3_1700): Delete.
* Source/bmalloc/libpas/src/libpas/pas_large_free_inlines.h:
(pas_large_free_create_merged):

Canonical link: https://commits.webkit.org/290902@main
---
 Configurations/Sanitizers.xcconfig            | 21 +------------------
 .../src/libpas/pas_large_free_inlines.h       |  6 +-----
 2 files changed, 2 insertions(+), 25 deletions(-)

diff --git a/Configurations/Sanitizers.xcconfig b/Configurations/Sanitizers.xcconfig
index 99a36315996f9..25be668577000 100644
--- a/Configurations/Sanitizers.xcconfig
+++ b/Configurations/Sanitizers.xcconfig
@@ -64,30 +64,11 @@ WK_ANY_SANITIZER_LDFLAGS_YES = -Wl,-rpath,@executable_path/Frameworks;
 // Address Sanitizer
 
 // Add -fsanitize-address-use-after-return=never to disable ASan's "fake stack" to fix JSC garbage collection.
-WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES = -fsanitize-address-use-after-return=never $(WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND_FOR_$(PRODUCT_NAME)_$(WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND));
+WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES = -fsanitize-address-use-after-return=never;
 WK_ADDRESS_SANITIZER_OTHER_LDFLAGS_YES = -fsanitize-address-use-after-return=never;
 
 WK_ADDRESS_SANITIZER_OTHER_CPLUSPLUSFLAGS_YES = -U_LIBCPP_HAS_NO_ASAN;
 
-// Workaround ASan false positive in certain Xcode versions: <https://bugs.webkit.org/show_bug.cgi?id=236001>.
-WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND_FOR_bmalloc_YES = -DWK_WORKAROUND_RDAR_87613908_ASAN_STACK_USE_AFTER_SCOPE;
-
-WK_NEEDS_ASAN_USE_AFTER_SCOPE_WORKAROUND = $(WK_NOT_$(WK_OR_$(WK_XCODE_VERSION_BEFORE_13_3_$(XCODE_VERSION_MAJOR))_$(WK_XCODE_VERSION_AFTER_13_3_$(XCODE_VERSION_MAJOR))));
-
-WK_XCODE_VERSION_BEFORE_13_3_0800 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_0900 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1000 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1100 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1200 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1300 = $(WK_XCODE_VERSION_BEFORE_13_3_1300_$(XCODE_VERSION_MINOR));
-WK_XCODE_VERSION_BEFORE_13_3_1300_1300 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1300_1310 = YES;
-WK_XCODE_VERSION_BEFORE_13_3_1300_1320 = YES;
-WK_XCODE_VERSION_AFTER_13_3_1400 = YES;
-WK_XCODE_VERSION_AFTER_13_3_1500 = YES;
-WK_XCODE_VERSION_AFTER_13_3_1600 = YES;
-WK_XCODE_VERSION_AFTER_13_3_1700 = YES;
-
 // Undefined Behavior Sanitizer
 
 // FIXME: <rdar://105760852> Tune list of Undefined Behavior (UBSan) checkers
diff --git a/Source/bmalloc/libpas/src/libpas/pas_large_free_inlines.h b/Source/bmalloc/libpas/src/libpas/pas_large_free_inlines.h
index 72c4e78b53a33..cf10d88999695 100644
--- a/Source/bmalloc/libpas/src/libpas/pas_large_free_inlines.h
+++ b/Source/bmalloc/libpas/src/libpas/pas_large_free_inlines.h
@@ -33,11 +33,7 @@
 
 PAS_BEGIN_EXTERN_C;
 
-static
-#ifndef WK_WORKAROUND_RDAR_87613908_ASAN_STACK_USE_AFTER_SCOPE
-PAS_ALWAYS_INLINE
-#endif
-pas_large_free
+static PAS_ALWAYS_INLINE pas_large_free
 pas_large_free_create_merged(pas_large_free left,
                              pas_large_free right,
                              pas_large_free_heap_config* config)

From 0dc82e8cdc0995ab208f7cd970a9328fd39c0594 Mon Sep 17 00:00:00 2001
From: Tyler Wilcock <tyler_w@apple.com>
Date: Sat, 22 Feb 2025 21:25:14 -0800
Subject: [PATCH 082/174] AX: AccessibilityRenderObject::addChildren()
 sometimes does not null-check the AXObjectCache before using it, causing
 crashes https://bugs.webkit.org/show_bug.cgi?id=288238 rdar://145319178

Reviewed by Chris Fleizach.

I see some rare crashes in accessibility/add-children-pseudo-element.html and other tests because we aren't null-checking
the cache before using it. This commit adds the appropriate checks.

* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::addChildren):

Canonical link: https://commits.webkit.org/290903@main
---
 Source/WebCore/accessibility/AccessibilityRenderObject.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
index 0e45fa2860212..ebc05f46e3145 100644
--- a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
+++ b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
@@ -2574,12 +2574,12 @@ void AccessibilityRenderObject::addChildren()
     // being part of the accessibility tree.
     RefPtr node = dynamicDowncast<ContainerNode>(this->node());
     auto* element = dynamicDowncast<Element>(node.get());
-    CheckedPtr cache = axObjectCache();
+    WeakPtr cache = axObjectCache();
 
     // ::before and ::after pseudos should be the first and last children of the element
     // that generates them (rather than being siblings to the generating element).
     if (RefPtr beforePseudo = element ? element->beforePseudoElement() : nullptr) {
-        if (RefPtr pseudoObject = cache->getOrCreate(*beforePseudo))
+        if (RefPtr pseudoObject = cache ? cache->getOrCreate(*beforePseudo) : nullptr)
             addChildIfNeeded(*pseudoObject);
     }
 
@@ -2600,7 +2600,7 @@ void AccessibilityRenderObject::addChildren()
     }
 
     if (RefPtr afterPseudo = element ? element->afterPseudoElement() : nullptr) {
-        if (RefPtr pseudoObject = cache->getOrCreate(*afterPseudo))
+        if (RefPtr pseudoObject = cache ? cache->getOrCreate(*afterPseudo) : nullptr)
             addChildIfNeeded(*pseudoObject);
     }
 #else

From 56d65459b823771b022695053f05ce1bfb7b286d Mon Sep 17 00:00:00 2001
From: Tyler Wilcock <tyler_w@apple.com>
Date: Sat, 22 Feb 2025 21:29:02 -0800
Subject: [PATCH 083/174] AX: Stop calling updateBackingStore() in
 AXIsolatedObject::children() for performance reasons
 https://bugs.webkit.org/show_bug.cgi?id=287862 rdar://145062082

Reviewed by Chris Fleizach.

AXIsolatedObject::updateBackingStore() calls AXIsolatedTree::applyPendingChanges(), which takes a lock. This is not
ideal to use in a function that is as hot as AXIsolatedObject::children(). Calling updateBackingStore() also requires
a strong-ref and strong-deref to |this| in the function, since updateBackingStore() can delete |this|. These refs
and derefs, and updateBackingStore show up in samples taken on a popular video website.

With this commit, we remove the call to updateBackingStore in AXIsolatedObject::children. We really should only need
to call updateBackingStore once for every attribute request, and should do so right at the beginning of the attribute
request in the wrapper. This may also be a bit more logical, ensuring each attribute request is served from the same
snapshot of the tree.

This patch also features several unrelated performance improvements:
  - Remove updateChildrenIfNecessary from AXIsolatedObject. It's a
    no-op, but we still incur the cost of a virtual function call in our
    hottest codepaths (e.g. nextInPreOrder).
  - Remove unnecessary ref-churn, e.g. creating a Ref just to call Vector::find.
  - Inline isValid() and isInTextRun() in AXTextMarker::findMarker, our
    hottest text marker function.
  - Reduce unnecessary calls to AXTextMarker::runs().

All of these things showed up significantly in samples.

* Source/WebCore/accessibility/AXCoreObject.cpp:
(WebCore::AXCoreObject::nextInPreOrder):
(WebCore::AXCoreObject::previousInPreOrder):
(WebCore::AXCoreObject::nextSiblingIncludingIgnored const):
(WebCore::AXCoreObject::previousSiblingIncludingIgnored):
(WebCore::AXCoreObject::nextUnignoredSibling const):
* Source/WebCore/accessibility/AXCoreObject.h:
* Source/WebCore/accessibility/AXSearchManager.cpp:
(WebCore::appendAccessibilityObject):
(WebCore::appendChildrenToArray):
* Source/WebCore/accessibility/AXTextMarker.cpp:
(WebCore::AXTextMarker::findMarker const):
* Source/WebCore/accessibility/AccessibilityObject.h:
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::addNodeOnlyChildren):
* Source/WebCore/accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::removeChildScrollbar):
* Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp:
(WebCore::AXIsolatedObject::children):
(WebCore::AXIsolatedObject::updateChildrenIfNecessary): Deleted.
* Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h:
* Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper _accessibilityHitTest:returnPlatformElements:]):

Canonical link: https://commits.webkit.org/290904@main
---
 Source/WebCore/accessibility/AXCoreObject.cpp | 18 ++++++------
 Source/WebCore/accessibility/AXCoreObject.h   |  1 -
 .../WebCore/accessibility/AXSearchManager.cpp |  9 ++++--
 Source/WebCore/accessibility/AXTextMarker.cpp | 22 +++++++++------
 .../accessibility/AccessibilityObject.h       |  2 +-
 .../AccessibilityRenderObject.cpp             |  8 ++++--
 .../accessibility/AccessibilityScrollView.cpp |  4 ++-
 .../AccessibilityObjectComponentAtspi.cpp     |  3 +-
 .../isolatedtree/AXIsolatedObject.cpp         | 28 +++++--------------
 .../isolatedtree/AXIsolatedObject.h           |  1 -
 .../mac/WebAccessibilityObjectWrapperMac.mm   |  3 +-
 11 files changed, 50 insertions(+), 49 deletions(-)

diff --git a/Source/WebCore/accessibility/AXCoreObject.cpp b/Source/WebCore/accessibility/AXCoreObject.cpp
index a55168098e094..c3e7d04fa66b5 100644
--- a/Source/WebCore/accessibility/AXCoreObject.cpp
+++ b/Source/WebCore/accessibility/AXCoreObject.cpp
@@ -271,9 +271,6 @@ AXCoreObject* AXCoreObject::firstUnignoredChild()
 
 AXCoreObject* AXCoreObject::nextInPreOrder(bool updateChildrenIfNeeded, AXCoreObject* stayWithin)
 {
-    if (updateChildrenIfNeeded)
-        updateChildrenIfNecessary();
-
     const auto& children = childrenIncludingIgnored(updateChildrenIfNeeded);
     if (!children.isEmpty()) {
         auto role = roleValue();
@@ -299,9 +296,6 @@ AXCoreObject* AXCoreObject::nextInPreOrder(bool updateChildrenIfNeeded, AXCoreOb
 
 AXCoreObject* AXCoreObject::previousInPreOrder(bool updateChildrenIfNeeded, AXCoreObject* stayWithin)
 {
-    if (updateChildrenIfNeeded)
-        updateChildrenIfNecessary();
-
     if (stayWithin == this)
         return nullptr;
 
@@ -337,7 +331,9 @@ AXCoreObject* AXCoreObject::nextSiblingIncludingIgnored(bool updateChildrenIfNee
         return nullptr;
 
     const auto& siblings = parent->childrenIncludingIgnored(updateChildrenIfNeeded);
-    size_t indexOfThis = siblings.find(Ref { *this });
+    size_t indexOfThis = siblings.findIf([this] (const Ref<AXCoreObject>& object) {
+        return object.ptr() == this;
+    });
     if (indexOfThis == notFound)
         return nullptr;
 
@@ -351,7 +347,9 @@ AXCoreObject* AXCoreObject::previousSiblingIncludingIgnored(bool updateChildrenI
         return nullptr;
 
     const auto& siblings = parent->childrenIncludingIgnored(updateChildrenIfNeeded);
-    size_t indexOfThis = siblings.find(Ref { *this });
+    size_t indexOfThis = siblings.findIf([this] (const Ref<AXCoreObject>& object) {
+        return object.ptr() == this;
+    });
     if (indexOfThis == notFound)
         return nullptr;
 
@@ -368,7 +366,9 @@ AXCoreObject* AXCoreObject::nextUnignoredSibling(bool updateChildrenIfNeeded, AX
     if (!parent)
         return nullptr;
     const auto& siblings = parent->unignoredChildren(updateChildrenIfNeeded);
-    size_t indexOfThis = siblings.find(Ref { *this });
+    size_t indexOfThis = siblings.findIf([this] (const Ref<AXCoreObject>& object) {
+        return object.ptr() == this;
+    });
     if (indexOfThis == notFound)
         return nullptr;
 
diff --git a/Source/WebCore/accessibility/AXCoreObject.h b/Source/WebCore/accessibility/AXCoreObject.h
index f43a8cfa68a21..55378243c0364 100644
--- a/Source/WebCore/accessibility/AXCoreObject.h
+++ b/Source/WebCore/accessibility/AXCoreObject.h
@@ -1282,7 +1282,6 @@ class AXCoreObject : public ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr<AXCo
     // is the default, we should rename this function to childrenIDsIncludingIgnored, as that is what all
     // callers will expect at the time this comment was written.
     Vector<AXID> childrenIDs(bool updateChildrenIfNeeded = true);
-    virtual void updateChildrenIfNecessary() = 0;
     AXCoreObject* nextInPreOrder(bool updateChildrenIfNeeded = true, AXCoreObject* stayWithin = nullptr);
     AXCoreObject* nextSiblingIncludingIgnored(bool updateChildrenIfNeeded) const;
     AXCoreObject* nextUnignoredSibling(bool updateChildrenIfNeeded, AXCoreObject* unignoredParent = nullptr) const;
diff --git a/Source/WebCore/accessibility/AXSearchManager.cpp b/Source/WebCore/accessibility/AXSearchManager.cpp
index 2725fafa39b27..653f8f922991f 100644
--- a/Source/WebCore/accessibility/AXSearchManager.cpp
+++ b/Source/WebCore/accessibility/AXSearchManager.cpp
@@ -198,7 +198,7 @@ bool AXSearchManager::matchWithResultsLimit(Ref<AXCoreObject> object, const Acce
 static void appendAccessibilityObject(Ref<AXCoreObject> object, AccessibilityObject::AccessibilityChildrenVector& results)
 {
     if (LIKELY(!object->isAttachment()))
-        results.append(object);
+        results.append(WTFMove(object));
     else {
         // Find the next descendant of this attachment object so search can continue through frames.
         Widget* widget = object->widgetForAttachmentView();
@@ -250,7 +250,12 @@ static void appendChildrenToArray(Ref<AXCoreObject> object, bool isForward, RefP
         startObject = newStartObject;
     }
 
-    size_t searchPosition = startObject ? searchChildren.find(Ref { *startObject }) : notFound;
+    size_t searchPosition = notFound;
+    if (startObject) {
+        searchPosition = searchChildren.findIf([&] (const Ref<AXCoreObject>& object) {
+            return startObject == object.ptr();
+        });
+    }
 
     if (searchPosition != notFound) {
         if (isForward)
diff --git a/Source/WebCore/accessibility/AXTextMarker.cpp b/Source/WebCore/accessibility/AXTextMarker.cpp
index 939e605b9f030..c1c93a82bbe4b 100644
--- a/Source/WebCore/accessibility/AXTextMarker.cpp
+++ b/Source/WebCore/accessibility/AXTextMarker.cpp
@@ -967,30 +967,35 @@ AXTextMarker AXTextMarker::findMarker(AXDirection direction, CoalesceObjectBreak
     // - ignoreBRs: In most cases, we want to skip <br> tags when not in an editable context. This is not true,
     //   for example, when computing text marker indexes.
 
-    if (!isValid())
+    RefPtr object = isolatedObject();
+    if (!object) {
+        // Equivalent to checking AXTextMarker::isValid, but "inlined" because this function is super hot.
         return { };
-    if (!isInTextRun())
+    }
+    const auto* runs = object->textRuns();
+    if (!runs || !runs->size()) {
+        // Equivalent to checking AXTextMarker::isInTextRun, but "inlined" because this function is super hot.
         return toTextRunMarker().findMarker(direction, coalesceObjectBreaks, ignoreBRs, stopAtID);
-
-    RefPtr object = isolatedObject();
+    }
 
     // If the BR isn't in an editable ancestor, we shouldn't be including it (in most cases of findMarker).
     bool shouldSkipBR = ignoreBRs == IgnoreBRs::Yes && object && object->roleValue() == AccessibilityRole::LineBreak && !object->editableAncestor();
-    bool isWithinRunBounds = ((direction == AXDirection::Next && offset() < runs()->totalLength()) || (direction == AXDirection::Previous && offset()));
+    bool isWithinRunBounds = ((direction == AXDirection::Next && offset() < runs->totalLength()) || (direction == AXDirection::Previous && offset()));
     if (!shouldSkipBR && isWithinRunBounds) {
-        if (runs()->containsOnlyASCII) {
+        if (runs->containsOnlyASCII) {
             // In the common case where the text-runs only contain ASCII, all we need to do is the move the offset by 1,
             // which is more efficient than turning the runs into a string and creating a CachedTextBreakIterator.
             return AXTextMarker { treeID(), objectID(), direction == AXDirection::Next ? offset() + 1 : offset() - 1 };
         }
 
-        CachedTextBreakIterator iterator(runs()->toString(), { }, TextBreakIterator::CaretMode { }, nullAtom());
+        CachedTextBreakIterator iterator(runs->toString(), { }, TextBreakIterator::CaretMode { }, nullAtom());
         unsigned newOffset = direction == AXDirection::Next ? iterator.following(offset()).value_or(offset() + 1) : iterator.preceding(offset()).value_or(offset() - 1);
         return AXTextMarker { treeID(), objectID(), newOffset };
     }
 
     // offset() pointed to the last character in the given object's runs, so let's traverse to find the next object with runs.
-    if (RefPtr object = findObjectWithRuns(*isolatedObject(), direction, stopAtID)) {
+    object = findObjectWithRuns(*object, direction, stopAtID);
+    if (object) {
         RELEASE_ASSERT(direction == AXDirection::Next ? object->textRuns()->runLength(0) : object->textRuns()->lastRunLength());
 
         // The startingOffset is used to advance one position farther when we are coalescing object breaks and skipping positions.
@@ -1000,7 +1005,6 @@ AXTextMarker AXTextMarker::findMarker(AXDirection direction, CoalesceObjectBreak
 
         return AXTextMarker { *object, direction == AXDirection::Next ? startingOffset : object->textRuns()->lastRunLength() - startingOffset };
     }
-
     return { };
 }
 
diff --git a/Source/WebCore/accessibility/AccessibilityObject.h b/Source/WebCore/accessibility/AccessibilityObject.h
index e4cde25203302..46b1c36518737 100644
--- a/Source/WebCore/accessibility/AccessibilityObject.h
+++ b/Source/WebCore/accessibility/AccessibilityObject.h
@@ -542,7 +542,7 @@ class AccessibilityObject : public AXCoreObject, public CanMakeWeakPtr<Accessibi
             addChild(*object, descend);
     }
     virtual bool canHaveChildren() const { return true; }
-    void updateChildrenIfNecessary() override;
+    virtual void updateChildrenIfNecessary();
     virtual void setNeedsToUpdateChildren() { }
     virtual void setNeedsToUpdateSubtree() { }
     virtual void clearChildren();
diff --git a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
index ebc05f46e3145..62e414e773353 100644
--- a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
+++ b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
@@ -2450,8 +2450,12 @@ void AccessibilityRenderObject::addNodeOnlyChildren()
                     childObject = nullptr;
             }
 
-            if (childObject)
-                insertionIndex = m_children.find(Ref { *childObject }) + 1;
+            if (childObject) {
+                insertionIndex = m_children.findIf([&childObject] (const Ref<AXCoreObject>& child) {
+                    return child.ptr() == childObject;
+                });
+                ++insertionIndex;
+            }
             continue;
         }
 
diff --git a/Source/WebCore/accessibility/AccessibilityScrollView.cpp b/Source/WebCore/accessibility/AccessibilityScrollView.cpp
index 3f463910653ef..4edff0922dc75 100644
--- a/Source/WebCore/accessibility/AccessibilityScrollView.cpp
+++ b/Source/WebCore/accessibility/AccessibilityScrollView.cpp
@@ -177,7 +177,9 @@ void AccessibilityScrollView::removeChildScrollbar(AccessibilityObject* scrollba
     if (!scrollbar)
         return;
 
-    size_t position = m_children.find(Ref { *scrollbar });
+    size_t position = m_children.findIf([&scrollbar] (const Ref<AXCoreObject>& child) {
+        return child.ptr() == scrollbar;
+    });
     if (position != notFound) {
         m_children[position]->detachFromParent();
         m_children.remove(position);
diff --git a/Source/WebCore/accessibility/atspi/AccessibilityObjectComponentAtspi.cpp b/Source/WebCore/accessibility/atspi/AccessibilityObjectComponentAtspi.cpp
index abd6468e9a123..9ac2535fa567f 100644
--- a/Source/WebCore/accessibility/atspi/AccessibilityObjectComponentAtspi.cpp
+++ b/Source/WebCore/accessibility/atspi/AccessibilityObjectComponentAtspi.cpp
@@ -112,7 +112,8 @@ AccessibilityObjectAtspi* AccessibilityObjectAtspi::hitTest(const IntPoint& poin
         }
     }
 
-    m_coreObject->updateChildrenIfNecessary();
+    if (auto* axObject = dynamicDowncast<AccessibilityObject>(m_coreObject.get()))
+        axObject->updateChildrenIfNecessary();
     if (auto* coreObject = m_coreObject->accessibilityHitTest(convertedPoint))
         return coreObject->wrapper();
 
diff --git a/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp b/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp
index e9e85e5f1f06e..f96ad074e3f76 100644
--- a/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp
+++ b/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp
@@ -686,32 +686,18 @@ const AXCoreObject::AccessibilityChildrenVector& AXIsolatedObject::children(bool
 #elif USE(ATSPI)
     ASSERT(!isMainThread());
 #endif
-    RefPtr<AXIsolatedObject> protectedThis;
-    if (updateChildrenIfNeeded) {
-        // updateBackingStore can delete `this`, so protect it until the end of this function.
-        protectedThis = this;
-        updateBackingStore();
-
-        if (m_childrenDirty) {
-            m_children = WTF::compactMap(m_childrenIDs, [&](auto& childID) -> std::optional<Ref<AXCoreObject>> {
-                if (RefPtr child = tree()->objectForID(childID))
-                    return child.releaseNonNull();
-                return std::nullopt;
-            });
-            m_childrenDirty = false;
-        }
+    if (updateChildrenIfNeeded && m_childrenDirty) {
+        m_children = WTF::compactMap(m_childrenIDs, [&](auto& childID) -> std::optional<Ref<AXCoreObject>> {
+            if (RefPtr child = tree()->objectForID(childID))
+                return child.releaseNonNull();
+            return std::nullopt;
+        });
+        m_childrenDirty = false;
         ASSERT(m_children.size() == m_childrenIDs.size());
     }
     return m_children;
 }
 
-void AXIsolatedObject::updateChildrenIfNecessary()
-{
-    // FIXME: this is a no-op for isolated objects and should be removed from
-    // the public interface. It is used in the mac implementation of
-    // [WebAccessibilityObjectWrapper accessibilityHitTest].
-}
-
 void AXIsolatedObject::setSelectedChildren(const AccessibilityChildrenVector& selectedChildren)
 {
     ASSERT(selectedChildren.isEmpty() || selectedChildren[0]->isAXIsolatedObjectInstance());
diff --git a/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h b/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h
index f6ab458c57981..774c7d9077e5e 100644
--- a/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h
+++ b/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h
@@ -348,7 +348,6 @@ class AXIsolatedObject final : public AXCoreObject {
     void setSelectedChildren(const AccessibilityChildrenVector&) final;
     AccessibilityChildrenVector visibleChildren() final { return tree()->objectsForIDs(vectorAttributeValue<AXID>(AXProperty::VisibleChildren)); }
     void setChildrenIDs(Vector<AXID>&&);
-    void updateChildrenIfNecessary() final;
     bool isDetachedFromParent() final;
     AXIsolatedObject* liveRegionAncestor(bool excludeIfOff = true) const final { return Accessibility::liveRegionAncestor(*this, excludeIfOff); }
     const String liveRegionStatus() const final { return stringAttributeValue(AXProperty::LiveRegionStatus); }
diff --git a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
index 1962038f7f4e7..34c5b91643d27 100644
--- a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
+++ b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm
@@ -2055,7 +2055,8 @@ - (id)_accessibilityHitTest:(NSPoint)point returnPlatformElements:(BOOL)returnPl
     if (!backingObject)
         return nil;
 
-    backingObject->updateChildrenIfNecessary();
+    if (auto* axObject = dynamicDowncast<AccessibilityObject>(backingObject.get()))
+        axObject->updateChildrenIfNecessary();
     auto* axObject = backingObject->accessibilityHitTest(IntPoint(point));
 
     id hit = nil;

From 4a3cd84b09aec2fd6e0349ecbea54411a18f5168 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sat, 22 Feb 2025 22:31:13 -0800
Subject: [PATCH 084/174] Crash under DocumentThreadableLoader::dataReceived()
 dereferencing an unset std::optional
 https://bugs.webkit.org/show_bug.cgi?id=288305 rdar://145354732

Reviewed by Charlie Wolfe.

Stop passing the resource load identifier to DocumentThreadableLoader::didReceiveData()
since it doesn't use it. We don't always have an identifier and it was causing crashes
trying to dereferencing an unset std::optional and for no good reason since the identifier
wasn't needed anyway.

* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::dataReceived):
(WebCore::DocumentThreadableLoader::didReceiveData):
(WebCore::DocumentThreadableLoader::loadRequest):
* Source/WebCore/loader/DocumentThreadableLoader.h:

Canonical link: https://commits.webkit.org/290905@main
---
 Source/WebCore/loader/DocumentThreadableLoader.cpp | 6 +++---
 Source/WebCore/loader/DocumentThreadableLoader.h   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
index 9a494ad4920b3..d9e30cc24a86d 100644
--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
@@ -451,10 +451,10 @@ void DocumentThreadableLoader::didReceiveResponse(ResourceLoaderIdentifier ident
 void DocumentThreadableLoader::dataReceived(CachedResource& resource, const SharedBuffer& buffer)
 {
     ASSERT_UNUSED(resource, &resource == m_resource);
-    didReceiveData(*m_resource->resourceLoaderIdentifier(), buffer);
+    didReceiveData(buffer);
 }
 
-void DocumentThreadableLoader::didReceiveData(ResourceLoaderIdentifier, const SharedBuffer& buffer)
+void DocumentThreadableLoader::didReceiveData(const SharedBuffer& buffer)
 {
     ASSERT(m_client);
 
@@ -686,7 +686,7 @@ void DocumentThreadableLoader::loadRequest(ResourceRequest&& request, SecurityCh
     didReceiveResponse(identifier, response);
 
     if (data)
-        didReceiveData(identifier, *data);
+        didReceiveData(*data);
 
     const auto* timing = response.deprecatedNetworkLoadMetricsOrNull();
     auto resourceTiming = ResourceTiming::fromSynchronousLoad(requestURL, m_options.initiatorType, loadTiming, timing ? *timing : NetworkLoadMetrics::emptyMetrics(), response, securityOrigin());
diff --git a/Source/WebCore/loader/DocumentThreadableLoader.h b/Source/WebCore/loader/DocumentThreadableLoader.h
index 963f6f33e582b..083a389024611 100644
--- a/Source/WebCore/loader/DocumentThreadableLoader.h
+++ b/Source/WebCore/loader/DocumentThreadableLoader.h
@@ -95,7 +95,7 @@ class CachedRawResource;
         void notifyFinished(CachedResource&, const NetworkLoadMetrics&, LoadWillContinueInAnotherProcess) override;
 
         void didReceiveResponse(ResourceLoaderIdentifier, const ResourceResponse&);
-        void didReceiveData(ResourceLoaderIdentifier, const SharedBuffer&);
+        void didReceiveData(const SharedBuffer&);
         void didFinishLoading(std::optional<ResourceLoaderIdentifier>, const NetworkLoadMetrics&);
         void didFail(std::optional<ResourceLoaderIdentifier>, const ResourceError&);
         void makeCrossOriginAccessRequest(ResourceRequest&&);

From febcbad98051656212532ede02755f28ebe86848 Mon Sep 17 00:00:00 2001
From: Sosuke Suzuki <aosukeke@gmail.com>
Date: Sun, 23 Feb 2025 00:13:41 -0800
Subject: [PATCH 085/174] [JSC] Implement `Array.prototype.includes` in C++
 https://bugs.webkit.org/show_bug.cgi?id=287693
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Yusuke Suzuki.

Currently, JSC’s `Array#includes` is implemented in JavaScript, whereas
the similar `Array#indexOf` is implemented in C++ and benefits from
DFG/FTL optimizations.

This patch reimplements `Array#includes` in C++ in the same way as
`Array#indexOf`, thereby enabling DFG/FTL support.

In most cases, the patch shows performance improvements:

```
                                                  TipOfTree                  Patched
array-prototype-includes-double                25.2368+-0.1405     ^     20.9887+-3.0246        ^ definitely 1.2024x faster
array-prototype-includes-int32-from-contiguous
                                               22.4340+-0.4231     ^     17.1624+-0.2591        ^ definitely 1.3072x faster
array-prototype-includes-string                43.4965+-0.6154     ^     30.8301+-0.7207        ^ definitely 1.4108x faster
array-prototype-includes-string-16             73.3458+-0.8209     ^     51.7629+-0.5639        ^ definitely 1.4170x faster
array-prototype-includes-double-from-contiguous
                                               73.3174+-0.9760     ^     42.4634+-1.0352        ^ definitely 1.7266x faster
array-prototype-includes-int32                205.9207+-0.2986     ^    107.2346+-0.4414        ^ definitely 1.9203x faster
array-prototype-includes-contiguous            27.8838+-2.6451     ^      9.7461+-0.1414        ^ definitely 2.8610x faster
array-prototype-includes-bigint                17.6066+-0.2040     ^     12.2816+-0.1275        ^ definitely 1.4336x faster
```

However, benchmarks that use constant strings experience a performance
regression. This is due to the loss of constant folding for the `===`
operator that was effective in the JavaScript implementation:

```
                                                  TipOfTree                  Patched
array-prototype-includes-string-const          17.8715+-0.0715     !     24.9579+-0.2986        ! definitely 1.3965x slower
array-prototype-includes-string-16-const       17.9026+-0.0907     !     50.5343+-0.6068        ! definitely 2.8227x slower
```

* Source/JavaScriptCore/builtins/ArrayPrototype.js:
(includes): Deleted.
* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/CommonIdentifiers.h:
* Source/JavaScriptCore/runtime/JSCJSValueInlines.h:
(JSC::sameValueZero):

Canonical link: https://commits.webkit.org/290906@main
---
 .../array-prototype-includes-bigint.js        |   9 ++
 .../array-prototype-includes-contiguous.js    |  21 +++
 ...ototype-includes-double-from-contiguous.js |  20 +++
 .../array-prototype-includes-double.js        |   9 ++
 ...rototype-includes-int32-from-contiguous.js |  20 +++
 .../array-prototype-includes-int32.js         |  11 ++
 ...rray-prototype-includes-string-16-const.js |  36 +++++
 .../array-prototype-includes-string-16.js     |  36 +++++
 .../array-prototype-includes-string-const.js  |  35 +++++
 .../array-prototype-includes-string.js        |  35 +++++
 ...array-prototype-includes-contiguous-nan.js |  10 ++
 .../array-prototype-includes-double-nan.js    |  10 ++
 .../array-prototype-includes-doublerepuse.js  |  13 ++
 ...rray-prototype-includes-hole-contiguous.js |  10 ++
 .../array-prototype-includes-hole-double.js   |  10 ++
 .../array-prototype-includes-hole-int32.js    |  10 ++
 .../array-prototype-includes-int32-nan.js     |  10 ++
 .../array-prototype-includes-int32use.js      |  13 ++
 .../array-prototype-includes-objectuse.js     |  14 ++
 .../array-prototype-includes-otheruse.js      |  16 +++
 .../array-prototype-includes-stringuse.js     |  13 ++
 .../array-prototype-includes-symboluse.js     |  14 ++
 ...rototype-includes-untypeduse-contiguous.js |  13 ++
 ...ray-prototype-includes-untypeduse-int32.js |  13 ++
 .../JavaScriptCore/builtins/ArrayPrototype.js |  34 -----
 Source/JavaScriptCore/builtins/BuiltinNames.h |   1 +
 .../dfg/DFGAbstractInterpreterInlines.h       |   4 +
 .../JavaScriptCore/dfg/DFGByteCodeParser.cpp  |   5 +-
 Source/JavaScriptCore/dfg/DFGClobberize.h     |   2 +
 Source/JavaScriptCore/dfg/DFGDoesGC.cpp       |   1 +
 Source/JavaScriptCore/dfg/DFGFixupPhase.cpp   |  31 ++++-
 Source/JavaScriptCore/dfg/DFGNode.h           |   2 +
 Source/JavaScriptCore/dfg/DFGNodeType.h       |   1 +
 Source/JavaScriptCore/dfg/DFGOperations.cpp   | 125 ++++++++++++++++++
 Source/JavaScriptCore/dfg/DFGOperations.h     |   5 +
 .../dfg/DFGPredictionPropagationPhase.cpp     |   5 +
 Source/JavaScriptCore/dfg/DFGSafeToExecute.h  |   1 +
 .../JavaScriptCore/dfg/DFGSpeculativeJIT.cpp  | 114 ++++++++++++----
 Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h |   2 +-
 .../dfg/DFGSpeculativeJIT32_64.cpp            |   3 +-
 .../dfg/DFGSpeculativeJIT64.cpp               |   3 +-
 Source/JavaScriptCore/ftl/FTLCapabilities.cpp |   1 +
 Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp |  44 ++++--
 .../JavaScriptCore/runtime/ArrayPrototype.cpp |  51 ++++++-
 .../runtime/CommonIdentifiers.h               |   1 +
 Source/JavaScriptCore/runtime/Intrinsic.h     |   1 +
 Source/JavaScriptCore/runtime/JSArray.cpp     |  85 ++++++++++++
 Source/JavaScriptCore/runtime/JSArray.h       |   2 +
 .../runtime/JSCJSValueInlines.h               |  22 +++
 49 files changed, 858 insertions(+), 89 deletions(-)
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-bigint.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-contiguous.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-double-from-contiguous.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-double.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-int32-from-contiguous.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-int32.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-string-16-const.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-string-16.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-string-const.js
 create mode 100644 JSTests/microbenchmarks/array-prototype-includes-string.js
 create mode 100644 JSTests/stress/array-prototype-includes-contiguous-nan.js
 create mode 100644 JSTests/stress/array-prototype-includes-double-nan.js
 create mode 100644 JSTests/stress/array-prototype-includes-doublerepuse.js
 create mode 100644 JSTests/stress/array-prototype-includes-hole-contiguous.js
 create mode 100644 JSTests/stress/array-prototype-includes-hole-double.js
 create mode 100644 JSTests/stress/array-prototype-includes-hole-int32.js
 create mode 100644 JSTests/stress/array-prototype-includes-int32-nan.js
 create mode 100644 JSTests/stress/array-prototype-includes-int32use.js
 create mode 100644 JSTests/stress/array-prototype-includes-objectuse.js
 create mode 100644 JSTests/stress/array-prototype-includes-otheruse.js
 create mode 100644 JSTests/stress/array-prototype-includes-stringuse.js
 create mode 100644 JSTests/stress/array-prototype-includes-symboluse.js
 create mode 100644 JSTests/stress/array-prototype-includes-untypeduse-contiguous.js
 create mode 100644 JSTests/stress/array-prototype-includes-untypeduse-int32.js

diff --git a/JSTests/microbenchmarks/array-prototype-includes-bigint.js b/JSTests/microbenchmarks/array-prototype-includes-bigint.js
new file mode 100644
index 0000000000000..9ebd06001a4d5
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-bigint.js
@@ -0,0 +1,9 @@
+for (var i = 0; i < 1e5; ++i) {
+    [
+        0n,1n,2n,3n,4n,5n,6n,7n,8n,9n,10n,11n,12n,13n,14n,15n,
+        31n,30n,29n,28n,27n,26n,25n,24n,23n,22n,21n,20n,19n,
+        18n,17n,16n,32n,33n,34n,35n,36n,37n,38n,39n,40n,41n,
+        42n,43n,44n,45n,46n,47n,63n,62n,61n,60n,59n,58n,57n,
+        56n,55n,54n,53n,52n,51n,50n,49n,
+    ].includes(38n);
+}
diff --git a/JSTests/microbenchmarks/array-prototype-includes-contiguous.js b/JSTests/microbenchmarks/array-prototype-includes-contiguous.js
new file mode 100644
index 0000000000000..6801eed8d943a
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-contiguous.js
@@ -0,0 +1,21 @@
+const search = { value: 36 };
+const array = [
+    { value: 0 }, { value: 1 }, { value: 2 }, { value: 3 }, { value: 4 },
+    { value: 5 }, { value: 6 }, { value: 7 }, { value: 8 }, { value: 9 },
+    { value: 10 }, { value: 11 }, { value: 12 }, { value: 13 }, { value: 14 },
+    { value: 15 }, { value: 31 }, { value: 30 }, { value: 29 }, { value: 28 },
+    { value: 27 }, { value: 26 }, { value: 25 }, { value: 24 }, { value: 23 },
+    { value: 22 }, { value: 21 }, { value: 20 }, { value: 19 }, { value: 18 },
+    { value: 17 }, { value: 16 }, { value: 32 }, { value: 33 }, { value: 34 },
+    { value: 35 }, search, { value: 37 }, { value: 38 }, { value: 39 },
+    { value: 40 }, { value: 41 }, { value: 42 }, { value: 43 }, { value: 44 },
+    { value: 45 }, { value: 46 }, { value: 47 }, { value: 63 }, { value: 62 },
+    { value: 61 }, { value: 60 }, { value: 59 }, { value: 58 }, { value: 57 },
+    { value: 56 }, { value: 55 }, { value: 54 }, { value: 53 }, { value: 52 },
+    { value: 51 }, { value: 50 }, { value: 49 },
+];
+
+for (var i = 0; i < 1e6; ++i) {
+    array.includes(search);
+}
+
diff --git a/JSTests/microbenchmarks/array-prototype-includes-double-from-contiguous.js b/JSTests/microbenchmarks/array-prototype-includes-double-from-contiguous.js
new file mode 100644
index 0000000000000..ada96523e6f5d
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-double-from-contiguous.js
@@ -0,0 +1,20 @@
+const array = [
+    { value: 0 }, { value: 1 }, { value: 2 }, { value: 3 }, { value: 4 },
+    { value: 5 }, { value: 6 }, { value: 7 }, { value: 8 }, { value: 9 },
+    { value: 10 }, { value: 11 }, { value: 12 }, { value: 13 }, { value: 14 },
+    { value: 15 }, { value: 31 }, { value: 30 }, { value: 29 }, { value: 28 },
+    { value: 27 }, { value: 26 }, { value: 25 }, { value: 24 }, { value: 23 },
+    { value: 22 }, { value: 21 }, { value: 20 }, { value: 19 }, { value: 18 },
+    { value: 17 }, { value: 16 }, { value: 32 }, { value: 33 }, { value: 34 },
+    { value: 35 }, 3.6, { value: 37 }, { value: 38 }, { value: 39 },
+    { value: 40 }, { value: 41 }, { value: 42 }, { value: 43 }, { value: 44 },
+    { value: 45 }, { value: 46 }, { value: 47 }, { value: 63 }, { value: 62 },
+    { value: 61 }, { value: 60 }, { value: 59 }, { value: 58 }, { value: 57 },
+    { value: 56 }, { value: 55 }, { value: 54 }, { value: 53 }, { value: 52 },
+    { value: 51 }, { value: 50 }, { value: 49 },
+];
+
+for (var i = 0; i < 1e6; ++i) {
+    array.includes(3.6);
+}
+
diff --git a/JSTests/microbenchmarks/array-prototype-includes-double.js b/JSTests/microbenchmarks/array-prototype-includes-double.js
new file mode 100644
index 0000000000000..f96e7ab91946c
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-double.js
@@ -0,0 +1,9 @@
+for (var i = 0; i < 1e6; ++i) {
+    [
+        0.2, 1.2, 2.2, 3.2, 4.2, 5.2, 6.2, 7.2, 8.2, 9.2, 10.2, 11.2, 12.2, 13.2, 14.2, 15.2,
+        31.2, 30.2, 29.2, 28.2, 27.2, 26.2, 25.2, 24.2, 23.2, 22.2, 21.2, 20.2, 19.2, 18.2,
+        17.2, 16.2, 32.2, 33.2, 34.2, 35.2, 36.2, 37.2, 38.2, 39.2, 40.2, 41.2, 42.2, 43.2,
+        44.2, 45.2, 46.2, 47.2, 63.2, 62.2, 61.2, 60.2, 59.2, 58.2, 57.2, 56.2, 55.2, 54.2,
+        53.2, 52.2, 51.2, 50.2, 49.2,
+    ].includes(38.2);
+}
diff --git a/JSTests/microbenchmarks/array-prototype-includes-int32-from-contiguous.js b/JSTests/microbenchmarks/array-prototype-includes-int32-from-contiguous.js
new file mode 100644
index 0000000000000..24c8fd3413bdc
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-int32-from-contiguous.js
@@ -0,0 +1,20 @@
+const array = [
+    { value: 0 }, { value: 1 }, { value: 2 }, { value: 3 }, { value: 4 },
+    { value: 5 }, { value: 6 }, { value: 7 }, { value: 8 }, { value: 9 },
+    { value: 10 }, { value: 11 }, { value: 12 }, { value: 13 }, { value: 14 },
+    { value: 15 }, { value: 31 }, { value: 30 }, { value: 29 }, { value: 28 },
+    { value: 27 }, { value: 26 }, { value: 25 }, { value: 24 }, { value: 23 },
+    { value: 22 }, { value: 21 }, { value: 20 }, { value: 19 }, { value: 18 },
+    { value: 17 }, { value: 16 }, { value: 32 }, { value: 33 }, { value: 34 },
+    { value: 35 }, 3, { value: 37 }, { value: 38 }, { value: 39 },
+    { value: 40 }, { value: 41 }, { value: 42 }, { value: 43 }, { value: 44 },
+    { value: 45 }, { value: 46 }, { value: 47 }, { value: 63 }, { value: 62 },
+    { value: 61 }, { value: 60 }, { value: 59 }, { value: 58 }, { value: 57 },
+    { value: 56 }, { value: 55 }, { value: 54 }, { value: 53 }, { value: 52 },
+    { value: 51 }, { value: 50 }, { value: 49 },
+];
+
+for (var i = 0; i < 1e6; ++i) {
+    array.includes(3);
+}
+
diff --git a/JSTests/microbenchmarks/array-prototype-includes-int32.js b/JSTests/microbenchmarks/array-prototype-includes-int32.js
new file mode 100644
index 0000000000000..14d020191a74c
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-int32.js
@@ -0,0 +1,11 @@
+function test(array, searchElement) {
+    return array.includes(searchElement);
+}
+noInline(test);
+
+var array = new Array(1024);
+for (var i = 0; i < array.length; i++)
+    array[i] = i;
+
+for (var i = 0; i < 1e6; ++i)
+    test(array, 512);
diff --git a/JSTests/microbenchmarks/array-prototype-includes-string-16-const.js b/JSTests/microbenchmarks/array-prototype-includes-string-16-const.js
new file mode 100644
index 0000000000000..43431b3909c40
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-string-16-const.js
@@ -0,0 +1,36 @@
+function test(array, value) {
+    return array.includes(value);
+}
+noInline(test);
+
+const array = [
+    "あいうえおかきくけこさしすせそたちつてとなにぬねの",
+    "かきくけこさしすせそたちつてとなにぬねのはひふへほ",
+    "さしすせそたちつてとなにぬねのはひふへほまみむめも",
+    "たちつてとなにぬねのはひふへほまみむめもやゆよらり",
+    "なにぬねのはひふへほまみむめもやゆよらりるれろわを",
+    "はひふへほまみむめもやゆよらりるれろわをんあいうえ",
+    "まみむめもやゆよらりるれろわをんあいうえおかきくけ",
+    "やゆよらりるれろわをんあいうえおかきくけこさしすせ",
+    "らりるれろわをんあいうえおかきくけこさしすせそたち",
+    "わをんあいうえおかきくけこさしすせそたちつてとなに",
+    "んあいうえおかきくけこさしすせそたちつてとなにぬね",
+    "ひふへほまみむめもやゆよらりるれろわをんあいうえお",
+    "ふへほまみむめもやゆよらりるれろわをんあいうえおか",
+    "へほまみむめもやゆよらりるれろわをんあいうえおかき",
+    "ほまみむめもやゆよらりるれろわをんあいうえおかきく",
+    "みむめもやゆよらりるれろわをんあいうえおかきくけこ",
+    "むめもやゆよらりるれろわをんあいうえおかきくけこさ",
+    "めもやゆよらりるれろわをんあいうえおかきくけこさし",
+    "もやゆよらりるれろわをんあいうえおかきくけこさしす",
+    "ゆよらりるれろわをんあいうえおかきくけこさしすせそ",
+    "よらりるれろわをんあいうえおかきくけこさしすせそた",
+    "らりるれろわをんあいうえおかきくけこさしすせそたち",
+    "りるれろわをんあいうえおかきくけこさしすせそたちつ",
+    "るれろわをんあいうえおかきくけこさしすせそたちつて",
+    "れろわをんあいうえおかきくけこさしすせそたちつてと",
+    "ろわをんあいうえおかきくけこさしすせそたちつてとな",
+];
+
+for (var i = 0; i < 1e6; ++i)
+    test(array, "もやゆよらりるれろわをんあいうえおかきくけこさしす");
diff --git a/JSTests/microbenchmarks/array-prototype-includes-string-16.js b/JSTests/microbenchmarks/array-prototype-includes-string-16.js
new file mode 100644
index 0000000000000..39bbf59ea7174
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-string-16.js
@@ -0,0 +1,36 @@
+function test(array, value) {
+    return array.includes(value);
+}
+noInline(test);
+
+const array = [
+    "あいうえおかきくけこさしすせそたちつてとなにぬねの",
+    "かきくけこさしすせそたちつてとなにぬねのはひふへほ",
+    "さしすせそたちつてとなにぬねのはひふへほまみむめも",
+    "たちつてとなにぬねのはひふへほまみむめもやゆよらり",
+    "なにぬねのはひふへほまみむめもやゆよらりるれろわを",
+    "はひふへほまみむめもやゆよらりるれろわをんあいうえ",
+    "まみむめもやゆよらりるれろわをんあいうえおかきくけ",
+    "やゆよらりるれろわをんあいうえおかきくけこさしすせ",
+    "らりるれろわをんあいうえおかきくけこさしすせそたち",
+    "わをんあいうえおかきくけこさしすせそたちつてとなに",
+    "んあいうえおかきくけこさしすせそたちつてとなにぬね",
+    "ひふへほまみむめもやゆよらりるれろわをんあいうえお",
+    "ふへほまみむめもやゆよらりるれろわをんあいうえおか",
+    "へほまみむめもやゆよらりるれろわをんあいうえおかき",
+    "ほまみむめもやゆよらりるれろわをんあいうえおかきく",
+    "みむめもやゆよらりるれろわをんあいうえおかきくけこ",
+    "むめもやゆよらりるれろわをんあいうえおかきくけこさ",
+    "めもやゆよらりるれろわをんあいうえおかきくけこさし",
+    "もやゆよらりるれろわをんあいうえおかきくけこさしす",
+    "ゆよらりるれろわをんあいうえおかきくけこさしすせそ",
+    "よらりるれろわをんあいうえおかきくけこさしすせそた",
+    "らりるれろわをんあいうえおかきくけこさしすせそたち",
+    "りるれろわをんあいうえおかきくけこさしすせそたちつ",
+    "るれろわをんあいうえおかきくけこさしすせそたちつて",
+    "れろわをんあいうえおかきくけこさしすせそたちつてと",
+    "ろわをんあいうえおかきくけこさしすせそたちつてとな",
+];
+
+for (var i = 0; i < 1e6; ++i)
+    test(array, "もやゆよらりるれろわをん" + "あいうえおかきくけこさしす");
diff --git a/JSTests/microbenchmarks/array-prototype-includes-string-const.js b/JSTests/microbenchmarks/array-prototype-includes-string-const.js
new file mode 100644
index 0000000000000..3baf296813689
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-string-const.js
@@ -0,0 +1,35 @@
+function test(array, index) {
+    return array.includes(index);
+}
+noInline(test);
+
+const array = [
+    "dEXt0TxZQQQasd999!@#$%d^&",
+    "AAZZ!!@@**CC77zzxx1122d33",
+    "HelloWorldHeldloWorlddABC",
+    "abcABC123!@#xfyzXYZ!$d%+=",
+    "Zyx9!Zyx9!Zyx9!Zyx9!!d???",
+    "LoremIpsum1234!@#$LordemI",
+    "QQQQQQQQQQqqqqqqqqqq-----",
+    "&&&&1111%%%%2222@@@@33f33",
+    "TestStringasdVariousChars",
+    "RandomASCII~d~~~====?????",
+    "^^^^#####^^^f^^+++++.....",
+    "AZaz09!?AZaz09!?AZaz09!?%",
+    "Foobar##1122Foobar##1122F",
+    "9876543210!@d#$%^&*()_+=-",
+    "OneTwo3FourFive6Seven8Nin",
+    "Zwxy000111Zwxy000111Zwxy0",
+    "Spark!!!Spark???Spark%%%S",
+    "ShortAndSweet123??!!Short",
+    "BenchmarkCaseHere12345!!?",
+    "MultiLineString###000xxx@",
+    "ABCDEFGHabcdfefgh1234!!!!",
+    "111122223333d4444!!!!####",
+    "EndlessVariety?!@#$%^^^^^",
+    "PqrstUVWX9876pqrstUVWX987",
+    "MixItUpWith5omeWe!rdCHARS",
+    "FinallyZzYyXx!@#$4321)(*&",
+];
+for (var i = 0; i < 1e6; ++i)
+    test(array, "BenchmarkCaseHere12345!!?");
diff --git a/JSTests/microbenchmarks/array-prototype-includes-string.js b/JSTests/microbenchmarks/array-prototype-includes-string.js
new file mode 100644
index 0000000000000..d42f1c8498625
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-includes-string.js
@@ -0,0 +1,35 @@
+function test(array, index) {
+    return array.includes(index);
+}
+noInline(test);
+
+const array = [
+    "dEXt0TxZQQQasd999!@#$%d^&",
+    "AAZZ!!@@**CC77zzxx1122d33",
+    "HelloWorldHeldloWorlddABC",
+    "abcABC123!@#xfyzXYZ!$d%+=",
+    "Zyx9!Zyx9!Zyx9!Zyx9!!d???",
+    "LoremIpsum1234!@#$LordemI",
+    "QQQQQQQQQQqqqqqqqqqq-----",
+    "&&&&1111%%%%2222@@@@33f33",
+    "TestStringasdVariousChars",
+    "RandomASCII~d~~~====?????",
+    "^^^^#####^^^f^^+++++.....",
+    "AZaz09!?AZaz09!?AZaz09!?%",
+    "Foobar##1122Foobar##1122F",
+    "9876543210!@d#$%^&*()_+=-",
+    "OneTwo3FourFive6Seven8Nin",
+    "Zwxy000111Zwxy000111Zwxy0",
+    "Spark!!!Spark???Spark%%%S",
+    "ShortAndSweet123??!!Short",
+    "BenchmarkCaseHere12345!!?",
+    "MultiLineString###000xxx@",
+    "ABCDEFGHabcdfefgh1234!!!!",
+    "111122223333d4444!!!!####",
+    "EndlessVariety?!@#$%^^^^^",
+    "PqrstUVWX9876pqrstUVWX987",
+    "MixItUpWith5omeWe!rdCHARS",
+    "FinallyZzYyXx!@#$4321)(*&",
+];
+for (var i = 0; i < 1e6; ++i)
+    test(array, "Benchmark" + "CaseHere12345!!?");
diff --git a/JSTests/stress/array-prototype-includes-contiguous-nan.js b/JSTests/stress/array-prototype-includes-contiguous-nan.js
new file mode 100644
index 0000000000000..c481f4e0a1556
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-contiguous-nan.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [{}, {}, NaN, {}, {}];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(NaN), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-double-nan.js b/JSTests/stress/array-prototype-includes-double-nan.js
new file mode 100644
index 0000000000000..251e236b4f5eb
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-double-nan.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [1.2, 2.4, NaN, 4.4, 5.4];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(NaN), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-doublerepuse.js b/JSTests/stress/array-prototype-includes-doublerepuse.js
new file mode 100644
index 0000000000000..6a8f29f98f6c4
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-doublerepuse.js
@@ -0,0 +1,13 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([1, 2, 3.4, 4, 5, 6, 6, 4], 3.4, true);
+test([1, 2, 3.4, 4, 5, 6, 6, 4], 4.5, false);
diff --git a/JSTests/stress/array-prototype-includes-hole-contiguous.js b/JSTests/stress/array-prototype-includes-hole-contiguous.js
new file mode 100644
index 0000000000000..33a45fbe902b6
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-hole-contiguous.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [{}, {}, {}, , {}];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(undefined), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-hole-double.js b/JSTests/stress/array-prototype-includes-hole-double.js
new file mode 100644
index 0000000000000..1fc5275e26f7c
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-hole-double.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [1.4, 2.4, , 4.4, 5.5];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(undefined), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-hole-int32.js b/JSTests/stress/array-prototype-includes-hole-int32.js
new file mode 100644
index 0000000000000..eaed2968a53d8
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-hole-int32.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [1, 2, , 4, 5];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(undefined), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-int32-nan.js b/JSTests/stress/array-prototype-includes-int32-nan.js
new file mode 100644
index 0000000000000..a77b8cf24a239
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-int32-nan.js
@@ -0,0 +1,10 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [1, 2, NaN, 4, 5];
+
+for (let i = 0; i < testLoopCount; i++) {
+    sameValue(array.includes(NaN), true);
+}
diff --git a/JSTests/stress/array-prototype-includes-int32use.js b/JSTests/stress/array-prototype-includes-int32use.js
new file mode 100644
index 0000000000000..fe536ed899e01
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-int32use.js
@@ -0,0 +1,13 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([1, 2, 3, 4, 5, 6, 6, 4], 5, true);
+test([1, 2, 3, 4, 5, 6, 6, 4], 32, false);
diff --git a/JSTests/stress/array-prototype-includes-objectuse.js b/JSTests/stress/array-prototype-includes-objectuse.js
new file mode 100644
index 0000000000000..5a9ce8dfdf2d5
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-objectuse.js
@@ -0,0 +1,14 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+const obj = {};
+test([1, 2, 3.4, obj, 5, 6, 6, 4], obj, true);
+test([1, 2, 3.4, {}, 5, 6, 6, 4], obj, false);
diff --git a/JSTests/stress/array-prototype-includes-otheruse.js b/JSTests/stress/array-prototype-includes-otheruse.js
new file mode 100644
index 0000000000000..4c99a83f8fe33
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-otheruse.js
@@ -0,0 +1,16 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([1, 2, 3.4, null, 5, 6, 6, 4], null, true);
+test([1, 2, 3.4, undefined, 5, 6, 6, 4], undefined, true);
+test([1, 2, 3.4, null, 5, 6, 6, 4], undefined, false);
+test([1, 2, 3.4, undefined, 5, 6, 6, 4], null, false);
+
diff --git a/JSTests/stress/array-prototype-includes-stringuse.js b/JSTests/stress/array-prototype-includes-stringuse.js
new file mode 100644
index 0000000000000..2912602b824c0
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-stringuse.js
@@ -0,0 +1,13 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([1, 2, 3.4, "foo", 5, 6, 6, 4], "foo", true);
+test([1, 2, 3.4, "foo", 5, 6, 6, 4], "bar", false);
diff --git a/JSTests/stress/array-prototype-includes-symboluse.js b/JSTests/stress/array-prototype-includes-symboluse.js
new file mode 100644
index 0000000000000..49745684066c3
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-symboluse.js
@@ -0,0 +1,14 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+const sym = Symbol("foo");
+test([1, 2, 3.4, sym, 5, 6, 6, 4], sym, true);
+test([1, 2, 3.4, Symbol("bar"), 5, 6, 6, 4], sym, false);
diff --git a/JSTests/stress/array-prototype-includes-untypeduse-contiguous.js b/JSTests/stress/array-prototype-includes-untypeduse-contiguous.js
new file mode 100644
index 0000000000000..4ac96a1c88055
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-untypeduse-contiguous.js
@@ -0,0 +1,13 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([{}, 3.4, 3.5, 4.5, 5.4, 6.2, 6.2, 4.5], 4.5, true);
+test([{}, 3.4, 3.5, 4.5, 5.4, 6.2, 6.2, 4.5], 5.9, false);
diff --git a/JSTests/stress/array-prototype-includes-untypeduse-int32.js b/JSTests/stress/array-prototype-includes-untypeduse-int32.js
new file mode 100644
index 0000000000000..85f41faddd2d3
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-untypeduse-int32.js
@@ -0,0 +1,13 @@
+function sameValue(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+function test(array, searchElement, expected) {
+    for (let i = 0; i < testLoopCount; i++) {
+        sameValue(array.includes(searchElement), expected);
+    }
+}
+
+test([1, 2, 3, 4, 5, 6, 6, 4], 3.4, false);
+test([1, 2, 3, 4, 5, 6, 6, 4], 5, true);
diff --git a/Source/JavaScriptCore/builtins/ArrayPrototype.js b/Source/JavaScriptCore/builtins/ArrayPrototype.js
index f7e77db9acf42..7618310f7b6aa 100644
--- a/Source/JavaScriptCore/builtins/ArrayPrototype.js
+++ b/Source/JavaScriptCore/builtins/ArrayPrototype.js
@@ -273,40 +273,6 @@ function findLastIndex(callback /*, thisArg */)
     return -1;
 }
 
-function includes(searchElement /*, fromIndex*/)
-{
-    "use strict";
-
-    var array = @toObject(this, "Array.prototype.includes requires that |this| not be null or undefined");
-    var length = @toLength(array.length);
-
-    if (length === 0)
-        return false;
-
-    var fromIndex = 0;
-    var from = @argument(1);
-    if (from !== @undefined)
-        fromIndex = @toIntegerOrInfinity(from);
-
-    var index;
-    if (fromIndex >= 0)
-        index = fromIndex;
-    else
-        index = length + fromIndex;
-
-    if (index < 0)
-        index = 0;
-
-    var currentElement;
-    for (; index < length; ++index) {
-        currentElement = array[index];
-        // Use SameValueZero comparison, rather than just StrictEquals.
-        if (searchElement === currentElement || (searchElement !== searchElement && currentElement !== currentElement))
-            return true;
-    }
-    return false;
-}
-
 @linkTimeConstant
 function maxWithPositives(a, b)
 {
diff --git a/Source/JavaScriptCore/builtins/BuiltinNames.h b/Source/JavaScriptCore/builtins/BuiltinNames.h
index 3ecf7c0a084cc..ee15b67193d10 100644
--- a/Source/JavaScriptCore/builtins/BuiltinNames.h
+++ b/Source/JavaScriptCore/builtins/BuiltinNames.h
@@ -219,6 +219,7 @@ namespace JSC {
     macro(regExpStringIteratorCreate) \
     macro(iteratorHelperCreate) \
     macro(syncIterator) \
+    macro(includes) \
 
 
 namespace Symbols {
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
index 4834aa0ff6a59..5391fbba0aaef 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
@@ -2946,6 +2946,10 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi
         makeBytecodeTopForNode(node);
         break;
 
+    case ArrayIncludes:
+        setNonCellTypeForNode(node, SpecBoolean);
+        break;
+
     case ArrayIndexOf: {
         setNonCellTypeForNode(node, SpecInt32Only);
         break;
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
index 866df01f8490a..25df3adb82f83 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
@@ -2749,6 +2749,7 @@ auto ByteCodeParser::handleIntrinsicCall(Node* callee, Operand resultOperand, Ca
             return CallOptimizationResult::Inlined;
         }
 
+        case ArrayIncludesIntrinsic:
         case ArrayIndexOfIntrinsic: {
             if (argumentCountIncludingThis < 2)
                 return CallOptimizationResult::DidNothing;
@@ -2792,7 +2793,9 @@ auto ByteCodeParser::handleIntrinsicCall(Node* callee, Operand resultOperand, Ca
                         addVarArgChild(get(virtualRegisterForArgumentIncludingThis(2, registerOffset))); // Start index.
                     addVarArgChild(nullptr);
 
-                    Node* node = addToGraph(Node::VarArg, ArrayIndexOf, OpInfo(arrayMode.asWord()), OpInfo());
+                    Node* node = intrinsic == ArrayIncludesIntrinsic
+                        ? addToGraph(Node::VarArg, ArrayIncludes, OpInfo(arrayMode.asWord()), OpInfo())
+                        : addToGraph(Node::VarArg, ArrayIndexOf, OpInfo(arrayMode.asWord()), OpInfo());
                     setResult(node);
                     return CallOptimizationResult::Inlined;
                 }
diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h b/Source/JavaScriptCore/dfg/DFGClobberize.h
index f81b0c909a7d8..7852ae140bd93 100644
--- a/Source/JavaScriptCore/dfg/DFGClobberize.h
+++ b/Source/JavaScriptCore/dfg/DFGClobberize.h
@@ -167,6 +167,7 @@ void clobberize(Graph& graph, Node* node, const ReadFunctor& read, const WriteFu
         case ArrayifyToStructure:
         case ArrayPush:
         case ArrayPop:
+        case ArrayIncludes:
         case ArrayIndexOf:
         case HasIndexedProperty:
         case AtomicsAdd:
@@ -684,6 +685,7 @@ void clobberize(Graph& graph, Node* node, const ReadFunctor& read, const WriteFu
         write(HeapObjectCount);
         return;
 
+    case ArrayIncludes:
     case ArrayIndexOf: {
         // FIXME: Should support a CSE rule.
         // https://bugs.webkit.org/show_bug.cgi?id=173173
diff --git a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
index 2fe7e4b0a0435..1f755e8f41736 100644
--- a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
+++ b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
@@ -447,6 +447,7 @@ bool doesGC(Graph& graph, Node* node)
     case CallDOMGetter:
     case CallDOM:
     case ArraySlice:
+    case ArrayIncludes:
     case ArrayIndexOf:
     case ParseInt: // We might resolve a rope even though we don't clobber anything.
     case SetAdd:
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index 8f6b79f00c7fa..4243e859e7fdd 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
@@ -1623,8 +1623,9 @@ class FixupPhase : public Phase {
             break;
         }
 
+        case ArrayIncludes:
         case ArrayIndexOf:
-            fixupArrayIndexOf(node);
+            fixupArrayIndexOfOrArrayIncludes(node);
             break;
             
         case RegExpExec:
@@ -4791,12 +4792,19 @@ class FixupPhase : public Phase {
         fixup(node->child3(), 1);
     }
 
-    void fixupArrayIndexOf(Node* node)
+    void fixupArrayIndexOfOrArrayIncludes(Node* node)
     {
+        ASSERT(node->op() == ArrayIndexOf || node->op() == ArrayIncludes);
+
+        bool isArrayIncludes = node->op() == ArrayIncludes;
+
         Edge& array = m_graph.varArgChild(node, 0);
         Edge& storage = m_graph.varArgChild(node, node->numChildren() == 3 ? 2 : 3);
         blessArrayOperation(array, Edge(), storage);
-        ASSERT_WITH_MESSAGE(storage.node(), "blessArrayOperation for ArrayIndexOf must set Butterfly for storage edge.");
+        if (isArrayIncludes)
+            ASSERT_WITH_MESSAGE(storage.node(), "blessArrayOperation for ArrayIncludes must set Butterfly for storage edge.");
+        else
+            ASSERT_WITH_MESSAGE(storage.node(), "blessArrayOperation for ArrayIndexOf must set Butterfly for storage edge.");
 
         Edge& searchElement = m_graph.varArgChild(node, 1);
 
@@ -4813,15 +4821,21 @@ class FixupPhase : public Phase {
             if (searchElement->shouldSpeculateCell()) {
                 fixEdge<CellUse>(searchElement);
                 m_insertionSet.insertCheck(m_graph, m_indexInBlock, node);
-                m_graph.convertToConstant(node, jsNumber(-1));
+                if (isArrayIncludes)
+                    m_graph.convertToConstant(node, jsBoolean(false));
+                else
+                    m_graph.convertToConstant(node, jsNumber(-1));
                 observeUseKindOnNode<CellUse>(searchElementNode);
                 return;
             }
 
-            if (searchElement->shouldSpeculateOther()) {
+            if (searchElement->shouldSpeculateOther() && !isArrayIncludes) {
                 fixEdge<OtherUse>(searchElement);
                 m_insertionSet.insertCheck(m_graph, m_indexInBlock, node);
-                m_graph.convertToConstant(node, jsNumber(-1));
+                if (isArrayIncludes)
+                    m_graph.convertToConstant(node, jsBoolean(false));
+                else
+                    m_graph.convertToConstant(node, jsNumber(-1));
                 observeUseKindOnNode<OtherUse>(searchElementNode);
                 return;
             }
@@ -4829,7 +4843,10 @@ class FixupPhase : public Phase {
             if (searchElement->shouldSpeculateBoolean()) {
                 fixEdge<BooleanUse>(searchElement);
                 m_insertionSet.insertCheck(m_graph, m_indexInBlock, node);
-                m_graph.convertToConstant(node, jsNumber(-1));
+                if (isArrayIncludes)
+                    m_graph.convertToConstant(node, jsBoolean(false));
+                else
+                    m_graph.convertToConstant(node, jsNumber(-1));
                 observeUseKindOnNode<BooleanUse>(searchElementNode);
                 return;
             }
diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h
index ff15c21074c12..c72320bcf619f 100644
--- a/Source/JavaScriptCore/dfg/DFGNode.h
+++ b/Source/JavaScriptCore/dfg/DFGNode.h
@@ -2231,6 +2231,7 @@ struct Node {
         case GetTypedArrayLengthAsInt52:
         case HasIndexedProperty:
         case EnumeratorNextUpdateIndexAndMode:
+        case ArrayIncludes:
         case ArrayIndexOf:
             return true;
         default:
@@ -2576,6 +2577,7 @@ struct Node {
         case ArrayifyToStructure:
         case ArrayPush:
         case ArrayPop:
+        case ArrayIncludes:
         case ArrayIndexOf:
         case HasIndexedProperty:
         case AtomicsAdd:
diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h
index 3bbc995c7354f..73b7f7bf4b188 100644
--- a/Source/JavaScriptCore/dfg/DFGNodeType.h
+++ b/Source/JavaScriptCore/dfg/DFGNodeType.h
@@ -334,6 +334,7 @@ namespace JSC { namespace DFG {
     macro(ArrayPush, NodeResultJS | NodeMustGenerate | NodeHasVarArgs) \
     macro(ArrayPop, NodeResultJS | NodeMustGenerate) \
     macro(ArraySlice, NodeResultJS | NodeMustGenerate | NodeHasVarArgs) \
+    macro(ArrayIncludes, NodeResultBoolean | NodeHasVarArgs) \
     macro(ArrayIndexOf, NodeResultInt32 | NodeHasVarArgs) \
     macro(ArraySplice, NodeResultJS | NodeMustGenerate | NodeHasVarArgs) \
     \
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 2c4caa5a9b9e2..5b4083987b273 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -3706,6 +3706,131 @@ JSC_DEFINE_JIT_OPERATION(operationToLengthUntyped, EncodedJSValue, (JSGlobalObje
     OPERATION_RETURN(scope, JSValue::encode(jsNumber(value.toLength(globalObject))));
 }
 
+static ALWAYS_INLINE UCPUStrictInt32 arrayIncludesString(JSGlobalObject* globalObject, Butterfly* butterfly, JSString* searchElement, int32_t index)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    int32_t length = butterfly->publicLength();
+    auto data = butterfly->contiguous().data();
+    for (; index < length; ++index) {
+        JSValue value = data[index].get();
+        if (!value || !value.isString())
+            continue;
+        auto* string = asString(value);
+        if (string == searchElement)
+            return toUCPUStrictInt32(1);
+        if (string->equalInline(globalObject, searchElement)) {
+            scope.assertNoExceptionExceptTermination();
+            return toUCPUStrictInt32(1);
+        }
+        RETURN_IF_EXCEPTION(scope, { });
+    }
+    return toUCPUStrictInt32(0);
+}
+
+JSC_DEFINE_JIT_OPERATION(operationArrayIncludesString, UCPUStrictInt32, (JSGlobalObject* globalObject, Butterfly* butterfly, JSString* searchElement, int32_t index))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    OPERATION_RETURN(scope, arrayIncludesString(globalObject, butterfly, searchElement, index));
+}
+
+JSC_DEFINE_JIT_OPERATION(operationArrayIncludesValueInt32OrContiguous, UCPUStrictInt32, (JSGlobalObject* globalObject, Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue searchElement = JSValue::decode(encodedValue);
+
+    if (searchElement.isString())
+        OPERATION_RETURN(scope, arrayIncludesString(globalObject, butterfly, asString(searchElement), index));
+
+    int32_t length = butterfly->publicLength();
+    auto data = butterfly->contiguous().data();
+
+    if (index >= length)
+        OPERATION_RETURN(scope, toUCPUStrictInt32(0));
+
+    if (searchElement.isObject()) {
+        auto* result = std::bit_cast<const WriteBarrier<Unknown>*>(WTF::find64(std::bit_cast<const uint64_t*>(data + index), encodedValue, length - index));
+        if (result)
+            OPERATION_RETURN(scope, toUCPUStrictInt32(1));
+        OPERATION_RETURN(scope, toUCPUStrictInt32(0));
+    }
+
+    if (searchElement.isInt32()) {
+        for (; index < length; ++index) {
+            JSValue value = data[index].get();
+            if (!value || !value.isInt32())
+                continue;
+            if (searchElement.asInt32() == value.asInt32())
+                OPERATION_RETURN(scope, toUCPUStrictInt32(1));
+        }
+        OPERATION_RETURN(scope, toUCPUStrictInt32(0));
+    }
+
+    bool searchElementIsUndefined = searchElement.isUndefined();
+    for (; index < length; ++index) {
+        JSValue value = data[index].get();
+        if (!value) {
+            if (searchElementIsUndefined)
+                OPERATION_RETURN(scope, 1);
+            continue;
+        }
+        bool isEqual = sameValueZero(globalObject, searchElement, value);
+        OPERATION_RETURN_IF_EXCEPTION(scope, 0);
+        if (isEqual)
+            OPERATION_RETURN(scope, toUCPUStrictInt32(1));
+    }
+    OPERATION_RETURN(scope, toUCPUStrictInt32(0));
+}
+
+JSC_DEFINE_NOEXCEPT_JIT_OPERATION(operationArrayIncludesValueDouble, UCPUStrictInt32, (Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index))
+{
+    // We do not cause any exceptions, thus we do not need FrameTracers.
+    JSValue searchElement = JSValue::decode(encodedValue);
+    const double* data = butterfly->contiguousDouble().data();
+    int32_t length = butterfly->publicLength();
+
+    if (searchElement.isUndefined() && containsHole(data, length))
+        return toUCPUStrictInt32(1);
+    if (!searchElement.isNumber())
+        return toUCPUStrictInt32(0);
+
+    double number = searchElement.asNumber();
+    for (; index < length; ++index) {
+        // This comparison ignores NaN.
+        if (data[index] == number)
+            return toUCPUStrictInt32(1);
+    }
+    return toUCPUStrictInt32(0);
+}
+
+JSC_DEFINE_NOEXCEPT_JIT_OPERATION(operationArrayIncludesNonStringIdentityValueContiguous, UCPUStrictInt32, (Butterfly* butterfly, EncodedJSValue searchElement, int32_t index))
+{
+    // We do not cause any exceptions, thus we do not need FrameTracers.
+    int32_t length = butterfly->publicLength();
+    auto data = butterfly->contiguous().data();
+
+    if (index >= length)
+        return toUCPUStrictInt32(0);
+
+    auto* result = std::bit_cast<const WriteBarrier<Unknown>*>(WTF::find64(std::bit_cast<const uint64_t*>(data + index), searchElement, length - index));
+    if (result)
+        return toUCPUStrictInt32(1);
+
+    JSValue searchElementValue = JSValue::decode(searchElement);
+    if (searchElementValue.isUndefined() && containsHole(data, length))
+        return toUCPUStrictInt32(1);
+    return toUCPUStrictInt32(0);
+}
+
 static ALWAYS_INLINE UCPUStrictInt32 arrayIndexOfString(JSGlobalObject* globalObject, Butterfly* butterfly, JSString* searchElement, int32_t index)
 {
     VM& vm = globalObject->vm();
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.h b/Source/JavaScriptCore/dfg/DFGOperations.h
index 882ed29be1a19..db15d0d5687c6 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.h
+++ b/Source/JavaScriptCore/dfg/DFGOperations.h
@@ -368,6 +368,11 @@ JSC_DECLARE_JIT_OPERATION(operationThrowStaticError, void, (JSGlobalObject*, JSS
 
 JSC_DECLARE_JIT_OPERATION(operationHasOwnProperty, size_t, (JSGlobalObject*, JSObject*, EncodedJSValue));
 
+JSC_DECLARE_JIT_OPERATION(operationArrayIncludesString, UCPUStrictInt32, (JSGlobalObject*, Butterfly*, JSString*, int32_t));
+JSC_DECLARE_NOEXCEPT_JIT_OPERATION(operationArrayIncludesValueDouble, UCPUStrictInt32, (Butterfly*, EncodedJSValue, int32_t));
+JSC_DECLARE_JIT_OPERATION(operationArrayIncludesValueInt32OrContiguous, UCPUStrictInt32, (JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t));
+JSC_DECLARE_NOEXCEPT_JIT_OPERATION(operationArrayIncludesNonStringIdentityValueContiguous, UCPUStrictInt32, (Butterfly*, EncodedJSValue, int32_t));
+
 JSC_DECLARE_JIT_OPERATION(operationArrayIndexOfString, UCPUStrictInt32, (JSGlobalObject*, Butterfly*, JSString*, int32_t));
 JSC_DECLARE_NOEXCEPT_JIT_OPERATION(operationArrayIndexOfValueDouble, UCPUStrictInt32, (Butterfly*, EncodedJSValue, int32_t));
 JSC_DECLARE_JIT_OPERATION(operationArrayIndexOfValueInt32OrContiguous, UCPUStrictInt32, (JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t));
diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
index af6511d1110b1..7a5390dbc6eb9 100644
--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
@@ -1144,6 +1144,11 @@ class PredictionPropagationPhase : public Phase {
             break;
         }
 
+        case ArrayIncludes: {
+            setPrediction(SpecBoolean);
+            break;
+        }
+
         case GetTypedArrayByteOffset:
         case GetArrayLength:
         case GetUndetachedTypeArrayLength:
diff --git a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
index c75f3587be170..069c4948ce7b8 100644
--- a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
+++ b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
@@ -350,6 +350,7 @@ bool safeToExecute(AbstractStateType& state, Graph& graph, Node* node, bool igno
         return state.forNode(node->child1()).isType(SpecObject);
 
     case ArraySlice:
+    case ArrayIncludes:
     case ArrayIndexOf: {
         // You could plausibly move this code around as long as you proved the
         // incoming array base structure is an original array at the hoisted location.
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index c2a7be72d1ad2..6524ac1962c73 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -9476,9 +9476,11 @@ void SpeculativeJIT::compileArraySplice(Node* node)
     jsValueResult(resultRegs, node);
 }
 
-void SpeculativeJIT::compileArrayIndexOf(Node* node)
+void SpeculativeJIT::compileArrayIndexOfOrArrayIncludes(Node* node)
 {
-    ASSERT(node->op() == ArrayIndexOf);
+    ASSERT(node->op() == ArrayIndexOf || node->op() == ArrayIncludes);
+
+    bool isArrayIncludes = node->op() == ArrayIncludes;
 
     StorageOperand storage(this, m_graph.varArgChild(node, node->numChildren() == 3 ? 2 : 3));
     GPRTemporary index(this);
@@ -9514,10 +9516,20 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
             add32(TrustedImm32(1), indexGPR);
             jump().linkTo(loop, this);
 
-            notFound.link(this);
-            move(TrustedImm32(-1), indexGPR);
-            found.link(this);
-            strictInt32Result(indexGPR, node);
+            if (isArrayIncludes) {
+                notFound.link(this);
+                move(TrustedImm32(0), indexGPR);
+                Jump done = jump();
+                found.link(this);
+                move(TrustedImm32(1), indexGPR);
+                done.link(this);
+                unblessedBooleanResult(indexGPR, node);
+            } else {
+                notFound.link(this);
+                move(TrustedImm32(-1), indexGPR);
+                found.link(this);
+                strictInt32Result(indexGPR, node);
+            }
         };
 
         ASSERT(node->arrayMode().type() == Array::Int32);
@@ -9569,10 +9581,20 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
         add32(TrustedImm32(1), indexGPR);
         jump().linkTo(loop, this);
 
-        notFound.link(this);
-        move(TrustedImm32(-1), indexGPR);
-        found.link(this);
-        strictInt32Result(indexGPR, node);
+        if (isArrayIncludes) {
+            notFound.link(this);
+            move(TrustedImm32(0), indexGPR);
+            Jump done = jump();
+            found.link(this);
+            move(TrustedImm32(1), indexGPR);
+            done.link(this);
+            unblessedBooleanResult(indexGPR, node);
+        } else {
+            notFound.link(this);
+            move(TrustedImm32(-1), indexGPR);
+            found.link(this);
+            strictInt32Result(indexGPR, node);
+        }
         return;
     }
 
@@ -9587,9 +9609,13 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
 
         flushRegisters();
 
-        callOperation(operationArrayIndexOfString, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementGPR, indexGPR);
-
-        strictInt32Result(lengthGPR, node);
+        if (isArrayIncludes) {
+            callOperation(operationArrayIncludesString, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementGPR, indexGPR);
+            unblessedBooleanResult(lengthGPR, node);
+        } else {
+            callOperation(operationArrayIndexOfString, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementGPR, indexGPR);
+            strictInt32Result(lengthGPR, node);
+        }
 
         return;
 #else
@@ -9634,10 +9660,18 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
             add32(TrustedImm32(1), indexGPR);
             jump().linkTo(loop, this);
 
-            notFound.link(this);
-            move(TrustedImm32(-1), indexGPR);
-
-            found.link(this);
+            if (isArrayIncludes) {
+                notFound.link(this);
+                move(TrustedImm32(0), indexGPR);
+                Jump done = jump();
+                found.link(this);
+                move(TrustedImm32(1), indexGPR);
+                done.link(this);
+            } else {
+                notFound.link(this);
+                move(TrustedImm32(-1), indexGPR);
+                found.link(this);
+            }
         };
 
         auto emitCompare = [&]() -> JumpList {
@@ -9692,13 +9726,21 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
 
         emitLoop(emitCompare);
 
-        addSlowPathGenerator(slowPathCall(
-            slowCase, this, operationArrayIndexOfString,
-            indexGPR, LinkableConstant::globalObject(*this, node),
-            storageGPR, searchElementGPR, indexGPR
-        ));
-
-        strictInt32Result(indexGPR, node);
+        if (isArrayIncludes) {
+            addSlowPathGenerator(slowPathCall(
+                slowCase, this, operationArrayIncludesString,
+                indexGPR, LinkableConstant::globalObject(*this, node),
+                storageGPR, searchElementGPR, indexGPR
+            ));
+            unblessedBooleanResult(indexGPR, node);
+        } else {
+            addSlowPathGenerator(slowPathCall(
+                slowCase, this, operationArrayIndexOfString,
+                indexGPR, LinkableConstant::globalObject(*this, node),
+                storageGPR, searchElementGPR, indexGPR
+            ));
+            strictInt32Result(indexGPR, node);
+        }
 
         return;
 #endif
@@ -9715,8 +9757,13 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
         ASSERT(node->arrayMode().type() == Array::Contiguous);
 
         flushRegisters();
-        callOperationWithoutExceptionCheck(operationArrayIndexOfNonStringIdentityValueContiguous, lengthGPR, storageGPR, valueRegs, indexGPR);
-        strictInt32Result(lengthGPR, node);
+        if (isArrayIncludes) {
+            callOperationWithoutExceptionCheck(operationArrayIncludesNonStringIdentityValueContiguous, lengthGPR, storageGPR, valueRegs, indexGPR);
+            unblessedBooleanResult(lengthGPR, node);
+        } else {
+            callOperationWithoutExceptionCheck(operationArrayIndexOfNonStringIdentityValueContiguous, lengthGPR, storageGPR, valueRegs, indexGPR);
+            strictInt32Result(lengthGPR, node);
+        }
         return;
     }
 
@@ -9728,18 +9775,27 @@ void SpeculativeJIT::compileArrayIndexOf(Node* node)
         flushRegisters();
         switch (node->arrayMode().type()) {
         case Array::Double:
-            callOperation(operationArrayIndexOfValueDouble, lengthGPR, storageGPR, searchElementRegs, indexGPR);
+            if (isArrayIncludes)
+                callOperation(operationArrayIncludesValueDouble, lengthGPR, storageGPR, searchElementRegs, indexGPR);
+            else
+                callOperation(operationArrayIndexOfValueDouble, lengthGPR, storageGPR, searchElementRegs, indexGPR);
             break;
         case Array::Int32:
         case Array::Contiguous:
-            callOperation(operationArrayIndexOfValueInt32OrContiguous, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementRegs, indexGPR);
+            if (isArrayIncludes)
+                callOperation(operationArrayIncludesValueInt32OrContiguous, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementRegs, indexGPR);
+            else
+                callOperation(operationArrayIndexOfValueInt32OrContiguous, lengthGPR, LinkableConstant::globalObject(*this, node), storageGPR, searchElementRegs, indexGPR);
             break;
         default:
             RELEASE_ASSERT_NOT_REACHED();
             break;
         }
 
-        strictInt32Result(lengthGPR, node);
+        if (isArrayIncludes)
+            unblessedBooleanResult(lengthGPR, node);
+        else
+            strictInt32Result(lengthGPR, node);
         return;
     }
 
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 62b5187681cd0..084212562e026 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -1686,7 +1686,7 @@ class SpeculativeJIT : public JITCompiler {
     void compileGetRestLength(Node*);
     void compileArraySlice(Node*);
     void compileArraySplice(Node*);
-    void compileArrayIndexOf(Node*);
+    void compileArrayIndexOfOrArrayIncludes(Node*);
     void compileArrayPush(Node*);
     void compileNotifyWrite(Node*);
     void compileRegExpExec(Node*);
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
index e74f25b5cf3f8..d807d6c91cd8d 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
@@ -2932,8 +2932,9 @@ void SpeculativeJIT::compile(Node* node)
         break;
     }
 
+    case ArrayIncludes:
     case ArrayIndexOf: {
-        compileArrayIndexOf(node);
+        compileArrayIndexOfOrArrayIncludes(node);
         break;
     }
 
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
index a3c7bc88a3980..cab6e82492629 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
@@ -4154,8 +4154,9 @@ void SpeculativeJIT::compile(Node* node)
         break;
     }
 
+    case ArrayIncludes:
     case ArrayIndexOf: {
-        compileArrayIndexOf(node);
+        compileArrayIndexOfOrArrayIncludes(node);
         break;
     }
         
diff --git a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
index 94b1463827e89..ffdeaf2a714fc 100644
--- a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
+++ b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
@@ -422,6 +422,7 @@ inline CapabilityLevel canCompile(Node* node)
     case CallDOMGetter:
     case ArraySlice:
     case ArraySplice:
+    case ArrayIncludes:
     case ArrayIndexOf:
     case ArrayPop:
     case ArrayPush:
diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
index 830c23c3de385..9193e3347fb6b 100644
--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
@@ -1160,8 +1160,9 @@ class LowerDFGToB3 {
         case ArraySplice:
             compileArraySplice();
             break;
+        case ArrayIncludes:
         case ArrayIndexOf:
-            compileArrayIndexOf();
+            compileArrayIndexOfOrArrayIncludes();
             break;
         case CreateActivation:
             compileCreateActivation();
@@ -7592,8 +7593,10 @@ IGNORE_CLANG_WARNINGS_END
         setJSValue(vmCall(Int64, refCount ? operationArraySplice : operationArraySpliceIgnoreResult, weakPointer(globalObject), base, index, deleteCount, m_out.constIntPtr(buffer), m_out.constInt32(insertionCount)));
     }
 
-    void compileArrayIndexOf()
+    void compileArrayIndexOfOrArrayIncludes()
     {
+        ASSERT(m_node->op() == ArrayIncludes || m_node->op() == ArrayIndexOf);
+
         JSGlobalObject* globalObject = m_graph.globalObjectFor(m_origin.semantic);
         LValue base = lowCell(m_graph.varArgChild(m_node, 0));
         LValue storage = lowStorage(m_node->numChildren() == 3 ? m_graph.varArgChild(m_node, 2) : m_graph.varArgChild(m_node, 3));
@@ -7608,6 +7611,8 @@ IGNORE_CLANG_WARNINGS_END
         } else
             startIndex = m_out.int32Zero;
 
+        bool isArrayIncludes = m_node->op() == ArrayIncludes;
+
         Edge& searchElementEdge = m_graph.varArgChild(m_node, 1);
         switch (searchElementEdge.useKind()) {
         case Int32Use:
@@ -7645,7 +7650,7 @@ IGNORE_CLANG_WARNINGS_END
             m_out.branch(m_out.notEqual(index, length), unsure(loopBody), unsure(notFound));
 
             m_out.appendTo(loopBody, loopNext);
-            ValueFromBlock foundResult = m_out.anchor(index);
+            ValueFromBlock foundResult = isArrayIncludes ? m_out.anchor(m_out.constBool(true)) : m_out.anchor(index);
             switch (searchElementEdge.useKind()) {
             case Int32Use: {
                 // Empty value is ignored because of JSValue::NumberTag.
@@ -7670,13 +7675,16 @@ IGNORE_CLANG_WARNINGS_END
             m_out.jump(loopHeader);
 
             m_out.appendTo(notFound, continuation);
-            ValueFromBlock notFoundResult = m_out.anchor(m_out.constIntPtr(-1));
+            ValueFromBlock notFoundResult = isArrayIncludes ? m_out.anchor(m_out.constBool(false)) : m_out.anchor(m_out.constIntPtr(-1));
             m_out.jump(continuation);
 
             m_out.appendTo(continuation, lastNext);
             // We have to keep base alive since that keeps content of storage alive.
             ensureStillAliveHere(base);
-            setInt32(m_out.castToInt32(m_out.phi(pointerType(), notFoundResult, foundResult)));
+            if (isArrayIncludes)
+                setBoolean(m_out.phi(Int32, notFoundResult, foundResult));
+            else
+                setInt32(m_out.castToInt32(m_out.phi(pointerType(), notFoundResult, foundResult)));
             return;
         }
 
@@ -7726,7 +7734,7 @@ IGNORE_CLANG_WARNINGS_END
             m_out.branch(isString(element), unsure(fastPath), unsure(loopNext));
 
             m_out.appendTo(fastPath, slowCheckElementRope);
-            ValueFromBlock foundResult = m_out.anchor(index);
+            ValueFromBlock foundResult = isArrayIncludes ? m_out.anchor(m_out.constBool(true)) : m_out.anchor(index);
             m_out.branch(m_out.equal(element, searchElement), unsure(continuation), unsure(slowCheckElementRope));
 
             m_out.appendTo(slowCheckElementRope, slowCheckElement8Bit);
@@ -7775,17 +7783,20 @@ IGNORE_CLANG_WARNINGS_END
             m_out.jump(loopHeader);
 
             m_out.appendTo(notFound, continuation);
-            ValueFromBlock notFoundResult = m_out.anchor(m_out.constIntPtr(-1));
+            ValueFromBlock notFoundResult = isArrayIncludes ? m_out.anchor(m_out.constBool(false)) : m_out.anchor(m_out.constIntPtr(-1));
             m_out.jump(continuation);
 
             m_out.appendTo(slowCase, continuation);
-            ValueFromBlock slowCaseResult = m_out.anchor(vmCall(Int64, operationArrayIndexOfString, weakPointer(globalObject), storage, searchElement, startIndex));
+            ValueFromBlock slowCaseResult = isArrayIncludes ? m_out.anchor(vmCall(Int32, operationArrayIncludesString, weakPointer(globalObject), storage, searchElement, startIndex)) : m_out.anchor(vmCall(Int64, operationArrayIndexOfString, weakPointer(globalObject), storage, searchElement, startIndex));
             m_out.jump(continuation);
 
             m_out.appendTo(continuation, lastNext);
             // We have to keep base alive since that keeps content of storage alive.
             ensureStillAliveHere(base);
-            setInt32(m_out.castToInt32(m_out.phi(Int64, notFoundResult, foundResult, slowCaseResult)));
+            if (isArrayIncludes)
+                setBoolean(m_out.phi(Int32, notFoundResult, foundResult, slowCaseResult));
+            else
+                setInt32(m_out.castToInt32(m_out.phi(Int64, notFoundResult, foundResult, slowCaseResult)));
             return;
         }
 
@@ -7809,21 +7820,30 @@ IGNORE_CLANG_WARNINGS_END
                 RELEASE_ASSERT_NOT_REACHED();
                 break;
             }
-            setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfNonStringIdentityValueContiguous, storage, searchElement, startIndex)));
+            if (isArrayIncludes)
+                setBoolean(vmCall(Int32, operationArrayIncludesNonStringIdentityValueContiguous, storage, searchElement, startIndex));
+            else
+                setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfNonStringIdentityValueContiguous, storage, searchElement, startIndex)));
             return;
         }
 
         case UntypedUse:
             switch (m_node->arrayMode().type()) {
             case Array::Double:
-                setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueDouble, storage, lowJSValue(searchElementEdge), startIndex)));
+                if (isArrayIncludes)
+                    setBoolean(vmCall(Int32, operationArrayIncludesValueDouble, storage, lowJSValue(searchElementEdge), startIndex));
+                else
+                    setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueDouble, storage, lowJSValue(searchElementEdge), startIndex)));
                 return;
             case Array::Contiguous:
                 // We have to keep base alive since that keeps content of storage alive.
                 ensureStillAliveHere(base);
                 FALLTHROUGH;
             case Array::Int32:
-                setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueInt32OrContiguous, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex)));
+                if (isArrayIncludes)
+                    setBoolean(vmCall(Int32, operationArrayIncludesValueInt32OrContiguous, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex));
+                else
+                    setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueInt32OrContiguous, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex)));
                 return;
             default:
                 RELEASE_ASSERT_NOT_REACHED();
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
index b6b5404c8949d..64daf2e3b52d6 100644
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -68,6 +68,7 @@ static JSC_DECLARE_HOST_FUNCTION(arrayProtoFuncFill);
 static JSC_DECLARE_HOST_FUNCTION(arrayProtoFuncToReversed);
 static JSC_DECLARE_HOST_FUNCTION(arrayProtoFuncToSorted);
 static JSC_DECLARE_HOST_FUNCTION(arrayProtoFuncWith);
+static JSC_DECLARE_HOST_FUNCTION(arrayProtoFuncIncludes);
 
 // ------------------------------ ArrayPrototype ----------------------------
 
@@ -125,7 +126,7 @@ void ArrayPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject)
     JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().findLastPublicName(), arrayPrototypeFindLastCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
     JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().findIndexPublicName(), arrayPrototypeFindIndexCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
     JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().findLastIndexPublicName(), arrayPrototypeFindLastIndexCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
-    JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().includesPublicName(), arrayPrototypeIncludesCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
+    JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->includes, arrayProtoFuncIncludes, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, ImplementationVisibility::Public, ArrayIncludesIntrinsic);
     JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().copyWithinPublicName(), arrayPrototypeCopyWithinCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
     JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().atPublicName(), arrayPrototypeAtCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
     JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toReversed, arrayProtoFuncToReversed, static_cast<unsigned>(PropertyAttribute::DontEnum), 0, ImplementationVisibility::Public);
@@ -134,7 +135,7 @@ void ArrayPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject)
     JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->with, arrayProtoFuncWith, static_cast<unsigned>(PropertyAttribute::DontEnum), 2, ImplementationVisibility::Public);
     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().entriesPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().entriesPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().forEachPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().forEachPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
-    putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().includesPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().includesPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
+    putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().includesPrivateName(), getDirect(vm, vm.propertyNames->includes), static_cast<unsigned>(PropertyAttribute::ReadOnly));
     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().indexOfPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().indexOfPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().keysPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().keysPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().mapPrivateName(), getDirect(vm, vm.propertyNames->builtinNames().mapPublicName()), static_cast<unsigned>(PropertyAttribute::ReadOnly));
@@ -154,7 +155,7 @@ void ArrayPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject)
         &vm.propertyNames->builtinNames().findLastIndexPublicName(),
         &vm.propertyNames->builtinNames().flatPublicName(),
         &vm.propertyNames->builtinNames().flatMapPublicName(),
-        &vm.propertyNames->builtinNames().includesPublicName(),
+        &vm.propertyNames->includes,
         &vm.propertyNames->builtinNames().keysPublicName(),
         &vm.propertyNames->toReversed,
         &vm.propertyNames->toSorted,
@@ -2126,6 +2127,50 @@ JSC_DEFINE_HOST_FUNCTION(arrayProtoFuncWith, (JSGlobalObject* globalObject, Call
     return JSValue::encode(result);
 }
 
+JSC_DEFINE_HOST_FUNCTION(arrayProtoFuncIncludes, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue thisValue = callFrame->thisValue().toThis(globalObject, ECMAMode::strict());
+    RETURN_IF_EXCEPTION(scope, { });
+
+    if (UNLIKELY(thisValue.isUndefinedOrNull()))
+        return throwVMTypeError(globalObject, scope, "Array.prototype.includes requires that |this| not be null or undefined"_s);
+    auto* thisObject = thisValue.toObject(globalObject);
+    RETURN_IF_EXCEPTION(scope, { });
+
+    uint64_t length = toLength(globalObject, thisObject);
+    RETURN_IF_EXCEPTION(scope, { });
+
+    if (!length)
+        return JSValue::encode(jsBoolean(false));
+
+    uint64_t index = argumentClampedIndexFromStartOrEnd(globalObject, callFrame->argument(1), length, 0);
+    RETURN_IF_EXCEPTION(scope, { });
+
+    ASSERT(index <= length);
+    if (index == length)
+        return JSValue::encode(jsBoolean(false));
+
+    JSValue searchElement = callFrame->argument(0);
+
+    if (LIKELY(isJSArray(thisObject))) {
+        JSArray* thisArray = jsCast<JSArray*>(thisObject);
+        if (auto fastResult = thisArray->fastIncludes(globalObject, searchElement, index, length))
+            return JSValue::encode(jsBoolean(fastResult.value()));
+    }
+
+    for (; index < length; ++index) {
+        auto currentElement = thisObject->getIndex(globalObject, index);
+        RETURN_IF_EXCEPTION(scope, { });
+        if (sameValueZero(globalObject, searchElement, currentElement))
+            return JSValue::encode(jsBoolean(true));
+    }
+
+    return JSValue::encode(jsBoolean(false));
+}
+
 } // namespace JSC
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_END
diff --git a/Source/JavaScriptCore/runtime/CommonIdentifiers.h b/Source/JavaScriptCore/runtime/CommonIdentifiers.h
index 6bfa977720646..5165f0f3565e0 100644
--- a/Source/JavaScriptCore/runtime/CommonIdentifiers.h
+++ b/Source/JavaScriptCore/runtime/CommonIdentifiers.h
@@ -161,6 +161,7 @@
     macro(id) \
     macro(ignoreCase) \
     macro(ignorePunctuation) \
+    macro(includes) \
     macro(index) \
     macro(indices) \
     macro(inferredName) \
diff --git a/Source/JavaScriptCore/runtime/Intrinsic.h b/Source/JavaScriptCore/runtime/Intrinsic.h
index 4b886f779cc26..220ae250b6d61 100644
--- a/Source/JavaScriptCore/runtime/Intrinsic.h
+++ b/Source/JavaScriptCore/runtime/Intrinsic.h
@@ -56,6 +56,7 @@ namespace JSC {
     macro(ArrayPopIntrinsic) \
     macro(ArraySliceIntrinsic) \
     macro(ArraySpliceIntrinsic) \
+    macro(ArrayIncludesIntrinsic) \
     macro(ArrayIndexOfIntrinsic) \
     macro(ArrayValuesIntrinsic) \
     macro(ArrayKeysIntrinsic) \
diff --git a/Source/JavaScriptCore/runtime/JSArray.cpp b/Source/JavaScriptCore/runtime/JSArray.cpp
index f5e157840f99b..605c92520530c 100644
--- a/Source/JavaScriptCore/runtime/JSArray.cpp
+++ b/Source/JavaScriptCore/runtime/JSArray.cpp
@@ -734,6 +734,91 @@ JSArray* JSArray::fastWith(JSGlobalObject* globalObject, uint32_t index, JSValue
     }
 }
 
+std::optional<bool> JSArray::fastIncludes(JSGlobalObject* globalObject, JSValue searchElement, uint64_t index64, uint64_t length64)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    bool canDoFastPath = this->canDoFastIndexedAccess()
+        && this->getArrayLength() == length64 // The effects in getting `index` could have changed the length of this array.
+        && static_cast<uint32_t>(index64) == index64;
+    if (!canDoFastPath)
+        return std::nullopt;
+
+    uint32_t length = static_cast<uint32_t>(length64);
+    uint32_t index = static_cast<uint32_t>(index64);
+
+    switch (this->indexingType()) {
+    case ArrayWithInt32: {
+        auto& butterfly = *this->butterfly();
+        auto data = butterfly.contiguous().data();
+
+        if (searchElement.isUndefined())
+            return containsHole(data, length64);
+        if (!searchElement.isNumber())
+            return false;
+        JSValue searchInt32;
+        if (searchElement.isInt32())
+            searchInt32 = searchElement;
+        else {
+            double searchNumber = searchElement.asNumber();
+            if (!canBeInt32(searchNumber))
+                return false;
+            searchInt32 = jsNumber(static_cast<int32_t>(searchNumber));
+        }
+        for (; index < length; ++index) {
+            if (searchInt32 == data[index].get())
+                return true;
+        }
+        return false;
+    }
+    case ArrayWithContiguous: {
+        auto& butterfly = *this->butterfly();
+        auto data = butterfly.contiguous().data();
+
+        if (searchElement.isObject()) {
+            auto* result = std::bit_cast<const WriteBarrier<Unknown>*>(WTF::find64(std::bit_cast<const uint64_t*>(data + index), JSValue::encode(searchElement), length - index));
+            if (result)
+                return true;
+            return false;
+        }
+
+        bool searchElementIsUndefined = searchElement.isUndefined();
+        for (; index < length; ++index) {
+            JSValue value = data[index].get();
+            if (!value) {
+                if (searchElementIsUndefined)
+                    return true;
+                continue;
+            }
+            bool isEqual = sameValueZero(globalObject, searchElement, value);
+            RETURN_IF_EXCEPTION(scope, { });
+            if (isEqual)
+                return true;
+        }
+        return false;
+    }
+    case ALL_DOUBLE_INDEXING_TYPES: {
+        auto& butterfly = *this->butterfly();
+        auto data = butterfly.contiguousDouble().data();
+
+        if (searchElement.isUndefined())
+            return containsHole(data, length64);
+        if (!searchElement.isNumber())
+            return false;
+
+        double searchNumber = searchElement.asNumber();
+        for (; index < length; ++index) {
+            if (data[index] == searchNumber)
+                return true;
+        }
+        return false;
+    }
+    default:
+        return std::nullopt;
+    }
+}
+
 bool JSArray::appendMemcpy(JSGlobalObject* globalObject, VM& vm, unsigned startIndex, IndexingType otherType, std::span<const EncodedJSValue> values)
 {
     auto scope = DECLARE_THROW_SCOPE(vm);
diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index e26dac32883f9..9ad15922ad58d 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h
@@ -125,6 +125,8 @@ class JSArray : public JSNonFinalObject {
 
     JSArray* fastWith(JSGlobalObject*, uint32_t index, JSValue, uint64_t length);
 
+    std::optional<bool> fastIncludes(JSGlobalObject*, JSValue,  uint64_t fromIndex, uint64_t length);
+
     ALWAYS_INLINE bool definitelyNegativeOneMiss() const;
 
     enum ShiftCountMode {
diff --git a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h
index 3010335e0101b..7d6b82faf7203 100644
--- a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h
+++ b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h
@@ -1479,4 +1479,26 @@ ALWAYS_INLINE bool sameValue(JSGlobalObject* globalObject, JSValue a, JSValue b)
     return std::bit_cast<uint64_t>(x) == std::bit_cast<uint64_t>(y);
 }
 
+ALWAYS_INLINE bool sameValueZero(JSGlobalObject* globalObject, JSValue a, JSValue b)
+{
+    if (a == b)
+        return true;
+
+    if (!a.isNumber())
+        return JSValue::strictEqual(globalObject, a, b);
+    if (!b.isNumber())
+        return false;
+    double x = a.asNumber();
+    double y = b.asNumber();
+    if (std::isnan(x))
+        return std::isnan(y);
+    if (std::isnan(y))
+        return std::isnan(x);
+    if (!x && y == -0)
+        return true;
+    if (x == -0 && !y)
+        return true;
+    return std::bit_cast<uint64_t>(x) == std::bit_cast<uint64_t>(y);
+}
+
 } // namespace JSC

From 6e8fef40092d06a84de870150952f169c94bd953 Mon Sep 17 00:00:00 2001
From: Sosuke Suzuki <aosukeke@gmail.com>
Date: Sun, 23 Feb 2025 00:24:21 -0800
Subject: [PATCH 086/174] [JSC] Close Iterator Helpers underlying iterator when
 arguments are invalid https://bugs.webkit.org/show_bug.cgi?id=284709

Reviewed by Yusuke Suzuki.

The normative change[1] that requires closing underlying iterators when
argument validation fails for iterator helpers reached consensus at the
TC39 meeting in December 2024[2].

This patch implements it.

[1]: https://github.com/tc39/ecma262/pull/3467
[2]: https://github.com/tc39/agendas/blob/main/2024/12.md

* JSTests/stress/iterator-helpers-close-for-invalid-argument.js: Added.
(shouldThrow):
(shouldBe):
(throw.new.Error.let.closable.get next):
(throw.new.Error):
(shouldBe.let.closable.get next):
(shouldBe.OurError):
(let.closable.get next):
(shouldBe.get shouldBe):
(OurError):
(get shouldBe):
* Source/JavaScriptCore/builtins/JSIteratorPrototype.js:
(some.wrapper.iterator):
(some):
(every.wrapper.iterator):
(every):
(find.wrapper.iterator):
(find):
(reduce):

Canonical link: https://commits.webkit.org/290907@main
---
 ...ator-helpers-close-for-invalid-argument.js | 296 ++++++++++++++++++
 JSTests/test262/expectations.yaml             |  30 --
 .../builtins/JSIteratorPrototype.js           |  64 ++--
 .../runtime/JSIteratorPrototype.cpp           |   5 +-
 4 files changed, 344 insertions(+), 51 deletions(-)
 create mode 100644 JSTests/stress/iterator-helpers-close-for-invalid-argument.js

diff --git a/JSTests/stress/iterator-helpers-close-for-invalid-argument.js b/JSTests/stress/iterator-helpers-close-for-invalid-argument.js
new file mode 100644
index 0000000000000..9f5b0d0ca8605
--- /dev/null
+++ b/JSTests/stress/iterator-helpers-close-for-invalid-argument.js
@@ -0,0 +1,296 @@
+function shouldThrow(errorType, func) {
+    let error;
+    try {
+        func();
+    } catch (e) {
+        error = e;
+    }
+    if (!(error instanceof errorType)) {
+        print(error.message);
+        throw new Error(`Expected ${errorType.name}! got ${error.name}`);
+    }
+}
+
+function shouldBe(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+{
+    // Iterator.prototype.map
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.map();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.map({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.filter
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.filter();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.filter({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.take
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+
+    shouldThrow(RangeError, function() {
+      closable.take();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(RangeError, function() {
+      closable.take(NaN);
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(RangeError, function() {
+      closable.take(-1);
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    function OurError() {}
+    shouldThrow(OurError, function() {
+      closable.take({ get valueOf() { throw new OurError(); }});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.drop
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+
+    shouldThrow(RangeError, function() {
+      closable.drop();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(RangeError, function() {
+      closable.drop(NaN);
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(RangeError, function() {
+      closable.drop(-1);
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    function OurError() {}
+    shouldThrow(OurError, function() {
+      closable.drop({ get valueOf() { throw new OurError(); }});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.flatMap
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.flatMap();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.flatMap({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.some
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.some();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.some({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.every
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.every();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.every({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.find
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.find();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.find({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.reduce
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.reduce();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.reduce({});
+    });
+    shouldBe(closed, true);
+}
+
+{
+    // Iterator.prototype.forEach
+    let closed = false;
+    let closable = {
+      __proto__: Iterator.prototype,
+      get next() {
+        throw new Error('next should not be read');
+      },
+      return() {
+        closed = true;
+        return {};
+      },
+    };
+    shouldThrow(TypeError, function() {
+      closable.forEach();
+    });
+    shouldBe(closed, true);
+
+    closed = false;
+    shouldThrow(TypeError, function() {
+      closable.forEach({});
+    });
+    shouldBe(closed, true);
+}
+
diff --git a/JSTests/test262/expectations.yaml b/JSTests/test262/expectations.yaml
index cc3b310653991..9fa3050af5f96 100644
--- a/JSTests/test262/expectations.yaml
+++ b/JSTests/test262/expectations.yaml
@@ -25,36 +25,6 @@ test/built-ins/Iterator/concat/fresh-iterator-result.js:
 test/built-ins/Iterator/concat/next-method-returns-throwing-value.js:
   default: 'Test262Error: '
   strict mode: 'Test262Error: '
-test/built-ins/Iterator/prototype/drop/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/every/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/filter/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/find/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/flatMap/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/forEach/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/map/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/reduce/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/some/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
-test/built-ins/Iterator/prototype/take/argument-validation-failure-closes-underlying.js:
-  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«false», «true») to be true'
 test/built-ins/Object/entries/order-after-define-property-with-function.js:
   default: 'Test262Error: Actual [a, name] and expected [name, a] should have the same contents. '
   strict mode: 'Test262Error: Actual [a, name] and expected [name, a] should have the same contents. '
diff --git a/Source/JavaScriptCore/builtins/JSIteratorPrototype.js b/Source/JavaScriptCore/builtins/JSIteratorPrototype.js
index d3bb67d5657e8..113612a26be25 100644
--- a/Source/JavaScriptCore/builtins/JSIteratorPrototype.js
+++ b/Source/JavaScriptCore/builtins/JSIteratorPrototype.js
@@ -32,8 +32,10 @@ function map(mapper)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.map requires that |this| be an Object.");
 
-    if (!@isCallable(mapper))
+    if (!@isCallable(mapper)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.map callback must be a function.");
+    }
 
     var iterated = this;
     var iteratedNextMethod = iterated.next;
@@ -63,8 +65,10 @@ function filter(predicate)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.filter requires that |this| be an Object.");
 
-    if (!@isCallable(predicate))
+    if (!@isCallable(predicate)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.filter callback must be a function.");
+    }
 
     var iterated = this;
     var iteratedNextMethod = iterated.next;
@@ -94,13 +98,18 @@ function take(limit)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.take requires that |this| be an Object.");
 
-    var numLimit = @toNumber(limit);
-    if (numLimit !== numLimit)
+    var numLimit;
+    @ifAbruptCloseIterator(this, numLimit = @toNumber(limit));
+    if (numLimit !== numLimit) {
+        @iteratorGenericClose(this);
         @throwRangeError("Iterator.prototype.take argument must not be NaN.");
+    }
 
     var intLimit = @toIntegerOrInfinity(numLimit);
-    if (intLimit < 0)
+    if (intLimit < 0) {
+        @iteratorGenericClose(this);
         @throwRangeError("Iterator.prototype.take argument must be non-negative.");
+    }
 
     var iterated = this;
     var iteratedNextMethod = iterated.next;
@@ -138,13 +147,18 @@ function drop(limit)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.drop requires that |this| be an Object.");
 
-    var numLimit = @toNumber(limit);
-    if (numLimit !== numLimit)
+    var numLimit;
+    @ifAbruptCloseIterator(this, (numLimit = @toNumber(limit)));
+    if (numLimit !== numLimit) {
+        @iteratorGenericClose(this);
         @throwRangeError("Iterator.prototype.drop argument must not be NaN.");
+    }
 
     var intLimit = @toIntegerOrInfinity(numLimit);
-    if (intLimit < 0)
+    if (intLimit < 0) {
+        @iteratorGenericClose(this);
         @throwRangeError("Iterator.prototype.drop argument must be non-negative.");
+    }
 
     var iterated = this;
     var iteratedNextMethod = iterated.next;
@@ -179,8 +193,10 @@ function flatMap(mapper)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.flatMap requires that |this| be an Object.");
 
-    if (!@isCallable(mapper))
+    if (!@isCallable(mapper)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.flatMap callback must be a function.");
+    }
 
     var iterated = this;
     var iteratedNextMethod = iterated.next;
@@ -212,12 +228,14 @@ function some(predicate)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.some requires that |this| be an Object.");
 
-    if (!@isCallable(predicate))
+    if (!@isCallable(predicate)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.some callback must be a function.");
+    }
 
+    var iterated = this;
     var count = 0;
-    var iterator = this;
-    var wrapper = { @@iterator: function () { return iterator; }};
+    var wrapper = { @@iterator: function () { return iterated; }};
     for (var item of wrapper) {
         if (predicate(item, count++))
             return true;
@@ -234,12 +252,14 @@ function every(predicate)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.every requires that |this| be an Object.");
 
-    if (!@isCallable(predicate))
+    if (!@isCallable(predicate)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.every callback must be a function.");
+    }
 
+    var iterated = this;
     var count = 0;
-    var iterator = this;
-    var wrapper = { @@iterator: function () { return iterator; }};
+    var wrapper = { @@iterator: function () { return iterated; }};
     for (var item of wrapper) {
         if (!predicate(item, count++))
             return false;
@@ -256,12 +276,14 @@ function find(predicate)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.find requires that |this| be an Object.");
 
-    if (!@isCallable(predicate))
+    if (!@isCallable(predicate)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.find callback must be a function.");
+    }
 
+    var iterated = this;
     var count = 0;
-    var iterator = this;
-    var wrapper = { @@iterator: function () { return iterator; }};
+    var wrapper = { @@iterator: function () { return iterated; }};
     for (var item of wrapper) {
         if (predicate(item, count++))
             return item;
@@ -278,12 +300,14 @@ function reduce(reducer /*, initialValue */)
     if (!@isObject(this))
         @throwTypeError("Iterator.prototype.reduce requires that |this| be an Object.");
 
-    if (!@isCallable(reducer))
+    if (!@isCallable(reducer)) {
+        @iteratorGenericClose(this);
         @throwTypeError("Iterator.prototype.reduce reducer argument must be a function.");
+    }
 
+    var iterated = this;
     var initialValue = @argument(1);
 
-    var iterated = this;
     var iteratedNextMethod = this.next;
 
     var accumulator;
diff --git a/Source/JavaScriptCore/runtime/JSIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/JSIteratorPrototype.cpp
index 26a2501bbfb76..c4d1a2d5820c2 100644
--- a/Source/JavaScriptCore/runtime/JSIteratorPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/JSIteratorPrototype.cpp
@@ -162,8 +162,11 @@ JSC_DEFINE_HOST_FUNCTION(iteratorProtoFuncForEach, (JSGlobalObject* globalObject
         return throwVMTypeError(globalObject, scope, "Iterator.prototype.forEach requires that |this| be an Object."_s);
 
     JSValue callbackArg = callFrame->argument(0);
-    if (!callbackArg.isCallable())
+    if (!callbackArg.isCallable()) {
+        iteratorClose(globalObject, thisValue);
+        RETURN_IF_EXCEPTION(scope, { });
         return throwVMTypeError(globalObject, scope, "Iterator.prototype.forEach requires the callback argument to be callable."_s);
+    }
 
     auto callData = JSC::getCallData(callbackArg);
     ASSERT(callData.type != CallData::Type::None);

From 1b9a2025ca119638448bfa4fc1e3b7875a1d4a81 Mon Sep 17 00:00:00 2001
From: Tyler Wilcock <tyler_w@apple.com>
Date: Sun, 23 Feb 2025 08:27:21 -0800
Subject: [PATCH 087/174] AX: With ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE) we
 need to eagerly recompute is-ignored for descendants of aria-hidden elements
 https://bugs.webkit.org/show_bug.cgi?id=288299 rdar://145387158

Reviewed by Chris Fleizach.

Prior to ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE), we handled dynamic aria-hidden changes with AXObjectCache::childrenChanged.
However, with ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE), there are no actual accessibility tree changes, just different
is-ignored values for the subtree. This fixes these two tests:

  - accessibility/aria-hidden-updates-alldescendants.html
  - accessibility/mac/iframe-aria-hidden.html

This commit also fixes an existing bug exposed by ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE) where we don't process
childrenChanged events when the elements filling a slot change, which impacts the accessibility tree. This fixes
accessibility/mac/invalid-summary-element.html.

Finally, we fix accessibility/details-summary-content-hidden.html by making the test more async.

* LayoutTests/accessibility/details-summary-content-hidden.html:
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::onSlottedContentChange):
(WebCore::AXObjectCache::handleAttributeChange):
* Source/WebCore/accessibility/AXObjectCache.h:
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::addNodeOnlyChildren):
* Source/WebCore/dom/SlotAssignment.cpp:
(WebCore::NamedSlotAssignment::didChangeSlot):
* Source/WebCore/html/HTMLSlotElement.cpp:
(WebCore::HTMLSlotElement::updateAccessibilityOnSlotChange const):
* Source/WebCore/html/HTMLSlotElement.h:

Canonical link: https://commits.webkit.org/290908@main
---
 .../details-summary-content-hidden.html            |  2 +-
 Source/WebCore/accessibility/AXObjectCache.cpp     | 14 ++++++++++++++
 Source/WebCore/accessibility/AXObjectCache.h       |  1 +
 .../accessibility/AccessibilityRenderObject.cpp    |  2 +-
 Source/WebCore/dom/SlotAssignment.cpp              |  2 ++
 Source/WebCore/html/HTMLSlotElement.cpp            |  6 ++++++
 Source/WebCore/html/HTMLSlotElement.h              |  1 +
 7 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/LayoutTests/accessibility/details-summary-content-hidden.html b/LayoutTests/accessibility/details-summary-content-hidden.html
index ebde88a63c8f6..740675c6aeb25 100644
--- a/LayoutTests/accessibility/details-summary-content-hidden.html
+++ b/LayoutTests/accessibility/details-summary-content-hidden.html
@@ -33,7 +33,7 @@
         document.getElementById("details").removeAttribute("open");
         output += await expectAsync("details.isExpanded", "false");
         output += await expectAsync("summary.isExpanded", "false");
-        output += expect("!accessibilityController.accessibleElementById('content')", "true");
+        output += await expectAsync("!accessibilityController.accessibleElementById('content')", "true");
 
         debug(output);
         finishJSTest();
diff --git a/Source/WebCore/accessibility/AXObjectCache.cpp b/Source/WebCore/accessibility/AXObjectCache.cpp
index db3ecfc068853..bdd3887ec5934 100644
--- a/Source/WebCore/accessibility/AXObjectCache.cpp
+++ b/Source/WebCore/accessibility/AXObjectCache.cpp
@@ -1956,6 +1956,11 @@ void AXObjectCache::onSelectedChanged(Element& element)
     handleTabPanelSelected(nullptr, &element);
 }
 
+void AXObjectCache::onSlottedContentChange(const HTMLSlotElement& slot)
+{
+    childrenChanged(get(const_cast<HTMLSlotElement&>(slot)));
+}
+
 void AXObjectCache::onStyleChange(Element& element, Style::Change change, const RenderStyle* oldStyle, const RenderStyle* newStyle)
 {
     if (change == Style::Change::None || !oldStyle || !newStyle)
@@ -2868,8 +2873,17 @@ void AXObjectCache::handleAttributeChange(Element* element, const QualifiedName&
     else if (attrName == aria_haspopupAttr)
         postNotification(element, AXNotification::HasPopupChanged);
     else if (attrName == aria_hiddenAttr) {
+#if ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
+        if (RefPtr axObject = getOrCreate(*element)) {
+            Accessibility::enumerateDescendantsIncludingIgnored<AXCoreObject>(*axObject, /* includeSelf */ true, [] (auto& descendant) {
+                downcast<AccessibilityObject>(descendant).recomputeIsIgnored();
+            });
+        }
+#else
         if (RefPtr parent = get(element->parentNode()))
             childrenChanged(parent.get());
+#endif // ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE)
+
 
         if (m_currentModalElement && m_currentModalElement->isDescendantOf(element))
             deferModalChange(*m_currentModalElement);
diff --git a/Source/WebCore/accessibility/AXObjectCache.h b/Source/WebCore/accessibility/AXObjectCache.h
index 2be583a117f8a..78ed83fdcf8b0 100644
--- a/Source/WebCore/accessibility/AXObjectCache.h
+++ b/Source/WebCore/accessibility/AXObjectCache.h
@@ -362,6 +362,7 @@ class AXObjectCache final : public CanMakeWeakPtr<AXObjectCache>, public CanMake
     void onPopoverToggle(const HTMLElement&);
     void onScrollbarFrameRectChange(const Scrollbar&);
     void onSelectedChanged(Element&);
+    void onSlottedContentChange(const HTMLSlotElement&);
     void onStyleChange(Element&, Style::Change, const RenderStyle* oldStyle, const RenderStyle* newStyle);
     void onStyleChange(RenderText&, StyleDifference, const RenderStyle* oldStyle, const RenderStyle& newStyle);
     void onTextSecurityChanged(HTMLInputElement&);
diff --git a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
index 62e414e773353..5d2dcc55fbc13 100644
--- a/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
+++ b/Source/WebCore/accessibility/AccessibilityRenderObject.cpp
@@ -2434,7 +2434,7 @@ void AccessibilityRenderObject::addNodeOnlyChildren()
     WeakPtr cache = axObjectCache();
     if (!cache)
         return;
-    // FIXME: This algorithm does not work correctly when ENABLE(INCLUDE_IGNORED_IN_CORE_TREE) due to use of m_children, as this algorithm is written assuming m_children only every contains unignored objects.
+    // FIXME: This algorithm does not work correctly when ENABLE(INCLUDE_IGNORED_IN_CORE_AX_TREE) due to use of m_children, as this algorithm is written assuming m_children only every contains unignored objects.
     // Iterate through all of the children, including those that may have already been added, and
     // try to insert the nodes in the correct place in the DOM order.
     unsigned insertionIndex = 0;
diff --git a/Source/WebCore/dom/SlotAssignment.cpp b/Source/WebCore/dom/SlotAssignment.cpp
index e27a1059bcba0..e8fec25e98736 100644
--- a/Source/WebCore/dom/SlotAssignment.cpp
+++ b/Source/WebCore/dom/SlotAssignment.cpp
@@ -322,6 +322,8 @@ void NamedSlotAssignment::didChangeSlot(const AtomString& slotAttrValue, ShadowR
 
     if (slotElement->selfOrPrecedingNodesAffectDirAuto())
         slotElement->updateEffectiveTextDirection();
+
+    slotElement->updateAccessibilityOnSlotChange();
 }
 
 void NamedSlotAssignment::didRemoveAllChildrenOfShadowHost(ShadowRoot& shadowRoot)
diff --git a/Source/WebCore/html/HTMLSlotElement.cpp b/Source/WebCore/html/HTMLSlotElement.cpp
index d0ec3018ac38b..7a7a7791f5fe8 100644
--- a/Source/WebCore/html/HTMLSlotElement.cpp
+++ b/Source/WebCore/html/HTMLSlotElement.cpp
@@ -232,4 +232,10 @@ void HTMLSlotElement::dispatchSlotChangeEvent()
     dispatchEvent(event);
 }
 
+void HTMLSlotElement::updateAccessibilityOnSlotChange() const
+{
+    if (CheckedPtr cache = protectedDocument()->existingAXObjectCache())
+        cache->onSlottedContentChange(*this);
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/html/HTMLSlotElement.h b/Source/WebCore/html/HTMLSlotElement.h
index 408428de7b588..defc4429b13fa 100644
--- a/Source/WebCore/html/HTMLSlotElement.h
+++ b/Source/WebCore/html/HTMLSlotElement.h
@@ -55,6 +55,7 @@ class HTMLSlotElement final : public HTMLElement {
 
     bool isInInsertedIntoAncestor() const { return m_isInInsertedIntoAncestor; }
 
+    void updateAccessibilityOnSlotChange() const;
 private:
     HTMLSlotElement(const QualifiedName&, Document&);
 

From c3154758f699e01b87a4f519d000c05dc2bf0ecd Mon Sep 17 00:00:00 2001
From: Kiet Ho <kiet.ho@apple.com>
Date: Sun, 23 Feb 2025 09:39:49 -0800
Subject: [PATCH 088/174] [css-anchor-position-1] Implement parsing
 `anchor-scope` rdar://145016336
 https://bugs.webkit.org/show_bug.cgi?id=287835

Reviewed by Tim Nguyen.

* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-computed-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-parsing-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope.html:
* LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-001-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-001-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/property-list.js:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* LayoutTests/platform/ipad/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* Source/WebCore/Headers.cmake:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/animation/CSSPropertyAnimation.cpp:
(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
* Source/WebCore/css/CSSProperties.json:
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::valueForNameScope):
(WebCore::ComputedStyleExtractor::valueForPropertyInStyle const):
(WebCore::valueForNameScopeNames): Deleted.
* Source/WebCore/rendering/style/NameScope.h: Renamed from Source/WebCore/css/NameScope.h.
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::conservativelyCollectChangedAnimatableProperties const):
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::RenderStyle::anchorScope const):
(WebCore::RenderStyle::initialAnchorScope):
* Source/WebCore/rendering/style/RenderStyleSetters.h:
(WebCore::RenderStyle::setAnchorScope):
* Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator== const):
(WebCore::StyleRareNonInheritedData::dumpDifferences const):
* Source/WebCore/rendering/style/StyleRareNonInheritedData.h:

Canonical link: https://commits.webkit.org/290909@main
---
 .../anchor-scope-computed-expected.txt        | 16 ++++----
 .../parsing/anchor-scope-parsing-expected.txt | 18 ++++-----
 .../all-prop-initial-xml-expected.txt         |  1 +
 .../properties/anchor-scope-expected.txt      | 18 ++++-----
 .../properties/anchor-scope.html              |  3 +-
 ...accumulation-per-property-001-expected.txt |  3 ++
 .../addition-per-property-001-expected.txt    |  3 ++
 ...nterpolation-per-property-001-expected.txt |  4 ++
 .../animation-types/property-list.js          |  6 +++
 .../all-prop-initial-xml-expected.txt         |  1 +
 .../all-prop-initial-xml-expected.txt         |  1 +
 .../all-prop-initial-xml-expected.txt         |  1 +
 .../all-prop-initial-xml-expected.txt         |  1 +
 Source/WebCore/Headers.cmake                  |  2 +-
 .../WebCore/WebCore.xcodeproj/project.pbxproj |  4 +-
 .../animation/CSSPropertyAnimation.cpp        |  1 +
 Source/WebCore/css/CSSProperties.json         | 13 ++++++
 Source/WebCore/css/ComputedStyleExtractor.cpp | 40 +++++++++++--------
 .../{css => rendering/style}/NameScope.h      |  0
 .../WebCore/rendering/style/RenderStyle.cpp   |  2 +
 Source/WebCore/rendering/style/RenderStyle.h  |  4 ++
 .../rendering/style/RenderStyleInlines.h      |  2 +
 .../rendering/style/RenderStyleSetters.h      |  1 +
 .../style/StyleRareNonInheritedData.cpp       |  4 ++
 .../style/StyleRareNonInheritedData.h         |  1 +
 25 files changed, 103 insertions(+), 47 deletions(-)
 rename Source/WebCore/{css => rendering/style}/NameScope.h (100%)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-computed-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-computed-expected.txt
index dd7ad4e07956f..1ee8fd1c6a178 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-computed-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-computed-expected.txt
@@ -1,10 +1,10 @@
 
-FAIL Property anchor-scope value 'none' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope value 'initial' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope value 'all' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope value '--a' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope value '--a, --b' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope value '--a, --b, --c' assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope has initial value none assert_true: anchor-scope doesn't seem to be supported in the computed style expected true got false
-FAIL Property anchor-scope does not inherit assert_true: expected true got false
+PASS Property anchor-scope value 'none'
+PASS Property anchor-scope value 'initial'
+PASS Property anchor-scope value 'all'
+PASS Property anchor-scope value '--a'
+PASS Property anchor-scope value '--a, --b'
+PASS Property anchor-scope value '--a, --b, --c'
+PASS Property anchor-scope has initial value none
+PASS Property anchor-scope does not inherit
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-parsing-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-parsing-expected.txt
index d9f375da906b3..bd1324b500889 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-parsing-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/anchor-scope-parsing-expected.txt
@@ -1,13 +1,13 @@
 
-FAIL e.style['anchor-scope'] = "initial" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "inherit" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "unset" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "revert" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "none" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "all" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "--a" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "--a, --b" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['anchor-scope'] = "--a, --b, --c" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['anchor-scope'] = "initial" should set the property value
+PASS e.style['anchor-scope'] = "inherit" should set the property value
+PASS e.style['anchor-scope'] = "unset" should set the property value
+PASS e.style['anchor-scope'] = "revert" should set the property value
+PASS e.style['anchor-scope'] = "none" should set the property value
+PASS e.style['anchor-scope'] = "all" should set the property value
+PASS e.style['anchor-scope'] = "--a" should set the property value
+PASS e.style['anchor-scope'] = "--a, --b" should set the property value
+PASS e.style['anchor-scope'] = "--a, --b, --c" should set the property value
 PASS e.style['anchor-scope'] = "--a none" should not set the property value
 PASS e.style['anchor-scope'] = "none --a" should not set the property value
 PASS e.style['anchor-scope'] = "none all" should not set the property value
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 74ebf7b10d867..5a777b92bb4f5 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -8,6 +8,7 @@ PASS align-items
 PASS align-self
 PASS alignment-baseline
 PASS anchor-name
+PASS anchor-scope
 PASS animation-composition
 PASS animation-delay
 PASS animation-direction
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope-expected.txt
index f03cc1c6582dc..4dce0cb773bfd 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope-expected.txt
@@ -1,11 +1,12 @@
 
-FAIL Can set 'anchor-scope' to CSS-wide keywords: initial Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to CSS-wide keywords: inherit Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to CSS-wide keywords: unset Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to CSS-wide keywords: revert Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to var() references:  var(--A) Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to the 'none' keyword: none Invalid property anchor-scope
-FAIL Can set 'anchor-scope' to the 'all' keyword: all Invalid property anchor-scope
+PASS Can set 'anchor-scope' to CSS-wide keywords: initial
+PASS Can set 'anchor-scope' to CSS-wide keywords: inherit
+PASS Can set 'anchor-scope' to CSS-wide keywords: unset
+PASS Can set 'anchor-scope' to CSS-wide keywords: revert
+PASS Can set 'anchor-scope' to var() references:  var(--A)
+PASS Can set 'anchor-scope' to the 'none' keyword: none
+PASS Can set 'anchor-scope' to the 'all' keyword: all
+PASS Can set 'anchor-scope' to the '--a' keyword: --a
 PASS Setting 'anchor-scope' to a length: 0px throws TypeError
 PASS Setting 'anchor-scope' to a length: -3.14em throws TypeError
 PASS Setting 'anchor-scope' to a length: 3.14cm throws TypeError
@@ -32,6 +33,5 @@ PASS Setting 'anchor-scope' to a number: calc(2 + 3) throws TypeError
 PASS Setting 'anchor-scope' to a transform: translate(50%, 50%) throws TypeError
 PASS Setting 'anchor-scope' to a transform: perspective(10em) throws TypeError
 PASS Setting 'anchor-scope' to a transform: translate3d(0px, 1px, 2px) translate(0px, 1px) rotate3d(1, 2, 3, 45deg) rotate(45deg) scale3d(1, 2, 3) scale(1, 2) skew(1deg, 1deg) skewX(1deg) skewY(45deg) perspective(1px) matrix3d(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16) matrix(1, 2, 3, 4, 5, 6) throws TypeError
-FAIL 'anchor-scope' does not support '--a' Invalid property anchor-scope
-FAIL 'anchor-scope' does not support '--a, --b' Invalid property anchor-scope
+PASS 'anchor-scope' does not support '--a, --b'
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope.html b/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope.html
index 1d37b26054cbb..58ee98e3e9408 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties/anchor-scope.html
@@ -13,10 +13,11 @@
 runPropertyTests('anchor-scope', [
   { syntax: 'none' },
   { syntax: 'all' },
+  { syntax: '--a' },
 ]);
 
 runUnsupportedPropertyTests('anchor-scope', [
-  '--a', '--a, --b'
+  '--a, --b'
 ]);
 
 </script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-001-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-001-expected.txt
index 9f47abc493804..b03c71d043718 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-001-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-001-expected.txt
@@ -12,6 +12,9 @@ PASS align-items: "flex-start" onto "flex-end"
 PASS align-self (type: discrete) has testAccumulation function
 PASS align-self: "flex-end" onto "flex-start"
 PASS align-self: "flex-start" onto "flex-end"
+PASS anchor-scope (type: discrete) has testAccumulation function
+PASS anchor-scope: "all" onto "none"
+PASS anchor-scope: "none" onto "all"
 PASS appearance (type: discrete) has testAccumulation function
 PASS appearance: "none" onto "auto"
 PASS appearance: "auto" onto "none"
diff --git a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-001-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-001-expected.txt
index 45aa3fdad56d4..b873288784682 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-001-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-001-expected.txt
@@ -12,6 +12,9 @@ PASS align-items: "flex-start" onto "flex-end"
 PASS align-self (type: discrete) has testAddition function
 PASS align-self: "flex-end" onto "flex-start"
 PASS align-self: "flex-start" onto "flex-end"
+PASS anchor-scope (type: discrete) has testAddition function
+PASS anchor-scope: "all" onto "none"
+PASS anchor-scope: "none" onto "all"
 PASS appearance (type: discrete) has testAddition function
 PASS appearance: "none" onto "auto"
 PASS appearance: "auto" onto "none"
diff --git a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt
index 94d31e0b1d467..de7cb25e695bd 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt
@@ -16,6 +16,10 @@ PASS align-self (type: discrete) has testInterpolation function
 PASS align-self uses discrete animation when animating between "flex-start" and "flex-end" with linear easing
 PASS align-self uses discrete animation when animating between "flex-start" and "flex-end" with effect easing
 PASS align-self uses discrete animation when animating between "flex-start" and "flex-end" with keyframe easing
+PASS anchor-scope (type: discrete) has testInterpolation function
+PASS anchor-scope uses discrete animation when animating between "none" and "all" with linear easing
+PASS anchor-scope uses discrete animation when animating between "none" and "all" with effect easing
+PASS anchor-scope uses discrete animation when animating between "none" and "all" with keyframe easing
 PASS appearance (type: discrete) has testInterpolation function
 PASS appearance uses discrete animation when animating between "auto" and "none" with linear easing
 PASS appearance uses discrete animation when animating between "auto" and "none" with effect easing
diff --git a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/property-list.js b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/property-list.js
index 41fc9fa5d068a..f31ee8e4ccf05 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/property-list.js
+++ b/LayoutTests/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/property-list.js
@@ -25,6 +25,12 @@ const gCSSProperties1 = {
       { type: 'discrete', options: [ [ 'flex-start', 'flex-end' ] ] }
     ]
   },
+  'anchor-scope': {
+    // https://drafts.csswg.org/css-anchor-position-1/#anchor-scope
+    types: [
+      { type: 'discrete', options: [ [ 'none', 'all' ] ] }
+    ]
+  },
   'appearance': {
     // https://drafts.csswg.org/css-ui/#appearance-switching
     types: [
diff --git a/LayoutTests/platform/glib/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/glib/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 4a781e829c7cd..c9140fa486625 100644
--- a/LayoutTests/platform/glib/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/glib/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -8,6 +8,7 @@ PASS align-items
 PASS align-self
 PASS alignment-baseline
 PASS anchor-name
+PASS anchor-scope
 PASS animation-composition
 PASS animation-delay
 PASS animation-direction
diff --git a/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 0536a1d3a5a4b..eb54e0161547c 100644
--- a/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -8,6 +8,7 @@ PASS align-items
 PASS align-self
 PASS alignment-baseline
 PASS anchor-name
+PASS anchor-scope
 PASS animation-composition
 PASS animation-delay
 PASS animation-direction
diff --git a/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 5a892636fbc2e..a2c0758283744 100644
--- a/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -8,6 +8,7 @@ PASS align-items
 PASS align-self
 PASS alignment-baseline
 PASS anchor-name
+PASS anchor-scope
 PASS animation-composition
 PASS animation-delay
 PASS animation-direction
diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 7faec1d6de09c..8a0b59818c9b7 100644
--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -8,6 +8,7 @@ PASS align-items
 PASS align-self
 PASS alignment-baseline
 PASS anchor-name
+PASS anchor-scope
 PASS animation-composition
 PASS animation-delay
 PASS animation-direction
diff --git a/Source/WebCore/Headers.cmake b/Source/WebCore/Headers.cmake
index 902dca60b9717..b587108cceb32 100644
--- a/Source/WebCore/Headers.cmake
+++ b/Source/WebCore/Headers.cmake
@@ -940,7 +940,6 @@ set(WebCore_PRIVATE_FRAMEWORK_HEADERS
     css/MediaList.h
     css/MediaQueryParserContext.h
     css/MutableStyleProperties.h
-    css/NameScope.h
     css/Quad.h
     css/Rect.h
     css/RectBase.h
@@ -2615,6 +2614,7 @@ set(WebCore_PRIVATE_FRAMEWORK_HEADERS
     rendering/style/GridTrackSize.h
     rendering/style/LineClampValue.h
     rendering/style/ListStyleType.h
+    rendering/style/NameScope.h
     rendering/style/NinePieceImage.h
     rendering/style/OffsetRotation.h
     rendering/style/OutlineValue.h
diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
index 825269af0e9b4..57711ce80a0f7 100644
--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -8015,7 +8015,7 @@
 		1AAADDE114DC8C8F00AF64B3 /* ScrollingTreeNode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScrollingTreeNode.cpp; sourceTree = "<group>"; };
 		1AAADDE214DC8C8F00AF64B3 /* ScrollingTreeNode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScrollingTreeNode.h; sourceTree = "<group>"; };
 		1AB33DA412551E320024457A /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = /System/Library/Frameworks/IOKit.framework; sourceTree = "<absolute>"; };
-		1AB39CC62C98CEA100B8AD82 /* NameScope.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NameScope.h; sourceTree = "<group>"; };
+		1AB39CC62C98CEA100B8AD82 /* NameScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NameScope.h; sourceTree = "<group>"; };
 		1AB40EDF1BF4271E00BA81BE /* ContextMenu.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ContextMenu.cpp; sourceTree = "<group>"; };
 		1AB40EE01BF4271E00BA81BE /* ContextMenuItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ContextMenuItem.cpp; sourceTree = "<group>"; };
 		1AB5EBCF194A1D170059AC70 /* ShapeValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ShapeValue.cpp; sourceTree = "<group>"; };
@@ -34778,6 +34778,7 @@
 				AB31C91D10AE1B8E000C7B92 /* LineClampValue.h */,
 				4CF2530E29C09454005CDDAA /* ListStyleType.cpp */,
 				4C96385729BF4A51003E5741 /* ListStyleType.h */,
+				1AB39CC62C98CEA100B8AD82 /* NameScope.h */,
 				BCEF43DF0E674110001C1287 /* NinePieceImage.cpp */,
 				BCEF43DC0E674012001C1287 /* NinePieceImage.h */,
 				668A1B032723A41500765E0F /* OffsetRotation.cpp */,
@@ -37988,7 +37989,6 @@
 				4471710C205AF945000A116E /* MediaQueryParserContext.h */,
 				930A76C7297FA1C40055B743 /* MutableStyleProperties.cpp */,
 				930A76C6297FA1C30055B743 /* MutableStyleProperties.h */,
-				1AB39CC62C98CEA100B8AD82 /* NameScope.h */,
 				49CCE6F72997441F006C91EB /* popover.css */,
 				BC8A133629177FB700096A9F /* process-css-properties.py */,
 				491342972B425C0200FEEF18 /* process-css-pseudo-selectors.py */,
diff --git a/Source/WebCore/animation/CSSPropertyAnimation.cpp b/Source/WebCore/animation/CSSPropertyAnimation.cpp
index f33d5e88f59c4..1ad5824244bba 100644
--- a/Source/WebCore/animation/CSSPropertyAnimation.cpp
+++ b/Source/WebCore/animation/CSSPropertyAnimation.cpp
@@ -4160,6 +4160,7 @@ CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap()
         new DiscretePropertyWrapper<Style::ViewTransitionName>(CSSPropertyViewTransitionName, &RenderStyle::viewTransitionName, &RenderStyle::setViewTransitionName),
         new DiscretePropertyWrapper<FieldSizing>(CSSPropertyFieldSizing, &RenderStyle::fieldSizing, &RenderStyle::setFieldSizing),
         new DiscretePropertyWrapper<const Vector<Style::ScopedName>&>(CSSPropertyAnchorName, &RenderStyle::anchorNames, &RenderStyle::setAnchorNames),
+        new DiscretePropertyWrapper<const NameScope&>(CSSPropertyAnchorScope, &RenderStyle::anchorScope, &RenderStyle::setAnchorScope),
         new DiscretePropertyWrapper<const std::optional<Style::ScopedName>&>(CSSPropertyPositionAnchor, &RenderStyle::positionAnchor, &RenderStyle::setPositionAnchor),
         new DiscretePropertyWrapper<std::optional<PositionArea>>(CSSPropertyPositionArea, &RenderStyle::positionArea, &RenderStyle::setPositionArea),
         new DiscretePropertyWrapper<Style::PositionTryOrder>(CSSPropertyPositionTryOrder, &RenderStyle::positionTryOrder, &RenderStyle::setPositionTryOrder),
diff --git a/Source/WebCore/css/CSSProperties.json b/Source/WebCore/css/CSSProperties.json
index 94a576bc961f7..bcaf1a2af39b6 100644
--- a/Source/WebCore/css/CSSProperties.json
+++ b/Source/WebCore/css/CSSProperties.json
@@ -11358,6 +11358,19 @@
                 "url": "https://drafts.csswg.org/css-anchor-position-1/#name"
             }
         },
+        "anchor-scope": {
+            "animation-type": "discrete",
+            "initial": "none",
+            "codegen-properties": {
+                "style-builder-converter": "NameScope",
+                "parser-grammar": "none | all | <dashed-ident>#",
+                "settings-flag": "cssAnchorPositioningEnabled"
+            },
+            "specification": {
+                "category": "css-anchor-position",
+                "url": "https://drafts.csswg.org/css-anchor-position-1/#anchor-scope"
+            }
+       },
         "position-anchor": {
             "animation-type": "discrete",
             "initial": "auto",
diff --git a/Source/WebCore/css/ComputedStyleExtractor.cpp b/Source/WebCore/css/ComputedStyleExtractor.cpp
index c28268a2bca4b..0b1b1ef635708 100644
--- a/Source/WebCore/css/ComputedStyleExtractor.cpp
+++ b/Source/WebCore/css/ComputedStyleExtractor.cpp
@@ -3298,17 +3298,30 @@ static Ref<CSSValue> valueForPositionArea(const std::optional<PositionArea>& pos
     return CSSPropertyParserHelpers::valueForPositionArea(blockOrXAxisKeyword, inlineOrYAxisKeyword).releaseNonNull();
 }
 
-static Ref<CSSValue> valueForNameScopeNames(const Vector<AtomString>& names)
+static Ref<CSSValue> valueForNameScope(const NameScope& scope)
 {
-    if (names.isEmpty())
+    switch (scope.type) {
+    case NameScope::Type::None:
         return CSSPrimitiveValue::create(CSSValueNone);
 
-    CSSValueListBuilder list;
-    for (auto& name : names) {
-        ASSERT(!name.isNull());
-        list.append(CSSPrimitiveValue::createCustomIdent(name));
+    case NameScope::Type::All:
+        return CSSPrimitiveValue::create(CSSValueAll);
+
+    case NameScope::Type::Ident:
+        if (scope.names.isEmpty())
+            return CSSPrimitiveValue::create(CSSValueNone);
+
+        CSSValueListBuilder list;
+        for (auto& name : scope.names) {
+            ASSERT(!name.isNull());
+            list.append(CSSPrimitiveValue::createCustomIdent(name));
+        }
+
+        return CSSValueList::createCommaSeparated(WTFMove(list));
     }
-    return CSSValueList::createCommaSeparated(WTFMove(list));
+
+    ASSERT_NOT_REACHED();
+    return CSSPrimitiveValue::create(CSSValueNone);
 }
 
 static Ref<CSSValue> scrollTimelineShorthandValue(const Vector<Ref<ScrollTimeline>>& timelines)
@@ -4979,6 +4992,8 @@ RefPtr<CSSValue> ComputedStyleExtractor::valueForPropertyInStyle(const RenderSty
 
     case CSSPropertyAnchorName:
         return valueForAnchorName(style.anchorNames());
+    case CSSPropertyAnchorScope:
+        return valueForNameScope(style.anchorScope());
     case CSSPropertyPositionAnchor:
         if (!style.positionAnchor())
             return CSSPrimitiveValue::create(CSSValueAuto);
@@ -5004,16 +5019,7 @@ RefPtr<CSSValue> ComputedStyleExtractor::valueForPropertyInStyle(const RenderSty
         return CSSPrimitiveValue::create(CSSValueNormal);
     }
     case CSSPropertyTimelineScope:
-        switch (style.timelineScope().type) {
-        case NameScope::Type::None:
-            return CSSPrimitiveValue::create(CSSValueNone);
-        case NameScope::Type::All:
-            return CSSPrimitiveValue::create(CSSValueAll);
-        case NameScope::Type::Ident:
-            return valueForNameScopeNames(style.timelineScope().names);
-        }
-        ASSERT_NOT_REACHED();
-        return CSSPrimitiveValue::create(CSSValueNone);
+        return valueForNameScope(style.timelineScope());
 
     // Unimplemented CSS 3 properties (including CSS3 shorthand properties).
     case CSSPropertyAll:
diff --git a/Source/WebCore/css/NameScope.h b/Source/WebCore/rendering/style/NameScope.h
similarity index 100%
rename from Source/WebCore/css/NameScope.h
rename to Source/WebCore/rendering/style/NameScope.h
diff --git a/Source/WebCore/rendering/style/RenderStyle.cpp b/Source/WebCore/rendering/style/RenderStyle.cpp
index 12d4245fdf091..ee6e1cfefaa91 100644
--- a/Source/WebCore/rendering/style/RenderStyle.cpp
+++ b/Source/WebCore/rendering/style/RenderStyle.cpp
@@ -1987,6 +1987,8 @@ void RenderStyle::conservativelyCollectChangedAnimatableProperties(const RenderS
             changingProperties.m_properties.set(CSSPropertyContentVisibility);
         if (first.anchorNames != second.anchorNames)
             changingProperties.m_properties.set(CSSPropertyAnchorName);
+        if (first.anchorScope != second.anchorScope)
+            changingProperties.m_properties.set(CSSPropertyAnchorScope);
         if (first.positionAnchor != second.positionAnchor)
             changingProperties.m_properties.set(CSSPropertyPositionAnchor);
         if (first.positionArea != second.positionArea)
diff --git a/Source/WebCore/rendering/style/RenderStyle.h b/Source/WebCore/rendering/style/RenderStyle.h
index be54c8a633c5c..386afc2254e11 100644
--- a/Source/WebCore/rendering/style/RenderStyle.h
+++ b/Source/WebCore/rendering/style/RenderStyle.h
@@ -2320,6 +2320,10 @@ class RenderStyle final : public CanMakeCheckedPtr<RenderStyle> {
     inline const Vector<Style::ScopedName>& anchorNames() const;
     inline void setAnchorNames(const Vector<Style::ScopedName>&);
 
+    static inline NameScope initialAnchorScope();
+    inline const NameScope& anchorScope() const;
+    inline void setAnchorScope(const NameScope&);
+
     static inline std::optional<Style::ScopedName> initialPositionAnchor();
     inline const std::optional<Style::ScopedName>& positionAnchor() const;
     inline void setPositionAnchor(const std::optional<Style::ScopedName>&);
diff --git a/Source/WebCore/rendering/style/RenderStyleInlines.h b/Source/WebCore/rendering/style/RenderStyleInlines.h
index 649bde025a714..3af5b324650b3 100644
--- a/Source/WebCore/rendering/style/RenderStyleInlines.h
+++ b/Source/WebCore/rendering/style/RenderStyleInlines.h
@@ -82,6 +82,7 @@ constexpr auto RenderStyle::allTransformOperations() -> OptionSet<TransformOpera
 inline const AnimationList* RenderStyle::animations() const { return m_nonInheritedData->miscData->animations.get(); }
 inline AnimationList* RenderStyle::animations() { return m_nonInheritedData->miscData->animations.get(); }
 inline const Vector<Style::ScopedName>& RenderStyle::anchorNames() const { return m_nonInheritedData->rareData->anchorNames; }
+inline const NameScope& RenderStyle::anchorScope() const { return m_nonInheritedData->rareData->anchorScope; }
 inline StyleAppearance RenderStyle::appearance() const { return static_cast<StyleAppearance>(m_nonInheritedData->miscData->appearance); }
 inline const FilterOperations& RenderStyle::appleColorFilter() const { return m_rareInheritedData->appleColorFilter->operations; }
 #if HAVE(CORE_MATERIAL)
@@ -350,6 +351,7 @@ inline const NamedGridLinesMap& RenderStyle::implicitNamedGridRowLines() const {
 constexpr auto RenderStyle::individualTransformOperations() -> OptionSet<TransformOperationOption> { return { TransformOperationOption::Translate, TransformOperationOption::Rotate, TransformOperationOption::Scale, TransformOperationOption::Offset }; }
 inline const StyleCustomPropertyData& RenderStyle::inheritedCustomProperties() const { return m_rareInheritedData->customProperties.get(); }
 inline Vector<Style::ScopedName> RenderStyle::initialAnchorNames() { return { }; }
+inline NameScope RenderStyle::initialAnchorScope() { return { }; }
 constexpr StyleAppearance RenderStyle::initialAppearance() { return StyleAppearance::None; }
 #if HAVE(CORE_MATERIAL)
 constexpr AppleVisualEffect RenderStyle::initialAppleVisualEffect() { return AppleVisualEffect::None; }
diff --git a/Source/WebCore/rendering/style/RenderStyleSetters.h b/Source/WebCore/rendering/style/RenderStyleSetters.h
index 4351c61d764b6..938fc9698c700 100644
--- a/Source/WebCore/rendering/style/RenderStyleSetters.h
+++ b/Source/WebCore/rendering/style/RenderStyleSetters.h
@@ -78,6 +78,7 @@ inline void RenderStyle::setAlignItemsPosition(ItemPosition position) { m_nonInh
 inline void RenderStyle::setAlignSelf(const StyleSelfAlignmentData& data) { SET_NESTED(m_nonInheritedData, miscData, alignSelf, data); }
 inline void RenderStyle::setAlignSelfPosition(ItemPosition position) { m_nonInheritedData.access().miscData.access().alignSelf.setPosition(position); }
 inline void RenderStyle::setAnchorNames(const Vector<Style::ScopedName>& names) { SET_NESTED(m_nonInheritedData, rareData, anchorNames, names); }
+inline void RenderStyle::setAnchorScope(const NameScope& scope) { SET_NESTED(m_nonInheritedData, rareData, anchorScope, scope); }
 inline void RenderStyle::setAppearance(StyleAppearance appearance) { SET_NESTED_PAIR(m_nonInheritedData, miscData, appearance, static_cast<unsigned>(appearance), usedAppearance, static_cast<unsigned>(appearance)); }
 inline void RenderStyle::setAppleColorFilter(FilterOperations&& ops) { SET_NESTED(m_rareInheritedData, appleColorFilter, operations, WTFMove(ops)); }
 #if HAVE(CORE_MATERIAL)
diff --git a/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp b/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
index 6d016cee42a0d..9f603d69fc2b9 100644
--- a/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
+++ b/Source/WebCore/rendering/style/StyleRareNonInheritedData.cpp
@@ -98,6 +98,7 @@ StyleRareNonInheritedData::StyleRareNonInheritedData()
     // scrollSnapStop
     , pseudoElementNameArgument(nullAtom())
     , anchorNames(RenderStyle::initialAnchorNames())
+    , anchorScope(RenderStyle::initialAnchorScope())
     , positionAnchor(RenderStyle::initialPositionAnchor())
     , positionArea(RenderStyle::initialPositionArea())
     , positionTryFallbacks(RenderStyle::initialPositionTryFallbacks())
@@ -203,6 +204,7 @@ inline StyleRareNonInheritedData::StyleRareNonInheritedData(const StyleRareNonIn
     , scrollSnapStop(o.scrollSnapStop)
     , pseudoElementNameArgument(o.pseudoElementNameArgument)
     , anchorNames(o.anchorNames)
+    , anchorScope(o.anchorScope)
     , positionAnchor(o.positionAnchor)
     , positionArea(o.positionArea)
     , positionTryFallbacks(o.positionTryFallbacks)
@@ -313,6 +315,7 @@ bool StyleRareNonInheritedData::operator==(const StyleRareNonInheritedData& o) c
         && scrollSnapStop == o.scrollSnapStop
         && pseudoElementNameArgument == o.pseudoElementNameArgument
         && anchorNames == o.anchorNames
+        && anchorScope == o.anchorScope
         && positionAnchor == o.positionAnchor
         && positionArea == o.positionArea
         && positionTryFallbacks == o.positionTryFallbacks
@@ -472,6 +475,7 @@ void StyleRareNonInheritedData::dumpDifferences(TextStream& ts, const StyleRareN
     LOG_IF_DIFFERENT(pseudoElementNameArgument);
 
     LOG_IF_DIFFERENT(anchorNames);
+    LOG_IF_DIFFERENT(anchorScope);
     LOG_IF_DIFFERENT(positionAnchor);
     LOG_IF_DIFFERENT(positionArea);
     LOG_IF_DIFFERENT(positionTryFallbacks);
diff --git a/Source/WebCore/rendering/style/StyleRareNonInheritedData.h b/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
index 5619da92107be..d9969fbef4169 100644
--- a/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
+++ b/Source/WebCore/rendering/style/StyleRareNonInheritedData.h
@@ -219,6 +219,7 @@ class StyleRareNonInheritedData : public RefCounted<StyleRareNonInheritedData> {
     AtomString pseudoElementNameArgument;
 
     Vector<Style::ScopedName> anchorNames;
+    NameScope anchorScope;
     std::optional<Style::ScopedName> positionAnchor;
     std::optional<PositionArea> positionArea;
     Vector<PositionTryFallback> positionTryFallbacks;

From 894f7621ad561152153a588951cbed7f6069769e Mon Sep 17 00:00:00 2001
From: Ben Nham <nham@apple.com>
Date: Sun, 23 Feb 2025 10:25:05 -0800
Subject: [PATCH 089/174] [Site Isolation] Propagate mute and volume state to
 remote frames https://bugs.webkit.org/show_bug.cgi?id=288136 rdar://145241258

Reviewed by Eric Carlson.

There are a number of media-related WebPageProxy methods which only forward state changes to the
main frame and not to out of process iframes. In this patch we forward mute and volume state changes
to OOP iframes. Previously we were only propagating those state changes to the main frame's process.

* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::pageMediaVolume):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm:
(-[WKWebView _setMediaVolumeForTesting:]):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setMediaVolume):
(WebKit::WebPageProxy::setMuted):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST(SiteIsolation, MutesAndSetsAudioInMultipleFrames)):

Canonical link: https://commits.webkit.org/290910@main
---
 Source/WebCore/testing/Internals.cpp          | 13 +++
 Source/WebCore/testing/Internals.h            |  1 +
 Source/WebCore/testing/Internals.idl          |  2 +
 .../API/Cocoa/WKWebViewPrivateForTesting.h    |  3 +
 .../UIProcess/API/Cocoa/WKWebViewTesting.mm   |  5 ++
 Source/WebKit/UIProcess/WebPageProxy.cpp      | 16 +++-
 .../Tests/WebKitCocoa/SiteIsolation.mm        | 80 +++++++++++++++++++
 7 files changed, 116 insertions(+), 4 deletions(-)

diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp
index 1b1a75f13f577..4e124bca01716 100644
--- a/Source/WebCore/testing/Internals.cpp
+++ b/Source/WebCore/testing/Internals.cpp
@@ -5695,6 +5695,19 @@ void Internals::setPageMediaVolume(float volume)
     page->setMediaVolume(volume);
 }
 
+float Internals::pageMediaVolume()
+{
+    Document* document = contextDocument();
+    if (!document)
+        return 0;
+
+    Page* page = document->page();
+    if (!page)
+        return 0;
+
+    return page->mediaVolume();
+}
+
 #if !PLATFORM(COCOA)
 
 String Internals::userVisibleString(const DOMURL& url)
diff --git a/Source/WebCore/testing/Internals.h b/Source/WebCore/testing/Internals.h
index a15b7f0a0df1b..3024287ac35a9 100644
--- a/Source/WebCore/testing/Internals.h
+++ b/Source/WebCore/testing/Internals.h
@@ -922,6 +922,7 @@ class Internals final
     void setMediaControlsHidePlaybackRates(HTMLMediaElement&, bool);
 #endif // ENABLE(VIDEO)
 
+    float pageMediaVolume();
     void setPageMediaVolume(float);
 
     String userVisibleString(const DOMURL&);
diff --git a/Source/WebCore/testing/Internals.idl b/Source/WebCore/testing/Internals.idl
index 25a2c747cbabb..d794fee8b1208 100644
--- a/Source/WebCore/testing/Internals.idl
+++ b/Source/WebCore/testing/Internals.idl
@@ -1087,6 +1087,8 @@ enum ContentsFormat {
     [Conditional=VIDEO] undefined setMediaControlsHidePlaybackRates(HTMLMediaElement element, boolean hidePlaybackRates);
 
     DOMString userVisibleString(DOMURL url);
+
+    float pageMediaVolume();
     undefined setPageMediaVolume(float volume);
 
     undefined setShowAllPlugins(boolean showAll);
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
index 98bc35dc2525e..2e57c44fef217 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
@@ -150,6 +150,9 @@ struct WKAppPrivacyReportTestingData {
 - (void)_getNotifyStateForTesting:(NSString *)notificationName completionHandler:(void(^)(NSNumber * _Nullable))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA), visionos(WK_XROS_TBA));
 
 @property (nonatomic, readonly) BOOL _hasAccessibilityActivityForTesting;
+
+- (void)_setMediaVolumeForTesting:(float)volume;
+
 @end
 
 typedef NS_ENUM(NSInteger, _WKMediaSessionReadyState) {
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
index c545886018713..cadff2d39d8fb 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
@@ -916,6 +916,11 @@ - (BOOL)_hasAccessibilityActivityForTesting
 #endif
 }
 
+- (void)_setMediaVolumeForTesting:(float)mediaVolume
+{
+    _page->setMediaVolume(mediaVolume);
+}
+
 @end
 
 #if ENABLE(MEDIA_SESSION_COORDINATOR)
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index d0f4cb5248462..5eb9439d6b735 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -9006,8 +9006,10 @@ void WebPageProxy::setMediaVolume(float volume)
     
     if (!hasRunningProcess())
         return;
-    
-    send(Messages::WebPage::SetMediaVolume(volume));
+
+    forEachWebContentProcess([&](auto& webProcess, auto pageID) {
+        webProcess.send(Messages::WebPage::SetMediaVolume(volume), pageID);
+    });
 }
 
 #if ENABLE(MEDIA_STREAM)
@@ -9077,7 +9079,9 @@ void WebPageProxy::setMuted(WebCore::MediaProducerMutedStateFlags state, FromApp
         WebProcessProxy::muteCaptureInPagesExcept(m_webPageID);
 #endif // ENABLE(MEDIA_STREAM)
 
-    protectedLegacyMainFrameProcess()->pageMutedStateChanged(m_webPageID, state);
+    forEachWebContentProcess([&] (auto& process, auto pageID) {
+        process.pageMutedStateChanged(pageID, state);
+    });
 
 #if ENABLE(MEDIA_STREAM)
     auto newState = applyWebAppDesiredMutedKinds(state, m_mutedCaptureKindsDesiredByWebApp);
@@ -9086,7 +9090,11 @@ void WebPageProxy::setMuted(WebCore::MediaProducerMutedStateFlags state, FromApp
 #endif
     WEBPAGEPROXY_RELEASE_LOG(Media, "setMuted, app state = %d, final state = %d", state.toRaw(), newState.toRaw());
 
-    sendWithAsyncReply(Messages::WebPage::SetMuted(newState), WTFMove(completionHandler));
+    auto aggregator = CallbackAggregator::create(WTFMove(completionHandler));
+    forEachWebContentProcess([&](auto& webProcess, auto pageID) {
+        webProcess.sendWithAsyncReply(Messages::WebPage::SetMuted(newState), [aggregator] { }, pageID);
+    });
+
     activityStateDidChange({ ActivityState::IsAudible, ActivityState::IsCapturingMedia });
 }
 
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
index 0ba88a9e3eee6..7e434285b0e40 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
@@ -4000,6 +4000,86 @@ HTTPServer server({
     expectPlayingAudio(webView.get(), false, "Should not be playing audio after removing iframe"_s);
 }
 
+TEST(SiteIsolation, MutesAndSetsAudioInMultipleFrames)
+{
+    auto mainFrameHTML = "<video src='/video-with-audio.mp4' webkit-playsinline loop></video>"
+        "<iframe src='https://webkit.org/subframe'></iframe>"_s;
+    auto subFrameHTML = "<video src='/video-with-audio.mp4' webkit-playsinline loop></video>"_s;
+
+    RetainPtr<NSData> videoData = [NSData dataWithContentsOfFile:[NSBundle.test_resourcesBundle pathForResource:@"video-with-audio" ofType:@"mp4"] options:0 error:NULL];
+    HTTPResponse videoResponse { videoData.get() };
+    videoResponse.headerFields.set("Content-Type"_s, "video/mp4"_s);
+
+    HTTPServer server({
+        { "/mainframe"_s, { { { "Content-Type"_s, "text/html"_s } }, mainFrameHTML } },
+        { "/subframe"_s, { { { "Content-Type"_s, "text/html"_s } }, subFrameHTML } },
+        { "/video-with-audio.mp4"_s, { videoData.get() } },
+    }, HTTPServer::Protocol::HttpsProxy);
+
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    auto storeConfiguration = adoptNS([[_WKWebsiteDataStoreConfiguration alloc] initNonPersistentConfiguration]);
+    [storeConfiguration setHTTPSProxy:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]];
+    [configuration setWebsiteDataStore:adoptNS([[WKWebsiteDataStore alloc] _initWithConfiguration:storeConfiguration.get()]).get()];
+    enableSiteIsolation(configuration);
+
+    auto [webView, navigationDelegate] = siteIsolatedViewAndDelegate(configuration);
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://example.com/mainframe"]]];
+    [navigationDelegate waitForDidFinishNavigation];
+
+    callMethodOnFirstVideoElementInFrame(webView.get(), @"play", nil);
+    expectPlayingAudio(webView.get(), true, "Should be playing audio in main frame"_s);
+
+    callMethodOnFirstVideoElementInFrame(webView.get(), @"play", [webView firstChildFrame]);
+    expectPlayingAudio(webView.get(), true, "Should be playing audio in remote frame"_s);
+
+    auto expectMuted = [&](bool expectedMuted, WKFrameInfo *frame, ASCIILiteral reason) {
+        bool success = TestWebKitAPI::Util::waitFor([&]() {
+            id actuallyMuted = [webView objectByEvaluatingJavaScript:@"window.internals.isEffectivelyMuted(document.getElementsByTagName('video')[0])" inFrame:frame];
+            return [actuallyMuted boolValue] == expectedMuted;
+        });
+        EXPECT_TRUE(success) << reason.characters();
+    };
+
+    auto expectMediaVolume = [&](float expectedMediaVolume, WKFrameInfo *frame, ASCIILiteral reason) {
+        bool success = TestWebKitAPI::Util::waitFor([&]() {
+            id actualMediaVolume = [webView objectByEvaluatingJavaScript:@"window.internals.pageMediaVolume()" inFrame:frame];
+            return [actualMediaVolume floatValue] == expectedMediaVolume;
+        });
+        EXPECT_TRUE(success) << reason.characters();
+    };
+
+    expectMuted(false, nil, "Should not be muted in main frame"_s);
+    expectMuted(false, [webView firstChildFrame], "Should not be muted in remote frame"_s);
+
+    [webView _setPageMuted:_WKMediaAudioMuted];
+    [webView _setMediaVolumeForTesting:0.125f];
+
+    expectMuted(true, nil, "Should be muted in main frame"_s);
+    expectMediaVolume(0.125f, nil, "Should set volume in main frame"_s);
+    expectMuted(true, [webView firstChildFrame], "Should be muted in remote frame"_s);
+    expectMediaVolume(0.125f, nil, "Should set volume in remote frame"_s);
+
+    auto addFrameToBody = @""
+        "return new Promise((resolve, reject) => {"
+        "    let frame = document.createElement('iframe');"
+        "    frame.onload = () => resolve(true);"
+        "    frame.setAttribute('src', 'https://webkit.org/subframe');"
+        "    document.body.appendChild(frame);"
+        "})";
+    __block RetainPtr<NSError> error;
+    __block bool done = false;
+    [webView callAsyncJavaScript:addFrameToBody arguments:nil inFrame:nil inContentWorld:WKContentWorld.pageWorld completionHandler:^(id result, NSError *callError) {
+        error = callError;
+        done = true;
+    }];
+    Util::run(&done);
+    EXPECT_FALSE(!!error) << "Failed to add iframe: " << [error description].UTF8String;
+
+    callMethodOnFirstVideoElementInFrame(webView.get(), @"play", [webView secondChildFrame]);
+    expectMuted(true, [webView secondChildFrame], "Should be muted in newly created remote frame"_s);
+    expectMediaVolume(0.125f, [webView secondChildFrame], "Should initialize newly created remote frame with previously set media volume"_s);
+}
+
 TEST(SiteIsolation, FrameServerTrust)
 {
     HTTPServer plaintextServer({

From f1e6410c9daa6a234346914625923b8d3b2f04fa Mon Sep 17 00:00:00 2001
From: Antti Koivisto <antti@apple.com>
Date: Sun, 23 Feb 2025 10:35:04 -0800
Subject: [PATCH 090/174] [css-anchor-position-1] Parse @position-try name in
 position-try-fallback https://bugs.webkit.org/show_bug.cgi?id=288311
 rdar://problem/145419344

Reviewed by Alan Baradlay.

Parse <dashed-ident> part in position-try-fallback syntax

none | [ [<dashed-ident> || <try-tactic>] | <'position-area'> ]#

https://drafts.csswg.org/css-anchor-position-1/#position-try-fallbacks

* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-computed-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-parsing-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-in-position-try-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/property-interpolations-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-margin-expected.txt:
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::valueForScopedName):
(WebCore::valueForPositionTryFallbacks):

Serialize.

* Source/WebCore/css/parser/CSSPropertyParserConsumer+PositionTry.cpp:
(WebCore::CSSPropertyParserHelpers::consumePositionTryFallbacks):

Parse.

* Source/WebCore/rendering/style/PositionTryFallback.h:

Add positionTryRuleName field.

* Source/WebCore/style/StyleBuilderConverter.h:
(WebCore::Style::BuilderConverter::convertPositionTryFallbacks):

Build style.

* Source/WebCore/style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::tryChoosePositionOption):

Fix to prevent eternal loop in css/css-anchor-position/chrome-40286059-crash.html

Canonical link: https://commits.webkit.org/290911@main
---
 ...sition-try-fallbacks-computed-expected.txt |   6 +-
 ...osition-try-fallbacks-parsing-expected.txt |  14 +-
 ...position-area-in-position-try-expected.txt | 118 ++++----
 .../property-interpolations-expected.txt      | 252 +++++++++---------
 .../try-tactic-basic-expected.txt             |  32 +--
 .../try-tactic-margin-expected.txt            |  16 +-
 Source/WebCore/css/ComputedStyleExtractor.cpp |  22 +-
 .../CSSPropertyParserConsumer+PositionTry.cpp |  13 +
 .../rendering/style/PositionTryFallback.h     |   3 +
 Source/WebCore/style/StyleBuilderConverter.h  |  15 +-
 Source/WebCore/style/StyleTreeResolver.cpp    |   8 +-
 11 files changed, 262 insertions(+), 237 deletions(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-computed-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-computed-expected.txt
index 73586e825be5e..cfe11d698c412 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-computed-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-computed-expected.txt
@@ -4,10 +4,10 @@ PASS Property position-try-fallbacks value 'flip-block'
 PASS Property position-try-fallbacks value 'flip-inline'
 PASS Property position-try-fallbacks value 'flip-start'
 PASS Property position-try-fallbacks value 'flip-block, flip-inline'
-FAIL Property position-try-fallbacks value '--foo, --bar' assert_true: '--foo, --bar' is a supported value for position-try-fallbacks. expected true got false
+PASS Property position-try-fallbacks value '--foo, --bar'
 PASS Property position-try-fallbacks value 'flip-start flip-inline flip-block'
-FAIL Property position-try-fallbacks value 'flip-start --flop' assert_true: 'flip-start --flop' is a supported value for position-try-fallbacks. expected true got false
-FAIL Property position-try-fallbacks value '--flop flip-start' assert_true: '--flop flip-start' is a supported value for position-try-fallbacks. expected true got false
+PASS Property position-try-fallbacks value 'flip-start --flop'
+PASS Property position-try-fallbacks value '--flop flip-start'
 FAIL Property position-try-fallbacks value 'left top' assert_true: 'left top' is a supported value for position-try-fallbacks. expected true got false
 FAIL Property position-try-fallbacks value 'top left' assert_true: 'top left' is a supported value for position-try-fallbacks. expected true got false
 FAIL Property position-try-fallbacks value 'start start' assert_true: 'start start' is a supported value for position-try-fallbacks. expected true got false
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-parsing-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-parsing-expected.txt
index 8eb46c1f4e36b..abb3923077173 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-parsing-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/parsing/position-try-fallbacks-parsing-expected.txt
@@ -10,13 +10,13 @@ PASS e.style['position-try-fallbacks'] = "flip-start, flip-block" should set the
 PASS e.style['position-try-fallbacks'] = "flip-start flip-inline, flip-block" should set the property value
 PASS e.style['position-try-fallbacks'] = "flip-start, flip-start" should set the property value
 PASS e.style['position-try-fallbacks'] = "flip-start flip-inline flip-block" should set the property value
-FAIL e.style['position-try-fallbacks'] = "flip-block, --foo" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "--bar, flip-block flip-start" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "--foo, --bar, --baz" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "--bar flip-block" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "--bar flip-inline flip-block" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "flip-inline --foo" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['position-try-fallbacks'] = "flip-inline flip-start --foo" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['position-try-fallbacks'] = "flip-block, --foo" should set the property value
+PASS e.style['position-try-fallbacks'] = "--bar, flip-block flip-start" should set the property value
+PASS e.style['position-try-fallbacks'] = "--foo, --bar, --baz" should set the property value
+PASS e.style['position-try-fallbacks'] = "--bar flip-block" should set the property value
+PASS e.style['position-try-fallbacks'] = "--bar flip-inline flip-block" should set the property value
+PASS e.style['position-try-fallbacks'] = "flip-inline --foo" should set the property value
+PASS e.style['position-try-fallbacks'] = "flip-inline flip-start --foo" should set the property value
 FAIL e.style['position-try-fallbacks'] = "left top" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['position-try-fallbacks'] = "top left" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['position-try-fallbacks'] = "start start" should set the property value assert_not_equals: property should be set got disallowed value ""
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-in-position-try-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-in-position-try-expected.txt
index 19ce9637ddef8..1fc9535fd609c 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-in-position-try-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/position-area-in-position-try-expected.txt
@@ -1,61 +1,61 @@
 
-FAIL none assert_true: expected true got false
-FAIL span-all assert_true: expected true got false
-FAIL span-all span-all assert_true: expected true got false
-FAIL top left assert_true: expected true got false
-FAIL top center assert_true: expected true got false
-FAIL top right assert_true: expected true got false
-FAIL center left assert_true: expected true got false
-FAIL center center assert_true: expected true got false
-FAIL center right assert_true: expected true got false
-FAIL bottom left assert_true: expected true got false
-FAIL bottom center assert_true: expected true got false
-FAIL bottom right assert_true: expected true got false
-FAIL start start assert_true: expected true got false
-FAIL start center assert_true: expected true got false
-FAIL start end assert_true: expected true got false
-FAIL center start assert_true: expected true got false
-FAIL center end assert_true: expected true got false
-FAIL end start assert_true: expected true got false
-FAIL end center assert_true: expected true got false
-FAIL end end assert_true: expected true got false
-FAIL self-start self-start assert_true: expected true got false
-FAIL self-start center assert_true: expected true got false
-FAIL self-start self-end assert_true: expected true got false
-FAIL center self-start assert_true: expected true got false
-FAIL center self-end assert_true: expected true got false
-FAIL self-end self-start assert_true: expected true got false
-FAIL self-end center assert_true: expected true got false
-FAIL self-end self-end assert_true: expected true got false
-FAIL y-start x-start assert_true: expected true got false
-FAIL y-start center assert_true: expected true got false
-FAIL y-start x-end assert_true: expected true got false
-FAIL center x-start assert_true: expected true got false
-FAIL center x-end assert_true: expected true got false
-FAIL y-end x-start assert_true: expected true got false
-FAIL y-end center assert_true: expected true got false
-FAIL y-end x-end assert_true: expected true got false
-FAIL y-self-start x-self-start assert_true: expected true got false
-FAIL y-self-start center assert_true: expected true got false
-FAIL y-self-start x-self-end assert_true: expected true got false
-FAIL center x-self-start assert_true: expected true got false
-FAIL center x-self-end assert_true: expected true got false
-FAIL y-self-end x-self-start assert_true: expected true got false
-FAIL y-self-end center assert_true: expected true got false
-FAIL y-self-end x-self-end assert_true: expected true got false
-FAIL span-y-self-start span-x-self-end assert_true: expected true got false
-FAIL span-bottom span-all assert_true: expected true got false
-FAIL Placement: --top assert_true: expected true got false
-FAIL Placement: --left assert_true: expected true got false
-FAIL Placement: --right, --top assert_true: expected true got false
-FAIL Placement: --bottom, --top assert_true: expected true got false
-FAIL Placement: --bottom, --right, --top assert_true: expected true got false
-FAIL Placement: --bottom, --right, --left, --top assert_true: expected true got false
-FAIL Placement: --bottom, --left, --top, --right assert_true: expected true got false
-FAIL Placement: --right flip-inline assert_true: expected true got false
-FAIL Placement: --bottom flip-block assert_true: expected true got false
-FAIL Placement: --left flip-start assert_true: expected true got false
-FAIL Placement: --left flip-inline, --top assert_true: expected true got false
-FAIL Placement: --top flip-block, --left assert_true: expected true got false
-FAIL Placement: --left flip-start flip-block, --left assert_true: expected true got false
+FAIL none assert_equals: offsetLeft expected 0 but got 200
+FAIL span-all assert_equals: offsetLeft expected 0 but got 200
+FAIL span-all span-all assert_equals: offsetLeft expected 0 but got 200
+FAIL top left assert_equals: offsetLeft expected 0 but got 200
+FAIL top center assert_equals: offsetLeft expected 0 but got 200
+FAIL top right assert_equals: offsetLeft expected 0 but got 200
+FAIL center left assert_equals: offsetLeft expected 0 but got 200
+FAIL center center assert_equals: offsetLeft expected 0 but got 200
+FAIL center right assert_equals: offsetLeft expected 0 but got 200
+FAIL bottom left assert_equals: offsetLeft expected 0 but got 200
+FAIL bottom center assert_equals: offsetLeft expected 0 but got 200
+FAIL bottom right assert_equals: offsetLeft expected 0 but got 200
+FAIL start start assert_equals: offsetLeft expected 0 but got 200
+FAIL start center assert_equals: offsetLeft expected 0 but got 200
+FAIL start end assert_equals: offsetLeft expected 0 but got 200
+FAIL center start assert_equals: offsetLeft expected 0 but got 200
+FAIL center end assert_equals: offsetLeft expected 0 but got 200
+FAIL end start assert_equals: offsetLeft expected 0 but got 200
+FAIL end center assert_equals: offsetLeft expected 0 but got 200
+FAIL end end assert_equals: offsetLeft expected 0 but got 200
+FAIL self-start self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL self-start center assert_equals: offsetLeft expected 0 but got 200
+FAIL self-start self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL center self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL center self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL self-end self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL self-end center assert_equals: offsetLeft expected 0 but got 200
+FAIL self-end self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL y-start x-start assert_equals: offsetLeft expected 0 but got 200
+FAIL y-start center assert_equals: offsetLeft expected 0 but got 200
+FAIL y-start x-end assert_equals: offsetLeft expected 0 but got 200
+FAIL center x-start assert_equals: offsetLeft expected 0 but got 200
+FAIL center x-end assert_equals: offsetLeft expected 0 but got 200
+FAIL y-end x-start assert_equals: offsetLeft expected 0 but got 200
+FAIL y-end center assert_equals: offsetLeft expected 0 but got 200
+FAIL y-end x-end assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-start x-self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-start center assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-start x-self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL center x-self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL center x-self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-end x-self-start assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-end center assert_equals: offsetLeft expected 0 but got 200
+FAIL y-self-end x-self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL span-y-self-start span-x-self-end assert_equals: offsetLeft expected 0 but got 200
+FAIL span-bottom span-all assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --left assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --right, --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --bottom, --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --bottom, --right, --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --bottom, --right, --left, --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --bottom, --left, --top, --right assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --right flip-inline assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --bottom flip-block assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --left flip-start assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --left flip-inline, --top assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --top flip-block, --left assert_equals: offsetLeft expected 0 but got 200
+FAIL Placement: --left flip-start flip-block, --left assert_equals: offsetLeft expected 0 but got 200
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/property-interpolations-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/property-interpolations-expected.txt
index e48251d15b63a..4e663008eb708 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/property-interpolations-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/property-interpolations-expected.txt
@@ -251,48 +251,48 @@ PASS Web Animations: property <position-area> from [left] to [right] at (0.5) sh
 PASS Web Animations: property <position-area> from [left] to [right] at (0.6) should be [right]
 PASS Web Animations: property <position-area> from [left] to [right] at (1) should be [right]
 PASS Web Animations: property <position-area> from [left] to [right] at (1.5) should be [right]
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo] assert_true: 'to' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo] assert_true: 'to' value should be supported expected true got false
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS CSS Transitions: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (-0.3) should be [none]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0) should be [none]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.3) should be [none]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.5) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (0.6) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (1) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [none] to [--foo] at (1.5) should be [--foo]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [flip-block] at (-0.3) should be [none]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [flip-block] at (0) should be [none]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [none] to [flip-block] at (0.3) should be [none]
@@ -377,90 +377,90 @@ PASS Web Animations: property <position-try-fallbacks> from [flip-inline] to [fl
 PASS Web Animations: property <position-try-fallbacks> from [flip-inline] to [flip-block] at (0.6) should be [flip-block]
 PASS Web Animations: property <position-try-fallbacks> from [flip-inline] to [flip-block] at (1) should be [flip-block]
 PASS Web Animations: property <position-try-fallbacks> from [flip-inline] to [flip-block] at (1.5) should be [flip-block]
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block] assert_true: 'from' value should be supported expected true got false
-FAIL Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block] assert_true: 'from' value should be supported expected true got false
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (-0.3) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.3) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.5) should be [--bar]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (0.6) should be [--bar]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1) should be [--bar]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [--bar] at (1.5) should be [--bar]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS CSS Transitions with transition-property:all and transition-behavor:allow-discrete: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS CSS Transitions: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS CSS Transitions with transition: all: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS CSS Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (-0.3) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.3) should be [--foo]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.5) should be [flip-block]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (0.6) should be [flip-block]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1) should be [flip-block]
+PASS Web Animations: property <position-try-fallbacks> from [--foo] to [flip-block] at (1.5) should be [flip-block]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-order> from [normal] to [most-width] at (-0.3) should be [normal]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-order> from [normal] to [most-width] at (0) should be [normal]
 PASS CSS Transitions with transition-behavior:allow-discrete: property <position-try-order> from [normal] to [most-width] at (0.3) should be [normal]
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-expected.txt
index ce8fa77a11e57..77961b82c0744 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-basic-expected.txt
@@ -1,18 +1,18 @@
 
-FAIL CSS Anchor Positioning: try-tactic assert_equals: offsetLeft expected 10 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 1 assert_equals: offsetLeft expected 10 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 2 assert_equals: offsetLeft expected 360 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 3 assert_equals: offsetLeft expected 360 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 4 assert_equals: offsetLeft expected 360 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 5 assert_equals: offsetLeft expected 20 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 6 assert_equals: offsetLeft expected 20 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 7 assert_equals: offsetLeft expected 20 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 8 assert_equals: offsetLeft expected 20 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 9 assert_equals: offsetLeft expected 20 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 10 assert_equals: offsetLeft expected 340 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 11 assert_equals: offsetLeft expected 340 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 12 assert_equals: offsetLeft expected 340 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 13 assert_equals: offsetLeft expected 340 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 14 assert_equals: offsetLeft expected 340 but got 99999
-FAIL CSS Anchor Positioning: try-tactic 15 assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf assert_equals: offsetLeft expected 10 but got 99999
+FAIL --pf flip-block assert_equals: offsetLeft expected 10 but got 99999
+FAIL --pf flip-inline assert_equals: offsetLeft expected 360 but got 99999
+FAIL --pf flip-block flip-inline assert_equals: offsetLeft expected 360 but got 99999
+FAIL --pf flip-inline flip-block assert_equals: offsetLeft expected 360 but got 99999
+FAIL --pf flip-start assert_equals: offsetLeft expected 20 but got 99999
+FAIL --pf flip-block flip-start flip-inline assert_equals: offsetLeft expected 20 but got 99999
+FAIL --pf flip-inline flip-start flip-block assert_equals: offsetLeft expected 20 but got 99999
+FAIL --pf flip-start flip-block assert_equals: offsetLeft expected 20 but got 99999
+FAIL --pf flip-inline flip-start assert_equals: offsetLeft expected 20 but got 99999
+FAIL --pf flip-start flip-inline assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf flip-block flip-start assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf flip-start flip-block flip-inline assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf flip-start flip-inline flip-block assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf flip-inline flip-block flip-start assert_equals: offsetLeft expected 340 but got 99999
+FAIL --pf flip-block flip-inline flip-start assert_equals: offsetLeft expected 340 but got 99999
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-margin-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-margin-expected.txt
index 0e782d7a47192..285d82cbb234b 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-margin-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-anchor-position/try-tactic-margin-expected.txt
@@ -1,10 +1,10 @@
 
-FAIL CSS Anchor Positioning: try-tactic (margin) assert_equals: offsetLeft expected 45 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 1 assert_equals: offsetLeft expected 45 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 2 assert_equals: offsetLeft expected 325 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 3 assert_equals: offsetLeft expected 325 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 4 assert_equals: offsetLeft expected 25 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 5 assert_equals: offsetLeft expected 335 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 6 assert_equals: offsetLeft expected 25 but got 99999
-FAIL CSS Anchor Positioning: try-tactic (margin) 7 assert_equals: offsetLeft expected 335 but got 99999
+FAIL --pf assert_equals: offsetLeft expected 45 but got 99999
+FAIL --pf flip-block assert_equals: offsetLeft expected 45 but got 99999
+FAIL --pf flip-inline assert_equals: offsetLeft expected 325 but got 99999
+FAIL --pf flip-block flip-inline assert_equals: offsetLeft expected 325 but got 99999
+FAIL --pf flip-start assert_equals: offsetLeft expected 25 but got 99999
+FAIL --pf flip-block flip-start assert_equals: offsetLeft expected 335 but got 99999
+FAIL --pf flip-inline flip-start assert_equals: offsetLeft expected 25 but got 99999
+FAIL --pf flip-block flip-inline flip-start assert_equals: offsetLeft expected 335 but got 99999
 
diff --git a/Source/WebCore/css/ComputedStyleExtractor.cpp b/Source/WebCore/css/ComputedStyleExtractor.cpp
index 0b1b1ef635708..1d8fd63048713 100644
--- a/Source/WebCore/css/ComputedStyleExtractor.cpp
+++ b/Source/WebCore/css/ComputedStyleExtractor.cpp
@@ -1076,6 +1076,13 @@ static Ref<CSSValue> computedRotate(RenderObject* renderer, const RenderStyle& s
         CSSPrimitiveValue::create(rotate->y()), CSSPrimitiveValue::create(rotate->z()), WTFMove(angle));
 }
 
+static Ref<CSSPrimitiveValue> valueForScopedName(const Style::ScopedName& scopedName)
+{
+    if (scopedName.isIdentifier)
+        return CSSPrimitiveValue::createCustomIdent(scopedName.name);
+    return CSSPrimitiveValue::create(scopedName.name);
+}
+
 static Ref<CSSValue> valueForBoxShadow(const ShadowData* shadow, const RenderStyle& style)
 {
     if (!shadow)
@@ -1113,10 +1120,12 @@ static Ref<CSSValue> valueForPositionTryFallbacks(const Vector<PositionTryFallba
 
     CSSValueListBuilder list;
     for (auto& fallback : fallbacks) {
-        CSSValueListBuilder tacticsList;
+        CSSValueListBuilder singleFallbackList;
+        if (fallback.positionTryRuleName)
+            singleFallbackList.append(valueForScopedName(*fallback.positionTryRuleName));
         for (auto& tactic : fallback.tactics)
-            tacticsList.append(createConvertingToCSSValueID(tactic));
-        list.append(CSSValueList::createSpaceSeparated(tacticsList));
+            singleFallbackList.append(createConvertingToCSSValueID(tactic));
+        list.append(CSSValueList::createSpaceSeparated(singleFallbackList));
     }
 
     return CSSValueList::createCommaSeparated(WTFMove(list));
@@ -1625,13 +1634,6 @@ static Ref<CSSPrimitiveValue> valueForAnimationPlayState(AnimationPlayState play
     RELEASE_ASSERT_NOT_REACHED();
 }
 
-static Ref<CSSPrimitiveValue> valueForScopedName(const Style::ScopedName& scopedName)
-{
-    if (scopedName.isIdentifier)
-        return CSSPrimitiveValue::createCustomIdent(scopedName.name);
-    return CSSPrimitiveValue::create(scopedName.name);
-}
-
 static Ref<CSSValue> valueForAnimationTimeline(const RenderStyle& style, const Animation::Timeline& timeline)
 {
     auto valueForAnonymousScrollTimeline = [](const Animation::AnonymousScrollTimeline& anonymousScrollTimeline) {
diff --git a/Source/WebCore/css/parser/CSSPropertyParserConsumer+PositionTry.cpp b/Source/WebCore/css/parser/CSSPropertyParserConsumer+PositionTry.cpp
index 3c44efc0f63fb..ca2e37892b34f 100644
--- a/Source/WebCore/css/parser/CSSPropertyParserConsumer+PositionTry.cpp
+++ b/Source/WebCore/css/parser/CSSPropertyParserConsumer+PositionTry.cpp
@@ -36,19 +36,32 @@ namespace CSSPropertyParserHelpers {
 
 RefPtr<CSSValue> consumePositionTryFallbacks(CSSParserTokenRange& range, const CSSParserContext&)
 {
+    // none | [ [<dashed-ident> || <try-tactic>] | <'position-area'> ]#
+    // FIXME: Implement <'position-area'>
     if (auto result = consumeIdent<CSSValueNone>(range))
         return result;
 
     auto consume = [](CSSParserTokenRange& range) -> RefPtr<CSSValue> {
+        // [<dashed-ident> || <try-tactic>]
+        auto tryRuleIdent = consumeDashedIdentRaw(range);
+
         Vector<CSSValueID, 3> idents;
         while (auto ident = consumeIdentRaw<CSSValueFlipBlock, CSSValueFlipInline, CSSValueFlipStart>(range)) {
             if (idents.contains(*ident))
                 return nullptr;
             idents.append(*ident);
         }
+
         CSSValueListBuilder list;
         for (auto ident : idents)
             list.append(CSSPrimitiveValue::create(ident));
+
+        if (tryRuleIdent.isNull())
+            tryRuleIdent = consumeDashedIdentRaw(range);
+
+        if (!tryRuleIdent.isNull())
+            list.insert(0, CSSPrimitiveValue::createCustomIdent(tryRuleIdent));
+
         return CSSValueList::createSpaceSeparated(WTFMove(list));
     };
     return consumeCommaSeparatedListWithSingleValueOptimization(range, consume);
diff --git a/Source/WebCore/rendering/style/PositionTryFallback.h b/Source/WebCore/rendering/style/PositionTryFallback.h
index f2615e21c9992..533fe5728f760 100644
--- a/Source/WebCore/rendering/style/PositionTryFallback.h
+++ b/Source/WebCore/rendering/style/PositionTryFallback.h
@@ -25,12 +25,15 @@
 
 #pragma once
 
+#include "ScopedName.h"
 #include <wtf/text/AtomString.h>
 #include <wtf/text/TextStream.h>
 
 namespace WebCore {
 
 struct PositionTryFallback {
+    std::optional<Style::ScopedName> positionTryRuleName;
+
     enum class Tactic : uint8_t {
         FlipBlock,
         FlipInline,
diff --git a/Source/WebCore/style/StyleBuilderConverter.h b/Source/WebCore/style/StyleBuilderConverter.h
index ef9e4fb11b749..568959311bc13 100644
--- a/Source/WebCore/style/StyleBuilderConverter.h
+++ b/Source/WebCore/style/StyleBuilderConverter.h
@@ -2718,16 +2718,21 @@ inline NameScope BuilderConverter::convertNameScope(BuilderState& builderState,
     }) };
 }
 
-inline Vector<PositionTryFallback> BuilderConverter::convertPositionTryFallbacks(BuilderState&, const CSSValue& value)
+inline Vector<PositionTryFallback> BuilderConverter::convertPositionTryFallbacks(BuilderState& builderState, const CSSValue& value)
 {
     auto fallbackForValueList = [&](const CSSValueList& valueList) -> std::optional<PositionTryFallback> {
         if (valueList.separator() != CSSValueList::SpaceSeparator)
             return { };
 
-        auto tactics = WTF::map(valueList, [&](auto& item) {
-            return fromCSSValueID<PositionTryFallback::Tactic>(item.valueID());
-        });
-        return PositionTryFallback { .tactics = WTFMove(tactics) };
+        auto fallback = PositionTryFallback { };
+
+        for (auto& item : valueList) {
+            if (item.isCustomIdent())
+                fallback.positionTryRuleName = Style::ScopedName { AtomString { item.customIdent() }, builderState.styleScopeOrdinal() };
+            else
+                fallback.tactics.append(fromCSSValueID<PositionTryFallback::Tactic>(item.valueID()));
+        }
+        return fallback;
     };
 
     if (auto* primitiveValue = dynamicDowncast<CSSPrimitiveValue>(value)) {
diff --git a/Source/WebCore/style/StyleTreeResolver.cpp b/Source/WebCore/style/StyleTreeResolver.cpp
index 2b4198ac40c85..bfc2a87264959 100644
--- a/Source/WebCore/style/StyleTreeResolver.cpp
+++ b/Source/WebCore/style/StyleTreeResolver.cpp
@@ -1358,15 +1358,17 @@ std::optional<ResolvedStyle> TreeResolver::tryChoosePositionOption(const Styleab
 {
     // https://drafts.csswg.org/css-anchor-position-1/#fallback-apply
 
-    if (!existingStyle)
-        return { };
-
     auto optionIt = m_positionOptions.find(styleable.element);
     if (optionIt == m_positionOptions.end())
         return { };
 
     auto& options = optionIt->value;
 
+    if (!existingStyle) {
+        options.chosen = true;
+        return ResolvedStyle { RenderStyle::clonePtr(*options.originalStyle) };
+    }
+
     auto renderer = dynamicDowncast<RenderBox>(styleable.element.renderer());
     if (!renderer) {
         options.chosen = true;

From f35d14581734514f44bf60f05ca8089e3dee3fee Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 10:36:53 -0800
Subject: [PATCH 091/174] Address safer cpp failures in SubresourceLoader.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288277

Reviewed by Geoffrey Garen.

* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::SubresourceLoader):
(WebCore::SubresourceLoader::willSendRequestInternal):
(WebCore::SubresourceLoader::didReceiveResponse):
(WebCore::SubresourceLoader::reportResourceTiming):

Canonical link: https://commits.webkit.org/290912@main
---
 .../UncountedCallArgsCheckerExpectations          |  1 -
 .../UncountedLambdaCapturesCheckerExpectations    |  1 -
 Source/WebCore/loader/SubresourceLoader.cpp       | 15 ++++++++-------
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 6769a54aaa747..81eb300870b43 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -894,7 +894,6 @@ loader/PolicyChecker.cpp
 loader/ResourceLoadNotifier.cpp
 loader/ResourceLoader.cpp
 loader/SubframeLoader.cpp
-loader/SubresourceLoader.cpp
 loader/WorkerThreadableLoader.cpp
 loader/appcache/ApplicationCache.cpp
 loader/appcache/ApplicationCacheGroup.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 04582eb8d4158..dec6338efdf54 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -114,7 +114,6 @@ inspector/agents/page/PageDOMDebuggerAgent.cpp
 loader/FrameLoader.cpp
 loader/NetscapePlugInStreamLoader.cpp
 loader/ResourceLoader.cpp
-loader/SubresourceLoader.cpp
 page/EventSource.cpp
 page/ImageAnalysisQueue.cpp
 page/LocalDOMWindow.cpp
diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp
index 33f7cf09f718c..8d8b4d17eaa83 100644
--- a/Source/WebCore/loader/SubresourceLoader.cpp
+++ b/Source/WebCore/loader/SubresourceLoader.cpp
@@ -119,7 +119,7 @@ SubresourceLoader::SubresourceLoader(LocalFrame& frame, CachedResource& resource
     : ResourceLoader(frame, options)
     , m_resource(resource)
     , m_state(Uninitialized)
-    , m_requestCountTracker(std::in_place, frame.document()->cachedResourceLoader(), resource)
+    , m_requestCountTracker(std::in_place, frame.protectedDocument()->cachedResourceLoader(), resource)
 {
 #ifndef NDEBUG
     subresourceLoaderCounter.increment();
@@ -231,7 +231,7 @@ void SubresourceLoader::willSendRequestInternal(ResourceRequest&& newRequest, co
             return completionHandler(WTFMove(newRequest));
         }
 
-        ResourceLoader::willSendRequestInternal(WTFMove(newRequest), redirectResponse, [this, protectedThis = WTFMove(protectedThis), completionHandler = WTFMove(completionHandler), redirectResponse] (ResourceRequest&& request) mutable {
+        ResourceLoader::willSendRequestInternal(WTFMove(newRequest), redirectResponse, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), redirectResponse] (ResourceRequest&& request) mutable {
             tracePoint(SubresourceLoadWillStart, identifier() ? identifier()->toUInt64() : 0, PAGE_ID, FRAME_ID);
 
             if (reachedTerminalState()) {
@@ -336,7 +336,7 @@ void SubresourceLoader::willSendRequestInternal(ResourceRequest&& newRequest, co
             cancel();
             return completionHandler(WTFMove(newRequest));
         }
-        resource->redirectReceived(WTFMove(newRequest), redirectResponse, [this, protectedThis = WTFMove(protectedThis), completionHandler = WTFMove(completionHandler), continueWillSendRequest = WTFMove(continueWillSendRequest)] (ResourceRequest&& request) mutable {
+        resource->redirectReceived(WTFMove(newRequest), redirectResponse, [this, protectedThis = Ref { *this }, completionHandler = WTFMove(completionHandler), continueWillSendRequest = WTFMove(continueWillSendRequest)] (ResourceRequest&& request) mutable {
             SUBRESOURCELOADER_RELEASE_LOG(SUBRESOURCELOADER_WILLSENDREQUESTINTERNAL_RESOURCE_DONE_NOTIFYING_CLIENTS);
             continueWillSendRequest(WTFMove(completionHandler), WTFMove(request));
         });
@@ -490,7 +490,7 @@ void SubresourceLoader::didReceiveResponse(const ResourceResponse& response, Com
             if (resource) {
                 resource->responseReceived(m_previousPartResponse);
                 // The resource data will change as the next part is loaded, so we need to make a copy.
-                resource->finishLoading(resourceData()->copy().ptr(), { });
+                resource->finishLoading(protectedResourceData()->copy().ptr(), { });
             }
         }
         clearResourceData();
@@ -510,7 +510,7 @@ void SubresourceLoader::didReceiveResponse(const ResourceResponse& response, Com
     bool isResponseMultipart = response.isMultipart();
     if (options().mode != FetchOptions::Mode::Navigate && frame && frame->document())
         LinkLoader::loadLinksFromHeader(response.httpHeaderField(HTTPHeaderName::Link), protectedDocumentLoader()->url(), *frame->protectedDocument(), LinkLoader::MediaAttributeCheck::SkipMediaAttributeCheck);
-    ResourceLoader::didReceiveResponse(response, [this, protectedThis = WTFMove(protectedThis), isResponseMultipart, completionHandlerCaller = WTFMove(completionHandlerCaller)]() mutable {
+    ResourceLoader::didReceiveResponse(response, [this, protectedThis = Ref { *this }, isResponseMultipart, completionHandlerCaller = WTFMove(completionHandlerCaller)]() mutable {
         if (reachedTerminalState())
             return;
 
@@ -930,7 +930,8 @@ void SubresourceLoader::reportResourceTiming(const NetworkLoadMetrics& networkLo
     if (!resource || !ResourceTimingInformation::shouldAddResourceTiming(*resource))
         return;
 
-    RefPtr document = protectedDocumentLoader()->cachedResourceLoader().document();
+    RefPtr documentLoader = this->documentLoader();
+    RefPtr document = documentLoader->cachedResourceLoader().document();
     if (!document)
         return;
 
@@ -947,7 +948,7 @@ void SubresourceLoader::reportResourceTiming(const NetworkLoadMetrics& networkLo
     }
 
     ASSERT(options().initiatorContext == InitiatorContext::Document);
-    documentLoader()->protectedCachedResourceLoader()->resourceTimingInformation().addResourceTiming(*protectedCachedResource(), *document, WTFMove(resourceTiming));
+    documentLoader->protectedCachedResourceLoader()->resourceTimingInformation().addResourceTiming(*protectedCachedResource(), *document, WTFMove(resourceTiming));
 }
 
 const HTTPHeaderMap* SubresourceLoader::originalHeaders() const

From 49c3a261490aec6dcf7ce8b4f6b5880009dabe07 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 10:39:06 -0800
Subject: [PATCH 092/174] Address safer cpp failures in RenderView.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288295

Reviewed by Alan Baradlay.

* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/platform/ScrollView.h:
(WebCore::ScrollView::protectedHorizontalScrollbar const):
(WebCore::ScrollView::protectedVerticalScrollbar const):
* Source/WebCore/rendering/RenderView.cpp:
(WebCore::RenderView::styleDidChange):
(WebCore::RenderView::updateQuirksMode):
(WebCore::RenderView::updateInitialContainingBlockSize):
(WebCore::RenderView::clientLogicalWidthForFixedPosition const):
(WebCore::RenderView::clientLogicalHeightForFixedPosition const):
(WebCore::RenderView::rendererForRootBackground const):
(WebCore::RenderView::paintBoxDecorations):
(WebCore::RenderView::repaintViewRectangle const):
(WebCore::RenderView::shouldUsePrintingLayout const):
(WebCore::RenderView::shouldPaintBaseBackground const):
(WebCore::RenderView::rootElementShouldPaintBaseBackground const):
(WebCore::RenderView::updatePlayStateForAllAnimations):
(WebCore::RenderView::RepaintRegionAccumulator::RepaintRegionAccumulator):
* Source/WebCore/rendering/RenderViewTransitionCapture.cpp:
(WebCore::RenderViewTransitionCapture::paintReplaced):

Canonical link: https://commits.webkit.org/290913@main
---
 .../UncheckedCallArgsCheckerExpectations      |  1 -
 .../UncheckedLocalVarsCheckerExpectations     |  1 -
 .../UncountedCallArgsCheckerExpectations      |  2 -
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 Source/WebCore/platform/ScrollView.h          |  2 +
 Source/WebCore/rendering/RenderView.cpp       | 62 ++++++++++---------
 .../rendering/RenderViewTransitionCapture.cpp |  4 +-
 7 files changed, 36 insertions(+), 37 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
index 604ca3e756079..3a986347f7605 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
@@ -84,7 +84,6 @@ rendering/RenderScrollbar.cpp
 rendering/RenderScrollbarPart.cpp
 rendering/RenderSearchField.cpp
 rendering/RenderTreeAsText.cpp
-rendering/RenderView.cpp
 rendering/RenderWidget.cpp
 rendering/svg/RenderSVGRoot.cpp
 rendering/svg/SVGPaintServerHandling.h
diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
index 5eb643b6cb2a4..39370d775f7dc 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
@@ -69,7 +69,6 @@ rendering/RenderObject.cpp
 rendering/RenderReplaced.cpp
 rendering/RenderTextControlSingleLine.cpp
 rendering/RenderTreeAsText.cpp
-rendering/RenderView.cpp
 rendering/RenderWidget.cpp
 style/StyleResolver.cpp
 testing/Internals.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 81eb300870b43..fa7fee285987f 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1213,8 +1213,6 @@ rendering/RenderTheme.cpp
 rendering/RenderTreeAsText.cpp
 rendering/RenderVTTCue.cpp
 rendering/RenderVideo.cpp
-rendering/RenderView.cpp
-rendering/RenderViewTransitionCapture.cpp
 rendering/RenderWidget.cpp
 rendering/TextBoxPainter.cpp
 rendering/TextPaintStyle.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 2e5bf5106a97d..16b3179ffa68b 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -664,7 +664,6 @@ rendering/RenderTextControlSingleLine.cpp
 rendering/RenderTextControlSingleLine.h
 rendering/RenderTheme.cpp
 rendering/RenderTreeAsText.cpp
-rendering/RenderView.cpp
 rendering/RenderWidget.cpp
 rendering/TextBoxPainter.cpp
 rendering/TextPaintStyle.cpp
diff --git a/Source/WebCore/platform/ScrollView.h b/Source/WebCore/platform/ScrollView.h
index a62886706a2c9..46ecf0d94cc31 100644
--- a/Source/WebCore/platform/ScrollView.h
+++ b/Source/WebCore/platform/ScrollView.h
@@ -109,7 +109,9 @@ class ScrollView : public Widget, public ScrollableArea, public CanMakeCheckedPt
     // If the scroll view does not use a native widget, then it will have cross-platform Scrollbars. These functions
     // can be used to obtain those scrollbars.
     Scrollbar* horizontalScrollbar() const final { return m_horizontalScrollbar.get(); }
+    RefPtr<Scrollbar> protectedHorizontalScrollbar() const { return horizontalScrollbar(); }
     Scrollbar* verticalScrollbar() const final { return m_verticalScrollbar.get(); }
+    RefPtr<Scrollbar> protectedVerticalScrollbar() const { return verticalScrollbar(); }
     bool isScrollViewScrollbar(const Widget* child) const { return horizontalScrollbar() == child || verticalScrollbar() == child; }
 
     void positionScrollbarLayers();
diff --git a/Source/WebCore/rendering/RenderView.cpp b/Source/WebCore/rendering/RenderView.cpp
index 12f8d043564d3..414c6ee014c50 100644
--- a/Source/WebCore/rendering/RenderView.cpp
+++ b/Source/WebCore/rendering/RenderView.cpp
@@ -124,7 +124,7 @@ void RenderView::styleDidChange(StyleDifference diff, const RenderStyle* oldStyl
     }
 
     if (directionChanged)
-        frameView().topContentDirectionDidChange();
+        protectedFrameView()->topContentDirectionDidChange();
 }
 
 RenderBox::LogicalExtentComputedValues RenderView::computeLogicalHeight(LayoutUnit logicalHeight, LayoutUnit) const
@@ -211,13 +211,13 @@ void RenderView::layout()
 
 void RenderView::updateQuirksMode()
 {
-    m_layoutState->updateQuirksMode(document());
+    m_layoutState->updateQuirksMode(protectedDocument());
 }
 
 void RenderView::updateInitialContainingBlockSize()
 {
     // Initial containing block has no margin/padding/border.
-    m_layoutState->ensureGeometryForBox(m_initialContainingBlock).setContentBoxSize(frameView().size());
+    m_layoutState->ensureGeometryForBox(m_initialContainingBlock).setContentBoxSize(protectedFrameView()->size());
 }
 
 LayoutUnit RenderView::pageOrViewLogicalHeight() const
@@ -237,7 +237,7 @@ LayoutUnit RenderView::clientLogicalWidthForFixedPosition() const
 {
     Ref frameView = this->frameView();
     if (frameView->fixedElementsLayoutRelativeToFrame())
-        return LayoutUnit((isHorizontalWritingMode() ? frameView->visibleWidth() : frameView->visibleHeight()) / frameView->frame().frameScaleFactor());
+        return LayoutUnit((isHorizontalWritingMode() ? frameView->visibleWidth() : frameView->visibleHeight()) / frameView->protectedFrame()->frameScaleFactor());
 
 #if PLATFORM(IOS_FAMILY)
     if (frameView->useCustomFixedPositionLayoutRect())
@@ -254,7 +254,7 @@ LayoutUnit RenderView::clientLogicalHeightForFixedPosition() const
 {
     Ref frameView = this->frameView();
     if (frameView->fixedElementsLayoutRelativeToFrame())
-        return LayoutUnit((isHorizontalWritingMode() ? frameView->visibleHeight() : frameView->visibleWidth()) / frameView->frame().frameScaleFactor());
+        return LayoutUnit((isHorizontalWritingMode() ? frameView->visibleHeight() : frameView->visibleWidth()) / frameView->protectedFrame()->frameScaleFactor());
 
 #if PLATFORM(IOS_FAMILY)
     if (frameView->useCustomFixedPositionLayoutRect())
@@ -361,7 +361,7 @@ RenderElement* RenderView::rendererForRootBackground() const
     if (documentRenderer.shouldApplyAnyContainment())
         return nullptr;
 
-    if (auto* body = document().body()) {
+    if (RefPtr body = protectedDocument()->body()) {
         if (auto* renderer = body->renderer()) {
             if (!renderer->shouldApplyAnyContainment())
                 return renderer;
@@ -405,7 +405,8 @@ void RenderView::paintBoxDecorations(PaintInfo& paintInfo, const LayoutPoint&)
     // layers with reflections, or transformed layers.
     // FIXME: This needs to be dynamic.  We should be able to go back to blitting if we ever stop being inside
     // a transform, transparency layer, etc.
-    for (HTMLFrameOwnerElement* element = document().ownerElement(); element && element->renderer(); element = element->document().ownerElement()) {
+    Ref document = this->document();
+    for (RefPtr element = document->ownerElement(); element && element->renderer(); element = element->protectedDocument()->ownerElement()) {
         RenderLayer* layer = element->renderer()->enclosingLayer();
         if (layer->cannotBlitToWindow()) {
             protectedFrameView()->setCannotBlitToWindow();
@@ -429,7 +430,7 @@ void RenderView::paintBoxDecorations(PaintInfo& paintInfo, const LayoutPoint&)
     bool rootFillsViewport = false;
     bool rootObscuresBackground = false;
     auto shouldPropagateBackgroundPaintingToInitialContainingBlock = true;
-    Element* documentElement = document().documentElement();
+    RefPtr documentElement = document->documentElement();
     if (RenderElement* rootRenderer = documentElement ? documentElement->renderer() : nullptr) {
         // The document element's renderer is currently forced to be a block, but may not always be.
         auto* rootBox = dynamicDowncast<RenderBox>(*rootRenderer);
@@ -440,7 +441,7 @@ void RenderView::paintBoxDecorations(PaintInfo& paintInfo, const LayoutPoint&)
 
     compositor().rootBackgroundColorOrTransparencyChanged();
 
-    Page* page = document().page();
+    RefPtr page = document->page();
     float pageScaleFactor = page ? page->pageScaleFactor() : 1;
 
     // If painting will entirely fill the view, no need to fill the background.
@@ -494,7 +495,8 @@ void RenderView::repaintViewRectangle(const LayoutRect& repaintRect) const
 
     // FIXME: enclosingRect is needed as long as we integral snap ScrollView/FrameView/RenderWidget size/position.
     auto enclosingRect = enclosingIntRect(repaintRect);
-    if (auto ownerElement = document().ownerElement()) {
+    Ref document = this->document();
+    if (RefPtr ownerElement = document->ownerElement()) {
         auto* ownerBox = ownerElement->renderBox();
         if (!ownerBox)
             return;
@@ -519,13 +521,13 @@ void RenderView::repaintViewRectangle(const LayoutRect& repaintRect) const
         // left scrollbar (if one exists).
         Ref frameView = this->frameView();
         if (frameView->shouldPlaceVerticalScrollbarOnLeft() && frameView->verticalScrollbar())
-            adjustedRect.move(LayoutSize(frameView->verticalScrollbar()->occupiedWidth(), 0));
+            adjustedRect.move(LayoutSize(frameView->protectedVerticalScrollbar()->occupiedWidth(), 0));
 
         ownerBox->repaintRectangle(adjustedRect);
         return;
     }
 
-    protectedFrameView()->addTrackedRepaintRect(snapRectToDevicePixels(repaintRect, document().deviceScaleFactor()));
+    protectedFrameView()->addTrackedRepaintRect(snapRectToDevicePixels(repaintRect, document->deviceScaleFactor()));
     if (!m_accumulatedRepaintRegion) {
         protectedFrameView()->repaintContentRectangle(enclosingRect);
         return;
@@ -578,7 +580,7 @@ auto RenderView::computeVisibleRectsInContainer(const RepaintRects& rects, const
 
     // Apply our transform if we have one (because of full page zooming).
     if (!container && hasLayer() && layer()->transform())
-        adjustedRects.transform(*layer()->transform(), document().deviceScaleFactor());
+        adjustedRects.transform(*layer()->transform(), protectedDocument()->deviceScaleFactor());
 
     return adjustedRects;
 }
@@ -613,7 +615,7 @@ bool RenderView::shouldUsePrintingLayout() const
 {
     if (!printing())
         return false;
-    return protectedFrameView()->frame().shouldUsePrintingLayout();
+    return protectedFrameView()->protectedFrame()->shouldUsePrintingLayout();
 }
 
 LayoutRect RenderView::viewRect() const
@@ -639,13 +641,13 @@ bool RenderView::rootBackgroundIsEntirelyFixed() const
 
 bool RenderView::shouldPaintBaseBackground() const
 {
-    auto& document = this->document();
-    auto& frameView = this->frameView();
-    auto* ownerElement = document.ownerElement();
+    Ref document = this->document();
+    Ref frameView = this->frameView();
+    RefPtr ownerElement = document->ownerElement();
 
     // Fill with a base color if we're the root document.
-    if (frameView.frame().isMainFrame())
-        return !frameView.isTransparent();
+    if (frameView->frame().isMainFrame())
+        return !frameView->isTransparent();
 
     if (ownerElement && ownerElement->hasTagName(HTMLNames::frameTag))
         return true;
@@ -654,11 +656,11 @@ bool RenderView::shouldPaintBaseBackground() const
     // to crawl around a render tree with potential :before/:after content and
     // anonymous blocks created by inline <body> tags etc. We can locate the <body>
     // render object very easily via the DOM.
-    auto* body = document.bodyOrFrameset();
+    RefPtr body = document->bodyOrFrameset();
 
     // SVG documents and XML documents with SVG root nodes are transparent.
     if (!body)
-        return !document.hasSVGRootNode();
+        return !document->hasSVGRootNode();
 
     // Can't scroll a frameset document anyway.
     if (is<HTMLFrameSetElement>(*body))
@@ -671,15 +673,15 @@ bool RenderView::shouldPaintBaseBackground() const
     // iframes should fill with a base color if the used color scheme of the
     // element and the used color scheme of the embedded document’s root
     // element do not match.
-    if (frameView.useDarkAppearance() != frameRenderer->useDarkAppearance())
-        return !frameView.isTransparent();
+    if (frameView->useDarkAppearance() != frameRenderer->useDarkAppearance())
+        return !frameView->isTransparent();
 
     return false;
 }
 
 bool RenderView::rootElementShouldPaintBaseBackground() const
 {
-    auto* documentElement = document().documentElement();
+    RefPtr documentElement = document().documentElement();
     if (RenderElement* rootRenderer = documentElement ? documentElement->renderer() : nullptr) {
         // The document element's renderer is currently forced to be a block, but may not always be.
         auto* rootBox = dynamicDowncast<RenderBox>(*rootRenderer);
@@ -960,8 +962,8 @@ void RenderView::updatePlayStateForAllAnimations(const IntRect& visibleRect)
                 return;
 
             bool hasPausedAnimation = renderElement.hasPausedImageAnimations();
-            auto* image = cachedImage->image();
-            if (auto* svgImage = dynamicDowncast<SVGImage>(image)) {
+            RefPtr image = cachedImage->image();
+            if (RefPtr svgImage = dynamicDowncast<SVGImage>(image.get())) {
                 if (shouldAnimate && hasPausedAnimation) {
                     svgImage->resumeAnimation();
                     removeRendererWithPausedImageAnimations(renderElement, *cachedImage);
@@ -971,7 +973,7 @@ void RenderView::updatePlayStateForAllAnimations(const IntRect& visibleRect)
                 }
             } else if (image && image->isAnimated()) {
                 // Override any individual animation play state that may have been set.
-                if (auto* imageElement = dynamicDowncast<HTMLImageElement>(renderElement.element()))
+                if (RefPtr imageElement = dynamicDowncast<HTMLImageElement>(renderElement.element()))
                     imageElement->setAllowsAnimation(std::nullopt);
                 else
                     image->setAllowsAnimation(std::nullopt);
@@ -987,7 +989,7 @@ void RenderView::updatePlayStateForAllAnimations(const IntRect& visibleRect)
             }
         };
 
-        for (const auto* layer = &renderElement.style().backgroundLayers(); layer; layer = layer->next())
+        for (RefPtr layer = &renderElement.style().backgroundLayers(); layer; layer = layer->next())
             updateAnimation(layer->image() ? layer->image()->cachedImage() : nullptr);
 
         if (auto* renderImage = dynamicDowncast<RenderImage>(renderElement))
@@ -996,7 +998,7 @@ void RenderView::updatePlayStateForAllAnimations(const IntRect& visibleRect)
         if (needsRepaint)
             renderElement.repaint();
 
-        if (auto* svgSvgElement = svgSvgElementFrom(renderElement)) {
+        if (RefPtr svgSvgElement = svgSvgElementFrom(renderElement)) {
             if (shouldAnimate) {
                 svgSvgElement->unpauseAnimations();
                 m_SVGSVGElementsWithPausedImageAnimation.remove(*svgSvgElement);
@@ -1014,7 +1016,7 @@ RenderView::RepaintRegionAccumulator::RepaintRegionAccumulator(RenderView* view)
     if (!view)
         return;
 
-    if (!view->document().isTopDocument())
+    if (!view->protectedDocument()->isTopDocument())
         return;
 
     m_wasAccumulatingRepaintRegion = !!view->m_accumulatedRepaintRegion;
diff --git a/Source/WebCore/rendering/RenderViewTransitionCapture.cpp b/Source/WebCore/rendering/RenderViewTransitionCapture.cpp
index 3ff65b6526189..942acbe6cfe5c 100644
--- a/Source/WebCore/rendering/RenderViewTransitionCapture.cpp
+++ b/Source/WebCore/rendering/RenderViewTransitionCapture.cpp
@@ -85,8 +85,8 @@ void RenderViewTransitionCapture::paintReplaced(PaintInfo& paintInfo, const Layo
     FloatRect paintRect = m_localOverflowRect;
 
     InterpolationQualityMaintainer interpolationMaintainer(context, ImageQualityController::interpolationQualityFromStyle(style()));
-    if (m_oldImage)
-        context.drawImageBuffer(*m_oldImage, paintRect, { context.compositeOperation() });
+    if (RefPtr oldImage = m_oldImage)
+        context.drawImageBuffer(*oldImage, paintRect, { context.compositeOperation() });
 }
 
 void RenderViewTransitionCapture::layout()

From 1cc5b31dc23a8b0fde32278dbf4dc841ef04d3b0 Mon Sep 17 00:00:00 2001
From: Youenn Fablet <youenn@apple.com>
Date: Sun, 23 Feb 2025 11:11:51 -0800
Subject: [PATCH 093/174] MediaStreamTrack backgroundBlur setting is never
 updated rdar://145280495 https://bugs.webkit.org/show_bug.cgi?id=287692

Reviewed by Eric Carlson.

In case of configuration change for video tracks, we need to reset the settings to be able to get the new settings.

Updated mock infrastructure to test this.

* LayoutTests/fast/mediastream/getDisplayMedia-max-constraints4.html:
* LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html:
* LayoutTests/fast/mediastream/mediastreamtrack-configurationchange-expected.txt:
* LayoutTests/fast/mediastream/mediastreamtrack-configurationchange.html:
* Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.cpp:
(WebCore::MockRealtimeMediaSourceCenter::triggerMockCaptureConfigurationChange):
* Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.h:
* Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp:
(WebCore::MockRealtimeVideoSource::triggerCameraConfigurationChange):
* Source/WebCore/platform/mock/MockRealtimeVideoSource.h:
* Source/WebKit/GPUProcess/GPUProcess.cpp:
(WebKit::GPUProcess::triggerMockCaptureConfigurationChange):
* Source/WebKit/GPUProcess/GPUProcess.h:
* Source/WebKit/GPUProcess/GPUProcess.messages.in:
* Source/WebKit/UIProcess/API/C/WKPage.cpp:
(WKPageTriggerMockCaptureConfigurationChange):
* Source/WebKit/UIProcess/API/C/WKPagePrivate.h:
* Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
(WebKit::GPUProcessProxy::triggerMockCaptureConfigurationChange):
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.h:
* Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::triggerMockCaptureConfigurationChange):
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::triggerMockCaptureConfigurationChange):
* Tools/WebKitTestRunner/TestController.h:
* Tools/WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

Canonical link: https://commits.webkit.org/290914@main
---
 .../getDisplayMedia-max-constraints4.html     |  2 +-
 .../getDisplayMedia-max-constraints5.html     |  2 +-
 ...reamtrack-configurationchange-expected.txt |  1 +
 .../mediastreamtrack-configurationchange.html | 26 ++++++++++++++++++-
 .../mock/MockRealtimeMediaSourceCenter.cpp    |  5 +++-
 .../mock/MockRealtimeMediaSourceCenter.h      |  2 +-
 .../platform/mock/MockRealtimeVideoSource.cpp | 17 ++++++++++++
 .../platform/mock/MockRealtimeVideoSource.h   |  1 +
 Source/WebKit/GPUProcess/GPUProcess.cpp       |  4 +--
 Source/WebKit/GPUProcess/GPUProcess.h         |  2 +-
 .../WebKit/GPUProcess/GPUProcess.messages.in  |  2 +-
 Source/WebKit/UIProcess/API/C/WKPage.cpp      |  6 ++---
 Source/WebKit/UIProcess/API/C/WKPagePrivate.h |  2 +-
 .../Cocoa/UserMediaCaptureManagerProxy.cpp    |  1 +
 .../WebKit/UIProcess/GPU/GPUProcessProxy.cpp  |  4 +--
 Source/WebKit/UIProcess/GPU/GPUProcessProxy.h |  2 +-
 .../InjectedBundle/Bindings/TestRunner.idl    |  2 +-
 .../InjectedBundle/TestRunner.cpp             |  3 ++-
 .../InjectedBundle/TestRunner.h               |  2 +-
 Tools/WebKitTestRunner/TestController.cpp     |  4 +--
 Tools/WebKitTestRunner/TestController.h       |  2 +-
 Tools/WebKitTestRunner/TestInvocation.cpp     |  3 ++-
 22 files changed, 72 insertions(+), 23 deletions(-)

diff --git a/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints4.html b/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints4.html
index 2d620b7e5ebc0..6920ecb4facc2 100644
--- a/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints4.html
+++ b/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints4.html
@@ -29,7 +29,7 @@
         setTimeout(() => reject("configuration change timeout"), 5000);
     });
     if (window.testRunner)
-        testRunner.triggerMockCaptureConfigurationChange(false, true);
+        testRunner.triggerMockCaptureConfigurationChange(false, false, true);
     await promise;
 
     let videoFrame2;
diff --git a/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html b/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html
index 0ca431853982f..9c704eb2af453 100644
--- a/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html
+++ b/LayoutTests/fast/mediastream/getDisplayMedia-max-constraints5.html
@@ -38,7 +38,7 @@
     });
 
     if (window.testRunner)
-         testRunner.triggerMockCaptureConfigurationChange(false, true);
+         testRunner.triggerMockCaptureConfigurationChange(false, false, true);
      await promise;
 
     await validateSize(test, stream, 3000, 1687, "new video original")
diff --git a/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange-expected.txt b/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange-expected.txt
index 9764691bb5705..59f6d148853f6 100644
--- a/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange-expected.txt
+++ b/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange-expected.txt
@@ -1,4 +1,5 @@
 
 
 PASS Trigger configurationchange event in case OS changes microphone on its own
+PASS Trigger configurationchange event in case background blur changes
 
diff --git a/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange.html b/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange.html
index a8cf47676c2de..ba62b1fbe16c3 100644
--- a/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange.html
+++ b/LayoutTests/fast/mediastream/mediastreamtrack-configurationchange.html
@@ -21,7 +21,7 @@
 
         assert_equals(track.label, "Mock audio device 1");
 
-        testRunner.triggerMockCaptureConfigurationChange(true, false);
+        testRunner.triggerMockCaptureConfigurationChange(false, true, false);
 
         await new Promise((resolve, reject) => {
             track.onconfigurationchange = resolve;
@@ -33,6 +33,30 @@
         await new Promise(resolve => setTimeout(resolve, 2000));
         assert_equals(track.readyState, "live");
     }, "Trigger configurationchange event in case OS changes microphone on its own");
+
+    promise_test(async (t) => {
+        if (!window.testRunner)
+            return;
+
+        const stream = await navigator.mediaDevices.getUserMedia({ video: true });
+        const track = stream.getVideoTracks()[0];
+
+        video.srcObject = stream;
+        await video.play();
+
+        assert_false(track.getSettings().backgroundBlur);
+        assert_array_equals(track.getCapabilities().backgroundBlur, [false]);
+
+        testRunner.triggerMockCaptureConfigurationChange(true, false, false);
+
+        await new Promise((resolve, reject) => {
+            track.onconfigurationchange = resolve;
+            setTimeout(()=> reject("waited too long for configurationchange"), 5000);
+        });
+
+        assert_true(track.getSettings().backgroundBlur);
+        assert_array_equals(track.getCapabilities().backgroundBlur, [true]);
+    }, "Trigger configurationchange event in case background blur changes");
     </script>
 </body>
 </html>
diff --git a/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.cpp b/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.cpp
index 419f3ca8eb8ac..7c6dc0fa6813b 100644
--- a/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.cpp
+++ b/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.cpp
@@ -433,8 +433,11 @@ void MockRealtimeMediaSourceCenter::setMockCaptureDevicesInterrupted(bool isCame
     MockRealtimeAudioSource::setIsInterrupted(isMicrophoneInterrupted);
 }
 
-void MockRealtimeMediaSourceCenter::triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+void MockRealtimeMediaSourceCenter::triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
 {
+    if (forCamera)
+        MockRealtimeVideoSource::triggerCameraConfigurationChange();
+
 #if PLATFORM(COCOA)
     if (forMicrophone) {
         auto devices = audioCaptureDeviceManager().captureDevices();
diff --git a/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.h b/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.h
index bcdf09de9c354..a8454d3a146fb 100644
--- a/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.h
+++ b/Source/WebCore/platform/mock/MockRealtimeMediaSourceCenter.h
@@ -50,7 +50,7 @@ class MockRealtimeMediaSourceCenter {
     WEBCORE_EXPORT static void resetDevices();
     WEBCORE_EXPORT static void setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted);
 
-    WEBCORE_EXPORT void triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay);
+    WEBCORE_EXPORT void triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay);
 
     void setMockAudioCaptureEnabled(bool isEnabled) { m_isMockAudioCaptureEnabled = isEnabled; }
     void setMockVideoCaptureEnabled(bool isEnabled) { m_isMockVideoCaptureEnabled = isEnabled; }
diff --git a/Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp b/Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp
index 001f5a1965e5f..b84bf40445744 100644
--- a/Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp
+++ b/Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp
@@ -772,6 +772,23 @@ void MockRealtimeVideoSource::setIsInterrupted(bool isInterrupted)
     }
 }
 
+void MockRealtimeVideoSource::triggerCameraConfigurationChange()
+{
+    for (auto& source : allMockRealtimeVideoSource()) {
+        if (!source.isProducingData() || source.deviceType() != CaptureDevice::DeviceType::Camera)
+            continue;
+
+        std::get<MockCameraProperties>(source.m_device.properties).hasBackgroundBlur = !std::get<MockCameraProperties>(source.m_device.properties).hasBackgroundBlur;
+
+        source.m_currentSettings = { };
+        source.m_capabilities = { };
+
+        source.forEachObserver([](auto& observer) {
+            observer.sourceConfigurationChanged();
+        });
+    }
+}
+
 void MockRealtimeVideoSource::startApplyingConstraints()
 {
     ASSERT(!m_beingConfigured);
diff --git a/Source/WebCore/platform/mock/MockRealtimeVideoSource.h b/Source/WebCore/platform/mock/MockRealtimeVideoSource.h
index 9c6e264bb4dbe..1178a61373bf5 100644
--- a/Source/WebCore/platform/mock/MockRealtimeVideoSource.h
+++ b/Source/WebCore/platform/mock/MockRealtimeVideoSource.h
@@ -55,6 +55,7 @@ class MockRealtimeVideoSource : public RealtimeVideoCaptureSource, private Orien
     virtual ~MockRealtimeVideoSource();
 
     static void setIsInterrupted(bool);
+    static void triggerCameraConfigurationChange();
 
     ImageBuffer* imageBuffer();
 
diff --git a/Source/WebKit/GPUProcess/GPUProcess.cpp b/Source/WebKit/GPUProcess/GPUProcess.cpp
index 0dea121263139..41ca968041afb 100644
--- a/Source/WebKit/GPUProcess/GPUProcess.cpp
+++ b/Source/WebKit/GPUProcess/GPUProcess.cpp
@@ -468,9 +468,9 @@ void GPUProcess::setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool
     WebCore::MockRealtimeMediaSourceCenter::setMockCaptureDevicesInterrupted(isCameraInterrupted, isMicrophoneInterrupted);
 }
 
-void GPUProcess::triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+void GPUProcess::triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
 {
-    WebCore::MockRealtimeMediaSourceCenter::singleton().triggerMockCaptureConfigurationChange(forMicrophone, forDisplay);
+    WebCore::MockRealtimeMediaSourceCenter::singleton().triggerMockCaptureConfigurationChange(forCamera, forMicrophone, forDisplay);
 }
 
 void GPUProcess::setShouldListenToVoiceActivity(bool shouldListen)
diff --git a/Source/WebKit/GPUProcess/GPUProcess.h b/Source/WebKit/GPUProcess/GPUProcess.h
index 2613ff14c0c22..36d7e5818504a 100644
--- a/Source/WebKit/GPUProcess/GPUProcess.h
+++ b/Source/WebKit/GPUProcess/GPUProcess.h
@@ -207,7 +207,7 @@ class GPUProcess final : public AuxiliaryProcess, public ThreadSafeRefCounted<GP
     void setMockMediaDeviceIsEphemeral(const String&, bool);
     void resetMockMediaDevices();
     void setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted);
-    void triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay);
+    void triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay);
     void setShouldListenToVoiceActivity(bool);
 #endif
 #if HAVE(SCREEN_CAPTURE_KIT)
diff --git a/Source/WebKit/GPUProcess/GPUProcess.messages.in b/Source/WebKit/GPUProcess/GPUProcess.messages.in
index 20060ffbf69b4..c632f7d4113d5 100644
--- a/Source/WebKit/GPUProcess/GPUProcess.messages.in
+++ b/Source/WebKit/GPUProcess/GPUProcess.messages.in
@@ -55,7 +55,7 @@ messages -> GPUProcess : AuxiliaryProcess {
     SetMockMediaDeviceIsEphemeral(String persistentId, bool isEphemeral)
     ResetMockMediaDevices()
     SetMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted)
-    TriggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+    TriggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
     SetShouldListenToVoiceActivity(bool shouldListen)
     EnableMicrophoneMuteStatusAPI()
 #endif
diff --git a/Source/WebKit/UIProcess/API/C/WKPage.cpp b/Source/WebKit/UIProcess/API/C/WKPage.cpp
index 261d3064b6cdc..2e9502e5767eb 100644
--- a/Source/WebKit/UIProcess/API/C/WKPage.cpp
+++ b/Source/WebKit/UIProcess/API/C/WKPage.cpp
@@ -3373,11 +3373,11 @@ void WKPageSetMockCaptureDevicesInterrupted(WKPageRef pageRef, bool isCameraInte
 #endif
 }
 
-void WKPageTriggerMockCaptureConfigurationChange(WKPageRef pageRef, bool forMicrophone, bool forDisplay)
+void WKPageTriggerMockCaptureConfigurationChange(WKPageRef pageRef, bool forCamera, bool forMicrophone, bool forDisplay)
 {
     CRASH_IF_SUSPENDED;
 #if ENABLE(MEDIA_STREAM)
-    MockRealtimeMediaSourceCenter::singleton().triggerMockCaptureConfigurationChange(forMicrophone, forDisplay);
+    MockRealtimeMediaSourceCenter::singleton().triggerMockCaptureConfigurationChange(forCamera, forMicrophone, forDisplay);
 
 #if ENABLE(GPU_PROCESS)
     auto preferences = toImpl(pageRef)->protectedPreferences();
@@ -3385,7 +3385,7 @@ void WKPageTriggerMockCaptureConfigurationChange(WKPageRef pageRef, bool forMicr
         return;
 
     auto& gpuProcess = toImpl(pageRef)->configuration().processPool().ensureGPUProcess();
-    gpuProcess.triggerMockCaptureConfigurationChange(forMicrophone, forDisplay);
+    gpuProcess.triggerMockCaptureConfigurationChange(forCamera, forMicrophone, forDisplay);
 #endif // ENABLE(GPU_PROCESS)
 
 #endif // ENABLE(MEDIA_STREAM)
diff --git a/Source/WebKit/UIProcess/API/C/WKPagePrivate.h b/Source/WebKit/UIProcess/API/C/WKPagePrivate.h
index 2e88e31c04429..baa9438e07137 100644
--- a/Source/WebKit/UIProcess/API/C/WKPagePrivate.h
+++ b/Source/WebKit/UIProcess/API/C/WKPagePrivate.h
@@ -210,7 +210,7 @@ WK_EXPORT void WKPageSetPrivateClickMeasurementAppBundleIDForTesting(WKPageRef p
 WK_EXPORT void WKPageSetMockCameraOrientationForTesting(WKPageRef page, uint64_t rotation, WKStringRef persistentId);
 WK_EXPORT bool WKPageIsMockRealtimeMediaSourceCenterEnabled(WKPageRef page);
 WK_EXPORT void WKPageSetMockCaptureDevicesInterrupted(WKPageRef page, bool isCameraInterrupted, bool isMicrophoneInterrupted);
-WK_EXPORT void WKPageTriggerMockCaptureConfigurationChange(WKPageRef page, bool forMicrophone, bool forDisplay);
+WK_EXPORT void WKPageTriggerMockCaptureConfigurationChange(WKPageRef page, bool forCamera, bool forMicrophone, bool forDisplay);
 
 typedef void (*WKPageLoadedSubresourceDomainsFunction)(WKArrayRef domains, void* functionContext);
 WK_EXPORT void WKPageLoadedSubresourceDomains(WKPageRef page, WKPageLoadedSubresourceDomainsFunction callback, void* callbackContext);
diff --git a/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp b/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
index 015295accc1f2..0e6845da33ffb 100644
--- a/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
+++ b/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
@@ -337,6 +337,7 @@ class UserMediaCaptureManagerProxySourceProxy final
             source->addVideoFrameObserver(*this, { m_widthConstraint, m_heightConstraint }, m_frameRateConstraint);
         }
 
+        m_settings = { };
         protectedConnection()->send(Messages::UserMediaCaptureManager::SourceConfigurationChanged(m_id, source->persistentID(), settings(), source->capabilities()), 0);
     }
 
diff --git a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
index e5684f545c317..dc8bebfee5421 100644
--- a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
+++ b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
@@ -467,9 +467,9 @@ void GPUProcessProxy::setMockCaptureDevicesInterrupted(bool isCameraInterrupted,
     send(Messages::GPUProcess::SetMockCaptureDevicesInterrupted { isCameraInterrupted, isMicrophoneInterrupted }, 0);
 }
 
-void GPUProcessProxy::triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+void GPUProcessProxy::triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
 {
-    send(Messages::GPUProcess::TriggerMockCaptureConfigurationChange { forMicrophone, forDisplay }, 0);
+    send(Messages::GPUProcess::TriggerMockCaptureConfigurationChange { forCamera, forMicrophone, forDisplay }, 0);
 }
 
 void GPUProcessProxy::setShouldListenToVoiceActivity(const WebPageProxy& proxy, bool shouldListen)
diff --git a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
index 39051cccbf92e..cd17f48052cc1 100644
--- a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
+++ b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
@@ -111,7 +111,7 @@ class GPUProcessProxy final : public AuxiliaryProcessProxy {
     void setMockMediaDeviceIsEphemeral(const String&, bool);
     void resetMockMediaDevices();
     void setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted);
-    void triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay);
+    void triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay);
     void updateSandboxAccess(bool allowAudioCapture, bool allowVideoCapture, bool allowDisplayCapture);
     void setShouldListenToVoiceActivity(const WebPageProxy&, bool);
     void setPageUsingMicrophone(WebPageProxyIdentifier identifier) { m_lastPageUsingMicrophone = identifier; }
diff --git a/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl b/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
index 8feff83cffea6..d44566faf05cc 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
+++ b/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
@@ -408,7 +408,7 @@ interface TestRunner {
     undefined setMockCameraOrientation(unsigned long orientation, DOMString persistentId);
     boolean isMockRealtimeMediaSourceCenterEnabled();
     undefined setMockCaptureDevicesInterrupted(boolean isCameraInterrupted, boolean isMicrophoneInterrupted);
-    undefined triggerMockCaptureConfigurationChange(boolean forMicrophone, boolean forDisplay);
+    undefined triggerMockCaptureConfigurationChange(boolean forCamera, boolean forMicrophone, boolean forDisplay);
 
     undefined setCaptureState(boolean cameraState, boolean microphoneState, boolean displayState);
 
diff --git a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
index 35e737318a11d..46ad295e8b208 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
@@ -1671,9 +1671,10 @@ void TestRunner::setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool
     }));
 }
 
-void TestRunner::triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+void TestRunner::triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
 {
     postSynchronousMessage("TriggerMockCaptureConfigurationChange", createWKDictionary({
+        { "camera", adoptWK(WKBooleanCreate(forCamera)) },
         { "microphone", adoptWK(WKBooleanCreate(forMicrophone)) },
         { "display", adoptWK(WKBooleanCreate(forDisplay)) },
     }));
diff --git a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
index 855aca9aec7d4..86ef6dcb9e170 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
@@ -516,7 +516,7 @@ class TestRunner : public JSWrappable {
     void setMockCameraOrientation(unsigned, JSStringRef persistentId);
     bool isMockRealtimeMediaSourceCenterEnabled();
     void setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted);
-    void triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay);
+    void triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay);
     void setCaptureState(bool cameraState, bool microphoneState, bool displayState);
 
     bool hasAppBoundSession();
diff --git a/Tools/WebKitTestRunner/TestController.cpp b/Tools/WebKitTestRunner/TestController.cpp
index cb6f4d5477ac9..ea8a7dc0d6b63 100644
--- a/Tools/WebKitTestRunner/TestController.cpp
+++ b/Tools/WebKitTestRunner/TestController.cpp
@@ -4315,9 +4315,9 @@ void TestController::setMockCaptureDevicesInterrupted(bool isCameraInterrupted,
     WKPageSetMockCaptureDevicesInterrupted(m_mainWebView->page(), isCameraInterrupted, isMicrophoneInterrupted);
 }
 
-void TestController::triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay)
+void TestController::triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay)
 {
-    WKPageTriggerMockCaptureConfigurationChange(m_mainWebView->page(), forMicrophone, forDisplay);
+    WKPageTriggerMockCaptureConfigurationChange(m_mainWebView->page(), forCamera, forMicrophone, forDisplay);
 }
 
 void TestController::setCaptureState(bool cameraState, bool microphoneState, bool displayState)
diff --git a/Tools/WebKitTestRunner/TestController.h b/Tools/WebKitTestRunner/TestController.h
index e7c49dfe632a5..c865514494d1e 100644
--- a/Tools/WebKitTestRunner/TestController.h
+++ b/Tools/WebKitTestRunner/TestController.h
@@ -360,7 +360,7 @@ class TestController {
     void setMockCameraOrientation(uint64_t, WKStringRef);
     bool isMockRealtimeMediaSourceCenterEnabled() const;
     void setMockCaptureDevicesInterrupted(bool isCameraInterrupted, bool isMicrophoneInterrupted);
-    void triggerMockCaptureConfigurationChange(bool forMicrophone, bool forDisplay);
+    void triggerMockCaptureConfigurationChange(bool forCamera, bool forMicrophone, bool forDisplay);
     void setCaptureState(bool cameraState, bool microphoneState, bool displayState);
     bool hasAppBoundSession();
 
diff --git a/Tools/WebKitTestRunner/TestInvocation.cpp b/Tools/WebKitTestRunner/TestInvocation.cpp
index f8d8195a26f43..4da33a0d1ac46 100644
--- a/Tools/WebKitTestRunner/TestInvocation.cpp
+++ b/Tools/WebKitTestRunner/TestInvocation.cpp
@@ -925,9 +925,10 @@ WKRetainPtr<WKTypeRef> TestInvocation::didReceiveSynchronousMessageFromInjectedB
 
     if (WKStringIsEqualToUTF8CString(messageName, "TriggerMockCaptureConfigurationChange")) {
         auto messageBodyDictionary = dictionaryValue(messageBody);
+        bool forCamera = booleanValue(messageBodyDictionary, "camera");
         bool forMicrophone = booleanValue(messageBodyDictionary, "microphone");
         bool forDisplay = booleanValue(messageBodyDictionary, "display");
-        TestController::singleton().triggerMockCaptureConfigurationChange(forMicrophone, forDisplay);
+        TestController::singleton().triggerMockCaptureConfigurationChange(forCamera, forMicrophone, forDisplay);
         return nullptr;
     }
 

From daadfcfb7025c547ebeff695223e0fdaa41c6101 Mon Sep 17 00:00:00 2001
From: Youenn Fablet <youenn@apple.com>
Date: Sun, 23 Feb 2025 11:13:11 -0800
Subject: [PATCH 094/174] Abort FileSystem writables in case of network process
 crash or storage clearing https://bugs.webkit.org/show_bug.cgi?id=287235
 rdar://problem/144380830

Reviewed by Sihui Liu.

When a writable is open, it may be aborted in case the network process crashes or in case the underlying file is deleted.
To support this mechanism, we allow networking process to invalidate a writable like done for sync access handles.
Similarly, if a network process crashes, we add the same mechanism for writables as for sync access handles.

When a writable (aka FileSystemWritableFileStream) gets crated, we register it in its FileSystemStorageConnection.
When a writable is closed, we unregister it as well.

When a FileSystemStorageConnection is instructed to error a writable, it will call the new WritableStream errorIfPossible method.

Covered by added test.

* LayoutTests/storage/filesystemaccess/writable-file-stream-abort-expected.txt: Added.
* LayoutTests/storage/filesystemaccess/writable-file-stream-abort.html: Added.
* Source/WebCore/Modules/filesystemaccess/FileSystemFileHandle.cpp:
(WebCore::FileSystemFileHandle::createWritable):
(WebCore::FileSystemFileHandle::closeWritable):
* Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp: Added.
(WebCore::FileSystemStorageConnection::errorFileSystemWritable):
(WebCore::FileSystemStorageConnection::registerFileSystemWritable):
(WebCore::FileSystemStorageConnection::unregisterFileSystemWritable):
* Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.h:
* Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.cpp:
(WebCore::WorkerFileSystemStorageConnection::createWritable):
* Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.h:
* Source/WebCore/Modules/streams/WritableStream.cpp:
(WebCore::WritableStream::errorIfPossible):
* Source/WebCore/Modules/streams/WritableStream.h:
* Source/WebCore/Modules/streams/WritableStreamInternals.js:
(writableStreamErrorIfPossible):
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/bindings/js/InternalWritableStream.cpp:
(WebCore::InternalWritableStream::errorIfPossible):
* Source/WebCore/bindings/js/InternalWritableStream.h:
* Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp:
(WebKit::FileSystemStorageHandle::writables const):
* Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h:
* Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp:
(WebKit::FileSystemStorageManager::close):
* Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp:
(WebKit::WebFileSystemStorageConnection::errorWritable):
(WebKit::WebFileSystemStorageConnection::connectionClosed):
(WebKit::WebFileSystemStorageConnection::createWritable):
(WebKit::WebFileSystemStorageConnection::invalidateWritable):
(WebKit::WebFileSystemStorageConnection::closeWritable):
* Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.messages.in:
* Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::clearStorage):
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:
* Tools/WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

Canonical link: https://commits.webkit.org/290915@main
---
 .../writable-file-stream-abort-expected.txt   |  6 ++
 .../writable-file-stream-abort.html           | 81 +++++++++++++++++++
 .../filesystemaccess/FileSystemFileHandle.cpp |  5 +-
 .../FileSystemStorageConnection.cpp           | 52 ++++++++++++
 .../FileSystemStorageConnection.h             | 11 ++-
 .../WorkerFileSystemStorageConnection.cpp     |  6 +-
 .../WorkerFileSystemStorageConnection.h       |  2 +-
 .../Modules/streams/WritableStream.cpp        |  5 ++
 .../WebCore/Modules/streams/WritableStream.h  |  1 +
 .../streams/WritableStreamInternals.js        | 10 +++
 Source/WebCore/Sources.txt                    |  1 +
 .../WebCore/WebCore.xcodeproj/project.pbxproj |  2 +
 .../bindings/js/InternalWritableStream.cpp    | 25 ++++++
 .../bindings/js/InternalWritableStream.h      |  1 +
 .../storage/FileSystemStorageHandle.cpp       |  5 ++
 .../storage/FileSystemStorageHandle.h         |  1 +
 .../storage/FileSystemStorageManager.cpp      |  5 +-
 .../WebFileSystemStorageConnection.cpp        | 30 ++++++-
 .../WebFileSystemStorageConnection.h          |  6 +-
 ...WebFileSystemStorageConnection.messages.in |  1 +
 .../InjectedBundle/Bindings/TestRunner.idl    |  2 +
 .../InjectedBundle/TestRunner.cpp             |  5 ++
 .../InjectedBundle/TestRunner.h               |  2 +
 Tools/WebKitTestRunner/TestInvocation.cpp     |  5 ++
 24 files changed, 260 insertions(+), 10 deletions(-)
 create mode 100644 LayoutTests/storage/filesystemaccess/writable-file-stream-abort-expected.txt
 create mode 100644 LayoutTests/storage/filesystemaccess/writable-file-stream-abort.html
 create mode 100644 Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp

diff --git a/LayoutTests/storage/filesystemaccess/writable-file-stream-abort-expected.txt b/LayoutTests/storage/filesystemaccess/writable-file-stream-abort-expected.txt
new file mode 100644
index 0000000000000..6c3b57e530442
--- /dev/null
+++ b/LayoutTests/storage/filesystemaccess/writable-file-stream-abort-expected.txt
@@ -0,0 +1,6 @@
+
+PASS Validate stream gets errored in case of network process crash
+PASS Validate stream gets errored in case of clearing storage
+PASS Validate stream gets errored in case of network process crash in a worker
+PASS Validate stream gets errored in case of clearing storage in a worker
+
diff --git a/LayoutTests/storage/filesystemaccess/writable-file-stream-abort.html b/LayoutTests/storage/filesystemaccess/writable-file-stream-abort.html
new file mode 100644
index 0000000000000..b2f8157b82fbc
--- /dev/null
+++ b/LayoutTests/storage/filesystemaccess/writable-file-stream-abort.html
@@ -0,0 +1,81 @@
+<html>
+<head>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+promise_test(async t => {
+    const dir = await navigator.storage.getDirectory();
+    const handle = await dir.getFileHandle("file", {create: true});
+    const stream = await handle.createWritable();
+    const writer = stream.getWriter();
+
+    if (!window.testRunner)
+        return;
+
+    testRunner.terminateNetworkProcess();
+
+    return promise_rejects_dom(t, "AbortError", writer.closed);
+}, "Validate stream gets errored in case of network process crash");
+
+promise_test(async t => {
+    const dir = await navigator.storage.getDirectory();
+    const handle = await dir.getFileHandle("file", {create: true});
+    const stream = await handle.createWritable();
+    const writer = stream.getWriter();
+
+    if (!window.testRunner)
+        return;
+
+    testRunner.clearStorage();
+
+    return promise_rejects_dom(t, "AbortError", writer.closed);
+}, "Validate stream gets errored in case of clearing storage");
+
+function createWorkerWithWritable()
+{
+    return new Worker(URL.createObjectURL(new Blob([`
+        async function test() {
+            try {
+                const dir = await navigator.storage.getDirectory();
+                const handle = await dir.getFileHandle("file", {create: true});
+                const stream = await handle.createWritable();
+                const writer = stream.getWriter();
+                self.postMessage("ready");
+                setTimeout(() => self.postMessage("test timed out"), 2000);
+                await writer.closed;
+            } catch(e) {
+                self.postMessage(e);
+            }
+        };
+        test();
+    `], { type: "text/javascript" })));
+}
+
+promise_test(async t => {
+    const worker = createWorkerWithWritable();
+    assert_equals(await new Promise(resolve => worker.onmessage = e => resolve(e.data)), "ready");
+
+    const promise = new Promise(resolve => worker.onmessage = e => resolve(e.data));
+    if (window.testRunner)
+        testRunner.terminateNetworkProcess();
+
+    const data = await promise;
+    assert_equals(data.name, "AbortError");
+}, "Validate stream gets errored in case of network process crash in a worker");
+
+promise_test(async t => {
+    const worker = createWorkerWithWritable();
+    assert_equals(await new Promise(resolve => worker.onmessage = e => resolve(e.data)), "ready");
+
+    const promise = new Promise(resolve => worker.onmessage = e => resolve(e.data));
+    if (window.testRunner)
+        testRunner.clearStorage();
+
+    const data = await promise;
+    assert_equals(data.name, "AbortError");
+}, "Validate stream gets errored in case of clearing storage in a worker");
+</script>
+</body>
+</html>
diff --git a/Source/WebCore/Modules/filesystemaccess/FileSystemFileHandle.cpp b/Source/WebCore/Modules/filesystemaccess/FileSystemFileHandle.cpp
index 7da35a5a9194e..63592a497577f 100644
--- a/Source/WebCore/Modules/filesystemaccess/FileSystemFileHandle.cpp
+++ b/Source/WebCore/Modules/filesystemaccess/FileSystemFileHandle.cpp
@@ -134,7 +134,7 @@ void FileSystemFileHandle::createWritable(const CreateWritableOptions& options,
     if (isClosed())
         return promise.reject(Exception { ExceptionCode::InvalidStateError, "Handle is closed"_s });
 
-    connection().createWritable(identifier(), options.keepExistingData, [this, protectedThis = Ref { *this }, promise = WTFMove(promise)](auto result) mutable {
+    connection().createWritable(scriptExecutionContext()->identifier(), identifier(), options.keepExistingData, [this, protectedThis = Ref { *this }, promise = WTFMove(promise)](auto result) mutable {
         if (result.hasException())
             return promise.reject(result.releaseException());
 
@@ -163,6 +163,8 @@ void FileSystemFileHandle::createWritable(const CreateWritableOptions& options,
             Locker<JSC::JSLock> locker(globalObject->vm().apiLock());
             stream = FileSystemWritableFileStream::create(*globalObject, sink.releaseReturnValue());
         }
+        if (!stream.hasException())
+            connection().registerFileSystemWritable(streamIdentifier, stream.returnValue());
 
         promise.settle(WTFMove(stream));
     });
@@ -170,6 +172,7 @@ void FileSystemFileHandle::createWritable(const CreateWritableOptions& options,
 
 void FileSystemFileHandle::closeWritable(FileSystemWritableFileStreamIdentifier streamIdentifier, FileSystemWriteCloseReason reason)
 {
+    connection().unregisterFileSystemWritable(streamIdentifier);
     if (!isClosed())
         connection().closeWritable(identifier(), streamIdentifier, reason, [](auto) { });
 }
diff --git a/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp
new file mode 100644
index 0000000000000..31c308aa01813
--- /dev/null
+++ b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "config.h"
+#include "FileSystemStorageConnection.h"
+
+namespace WebCore {
+
+bool FileSystemStorageConnection::errorFileSystemWritable(FileSystemWritableFileStreamIdentifier identifier)
+{
+    RefPtr writable = m_writables.take(identifier).get();
+    if (writable)
+        writable->errorIfPossible(Exception { ExceptionCode::AbortError });
+    return writable;
+}
+
+void FileSystemStorageConnection::registerFileSystemWritable(FileSystemWritableFileStreamIdentifier identifier, FileSystemWritableFileStream& writer)
+{
+    ASSERT(!m_writables.contains(identifier));
+    m_writables.add(identifier, WeakPtr { writer });
+}
+
+void FileSystemStorageConnection::unregisterFileSystemWritable(FileSystemWritableFileStreamIdentifier identifier)
+{
+    m_writables.remove(identifier);
+}
+
+} // namespace WebCore
diff --git a/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.h b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.h
index c7e546420b75c..580b98f97c19f 100644
--- a/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.h
+++ b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.h
@@ -34,6 +34,7 @@
 #include "ProcessQualified.h"
 #include "ScriptExecutionContextIdentifier.h"
 #include <wtf/CompletionHandler.h>
+#include <wtf/HashMap.h>
 #include <wtf/ThreadSafeRefCounted.h>
 
 namespace WebCore {
@@ -43,6 +44,7 @@ class FileSystemFileHandle;
 class FileHandle;
 class FileSystemHandleCloseScope;
 class FileSystemSyncAccessHandle;
+class FileSystemWritableFileStream;
 template<typename> class ExceptionOr;
 
 class FileSystemStorageConnection : public ThreadSafeRefCounted<FileSystemStorageConnection> {
@@ -81,11 +83,18 @@ class FileSystemStorageConnection : public ThreadSafeRefCounted<FileSystemStorag
     virtual void registerSyncAccessHandle(FileSystemSyncAccessHandleIdentifier, ScriptExecutionContextIdentifier) = 0;
     virtual void unregisterSyncAccessHandle(FileSystemSyncAccessHandleIdentifier) = 0;
     virtual void invalidateAccessHandle(WebCore::FileSystemSyncAccessHandleIdentifier) = 0;
-    virtual void createWritable(FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) = 0;
+    virtual void createWritable(ScriptExecutionContextIdentifier, FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) = 0;
     virtual void closeWritable(FileSystemHandleIdentifier, FileSystemWritableFileStreamIdentifier, FileSystemWriteCloseReason, VoidCallback&&) = 0;
     virtual void executeCommandForWritable(FileSystemHandleIdentifier, FileSystemWritableFileStreamIdentifier, FileSystemWriteCommandType, std::optional<uint64_t> position, std::optional<uint64_t> size, std::span<const uint8_t> dataBytes, bool hasDataError, VoidCallback&&) = 0;
     virtual void getHandleNames(FileSystemHandleIdentifier, GetHandleNamesCallback&&) = 0;
     virtual void getHandle(FileSystemHandleIdentifier, const String& name, GetHandleCallback&&) = 0;
+
+    WEBCORE_EXPORT bool errorFileSystemWritable(FileSystemWritableFileStreamIdentifier);
+    void registerFileSystemWritable(FileSystemWritableFileStreamIdentifier, FileSystemWritableFileStream&);
+    void unregisterFileSystemWritable(FileSystemWritableFileStreamIdentifier);
+
+private:
+    HashMap<FileSystemWritableFileStreamIdentifier, WeakPtr<FileSystemWritableFileStream>> m_writables;
 };
 
 } // namespace WebCore
diff --git a/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.cpp b/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.cpp
index 0e29416913483..837dffc70a9a9 100644
--- a/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.cpp
+++ b/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.cpp
@@ -317,7 +317,7 @@ void WorkerFileSystemStorageConnection::invalidateAccessHandle(WebCore::FileSyst
         handle->invalidate();
 }
 
-void WorkerFileSystemStorageConnection::createWritable(FileSystemHandleIdentifier identifier, bool keepExistingData, StreamCallback&& callback)
+void WorkerFileSystemStorageConnection::createWritable(ScriptExecutionContextIdentifier contextIdentifier, FileSystemHandleIdentifier identifier, bool keepExistingData, StreamCallback&& callback)
 {
     if (!m_scope)
         return callback(Exception { ExceptionCode::InvalidStateError });
@@ -325,7 +325,7 @@ void WorkerFileSystemStorageConnection::createWritable(FileSystemHandleIdentifie
     auto callbackIdentifier = CallbackIdentifier::generate();
     m_streamCallbacks.add(callbackIdentifier, WTFMove(callback));
 
-    callOnMainThread([callbackIdentifier, workerThread = Ref { m_scope->thread() }, mainThreadConnection = m_mainThreadConnection, identifier, keepExistingData]() mutable {
+    callOnMainThread([callbackIdentifier, workerThread = Ref { m_scope->thread() }, mainThreadConnection = m_mainThreadConnection, contextIdentifier, identifier, keepExistingData]() mutable {
         auto mainThreadCallback = [callbackIdentifier, workerThread = WTFMove(workerThread)](auto&& result) mutable {
             workerThread->runLoop().postTaskForMode([callbackIdentifier, result = crossThreadCopy(WTFMove(result))] (auto& scope) mutable {
                 if (RefPtr connection = downcast<WorkerGlobalScope>(scope).fileSystemStorageConnection()) {
@@ -335,7 +335,7 @@ void WorkerFileSystemStorageConnection::createWritable(FileSystemHandleIdentifie
             }, WorkerRunLoop::defaultMode());
         };
 
-        mainThreadConnection->createWritable(identifier, keepExistingData, WTFMove(mainThreadCallback));
+        mainThreadConnection->createWritable(contextIdentifier, identifier, keepExistingData, WTFMove(mainThreadCallback));
     });
 }
 
diff --git a/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.h b/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.h
index a40184f045898..3e2ce3e09f7d1 100644
--- a/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.h
+++ b/Source/WebCore/Modules/filesystemaccess/WorkerFileSystemStorageConnection.h
@@ -79,7 +79,7 @@ class WorkerFileSystemStorageConnection final : public FileSystemStorageConnecti
     void unregisterSyncAccessHandle(FileSystemSyncAccessHandleIdentifier) final;
     void invalidateAccessHandle(FileSystemSyncAccessHandleIdentifier) final;
     void requestNewCapacityForSyncAccessHandle(FileSystemHandleIdentifier, FileSystemSyncAccessHandleIdentifier, uint64_t, RequestCapacityCallback&&) final;
-    void createWritable(FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) final;
+    void createWritable(ScriptExecutionContextIdentifier, FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) final;
     void closeWritable(FileSystemHandleIdentifier, FileSystemWritableFileStreamIdentifier, FileSystemWriteCloseReason, VoidCallback&&) final;
     void executeCommandForWritable(FileSystemHandleIdentifier, FileSystemWritableFileStreamIdentifier, FileSystemWriteCommandType, std::optional<uint64_t> position, std::optional<uint64_t> size, std::span<const uint8_t> dataBytes, bool hasDataError, VoidCallback&&) final;
 
diff --git a/Source/WebCore/Modules/streams/WritableStream.cpp b/Source/WebCore/Modules/streams/WritableStream.cpp
index c9fd3ac00c690..30bd779ebeb95 100644
--- a/Source/WebCore/Modules/streams/WritableStream.cpp
+++ b/Source/WebCore/Modules/streams/WritableStream.cpp
@@ -97,6 +97,11 @@ void WritableStream::closeIfPossible()
     m_internalWritableStream->closeIfPossible();
 }
 
+void WritableStream::errorIfPossible(Exception&& e)
+{
+    m_internalWritableStream->errorIfPossible(WTFMove(e));
+}
+
 JSC::JSValue JSWritableStream::abort(JSC::JSGlobalObject& globalObject, JSC::CallFrame& callFrame)
 {
     return wrapped().internalWritableStream().abortForBindings(globalObject, callFrame.argument(0));
diff --git a/Source/WebCore/Modules/streams/WritableStream.h b/Source/WebCore/Modules/streams/WritableStream.h
index 9af363e537782..aa2818ca29d64 100644
--- a/Source/WebCore/Modules/streams/WritableStream.h
+++ b/Source/WebCore/Modules/streams/WritableStream.h
@@ -49,6 +49,7 @@ class WritableStream : public RefCountedAndCanMakeWeakPtr<WritableStream> {
     bool locked() const;
 
     void closeIfPossible();
+    void errorIfPossible(Exception&&);
 
     InternalWritableStream& internalWritableStream();
     enum class Type : bool {
diff --git a/Source/WebCore/Modules/streams/WritableStreamInternals.js b/Source/WebCore/Modules/streams/WritableStreamInternals.js
index dbbdc77fb8842..e21c6fe0c8c7d 100644
--- a/Source/WebCore/Modules/streams/WritableStreamInternals.js
+++ b/Source/WebCore/Modules/streams/WritableStreamInternals.js
@@ -208,6 +208,16 @@ function writableStreamAbort(stream, reason)
     return abortPromiseCapability.promise;
 }
 
+function writableStreamErrorIfPossible(stream, reason)
+{
+    const state = @getByIdDirectPrivate(stream, "state");
+    if (state !== "writable")
+        return;
+
+    const controller = @getByIdDirectPrivate(stream, "controller");
+    @writableStreamDefaultControllerError(controller, reason);
+}
+
 function writableStreamCloseIfPossible(stream)
 {
     const state = @getByIdDirectPrivate(stream, "state");
diff --git a/Source/WebCore/Sources.txt b/Source/WebCore/Sources.txt
index 414b4b0a11e4b..4b56e11842aac 100644
--- a/Source/WebCore/Sources.txt
+++ b/Source/WebCore/Sources.txt
@@ -140,6 +140,7 @@ Modules/fetch/WindowOrWorkerGlobalScopeFetch.cpp
 Modules/filesystemaccess/FileSystemDirectoryHandle.cpp
 Modules/filesystemaccess/FileSystemFileHandle.cpp
 Modules/filesystemaccess/FileSystemHandle.cpp
+Modules/filesystemaccess/FileSystemStorageConnection.cpp
 Modules/filesystemaccess/FileSystemSyncAccessHandle.cpp
 Modules/filesystemaccess/FileSystemWritableFileStream.cpp
 Modules/filesystemaccess/FileSystemWritableFileStreamSink.cpp
diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
index 57711ce80a0f7..1d0061a57547c 100644
--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -10470,6 +10470,7 @@
 		41AF37921F8DA48A00111C31 /* ExtendableEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExtendableEvent.cpp; sourceTree = "<group>"; };
 		41AF37941F8DA49500111C31 /* FetchEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FetchEvent.cpp; sourceTree = "<group>"; };
 		41AF379C1F8DB1B100111C31 /* JSDOMPromise.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSDOMPromise.cpp; sourceTree = "<group>"; };
+		41B109772D554D99008A11E8 /* FileSystemStorageConnection.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = FileSystemStorageConnection.cpp; sourceTree = "<group>"; };
 		41B28B121F8501A300FB52AC /* MediaEndpointConfiguration.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MediaEndpointConfiguration.h; sourceTree = "<group>"; };
 		41B28B131F8501A400FB52AC /* MediaEndpointConfiguration.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MediaEndpointConfiguration.cpp; sourceTree = "<group>"; };
 		41B28B361F860BD000FB52AC /* LibWebRTCProviderCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LibWebRTCProviderCocoa.h; path = libwebrtc/LibWebRTCProviderCocoa.h; sourceTree = "<group>"; };
@@ -30043,6 +30044,7 @@
 				932C9BD926DD62600053B3DB /* FileSystemHandle.idl */,
 				93445082276A6356001F712B /* FileSystemHandleCloseScope.h */,
 				935424272703BC88005CA72C /* FileSystemHandleIdentifier.h */,
+				41B109772D554D99008A11E8 /* FileSystemStorageConnection.cpp */,
 				935424292703BCAD005CA72C /* FileSystemStorageConnection.h */,
 				93E269A0270A5D5C002C4FF0 /* FileSystemSyncAccessHandle.cpp */,
 				93E2699F270A5D5C002C4FF0 /* FileSystemSyncAccessHandle.h */,
diff --git a/Source/WebCore/bindings/js/InternalWritableStream.cpp b/Source/WebCore/bindings/js/InternalWritableStream.cpp
index f8741c3280373..10f6e62343017 100644
--- a/Source/WebCore/bindings/js/InternalWritableStream.cpp
+++ b/Source/WebCore/bindings/js/InternalWritableStream.cpp
@@ -201,6 +201,31 @@ void InternalWritableStream::closeIfPossible()
         scope.clearException();
 }
 
+void InternalWritableStream::errorIfPossible(Exception&& exception)
+{
+    auto* globalObject = this->globalObject();
+    if (!globalObject)
+        return;
+
+    Ref vm = globalObject->vm();
+    JSC::JSLockHolder lock(vm);
+    auto scope = DECLARE_CATCH_SCOPE(vm);
+
+    auto* clientData = downcast<JSVMClientData>(vm->clientData);
+    auto& privateName = clientData->builtinFunctions().writableStreamInternalsBuiltins().writableStreamErrorIfPossiblePrivateName();
+
+    auto reason = createDOMException(*globalObject, WTFMove(exception));
+
+    JSC::MarkedArgumentBuffer arguments;
+    arguments.append(guardedObject());
+    arguments.append(reason);
+    ASSERT(!arguments.hasOverflowed());
+
+    invokeWritableStreamFunction(*globalObject, privateName, arguments);
+    if (UNLIKELY(scope.exception()))
+        scope.clearException();
+}
+
 JSC::JSValue InternalWritableStream::getWriter(JSC::JSGlobalObject& globalObject)
 {
     auto* clientData = downcast<JSVMClientData>(globalObject.vm().clientData);
diff --git a/Source/WebCore/bindings/js/InternalWritableStream.h b/Source/WebCore/bindings/js/InternalWritableStream.h
index 8185ef1c95d04..fe837bcaf61e9 100644
--- a/Source/WebCore/bindings/js/InternalWritableStream.h
+++ b/Source/WebCore/bindings/js/InternalWritableStream.h
@@ -45,6 +45,7 @@ class InternalWritableStream final : public DOMGuarded<JSC::JSObject> {
     JSC::JSValue getWriter(JSC::JSGlobalObject&);
 
     void closeIfPossible();
+    void errorIfPossible(Exception&&);
 
 private:
     InternalWritableStream(JSDOMGlobalObject& globalObject, JSC::JSObject& jsObject)
diff --git a/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp b/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp
index 3775dacfb9e7b..0cc257ba8ed86 100644
--- a/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp
+++ b/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp
@@ -355,6 +355,11 @@ std::optional<FileSystemStorageError> FileSystemStorageHandle::executeCommandFor
     return error;
 }
 
+Vector<WebCore::FileSystemWritableFileStreamIdentifier> FileSystemStorageHandle::writables() const
+{
+    return copyToVector(m_activeWritableFiles.keys());
+}
+
 Expected<Vector<String>, FileSystemStorageError> FileSystemStorageHandle::getHandleNames()
 {
     if (m_type != Type::Directory)
diff --git a/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h b/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h
index 7d74cb670085f..a831ef2d05d8d 100644
--- a/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h
+++ b/Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h
@@ -77,6 +77,7 @@ class FileSystemStorageHandle final : public RefCounted<FileSystemStorageHandle>
     Expected<WebCore::FileSystemWritableFileStreamIdentifier, FileSystemStorageError> createWritable(bool keepExistingData);
     std::optional<FileSystemStorageError> closeWritable(WebCore::FileSystemWritableFileStreamIdentifier, WebCore::FileSystemWriteCloseReason);
     std::optional<FileSystemStorageError> executeCommandForWritable(WebCore::FileSystemWritableFileStreamIdentifier, WebCore::FileSystemWriteCommandType, std::optional<uint64_t> position, std::optional<uint64_t> size, std::span<const uint8_t> dataBytes, bool hasDataError);
+    Vector<WebCore::FileSystemWritableFileStreamIdentifier> writables() const;
 
 private:
     FileSystemStorageHandle(FileSystemStorageManager&, Type, String&& path, String&& name);
diff --git a/Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp b/Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp
index 2b82a46318bde..e0c04db7530ff 100644
--- a/Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp
+++ b/Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp
@@ -216,9 +216,12 @@ void FileSystemStorageManager::close()
             if (RefPtr registry = m_registry.get())
                 registry->unregisterHandle(identifier);
 
-            // Send message to web process to invalidate active sync access handle.
+            // Send messages to web process to invalidate active sync access handle and writables.
             if (auto accessHandleIdentifier = takenHandle->activeSyncAccessHandle())
                 IPC::Connection::send(connectionID, Messages::WebFileSystemStorageConnection::InvalidateAccessHandle(*accessHandleIdentifier), 0);
+
+            for (auto writableIdentifier : takenHandle->writables())
+                IPC::Connection::send(connectionID, Messages::WebFileSystemStorageConnection::InvalidateWritable(writableIdentifier), 0);
         }
     }
 
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
index 208def6a6dbf2..bde9708fe368d 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
@@ -47,12 +47,29 @@ WebFileSystemStorageConnection::WebFileSystemStorageConnection(Ref<IPC::Connecti
 {
 }
 
+void WebFileSystemStorageConnection::errorWritable(WebCore::ScriptExecutionContextIdentifier contextIdentifier, WebCore::FileSystemWritableFileStreamIdentifier writableIdentifier)
+{
+    if (errorFileSystemWritable(writableIdentifier))
+        return;
+
+    WebCore::ScriptExecutionContext::postTaskTo(contextIdentifier, [writableIdentifier, protectedThis = Ref { *this }](auto& context) mutable {
+        RefPtr globalScope = dynamicDowncast<WorkerGlobalScope>(context);
+        RefPtr connection = globalScope ? globalScope->fileSystemStorageConnection() : nullptr;
+        if (connection)
+            connection->errorFileSystemWritable(writableIdentifier);
+    });
+}
+
 void WebFileSystemStorageConnection::connectionClosed()
 {
     m_connection = nullptr;
 
     for (auto identifier : m_syncAccessHandles.keys())
         invalidateAccessHandle(identifier);
+
+    auto writableIdentifiers = std::exchange(m_writableIdentifiers, { });
+    for (auto keyValue : writableIdentifiers)
+        errorWritable(keyValue.value, keyValue.key);
 }
 
 void WebFileSystemStorageConnection::closeHandle(WebCore::FileSystemHandleIdentifier identifier)
@@ -214,26 +231,35 @@ void WebFileSystemStorageConnection::invalidateAccessHandle(WebCore::FileSystemS
     }
 }
 
-void WebFileSystemStorageConnection::createWritable(WebCore::FileSystemHandleIdentifier identifier, bool keepExistingData, StreamCallback&& completionHandler)
+void WebFileSystemStorageConnection::createWritable(WebCore::ScriptExecutionContextIdentifier contextIdentifier, WebCore::FileSystemHandleIdentifier identifier, bool keepExistingData, StreamCallback&& completionHandler)
 {
     RefPtr connection = m_connection;
     if (!connection)
         return completionHandler(WebCore::Exception { WebCore::ExceptionCode::UnknownError, "Connection is lost"_s });
 
-    connection->sendWithAsyncReply(Messages::NetworkStorageManager::CreateWritable(identifier, keepExistingData), [completionHandler = WTFMove(completionHandler)](auto&& result) mutable {
+    connection->sendWithAsyncReply(Messages::NetworkStorageManager::CreateWritable(identifier, keepExistingData), [protectedThis = Ref { *this }, contextIdentifier, completionHandler = WTFMove(completionHandler)](auto&& result) mutable {
         if (!result)
             return completionHandler(convertToException(result.error()));
 
+        ASSERT(!protectedThis->m_writableIdentifiers.contains(result.value()));
+        protectedThis->m_writableIdentifiers.add(result.value(), contextIdentifier);
         completionHandler(WTFMove(result.value()));
     });
 }
 
+void WebFileSystemStorageConnection::invalidateWritable(WebCore::FileSystemWritableFileStreamIdentifier identifier)
+{
+    if (auto contextIdentifier = m_writableIdentifiers.take(identifier))
+        errorWritable(contextIdentifier, identifier);
+}
+
 void WebFileSystemStorageConnection::closeWritable(WebCore::FileSystemHandleIdentifier identifier, WebCore::FileSystemWritableFileStreamIdentifier streamIdentifier, WebCore::FileSystemWriteCloseReason reason, VoidCallback&& completionHandler)
 {
     RefPtr connection = m_connection;
     if (!connection)
         return completionHandler(WebCore::Exception { WebCore::ExceptionCode::UnknownError, "Connection is lost"_s });
 
+    m_writableIdentifiers.remove(streamIdentifier);
     connection->sendWithAsyncReply(Messages::NetworkStorageManager::CloseWritable(identifier, streamIdentifier, reason), [completionHandler = WTFMove(completionHandler)](auto error) mutable {
         completionHandler(convertToExceptionOr(error));
     });
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h
index 8dd98799405b3..4da98397a737f 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h
@@ -97,11 +97,15 @@ class WebFileSystemStorageConnection final : public WebCore::FileSystemStorageCo
     void registerSyncAccessHandle(WebCore::FileSystemSyncAccessHandleIdentifier, WebCore::ScriptExecutionContextIdentifier) final;
     void unregisterSyncAccessHandle(WebCore::FileSystemSyncAccessHandleIdentifier) final;
     void invalidateAccessHandle(WebCore::FileSystemSyncAccessHandleIdentifier) final;
-    void createWritable(WebCore::FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) final;
+    void createWritable(WebCore::ScriptExecutionContextIdentifier, WebCore::FileSystemHandleIdentifier, bool keepExistingData, StreamCallback&&) final;
     void closeWritable(WebCore::FileSystemHandleIdentifier, WebCore::FileSystemWritableFileStreamIdentifier, WebCore::FileSystemWriteCloseReason, VoidCallback&&) final;
     void executeCommandForWritable(WebCore::FileSystemHandleIdentifier, WebCore::FileSystemWritableFileStreamIdentifier, WebCore::FileSystemWriteCommandType, std::optional<uint64_t> position, std::optional<uint64_t> size, std::span<const uint8_t> dataBytes, bool hasDataError, VoidCallback&&) final;
 
+    void invalidateWritable(WebCore::FileSystemWritableFileStreamIdentifier);
+    void errorWritable(WebCore::ScriptExecutionContextIdentifier, WebCore::FileSystemWritableFileStreamIdentifier);
+
     HashMap<WebCore::FileSystemSyncAccessHandleIdentifier, WebCore::ScriptExecutionContextIdentifier> m_syncAccessHandles;
+    HashMap<WebCore::FileSystemWritableFileStreamIdentifier, WebCore::ScriptExecutionContextIdentifier> m_writableIdentifiers;
     RefPtr<IPC::Connection> m_connection;
 };
 
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.messages.in b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.messages.in
index 16f93fd7d4314..51b48bb8d62ca 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.messages.in
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.messages.in
@@ -26,4 +26,5 @@
 ]
 messages -> WebFileSystemStorageConnection {
     InvalidateAccessHandle(WebCore::FileSystemSyncAccessHandleIdentifier identifier)
+    InvalidateWritable(WebCore::FileSystemWritableFileStreamIdentifier identifier)
 }
diff --git a/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl b/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
index d44566faf05cc..af961310a80f5 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
+++ b/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
@@ -76,6 +76,8 @@ interface TestRunner {
     undefined dumpResourceLoadStatistics();
     undefined dumpPrivateClickMeasurement();
 
+    undefined clearStorage();
+
     undefined clearDOMCaches();
     undefined clearDOMCache(DOMString origin);
     boolean hasDOMCache(DOMString origin);
diff --git a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
index 46ad295e8b208..ca6727406be80 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
@@ -1820,6 +1820,11 @@ void TestRunner::clearDOMCache(JSStringRef origin)
     postSynchronousMessage("ClearDOMCache", toWK(origin));
 }
 
+void TestRunner::clearStorage()
+{
+    postSynchronousMessage("ClearStorage");
+}
+
 void TestRunner::clearDOMCaches()
 {
     postSynchronousMessage("ClearDOMCaches");
diff --git a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
index 86ef6dcb9e170..954689ce5f1cd 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
@@ -194,6 +194,8 @@ class TestRunner : public JSWrappable {
     JSRetainPtr<JSStringRef> pathToLocalResource(JSStringRef);
     void syncLocalStorage();
 
+    void clearStorage();
+
     void clearDOMCache(JSStringRef origin);
     void clearDOMCaches();
     bool hasDOMCache(JSStringRef origin);
diff --git a/Tools/WebKitTestRunner/TestInvocation.cpp b/Tools/WebKitTestRunner/TestInvocation.cpp
index 4da33a0d1ac46..190f077b7e91a 100644
--- a/Tools/WebKitTestRunner/TestInvocation.cpp
+++ b/Tools/WebKitTestRunner/TestInvocation.cpp
@@ -1218,6 +1218,11 @@ WKRetainPtr<WKTypeRef> TestInvocation::didReceiveSynchronousMessageFromInjectedB
         return result;
     }
 
+    if (WKStringIsEqualToUTF8CString(messageName, "ClearStorage")) {
+        TestController::singleton().clearStorage();
+        return nullptr;
+    }
+
     if (WKStringIsEqualToUTF8CString(messageName, "ClearDOMCache")) {
         auto origin = stringValue(messageBody);
         TestController::singleton().clearDOMCache(origin);

From b00c01c1d451d2b7c71cab53d0c0d0220e10e857 Mon Sep 17 00:00:00 2001
From: Richard Robinson <richard_robinson2@apple.com>
Date: Sun, 23 Feb 2025 11:22:24 -0800
Subject: [PATCH 095/174] [SwiftUI] Custom `NavigationDeciding` implementations
 have no effect https://bugs.webkit.org/show_bug.cgi?id=288306
 rdar://145390836

Reviewed by Abrar Rahman Protyasha.

Consider the following simplified code:

```
protocol P {
    mutating func f() -> Int
}

extension P {
    func f() -> Int {
        1
    }
}

struct CustomP: P {
    func f() -> Int {
        2
    }
}

class C {
    let p: any P

    init(_ p: any P) {
        self.p = p
    }

    func proxyF() -> Int {
        p.f()
    }
}

let c = C(CustomP())
print(c.proxyF())
```

This results in `1` being printed, since the `CustomP` implementation of `f` isn't used because it implements the `f` requirement
of `P`, which is `mutating`, and therefore isn't allowed to be used with non-mutable value types. And so instead, the implementation
of `f` inside the `extension P` is used instead since that one is considered a separate function entirely, and therefore does not
implement the protocol requirement.

Because 290468@main changed the NavigationDeciding protocol functions to become `mutating`, and since `WKNavigationDelegateAdapter`
was using `let navigationDecider`, this subtle behavior difference was introduced, resulting in the default implementations always
being used.

Fix by using `var` instead of `let`, so that the mutating protocol requirement implementations in the custom deciders can actually be used.

* Source/WebKit/UIProcess/API/Swift/WKNavigationDelegateAdapter.swift:
(WKNavigationDelegateAdapter.navigationDecider):

Canonical link: https://commits.webkit.org/290916@main
---
 .../UIProcess/API/Swift/WKNavigationDelegateAdapter.swift       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebKit/UIProcess/API/Swift/WKNavigationDelegateAdapter.swift b/Source/WebKit/UIProcess/API/Swift/WKNavigationDelegateAdapter.swift
index 57c0ed43554f0..e6d38afbe5d57 100644
--- a/Source/WebKit/UIProcess/API/Swift/WKNavigationDelegateAdapter.swift
+++ b/Source/WebKit/UIProcess/API/Swift/WKNavigationDelegateAdapter.swift
@@ -42,7 +42,7 @@ final class WKNavigationDelegateAdapter: NSObject, WKNavigationDelegate {
     weak var owner: WebPage? = nil
 
     private let downloadProgressContinuation: AsyncStream<WebPage.DownloadEvent>.Continuation
-    private let navigationDecider: any WebPage.NavigationDeciding
+    private var navigationDecider: any WebPage.NavigationDeciding
 
     // MARK: Navigation progress reporting
 

From 5764ec425e85f97b6a0c2197a6729140186cdb11 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Sun, 23 Feb 2025 12:46:11 -0800
Subject: [PATCH 096/174] [JSC] Add ThrowStackOverflowAtPrologue thunk
 https://bugs.webkit.org/show_bug.cgi?id=288304 rdar://145393291

Reviewed by Keith Miller.

Add ThrowStackOverflowAtPrologue thunk, which is common in all code in
JIT.

* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileFunction):
* Source/JavaScriptCore/ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::compileAndLinkWithoutFinalizing):
* Source/JavaScriptCore/jit/JITThunks.h:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::throwStackOverflowAtPrologueGenerator):
* Source/JavaScriptCore/jit/ThunkGenerators.h:

Canonical link: https://commits.webkit.org/290917@main
---
 .../JavaScriptCore/dfg/DFGCodeOriginPool.cpp  |  6 +++++
 Source/JavaScriptCore/dfg/DFGCodeOriginPool.h |  2 ++
 .../JavaScriptCore/dfg/DFGSpeculativeJIT.cpp  | 19 ++--------------
 Source/JavaScriptCore/ftl/FTLCompile.cpp      |  5 +----
 Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp | 22 +------------------
 Source/JavaScriptCore/jit/JIT.cpp             |  7 ++----
 Source/JavaScriptCore/jit/JITThunks.h         |  1 +
 Source/JavaScriptCore/jit/ThunkGenerators.cpp | 21 +++++++++++++++++-
 Source/JavaScriptCore/jit/ThunkGenerators.h   |  1 +
 9 files changed, 36 insertions(+), 48 deletions(-)

diff --git a/Source/JavaScriptCore/dfg/DFGCodeOriginPool.cpp b/Source/JavaScriptCore/dfg/DFGCodeOriginPool.cpp
index fff86e2c4b97a..7aa6d3eb95eb8 100644
--- a/Source/JavaScriptCore/dfg/DFGCodeOriginPool.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCodeOriginPool.cpp
@@ -30,6 +30,12 @@
 
 namespace JSC { namespace DFG {
 
+CodeOriginPool::CodeOriginPool()
+{
+    // Ensure that CallSiteIndex 0 => non-inlined-function BytecodeIndex(0).
+    addCodeOrigin(CodeOrigin(BytecodeIndex(0)));
+}
+
 CallSiteIndex CodeOriginPool::addCodeOrigin(CodeOrigin codeOrigin)
 {
     if (m_codeOrigins.isEmpty()
diff --git a/Source/JavaScriptCore/dfg/DFGCodeOriginPool.h b/Source/JavaScriptCore/dfg/DFGCodeOriginPool.h
index 31c77a7f25c01..184d3f590cd67 100644
--- a/Source/JavaScriptCore/dfg/DFGCodeOriginPool.h
+++ b/Source/JavaScriptCore/dfg/DFGCodeOriginPool.h
@@ -51,6 +51,8 @@ class CodeOriginPool : public ThreadSafeRefCounted<CodeOriginPool> {
     unsigned size() const { return m_codeOrigins.size(); }
 
 private:
+    CodeOriginPool();
+
     Vector<CodeOrigin, 0, UnsafeVectorOverflow> m_codeOrigins;
     Vector<unsigned> m_callSiteIndexFreeList;
 };
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index 6524ac1962c73..2256f3f8f9fee 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -157,15 +157,7 @@ void SpeculativeJIT::compile()
     //
     // Generate the stack overflow handling; if the stack check in the entry head fails,
     // we need to call out to a helper function to throw the StackOverflowError.
-    stackOverflow.link(this);
-
-    emitStoreCodeOrigin(CodeOrigin(BytecodeIndex(0)));
-
-    if (maxFrameExtentForSlowPathCall)
-        addPtr(TrustedImm32(-static_cast<int32_t>(maxFrameExtentForSlowPathCall)), stackPointerRegister);
-
-    emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::argumentGPR0);
-    callThrowOperationWithCallFrameRollback(operationThrowStackOverflowError, GPRInfo::argumentGPR0);
+    stackOverflow.linkThunk(CodeLocationLabel(vm().getCTIStub(CommonJITThunkID::ThrowStackOverflowAtPrologue).retaggedCode<NoPtrTag>()), this);
 
     // Generate slow path code.
     runSlowPathGenerators(m_pcToCodeOriginMapBuilder);
@@ -268,14 +260,7 @@ void SpeculativeJIT::compileFunction()
     stackOverflowWithEntry.link(this);
     compileEntry();
     stackOverflow.link(this);
-
-    emitStoreCodeOrigin(CodeOrigin(BytecodeIndex(0)));
-
-    if (maxFrameExtentForSlowPathCall)
-        addPtr(TrustedImm32(-static_cast<int32_t>(maxFrameExtentForSlowPathCall)), stackPointerRegister);
-
-    emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::argumentGPR0);
-    callThrowOperationWithCallFrameRollback(operationThrowStackOverflowError, GPRInfo::argumentGPR0);
+    jumpThunk(CodeLocationLabel(vm().getCTIStub(CommonJITThunkID::ThrowStackOverflowAtPrologue).retaggedCode<NoPtrTag>()));
 
     // Generate slow path code.
     runSlowPathGenerators(m_pcToCodeOriginMapBuilder);
diff --git a/Source/JavaScriptCore/ftl/FTLCompile.cpp b/Source/JavaScriptCore/ftl/FTLCompile.cpp
index 9fc10628e218c..d81e8054caccc 100644
--- a/Source/JavaScriptCore/ftl/FTLCompile.cpp
+++ b/Source/JavaScriptCore/ftl/FTLCompile.cpp
@@ -172,10 +172,7 @@ void compile(State& state, Safepoint::Result& safepointResult)
 
             stackOverflowWithEntry.link(&jit);
             jit.emitFunctionPrologue();
-            jit.move(CCallHelpers::TrustedImmPtr(codeBlock), GPRInfo::argumentGPR0);
-            jit.storePtr(GPRInfo::callFrameRegister, &vm.topCallFrame);
-            jit.callOperation<OperationPtrTag>(operationThrowStackOverflowError);
-            jit.jumpThunk(CodeLocationLabel(vm.getCTIStub(CommonJITThunkID::HandleExceptionWithCallFrameRollback).retaggedCode<NoPtrTag>()));
+            jit.jumpThunk(CodeLocationLabel(vm.getCTIStub(CommonJITThunkID::ThrowStackOverflowAtPrologue).retaggedCode<NoPtrTag>()));
             mainPathJumps.linkTo(mainPathLabel, &jit);
         }
         break;
diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
index 9193e3347fb6b..711096c37615a 100644
--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
@@ -287,7 +287,6 @@ class LowerDFGToB3 {
         // Stack Overflow Check.
         unsigned exitFrameSize = m_graph.requiredRegisterCountForExit() * sizeof(Register);
         PatchpointValue* stackOverflowHandler = m_out.patchpoint(Void);
-        CallSiteIndex callSiteIndex = callSiteIndexForCodeOrigin(m_ftlState, CodeOrigin(BytecodeIndex(0)));
         stackOverflowHandler->appendSomeRegister(m_callFrame);
         stackOverflowHandler->appendSomeRegister(m_vmValue);
         stackOverflowHandler->clobber(RegisterSetBuilder::macroClobberedGPRs());
@@ -318,26 +317,7 @@ class LowerDFGToB3 {
                     // get clobbered.
                     // https://bugs.webkit.org/show_bug.cgi?id=172456
                     jit.emitRestore(params.proc().calleeSaveRegisterAtOffsetList());
-
-                    jit.store32(
-                        MacroAssembler::TrustedImm32(callSiteIndex.bits()),
-                        CCallHelpers::tagFor(CallFrameSlot::argumentCountIncludingThis));
-                    jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm->topEntryFrame, GPRInfo::argumentGPR0);
-
-                    jit.move(CCallHelpers::TrustedImmPtr(jit.codeBlock()), GPRInfo::argumentGPR0);
-                    jit.prepareCallOperation(*vm);
-                    CCallHelpers::Call throwCall = jit.call(OperationPtrTag);
-
-                    jit.move(CCallHelpers::TrustedImmPtr(vm), GPRInfo::argumentGPR0);
-                    jit.prepareCallOperation(*vm);
-                    CCallHelpers::Call lookupExceptionHandlerCall = jit.call(OperationPtrTag);
-                    jit.jumpToExceptionHandler(*vm);
-
-                    jit.addLinkTask(
-                        [=] (LinkBuffer& linkBuffer) {
-                            linkBuffer.link<OperationPtrTag>(throwCall, operationThrowStackOverflowError);
-                            linkBuffer.link<OperationPtrTag>(lookupExceptionHandlerCall, operationLookupExceptionHandlerFromCallerFrame);
-                    });
+                    jit.jumpThunk(CodeLocationLabel(vm->getCTIStub(CommonJITThunkID::ThrowStackOverflowAtPrologue).retaggedCode<NoPtrTag>()));
                 });
             });
 
diff --git a/Source/JavaScriptCore/jit/JIT.cpp b/Source/JavaScriptCore/jit/JIT.cpp
index cf7181b649a8e..8de49fb999ea0 100644
--- a/Source/JavaScriptCore/jit/JIT.cpp
+++ b/Source/JavaScriptCore/jit/JIT.cpp
@@ -858,12 +858,9 @@ RefPtr<BaselineJITCode> JIT::compileAndLinkWithoutFinalizing(JITCompilationEffor
 
     stackOverflowWithEntry.link(this);
     emitFunctionPrologue();
-    stackOverflow.link(this);
     m_bytecodeIndex = BytecodeIndex(0);
-    if (maxFrameExtentForSlowPathCall)
-        addPtr(TrustedImm32(-static_cast<int32_t>(maxFrameExtentForSlowPathCall)), stackPointerRegister);
-    emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, regT0);
-    callThrowOperationWithCallFrameRollback(operationThrowStackOverflowError, regT0);
+    stackOverflow.link(this);
+    jumpThunk(CodeLocationLabel(vm().getCTIStub(CommonJITThunkID::ThrowStackOverflowAtPrologue).retaggedCode<NoPtrTag>()));
 
     ASSERT(m_jmpTable.isEmpty());
 
diff --git a/Source/JavaScriptCore/jit/JITThunks.h b/Source/JavaScriptCore/jit/JITThunks.h
index d66103610a488..bb3afd6dd3fbd 100644
--- a/Source/JavaScriptCore/jit/JITThunks.h
+++ b/Source/JavaScriptCore/jit/JITThunks.h
@@ -64,6 +64,7 @@ class NativeExecutable;
     macro(InternalFunctionConstruct, internalFunctionConstructGenerator) \
     macro(ThrowExceptionFromCall, throwExceptionFromCallGenerator) \
     macro(ThrowExceptionFromCallSlowPath, throwExceptionFromCallSlowPathGenerator) \
+    macro(ThrowStackOverflowAtPrologue, throwStackOverflowAtPrologueGenerator) \
     macro(VirtualThunkForRegularCall, virtualThunkForRegularCall) \
     macro(VirtualThunkForTailCall, virtualThunkForTailCall) \
     macro(VirtualThunkForConstruct, virtualThunkForConstruct) \
diff --git a/Source/JavaScriptCore/jit/ThunkGenerators.cpp b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
index 4db8c0500566f..164ea6ce7904f 100644
--- a/Source/JavaScriptCore/jit/ThunkGenerators.cpp
+++ b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
@@ -185,6 +185,25 @@ MacroAssemblerCodeRef<JITThunkPtrTag> throwExceptionFromCallSlowPathGenerator(VM
     return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "throwExceptionFromCallSlowPath"_s, "Throw exception from call slow path thunk");
 }
 
+MacroAssemblerCodeRef<JITThunkPtrTag> throwStackOverflowAtPrologueGenerator(VM& vm)
+{
+    CCallHelpers jit;
+
+    if (maxFrameExtentForSlowPathCall)
+        jit.addPtr(CCallHelpers::TrustedImm32(-static_cast<int32_t>(maxFrameExtentForSlowPathCall)), CCallHelpers::stackPointerRegister);
+
+    // In all tiers (LLInt, Baseline, DFG, and FTL), CodeOrigin(BytecodeIndex(0)) is zero, or CallSiteIndex(0) is pointint at CodeOrigin(BytecodeIndex(0)).
+    jit.store32(CCallHelpers::TrustedImm32(0), CCallHelpers::tagFor(CallFrameSlot::argumentCountIncludingThis));
+
+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::argumentGPR0);
+    jit.prepareCallOperation(vm);
+    jit.callOperation<OperationPtrTag>(operationThrowStackOverflowError);
+    jit.jumpThunk(CodeLocationLabel(vm.getCTIStub(CommonJITThunkID::HandleExceptionWithCallFrameRollback).retaggedCode<NoPtrTag>()));
+
+    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "throwStackOverflow"_s, "throwStackOverflow");
+}
+
 // FIXME: We should distinguish between a megamorphic virtual call vs. a slow
 // path virtual call so that we can enable fast tail calls for megamorphic
 // virtual calls by using the shuffler.
@@ -283,7 +302,7 @@ static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkFor(VM& vm, CallMode mo
     jit.farJump(GPRInfo::returnValueGPR, JSEntryPtrTag);
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::InlineCache);
-    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "VirtualCall"_s "Virtual %s thunk", mode == CallMode::Regular ? "call" : mode == CallMode::Tail ? "tail call" : "construct");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "VirtualCall"_s, "Virtual %s thunk", mode == CallMode::Regular ? "call" : mode == CallMode::Tail ? "tail call" : "construct");
 }
 
 MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForRegularCall(VM& vm)
diff --git a/Source/JavaScriptCore/jit/ThunkGenerators.h b/Source/JavaScriptCore/jit/ThunkGenerators.h
index 687ac32dd8960..3ee58534d1a9e 100644
--- a/Source/JavaScriptCore/jit/ThunkGenerators.h
+++ b/Source/JavaScriptCore/jit/ThunkGenerators.h
@@ -44,6 +44,7 @@ MacroAssemblerCodeRef<JITThunkPtrTag> popThunkStackPreservesAndHandleExceptionGe
 
 MacroAssemblerCodeRef<JITThunkPtrTag> throwExceptionFromCallGenerator(VM&);
 MacroAssemblerCodeRef<JITThunkPtrTag> throwExceptionFromCallSlowPathGenerator(VM&);
+MacroAssemblerCodeRef<JITThunkPtrTag> throwStackOverflowAtPrologueGenerator(VM&);
 
 MacroAssemblerCodeRef<JITThunkPtrTag> checkExceptionGenerator(VM&);
 MacroAssemblerCodeRef<JITThunkPtrTag> returnFromBaselineGenerator(VM&);

From a8406fbeeaec52a22238a482f7948bb150de97ce Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Sun, 23 Feb 2025 12:48:10 -0800
Subject: [PATCH 097/174] [JSC] Simplify AssemblyHelpers::purifyNaN
 https://bugs.webkit.org/show_bug.cgi?id=288302 rdar://145390959

Reviewed by Keith Miller.

Simplify the implementation of AssemblyHelpers::purifyNaN by using
fpTempRegister.

* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
* Source/JavaScriptCore/dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileExit):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueRep):
* Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::reboxAccordingToFormat):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::purifyNaN):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/CallFrameShuffler64.cpp:
(JSC::CallFrameShuffler::emitBox):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):

Canonical link: https://commits.webkit.org/290918@main
---
 .../bytecode/InlineCacheCompiler.cpp          |  2 +-
 Source/JavaScriptCore/dfg/DFGOSRExit.cpp      |  4 ++--
 .../JavaScriptCore/dfg/DFGSpeculativeJIT.cpp  | 20 +++++++++++--------
 .../JavaScriptCore/ftl/FTLOSRExitCompiler.cpp |  2 +-
 Source/JavaScriptCore/jit/AssemblyHelpers.cpp | 13 +++++++++---
 Source/JavaScriptCore/jit/AssemblyHelpers.h   |  2 +-
 .../jit/CallFrameShuffler64.cpp               |  2 +-
 Source/JavaScriptCore/wasm/js/WasmToJS.cpp    |  2 +-
 8 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp b/Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
index 31ee5b3feff5f..517798ec2aac0 100644
--- a/Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
+++ b/Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
@@ -2238,7 +2238,7 @@ void InlineCacheCompiler::generateWithGuard(unsigned index, AccessCase& accessCa
                     CRASH();
                 }
 
-                jit.purifyNaN(m_scratchFPR);
+                jit.purifyNaN(m_scratchFPR, m_scratchFPR);
                 jit.boxDouble(m_scratchFPR, valueRegs);
             }
         }
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
index 64c3851f971d8..f5cc9a3138dcb 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
@@ -644,7 +644,7 @@ void OSRExit::compileExit(CCallHelpers& jit, VM& vm, const OSRExit& exit, const
         case UnboxedDoubleInFPR:
             jit.move(AssemblyHelpers::TrustedImmPtr(scratch + index), GPRInfo::regT1);
             jit.loadDouble(MacroAssembler::Address(GPRInfo::regT1), FPRInfo::fpRegT0);
-            jit.purifyNaN(FPRInfo::fpRegT0);
+            jit.purifyNaN(FPRInfo::fpRegT0, FPRInfo::fpRegT0);
 #if USE(JSVALUE64)
             jit.boxDouble(FPRInfo::fpRegT0, GPRInfo::regT0);
             jit.store64(GPRInfo::regT0, MacroAssembler::Address(GPRInfo::regT1));
@@ -656,7 +656,7 @@ void OSRExit::compileExit(CCallHelpers& jit, VM& vm, const OSRExit& exit, const
         case DoubleDisplacedInJSStack:
             jit.move(AssemblyHelpers::TrustedImmPtr(scratch + index), GPRInfo::regT1);
             jit.loadDouble(AssemblyHelpers::addressFor(recovery.virtualRegister()), FPRInfo::fpRegT0);
-            jit.purifyNaN(FPRInfo::fpRegT0);
+            jit.purifyNaN(FPRInfo::fpRegT0, FPRInfo::fpRegT0);
 #if USE(JSVALUE64)
             jit.boxDouble(FPRInfo::fpRegT0, GPRInfo::regT0);
             jit.store64(GPRInfo::regT0, MacroAssembler::Address(GPRInfo::regT1));
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index 2256f3f8f9fee..a4574343e825a 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -3090,12 +3090,17 @@ void SpeculativeJIT::compileValueRep(Node* node)
         // anymore. Unfortunately, this would be unsound. If it's a GetLocal or if the value was
         // subject to a prior SetLocal, filtering the value would imply that the corresponding
         // local was purified.
-        if (m_state.forNode(node->child1()).couldBeType(SpecDoubleImpureNaN))
-            purifyNaN(valueFPR);
+        if (m_state.forNode(node->child1()).couldBeType(SpecDoubleImpureNaN)) {
+            FPRTemporary temp(this);
+            FPRReg tempFPR = temp.fpr();
 
-        boxDouble(valueFPR, resultRegs);
-        
-        jsValueResult(resultRegs, node);
+            purifyNaN(valueFPR, tempFPR);
+            boxDouble(tempFPR, resultRegs);
+            jsValueResult(resultRegs, node);
+        } else {
+            boxDouble(valueFPR, resultRegs);
+            jsValueResult(resultRegs, node);
+        }
         return;
     }
         
@@ -3697,7 +3702,7 @@ void SpeculativeJIT::compileGetByValOnFloatTypedArray(Node* node, TypedArrayType
     }
     
     if (format == DataFormatJS) {
-        purifyNaN(resultReg);
+        purifyNaN(resultReg, resultReg);
         boxDouble(resultReg, resultRegs);
         if (jump.isSet())
             jump.link(this);
@@ -6754,8 +6759,7 @@ void SpeculativeJIT::compilePurifyNaN(Node* node)
     FPRReg valueFPR = value.fpr();
     FPRReg resultFPR = result.fpr();
 
-    moveDouble(valueFPR, resultFPR);
-    purifyNaN(resultFPR);
+    purifyNaN(valueFPR, resultFPR);
     doubleResult(resultFPR, node);
 }
 
diff --git a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
index 0491f30fab306..750dbb69ff68d 100644
--- a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
+++ b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
@@ -91,7 +91,7 @@ static void reboxAccordingToFormat(
     case DataFormatDouble: {
         jit.moveDoubleTo64(FPRInfo::fpRegT0, scratch1);
         jit.move64ToDouble(value, FPRInfo::fpRegT0);
-        jit.purifyNaN(FPRInfo::fpRegT0);
+        jit.purifyNaN(FPRInfo::fpRegT0, FPRInfo::fpRegT0);
         jit.boxDouble(FPRInfo::fpRegT0, value);
         jit.move64ToDouble(scratch1, FPRInfo::fpRegT0);
         break;
diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.cpp b/Source/JavaScriptCore/jit/AssemblyHelpers.cpp
index 737db6f6e5099..4b6fb5dada3a2 100644
--- a/Source/JavaScriptCore/jit/AssemblyHelpers.cpp
+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.cpp
@@ -82,11 +82,18 @@ void AssemblyHelpers::decrementSuperSamplerCount()
     sub32(TrustedImm32(1), AbsoluteAddress(std::bit_cast<const void*>(&g_superSamplerCount)));
 }
 
-void AssemblyHelpers::purifyNaN(FPRReg fpr)
+void AssemblyHelpers::purifyNaN(FPRReg inputFPR, FPRReg resultFPR)
 {
-    MacroAssembler::Jump notNaN = branchIfNotNaN(fpr);
-    move64ToDouble(TrustedImm64(std::bit_cast<uint64_t>(PNaN)), fpr);
+    ASSERT(inputFPR != fpTempRegister);
+#if CPU(ADDRESS64)
+    move64ToDouble(TrustedImm64(std::bit_cast<uint64_t>(PNaN)), fpTempRegister);
+    moveDoubleConditionallyDouble(DoubleEqualAndOrdered, inputFPR, inputFPR, inputFPR, fpTempRegister, resultFPR);
+#else
+    moveDouble(inputFPR, resultFPR);
+    auto notNaN = branchIfNotNaN(resultFPR);
+    move64ToDouble(TrustedImm64(std::bit_cast<uint64_t>(PNaN)), resultFPR);
     notNaN.link(this);
+#endif
 }
 
 #if ENABLE(SAMPLING_FLAGS)
diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h
index 6dc9303108256..7088e382c88a9 100644
--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h
+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h
@@ -1450,7 +1450,7 @@ class AssemblyHelpers : public MacroAssembler {
     void incrementSuperSamplerCount();
     void decrementSuperSamplerCount();
     
-    void purifyNaN(FPRReg);
+    void purifyNaN(FPRReg, FPRReg);
 
     // These methods convert between doubles, and doubles boxed and JSValues.
 #if USE(JSVALUE64)
diff --git a/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp b/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp
index 2e3fc3025ab74..d627be5d840e4 100644
--- a/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp
+++ b/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp
@@ -146,7 +146,7 @@ void CallFrameShuffler::emitBox(CachedRecovery& cachedRecovery)
                 resultGPR = getFreeGPR();
             ASSERT(resultGPR != InvalidGPRReg);
             ASSERT(Reg::fromIndex(resultGPR).isGPR());
-            m_jit.purifyNaN(cachedRecovery.recovery().fpr());
+            m_jit.purifyNaN(cachedRecovery.recovery().fpr(), cachedRecovery.recovery().fpr());
             m_jit.moveDoubleTo64(cachedRecovery.recovery().fpr(), resultGPR);
             m_lockedRegisters.add(resultGPR, IgnoreVectors);
             if (tryAcquireNumberTagRegister())
diff --git a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp
index 50a39fb009a9c..d1f3253126a14 100644
--- a/Source/JavaScriptCore/wasm/js/WasmToJS.cpp
+++ b/Source/JavaScriptCore/wasm/js/WasmToJS.cpp
@@ -224,7 +224,7 @@ Expected<MacroAssemblerCodeRef<WasmEntryPtrTag>, BindingFailure> wasmToJS(TypeIn
         unsigned frOffset = CallFrameSlot::firstArgument * static_cast<int>(sizeof(Register));
 
         auto marshallFPR = [&] (FPRReg fprReg) {
-            jit.purifyNaN(fprReg);
+            jit.purifyNaN(fprReg, fprReg);
 #if USE(JSVALUE64)
             jit.moveDoubleTo64(fprReg, scratch);
             materializeDoubleEncodeOffset(doubleEncodeOffsetGPRReg);

From 4d590ffaba704034d9c107d3c485ba8e9ef81fa5 Mon Sep 17 00:00:00 2001
From: Matt Woodrow <mattwoodrow@apple.com>
Date: Sun, 23 Feb 2025 13:57:47 -0800
Subject: [PATCH 098/174] Support ContentVisibilityForceLayout in
 updateLayoutIfDimensionsOutOfDate.
 https://bugs.webkit.org/show_bug.cgi?id=288312 <rdar://145426937>

Reviewed by Alan Baradlay.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* Source/WebCore/dom/Document.h:
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* Source/WebCore/rendering/RenderBlock.cpp:
(WebCore::RenderBlock::canPerformSimplifiedLayout const):
(WebCore::RenderBlock::simplifiedLayout):
* Source/WebCore/rendering/RenderBlock.h:

Canonical link: https://commits.webkit.org/290919@main
---
 Source/WebCore/dom/Document.cpp          | 17 +++++++++++++----
 Source/WebCore/dom/Document.h            |  2 +-
 Source/WebCore/rendering/RenderBlock.cpp |  7 +++----
 Source/WebCore/rendering/RenderBlock.h   |  3 ++-
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index b3859b03630d3..d53a3456139a7 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -2998,13 +2998,13 @@ std::unique_ptr<RenderStyle> Document::styleForElementIgnoringPendingStylesheets
     return WTFMove(elementStyle.style);
 }
 
-bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<DimensionsCheck> dimensionsCheck)
+bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<DimensionsCheck> dimensionsCheck, OptionSet<LayoutOptions> layoutOptions)
 {
     ASSERT(isMainThread());
 
     // If the stylesheets haven't loaded, just give up and do a full layout ignoring pending stylesheets.
     if (!haveStylesheetsLoaded()) {
-        updateLayoutIgnorePendingStylesheets();
+        updateLayoutIgnorePendingStylesheets(layoutOptions);
         return true;
     }
 
@@ -3021,7 +3021,7 @@ bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<Dim
     // Mimic the structure of updateLayout(), but at each step, see if we have been forced into doing a full layout.
     if (RefPtr owner = ownerElement()) {
         if (owner->protectedDocument()->updateLayoutIfDimensionsOutOfDate(*owner)) {
-            updateLayout({ }, &element);
+            updateLayout(layoutOptions, &element);
             return true;
         }
     }
@@ -3030,6 +3030,15 @@ bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<Dim
 
     updateStyleIfNeeded();
 
+    if (layoutOptions.contains(LayoutOptions::ContentVisibilityForceLayout)) {
+        if (CheckedPtr renderer = element.renderer(); renderer &&  renderer->style().hasSkippedContent()) {
+            if (auto wasSkippedDuringLastLayout = renderer->wasSkippedDuringLastLayoutDueToContentVisibility()) {
+                if (*wasSkippedDuringLastLayout)
+                    renderer->setNeedsLayout();
+            }
+        }
+    }
+
     if (!element.renderer() || !frameView->layoutContext().needsLayout()) {
         // Tree is clean, we don't need to walk the ancestor chain to figure out whether we have a sufficiently clean subtree.
         return false;
@@ -3102,7 +3111,7 @@ bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<Dim
 
     // Only do a layout if changes have occurred that make it necessary.
     if (requireFullLayout)
-        updateLayout({ }, &element);
+        updateLayout(layoutOptions, &element);
 
     return requireFullLayout;
 }
diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h
index d1f0454ef3660..296d2b973e8af 100644
--- a/Source/WebCore/dom/Document.h
+++ b/Source/WebCore/dom/Document.h
@@ -766,7 +766,7 @@ class Document
     bool hasLivingRenderTree() const { return renderView() && !renderTreeBeingDestroyed(); }
     void updateRenderTree(std::unique_ptr<Style::Update> styleUpdate);
 
-    bool updateLayoutIfDimensionsOutOfDate(Element&, OptionSet<DimensionsCheck> = { DimensionsCheck::Width, DimensionsCheck::Height });
+    bool updateLayoutIfDimensionsOutOfDate(Element&, OptionSet<DimensionsCheck> = { DimensionsCheck::Width, DimensionsCheck::Height }, OptionSet<LayoutOptions> = { });
 
     inline AXObjectCache* existingAXObjectCache() const;
     WEBCORE_EXPORT AXObjectCache* axObjectCache() const;
diff --git a/Source/WebCore/rendering/RenderBlock.cpp b/Source/WebCore/rendering/RenderBlock.cpp
index 58f1b3f9da81d..cecf62dea2009 100644
--- a/Source/WebCore/rendering/RenderBlock.cpp
+++ b/Source/WebCore/rendering/RenderBlock.cpp
@@ -839,6 +839,8 @@ bool RenderBlock::canPerformSimplifiedLayout() const
         return false;
     if (auto wasSkippedDuringLastLayout = wasSkippedDuringLastLayoutDueToContentVisibility(); wasSkippedDuringLastLayout && *wasSkippedDuringLastLayout)
         return false;
+    if (layoutContext().isSkippedContentRootForLayout(*this) && (posChildNeedsLayout() || canContainFixedPositionObjects()))
+        return false;
     return posChildNeedsLayout() || needsSimplifiedNormalFlowLayout();
 }
 
@@ -851,10 +853,6 @@ bool RenderBlock::simplifiedLayout()
     if (needsPositionedMovementLayout() && !tryLayoutDoingPositionedMovementOnly())
         return false;
 
-    bool canContainFixedPosObjects = canContainFixedPositionObjects();
-    if (layoutContext().isSkippedContentRootForLayout(*this) && (posChildNeedsLayout() || canContainFixedPosObjects))
-        return false;
-
     // Lay out positioned descendants or objects that just need to recompute overflow.
     if (needsSimplifiedNormalFlowLayout())
         simplifiedNormalFlowLayout();
@@ -869,6 +867,7 @@ bool RenderBlock::simplifiedLayout()
     // child, neither the fixed element nor its container learn of the movement since posChildNeedsLayout() is only marked as far as the 
     // relative positioned container. So if we can have fixed pos objects in our positioned objects list check if any of them
     // are statically positioned and thus need to move with their absolute ancestors.
+    bool canContainFixedPosObjects = canContainFixedPositionObjects();
     if (posChildNeedsLayout() || canContainFixedPosObjects)
         layoutPositionedObjects(RelayoutChildren::No, !posChildNeedsLayout() && canContainFixedPosObjects);
 
diff --git a/Source/WebCore/rendering/RenderBlock.h b/Source/WebCore/rendering/RenderBlock.h
index 465acee5760b1..59f510c3bbad3 100644
--- a/Source/WebCore/rendering/RenderBlock.h
+++ b/Source/WebCore/rendering/RenderBlock.h
@@ -257,6 +257,8 @@ class RenderBlock : public RenderBox {
 
     void updateDescendantTransformsAfterLayout();
 
+    virtual bool canPerformSimplifiedLayout() const;
+
 protected:
     RenderFragmentedFlow* locateEnclosingFragmentedFlow() const override;
     bool establishesIndependentFormattingContextIgnoringDisplayType(const RenderStyle&) const;
@@ -298,7 +300,6 @@ class RenderBlock : public RenderBox {
     void styleWillChange(StyleDifference, const RenderStyle& newStyle) override;
     void styleDidChange(StyleDifference, const RenderStyle* oldStyle) override;
 
-    virtual bool canPerformSimplifiedLayout() const;
     bool simplifiedLayout();
     virtual void simplifiedNormalFlowLayout();
 

From 213a4d7e07fd0c8446d642220d920e387f735907 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 14:11:36 -0800
Subject: [PATCH 099/174] Address safer cpp failures in
 MediaRecorderPrivateWriterWebM.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288307

Reviewed by Geoffrey Garen.

* Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations:
* Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp:
(WebCore::MediaRecorderPrivateWriterWebMDelegate::addAudioTrack):
(WebCore::MediaRecorderPrivateWriterWebMDelegate::addVideoTrack):

Canonical link: https://commits.webkit.org/290920@main
---
 .../MemoryUnsafeCastCheckerExpectations              |  1 -
 .../cocoa/MediaRecorderPrivateWriterWebM.cpp         | 12 ++++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations b/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
index 0db34133fab3e..64613bae81355 100644
--- a/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
@@ -120,7 +120,6 @@ platform/mac/ScrollbarThemeMac.mm
 platform/mac/ScrollbarsControllerMac.mm
 platform/mac/SerializedPlatformDataCueMac.mm
 platform/mac/WebCoreFullScreenWindow.mm
-platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp
 platform/network/BlobResourceHandle.cpp
 rendering/BidiRun.cpp
 rendering/BidiRun.h
diff --git a/Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp b/Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp
index c6f806bfad3c3..3e4f710453fa0 100644
--- a/Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp
+++ b/Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterWebM.cpp
@@ -40,6 +40,14 @@
 
 #import <pal/cf/CoreMediaSoftLink.h>
 
+SPECIALIZE_TYPE_TRAITS_BEGIN(mkvmuxer::AudioTrack)
+    static bool isType(const mkvmuxer::Track& track) { return track.type() == mkvmuxer::Tracks::kAudio; }
+SPECIALIZE_TYPE_TRAITS_END()
+
+SPECIALIZE_TYPE_TRAITS_BEGIN(mkvmuxer::VideoTrack)
+    static bool isType(const mkvmuxer::Track& track) { return track.type() == mkvmuxer::Tracks::kVideo; }
+SPECIALIZE_TYPE_TRAITS_END()
+
 namespace WebCore {
 
 WTF_MAKE_TZONE_ALLOCATED_IMPL(MediaRecorderPrivateWriterWebM);
@@ -97,7 +105,7 @@ class MediaRecorderPrivateWriterWebMDelegate : public mkvmuxer::IMkvWriter {
         auto trackIndex = m_segment.AddAudioTrack(info.rate, info.channels, 0);
         if (!trackIndex)
             return { };
-        auto* audioTrack = reinterpret_cast<mkvmuxer::AudioTrack*>(m_segment.GetTrackByNumber(trackIndex));
+        auto* audioTrack = downcast<mkvmuxer::AudioTrack>(m_segment.GetTrackByNumber(trackIndex));
         ASSERT(audioTrack);
         audioTrack->set_bit_depth(32u);
         audioTrack->set_codec_id(mkvCodeIcForMediaVideoCodecId(info.codecName));
@@ -115,7 +123,7 @@ class MediaRecorderPrivateWriterWebMDelegate : public mkvmuxer::IMkvWriter {
         auto trackIndex = m_segment.AddVideoTrack(info.size.width(), info.size.height(), 0);
         if (!trackIndex)
             return { };
-        auto* videoTrack = reinterpret_cast<mkvmuxer::VideoTrack*>(m_segment.GetTrackByNumber(trackIndex));
+        auto* videoTrack = downcast<mkvmuxer::VideoTrack>(m_segment.GetTrackByNumber(trackIndex));
         ASSERT(videoTrack);
         videoTrack->set_codec_id(mkvCodeIcForMediaVideoCodecId(info.codecName));
         if (RefPtr atomData = info.atomData; atomData && atomData->span().size())

From cd23c73ac692918316f2e345fc313f8fd0bbc79b Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Sun, 23 Feb 2025 14:22:11 -0800
Subject: [PATCH 100/174] Remove unnecessary sync IPC in NavigationScheduler
 https://bugs.webkit.org/show_bug.cgi?id=288298 rdar://145382743

Reviewed by Sihui Liu.

BackForwardController::currentItem sends a sync IPC message. We should avoid using it twice in these
functions.

* Source/WebCore/loader/NavigationScheduler.cpp:

Canonical link: https://commits.webkit.org/290921@main
---
 Source/WebCore/loader/NavigationScheduler.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Source/WebCore/loader/NavigationScheduler.cpp b/Source/WebCore/loader/NavigationScheduler.cpp
index 8bfa8639622ba..5f70f737d06ce 100644
--- a/Source/WebCore/loader/NavigationScheduler.cpp
+++ b/Source/WebCore/loader/NavigationScheduler.cpp
@@ -303,7 +303,7 @@ class ScheduledHistoryNavigation : public ScheduledNavigation {
 
         UserGestureIndicator gestureIndicator(userGestureToForward());
 
-        if (page->checkedBackForward()->currentItem() && page->checkedBackForward()->currentItem()->itemID() == m_historyItem->itemID()) {
+        if (RefPtr currentItem = page->checkedBackForward()->currentItem(); currentItem && currentItem->itemID() == m_historyItem->itemID()) {
             localFrame->protectedLoader()->changeLocation(localFrame->document()->url(), selfTargetFrameName(), 0, ReferrerPolicy::EmptyString, shouldOpenExternalURLs(), std::nullopt, nullAtom(), std::nullopt, NavigationHistoryBehavior::Reload);
             return;
         }
@@ -380,7 +380,7 @@ class ScheduledHistoryNavigationByKey : public ScheduledNavigation {
 
         UserGestureIndicator gestureIndicator(userGestureToForward());
 
-        if (page->backForward().currentItem() && page->backForward().currentItem()->itemID() == (*historyItem)->itemID()) {
+        if (RefPtr currentItem = page->checkedBackForward()->currentItem(); currentItem && currentItem->itemID() == (*historyItem)->itemID()) {
             if (RefPtr localFrame = dynamicDowncast<LocalFrame>(frame))
                 localFrame->protectedLoader()->changeLocation(localFrame->document()->url(), selfTargetFrameName(), 0, ReferrerPolicy::EmptyString, shouldOpenExternalURLs(), std::nullopt, nullAtom(), std::nullopt, NavigationHistoryBehavior::Reload);
             return;

From 2172f7b5f9f2ae8cd4ab6795400b6d3eb6c61f94 Mon Sep 17 00:00:00 2001
From: Matt Woodrow <mattwoodrow@apple.com>
Date: Sun, 23 Feb 2025 14:50:52 -0800
Subject: [PATCH 101/174] getBoundingClientRect spends time flushing layout
 even if the current layout state is sufficiently valid.
 https://bugs.webkit.org/show_bug.cgi?id=287880 <rdar://145082013>

Reviewed by Alan Baradlay.

Extends updateLayoutIfDimensionsOutOfDate to pass through LayoutOptions to the
final layout if required.

Adds Top and Left options, and rejects the fast path if any ancestor requires
position movement layout (on top of any ancestor requiring normal self layout).

Allows updateLayoutIfDimensionsOutOfDate to succeed if the queried renderer
requires only simplified layout, and it will succeed.

Start using updateLayoutIfDimensionsOutOfDate for getBoundingClientRect.

Moves a check from RenderBlock::simplifiedLayout() to
RenderBlock::canPerformSimplifiedLayout() (and make the latter public) so that
it correctly determines if the simplified layout will succeed.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* Source/WebCore/dom/Document.h:
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::boundingClientRect):
* Source/WebCore/rendering/RenderBlock.cpp:
(WebCore::RenderBlock::canPerformSimplifiedLayout const):
(WebCore::RenderBlock::simplifiedLayout):
* Source/WebCore/rendering/RenderBlock.h:

Canonical link: https://commits.webkit.org/290922@main
---
 ...ain-paint-offscreen-container-expected.txt |  2 +-
 Source/WebCore/dom/Document.cpp               | 22 +++++++++++++++++--
 Source/WebCore/dom/Document.h                 |  7 ++++--
 Source/WebCore/dom/Element.cpp                |  2 +-
 4 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-anchoring/contain-paint-offscreen-container-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-anchoring/contain-paint-offscreen-container-expected.txt
index d66b0c17a55d1..5280049ebbd21 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-anchoring/contain-paint-offscreen-container-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-scroll-anchoring/contain-paint-offscreen-container-expected.txt
@@ -1,3 +1,3 @@
 
-FAIL Contain: style paint container offscreen. assert_equals: expected -2 but got -102
+PASS Contain: style paint container offscreen.
 
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index d53a3456139a7..02c48710cfee5 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -3044,14 +3044,27 @@ bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<Dim
         return false;
     }
 
-    // If the renderer needs layout for any reason, give up.
+    // If the renderer needs layout for any reason other than simplified (updating overflow), give up.
     // Also, turn off this optimization for input elements with shadow content.
-    bool requireFullLayout = element.renderer()->needsLayout() || is<HTMLInputElement>(element);
+    bool requireFullLayout = is<HTMLInputElement>(element);
+    {
+        CheckedPtr renderer = element.renderer();
+        if (renderer->selfNeedsLayout() || renderer->normalChildNeedsLayout() || renderer->posChildNeedsLayout() || renderer->needsPositionedMovementLayout())
+            requireFullLayout = true;
+        if (renderer->needsSimplifiedNormalFlowLayout()) {
+            if (!dimensionsCheck.contains(DimensionsCheck::IgnoreOverflow))
+                requireFullLayout = true;
+            else if (CheckedPtr block = dynamicDowncast<RenderBlock>(*renderer); !dimensionsCheck.contains(DimensionsCheck::IgnoreOverflow) || !block || !block->canPerformSimplifiedLayout())
+                requireFullLayout = true;
+        }
+    }
+
     if (!requireFullLayout) {
         CheckedPtr<RenderBox> previousBox;
         CheckedPtr<RenderBox> currentBox;
 
         CheckedPtr renderer = element.renderer();
+
         bool hasSpecifiedLogicalHeight = renderer->style().logicalMinHeight() == Length(0, LengthType::Fixed) && renderer->style().logicalHeight().isFixed() && renderer->style().logicalMaxHeight().isAuto();
         bool isVertical = !renderer->isHorizontalWritingMode();
         bool checkingLogicalWidth = (dimensionsCheck.contains(DimensionsCheck::Width) && !isVertical) || (dimensionsCheck.contains(DimensionsCheck::Height) && isVertical);
@@ -3074,6 +3087,11 @@ bool Document::updateLayoutIfDimensionsOutOfDate(Element& element, OptionSet<Dim
                 break;
             }
 
+            if (dimensionsCheck.containsAny({ DimensionsCheck::Left, DimensionsCheck::Top }) && (currentBox->needsPositionedMovementLayout() || currentBox->normalChildNeedsLayout())) {
+                requireFullLayout = true;
+                break;
+            }
+
             // If a box needs layout for itself or if a box has changed children and sizes its width to
             // its content, then require a full layout.
             if (currentBox->selfNeedsLayout() ||
diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h
index 296d2b973e8af..b4ccbb9769ec9 100644
--- a/Source/WebCore/dom/Document.h
+++ b/Source/WebCore/dom/Document.h
@@ -366,8 +366,11 @@ enum class EventHandlerRemoval : bool { One, All };
 using EventTargetSet = WeakHashCountedSet<Node, WeakPtrImplWithEventTargetData>;
 
 enum class DimensionsCheck : uint8_t {
-    Width = 1 << 0,
-    Height = 1 << 1
+    Left = 1 << 0,
+    Top = 1 << 1,
+    Width = 1 << 2,
+    Height = 1 << 3,
+    IgnoreOverflow = 1 << 4,
 };
 
 enum class HttpEquivPolicy : uint8_t {
diff --git a/Source/WebCore/dom/Element.cpp b/Source/WebCore/dom/Element.cpp
index 9b35c7c1a8316..b6a103b05ac06 100644
--- a/Source/WebCore/dom/Element.cpp
+++ b/Source/WebCore/dom/Element.cpp
@@ -1935,7 +1935,7 @@ std::optional<std::pair<CheckedPtr<RenderObject>, FloatRect>> Element::boundingA
 FloatRect Element::boundingClientRect()
 {
     Ref document = this->document();
-    document->updateLayoutIgnorePendingStylesheets({ LayoutOptions::ContentVisibilityForceLayout, LayoutOptions::CanDeferUpdateLayerPositions }, this);
+    document->updateLayoutIfDimensionsOutOfDate(*this, { DimensionsCheck::Left, DimensionsCheck::Top, DimensionsCheck::Width, DimensionsCheck::Height, DimensionsCheck::IgnoreOverflow }, { LayoutOptions::ContentVisibilityForceLayout, LayoutOptions::CanDeferUpdateLayerPositions, LayoutOptions::IgnorePendingStylesheets });
     LocalFrameView::AutoPreventLayerAccess preventAccess(document->view());
     auto pair = boundingAbsoluteRectWithoutLayout();
     if (!pair)

From 4d082633f9d78ef54c78b7d7d68b4574a51e6a64 Mon Sep 17 00:00:00 2001
From: Sam Weinig <sam@webkit.org>
Date: Sun, 23 Feb 2025 17:54:22 -0800
Subject: [PATCH 102/174] Fix warnings seen when running
 process-css-properties.py https://bugs.webkit.org/show_bug.cgi?id=288310

Reviewed by Darin Adler.

- Adds missing non-standard "intrinsic" value to the values
  array for sizing properties.
- Adds missing non-standard "auto" and "match-element" values
  to the values array for view-transition-name.
- Disable warnings for properties that use a non-builtin
  reference term in their grammar. These grammars are
  incomplete from the generators perspective, so they must
  be treated like any other custom parsing.

* Source/WebCore/css/CSSProperties.json:
* Source/WebCore/css/process-css-properties.py:

Canonical link: https://commits.webkit.org/290923@main
---
 Source/WebCore/css/CSSProperties.json        | 62 +++++++++++++++++++-
 Source/WebCore/css/process-css-properties.py | 49 +++++++++++++++-
 2 files changed, 109 insertions(+), 2 deletions(-)

diff --git a/Source/WebCore/css/CSSProperties.json b/Source/WebCore/css/CSSProperties.json
index bcaf1a2af39b6..f18d8b1634dbb 100644
--- a/Source/WebCore/css/CSSProperties.json
+++ b/Source/WebCore/css/CSSProperties.json
@@ -2223,6 +2223,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -4241,6 +4245,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -4352,6 +4360,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5531,6 +5543,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5584,6 +5600,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5635,6 +5655,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5706,6 +5730,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5757,6 +5785,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5810,6 +5842,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5861,6 +5897,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -5914,6 +5954,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -7761,6 +7805,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -8946,6 +8994,10 @@
                     "value": "contain",
                     "status": "unimplemented"
                 },
+                {
+                    "value": "intrinsic",
+                    "status": "non-standard"
+                },
                 {
                     "value": "min-intrinsic",
                     "status": "non-standard"
@@ -11328,7 +11380,15 @@
             "animation-type": "discrete",
             "initial": "none",
             "values": [
-                "none"
+                "none",
+                {
+                    "value": "auto",
+                    "status": "non-standard"
+                },
+                {
+                    "value": "match-element",
+                    "status": "non-standard"
+                }
             ],
             "codegen-properties": {
                 "style-builder-converter": "ViewTransitionName",
diff --git a/Source/WebCore/css/process-css-properties.py b/Source/WebCore/css/process-css-properties.py
index de7509914447b..e55319f674f5b 100755
--- a/Source/WebCore/css/process-css-properties.py
+++ b/Source/WebCore/css/process-css-properties.py
@@ -1595,7 +1595,6 @@ def perform_fixups(self, all_rules):
             return all_rules.rules_by_name[name_for_lookup].grammar.root_term.perform_fixups(all_rules)
         return self
 
-
     def perform_fixups_for_values_references(self, values):
         # NOTE: The actual name in the grammar is "<<values>>", which we store as is_internal + 'values'.
         if self.is_internal and self.name.name == "values":
@@ -1610,6 +1609,10 @@ def is_builtin(self):
     def supported_keywords(self):
         return set()
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return not self.is_builtin
+
 
 # LiteralTerm represents a direct match of a literal character or string. The
 # syntax in the CSS specifications is either a bare delimiter character or a
@@ -1642,6 +1645,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return set()
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return False
+
 
 # KeywordTerm represents a direct keyword match. The syntax in the CSS specifications
 # is a bare string.
@@ -1677,6 +1684,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return {self.value.name}
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return False
+
     @property
     def requires_context(self):
         return self.settings_flag or self.status == "internal"
@@ -1773,6 +1784,10 @@ def supported_keywords(self):
             result.update(term.supported_keywords)
         return result
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return any(term.has_non_builtin_reference_terms for term in self.terms)
+
 
 # GroupTerm represents matching a list of provided terms with
 # options for whether the matches are ordered and whether all
@@ -1838,6 +1853,10 @@ def supported_keywords(self):
             result.update(subterm.supported_keywords)
         return result
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return any(term.has_non_builtin_reference_terms for term in self.subterms)
+
 
 # OptionalTerm represents matching a term that is allowed to
 # be ommited. The syntax in the CSS specifications uses a
@@ -1879,6 +1898,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return self.subterm.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.subterm.has_non_builtin_reference_terms
+
 
 # UnboundedRepetitionTerm represents matching a list of terms
 # separated by either spaces or commas. The syntax in the CSS
@@ -1949,6 +1972,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return self.repeated_term.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.repeated_term.has_non_builtin_reference_terms
+
 
 # BoundedRepetitionTerm represents matching a list of terms
 # separated by either spaces or commas where the list of terms
@@ -2003,6 +2030,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return self.repeated_term.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.repeated_term.has_non_builtin_reference_terms
+
 
 # FixedSizeRepetitionTerm represents matching a list of terms
 # separated by either spaces or commas where the list of terms
@@ -2056,6 +2087,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return self.repeated_term.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.repeated_term.has_non_builtin_reference_terms
+
 
 # FunctionTerm represents matching a use of the CSS function call syntax
 # which provides a way for specifications to differentiate groups by
@@ -2092,6 +2127,10 @@ def perform_fixups_for_values_references(self, values):
     def supported_keywords(self):
         return self.parameter_group_term.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.parameter_group_term.has_non_builtin_reference_terms
+
 
 # Container for the name and root term for a grammar. Used for both shared rules and property specific grammars.
 class Grammar:
@@ -2118,6 +2157,10 @@ def perform_fixups_for_values_references(self, values):
         self.root_term = self.root_term.perform_fixups_for_values_references(values)
 
     def check_against_values(self, values):
+        if self.has_non_builtin_reference_terms:
+            # If the grammar has any  non-builtin references, the grammar is incomplete and this check cannot be performed.
+            return
+
         keywords_supported_by_grammar = self.supported_keywords
         keywords_listed_as_values = frozenset(value.name for value in values)
 
@@ -2163,6 +2206,10 @@ def fast_path_keyword_terms_sorted_by_name(self):
     def supported_keywords(self):
         return self.root_term.supported_keywords
 
+    @property
+    def has_non_builtin_reference_terms(self):
+        return self.root_term.has_non_builtin_reference_terms
+
 
 # A shared grammar rule and metadata describing it. Part of the set of rules tracked by SharedGrammarRules.
 class SharedGrammarRule:

From a9baf3a34bde2fea859623aaae6f8893b03d5874 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Sun, 23 Feb 2025 18:35:57 -0800
Subject: [PATCH 103/174] [JSC] Remove HandleExceptionWithCallFrameRollback
 thunk https://bugs.webkit.org/show_bug.cgi?id=288318 rdar://problem/145432961

Reviewed by Yijia Huang.

This patch removes HandleExceptionWithCallFrameRollback thunk
as it is only used by throwStackOverflow thunk. We just embed it into
throwStackOverflow thunk.

* Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exceptionJumpWithCallFrameRollback): Deleted.
* Source/JavaScriptCore/dfg/DFGJITCompiler.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callThrowOperationWithCallFrameRollback): Deleted.
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::exceptionChecksWithCallFrameRollback): Deleted.
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITThunks.h:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::throwStackOverflowAtPrologueGenerator):
(JSC::handleExceptionWithCallFrameRollbackGenerator): Deleted.
* Source/JavaScriptCore/jit/ThunkGenerators.h:

Canonical link: https://commits.webkit.org/290924@main
---
 Source/JavaScriptCore/dfg/DFGJITCompiler.cpp  |  5 ----
 Source/JavaScriptCore/dfg/DFGJITCompiler.h    |  2 --
 Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h |  8 -------
 Source/JavaScriptCore/jit/JIT.cpp             |  5 ----
 Source/JavaScriptCore/jit/JIT.h               | 11 ---------
 Source/JavaScriptCore/jit/JITThunks.h         |  1 -
 Source/JavaScriptCore/jit/ThunkGenerators.cpp | 24 ++++++-------------
 Source/JavaScriptCore/jit/ThunkGenerators.h   |  1 -
 8 files changed, 7 insertions(+), 50 deletions(-)

diff --git a/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp b/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
index cadde84ce9108..7fae331083ac7 100644
--- a/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
+++ b/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
@@ -372,11 +372,6 @@ void JITCompiler::disassemble(LinkBuffer& linkBuffer)
         m_disassembler->reportToProfiler(m_graph.m_plan.compilation(), linkBuffer);
 }
 
-void JITCompiler::exceptionJumpWithCallFrameRollback()
-{
-    jumpThunk(CodeLocationLabel(vm().getCTIStub(CommonJITThunkID::HandleExceptionWithCallFrameRollback).retaggedCode<NoPtrTag>()));
-}
-
 #if USE(JSVALUE32_64)
 void* JITCompiler::addressOfDoubleConstant(Node* node)
 {
diff --git a/Source/JavaScriptCore/dfg/DFGJITCompiler.h b/Source/JavaScriptCore/dfg/DFGJITCompiler.h
index a0b4c22bc2844..450e6768aa7fa 100644
--- a/Source/JavaScriptCore/dfg/DFGJITCompiler.h
+++ b/Source/JavaScriptCore/dfg/DFGJITCompiler.h
@@ -167,8 +167,6 @@ class JITCompiler : public CCallHelpers {
         call(address, OperationPtrTag);
     }
 
-    void exceptionJumpWithCallFrameRollback();
-
     OSRExitCompilationInfo& appendExitInfo(MacroAssembler::JumpList jumpsToFail = MacroAssembler::JumpList())
     {
         OSRExitCompilationInfo info;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 084212562e026..9db9f057b1e87 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -1190,14 +1190,6 @@ class SpeculativeJIT : public JITCompiler {
         return call;
     }
 
-    JITCompiler::Call callThrowOperationWithCallFrameRollback(V_JITOperation_Cb operation, GPRReg codeBlockGPR)
-    {
-        setupArguments<V_JITOperation_Cb>(codeBlockGPR);
-        JITCompiler::Call call = appendCall(operation);
-        exceptionJumpWithCallFrameRollback();
-        return call;
-    }
-
     void prepareForExternalCall()
     {
 #if !defined(NDEBUG) && !CPU(ARM_THUMB2)
diff --git a/Source/JavaScriptCore/jit/JIT.cpp b/Source/JavaScriptCore/jit/JIT.cpp
index 8de49fb999ea0..17c3b32ed0367 100644
--- a/Source/JavaScriptCore/jit/JIT.cpp
+++ b/Source/JavaScriptCore/jit/JIT.cpp
@@ -1091,11 +1091,6 @@ void JIT::exceptionCheck()
     exceptionCheck(emitExceptionCheck(vm()));
 }
 
-void JIT::exceptionChecksWithCallFrameRollback(Jump jumpToHandler)
-{
-    jumpToHandler.linkThunk(CodeLocationLabel(vm().getCTIStub(CommonJITThunkID::HandleExceptionWithCallFrameRollback).retaggedCode<NoPtrTag>()), this);
-}
-
 } // namespace JSC
 
 WTF_ALLOW_UNSAFE_BUFFER_USAGE_END
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index c93b06571f802..2061554605106 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -246,7 +246,6 @@ namespace JSC {
 
         void exceptionCheck(Jump jumpToHandler);
         void exceptionCheck();
-        void exceptionChecksWithCallFrameRollback(Jump jumpToHandler);
 
         void advanceToNextCheckpoint();
         void emitJumpSlowToHotForCheckpoint(Jump);
@@ -779,16 +778,6 @@ namespace JSC {
             return appendCall(operation);
         }
 
-        template<typename OperationType, typename... Args>
-        MacroAssembler::Call callThrowOperationWithCallFrameRollback(OperationType operation, Args... args)
-        {
-            setupArguments<OperationType>(args...);
-            updateTopCallFrame(); // The callee is responsible for setting topCallFrame to their caller
-            MacroAssembler::Call call = appendCall(operation);
-            exceptionChecksWithCallFrameRollback(jump());
-            return call;
-        }
-
         enum class ProfilingPolicy {
             ShouldEmitProfiling,
             NoProfiling
diff --git a/Source/JavaScriptCore/jit/JITThunks.h b/Source/JavaScriptCore/jit/JITThunks.h
index bb3afd6dd3fbd..e53b7e03a1bd2 100644
--- a/Source/JavaScriptCore/jit/JITThunks.h
+++ b/Source/JavaScriptCore/jit/JITThunks.h
@@ -54,7 +54,6 @@ class NativeExecutable;
 // List up super common stubs so that we initialize them eagerly.
 #define JSC_FOR_EACH_COMMON_THUNK(macro) \
     macro(HandleException, handleExceptionGenerator) \
-    macro(HandleExceptionWithCallFrameRollback, handleExceptionWithCallFrameRollbackGenerator) \
     macro(CheckException, checkExceptionGenerator) \
     macro(NativeCall, nativeCallGenerator) \
     macro(NativeConstruct, nativeConstructGenerator) \
diff --git a/Source/JavaScriptCore/jit/ThunkGenerators.cpp b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
index 164ea6ce7904f..723211e311a99 100644
--- a/Source/JavaScriptCore/jit/ThunkGenerators.cpp
+++ b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
@@ -59,22 +59,6 @@ MacroAssemblerCodeRef<JITThunkPtrTag> handleExceptionGenerator(VM& vm)
     return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "handleException"_s, "handleException");
 }
 
-MacroAssemblerCodeRef<JITThunkPtrTag> handleExceptionWithCallFrameRollbackGenerator(VM& vm)
-{
-    CCallHelpers jit;
-
-    jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm.topEntryFrame, GPRInfo::argumentGPR0);
-
-    jit.move(CCallHelpers::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
-    jit.prepareCallOperation(vm);
-    CCallHelpers::Call operation = jit.call(OperationPtrTag);
-    jit.jumpToExceptionHandler(vm);
-
-    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
-    patchBuffer.link<OperationPtrTag>(operation, operationLookupExceptionHandlerFromCallerFrame);
-    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "handleExceptionWithCallFrameRollback"_s, "handleExceptionWithCallFrameRollback");
-}
-
 MacroAssemblerCodeRef<JITThunkPtrTag> popThunkStackPreservesAndHandleExceptionGenerator(VM& vm)
 {
     CCallHelpers jit;
@@ -198,7 +182,13 @@ MacroAssemblerCodeRef<JITThunkPtrTag> throwStackOverflowAtPrologueGenerator(VM&
     jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::argumentGPR0);
     jit.prepareCallOperation(vm);
     jit.callOperation<OperationPtrTag>(operationThrowStackOverflowError);
-    jit.jumpThunk(CodeLocationLabel(vm.getCTIStub(CommonJITThunkID::HandleExceptionWithCallFrameRollback).retaggedCode<NoPtrTag>()));
+
+    jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm.topEntryFrame, GPRInfo::argumentGPR0);
+
+    jit.move(CCallHelpers::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
+    jit.prepareCallOperation(vm);
+    jit.callOperation<OperationPtrTag>(operationLookupExceptionHandlerFromCallerFrame);
+    jit.jumpToExceptionHandler(vm);
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
     return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "throwStackOverflow"_s, "throwStackOverflow");
diff --git a/Source/JavaScriptCore/jit/ThunkGenerators.h b/Source/JavaScriptCore/jit/ThunkGenerators.h
index 3ee58534d1a9e..d584122bcde24 100644
--- a/Source/JavaScriptCore/jit/ThunkGenerators.h
+++ b/Source/JavaScriptCore/jit/ThunkGenerators.h
@@ -39,7 +39,6 @@ template<PtrTag> class MacroAssemblerCodeRef;
 class VM;
 
 MacroAssemblerCodeRef<JITThunkPtrTag> handleExceptionGenerator(VM&);
-MacroAssemblerCodeRef<JITThunkPtrTag> handleExceptionWithCallFrameRollbackGenerator(VM&);
 MacroAssemblerCodeRef<JITThunkPtrTag> popThunkStackPreservesAndHandleExceptionGenerator(VM&);
 
 MacroAssemblerCodeRef<JITThunkPtrTag> throwExceptionFromCallGenerator(VM&);

From 6999ecda7ef343927f1bbfa0b346ad0b39eaebb6 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 19:02:22 -0800
Subject: [PATCH 104/174] Use a smart pointer for NetworkLoad::m_client
 https://bugs.webkit.org/show_bug.cgi?id=288314

Reviewed by Darin Adler.

* Source/WebKit/NetworkProcess/Downloads/PendingDownload.h:
* Source/WebKit/NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::shouldCaptureExtraNetworkLoadMetrics const):
(WebKit::NetworkLoad::isAllowedToAskUserForCredentials const):
(WebKit::NetworkLoad::willPerformHTTPRedirection):
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::didReceiveInformationalResponse):
(WebKit::NetworkLoad::notifyDidReceiveResponse):
(WebKit::NetworkLoad::didReceiveData):
(WebKit::NetworkLoad::didCompleteWithError):
(WebKit::NetworkLoad::didSendData):
(WebKit::NetworkLoad::wasBlocked):
(WebKit::NetworkLoad::cannotShowURL):
(WebKit::NetworkLoad::wasBlockedByRestrictions):
(WebKit::NetworkLoad::wasBlockedByDisabledFTP):
* Source/WebKit/NetworkProcess/NetworkLoad.h:
* Source/WebKit/NetworkProcess/NetworkLoadClient.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.h:
* Source/WebKit/NetworkProcess/PreconnectTask.h:
* Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h:
* Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h:
* Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:

Canonical link: https://commits.webkit.org/290925@main
---
 .../Downloads/PendingDownload.h               |  1 +
 Source/WebKit/NetworkProcess/NetworkLoad.cpp  | 30 +++++++++----------
 Source/WebKit/NetworkProcess/NetworkLoad.h    |  3 +-
 .../WebKit/NetworkProcess/NetworkLoadClient.h |  5 +++-
 .../NetworkProcess/NetworkResourceLoader.h    |  2 ++
 Source/WebKit/NetworkProcess/PreconnectTask.h |  2 ++
 .../ServiceWorkerNavigationPreloader.h        |  2 +-
 .../ServiceWorkerSoftUpdateLoader.h           |  2 +-
 .../cache/NetworkCacheSpeculativeLoad.h       |  1 +
 9 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/Source/WebKit/NetworkProcess/Downloads/PendingDownload.h b/Source/WebKit/NetworkProcess/Downloads/PendingDownload.h
index 5521e81b2b8f3..0f84f2511d8ab 100644
--- a/Source/WebKit/NetworkProcess/Downloads/PendingDownload.h
+++ b/Source/WebKit/NetworkProcess/Downloads/PendingDownload.h
@@ -53,6 +53,7 @@ class NetworkSession;
 
 class PendingDownload : public RefCountedAndCanMakeWeakPtr<PendingDownload>, public NetworkLoadClient, public IPC::MessageSender {
     WTF_MAKE_TZONE_ALLOCATED(PendingDownload);
+    WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(PendingDownload);
 public:
     static Ref<PendingDownload> create(IPC::Connection* connection, NetworkLoadParameters&& networkLoadParameters, DownloadID downloadID, NetworkSession& networkSession, const String& suggestedName, WebCore::FromDownloadAttribute fromDownloadAttribute, std::optional<WebCore::ProcessIdentifier> webProcessId)
     {
diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.cpp b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
index 8c8e04218c880..dd97a099b4457 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoad.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
@@ -135,12 +135,12 @@ void NetworkLoad::reprioritizeRequest(ResourceLoadPriority priority)
 
 bool NetworkLoad::shouldCaptureExtraNetworkLoadMetrics() const
 {
-    return m_client.get().shouldCaptureExtraNetworkLoadMetrics();
+    return m_client->shouldCaptureExtraNetworkLoadMetrics();
 }
 
 bool NetworkLoad::isAllowedToAskUserForCredentials() const
 {
-    return m_client.get().isAllowedToAskUserForCredentials();
+    return m_client->isAllowedToAskUserForCredentials();
 }
 
 void NetworkLoad::convertTaskToDownload(PendingDownload& pendingDownload, const ResourceRequest& updatedRequest, const ResourceResponse& response, ResponseCompletionHandler&& completionHandler)
@@ -198,7 +198,7 @@ void NetworkLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse
     request.setRequester(oldRequest.requester());
 
     m_currentRequest = request;
-    m_client.get().willSendRedirectedRequest(WTFMove(oldRequest), WTFMove(request), WTFMove(redirectResponse), [weakThis = WeakPtr { *this }, completionHandler = WTFMove(completionHandler)] (ResourceRequest&& newRequest) mutable {
+    m_client->willSendRedirectedRequest(WTFMove(oldRequest), WTFMove(request), WTFMove(redirectResponse), [weakThis = WeakPtr { *this }, completionHandler = WTFMove(completionHandler)] (ResourceRequest&& newRequest) mutable {
         RefPtr protectedThis = weakThis.get();
         if (!protectedThis)
             return completionHandler({ });
@@ -215,13 +215,13 @@ void NetworkLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse
 
 void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, NegotiatedLegacyTLS negotiatedLegacyTLS, ChallengeCompletionHandler&& completionHandler)
 {
-    m_client.get().didReceiveChallenge(challenge);
+    m_client->didReceiveChallenge(challenge);
 
     auto scheme = challenge.protectionSpace().authenticationScheme();
     bool isTLSHandshake = scheme == ProtectionSpace::AuthenticationScheme::ServerTrustEvaluationRequested
         || scheme == ProtectionSpace::AuthenticationScheme::ClientCertificateRequested;
     if (!isAllowedToAskUserForCredentials() && !isTLSHandshake && !challenge.protectionSpace().isProxy()) {
-        m_client.get().didBlockAuthenticationChallenge();
+        m_client->didBlockAuthenticationChallenge();
         completionHandler(AuthenticationChallengeDisposition::UseCredential, { });
         return;
     }
@@ -234,7 +234,7 @@ void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, Negot
 
 void NetworkLoad::didReceiveInformationalResponse(ResourceResponse&& response)
 {
-    m_client.get().didReceiveInformationalResponse(WTFMove(response));
+    m_client->didReceiveInformationalResponse(WTFMove(response));
 }
 
 void NetworkLoad::didReceiveResponse(ResourceResponse&& response, NegotiatedLegacyTLS negotiatedLegacyTLS, PrivateRelayed privateRelayed, ResponseCompletionHandler&& completionHandler)
@@ -268,13 +268,13 @@ void NetworkLoad::notifyDidReceiveResponse(ResourceResponse&& response, Negotiat
         response.includeCertificateInfo(auditToken);
     }
 
-    m_client.get().didReceiveResponse(WTFMove(response), privateRelayed, WTFMove(completionHandler));
+    m_client->didReceiveResponse(WTFMove(response), privateRelayed, WTFMove(completionHandler));
 }
 
 void NetworkLoad::didReceiveData(const WebCore::SharedBuffer& buffer)
 {
     // FIXME: This should be the encoded data length, not the decoded data length.
-    m_client.get().didReceiveBuffer(buffer, buffer.size());
+    m_client->didReceiveBuffer(buffer, buffer.size());
 }
 
 void NetworkLoad::didCompleteWithError(const ResourceError& error, const WebCore::NetworkLoadMetrics& networkLoadMetrics)
@@ -283,34 +283,34 @@ void NetworkLoad::didCompleteWithError(const ResourceError& error, const WebCore
         scheduler->unschedule(*this, &networkLoadMetrics);
 
     if (error.isNull())
-        m_client.get().didFinishLoading(networkLoadMetrics);
+        m_client->didFinishLoading(networkLoadMetrics);
     else
-        m_client.get().didFailLoading(error);
+        m_client->didFailLoading(error);
 }
 
 void NetworkLoad::didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend)
 {
-    m_client.get().didSendData(totalBytesSent, totalBytesExpectedToSend);
+    m_client->didSendData(totalBytesSent, totalBytesExpectedToSend);
 }
 
 void NetworkLoad::wasBlocked()
 {
-    m_client.get().didFailLoading(blockedError(m_currentRequest));
+    m_client->didFailLoading(blockedError(m_currentRequest));
 }
 
 void NetworkLoad::cannotShowURL()
 {
-    m_client.get().didFailLoading(cannotShowURLError(m_currentRequest));
+    m_client->didFailLoading(cannotShowURLError(m_currentRequest));
 }
 
 void NetworkLoad::wasBlockedByRestrictions()
 {
-    m_client.get().didFailLoading(wasBlockedByRestrictionsError(m_currentRequest));
+    m_client->didFailLoading(wasBlockedByRestrictionsError(m_currentRequest));
 }
 
 void NetworkLoad::wasBlockedByDisabledFTP()
 {
-    m_client.get().didFailLoading(ftpDisabledError(m_currentRequest));
+    m_client->didFailLoading(ftpDisabledError(m_currentRequest));
 }
 
 void NetworkLoad::didNegotiateModernTLS(const URL& url)
diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.h b/Source/WebKit/NetworkProcess/NetworkLoad.h
index c88980a70d258..93fa72068b6eb 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoad.h
+++ b/Source/WebKit/NetworkProcess/NetworkLoad.h
@@ -29,6 +29,7 @@
 #include "NetworkDataTask.h"
 #include "NetworkLoadParameters.h"
 #include "NetworkSession.h"
+#include <wtf/CheckedRef.h>
 #include <wtf/TZoneMalloc.h>
 #include <wtf/text/WTFString.h>
 
@@ -120,7 +121,7 @@ class NetworkLoad final : public RefCounted<NetworkLoad>, public NetworkDataTask
 
     void notifyDidReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, PrivateRelayed, ResponseCompletionHandler&&);
 
-    std::reference_wrapper<NetworkLoadClient> m_client;
+    CheckedRef<NetworkLoadClient> m_client;
     const Ref<NetworkProcess> m_networkProcess;
     const NetworkLoadParameters m_parameters;
     RefPtr<NetworkDataTask> m_task;
diff --git a/Source/WebKit/NetworkProcess/NetworkLoadClient.h b/Source/WebKit/NetworkProcess/NetworkLoadClient.h
index 6d6eb4e2b4973..be5a0601b0171 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoadClient.h
+++ b/Source/WebKit/NetworkProcess/NetworkLoadClient.h
@@ -25,6 +25,7 @@
 
 #pragma once
 
+#include <wtf/CheckedPtr.h>
 #include <wtf/Forward.h>
 
 namespace WebCore {
@@ -42,7 +43,9 @@ namespace WebKit {
 enum class PrivateRelayed : bool;
 using ResponseCompletionHandler = CompletionHandler<void(WebCore::PolicyAction)>;
 
-class NetworkLoadClient {
+class NetworkLoadClient : public CanMakeThreadSafeCheckedPtr<NetworkLoadClient> {
+    WTF_MAKE_FAST_ALLOCATED;
+    WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(NetworkLoadClient);
 public:
     virtual ~NetworkLoadClient() { }
 
diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h
index 95ff2f7d1e7a3..1db3250722b33 100644
--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h
+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h
@@ -87,6 +87,8 @@ class NetworkResourceLoader final
     , public CanMakeWeakPtr<NetworkResourceLoader>
 #endif
     , public WebCore::ReportingClient {
+    WTF_MAKE_FAST_ALLOCATED;
+    WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(NetworkResourceLoader);
 public:
 #if ENABLE(CONTENT_FILTERING)
     void ref() const final { RefCounted::ref(); }
diff --git a/Source/WebKit/NetworkProcess/PreconnectTask.h b/Source/WebKit/NetworkProcess/PreconnectTask.h
index f44975296ce0f..d5090aa7c315e 100644
--- a/Source/WebKit/NetworkProcess/PreconnectTask.h
+++ b/Source/WebKit/NetworkProcess/PreconnectTask.h
@@ -40,6 +40,8 @@ class NetworkProcess;
 class NetworkSession;
 
 class PreconnectTask final : public NetworkLoadClient {
+    WTF_MAKE_FAST_ALLOCATED;
+    WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(PreconnectTask);
 public:
     PreconnectTask(NetworkSession&, NetworkLoadParameters&&, CompletionHandler<void(const WebCore::ResourceError&, const WebCore::NetworkLoadMetrics&)>&&);
     ~PreconnectTask();
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h b/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h
index 5d45b70dfa84a..63817438193b3 100644
--- a/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h
+++ b/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h
@@ -45,7 +45,7 @@ class DownloadManager;
 class NetworkLoad;
 class NetworkSession;
 
-class ServiceWorkerNavigationPreloader final : public NetworkLoadClient, public CanMakeWeakPtr<ServiceWorkerNavigationPreloader>, public CanMakeCheckedPtr<ServiceWorkerNavigationPreloader> {
+class ServiceWorkerNavigationPreloader final : public NetworkLoadClient, public CanMakeWeakPtr<ServiceWorkerNavigationPreloader> {
     WTF_MAKE_TZONE_ALLOCATED(ServiceWorkerNavigationPreloader);
     WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(ServiceWorkerNavigationPreloader);
 public:
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h b/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h
index 7dbd065e3beab..1de612835c227 100644
--- a/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h
+++ b/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h
@@ -47,7 +47,7 @@ namespace WebKit {
 class NetworkLoad;
 class NetworkSession;
 
-class ServiceWorkerSoftUpdateLoader final : public NetworkLoadClient, public CanMakeWeakPtr<ServiceWorkerSoftUpdateLoader>, public CanMakeCheckedPtr<ServiceWorkerSoftUpdateLoader> {
+class ServiceWorkerSoftUpdateLoader final : public NetworkLoadClient, public CanMakeWeakPtr<ServiceWorkerSoftUpdateLoader> {
     WTF_MAKE_TZONE_ALLOCATED(ServiceWorkerSoftUpdateLoader);
     WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(ServiceWorkerSoftUpdateLoader);
 public:
diff --git a/Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.h b/Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.h
index 12f19ad34044c..ce081a9d847a2 100644
--- a/Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.h
+++ b/Source/WebKit/NetworkProcess/cache/NetworkCacheSpeculativeLoad.h
@@ -50,6 +50,7 @@ namespace NetworkCache {
 
 class SpeculativeLoad final : public NetworkLoadClient {
     WTF_MAKE_TZONE_ALLOCATED(SpeculativeLoad);
+    WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(SpeculativeLoad);
 public:
     using RevalidationCompletionHandler = CompletionHandler<void(std::unique_ptr<NetworkCache::Entry>)>;
     SpeculativeLoad(Cache&, const GlobalFrameID&, const WebCore::ResourceRequest&, std::unique_ptr<NetworkCache::Entry>, std::optional<NavigatingToAppBoundDomain>, bool allowPrivacyProxy, OptionSet<WebCore::AdvancedPrivacyProtections>, RevalidationCompletionHandler&&);

From 1392e7f27baf747b79b06bf132b7ba58e60778ab Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 19:21:44 -0800
Subject: [PATCH 105/174] Address safer cpp failures in RenderBlock
 https://bugs.webkit.org/show_bug.cgi?id=288313

Reviewed by Alan Baradlay.

* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/rendering/RenderBlock.cpp:
(WebCore::OverflowEventDispatcher::~OverflowEventDispatcher):
(WebCore::RenderBlock::clone const):
(WebCore::RenderBlock::deleteLines):
(WebCore::RenderBlock::paint):
(WebCore::RenderBlock::paintCaret):
(WebCore::RenderBlock::paintObject):
(WebCore::RenderBlock::establishesIndependentFormattingContextIgnoringDisplayType const):
(WebCore::RenderBlock::isSelectionRoot const):
(WebCore::RenderBlock::blockSelectionGap):
(WebCore::RenderBlock::logicalLeftSelectionGap):
(WebCore::RenderBlock::logicalRightSelectionGap):
(WebCore::RenderBlock::isPointInOverflowControl):
(WebCore::RenderBlock::protectedNonPseudoElement const):
(WebCore::isEditingBoundary):
(WebCore::positionForPointRespectingEditingBoundaries):
(WebCore::RenderBlock::hasLineIfEmpty const):
(WebCore::RenderBlock::baselinePosition const):
* Source/WebCore/rendering/RenderBlock.h:
(WebCore::RenderBlock::createAnonymousWithParentRendererAndDisplay):
(WebCore::RenderBlock::createAnonymousBoxWithSameTypeAs const):
(WebCore::RenderBlock::createAnonymousBlock const):
* Source/WebCore/rendering/RenderElement.h:
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects const):
* Source/WebCore/rendering/RenderLayer.h:
* Source/WebCore/rendering/RenderObject.h:
(WebCore::RenderObject::protectedNonPseudoNode const):
* Source/WebCore/rendering/RenderTextControl.cpp:
(WebCore::RenderTextControl::protectedTextFormControlElement const):
* Source/WebCore/rendering/RenderTextControl.h:

Canonical link: https://commits.webkit.org/290926@main
---
 .../UncheckedCallArgsCheckerExpectations      |  1 -
 .../UncheckedLocalVarsCheckerExpectations     |  1 -
 .../UncountedCallArgsCheckerExpectations      |  2 -
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 Source/WebCore/rendering/RenderBlock.cpp      | 70 +++++++++----------
 Source/WebCore/rendering/RenderBlock.h        | 15 ----
 Source/WebCore/rendering/RenderBlockInlines.h | 16 +++++
 Source/WebCore/rendering/RenderElement.h      |  1 +
 Source/WebCore/rendering/RenderLayer.cpp      |  5 ++
 Source/WebCore/rendering/RenderLayer.h        |  1 +
 Source/WebCore/rendering/RenderObject.h       |  1 +
 .../WebCore/rendering/RenderTextControl.cpp   |  5 ++
 Source/WebCore/rendering/RenderTextControl.h  |  1 +
 .../updating/RenderTreeBuilderBlock.cpp       |  1 +
 .../RenderTreeBuilderFormControls.cpp         |  1 +
 15 files changed, 67 insertions(+), 55 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
index 3a986347f7605..0412c94e7abe6 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
@@ -67,7 +67,6 @@ platform/mac/ScrollbarsControllerMac.mm
 platform/mac/VideoPresentationInterfaceMac.mm
 rendering/BackgroundPainter.cpp
 rendering/InlineBoxPainter.cpp
-rendering/RenderBlock.cpp
 rendering/RenderBox.cpp
 rendering/RenderBoxModelObject.cpp
 rendering/RenderElement.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
index 39370d775f7dc..ca52740d57180 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedLocalVarsCheckerExpectations
@@ -57,7 +57,6 @@ platform/mac/VideoPresentationInterfaceMac.mm
 platform/mac/WebPlaybackControlsManager.mm
 rendering/AccessibilityRegionContext.cpp
 rendering/BackgroundPainter.cpp
-rendering/RenderBlock.cpp
 rendering/RenderBox.cpp
 rendering/RenderBoxModelObject.cpp
 rendering/RenderLayer.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index fa7fee285987f..9dd9c4a0f901a 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -1160,8 +1160,6 @@ rendering/LegacyLineLayout.cpp
 rendering/MarkedText.cpp
 rendering/MotionPath.cpp
 rendering/RenderAttachment.cpp
-rendering/RenderBlock.cpp
-rendering/RenderBlock.h
 rendering/RenderBox.cpp
 rendering/RenderBoxModelObject.cpp
 rendering/RenderButton.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 16b3179ffa68b..67af62ef3369d 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -636,7 +636,6 @@ rendering/MarkedText.cpp
 rendering/MotionPath.cpp
 rendering/ReferencedSVGResources.cpp
 rendering/RenderAttachment.cpp
-rendering/RenderBlock.cpp
 rendering/RenderBox.cpp
 rendering/RenderCounter.cpp
 rendering/RenderElement.cpp
diff --git a/Source/WebCore/rendering/RenderBlock.cpp b/Source/WebCore/rendering/RenderBlock.cpp
index cecf62dea2009..bb82d47879b58 100644
--- a/Source/WebCore/rendering/RenderBlock.cpp
+++ b/Source/WebCore/rendering/RenderBlock.cpp
@@ -296,11 +296,11 @@ class OverflowEventDispatcher {
 
         Ref<OverflowEvent> overflowEvent = OverflowEvent::create(horizontalLayoutOverflowChanged, hasHorizontalLayoutOverflow, verticalLayoutOverflowChanged, hasVerticalLayoutOverflow);
         overflowEvent->setTarget(RefPtr { m_block->element() });
-        m_block->document().enqueueOverflowEvent(WTFMove(overflowEvent));
+        m_block->protectedDocument()->enqueueOverflowEvent(WTFMove(overflowEvent));
     }
 
 private:
-    const RenderBlock* m_block;
+    CheckedPtr<const RenderBlock> m_block;
     bool m_shouldDispatchEvent;
     bool m_hadHorizontalLayoutOverflow;
     bool m_hadVerticalLayoutOverflow;
@@ -435,7 +435,7 @@ RenderPtr<RenderBlock> RenderBlock::clone() const
         cloneBlock->setChildrenInline(childrenInline());
     } else {
         RenderTreePosition insertionPosition(*parent());
-        cloneBlock = static_pointer_cast<RenderBlock>(element()->createElementRenderer(RenderStyle::clone(style()), insertionPosition));
+        cloneBlock = static_pointer_cast<RenderBlock>(protectedElement()->createElementRenderer(RenderStyle::clone(style()), insertionPosition));
         cloneBlock->initializeStyle();
 
         // This takes care of setting the right value of childrenInline in case
@@ -449,8 +449,8 @@ RenderPtr<RenderBlock> RenderBlock::clone() const
 
 void RenderBlock::deleteLines()
 {
-    if (AXObjectCache* cache = document().existingAXObjectCache())
-        cache->deferRecomputeIsIgnored(element());
+    if (AXObjectCache* cache = protectedDocument()->existingAXObjectCache())
+        cache->deferRecomputeIsIgnored(protectedElement().get());
 }
 
 bool RenderBlock::childrenPreventSelfCollapsing() const
@@ -1081,9 +1081,13 @@ void RenderBlock::paint(PaintInfo& paintInfo, const LayoutPoint& paintOffset)
     // Our scrollbar widgets paint exactly when we tell them to, so that they work properly with
     // z-index. We paint after we painted the background/border, so that the scrollbars will
     // sit above the background/border.
-    if ((phase == PaintPhase::BlockBackground || phase == PaintPhase::ChildBlockBackground) && hasNonVisibleOverflow() && layer()
-        && layer()->scrollableArea() && style().usedVisibility() == Visibility::Visible && paintInfo.shouldPaintWithinRoot(*this) && !paintInfo.paintRootBackgroundOnly())
-        layer()->scrollableArea()->paintOverflowControls(paintInfo.context(), roundedIntPoint(adjustedPaintOffset), snappedIntRect(paintInfo.rect));
+    if (phase == PaintPhase::BlockBackground || phase == PaintPhase::ChildBlockBackground) {
+        CheckedPtr layer = this->layer();
+        if (hasNonVisibleOverflow() && layer && layer->scrollableArea() && style().usedVisibility() == Visibility::Visible
+            && paintInfo.shouldPaintWithinRoot(*this) && !paintInfo.paintRootBackgroundOnly()) {
+            layer->checkedScrollableArea()->paintOverflowControls(paintInfo.context(), roundedIntPoint(adjustedPaintOffset), snappedIntRect(paintInfo.rect));
+        }
+    }
 }
 
 void RenderBlock::paintContents(PaintInfo& paintInfo, const LayoutPoint& paintOffset)
@@ -1194,7 +1198,7 @@ void RenderBlock::paintCaret(PaintInfo& paintInfo, const LayoutPoint& paintOffse
 
         bool isContentEditable = page().dragCaretController().isContentEditable();
         if (shouldPaintCaret(caretPainter, isContentEditable))
-            page().dragCaretController().paintDragCaret(&frame(), paintInfo.context(), paintOffset);
+            page().dragCaretController().paintDragCaret(protectedFrame().ptr(), paintInfo.context(), paintOffset);
 
         break;
     }
@@ -1258,11 +1262,12 @@ void RenderBlock::paintObject(PaintInfo& paintInfo, const LayoutPoint& paintOffs
     if (paintPhase == PaintPhase::EventRegion) {
         auto borderRect = LayoutRect(paintOffset, size());
 
+        Ref document = this->document();
         if (paintInfo.paintBehavior.contains(PaintBehavior::EventRegionIncludeBackground) && visibleToHitTesting()) {
             auto borderShape = BorderShape::shapeForBorderRect(style(), borderRect);
             LOG_WITH_STREAM(EventRegions, stream << "RenderBlock " << *this << " uniting region " << borderShape.deprecatedRoundedRect() << " event listener types " << style().eventListenerRegionTypes());
-            bool overrideUserModifyIsEditable = isRenderTextControl() && downcast<RenderTextControl>(*this).textFormControlElement().isInnerTextElementEditable();
-            paintInfo.eventRegionContext()->unite(borderShape.deprecatedPixelSnappedRoundedRect(document().deviceScaleFactor()), *this, style(), overrideUserModifyIsEditable);
+            bool overrideUserModifyIsEditable = isRenderTextControl() && downcast<RenderTextControl>(*this).protectedTextFormControlElement()->isInnerTextElementEditable();
+            paintInfo.eventRegionContext()->unite(borderShape.deprecatedPixelSnappedRoundedRect(document->deviceScaleFactor()), *this, style(), overrideUserModifyIsEditable);
         }
 
         if (!paintInfo.paintBehavior.contains(PaintBehavior::EventRegionIncludeForeground))
@@ -1272,16 +1277,16 @@ void RenderBlock::paintObject(PaintInfo& paintInfo, const LayoutPoint& paintOffs
         LOG_WITH_STREAM(EventRegions, stream << "RenderBlock " << *this << " needsTraverseDescendants for event region: hasVisualOverflow: " << hasVisualOverflow() << " containsFloats: "
             << containsFloats() <<  " border box is outside current region: " << !paintInfo.eventRegionContext()->contains(enclosingIntRect(borderRect)) << " needsEventRegionUpdateForNonCompositedFrame:" << view().needsEventRegionUpdateForNonCompositedFrame());
 #if ENABLE(TOUCH_ACTION_REGIONS)
-        needsTraverseDescendants |= document().mayHaveElementsWithNonAutoTouchAction();
-        LOG_WITH_STREAM(EventRegions, stream << "  may have touch-action elements: " << document().mayHaveElementsWithNonAutoTouchAction());
+        needsTraverseDescendants |= document->mayHaveElementsWithNonAutoTouchAction();
+        LOG_WITH_STREAM(EventRegions, stream << "  may have touch-action elements: " << document->mayHaveElementsWithNonAutoTouchAction());
 #endif
 #if ENABLE(WHEEL_EVENT_REGIONS)
-        needsTraverseDescendants |= document().hasWheelEventHandlers();
-        LOG_WITH_STREAM(EventRegions, stream << "  has wheel event handlers: " << document().hasWheelEventHandlers());
+        needsTraverseDescendants |= document->hasWheelEventHandlers();
+        LOG_WITH_STREAM(EventRegions, stream << "  has wheel event handlers: " << document->hasWheelEventHandlers());
 #endif
 #if ENABLE(TOUCH_EVENT_REGIONS)
-        needsTraverseDescendants |= document().hasTouchEventHandlers();
-        LOG_WITH_STREAM(EventRegions, stream << "  has touch event handlers: " << document().hasTouchEventHandlers());
+        needsTraverseDescendants |= document->hasTouchEventHandlers();
+        LOG_WITH_STREAM(EventRegions, stream << "  has touch event handlers: " << document->hasTouchEventHandlers());
 #endif
 
 #if ENABLE(EDITABLE_REGION)
@@ -1289,8 +1294,8 @@ void RenderBlock::paintObject(PaintInfo& paintInfo, const LayoutPoint& paintOffs
         // though it's actually the inner text element of the control that is editable.
         // So, no need to traverse to find the inner text element in this case.
         if (!isRenderTextControl()) {
-            needsTraverseDescendants |= document().mayHaveEditableElements() && page().shouldBuildEditableRegion();
-            LOG_WITH_STREAM(EventRegions, stream << "  needs editable event region: " << (document().mayHaveEditableElements() && page().shouldBuildEditableRegion()));
+            needsTraverseDescendants |= document->mayHaveEditableElements() && page().shouldBuildEditableRegion();
+            LOG_WITH_STREAM(EventRegions, stream << "  needs editable event region: " << (document->mayHaveEditableElements() && page().shouldBuildEditableRegion()));
         }
 #endif
 
@@ -1413,7 +1418,7 @@ bool RenderBlock::establishesIndependentFormattingContextIgnoringDisplayType(con
         || isBlockBoxWithPotentiallyScrollableOverflow()
         || style.containsLayout()
         || style.containerType() != ContainerType::Normal
-        || WebCore::shouldApplyPaintContainment(style, *element())
+        || WebCore::shouldApplyPaintContainment(style, *protectedElement())
         || (style.isDisplayBlockLevel() && style.blockStepSize());
 }
 
@@ -1515,7 +1520,7 @@ bool RenderBlock::isSelectionRoot() const
         return true;
     
     if (view().selection().start()) {
-        Node* startElement = view().selection().start()->node();
+        RefPtr startElement = view().selection().start()->node();
         if (startElement && startElement->rootEditableElement() == element())
             return true;
     }
@@ -1745,7 +1750,7 @@ LayoutRect RenderBlock::blockSelectionGap(RenderBlock& rootBlock, const LayoutPo
 
     LayoutRect gapRect = rootBlock.logicalRectToPhysicalRect(rootBlockPhysicalPosition, LayoutRect(logicalLeft, logicalTop, logicalWidth, logicalHeight));
     if (paintInfo)
-        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, document().deviceScaleFactor()), selectionBackgroundColor());
+        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, protectedDocument()->deviceScaleFactor()), selectionBackgroundColor());
     return gapRect;
 }
 
@@ -1761,7 +1766,7 @@ LayoutRect RenderBlock::logicalLeftSelectionGap(RenderBlock& rootBlock, const La
 
     LayoutRect gapRect = rootBlock.logicalRectToPhysicalRect(rootBlockPhysicalPosition, LayoutRect(rootBlockLogicalLeft, rootBlockLogicalTop, rootBlockLogicalWidth, logicalHeight));
     if (paintInfo)
-        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, document().deviceScaleFactor()), selObj->selectionBackgroundColor());
+        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, protectedDocument()->deviceScaleFactor()), selObj->selectionBackgroundColor());
     return gapRect;
 }
 
@@ -1777,7 +1782,7 @@ LayoutRect RenderBlock::logicalRightSelectionGap(RenderBlock& rootBlock, const L
 
     LayoutRect gapRect = rootBlock.logicalRectToPhysicalRect(rootBlockPhysicalPosition, LayoutRect(rootBlockLogicalLeft, rootBlockLogicalTop, rootBlockLogicalWidth, logicalHeight));
     if (paintInfo)
-        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, document().deviceScaleFactor()), selObj->selectionBackgroundColor());
+        paintInfo->context().fillRect(snapRectToDevicePixels(gapRect, protectedDocument()->deviceScaleFactor()), selObj->selectionBackgroundColor());
     return gapRect;
 }
 
@@ -2073,7 +2078,7 @@ bool RenderBlock::isPointInOverflowControl(HitTestResult& result, const LayoutPo
 {
     if (!scrollsOverflow())
         return false;
-    if (auto* scrollableArea = layer() ? layer()->scrollableArea() : nullptr)
+    if (CheckedPtr scrollableArea = layer() ? layer()->scrollableArea() : nullptr)
         return scrollableArea->hitTestOverflowControls(result, roundedIntPoint(locationInContainer - toLayoutSize(accumulatedOffset)));
     return false;
 }
@@ -2193,7 +2198,7 @@ static inline bool isEditingBoundary(RenderElement* ancestor, RenderObject& chil
     ASSERT(!ancestor || ancestor->nonPseudoElement());
     ASSERT(child.nonPseudoNode());
     return !ancestor || !ancestor->parent() || (ancestor->hasLayer() && ancestor->parent()->isRenderView())
-        || ancestor->nonPseudoElement()->hasEditableStyle() == child.nonPseudoNode()->hasEditableStyle();
+        || ancestor->protectedNonPseudoElement()->hasEditableStyle() == child.protectedNonPseudoNode()->hasEditableStyle();
 }
 
 // FIXME: This function should go on RenderObject as an instance method. Then
@@ -2209,7 +2214,7 @@ VisiblePosition positionForPointRespectingEditingBoundaries(RenderBlock& parent,
     LayoutPoint pointInChildCoordinates(toLayoutPoint(pointInParentCoordinates - childLocation));
 
     // If this is an anonymous renderer, we just recur normally
-    Element* childElement= child.nonPseudoElement();
+    RefPtr childElement= child.nonPseudoElement();
     if (!childElement)
         return child.positionForPoint(pointInChildCoordinates, source, nullptr);
 
@@ -2523,13 +2528,8 @@ void RenderBlock::computeChildPreferredLogicalWidths(RenderBox& childBox, Layout
 
 bool RenderBlock::hasLineIfEmpty() const
 {
-    if (!element())
-        return false;
-    
-    if (element()->isRootEditableElement())
-        return true;
-    
-    return false;
+    RefPtr element = this->element();
+    return element && element->isRootEditableElement();
 }
 
 LayoutUnit RenderBlock::lineHeight(bool firstLine, LineDirectionMode direction, LinePositionMode linePositionMode) const
@@ -2568,7 +2568,7 @@ LayoutUnit RenderBlock::baselinePosition(FontBaseline baselineType, bool firstLi
             if (isWritingModeRoot())
                 return true;
 
-            auto* scrollableArea = layer() ? layer()->scrollableArea() : nullptr;
+            CheckedPtr scrollableArea = layer() ? layer()->scrollableArea() : nullptr;
             if (!scrollableArea)
                 return false;
 
diff --git a/Source/WebCore/rendering/RenderBlock.h b/Source/WebCore/rendering/RenderBlock.h
index 59f510c3bbad3..7e8accf41edeb 100644
--- a/Source/WebCore/rendering/RenderBlock.h
+++ b/Source/WebCore/rendering/RenderBlock.h
@@ -457,21 +457,6 @@ LayoutUnit blockDirectionOffset(RenderBlock& rootBlock, const LayoutSize& offset
 LayoutUnit inlineDirectionOffset(RenderBlock& rootBlock, const LayoutSize& offsetFromRootBlock);
 VisiblePosition positionForPointRespectingEditingBoundaries(RenderBlock&, RenderBox&, const LayoutPoint&, HitTestSource);
 
-inline RenderPtr<RenderBlock> RenderBlock::createAnonymousWithParentRendererAndDisplay(const RenderBox& parent, DisplayType display)
-{
-    return createAnonymousBlockWithStyleAndDisplay(parent.document(), parent.style(), display);
-}
-
-inline RenderPtr<RenderBox> RenderBlock::createAnonymousBoxWithSameTypeAs(const RenderBox& renderer) const
-{
-    return createAnonymousBlockWithStyleAndDisplay(document(), renderer.style(), style().display());
-}
-
-inline RenderPtr<RenderBlock> RenderBlock::createAnonymousBlock(DisplayType display) const
-{
-    return createAnonymousBlockWithStyleAndDisplay(document(), style(), display);
-}
-
 } // namespace WebCore
 
 SPECIALIZE_TYPE_TRAITS_RENDER_OBJECT(RenderBlock, isRenderBlock())
diff --git a/Source/WebCore/rendering/RenderBlockInlines.h b/Source/WebCore/rendering/RenderBlockInlines.h
index 39f259f0d982a..d828b3b72a1c5 100644
--- a/Source/WebCore/rendering/RenderBlockInlines.h
+++ b/Source/WebCore/rendering/RenderBlockInlines.h
@@ -20,6 +20,7 @@
 #pragma once
 
 #include "RenderBlock.h"
+#include "RenderObjectInlines.h"
 #include "RenderStyleInlines.h"
 
 namespace WebCore {
@@ -46,6 +47,21 @@ inline LayoutUnit RenderBlock::startOffsetForLine(LayoutUnit position, LayoutUni
         : logicalWidth() - logicalRightOffsetForLine(position, logicalHeight);
 }
 
+inline RenderPtr<RenderBlock> RenderBlock::createAnonymousWithParentRendererAndDisplay(const RenderBox& parent, DisplayType display)
+{
+    return createAnonymousBlockWithStyleAndDisplay(parent.protectedDocument(), parent.style(), display);
+}
+
+inline RenderPtr<RenderBox> RenderBlock::createAnonymousBoxWithSameTypeAs(const RenderBox& renderer) const
+{
+    return createAnonymousBlockWithStyleAndDisplay(protectedDocument(), renderer.style(), style().display());
+}
+
+inline RenderPtr<RenderBlock> RenderBlock::createAnonymousBlock(DisplayType display) const
+{
+    return createAnonymousBlockWithStyleAndDisplay(protectedDocument(), style(), display);
+}
+
 // Versions that can compute line offsets with the fragment and page offset passed in. Used for speed to avoid having to
 // compute the fragment all over again when you already know it.
 inline LayoutUnit RenderBlock::availableLogicalWidthForLine(LayoutUnit position, LayoutUnit logicalHeight) const
diff --git a/Source/WebCore/rendering/RenderElement.h b/Source/WebCore/rendering/RenderElement.h
index 837951148cdd5..44364afa4386e 100644
--- a/Source/WebCore/rendering/RenderElement.h
+++ b/Source/WebCore/rendering/RenderElement.h
@@ -87,6 +87,7 @@ class RenderElement : public RenderObject {
     Element* element() const { return downcast<Element>(RenderObject::node()); }
     RefPtr<Element> protectedElement() const { return element(); }
     Element* nonPseudoElement() const { return downcast<Element>(RenderObject::nonPseudoNode()); }
+    RefPtr<Element> protectedNonPseudoElement() const { return nonPseudoElement(); }
     Element* generatingElement() const;
 
     RenderObject* firstChild() const { return m_firstChild.get(); }
diff --git a/Source/WebCore/rendering/RenderLayer.cpp b/Source/WebCore/rendering/RenderLayer.cpp
index 70e09cbbfe41c..1692b07b3be42 100644
--- a/Source/WebCore/rendering/RenderLayer.cpp
+++ b/Source/WebCore/rendering/RenderLayer.cpp
@@ -6291,6 +6291,11 @@ RenderLayerScrollableArea* RenderLayer::scrollableArea() const
     return m_scrollableArea.get();
 }
 
+CheckedPtr<RenderLayerScrollableArea> RenderLayer::checkedScrollableArea() const
+{
+    return scrollableArea();
+}
+
 #if ENABLE(ASYNC_SCROLLING) && !LOG_DISABLED
 static TextStream& operator<<(TextStream& ts, RenderLayer::EventRegionInvalidationReason reason)
 {
diff --git a/Source/WebCore/rendering/RenderLayer.h b/Source/WebCore/rendering/RenderLayer.h
index 8fa0a36e1b8b7..9300877df48da 100644
--- a/Source/WebCore/rendering/RenderLayer.h
+++ b/Source/WebCore/rendering/RenderLayer.h
@@ -168,6 +168,7 @@ class RenderLayer final : public CanMakeSingleThreadWeakPtr<RenderLayer>, public
     ~RenderLayer();
 
     WEBCORE_EXPORT RenderLayerScrollableArea* scrollableArea() const;
+    WEBCORE_EXPORT CheckedPtr<RenderLayerScrollableArea> checkedScrollableArea() const;
     WEBCORE_EXPORT RenderLayerScrollableArea* ensureLayerScrollableArea();
 
     String name() const;
diff --git a/Source/WebCore/rendering/RenderObject.h b/Source/WebCore/rendering/RenderObject.h
index b81b21937e25f..af83279b4762d 100644
--- a/Source/WebCore/rendering/RenderObject.h
+++ b/Source/WebCore/rendering/RenderObject.h
@@ -752,6 +752,7 @@ class RenderObject : public CachedImageClient {
     RefPtr<Node> protectedNode() const { return node(); }
 
     Node* nonPseudoNode() const { return isPseudoElement() ? nullptr : node(); }
+    RefPtr<Node> protectedNonPseudoNode() const { return nonPseudoNode(); }
 
     // Returns the styled node that caused the generation of this renderer.
     // This is the same as node() except for renderers of :before and :after
diff --git a/Source/WebCore/rendering/RenderTextControl.cpp b/Source/WebCore/rendering/RenderTextControl.cpp
index b92baf84effc5..015f1d0d829c0 100644
--- a/Source/WebCore/rendering/RenderTextControl.cpp
+++ b/Source/WebCore/rendering/RenderTextControl.cpp
@@ -56,6 +56,11 @@ HTMLTextFormControlElement& RenderTextControl::textFormControlElement() const
     return downcast<HTMLTextFormControlElement>(nodeForNonAnonymous());
 }
 
+Ref<HTMLTextFormControlElement> RenderTextControl::protectedTextFormControlElement() const
+{
+    return textFormControlElement();
+}
+
 RefPtr<TextControlInnerTextElement> RenderTextControl::innerTextElement() const
 {
     return textFormControlElement().innerTextElement();
diff --git a/Source/WebCore/rendering/RenderTextControl.h b/Source/WebCore/rendering/RenderTextControl.h
index aba17f8ec165c..faf34133df0bf 100644
--- a/Source/WebCore/rendering/RenderTextControl.h
+++ b/Source/WebCore/rendering/RenderTextControl.h
@@ -36,6 +36,7 @@ class RenderTextControl : public RenderBlockFlow {
     virtual ~RenderTextControl();
 
     WEBCORE_EXPORT HTMLTextFormControlElement& textFormControlElement() const;
+    WEBCORE_EXPORT Ref<HTMLTextFormControlElement> protectedTextFormControlElement() const;
 
 #if PLATFORM(IOS_FAMILY)
     bool canScroll() const;
diff --git a/Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp b/Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp
index fed5c145936d7..cf5fe27a72f3e 100644
--- a/Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp
+++ b/Source/WebCore/rendering/updating/RenderTreeBuilderBlock.cpp
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "RenderTreeBuilderBlock.h"
 
+#include "RenderBlockInlines.h"
 #include "RenderButton.h"
 #include "RenderChildIterator.h"
 #include "RenderMultiColumnFlow.h"
diff --git a/Source/WebCore/rendering/updating/RenderTreeBuilderFormControls.cpp b/Source/WebCore/rendering/updating/RenderTreeBuilderFormControls.cpp
index cbf6bff9fe501..264e4223fa1a4 100644
--- a/Source/WebCore/rendering/updating/RenderTreeBuilderFormControls.cpp
+++ b/Source/WebCore/rendering/updating/RenderTreeBuilderFormControls.cpp
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "RenderTreeBuilderFormControls.h"
 
+#include "RenderBlockInlines.h"
 #include "RenderButton.h"
 #include "RenderMenuList.h"
 #include "RenderTreeBuilderBlock.h"

From 97eba3acfe770439b967d2ce82b27c27d2c5fc2e Mon Sep 17 00:00:00 2001
From: Wenson Hsieh <wenson_hsieh@apple.com>
Date: Sun, 23 Feb 2025 19:23:59 -0800
Subject: [PATCH 106/174] [macOS] "Update AutoFill Information" prompt
 incorrectly shows up after performing AutoFill and then closing a tab
 https://bugs.webkit.org/show_bug.cgi?id=288315 rdar://145085437
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Abrar Rahman Protyasha.

To improve web compatibility, Safari's AutoFill JavaScript creates and dispatches `TextEvent` on
text fields in order to simulate text insertion. This internally triggers typing commands, which
marks the text field as having been last modified via user edit. This, in turn, causes Safari to
(incorrectly) believe that the user had manually modified the AutoFilled text field after invoking
AutoFill, which then shows a prompt.

To fix this, we add some plumbing from `TextEvent` → `TypingCommand` → `Editor::appliedEditing` to
avoid marking the text field as having been modified through user editing, only in the case where
these text editing commands were triggered by a `TextEvent` that was created and initialized from
JS bindings.

* LayoutTests/fast/forms/textfield-lastchange-was-useredit-expected.txt:
* LayoutTests/fast/forms/textfield-lastchange-was-useredit.html:

Augment an existing layout test to cover this scenario.

* Source/WebCore/dom/TextEvent.cpp:
(WebCore::TextEvent::TextEvent):
* Source/WebCore/dom/TextEvent.h:

Add a flag to mark a `TextEvent`, as being created from JS bindings (as opposed to created from the
engine as a result of handling key events, etc.).

* Source/WebCore/editing/Editor.cpp:
(WebCore::notifyTextFromControls):
(WebCore::Editor::appliedEditing):

If the edit command is a typing command that was triggered by an event created from bindings, pass
`wasUserEdit := false`.

(WebCore::Editor::insertTextWithoutSendingTextEvent):
(WebCore::Editor::setComposition):
* Source/WebCore/editing/EditorCommand.cpp:
(WebCore::executeInsertText):
* Source/WebCore/editing/TypingCommand.cpp:
(WebCore::TypingCommand::insertText):

Add plumbing to send `TextEvent*` through `TypingCommand::insertText`, so that we can mark the
`TypingCommand` as being triggered by a text event that was created from bindings.

* Source/WebCore/editing/TypingCommand.h:

Add a flag to mark `TypingCommand` as being triggered by an event that was created from bindings.

(isType):

Make it possible to use `dynamicDowncast<TypingCommand>(…)` on an edit command.

* Source/WebCore/html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::didEditInnerTextValue):
* Source/WebCore/html/HTMLTextFormControlElement.h:

Plumb `wasUserEdit` down into the text form control, and set `m_lastChangeWasUserEdit`.

* Source/WebCore/page/ContextMenuController.cpp:
(WebCore::insertUnicodeCharacter):

Canonical link: https://commits.webkit.org/290927@main
---
 ...field-lastchange-was-useredit-expected.txt |  2 ++
 .../textfield-lastchange-was-useredit.html    | 19 +++++++++++++-----
 Source/WebCore/dom/TextEvent.cpp              |  1 +
 Source/WebCore/dom/TextEvent.h                |  2 ++
 Source/WebCore/editing/Editor.cpp             | 19 +++++++++++-------
 Source/WebCore/editing/EditorCommand.cpp      |  4 ++--
 Source/WebCore/editing/TypingCommand.cpp      | 20 +++++++++++++------
 Source/WebCore/editing/TypingCommand.h        | 15 ++++++++++----
 .../html/HTMLTextFormControlElement.cpp       |  4 ++--
 .../WebCore/html/HTMLTextFormControlElement.h |  2 +-
 Source/WebCore/page/ContextMenuController.cpp |  2 +-
 11 files changed, 62 insertions(+), 28 deletions(-)

diff --git a/LayoutTests/fast/forms/textfield-lastchange-was-useredit-expected.txt b/LayoutTests/fast/forms/textfield-lastchange-was-useredit-expected.txt
index 5222728cf4c73..f052b703092b1 100644
--- a/LayoutTests/fast/forms/textfield-lastchange-was-useredit-expected.txt
+++ b/LayoutTests/fast/forms/textfield-lastchange-was-useredit-expected.txt
@@ -9,6 +9,7 @@ PASS textField.value = "WebKit"; internals.wasLastChangeUserEdit(textField) is f
 PASS textField.style.display = null; internals.wasLastChangeUserEdit(textField) is false
 PASS document.execCommand("SelectAll", false, null); internals.wasLastChangeUserEdit(textField) is false
 PASS document.execCommand("Delete", false, null); internals.wasLastChangeUserEdit(textField) is true
+PASS dispatchTextEventsInTextField(textField, "foo"); internals.wasLastChangeUserEdit(textField) is false
 
 textarea
 PASS internals.wasLastChangeUserEdit(textField) is false
@@ -22,6 +23,7 @@ PASS document.execCommand("Delete", false, null); internals.wasLastChangeUserEdi
 PASS textField.textContent = "hello\nworld"; internals.wasLastChangeUserEdit(textField) is false
 PASS document.execCommand("InsertText", false, "\nWebKit rocks"); internals.wasLastChangeUserEdit(textField) is true
 PASS textField.innerText = " WebKit "; internals.wasLastChangeUserEdit(textField) is false
+PASS dispatchTextEventsInTextField(textField, "foo"); internals.wasLastChangeUserEdit(textField) is false
 PASS successfullyParsed is true
 
 TEST COMPLETE
diff --git a/LayoutTests/fast/forms/textfield-lastchange-was-useredit.html b/LayoutTests/fast/forms/textfield-lastchange-was-useredit.html
index 1ce08972819fc..2afcd6ce7f2f0 100644
--- a/LayoutTests/fast/forms/textfield-lastchange-was-useredit.html
+++ b/LayoutTests/fast/forms/textfield-lastchange-was-useredit.html
@@ -14,7 +14,16 @@
     testFailed('This test requires access to window.internals');
 
 var textField;
-function runTest(element) {
+
+function dispatchTextEventsInTextField(targetElement, text) {
+    [...text].map(letter => {
+        const event = document.createEvent("TextEvent");
+        event.initTextEvent("textInput", true, true, null, letter);
+        targetElement.dispatchEvent(event);
+    });
+}
+
+[...document.querySelectorAll('input, textarea')].map(element => {
     debug((textField ? '\n' : '') + element.localName);
 
     textField = element;
@@ -46,11 +55,11 @@
         shouldBeFalse('textField.innerText = " WebKit "; internals.wasLastChangeUserEdit(textField)');
     }
 
-    textField.parentNode.removeChild(textField);
-}
+    textField.focus();
+    shouldBeFalse('dispatchTextEventsInTextField(textField, "foo"); internals.wasLastChangeUserEdit(textField)');
 
-runTest(document.getElementsByTagName('input')[0]);
-runTest(document.getElementsByTagName('textarea')[0]);
+    textField.parentNode.removeChild(textField);
+});
 
 </script>
 <script src="../../resources/js-test-post.js"></script>
diff --git a/Source/WebCore/dom/TextEvent.cpp b/Source/WebCore/dom/TextEvent.cpp
index e87984d377460..7733ee3512ba3 100644
--- a/Source/WebCore/dom/TextEvent.cpp
+++ b/Source/WebCore/dom/TextEvent.cpp
@@ -70,6 +70,7 @@ TextEvent::TextEvent()
     : UIEvent(EventInterfaceType::TextEvent)
     , m_shouldSmartReplace(false)
     , m_shouldMatchStyle(false)
+    , m_createdFromBindings(true)
     , m_mailBlockquoteHandling(MailBlockquoteHandling::RespectBlockquote)
 {
 }
diff --git a/Source/WebCore/dom/TextEvent.h b/Source/WebCore/dom/TextEvent.h
index da3e203327792..145f22978566b 100644
--- a/Source/WebCore/dom/TextEvent.h
+++ b/Source/WebCore/dom/TextEvent.h
@@ -64,6 +64,7 @@ namespace WebCore {
 
         bool shouldSmartReplace() const { return m_shouldSmartReplace; }
         bool shouldMatchStyle() const { return m_shouldMatchStyle; }
+        bool createdFromBindings() const { return m_createdFromBindings; }
         MailBlockquoteHandling mailBlockquoteHandling() const { return m_mailBlockquoteHandling; }
         DocumentFragment* pastingFragment() const { return m_pastingFragment.get(); }
         const Vector<DictationAlternative>& dictationAlternatives() const { return m_dictationAlternatives; }
@@ -83,6 +84,7 @@ namespace WebCore {
         RefPtr<DocumentFragment> m_pastingFragment;
         bool m_shouldSmartReplace;
         bool m_shouldMatchStyle;
+        bool m_createdFromBindings { false };
         MailBlockquoteHandling m_mailBlockquoteHandling;
         Vector<DictationAlternative> m_dictationAlternatives;
     };
diff --git a/Source/WebCore/editing/Editor.cpp b/Source/WebCore/editing/Editor.cpp
index 62eb0ccad4732..d7e9093644277 100644
--- a/Source/WebCore/editing/Editor.cpp
+++ b/Source/WebCore/editing/Editor.cpp
@@ -1124,14 +1124,14 @@ String Editor::selectionStartCSSPropertyValue(CSSPropertyID propertyID)
     return selectionStyle->style()->getPropertyValue(propertyID);
 }
 
-static void notifyTextFromControls(Element* startRoot, Element* endRoot)
+static void notifyTextFromControls(Element* startRoot, Element* endRoot, bool wasUserEdit = true)
 {
     RefPtr startingTextControl { enclosingTextFormControl(firstPositionInOrBeforeNode(startRoot)) };
     RefPtr endingTextControl { enclosingTextFormControl(firstPositionInOrBeforeNode(endRoot)) };
     if (startingTextControl)
-        startingTextControl->didEditInnerTextValue();
+        startingTextControl->didEditInnerTextValue(wasUserEdit);
     if (endingTextControl && startingTextControl != endingTextControl)
-        endingTextControl->didEditInnerTextValue();
+        endingTextControl->didEditInnerTextValue(wasUserEdit);
 }
 
 static inline bool shouldRemoveAutocorrectionIndicator(bool shouldConsiderApplyingAutocorrection, bool autocorrectionWasApplied, bool isAutocompletion)
@@ -1246,7 +1246,11 @@ void Editor::appliedEditing(CompositeEditCommand& command)
     Ref composition = *command.composition();
     VisibleSelection newSelection(command.endingSelection());
 
-    notifyTextFromControls(composition->startingRootEditableElement(), composition->endingRootEditableElement());
+    bool wasUserEdit = [&command] {
+        RefPtr typingCommand = dynamicDowncast<TypingCommand>(command);
+        return !typingCommand || !typingCommand->triggeringEventWasCreatedFromBindings();
+    }();
+    notifyTextFromControls(composition->startingRootEditableElement(), composition->endingRootEditableElement(), wasUserEdit);
 
     if (command.isTopLevelCommand()) {
         // Don't clear the typing style with this selection change. We do those things elsewhere if necessary.
@@ -1454,7 +1458,8 @@ bool Editor::insertTextWithoutSendingTextEvent(const String& text, bool selectIn
                     options.add(TypingCommand::Option::IsAutocompletion);
                 if (shouldRemoveAutocorrectionIndicator(shouldConsiderApplyingAutocorrection, autocorrectionWasApplied, options.contains(TypingCommand::Option::IsAutocompletion)))
                     options.remove(TypingCommand::Option::RetainAutocorrectionIndicator);
-                TypingCommand::insertText(document.copyRef(), text, selection, options, triggeringEvent && triggeringEvent->isComposition() ? TypingCommand::TextCompositionType::Final : TypingCommand::TextCompositionType::None);
+                auto compositionType = triggeringEvent && triggeringEvent->isComposition() ? TypingCommand::TextCompositionType::Final : TypingCommand::TextCompositionType::None;
+                TypingCommand::insertText(document.copyRef(), text, triggeringEvent, selection, options, compositionType);
             }
 
             // Reveal the current selection. Note that focus may have changed after insertion.
@@ -2412,6 +2417,7 @@ void Editor::setComposition(const String& text, const Vector<CompositionUnderlin
     client()->startDelayingAndCoalescingContentChangeNotifications();
 #endif
 
+    RefPtr<CompositionEvent> event;
     RefPtr target { document->focusedElement() };
     if (target) {
         // Dispatch an appropriate composition event to the focused node.
@@ -2429,7 +2435,6 @@ void Editor::setComposition(const String& text, const Vector<CompositionUnderlin
         // 3. Canceling the ongoing composition.
         //    Send a compositionend event when function deletes the existing composition node, i.e.
         //    m_compositionNode != 0 && test.isEmpty().
-        RefPtr<CompositionEvent> event;
         if (!m_compositionNode) {
             // We should send a compositionstart event only when the given text is not empty because this
             // function doesn't create a composition node when the text is empty.
@@ -2465,7 +2470,7 @@ void Editor::setComposition(const String& text, const Vector<CompositionUnderlin
     m_customCompositionAnnotations.clear();
 
     if (!text.isEmpty()) {
-        TypingCommand::insertText(document.copyRef(), text, OptionSet { TypingCommand::Option::SelectInsertedText, TypingCommand::Option::PreventSpellChecking }, TypingCommand::TextCompositionType::Pending);
+        TypingCommand::insertText(document.copyRef(), text, event.get(), OptionSet { TypingCommand::Option::SelectInsertedText, TypingCommand::Option::PreventSpellChecking }, TypingCommand::TextCompositionType::Pending);
 
         // Find out what node has the composition now.
         Position base = document->selection().selection().base().downstream();
diff --git a/Source/WebCore/editing/EditorCommand.cpp b/Source/WebCore/editing/EditorCommand.cpp
index 0a26bbfe9acf9..763a5baaa8773 100644
--- a/Source/WebCore/editing/EditorCommand.cpp
+++ b/Source/WebCore/editing/EditorCommand.cpp
@@ -532,9 +532,9 @@ static bool executeInsertTab(LocalFrame& frame, Event* event, EditorCommandSourc
     return targetFrame(frame, event)->eventHandler().handleTextInputEvent("\t"_s, event);
 }
 
-static bool executeInsertText(LocalFrame& frame, Event*, EditorCommandSource, const String& value)
+static bool executeInsertText(LocalFrame& frame, Event* event, EditorCommandSource, const String& value)
 {
-    TypingCommand::insertText(*frame.document(), value, { });
+    TypingCommand::insertText(*frame.document(), value, event, { });
     return true;
 }
 
diff --git a/Source/WebCore/editing/TypingCommand.cpp b/Source/WebCore/editing/TypingCommand.cpp
index 6b15f6f042595..acd7b5a0c1b17 100644
--- a/Source/WebCore/editing/TypingCommand.cpp
+++ b/Source/WebCore/editing/TypingCommand.cpp
@@ -47,6 +47,7 @@
 #include "Range.h"
 #include "RenderElement.h"
 #include "StaticRange.h"
+#include "TextEvent.h"
 #include "TextIterator.h"
 #include "VisibleUnits.h"
 
@@ -222,17 +223,17 @@ void TypingCommand::updateSelectionIfDifferentFromCurrentSelection(TypingCommand
     typingCommand->setEndingSelection(currentSelection);
 }
 
-void TypingCommand::insertText(Ref<Document>&& document, const String& text, OptionSet<Option> options, TextCompositionType composition)
+void TypingCommand::insertText(Ref<Document>&& document, const String& text, Event* triggeringEvent, OptionSet<Option> options, TextCompositionType composition)
 {
     if (!text.isEmpty())
         document->editor().updateMarkersForWordsAffectedByEditing(deprecatedIsSpaceOrNewline(text[0]));
     
     auto& selection = document->selection().selection();
-    insertText(WTFMove(document), text, selection, options, composition);
+    insertText(WTFMove(document), text, triggeringEvent, selection, options, composition);
 }
 
 // FIXME: We shouldn't need to take selectionForInsertion. It should be identical to FrameSelection's current selection.
-void TypingCommand::insertText(Ref<Document>&& document, const String& text, const VisibleSelection& selectionForInsertion, OptionSet<Option> options, TextCompositionType compositionType)
+void TypingCommand::insertText(Ref<Document>&& document, const String& text, Event* triggeringEvent, const VisibleSelection& selectionForInsertion, OptionSet<Option> options, TextCompositionType compositionType)
 {
     LOG(Editing, "TypingCommand::insertText (text %s)", text.utf8().data());
 
@@ -240,6 +241,11 @@ void TypingCommand::insertText(Ref<Document>&& document, const String& text, con
 
     String newText = dispatchBeforeTextInsertedEvent(text, selectionForInsertion, compositionType == TextCompositionType::Pending);
 
+    bool eventWasCreatedFromBindings = [&] {
+        RefPtr textEvent = dynamicDowncast<TextEvent>(triggeringEvent);
+        return textEvent && textEvent->createdFromBindings();
+    }();
+
     // Set the starting and ending selection appropriately if we are using a selection
     // that is different from the current selection.  In the future, we should change EditCommand
     // to deal with custom selections in a general way that can be used by all of the commands.
@@ -253,6 +259,7 @@ void TypingCommand::insertText(Ref<Document>&& document, const String& text, con
         lastTypingCommand->setCompositionType(compositionType);
         lastTypingCommand->setShouldRetainAutocorrectionIndicator(options.contains(Option::RetainAutocorrectionIndicator));
         lastTypingCommand->setShouldPreventSpellChecking(options.contains(Option::PreventSpellChecking));
+        lastTypingCommand->setTriggeringEventWasCreatedFromBindings(eventWasCreatedFromBindings);
 #if HAVE(INLINE_PREDICTIONS)
         if (compositionType != TextCompositionType::None)
             lastTypingCommand->insertText(newText, options.contains(Option::SelectInsertedText));
@@ -263,8 +270,9 @@ void TypingCommand::insertText(Ref<Document>&& document, const String& text, con
     }
 
     RefPtr frame = document->frame();
-    auto cmd = TypingCommand::create(WTFMove(document), Type::InsertText, newText, options, compositionType);
-    applyTextInsertionCommand(frame.get(), cmd.get(), selectionForInsertion, currentSelection);
+    auto command = TypingCommand::create(WTFMove(document), Type::InsertText, newText, options, compositionType);
+    command->setTriggeringEventWasCreatedFromBindings(eventWasCreatedFromBindings);
+    applyTextInsertionCommand(frame.get(), command.get(), selectionForInsertion, currentSelection);
 }
 
 void TypingCommand::insertLineBreak(Ref<Document>&& document, OptionSet<Option> options)
@@ -524,7 +532,7 @@ void TypingCommand::typingAddedToOpenCommand(Type commandTypeForAddedTyping)
 #endif
 }
 
-void TypingCommand::insertText(const String &text, bool selectInsertedText)
+void TypingCommand::insertText(const String& text, bool selectInsertedText)
 {
     // FIXME: Need to implement selectInsertedText for cases where more than one insert is involved.
     // This requires support from insertTextRunWithoutNewlines and insertParagraphSeparator for extending
diff --git a/Source/WebCore/editing/TypingCommand.h b/Source/WebCore/editing/TypingCommand.h
index b39d86902378b..fcec9b4d37d72 100644
--- a/Source/WebCore/editing/TypingCommand.h
+++ b/Source/WebCore/editing/TypingCommand.h
@@ -60,8 +60,8 @@ class TypingCommand final : public TextInsertionBaseCommand {
     static void deleteSelection(Ref<Document>&&, OptionSet<Option> = { }, TextCompositionType = TextCompositionType::None);
     static void deleteKeyPressed(Ref<Document>&&, OptionSet<Option> = { }, TextGranularity = TextGranularity::CharacterGranularity);
     static void forwardDeleteKeyPressed(Ref<Document>&&, OptionSet<Option> = { }, TextGranularity = TextGranularity::CharacterGranularity);
-    static void insertText(Ref<Document>&&, const String&, OptionSet<Option>, TextCompositionType = TextCompositionType::None);
-    static void insertText(Ref<Document>&&, const String&, const VisibleSelection&, OptionSet<Option>, TextCompositionType = TextCompositionType::None);
+    static void insertText(Ref<Document>&&, const String&, Event* triggeringEvent, OptionSet<Option>, TextCompositionType = TextCompositionType::None);
+    static void insertText(Ref<Document>&&, const String&, Event* triggeringEvent, const VisibleSelection&, OptionSet<Option>, TextCompositionType = TextCompositionType::None);
     static void insertLineBreak(Ref<Document>&&, OptionSet<Option>);
     static void insertParagraphSeparator(Ref<Document>&&, OptionSet<Option>);
     static void insertParagraphSeparatorInQuotedContent(Ref<Document>&&);
@@ -70,8 +70,8 @@ class TypingCommand final : public TextInsertionBaseCommand {
     static void ensureLastEditCommandHasCurrentSelectionIfOpenForMoreTyping(Document&, const VisibleSelection&);
 #endif
 
-    void insertText(const String &text, bool selectInsertedText);
-    void insertTextRunWithoutNewlines(const String &text, bool selectInsertedText);
+    void insertText(const String&, bool selectInsertedText);
+    void insertTextRunWithoutNewlines(const String&, bool selectInsertedText);
     void insertLineBreak();
     void insertParagraphSeparatorInQuotedContent();
     void insertParagraphSeparator();
@@ -80,6 +80,8 @@ class TypingCommand final : public TextInsertionBaseCommand {
     void deleteSelection(bool smartDelete);
     void setCompositionType(TextCompositionType type) { m_compositionType = type; }
     void setIsAutocompletion(bool isAutocompletion) { m_isAutocompletion = isAutocompletion; }
+    bool triggeringEventWasCreatedFromBindings() const { return m_triggeringEventWasCreatedFromBindings; }
+    void setTriggeringEventWasCreatedFromBindings(bool value) { m_triggeringEventWasCreatedFromBindings = value; }
 
 #if PLATFORM(IOS_FAMILY)
     void setEndingSelectionOnLastInsertCommand(const VisibleSelection& selection);
@@ -162,6 +164,11 @@ class TypingCommand final : public TextInsertionBaseCommand {
 
     bool m_shouldRetainAutocorrectionIndicator;
     bool m_shouldPreventSpellChecking;
+    bool m_triggeringEventWasCreatedFromBindings { false };
 };
 
 } // namespace WebCore
+
+SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::TypingCommand)
+    static bool isType(const WebCore::CompositeEditCommand& command) { return command.isTypingCommand(); }
+SPECIALIZE_TYPE_TRAITS_END()
diff --git a/Source/WebCore/html/HTMLTextFormControlElement.cpp b/Source/WebCore/html/HTMLTextFormControlElement.cpp
index b024f74ba8e79..b5b311fa27465 100644
--- a/Source/WebCore/html/HTMLTextFormControlElement.cpp
+++ b/Source/WebCore/html/HTMLTextFormControlElement.cpp
@@ -145,14 +145,14 @@ void HTMLTextFormControlElement::dispatchBlurEvent(RefPtr<Element>&& newFocusedE
     HTMLFormControlElement::dispatchBlurEvent(WTFMove(newFocusedElement));
 }
 
-void HTMLTextFormControlElement::didEditInnerTextValue()
+void HTMLTextFormControlElement::didEditInnerTextValue(bool wasUserEdit)
 {
     if (!renderer() || !isTextField())
         return;
 
     LOG(Editing, "HTMLTextFormControlElement %p didEditInnerTextValue", this);
 
-    m_lastChangeWasUserEdit = true;
+    m_lastChangeWasUserEdit = wasUserEdit;
     subtreeHasChanged();
 }
 
diff --git a/Source/WebCore/html/HTMLTextFormControlElement.h b/Source/WebCore/html/HTMLTextFormControlElement.h
index c0b11ab8929d6..62955d10c9a10 100644
--- a/Source/WebCore/html/HTMLTextFormControlElement.h
+++ b/Source/WebCore/html/HTMLTextFormControlElement.h
@@ -51,7 +51,7 @@ class HTMLTextFormControlElement : public HTMLFormControlElement {
 
     virtual ~HTMLTextFormControlElement();
 
-    void didEditInnerTextValue();
+    void didEditInnerTextValue(bool wasUserEdit);
     void forwardEvent(Event&);
 
     int maxLength() const { return m_maxLength; }
diff --git a/Source/WebCore/page/ContextMenuController.cpp b/Source/WebCore/page/ContextMenuController.cpp
index f9d1f9f5447cd..475d8a5ddf22e 100644
--- a/Source/WebCore/page/ContextMenuController.cpp
+++ b/Source/WebCore/page/ContextMenuController.cpp
@@ -289,7 +289,7 @@ static void insertUnicodeCharacter(UChar character, LocalFrame& frame)
         return;
 
     ASSERT(frame.document());
-    TypingCommand::insertText(*frame.protectedDocument(), text, { }, TypingCommand::TextCompositionType::None);
+    TypingCommand::insertText(*frame.protectedDocument(), text, nullptr, { }, TypingCommand::TextCompositionType::None);
 }
 
 #endif

From 0fd9dfa52fae0568f15f0922ff1c470369475cf7 Mon Sep 17 00:00:00 2001
From: Geoffrey Garen <ggaren@apple.com>
Date: Sun, 23 Feb 2025 19:59:48 -0800
Subject: [PATCH 107/174] =?UTF-8?q?RetainPtr=E2=80=99s=20leakRef()=20and?=
 =?UTF-8?q?=20move=20constructors=20are=20incorrect=20when=20ARC=20is=20en?=
 =?UTF-8?q?abled=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid=3D288301=20?=
 =?UTF-8?q?<rdar://problem/145393261>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Timothy Hatcher and David Kilzer.

They net out +2 or -1, so you either get a leak or a crash (unless you combine
them with adoptRef() or bridge_cast(), which also incorrectly net out -1, in
which case it all balances out, lol).

When ARC is enabled, converting between id and CFTypeRef is fraught. The
compiler accepts any conversion you type, but most conversions implicitly
forget or hallucinate a refcount.

To solve this, tease apart id and CFTypeRef so that ARC code never needs to
convert. id gets stored as id and CFTypeRef gets stored as CFTypeRef.

One implicit conversion remains: C++ files type pun id to CFTypeRef, so you can
initialize an id in an ObjC file and move, copy, or destroy it in a C++ file.
To prevent ARC confusion, there’s no cast; instead we #ifdef rename the declared
type of the field when compiling for C++. This is valid because id and CFTypeRef
are ABI equivalent.

This approach ends up tightening type-safety enforcement, since we no longer
cast m_ptr when we load/store it. As a result, C++ code that uses id needs to
stop doing that, since id is not a usable type in C++. Also, tests need to stop
using RetainPtr<NSString*>, and standardize on RetainPtr<NSString>.

Also fixed bridge_cast to be +0 in ARC, since it can no longer rely on leakRef()
being +2.

Also fixed TypeCastsCocoaARC to use more autorelease pools in order to get
an accurate refcount.

Now that this all works, we can enable the previously failing leakRef() API test. Yay!

* Source/WTF/wtf/RetainPtr.h:
(retainFoundationPtr):
(releaseFoundationPtr):
(autoreleaseFoundationPtr):
(WTF::RetainPtr::RetainPtr):
(WTF::RetainPtr::isHashTableDeletedValue const):
(WTF::RetainPtr::get const):
(WTF::RetainPtr::operator-> const):
(WTF::RetainPtr::operator PtrType const):
(WTF::RetainPtr::hashTableDeletedValue):
(WTF::RetainPtr<T>::~RetainPtr):
(WTF::RetainPtr<T>::RetainPtr):
(WTF::RetainPtr<T>::clear):
(WTF::RetainPtr<T>::autorelease):
(WTF::adoptCF):
(WTF::adoptNS):
(WTF::RetainPtr::checkType): Deleted.
(WTF::RetainPtr::fromStorageTypeHelper): Deleted.
(WTF::RetainPtr::fromStorageType): Deleted.
(WTF::RetainPtr::toStorageType): Deleted.
* Source/WebCore/bridge/objc/objc_runtime.h:
* Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h:
* Source/WebCore/platform/network/cf/AuthenticationChallenge.h:
* Tools/DumpRenderTree/AccessibilityUIElement.cpp:
(getIsValidCallback):
(AccessibilityUIElement::makeJSAccessibilityUIElement):
(AccessibilityUIElement::isEqual): Deleted.
* Tools/DumpRenderTree/AccessibilityUIElement.h:
(AccessibilityUIElement::hasPlatformUIElement const):
* Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm:
(AccessibilityUIElement::isEqual):
* Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm:
(AccessibilityUIElement::isEqual):
* Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm:
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromMutableNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromSimilarNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromSimilarNSTypeReversed)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSTypeReversed)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, LeakRef)):
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp:
(WTR::AccessibilityTextMarker::platformTextMarker const): Deleted.
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h:
(WTR::AccessibilityTextMarker::platformTextMarker const):
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp:
(WTR::AccessibilityTextMarkerRange::platformTextMarkerRange const): Deleted.
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h:
(WTR::AccessibilityTextMarkerRange::platformTextMarkerRange const):

Canonical link: https://commits.webkit.org/290928@main
---
 Source/WTF/wtf/RetainPtr.h                    | 133 ++++++++----------
 Source/WTF/wtf/cocoa/TypeCastsCocoa.h         |   2 +-
 Source/WebCore/bridge/objc/objc_runtime.h     |   4 +-
 .../PlatformSpeechSynthesisUtterance.h        |   2 +-
 .../network/cf/AuthenticationChallenge.h      |   2 +
 .../DumpRenderTree/AccessibilityUIElement.cpp |  13 +-
 Tools/DumpRenderTree/AccessibilityUIElement.h |   4 +
 .../ios/AccessibilityUIElementIOS.mm          |   7 +
 .../mac/AccessibilityTextMarkerMac.mm         |   2 +-
 .../mac/AccessibilityUIElementMac.mm          |   7 +
 .../Tests/WTF/cocoa/TypeCastsCocoa.mm         |  46 +++---
 Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm |  46 ++++--
 .../AccessibilityTextMarker.cpp               |  11 +-
 .../InjectedBundle/AccessibilityTextMarker.h  |  14 ++
 .../AccessibilityTextMarkerRange.cpp          |  11 +-
 .../AccessibilityTextMarkerRange.h            |  16 ++-
 16 files changed, 188 insertions(+), 132 deletions(-)

diff --git a/Source/WTF/wtf/RetainPtr.h b/Source/WTF/wtf/RetainPtr.h
index 96333b2875ef0..c069e871ac9d2 100644
--- a/Source/WTF/wtf/RetainPtr.h
+++ b/Source/WTF/wtf/RetainPtr.h
@@ -77,42 +77,48 @@ template<typename T> class RetainPtr;
 template<typename T> constexpr bool IsNSType = std::is_convertible_v<T, id>;
 template<typename T> using RetainPtrType = std::conditional_t<IsNSType<T>, std::remove_pointer_t<T>, T>;
 
-template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-#ifdef __OBJC__
-template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
-#endif
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 template<typename T> class RetainPtr {
 public:
     using ValueType = std::remove_pointer_t<T>;
     using PtrType = ValueType*;
 
+#ifdef __OBJC__
+    using StorageType = PtrType;
+#else
+    // Type pun id to CFTypeRef in C++ files. This is valid because they're ABI equivalent.
+    using StorageType = std::conditional_t<IsNSType<PtrType>, CFTypeRef, PtrType>;
+#endif
+
     RetainPtr() = default;
     RetainPtr(PtrType);
 
     RetainPtr(const RetainPtr&);
     template<typename U> RetainPtr(const RetainPtr<U>&);
 
-    constexpr RetainPtr(RetainPtr&& o) : m_ptr(toStorageType(o.leakRef())) { }
-    template<typename U> constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(toStorageType(checkType(o.leakRef()))) { }
+    constexpr RetainPtr(RetainPtr&& o) : m_ptr(o.leakRef()) { }
+    template<typename U, typename = std::enable_if_t<std::is_convertible_v<typename RetainPtr<RetainPtrType<U>>::PtrType, PtrType>>>
+    constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(o.leakRef()) { }
 
     // Hash table deleted values, which are only constructed and never copied or destroyed.
-    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(toStorageType(hashTableDeletedValue())) { }
-    constexpr bool isHashTableDeletedValue() const { return m_ptr == toStorageType(hashTableDeletedValue()); }
+    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
+    constexpr bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
 
     ~RetainPtr();
 
     void clear();
 
-    template<typename U = PtrType>
-    std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return fromStorageType(std::exchange(m_ptr, nullptr));
+    template<typename U = StorageType>
+    std::enable_if_t<IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return std::exchange(m_ptr, nullptr);
     }
 
-    template<typename U = PtrType>
-    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return fromStorageType(std::exchange(m_ptr, nullptr));
+    template<typename U = StorageType>
+    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return std::exchange(m_ptr, nullptr);
     }
 
 #if HAVE(CFAUTORELEASE)
@@ -123,9 +129,9 @@ template<typename T> class RetainPtr {
     id bridgingAutorelease();
 #endif
 
-    constexpr PtrType get() const { return fromStorageType(m_ptr); }
-    constexpr PtrType operator->() const { return fromStorageType(m_ptr); }
-    constexpr explicit operator PtrType() const { return fromStorageType(m_ptr); }
+    constexpr PtrType get() const { return m_ptr; }
+    constexpr PtrType operator->() const { return m_ptr; }
+    constexpr explicit operator PtrType() const { return m_ptr; }
     constexpr explicit operator bool() const { return m_ptr; }
 
     constexpr bool operator!() const { return !m_ptr; }
@@ -140,44 +146,40 @@ template<typename T> class RetainPtr {
 
     void swap(RetainPtr&);
 
-    template<typename U> friend constexpr RetainPtr<U> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-#ifdef __OBJC__
-    template<typename U> friend RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
-#endif
+    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 private:
     enum AdoptTag { Adopt };
-    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(toStorageType(ptr)) { }
+    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(ptr) { }
 
-    static constexpr PtrType checkType(PtrType ptr) { return ptr; }
+#if __has_feature(objc_arc)
+    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_isTaggedPointer() in <objc-internal.h>.
+    static constexpr PtrType hashTableDeletedValue() { return (__bridge PtrType)(void*)-1; }
+#else
+    static constexpr PtrType hashTableDeletedValue() { return reinterpret_cast<PtrType>(-1); }
+#endif
 
-    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_registerTaggedPointerClass.
-    static constexpr PtrType hashTableDeletedValue() { return fromStorageType(reinterpret_cast<CFTypeRef>(-1)); }
+    static inline void retainFoundationPtr(CFTypeRef ptr) { CFRetain(ptr); }
+    static inline void releaseFoundationPtr(CFTypeRef ptr) { CFRelease(ptr); }
+#if HAVE(CFAUTORELEASE)
+    static inline void autoreleaseFoundationPtr(CFTypeRef ptr) { CFAutorelease(ptr); }
+#endif
 
 #ifdef __OBJC__
-    template<typename U = PtrType>
-    static constexpr std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
-    {
-        return (__bridge PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    template<typename U = PtrType>
-    static constexpr std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
-    {
-        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    static constexpr PtrType fromStorageType(CFTypeRef ptr) { return fromStorageTypeHelper<PtrType>(ptr); }
-    static constexpr CFTypeRef toStorageType(id ptr) { return (__bridge CFTypeRef)ptr; }
-    static constexpr CFTypeRef toStorageType(CFTypeRef ptr) { return ptr; }
+#if __has_feature(objc_arc)
+    static inline void retainFoundationPtr(id) { }
+    static inline void releaseFoundationPtr(id) { }
+    static inline void autoreleaseFoundationPtr(id) { }
 #else
-    static constexpr PtrType fromStorageType(CFTypeRef ptr)
-    {
-        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    static constexpr CFTypeRef toStorageType(PtrType ptr) { return (CFTypeRef)ptr; }
+    static inline void retainFoundationPtr(id ptr) { [ptr retain]; }
+    static inline void releaseFoundationPtr(id ptr) { [ptr release]; }
+    static inline void autoreleaseFoundationPtr(id ptr) { [ptr autorelease]; }
+#endif
 #endif
 
-    CFTypeRef m_ptr { nullptr };
+    StorageType m_ptr { nullptr };
 };
 
 template<typename T> RetainPtr(T) -> RetainPtr<RetainPtrType<T>>;
@@ -188,19 +190,21 @@ template<typename T> RetainPtr<RetainPtrType<T>> retainPtr(T) WARN_UNUSED_RETURN
 template<typename T> inline RetainPtr<T>::~RetainPtr()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        CFRelease(ptr);
+        releaseFoundationPtr(ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(PtrType ptr)
-    : m_ptr(toStorageType(ptr))
+    : m_ptr(ptr)
 {
     if (m_ptr)
-        CFRetain(m_ptr);
+        retainFoundationPtr(m_ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(const RetainPtr& o)
-    : RetainPtr(o.get())
+    : m_ptr(o.m_ptr)
 {
+    if (m_ptr)
+        retainFoundationPtr(m_ptr);
 }
 
 template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const RetainPtr<U>& o)
@@ -211,32 +215,27 @@ template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const R
 template<typename T> inline void RetainPtr<T>::clear()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        CFRelease(ptr);
+        releaseFoundationPtr(ptr);
 }
 
 #if HAVE(CFAUTORELEASE)
 template<typename T> inline auto RetainPtr<T>::autorelease() -> PtrType
 {
-#ifdef __OBJC__
-    if constexpr (IsNSType<PtrType>)
-        return CFBridgingRelease(std::exchange(m_ptr, nullptr));
-#endif
-    if (m_ptr)
-        CFAutorelease(m_ptr);
-    return leakRef();
+    auto ptr = std::exchange(m_ptr, nullptr);
+    if (ptr)
+        autoreleaseFoundationPtr(ptr);
+    return ptr;
 }
-#endif // PLATFORM(COCOA)
+#endif // HAVE(CFAUTORELEASE)
 
 #ifdef __OBJC__
-
 // FIXME: It would be better if we could base the return type on the type that is toll-free bridged with T rather than using id.
 template<typename T> inline id RetainPtr<T>::bridgingAutorelease()
 {
     static_assert(!IsNSType<PtrType>, "Don't use bridgingAutorelease for Objective-C pointer types.");
     return CFBridgingRelease(leakRef());
 }
-
-#endif
+#endif // __OBJC__
 
 template<typename T> inline RetainPtr<T>& RetainPtr<T>::operator=(const RetainPtr& o)
 {
@@ -305,25 +304,17 @@ template<typename T, typename U> constexpr bool operator==(T* a, const RetainPtr
     return a == b.get(); 
 }
 
-template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT ptr)
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT ptr)
 {
-#ifdef __OBJC__
     static_assert(!IsNSType<T>, "Don't use adoptCF with Objective-C pointer types, use adoptNS.");
-#endif
-    return RetainPtr<T>(ptr, RetainPtr<T>::Adopt);
+    return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
 }
 
-#ifdef __OBJC__
-template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
 {
     static_assert(IsNSType<T>, "Don't use adoptNS with Core Foundation pointer types, use adoptCF.");
-#if __has_feature(objc_arc)
-    return ptr;
-#else
     return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
-#endif
 }
-#endif
 
 template<typename T> inline RetainPtr<RetainPtrType<T>> retainPtr(T ptr)
 {
diff --git a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
index 8a776d349b354..5815f9d69ace5 100644
--- a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
+++ b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
@@ -35,7 +35,7 @@ namespace WTF {
 
 #if __has_feature(objc_arc)
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge_transfer type)value)
-#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((type)reinterpret_cast<uintptr_t>(value))
+#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge_retained type)value)
 #else
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
 #define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
diff --git a/Source/WebCore/bridge/objc/objc_runtime.h b/Source/WebCore/bridge/objc/objc_runtime.h
index 3ecc988401e3d..105d7c2cc4864 100644
--- a/Source/WebCore/bridge/objc/objc_runtime.h
+++ b/Source/WebCore/bridge/objc/objc_runtime.h
@@ -81,8 +81,10 @@ class ObjcArray : public Array {
     virtual bool setValueAt(JSGlobalObject*, unsigned int index, JSValue aValue) const;
     virtual JSValue valueAt(JSGlobalObject*, unsigned int index) const;
     virtual unsigned int getLength() const;
-    
+
+#ifdef __OBJC__
     ObjectStructPtr getObjcArray() const { return _array.get(); }
+#endif
 
 private:
     RetainPtr<ObjectStructPtr> _array;
diff --git a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
index dd111166fe7cb..a90145b228a72 100644
--- a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
+++ b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
@@ -76,7 +76,7 @@ class PlatformSpeechSynthesisUtterance : public RefCounted<PlatformSpeechSynthes
     PlatformSpeechSynthesisUtteranceClient* client() const { return m_client.get(); }
     void setClient(PlatformSpeechSynthesisUtteranceClient* client) { m_client = client; }
 
-#if PLATFORM(COCOA)
+#ifdef __OBJC__
     id wrapper() const { return m_wrapper.get(); }
     void setWrapper(id utterance) { m_wrapper = utterance; }
 #endif
diff --git a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
index 42acb7eec8422..cda8ed221ecb8 100644
--- a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
+++ b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
@@ -40,8 +40,10 @@ class AuthenticationChallenge : public AuthenticationChallengeBase {
 
     WEBCORE_EXPORT AuthenticationChallenge(NSURLAuthenticationChallenge *);
 
+#ifdef __OBJC__
     id sender() const { return m_sender.get(); }
     NSURLAuthenticationChallenge *nsURLAuthenticationChallenge() const { return m_nsChallenge.get(); }
+#endif
 
     WEBCORE_EXPORT void setAuthenticationClient(AuthenticationClient*); // Changes sender to one that invokes client methods.
     WEBCORE_EXPORT AuthenticationClient* authenticationClient() const;
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.cpp b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
index b2fadab97f57d..c185f5e927110 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.cpp
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
@@ -1185,7 +1185,7 @@ static JSValueRef getIsGrabbedCallback(JSContextRef context, JSObjectRef thisObj
 static JSValueRef getIsValidCallback(JSContextRef context, JSObjectRef thisObject, JSStringRef propertyName, JSValueRef* exception)
 {
     AccessibilityUIElement* uiElement = toAXElement(thisObject);
-    if (!uiElement->platformUIElement())
+    if (!uiElement->hasPlatformUIElement())
         return JSValueMakeBoolean(context, false);
     
     // There might be other platform logic that one could check here...
@@ -1720,15 +1720,6 @@ void AccessibilityUIElement::setValue(JSStringRef) { }
 void AccessibilityUIElement::uiElementArrayAttributeValue(JSStringRef, Vector<AccessibilityUIElement>&) const { }
 #endif
 
-#if !PLATFORM(WIN)
-bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
-{
-    if (!otherElement)
-        return false;
-    return platformUIElement() == otherElement->platformUIElement();
-}
-#endif
-
 #if !PLATFORM(MAC)
 void AccessibilityUIElement::setBoolAttributeValue(JSStringRef, bool) { }
 bool AccessibilityUIElement::isOnScreen() const { return true; }
@@ -1950,7 +1941,7 @@ static void finalize(JSObjectRef thisObject)
 
 JSObjectRef AccessibilityUIElement::makeJSAccessibilityUIElement(JSContextRef context, const AccessibilityUIElement& element)
 {
-    if (!element.platformUIElement())
+    if (!element.hasPlatformUIElement())
         return nullptr;
 
     return JSObjectMake(context, AccessibilityUIElement::getJSClass(), new AccessibilityUIElement(element));
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.h b/Tools/DumpRenderTree/AccessibilityUIElement.h
index 568a7e4b1a8f1..94f83f8382ee5 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.h
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.h
@@ -57,13 +57,17 @@ class AccessibilityUIElement {
 #endif
 
 #if PLATFORM(COCOA)
+#ifdef __OBJC__
     id platformUIElement() const { return m_element.get(); }
 #endif
+#endif
 
 #if !PLATFORM(COCOA)
     PlatformUIElement platformUIElement() const { return m_element; }
 #endif
 
+    bool hasPlatformUIElement() const { return !!m_element; }
+
     static JSObjectRef makeJSAccessibilityUIElement(JSContextRef, const AccessibilityUIElement&);
 
     bool isEqual(AccessibilityUIElement* otherElement);
diff --git a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
index fad04c5351c2e..c17d66e7375ba 100644
--- a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
+++ b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
@@ -149,6 +149,13 @@ - (CGPathRef)_accessibilityPath;
     return adopt(JSStringCreateWithCharacters(buffer.data(), buffer.size()));
 }
 
+bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
+{
+    if (!otherElement)
+        return false;
+    return platformUIElement() == otherElement->platformUIElement();
+}
+
 #pragma mark iPhone Attributes
 
 JSRetainPtr<JSStringRef> AccessibilityUIElement::identifier()
diff --git a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
index 1bfcac7fb34cf..d04b11b8269ad 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
@@ -38,7 +38,7 @@
 }
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
-    : m_textMarker(marker.platformTextMarker())
+    : m_textMarker(marker.m_textMarker)
 {
 }
 
diff --git a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
index 46688c937a8f3..49f06a6059de2 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
@@ -294,6 +294,13 @@ - (void)_accessibilitySetValue:(id)value forAttribute:(NSString*)attributeName;
 }
 #endif
 
+bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
+{
+    if (!otherElement)
+        return false;
+    return platformUIElement() == otherElement->platformUIElement();
+}
+
 void AccessibilityUIElement::getLinkedUIElements(Vector<AccessibilityUIElement>& elementVector)
 {
     BEGIN_AX_OBJC_EXCEPTIONS
diff --git a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
index 0e4e2d323a8b9..96662f8bca7c1 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
@@ -59,41 +59,55 @@ static size_t helloWorldCStringLength()
 
 TEST(TypeCastsCocoa, bridge_cast)
 {
-    @autoreleasepool {
-        auto objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
-        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+    RetainPtr<NSString> objectNS;
+    uintptr_t objectNSPtr;
 
-        auto objectCF = bridge_cast(WTFMove(objectNS));
-        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+    RetainPtr<CFStringRef> objectCF;
+    uintptr_t objectCFPtr;
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
+        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectCF = bridge_cast(WTFMove(objectNS));
+        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectNS = bridge_cast(WTFMove(objectCF));
         objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
     }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
-    @autoreleasepool {
-        auto objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
-        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
+        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
-        auto objectNS = bridge_cast(WTFMove(objectCF));
-        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectNS = bridge_cast(WTFMove(objectCF));
+        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectCF = bridge_cast(WTFMove(objectNS));
         objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
     }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 }
 
 TEST(TypeCastsCocoa, bridge_id_cast)
diff --git a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
index 5caf6d606d54d..1a3a6328b0f5d 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
@@ -28,6 +28,7 @@
 
 #import "config.h"
 #import <wtf/RetainPtr.h>
+#import <wtf/URL.h>
 
 #if __has_feature(objc_arc)
 #ifndef RETAIN_PTR_TEST_NAME
@@ -79,6 +80,8 @@
 
 TEST(RETAIN_PTR_TEST_NAME, ConstructionFromMutableNSType)
 {
+    static_assert(std::is_convertible_v<NSMutableString*, NSString*>, "NSMutableString must convert to NSString");
+
     NSMutableString *string = [NSMutableString stringWithUTF8String:"foo"];
 
     // This should invoke RetainPtr's move constructor.
@@ -124,11 +127,11 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString> ptr = RetainPtr<NSString *>(string);
+    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
-    RetainPtr<NSString *> temp = string;
+    RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move constructor.
     RetainPtr<NSString> ptr2(WTFMove(temp));
@@ -144,14 +147,14 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString *> ptr = RetainPtr<NSString>(string);
+    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
     RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move constructor.
-    RetainPtr<NSString *> ptr2(WTFMove(temp));
+    RetainPtr<NSString> ptr2(WTFMove(temp));
 
     EXPECT_EQ(string, ptr2);
     SUPPRESS_USE_AFTER_MOVE EXPECT_EQ((NSString *)nil, temp.get());
@@ -209,12 +212,12 @@
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    ptr = RetainPtr<NSString *>(string);
+    ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
     ptr = nil;
-    RetainPtr<NSString *> temp = string;
+    RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move assignment operator.
     ptr = WTFMove(temp);
@@ -226,7 +229,7 @@
 TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSTypeReversed)
 {
     NSString *string = @"foo";
-    RetainPtr<NSString *> ptr;
+    RetainPtr<NSString> ptr;
 
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
@@ -344,7 +347,6 @@
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectPtr3));
 }
 
-/* This test is disabled for now because it fails (!!).
 TEST(RETAIN_PTR_TEST_NAME, LeakRef)
 {
     RetainPtr<NSObject> foo;
@@ -364,6 +366,32 @@
 
     (void)adoptNS(object);
 }
-*/
+
+TEST(RETAIN_PTR_TEST_NAME, BridgingAutorelease)
+{
+    NSString *nsString;
+    uintptr_t nsStringPtr;
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        RetainPtr<CFStringRef> string = adoptCF(CFStringCreateWithCString(nullptr, "hello world", kCFStringEncodingASCII));
+        nsString = string.bridgingAutorelease();
+        nsStringPtr = reinterpret_cast<uintptr_t>(nsString);
+    }
+
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsStringPtr));
+}
+
+TEST(RETAIN_PTR_TEST_NAME, URLBridgeCast)
+{
+    RetainPtr<NSURL> nsURL;
+    uintptr_t nsURLPtr;
+    @autoreleasepool {
+        URL url(""_str);
+        nsURL = static_cast<NSURL *>(url);
+        nsURLPtr = reinterpret_cast<uintptr_t>(nsURL.get());
+    }
+
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsURLPtr));
+}
 
 } // namespace TestWebKitAPI
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
index d2acac79377a8..fdd1d97880a21 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarker::AccessibilityTextMarker(PlatformTextMarker marker)
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
     : JSWrappable()
-    , m_textMarker(marker.platformTextMarker())
+    , m_textMarker(marker.m_textMarker)
 {
 }
 
@@ -57,15 +57,6 @@ AccessibilityTextMarker::~AccessibilityTextMarker()
 {
 }
 
-PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
-{
-#if PLATFORM(COCOA)
-    return m_textMarker.get();
-#else
-    return m_textMarker;
-#endif
-}
-    
 JSClassRef AccessibilityTextMarker::wrapperClass()
 {
     return JSAccessibilityTextMarker::accessibilityTextMarkerClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
index 8fc94f6f54948..0349974f2f399 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
@@ -69,4 +69,18 @@ class AccessibilityTextMarker : public JSWrappable {
 inline bool AccessibilityTextMarker::isEqual(AccessibilityTextMarker*) { return false; }
 #endif
 
+#if PLATFORM(COCOA)
+#ifdef __OBJC__
+inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
+{
+    return m_textMarker.get();
+}
+#endif
+#else
+inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
+{
+    return m_textMarker;
+}
+#endif
+
 } // namespace WTR
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
index 96f9fcfc09deb..fb967b9210272 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(PlatformTextMarkerRan
 
 AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(const AccessibilityTextMarkerRange& markerRange)
     : JSWrappable()
-    , m_textMarkerRange(markerRange.platformTextMarkerRange())
+    , m_textMarkerRange(markerRange.m_textMarkerRange)
 {
 }
 
@@ -57,15 +57,6 @@ AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange()
 {
 }
 
-PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
-{
-#if PLATFORM(COCOA)
-    return m_textMarkerRange.get();
-#else
-    return m_textMarkerRange;
-#endif
-}
-    
 JSClassRef AccessibilityTextMarkerRange::wrapperClass()
 {
     return JSAccessibilityTextMarkerRange::accessibilityTextMarkerRangeClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
index fb982f3b9f593..9fbdda91ef452 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
@@ -62,10 +62,24 @@ class AccessibilityTextMarkerRange : public JSWrappable {
     PlatformTextMarkerRange m_textMarkerRange;
 #endif
 };
-    
+
 #if !PLATFORM(COCOA)
 inline bool AccessibilityTextMarkerRange::isEqual(AccessibilityTextMarkerRange*) { return false; }
 #endif
+
+#if PLATFORM(COCOA)
+#ifdef __OBJC__
+inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
+{
+    return m_textMarkerRange.get();
+}
+#endif
+#else
+inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
+{
+    return m_textMarkerRange;
+}
+#endif
     
 #ifdef __OBJC__
 inline std::optional<RefPtr<AccessibilityTextMarkerRange>> makeVectorElement(const RefPtr<AccessibilityTextMarkerRange>*, id range) { return { { AccessibilityTextMarkerRange::create(range) } }; }

From 0c7323906632023742df0f56ba6c2f8e33ad92f5 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 20:31:14 -0800
Subject: [PATCH 108/174] Address safer cpp failures in VM.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288320

Reviewed by Geoffrey Garen.

* Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations:
* Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::sweeper): Deleted.
* Source/JavaScriptCore/heap/Heap.h:
(JSC::Heap::sweeper):
* Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp:
(JSC::JSRunLoopTimer::Manager::singleton):
(JSC::JSRunLoopTimer::timeUntilFire):
(JSC::JSRunLoopTimer::setTimeUntilFire):
(JSC::JSRunLoopTimer::cancelTimer):
(JSC::JSRunLoopTimer::Manager::shared): Deleted.
* Source/JavaScriptCore/runtime/JSRunLoopTimer.h:
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
(JSC::VM::ensureSamplingProfiler):
(JSC::VM::enableSamplingProfiler):
(JSC::VM::disableSamplingProfiler):
(JSC::VM::takeSamplingProfilerSamplesAsJSON):
(JSC::jitCodeForCallTrampoline):
(JSC::jitCodeForConstructTrampoline):
(JSC::VM::updateStackLimits):
(JSC::sanitizeStackForVM):
(JSC::VM::executeEntryScopeServicesOnEntry):
(JSC::VM::executeEntryScopeServicesOnExit):
* Source/JavaScriptCore/runtime/VM.h:
(JSC::VM::apiLock):

Canonical link: https://commits.webkit.org/290929@main
---
 .../MemoryUnsafeCastCheckerExpectations       |  3 +-
 .../UncountedCallArgsCheckerExpectations      |  4 +-
 .../UncountedLocalVarsCheckerExpectations     |  3 +-
 Source/JavaScriptCore/heap/Heap.cpp           |  5 --
 Source/JavaScriptCore/heap/Heap.h             |  4 +-
 .../JavaScriptCore/runtime/JSRunLoopTimer.cpp |  8 +--
 .../JavaScriptCore/runtime/JSRunLoopTimer.h   |  2 +-
 Source/JavaScriptCore/runtime/VM.cpp          | 54 +++++++++----------
 Source/JavaScriptCore/runtime/VM.h            |  8 +--
 9 files changed, 40 insertions(+), 51 deletions(-)

diff --git a/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
index dd9f2a3cb9335..6320bc84531c9 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
@@ -133,7 +133,6 @@ runtime/Symbol.cpp
 runtime/SymbolConstructor.cpp
 runtime/SymbolTable.cpp
 runtime/SyntheticModuleRecord.cpp
-runtime/VM.cpp
 runtime/WeakMapImpl.cpp
 runtime/WriteBarrier.h
 tools/CellProfile.h
@@ -161,4 +160,4 @@ wasm/js/JSWebAssemblyStruct.cpp
 wasm/js/JSWebAssemblyTable.cpp
 wasm/js/JSWebAssemblyTag.cpp
 wasm/js/WebAssemblyFunction.cpp
-wasm/js/WebAssemblyModuleRecord.cpp
\ No newline at end of file
+wasm/js/WebAssemblyModuleRecord.cpp
diff --git a/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 5c30d58d9dd75..a48f3881375f5 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -171,8 +171,6 @@ runtime/TemporalObject.cpp
 runtime/TypeProfiler.cpp
 runtime/TypeProfilerLog.cpp
 runtime/TypeSet.cpp
-runtime/VM.cpp
-runtime/VM.h
 runtime/VMTraps.cpp
 runtime/WaiterListManager.cpp
 runtime/Watchdog.cpp
@@ -226,4 +224,4 @@ wasm/js/WebAssemblyFunction.h
 wasm/js/WebAssemblyGlobalPrototype.cpp
 wasm/js/WebAssemblyInstanceConstructor.cpp
 wasm/js/WebAssemblyModuleConstructor.cpp
-wasm/js/WebAssemblyModuleRecord.cpp
\ No newline at end of file
+wasm/js/WebAssemblyModuleRecord.cpp
diff --git a/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 0c053c703c8a5..f5e5a674d502b 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -118,7 +118,6 @@ runtime/StructureInlines.h
 runtime/SymbolConstructor.cpp
 runtime/SymbolTable.h
 runtime/TypeSet.cpp
-runtime/VM.cpp
 runtime/VMEntryScope.cpp
 runtime/VMTraps.cpp
 runtime/WaiterListManager.h
@@ -157,4 +156,4 @@ wasm/js/JSWebAssemblyHelpers.h
 wasm/js/JSWebAssemblyInstance.cpp
 wasm/js/JSWebAssemblyModule.cpp
 wasm/js/WasmToJS.cpp
-wasm/js/WebAssemblyModuleRecord.cpp
\ No newline at end of file
+wasm/js/WebAssemblyModuleRecord.cpp
diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
index 8cad71b050213..c9fc975b478d1 100644
--- a/Source/JavaScriptCore/heap/Heap.cpp
+++ b/Source/JavaScriptCore/heap/Heap.cpp
@@ -2565,11 +2565,6 @@ RefPtr<GCActivityCallback> Heap::protectedEdenActivityCallback()
     return m_edenActivityCallback;
 }
 
-IncrementalSweeper& Heap::sweeper()
-{
-    return m_sweeper.get();
-}
-
 void Heap::setGarbageCollectionTimerEnabled(bool enable)
 {
     if (m_fullActivityCallback)
diff --git a/Source/JavaScriptCore/heap/Heap.h b/Source/JavaScriptCore/heap/Heap.h
index 3a7faf6bf1e1f..cef757a4a0f80 100644
--- a/Source/JavaScriptCore/heap/Heap.h
+++ b/Source/JavaScriptCore/heap/Heap.h
@@ -347,7 +347,7 @@ class Heap {
     JS_EXPORT_PRIVATE void setGarbageCollectionTimerEnabled(bool);
     JS_EXPORT_PRIVATE void scheduleOpportunisticFullCollection();
 
-    JS_EXPORT_PRIVATE IncrementalSweeper& sweeper();
+    IncrementalSweeper& sweeper() { return m_sweeper.get(); }
 
     void addObserver(HeapObserver* observer) { m_observers.append(observer); }
     void removeObserver(HeapObserver* observer) { m_observers.removeFirst(observer); }
@@ -877,7 +877,7 @@ class Heap {
     
     RefPtr<GCActivityCallback> m_fullActivityCallback;
     RefPtr<GCActivityCallback> m_edenActivityCallback;
-    Ref<IncrementalSweeper> m_sweeper;
+    const Ref<IncrementalSweeper> m_sweeper;
     Ref<StopIfNecessaryTimer> m_stopIfNecessaryTimer;
 
     Vector<HeapObserver*> m_observers;
diff --git a/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp b/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp
index 2e36a51a1c991..cbf579fd031cf 100644
--- a/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp
+++ b/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp
@@ -109,7 +109,7 @@ void JSRunLoopTimer::Manager::timerDidFire()
         timer->timerDidFire();
 }
 
-JSRunLoopTimer::Manager& JSRunLoopTimer::Manager::shared()
+JSRunLoopTimer::Manager& JSRunLoopTimer::Manager::singleton()
 {
     static Manager* manager;
     static std::once_flag once;
@@ -245,7 +245,7 @@ JSRunLoopTimer::~JSRunLoopTimer() = default;
 
 std::optional<Seconds> JSRunLoopTimer::timeUntilFire()
 {
-    return Manager::shared().timeUntilFire(*this);
+    return Manager::singleton().timeUntilFire(*this);
 }
 
 void JSRunLoopTimer::setTimeUntilFire(Seconds intervalInSeconds)
@@ -253,7 +253,7 @@ void JSRunLoopTimer::setTimeUntilFire(Seconds intervalInSeconds)
     {
         Locker locker { m_lock };
         m_isScheduled = true;
-        Manager::shared().scheduleTimer(*this, intervalInSeconds);
+        Manager::singleton().scheduleTimer(*this, intervalInSeconds);
     }
 
     Locker locker { m_timerCallbacksLock };
@@ -265,7 +265,7 @@ void JSRunLoopTimer::cancelTimer()
 {
     Locker locker { m_lock };
     m_isScheduled = false;
-    Manager::shared().cancelTimer(*this);
+    Manager::singleton().cancelTimer(*this);
 }
 
 void JSRunLoopTimer::addTimerSetNotification(TimerNotificationCallback callback)
diff --git a/Source/JavaScriptCore/runtime/JSRunLoopTimer.h b/Source/JavaScriptCore/runtime/JSRunLoopTimer.h
index 5fb3d4916acfa..3645738674a2b 100644
--- a/Source/JavaScriptCore/runtime/JSRunLoopTimer.h
+++ b/Source/JavaScriptCore/runtime/JSRunLoopTimer.h
@@ -54,7 +54,7 @@ class JSRunLoopTimer : public ThreadSafeRefCounted<JSRunLoopTimer> {
         void timerDidFire();
 
     public:
-        static Manager& shared();
+        static Manager& singleton();
         void registerVM(VM&);
         void unregisterVM(VM&);
         void scheduleTimer(JSRunLoopTimer&, Seconds nextFireTime);
diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp
index 205a9d408d273..0a3a928ab9673 100644
--- a/Source/JavaScriptCore/runtime/VM.cpp
+++ b/Source/JavaScriptCore/runtime/VM.cpp
@@ -220,7 +220,7 @@ static bool vmCreationShouldCrash = false;
 VM::VM(VMType vmType, HeapType heapType, WTF::RunLoop* runLoop, bool* success)
     : topCallFrame(CallFrame::noCaller())
     , m_identifier(VMIdentifier::generate())
-    , m_apiLock(adoptRef(new JSLock(this)))
+    , m_apiLock(adoptRef(*new JSLock(this)))
     , m_runLoop(runLoop ? *runLoop : WTF::RunLoop::current())
     , m_random(Options::seedOfVMRandomForFuzzer() ? Options::seedOfVMRandomForFuzzer() : cryptographicallyRandomNumber<uint32_t>())
     , m_heapRandom(Options::seedOfVMRandomForFuzzer() ? Options::seedOfVMRandomForFuzzer() : cryptographicallyRandomNumber<uint32_t>())
@@ -278,7 +278,7 @@ VM::VM(VMType vmType, HeapType heapType, WTF::RunLoop* runLoop, bool* success)
     setLastStackTop(Thread::current());
     stringSplitIndice.reserveInitialCapacity(256);
 
-    JSRunLoopTimer::Manager::shared().registerVM(*this);
+    JSRunLoopTimer::Manager::singleton().registerVM(*this);
 
     // Need to be careful to keep everything consistent here
     JSLockHolder lock(this);
@@ -410,8 +410,8 @@ WTF_ALLOW_UNSAFE_BUFFER_USAGE_END
         setShouldBuildPCToCodeOriginMapping();
 
     if (Options::watchdog()) {
-        Watchdog& watchdog = ensureWatchdog();
-        watchdog.setTimeLimit(Seconds::fromMilliseconds(Options::watchdog()));
+        Ref watchdog = ensureWatchdog();
+        watchdog->setTimeLimit(Seconds::fromMilliseconds(Options::watchdog()));
     }
 
     if (Options::useTracePoints())
@@ -465,7 +465,7 @@ VM::~VM()
     if (Wasm::Worklist* worklist = Wasm::existingWorklistOrNull())
         worklist->stopAllPlansForContext(*this);
 #endif
-    if (auto* watchdog = this->watchdog(); UNLIKELY(watchdog))
+    if (RefPtr watchdog = this->watchdog(); UNLIKELY(watchdog))
         watchdog->willDestroyVM(this);
     m_traps.willDestroyVM();
     m_isInService = false;
@@ -499,7 +499,7 @@ VM::~VM()
     smallStrings.setIsInitialized(false);
     heap.lastChanceToFinalize();
 
-    JSRunLoopTimer::Manager::shared().unregisterVM(*this);
+    JSRunLoopTimer::Manager::singleton().unregisterVM(*this);
 
     VMInspector::singleton().remove(this);
 
@@ -582,7 +582,7 @@ RefPtr<VM> VM::tryCreate(HeapType heapType, WTF::RunLoop* runLoop)
 SamplingProfiler& VM::ensureSamplingProfiler(Ref<Stopwatch>&& stopwatch)
 {
     if (!m_samplingProfiler) {
-        m_samplingProfiler = adoptRef(new SamplingProfiler(*this, WTFMove(stopwatch)));
+        lazyInitialize(m_samplingProfiler, adoptRef(*new SamplingProfiler(*this, WTFMove(stopwatch))));
         requestEntryScopeService(EntryScopeService::SamplingProfiler);
     }
     return *m_samplingProfiler;
@@ -590,7 +590,7 @@ SamplingProfiler& VM::ensureSamplingProfiler(Ref<Stopwatch>&& stopwatch)
 
 void VM::enableSamplingProfiler()
 {
-    SamplingProfiler* profiler = samplingProfiler();
+    RefPtr profiler = samplingProfiler();
     if (!profiler)
         profiler = &ensureSamplingProfiler(Stopwatch::create());
     profiler->start();
@@ -598,7 +598,7 @@ void VM::enableSamplingProfiler()
 
 void VM::disableSamplingProfiler()
 {
-    SamplingProfiler* profiler = samplingProfiler();
+    RefPtr profiler = samplingProfiler();
     if (!profiler)
         profiler = &ensureSamplingProfiler(Stopwatch::create());
     {
@@ -609,10 +609,8 @@ void VM::disableSamplingProfiler()
 
 RefPtr<JSON::Value> VM::takeSamplingProfilerSamplesAsJSON()
 {
-    SamplingProfiler* profiler = samplingProfiler();
-    if (!profiler)
-        return nullptr;
-    return profiler->stackTracesAsJSON();
+    RefPtr profiler = samplingProfiler();
+    return profiler ? RefPtr { profiler->stackTracesAsJSON() } : nullptr;
 }
 
 #endif // ENABLE(SAMPLING_PROFILER)
@@ -714,33 +712,33 @@ static Ref<NativeJITCode> jitCodeForCallTrampoline(Intrinsic intrinsic)
     switch (intrinsic) {
 #if ENABLE(WEBASSEMBLY)
     case WasmFunctionIntrinsic: {
-        static NativeJITCode* result;
+        static LazyNeverDestroyed<Ref<NativeJITCode>> result;
         static std::once_flag onceKey;
         std::call_once(onceKey, [&] {
-            result = new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(js_to_wasm_wrapper_entry), JITType::HostCallThunk, intrinsic);
+            result.construct(adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(js_to_wasm_wrapper_entry), JITType::HostCallThunk, intrinsic)));
         });
-        return *result;
+        return result.get();
     }
 #endif
     default: {
-        static NativeJITCode* result;
+        static LazyNeverDestroyed<Ref<NativeJITCode>> result;
         static std::once_flag onceKey;
         std::call_once(onceKey, [&] {
-            result = new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_call_trampoline), JITType::HostCallThunk, NoIntrinsic);
+            result.construct(adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_call_trampoline), JITType::HostCallThunk, NoIntrinsic)));
         });
-        return *result;
+        return result.get();
     }
     }
 }
 
 static Ref<NativeJITCode> jitCodeForConstructTrampoline()
 {
-    static NativeJITCode* result;
+    static LazyNeverDestroyed<Ref<NativeJITCode>> result;
     static std::once_flag onceKey;
     std::call_once(onceKey, [&] {
-        result = new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_construct_trampoline), JITType::HostCallThunk, NoIntrinsic);
+        result.construct(adoptRef(*new NativeJITCode(LLInt::getCodeRef<JSEntryPtrTag>(llint_native_construct_trampoline), JITType::HostCallThunk, NoIntrinsic)));
     });
-    return *result;
+    return result.get();
 }
 
 NativeExecutable* VM::getHostFunction(NativeFunction function, ImplementationVisibility implementationVisibility, Intrinsic intrinsic, NativeFunction constructor, const DOMJIT::Signature* signature, const String& name)
@@ -1074,7 +1072,7 @@ void VM::updateStackLimits()
         if (heap.m_webAssemblyInstanceSpace) {
             heap.m_webAssemblyInstanceSpace->forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) {
                 ASSERT_UNUSED(kind, kind == HeapCell::JSCell);
-                static_cast<JSWebAssemblyInstance*>(cell)->updateSoftStackLimit(m_softStackLimit);
+                SUPPRESS_MEMORY_UNSAFE_CAST static_cast<JSWebAssemblyInstance*>(cell)->updateSoftStackLimit(m_softStackLimit);
             });
         }
 #endif
@@ -1371,8 +1369,8 @@ void VM::drainMicrotasks()
 
 void sanitizeStackForVM(VM& vm)
 {
-    auto& thread = Thread::current();
-    auto& stack = thread.stack();
+    Ref thread = Thread::current();
+    auto& stack = thread->stack();
     if (!vm.currentThreadIsHoldingAPILock())
         return; // vm.lastStackTop() may not be set up correctly if JSLock is not held.
 
@@ -1533,12 +1531,12 @@ void VM::executeEntryScopeServicesOnEntry()
     // observe time zone changes.
     dateCache.resetIfNecessary();
 
-    auto* watchdog = this->watchdog();
+    RefPtr watchdog = this->watchdog();
     if (UNLIKELY(watchdog))
         watchdog->enteredVM();
 
 #if ENABLE(SAMPLING_PROFILER)
-    auto* samplingProfiler = this->samplingProfiler();
+    RefPtr samplingProfiler = this->samplingProfiler();
     if (UNLIKELY(samplingProfiler))
         samplingProfiler->noticeVMEntry();
 #endif
@@ -1552,7 +1550,7 @@ void VM::executeEntryScopeServicesOnExit()
     if (UNLIKELY(Options::useTracePoints()))
         tracePoint(VMEntryScopeEnd);
 
-    auto* watchdog = this->watchdog();
+    RefPtr watchdog = this->watchdog();
     if (UNLIKELY(watchdog))
         watchdog->exitedVM();
 
diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h
index ca86b50cd2cac..f9d3127ea4c77 100644
--- a/Source/JavaScriptCore/runtime/VM.h
+++ b/Source/JavaScriptCore/runtime/VM.h
@@ -438,7 +438,7 @@ class VM : public ThreadSafeRefCountedWithSuppressingSaferCPPChecking<VM>, publi
     VMTraps m_traps;
 
     VMIdentifier m_identifier;
-    RefPtr<JSLock> m_apiLock;
+    const Ref<JSLock> m_apiLock;
     Ref<WTF::RunLoop> m_runLoop;
 
     WeakRandom m_random;
@@ -569,7 +569,7 @@ class VM : public ThreadSafeRefCountedWithSuppressingSaferCPPChecking<VM>, publi
     Weak<NativeExecutable> m_fastRemoteFunctionExecutable;
     Weak<NativeExecutable> m_slowRemoteFunctionExecutable;
 
-    Ref<DeferredWorkTimer> deferredWorkTimer;
+    const Ref<DeferredWorkTimer> deferredWorkTimer;
 
     JSCell* currentlyDestructingCallbackObject { nullptr };
     const ClassInfo* currentlyDestructingCallbackObjectClassInfo { nullptr };
@@ -883,7 +883,7 @@ class VM : public ThreadSafeRefCountedWithSuppressingSaferCPPChecking<VM>, publi
 
     bool currentThreadIsHoldingAPILock() const { return m_apiLock->currentThreadIsHoldingLock(); }
 
-    JSLock& apiLock() { return *m_apiLock; }
+    JSLock& apiLock() { return m_apiLock.get(); }
     CodeCache* codeCache() { return m_codeCache.get(); }
     IntlCache& intlCache() { return *m_intlCache; }
 
@@ -1128,7 +1128,7 @@ class VM : public ThreadSafeRefCountedWithSuppressingSaferCPPChecking<VM>, publi
     LazyUniqueRef<VM, HeapProfiler> m_heapProfiler;
     LazyUniqueRef<VM, AdaptiveStringSearcherTables> m_stringSearcherTables;
 #if ENABLE(SAMPLING_PROFILER)
-    RefPtr<SamplingProfiler> m_samplingProfiler;
+    const RefPtr<SamplingProfiler> m_samplingProfiler;
 #endif
     std::unique_ptr<FuzzerAgent> m_fuzzerAgent;
     LazyUniqueRef<VM, ShadowChicken> m_shadowChicken;

From 1e56a0f61e053bed17490aa3abe0d04cd74adecf Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Sun, 23 Feb 2025 20:33:16 -0800
Subject: [PATCH 109/174] Address safer cpp failures in EventDispatcher
 https://bugs.webkit.org/show_bug.cgi?id=288317

Reviewed by Geoffrey Garen.

* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::wheelEventHandlingCompleted):
(WebKit::RemoteLayerTreeEventDispatcher::protectedDrawingAreaMac const):
(WebKit::RemoteLayerTreeEventDispatcher::displayLink const):
(WebKit::RemoteLayerTreeEventDispatcher::existingDisplayLink const):
(WebKit::RemoteLayerTreeEventDispatcher::scheduleDelayedRenderingUpdateDetectionTimer):
(WebKit::RemoteLayerTreeEventDispatcher::waitForRenderingUpdateCompletionOrTimeout):
(WebKit::RemoteLayerTreeEventDispatcher::updateAnimations):
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h:
* Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp:
(WebKit::EventDispatcher::internalWheelEvent):
(WebKit::EventDispatcher::dispatchWheelEventViaMainThread):
(WebKit::EventDispatcher::sendDidReceiveEvent):
(WebKit::EventDispatcher::notifyScrollingTreesDisplayDidRefresh):
(WebKit::EventDispatcher::startDisplayDidRefreshCallbacks):
(WebKit::EventDispatcher::stopDisplayDidRefreshCallbacks):

Canonical link: https://commits.webkit.org/290930@main
---
 .../UncountedCallArgsCheckerExpectations      |  1 -
 ...UncountedLambdaCapturesCheckerExpectations |  1 -
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 .../mac/RemoteLayerTreeEventDispatcher.cpp    | 22 ++++++++++++-------
 .../mac/RemoteLayerTreeEventDispatcher.h      |  1 +
 .../WebProcess/WebPage/EventDispatcher.cpp    | 16 +++++++-------
 6 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index a2fcd8d91a87e..77f0d96989171 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -366,7 +366,6 @@ WebProcess/WebCoreSupport/mac/WebContextMenuClientMac.mm
 WebProcess/WebCoreSupport/mac/WebDragClientMac.mm
 WebProcess/WebCoreSupport/mac/WebEditorClientMac.mm
 WebProcess/WebPage/DrawingArea.cpp
-WebProcess/WebPage/EventDispatcher.cpp
 WebProcess/WebPage/FindController.cpp
 WebProcess/WebPage/RemoteLayerTree/GraphicsLayerCARemote.mm
 WebProcess/WebPage/RemoteLayerTree/PlatformCALayerRemote.mm
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
index 5fa3ff00e7916..aa524b0c05fc2 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLambdaCapturesCheckerExpectations
@@ -36,7 +36,6 @@ WebProcess/Plugins/PDF/PDFPluginBase.mm
 WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
 WebProcess/Storage/WebSWClientConnection.cpp
 WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp
-WebProcess/WebPage/EventDispatcher.cpp
 WebProcess/WebPage/ViewUpdateDispatcher.cpp
 WebProcess/WebPage/WebFrame.cpp
 WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 4ad5d8e215e6c..2c752b4b4186f 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -93,7 +93,6 @@ WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp
 WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp
 WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp
 WebProcess/WebCoreSupport/mac/WebDragClientMac.mm
-WebProcess/WebPage/EventDispatcher.cpp
 WebProcess/WebPage/FindController.cpp
 WebProcess/WebPage/RemoteLayerTree/PlatformCALayerRemote.mm
 WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeContext.mm
diff --git a/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp b/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
index 623e42e4378d4..ddf7811ba8dcd 100644
--- a/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
+++ b/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
@@ -306,7 +306,7 @@ void RemoteLayerTreeEventDispatcher::wheelEventHandlingCompleted(const PlatformW
         auto result = scrollingTree->handleWheelEventAfterDefaultHandling(wheelEvent, scrollingNodeID, gestureState);
         RunLoop::protectedMain()->dispatch([protectedThis, wasHandled, result]() {
             if (auto* scrollingCoordinator = protectedThis->scrollingCoordinator())
-                scrollingCoordinator->webPageProxy().wheelEventHandlingCompleted(wasHandled || result.wasHandled);
+                scrollingCoordinator->protectedWebPageProxy()->wheelEventHandlingCompleted(wasHandled || result.wasHandled);
         });
 
     });
@@ -330,6 +330,11 @@ RemoteLayerTreeDrawingAreaProxyMac& RemoteLayerTreeEventDispatcher::drawingAreaM
     return *downcast<RemoteLayerTreeDrawingAreaProxyMac>(m_scrollingCoordinator->webPageProxy().drawingArea());
 }
 
+Ref<RemoteLayerTreeDrawingAreaProxyMac> RemoteLayerTreeEventDispatcher::protectedDrawingAreaMac() const
+{
+    return drawingAreaMac();
+}
+
 DisplayLink* RemoteLayerTreeEventDispatcher::displayLink() const
 {
     ASSERT(isMainRunLoop());
@@ -337,7 +342,7 @@ DisplayLink* RemoteLayerTreeEventDispatcher::displayLink() const
     if (!m_scrollingCoordinator)
         return nullptr;
 
-    return &drawingAreaMac().displayLink();
+    return &protectedDrawingAreaMac()->displayLink();
 }
 
 DisplayLink* RemoteLayerTreeEventDispatcher::existingDisplayLink() const
@@ -347,7 +352,7 @@ DisplayLink* RemoteLayerTreeEventDispatcher::existingDisplayLink() const
     if (!m_scrollingCoordinator)
         return nullptr;
 
-    return drawingAreaMac().existingDisplayLink();
+    return protectedDrawingAreaMac()->existingDisplayLink();
 }
 
 void RemoteLayerTreeEventDispatcher::startOrStopDisplayLink()
@@ -482,7 +487,7 @@ void RemoteLayerTreeEventDispatcher::scheduleDelayedRenderingUpdateDetectionTime
     ASSERT(ScrollingThread::isCurrentThread());
 
     if (!m_delayedRenderingUpdateDetectionTimer)
-        m_delayedRenderingUpdateDetectionTimer = makeUnique<RunLoop::Timer>(RunLoop::current(), [weakThis = ThreadSafeWeakPtr { *this }] {
+        m_delayedRenderingUpdateDetectionTimer = makeUnique<RunLoop::Timer>(RunLoop::protectedCurrent(), [weakThis = ThreadSafeWeakPtr { *this }] {
             auto strongThis = weakThis.get();
             if (strongThis)
                 strongThis->delayedRenderingUpdateDetectionTimerFired();
@@ -509,14 +514,15 @@ void RemoteLayerTreeEventDispatcher::waitForRenderingUpdateCompletionOrTimeout()
         m_delayedRenderingUpdateDetectionTimer->stop();
 
     auto currentTime = MonotonicTime::now();
-    auto estimatedNextDisplayRefreshTime = std::max(m_lastDisplayDidRefreshTime + m_scrollingTree->frameDuration(), currentTime);
-    auto timeoutTime = std::min(currentTime + m_scrollingTree->maxAllowableRenderingUpdateDurationForSynchronization(), estimatedNextDisplayRefreshTime);
+    RefPtr scrollingTree = m_scrollingTree;
+    auto estimatedNextDisplayRefreshTime = std::max(m_lastDisplayDidRefreshTime + scrollingTree->frameDuration(), currentTime);
+    auto timeoutTime = std::min(currentTime + scrollingTree->maxAllowableRenderingUpdateDurationForSynchronization(), estimatedNextDisplayRefreshTime);
 
     constexpr auto maximumTimeoutDelay = 32_ms;
     auto maximumTimeoutTime = currentTime + maximumTimeoutDelay;
     if (timeoutTime > maximumTimeoutTime) {
         RELEASE_LOG_ERROR(DisplayLink, "%p - [webPageID=%" PRIu64 "] RemoteLayerTreeEventDispatcher::waitForRenderingUpdateCompletionOrTimeout - bad timeout %.2fms into the future (frame duration %.2fms)", this, m_pageIdentifier.toUInt64(),
-            (timeoutTime - currentTime).milliseconds(), m_scrollingTree->frameDuration().milliseconds());
+            (timeoutTime - currentTime).milliseconds(), scrollingTree->frameDuration().milliseconds());
         timeoutTime = maximumTimeoutTime;
     }
 
@@ -629,7 +635,7 @@ void RemoteLayerTreeEventDispatcher::updateAnimations()
     auto now = MonotonicTime::now();
 
     auto effectStacks = std::exchange(m_effectStacks, { });
-    for (auto& [layerID, effectStack] : effectStacks) {
+    for (auto [layerID, effectStack] : effectStacks) {
         effectStack->applyEffectsFromScrollingThread(now);
 
         // We can clear the effect stack if it's empty, but the previous
diff --git a/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h b/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h
index dac8bf51ddf7b..0b462b2c99d3c 100644
--- a/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h
+++ b/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.h
@@ -123,6 +123,7 @@ class RemoteLayerTreeEventDispatcher
     DisplayLink* displayLink() const;
     DisplayLink* existingDisplayLink() const;
     RemoteLayerTreeDrawingAreaProxyMac& drawingAreaMac() const;
+    Ref<RemoteLayerTreeDrawingAreaProxyMac> protectedDrawingAreaMac() const;
 
     void startDisplayLinkObserver();
     void stopDisplayLinkObserver();
diff --git a/Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp b/Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp
index 0913bc56a1c90..2c07044d02128 100644
--- a/Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp
+++ b/Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp
@@ -122,7 +122,7 @@ void EventDispatcher::internalWheelEvent(PageIdentifier pageID, const WebWheelEv
 
     ensureOnMainRunLoop([pageID] {
         if (RefPtr webPage = WebProcess::singleton().webPage(pageID)) {
-            if (auto* corePage = webPage->corePage()) {
+            if (RefPtr corePage = webPage->corePage()) {
                 if (auto* keyboardScrollingAnimator = corePage->currentKeyboardScrollingAnimator())
                     keyboardScrollingAnimator->stopScrollingImmediately();
             }
@@ -141,7 +141,7 @@ void EventDispatcher::internalWheelEvent(PageIdentifier pageID, const WebWheelEv
 #endif
 
         Locker locker { m_scrollingTreesLock };
-        auto scrollingTree = m_scrollingTrees.get(pageID);
+        RefPtr scrollingTree = m_scrollingTrees.get(pageID);
         if (!scrollingTree) {
             dispatchWheelEventViaMainThread(pageID, wheelEvent, processingSteps, wheelEventOrigin);
             break;
@@ -166,7 +166,7 @@ void EventDispatcher::internalWheelEvent(PageIdentifier pageID, const WebWheelEv
 
         scrollingTree->willProcessWheelEvent();
 
-        ScrollingThread::dispatch([scrollingTree, wheelEvent, platformWheelEvent, processingSteps, useMainThreadForScrolling, pageID, wheelEventOrigin, this] {
+        ScrollingThread::dispatch([scrollingTree, wheelEvent, platformWheelEvent, processingSteps, useMainThreadForScrolling, pageID, wheelEventOrigin, this, protectedThis = Ref { *this }] {
             if (useMainThreadForScrolling) {
                 scrollingTree->willSendEventToMainThread(platformWheelEvent);
                 dispatchWheelEventViaMainThread(pageID, wheelEvent, processingSteps, wheelEventOrigin);
@@ -279,7 +279,7 @@ void EventDispatcher::dispatchTouchEvents()
 void EventDispatcher::dispatchWheelEventViaMainThread(WebCore::PageIdentifier pageID, const WebWheelEvent& wheelEvent, OptionSet<WheelEventProcessingSteps> processingSteps, WheelEventOrigin wheelEventOrigin)
 {
     ASSERT(!RunLoop::isMain());
-    RunLoop::protectedMain()->dispatch([this, pageID, wheelEvent, wheelEventOrigin, steps = processingSteps - WheelEventProcessingSteps::AsyncScrolling] {
+    RunLoop::protectedMain()->dispatch([this, protectedThis = Ref { *this }, pageID, wheelEvent, wheelEventOrigin, steps = processingSteps - WheelEventProcessingSteps::AsyncScrolling] {
         dispatchWheelEvent(pageID, wheelEvent, steps, wheelEventOrigin);
     });
 }
@@ -317,7 +317,7 @@ void EventDispatcher::dispatchGestureEvent(FrameIdentifier frameID, PageIdentifi
 
 void EventDispatcher::sendDidReceiveEvent(PageIdentifier pageID, WebEventType eventType, bool didHandleEvent)
 {
-    WebProcess::singleton().parentProcessConnection()->send(Messages::WebPageProxy::DidReceiveEvent(eventType, didHandleEvent, std::nullopt), pageID);
+    WebProcess::singleton().protectedParentProcessConnection()->send(Messages::WebPageProxy::DidReceiveEvent(eventType, didHandleEvent, std::nullopt), pageID);
 }
 
 void EventDispatcher::notifyScrollingTreesDisplayDidRefresh(PlatformDisplayID displayID)
@@ -325,7 +325,7 @@ void EventDispatcher::notifyScrollingTreesDisplayDidRefresh(PlatformDisplayID di
 #if ENABLE(ASYNC_SCROLLING) && ENABLE(SCROLLING_THREAD)
     Locker locker { m_scrollingTreesLock };
     for (auto keyValuePair : m_scrollingTrees)
-        keyValuePair.value->displayDidRefresh(displayID);
+        Ref { *keyValuePair.value }->displayDidRefresh(displayID);
 #endif
 }
 
@@ -374,12 +374,12 @@ void EventDispatcher::handleSyntheticWheelEvent(WebCore::PageIdentifier pageIden
 
 void EventDispatcher::startDisplayDidRefreshCallbacks(WebCore::PlatformDisplayID displayID)
 {
-    WebProcess::singleton().parentProcessConnection()->send(Messages::WebProcessProxy::StartDisplayLink(m_observerID, displayID, WebCore::FullSpeedFramesPerSecond), 0);
+    WebProcess::singleton().protectedParentProcessConnection()->send(Messages::WebProcessProxy::StartDisplayLink(m_observerID, displayID, WebCore::FullSpeedFramesPerSecond), 0);
 }
 
 void EventDispatcher::stopDisplayDidRefreshCallbacks(WebCore::PlatformDisplayID displayID)
 {
-    WebProcess::singleton().parentProcessConnection()->send(Messages::WebProcessProxy::StopDisplayLink(m_observerID, displayID), 0);
+    WebProcess::singleton().protectedParentProcessConnection()->send(Messages::WebProcessProxy::StopDisplayLink(m_observerID, displayID), 0);
 }
 
 #if ENABLE(MOMENTUM_EVENT_DISPATCHER_TEMPORARY_LOGGING)

From 6b4400af7df771a9f50b09825b0bdc0717d53ba3 Mon Sep 17 00:00:00 2001
From: Adan Lopez <ja_lopezlozoya@apple.com>
Date: Sun, 23 Feb 2025 21:34:25 -0800
Subject: [PATCH 110/174] Implement more smart pointers in WebProcess.h/cpp
 (part 3) https://bugs.webkit.org/show_bug.cgi?id=288144

Reviewed by Ryosuke Niwa and Chris Dumez.

Deploy more smart pointers in WebProcess (part 3).

* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::singleton):
(WebKit::WebProcess::initializeConnection):
(WebKit::WebProcess::grantUserMediaDeviceSandboxExtensions):
(WebKit::WebProcess::displayDidRefresh):
* Source/WebKit/WebProcess/WebProcess.h:

Canonical link: https://commits.webkit.org/290931@main
---
 .../UncountedCallArgsCheckerExpectations         |  1 -
 .../UncountedLocalVarsCheckerExpectations        |  1 -
 Source/WebKit/WebProcess/WebProcess.cpp          | 16 ++++++++--------
 Source/WebKit/WebProcess/WebProcess.h            |  2 ++
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 77f0d96989171..be9cd9feb91df 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -388,7 +388,6 @@ WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm
 WebProcess/WebPage/mac/TiledCoreAnimationScrollingCoordinator.mm
 WebProcess/WebPage/mac/WKAccessibilityWebPageObjectBase.mm
 WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm
-WebProcess/WebProcess.cpp
 WebProcess/WebStorage/StorageAreaMap.cpp
 WebProcess/WebSystemSoundDelegate.cpp
 WebProcess/cocoa/AudioSessionRoutingArbitrator.cpp
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 2c752b4b4186f..6befb21afb505 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -104,7 +104,6 @@ WebProcess/WebPage/WebURLSchemeTaskProxy.cpp
 WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm
 WebProcess/WebPage/mac/WKAccessibilityWebPageObjectBase.mm
 WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm
-WebProcess/WebProcess.cpp
 WebProcess/WebSleepDisablerClient.cpp
 WebProcess/WebStorage/StorageAreaMap.cpp
 WebProcess/cocoa/TextTrackRepresentationCocoa.mm
diff --git a/Source/WebKit/WebProcess/WebProcess.cpp b/Source/WebKit/WebProcess/WebProcess.cpp
index 2b4dc1a8ec58e..70bca769ad76a 100644
--- a/Source/WebKit/WebProcess/WebProcess.cpp
+++ b/Source/WebKit/WebProcess/WebProcess.cpp
@@ -290,8 +290,8 @@ static void crashAfter10Seconds(IPC::Connection*)
 
 WebProcess& WebProcess::singleton()
 {
-    static WebProcess& process = *new WebProcess;
-    return process;
+    static NeverDestroyed<Ref<WebProcess>> process = adoptRef(*new WebProcess);
+    return process.get().get();
 }
 
 WebProcess::WebProcess()
@@ -407,12 +407,12 @@ void WebProcess::initializeConnection(IPC::Connection* connection)
     connection->setShouldExitOnSyncMessageSendFailure(true);
 #endif
 
-    m_eventDispatcher.initializeConnection(*connection);
+    protectedEventDispatcher()->initializeConnection(*connection);
 #if PLATFORM(IOS_FAMILY)
     m_viewUpdateDispatcher.initializeConnection(*connection);
 #endif // PLATFORM(IOS_FAMILY)
 
-    m_webInspectorInterruptDispatcher.initializeConnection(*connection);
+    protectedWebInspectorInterruptDispatcher()->initializeConnection(*connection);
 
     for (auto& supplement : m_supplements.values())
         supplement->initializeConnection(connection);
@@ -2158,13 +2158,13 @@ void WebProcess::grantUserMediaDeviceSandboxExtensions(MediaDeviceSandboxExtensi
 {
     for (size_t i = 0; i < extensions.size(); i++) {
         const auto& extension = extensions[i];
-        extension.second->consume();
+        RefPtr { extension.second }->consume();
         WEBPROCESS_RELEASE_LOG(WebRTC, "grantUserMediaDeviceSandboxExtensions: granted extension %s", extension.first.utf8().data());
         m_mediaCaptureSandboxExtensions.add(extension.first, extension.second.copyRef());
     }
     m_machBootstrapExtension = extensions.machBootstrapExtension();
-    if (m_machBootstrapExtension)
-        m_machBootstrapExtension->consume();
+    if (RefPtr machBootstrapExtension = m_machBootstrapExtension)
+        machBootstrapExtension->consume();
 }
 
 static inline void checkDocumentsCaptureStateConsistency(const Vector<String>& extensionIDs)
@@ -2251,7 +2251,7 @@ void WebProcess::setClientBadge(WebPageProxyIdentifier pageIdentifier, const Web
 void WebProcess::displayDidRefresh(uint32_t displayID, const DisplayUpdate& displayUpdate)
 {
     ASSERT(RunLoop::isMain());
-    m_eventDispatcher.notifyScrollingTreesDisplayDidRefresh(displayID);
+    protectedEventDispatcher()->notifyScrollingTreesDisplayDidRefresh(displayID);
     DisplayRefreshMonitorManager::sharedManager().displayDidRefresh(displayID, displayUpdate);
 }
 #endif
diff --git a/Source/WebKit/WebProcess/WebProcess.h b/Source/WebKit/WebProcess/WebProcess.h
index 48561d65bf42a..3413e5fd61b43 100644
--- a/Source/WebKit/WebProcess/WebProcess.h
+++ b/Source/WebKit/WebProcess/WebProcess.h
@@ -258,6 +258,8 @@ class WebProcess final : public AuxiliaryProcess {
     void setTextCheckerState(OptionSet<TextCheckerState>);
 
     EventDispatcher& eventDispatcher() { return m_eventDispatcher; }
+    Ref<EventDispatcher> protectedEventDispatcher() { return m_eventDispatcher; }
+    Ref<WebInspectorInterruptDispatcher> protectedWebInspectorInterruptDispatcher() { return m_webInspectorInterruptDispatcher; }
 
     NetworkProcessConnection& ensureNetworkProcessConnection();
     Ref<NetworkProcessConnection> ensureProtectedNetworkProcessConnection();

From 3c5cef15cc6ec65d057ef83cb964b099135200c5 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Sun, 23 Feb 2025 22:26:56 -0800
Subject: [PATCH 111/174] [JSC] Make isWhiteSpace table-based
 https://bugs.webkit.org/show_bug.cgi?id=288323 rdar://145439014

Reviewed by Yijia Huang.

This patch changes isWhiteSpace table-based implementation since it is
faster than many branches. We also add easy jetstream2-octane-code-load
microbenchmark script.

* JSTests/slowMicrobenchmarks/jetstream2-octane-code-load.js: Added.
(setupCodeLoad):
(tearDownCodeLoad):
(runCodeLoadClosure):
(runCodeLoadJQuery):
(BASE_JS.JQUERY_JS):
(cacheBust):
(runClosure):
(MockElement.this.appendChild):
(MockElement.this.createComment):
(MockElement.this.createDocumentFragment):
(MockElement.this.createElement):
(MockElement.this.getElementById):
(MockElement.this.getElementsByTagName):
(MockElement.this.insertBefore):
(MockElement.this.removeChild):
(MockElement.this.setAttribute):
* Source/JavaScriptCore/parser/Lexer.cpp:
* Source/JavaScriptCore/parser/Lexer.h:
(JSC::Lexer<LChar>::isWhiteSpace):

Canonical link: https://commits.webkit.org/290932@main
---
 .../jetstream2-octane-code-load.js            | 1539 +++++++++++++++++
 Source/JavaScriptCore/parser/Lexer.cpp        |  260 +++
 Source/JavaScriptCore/parser/Lexer.h          |    4 +-
 3 files changed, 1802 insertions(+), 1 deletion(-)
 create mode 100644 JSTests/slowMicrobenchmarks/jetstream2-octane-code-load.js

diff --git a/JSTests/slowMicrobenchmarks/jetstream2-octane-code-load.js b/JSTests/slowMicrobenchmarks/jetstream2-octane-code-load.js
new file mode 100644
index 0000000000000..3cefdeeb4b2de
--- /dev/null
+++ b/JSTests/slowMicrobenchmarks/jetstream2-octane-code-load.js
@@ -0,0 +1,1539 @@
+//@ runDefault
+
+// Copyright 2013 the Octane Benchmark project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+// The code in BASE_JS below:
+// Copyright 2012 The Closure Library Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS-IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+// The code in JQUERY_JS below:
+// Copyright (c) 2012 John Resig, http://jquery.com/
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+function setupCodeLoad() {
+  salt = 0;
+  indirectEval = eval;
+}
+
+function tearDownCodeLoad() {
+  salt = null;
+  indirectEval = null;
+}
+
+function runCodeLoadClosure() {
+  runClosure();
+  salt++;
+}
+
+function runCodeLoadJQuery() {
+  runJQuery();
+  salt++;
+}
+
+/*
+ * BASE_JS is a compiled and formatted version of:
+ * http://code.google.com/p/closure-library/source/browse/trunk/closure/goog/base.js
+ * JQUERY_JS is a formatted copy of:
+ * http://code.jquery.com/jquery.min.js
+ * The following Python script generates both variables:
+
+#!/usr/bin/env python
+
+import urllib
+import urllib2
+
+def escape_and_format(data, varname):
+  data = data.replace("\n", " ").replace("; ", ";")
+  data = data.replace("\\", "\\\\").replace("\"", "\\\"")
+  data = "var " + varname + " = \"" + data + "\""
+  while len(data) > 0:
+    cutoff = min(79, len(data))
+    while data[cutoff-1] == '\\':
+      cutoff -= 1
+    line = data[0:cutoff]
+    data = data[cutoff:]
+    if len(data) > 0:
+      line += '\\'
+    print line
+
+url = "http://closure-compiler.appspot.com/compile"
+request_params = {"output_format": "text",
+                  "compilation_level": "SIMPLE_OPTIMIZATIONS",
+                  "use_closure_library": "true",
+                  "js_code": "",
+                  "output_info": "compiled_code"}
+result = urllib2.urlopen(url, urllib.urlencode(request_params))
+escape_and_format(result.read(), "BASE_JS")
+
+print "\n\n"
+
+url = "http://code.jquery.com/jquery.min.js"
+result = urllib2.urlopen(url)
+escape_and_format(result.read(), "JQUERY_JS")
+
+*/
+var BASE_JS = "var COMPILED=!0,goog=goog||{};goog.global=this;goog.DEBUG=!0;goo\
+g.LOCALE=\"en\";goog.provide=function(a){if(!COMPILED){if(goog.isProvided_(a))t\
+hrow Error('Namespace \"'+a+'\" already declared.');delete goog.implicitNamespa\
+ces_[a];for(var b=a;(b=b.substring(0,b.lastIndexOf(\".\")))&&!goog.getObjectByN\
+ame(b);)goog.implicitNamespaces_[b]=!0}goog.exportPath_(a)};goog.setTestOnly=fu\
+nction(a){if(COMPILED&&!goog.DEBUG)throw a=a||\"\",Error(\"Importing test-only \
+code into non-debug environment\"+a?\": \"+a:\".\");};COMPILED||(goog.isProvide\
+d_=function(a){return!goog.implicitNamespaces_[a]&&!!goog.getObjectByName(a)},g\
+oog.implicitNamespaces_={});goog.exportPath_=function(a,b,c){a=a.split(\".\");c\
+=c||goog.global;!(a[0]in c)&&c.execScript&&c.execScript(\"var \"+a[0]);for(var \
+d;a.length&&(d=a.shift());)!a.length&&goog.isDef(b)?c[d]=b:c=c[d]?c[d]:c[d]={}}\
+;goog.getObjectByName=function(a,b){for(var c=a.split(\".\"),d=b||goog.global,e\
+;e=c.shift();)if(goog.isDefAndNotNull(d[e]))d=d[e];else return null;return d};g\
+oog.globalize=function(a,b){var c=b||goog.global,d;for(d in a)c[d]=a[d]};goog.a\
+ddDependency=function(a,b,c){if(!COMPILED){for(var d,a=a.replace(/\\\\/g,\"/\")\
+,e=goog.dependencies_,g=0;d=b[g];g++){e.nameToPath[d]=a;a in e.pathToNames||(e.\
+pathToNames[a]={});e.pathToNames[a][d]=true}for(d=0;b=c[d];d++){a in e.requires\
+||(e.requires[a]={});e.requires[a][b]=true}}};goog.ENABLE_DEBUG_LOADER=!0;goog.\
+require=function(a){if(!COMPILED&&!goog.isProvided_(a)){if(goog.ENABLE_DEBUG_LO\
+ADER){var b=goog.getPathFromDeps_(a);if(b){goog.included_[b]=true;goog.writeScr\
+ipts_();return}}a=\"goog.require could not find: \"+a;goog.global.console&&goog\
+.global.console.error(a);throw Error(a);}};goog.basePath=\"\";goog.nullFunction\
+=function(){};goog.identityFunction=function(a){return a};goog.abstractMethod=f\
+unction(){throw Error(\"unimplemented abstract method\");};goog.addSingletonGet\
+ter=function(a){a.getInstance=function(){return a.instance_||(a.instance_=new a\
+)}};!COMPILED&&goog.ENABLE_DEBUG_LOADER&&(goog.included_={},goog.dependencies_=\
+{pathToNames:{},nameToPath:{},requires:{},visited:{},written:{}},goog.inHtmlDoc\
+ument_=function(){var a=goog.global.document;return typeof a!=\"undefined\"&&\"\
+write\"in a},goog.findBasePath_=function(){if(goog.global.CLOSURE_BASE_PATH)goo\
+g.basePath=goog.global.CLOSURE_BASE_PATH;else if(goog.inHtmlDocument_())for(var\
+ a=goog.global.document.getElementsByTagName(\"script\"),b=a.length-1;b>=0;--b)\
+{var c=a[b].src,d=c.lastIndexOf(\"?\"), d=d==-1?c.length:d;if(c.substr(d-7,7)==\
+\"base.js\"){goog.basePath=c.substr(0,d-7);break}}},goog.importScript_=function\
+(a){var b=goog.global.CLOSURE_IMPORT_SCRIPT||goog.writeScriptTag_;!goog.depende\
+ncies_.written[a]&&b(a)&&(goog.dependencies_.written[a]=true)},goog.writeScript\
+Tag_=function(a){if(goog.inHtmlDocument_()){goog.global.document.write('<script\
+ type=\"text/javascript\" src=\"'+a+'\"><\\/script>');return true}return false}\
+,goog.writeScripts_=function(){function a(e){if(!(e in d.written)){if(!(e in d.\
+visited)){d.visited[e]=true;if(e in d.requires)for(var f in d.requires[e])if(!g\
+oog.isProvided_(f))if(f in d.nameToPath)a(d.nameToPath[f]);else throw Error(\"U\
+ndefined nameToPath for \"+f);}if(!(e in c)){c[e]=true;b.push(e)}}}var b=[],c={\
+},d=goog.dependencies_,e;for(e in goog.included_)d.written[e]||a(e);for(e=0;e<b\
+.length;e++)if(b[e])goog.importScript_(goog.basePath+b[e]);else throw Error(\"U\
+ndefined script input\");},goog.getPathFromDeps_=function(a){return a in goog.d\
+ependencies_.nameToPath?goog.dependencies_.nameToPath[a]: null},goog.findBasePa\
+th_(),goog.global.CLOSURE_NO_DEPS||goog.importScript_(goog.basePath+\"deps.js\"\
+));goog.typeOf=function(a){var b=typeof a;if(b==\"object\")if(a){if(a instanceo\
+f Array)return\"array\";if(a instanceof Object)return b;var c=Object.prototype.\
+toString.call(a);if(c==\"[object Window]\")return\"object\";if(c==\"[object Arr\
+ay]\"||typeof a.length==\"number\"&&typeof a.splice!=\"undefined\"&&typeof a.pr\
+opertyIsEnumerable!=\"undefined\"&&!a.propertyIsEnumerable(\"splice\"))return\"\
+array\";if(c==\"[object Function]\"||typeof a.call!=\"undefined\"&&typeof a.pro\
+pertyIsEnumerable!=\"undefined\"&&!a.propertyIsEnumerable(\"call\"))return\"fun\
+ction\"}else return\"null\";else if(b==\"function\"&&typeof a.call==\"undefined\
+\")return\"object\";return b};goog.isDef=function(a){return a!==void 0};goog.is\
+Null=function(a){return a===null};goog.isDefAndNotNull=function(a){return a!=nu\
+ll};goog.isArray=function(a){return goog.typeOf(a)==\"array\"};goog.isArrayLike\
+=function(a){var b=goog.typeOf(a);return b==\"array\"||b==\"object\"&&typeof a.\
+length==\"number\"};goog.isDateLike=function(a){return goog.isObject(a)&&typeof\
+ a.getFullYear==\"function\"};goog.isString=function(a){return typeof a==\"stri\
+ng\"};goog.isBoolean=function(a){return typeof a==\"boolean\"};goog.isNumber=fu\
+nction(a){return typeof a==\"number\"};goog.isFunction=function(a){return goog.\
+typeOf(a)==\"function\"};goog.isObject=function(a){var b=typeof a;return b==\"o\
+bject\"&&a!=null||b==\"function\"};goog.getUid=function(a){return a[goog.UID_PR\
+OPERTY_]||(a[goog.UID_PROPERTY_]=++goog.uidCounter_)};goog.removeUid=function(a\
+){\"removeAttribute\"in a&&a.removeAttribute(goog.UID_PROPERTY_);try{delete a[g\
+oog.UID_PROPERTY_]}catch(b){}};goog.UID_PROPERTY_=\"closure_uid_\"+Math.floor(2\
+147483648*Math.random()).toString(36);goog.uidCounter_=0;goog.getHashCode=goog.\
+getUid;goog.removeHashCode=goog.removeUid;goog.cloneObject=function(a){var b=go\
+og.typeOf(a);if(b==\"object\"||b==\"array\"){if(a.clone)return a.clone();var b=\
+b==\"array\"?[]:{},c;for(c in a)b[c]=goog.cloneObject(a[c]);return b}return a};\
+goog.bindNative_=function(a,b,c){return a.call.apply(a.bind,arguments)};goog.bi\
+ndJs_=function(a,b,c){if(!a)throw Error();if(arguments.length>2){var d=Array.pr\
+ototype.slice.call(arguments,2);return function(){var c=Array.prototype.slice.c\
+all(arguments);Array.prototype.unshift.apply(c,d);return a.apply(b,c)}}return f\
+unction(){return a.apply(b,arguments)}};goog.bind=function(a,b,c){goog.bind=Fun\
+ction.prototype.bind&&Function.prototype.bind.toString().indexOf(\"native code\
+\")!=-1?goog.bindNative_:goog.bindJs_;return goog.bind.apply(null,arguments)};g\
+oog.partial=function(a,b){var c=Array.prototype.slice.call(arguments,1);return \
+function(){var b=Array.prototype.slice.call(arguments);b.unshift.apply(b,c);ret\
+urn a.apply(this,b)}};goog.mixin=function(a,b){for(var c in b)a[c]=b[c]};goog.n\
+ow=Date.now||function(){return+new Date};goog.globalEval=function(a){if(goog.gl\
+obal.execScript)goog.global.execScript(a,\"JavaScript\");else if(goog.global.ev\
+al){if(goog.evalWorksForGlobals_==null){goog.global.eval(\"var _et_ = 1;\");if(\
+typeof goog.global._et_!=\"undefined\"){delete goog.global._et_;goog.evalWorksF\
+orGlobals_=true}else goog.evalWorksForGlobals_=false}if(goog.evalWorksForGlobal\
+s_)goog.global.eval(a);else{var b=goog.global.document,c=b.createElement(\"scri\
+pt\");c.type=\"text/javascript\";c.defer=false;c.appendChild(b.createTextNode(a\
+));b.body.appendChild(c);b.body.removeChild(c)}}else throw Error(\"goog.globalE\
+val not available\");};goog.evalWorksForGlobals_=null;goog.getCssName=function(\
+a,b){var c=function(a){return goog.cssNameMapping_[a]||a},d=function(a){for(var\
+ a=a.split(\"-\"),b=[],d=0;d<a.length;d++)b.push(c(a[d]));return b.join(\"-\")}\
+,d=goog.cssNameMapping_?goog.cssNameMappingStyle_==\"BY_WHOLE\"?c:d:function(a)\
+{return a};return b?a+\"-\"+d(b):d(a)};goog.setCssNameMapping=function(a,b){goo\
+g.cssNameMapping_=a;goog.cssNameMappingStyle_=b};!COMPILED&&goog.global.CLOSURE\
+_CSS_NAME_MAPPING&&(goog.cssNameMapping_=goog.global.CLOSURE_CSS_NAME_MAPPING);\
+goog.getMsg=function(a,b){var c=b||{},d;for(d in c)var e=(\"\"+c[d]).replace(/\
+\\$/g,\"$$$$\"),a=a.replace(RegExp(\"\\\\{\\\\$\"+d+\"\\\\}\",\"gi\"),e);return\
+ a};goog.exportSymbol=function(a,b,c){goog.exportPath_(a,b,c)};goog.exportPrope\
+rty=function(a,b,c){a[b]=c};goog.inherits=function(a,b){function c(){}c.prototy\
+pe=b.prototype;a.superClass_=b.prototype;a.prototype=new c;a.prototype.construc\
+tor=a};goog.base=function(a,b,c){var d=arguments.callee.caller;if(d.superClass_\
+)return d.superClass_.constructor.apply(a,Array.prototype.slice.call(arguments,\
+1));for(var e=Array.prototype.slice.call(arguments,2),g=false,f=a.constructor;f\
+;f=f.superClass_&&f.superClass_.constructor)if(f.prototype[b]===d)g=true;else i\
+f(g)return f.prototype[b].apply(a,e);if(a[b]===d)return a.constructor.prototype\
+[b].apply(a,e);throw Error(\"goog.base called from a method of one name to a me\
+thod of a different name\");};goog.scope=function(a){a.call(goog.global)};"
+
+var JQUERY_JS = "/*! jQuery v1.7.2 jquery.com | jquery.org/license */ (function\
+(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.par\
+entWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f(\"<\"+a+\">\").appendTo\
+(b),e=d.css(\"display\");d.remove();if(e===\"none\"||e===\"\"){ck||(ck=c.create\
+Element(\"iframe\"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!\
+cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.wri\
+te((f.support.boxModel?\"<!doctype html>\":\"\")+\"<html><body>\"),cl.close();d\
+=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,\"display\"),b.removeChil\
+d(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],\
+cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr()\
+{setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObjec\
+t(\"Microsoft.XMLHTTP\")}catch(b){}}function ch(){try{return new a.XMLHttpReque\
+st}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var\
+ d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1\
+)for(h in a.converters)typeof h==\"string\"&&(e[h.toLowerCase()]=a.converters[h\
+]);l=k,k=d[g];if(k===\"*\")k=l;else if(l!==\"*\"&&l!==k){m=l+\" \"+k,n=e[m]||e[\
+\"* \"+k];if(!n){p=b;for(o in e){j=o.split(\" \");if(j[0]===l||j[0]===\"*\"){p=\
+e[j[1]+\" \"+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error(\
+\"No conversion from \"+m.replace(\" \",\" to \")),n!==!0&&(c=n?n(c):p(o(c)))}}\
+return c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h\
+,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]===\"*\")f.shift(),h===b&&(h\
+=a.mimeType||c.getResponseHeader(\"content-type\"));if(h)for(i in e)if(e[i]&&e[\
+i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.\
+converters[i+\" \"+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j\
+);return d[j]}}function b_(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||b\
+D.test(a)?d(a,e):b_(a+\"[\"+(typeof e==\"object\"?b:\"\")+\"]\",e,c,d)});else i\
+f(!c&&f.type(b)===\"object\")for(var e in b)b_(a+\"[\"+e+\"]\",b[e],c,d);else d\
+(a,b)}function b$(a,c){var d,e,g=f.ajaxSettings.flatOptions||{};for(d in c)c[d]\
+!==b&&((g[d]?a:e||(e={}))[d]=c[d]);e&&f.extend(!0,a,e)}function bZ(a,c,d,e,f,g)\
+{f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bS,l;f\
+or(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l==\"string\"&&(!k||g[l]?l=b:(c.dataT\
+ypes.unshift(l),l=bZ(a,c,d,e,l,g)));(k||!l)&&!g[\"*\"]&&(l=bZ(a,c,d,e,\"*\",g))\
+;return l}function bY(a){return function(b,c){typeof b!=\"string\"&&(c=b,b=\"*\
+\");if(f.isFunction(c)){var d=b.toLowerCase().split(bO),e=0,g=d.length,h,i,j;fo\
+r(;e<g;e++)h=d[e],j=/^\\+/.test(h),j&&(h=h.substr(1)||\"*\"),i=a[h]=a[h]||[],i[\
+j?\"unshift\":\"push\"](c)}}}function bB(a,b,c){var d=b===\"width\"?a.offsetWid\
+th:a.offsetHeight,e=b===\"width\"?1:0,g=4;if(d>0){if(c!==\"border\")for(;e<g;e+\
+=2)c||(d-=parseFloat(f.css(a,\"padding\"+bx[e]))||0),c===\"margin\"?d+=parseFlo\
+at(f.css(a,c+bx[e]))||0:d-=parseFloat(f.css(a,\"border\"+bx[e]+\"Width\"))||0;r\
+eturn d+\"px\"}d=by(a,b);if(d<0||d==null)d=a.style[b];if(bt.test(d))return d;d=\
+parseFloat(d)||0;if(c)for(;e<g;e+=2)d+=parseFloat(f.css(a,\"padding\"+bx[e]))||\
+0,c!==\"padding\"&&(d+=parseFloat(f.css(a,\"border\"+bx[e]+\"Width\"))||0),c===\
+\"margin\"&&(d+=parseFloat(f.css(a,c+bx[e]))||0);return d+\"px\"}function bo(a)\
+{var b=c.createElement(\"div\");bh.appendChild(b),b.innerHTML=a.outerHTML;retur\
+n b.firstChild}function bn(a){var b=(a.nodeName||\"\").toLowerCase();b===\"inpu\
+t\"?bm(a):b!==\"script\"&&typeof a.getElementsByTagName!=\"undefined\"&&f.grep(\
+a.getElementsByTagName(\"input\"),bm)}function bm(a){if(a.type===\"checkbox\"||\
+a.type===\"radio\")a.defaultChecked=a.checked}function bl(a){return typeof a.ge\
+tElementsByTagName!=\"undefined\"?a.getElementsByTagName(\"*\"):typeof a.queryS\
+electorAll!=\"undefined\"?a.querySelectorAll(\"*\"):[]}function bk(a,b){var c;b\
+.nodeType===1&&(b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mer\
+geAttributes(a),c=b.nodeName.toLowerCase(),c===\"object\"?b.outerHTML=a.outerHT\
+ML:c!==\"input\"||a.type!==\"checkbox\"&&a.type!==\"radio\"?c===\"option\"?b.se\
+lected=a.defaultSelected:c===\"input\"||c===\"textarea\"?b.defaultValue=a.defau\
+ltValue:c===\"script\"&&b.text!==a.text&&(b.text=a.text):(a.checked&&(b.default\
+Checked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value)),b.removeAttr\
+ibute(f.expando),b.removeAttribute(\"_submit_attached\"),b.removeAttribute(\"_c\
+hange_attached\"))}function bj(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c,d,\
+e,g=f._data(a),h=f._data(b,g),i=g.events;if(i){delete h.handle,h.events={};for(\
+c in i)for(d=0,e=i[c].length;d<e;d++)f.event.add(b,c,i[c][d])}h.data&&(h.data=f\
+.extend({},h.data))}}function bi(a,b){return f.nodeName(a,\"table\")?a.getEleme\
+ntsByTagName(\"tbody\")[0]||a.appendChild(a.ownerDocument.createElement(\"tbody\
+\")):a}function U(a){var b=V.split(\"|\"),c=a.createDocumentFragment();if(c.cre\
+ateElement)while(b.length)c.createElement(b.pop());return c}function T(a,b,c){b\
+=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);re\
+turn e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(\
+typeof b==\"string\"){var d=f.grep(a,function(a){return a.nodeType===1});if(O.t\
+est(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){re\
+turn f.inArray(a,b)>=0===c})}function S(a){return!a||!a.parentNode||a.parentNod\
+e.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){v\
+ar d=b+\"defer\",e=b+\"queue\",g=b+\"mark\",h=f._data(a,d);h&&(c===\"queue\"||!\
+f._data(a,e))&&(c===\"mark\"||!f._data(a,g))&&setTimeout(function(){!f._data(a,\
+e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b \
+in a){if(b===\"data\"&&f.isEmptyObject(a[b]))continue;if(b!==\"toJSON\")return!\
+1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e=\"data-\"+c.replac\
+e(k,\"-$1\").toLowerCase();d=a.getAttribute(e);if(typeof d==\"string\"){try{d=d\
+===\"true\"?!0:d===\"false\"?!1:d===\"null\"?null:f.isNumeric(d)?+d:j.test(d)?f\
+.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g\
+[a]={},c,d;a=a.split(/\\s+/);for(c=0,d=a.length;c<d;c++)b[a[c]]=!0;return b}var\
+ c=a.document,d=a.navigator,e=a.location,f=function(){function J(){if(!e.isRead\
+y){try{c.documentElement.doScroll(\"left\")}catch(a){setTimeout(J,1);return}e.r\
+eady()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/\
+^(?:[^#<]*(<[\\w\\W]+>)[^>]*$|#([\\w\\-]*)$)/,j=/\\S/,k=/^\\s+/,l=/\\s+$/,m=/^<\
+(\\w+)\\s*\\/?>(?:<\\/\\1>)?$/,n=/^[\\],:{}\\s]*$/,o=/\\\\(?:[\"\\\\\\/bfnrt]|u\
+[0-9a-fA-F]{4})/g,p=/\"[^\"\\\\\\n\\r]*\"|true|false|null|-?\\d+(?:\\.\\d*)?(?:\
+[eE][+\\-]?\\d+)?/g,q=/(?:^|:|,)(?:\\s*\\[)+/g,r=/(webkit)[ \\/]([\\w.]+)/,s=/(\
+opera)(?:.*version)?[ \\/]([\\w.]+)/,t=/(msie) ([\\w.]+)/,u=/(mozilla)(?:.*? rv\
+:([\\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+\"\").toU\
+pperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.\
+hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototyp\
+e.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:func\
+tion(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a\
+,this.length=1;return this}if(a===\"body\"&&!d&&c.body){this.context=c,this[0]=\
+c.body,this.selector=a,this.length=1;return this}if(typeof a==\"string\"){a.cha\
+rAt(0)!==\"<\"||a.charAt(a.length-1)!==\">\"||a.length<3?g=i.exec(a):g=[null,a,\
+null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d\
+:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a\
+,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable\
+?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElem\
+entById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1\
+,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f)\
+.find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.sel\
+ector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray\
+(a,this)},selector:\"\",jquery:\"1.7.2\",length:0,size:function(){return this.l\
+ength},toArray:function(){return F.call(this,0)},get:function(a){return a==null\
+?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var \
+d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d\
+.context=this.context,b===\"find\"?d.selector=this.selector+(this.selector?\" \
+\":\"\")+c:b&&(d.selector=this.selector+\".\"+b+\"(\"+c+\")\");return d},each:f\
+unction(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);\
+return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)}\
+,first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:\
+function(){return this.pushStack(F.apply(this,arguments),\"slice\",F.call(argum\
+ents).join(\",\"))},map:function(a){return this.pushStack(e.map(this,function(b\
+,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constr\
+uctor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.e\
+xtend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments\
+.length,l=!1;typeof i==\"boolean\"&&(l=i,i=arguments[1]||{},j=2),typeof i!=\"ob\
+ject\"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=argumen\
+ts[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject\
+(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)\
+?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:func\
+tion(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,rea\
+dyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){i\
+f(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.re\
+ady,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A.fireWith(c,[e]),e.fn.tr\
+igger&&e(c).trigger(\"ready\").off(\"ready\")}},bindReady:function(){if(!A){A=e\
+.Callbacks(\"once memory\");if(c.readyState===\"complete\")return setTimeout(e.\
+ready,1);if(c.addEventListener)c.addEventListener(\"DOMContentLoaded\",B,!1),a.\
+addEventListener(\"load\",e.ready,!1);else if(c.attachEvent){c.attachEvent(\"on\
+readystatechange\",B),a.attachEvent(\"onload\",e.ready);var b=!1;try{b=a.frameE\
+lement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:functio\
+n(a){return e.type(a)===\"function\"},isArray:Array.isArray||function(a){return\
+ e.type(a)===\"array\"},isWindow:function(a){return a!=null&&a==a.window},isNum\
+eric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){ret\
+urn a==null?String(a):I[C.call(a)]||\"object\"},isPlainObject:function(a){if(!a\
+||e.type(a)!==\"object\"||a.nodeType||e.isWindow(a))return!1;try{if(a.construct\
+or&&!D.call(a,\"constructor\")&&!D.call(a.constructor.prototype,\"isPrototypeOf\
+\"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isE\
+mptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){thro\
+w new Error(a)},parseJSON:function(b){if(typeof b!=\"string\"||!b)return null;b\
+=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o\
+,\"@\").replace(p,\"]\").replace(q,\"\")))return(new Function(\"return \"+b))()\
+;e.error(\"Invalid JSON: \"+b)},parseXML:function(c){if(typeof c!=\"string\"||!\
+c)return null;var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,\"\
+text/xml\")):(d=new ActiveXObject(\"Microsoft.XMLDOM\"),d.async=\"false\",d.loa\
+dXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName(\"parsere\
+rror\").length)&&e.error(\"Invalid XML: \"+c);return d},noop:function(){},globa\
+lEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b\
+)},camelCase:function(a){return a.replace(w,\"ms-\").replace(v,x)},nodeName:fun\
+ction(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:\
+function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f\
+ in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)br\
+eak}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c\
+.call(a[g],g,a[g++])===!1)break;return a},trim:G?function(a){return a==null?\"\
+\":G.call(a)}:function(a){return a==null?\"\":(a+\"\").replace(k,\"\").replace(\
+l,\"\")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.leng\
+th==null||d===\"string\"||d===\"function\"||d===\"regexp\"||e.isWindow(a)?E.cal\
+l(c,a):e.merge(c,a)}return c},inArray:function(a,b,c){var d;if(b){if(H)return H\
+.call(b,a,c);d=b.length,c=c?c<0?Math.max(0,d+c):c:0;for(;c<d;c++)if(c in b&&b[c\
+]===a)return c}return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.len\
+gth==\"number\")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d+\
++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=\
+0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a\
+,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j==\"number\"\
+&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=n\
+ull&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);ret\
+urn h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c==\"string\"){v\
+ar d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=F.call(arguments,2),g=func\
+tion(){return a.apply(c,f.concat(F.call(arguments)))};g.guid=a.guid=a.guid||g.g\
+uid||e.guid++;return g},access:function(a,c,d,f,g,h,i){var j,k=d==null,l=0,m=a.\
+length;if(d&&typeof d==\"object\"){for(l in d)e.access(a,c,l,d[l],1,h,f);g=1}el\
+se if(f!==b){j=i===b&&e.isFunction(f),k&&(j?(j=c,c=function(a,b,c){return j.cal\
+l(e(a),c)}):(c.call(a,f),c=null));if(c)for(;l<m;l++)c(a[l],d,j?f.call(a[l],l,c(\
+a[l],d)):f,i);g=1}return g?a:k?c.call(a):m?c(a[0],d):h},now:function(){return(n\
+ew Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=r.exec(a)||s.ex\
+ec(a)||t.exec(a)||a.indexOf(\"compatible\")<0&&u.exec(a)||[];return{browser:b[1\
+]||\"\",version:b[2]||\"0\"}},sub:function(){function a(b,c){return new a.fn.in\
+it(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.cons\
+tructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanc\
+eof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;va\
+r b=a(c);return a},browser:{}}),e.each(\"Boolean Number String Function Array D\
+ate RegExp Object\".split(\" \"),function(a,b){I[\"[object \"+b+\"]\"]=b.toLowe\
+rCase()}),z=e.uaMatch(y),z.browser&&(e.browser[z.browser]=!0,e.browser.version=\
+z.version),e.browser.webkit&&(e.browser.safari=!0),j.test(\" \")&&(k=/^[\\s\\x\
+A0]+/,l=/[\\s\\xA0]+$/),h=e(c),c.addEventListener?B=function(){c.removeEventLis\
+tener(\"DOMContentLoaded\",B,!1),e.ready()}:c.attachEvent&&(B=function(){c.read\
+yState===\"complete\"&&(c.detachEvent(\"onreadystatechange\",B),e.ready())});re\
+turn e}(),g={};f.Callbacks=function(a){a=a?g[a]||h(a):{};var c=[],d=[],e,i,j,k,\
+l,m,n=function(b){var d,e,g,h,i;for(d=0,e=b.length;d<e;d++)g=b[d],h=f.type(g),h\
+===\"array\"?n(g):h===\"function\"&&(!a.unique||!p.has(g))&&c.push(g)},o=functi\
+on(b,f){f=f||[],e=!a.memory||[b,f],i=!0,j=!0,m=k||0,k=0,l=c.length;for(;c&&m<l;\
+m++)if(c[m].apply(b,f)===!1&&a.stopOnFalse){e=!0;break}j=!1,c&&(a.once?e===!0?p\
+.disable():c=[]:d&&d.length&&(e=d.shift(),p.fireWith(e[0],e[1])))},p={add:funct\
+ion(){if(c){var a=c.length;n(arguments),j?l=c.length:e&&e!==!0&&(k=a,o(e[0],e[1\
+]))}return this},remove:function(){if(c){var b=arguments,d=0,e=b.length;for(;d<\
+e;d++)for(var f=0;f<c.length;f++)if(b[d]===c[f]){j&&f<=l&&(l--,f<=m&&m--),c.spl\
+ice(f--,1);if(a.unique)break}}return this},has:function(a){if(c){var b=0,d=c.le\
+ngth;for(;b<d;b++)if(a===c[b])return!0}return!1},empty:function(){c=[];return t\
+his},disable:function(){c=d=e=b;return this},disabled:function(){return!c},lock\
+:function(){d=b,(!e||e===!0)&&p.disable();return this},locked:function(){return\
+!d},fireWith:function(b,c){d&&(j?a.once||d.push([b,c]):(!a.once||!e)&&o(b,c));r\
+eturn this},fire:function(){p.fireWith(this,arguments);return this},fired:funct\
+ion(){return!!i}};return p};var i=[].slice;f.extend({Deferred:function(a){var b\
+=f.Callbacks(\"once memory\"),c=f.Callbacks(\"once memory\"),d=f.Callbacks(\"me\
+mory\"),e=\"pending\",g={resolve:b,reject:c,notify:d},h={done:b.add,fail:c.add,\
+progress:d.add,state:function(){return e},isResolved:b.fired,isRejected:c.fired\
+,then:function(a,b,c){i.done(a).fail(b).progress(c);return this},always:functio\
+n(){i.done.apply(i,arguments).fail.apply(i,arguments);return this},pipe:functio\
+n(a,b,c){return f.Deferred(function(d){f.each({done:[a,\"resolve\"],fail:[b,\"r\
+eject\"],progress:[c,\"notify\"]},function(a,b){var c=b[0],e=b[1],g;f.isFunctio\
+n(c)?i[a](function(){g=c.apply(this,arguments),g&&f.isFunction(g.promise)?g.pro\
+mise().then(d.resolve,d.reject,d.notify):d[e+\"With\"](this===i?d:this,[g])}):i\
+[a](d[e])})}).promise()},promise:function(a){if(a==null)a=h;else for(var b in h\
+)a[b]=h[b];return a}},i=h.promise({}),j;for(j in g)i[j]=g[j].fire,i[j+\"With\"]\
+=g[j].fireWith;i.done(function(){e=\"resolved\"},c.disable,d.lock).fail(functio\
+n(){e=\"rejected\"},b.disable,d.lock),a&&a.call(i,i);return i},when:function(a)\
+{function m(a){return function(b){e[a]=arguments.length>1?i.call(arguments,0):b\
+,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.\
+call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.\
+length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j\
+.promise();if(d>1){for(;c<d;c++)b[c]&&b[c].promise&&f.isFunction(b[c].promise)?\
+b[c].promise().then(l(c),j.reject,m(c)):--g;g||j.resolveWith(j,b)}else j!==a&&j\
+.resolveWith(j,d?[a]:[]);return k}}),f.support=function(){var b,d,e,g,h,i,j,k,l\
+,m,n,o,p=c.createElement(\"div\"),q=c.documentElement;p.setAttribute(\"classNam\
+e\",\"t\"),p.innerHTML=\"   <link/><table></table><a href='/a' style='top:1px;f\
+loat:left;opacity:.55;'>a</a><input type='checkbox'/>\",d=p.getElementsByTagNam\
+e(\"*\"),e=p.getElementsByTagName(\"a\")[0];if(!d||!d.length||!e)return{};g=c.c\
+reateElement(\"select\"),h=g.appendChild(c.createElement(\"option\")),i=p.getEl\
+ementsByTagName(\"input\")[0],b={leadingWhitespace:p.firstChild.nodeType===3,tb\
+ody:!p.getElementsByTagName(\"tbody\").length,htmlSerialize:!!p.getElementsByTa\
+gName(\"link\").length,style:/top/.test(e.getAttribute(\"style\")),hrefNormaliz\
+ed:e.getAttribute(\"href\")===\"/a\",opacity:/^0.55/.test(e.style.opacity),cssF\
+loat:!!e.style.cssFloat,checkOn:i.value===\"on\",optSelected:h.selected,getSetA\
+ttribute:p.className!==\"t\",enctype:!!c.createElement(\"form\").enctype,html5C\
+lone:c.createElement(\"nav\").cloneNode(!0).outerHTML!==\"<:nav></:nav>\",submi\
+tBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0\
+,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,pixelMarg\
+in:!0},f.boxModel=b.boxModel=c.compatMode===\"CSS1Compat\",i.checked=!0,b.noClo\
+neChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{d\
+elete p.test}catch(r){b.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.\
+fireEvent&&(p.attachEvent(\"onclick\",function(){b.noCloneEvent=!1}),p.cloneNod\
+e(!0).fireEvent(\"onclick\")),i=c.createElement(\"input\"),i.value=\"t\",i.setA\
+ttribute(\"type\",\"radio\"),b.radioValue=i.value===\"t\",i.setAttribute(\"chec\
+ked\",\"checked\"),i.setAttribute(\"name\",\"t\"),p.appendChild(i),j=c.createDo\
+cumentFragment(),j.appendChild(p.lastChild),b.checkClone=j.cloneNode(!0).cloneN\
+ode(!0).lastChild.checked,b.appendChecked=i.checked,j.removeChild(i),j.appendCh\
+ild(p);if(p.attachEvent)for(n in{submit:1,change:1,focusin:1})m=\"on\"+n,o=m in\
+ p,o||(p.setAttribute(m,\"return;\"),o=typeof p[m]==\"function\"),b[n+\"Bubbles\
+\"]=o;j.removeChild(p),j=g=h=p=i=null,f(function(){var d,e,g,h,i,j,l,m,n,q,r,s,\
+t,u=c.getElementsByTagName(\"body\")[0];!u||(m=1,t=\"padding:0;margin:0;border:\
+\",r=\"position:absolute;top:0;left:0;width:1px;height:1px;\",s=t+\"0;visibilit\
+y:hidden;\",n=\"style='\"+r+t+\"5px solid #000;\",q=\"<div \"+n+\"display:block\
+;'><div style='\"+t+\"0;display:block;overflow:hidden;'></div></div>\"+\"<table\
+ \"+n+\"' cellpadding='0' cellspacing='0'>\"+\"<tr><td></td></tr></table>\",d=c\
+.createElement(\"div\"),d.style.cssText=s+\"width:0;height:0;position:static;to\
+p:0;margin-top:\"+m+\"px\",u.insertBefore(d,u.firstChild),p=c.createElement(\"d\
+iv\"),d.appendChild(p),p.innerHTML=\"<table><tr><td style='\"+t+\"0;display:non\
+e'></td><td>t</td></tr></table>\",k=p.getElementsByTagName(\"td\"),o=k[0].offse\
+tHeight===0,k[0].style.display=\"\",k[1].style.display=\"none\",b.reliableHidde\
+nOffsets=o&&k[0].offsetHeight===0,a.getComputedStyle&&(p.innerHTML=\"\",l=c.cre\
+ateElement(\"div\"),l.style.width=\"0\",l.style.marginRight=\"0\",p.style.width\
+=\"2px\",p.appendChild(l),b.reliableMarginRight=(parseInt((a.getComputedStyle(l\
+,null)||{marginRight:0}).marginRight,10)||0)===0),typeof p.style.zoom!=\"undefi\
+ned\"&&(p.innerHTML=\"\",p.style.width=p.style.padding=\"1px\",p.style.border=0\
+,p.style.overflow=\"hidden\",p.style.display=\"inline\",p.style.zoom=1,b.inline\
+BlockNeedsLayout=p.offsetWidth===3,p.style.display=\"block\",p.style.overflow=\
+\"visible\",p.innerHTML=\"<div style='width:5px;'></div>\",b.shrinkWrapBlocks=p\
+.offsetWidth!==3),p.style.cssText=r+s,p.innerHTML=q,e=p.firstChild,g=e.firstChi\
+ld,i=e.nextSibling.firstChild.firstChild,j={doesNotAddBorder:g.offsetTop!==5,do\
+esAddBorderForTableAndCells:i.offsetTop===5},g.style.position=\"fixed\",g.style\
+.top=\"20px\",j.fixedPosition=g.offsetTop===20||g.offsetTop===15,g.style.positi\
+on=g.style.top=\"\",e.style.overflow=\"hidden\",e.style.position=\"relative\",j\
+.subtractsBorderForOverflowNotVisible=g.offsetTop===-5,j.doesNotIncludeMarginIn\
+BodyOffset=u.offsetTop!==m,a.getComputedStyle&&(p.style.marginTop=\"1%\",b.pixe\
+lMargin=(a.getComputedStyle(p,null)||{marginTop:0}).marginTop!==\"1%\"),typeof \
+d.style.zoom!=\"undefined\"&&(d.style.zoom=1),u.removeChild(d),l=p=d=null,f.ext\
+end(b,j))});return b}();var j=/^(?:\\{.*\\}|\\[.*\\])$/,k=/([A-Z])/g;f.extend({\
+cache:{},uuid:0,expando:\"jQuery\"+(f.fn.jquery+Math.random()).replace(/\\D/g,\
+\"\"),noData:{embed:!0,object:\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\",ap\
+plet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];re\
+turn!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expa\
+ndo,k=typeof c==\"string\",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c===\"\
+events\";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.u\
+uid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c==\"object\"||typeo\
+f c==\"function\")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m\
+[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])\
+return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},remove\
+Data:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j\
+=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArra\
+y(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(\" \")));for(e=0,g\
+=b.length;e<g;e++)delete d[b[e]];if(!(c?m:f.isEmptyObject)(d))return}}if(!c){de\
+lete j[k].data;if(!m(j[k]))return}f.support.deleteExpando||!j.setInterval?delet\
+e j[k]:j[k]=null,i&&(f.support.deleteExpando?delete a[h]:a.removeAttribute?a.re\
+moveAttribute(h):a[h]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},ac\
+ceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if\
+(b)return b!==!0&&a.getAttribute(\"classid\")===b}return!0}}),f.fn.extend({data\
+:function(a,c){var d,e,g,h,i,j=this[0],k=0,m=null;if(a===b){if(this.length){m=f\
+.data(j);if(j.nodeType===1&&!f._data(j,\"parsedAttrs\")){g=j.attributes;for(i=g\
+.length;k<i;k++)h=g[k].name,h.indexOf(\"data-\")===0&&(h=f.camelCase(h.substrin\
+g(5)),l(j,h,m[h]));f._data(j,\"parsedAttrs\",!0)}}return m}if(typeof a==\"objec\
+t\")return this.each(function(){f.data(this,a)});d=a.split(\".\",2),d[1]=d[1]?\
+\".\"+d[1]:\"\",e=d[1]+\"!\";return f.access(this,function(c){if(c===b){m=this.\
+triggerHandler(\"getData\"+e,[d[0]]),m===b&&j&&(m=f.data(j,a),m=l(j,a,m));retur\
+n m===b&&d[1]?this.data(d[0]):m}d[1]=c,this.each(function(){var b=f(this);b.tri\
+ggerHandler(\"setData\"+e,d),f.data(this,a,c),b.triggerHandler(\"changeData\"+e\
+,d)})},null,c,arguments.length>1,null,!1)},removeData:function(a){return this.e\
+ach(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,b){a&&(b=(b\
+||\"fx\")+\"mark\",f._data(a,b,(f._data(a,b)||0)+1))},_unmark:function(a,b,c){a\
+!==!0&&(c=b,b=a,a=!1);if(b){c=c||\"fx\";var d=c+\"mark\",e=a?0:(f._data(b,d)||1\
+)-1;e?f._data(b,d,e):(f.removeData(b,d,!0),n(b,c,\"mark\"))}},queue:function(a,\
+b,c){var d;if(a){b=(b||\"fx\")+\"queue\",d=f._data(a,b),c&&(!d||f.isArray(c)?d=\
+f._data(a,b,f.makeArray(c)):d.push(c));return d||[]}},dequeue:function(a,b){b=b\
+||\"fx\";var c=f.queue(a,b),d=c.shift(),e={};d===\"inprogress\"&&(d=c.shift()),\
+d&&(b===\"fx\"&&c.unshift(\"inprogress\"),f._data(a,b+\".run\",e),d.call(a,func\
+tion(){f.dequeue(a,b)},e)),c.length||(f.removeData(a,b+\"queue \"+b+\".run\",!0\
+),n(a,b,\"queue\"))}}),f.fn.extend({queue:function(a,c){var d=2;typeof a!=\"str\
+ing\"&&(c=a,a=\"fx\",d--);if(arguments.length<d)return f.queue(this[0],a);retur\
+n c===b?this:this.each(function(){var b=f.queue(this,a,c);a===\"fx\"&&b[0]!==\"\
+inprogress\"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(functio\
+n(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||\"\
+fx\";return this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){\
+clearTimeout(d)}})},clearQueue:function(a){return this.queue(a||\"fx\",[])},pro\
+mise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!=\"string\"&\
+&(c=a,a=b),a=a||\"fx\";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+\"defer\",j\
+=a+\"queue\",k=a+\"mark\",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,\
+b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f.Callbacks(\"once memory\"),!0))h++\
+,l.add(m);m();return d.promise(c)}});var o=/[\\n\\t\\r]/g,p=/\\s+/,q=/\\r/g,r=/\
+^(?:button|input)$/i,s=/^(?:button|input|object|select|textarea)$/i,t=/^a(?:rea\
+)?$/i,u=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|lo\
+op|multiple|open|readonly|required|scoped|selected)$/i,v=f.support.getSetAttrib\
+ute,w,x,y;f.fn.extend({attr:function(a,b){return f.access(this,f.attr,a,b,argum\
+ents.length>1)},removeAttr:function(a){return this.each(function(){f.removeAttr\
+(this,a)})},prop:function(a,b){return f.access(this,f.prop,a,b,arguments.length\
+>1)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{t\
+his[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if\
+(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,th\
+is.className))});if(a&&typeof a==\"string\"){b=a.split(p);for(c=0,d=this.length\
+;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className\
+=a;else{g=\" \"+e.className+\" \";for(h=0,i=b.length;h<i;h++)~g.indexOf(\" \"+b\
+[h]+\" \")||(g+=b[h]+\" \");e.className=f.trim(g)}}}return this},removeClass:fu\
+nction(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(t\
+his).removeClass(a.call(this,b,this.className))});if(a&&typeof a==\"string\"||a\
+===b){c=(a||\"\").split(p);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeTy\
+pe===1&&g.className)if(a){h=(\" \"+g.className+\" \").replace(o,\" \");for(i=0,\
+j=c.length;i<j;i++)h=h.replace(\" \"+c[i]+\" \",\" \");g.className=f.trim(h)}el\
+se g.className=\"\"}}return this},toggleClass:function(a,b){var c=typeof a,d=ty\
+peof b==\"boolean\";if(f.isFunction(a))return this.each(function(c){f(this).tog\
+gleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c=\
+==\"string\"){var e,g=0,h=f(this),i=b,j=a.split(p);while(e=j[g++])i=d?i:!h.hasC\
+lass(e),h[i?\"addClass\":\"removeClass\"](e)}else if(c===\"undefined\"||c===\"b\
+oolean\")this.className&&f._data(this,\"__className__\",this.className),this.cl\
+assName=this.className||a===!1?\"\":f._data(this,\"__className__\")||\"\"})},ha\
+sClass:function(a){var b=\" \"+a+\" \",c=0,d=this.length;for(;c<d;c++)if(this[c\
+].nodeType===1&&(\" \"+this[c].className+\" \").replace(o,\" \").indexOf(b)>-1)\
+return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){\
+e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType\
+===1){e?h=a.call(this,d,g.val()):h=a,h==null?h=\"\":typeof h==\"number\"?h+=\"\
+\":f.isArray(h)&&(h=f.map(h,function(a){return a==null?\"\":a+\"\"})),c=f.valHo\
+oks[this.type]||f.valHooks[this.nodeName.toLowerCase()];if(!c||!(\"set\"in c)||\
+c.set(this,h,\"value\")===b)this.value=h}})}if(g){c=f.valHooks[g.type]||f.valHo\
+oks[g.nodeName.toLowerCase()];if(c&&\"get\"in c&&(d=c.get(g,\"value\"))!==b)ret\
+urn d;d=g.value;return typeof d==\"string\"?d.replace(q,\"\"):d==null?\"\":d}}}\
+}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!\
+b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selecte\
+dIndex,h=[],i=a.options,j=a.type===\"select-one\";if(g<0)return null;c=j?g:0,d=\
+j?g+1:i.length;for(;c<d;c++){e=i[c];if(e.selected&&(f.support.optDisabled?!e.di\
+sabled:e.getAttribute(\"disabled\")===null)&&(!e.parentNode.disabled||!f.nodeNa\
+me(e.parentNode,\"optgroup\"))){b=f(e).val();if(j)return b;h.push(b)}}if(j&&!h.\
+length&&i.length)return f(i[g]).val();return h},set:function(a,b){var c=f.makeA\
+rray(b);f(a).find(\"option\").each(function(){this.selected=f.inArray(f(this).v\
+al(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,h\
+tml:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var\
+ g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a\
+)[c](d);if(typeof a.getAttribute==\"undefined\")return f.prop(a,c,d);i=j!==1||!\
+f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b\
+){if(d===null){f.removeAttr(a,c);return}if(h&&\"set\"in h&&i&&(g=h.set(a,d,c))!\
+==b)return g;a.setAttribute(c,\"\"+d);return d}if(h&&\"get\"in h&&i&&(g=h.get(a\
+,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:funct\
+ion(a,b){var c,d,e,g,h,i=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d\
+.length;for(;i<g;i++)e=d[i],e&&(c=f.propFix[e]||e,h=u.test(e),h||f.attr(a,e,\"\
+\"),a.removeAttribute(v?e:c),h&&c in a&&(a[c]=!1))}},attrHooks:{type:{set:funct\
+ion(a,b){if(r.test(a.nodeName)&&a.parentNode)f.error(\"type property can't be c\
+hanged\");else if(!f.support.radioValue&&b===\"radio\"&&f.nodeName(a,\"input\")\
+){var c=a.value;a.setAttribute(\"type\",b),c&&(a.value=c);return b}}},value:{ge\
+t:function(a,b){if(w&&f.nodeName(a,\"button\"))return w.get(a,b);return b in a?\
+a.value:null},set:function(a,b,c){if(w&&f.nodeName(a,\"button\"))return w.set(a\
+,b,c);a.value=b}}},propFix:{tabindex:\"tabIndex\",readonly:\"readOnly\",\"for\"\
+:\"htmlFor\",\"class\":\"className\",maxlength:\"maxLength\",cellspacing:\"cell\
+Spacing\",cellpadding:\"cellPadding\",rowspan:\"rowSpan\",colspan:\"colSpan\",u\
+semap:\"useMap\",frameborder:\"frameBorder\",contenteditable:\"contentEditable\
+\"},prop:function(a,c,d){var e,g,h,i=a.nodeType;if(!!a&&i!==3&&i!==8&&i!==2){h=\
+i!==1||!f.isXMLDoc(a),h&&(c=f.propFix[c]||c,g=f.propHooks[c]);return d!==b?g&&\
+\"set\"in g&&(e=g.set(a,d,c))!==b?e:a[c]=d:g&&\"get\"in g&&(e=g.get(a,c))!==nul\
+l?e:a[c]}},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode(\"tabi\
+ndex\");return c&&c.specified?parseInt(c.value,10):s.test(a.nodeName)||t.test(a\
+.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabindex=f.propHooks.tabIndex,x={get:fu\
+nction(a,c){var d,e=f.prop(a,c);return e===!0||typeof e!=\"boolean\"&&(d=a.getA\
+ttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d\
+;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c\
+,c.toLowerCase()));return c}},v||(y={name:!0,id:!0,coords:!0},w=f.valHooks.butt\
+on={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&(y[c]?d.nodeValue\
+!==\"\":d.specified)?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNod\
+e(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+\"\
+\"}},f.attrHooks.tabindex.set=w.set,f.each([\"width\",\"height\"],function(a,b)\
+{f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===\"\"){a.setAt\
+tribute(b,\"auto\");return c}}})}),f.attrHooks.contenteditable={get:w.get,set:f\
+unction(a,b,c){b===\"\"&&(b=\"false\"),w.set(a,b,c)}}),f.support.hrefNormalized\
+||f.each([\"href\",\"src\",\"width\",\"height\"],function(a,c){f.attrHooks[c]=f\
+.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===nu\
+ll?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style\
+.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=\"\"+b}}),f\
+.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:\
+function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.s\
+electedIndex);return null}})),f.support.enctype||(f.propFix.enctype=\"encoding\
+\"),f.support.checkOn||f.each([\"radio\",\"checkbox\"],function(){f.valHooks[th\
+is]={get:function(a){return a.getAttribute(\"value\")===null?\"on\":a.value}}})\
+,f.each([\"radio\",\"checkbox\"],function(){f.valHooks[this]=f.extend(f.valHook\
+s[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(\
+),b)>=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\\.]*)?(?:\\.(.+))?$/,\
+B=/(?:^|\\s)hover(\\.\\S+)?\\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(\
+?:focusinfocus|focusoutblur)$/,F=/^(\\w*)(?:#([\\w\\-]+))?(?:\\.([\\w\\-]+))?$/\
+,G=function( a){var b=F.exec(a);b&&(b[1]=(b[1]||\"\").toLowerCase(),b[3]=b[3]&&\
+new RegExp(\"(?:^|\\\\s)\"+b[3]+\"(?:\\\\s|$)\"));return b},H=function(a,b){var\
+ c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.\
+id||{}).value===b[2])&&(!b[3]||b[3].test((c[\"class\"]||{}).value))},I=function\
+(a){return f.event.special.hover?a:a.replace(B,\"mouseenter$1 mouseleave$1\")};\
+f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===\
+3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler,g=p.se\
+lector),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(\
+h.handle=i=function(a){return typeof f!=\"undefined\"&&(!a||f.event.triggered!=\
+=a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).s\
+plit(\" \");for(k=0;k<c.length;k++){l=A.exec(c[k])||[],m=l[1],n=(l[2]||\"\").sp\
+lit(\".\").sort(),s=f.event.special[m]||{},m=(g?s.delegateType:s.bindType)||m,s\
+=f.event.special[m]||{},o=f.extend({type:m,origType:l[1],data:e,handler:d,guid:\
+d.guid,selector:g,quick:g&&G(g),namespace:n.join(\".\")},p),r=j[m];if(!r){r=j[m\
+]=[],r.delegateCount=0;if(!s.setup||s.setup.call(a,e,n,i)===!1)a.addEventListen\
+er?a.addEventListener(m,i,!1):a.attachEvent&&a.attachEvent(\"on\"+m,i)}s.add&&(\
+s.add.call(a,o),o.handler.guid||(o.handler.guid=d.guid)),g?r.splice(r.delegateC\
+ount++,0,o):r.push(o),f.event.global[m]=!0}a=null}},global:{},remove:function(a\
+,b,c,d,e){var g=f.hasData(a)&&f._data(a),h,i,j,k,l,m,n,o,p,q,r,s;if(!!g&&!!(o=g\
+.events)){b=f.trim(I(b||\"\")).split(\" \");for(h=0;h<b.length;h++){i=A.exec(b[\
+h])||[],j=k=i[1],l=i[2];if(!j){for(j in o)f.event.remove(a,j+b[h],c,d,!0);conti\
+nue}p=f.event.special[j]||{},j=(d?p.delegateType:p.bindType)||j,r=o[j]||[],m=r.\
+length,l=l?new RegExp(\"(^|\\\\.)\"+l.split(\".\").sort().join(\"\\\\.(?:.*\
+\\\\.)?\")+\"(\\\\.|$)\"):null;for(n=0;n<r.length;n++)s=r[n],(e||k===s.origType\
+)&&(!c||c.guid===s.guid)&&(!l||l.test(s.namespace))&&(!d||d===s.selector||d===\
+\"**\"&&s.selector)&&(r.splice(n--,1),s.selector&&r.delegateCount--,p.remove&&p\
+.remove.call(a,s));r.length===0&&m!==r.length&&((!p.teardown||p.teardown.call(a\
+,l)===!1)&&f.removeEvent(a,j,g.handle),delete o[j])}f.isEmptyObject(o)&&(q=g.ha\
+ndle,q&&(q.elem=null),f.removeData(a,[\"events\",\"handle\"],!0))}},customEvent\
+:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){if(!e||e.nodeT\
+ype!==3&&e.nodeType!==8){var h=c.type||c,i=[],j,k,l,m,n,o,p,q,r,s;if(E.test(h+f\
+.event.triggered))return;h.indexOf(\"!\")>=0&&(h=h.slice(0,-1),k=!0),h.indexOf(\
+\".\")>=0&&(i=h.split(\".\"),h=i.shift(),i.sort());if((!e||f.event.customEvent[\
+h])&&!f.event.global[h])return;c=typeof c==\"object\"?c[f.expando]?c:new f.Even\
+t(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join(\
+\".\"),c.namespace_re=c.namespace?new RegExp(\"(^|\\\\.)\"+i.join(\"\\\\.(?:.*\
+\\\\.)?\")+\"(\\\\.|$)\"):null,o=h.indexOf(\":\")<0?\"on\"+h:\"\";if(!e){j=f.ca\
+che;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.ele\
+m,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.un\
+shift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)retur\
+n;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h\
+,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&\
+&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;l<r.\
+length&&!c.isPropagationStopped();l++)m=r[l][0],c.type=r[l][1],q=(f._data(m,\"e\
+vents\")||{})[c.type]&&f._data(m,\"handle\"),q&&q.apply(m,d),q=o&&m[o],q&&f.acc\
+eptData(m)&&q.apply(m,d)===!1&&c.preventDefault();c.type=h,!g&&!c.isDefaultPrev\
+ented()&&(!p._default||p._default.apply(e.ownerDocument,d)===!1)&&(h!==\"click\
+\"||!f.nodeName(e,\"a\"))&&f.acceptData(e)&&o&&e[h]&&(h!==\"focus\"&&h!==\"blur\
+\"||c.target.offsetWidth!==0)&&!f.isWindow(e)&&(n=e[o],n&&(e[o]=null),f.event.t\
+riggered=h,e[h](),f.event.triggered=b,n&&(e[o]=n));return c.result}},dispatch:f\
+unction(c){c=f.event.fix(c||a.event);var d=(f._data(this,\"events\")||{})[c.typ\
+e]||[],e=d.delegateCount,g=[].slice.call(arguments,0),h=!c.exclusive&&!c.namesp\
+ace,i=f.event.special[c.type]||{},j=[],k,l,m,n,o,p,q,r,s,t,u;g[0]=c,c.delegateT\
+arget=this;if(!i.preDispatch||i.preDispatch.call(this,c)!==!1){if(e&&(!c.button\
+||c.type!==\"click\")){n=f(this),n.context=this.ownerDocument||this;for(m=c.tar\
+get;m!=this;m=m.parentNode||this)if(m.disabled!==!0){p={},r=[],n[0]=m;for(k=0;k\
+<e;k++)s=d[k],t=s.selector,p[t]===b&&(p[t]=s.quick?H(m,s.quick):n.is(t)),p[t]&&\
+r.push(s);r.length&&j.push({elem:m,matches:r})}}d.length>e&&j.push({elem:this,m\
+atches:d.slice(e)});for(k=0;k<j.length&&!c.isPropagationStopped();k++){q=j[k],c\
+.currentTarget=q.elem;for(l=0;l<q.matches.length&&!c.isImmediatePropagationStop\
+ped();l++){s=q.matches[l];if(h||!c.namespace&&!s.namespace||c.namespace_re&&c.n\
+amespace_re.test(s.namespace))c.data=s.data,c.handleObj=s,o=((f.event.special[s\
+.origType]||{}).handle||s.handler).apply(q.elem,g),o!==b&&(c.result=o,o===!1&&(\
+c.preventDefault(),c.stopPropagation()))}}i.postDispatch&&i.postDispatch.call(t\
+his,c);return c.result}},props:\"attrChange attrName relatedNode srcElement alt\
+Key bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget s\
+hiftKey target timeStamp view which\".split(\" \"),fixHooks:{},keyHooks:{props:\
+\"char charCode key keyCode\".split(\" \"),filter:function(a,b){a.which==null&&\
+(a.which=b.charCode!=null?b.charCode:b.keyCode);return a}},mouseHooks:{props:\"\
+button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX \
+screenY toElement\".split(\" \"),filter:function(a,d){var e,f,g,h=d.button,i=d.\
+fromElement;a.pageX==null&&d.clientX!=null&&(e=a.target.ownerDocument||c,f=e.do\
+cumentElement,g=e.body,a.pageX=d.clientX+(f&&f.scrollLeft||g&&g.scrollLeft||0)-\
+(f&&f.clientLeft||g&&g.clientLeft||0),a.pageY=d.clientY+(f&&f.scrollTop||g&&g.s\
+crollTop||0)-(f&&f.clientTop||g&&g.clientTop||0)),!a.relatedTarget&&i&&(a.relat\
+edTarget=i===a.target?d.toElement:i),!a.which&&h!==b&&(a.which=h&1?1:h&2?3:h&4?\
+2:0);return a}},fix:function(a){if(a[f.expando])return a;var d,e,g=a,h=f.event.\
+fixHooks[a.type]||{},i=h.props?this.props.concat(h.props):this.props;a=f.Event(\
+g);for(d=i.length;d;)e=i[--d],a[e]=g[e];a.target||(a.target=g.srcElement||c),a.\
+target.nodeType===3&&(a.target=a.target.parentNode),a.metaKey===b&&(a.metaKey=a\
+.ctrlKey);return h.filter?h.filter(a,g):a},special:{ready:{setup:f.bindReady},l\
+oad:{noBubble:!0},focus:{delegateType:\"focusin\"},blur:{delegateType:\"focusou\
+t\"},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload\
+=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)\
+}}},simulate:function(a,b,c,d){var e=f.extend(new f.Event,c,{type:a,isSimulated\
+:!0,originalEvent:{}});d?f.event.trigger(e,null,b):f.event.dispatch.call(b,e),e\
+.isDefaultPrevented()&&c.preventDefault()}},f.event.handle=f.event.dispatch,f.r\
+emoveEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.remov\
+eEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent(\"on\"+b,c\
+)},f.Event=function(a,b){if(!(this instanceof f.Event))return new f.Event(a,b);\
+a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defa\
+ultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?K:\
+J):this.type=a,b&&f.extend(this,b),this.timeStamp=a&&a.timeStamp||f.now(),this[\
+f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPreve\
+nted=K;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.retu\
+rnValue=!1)},stopPropagation:function(){this.isPropagationStopped=K;var a=this.\
+originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},s\
+topImmediatePropagation:function(){this.isImmediatePropagationStopped=K,this.st\
+opPropagation()},isDefaultPrevented:J,isPropagationStopped:J,isImmediatePropaga\
+tionStopped:J},f.each({mouseenter:\"mouseover\",mouseleave:\"mouseout\"},functi\
+on(a,b){f.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c=\
+this,d=a.relatedTarget,e=a.handleObj,g=e.selector,h;if(!d||d!==c&&!f.contains(c\
+,d))a.type=e.origType,h=e.handler.apply(this,arguments),a.type=b;return h}}}),f\
+.support.submitBubbles||(f.event.special.submit={setup:function(){if(f.nodeName\
+(this,\"form\"))return!1;f.event.add(this,\"click._submit keypress._submit\",fu\
+nction(a){var c=a.target,d=f.nodeName(c,\"input\")||f.nodeName(c,\"button\")?c.\
+form:b;d&&!d._submit_attached&&(f.event.add(d,\"submit._submit\",function(a){a.\
+_submit_bubble=!0}),d._submit_attached=!0)})},postDispatch:function(a){a._submi\
+t_bubble&&(delete a._submit_bubble,this.parentNode&&!a.isTrigger&&f.event.simul\
+ate(\"submit\",this.parentNode,a,!0))},teardown:function(){if(f.nodeName(this,\
+\"form\"))return!1;f.event.remove(this,\"._submit\")}}),f.support.changeBubbles\
+||(f.event.special.change={setup:function(){if(z.test(this.nodeName)){if(this.t\
+ype===\"checkbox\"||this.type===\"radio\")f.event.add(this,\"propertychange._ch\
+ange\",function(a){a.originalEvent.propertyName===\"checked\"&&(this._just_chan\
+ged=!0)}),f.event.add(this,\"click._change\",function(a){this._just_changed&&!a\
+.isTrigger&&(this._just_changed=!1,f.event.simulate(\"change\",this,a,!0))});re\
+turn!1}f.event.add(this,\"beforeactivate._change\",function(a){var b=a.target;z\
+.test(b.nodeName)&&!b._change_attached&&(f.event.add(b,\"change._change\",funct\
+ion(a){this.parentNode&&!a.isSimulated&&!a.isTrigger&&f.event.simulate(\"change\
+\",this.parentNode,a,!0)}),b._change_attached=!0)})},handle:function(a){var b=a\
+.target;if(this!==b||a.isSimulated||a.isTrigger||b.type!==\"radio\"&&b.type!==\
+\"checkbox\")return a.handleObj.handler.apply(this,arguments)},teardown:functio\
+n(){f.event.remove(this,\"._change\");return z.test(this.nodeName)}}),f.support\
+.focusinBubbles||f.each({focus:\"focusin\",blur:\"focusout\"},function(a,b){var\
+ d=0,e=function(a){f.event.simulate(b,a.target,f.event.fix(a),!0)};f.event.spec\
+ial[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function\
+(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.fn.extend({on:function(a,c,d,e,\
+g){var h,i;if(typeof a==\"object\"){typeof c!=\"string\"&&(d=d||c,c=b);for(i in\
+ a)this.on(i,c,d,a[i],g);return this}d==null&&e==null?(e=c,d=c=b):e==null&&(typ\
+eof c==\"string\"?(e=d,d=b):(e=d,d=c,c=b));if(e===!1)e=J;else if(!e)return this\
+;g===1&&(h=e,e=function(a){f().off(a);return h.apply(this,arguments)},e.guid=h.\
+guid||(h.guid=f.guid++));return this.each(function(){f.event.add(this,a,e,d,c)}\
+)},one:function(a,b,c,d){return this.on(a,b,c,d,1)},off:function(a,c,d){if(a&&a\
+.preventDefault&&a.handleObj){var e=a.handleObj;f(a.delegateTarget).off(e.names\
+pace?e.origType+\".\"+e.namespace:e.origType,e.selector,e.handler);return this}\
+if(typeof a==\"object\"){for(var g in a)this.off(g,c,a[g]);return this}if(c===!\
+1||typeof c==\"function\")d=c,c=b;d===!1&&(d=J);return this.each(function(){f.e\
+vent.remove(this,a,d,c)})},bind:function(a,b,c){return this.on(a,null,b,c)},unb\
+ind:function(a,b){return this.off(a,null,b)},live:function(a,b,c){f(this.contex\
+t).on(a,this.selector,b,c);return this},die:function(a,b){f(this.context).off(a\
+,this.selector||\"**\",b);return this},delegate:function(a,b,c,d){return this.o\
+n(b,a,c,d)},undelegate:function(a,b,c){return arguments.length==1?this.off(a,\"\
+**\"):this.off(b,a,c)},trigger:function(a,b){return this.each(function(){f.even\
+t.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.t\
+rigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d\
+=0,e=function(c){var e=(f._data(this,\"lastToggle\"+a.guid)||0)%d;f._data(this,\
+\"lastToggle\"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)\
+||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:funct\
+ion(a,b){return this.mouseenter(a).mouseleave(b||a)}}),f.each(\"blur focus focu\
+sin focusout load resize scroll unload click dblclick mousedown mouseup mousemo\
+ve mouseover mouseout mouseenter mouseleave change select submit keydown keypre\
+ss keyup error contextmenu\".split(\" \"),function(a,b){f.fn[b]=function(a,c){c\
+==null&&(c=a,a=null);return arguments.length>0?this.on(b,null,a,c):this.trigger\
+(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHook\
+s),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(\
+a,b,c,e,f,g){for(var h=0,i=e.length;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];w\
+hile(j){if(j[d]===c){k=e[j.sizset];break}if(j.nodeType===1){g||(j[d]=c,j.sizset\
+=h);if(typeof b!=\"string\"){if(j===b){k=!0;break}}else if(m.filter(b,[j]).leng\
+th>0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length\
+;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];while(j){if(j[d]===c){k=e[j.sizset];\
+break}j.nodeType===1&&!g&&(j[d]=c,j.sizset=h);if(j.nodeName.toLowerCase()===b){\
+k=j;break}j=j[a]}e[h]=k}}}var a=/((?:\\((?:\\([^()]+\\)|[^()]+)+\\)|\\[(?:\\[[^\
+\\[\\]]*\\]|['\"][^'\"]*['\"]|[^\\[\\]'\"]+)+\\]|\\\\.|[^ >+~,(\\[\\\\]+)+|[>+~\
+])(\\s*,\\s*)?((?:.|\\r|\\n)*)/g,d=\"sizcache\"+(Math.random()+\"\").replace(\"\
+.\",\"\"),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\\\/g,k=/\\r\\n/g,l=/\
+\\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d|\
+|c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!=\"string\
+\")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(\"\"),i=a.\
+exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>\
+1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.rela\
+tive[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.s\
+hift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0\
+])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter\
+(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.\
+length===1&&(w[0]===\"~\"||w[0]===\"+\")&&d.parentNode?d.parentNode:d,v),j=n.ex\
+pr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop()\
+,r=q,o.relative[q]?r=w.pop():q=\"\",r==null&&(r=d),o.relative[q](k,r,v)}else k=\
+w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)===\"[object Array]\")if(!u)e.push.a\
+pply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[\
+t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)\
+k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e\
+));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b<a.\
+length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},m.matches=function(a,b){ret\
+urn m(a,null,null,b)},m.matchesSelector=function(a,b){return m(b,null,null,[a])\
+.length>0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.or\
+der.length;e<f;e++){h=o.order[e];if(g=o.leftMatch[h].exec(a)){i=g[1],g.splice(1\
+,1);if(i.substr(i.length-1)!==\"\\\\\"){g[1]=(g[1]||\"\").replace(j,\"\"),d=o.f\
+ind[h](g,b,c);if(d!=null){a=a.replace(o.match[h],\"\");break}}}}d||(d=typeof b.\
+getElementsByTagName!=\"undefined\"?b.getElementsByTagName(\"*\"):[]);return{se\
+t:d,expr:a}},m.filter=function(a,c,d,e){var f,g,h,i,j,k,l,n,p,q=a,r=[],s=c,t=c&\
+&c[0]&&m.isXML(c[0]);while(a&&c.length){for(h in o.filter)if((f=o.leftMatch[h].\
+exec(a))!=null&&f[2]){k=o.filter[h],l=f[1],g=!1,f.splice(1,1);if(l.substr(l.len\
+gth-1)===\"\\\\\")continue;s===r&&(r=[]);if(o.preFilter[h]){f=o.preFilter[h](f,\
+s,d,r,e,t);if(!f)g=i=!0;else if(f===!0)continue}if(f)for(n=0;(j=s[n])!=null;n++\
+)j&&(i=k(j,f,n,s),p=e^i,d&&i!=null?p?g=!0:s[n]=!1:p&&(r.push(j),g=!0));if(i!==b\
+){d||(s=r),a=a.replace(o.match[h],\"\");if(!g)return[];break}}if(a===q)if(g==nu\
+ll)m.error(a);else break;q=a}return s},m.error=function(a){throw new Error(\"Sy\
+ntax error, unrecognized expression: \"+a)};var n=m.getText=function(a){var b,c\
+,d=a.nodeType,e=\"\";if(d){if(d===1||d===9||d===11){if(typeof a.textContent==\"\
+string\")return a.textContent;if(typeof a.innerText==\"string\")return a.innerT\
+ext.replace(k,\"\");for(a=a.firstChild;a;a=a.nextSibling)e+=n(a)}else if(d===3|\
+|d===4)return a.nodeValue}else for(b=0;c=a[b];b++)c.nodeType!==8&&(e+=n(c));ret\
+urn e},o=m.selectors={order:[\"ID\",\"NAME\",\"TAG\"],match:{ID:/#((?:[\\w\\u00\
+c0-\\uFFFF\\-]|\\\\.)+)/,CLASS:/\\.((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)/,NAME:/\
+\\[name=['\"]*((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)['\"]*\\]/,ATTR:/\\[\\s*((?:[\
+\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)\\s*(?:(\\S?=)\\s*(?:(['\"])(.*?)\\3|(#?(?:[\\w\
+\\u00c0-\\uFFFF\\-]|\\\\.)*)|)|)\\s*\\]/,TAG:/^((?:[\\w\\u00c0-\\uFFFF\\*\\-]|\
+\\\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\\(\\s*(even|odd|(?:[+\\-]?\\d+\
+|(?:[+\\-]?\\d*)?n\\s*(?:[+\\-]\\s*\\d+)?))\\s*\\))?/,POS:/:(nth|eq|gt|lt|first\
+|last|even|odd)(?:\\((\\d*)\\))?(?=[^\\-]|$)/,PSEUDO:/:((?:[\\w\\u00c0-\\uFFFF\
+\\-]|\\\\.)+)(?:\\((['\"]?)((?:\\([^\\)]+\\)|[^\\(\\)]*)+)\\2\\))?/},leftMatch:\
+{},attrMap:{\"class\":\"className\",\"for\":\"htmlFor\"},attrHandle:{href:funct\
+ion(a){return a.getAttribute(\"href\")},type:function(a){return a.getAttribute(\
+\"type\")}},relative:{\"+\":function(a,b){var c=typeof b==\"string\",d=c&&!l.te\
+st(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]\
+){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCas\
+e()===b?h||!1:h===b}e&&m.filter(b,a,!0)},\">\":function(a,b){var c,d=typeof b==\
+\"string\",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a\
+[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(\
+;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&m.filter(b,a,!0)}}\
+,\"\":function(a,b,c){var d,f=e++,g=x;typeof b==\"string\"&&!l.test(b)&&(b=b.to\
+LowerCase(),d=b,g=w),g(\"parentNode\",b,f,a,d,c)},\"~\":function(a,b,c){var d,f\
+=e++,g=x;typeof b==\"string\"&&!l.test(b)&&(b=b.toLowerCase(),d=b,g=w),g(\"prev\
+iousSibling\",b,f,a,d,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!\
+=\"undefined\"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}\
+},NAME:function(a,b){if(typeof b.getElementsByName!=\"undefined\"){var c=[],d=b\
+.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute(\"nam\
+e\")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typ\
+eof b.getElementsByTagName!=\"undefined\")return b.getElementsByTagName(a[1])}}\
+,preFilter:{CLASS:function(a,b,c,d,e,f){a=\" \"+a[1].replace(j,\"\")+\" \";if(f\
+)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(\" \"+h.classNa\
+me+\" \").replace(/[\\t\\n\\r]/g,\" \").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1\
+));return!1},ID:function(a){return a[1].replace(j,\"\")},TAG:function(a,b){retu\
+rn a[1].replace(j,\"\").toLowerCase()},CHILD:function(a){if(a[1]===\"nth\"){a[2\
+]||m.error(a[0]),a[2]=a[2].replace(/^\\+|\\s*/g,\"\");var b=/(-?)(\\d*)(?:n([+\
+\\-]?\\d*))?/.exec(a[2]===\"even\"&&\"2n\"||a[2]===\"odd\"&&\"2n+1\"||!/\\D/.te\
+st(a[2])&&\"0n+\"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.er\
+ror(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace\
+(j,\"\");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||\"\").replace(\
+j,\"\"),a[2]===\"~=\"&&(a[4]=\" \"+a[4]+\" \");return a},PSEUDO:function(b,c,d,\
+e,f){if(b[1]===\"not\")if((a.exec(b[3])||\"\").length>1||/^\\w/.test(b[3]))b[3]\
+=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);re\
+turn!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return\
+ b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){retur\
+n a.disabled===!1&&a.type!==\"hidden\"},disabled:function(a){return a.disabled=\
+==!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentN\
+ode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){retu\
+rn!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){re\
+turn!!m(c[3],a).length},header:function(a){return/h\\d/i.test(a.nodeName)},text\
+:function(a){var b=a.getAttribute(\"type\"),c=a.type;return a.nodeName.toLowerC\
+ase()===\"input\"&&\"text\"===c&&(b===c||b===null)},radio:function(a){return a.\
+nodeName.toLowerCase()===\"input\"&&\"radio\"===a.type},checkbox:function(a){re\
+turn a.nodeName.toLowerCase()===\"input\"&&\"checkbox\"===a.type},file:function\
+(a){return a.nodeName.toLowerCase()===\"input\"&&\"file\"===a.type},password:fu\
+nction(a){return a.nodeName.toLowerCase()===\"input\"&&\"password\"===a.type},s\
+ubmit:function(a){var b=a.nodeName.toLowerCase();return(b===\"input\"||b===\"bu\
+tton\")&&\"submit\"===a.type},image:function(a){return a.nodeName.toLowerCase()\
+===\"input\"&&\"image\"===a.type},reset:function(a){var b=a.nodeName.toLowerCas\
+e();return(b===\"input\"||b===\"button\")&&\"reset\"===a.type},button:function(\
+a){var b=a.nodeName.toLowerCase();return b===\"input\"&&\"button\"===a.type||b=\
+==\"button\"},input:function(a){return/input|select|textarea|button/i.test(a.no\
+deName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilter\
+s:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length\
+-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:fun\
+ction(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(\
+a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO\
+:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e===\"co\
+ntains\")return(a.textContent||a.innerText||n([a])||\"\").indexOf(b[3])>=0;if(e\
+===\"not\"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;retu\
+rn!0}m.error(e)},CHILD:function(a,b){var c,e,f,g,h,i,j,k=b[1],l=a;switch(k){cas\
+e\"only\":case\"first\":while(l=l.previousSibling)if(l.nodeType===1)return!1;if\
+(k===\"first\")return!0;l=a;case\"last\":while(l=l.nextSibling)if(l.nodeType===\
+1)return!1;return!0;case\"nth\":c=b[2],e=b[3];if(c===1&&e===0)return!0;f=b[0],g\
+=a.parentNode;if(g&&(g[d]!==f||!a.nodeIndex)){i=0;for(l=g.firstChild;l;l=l.next\
+Sibling)l.nodeType===1&&(l.nodeIndex=++i);g[d]=f}j=a.nodeIndex-e;return c===0?j\
+===0:j%c===0&&j/c>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute(\
+\"id\")===b},TAG:function(a,b){return b===\"*\"&&a.nodeType===1||!!a.nodeName&&\
+a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(\" \"+(a.className||a.\
+getAttribute(\"class\"))+\" \").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=\
+m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttr\
+ibute(c),e=d+\"\",f=b[2],g=b[4];return d==null?f===\"!=\":!f&&m.attr?d!=null:f=\
+==\"=\"?e===g:f===\"*=\"?e.indexOf(g)>=0:f===\"~=\"?(\" \"+e+\" \").indexOf(g)>\
+=0:g?f===\"!=\"?e!==g:f===\"^=\"?e.indexOf(g)===0:f===\"$=\"?e.substr(e.length-\
+g.length)===g:f===\"|=\"?e===g||e.substr(0,g.length+1)===g+\"-\":!1:e&&d!==!1},\
+POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=\
+o.match.POS,q=function(a,b){return\"\\\\\"+(b-0+1)};for(var r in o.match)o.matc\
+h[r]=new RegExp(o.match[r].source+/(?![^\\[]*\\])(?![^\\(]*\\))/.source),o.left\
+Match[r]=new RegExp(/(^(?:.|\\r|\\n)*?)/.source+o.match[r].source.replace(/\
+\\\\(\\d+)/g,q));o.match.globalPOS=p;var s=function(a,b){a=Array.prototype.slic\
+e.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slic\
+e.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var\
+ c=0,d=b||[];if(g.call(a)===\"[object Array]\")Array.prototype.push.apply(d,a);\
+else if(typeof a.length==\"number\")for(var e=a.length;c<e;c++)d.push(a[c]);els\
+e for(;a[c];c++)d.push(a[c]);return d}}var u,v;c.documentElement.compareDocumen\
+tPosition?u=function(a,b){if(a===b){h=!0;return 0}if(!a.compareDocumentPosition\
+||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.com\
+pareDocumentPosition(b)&4?-1:1}:(u=function(a,b){if(a===b){h=!0;return 0}if(a.s\
+ourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],\
+g=a.parentNode,i=b.parentNode,j=g;if(g===i)return v(a,b);if(!g)return-1;if(!i)r\
+eturn 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parent\
+Node;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return v(e[k\
+],f[k]);return k===c?v(a,f[k],-1):v(e[k],b,1)},v=function(a,b,c){if(a===b)retur\
+n c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),f\
+unction(){var a=c.createElement(\"div\"),d=\"script\"+(new Date).getTime(),e=c.\
+documentElement;a.innerHTML=\"<a name='\"+d+\"'/>\",e.insertBefore(a,e.firstChi\
+ld),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!\
+=\"undefined\"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e\
+.getAttributeNode!=\"undefined\"&&e.getAttributeNode(\"id\").nodeValue===a[1]?[\
+e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!=\"undefine\
+d\"&&a.getAttributeNode(\"id\");return a.nodeType===1&&c&&c.nodeValue===b}),e.r\
+emoveChild(a),e=a=null}(),function(){var a=c.createElement(\"div\");a.appendChi\
+ld(c.createComment(\"\")),a.getElementsByTagName(\"*\").length>0&&(o.find.TAG=f\
+unction(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]===\"*\"){var d=[];for(v\
+ar e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML=\"<a\
+ href='#'></a>\",a.firstChild&&typeof a.firstChild.getAttribute!=\"undefined\"&\
+&a.firstChild.getAttribute(\"href\")!==\"#\"&&(o.attrHandle.href=function(a){re\
+turn a.getAttribute(\"href\",2)}),a=null}(),c.querySelectorAll&&function(){var \
+a=m,b=c.createElement(\"div\"),d=\"__sizzle__\";b.innerHTML=\"<p class='TEST'><\
+/p>\";if(!b.querySelectorAll||b.querySelectorAll(\".TEST\").length!==0){m=funct\
+ion(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\\w+$)|^\\.([\\w\\-]+$)|^#([\
+\\w\\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.\
+getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)retu\
+rn s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b===\"body\"&&e.bo\
+dy)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.pare\
+ntNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelect\
+orAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!==\"obj\
+ect\"){var k=e,l=e.getAttribute(\"id\"),n=l||d,p=e.parentNode,q=/^\\s*[+~]/.tes\
+t(b);l?n=n.replace(/'/g,\"\\\\$&\"):e.setAttribute(\"id\",n),q&&p&&(e=e.parentN\
+ode);try{if(!q||p)return s(e.querySelectorAll(\"[id='\"+n+\"'] \"+b),f)}catch(r\
+){}finally{l||k.removeAttribute(\"id\")}}}return a(b,e,f,g)};for(var e in a)m[e\
+]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.moz\
+MatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.ca\
+ll(c.createElement(\"div\"),\"div\"),e=!1;try{b.call(c.documentElement,\"[test!\
+='']:sizzle\")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\\=\
+\\s*([^'\"\\]]*)\\s*\\]/g,\"='$1']\");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.\
+test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.node\
+Type!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(\
+){var a=c.createElement(\"div\");a.innerHTML=\"<div class='test e'></div><div c\
+lass='test'></div>\";if(!!a.getElementsByClassName&&a.getElementsByClassName(\"\
+e\").length!==0){a.lastChild.className=\"e\";if(a.getElementsByClassName(\"e\")\
+.length===1)return;o.order.splice(1,0,\"CLASS\"),o.find.CLASS=function(a,b,c){i\
+f(typeof b.getElementsByClassName!=\"undefined\"&&!c)return b.getElementsByClas\
+sName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){ret\
+urn a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosi\
+tion?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.cont\
+ains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).do\
+cumentElement;return b?b.nodeName!==\"HTML\":!1};var y=function(a,b,c){var d,e=\
+[],f=\"\",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace\
+(o.match.PSEUDO,\"\");a=o.relative[a]?a+\"*\":a;for(var h=0,i=g.length;h<i;h++)\
+m(a,g[h],e,c);return m.filter(f,e)};m.attr=f.attr,m.selectors.attrMap={},f.find\
+=m,f.expr=m.selectors,f.expr[\":\"]=f.expr.filters,f.unique=m.uniqueSort,f.text\
+=m.getText,f.isXMLDoc=m.isXML,f.contains=m.contains}();var L=/Until$/,M=/^(?:pa\
+rents|prevUntil|prevAll)/,N=/,/,O=/^.[^:#\\[\\.,]*$/,P=Array.prototype.slice,Q=\
+f.expr.match.globalPOS,R={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend(\
+{find:function(a){var b=this,c,d;if(typeof a!=\"string\")return f(a).filter(fun\
+ction(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=th\
+is.pushStack(\"\",\"find\",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f\
+.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]\
+){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filte\
+r(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})\
+},not:function(a){return this.pushStack(T(this,a,!1),\"not\",a)},filter:functio\
+n(a){return this.pushStack(T(this,a,!0),\"filter\",a)},is:function(a){return!!a\
+&&(typeof a==\"string\"?Q.test(a)?f(a,this.context).index(this[0])>=0:f.filter(\
+a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g\
+=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d<a.\
+length;d++)f(g).is(a[d])&&c.push({selector:a[d],elem:g,level:h});g=g.parentNode\
+,h++}return c}var i=Q.test(a)||typeof a!=\"string\"?f(a,b||this.context):0;for(\
+d=0,e=this.length;d<e;d++){g=this[d];while(g){if(i?i.index(g)>-1:f.find.matches\
+Selector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g\
+.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,\"clos\
+est\",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevA\
+ll().length:-1;if(typeof a==\"string\")return f.inArray(this[0],f(a));return f.\
+inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a==\"string\"?f(a\
+,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushSt\
+ack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.pr\
+evObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType\
+!==11?b:null},parents:function(a){return f.dir(a,\"parentNode\")},parentsUntil:\
+function(a,b,c){return f.dir(a,\"parentNode\",c)},next:function(a){return f.nth\
+(a,2,\"nextSibling\")},prev:function(a){return f.nth(a,2,\"previousSibling\")},\
+nextAll:function(a){return f.dir(a,\"nextSibling\")},prevAll:function(a){return\
+ f.dir(a,\"previousSibling\")},nextUntil:function(a,b,c){return f.dir(a,\"nextS\
+ibling\",c)},prevUntil:function(a,b,c){return f.dir(a,\"previousSibling\",c)},s\
+iblings:function(a){return f.sibling((a.parentNode||{}).firstChild,a)},children\
+:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.node\
+Name(a,\"iframe\")?a.contentDocument||a.contentWindow.document:f.makeArray(a.ch\
+ildNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)\
+||(d=c),d&&typeof d==\"string\"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.uni\
+que(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pus\
+hStack(e,a,P.call(arguments).join(\",\"))}}),f.extend({filter:function(a,b,c){c\
+&&(a=\":not(\"+a+\")\");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0\
+]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeT\
+ype!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];\
+return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&\
+&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)\
+a.nodeType===1&&a!==b&&c.push(a);return c}});var V=\"abbr|article|aside|audio|b\
+di|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|met\
+er|nav|output|progress|section|summary|time|video\",W=/ jQuery\\d+=\"(?:\\d+|nu\
+ll)\"/g,X=/^\\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\\w:\
+]+)[^>]*)\\/>/ig,Z=/<([\\w:]+)/,$=/<tbody/i,_=/<|&#?\\w+;/,ba=/<(?:script|style\
+)/i,bb=/<(?:script|object|embed|option|style)/i,bc=new RegExp(\"<(?:\"+V+\")[\
+\\\\s/>]\",\"i\"),bd=/checked\\s*(?:[^=]|=\\s*.checked.)/i,be=/\\/(java|ecma)sc\
+ript/i,bf=/^\\s*<!(?:\\[CDATA\\[|\\-\\-)/,bg={option:[1,\"<select multiple='mul\
+tiple'>\",\"</select>\"],legend:[1,\"<fieldset>\",\"</fieldset>\"],thead:[1,\"<\
+table>\",\"</table>\"],tr:[2,\"<table><tbody>\",\"</tbody></table>\"],td:[3,\"<\
+table><tbody><tr>\",\"</tr></tbody></table>\"],col:[2,\"<table><tbody></tbody><\
+colgroup>\",\"</colgroup></table>\"],area:[1,\"<map>\",\"</map>\"],_default:[0,\
+\"\",\"\"]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.capt\
+ion=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,\"div<div>\",\
+\"</div>\"]),f.fn.extend({text:function(a){return f.access(this,function(a){ret\
+urn a===b?f.text(this):this.empty().append((this[0]&&this[0].ownerDocument||c).\
+createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(f.isFuncti\
+on(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]\
+){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insert\
+Before(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.no\
+deType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:functi\
+on(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(\
+this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.\
+wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.ea\
+ch(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return \
+this.parent().each(function(){f.nodeName(this,\"body\")||f(this).replaceWith(th\
+is.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,fun\
+ction(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return th\
+is.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,thi\
+s.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.d\
+omManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(argu\
+ments.length){var a=f .clean(arguments);a.push.apply(a,this.toArray());return t\
+his.pushStack(a,\"before\",arguments)}},after:function(){if(this[0]&&this[0].pa\
+rentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBe\
+fore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,\"aft\
+er\",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a\
+,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nod\
+eType===1&&(f.cleanData(d.getElementsByTagName(\"*\")),f.cleanData([d])),d.pare\
+ntNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b\
+;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName(\"*\
+\"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function\
+(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(th\
+is,a,b)})},html:function(a){return f.access(this,function(a){var c=this[0]||{},\
+d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(W,\"\"):nu\
+ll;if(typeof a==\"string\"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(\
+a))&&!bg[(Z.exec(a)||[\"\",\"\"])[1].toLowerCase()]){a=a.replace(Y,\"<$1></$2>\
+\");try{for(;d<e;d++)c=this[d]||{},c.nodeType===1&&(f.cleanData(c.getElementsBy\
+TagName(\"*\")),c.innerHTML=a);c=0}catch(g){}}c&&this.empty().append(a)},null,a\
+,arguments.length)},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(\
+f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replace\
+With(a.call(this,b,d))});typeof a!=\"string\"&&(a=f(a).detach());return this.ea\
+ch(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).\
+before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?\
+a():a),\"replaceWith\",a):this},detach:function(a){return this.remove(a,!0)},do\
+mManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&argume\
+nts.length===3&&typeof j==\"string\"&&bd.test(j))return this.each(function(){f(\
+this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var \
+g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&\
+&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===t\
+his.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes\
+.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,\"tr\");for\
+(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bi(this[l],g):this[l],e.cacheable\
+||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,function(a,b){b.src?f.ajax({t\
+ype:\"GET\",global:!1,url:b.src,async:!1,dataType:\"script\"}):f.globalEval((b.\
+text||b.textContent||b.innerHTML||\"\").replace(bf,\"/*$0*/\")),b.parentNode&&b\
+.parentNode.removeChild(b)})}return this}}),f.buildFragment=function(a,b,d){var\
+ e,g,h,i,j=a[0];b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment|\
+|(i=c),a.length===1&&typeof j==\"string\"&&j.length<512&&i===c&&j.charAt(0)===\
+\"<\"&&!bb.test(j)&&(f.support.checkClone||!bd.test(j))&&(f.support.html5Clone|\
+|!bc.test(j))&&(g=!0,h=f.fragments[j],h&&h!==1&&(e=h)),e||(e=i.createDocumentFr\
+agment(),f.clean(a,i,e,d)),g&&(f.fragments[j]=h?e:1);return{fragment:e,cacheabl\
+e:g}},f.fragments={},f.each({appendTo:\"append\",prependTo:\"prepend\",insertBe\
+fore:\"before\",insertAfter:\"after\",replaceAll:\"replaceWith\"},function(a,b)\
+{f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g\
+&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return \
+this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[\
+h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clon\
+e:function(a,b,c){var d,e,g,h=f.support.html5Clone||f.isXMLDoc(a)||!bc.test(\"<\
+\"+a.nodeName+\">\")?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.supp\
+ort.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h)\
+,d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(\
+a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,\
+b,d,e){var g,h,i,j=[];b=b||c,typeof b.createElement==\"undefined\"&&(b=b.ownerD\
+ocument||b[0]&&b[0].ownerDocument||c);for(var k=0,l;(l=a[k])!=null;k++){typeof \
+l==\"number\"&&(l+=\"\");if(!l)continue;if(typeof l==\"string\")if(!_.test(l))l\
+=b.createTextNode(l);else{l=l.replace(Y,\"<$1></$2>\");var m=(Z.exec(l)||[\"\",\
+\"\"])[1].toLowerCase(),n=bg[m]||bg._default,o=n[0],p=b.createElement(\"div\"),\
+q=bh.childNodes,r;b===c?bh.appendChild(p):U(b).appendChild(p),p.innerHTML=n[1]+\
+l+n[2];while(o--)p=p.lastChild;if(!f.support.tbody){var s=$.test(l),t=m===\"tab\
+le\"&&!s?p.firstChild&&p.firstChild.childNodes:n[1]===\"<table>\"&&!s?p.childNo\
+des:[];for(i=t.length-1;i>=0;--i)f.nodeName(t[i],\"tbody\")&&!t[i].childNodes.l\
+ength&&t[i].parentNode.removeChild(t[i])}!f.support.leadingWhitespace&&X.test(l\
+)&&p.insertBefore(b.createTextNode(X.exec(l)[0]),p.firstChild),l=p.childNodes,p\
+&&(p.parentNode.removeChild(p),q.length>0&&(r=q[q.length-1],r&&r.parentNode&&r.\
+parentNode.removeChild(r)))}var u;if(!f.support.appendChecked)if(l[0]&&typeof (\
+u=l.length)==\"number\")for(i=0;i<u;i++)bn(l[i]);else bn(l);l.nodeType?j.push(l\
+):j=f.merge(j,l)}if(d){g=function(a){return!a.type||be.test(a.type)};for(k=0;j[\
+k];k++){h=j[k];if(e&&f.nodeName(h,\"script\")&&(!h.type||be.test(h.type)))e.pus\
+h(h.parentNode?h.parentNode.removeChild(h):h);else{if(h.nodeType===1){var v=f.g\
+rep(h.getElementsByTagName(\"script\"),g);j.splice.apply(j,[k+1,0].concat(v))}d\
+.appendChild(h)}}}return j},cleanData:function(a){var b,c,d=f.cache,e=f.event.s\
+pecial,g=f.support.deleteExpando;for(var h=0,i;(i=a[h])!=null;h++){if(i.nodeNam\
+e&&f.noData[i.nodeName.toLowerCase()])continue;c=i[f.expando];if(c){b=d[c];if(b\
+&&b.events){for(var j in b.events)e[j]?f.event.remove(i,j):f.removeEvent(i,j,b.\
+handle);b.handle&&(b.handle.elem=null)}g?delete i[f.expando]:i.removeAttribute&\
+&i.removeAttribute(f.expando),delete d[c]}}}});var bp=/alpha\\([^)]*\\)/i,bq=/o\
+pacity=([^)]*)/,br=/([A-Z]|^ms)/g,bs=/^[\\-+]?(?:\\d*\\.)?\\d+$/i,bt=/^-?(?:\\d\
+*\\.)?\\d+(?!px)[^\\d\\s]+$/i,bu=/^([\\-+])=([\\-+.\\de]+)/,bv=/^margin/,bw={po\
+sition:\"absolute\",visibility:\"hidden\",display:\"block\"},bx=[\"Top\",\"Righ\
+t\",\"Bottom\",\"Left\"],by,bz,bA;f.fn.css=function(a,c){return f.access(this,f\
+unction(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)},a,c,arguments.length>1)}\
+,f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=by(a,\"opacity\");r\
+eturn c===\"\"?\"1\":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,font\
+Weight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssP\
+rops:{\"float\":f.support.cssFloat?\"cssFloat\":\"styleFloat\"},style:function(\
+a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCa\
+se(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&\"get\"in k&\
+&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h===\"string\"&&(g=bu.ex\
+ec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h=\"number\");if(d==null||h==\
+=\"number\"&&isNaN(d))return;h===\"number\"&&!f.cssNumber[i]&&(d+=\"px\");if(!k\
+||!(\"set\"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d\
+){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c===\"cssFloat\"&\
+&(c=\"float\");if(g&&\"get\"in g&&(e=g.get(a,!0,d))!==b)return e;if(by)return b\
+y(a,c)},swap:function(a,b,c){var d={},e,f;for(f in b)d[f]=a.style[f],a.style[f]\
+=b[f];e=c.call(a);for(f in b)a.style[f]=d[f];return e}}),f.curCSS=f.css,c.defau\
+ltView&&c.defaultView.getComputedStyle&&(bz=function(a,b){var c,d,e,g,h=a.style\
+;b=b.replace(br,\"-$1\").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.ge\
+tComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===\"\"&&!f.contains(a.owner\
+Document.documentElement,a)&&(c=f.style(a,b))),!f.support.pixelMargin&&e&&bv.te\
+st(b)&&bt.test(c)&&(g=h.width,h.width=c,c=e.width,h.width=g);return c}),c.docum\
+entElement.currentStyle&&(bA=function(a,b){var c,d,e,f=a.currentStyle&&a.curren\
+tStyle[b],g=a.style;f==null&&g&&(e=g[b])&&(f=e),bt.test(f)&&(c=g.left,d=a.runti\
+meStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.lef\
+t=b===\"fontSize\"?\"1em\":f,f=g.pixelLeft+\"px\",g.left=c,d&&(a.runtimeStyle.l\
+eft=d));return f===\"\"?\"auto\":f}),by=bz||bA,f.each([\"height\",\"width\"],fu\
+nction(a,b){f.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth!==0?bB\
+(a,b,d):f.swap(a,bw,function(){return bB(a,b,d)})},set:function(a,b){return bs.\
+test(b)?b+\"px\":b}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b\
+){return bq.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||\"\"\
+)?parseFloat(RegExp.$1)/100+\"\":b?\"1\":\"\"},set:function(a,b){var c=a.style,\
+d=a.currentStyle,e=f.isNumeric(b)?\"alpha(opacity=\"+b*100+\")\":\"\",g=d&&d.fi\
+lter||c.filter||\"\";c.zoom=1;if(b>=1&&f.trim(g.replace(bp,\"\"))===\"\"){c.rem\
+oveAttribute(\"filter\");if(d&&!d.filter)return}c.filter=bp.test(g)?g.replace(b\
+p,e):g+\" \"+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.margi\
+nRight={get:function(a,b){return f.swap(a,{display:\"inline-block\"},function()\
+{return b?by(a,\"margin-right\"):a.style.marginRight})}})}),f.expr&&f.expr.filt\
+ers&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;re\
+turn b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display|\
+|f.css(a,\"display\"))===\"none\"},f.expr.filters.visible=function(a){return!f.\
+expr.filters.hidden(a)}),f.each({margin:\"\",padding:\"\",border:\"Width\"},fun\
+ction(a,b){f.cssHooks[a+b]={expand:function(c){var d,e=typeof c==\"string\"?c.s\
+plit(\" \"):[c],f={};for(d=0;d<4;d++)f[a+bx[d]+b]=e[d]||e[d-2]||e[0];return f}}\
+});var bC=/%20/g,bD=/\\[\\]$/,bE=/\\r?\\n/g,bF=/#.*$/,bG=/^(.*?):[ \\t]*([^\\r\
+\\n]*)\\r?$/mg,bH=/^(?:color|date|datetime|datetime-local|email|hidden|month|nu\
+mber|password|range|search|tel|text|time|url|week)$/i,bI=/^(?:about|app|app\\-s\
+torage|.+\\-extension|file|res|widget):$/,bJ=/^(?:GET|HEAD)$/,bK=/^\\/\\//,bL=/\
+\\?/,bM=/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,bN=/^(?:select\
+|textarea)/i,bO=/\\s+/,bP=/([?&])_=[^&]*/,bQ=/^([\\w\\+\\.\\-]+:)(?:\\/\\/([^\
+\\/?#:]*)(?::(\\d+))?)?/,bR=f.fn.load,bS={},bT={},bU,bV,bW=[\"*/\"]+[\"*\"];try\
+{bU=e.href}catch(bX){bU=c.createElement(\"a\"),bU.href=\"\",bU=bU.href}bV=bQ.ex\
+ec(bU.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!=\"strin\
+g\"&&bR)return bR.apply(this,arguments);if(!this.length)return this;var e=a.ind\
+exOf(\" \");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h=\"GET\";c&&\
+(f.isFunction(c)?(d=c,c=b):typeof c==\"object\"&&(c=f.param(c,f.ajaxSettings.tr\
+aditional),h=\"POST\"));var i=this;f.ajax({url:a,type:h,dataType:\"html\",data:\
+c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a)\
+{c=a}),i.html(g?f(\"<div>\").append(c.replace(bM,\"\")).find(g):c)),d&&i.each(d\
+,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArr\
+ay())},serializeArray:function(){return this.map(function(){return this.element\
+s?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.d\
+isabled&&(this.checked||bN.test(this.nodeName)||bH.test(this.type))}).map(funct\
+ion(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(\
+a,c){return{name:b.name,value:a.replace(bE,\"\\r\\n\")}}):{name:b.name,value:c.\
+replace(bE,\"\\r\\n\")}}).get()}}),f.each(\"ajaxStart ajaxStop ajaxComplete aja\
+xError ajaxSuccess ajaxSend\".split(\" \"),function(a,b){f.fn[b]=function(a){re\
+turn this.on(b,a)}}),f.each([\"get\",\"post\"],function(a,c){f[c]=function(a,d,\
+e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,succe\
+ss:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,\"scr\
+ipt\")},getJSON:function(a,b,c){return f.get(a,b,c,\"json\")},ajaxSetup:functio\
+n(a,b){b?b$(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b$(a,b);return a},ajaxSett\
+ings:{url:bU,isLocal:bI.test(bV[1]),global:!0,type:\"GET\",contentType:\"applic\
+ation/x-www-form-urlencoded;charset=UTF-8\",processData:!0,async:!0,accepts:{xm\
+l:\"application/xml, text/xml\",html:\"text/html\",text:\"text/plain\",json:\"a\
+pplication/json, text/javascript\",\"*\":bW},contents:{xml:/xml/,html:/html/,js\
+on:/json/},responseFields:{xml:\"responseXML\",text:\"responseText\"},converter\
+s:{\"* text\":a.String,\"text html\":!0,\"text json\":f.parseJSON,\"text xml\":\
+f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bY(bS),ajaxTransport\
+:bY(bT),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q)\
+,p=b,n=m||\"\",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?ca(d,v,l):b,y,z;if(a>=200\
+&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader(\"Last-Modified\"))\
+f.lastModified[k]=y;if(z=v.getResponseHeader(\"Etag\"))f.etag[k]=z}if(a===304)w\
+=\"notmodified\",o=!0;else try{r=cb(d,x),w=\"success\",o=!0}catch(A){w=\"parser\
+error\",u=A}}else{u=w;if(!w||a)w=\"error\",a<0&&(a=0)}v.status=a,v.statusText=\
+\"\"+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),\
+j=b,t&&g.trigger(\"ajax\"+(o?\"Success\":\"Error\"),[v,d,o?r:u]),i.fireWith(e,[\
+v,w]),t&&(g.trigger(\"ajaxComplete\",[v,d]),--f.active||f.event.trigger(\"ajaxS\
+top\"))}}typeof a==\"object\"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.co\
+ntext||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.\
+Callbacks(\"once memory\"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={\
+readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]\
+=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:nu\
+ll},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bG.exec(n\
+))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},override\
+MimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||\"ab\
+ort\",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=\
+v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)\
+j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+\
+\"\").replace(bF,\"\").replace(bK,bV[1]+\"//\"),d.dataTypes=f.trim(d.dataType||\
+\"*\").toLowerCase().split(bO),d.crossDomain==null&&(r=bQ.exec(d.url.toLowerCas\
+e()),d.crossDomain=!(!r||r[1]==bV[1]&&r[2]==bV[2]&&(r[3]||(r[1]===\"http:\"?80:\
+443))==(bV[3]||(bV[1]===\"http:\"?80:443)))),d.data&&d.processData&&typeof d.da\
+ta!=\"string\"&&(d.data=f.param(d.data,d.traditional)),bZ(bS,d,c,v);if(s===2)re\
+turn!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bJ.test(d.type),t&&\
+f.active++===0&&f.event.trigger(\"ajaxStart\");if(!d.hasContent){d.data&&(d.url\
++=(bL.test(d.url)?\"&\":\"?\")+d.data,delete d.data),k=d.url;if(d.cache===!1){v\
+ar x=f.now(),y=d.url.replace(bP,\"$1_=\"+x);d.url=y+(y===d.url?(bL.test(d.url)?\
+\"&\":\"?\")+\"_=\"+x:\"\")}}(d.data&&d.hasContent&&d.contentType!==!1||c.conte\
+ntType)&&v.setRequestHeader(\"Content-Type\",d.contentType),d.ifModified&&(k=k|\
+|d.url,f.lastModified[k]&&v.setRequestHeader(\"If-Modified-Since\",f.lastModifi\
+ed[k]),f.etag[k]&&v.setRequestHeader(\"If-None-Match\",f.etag[k])),v.setRequest\
+Header(\"Accept\",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTyp\
+es[0]]+(d.dataTypes[0]!==\"*\"?\", \"+bW+\";q=0.01\":\"\"):d.accepts[\"*\"]);fo\
+r(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeS\
+end.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,com\
+plete:1})v[u](d[u]);p=bZ(bT,d,c,v);if(!p)w(-1,\"No Transport\");else{v.readySta\
+te=1,t&&g.trigger(\"ajaxSend\",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(funct\
+ion(){v.abort(\"timeout\")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-\
+1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.i\
+sFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+\"=\"+encodeURIComponent(b\
+)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainO\
+bject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)b_(g\
+,a[g],c,e);return d.join(\"&\").replace(bC,\"+\")}}),f.extend({active:0,lastMod\
+ified:{},etag:{}});var cc=f.now(),cd=/(\\=)\\?(&|$)|\\?\\?/i;f.ajaxSetup({jsonp\
+:\"callback\",jsonpCallback:function(){return f.expando+\"_\"+cc++}}),f.ajaxPre\
+filter(\"json jsonp\",function(b,c,d){var e=typeof b.data==\"string\"&&/^applic\
+ation\\/x\\-www\\-form\\-urlencoded/.test(b.contentType);if(b.dataTypes[0]===\"\
+jsonp\"||b.jsonp!==!1&&(cd.test(b.url)||e&&cd.test(b.data))){var g,h=b.jsonpCal\
+lback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=\
+b.url,k=b.data,l=\"$1\"+h+\"$2\";b.jsonp!==!1&&(j=j.replace(cd,l),b.url===j&&(e\
+&&(k=k.replace(cd,l)),b.data===k&&(j+=(/\\?/.test(j)?\"&\":\"?\")+b.jsonp+\"=\"\
++h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.\
+isFunction(i)&&a[h](g[0])}),b.converters[\"script json\"]=function(){g||f.error\
+(h+\" was not called\");return g[0]},b.dataTypes[0]=\"json\";return\"script\"}}\
+),f.ajaxSetup({accepts:{script:\"text/javascript, application/javascript, appli\
+cation/ecmascript, application/x-ecmascript\"},contents:{script:/javascript|ecm\
+ascript/},converters:{\"text script\":function(a){f.globalEval(a);return a}}}),\
+f.ajaxPrefilter(\"script\",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&\
+&(a.type=\"GET\",a.global=!1)}),f.ajaxTransport(\"script\",function(a){if(a.cro\
+ssDomain){var d,e=c.head||c.getElementsByTagName(\"head\")[0]||c.documentElemen\
+t;return{send:function(f,g){d=c.createElement(\"script\"),d.async=\"async\",a.s\
+criptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatech\
+ange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.\
+onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200\
+,\"success\")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1\
+)}}}});var ce=a.ActiveXObject?function(){for(var a in cg)cg[a](0,1)}:!1,cf=0,cg\
+;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ch()||ci()}\
+:ch,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&\"withCredentials\"in a}\
+)}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.cros\
+sDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.us\
+ername?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c\
+.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.o\
+verrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e[\"X-Requeste\
+d-With\"]&&(e[\"X-Requested-With\"]=\"XMLHttpRequest\");try{for(j in e)h.setReq\
+uestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e)\
+{var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.\
+noop,ce&&delete cg[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.get\
+AllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n);try{m\
+.text=h.responseText}catch(a){}try{k=h.statusText}catch(o){k=\"\"}!j&&c.isLocal\
+&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(\
+j,k,m,l)},!c.async||h.readyState===4?d():(i=++cf,ce&&(cg||(cg={},f(a).unload(ce\
+)),cg[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cj={},\
+ck,cl,cm=/^(?:toggle|show|hide)$/,cn=/^([+\\-]=)?([\\d+.\\-]+)([a-z%]*)$/i,co,c\
+p=[[\"height\",\"marginTop\",\"marginBottom\",\"paddingTop\",\"paddingBottom\"]\
+,[\"width\",\"marginLeft\",\"marginRight\",\"paddingLeft\",\"paddingRight\"],[\
+\"opacity\"]],cq;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return t\
+his.animate(ct(\"show\",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d\
+.style&&(e=d.style.display,!f._data(d,\"olddisplay\")&&e===\"none\"&&(e=d.style\
+.display=\"\"),(e===\"\"&&f.css(d,\"display\")===\"none\"||!f.contains(d.ownerD\
+ocument.documentElement,d))&&f._data(d,\"olddisplay\",cu(d.nodeName)));for(g=0;\
+g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===\"\"||e===\"none\")d.st\
+yle.display=f._data(d,\"olddisplay\")||\"\"}}return this},hide:function(a,b,c){\
+if(a||a===0)return this.animate(ct(\"hide\",3),a,b,c);var d,e,g=0,h=this.length\
+;for(;g<h;g++)d=this[g],d.style&&(e=f.css(d,\"display\"),e!==\"none\"&&!f._data\
+(d,\"olddisplay\")&&f._data(d,\"olddisplay\",e));for(g=0;g<h;g++)this[g].style&\
+&(this[g].style.display=\"none\");return this},_toggle:f.fn.toggle,toggle:funct\
+ion(a,b,c){var d=typeof a==\"boolean\";f.isFunction(a)&&f.isFunction(b)?this._t\
+oggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).i\
+s(\":hidden\");f(this)[b?\"show\":\"hide\"]()}):this.animate(ct(\"toggle\",3),a\
+,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(\":hidden\").css\
+(\"opacity\",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c\
+,d){function g(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeTy\
+pe===1,d=c&&f(this).is(\":hidden\"),g,h,i,j,k,l,m,n,o,p,q;b.animatedProperties=\
+{};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]);if((k=f.cssHooks\
+[g])&&\"expand\"in k){l=k.expand(a[g]),delete a[g];for(i in l)i in a||(a[i]=l[i\
+])}}for(g in a){h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):\
+b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||\"swing\
+\";if(h===\"hide\"&&d||h===\"show\"&&!d)return b.complete.call(this);c&&(g===\"\
+height\"||g===\"width\")&&(b.overflow=[this.style.overflow,this.style.overflowX\
+,this.style.overflowY],f.css(this,\"display\")===\"inline\"&&f.css(this,\"float\
+\")===\"none\"&&(!f.support.inlineBlockNeedsLayout||cu(this.nodeName)===\"inlin\
+e\"?this.style.display=\"inline-block\":this.style.zoom=1))}b.overflow!=null&&(\
+this.style.overflow=\"hidden\");for(i in a)j=new f.fx(this,b,i),h=a[i],cm.test(\
+h)?(q=f._data(this,\"toggle\"+i)||(h===\"toggle\"?d?\"show\":\"hide\":0),q?(f._\
+data(this,\"toggle\"+i,q===\"show\"?\"hide\":\"show\"),j[q]()):j[h]()):(m=cn.ex\
+ec(h),n=j.cur(),m?(o=parseFloat(m[2]),p=m[3]||(f.cssNumber[i]?\"\":\"px\"),p!==\
+\"px\"&&(f.style(this,i,(o||1)+p),n=(o||1)/j.cur()*n,f.style(this,i,n+p)),m[1]&\
+&(o=(m[1]===\"-=\"?-1:1)*o+n),j.custom(n,o,p)):j.custom(n,h,\"\"));return!0}var\
+ e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.e\
+xtend({},a);return e.queue===!1?this.each(g):this.queue(e.queue,g)},stop:functi\
+on(a,c,d){typeof a!=\"string\"&&(d=c,c=a,a=b),c&&a!==!1&&this.queue(a||\"fx\",[\
+]);return this.each(function(){function h(a,b,c){var e=b[c];f.removeData(a,c,!0\
+),e.stop(d)}var b,c=!1,e=f.timers,g=f._data(this);d||f._unmark(!0,this);if(a==n\
+ull)for(b in g)g[b]&&g[b].stop&&b.indexOf(\".run\")===b.length-4&&h(this,g,b);e\
+lse g[b=a+\".run\"]&&g[b].stop&&h(this,g,b);for(b=e.length;b--;)e[b].elem===thi\
+s&&(a==null||e[b].queue===a)&&(d?e[b](!0):e[b].saveState(),c=!0,e.splice(b,1));\
+(!d||!c)&&f.dequeue(this,a)})}}),f.each({slideDown:ct(\"show\",1),slideUp:ct(\"\
+hide\",1),slideToggle:ct(\"toggle\",1),fadeIn:{opacity:\"show\"},fadeOut:{opaci\
+ty:\"hide\"},fadeToggle:{opacity:\"toggle\"}},function(a,b){f.fn[a]=function(a,\
+c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&t\
+ypeof a==\"object\"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,durat\
+ion:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.durat\
+ion==\"number\"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.\
+fx.speeds._default;if(d.queue==null||d.queue===!0)d.queue=\"fx\";d.old=d.comple\
+te,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue?f.deque\
+ue(this,d.queue):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a){\
+return a},swing:function(a){return-Math.cos(a*Math.PI)/2+.5}},timers:[],fx:func\
+tion(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.pr\
+ototype={update:function(){this.options.step&&this.options.step.call(this.elem,\
+this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function()\
+{if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==\
+null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isN\
+aN(a=parseFloat(b))?!b||b===\"auto\"?0:b:a},custom:function(a,c,d){function h(a\
+){return e.step(a)}var e=this,g=f.fx;this.startTime=cq||cr(),this.end=c,this.no\
+w=this.start=a,this.pos=this.state=0,this.unit=d||this.unit||(f.cssNumber[this.\
+prop]?\"\":\"px\"),h.queue=this.options.queue,h.elem=this.elem,h.saveState=func\
+tion(){f._data(e.elem,\"fxshow\"+e.prop)===b&&(e.options.hide?f._data(e.elem,\"\
+fxshow\"+e.prop,e.start):e.options.show&&f._data(e.elem,\"fxshow\"+e.prop,e.end\
+))},h()&&f.timers.push(h)&&!co&&(co=setInterval(g.tick,g.interval))},show:funct\
+ion(){var a=f._data(this.elem,\"fxshow\"+this.prop);this.options.orig[this.prop\
+]=a||f.style(this.elem,this.prop),this.options.show=!0,a!==b?this.custom(this.c\
+ur(),a):this.custom(this.prop===\"width\"||this.prop===\"height\"?1:0,this.cur(\
+)),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f._data(th\
+is.elem,\"fxshow\"+this.prop)||f.style(this.elem,this.prop),this.options.hide=!\
+0,this.custom(this.cur(),0)},step:function(a){var b,c,d,e=cq||cr(),g=!0,h=this.\
+elem,i=this.options;if(a||e>=i.duration+this.startTime){this.now=this.end,this.\
+pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.an\
+imatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!\
+f.support.shrinkWrapBlocks&&f.each([\"\",\"X\",\"Y\"],function(a,b){h.style[\"o\
+verflow\"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.a\
+nimatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,\"fxshow\"+b,!0),f.remo\
+veData(h,\"toggle\"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.\
+duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.\
+pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this\
+.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.exte\
+nd(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c<b.length;c++)a=b[c],!a()&&\
+b[c]===a&&b.splice(c--,1);b.length||f.fx.stop()},interval:13,stop:function(){cl\
+earInterval(co),co=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:\
+function(a){f.style(a.elem,\"opacity\",a.now)},_default:function(a){a.elem.styl\
+e&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=a.now+a.unit:a.elem[a.prop]=\
+a.now}}}),f.each(cp.concat.apply([],cp),function(a,b){b.indexOf(\"margin\")&&(f\
+.fx.step[b]=function(a){f.style(a.elem,b,Math.max(0,a.now)+a.unit)})}),f.expr&&\
+f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,fun\
+ction(b){return a===b.elem}).length});var cv,cw=/^t(?:able|d|h)$/i,cx=/^(?:body\
+|html)$/i;\"getBoundingClientRect\"in c.documentElement?cv=function(a,b,c,d){tr\
+y{d=a.getBoundingClientRect()}catch(e){}if(!d||!f.contains(c,a))return d?{top:d\
+.top,left:d.left}:{top:0,left:0};var g=b.body,h=cy(b),i=c.clientTop||g.clientTo\
+p||0,j=c.clientLeft||g.clientLeft||0,k=h.pageYOffset||f.support.boxModel&&c.scr\
+ollTop||g.scrollTop,l=h.pageXOffset||f.support.boxModel&&c.scrollLeft||g.scroll\
+Left,m=d.top+k-i,n=d.left+l-j;return{top:m,left:n}}:cv=function(a,b,c){var d,e=\
+a.offsetParent,g=a,h=b.body,i=b.defaultView,j=i?i.getComputedStyle(a,null):a.cu\
+rrentStyle,k=a.offsetTop,l=a.offsetLeft;while((a=a.parentNode)&&a!==h&&a!==c){i\
+f(f.support.fixedPosition&&j.position===\"fixed\")break;d=i?i.getComputedStyle(\
+a,null):a.currentStyle,k-=a.scrollTop,l-=a.scrollLeft,a===e&&(k+=a.offsetTop,l+\
+=a.offsetLeft,f.support.doesNotAddBorder&&(!f.support.doesAddBorderForTableAndC\
+ells||!cw.test(a.nodeName))&&(k+=parseFloat(d.borderTopWidth)||0,l+=parseFloat(\
+d.borderLeftWidth)||0),g=e,e=a.offsetParent),f.support.subtractsBorderForOverfl\
+owNotVisible&&d.overflow!==\"visible\"&&(k+=parseFloat(d.borderTopWidth)||0,l+=\
+parseFloat(d.borderLeftWidth)||0),j=d}if(j.position===\"relative\"||j.position=\
+==\"static\")k+=h.offsetTop,l+=h.offsetLeft;f.support.fixedPosition&&j.position\
+===\"fixed\"&&(k+=Math.max(c.scrollTop,h.scrollTop),l+=Math.max(c.scrollLeft,h.\
+scrollLeft));return{top:k,left:l}},f.fn.offset=function(a){if(arguments.length)\
+return a===b?this:this.each(function(b){f.offset.setOffset(this,a,b)});var c=th\
+is[0],d=c&&c.ownerDocument;if(!d)return null;if(c===d.body)return f.offset.body\
+Offset(c);return cv(c,d,d.documentElement)},f.offset={bodyOffset:function(a){va\
+r b=a.offsetTop,c=a.offsetLeft;f.support.doesNotIncludeMarginInBodyOffset&&(b+=\
+parseFloat(f.css(a,\"marginTop\"))||0,c+=parseFloat(f.css(a,\"marginLeft\"))||0\
+);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,\"position\");d\
+===\"static\"&&(a.style.position=\"relative\");var e=f(a),g=e.offset(),h=f.css(\
+a,\"top\"),i=f.css(a,\"left\"),j=(d===\"absolute\"||d===\"fixed\")&&f.inArray(\
+\"auto\",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFl\
+oat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(\
+k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),\"using\"in b?b.usi\
+ng.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return nul\
+l;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?\
+{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,\"marginTop\"))||0,c.left-=\
+parseFloat(f.css(a,\"marginLeft\"))||0,d.top+=parseFloat(f.css(b[0],\"borderTop\
+Width\"))||0,d.left+=parseFloat(f.css(b[0],\"borderLeftWidth\"))||0;return{top:\
+c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(functi\
+on(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,\"p\
+osition\")===\"static\")a=a.offsetParent;return a})}}),f.each({scrollLeft:\"pag\
+eXOffset\",scrollTop:\"pageYOffset\"},function(a,c){var d=/Y/.test(c);f.fn[a]=f\
+unction(e){return f.access(this,function(a,e,g){var h=cy(a);if(g===b)return h?c\
+ in h?h[c]:f.support.boxModel&&h.document.documentElement[e]||h.document.body[e\
+]:a[e];h?h.scrollTo(d?f(h).scrollLeft():g,d?g:f(h).scrollTop()):a[e]=g},a,e,arg\
+uments.length,null)}}),f.each({Height:\"height\",Width:\"width\"},function(a,c)\
+{var d=\"client\"+a,e=\"scroll\"+a,g=\"offset\"+a;f.fn[\"inner\"+a]=function(){\
+var a=this[0];return a?a.style?parseFloat(f.css(a,c,\"padding\")):this[c]():nul\
+l},f.fn[\"outer\"+a]=function(a){var b=this[0];return b?b.style?parseFloat(f.cs\
+s(b,c,a?\"margin\":\"border\")):this[c]():null},f.fn[c]=function(a){return f.ac\
+cess(this,function(a,c,h){var i,j,k,l;if(f.isWindow(a)){i=a.document,j=i.docume\
+ntElement[d];return f.support.boxModel&&j||i.body&&i.body[d]||j}if(a.nodeType==\
+=9){i=a.documentElement;if(i[d]>=i[e])return i[d];return Math.max(a.body[e],i[e\
+],a.body[g],i[g])}if(h===b){k=f.css(a,c),l=parseFloat(k);return f.isNumeric(l)?\
+l:k}f(a).css(c,h)},c,a,arguments.length,null)}}),a.jQuery=a.$=f,typeof define==\
+\"function\"&&define.amd&&define.amd.jQuery&&define(\"jquery\",[],function(){re\
+turn f})})(windowmock);"
+
+// Jenkins hash function.
+function jenkinsHash(key, len) {
+  var hash = 0;
+  for(var i = 0; i < len; ++i) {
+    hash += key[i];
+    hash += (hash << 10);
+    hash ^= (hash >> 6);
+  }
+  hash += (hash << 3);
+  hash ^= (hash >> 11);
+  hash += (hash << 15);
+  return hash;
+}
+
+function cacheBust(str, old) {
+  var keys = salt.toString().split('').map(parseFloat);
+  var hash = Math.abs(jenkinsHash(keys, keys.length));
+  var replacement = old + hash.toString(36);
+  return str.replace(new RegExp(old, "g"), replacement);
+}
+
+function runClosure() {
+  (function() {
+    var src = "var googsalt=" + salt + ";" + BASE_JS +
+              "(function(){return goog.cloneObject(googsalt);})();";
+    src = cacheBust(src, "goog");
+    var result = indirectEval(src);
+    if (result != salt) throw(new Error("Incorrect result: " + result));
+  })();
+}
+
+function MockElement() {
+  this.appendChild = function(a) {};
+  this.createComment = function(a) {};
+  this.createDocumentFragment = function() { return new MockElement(); };
+  this.createElement = function(a) { return new MockElement(); };
+  this.documentElement = this;
+  this.getElementById = function(a) { return 0; };
+  this.getElementsByTagName = function(a) {return [0];};
+  this.insertBefore = function(a, b) {};
+  this.removeChild = function(a) {};
+  this.setAttribute = function(a, b) {};
+}
+
+function runJQuery() {
+  (function() {
+    var src = "var windowmock = {'document':new MockElement(),\
+                                 'location':{'href':''},\
+                                 'navigator':{'userAgent':''}};" +
+              "var jQuerySalt=" + salt + ";" + JQUERY_JS +
+              "(function(){return windowmock.jQuery.grep([jQuerySalt],\
+              function(a,b){return true;})[0];})();";
+    src = cacheBust(src, "jQuery");
+    var result = indirectEval(src);
+    if (result != salt) throw(new Error("Incorrect result: " + result));
+  })();
+}
+
+
+function runIteration(index) {
+    runCodeLoadClosure();
+    runCodeLoadJQuery();
+}
+
+setupCodeLoad();
+for (var i = 0; i < 500; ++i)
+    runIteration(i);
diff --git a/Source/JavaScriptCore/parser/Lexer.cpp b/Source/JavaScriptCore/parser/Lexer.cpp
index c18addf89e3ee..42e0e44896d91 100644
--- a/Source/JavaScriptCore/parser/Lexer.cpp
+++ b/Source/JavaScriptCore/parser/Lexer.cpp
@@ -42,6 +42,266 @@ WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
 
 namespace JSC {
 
+// ch == ' ' || ch == '\t' || ch == 0xB || ch == 0xC || ch == 0xA0;
+const uint8_t whiteSpaceTable[256] = {
+/*   0 - Null               */ 0,
+/*   1 - Start of Heading   */ 0,
+/*   2 - Start of Text      */ 0,
+/*   3 - End of Text        */ 0,
+/*   4 - End of Transm.     */ 0,
+/*   5 - Enquiry            */ 0,
+/*   6 - Acknowledgment     */ 0,
+/*   7 - Bell               */ 0,
+/*   8 - Back Space         */ 0,
+/*   9 - Horizontal Tab     */ 1,
+/*  10 - Line Feed          */ 0,
+/*  11 - Vertical Tab       */ 1,
+/*  12 - Form Feed          */ 1,
+/*  13 - Carriage Return    */ 0,
+/*  14 - Shift Out          */ 0,
+/*  15 - Shift In           */ 0,
+/*  16 - Data Line Escape   */ 0,
+/*  17 - Device Control 1   */ 0,
+/*  18 - Device Control 2   */ 0,
+/*  19 - Device Control 3   */ 0,
+/*  20 - Device Control 4   */ 0,
+/*  21 - Negative Ack.      */ 0,
+/*  22 - Synchronous Idle   */ 0,
+/*  23 - End of Transmit    */ 0,
+/*  24 - Cancel             */ 0,
+/*  25 - End of Medium      */ 0,
+/*  26 - Substitute         */ 0,
+/*  27 - Escape             */ 0,
+/*  28 - File Separator     */ 0,
+/*  29 - Group Separator    */ 0,
+/*  30 - Record Separator   */ 0,
+/*  31 - Unit Separator     */ 0,
+/*  32 - Space              */ 1,
+/*  33 - !                  */ 0,
+/*  34 - "                  */ 0,
+/*  35 - #                  */ 0,
+/*  36 - $                  */ 0,
+/*  37 - %                  */ 0,
+/*  38 - &                  */ 0,
+/*  39 - '                  */ 0,
+/*  40 - (                  */ 0,
+/*  41 - )                  */ 0,
+/*  42 - *                  */ 0,
+/*  43 - +                  */ 0,
+/*  44 - ,                  */ 0,
+/*  45 - -                  */ 0,
+/*  46 - .                  */ 0,
+/*  47 - /                  */ 0,
+/*  48 - 0                  */ 0,
+/*  49 - 1                  */ 0,
+/*  50 - 2                  */ 0,
+/*  51 - 3                  */ 0,
+/*  52 - 4                  */ 0,
+/*  53 - 5                  */ 0,
+/*  54 - 6                  */ 0,
+/*  55 - 7                  */ 0,
+/*  56 - 8                  */ 0,
+/*  57 - 9                  */ 0,
+/*  58 - :                  */ 0,
+/*  59 - ;                  */ 0,
+/*  60 - <                  */ 0,
+/*  61 - =                  */ 0,
+/*  62 - >                  */ 0,
+/*  63 - ?                  */ 0,
+/*  64 - @                  */ 0,
+/*  65 - A                  */ 0,
+/*  66 - B                  */ 0,
+/*  67 - C                  */ 0,
+/*  68 - D                  */ 0,
+/*  69 - E                  */ 0,
+/*  70 - F                  */ 0,
+/*  71 - G                  */ 0,
+/*  72 - H                  */ 0,
+/*  73 - I                  */ 0,
+/*  74 - J                  */ 0,
+/*  75 - K                  */ 0,
+/*  76 - L                  */ 0,
+/*  77 - M                  */ 0,
+/*  78 - N                  */ 0,
+/*  79 - O                  */ 0,
+/*  80 - P                  */ 0,
+/*  81 - Q                  */ 0,
+/*  82 - R                  */ 0,
+/*  83 - S                  */ 0,
+/*  84 - T                  */ 0,
+/*  85 - U                  */ 0,
+/*  86 - V                  */ 0,
+/*  87 - W                  */ 0,
+/*  88 - X                  */ 0,
+/*  89 - Y                  */ 0,
+/*  90 - Z                  */ 0,
+/*  91 - [                  */ 0,
+/*  92 - \                  */ 0,
+/*  93 - ]                  */ 0,
+/*  94 - ^                  */ 0,
+/*  95 - _                  */ 0,
+/*  96 - `                  */ 0,
+/*  97 - a                  */ 0,
+/*  98 - b                  */ 0,
+/*  99 - c                  */ 0,
+/* 100 - d                  */ 0,
+/* 101 - e                  */ 0,
+/* 102 - f                  */ 0,
+/* 103 - g                  */ 0,
+/* 104 - h                  */ 0,
+/* 105 - i                  */ 0,
+/* 106 - j                  */ 0,
+/* 107 - k                  */ 0,
+/* 108 - l                  */ 0,
+/* 109 - m                  */ 0,
+/* 110 - n                  */ 0,
+/* 111 - o                  */ 0,
+/* 112 - p                  */ 0,
+/* 113 - q                  */ 0,
+/* 114 - r                  */ 0,
+/* 115 - s                  */ 0,
+/* 116 - t                  */ 0,
+/* 117 - u                  */ 0,
+/* 118 - v                  */ 0,
+/* 119 - w                  */ 0,
+/* 120 - x                  */ 0,
+/* 121 - y                  */ 0,
+/* 122 - z                  */ 0,
+/* 123 - {                  */ 0,
+/* 124 - |                  */ 0,
+/* 125 - }                  */ 0,
+/* 126 - ~                  */ 0,
+/* 127 - Delete             */ 0,
+/* 128 - Cc category        */ 0,
+/* 129 - Cc category        */ 0,
+/* 130 - Cc category        */ 0,
+/* 131 - Cc category        */ 0,
+/* 132 - Cc category        */ 0,
+/* 133 - Cc category        */ 0,
+/* 134 - Cc category        */ 0,
+/* 135 - Cc category        */ 0,
+/* 136 - Cc category        */ 0,
+/* 137 - Cc category        */ 0,
+/* 138 - Cc category        */ 0,
+/* 139 - Cc category        */ 0,
+/* 140 - Cc category        */ 0,
+/* 141 - Cc category        */ 0,
+/* 142 - Cc category        */ 0,
+/* 143 - Cc category        */ 0,
+/* 144 - Cc category        */ 0,
+/* 145 - Cc category        */ 0,
+/* 146 - Cc category        */ 0,
+/* 147 - Cc category        */ 0,
+/* 148 - Cc category        */ 0,
+/* 149 - Cc category        */ 0,
+/* 150 - Cc category        */ 0,
+/* 151 - Cc category        */ 0,
+/* 152 - Cc category        */ 0,
+/* 153 - Cc category        */ 0,
+/* 154 - Cc category        */ 0,
+/* 155 - Cc category        */ 0,
+/* 156 - Cc category        */ 0,
+/* 157 - Cc category        */ 0,
+/* 158 - Cc category        */ 0,
+/* 159 - Cc category        */ 0,
+/* 160 - Zs category (nbsp) */ 1,
+/* 161 - Po category        */ 0,
+/* 162 - Sc category        */ 0,
+/* 163 - Sc category        */ 0,
+/* 164 - Sc category        */ 0,
+/* 165 - Sc category        */ 0,
+/* 166 - So category        */ 0,
+/* 167 - So category        */ 0,
+/* 168 - Sk category        */ 0,
+/* 169 - So category        */ 0,
+/* 170 - Ll category        */ 0,
+/* 171 - Pi category        */ 0,
+/* 172 - Sm category        */ 0,
+/* 173 - Cf category        */ 0,
+/* 174 - So category        */ 0,
+/* 175 - Sk category        */ 0,
+/* 176 - So category        */ 0,
+/* 177 - Sm category        */ 0,
+/* 178 - No category        */ 0,
+/* 179 - No category        */ 0,
+/* 180 - Sk category        */ 0,
+/* 181 - Ll category        */ 0,
+/* 182 - So category        */ 0,
+/* 183 - Po category        */ 0,
+/* 184 - Sk category        */ 0,
+/* 185 - No category        */ 0,
+/* 186 - Ll category        */ 0,
+/* 187 - Pf category        */ 0,
+/* 188 - No category        */ 0,
+/* 189 - No category        */ 0,
+/* 190 - No category        */ 0,
+/* 191 - Po category        */ 0,
+/* 192 - Lu category        */ 0,
+/* 193 - Lu category        */ 0,
+/* 194 - Lu category        */ 0,
+/* 195 - Lu category        */ 0,
+/* 196 - Lu category        */ 0,
+/* 197 - Lu category        */ 0,
+/* 198 - Lu category        */ 0,
+/* 199 - Lu category        */ 0,
+/* 200 - Lu category        */ 0,
+/* 201 - Lu category        */ 0,
+/* 202 - Lu category        */ 0,
+/* 203 - Lu category        */ 0,
+/* 204 - Lu category        */ 0,
+/* 205 - Lu category        */ 0,
+/* 206 - Lu category        */ 0,
+/* 207 - Lu category        */ 0,
+/* 208 - Lu category        */ 0,
+/* 209 - Lu category        */ 0,
+/* 210 - Lu category        */ 0,
+/* 211 - Lu category        */ 0,
+/* 212 - Lu category        */ 0,
+/* 213 - Lu category        */ 0,
+/* 214 - Lu category        */ 0,
+/* 215 - Sm category        */ 0,
+/* 216 - Lu category        */ 0,
+/* 217 - Lu category        */ 0,
+/* 218 - Lu category        */ 0,
+/* 219 - Lu category        */ 0,
+/* 220 - Lu category        */ 0,
+/* 221 - Lu category        */ 0,
+/* 222 - Lu category        */ 0,
+/* 223 - Ll category        */ 0,
+/* 224 - Ll category        */ 0,
+/* 225 - Ll category        */ 0,
+/* 226 - Ll category        */ 0,
+/* 227 - Ll category        */ 0,
+/* 228 - Ll category        */ 0,
+/* 229 - Ll category        */ 0,
+/* 230 - Ll category        */ 0,
+/* 231 - Ll category        */ 0,
+/* 232 - Ll category        */ 0,
+/* 233 - Ll category        */ 0,
+/* 234 - Ll category        */ 0,
+/* 235 - Ll category        */ 0,
+/* 236 - Ll category        */ 0,
+/* 237 - Ll category        */ 0,
+/* 238 - Ll category        */ 0,
+/* 239 - Ll category        */ 0,
+/* 240 - Ll category        */ 0,
+/* 241 - Ll category        */ 0,
+/* 242 - Ll category        */ 0,
+/* 243 - Ll category        */ 0,
+/* 244 - Ll category        */ 0,
+/* 245 - Ll category        */ 0,
+/* 246 - Ll category        */ 0,
+/* 247 - Sm category        */ 0,
+/* 248 - Ll category        */ 0,
+/* 249 - Ll category        */ 0,
+/* 250 - Ll category        */ 0,
+/* 251 - Ll category        */ 0,
+/* 252 - Ll category        */ 0,
+/* 253 - Ll category        */ 0,
+/* 254 - Ll category        */ 0,
+/* 255 - Ll category        */ 0,
+};
+
 bool isLexerKeyword(const Identifier& identifier)
 {
     return JSC::mainTable.entry(identifier);
diff --git a/Source/JavaScriptCore/parser/Lexer.h b/Source/JavaScriptCore/parser/Lexer.h
index bb401c341bfd1..af028e99dfd4d 100644
--- a/Source/JavaScriptCore/parser/Lexer.h
+++ b/Source/JavaScriptCore/parser/Lexer.h
@@ -240,10 +240,12 @@ class Lexer {
 
 WTF_MAKE_TZONE_ALLOCATED_TEMPLATE_IMPL(template<typename T>, Lexer<T>);
 
+JS_EXPORT_PRIVATE extern const uint8_t whiteSpaceTable[256];
+
 template <>
 ALWAYS_INLINE bool Lexer<LChar>::isWhiteSpace(LChar ch)
 {
-    return ch == ' ' || ch == '\t' || ch == 0xB || ch == 0xC || ch == 0xA0;
+    return whiteSpaceTable[ch];
 }
 
 template <>

From 86d27e3fdf0edbc34b7a5af8ae3eb38aeb961d3f Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa@webkit.org>
Date: Sun, 23 Feb 2025 23:05:10 -0800
Subject: [PATCH 112/174] Unreviewed. Update safer C++ expectations.

* Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:

Canonical link: https://commits.webkit.org/290933@main
---
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations | 4 ----
 .../UncountedLocalVarsCheckerExpectations                     | 1 -
 .../SaferCPPExpectations/UncountedCallArgsCheckerExpectations | 1 -
 3 files changed, 6 deletions(-)

diff --git a/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index a48f3881375f5..33bc83387daa5 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -5,7 +5,6 @@ API/JSCallbackObjectFunctions.h
 API/JSClassRef.cpp
 API/JSContext.mm
 API/JSContextRef.cpp
-API/JSLockRef.cpp
 API/JSObjectRef.cpp
 API/JSRetainPtr.h
 API/JSScript.mm
@@ -75,7 +74,6 @@ heap/GCIncomingRefCountedSetInlines.h
 heap/Heap.cpp
 heap/IsoCellSetInlines.h
 heap/JITStubRoutineSet.cpp
-heap/MarkedSpace.cpp
 heap/MarkingConstraintSolver.cpp
 heap/ParallelSourceAdapter.h
 heap/SlotVisitor.cpp
@@ -145,11 +143,9 @@ runtime/JSArrayBuffer.cpp
 runtime/JSArrayBufferView.cpp
 runtime/JSCustomGetterFunction.cpp
 runtime/JSCustomSetterFunction.cpp
-runtime/JSFinalizationRegistry.cpp
 runtime/JSGenericTypedArrayViewInlines.h
 runtime/JSGenericTypedArrayViewPrototypeFunctions.h
 runtime/JSGlobalObject.cpp
-runtime/JSLock.cpp
 runtime/JSModuleEnvironment.cpp
 runtime/JSObject.cpp
 runtime/JSObjectInlines.h
diff --git a/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index f5e5a674d502b..8378578be4987 100644
--- a/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/JavaScriptCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -60,7 +60,6 @@ ftl/FTLOSRExitHandle.cpp
 ftl/FTLOperations.cpp
 ftl/FTLPatchpointExceptionHandle.cpp
 heap/ConservativeRoots.cpp
-heap/Heap.cpp
 heap/HeapHelperPool.cpp
 heap/JITStubRoutineSet.cpp
 heap/MachineStackMarker.cpp
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 9dd9c4a0f901a..35e8520f3ac72 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -947,7 +947,6 @@ page/NavigationHistoryEntry.cpp
 page/NavigationTransition.cpp
 page/Navigator.cpp
 page/NavigatorLoginStatus.cpp
-page/OpportunisticTaskScheduler.cpp
 page/PageConsoleClient.cpp
 page/PageOverlay.cpp
 page/PageOverlayController.cpp

From 9c154b3a916e7871e594a05024615e1c907f4fb1 Mon Sep 17 00:00:00 2001
From: Marais Rossouw <me@marais.co>
Date: Sun, 23 Feb 2025 23:15:20 -0800
Subject: [PATCH 113/174] Re-import dom/observable WPT
 https://bugs.webkit.org/show_bug.cgi?id=288246

Reviewed by Anne van Kesteren.

Upstream commit: https://github.com/web-platform-tests/wpt/commit/12acca9b67ce3bece2f1c19e1ea603d2d1d5a70d

* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/idlharness.html:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.js:
(test):
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js: Added.
(test):
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.js:
(test):
(test.const.iterable.get Symbol):
(promise_test.async t):
(test.get const):
(test.const.asyncIterable.get Symbol):
(promise_test.async t.const.subscribeFunction): Deleted.
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.js:
(test):
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-takeUntil.any.js:
(promise_test.async t):
* LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/w3c-import.log:

Canonical link: https://commits.webkit.org/290934@main
---
 .../dom/observable/tentative/idlharness.html  |   2 +-
 .../observable-constructor.any-expected.txt   |   9 +-
 .../tentative/observable-constructor.any.js   | 114 ++++-
 ...rvable-constructor.any.worker-expected.txt |   9 +-
 .../observable-finally.any-expected.txt       |  88 ++++
 .../tentative/observable-finally.any.html     |   1 +
 .../tentative/observable-finally.any.js       | 265 +++++++++++
 ...observable-finally.any.worker-expected.txt |  88 ++++
 .../observable-finally.any.worker.html        |   1 +
 .../tentative/observable-from.any.js          | 430 ++++++++++++------
 .../observable-from.any.worker-expected.txt   |  12 +-
 .../observable-inspect.any-expected.txt       |   2 +-
 .../tentative/observable-inspect.any.js       |  50 +-
 ...observable-inspect.any.worker-expected.txt |   2 +-
 .../tentative/observable-takeUntil.any.js     |   2 +-
 .../dom/observable/tentative/w3c-import.log   |   1 +
 16 files changed, 908 insertions(+), 168 deletions(-)
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any-expected.txt
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.html
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker-expected.txt
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker.html

diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/idlharness.html b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/idlharness.html
index 9a3842c4e67f7..ea8743528f67a 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/idlharness.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/idlharness.html
@@ -1,7 +1,7 @@
 <!doctype html>
   <meta charset="utf-8" />
   <meta name="author" title="Keith Cirkel" href="mailto:keithamus@github.com" />
-  <link rel="help" href="https://open-ui.org/components/invokers.explainer/" />
+  <link rel="help" href="https://github.com/WICG/observable" />
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
   <script src="/resources/WebIDLParser.js"></script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any-expected.txt
index 28cc686ff307f..a3fbe87437818 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any-expected.txt
@@ -31,9 +31,9 @@ PASS Subscriber#signal is not the same AbortSignal as the one passed into `subsc
 PASS Subscription does not emit values after completion
 PASS Subscription does not emit values after error
 PASS Completing or nexting a subscriber after an error does nothing
-FAIL Errors pushed to the subscriber that are not handled by the subscription are reported to the global assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
-FAIL Errors thrown in the initializer that are not handled by the subscription are reported to the global assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
-FAIL Subscription reports errors that are pushed after subscriber is closed by completion assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
+PASS Errors pushed to the subscriber that are not handled by the subscription are reported to the global
+PASS Errors thrown in the initializer that are not handled by the subscription are reported to the global
+PASS Subscription reports errors that are pushed after subscriber is closed by completion
 PASS Errors thrown by initializer function after subscriber is closed by completion are reported
 PASS Errors thrown by initializer function after subscriber is closed by error are reported
 PASS Errors pushed by initializer function after subscriber is closed by error are reported
@@ -52,4 +52,7 @@ PASS Teardowns should be called when subscription is closed by completion
 PASS Teardowns should be called when subscription is closed by subscriber pushing an error
 PASS Teardowns should be called when subscription is closed by subscriber throwing error
 PASS Teardowns should be called synchronously during addTeardown() if the subscription is inactive
+FAIL Multiple subscriptions share the same producer and teardown runs only after last subscription abort assert_equals: Producer should not be invoked again for second subscription expected 1 but got 2
+FAIL New subscription after complete creates new producer assert_array_equals: lengths differ, expected array ["producer start", "teardown"] length 2, got ["producer start", "producer start", "teardown"] length 3
+FAIL Teardown runs after last unsubscribe regardless of unsubscription order assert_equals: Producer should be invoked once expected 1 but got 3
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.js b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.js
index 109ed284db044..d065c7f044311 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.js
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.js
@@ -404,7 +404,7 @@ test(() => {
 
   // ... still the exception is reported to the global.
   assert_true(errorReported !== null, "Exception was reported to global");
-  assert_equals(errorReported.message, "Uncaught Error: custom error", "Error message matches");
+  assert_true(errorReported.message.includes("custom error"), "Error message matches");
   assert_greater_than(errorReported.lineno, 0, "Error lineno is greater than 0");
   assert_greater_than(errorReported.colno, 0, "Error lineno is greater than 0");
   assert_equals(errorReported.error, error, "Error object is equivalent");
@@ -429,7 +429,7 @@ test(() => {
 
   // ... still the exception is reported to the global.
   assert_true(errorReported !== null, "Exception was reported to global");
-  assert_equals(errorReported.message, "Uncaught Error: custom error", "Error message matches");
+  assert_true(errorReported.message.includes("custom error"), "Error message matches");
   assert_greater_than(errorReported.lineno, 0, "Error lineno is greater than 0");
   assert_greater_than(errorReported.colno, 0, "Error lineno is greater than 0");
   assert_equals(errorReported.error, error, "Error object is equivalent");
@@ -464,7 +464,7 @@ test(() => {
 
   // Error reporting still happens even after  the subscription is closed.
   assert_true(errorReported !== null, "Exception was reported to global");
-  assert_equals(errorReported.message, "Uncaught Error: custom error", "Error message matches");
+  assert_true(errorReported.message.includes("custom error"),"Error message matches");
   assert_greater_than(errorReported.lineno, 0, "Error lineno is greater than 0");
   assert_greater_than(errorReported.colno, 0, "Error lineno is greater than 0");
   assert_equals(errorReported.error, error, "Error object is equivalent");
@@ -1091,3 +1091,111 @@ test(() => {
   assert_array_equals(addTeardownsCalled, ["teardown 1", "teardown 2"],
       "Teardowns called synchronously upon addition end up in FIFO order");
 }, "Teardowns should be called synchronously during addTeardown() if the subscription is inactive");
+
+test(() => {
+  const results = [];
+  let producerInvocations = 0;
+  let teardownInvocations = 0;
+
+  const source = new Observable((subscriber) => {
+    producerInvocations++;
+    results.push('producer invoked');
+    subscriber.addTeardown(() => {
+      teardownInvocations++;
+      results.push('teardown invoked');
+    });
+  });
+
+  const ac1 = new AbortController();
+  const ac2 = new AbortController();
+
+  // First subscription.
+  source.subscribe({}, {signal: ac1.signal});
+  assert_equals(producerInvocations, 1,
+      "Producer is invoked once for first subscription");
+
+  // Second subscription should reuse the same producer.
+  source.subscribe({}, {signal: ac2.signal});
+  assert_equals(producerInvocations, 1,
+      "Producer should not be invoked again for second subscription");
+
+  // First unsubscribe.
+  ac1.abort();
+  assert_equals(teardownInvocations, 0,
+      "Teardown not run when first subscriber unsubscribes");
+
+  // Second unsubscribe.
+  ac2.abort();
+  assert_equals(teardownInvocations, 1,
+      "Teardown should run after last subscriber unsubscribes");
+
+  assert_array_equals(results, ['producer invoked', 'teardown invoked']);
+}, "Multiple subscriptions share the same producer and teardown runs only " +
+   "after last subscription abort");
+
+test(() => {
+  const results = [];
+  let activeSubscriber = null;
+
+  const source = new Observable(subscriber => {
+    activeSubscriber = subscriber;
+    results.push('producer start');
+    subscriber.addTeardown(() => results.push('teardown'));
+  });
+
+  // First subscription.
+  const ac1 = new AbortController();
+  source.subscribe({}, {signal: ac1.signal});
+  assert_array_equals(results, ['producer start']);
+
+  // Second subscription.
+  const ac2 = new AbortController();
+  source.subscribe({}, {signal: ac2.signal});
+
+  // Complete the subscription.
+  activeSubscriber.complete();
+  assert_array_equals(results, ['producer start', 'teardown']);
+
+  // Additional subscription after complete.
+  const ac3 = new AbortController();
+  source.subscribe({}, {signal: ac3.signal});
+
+  assert_array_equals(results, ['producer start', 'teardown', 'producer start']);
+}, "New subscription after complete creates new producer");
+
+test(() => {
+  const results = [];
+  let producerInvocations = 0;
+
+  const source = new Observable(subscriber => {
+    producerInvocations++;
+    results.push('producer start');
+    subscriber.addTeardown(() => results.push('teardown'));
+  });
+
+  // Create 3 subscriptions.
+  const ac1 = new AbortController();
+  const ac2 = new AbortController();
+  const ac3 = new AbortController();
+  source.subscribe({}, {signal: ac1.signal});
+  source.subscribe({}, {signal: ac2.signal});
+  source.subscribe({}, {signal: ac3.signal});
+
+  assert_equals(producerInvocations, 1, "Producer should be invoked once");
+
+  // Unsubscribe in a different order.
+  ac2.abort();
+  results.push('after first abort');
+  ac1.abort();
+  results.push('after second abort');
+  ac3.abort();
+  results.push('after final abort');
+
+  assert_array_equals(results, [
+    'producer start',
+    'after first abort',
+    'after second abort',
+    'teardown',
+    'after final abort'
+  ]);
+}, "Teardown runs after last unsubscribe regardless of unsubscription order");
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.worker-expected.txt
index 6e28e11860b77..572f9a73ab487 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.worker-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-constructor.any.worker-expected.txt
@@ -18,9 +18,9 @@ PASS Subscriber#signal is not the same AbortSignal as the one passed into `subsc
 PASS Subscription does not emit values after completion
 PASS Subscription does not emit values after error
 PASS Completing or nexting a subscriber after an error does nothing
-FAIL Errors pushed to the subscriber that are not handled by the subscription are reported to the global assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
-FAIL Errors thrown in the initializer that are not handled by the subscription are reported to the global assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
-FAIL Subscription reports errors that are pushed after subscriber is closed by completion assert_equals: Error message matches expected "Uncaught Error: custom error" but got "Error: custom error"
+PASS Errors pushed to the subscriber that are not handled by the subscription are reported to the global
+PASS Errors thrown in the initializer that are not handled by the subscription are reported to the global
+PASS Subscription reports errors that are pushed after subscriber is closed by completion
 PASS Errors thrown by initializer function after subscriber is closed by completion are reported
 PASS Errors thrown by initializer function after subscriber is closed by error are reported
 PASS Errors pushed by initializer function after subscriber is closed by error are reported
@@ -39,4 +39,7 @@ PASS Teardowns should be called when subscription is closed by completion
 PASS Teardowns should be called when subscription is closed by subscriber pushing an error
 PASS Teardowns should be called when subscription is closed by subscriber throwing error
 PASS Teardowns should be called synchronously during addTeardown() if the subscription is inactive
+FAIL Multiple subscriptions share the same producer and teardown runs only after last subscription abort assert_equals: Producer should not be invoked again for second subscription expected 1 but got 2
+FAIL New subscription after complete creates new producer assert_array_equals: lengths differ, expected array ["producer start", "teardown"] length 2, got ["producer start", "producer start", "teardown"] length 3
+FAIL Teardown runs after last unsubscribe regardless of unsubscription order assert_equals: Producer should be invoked once expected 1 but got 3
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any-expected.txt
new file mode 100644
index 0000000000000..24624ebe99ae1
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any-expected.txt
@@ -0,0 +1,88 @@
+
+FAIL finally(): Mirrors all values and completions from source source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally called");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Mirrors all values and errors from the source source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally called");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Callback handler fires BEFORE the source observable completes source.finally is not a function. (In 'source.finally(() => {
+    results.push("finally handler");
+  })', 'source.finally' is undefined)
+FAIL finally(): Callback handler fires BEFORE the source observable errors source.finally is not a function. (In 'source.finally(() => {
+    results.push("finally handler");
+  })', 'source.finally' is undefined)
+FAIL finally(): Handlers run in composition order source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally handler 1");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Errors thrown in the finally handler (during Subscriber#error()) are reported to the global immediately source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      throw new Error("error from finally");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Errors thrown in the finally handler (during Subscriber#complete()) are reported to the global immediately source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      throw new Error("error from finally");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Callback is run if consumer aborts the subscription source
+    .finally is not a function. (In 'source
+    .finally(() => results.push("downstream finally handler"))', 'source
+    .finally' is undefined)
+FAIL finally(): Callback is run before next inner subscription in flatMap() new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap is not a function. (In 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap((value) => {
+    results.push(`flatMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  })', 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap' is undefined)
+FAIL finally(): Callback is run before next inner subscription in switchMap() new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap is not a function. (In 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap((value) => {
+    results.push(`switchMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  })', 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap' is undefined)
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.html b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.html
new file mode 100644
index 0000000000000..2382913528e69
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.html
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js
new file mode 100644
index 0000000000000..298907b1b4ca8
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js
@@ -0,0 +1,265 @@
+// Because we test that the global error handler is called at various times.
+setup({allow_uncaught_exception: true});
+
+test(() => {
+  const source = new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.next(3);
+    subscriber.complete();
+  });
+
+  const results = [];
+
+  source
+    .finally(() => {
+      results.push("finally called");
+    })
+    .subscribe({
+      next: (value) => results.push(value),
+      error: (e) => results.push(e.message),
+      complete: () => results.push("complete"),
+    });
+
+  assert_array_equals(results, [1, 2, 3, "finally called", "complete"],
+      "finally is called with teardown timing, before complete() is forwarded");
+}, "finally(): Mirrors all values and completions from source");
+
+test(() => {
+  const source = new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.next(3);
+    subscriber.error(new Error("error from source"));
+  });
+
+  const results = [];
+
+  source
+    .finally(() => {
+      results.push("finally called");
+    })
+    .subscribe({
+      next: (value) => results.push(value),
+      error: (e) => results.push(e.message),
+      complete: () => results.push("complete"),
+    });
+
+  assert_array_equals(results, [1, 2, 3, "finally called", "error from source"],
+      "finally is called with teardown timing, before complete() is forwarded");
+}, "finally(): Mirrors all values and errors from the source");
+
+test(() => {
+  const results = [];
+
+  const source = new Observable((subscriber) => {
+    results.push("source subscribe");
+    subscriber.addTeardown(() => results.push("source teardown"));
+    results.push("source send complete");
+    subscriber.complete();
+  });
+
+  const result = source.finally(() => {
+    results.push("finally handler");
+  });
+
+  result.subscribe({
+    complete: () => results.push("result complete"),
+  });
+
+  assert_array_equals(results, [
+    "source subscribe",
+    "source send complete",
+    "source teardown",
+    "finally handler",
+    "result complete",
+  ]);
+}, "finally(): Callback handler fires BEFORE the source observable completes");
+
+test(() => {
+  const results = [];
+
+  const source = new Observable((subscriber) => {
+    results.push("source subscribe");
+    subscriber.addTeardown(() => results.push("source teardown"));
+    results.push("source send error");
+    subscriber.error(new Error("error from source"));
+  });
+
+  const result = source.finally(() => {
+    results.push("finally handler");
+  });
+
+  result.subscribe({
+    error: (e) => results.push(e.message),
+  });
+
+  assert_array_equals(results, [
+    "source subscribe",
+    "source send error",
+    "source teardown",
+    "finally handler",
+    "error from source",
+  ]);
+}, "finally(): Callback handler fires BEFORE the source observable errors");
+
+test(() => {
+  const results = [];
+
+  const source = new Observable((subscriber) => {
+    subscriber.complete();
+  });
+
+  const result = source
+    .finally(() => {
+      results.push("finally handler 1");
+    })
+    .finally(() => {
+      results.push("finally handler 2");
+    });
+
+  result.subscribe({ complete: () => results.push("result complete") });
+
+  assert_array_equals(results,
+    ["finally handler 1", "finally handler 2", "result complete"]);
+}, "finally(): Handlers run in composition order");
+
+test(() => {
+  const source = new Observable(subscriber => {
+    subscriber.error("producer error");
+  });
+
+  const results = [];
+
+  self.addEventListener('error', e => results.push(e.error.message), {once: true});
+
+  source
+    .finally(() => {
+      throw new Error("error from finally");
+    })
+    .subscribe({
+      next: () => results.push("next"),
+      error: (e) => results.push(e),
+      complete: () => results.push("complete"),
+    });
+
+  assert_array_equals(results, ["error from finally", "producer error"]);
+}, "finally(): Errors thrown in the finally handler " +
+   "(during Subscriber#error()) are reported to the global immediately");
+
+test(() => {
+  const source = new Observable((subscriber) => {
+    subscriber.complete();
+  });
+
+  const results = [];
+
+  self.addEventListener('error', e => results.push(e.error.message), {once: true});
+
+  source
+    .finally(() => {
+      throw new Error("error from finally");
+    })
+    .subscribe({
+      next: () => results.push("next"),
+      error: (e) => results.push("unreached"),
+      complete: () => results.push("complete"),
+    });
+
+  assert_array_equals(results, ["error from finally", "complete"]);
+}, "finally(): Errors thrown in the finally handler " +
+   "(during Subscriber#complete()) are reported to the global immediately");
+
+test(() => {
+  const results = [];
+
+  const source = new Observable((subscriber) => {
+    subscriber.addTeardown(() => results.push("source teardown"));
+  });
+
+  const controller = new AbortController();
+
+  source
+    .finally(() => results.push("downstream finally handler"))
+    .subscribe({}, { signal: controller.signal });
+
+  controller.abort();
+
+  assert_array_equals(results, ["source teardown", "downstream finally handler"]);
+}, "finally(): Callback is run if consumer aborts the subscription");
+
+test(() => {
+  const results = [];
+  const result = new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap((value) => {
+    results.push(`flatMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  });
+
+  result.subscribe({
+    next: (value) => results.push(`result ${value}`),
+    complete: () => results.push("result complete"),
+  });
+
+  assert_array_equals(results, [
+    "flatMap 1",
+    "result 1",
+    "result 1",
+    "result 1",
+    "finally 1",
+    "flatMap 2",
+    "result 2",
+    "result 2",
+    "result 2",
+    "finally 2",
+    "result complete",
+  ]);
+}, "finally(): Callback is run before next inner subscription in flatMap()");
+
+test(() => {
+  const results = [];
+  const result = new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap((value) => {
+    results.push(`switchMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  });
+
+  result.subscribe({
+    next: (value) => results.push(`result ${value}`),
+    complete: () => results.push("result complete"),
+  });
+
+  assert_array_equals(results, [
+    "switchMap 1",
+    "result 1",
+    "result 1",
+    "result 1",
+    "finally 1",
+    "switchMap 2",
+    "result 2",
+    "result 2",
+    "result 2",
+    "finally 2",
+    "result complete",
+  ]);
+}, "finally(): Callback is run before next inner subscription in switchMap()");
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker-expected.txt
new file mode 100644
index 0000000000000..24624ebe99ae1
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker-expected.txt
@@ -0,0 +1,88 @@
+
+FAIL finally(): Mirrors all values and completions from source source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally called");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Mirrors all values and errors from the source source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally called");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Callback handler fires BEFORE the source observable completes source.finally is not a function. (In 'source.finally(() => {
+    results.push("finally handler");
+  })', 'source.finally' is undefined)
+FAIL finally(): Callback handler fires BEFORE the source observable errors source.finally is not a function. (In 'source.finally(() => {
+    results.push("finally handler");
+  })', 'source.finally' is undefined)
+FAIL finally(): Handlers run in composition order source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      results.push("finally handler 1");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Errors thrown in the finally handler (during Subscriber#error()) are reported to the global immediately source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      throw new Error("error from finally");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Errors thrown in the finally handler (during Subscriber#complete()) are reported to the global immediately source
+    .finally is not a function. (In 'source
+    .finally(() => {
+      throw new Error("error from finally");
+    })', 'source
+    .finally' is undefined)
+FAIL finally(): Callback is run if consumer aborts the subscription source
+    .finally is not a function. (In 'source
+    .finally(() => results.push("downstream finally handler"))', 'source
+    .finally' is undefined)
+FAIL finally(): Callback is run before next inner subscription in flatMap() new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap is not a function. (In 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap((value) => {
+    results.push(`flatMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  })', 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).flatMap' is undefined)
+FAIL finally(): Callback is run before next inner subscription in switchMap() new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap is not a function. (In 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap((value) => {
+    results.push(`switchMap ${value}`);
+    return new Observable((subscriber) => {
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.next(value);
+      subscriber.complete();
+    }).finally(() => {
+      results.push(`finally ${value}`);
+    });
+  })', 'new Observable((subscriber) => {
+    subscriber.next(1);
+    subscriber.next(2);
+    subscriber.complete();
+  }).switchMap' is undefined)
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker.html b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker.html
new file mode 100644
index 0000000000000..2382913528e69
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.worker.html
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.js b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.js
index d90104ffcd625..b5fcb5ed1fc6c 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.js
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.js
@@ -133,8 +133,14 @@ test(() => {
 
 // This tests that once `Observable.from()` detects a non-null and non-undefined
 // `[Symbol.iterator]` property, we've committed to converting as an iterable.
-// If the value of that property is not callable, we don't silently move on to
-// the next conversion type — we throw a TypeError;
+// If the value of that property is then not callable, we don't silently move on
+// to the next conversion type — we throw a TypeError.
+//
+// That's because that's what TC39's `GetMethod()` [1] calls for, which is what
+// `Observable.from()` first uses in the iterable conversion branch [2].
+//
+// [1]: https://tc39.es/ecma262/multipage/abstract-operations.html#sec-getmethod
+// [2]: http://wicg.github.io/observable/#from-iterable-conversion
 test(() => {
   let results = [];
   const iterable = {
@@ -149,11 +155,81 @@ test(() => {
   }
 
   assert_true(errorThrown instanceof TypeError);
-  assert_equals(errorThrown.message,
-      "Failed to execute 'from' on 'Observable': @@iterator must be a " +
-      "callable.");
 }, "from(): [Symbol.iterator] not callable");
 
+test(() => {
+  let results = [];
+  const iterable = {
+    calledOnce: false,
+    get [Symbol.iterator]() {
+      if (this.calledOnce) {
+        // Return a non-callable primitive the second time `@@iterator` is
+        // called.
+        return 10;
+      }
+
+      this.calledOnce = true;
+      return this.validImplementation;
+    },
+    validImplementation: () => {
+      return {
+        next() { return {done: true}; }
+      }
+    }
+  };
+
+  let errorThrown = null;
+
+  const observable = Observable.from(iterable);
+  observable.subscribe({
+    next: v => results.push("should not be called"),
+    error: e => {
+      errorThrown = e;
+      results.push(e);
+    },
+  });
+
+  assert_array_equals(results, [errorThrown],
+      "An error was plumbed through the Observable");
+  assert_true(errorThrown instanceof TypeError);
+}, "from(): [Symbol.iterator] not callable AFTER SUBSCRIBE throws");
+
+test(() => {
+  let results = [];
+  const iterable = {
+    calledOnce: false,
+    validImplementation: () => {
+      return {
+        next() { return {done: true}; }
+      }
+    },
+    get [Symbol.iterator]() {
+      if (this.calledOnce) {
+        // Return null the second time `@@iterator` is called.
+        return null;
+      }
+
+      this.calledOnce = true;
+      return this.validImplementation;
+    }
+  };
+
+  let errorThrown = null;
+
+  const observable = Observable.from(iterable);
+  observable.subscribe({
+    next: v => results.push("should not be called"),
+    error: e => {
+      errorThrown = e;
+      results.push(e);
+    },
+  });
+
+  assert_array_equals(results, [errorThrown],
+      "An error was plumbed through the Observable");
+  assert_true(errorThrown instanceof TypeError);
+}, "from(): [Symbol.iterator] returns null AFTER SUBSCRIBE throws");
+
 test(() => {
   let results = [];
   const customError = new Error("@@iterator override error");
@@ -520,24 +596,6 @@ test(() => {
 }, "from(): Rethrows the error when Converting an object whose @@iterator " +
    "method *getter* throws an error");
 
-test(() => {
-  const obj = {};
-  // Non-undefined & non-null values of the `@@iterator` property are not
-  // allowed. Specifically they fail the the `IsCallable()` test, which fails
-  // Observable conversion.
-  obj[Symbol.iterator] = 10;
-
-  try {
-    Observable.from(obj);
-    assert_unreached("from() conversion throws");
-  } catch(e) {
-    assert_true(e instanceof TypeError);
-    assert_equals(e.message,
-        "Failed to execute 'from' on 'Observable': @@iterator must be a callable.");
-  }
-}, "from(): Throws 'callable' error when @@iterator property is a " +
-   "non-callable primitive");
-
 // This test exercises the line of spec prose that says:
 //
 // "If |asyncIteratorMethodRecord|'s [[Value]] is undefined or null, then jump
@@ -616,28 +674,11 @@ promise_test(async t => {
 
 // This test is a more chaotic version of the above. It ensures that a single
 // Observable can handle multiple in-flight subscriptions to the same underlying
-// async iterable without the two subscriptions competing.
-//
-// This test is added because it is easy to imagine an implementation whereby
-// upon subscription, the Observable's internal subscribe callback takes the
-// underlying async iterable object, and simply pulls the async iterator off of
-// it (by invoking `@@asyncIterator`), and saves it alongside the underlying
-// async iterable. This async iterator would be used to manage values as they
-// are asynchronously emitted from the underlying object, but this value can get
-// OVERWRITTEN by a brand new subscription that comes in before the first
-// subscription has completed. In a broken implementation, this overwriting
-// would prevent the first subscription from ever completing.
+// async iterable without the two subscriptions competing. It asserts that the
+// asynchronous values are pushed to the observers in the correct order.
 promise_test(async t => {
   const async_iterable = {
-    slow: true,
     [Symbol.asyncIterator]() {
-      // The first time @@asyncIterator is called, `shouldBeSlow` is true, and
-      // when the return object takes closure of it, all values are emitted
-      // SLOWLY asynchronously. The second time, `shouldBeSlow` is false, and
-      // all values are emitted FAST but still asynchronous.
-      const shouldBeSlow = this.slow;
-      this.slow = false;
-
       return {
         val: 0,
         next() {
@@ -645,9 +686,9 @@ promise_test(async t => {
           // than a second.
           return new Promise(resolve => {
             t.step_timeout(() => resolve({
-              value: `${this.val}-${shouldBeSlow ? 'slow' : 'fast'}`,
+              value: this.val,
               done: this.val++ === 4 ? true : false,
-            }), shouldBeSlow ? 200 : 0);
+            }), 200);
           });
         },
       };
@@ -657,30 +698,46 @@ promise_test(async t => {
   const results = [];
   const source = Observable.from(async_iterable);
 
-  const subscribeFunction = function(resolve, reject) {
+  const promise = new Promise(resolve => {
     source.subscribe({
-      next: v => results.push(v),
-      complete: () => resolve(),
+      next: v => {
+        results.push(`${v}-first-sub`);
+
+        // Half-way through the first subscription, start another subscription.
+        if (v === 0) {
+          source.subscribe({
+            next: v => results.push(`${v}-second-sub`),
+            complete: () => {
+              results.push('complete-second-sub');
+              resolve();
+            }
+          });
+        }
+      },
+      complete: () => {
+        results.push('complete-first-sub');
+        resolve();
+      }
     });
+  });
 
-    // A broken implementation will rely on this timeout.
-    t.step_timeout(() => reject('TIMEOUT'), 3000);
-  }
-
-  const slow_promise = new Promise(subscribeFunction);
-  const fast_promise = new Promise(subscribeFunction);
-  await Promise.all([slow_promise, fast_promise]);
+  await promise;
   assert_array_equals(results, [
-    '0-fast',
-    '1-fast',
-    '2-fast',
-    '3-fast',
-    '0-slow',
-    '1-slow',
-    '2-slow',
-    '3-slow',
+    '0-first-sub',
+
+    '1-first-sub',
+    '1-second-sub',
+
+    '2-first-sub',
+    '2-second-sub',
+
+    '3-first-sub',
+    '3-second-sub',
+
+    'complete-first-sub',
+    'complete-second-sub',
   ]);
-}, "from(): Asynchronous iterable multiple in-flight subscriptions competing");
+}, "from(): Asynchronous iterable multiple in-flight subscriptions");
 // This test is like the above, ensuring that multiple subscriptions to the same
 // sync-iterable-converted-Observable can exist at a time. Since sync iterables
 // push all of their values to the Observable synchronously, the way to do this
@@ -693,24 +750,27 @@ test(() => {
   const source = Observable.from(array);
   source.subscribe({
     next: v => {
-      results.push(v);
+      results.push(`${v}-first-sub`);
       if (v === 3) {
         // Pushes all 5 values to `results` right after the first instance of `3`.
         source.subscribe({
-          next: v => results.push(v),
-          complete: () => results.push('inner complete'),
+          next: v => results.push(`${v}-second-sub`),
+          complete: () => results.push('complete-second-sub'),
         });
       }
     },
-    complete: () => results.push('outer complete'),
+    complete: () => results.push('complete-first-sub'),
   });
 
   assert_array_equals(results, [
-    1, 2, 3,
-    1, 2, 3, 4, 5, 'inner complete',
-    4, 5, 'outer complete'
+    // These values are pushed when there is only a single subscription.
+    '1-first-sub', '2-first-sub', '3-first-sub',
+    // These values are pushed in the correct order, for two subscriptions.
+    '4-first-sub', '4-second-sub',
+    '5-first-sub', '5-second-sub',
+    'complete-first-sub', 'complete-second-sub',
   ]);
-}, "from(): Sync iterable multiple in-flight subscriptions competing");
+}, "from(): Sync iterable multiple in-flight subscriptions");
 
 promise_test(async () => {
   const async_generator = async function*() {
@@ -1376,90 +1436,126 @@ promise_test(async t => {
 test(() => {
   const results = [];
   const iterable = {
-    impl() {
-      return {
-        next() {
-          results.push('next() running');
-          return {done: true};
-        }
+    getter() {
+      results.push('GETTER called');
+      return () => {
+        results.push('Obtaining iterator');
+        return {
+          next() {
+            results.push('next() running');
+            return {done: true};
+          }
+        };
       };
     }
   };
 
-  iterable[Symbol.iterator] = iterable.impl;
+  Object.defineProperty(iterable, Symbol.iterator, {
+    get: iterable.getter
+  });
   {
     const source = Observable.from(iterable);
+    assert_array_equals(results, ["GETTER called"]);
     source.subscribe({}, {signal: AbortSignal.abort()});
-    assert_array_equals(results, []);
+    assert_array_equals(results, ["GETTER called"]);
   }
   iterable[Symbol.iterator] = undefined;
-  iterable[Symbol.asyncIterator] = iterable.impl;
+  Object.defineProperty(iterable, Symbol.asyncIterator, {
+    get: iterable.getter
+  });
   {
     const source = Observable.from(iterable);
+    assert_array_equals(results, ["GETTER called", "GETTER called"]);
     source.subscribe({}, {signal: AbortSignal.abort()});
-    assert_array_equals(results, []);
+    assert_array_equals(results, ["GETTER called", "GETTER called"]);
   }
 }, "from(): Subscribing to an iterable Observable with an aborted signal " +
    "does not call next()");
 
 test(() => {
-  const results = [];
-  const ac = new AbortController();
+  let results = [];
 
   const iterable = {
-    [Symbol.iterator]() {
-      ac.abort();
-      return {
-        val: 0,
-        next() {
-          results.push('next() called');
-          return {done: true};
-        },
-        return() {
-          results.push('return() called');
-        }
+    controller: null,
+    calledOnce: false,
+    getter() {
+      results.push('GETTER called');
+      if (!this.calledOnce) {
+        this.calledOnce = true;
+        return () => {
+          results.push('NOT CALLED');
+          // We don't need to return anything here. The only time this path is
+          // hit is during `Observable.from()` which doesn't actually obtain an
+          // iterator. It just samples the iterable protocol property to ensure
+          // that it's valid.
+        };
+      }
+
+      // This path is only called the second time the iterator protocol getter
+      // is run.
+      this.controller.abort();
+      return () => {
+        results.push('iterator obtained');
+        return {
+          val: 0,
+          next() {
+            results.push('next() called');
+            return {done: true};
+          },
+          return() {
+            results.push('return() called');
+          }
+        };
       };
     }
- };
+  };
 
-  const source = Observable.from(iterable);
-  source.subscribe({
-    next: v => results.push(v),
-    complete: () => results.push('complete'),
-  }, {signal: ac.signal});
+  // Test for sync iterators.
+  {
+    const ac = new AbortController();
+    iterable.controller = ac;
+    Object.defineProperty(iterable, Symbol.iterator, {
+      get: iterable.getter,
+    });
 
-  assert_array_equals(results, []);
-}, "from(): When iterable conversion aborts the subscription, next() is " +
-   "never called");
-test(() => {
-  const results = [];
-  const ac = new AbortController();
+    const source = Observable.from(iterable);
+    assert_false(ac.signal.aborted, "[Sync iterator]: signal is not yet aborted after from() conversion");
+    assert_array_equals(results, ["GETTER called"]);
 
-  const iterable = {
-    [Symbol.asyncIterator]() {
-      ac.abort();
-      return {
-        val: 0,
-        next() {
-          results.push('next() called');
-          return {done: true};
-        },
-        return() {
-          results.push('return() called');
-        }
-      };
-    }
-  };
+    source.subscribe({
+      next: n => results.push(n),
+      complete: () => results.push('complete'),
+    }, {signal: ac.signal});
+    assert_true(ac.signal.aborted, "[Sync iterator]: signal is aborted during subscription");
+    assert_array_equals(results, ["GETTER called", "GETTER called", "iterator obtained"]);
+  }
 
-  const source = Observable.from(iterable);
-  source.subscribe({
-    next: v => results.push(v),
-    complete: () => results.push('complete'),
-  }, {signal: ac.signal});
+  results = [];
 
-  assert_array_equals(results, []);
-}, "from(): When async iterable conversion aborts the subscription, next() " +
-   "is never called");
+  // Test for async iterators.
+  {
+    // Reset `iterable` so it can be reused.
+    const ac = new AbortController();
+    iterable.controller = ac;
+    iterable.calledOnce = false;
+    iterable[Symbol.iterator] = undefined;
+    Object.defineProperty(iterable, Symbol.asyncIterator, {
+      get: iterable.getter
+    });
+
+    const source = Observable.from(iterable);
+    assert_false(ac.signal.aborted, "[Async iterator]: signal is not yet aborted after from() conversion");
+    assert_array_equals(results, ["GETTER called"]);
+
+    source.subscribe({
+      next: n => results.push(n),
+      complete: () => results.push('complete'),
+    }, {signal: ac.signal});
+    assert_true(ac.signal.aborted, "[Async iterator]: signal is aborted during subscription");
+    assert_array_equals(results, ["GETTER called", "GETTER called", "iterator obtained"]);
+  }
+}, "from(): When iterable conversion aborts the subscription, next() is " +
+   "never called");
 
 // This test asserts some very subtle behavior with regard to async iterables
 // and a mid-subscription signal abort. Specifically it detects that a signal
@@ -1556,3 +1652,79 @@ test(() => {
   ac.abort(); // Must do nothing!
   assert_array_equals(results, [0, 1, 2, 3, 'complete']);
 }, "from(): Abort after complete does NOT call IteratorRecord#return()");
+
+test(() => {
+  const controller = new AbortController();
+  // Invalid @@asyncIterator protocol that also aborts the subscription. By the
+  // time the invalid-ness of the protocol is detected, the controller has been
+  // aborted, meaning that invalid-ness cannot manifest itself in the form of an
+  // error that goes to the Observable's subscriber. Instead, it gets reported
+  // to the global.
+  const asyncIterable = {
+    calledOnce: false,
+    get[Symbol.asyncIterator]() {
+      // This `calledOnce` path is to ensure the Observable first converts
+      // correctly via `Observable.from()`, but *later* fails in the path where
+      // `@@asyncIterator` is null.
+      if (this.calledOnce) {
+        controller.abort();
+        return null;
+      } else {
+        this.calledOnce = true;
+        return this.validImplementation;
+      }
+    },
+    validImplementation() {
+      controller.abort();
+      return null;
+    }
+  };
+
+  let reportedError = null;
+  self.addEventListener("error", e => reportedError = e.error, {once: true});
+
+  let errorThrown = null;
+  const observable = Observable.from(asyncIterable);
+  observable.subscribe({
+    error: e => errorThrown = e,
+  }, {signal: controller.signal});
+
+  assert_equals(errorThrown, null, "Protocol error is not surfaced to the Subscriber");
+
+  assert_not_equals(reportedError, null, "Protocol error is reported to the global");
+  assert_true(reportedError instanceof TypeError);
+}, "Invalid async iterator protocol error is surfaced before Subscriber#signal is consulted");
+
+test(() => {
+  const controller = new AbortController();
+  const iterable = {
+    calledOnce: false,
+    get[Symbol.iterator]() {
+      if (this.calledOnce) {
+        controller.abort();
+        return null;
+      } else {
+        this.calledOnce = true;
+        return this.validImplementation;
+      }
+    },
+    validImplementation() {
+      controller.abort();
+      return null;
+    }
+  };
+
+  let reportedError = null;
+  self.addEventListener("error", e => reportedError = e.error, {once: true});
+
+  let errorThrown = null;
+  const observable = Observable.from(iterable);
+  observable.subscribe({
+    error: e => errorThrown = e,
+  }, {signal: controller.signal});
+
+  assert_equals(errorThrown, null, "Protocol error is not surfaced to the Subscriber");
+
+  assert_not_equals(reportedError, null, "Protocol error is reported to the global");
+  assert_true(reportedError instanceof TypeError);
+}, "Invalid iterator protocol error is surfaced before Subscriber#signal is consulted");
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.worker-expected.txt
index e22ccdc1598e2..14c949bc39896 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.worker-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-from.any.worker-expected.txt
@@ -5,7 +5,9 @@ FAIL from(): Given an observable, it returns that exact observable target.when i
 FAIL from(): Given an array Observable.from is not a function. (In 'Observable.from(array)', 'Observable.from' is undefined)
 FAIL from(): Iterable converts to Observable Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): [Symbol.iterator] side-effects (one observable) Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
-FAIL from(): [Symbol.iterator] not callable assert_equals: expected "Failed to execute 'from' on 'Observable': @@iterator must be a callable." but got "Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)"
+PASS from(): [Symbol.iterator] not callable
+FAIL from(): [Symbol.iterator] not callable AFTER SUBSCRIBE throws Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
+FAIL from(): [Symbol.iterator] returns null AFTER SUBSCRIBE throws Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): [Symbol.iterator] is not cached Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): [Symbol.iterator] side-effects (many observables) Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): [Symbol.iterator] next() throws error Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
@@ -16,11 +18,10 @@ FAIL from(): Observable that implements @@iterator protocol gets converted as an
 FAIL from(): Promise that implements @@iterator protocol gets converted as an iterable, not Promise Observable.from is not a function. (In 'Observable.from(promise)', 'Observable.from' is undefined)
 FAIL from(): Promise whose [Symbol.iterator] returns null converts as Promise promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(promise)', 'Observable.from' is undefined)"
 FAIL from(): Rethrows the error when Converting an object whose @@iterator method *getter* throws an error assert_equals: expected object "Error: thrown from @@iterator getter" but got object "TypeError: Observable.from is not a function. (In 'Observable.from(obj)', 'Observable.from' is undefined)"
-FAIL from(): Throws 'callable' error when @@iterator property is a non-callable primitive assert_equals: expected "Failed to execute 'from' on 'Observable': @@iterator must be a callable." but got "Observable.from is not a function. (In 'Observable.from(obj)', 'Observable.from' is undefined)"
 FAIL from(): Async iterable protocol null, converts as iterator Observable.from is not a function. (In 'Observable.from(sync_iterable)', 'Observable.from' is undefined)
 FAIL from(): Asynchronous iterable conversion promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(async_iterable)', 'Observable.from' is undefined)"
-FAIL from(): Asynchronous iterable multiple in-flight subscriptions competing promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(async_iterable)', 'Observable.from' is undefined)"
-FAIL from(): Sync iterable multiple in-flight subscriptions competing Observable.from is not a function. (In 'Observable.from(array)', 'Observable.from' is undefined)
+FAIL from(): Asynchronous iterable multiple in-flight subscriptions promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(async_iterable)', 'Observable.from' is undefined)"
+FAIL from(): Sync iterable multiple in-flight subscriptions Observable.from is not a function. (In 'Observable.from(array)', 'Observable.from' is undefined)
 FAIL from(): Asynchronous generator conversion: can only be used once promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(async_generator())', 'Observable.from' is undefined)"
 FAIL from(): Promise-wrapping semantics of IteratorResult interface promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(async_iterable)', 'Observable.from' is undefined)"
 FAIL from(): Errors thrown in Symbol.asyncIterator() are propagated synchronously Observable.from is not a function. (In 'Observable.from(async_iterable)', 'Observable.from' is undefined)
@@ -41,7 +42,8 @@ FAIL from(): Sync iterable: error thrown from IteratorRecord#return() can be syn
 FAIL from(): Async iterable: error thrown from IteratorRecord#return() is wrapped in rejected Promise promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)"
 FAIL from(): Subscribing to an iterable Observable with an aborted signal does not call next() Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): When iterable conversion aborts the subscription, next() is never called Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
-FAIL from(): When async iterable conversion aborts the subscription, next() is never called Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 FAIL from(): Aborting an async iterable subscription stops subsequent next() calls, but old next() Promise reactions are web-observable promise_test: Unhandled rejection with value: object "TypeError: Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)"
 FAIL from(): Abort after complete does NOT call IteratorRecord#return() Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
+FAIL Invalid async iterator protocol error is surfaced before Subscriber#signal is consulted Observable.from is not a function. (In 'Observable.from(asyncIterable)', 'Observable.from' is undefined)
+FAIL Invalid iterator protocol error is surfaced before Subscriber#signal is consulted Observable.from is not a function. (In 'Observable.from(iterable)', 'Observable.from' is undefined)
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any-expected.txt
index bae439d55ecd8..25b2edd2044b6 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any-expected.txt
@@ -12,5 +12,5 @@ PASS inspect(): Throwing an error in the next handler function in do should be c
 PASS inspect(): Errors thrown in subscribe() Inspector handler subscribe handler are caught and sent to error callback
 PASS inspect(): Provides a way to tap into the moment a source observable is unsubscribed from
 PASS inspect(): Inspector abort() handler is not called if the source completes before the result is unsubscribed from
-FAIL inspect(): Errors thrown from inspect()'s abort() handler are caught and reported to the global, because the subscription is already closed by the time the handler runs self.when is not a function. (In 'self.when('error')', 'self.when' is undefined)
+FAIL inspect(): Errors thrown from inspect()'s abort() handler are caught and reported to the global, because the subscription is already closed by the time the handler runs self.when is not a function. (In 'self.when("error")', 'self.when' is undefined)
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.js b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.js
index 2b67dd9f3d3a8..24a7a5c8d4841 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.js
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.js
@@ -20,20 +20,20 @@ test(() => {
       results.push(`inspect() subscribe ${inspectSubscribeCall}`);
     },
     next: (value) => results.push(`inspect() next ${value}`),
-    error: (e) => results.push(`inspect() error ${e.message}`),
-    complete: () => results.push(`inspect() complete`),
+    error: () => results.push('inspect() error'),
+    complete: () => results.push('inspect() complete'),
   });
 
   result.subscribe({
     next: (value) => results.push(`result next ${value}`),
-    error: (e) => results.push(`result error ${e.message}`),
-    complete: () => results.push(`result complete`),
+    error: () => results.push('result error'),
+    complete: () => results.push('result complete'),
   });
 
   result.subscribe({
     next: (value) => results.push(`result next ${value}`),
-    error: (e) => results.push(`result error ${e.message}`),
-    complete: () => results.push(`result complete`),
+    error: () => results.push('result error'),
+    complete: () => results.push('result complete'),
   });
 
   assert_array_equals(results,
@@ -267,21 +267,22 @@ test(() => {
 
 test(() => {
   const source = new Observable(subscriber => {});
+  const error = new Error("error from do subscribe handler");
 
   const result = source.inspect({
     subscribe: () => {
-      throw new Error("error from do subscribe handler");
+      throw error;
     },
   });
 
   const results = [];
   result.subscribe({
     next: () => results.push("next"),
-    error: (e) => results.push(e.message),
+    error: (e) => results.push(e),
     complete: () => results.push("complete"),
   });
 
-  assert_array_equals(results, ["error from do subscribe handler"]);
+  assert_array_equals(results, [error]);
 }, "inspect(): Errors thrown in subscribe() Inspector handler subscribe " +
    "handler are caught and sent to error callback");
 
@@ -306,7 +307,7 @@ test(() => {
       results.push(`inspect() abort ${doUnsubscribeCall} ${reason}`);
     },
     next: (value) => results.push(`inspect() next ${value}`),
-    error: (e) => results.push(`inspect() error ${e.message}`),
+    error: () => results.push('inspect() error'),
     complete: () => results.push(`inspect() complete`),
   });
 
@@ -318,7 +319,7 @@ test(() => {
         controller.abort("abort reason");
       }
     },
-    error: (e) => results.push(`result error ${e.message}`),
+    error: () => results.push('result error'),
     complete: () => results.push(`result complete`),
   }, { signal: controller.signal });
 
@@ -381,32 +382,39 @@ test(() => {
   });
 
   const results = [];
+  const error = new Error("error from inspect() subscribe handler");
 
   const result = source.inspect({
     abort: () => {
-      results.push('abort() handler run');
-      throw new Error("error from inspect() subscribe handler");
+      results.push("abort() handler run");
+      throw error;
     },
   });
 
   const controller = new AbortController();
 
-  self.when('error').take(1).subscribe(e =>
-      results.push(e.message + ', from report exception'));
+  self.when("error").take(1).subscribe((e) => {
+    results.push("from report exception");
+    results.push(e.error);
+  });
 
   result.subscribe({
     next: (value) => {
       results.push(value);
       controller.abort();
     },
-    // This should not be invoked at all!!
-    error: (e) => results.push(e.message + ', from Observer#error()'),
+    error: () => {
+      assert_unreached("This should not be invoked at all!!");
+    },
     complete: () => results.push("complete"),
-  }, {signal: controller.signal});
+  }, { signal: controller.signal });
 
-  assert_array_equals(results, [1, "abort() handler run",
-      "Uncaught Error: error from inspect() subscribe handler, from report " +
-      "exception"]);
+  assert_array_equals(results, [
+    1,
+    "abort() handler run",
+    "from report exception",
+    error,
+  ]);
 }, "inspect(): Errors thrown from inspect()'s abort() handler are caught " +
    "and reported to the global, because the subscription is already closed " +
    "by the time the handler runs");
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.worker-expected.txt
index d3a02a0528ee0..16690609dea9a 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.worker-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-inspect.any.worker-expected.txt
@@ -11,5 +11,5 @@ PASS inspect(): Throwing an error in the next handler function in do should be c
 PASS inspect(): Errors thrown in subscribe() Inspector handler subscribe handler are caught and sent to error callback
 PASS inspect(): Provides a way to tap into the moment a source observable is unsubscribed from
 PASS inspect(): Inspector abort() handler is not called if the source completes before the result is unsubscribed from
-FAIL inspect(): Errors thrown from inspect()'s abort() handler are caught and reported to the global, because the subscription is already closed by the time the handler runs self.when is not a function. (In 'self.when('error')', 'self.when' is undefined)
+FAIL inspect(): Errors thrown from inspect()'s abort() handler are caught and reported to the global, because the subscription is already closed by the time the handler runs self.when is not a function. (In 'self.when("error")', 'self.when' is undefined)
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-takeUntil.any.js b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-takeUntil.any.js
index f2e99b8cbec88..c71f92e276a0f 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-takeUntil.any.js
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-takeUntil.any.js
@@ -347,7 +347,7 @@ promise_test(async t => {
 
   assert_false(errorCallbackCalled);
   assert_true(errorReported !== null, "Exception was reported to global");
-  assert_equals(errorReported.message, "Uncaught error 2", "Error message matches");
+  assert_true(errorReported.message.includes("error 2"), "Error message matches");
   assert_greater_than(errorReported.lineno, 0, "Error lineno is greater than 0");
   assert_greater_than(errorReported.colno, 0, "Error lineno is greater than 0");
   assert_equals(errorReported.error, 'error 2', "Error object is equivalent (just a string)");
diff --git a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/w3c-import.log
index 753282409daba..959d6dcfd5ec0 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/w3c-import.log
+++ b/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/w3c-import.log
@@ -23,6 +23,7 @@ List of files:
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-event-target.window.js
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-every.any.js
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-filter.any.js
+/LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-finally.any.js
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-find.any.js
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-first.any.js
 /LayoutTests/imported/w3c/web-platform-tests/dom/observable/tentative/observable-flatMap.any.js

From a9d2d3b8f58696db838bdff95cdc85fe1a4f3a4e Mon Sep 17 00:00:00 2001
From: Richard Robinson <richard_robinson2@apple.com>
Date: Sun, 23 Feb 2025 23:26:09 -0800
Subject: [PATCH 114/174] [SwiftUI] Changing the `webViewContentBackground`
 value doesn't always apply the new value on macOS
 https://bugs.webkit.org/show_bug.cgi?id=287963 rdar://145142533

Reviewed by Aditya Keerthi.

Toggling the `webViewContentBackground` view modifier to `.hidden` sometimes has no effect. This is
because of an underlying issue in the existing `_drawsBackground` SPI; specifically, toggling this
value after web content is loaded is not guaranteed to actually hide the background.

This is because after some content is loaded or changed, the `RenderLayerCompositor::updateOverflowControlsLayers` method gets called.
This method checks if an "overhang area" layer is required, and if so, it adds an opaque overhang area layer,
effectively giving the web view an opaque background color. This logic is sound, since the check to determine
if such a layer is required is done via `RenderLayerCompositor::requiresOverhangAreasLayer` which checks to
see if the frame view has an opaque background. If it does not, it returns `false` as expected.

However, the problem is that after the overhang area layer is added, if the web view background is then changed
to a non-opaque color (as is done when `_drawsBackground` is `false`), the `RenderLayerCompositor::updateOverflowControlsLayers`
method isn't guaranteed to be called again and therefore doesn't have a chance to update the presence of the
overhang area layer.

To fix, ensure that `updateOverflowControlsLayers` is called whenever the frame view's background color changes
so that it can properly update the overhang area.

* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::updateBackgroundRecursively):

Call `frameViewDidChangeBackground` when the background needs updating.

* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::frameViewDidChangeBackground):
* Source/WebCore/rendering/RenderLayerCompositor.h:

Add a method similar to `frameViewDidChangeSize`, to ensure `updateOverflowControlsLayers` gets called.

* Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift:
(WebViewRepresentable.updatePlatformView(_:context:)):

Optimization to only call the setters if the value actually changes.

* Tools/SwiftBrowser/Source/ViewModel/AppStorageKeys.swift:
* Tools/SwiftBrowser/Source/Views/ContentView.swift:
(ContentView.backgroundHidden):
(ContentView.body):
* Tools/SwiftBrowser/Source/Views/SettingsView.swift:
(BinaryValuePicker.value):
(BinaryValuePicker.body):
(GeneralSettingsView.body):
(ScrollBounceBehaviorPicker.basedOnSize): Deleted.
(ScrollBounceBehaviorPicker.body): Deleted.

Use this view modifier in SwiftBrowser.

* Tools/TestWebKitAPI/Tests/mac/BackgroundColor.mm:
(TestWebKitAPI::testDrawsBackgroundAfterLoadingWebContent):
(TestWebKitAPI::TEST(WebKit, DrawsBackgroundAfterLoadingWebContentNoToYes)):
(TestWebKitAPI::TEST(WebKit, DrawsBackgroundAfterLoadingWebContentYesToNo)):

Add tests for this.

Canonical link: https://commits.webkit.org/290935@main
---
 .../rendering/RenderLayerCompositor.cpp       |  3 +
 .../WebViewRepresentable.swift                | 10 +++-
 .../Source/ViewModel/AppStorageKeys.swift     |  1 +
 .../Source/Views/ContentView.swift            |  2 +
 .../Source/Views/SettingsView.swift           | 33 ++++++++---
 .../Tests/mac/BackgroundColor.mm              | 59 +++++++++++++++++++
 6 files changed, 98 insertions(+), 10 deletions(-)

diff --git a/Source/WebCore/rendering/RenderLayerCompositor.cpp b/Source/WebCore/rendering/RenderLayerCompositor.cpp
index ce6378a1b4b1f..9053494ac185a 100644
--- a/Source/WebCore/rendering/RenderLayerCompositor.cpp
+++ b/Source/WebCore/rendering/RenderLayerCompositor.cpp
@@ -1195,6 +1195,9 @@ bool RenderLayerCompositor::updateCompositingLayers(CompositingUpdateType update
         m_renderView.setNeedsRepaintHackAfterCompositingLayerUpdateForDebugOverlaysOnly(false);
     }
 
+    if (m_scrolledContentsLayer)
+        updateOverflowControlsLayers();
+
     return true;
 }
 
diff --git a/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift b/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
index 6e31feab76226..9af54e82e2d99 100644
--- a/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
+++ b/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
@@ -52,10 +52,16 @@ struct WebViewRepresentable {
         webView.allowsBackForwardNavigationGestures = environment.webViewAllowsBackForwardNavigationGestures.value != .disabled
         webView.allowsLinkPreview = environment.webViewAllowsLinkPreview.value != .disabled
 
+        let isOpaque = environment.webViewContentBackground != .hidden
+
 #if os(macOS)
-        webView._drawsBackground = environment.webViewContentBackground != .hidden
+        if webView._drawsBackground != isOpaque {
+            webView._drawsBackground = isOpaque
+        }
 #else
-        webView.isOpaque = environment.webViewContentBackground != .hidden
+        if webView.isOpaque != isOpaque {
+            webView.isOpaque = isOpaque
+        }
 #endif
 
         if EquatableScrollBounceBehavior(environment.verticalScrollBounceBehavior) == .always || EquatableScrollBounceBehavior(environment.verticalScrollBounceBehavior) == .automatic {
diff --git a/Tools/SwiftBrowser/Source/ViewModel/AppStorageKeys.swift b/Tools/SwiftBrowser/Source/ViewModel/AppStorageKeys.swift
index 42c8f00ae577d..f31cd36ca1ccf 100644
--- a/Tools/SwiftBrowser/Source/ViewModel/AppStorageKeys.swift
+++ b/Tools/SwiftBrowser/Source/ViewModel/AppStorageKeys.swift
@@ -28,4 +28,5 @@ enum AppStorageKeys {
     static let orientationAndMotionAuthorization = "orientationAndMotionAuthorization2"
     static let mediaCaptureAuthorization = "mediaCaptureAuthorization2"
     static let scrollBounceBehaviorBasedOnSize = "scrollBounceBehaviorBasedOnSize"
+    static let backgroundHidden = "backgroundHidden"
 }
diff --git a/Tools/SwiftBrowser/Source/Views/ContentView.swift b/Tools/SwiftBrowser/Source/Views/ContentView.swift
index 471c9837e9400..028a08fb0840d 100644
--- a/Tools/SwiftBrowser/Source/Views/ContentView.swift
+++ b/Tools/SwiftBrowser/Source/Views/ContentView.swift
@@ -217,6 +217,7 @@ struct ContentView: View {
     @Environment(BrowserViewModel.self) private var viewModel
 
     @AppStorage(AppStorageKeys.scrollBounceBehaviorBasedOnSize) private var scrollBounceBehaviorBasedOnSize: Bool?
+    @AppStorage(AppStorageKeys.backgroundHidden) private var backgroundHidden: Bool?
 
     #if os(iOS)
     private static let navigationToolbarItemPlacement = ToolbarItemPlacement.bottomBar
@@ -275,6 +276,7 @@ struct ContentView: View {
                         .presentationDetents([.medium, .large])
                 }
                 .scrollBounceBehavior(scrollBounceBehaviorBasedOnSize == true ? .basedOnSize : .automatic)
+                .webViewContentBackground(backgroundHidden == true ? .hidden : .automatic)
                 .webViewContextMenu { element in
                     if let url = element.linkURL {
                         Button("Open Link in New Window") {
diff --git a/Tools/SwiftBrowser/Source/Views/SettingsView.swift b/Tools/SwiftBrowser/Source/Views/SettingsView.swift
index 6831a6cb57dda..4cd88574f97fb 100644
--- a/Tools/SwiftBrowser/Source/Views/SettingsView.swift
+++ b/Tools/SwiftBrowser/Source/Views/SettingsView.swift
@@ -40,15 +40,20 @@ private struct PermissionDecisionView: View {
     }
 }
 
-private struct ScrollBounceBehaviorPicker: View {
-    @Binding var basedOnSize: Bool
+private struct BinaryValuePicker: View {
+    @Binding var value: Bool
+
+    let description: String
+
+    let falseLabel: String
+    let trueLabel: String
 
     var body: some View {
-        Picker(selection: $basedOnSize) {
-            Text("Automatic").tag(false)
-            Text("Based on Size").tag(true)
+        Picker(selection: $value) {
+            Text(falseLabel).tag(false)
+            Text(trueLabel).tag(true)
         } label: {
-            Text("Scroll Bounce Behavior")
+            Text(description)
         }
     }
 }
@@ -60,6 +65,7 @@ struct GeneralSettingsView: View {
     @AppStorage(AppStorageKeys.mediaCaptureAuthorization) private var mediaCaptureAuthorization = WKPermissionDecision.prompt
 
     @AppStorage(AppStorageKeys.scrollBounceBehaviorBasedOnSize) private var scrollBounceBehaviorBasedOnSize = false
+    @AppStorage(AppStorageKeys.backgroundHidden) private var backgroundHidden = false
 
     let currentURL: URL?
 
@@ -91,8 +97,19 @@ struct GeneralSettingsView: View {
             }
 
             Section {
-                ScrollBounceBehaviorPicker(basedOnSize: $scrollBounceBehaviorBasedOnSize)
-                    .padding(.top)
+                BinaryValuePicker(
+                    value: $scrollBounceBehaviorBasedOnSize,
+                    description: "Scroll Bounce Behavior",
+                    falseLabel: "Automatic",
+                    trueLabel: "Based on Size"
+                )
+
+                BinaryValuePicker(
+                    value: $backgroundHidden,
+                    description: "Hidden Background Behavior",
+                    falseLabel: "Automatic",
+                    trueLabel: "Always Hide"
+                )
             }
         }
     }
diff --git a/Tools/TestWebKitAPI/Tests/mac/BackgroundColor.mm b/Tools/TestWebKitAPI/Tests/mac/BackgroundColor.mm
index ae189a638aef4..7bb6af6ee75e8 100644
--- a/Tools/TestWebKitAPI/Tests/mac/BackgroundColor.mm
+++ b/Tools/TestWebKitAPI/Tests/mac/BackgroundColor.mm
@@ -25,8 +25,10 @@
 
 #import "config.h"
 
+#import "CGImagePixelReader.h"
 #import "PlatformUtilities.h"
 #import "TestWKWebView.h"
+#import <WebCore/Color.h>
 #import <WebKit/WKWebViewPrivate.h>
 #import <wtf/RetainPtr.h>
 
@@ -152,4 +154,61 @@
     checkWhitePixel();
 }
 
+#if PLATFORM(MAC)
+
+static void testDrawsBackgroundAfterLoadingWebContent(BOOL startValue, BOOL endValue)
+{
+    NSString *html = @""
+    "<!DOCTYPE html>\n"
+    "<html>\n"
+    "<head>\n"
+    "    <meta charset=\"utf-8\">\n"
+    "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n"
+    "    <title></title>\n"
+    "</head>\n"
+    "<body>\n"
+    "\n"
+    "</body>\n"
+    "</html>";
+
+    auto webViewFrame = CGRectMake(0, 0, 800, 600);
+    RetainPtr webView = adoptNS([[TestWKWebView alloc] initWithFrame:webViewFrame]);
+
+    [webView window].backgroundColor = NSColor.blueColor;
+
+    [webView synchronouslyLoadHTMLString:html];
+
+    __auto_type expectColor = ^(WebCore::Color color) {
+        [webView waitForNextPresentationUpdate];
+        [webView waitForNextPresentationUpdate];
+
+        RetainPtr snapshotImage = adoptNS([webView _windowSnapshotInRect:CGRectNull withOptions:0]);
+        RetainPtr snapshotCGImage = [snapshotImage CGImageForProposedRect:NULL context:nil hints:nil];
+        CGImagePixelReader pixelReader { snapshotCGImage.get() };
+
+        auto x = static_cast<unsigned>(100 * (pixelReader.width() / CGRectGetWidth(webViewFrame)));
+        auto y = static_cast<unsigned>(100 * (pixelReader.height() / CGRectGetHeight(webViewFrame)));
+
+        EXPECT_EQ(pixelReader.at(x, y), color);
+    };
+
+    [webView _setDrawsBackground:startValue];
+    expectColor(startValue ? WebCore::Color::white : WebCore::Color::blue);
+
+    [webView _setDrawsBackground:endValue];
+    expectColor(endValue ? WebCore::Color::white : WebCore::Color::blue);
+}
+
+TEST(WebKit, DrawsBackgroundAfterLoadingWebContentNoToYes)
+{
+    testDrawsBackgroundAfterLoadingWebContent(NO, YES);
+}
+
+TEST(WebKit, DrawsBackgroundAfterLoadingWebContentYesToNo)
+{
+    testDrawsBackgroundAfterLoadingWebContent(YES, NO);
+}
+
+#endif
+
 } // namespace TestWebKitAPI

From 701c7a5bb2099115e8fcb52bc85e9bb125a90fd5 Mon Sep 17 00:00:00 2001
From: Aditya Keerthi <akeerthi@apple.com>
Date: Sun, 23 Feb 2025 23:35:57 -0800
Subject: [PATCH 115/174] REGRESSION (288022@main): Crash when right clicking
 over text in the base system https://bugs.webkit.org/show_bug.cgi?id=288351
 rdar://145245336

Reviewed by Richard Robinson and Abrar Rahman Protyasha.

`-[NSSharingServicePicker standardShareMenuItem]` can return `nil` in the base
system, as ShareKit.framework is not available there. The AppKit implementation
is effectively a wrapper around ShareKit.

Prior to 288022@main, this was not an issue, since the `nil` menu item was
returned directly. However, after 288022@main, the title is read off of the
menu item in order to create a new one. Reading the title off of a `nil` item
returns `nil`, and consequently, an attempt to create an `NSMenuItem` with a
`nil` title is made. This results in a release assertion getting hit in AppKit.

Fix by adding a `nil` check and restoring the original behavior.

* Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::createShareMenuItem):

Canonical link: https://commits.webkit.org/290936@main
---
 Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm b/Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm
index 9ce61a2e85dc0..c962b29e655a4 100644
--- a/Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm
+++ b/Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm
@@ -513,6 +513,9 @@ static void updateMenuItemImage(NSMenuItem *menuItem, const WebContextMenuItemDa
     RetainPtr sharingServicePicker = adoptNS([[NSSharingServicePicker alloc] initWithItems:items.get()]);
     RetainPtr shareMenuItem = [sharingServicePicker standardShareMenuItem];
 
+    if (!shareMenuItem)
+        return nil;
+
 #if ENABLE(CONTEXT_MENU_IMAGES_FOR_INTERNAL_CLIENTS)
     RetainPtr<NSImage> actionImage;
     bool shouldSetMenuItemImage = page()->preferences().contextMenuImagesForInternalClientsEnabled() && [shareMenuItem respondsToSelector:@selector(_setActionImage:)];

From 5c418bb48b6d9aeaee46263239078dbc40046814 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 24 Feb 2025 01:26:50 -0800
Subject: [PATCH 116/174] REGRESSION(290260@main) [GTK] inspector never starts
 attached and can't be attached https://bugs.webkit.org/show_bug.cgi?id=288189

Reviewed by Adrian Perez de Castro.

Since 290260@main WebInspector::canAttachWindow() is no longer used, so
we need to implement platformCanAttach() in WebInspectorUIProxyGtk.cpp.

* Source/WebKit/UIProcess/Inspector/WebInspectorUIProxy.h:
* Source/WebKit/UIProcess/Inspector/gtk/WebInspectorUIProxyGtk.cpp:
(WebKit::WebInspectorUIProxy::platformCanAttach):
(WebKit::WebInspectorUIProxy::platformAttach):

Canonical link: https://commits.webkit.org/290937@main
---
 .../UIProcess/Inspector/WebInspectorUIProxy.h |  2 +-
 .../Inspector/gtk/WebInspectorUIProxyGtk.cpp  | 26 ++++++++++++++-----
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/Source/WebKit/UIProcess/Inspector/WebInspectorUIProxy.h b/Source/WebKit/UIProcess/Inspector/WebInspectorUIProxy.h
index 322cb42c581aa..a301069484ad0 100644
--- a/Source/WebKit/UIProcess/Inspector/WebInspectorUIProxy.h
+++ b/Source/WebKit/UIProcess/Inspector/WebInspectorUIProxy.h
@@ -256,7 +256,7 @@ class WebInspectorUIProxy
     void platformLoad(const String& path, CompletionHandler<void(const String&)>&&);
     void platformPickColorFromScreen(CompletionHandler<void(const std::optional<WebCore::Color>&)>&&);
 
-#if PLATFORM(MAC)
+#if PLATFORM(MAC) || PLATFORM(GTK)
     bool platformCanAttach(bool webProcessCanAttach);
 #elif PLATFORM(WPE)
     bool platformCanAttach(bool) { return false; }
diff --git a/Source/WebKit/UIProcess/Inspector/gtk/WebInspectorUIProxyGtk.cpp b/Source/WebKit/UIProcess/Inspector/gtk/WebInspectorUIProxyGtk.cpp
index 3dcbfb9882e92..b0225813ac70a 100644
--- a/Source/WebKit/UIProcess/Inspector/gtk/WebInspectorUIProxyGtk.cpp
+++ b/Source/WebKit/UIProcess/Inspector/gtk/WebInspectorUIProxyGtk.cpp
@@ -425,6 +425,23 @@ DebuggableInfoData WebInspectorUIProxy::infoForLocalDebuggable()
     return data;
 }
 
+// Set a default sizes based on InspectorFrontendClientLocal.
+static constexpr unsigned s_defaultAttachedSize = 300;
+static constexpr unsigned s_minimumAttachedWidth = 750;
+static constexpr unsigned s_minimumAttachedHeight = 250;
+
+bool WebInspectorUIProxy::platformCanAttach(bool)
+{
+    RefPtr inspectedPage = m_inspectedPage.get();
+    if (!inspectedPage)
+        return false;
+
+    unsigned inspectedPageHeight = gtk_widget_get_allocated_height(inspectedPage->viewWidget());
+    unsigned inspectedPageWidth = gtk_widget_get_allocated_width(inspectedPage->viewWidget());
+    unsigned maximumAttachedHeight = inspectedPageHeight * 3 / 4;
+    return s_minimumAttachedHeight <= maximumAttachedHeight && s_minimumAttachedWidth <= inspectedPageWidth;
+}
+
 void WebInspectorUIProxy::platformAttach()
 {
     GRefPtr<GtkWidget> inspectorView = m_inspectorView.get();
@@ -438,19 +455,14 @@ void WebInspectorUIProxy::platformAttach()
         m_inspectorWindow = nullptr;
     }
 
-    // Set a default sizes based on InspectorFrontendClientLocal.
-    static const unsigned defaultAttachedSize = 300;
-    static const unsigned minimumAttachedWidth = 750;
-    static const unsigned minimumAttachedHeight = 250;
-
     if (m_attachmentSide == AttachmentSide::Bottom) {
         unsigned inspectedWindowHeight = gtk_widget_get_allocated_height(protectedInspectedPage()->viewWidget());
         unsigned maximumAttachedHeight = inspectedWindowHeight * 3 / 4;
-        platformSetAttachedWindowHeight(std::max(minimumAttachedHeight, std::min(defaultAttachedSize, maximumAttachedHeight)));
+        platformSetAttachedWindowHeight(std::max(s_minimumAttachedHeight, std::min(s_defaultAttachedSize, maximumAttachedHeight)));
     } else {
         unsigned inspectedWindowWidth = gtk_widget_get_allocated_width(protectedInspectedPage()->viewWidget());
         unsigned maximumAttachedWidth = inspectedWindowWidth * 3 / 4;
-        platformSetAttachedWindowWidth(std::max(minimumAttachedWidth, std::min(defaultAttachedSize, maximumAttachedWidth)));
+        platformSetAttachedWindowWidth(std::max(s_minimumAttachedWidth, std::min(s_defaultAttachedSize, maximumAttachedWidth)));
     }
 
     if (m_client && m_client->attach(*this))

From f7a032716eb781960e185d009ef2b6bb4fa55c46 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <ysuzuki@apple.com>
Date: Mon, 24 Feb 2025 02:23:51 -0800
Subject: [PATCH 117/174] [WTF] Add makeLatin1CharacterBitSet helper
 https://bugs.webkit.org/show_bug.cgi?id=288358 rdar://145451411

Reviewed by Yijia Huang.

Move makeLatin1CharacterBitSet to WTF, and use it in JavaScriptCore to
generate BitSet for character tests cleanly.

* Source/JavaScriptCore/parser/Lexer.cpp:
(JSC::makeLatin1CharacterBitSet):
* Source/JavaScriptCore/parser/Lexer.h:
(JSC::Lexer<LChar>::isWhiteSpace):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::makeCharacterBitmap): Deleted.
* Source/WTF/wtf/text/ASCIIFastPath.h:
(WTF::makeLatin1CharacterBitSet):

Canonical link: https://commits.webkit.org/290938@main
---
 Source/JavaScriptCore/parser/Lexer.cpp        | 263 +-----------------
 Source/JavaScriptCore/parser/Lexer.h          |   4 +-
 .../runtime/JSGlobalObjectFunctions.cpp       |  19 +-
 Source/WTF/wtf/text/ASCIIFastPath.h           |  22 ++
 4 files changed, 33 insertions(+), 275 deletions(-)

diff --git a/Source/JavaScriptCore/parser/Lexer.cpp b/Source/JavaScriptCore/parser/Lexer.cpp
index 42e0e44896d91..198603fb39337 100644
--- a/Source/JavaScriptCore/parser/Lexer.cpp
+++ b/Source/JavaScriptCore/parser/Lexer.cpp
@@ -42,265 +42,10 @@ WTF_ALLOW_UNSAFE_BUFFER_USAGE_BEGIN
 
 namespace JSC {
 
-// ch == ' ' || ch == '\t' || ch == 0xB || ch == 0xC || ch == 0xA0;
-const uint8_t whiteSpaceTable[256] = {
-/*   0 - Null               */ 0,
-/*   1 - Start of Heading   */ 0,
-/*   2 - Start of Text      */ 0,
-/*   3 - End of Text        */ 0,
-/*   4 - End of Transm.     */ 0,
-/*   5 - Enquiry            */ 0,
-/*   6 - Acknowledgment     */ 0,
-/*   7 - Bell               */ 0,
-/*   8 - Back Space         */ 0,
-/*   9 - Horizontal Tab     */ 1,
-/*  10 - Line Feed          */ 0,
-/*  11 - Vertical Tab       */ 1,
-/*  12 - Form Feed          */ 1,
-/*  13 - Carriage Return    */ 0,
-/*  14 - Shift Out          */ 0,
-/*  15 - Shift In           */ 0,
-/*  16 - Data Line Escape   */ 0,
-/*  17 - Device Control 1   */ 0,
-/*  18 - Device Control 2   */ 0,
-/*  19 - Device Control 3   */ 0,
-/*  20 - Device Control 4   */ 0,
-/*  21 - Negative Ack.      */ 0,
-/*  22 - Synchronous Idle   */ 0,
-/*  23 - End of Transmit    */ 0,
-/*  24 - Cancel             */ 0,
-/*  25 - End of Medium      */ 0,
-/*  26 - Substitute         */ 0,
-/*  27 - Escape             */ 0,
-/*  28 - File Separator     */ 0,
-/*  29 - Group Separator    */ 0,
-/*  30 - Record Separator   */ 0,
-/*  31 - Unit Separator     */ 0,
-/*  32 - Space              */ 1,
-/*  33 - !                  */ 0,
-/*  34 - "                  */ 0,
-/*  35 - #                  */ 0,
-/*  36 - $                  */ 0,
-/*  37 - %                  */ 0,
-/*  38 - &                  */ 0,
-/*  39 - '                  */ 0,
-/*  40 - (                  */ 0,
-/*  41 - )                  */ 0,
-/*  42 - *                  */ 0,
-/*  43 - +                  */ 0,
-/*  44 - ,                  */ 0,
-/*  45 - -                  */ 0,
-/*  46 - .                  */ 0,
-/*  47 - /                  */ 0,
-/*  48 - 0                  */ 0,
-/*  49 - 1                  */ 0,
-/*  50 - 2                  */ 0,
-/*  51 - 3                  */ 0,
-/*  52 - 4                  */ 0,
-/*  53 - 5                  */ 0,
-/*  54 - 6                  */ 0,
-/*  55 - 7                  */ 0,
-/*  56 - 8                  */ 0,
-/*  57 - 9                  */ 0,
-/*  58 - :                  */ 0,
-/*  59 - ;                  */ 0,
-/*  60 - <                  */ 0,
-/*  61 - =                  */ 0,
-/*  62 - >                  */ 0,
-/*  63 - ?                  */ 0,
-/*  64 - @                  */ 0,
-/*  65 - A                  */ 0,
-/*  66 - B                  */ 0,
-/*  67 - C                  */ 0,
-/*  68 - D                  */ 0,
-/*  69 - E                  */ 0,
-/*  70 - F                  */ 0,
-/*  71 - G                  */ 0,
-/*  72 - H                  */ 0,
-/*  73 - I                  */ 0,
-/*  74 - J                  */ 0,
-/*  75 - K                  */ 0,
-/*  76 - L                  */ 0,
-/*  77 - M                  */ 0,
-/*  78 - N                  */ 0,
-/*  79 - O                  */ 0,
-/*  80 - P                  */ 0,
-/*  81 - Q                  */ 0,
-/*  82 - R                  */ 0,
-/*  83 - S                  */ 0,
-/*  84 - T                  */ 0,
-/*  85 - U                  */ 0,
-/*  86 - V                  */ 0,
-/*  87 - W                  */ 0,
-/*  88 - X                  */ 0,
-/*  89 - Y                  */ 0,
-/*  90 - Z                  */ 0,
-/*  91 - [                  */ 0,
-/*  92 - \                  */ 0,
-/*  93 - ]                  */ 0,
-/*  94 - ^                  */ 0,
-/*  95 - _                  */ 0,
-/*  96 - `                  */ 0,
-/*  97 - a                  */ 0,
-/*  98 - b                  */ 0,
-/*  99 - c                  */ 0,
-/* 100 - d                  */ 0,
-/* 101 - e                  */ 0,
-/* 102 - f                  */ 0,
-/* 103 - g                  */ 0,
-/* 104 - h                  */ 0,
-/* 105 - i                  */ 0,
-/* 106 - j                  */ 0,
-/* 107 - k                  */ 0,
-/* 108 - l                  */ 0,
-/* 109 - m                  */ 0,
-/* 110 - n                  */ 0,
-/* 111 - o                  */ 0,
-/* 112 - p                  */ 0,
-/* 113 - q                  */ 0,
-/* 114 - r                  */ 0,
-/* 115 - s                  */ 0,
-/* 116 - t                  */ 0,
-/* 117 - u                  */ 0,
-/* 118 - v                  */ 0,
-/* 119 - w                  */ 0,
-/* 120 - x                  */ 0,
-/* 121 - y                  */ 0,
-/* 122 - z                  */ 0,
-/* 123 - {                  */ 0,
-/* 124 - |                  */ 0,
-/* 125 - }                  */ 0,
-/* 126 - ~                  */ 0,
-/* 127 - Delete             */ 0,
-/* 128 - Cc category        */ 0,
-/* 129 - Cc category        */ 0,
-/* 130 - Cc category        */ 0,
-/* 131 - Cc category        */ 0,
-/* 132 - Cc category        */ 0,
-/* 133 - Cc category        */ 0,
-/* 134 - Cc category        */ 0,
-/* 135 - Cc category        */ 0,
-/* 136 - Cc category        */ 0,
-/* 137 - Cc category        */ 0,
-/* 138 - Cc category        */ 0,
-/* 139 - Cc category        */ 0,
-/* 140 - Cc category        */ 0,
-/* 141 - Cc category        */ 0,
-/* 142 - Cc category        */ 0,
-/* 143 - Cc category        */ 0,
-/* 144 - Cc category        */ 0,
-/* 145 - Cc category        */ 0,
-/* 146 - Cc category        */ 0,
-/* 147 - Cc category        */ 0,
-/* 148 - Cc category        */ 0,
-/* 149 - Cc category        */ 0,
-/* 150 - Cc category        */ 0,
-/* 151 - Cc category        */ 0,
-/* 152 - Cc category        */ 0,
-/* 153 - Cc category        */ 0,
-/* 154 - Cc category        */ 0,
-/* 155 - Cc category        */ 0,
-/* 156 - Cc category        */ 0,
-/* 157 - Cc category        */ 0,
-/* 158 - Cc category        */ 0,
-/* 159 - Cc category        */ 0,
-/* 160 - Zs category (nbsp) */ 1,
-/* 161 - Po category        */ 0,
-/* 162 - Sc category        */ 0,
-/* 163 - Sc category        */ 0,
-/* 164 - Sc category        */ 0,
-/* 165 - Sc category        */ 0,
-/* 166 - So category        */ 0,
-/* 167 - So category        */ 0,
-/* 168 - Sk category        */ 0,
-/* 169 - So category        */ 0,
-/* 170 - Ll category        */ 0,
-/* 171 - Pi category        */ 0,
-/* 172 - Sm category        */ 0,
-/* 173 - Cf category        */ 0,
-/* 174 - So category        */ 0,
-/* 175 - Sk category        */ 0,
-/* 176 - So category        */ 0,
-/* 177 - Sm category        */ 0,
-/* 178 - No category        */ 0,
-/* 179 - No category        */ 0,
-/* 180 - Sk category        */ 0,
-/* 181 - Ll category        */ 0,
-/* 182 - So category        */ 0,
-/* 183 - Po category        */ 0,
-/* 184 - Sk category        */ 0,
-/* 185 - No category        */ 0,
-/* 186 - Ll category        */ 0,
-/* 187 - Pf category        */ 0,
-/* 188 - No category        */ 0,
-/* 189 - No category        */ 0,
-/* 190 - No category        */ 0,
-/* 191 - Po category        */ 0,
-/* 192 - Lu category        */ 0,
-/* 193 - Lu category        */ 0,
-/* 194 - Lu category        */ 0,
-/* 195 - Lu category        */ 0,
-/* 196 - Lu category        */ 0,
-/* 197 - Lu category        */ 0,
-/* 198 - Lu category        */ 0,
-/* 199 - Lu category        */ 0,
-/* 200 - Lu category        */ 0,
-/* 201 - Lu category        */ 0,
-/* 202 - Lu category        */ 0,
-/* 203 - Lu category        */ 0,
-/* 204 - Lu category        */ 0,
-/* 205 - Lu category        */ 0,
-/* 206 - Lu category        */ 0,
-/* 207 - Lu category        */ 0,
-/* 208 - Lu category        */ 0,
-/* 209 - Lu category        */ 0,
-/* 210 - Lu category        */ 0,
-/* 211 - Lu category        */ 0,
-/* 212 - Lu category        */ 0,
-/* 213 - Lu category        */ 0,
-/* 214 - Lu category        */ 0,
-/* 215 - Sm category        */ 0,
-/* 216 - Lu category        */ 0,
-/* 217 - Lu category        */ 0,
-/* 218 - Lu category        */ 0,
-/* 219 - Lu category        */ 0,
-/* 220 - Lu category        */ 0,
-/* 221 - Lu category        */ 0,
-/* 222 - Lu category        */ 0,
-/* 223 - Ll category        */ 0,
-/* 224 - Ll category        */ 0,
-/* 225 - Ll category        */ 0,
-/* 226 - Ll category        */ 0,
-/* 227 - Ll category        */ 0,
-/* 228 - Ll category        */ 0,
-/* 229 - Ll category        */ 0,
-/* 230 - Ll category        */ 0,
-/* 231 - Ll category        */ 0,
-/* 232 - Ll category        */ 0,
-/* 233 - Ll category        */ 0,
-/* 234 - Ll category        */ 0,
-/* 235 - Ll category        */ 0,
-/* 236 - Ll category        */ 0,
-/* 237 - Ll category        */ 0,
-/* 238 - Ll category        */ 0,
-/* 239 - Ll category        */ 0,
-/* 240 - Ll category        */ 0,
-/* 241 - Ll category        */ 0,
-/* 242 - Ll category        */ 0,
-/* 243 - Ll category        */ 0,
-/* 244 - Ll category        */ 0,
-/* 245 - Ll category        */ 0,
-/* 246 - Ll category        */ 0,
-/* 247 - Sm category        */ 0,
-/* 248 - Ll category        */ 0,
-/* 249 - Ll category        */ 0,
-/* 250 - Ll category        */ 0,
-/* 251 - Ll category        */ 0,
-/* 252 - Ll category        */ 0,
-/* 253 - Ll category        */ 0,
-/* 254 - Ll category        */ 0,
-/* 255 - Ll category        */ 0,
-};
+constinit const WTF::BitSet<256> whiteSpaceTable = makeLatin1CharacterBitSet(
+    [](LChar ch) {
+        return ch == ' ' || ch == '\t' || ch == 0xB || ch == 0xC || ch == 0xA0;
+    });
 
 bool isLexerKeyword(const Identifier& identifier)
 {
diff --git a/Source/JavaScriptCore/parser/Lexer.h b/Source/JavaScriptCore/parser/Lexer.h
index af028e99dfd4d..2622e60a6a1f2 100644
--- a/Source/JavaScriptCore/parser/Lexer.h
+++ b/Source/JavaScriptCore/parser/Lexer.h
@@ -240,12 +240,12 @@ class Lexer {
 
 WTF_MAKE_TZONE_ALLOCATED_TEMPLATE_IMPL(template<typename T>, Lexer<T>);
 
-JS_EXPORT_PRIVATE extern const uint8_t whiteSpaceTable[256];
+JS_EXPORT_PRIVATE extern const WTF::BitSet<256> whiteSpaceTable;
 
 template <>
 ALWAYS_INLINE bool Lexer<LChar>::isWhiteSpace(LChar ch)
 {
-    return whiteSpaceTable[ch];
+    return whiteSpaceTable.get(ch);
 }
 
 template <>
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp b/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
index eeb703b22585f..ed87849ed2859 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
@@ -46,6 +46,7 @@
 #include <wtf/Assertions.h>
 #include <wtf/HexNumber.h>
 #include <wtf/dtoa.h>
+#include <wtf/text/ASCIIFastPath.h>
 #include <wtf/text/ParsingUtilities.h>
 #include <wtf/text/StringBuilder.h>
 
@@ -56,16 +57,6 @@ namespace JSC {
 const ASCIILiteral ObjectProtoCalledOnNullOrUndefinedError { "Object.prototype.__proto__ called on null or undefined"_s };
 const ASCIILiteral RestrictedPropertyAccessError { "'arguments', 'callee', and 'caller' cannot be accessed in this context."_s };
 
-template<unsigned charactersCount>
-static constexpr WTF::BitSet<256> makeCharacterBitmap(const char (&characters)[charactersCount])
-{
-    static_assert(charactersCount > 0, "Since string literal is null terminated, characterCount is always larger than 0");
-    WTF::BitSet<256> bitmap;
-    for (unsigned i = 0; i < charactersCount - 1; ++i)
-        bitmap.set(characters[i]);
-    return bitmap;
-}
-
 template<typename CharacterType>
 static JSValue encode(JSGlobalObject* globalObject, const WTF::BitSet<256>& doNotEscape, std::span<const CharacterType> characters)
 {
@@ -570,7 +561,7 @@ JSC_DEFINE_HOST_FUNCTION(globalFuncParseFloat, (JSGlobalObject* globalObject, Ca
 
 JSC_DEFINE_HOST_FUNCTION(globalFuncDecodeURI, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
-    static constexpr auto doNotUnescapeWhenDecodingURI = makeCharacterBitmap(
+    static constexpr auto doNotUnescapeWhenDecodingURI = makeLatin1CharacterBitSet(
         "#$&+,/:;=?@"
     );
 
@@ -585,7 +576,7 @@ JSC_DEFINE_HOST_FUNCTION(globalFuncDecodeURIComponent, (JSGlobalObject* globalOb
 
 JSC_DEFINE_HOST_FUNCTION(globalFuncEncodeURI, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
-    static constexpr auto doNotEscapeWhenEncodingURI = makeCharacterBitmap(
+    static constexpr auto doNotEscapeWhenEncodingURI = makeLatin1CharacterBitSet(
         "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
         "abcdefghijklmnopqrstuvwxyz"
         "0123456789"
@@ -596,7 +587,7 @@ JSC_DEFINE_HOST_FUNCTION(globalFuncEncodeURI, (JSGlobalObject* globalObject, Cal
 
 JSC_DEFINE_HOST_FUNCTION(globalFuncEncodeURIComponent, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
-    static constexpr auto doNotEscapeWhenEncodingURIComponent = makeCharacterBitmap(
+    static constexpr auto doNotEscapeWhenEncodingURIComponent = makeLatin1CharacterBitSet(
         "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
         "abcdefghijklmnopqrstuvwxyz"
         "0123456789"
@@ -608,7 +599,7 @@ JSC_DEFINE_HOST_FUNCTION(globalFuncEncodeURIComponent, (JSGlobalObject* globalOb
 JSC_DEFINE_HOST_FUNCTION(globalFuncEscape, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
     return JSValue::encode(toStringView(globalObject, callFrame->argument(0), [&] (StringView view) -> JSString* {
-        static constexpr auto doNotEscape = makeCharacterBitmap(
+        static constexpr auto doNotEscape = makeLatin1CharacterBitSet(
             "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
             "abcdefghijklmnopqrstuvwxyz"
             "0123456789"
diff --git a/Source/WTF/wtf/text/ASCIIFastPath.h b/Source/WTF/wtf/text/ASCIIFastPath.h
index d84ec3b008cff..fc0b423aa7584 100644
--- a/Source/WTF/wtf/text/ASCIIFastPath.h
+++ b/Source/WTF/wtf/text/ASCIIFastPath.h
@@ -23,6 +23,7 @@
 
 #include <stdint.h>
 #include <unicode/utypes.h>
+#include <wtf/BitSet.h>
 #include <wtf/StdLibExtras.h>
 #include <wtf/text/LChar.h>
 
@@ -32,6 +33,26 @@
 
 namespace WTF {
 
+template<unsigned charactersCount>
+inline constexpr BitSet<256> makeLatin1CharacterBitSet(const char (&characters)[charactersCount])
+{
+    static_assert(charactersCount > 0, "Since string literal is null terminated, characterCount is always larger than 0");
+    BitSet<256> bitmap;
+    for (unsigned i = 0; i < charactersCount - 1; ++i)
+        bitmap.set(characters[i]);
+    return bitmap;
+}
+
+inline constexpr BitSet<256> makeLatin1CharacterBitSet(NOESCAPE const Invocable<bool(LChar)> auto& matches)
+{
+    BitSet<256> bitmap;
+    for (unsigned i = 0; i < bitmap.size(); ++i) {
+        if (matches(static_cast<LChar>(i)))
+            bitmap.set(i);
+    }
+    return bitmap;
+}
+
 template <uintptr_t mask>
 inline bool isAlignedTo(const void* pointer)
 {
@@ -144,3 +165,4 @@ inline bool charactersAreAllLatin1(std::span<const CharacterType> span)
 } // namespace WTF
 
 using WTF::charactersAreAllASCII;
+using WTF::makeLatin1CharacterBitSet;

From b37512b75772d9e5c8d577984d88cee697acdd00 Mon Sep 17 00:00:00 2001
From: Sosuke Suzuki <aosukeke@gmail.com>
Date: Mon, 24 Feb 2025 02:54:22 -0800
Subject: [PATCH 118/174] [JSC] Add fast path for `Array#indexOf` searchs int32
 from contiguous array https://bugs.webkit.org/show_bug.cgi?id=288352

Reviewed by Yusuke Suzuki.

This patch adds fast path for `Array#indexOf` searchs
int32 from contiguous array.

                                                  TipOfTree                  Patched

array-prototype-indexOf-int32-from-contiguous
                                               30.5272+-0.7824     ^     18.8472+-1.2090        ^ definitely 1.6197x faster

* JSTests/microbenchmarks/array-prototype-indexOf-int32-from-contiguous.js: Added.
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

Canonical link: https://commits.webkit.org/290939@main
---
 ...prototype-indexOf-int32-from-contiguous.js | 19 +++++++++++++++++++
 ...prototype-indexOf-int32-from-contiguous.js |  9 +++++++++
 Source/JavaScriptCore/dfg/DFGOperations.cpp   | 11 +++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 JSTests/microbenchmarks/array-prototype-indexOf-int32-from-contiguous.js
 create mode 100644 JSTests/stress/array-prototype-indexOf-int32-from-contiguous.js

diff --git a/JSTests/microbenchmarks/array-prototype-indexOf-int32-from-contiguous.js b/JSTests/microbenchmarks/array-prototype-indexOf-int32-from-contiguous.js
new file mode 100644
index 0000000000000..8e9cf2d528bf0
--- /dev/null
+++ b/JSTests/microbenchmarks/array-prototype-indexOf-int32-from-contiguous.js
@@ -0,0 +1,19 @@
+const array = [
+    { value: 0 }, { value: 1 }, { value: 2 }, { value: 3 }, { value: 4 },
+    { value: 5 }, { value: 6 }, { value: 7 }, { value: 8 }, { value: 9 },
+    { value: 10 }, { value: 11 }, { value: 12 }, { value: 13 }, { value: 14 },
+    { value: 15 }, { value: 31 }, { value: 30 }, { value: 29 }, { value: 28 },
+    { value: 27 }, { value: 26 }, { value: 25 }, { value: 24 }, { value: 23 },
+    { value: 22 }, { value: 21 }, { value: 20 }, { value: 19 }, { value: 18 },
+    { value: 17 }, { value: 16 }, { value: 32 }, { value: 33 }, { value: 34 },
+    { value: 35 }, 3, { value: 37 }, { value: 38 }, { value: 39 },
+    { value: 40 }, { value: 41 }, { value: 42 }, { value: 43 }, { value: 44 },
+    { value: 45 }, { value: 46 }, { value: 47 }, { value: 63 }, { value: 62 },
+    { value: 61 }, { value: 60 }, { value: 59 }, { value: 58 }, { value: 57 },
+    { value: 56 }, { value: 55 }, { value: 54 }, { value: 53 }, { value: 52 },
+    { value: 51 }, { value: 50 }, { value: 49 },
+];
+
+for (var i = 0; i < 1e6; ++i) {
+    array.indexOf(3);
+}
diff --git a/JSTests/stress/array-prototype-indexOf-int32-from-contiguous.js b/JSTests/stress/array-prototype-indexOf-int32-from-contiguous.js
new file mode 100644
index 0000000000000..b51c25a688eba
--- /dev/null
+++ b/JSTests/stress/array-prototype-indexOf-int32-from-contiguous.js
@@ -0,0 +1,9 @@
+function shouldBe(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [{}, {}, {}, 3.0, {}, {}, {}];
+
+for (let i = 0; i < testLoopCount; i++)
+    shouldBe(array.indexOf(3), 3);
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 5b4083987b273..1839f88b67047 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -3889,6 +3889,17 @@ JSC_DEFINE_JIT_OPERATION(operationArrayIndexOfValueInt32OrContiguous, UCPUStrict
         OPERATION_RETURN(scope, toUCPUStrictInt32(-1));
     }
 
+    if (searchElement.isInt32()) {
+        for (; index < length; ++index) {
+            JSValue value = data[index].get();
+            if (!value || !value.isNumber())
+                continue;
+            if (searchElement.asInt32() == value.asNumber())
+                OPERATION_RETURN(scope, toUCPUStrictInt32(index));
+        }
+        OPERATION_RETURN(scope, toUCPUStrictInt32(-1));
+    }
+
     for (; index < length; ++index) {
         JSValue value = data[index].get();
         if (!value)

From b0edcd34b07063284591306547ff05b5ab71e768 Mon Sep 17 00:00:00 2001
From: Commit Queue <commit-queue@webkit.org>
Date: Mon, 24 Feb 2025 03:20:02 -0800
Subject: [PATCH 119/174] Unreviewed, reverting 290928@main.
 https://bugs.webkit.org/show_bug.cgi?id=288362
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Broke Safari builds

Reverted changeset:

"RetainPtr’s leakRef() and move constructors are incorrect when ARC is enabled"

https://bugs.webkit.org/show_bug.cgi?id=288301
https://commits.webkit.org/290928@main
Canonical link: https://commits.webkit.org/290940@main
---
 Source/WTF/wtf/RetainPtr.h                    | 133 ++++++++++--------
 Source/WTF/wtf/cocoa/TypeCastsCocoa.h         |   2 +-
 Source/WebCore/bridge/objc/objc_runtime.h     |   4 +-
 .../PlatformSpeechSynthesisUtterance.h        |   2 +-
 .../network/cf/AuthenticationChallenge.h      |   2 -
 .../DumpRenderTree/AccessibilityUIElement.cpp |  13 +-
 Tools/DumpRenderTree/AccessibilityUIElement.h |   4 -
 .../ios/AccessibilityUIElementIOS.mm          |   7 -
 .../mac/AccessibilityTextMarkerMac.mm         |   2 +-
 .../mac/AccessibilityUIElementMac.mm          |   7 -
 .../Tests/WTF/cocoa/TypeCastsCocoa.mm         |  46 +++---
 Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm |  46 ++----
 .../AccessibilityTextMarker.cpp               |  11 +-
 .../InjectedBundle/AccessibilityTextMarker.h  |  14 --
 .../AccessibilityTextMarkerRange.cpp          |  11 +-
 .../AccessibilityTextMarkerRange.h            |  16 +--
 16 files changed, 132 insertions(+), 188 deletions(-)

diff --git a/Source/WTF/wtf/RetainPtr.h b/Source/WTF/wtf/RetainPtr.h
index c069e871ac9d2..96333b2875ef0 100644
--- a/Source/WTF/wtf/RetainPtr.h
+++ b/Source/WTF/wtf/RetainPtr.h
@@ -77,48 +77,42 @@ template<typename T> class RetainPtr;
 template<typename T> constexpr bool IsNSType = std::is_convertible_v<T, id>;
 template<typename T> using RetainPtrType = std::conditional_t<IsNSType<T>, std::remove_pointer_t<T>, T>;
 
-template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+#ifdef __OBJC__
+template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+#endif
 
 template<typename T> class RetainPtr {
 public:
     using ValueType = std::remove_pointer_t<T>;
     using PtrType = ValueType*;
 
-#ifdef __OBJC__
-    using StorageType = PtrType;
-#else
-    // Type pun id to CFTypeRef in C++ files. This is valid because they're ABI equivalent.
-    using StorageType = std::conditional_t<IsNSType<PtrType>, CFTypeRef, PtrType>;
-#endif
-
     RetainPtr() = default;
     RetainPtr(PtrType);
 
     RetainPtr(const RetainPtr&);
     template<typename U> RetainPtr(const RetainPtr<U>&);
 
-    constexpr RetainPtr(RetainPtr&& o) : m_ptr(o.leakRef()) { }
-    template<typename U, typename = std::enable_if_t<std::is_convertible_v<typename RetainPtr<RetainPtrType<U>>::PtrType, PtrType>>>
-    constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(o.leakRef()) { }
+    constexpr RetainPtr(RetainPtr&& o) : m_ptr(toStorageType(o.leakRef())) { }
+    template<typename U> constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(toStorageType(checkType(o.leakRef()))) { }
 
     // Hash table deleted values, which are only constructed and never copied or destroyed.
-    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
-    constexpr bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
+    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(toStorageType(hashTableDeletedValue())) { }
+    constexpr bool isHashTableDeletedValue() const { return m_ptr == toStorageType(hashTableDeletedValue()); }
 
     ~RetainPtr();
 
     void clear();
 
-    template<typename U = StorageType>
-    std::enable_if_t<IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return std::exchange(m_ptr, nullptr);
+    template<typename U = PtrType>
+    std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return fromStorageType(std::exchange(m_ptr, nullptr));
     }
 
-    template<typename U = StorageType>
-    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return std::exchange(m_ptr, nullptr);
+    template<typename U = PtrType>
+    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return fromStorageType(std::exchange(m_ptr, nullptr));
     }
 
 #if HAVE(CFAUTORELEASE)
@@ -129,9 +123,9 @@ template<typename T> class RetainPtr {
     id bridgingAutorelease();
 #endif
 
-    constexpr PtrType get() const { return m_ptr; }
-    constexpr PtrType operator->() const { return m_ptr; }
-    constexpr explicit operator PtrType() const { return m_ptr; }
+    constexpr PtrType get() const { return fromStorageType(m_ptr); }
+    constexpr PtrType operator->() const { return fromStorageType(m_ptr); }
+    constexpr explicit operator PtrType() const { return fromStorageType(m_ptr); }
     constexpr explicit operator bool() const { return m_ptr; }
 
     constexpr bool operator!() const { return !m_ptr; }
@@ -146,40 +140,44 @@ template<typename T> class RetainPtr {
 
     void swap(RetainPtr&);
 
-    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+    template<typename U> friend constexpr RetainPtr<U> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+#ifdef __OBJC__
+    template<typename U> friend RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+#endif
 
 private:
     enum AdoptTag { Adopt };
-    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(ptr) { }
+    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(toStorageType(ptr)) { }
 
-#if __has_feature(objc_arc)
-    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_isTaggedPointer() in <objc-internal.h>.
-    static constexpr PtrType hashTableDeletedValue() { return (__bridge PtrType)(void*)-1; }
-#else
-    static constexpr PtrType hashTableDeletedValue() { return reinterpret_cast<PtrType>(-1); }
-#endif
+    static constexpr PtrType checkType(PtrType ptr) { return ptr; }
 
-    static inline void retainFoundationPtr(CFTypeRef ptr) { CFRetain(ptr); }
-    static inline void releaseFoundationPtr(CFTypeRef ptr) { CFRelease(ptr); }
-#if HAVE(CFAUTORELEASE)
-    static inline void autoreleaseFoundationPtr(CFTypeRef ptr) { CFAutorelease(ptr); }
-#endif
+    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_registerTaggedPointerClass.
+    static constexpr PtrType hashTableDeletedValue() { return fromStorageType(reinterpret_cast<CFTypeRef>(-1)); }
 
 #ifdef __OBJC__
-#if __has_feature(objc_arc)
-    static inline void retainFoundationPtr(id) { }
-    static inline void releaseFoundationPtr(id) { }
-    static inline void autoreleaseFoundationPtr(id) { }
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
+    {
+        return (__bridge PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
+    }
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
+    {
+        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
+    }
+    static constexpr PtrType fromStorageType(CFTypeRef ptr) { return fromStorageTypeHelper<PtrType>(ptr); }
+    static constexpr CFTypeRef toStorageType(id ptr) { return (__bridge CFTypeRef)ptr; }
+    static constexpr CFTypeRef toStorageType(CFTypeRef ptr) { return ptr; }
 #else
-    static inline void retainFoundationPtr(id ptr) { [ptr retain]; }
-    static inline void releaseFoundationPtr(id ptr) { [ptr release]; }
-    static inline void autoreleaseFoundationPtr(id ptr) { [ptr autorelease]; }
-#endif
+    static constexpr PtrType fromStorageType(CFTypeRef ptr)
+    {
+        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
+    }
+    static constexpr CFTypeRef toStorageType(PtrType ptr) { return (CFTypeRef)ptr; }
 #endif
 
-    StorageType m_ptr { nullptr };
+    CFTypeRef m_ptr { nullptr };
 };
 
 template<typename T> RetainPtr(T) -> RetainPtr<RetainPtrType<T>>;
@@ -190,21 +188,19 @@ template<typename T> RetainPtr<RetainPtrType<T>> retainPtr(T) WARN_UNUSED_RETURN
 template<typename T> inline RetainPtr<T>::~RetainPtr()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        releaseFoundationPtr(ptr);
+        CFRelease(ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(PtrType ptr)
-    : m_ptr(ptr)
+    : m_ptr(toStorageType(ptr))
 {
     if (m_ptr)
-        retainFoundationPtr(m_ptr);
+        CFRetain(m_ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(const RetainPtr& o)
-    : m_ptr(o.m_ptr)
+    : RetainPtr(o.get())
 {
-    if (m_ptr)
-        retainFoundationPtr(m_ptr);
 }
 
 template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const RetainPtr<U>& o)
@@ -215,27 +211,32 @@ template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const R
 template<typename T> inline void RetainPtr<T>::clear()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        releaseFoundationPtr(ptr);
+        CFRelease(ptr);
 }
 
 #if HAVE(CFAUTORELEASE)
 template<typename T> inline auto RetainPtr<T>::autorelease() -> PtrType
 {
-    auto ptr = std::exchange(m_ptr, nullptr);
-    if (ptr)
-        autoreleaseFoundationPtr(ptr);
-    return ptr;
+#ifdef __OBJC__
+    if constexpr (IsNSType<PtrType>)
+        return CFBridgingRelease(std::exchange(m_ptr, nullptr));
+#endif
+    if (m_ptr)
+        CFAutorelease(m_ptr);
+    return leakRef();
 }
-#endif // HAVE(CFAUTORELEASE)
+#endif // PLATFORM(COCOA)
 
 #ifdef __OBJC__
+
 // FIXME: It would be better if we could base the return type on the type that is toll-free bridged with T rather than using id.
 template<typename T> inline id RetainPtr<T>::bridgingAutorelease()
 {
     static_assert(!IsNSType<PtrType>, "Don't use bridgingAutorelease for Objective-C pointer types.");
     return CFBridgingRelease(leakRef());
 }
-#endif // __OBJC__
+
+#endif
 
 template<typename T> inline RetainPtr<T>& RetainPtr<T>::operator=(const RetainPtr& o)
 {
@@ -304,17 +305,25 @@ template<typename T, typename U> constexpr bool operator==(T* a, const RetainPtr
     return a == b.get(); 
 }
 
-template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT ptr)
+template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT ptr)
 {
+#ifdef __OBJC__
     static_assert(!IsNSType<T>, "Don't use adoptCF with Objective-C pointer types, use adoptNS.");
-    return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
+#endif
+    return RetainPtr<T>(ptr, RetainPtr<T>::Adopt);
 }
 
-template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
+#ifdef __OBJC__
+template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
 {
     static_assert(IsNSType<T>, "Don't use adoptNS with Core Foundation pointer types, use adoptCF.");
+#if __has_feature(objc_arc)
+    return ptr;
+#else
     return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
+#endif
 }
+#endif
 
 template<typename T> inline RetainPtr<RetainPtrType<T>> retainPtr(T ptr)
 {
diff --git a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
index 5815f9d69ace5..8a776d349b354 100644
--- a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
+++ b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
@@ -35,7 +35,7 @@ namespace WTF {
 
 #if __has_feature(objc_arc)
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge_transfer type)value)
-#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge_retained type)value)
+#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((type)reinterpret_cast<uintptr_t>(value))
 #else
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
 #define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
diff --git a/Source/WebCore/bridge/objc/objc_runtime.h b/Source/WebCore/bridge/objc/objc_runtime.h
index 105d7c2cc4864..3ecc988401e3d 100644
--- a/Source/WebCore/bridge/objc/objc_runtime.h
+++ b/Source/WebCore/bridge/objc/objc_runtime.h
@@ -81,10 +81,8 @@ class ObjcArray : public Array {
     virtual bool setValueAt(JSGlobalObject*, unsigned int index, JSValue aValue) const;
     virtual JSValue valueAt(JSGlobalObject*, unsigned int index) const;
     virtual unsigned int getLength() const;
-
-#ifdef __OBJC__
+    
     ObjectStructPtr getObjcArray() const { return _array.get(); }
-#endif
 
 private:
     RetainPtr<ObjectStructPtr> _array;
diff --git a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
index a90145b228a72..dd111166fe7cb 100644
--- a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
+++ b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
@@ -76,7 +76,7 @@ class PlatformSpeechSynthesisUtterance : public RefCounted<PlatformSpeechSynthes
     PlatformSpeechSynthesisUtteranceClient* client() const { return m_client.get(); }
     void setClient(PlatformSpeechSynthesisUtteranceClient* client) { m_client = client; }
 
-#ifdef __OBJC__
+#if PLATFORM(COCOA)
     id wrapper() const { return m_wrapper.get(); }
     void setWrapper(id utterance) { m_wrapper = utterance; }
 #endif
diff --git a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
index cda8ed221ecb8..42acb7eec8422 100644
--- a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
+++ b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
@@ -40,10 +40,8 @@ class AuthenticationChallenge : public AuthenticationChallengeBase {
 
     WEBCORE_EXPORT AuthenticationChallenge(NSURLAuthenticationChallenge *);
 
-#ifdef __OBJC__
     id sender() const { return m_sender.get(); }
     NSURLAuthenticationChallenge *nsURLAuthenticationChallenge() const { return m_nsChallenge.get(); }
-#endif
 
     WEBCORE_EXPORT void setAuthenticationClient(AuthenticationClient*); // Changes sender to one that invokes client methods.
     WEBCORE_EXPORT AuthenticationClient* authenticationClient() const;
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.cpp b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
index c185f5e927110..b2fadab97f57d 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.cpp
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
@@ -1185,7 +1185,7 @@ static JSValueRef getIsGrabbedCallback(JSContextRef context, JSObjectRef thisObj
 static JSValueRef getIsValidCallback(JSContextRef context, JSObjectRef thisObject, JSStringRef propertyName, JSValueRef* exception)
 {
     AccessibilityUIElement* uiElement = toAXElement(thisObject);
-    if (!uiElement->hasPlatformUIElement())
+    if (!uiElement->platformUIElement())
         return JSValueMakeBoolean(context, false);
     
     // There might be other platform logic that one could check here...
@@ -1720,6 +1720,15 @@ void AccessibilityUIElement::setValue(JSStringRef) { }
 void AccessibilityUIElement::uiElementArrayAttributeValue(JSStringRef, Vector<AccessibilityUIElement>&) const { }
 #endif
 
+#if !PLATFORM(WIN)
+bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
+{
+    if (!otherElement)
+        return false;
+    return platformUIElement() == otherElement->platformUIElement();
+}
+#endif
+
 #if !PLATFORM(MAC)
 void AccessibilityUIElement::setBoolAttributeValue(JSStringRef, bool) { }
 bool AccessibilityUIElement::isOnScreen() const { return true; }
@@ -1941,7 +1950,7 @@ static void finalize(JSObjectRef thisObject)
 
 JSObjectRef AccessibilityUIElement::makeJSAccessibilityUIElement(JSContextRef context, const AccessibilityUIElement& element)
 {
-    if (!element.hasPlatformUIElement())
+    if (!element.platformUIElement())
         return nullptr;
 
     return JSObjectMake(context, AccessibilityUIElement::getJSClass(), new AccessibilityUIElement(element));
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.h b/Tools/DumpRenderTree/AccessibilityUIElement.h
index 94f83f8382ee5..568a7e4b1a8f1 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.h
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.h
@@ -57,17 +57,13 @@ class AccessibilityUIElement {
 #endif
 
 #if PLATFORM(COCOA)
-#ifdef __OBJC__
     id platformUIElement() const { return m_element.get(); }
 #endif
-#endif
 
 #if !PLATFORM(COCOA)
     PlatformUIElement platformUIElement() const { return m_element; }
 #endif
 
-    bool hasPlatformUIElement() const { return !!m_element; }
-
     static JSObjectRef makeJSAccessibilityUIElement(JSContextRef, const AccessibilityUIElement&);
 
     bool isEqual(AccessibilityUIElement* otherElement);
diff --git a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
index c17d66e7375ba..fad04c5351c2e 100644
--- a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
+++ b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
@@ -149,13 +149,6 @@ - (CGPathRef)_accessibilityPath;
     return adopt(JSStringCreateWithCharacters(buffer.data(), buffer.size()));
 }
 
-bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
-{
-    if (!otherElement)
-        return false;
-    return platformUIElement() == otherElement->platformUIElement();
-}
-
 #pragma mark iPhone Attributes
 
 JSRetainPtr<JSStringRef> AccessibilityUIElement::identifier()
diff --git a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
index d04b11b8269ad..1bfcac7fb34cf 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
@@ -38,7 +38,7 @@
 }
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
-    : m_textMarker(marker.m_textMarker)
+    : m_textMarker(marker.platformTextMarker())
 {
 }
 
diff --git a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
index 49f06a6059de2..46688c937a8f3 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
@@ -294,13 +294,6 @@ - (void)_accessibilitySetValue:(id)value forAttribute:(NSString*)attributeName;
 }
 #endif
 
-bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
-{
-    if (!otherElement)
-        return false;
-    return platformUIElement() == otherElement->platformUIElement();
-}
-
 void AccessibilityUIElement::getLinkedUIElements(Vector<AccessibilityUIElement>& elementVector)
 {
     BEGIN_AX_OBJC_EXCEPTIONS
diff --git a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
index 96662f8bca7c1..0e4e2d323a8b9 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
@@ -59,55 +59,41 @@ static size_t helloWorldCStringLength()
 
 TEST(TypeCastsCocoa, bridge_cast)
 {
-    RetainPtr<NSString> objectNS;
-    uintptr_t objectNSPtr;
-
-    RetainPtr<CFStringRef> objectCF;
-    uintptr_t objectCFPtr;
-
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
-        objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
-        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
-    }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+    @autoreleasepool {
+        auto objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
+        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
-        objectCF = bridge_cast(WTFMove(objectNS));
-        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+        auto objectCF = bridge_cast(WTFMove(objectNS));
+        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
-    }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectNS = bridge_cast(WTFMove(objectCF));
         objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
     }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
-        objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
-        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
-    }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+    @autoreleasepool {
+        auto objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
+        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
-        objectNS = bridge_cast(WTFMove(objectCF));
-        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+        auto objectNS = bridge_cast(WTFMove(objectCF));
+        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
-    }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectCF = bridge_cast(WTFMove(objectNS));
         objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
+        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
     }
-    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 }
 
 TEST(TypeCastsCocoa, bridge_id_cast)
diff --git a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
index 1a3a6328b0f5d..5caf6d606d54d 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
@@ -28,7 +28,6 @@
 
 #import "config.h"
 #import <wtf/RetainPtr.h>
-#import <wtf/URL.h>
 
 #if __has_feature(objc_arc)
 #ifndef RETAIN_PTR_TEST_NAME
@@ -80,8 +79,6 @@
 
 TEST(RETAIN_PTR_TEST_NAME, ConstructionFromMutableNSType)
 {
-    static_assert(std::is_convertible_v<NSMutableString*, NSString*>, "NSMutableString must convert to NSString");
-
     NSMutableString *string = [NSMutableString stringWithUTF8String:"foo"];
 
     // This should invoke RetainPtr's move constructor.
@@ -127,11 +124,11 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
+    RetainPtr<NSString> ptr = RetainPtr<NSString *>(string);
 
     EXPECT_EQ(string, ptr);
 
-    RetainPtr<NSString> temp = string;
+    RetainPtr<NSString *> temp = string;
 
     // This should invoke RetainPtr's move constructor.
     RetainPtr<NSString> ptr2(WTFMove(temp));
@@ -147,14 +144,14 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
+    RetainPtr<NSString *> ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
     RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move constructor.
-    RetainPtr<NSString> ptr2(WTFMove(temp));
+    RetainPtr<NSString *> ptr2(WTFMove(temp));
 
     EXPECT_EQ(string, ptr2);
     SUPPRESS_USE_AFTER_MOVE EXPECT_EQ((NSString *)nil, temp.get());
@@ -212,12 +209,12 @@
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    ptr = RetainPtr<NSString>(string);
+    ptr = RetainPtr<NSString *>(string);
 
     EXPECT_EQ(string, ptr);
 
     ptr = nil;
-    RetainPtr<NSString> temp = string;
+    RetainPtr<NSString *> temp = string;
 
     // This should invoke RetainPtr's move assignment operator.
     ptr = WTFMove(temp);
@@ -229,7 +226,7 @@
 TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSTypeReversed)
 {
     NSString *string = @"foo";
-    RetainPtr<NSString> ptr;
+    RetainPtr<NSString *> ptr;
 
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
@@ -347,6 +344,7 @@
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectPtr3));
 }
 
+/* This test is disabled for now because it fails (!!).
 TEST(RETAIN_PTR_TEST_NAME, LeakRef)
 {
     RetainPtr<NSObject> foo;
@@ -366,32 +364,6 @@
 
     (void)adoptNS(object);
 }
-
-TEST(RETAIN_PTR_TEST_NAME, BridgingAutorelease)
-{
-    NSString *nsString;
-    uintptr_t nsStringPtr;
-
-    AUTORELEASEPOOL_FOR_ARC_DEBUG {
-        RetainPtr<CFStringRef> string = adoptCF(CFStringCreateWithCString(nullptr, "hello world", kCFStringEncodingASCII));
-        nsString = string.bridgingAutorelease();
-        nsStringPtr = reinterpret_cast<uintptr_t>(nsString);
-    }
-
-    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsStringPtr));
-}
-
-TEST(RETAIN_PTR_TEST_NAME, URLBridgeCast)
-{
-    RetainPtr<NSURL> nsURL;
-    uintptr_t nsURLPtr;
-    @autoreleasepool {
-        URL url(""_str);
-        nsURL = static_cast<NSURL *>(url);
-        nsURLPtr = reinterpret_cast<uintptr_t>(nsURL.get());
-    }
-
-    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsURLPtr));
-}
+*/
 
 } // namespace TestWebKitAPI
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
index fdd1d97880a21..d2acac79377a8 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarker::AccessibilityTextMarker(PlatformTextMarker marker)
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
     : JSWrappable()
-    , m_textMarker(marker.m_textMarker)
+    , m_textMarker(marker.platformTextMarker())
 {
 }
 
@@ -57,6 +57,15 @@ AccessibilityTextMarker::~AccessibilityTextMarker()
 {
 }
 
+PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
+{
+#if PLATFORM(COCOA)
+    return m_textMarker.get();
+#else
+    return m_textMarker;
+#endif
+}
+    
 JSClassRef AccessibilityTextMarker::wrapperClass()
 {
     return JSAccessibilityTextMarker::accessibilityTextMarkerClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
index 0349974f2f399..8fc94f6f54948 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
@@ -69,18 +69,4 @@ class AccessibilityTextMarker : public JSWrappable {
 inline bool AccessibilityTextMarker::isEqual(AccessibilityTextMarker*) { return false; }
 #endif
 
-#if PLATFORM(COCOA)
-#ifdef __OBJC__
-inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
-{
-    return m_textMarker.get();
-}
-#endif
-#else
-inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
-{
-    return m_textMarker;
-}
-#endif
-
 } // namespace WTR
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
index fb967b9210272..96f9fcfc09deb 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(PlatformTextMarkerRan
 
 AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(const AccessibilityTextMarkerRange& markerRange)
     : JSWrappable()
-    , m_textMarkerRange(markerRange.m_textMarkerRange)
+    , m_textMarkerRange(markerRange.platformTextMarkerRange())
 {
 }
 
@@ -57,6 +57,15 @@ AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange()
 {
 }
 
+PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
+{
+#if PLATFORM(COCOA)
+    return m_textMarkerRange.get();
+#else
+    return m_textMarkerRange;
+#endif
+}
+    
 JSClassRef AccessibilityTextMarkerRange::wrapperClass()
 {
     return JSAccessibilityTextMarkerRange::accessibilityTextMarkerRangeClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
index 9fbdda91ef452..fb982f3b9f593 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
@@ -62,24 +62,10 @@ class AccessibilityTextMarkerRange : public JSWrappable {
     PlatformTextMarkerRange m_textMarkerRange;
 #endif
 };
-
+    
 #if !PLATFORM(COCOA)
 inline bool AccessibilityTextMarkerRange::isEqual(AccessibilityTextMarkerRange*) { return false; }
 #endif
-
-#if PLATFORM(COCOA)
-#ifdef __OBJC__
-inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
-{
-    return m_textMarkerRange.get();
-}
-#endif
-#else
-inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
-{
-    return m_textMarkerRange;
-}
-#endif
     
 #ifdef __OBJC__
 inline std::optional<RefPtr<AccessibilityTextMarkerRange>> makeVectorElement(const RefPtr<AccessibilityTextMarkerRange>*, id range) { return { { AccessibilityTextMarkerRange::create(range) } }; }

From be3dfbb484a840d0bde9a8fc3caf43d68d58c33c Mon Sep 17 00:00:00 2001
From: Sosuke Suzuki <aosukeke@gmail.com>
Date: Mon, 24 Feb 2025 04:08:48 -0800
Subject: [PATCH 120/174] [JSC] Fix fast path for `Array#includes` search int32
 from contiguous https://bugs.webkit.org/show_bug.cgi?id=288355

Reviewed by Yusuke Suzuki.

This patch addresses[1] for `Array#includes`.

[1]: https://github.com/WebKit/WebKit/pull/41184#discussion_r1967081807

* JSTests/stress/array-prototype-includes-int32-from-contiguous.js: Added.
(shouldBe):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

Canonical link: https://commits.webkit.org/290941@main
---
 .../array-prototype-includes-int32-from-contiguous.js    | 9 +++++++++
 Source/JavaScriptCore/dfg/DFGOperations.cpp              | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 JSTests/stress/array-prototype-includes-int32-from-contiguous.js

diff --git a/JSTests/stress/array-prototype-includes-int32-from-contiguous.js b/JSTests/stress/array-prototype-includes-int32-from-contiguous.js
new file mode 100644
index 0000000000000..4d7200d911748
--- /dev/null
+++ b/JSTests/stress/array-prototype-includes-int32-from-contiguous.js
@@ -0,0 +1,9 @@
+function shouldBe(a, b) {
+    if (a !== b)
+        throw new Error(`Expected ${b} but got ${a}`);
+}
+
+const array = [{}, {}, {}, 3.0, {}, {}, {}];
+
+for (let i = 0; i < testLoopCount; i++)
+    shouldBe(array.includes(3), true);
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 1839f88b67047..62865b974ad0f 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -3767,9 +3767,9 @@ JSC_DEFINE_JIT_OPERATION(operationArrayIncludesValueInt32OrContiguous, UCPUStric
     if (searchElement.isInt32()) {
         for (; index < length; ++index) {
             JSValue value = data[index].get();
-            if (!value || !value.isInt32())
+            if (!value || !value.isNumber())
                 continue;
-            if (searchElement.asInt32() == value.asInt32())
+            if (searchElement.asInt32() == value.asNumber())
                 OPERATION_RETURN(scope, toUCPUStrictInt32(1));
         }
         OPERATION_RETURN(scope, toUCPUStrictInt32(0));

From 48a664f90c349db9ba198ece8b68905028fff9a3 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 24 Feb 2025 04:27:50 -0800
Subject: [PATCH 121/174] [GTK][WPE] Destroy AcceleratedSurface when
 ThreadedCompositor is invalidated
 https://bugs.webkit.org/show_bug.cgi?id=288360

Reviewed by Nikolas Zimmermann.

* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp:
(WebKit::ThreadedCompositor::invalidate):

Canonical link: https://commits.webkit.org/290942@main
---
 .../WebPage/CoordinatedGraphics/ThreadedCompositor.cpp           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
index b84933593b586..913256407c66e 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
@@ -178,6 +178,7 @@ void ThreadedCompositor::invalidate()
     m_layerTreeHost = nullptr;
     m_surface->willDestroyCompositingRunLoop();
     m_compositingRunLoop = nullptr;
+    m_surface = nullptr;
 }
 
 void ThreadedCompositor::suspend()

From e40b0da91f79998db53271c8a9ad3740b9dfe23f Mon Sep 17 00:00:00 2001
From: David Kilzer <ddkilzer@apple.com>
Date: Mon, 24 Feb 2025 04:30:40 -0800
Subject: [PATCH 122/174] [ANGLE] Workaround ASan false-positive
 stack-use-after-scope in Xcode 16.3
 <https://bugs.webkit.org/show_bug.cgi?id=288308> <rdar://144259986>

Reviewed by John Wilander and Kimmo Kinnunen.

* Configurations/Sanitizers.xcconfig:
(WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES):
(WK_NEEDS_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_WORKAROUND): Add.
(WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE): Add.
(WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_YES): Add.
- Include a command-line switch to define a macro if the workaround is
  needed.
* Configurations/WebKitTargetConditionals.xcconfig:
(WK_XCODE_BEFORE_16_3): Add.
(WK_XCODE_BEFORE_16_3_XCODE_BEFORE_16): Add.
(WK_XCODE_BEFORE_16_3_XCODE_SINCE_16): Add.
(WK_XCODE_BEFORE_16_3_1600): Add.
(WK_XCODE_BEFORE_16_3_1610): Add.
(WK_XCODE_BEFORE_16_3_1620): Add.
(WK_XCODE_16_3): Add.
(WK_XCODE_16_3_): Add.
(WK_XCODE_16_3_YES): Add.
- Add version checking variables for Xcode 16.3.
* Source/ThirdParty/ANGLE/src/compiler/translator/InfoSink.h:
(sh::fractionalPart):
- Disable ASan if the workaround is needed.

Canonical link: https://commits.webkit.org/290943@main
---
 Configurations/Sanitizers.xcconfig                  | 12 ++++++++++--
 Configurations/WebKitTargetConditionals.xcconfig    | 13 ++++++++++++-
 .../ANGLE/src/compiler/translator/InfoSink.h        |  3 +++
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/Configurations/Sanitizers.xcconfig b/Configurations/Sanitizers.xcconfig
index 25be668577000..accd7bf77cd6a 100644
--- a/Configurations/Sanitizers.xcconfig
+++ b/Configurations/Sanitizers.xcconfig
@@ -1,4 +1,4 @@
-// Copyright (C) 2023-2024 Apple Inc. All rights reserved.
+// Copyright (C) 2023-2025 Apple Inc. All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions
@@ -26,6 +26,8 @@
 
 // Requires SDKVariant.xcconfig.
 
+#include "WebKitTargetConditionals.xcconfig"
+
 WK_SANITIZER_GCC_OPTIMIZATION_LEVEL = $(WK_SANITIZER_GCC_OPTIMIZATION_LEVEL_$(CONFIGURATION));
 WK_SANITIZER_GCC_OPTIMIZATION_LEVEL_Debug = 0;
 WK_SANITIZER_GCC_OPTIMIZATION_LEVEL_Production = 1;
@@ -64,11 +66,17 @@ WK_ANY_SANITIZER_LDFLAGS_YES = -Wl,-rpath,@executable_path/Frameworks;
 // Address Sanitizer
 
 // Add -fsanitize-address-use-after-return=never to disable ASan's "fake stack" to fix JSC garbage collection.
-WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES = -fsanitize-address-use-after-return=never;
+WK_ADDRESS_SANITIZER_OTHER_CFLAGS_YES = -fsanitize-address-use-after-return=never $(WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE);
 WK_ADDRESS_SANITIZER_OTHER_LDFLAGS_YES = -fsanitize-address-use-after-return=never;
 
 WK_ADDRESS_SANITIZER_OTHER_CPLUSPLUSFLAGS_YES = -U_LIBCPP_HAS_NO_ASAN;
 
+// Workaround ASan stack-use-after-scope false positive in Xcode 16.3: <https://bugs.webkit.org/show_bug.cgi?id=288308>.
+WK_NEEDS_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_WORKAROUND = $(WK_NOT_$(WK_XCODE_BEFORE_16_3));
+
+WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE = $(WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_$(WK_NEEDS_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_WORKAROUND);
+WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE_YES = -DWK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE;
+
 // Undefined Behavior Sanitizer
 
 // FIXME: <rdar://105760852> Tune list of Undefined Behavior (UBSan) checkers
diff --git a/Configurations/WebKitTargetConditionals.xcconfig b/Configurations/WebKitTargetConditionals.xcconfig
index e7fba47e5a479..b8f7885e8067d 100644
--- a/Configurations/WebKitTargetConditionals.xcconfig
+++ b/Configurations/WebKitTargetConditionals.xcconfig
@@ -1,4 +1,4 @@
-// Copyright (C) 2018-2024 Apple Inc. All rights reserved.
+// Copyright (C) 2018-2025 Apple Inc. All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions
@@ -380,3 +380,14 @@ WK_XCODE_BEFORE_16_1500 = YES;
 WK_XCODE_16 = $(WK_XCODE_16_$(WK_XCODE_BEFORE_16));
 WK_XCODE_16_ = _XCODE_SINCE_16;
 WK_XCODE_16_YES = _XCODE_BEFORE_16;
+
+WK_XCODE_BEFORE_16_3 = $(WK_XCODE_BEFORE_16_3$(WK_XCODE_16));
+WK_XCODE_BEFORE_16_3_XCODE_BEFORE_16 = YES;
+WK_XCODE_BEFORE_16_3_XCODE_SINCE_16 = $(WK_XCODE_BEFORE_16_3_$(XCODE_VERSION_MINOR));
+WK_XCODE_BEFORE_16_3_1600 = YES;
+WK_XCODE_BEFORE_16_3_1610 = YES;
+WK_XCODE_BEFORE_16_3_1620 = YES;
+
+WK_XCODE_16_3 = $(WK_XCODE_16_3_$(WK_XCODE_BEFORE_16_3));
+WK_XCODE_16_3_ = _XCODE_SINCE_16_3;
+WK_XCODE_16_3_YES = _XCODE_BEFORE_16_3;
diff --git a/Source/ThirdParty/ANGLE/src/compiler/translator/InfoSink.h b/Source/ThirdParty/ANGLE/src/compiler/translator/InfoSink.h
index 8d3b1c0cf16e7..680e5cbb38886 100644
--- a/Source/ThirdParty/ANGLE/src/compiler/translator/InfoSink.h
+++ b/Source/ThirdParty/ANGLE/src/compiler/translator/InfoSink.h
@@ -21,6 +21,9 @@ class TSymbol;
 class TType;
 
 // Returns the fractional part of the given floating-point number.
+#ifdef WK_WORKAROUND_RDAR_145268301_ASAN_STACK_USE_AFTER_SCOPE
+__attribute__((no_sanitize_address))
+#endif
 inline float fractionalPart(float f)
 {
     float intPart = 0.0f;

From 3393aa184c13fbd6785d0320ca8454572efc78c9 Mon Sep 17 00:00:00 2001
From: Kimmo Kinnunen <kkinnunen@apple.com>
Date: Mon, 24 Feb 2025 05:02:14 -0800
Subject: [PATCH 123/174] RenderImage::hasNonBitmapImage()/hasAnimatedImage()
 is unused https://bugs.webkit.org/show_bug.cgi?id=286418 rdar://143476837

Reviewed by Anne van Kesteren.

Remove the unused functions. Having unused casts and functions make
the Image interface modification harder.

* Source/WebCore/rendering/RenderImage.cpp:
(WebCore::RenderImage::isMultiRepresentationHEIC const):
(WebCore::RenderImage::hasNonBitmapImage const): Deleted.
(WebCore::RenderImage::hasAnimatedImage const): Deleted.
* Source/WebCore/rendering/RenderImage.h:

Canonical link: https://commits.webkit.org/290944@main
---
 Source/WebCore/rendering/RenderImage.cpp | 16 ----------------
 Source/WebCore/rendering/RenderImage.h   |  4 ----
 2 files changed, 20 deletions(-)

diff --git a/Source/WebCore/rendering/RenderImage.cpp b/Source/WebCore/rendering/RenderImage.cpp
index 29ad288720cf6..30101d178bdf9 100644
--- a/Source/WebCore/rendering/RenderImage.cpp
+++ b/Source/WebCore/rendering/RenderImage.cpp
@@ -461,22 +461,6 @@ bool RenderImage::shouldDisplayBrokenImageIcon() const
     return imageResource().errorOccurred();
 }
 
-bool RenderImage::hasNonBitmapImage() const
-{
-    if (!imageResource().cachedImage())
-        return false;
-
-    Image* image = cachedImage()->imageForRenderer(this);
-    return image && !is<BitmapImage>(image);
-}
-
-bool RenderImage::hasAnimatedImage() const
-{
-    if (auto* image = cachedImage() ? cachedImage()->image() : nullptr)
-        return image->isAnimated();
-    return false;
-}
-
 #if ENABLE(MULTI_REPRESENTATION_HEIC)
 bool RenderImage::isMultiRepresentationHEIC() const
 {
diff --git a/Source/WebCore/rendering/RenderImage.h b/Source/WebCore/rendering/RenderImage.h
index ab8dbea2d0b00..401531f0cc294 100644
--- a/Source/WebCore/rendering/RenderImage.h
+++ b/Source/WebCore/rendering/RenderImage.h
@@ -79,12 +79,8 @@ class RenderImage : public RenderReplaced {
 
     virtual bool shouldDisplayBrokenImageIcon() const;
 
-    bool hasNonBitmapImage() const;
-
     String accessibilityDescription() const { return imageResource().image()->accessibilityDescription(); }
 
-    bool hasAnimatedImage() const;
-
 #if ENABLE(MULTI_REPRESENTATION_HEIC)
     bool isMultiRepresentationHEIC() const;
 #endif

From 137f6dfc47614c84424c6d984d83c19cfed7dee3 Mon Sep 17 00:00:00 2001
From: Claudio Saavedra <csaavedra@igalia.com>
Date: Mon, 24 Feb 2025 05:04:50 -0800
Subject: [PATCH 124/174] REGRESSION(290795@main): Tentative build fix for
 Debian Stable bot https://bugs.webkit.org/show_bug.cgi?id=288363

Unreviewed build fix.

normalizedAverage() is not constexpr and this breaks build with
an older GCC compiler.

* Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h:
(WebCore::PlatformDynamicRangeLimit::PlatformDynamicRangeLimit):

Canonical link: https://commits.webkit.org/290945@main
---
 Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h b/Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h
index 10819e4e4270b..40113be55fff6 100644
--- a/Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h
+++ b/Source/WebCore/platform/graphics/PlatformDynamicRangeLimit.h
@@ -59,7 +59,8 @@ class PlatformDynamicRangeLimit {
 
     constexpr PlatformDynamicRangeLimit(float value) : m_value(std::clamp(value, 0.0f, 1.0f)) { }
 
-    constexpr PlatformDynamicRangeLimit(float standardPercent, float constrainedHighPercent, float noLimitPercent) : m_value(normalizedAverage(standardPercent, constrainedHighPercent, noLimitPercent)) { }
+    PlatformDynamicRangeLimit(float standardPercent, float constrainedHighPercent, float noLimitPercent)
+        : m_value(normalizedAverage(standardPercent, constrainedHighPercent, noLimitPercent)) { }
 
     static float normalizedAverage(float standardPercent, float constrainedHighPercent, float noLimitPercent);
 

From 39e54abe1ea22d4ec83f10f31d11e05c9d414e03 Mon Sep 17 00:00:00 2001
From: Sosuke Suzuki <aosukeke@gmail.com>
Date: Mon, 24 Feb 2025 05:17:08 -0800
Subject: [PATCH 125/174] [JSC] Enable sm tests in test262
 https://bugs.webkit.org/show_bug.cgi?id=288361
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Yusuke Suzuki.

This patch enables sm(SpiderMonkey) tests in test262.

In the current JSC, 69 out of 1430 sm tests are failing,
but the rest are passing, so it’s worth testing.

* JSTests/test262/config.yaml:
* JSTests/test262/expectations.yaml:

Canonical link: https://commits.webkit.org/290946@main
---
 JSTests/test262/config.yaml       |   2 +-
 JSTests/test262/expectations.yaml | 138 ++++++++++++++++++++++++++++++
 2 files changed, 139 insertions(+), 1 deletion(-)

diff --git a/JSTests/test262/config.yaml b/JSTests/test262/config.yaml
index 3aee7aa5cf0f5..623cfaed13334 100644
--- a/JSTests/test262/config.yaml
+++ b/JSTests/test262/config.yaml
@@ -45,7 +45,7 @@ skip:
     - test/staging/Intl402
     - test/staging/JSON
     - test/staging/Temporal
-    - test/staging/sm
+    - test/staging/sm/Temporal
   files:
     # https://github.com/claudepache/es-legacy-function-reflection
     - test/built-ins/ThrowTypeError/unique-per-realm-function-proto.js
diff --git a/JSTests/test262/expectations.yaml b/JSTests/test262/expectations.yaml
index 9fa3050af5f96..5e6c7841e102f 100644
--- a/JSTests/test262/expectations.yaml
+++ b/JSTests/test262/expectations.yaml
@@ -1312,3 +1312,141 @@ test/language/statements/with/get-mutable-binding-binding-deleted-in-get-unscopa
   default: "ReferenceError: Can't find variable: binding"
 test/language/statements/with/set-mutable-binding-idref-compound-assign-with-proxy-env.js:
   default: 'Test262Error: Actual [has:p, get:Symbol(Symbol.unscopables), get:p, has:p, set:p, getOwnPropertyDescriptor:p, defineProperty:p] and expected [has:p, get:Symbol(Symbol.unscopables), has:p, get:p, has:p, set:p, getOwnPropertyDescriptor:p, defineProperty:p] should have the same contents. '
+test/staging/sm/Array/change-array-by-copy-errors-from-correct-realm.js:
+  default: "Test262Error: toSpliced - adding elements would exceed max array length didn't throw RangeError from other realm Expected SameValue(«false», «true») to be true"
+test/staging/sm/ArrayBuffer/slice-species.js:
+  default: 'Test262Error: Expected SameValue(«function ArrayBuffer() {'
+test/staging/sm/Date/makeday-year-month-is-infinity.js:
+  default: 'Test262Error: Expected SameValue(«-62167219200000», «NaN») to be true'
+test/staging/sm/Date/non-iso.js:
+  default: 'Test262Error: Expected SameValue(«NaN», «857750461010») to be true'
+test/staging/sm/Date/to-temporal-instant.js:
+  default: "TypeError: min.toZonedDateTimeISO is not a function. (In 'min.toZonedDateTimeISO('UTC')', 'min.toZonedDateTimeISO' is undefined)"
+test/staging/sm/Date/two-digit-years.js:
+  default: 'Test262Error: Expected SameValue(«923583600000», «NaN») to be true'
+test/staging/sm/Function/arguments-parameter-shadowing.js:
+  default: 'Test262Error: Expected SameValue(«true», «false») to be true'
+test/staging/sm/Function/function-bind.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/Function/function-name-assignment.js:
+  default: 'Test262Error: Expected SameValue(«"inParen"», «""») to be true'
+test/staging/sm/Function/function-toString-builtin-name.js:
+  default: 'Test262Error: Incorrect match for undefined Expected SameValue(«"fn"», «undefined») to be true'
+test/staging/sm/Iterator/from/modify-return.js:
+  default: 'TypeError: null is not a function'
+test/staging/sm/Iterator/prototype/every/check-fn-after-getting-iterator.js:
+  default: 'Test262Error: Actual [get: every, get: return] and expected [get: every] should have the same contents. '
+test/staging/sm/Iterator/prototype/find/check-fn-after-getting-iterator.js:
+  default: 'Test262Error: Actual [get: find, get: return] and expected [get: find] should have the same contents. '
+test/staging/sm/Iterator/prototype/forEach/check-fn-after-getting-iterator.js:
+  default: 'Test262Error: Actual [get: forEach, get: return] and expected [get: forEach] should have the same contents. '
+test/staging/sm/Iterator/prototype/reduce/check-fn-after-getting-iterator.js:
+  default: 'Test262Error: Actual [get: reduce, get: return] and expected [get: reduce] should have the same contents. '
+test/staging/sm/Iterator/prototype/some/check-fn-after-getting-iterator.js:
+  default: 'Test262Error: Actual [get: some, get: return] and expected [get: some] should have the same contents. '
+test/staging/sm/Math/cbrt-approx.js:
+  default: 'Error: got 1.39561242508609, expected a number near 1.3956124250860895 (relative error: 2)'
+test/staging/sm/Proxy/revoked-get-function-realm-typeerror.js:
+  default: 'Error: Assertion failed: expected exception TypeError, no exception thrown'
+test/staging/sm/RegExp/lastIndex-search.js:
+  default: 'Error: Assertion failed: expected exception TypeError, no exception thrown'
+test/staging/sm/RegExp/match-local-tolength-recompilation.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/RegExp/replace-local-tolength-recompilation.js:
+  default: 'Test262Error: Expected SameValue(«"b"», «"pass"») to be true'
+test/staging/sm/RegExp/replace-sticky-lastIndex.js:
+  default: 'Test262Error: Expected SameValue(«"b"», «"a"») to be true'
+test/staging/sm/RegExp/replace-sticky.js:
+  default: 'Test262Error: Expected SameValue(«"ABCDEabcdeabcdefghij"», «"abcdeABCDEabcdefghij"») to be true'
+test/staging/sm/RegExp/split-limit.js:
+  default: 'Test262Error: Expected SameValue(«3», «1») to be true'
+test/staging/sm/RegExp/split-trace.js:
+  default: 'Test262Error: Expected SameValue(«"get:constructor,get:species,get:flags,call:constructor,set:lastIndex,get:exec,call:exec,set:lastIndex,get:exec,call:exec,get:lastIndex,get:result[length],get:result[length],get:result[1],get:result[2],set:lastIndex,get:exec,call:exec,"», «"get:constructor,get:species,get:flags,call:constructor,set:lastIndex,get:exec,call:exec,set:lastIndex,get:exec,call:exec,get:lastIndex,get:result[length],get:result[1],get:result[2],set:lastIndex,get:exec,call:exec,"») to be true'
+test/staging/sm/RegExp/unicode-braced.js:
+  default: 'SyntaxError: Invalid regular expression: regular expression too large'
+test/staging/sm/RegExp/unicode-class-braced.js:
+  default: 'SyntaxError: Invalid regular expression: regular expression too large'
+test/staging/sm/RegExp/unicode-class-negated.js:
+  default: 'Test262Error: Actual [�] and expected [�] should have the same contents. '
+test/staging/sm/RegExp/unicode-raw.js:
+  default: 'Test262Error: Expected SameValue(«🐸», «null») to be true'
+test/staging/sm/Set/difference.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/Set/symmetric-difference.js:
+  default: 'Test262Error: Expected SameValue(«3», «1») to be true'
+test/staging/sm/Set/union.js:
+  default: 'Test262Error: Expected SameValue(«3», «1») to be true'
+test/staging/sm/String/string-code-point-upper-lower-mapping.js:
+  default: 'Test262Error: Expected SameValue(«68976», «68944») to be true'
+test/staging/sm/String/string-upper-lower-mapping.js:
+  default: 'Test262Error: Expected SameValue(«"ƛ"», «"Ƛ"») to be true'
+test/staging/sm/Symbol/enumeration-order.js:
+  default: 'Test262Error: Expected ["string", "symbol", "string", "symbol", "symbol", "string"] to be structurally equal to ["string", "string", "string", "symbol", "symbol", "symbol"]. '
+test/staging/sm/TypedArray/constructor-buffer-sequence.js:
+  default: 'Error: Assertion failed: expected exception ExpectedError, got Error: Poisoned Value'
+test/staging/sm/TypedArray/iterator-next-with-detached.js:
+  default: 'TypeError: Underlying ArrayBuffer has been detached from the view or out-of-bounds'
+test/staging/sm/TypedArray/set-with-receiver.js:
+  default: 'Test262Error: Expected SameValue(«47», «0») to be true'
+test/staging/sm/TypedArray/slice-memcpy.js:
+  default: 'Test262Error: Actual [1, 2, 1, 2, 3, 4] and expected [1, 2, 1, 2, 1, 2] should have the same contents. '
+test/staging/sm/TypedArray/subarray.js:
+  default: 'Test262Error: Expected SameValue(«0», «1») to be true'
+test/staging/sm/async-functions/await-error.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/class/defaultConstructorDerivedSpread.js:
+  default: 'Error: unexpected call'
+test/staging/sm/class/superPropOrdering.js:
+  default: 'Error: Assertion failed: expected exception TypeError, no exception thrown'
+test/staging/sm/eval/redeclared-arguments-in-param-expression-eval.js:
+  default: 'Test262Error: Expected SameValue(«true», «false») to be true'
+test/staging/sm/expressions/exponentiation-unparenthesised-unary.js:
+  default: 'Error: Assertion failed: expected exception SyntaxError, no exception thrown - AsyncFunction:await a ** 0'
+test/staging/sm/expressions/object-literal-computed-property-evaluation.js:
+  default: 'Test262Error: Expected SameValue(«undefined», «"abc"») to be true'
+test/staging/sm/expressions/short-circuit-compound-assignment-anon-fns.js:
+  default: 'Test262Error: Expected SameValue(«"a"», «""») to be true'
+test/staging/sm/expressions/short-circuit-compound-assignment-const.js:
+  default: 'Test262Error: Expected SameValue(«true», «function fn() {'
+test/staging/sm/extensions/function-caller-skips-eval-frames.js:
+  default: 'Test262Error: Expected SameValue(«null», «function nest() { return eval("innermost();"); }») to be true'
+test/staging/sm/extensions/inc-dec-functioncall.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/extensions/new-cross-compartment.js:
+  default: 'Test262Error: Expected SameValue(«false», «true») to be true'
+test/staging/sm/extensions/regress-469625-01.js:
+  default: "Test262Error: TM: Array prototype and expression closures Expected SameValue(«\"TypeError: [].__proto__ is not a function\"», «\"TypeError: [].__proto__ is not a function. (In '[].__proto__()', '[].__proto__' is an instance of Array)\"») to be true"
+test/staging/sm/fields/await-identifier-module-2.js:
+  module: 'Test262: This statement should not be evaluated.'
+test/staging/sm/generators/delegating-yield-1.js:
+  default: 'Test262Error: Expected [Object {value: 1}, Object {value: 34, done: true}] to be structurally equal to [Object {value: 1, done: false}, Object {value: 34, done: true}]. '
+test/staging/sm/generators/delegating-yield-3.js:
+  default: 'Test262Error: Expected SameValue(«true», «undefined») to be true'
+test/staging/sm/generators/delegating-yield-5.js:
+  default: 'Test262Error: Expected [Object {value: 1}, Object {value: 34, done: true}] to be structurally equal to [Object {value: 1, done: false}, Object {value: 34, done: true}]. '
+test/staging/sm/generators/delegating-yield-6.js:
+  default: 'Test262Error: Expected SameValue(«"indvndvndvndvndvndv"», «"indndndndndndv"») to be true'
+test/staging/sm/generators/delegating-yield-7.js:
+  default: 'Test262Error: Expected [Object {value: 1}, Object {value: 34, done: true}] to be structurally equal to [Object {value: 1, done: false}, Object {value: 34, done: true}]. '
+test/staging/sm/generators/syntax.js:
+  default: "Error: Assertion failed: expected SyntaxError, but no exception thrown - function* yield() { 'use strict'; (yield 3) + (yield 4); }"
+test/staging/sm/lexical-environment/block-scoped-functions-annex-b-label.js:
+  default: "TypeError: f1 is not a function. (In 'f1()', 'f1' is undefined)"
+test/staging/sm/lexical-environment/block-scoped-functions-deprecated-redecl.js:
+  default: 'Test262Error: Expected SameValue(«3», «4») to be true'
+test/staging/sm/lexical-environment/for-loop.js:
+  default: "Test262Error: unexpected error for `for (const [z]; ; ) ;`: got Error: didn't throw Expected SameValue(«false», «true») to be true"
+test/staging/sm/misc/future-reserved-words.js:
+  default: 'Test262Error: Implement FutureReservedWords per-spec: implements: function argument retroactively strict Expected SameValue(«"no error"», «"SyntaxError"») to be true'
+test/staging/sm/module/await-restricted-nested.js:
+  module: 'Test262: This statement should not be evaluated.'
+test/staging/sm/module/module-export-name-star.js:
+  module: "ReferenceError: Can't find variable: y"
+test/staging/sm/object/defineProperties-order.js:
+  default: 'Test262Error: Expected SameValue(«"ownKeys,getOwnPropertyDescriptor,getOwnPropertyDescriptor,get,get"», «"ownKeys,getOwnPropertyDescriptor,get,getOwnPropertyDescriptor,get"») to be true'
+test/staging/sm/regress/regress-609617.js:
+  default: 'Error: Assertion failed: expected exception 2, got ReferenceError: Postfix ++ operator applied to value that is not a reference.'
+test/staging/sm/statements/for-of-iterator-close.js:
+  default: 'Error: Assertion failed: expected exception in lhs, got ReferenceError: Left side of for-of statement is not a reference.'
+test/staging/sm/syntax/syntax-parsed-arrow-then-directive.js:
+  default: "Test262Error: stack should contain 'http://example.com/foo.js': block, semi Expected SameValue(«false», «true») to be true"

From 9426bee8ce78259f5317b91b33217bd846f6c45a Mon Sep 17 00:00:00 2001
From: Philippe Normand <philn@igalia.com>
Date: Mon, 24 Feb 2025 06:29:58 -0800
Subject: [PATCH 126/174] [GStreamer]
 webrtc/processIceTransportStateChange-gc.html times out
 https://bugs.webkit.org/show_bug.cgi?id=266713

Reviewed by Xabier Rodriguez-Calvar.

Complete the offer/answer exchange between the two peer-connections, otherwise one of them will have
its ICE transport fail.

* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/webrtc/processIceTransportStateChange-gc.html:

Canonical link: https://commits.webkit.org/290947@main
---
 LayoutTests/platform/glib/TestExpectations                | 2 --
 LayoutTests/webrtc/processIceTransportStateChange-gc.html | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/LayoutTests/platform/glib/TestExpectations b/LayoutTests/platform/glib/TestExpectations
index 280cca42b8429..8e8e838111c01 100644
--- a/LayoutTests/platform/glib/TestExpectations
+++ b/LayoutTests/platform/glib/TestExpectations
@@ -3980,8 +3980,6 @@ webkit.org/b/266636 fast/multicol/last-set-crash.html [ Skip ]
 
 webkit.org/b/266719 fast/canvas/offscreen-giant.html [ ImageOnlyFailure ]
 
-webkit.org/b/266713 webrtc/processIceTransportStateChange-gc.html [ Skip ]
-
 webkit.org/b/268068 imported/w3c/web-platform-tests/html/cross-origin-opener-policy [ Skip ]
 webkit.org/b/267992 imported/w3c/web-platform-tests/html/anonymous-iframe/initial-empty-document.tentative.https.window.html [ Pass Failure Crash ]
 webkit.org/b/267992 http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https.html [ Failure Pass Crash ]
diff --git a/LayoutTests/webrtc/processIceTransportStateChange-gc.html b/LayoutTests/webrtc/processIceTransportStateChange-gc.html
index 942d19ca58122..ef59609d017a6 100644
--- a/LayoutTests/webrtc/processIceTransportStateChange-gc.html
+++ b/LayoutTests/webrtc/processIceTransportStateChange-gc.html
@@ -39,6 +39,7 @@
 
     const answer = await remote_connection.createAnswer();
     await remote_connection.setLocalDescription(answer);
+    await local_connection.setRemoteDescription(answer);
 
     local_connection.sctp.transport.iceTransport.onstatechange = () => {
         iframe.remove();

From 74803a0710d915fb9d76175f7c22186f8315e54e Mon Sep 17 00:00:00 2001
From: Simon Pena <spena@igalia.com>
Date: Mon, 24 Feb 2025 06:33:21 -0800
Subject: [PATCH 127/174] [GTK][WPE] Make it possible to verify damage rects in
 layout tests https://bugs.webkit.org/show_bug.cgi?id=284951

Reviewed by Carlos Garcia Campos.

Expose damage information to JS through Internals for validation using
layout tests.

When DAMAGE_TRACKING is enabled and the Internals object is available,
frame damage information is stored and then made available through a new
FrameDamageForTesting interface. This is exposed through the
DrawingArea, and available in AC mode.

* LayoutTests/platform/glib/damage/basic-propagation-001-expected.txt: Added.
* LayoutTests/platform/glib/damage/basic-propagation-001.html: Added.
* LayoutTests/platform/glib/damage/basic-propagation-002-expected.txt: Added.
* LayoutTests/platform/glib/damage/basic-propagation-002.html: Added.
* LayoutTests/platform/glib/damage/common.css: Added.
(body):
* LayoutTests/platform/glib/damage/common.js: Added.
(failTest):
(setupTestCase):
* Source/WebCore/page/ChromeClient.h: New API to reset and get damage
  history.
(WebCore::ChromeClient::resetDamageHistoryForTesting):
(WebCore::ChromeClient::damageHistoryForTesting const):
* Source/WebCore/platform/graphics/Damage.h: New wrapper to store frame
  damage history.
(WebCore::FrameDamageHistory::damageInformation const):
(WebCore::FrameDamageHistory::addDamage):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState):
(WebCore::Internals::Internals):
(WebCore::Internals::getCurrentDamagePropagation const):
(WebCore::Internals::getFrameDamageHistory const):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::resetDamageHistoryForTesting):
(WebKit::WebChromeClient::damageHistoryForTesting const):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:
(WebKit::DrawingAreaCoordinatedGraphics::frameDamageForTesting const):
If AC mode is not enabled, frame damage history won't be available.
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.h:
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/FrameDamageForTesting.h: Added.
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h:
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp:
(WebKit::ThreadedCompositor::paintToCurrentGLContext):
(WebKit::ThreadedCompositor::resetFrameDamageHistory):
* Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.h:
(WebKit::ThreadedCompositor::frameDamageHistory const):
* Source/WebKit/WebProcess/WebPage/DrawingArea.h: Allow querying frame
  damage history for testing without side effects.
(WebKit::DrawingArea::frameDamageForTesting const):

Canonical link: https://commits.webkit.org/290948@main
---
 .../damage/basic-propagation-001-expected.txt |   1 +
 .../glib/damage/basic-propagation-001.html    |  33 +++++
 .../damage/basic-propagation-002-expected.txt |   1 +
 .../glib/damage/basic-propagation-002.html    |  55 +++++++
 LayoutTests/platform/glib/damage/common.css   |   3 +
 LayoutTests/platform/glib/damage/common.js    | 134 ++++++++++++++++++
 Source/WebCore/page/ChromeClient.h            |   7 +
 Source/WebCore/platform/graphics/Damage.h     |  12 ++
 Source/WebCore/testing/Internals.cpp          |  58 ++++++++
 Source/WebCore/testing/Internals.h            |  16 +++
 Source/WebCore/testing/Internals.idl          |  20 +++
 .../WebCoreSupport/WebChromeClient.cpp        |  29 ++++
 .../WebCoreSupport/WebChromeClient.h          |   6 +
 .../DrawingAreaCoordinatedGraphics.cpp        |   7 +
 .../DrawingAreaCoordinatedGraphics.h          |   4 +
 .../FrameDamageForTesting.h                   |  46 ++++++
 .../CoordinatedGraphics/LayerTreeHost.h       |   4 +
 .../ThreadedCompositor.cpp                    |  10 ++
 .../CoordinatedGraphics/ThreadedCompositor.h  |  15 +-
 .../WebKit/WebProcess/WebPage/DrawingArea.h   |   8 ++
 20 files changed, 468 insertions(+), 1 deletion(-)
 create mode 100644 LayoutTests/platform/glib/damage/basic-propagation-001-expected.txt
 create mode 100644 LayoutTests/platform/glib/damage/basic-propagation-001.html
 create mode 100644 LayoutTests/platform/glib/damage/basic-propagation-002-expected.txt
 create mode 100644 LayoutTests/platform/glib/damage/basic-propagation-002.html
 create mode 100644 LayoutTests/platform/glib/damage/common.css
 create mode 100644 LayoutTests/platform/glib/damage/common.js
 create mode 100644 Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/FrameDamageForTesting.h

diff --git a/LayoutTests/platform/glib/damage/basic-propagation-001-expected.txt b/LayoutTests/platform/glib/damage/basic-propagation-001-expected.txt
new file mode 100644
index 0000000000000..7ef22e9a431ad
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/basic-propagation-001-expected.txt
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/platform/glib/damage/basic-propagation-001.html b/LayoutTests/platform/glib/damage/basic-propagation-001.html
new file mode 100644
index 0000000000000..0fdbf7eb56636
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/basic-propagation-001.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <link rel="stylesheet" href="./common.css">
+    <style>
+      .simpleRect {
+          position: fixed;
+          width: 25px;
+          height: 25px;
+          background-color: black;
+      }
+    </style>
+  </head>
+  <body>
+    <script src="./common.js"></script>
+    <script>
+      setupTestCase({disableConsoleLog: true});
+
+      processAnimationFrameSequence([
+          () => {}, // Skip one RAF callback to make sure initial painting is done.
+          () => {
+              spawnNewElementWithClass("div", "simpleRect");
+          },
+          // FIXME: Check if we need to skip one RAF callback.
+          () => {
+              var damage = latestFrameDamage();
+              assertValid(damage);
+              assertRectsEq(damage.rects, [[0, 0, 25, 25]]);
+          },
+      ], 0);
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/platform/glib/damage/basic-propagation-002-expected.txt b/LayoutTests/platform/glib/damage/basic-propagation-002-expected.txt
new file mode 100644
index 0000000000000..7ef22e9a431ad
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/basic-propagation-002-expected.txt
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/platform/glib/damage/basic-propagation-002.html b/LayoutTests/platform/glib/damage/basic-propagation-002.html
new file mode 100644
index 0000000000000..e6ef865b23419
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/basic-propagation-002.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <link rel="stylesheet" href="./common.css">
+    <style>
+      .parentRect {
+          position: fixed;
+          width: 25px;
+          height: 25px;
+          background-color: black;
+      }
+      .childRect {
+          position: absolute;
+          width: 10px;
+          height: 10px;
+          background-color: orange;
+      }
+    </style>
+  </head>
+  <body>
+    <script src="./common.js"></script>
+    <script>
+      setupTestCase({disableConsoleLog: true});
+
+      processAnimationFrameSequence([
+          () => {}, // Skip one RAF callback to make sure initial painting is done.
+          () => {
+              // Spawn parent rect with children.
+              var parent = spawnNewElementWithClass("div", "parentRect");
+              parent.appendChild(createNewElementWithClass("div", "childRect"));
+              parent.appendChild(createNewElementWithClass("div", "childRect", (el) => {
+                  el.style.left = "15px";
+                  el.style.top = "15px";
+              }));
+          },
+          () => {
+              // Verify damage contains just a bounds of parent rect.
+              var damage = latestFrameDamage();
+              assertValid(damage);
+              assertRectsEq(damage.rects, [[0, 0, 25, 25]]);
+
+              // Mutate children.
+              for (childRect of document.getElementsByClassName("childRect"))
+                  childRect.style.backgroundColor = "green";
+          },
+          () => {
+              // Verify only children produced damage.
+              var damage = latestFrameDamage();
+              assertValid(damage);
+              assertRectsEq(damage.rects, [[15, 15, 10, 10], [0, 0, 10, 10]]);
+          },
+      ], 0);
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/platform/glib/damage/common.css b/LayoutTests/platform/glib/damage/common.css
new file mode 100644
index 0000000000000..699a279c1b425
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/common.css
@@ -0,0 +1,3 @@
+body {
+    margin: 0;
+}
diff --git a/LayoutTests/platform/glib/damage/common.js b/LayoutTests/platform/glib/damage/common.js
new file mode 100644
index 0000000000000..c19b3ad16e73c
--- /dev/null
+++ b/LayoutTests/platform/glib/damage/common.js
@@ -0,0 +1,134 @@
+function failTest(errorMessage) {
+    if (window.testRunner) {
+        document.body.innerText = errorMessage;
+        testRunner.notifyDone();
+    } else {
+        console.error(errorMessage);
+    }
+}
+
+function setupTestCase(options = {}) {
+    if (window.testRunner) {
+        testRunner.waitUntilDone();
+        testRunner.dumpAsText();
+        if (options.disableConsoleLog)
+            console.log = () => {};
+
+        if (!window.internals) {
+            failTest("FAIL: this test case requires internals");
+        } else if (window.internals.getCurrentDamagePropagation() != "Region") {
+            failTest("FAIL: this test case requires proper damage propagation");
+        } else {
+            try {
+                window.internals.getFrameDamageHistory();
+            } catch (error) {
+                failTest(`FAIL: ${error.name} - ${error.message}`);
+            }
+        }
+    }
+}
+
+var failure = null;
+
+function assert(condition, failureMessage) {
+    if (failure)
+        return false;
+    if (!condition) {
+        failure = failureMessage;
+        return false;
+    }
+    return true;
+}
+
+function assertValid(damage) {
+    if (!assert(damage, "damage is empty"))
+        return;
+    assert(damage.isValid, "damage is invalid");
+}
+
+function assertRectsEq(damageRects, expectedRects) {
+    const rectCompareFunction = (a, b) => {
+        for (var i = 0; i < 4; i++) {
+            if (a[i] != b[i])
+                return a[i] - b[i];
+        }
+        return 0;
+    };
+    damageRects.sort(rectCompareFunction);
+    expectedRects.sort(rectCompareFunction);
+    const damageRectsStr = JSON.stringify(damageRects);
+    const expectedRectsStr =  JSON.stringify(expectedRects);
+    assert(
+        damageRectsStr == expectedRectsStr,
+        `damage rects mismatch, expected: ${expectedRectsStr} but got: ${damageRectsStr}`
+    );
+}
+
+function processAnimationFrameSequence(callbackSequence, callbackIndex) {
+    if (callbackSequence.length <= callbackIndex) {
+        if (window.testRunner) {
+            document.body.innerText = "PASS";
+            testRunner.notifyDone();
+        } else
+            console.log("PASS");
+        return;
+    }
+    requestAnimationFrame(() => {
+        console.log("Processing requestAnimationFrame callback #" + callbackIndex);
+        callbackSequence[callbackIndex]();
+        if (failure) {
+            failTest(`FAIL: ${failure}`);
+            return;
+        }
+        processAnimationFrameSequence(callbackSequence, callbackIndex + 1);
+    });
+}
+
+function allFramesDamages() {
+    const damageDetails = window.internals.getFrameDamageHistory();
+    return _simplifyDamages(damageDetails);
+}
+
+function latestFrameDamage() {
+    var damages = allFramesDamages();
+    if (damages.length == 0)
+        return null;
+    return damages.at(-1);
+}
+
+function log(entity) {
+    console.log(JSON.stringify(entity));
+}
+
+function createNewElementWithClass(elementName, className, lambda = (el) => {}) {
+    var newElement = document.createElement(elementName);
+    newElement.className = className;
+    lambda(newElement);
+    return newElement;
+}
+
+function spawnNewElementWithClass(elementName, className, lambda = (el) => {}) {
+    var newElement = createNewElementWithClass(elementName, className, lambda);
+    document.body.appendChild(newElement);
+    return newElement;
+}
+
+function _simplifyDamages(damages) {
+    return damages.map(damage => _simplifyDamage(damage));
+}
+
+function _simplifyDamage(damage) {
+    var obj = {
+        isValid: damage.isValid,
+        bounds: _simplifyDamageRect(damage.bounds),
+        rects: damage.rects.map(r => _simplifyDamageRect(r)),
+    };
+    obj.toStr = function () {
+        return JSON.stringify(this);
+    };
+    return obj;
+}
+
+function _simplifyDamageRect(damageRect) {
+    return [damageRect.x, damageRect.y, damageRect.width, damageRect.height];
+}
diff --git a/Source/WebCore/page/ChromeClient.h b/Source/WebCore/page/ChromeClient.h
index 3f5437b1e5dc6..5352cc44f68f9 100644
--- a/Source/WebCore/page/ChromeClient.h
+++ b/Source/WebCore/page/ChromeClient.h
@@ -94,6 +94,7 @@ class Element;
 class FileChooser;
 class FileIconLoader;
 class FloatRect;
+class FrameDamageHistory;
 class Geolocation;
 class GraphicsLayer;
 class GraphicsLayerFactory;
@@ -735,6 +736,12 @@ class ChromeClient {
 
     virtual void didProgrammaticallyClearTextFormControl(const HTMLTextFormControlElement&) { }
 
+#if ENABLE(DAMAGE_TRACKING)
+    virtual void resetDamageHistoryForTesting() { }
+
+    virtual WebCore::FrameDamageHistory* damageHistoryForTesting() const { return nullptr; }
+#endif
+
     WEBCORE_EXPORT virtual ~ChromeClient();
 
 protected:
diff --git a/Source/WebCore/platform/graphics/Damage.h b/Source/WebCore/platform/graphics/Damage.h
index 9345862549857..0f2464daeb0a8 100644
--- a/Source/WebCore/platform/graphics/Damage.h
+++ b/Source/WebCore/platform/graphics/Damage.h
@@ -120,6 +120,18 @@ class Damage {
     friend bool operator==(const Damage&, const Damage&) = default;
 };
 
+class FrameDamageHistory {
+    WTF_MAKE_FAST_ALLOCATED_WITH_HEAP_IDENTIFIER(FrameDamageHistory);
+public:
+    using SimplifiedDamage = std::pair<bool, Region>;
+
+    const Vector<SimplifiedDamage>& damageInformation() const { return m_damageInfo; }
+    void addDamage(const SimplifiedDamage& damage) { m_damageInfo.append(damage); }
+
+private:
+    Vector<SimplifiedDamage> m_damageInfo;
+};
+
 static inline WTF::TextStream& operator<<(WTF::TextStream& ts, const Damage& damage)
 {
     if (damage.isInvalid())
diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp
index 4e124bca01716..b1dce7a3ef269 100644
--- a/Source/WebCore/testing/Internals.cpp
+++ b/Source/WebCore/testing/Internals.cpp
@@ -703,6 +703,10 @@ void Internals::resetToConsistentState(Page& page)
     AudioSession::sharedSession().tryToSetActive(false);
     AudioSession::sharedSession().endInterruptionForTesting();
 #endif
+
+#if ENABLE(DAMAGE_TRACKING)
+    page.chrome().client().resetDamageHistoryForTesting();
+#endif
 }
 
 Internals::Internals(Document& document)
@@ -752,6 +756,10 @@ Internals::Internals(Document& document)
 #endif
 
     Scrollbar::setShouldUseFixedPixelsPerLineStepForTesting(true);
+
+#if ENABLE(DAMAGE_TRACKING)
+    document.page()->chrome().client().resetDamageHistoryForTesting();
+#endif
 }
 
 Document* Internals::contextDocument() const
@@ -7814,4 +7822,54 @@ void Internals::setShouldSkipResourceMonitorThrottling(bool flag)
 }
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+std::optional<Internals::DamagePropagation> Internals::getCurrentDamagePropagation() const
+{
+    RefPtr document = contextDocument();
+    if (!document || !document->page())
+        return std::nullopt;
+
+    auto damagePropagation = ([](const Settings& settings) {
+        if (!settings.propagateDamagingInformation())
+            return Damage::Propagation::None;
+        if (settings.unifyDamagedRegions())
+            return Damage::Propagation::Unified;
+        return Damage::Propagation::Region;
+    })(document->page()->settings());
+
+    return damagePropagation;
+}
+
+ExceptionOr<Vector<Internals::FrameDamage>> Internals::getFrameDamageHistory() const
+{
+    RefPtr document = contextDocument();
+    if (!document || !document->page())
+        return Exception { ExceptionCode::NotSupportedError };
+
+    const auto* damageForTesting = document->page()->chrome().client().damageHistoryForTesting();
+    if (!damageForTesting)
+        return Exception { ExceptionCode::NotSupportedError };
+
+    Vector<Internals::FrameDamage> damageDetails;
+    size_t sequenceId = 0;
+    for (const auto& [isValid, region] : damageForTesting->damageInformation()) {
+        FrameDamage details;
+        details.sequenceId = sequenceId++;
+
+        details.isValid = isValid;
+
+        const auto& regionBounds = region.bounds();
+        details.bounds = DOMRectReadOnly::create(regionBounds.x(), regionBounds.y(), regionBounds.width(), regionBounds.height());
+
+        const auto& regionRects = region.rects();
+        details.rects = regionRects.map([](const IntRect& rect) -> Ref<DOMRectReadOnly> {
+            return DOMRectReadOnly::create(rect.x(), rect.y(), rect.width(), rect.height());
+        });
+        damageDetails.append(WTFMove(details));
+    }
+
+    return damageDetails;
+}
+#endif
+
 } // namespace WebCore
diff --git a/Source/WebCore/testing/Internals.h b/Source/WebCore/testing/Internals.h
index 3024287ac35a9..a3586c7b15446 100644
--- a/Source/WebCore/testing/Internals.h
+++ b/Source/WebCore/testing/Internals.h
@@ -55,6 +55,10 @@
 #include "MediaUniqueIdentifier.h"
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+#include "Damage.h"
+#endif
+
 #if USE(AUDIO_SESSION)
 #include "AudioSession.h"
 #endif
@@ -1559,6 +1563,18 @@ class Internals final
     void setShouldSkipResourceMonitorThrottling(bool);
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+    using DamagePropagation = Damage::Propagation;
+    struct FrameDamage {
+        unsigned sequenceId { 0 };
+        bool isValid { false };
+        RefPtr<DOMRectReadOnly> bounds;
+        Vector<Ref<DOMRectReadOnly>> rects;
+    };
+    std::optional<DamagePropagation> getCurrentDamagePropagation() const;
+    ExceptionOr<Vector<FrameDamage>> getFrameDamageHistory() const;
+#endif // ENABLE(DAMAGE_TRACKING)
+
 private:
     explicit Internals(Document&);
 
diff --git a/Source/WebCore/testing/Internals.idl b/Source/WebCore/testing/Internals.idl
index d794fee8b1208..9e87b2b1d7ea9 100644
--- a/Source/WebCore/testing/Internals.idl
+++ b/Source/WebCore/testing/Internals.idl
@@ -479,6 +479,23 @@ enum ContentsFormat {
 #endif
 };
 
+[Conditional=DAMAGE_TRACKING] enum DamagePropagation {
+    "None",
+    "Region",
+    "Unified"
+};
+
+[
+    Conditional=DAMAGE_TRACKING,
+    ExportMacro=WEBCORE_TESTSUPPORT_EXPORT,
+    JSGenerateToJSObject,
+] dictionary FrameDamage {
+    unsigned long sequenceId;
+    boolean isValid = false;
+    DOMRectReadOnly bounds;
+    sequence<DOMRectReadOnly> rects;
+};
+
 [
     ExportMacro=WEBCORE_TESTSUPPORT_EXPORT,
     LegacyNoInterfaceObject,
@@ -750,6 +767,9 @@ enum ContentsFormat {
 
     undefined setResourceCachingDisabledByWebInspector(boolean disabled);
 
+    [Conditional=DAMAGE_TRACKING] DamagePropagation? getCurrentDamagePropagation();
+    [Conditional=DAMAGE_TRACKING] sequence<FrameDamage> getFrameDamageHistory();
+
     // Flags for layerTreeAsText.
     const unsigned short LAYER_TREE_INCLUDES_VISIBLE_RECTS = 1;
     const unsigned short LAYER_TREE_INCLUDES_TILE_CACHES = 2;
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
index 5bd4fa062d7a1..5b4af3c777192 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
@@ -167,6 +167,11 @@
 #include <WebCore/ScrollbarsControllerMock.h>
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+#include "LayerTreeHost.h"
+#include <WebCore/Damage.h>
+#endif
+
 namespace WebKit {
 using namespace WebCore;
 using namespace HTMLNames;
@@ -1999,4 +2004,28 @@ void WebChromeClient::didProgrammaticallyClearTextFormControl(const HTMLTextForm
     protectedPage()->didProgrammaticallyClearTextFormControl(element);
 }
 
+#if ENABLE(DAMAGE_TRACKING)
+void WebChromeClient::resetDamageHistoryForTesting()
+{
+    const auto* drawingArea = page().drawingArea();
+    if (!drawingArea)
+        return;
+
+    if (auto* frameDamageForTesting = drawingArea->frameDamageForTesting())
+        frameDamageForTesting->resetFrameDamageHistory();
+}
+
+WebCore::FrameDamageHistory* WebChromeClient::damageHistoryForTesting() const
+{
+    const auto* drawingArea = page().drawingArea();
+    if (!drawingArea)
+        return nullptr;
+
+    if (const auto* frameDamageForTesting = drawingArea->frameDamageForTesting())
+        return frameDamageForTesting->frameDamageHistory();
+
+    return nullptr;
+}
+#endif
+
 } // namespace WebKit
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
index 2d3795405f879..a5c085452dd71 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
@@ -558,6 +558,12 @@ class WebChromeClient final : public WebCore::ChromeClient {
 
     void didProgrammaticallyClearTextFormControl(const WebCore::HTMLTextFormControlElement&) final;
 
+#if ENABLE(DAMAGE_TRACKING)
+    void resetDamageHistoryForTesting() final;
+
+    WebCore::FrameDamageHistory* damageHistoryForTesting() const final;
+#endif
+
     mutable bool m_cachedMainFrameHasHorizontalScrollbar { false };
     mutable bool m_cachedMainFrameHasVerticalScrollbar { false };
 
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp
index ca6d18f9a7050..ac7fa01ba9a38 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp
@@ -795,4 +795,11 @@ void DrawingAreaCoordinatedGraphics::preferredBufferFormatsDidChange()
 }
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+FrameDamageForTesting* DrawingAreaCoordinatedGraphics::frameDamageForTesting() const
+{
+    return m_layerTreeHost ? m_layerTreeHost->frameDamageForTesting() : nullptr;
+}
+#endif
+
 } // namespace WebKit
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.h b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.h
index 9da5081a39bdf..d48f7bf29c78b 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.h
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.h
@@ -98,6 +98,10 @@ class DrawingAreaCoordinatedGraphics final : public DrawingArea {
     void dispatchPendingCallbacksAfterEnsuringDrawing() override;
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+    FrameDamageForTesting* frameDamageForTesting() const override;
+#endif
+
 #if PLATFORM(GTK)
     void adjustTransientZoom(double scale, WebCore::FloatPoint origin) override;
     void commitTransientZoom(double scale, WebCore::FloatPoint origin, CompletionHandler<void()>&&) override;
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/FrameDamageForTesting.h b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/FrameDamageForTesting.h
new file mode 100644
index 0000000000000..453bb97f9ff4d
--- /dev/null
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/FrameDamageForTesting.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2025 Igalia S.L. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if ENABLE(DAMAGE_TRACKING)
+
+namespace WebCore {
+class FrameDamageHistory;
+}
+
+namespace WebKit {
+
+class FrameDamageForTesting {
+public:
+    virtual ~FrameDamageForTesting() = default;
+
+    virtual WebCore::FrameDamageHistory* frameDamageHistory() const = 0;
+    virtual void resetFrameDamageHistory() = 0;
+};
+
+} // namespace WebKit
+
+#endif // ENABLE(DAMAGE_TRACKING)
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h
index 9ba00dc3ce1ff..f19473587ec9f 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h
@@ -131,6 +131,10 @@ class LayerTreeHost final : public CanMakeCheckedPtr<LayerTreeHost>, public WebC
     void ensureDrawing();
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+    FrameDamageForTesting* frameDamageForTesting() const { return m_compositor.get(); }
+#endif
+
 #if PLATFORM(WPE) && USE(GBM) && ENABLE(WPE_PLATFORM)
     void preferredBufferFormatsDidChange();
 #endif
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
index 913256407c66e..c5ba347240631 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp
@@ -279,6 +279,9 @@ void ThreadedCompositor::paintToCurrentGLContext(const TransformationMatrix& mat
         }
 
         const auto& damageSinceLastSurfaceUse = m_surface->addDamage(!frameDamage.isInvalid() && !frameDamage.isEmpty() ? frameDamage : Damage::invalid());
+        if (m_frameDamageHistory)
+            m_frameDamageHistory->addDamage(std::make_pair(!frameDamage.isInvalid(), frameDamage.region()));
+
         if (!m_damageVisualizer && !damageSinceLastSurfaceUse.isInvalid() && !FloatRect(damageSinceLastSurfaceUse.bounds()).contains(clipRect))
             rectContainingRegionThatActuallyChanged = FloatRoundedRect(damageSinceLastSurfaceUse.bounds());
     }
@@ -468,5 +471,12 @@ void ThreadedCompositor::sceneUpdateFinished()
 }
 #endif // !HAVE(DISPLAY_LINK)
 
+#if ENABLE(DAMAGE_TRACKING)
+void ThreadedCompositor::resetFrameDamageHistory()
+{
+    m_frameDamageHistory = WTF::makeUnique<FrameDamageHistory>();
+}
+#endif
+
 }
 #endif // USE(COORDINATED_GRAPHICS)
diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.h b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.h
index 2d1565a24e953..4d3ab07dba076 100644
--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.h
+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.h
@@ -44,6 +44,10 @@
 #include "ThreadedDisplayRefreshMonitor.h"
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+#include "FrameDamageForTesting.h"
+#endif
+
 namespace WebCore {
 class TextureMapper;
 class TransformationMatrix;
@@ -54,7 +58,11 @@ class AcceleratedSurface;
 class CoordinatedSceneState;
 class LayerTreeHost;
 
-class ThreadedCompositor : public ThreadSafeRefCounted<ThreadedCompositor>, public CanMakeThreadSafeCheckedPtr<ThreadedCompositor> {
+class ThreadedCompositor : public ThreadSafeRefCounted<ThreadedCompositor>, public CanMakeThreadSafeCheckedPtr<ThreadedCompositor>
+#if ENABLE(DAMAGE_TRACKING)
+    , public FrameDamageForTesting
+#endif
+{
     WTF_MAKE_TZONE_ALLOCATED(ThreadedCompositor);
     WTF_MAKE_NONCOPYABLE(ThreadedCompositor);
     WTF_OVERRIDE_DELETE_FOR_CHECKED_PTR(ThreadedCompositor);
@@ -97,6 +105,8 @@ class ThreadedCompositor : public ThreadSafeRefCounted<ThreadedCompositor>, publ
 
 #if ENABLE(DAMAGE_TRACKING)
     void setDamagePropagation(WebCore::Damage::Propagation);
+    WebCore::FrameDamageHistory* frameDamageHistory() const { return m_frameDamageHistory.get(); }
+    void resetFrameDamageHistory();
 #endif
 
 private:
@@ -159,6 +169,9 @@ class ThreadedCompositor : public ThreadSafeRefCounted<ThreadedCompositor>, publ
 
     Ref<ThreadedDisplayRefreshMonitor> m_displayRefreshMonitor;
 #endif
+#if ENABLE(DAMAGE_TRACKING)
+    std::unique_ptr<WebCore::FrameDamageHistory> m_frameDamageHistory;
+#endif
 };
 
 } // namespace WebKit
diff --git a/Source/WebKit/WebProcess/WebPage/DrawingArea.h b/Source/WebKit/WebProcess/WebPage/DrawingArea.h
index 439731382b358..6c61c9a0ee5b7 100644
--- a/Source/WebKit/WebProcess/WebPage/DrawingArea.h
+++ b/Source/WebKit/WebProcess/WebPage/DrawingArea.h
@@ -70,6 +70,10 @@ class LayerTreeHost;
 struct WebPageCreationParameters;
 struct WebPreferencesStore;
 
+#if ENABLE(DAMAGE_TRACKING)
+class FrameDamageForTesting;
+#endif
+
 class DrawingArea : public RefCounted<DrawingArea>, public IPC::MessageReceiver, public WebCore::DisplayRefreshMonitorFactory {
     WTF_MAKE_TZONE_ALLOCATED(DrawingArea);
     WTF_MAKE_NONCOPYABLE(DrawingArea);
@@ -177,6 +181,10 @@ class DrawingArea : public RefCounted<DrawingArea>, public IPC::MessageReceiver,
     virtual void dispatchPendingCallbacksAfterEnsuringDrawing() = 0;
 #endif
 
+#if ENABLE(DAMAGE_TRACKING)
+    virtual FrameDamageForTesting* frameDamageForTesting() const { return nullptr; }
+#endif
+
     virtual void adoptLayersFromDrawingArea(DrawingArea&) { }
     virtual void adoptDisplayRefreshMonitorsFromDrawingArea(DrawingArea&) { }
 

From a83b1901c7a4099bfcc15578fa7a707355c3f9d4 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Mon, 24 Feb 2025 06:56:22 -0800
Subject: [PATCH 128/174] Crash under RemoteSampleBufferDisplayLayer::ref()
 https://bugs.webkit.org/show_bug.cgi?id=288327 rdar://145426041

Reviewed by David Kilzer.

Have RemoteSampleBufferDisplayLayer subclass ThreadSafeRefCounted instead of
RefCounted since it gets ref'd / deref'd on multiple threads. We Also make
sure it always gets destroyed on the main thread since we have WeakPtrs
pointing to it.

* Source/WebKit/GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h:

Canonical link: https://commits.webkit.org/290949@main
---
 .../GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h b/Source/WebKit/GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h
index 2395fb32315bf..9c5b4e91a009c 100644
--- a/Source/WebKit/GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h
+++ b/Source/WebKit/GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h
@@ -50,11 +50,11 @@ namespace WebKit {
 class GPUConnectionToWebProcess;
 struct SharedPreferencesForWebProcess;
 
-class RemoteSampleBufferDisplayLayer : public RefCounted<RemoteSampleBufferDisplayLayer>, public WebCore::SampleBufferDisplayLayerClient, public IPC::MessageReceiver, private IPC::MessageSender {
+class RemoteSampleBufferDisplayLayer : public ThreadSafeRefCounted<RemoteSampleBufferDisplayLayer, WTF::DestructionThread::MainRunLoop>, public WebCore::SampleBufferDisplayLayerClient, public IPC::MessageReceiver, private IPC::MessageSender {
     WTF_MAKE_TZONE_ALLOCATED(RemoteSampleBufferDisplayLayer);
 public:
-    void ref() const final { RefCounted::ref(); }
-    void deref() const final { RefCounted::deref(); }
+    void ref() const final { ThreadSafeRefCounted::ref(); }
+    void deref() const final { ThreadSafeRefCounted::deref(); }
 
     static RefPtr<RemoteSampleBufferDisplayLayer> create(GPUConnectionToWebProcess&, SampleBufferDisplayLayerIdentifier, Ref<IPC::Connection>&&, RemoteSampleBufferDisplayLayerManager&);
     ~RemoteSampleBufferDisplayLayer();

From cc03343762c09e2bf5c27673d4991bc8fe5afae8 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Mon, 24 Feb 2025 07:06:13 -0800
Subject: [PATCH 129/174] Address safer cpp failures in NetworkDataTaskCocoa.mm
 https://bugs.webkit.org/show_bug.cgi?id=288350

Reviewed by Darin Adler.

* Source/WebKit/NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::shouldCaptureExtraNetworkLoadMetrics const):
(WebKit::NetworkLoad::isAllowedToAskUserForCredentials const):
(WebKit::NetworkLoad::convertTaskToDownload):
(WebKit::NetworkLoad::willPerformHTTPRedirection):
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::didReceiveInformationalResponse):
(WebKit::NetworkLoad::notifyDidReceiveResponse):
(WebKit::NetworkLoad::didReceiveData):
(WebKit::NetworkLoad::didCompleteWithError):
(WebKit::NetworkLoad::didSendData):
(WebKit::NetworkLoad::wasBlocked):
(WebKit::NetworkLoad::cannotShowURL):
(WebKit::NetworkLoad::wasBlockedByRestrictions):
(WebKit::NetworkLoad::wasBlockedByDisabledFTP):
* Source/WebKit/NetworkProcess/NetworkLoad.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::cleanup):
(WebKit::NetworkResourceLoader::willSendRedirectedRequestInternal):
(WebKit::NetworkResourceLoader::restartNetworkLoad):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::didSendData):
(WebKit::NetworkDataTaskCocoa::didReceiveChallenge):
(WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):
(WebKit::NetworkDataTaskCocoa::didCompleteWithError):
(WebKit::NetworkDataTaskCocoa::didReceiveData):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:

Canonical link: https://commits.webkit.org/290950@main
---
 Source/WebKit/NetworkProcess/NetworkLoad.cpp  | 41 ++++++++++++++-----
 Source/WebKit/NetworkProcess/NetworkLoad.h    |  4 +-
 .../NetworkProcess/NetworkResourceLoader.cpp  | 10 +++--
 .../cocoa/NetworkDataTaskCocoa.mm             | 25 +++++------
 .../UncountedCallArgsCheckerExpectations      |  1 -
 5 files changed, 54 insertions(+), 27 deletions(-)

diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.cpp b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
index dd97a099b4457..162f69675b0c4 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoad.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
@@ -135,12 +135,12 @@ void NetworkLoad::reprioritizeRequest(ResourceLoadPriority priority)
 
 bool NetworkLoad::shouldCaptureExtraNetworkLoadMetrics() const
 {
-    return m_client->shouldCaptureExtraNetworkLoadMetrics();
+    return m_client && m_client->shouldCaptureExtraNetworkLoadMetrics();
 }
 
 bool NetworkLoad::isAllowedToAskUserForCredentials() const
 {
-    return m_client->isAllowedToAskUserForCredentials();
+    return m_client && m_client->isAllowedToAskUserForCredentials();
 }
 
 void NetworkLoad::convertTaskToDownload(PendingDownload& pendingDownload, const ResourceRequest& updatedRequest, const ResourceResponse& response, ResponseCompletionHandler&& completionHandler)
@@ -149,7 +149,7 @@ void NetworkLoad::convertTaskToDownload(PendingDownload& pendingDownload, const
     if (!task)
         return completionHandler(PolicyAction::Ignore);
 
-    m_client = pendingDownload;
+    m_client = &pendingDownload;
     m_currentRequest = updatedRequest;
     task->setPendingDownload(pendingDownload);
     
@@ -192,6 +192,9 @@ void NetworkLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse
         return;
     }
 
+    if (!m_client)
+        return completionHandler({ });
+
     redirectResponse.setSource(ResourceResponse::Source::Network);
 
     auto oldRequest = WTFMove(m_currentRequest);
@@ -215,6 +218,11 @@ void NetworkLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse
 
 void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, NegotiatedLegacyTLS negotiatedLegacyTLS, ChallengeCompletionHandler&& completionHandler)
 {
+    if (!m_client) {
+        completionHandler(AuthenticationChallengeDisposition::Cancel, { });
+        return;
+    }
+
     m_client->didReceiveChallenge(challenge);
 
     auto scheme = challenge.protectionSpace().authenticationScheme();
@@ -234,7 +242,8 @@ void NetworkLoad::didReceiveChallenge(AuthenticationChallenge&& challenge, Negot
 
 void NetworkLoad::didReceiveInformationalResponse(ResourceResponse&& response)
 {
-    m_client->didReceiveInformationalResponse(WTFMove(response));
+    if (m_client)
+        m_client->didReceiveInformationalResponse(WTFMove(response));
 }
 
 void NetworkLoad::didReceiveResponse(ResourceResponse&& response, NegotiatedLegacyTLS negotiatedLegacyTLS, PrivateRelayed privateRelayed, ResponseCompletionHandler&& completionHandler)
@@ -256,6 +265,9 @@ void NetworkLoad::notifyDidReceiveResponse(ResourceResponse&& response, Negotiat
 {
     ASSERT(RunLoop::isMain());
 
+    if (!m_client)
+        return completionHandler(WebCore::PolicyAction::Ignore);
+
     if (m_parameters.needsCertificateInfo) {
         std::span<const std::byte> auditToken;
 
@@ -274,7 +286,8 @@ void NetworkLoad::notifyDidReceiveResponse(ResourceResponse&& response, Negotiat
 void NetworkLoad::didReceiveData(const WebCore::SharedBuffer& buffer)
 {
     // FIXME: This should be the encoded data length, not the decoded data length.
-    m_client->didReceiveBuffer(buffer, buffer.size());
+    if (m_client)
+        m_client->didReceiveBuffer(buffer, buffer.size());
 }
 
 void NetworkLoad::didCompleteWithError(const ResourceError& error, const WebCore::NetworkLoadMetrics& networkLoadMetrics)
@@ -282,6 +295,9 @@ void NetworkLoad::didCompleteWithError(const ResourceError& error, const WebCore
     if (RefPtr scheduler = std::exchange(m_scheduler, nullptr).get())
         scheduler->unschedule(*this, &networkLoadMetrics);
 
+    if (!m_client)
+        return;
+
     if (error.isNull())
         m_client->didFinishLoading(networkLoadMetrics);
     else
@@ -290,27 +306,32 @@ void NetworkLoad::didCompleteWithError(const ResourceError& error, const WebCore
 
 void NetworkLoad::didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend)
 {
-    m_client->didSendData(totalBytesSent, totalBytesExpectedToSend);
+    if (m_client)
+        m_client->didSendData(totalBytesSent, totalBytesExpectedToSend);
 }
 
 void NetworkLoad::wasBlocked()
 {
-    m_client->didFailLoading(blockedError(m_currentRequest));
+    if (m_client)
+        m_client->didFailLoading(blockedError(m_currentRequest));
 }
 
 void NetworkLoad::cannotShowURL()
 {
-    m_client->didFailLoading(cannotShowURLError(m_currentRequest));
+    if (m_client)
+        m_client->didFailLoading(cannotShowURLError(m_currentRequest));
 }
 
 void NetworkLoad::wasBlockedByRestrictions()
 {
-    m_client->didFailLoading(wasBlockedByRestrictionsError(m_currentRequest));
+    if (m_client)
+        m_client->didFailLoading(wasBlockedByRestrictionsError(m_currentRequest));
 }
 
 void NetworkLoad::wasBlockedByDisabledFTP()
 {
-    m_client->didFailLoading(ftpDisabledError(m_currentRequest));
+    if (m_client)
+        m_client->didFailLoading(ftpDisabledError(m_currentRequest));
 }
 
 void NetworkLoad::didNegotiateModernTLS(const URL& url)
diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.h b/Source/WebKit/NetworkProcess/NetworkLoad.h
index 93fa72068b6eb..e4ac5abc36ee6 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoad.h
+++ b/Source/WebKit/NetworkProcess/NetworkLoad.h
@@ -93,6 +93,8 @@ class NetworkLoad final : public RefCounted<NetworkLoad>, public NetworkDataTask
 
     size_t bytesTransferredOverNetwork() const;
 
+    void clearClient() { m_client = nullptr; }
+
 private:
     NetworkLoad(NetworkLoadClient&, NetworkLoadParameters&&, NetworkSession&);
 
@@ -121,7 +123,7 @@ class NetworkLoad final : public RefCounted<NetworkLoad>, public NetworkDataTask
 
     void notifyDidReceiveResponse(WebCore::ResourceResponse&&, NegotiatedLegacyTLS, PrivateRelayed, ResponseCompletionHandler&&);
 
-    CheckedRef<NetworkLoadClient> m_client;
+    CheckedPtr<NetworkLoadClient> m_client;
     const Ref<NetworkProcess> m_networkProcess;
     const NetworkLoadParameters m_parameters;
     RefPtr<NetworkDataTask> m_task;
diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
index c1bb23e9892dd..f1cc5f7d448d7 100644
--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
@@ -583,7 +583,8 @@ void NetworkResourceLoader::cleanup(LoadResult result)
 
     invalidateSandboxExtensions();
 
-    m_networkLoad = nullptr;
+    if (RefPtr networkLoad = std::exchange(m_networkLoad, nullptr))
+        networkLoad->clearClient();
 
     // This will cause NetworkResourceLoader to be destroyed and therefore we do it last.
     connection->didCleanupResourceLoader(*this);
@@ -1256,7 +1257,8 @@ void NetworkResourceLoader::willSendRedirectedRequestInternal(ResourceRequest&&
 
 #if ENABLE(CONTENT_FILTERING)
     if (m_contentFilter && !m_contentFilter->continueAfterWillSendRequest(redirectRequest, redirectResponse)) {
-        m_networkLoad = nullptr;
+        if (RefPtr networkLoad = std::exchange(m_networkLoad, nullptr))
+            networkLoad->clearClient();
         return completionHandler({ });
     }
 #endif
@@ -1425,6 +1427,7 @@ void NetworkResourceLoader::restartNetworkLoad(WebCore::ResourceRequest&& newReq
     if (RefPtr networkLoad = m_networkLoad) {
         LOADER_RELEASE_LOG("restartNetworkLoad: Cancelling existing network load so we can restart the load.");
         networkLoad->cancel();
+        networkLoad->clearClient();
         m_networkLoad = nullptr;
     }
 
@@ -1459,7 +1462,8 @@ void NetworkResourceLoader::continueWillSendRequest(ResourceRequest&& newRequest
         setWorkerStart({ });
         if (auto serviceWorkerFetchTask = protectedConnectionToWebProcess()->createFetchTask(*this, newRequest)) {
             LOADER_RELEASE_LOG("continueWillSendRequest: Created a ServiceWorkerFetchTask to handle the redirect (fetchIdentifier=%" PRIu64 ")", serviceWorkerFetchTask->fetchIdentifier().toUInt64());
-            m_networkLoad = nullptr;
+            if (RefPtr networkLoad = std::exchange(m_networkLoad, nullptr))
+                networkLoad->clearClient();
             m_serviceWorkerFetchTask = WTFMove(serviceWorkerFetchTask);
             return completionHandler({ });
         }
diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
index f07ba92479bd0..dbb40883a41ac 100644
--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
@@ -365,8 +365,8 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
 {
     WTFEmitSignpost(m_task.get(), DataTask, "sent %llu bytes (expected %llu bytes)", totalBytesSent, totalBytesExpectedToSend);
 
-    if (m_client)
-        m_client->didSendData(totalBytesSent, totalBytesExpectedToSend);
+    if (RefPtr client = m_client.get())
+        client->didSendData(totalBytesSent, totalBytesExpectedToSend);
 }
 
 void NetworkDataTaskCocoa::didReceiveChallenge(WebCore::AuthenticationChallenge&& challenge, NegotiatedLegacyTLS negotiatedLegacyTLS, ChallengeCompletionHandler&& completionHandler)
@@ -376,8 +376,8 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
     if (tryPasswordBasedAuthentication(challenge, completionHandler))
         return;
 
-    if (m_client)
-        m_client->didReceiveChallenge(WTFMove(challenge), negotiatedLegacyTLS, WTFMove(completionHandler));
+    if (RefPtr client = m_client.get())
+        client->didReceiveChallenge(WTFMove(challenge), negotiatedLegacyTLS, WTFMove(completionHandler));
     else {
         ASSERT_NOT_REACHED();
         completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, { });
@@ -386,16 +386,16 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
 
 void NetworkDataTaskCocoa::didNegotiateModernTLS(const URL& url)
 {
-    if (m_client)
-        m_client->didNegotiateModernTLS(url);
+    if (RefPtr client = m_client.get())
+        client->didNegotiateModernTLS(url);
 }
 
 void NetworkDataTaskCocoa::didCompleteWithError(const WebCore::ResourceError& error, const WebCore::NetworkLoadMetrics& networkLoadMetrics)
 {
     WTFEmitSignpost(m_task.get(), DataTask, "completed with error: %d", !error.isNull());
 
-    if (m_client)
-        m_client->didCompleteWithError(error, networkLoadMetrics);
+    if (RefPtr client = m_client.get())
+        client->didCompleteWithError(error, networkLoadMetrics);
 }
 
 void NetworkDataTaskCocoa::didReceiveData(const WebCore::SharedBuffer& data)
@@ -404,8 +404,8 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
 
     setBytesTransferredOverNetwork([m_task _countOfBytesReceivedEncoded]);
 
-    if (m_client)
-        m_client->didReceiveData(data);
+    if (RefPtr client = m_client.get())
+        client->didReceiveData(data);
 }
 
 void NetworkDataTaskCocoa::didReceiveResponse(WebCore::ResourceResponse&& response, NegotiatedLegacyTLS negotiatedLegacyTLS, PrivateRelayed privateRelayed, WebKit::ResponseCompletionHandler&& completionHandler)
@@ -493,9 +493,10 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
         auto protectedThis = weakThis.get();
         if (!protectedThis)
             return completionHandler({ });
-        if (!protectedThis->m_client)
+        RefPtr client = protectedThis->m_client.get();
+        if (!client)
             return completionHandler({ });
-        protectedThis->m_client->willPerformHTTPRedirection(WTFMove(redirectResponse), WTFMove(request), [completionHandler = WTFMove(completionHandler), weakThis] (WebCore::ResourceRequest&& request) mutable {
+        client->willPerformHTTPRedirection(WTFMove(redirectResponse), WTFMove(request), [completionHandler = WTFMove(completionHandler), weakThis] (WebCore::ResourceRequest&& request) mutable {
             auto protectedThis = weakThis.get();
             if (!protectedThis || !protectedThis->m_session)
                 return completionHandler({ });
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index be9cd9feb91df..8db3520662457 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -19,7 +19,6 @@ NetworkProcess/cache/NetworkCacheEntry.cpp
 NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp
 NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp
 NetworkProcess/cache/NetworkCacheStorage.cpp
-NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
 NetworkProcess/mac/SecItemShim.cpp
 NetworkProcess/storage/BackgroundFetchStoreImpl.cpp
 NetworkProcess/storage/BackgroundFetchStoreManager.cpp

From fb08c78d67df648e6aef52eb2f8065c2495e1137 Mon Sep 17 00:00:00 2001
From: Simon Fraser <simon.fraser@apple.com>
Date: Mon, 24 Feb 2025 08:13:26 -0800
Subject: [PATCH 130/174] Plumb BorderShape through BorderPainter
 https://bugs.webkit.org/show_bug.cgi?id=288200 rdar://145296466

Reviewed by Antti Koivisto.

In preparation for supporting `corner-shape` which introduces non-rounded
corners, we need to reduce the amount of code in `BorderPainter` that assumes
that the border is a rect or rounded rect.

Do this by plumbing BorderShape in deeper; it can replace much of the data
that's currently stored in `BorderPainter::Sides`. Code is also simplified because
BorderShape internally does much of the rect vs. rounded-rect handling.

There's some complexity with `BleedAvoidance::BackgroundOverBorder` where we
shrink the inner border edge by a device pixel; previously this was accounted
for by `innerBorderAdjustment` when painting individual edges, but we can instead
just retrieve the original border widths from the BorderShape.

* LayoutTests/fast/borders/hidpi-outline-hairline-painting-expected.html:
* Source/WebCore/platform/graphics/Path.cpp:
(WebCore::Path::addPath):
* Source/WebCore/rendering/BorderEdge.cpp:
(WebCore::borderEdges):
* Source/WebCore/rendering/BorderEdge.h:
(WebCore::BorderEdge::width const):
(WebCore::BorderEdge::widthForPainting const):
(WebCore::borderEdges):
* Source/WebCore/rendering/BorderPainter.cpp:
(WebCore::BorderPainter::BorderPainter):
(WebCore::calculateSideRect):
(WebCore::sizeForDevicePixel):
(WebCore::shrinkRectByOneDevicePixel):
(WebCore::BorderPainter::paintBorder const):
(WebCore::BorderPainter::paintOutline const):
(WebCore::BorderPainter::paintSides const):
(WebCore::BorderPainter::paintTranslucentBorderSides const):
(WebCore::BorderPainter::paintBorderSides const):
(WebCore::BorderPainter::paintOneBorderSide const):
(WebCore::BorderPainter::clipBorderSidePolygon const):
(WebCore::BorderPainter::allCornersClippedOut): Deleted.
* Source/WebCore/rendering/BorderPainter.h:
* Source/WebCore/rendering/BorderShape.cpp:
(WebCore::BorderShape::shapeForOutlineRect):
(WebCore::BorderShape::BorderShape): Precompute the inner rounded rect since it's used more.
(WebCore::BorderShape::deprecatedInnerRoundedRect const):
(WebCore::BorderShape::deprecatedPixelSnappedInnerRoundedRect const):
(WebCore::BorderShape::innerShapeContains const):
(WebCore::BorderShape::outerShapeIsRectangular const):
(WebCore::BorderShape::innerShapeIsRectangular const):
(WebCore::BorderShape::pathForInnerShape const):
(WebCore::BorderShape::addOuterShapeToPath const):
(WebCore::BorderShape::addInnerShapeToPath const):
(WebCore::BorderShape::pathForBorderArea const):
(WebCore::BorderShape::clipToOuterShape const):
(WebCore::BorderShape::clipToInnerShape const):
(WebCore::BorderShape::clipOutOuterShape const):
(WebCore::BorderShape::clipOutInnerShape const):
(WebCore::BorderShape::fillOuterShape const):
(WebCore::BorderShape::fillInnerShape const):
(WebCore::BorderShape::computeInnerEdgeRoundedRect):
(WebCore::BorderShape::innerEdgeRect const):
(WebCore::BorderShape::clipToOuterShape): Deleted.
(WebCore::BorderShape::clipToInnerShape): Deleted.
(WebCore::BorderShape::clipOutOuterShape): Deleted.
(WebCore::BorderShape::clipOutInnerShape): Deleted.
(WebCore::BorderShape::fillOuterShape): Deleted.
(WebCore::BorderShape::fillInnerShape): Deleted.
(WebCore::BorderShape::innerEdgeRoundedRect const): Deleted.
* Source/WebCore/rendering/BorderShape.h:
(WebCore::BorderShape::shapeForOutlineRect):
(WebCore::BorderShape::borderWidths const):
(WebCore::BorderShape::BorderShape): Deleted.

Canonical link: https://commits.webkit.org/290951@main
---
 ...pi-outline-hairline-painting-expected.html |  16 +-
 Source/WebCore/platform/graphics/Path.cpp     |   1 +
 Source/WebCore/rendering/BorderEdge.cpp       |  15 +-
 Source/WebCore/rendering/BorderEdge.h         |   6 +-
 Source/WebCore/rendering/BorderPainter.cpp    | 295 ++++++++----------
 Source/WebCore/rendering/BorderPainter.h      |  17 +-
 Source/WebCore/rendering/BorderShape.cpp      | 140 +++++++--
 Source/WebCore/rendering/BorderShape.h        |  33 +-
 8 files changed, 280 insertions(+), 243 deletions(-)

diff --git a/LayoutTests/fast/borders/hidpi-outline-hairline-painting-expected.html b/LayoutTests/fast/borders/hidpi-outline-hairline-painting-expected.html
index bc85e220e2b77..ad0775528b8ee 100644
--- a/LayoutTests/fast/borders/hidpi-outline-hairline-painting-expected.html
+++ b/LayoutTests/fast/borders/hidpi-outline-hairline-painting-expected.html
@@ -14,22 +14,22 @@
 <body>
 <div style="border-style: solid; top: 9.5px; left: 9.5px;"></div>
 <div style="border-style: solid; top: 9.5px; left: 24.5px;"></div>
-<div style="border-style: solid; top: 9.5px; left: 39.5px;"></div>
-<div style="border-style: solid; top: 9.5px; left: 54.5px;"></div>
+<div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 39px;"></div>
+<div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 54px;"></div>
 <div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 69px;"></div>
 <div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 84px;"></div>
 <div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 99px;"></div>
-<div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 114px;"></div>
-<div style="border-style: solid; width: 6px; height: 6px; top: 9px; left: 129px;"></div>
+<div style="border-style: solid; width: 7px; height: 7px; top: 8.5px; left: 113.5px;"></div>
+<div style="border-style: solid; width: 7px; height: 7px; top: 8.5px; left: 128.5px;"></div>
 <div style="border-style: solid; border-width: 1px; width: 7px; height: 7px; top: 8px; left: 143px;"></div>
 <div style="border-style: solid; border-width: 1px; width: 7px; height: 7px; top: 8px; left: 158px;"></div>
 
-<div style="border-style: double; top: 24px; left: 9px; width: 6px; height: 6px;"></div>
-<div style="border-style: double; top: 24px; left: 24px; width: 6px; height: 6px;"></div>
+<div style="border-style: double; top: 23.5px; left: 8.5px; width: 7px; height: 7px;"></div>
+<div style="border-style: double; top: 23.5px; left: 23.5px; width: 7px; height: 7px;"></div>
 <div style="border-style: double; border-width: 1px; top: 23px; left: 38px; width: 7px; height: 7px;"></div>
 <div style="border-style: double; border-width: 1px; top: 23px; left: 53px; width: 7px; height: 7px;"></div>
 <div style="border-style: double; border-width: 1px; top: 23px; left: 68px; width: 7px; height: 7px;"></div>
-<div style="border-style: double; border-width: 1px; top: 23px; left: 83px; width: 7px; height: 7px;"></div>
-<div style="border-style: double; border-width: 1px; top: 23px; left: 98px; width: 7px; height: 7px;"></div>
+<div style="border-style: double; border-width: 1px; top: 22.5px; left: 82.5px; width: 8px; height: 8px;"></div>
+<div style="border-style: double; border-width: 1px; top: 22.5px; left: 97.5px; width: 8px; height: 8px;"></div>
 </body>
 </html>
diff --git a/Source/WebCore/platform/graphics/Path.cpp b/Source/WebCore/platform/graphics/Path.cpp
index e062268bdd71e..f62ba42307b22 100644
--- a/Source/WebCore/platform/graphics/Path.cpp
+++ b/Source/WebCore/platform/graphics/Path.cpp
@@ -333,6 +333,7 @@ void Path::addPath(const Path& path, const AffineTransform& transform)
     if (path.isEmpty() || !transform.isInvertible())
         return;
 
+    // FIXME: This should inspect the incoming path and add just the segments if possible.
     ensurePlatformPathImpl().addPath(const_cast<Path&>(path).ensurePlatformPathImpl(), transform);
 }
 
diff --git a/Source/WebCore/rendering/BorderEdge.cpp b/Source/WebCore/rendering/BorderEdge.cpp
index 88fcaff17376e..6433ea9452191 100644
--- a/Source/WebCore/rendering/BorderEdge.cpp
+++ b/Source/WebCore/rendering/BorderEdge.cpp
@@ -46,18 +46,19 @@ BorderEdge::BorderEdge(float edgeWidth, Color edgeColor, BorderStyle edgeStyle,
     m_flooredToDevicePixelWidth = floorf(edgeWidth * devicePixelRatio) / devicePixelRatio;
 }
 
-BorderEdges borderEdges(const RenderStyle& style, float deviceScaleFactor, RectEdges<bool> closedEdges, bool setColorsToBlack)
+BorderEdges borderEdges(const RenderStyle& style, float deviceScaleFactor, RectEdges<bool> closedEdges, LayoutSize inflation, bool setColorsToBlack)
 {
-    auto constructBorderEdge = [&](float width, CSSPropertyID borderColorProperty, BorderStyle borderStyle, bool isTransparent, bool isPresent) {
+    auto constructBorderEdge = [&](float width, float inflation, CSSPropertyID borderColorProperty, BorderStyle borderStyle, bool isTransparent, bool isPresent) {
         auto color = setColorsToBlack ? Color::black : style.visitedDependentColorWithColorFilter(borderColorProperty);
-        return BorderEdge(width, color, borderStyle, !setColorsToBlack && isTransparent, isPresent, deviceScaleFactor);
+        auto inflatedWidth = width ? width + inflation : width;
+        return BorderEdge(inflatedWidth, color, borderStyle, !setColorsToBlack && isTransparent, isPresent, deviceScaleFactor);
     };
 
     return {
-        constructBorderEdge(style.borderTopWidth(), CSSPropertyBorderTopColor, style.borderTopStyle(), style.borderTopIsTransparent(), closedEdges.top()),
-        constructBorderEdge(style.borderRightWidth(), CSSPropertyBorderRightColor, style.borderRightStyle(), style.borderRightIsTransparent(), closedEdges.right()),
-        constructBorderEdge(style.borderBottomWidth(), CSSPropertyBorderBottomColor, style.borderBottomStyle(), style.borderBottomIsTransparent(), closedEdges.bottom()),
-        constructBorderEdge(style.borderLeftWidth(), CSSPropertyBorderLeftColor, style.borderLeftStyle(), style.borderLeftIsTransparent(), closedEdges.left())
+        constructBorderEdge(style.borderTopWidth(), inflation.height().toFloat(), CSSPropertyBorderTopColor, style.borderTopStyle(), style.borderTopIsTransparent(), closedEdges.top()),
+        constructBorderEdge(style.borderRightWidth(), inflation.width().toFloat(), CSSPropertyBorderRightColor, style.borderRightStyle(), style.borderRightIsTransparent(), closedEdges.right()),
+        constructBorderEdge(style.borderBottomWidth(), inflation.height().toFloat(), CSSPropertyBorderBottomColor, style.borderBottomStyle(), style.borderBottomIsTransparent(), closedEdges.bottom()),
+        constructBorderEdge(style.borderLeftWidth(), inflation.width().toFloat(), CSSPropertyBorderLeftColor, style.borderLeftStyle(), style.borderLeftIsTransparent(), closedEdges.left())
     };
 }
 
diff --git a/Source/WebCore/rendering/BorderEdge.h b/Source/WebCore/rendering/BorderEdge.h
index 65dd3362c7e6c..3f587a6d8f6c1 100644
--- a/Source/WebCore/rendering/BorderEdge.h
+++ b/Source/WebCore/rendering/BorderEdge.h
@@ -42,6 +42,7 @@ class BorderEdge {
     BorderEdge(float edgeWidth, Color edgeColor, BorderStyle edgeStyle, bool edgeIsTransparent, bool edgeIsPresent, float devicePixelRatio);
 
     BorderStyle style() const { return m_style; }
+    LayoutUnit width() const { return m_width; }
     const Color& color() const { return m_color; }
     bool isTransparent() const { return m_isTransparent; }
     bool isPresent() const { return m_isPresent; }
@@ -49,7 +50,7 @@ class BorderEdge {
     inline bool hasVisibleColorAndStyle() const { return m_style > BorderStyle::Hidden && !m_isTransparent; }
     inline bool shouldRender() const { return m_isPresent && widthForPainting() && hasVisibleColorAndStyle(); }
     inline bool presentButInvisible() const { return widthForPainting() && !hasVisibleColorAndStyle(); }
-    inline float widthForPainting() const { return m_isPresent ?  m_flooredToDevicePixelWidth : 0; }
+    inline float widthForPainting() const { return m_isPresent ? m_flooredToDevicePixelWidth : 0; }
     void getDoubleBorderStripeWidths(LayoutUnit& outerWidth, LayoutUnit& innerWidth) const;
     bool obscuresBackgroundEdge(float scale) const;
     bool obscuresBackground() const;
@@ -67,7 +68,8 @@ class BorderEdge {
 };
 
 using BorderEdges = RectEdges<BorderEdge>;
-BorderEdges borderEdges(const RenderStyle&, float deviceScaleFactor, RectEdges<bool> closedEdges = { true }, bool setColorsToBlack = false);
+// inflation is only added to edges with non-zero widths.
+BorderEdges borderEdges(const RenderStyle&, float deviceScaleFactor, RectEdges<bool> closedEdges = { true }, LayoutSize inflation = { }, bool setColorsToBlack = false);
 BorderEdges borderEdgesForOutline(const RenderStyle&, float deviceScaleFactor);
 
 inline bool edgesShareColor(const BorderEdge& firstEdge, const BorderEdge& secondEdge) { return firstEdge.color() == secondEdge.color(); }
diff --git a/Source/WebCore/rendering/BorderPainter.cpp b/Source/WebCore/rendering/BorderPainter.cpp
index 538513868e063..625db9fcfa81f 100644
--- a/Source/WebCore/rendering/BorderPainter.cpp
+++ b/Source/WebCore/rendering/BorderPainter.cpp
@@ -123,12 +123,11 @@ static bool decorationHasAllSimpleEdges(const RectEdges<BorderEdge>& edges)
 }
 
 struct BorderPainter::Sides {
-    RoundedRect outerBorder;
-    RoundedRect innerBorder;
-    RoundedRect unadjustedInnerBorder;
-    std::optional<BorderData::Radii> radii { };
+    std::optional<BorderData::Radii> radii { }; // FIXME: Do we need this separately from the shape?
     const BorderEdges& edges;
     bool haveAllSolidEdges { true };
+    bool outerEdgeIsRectangular { true };
+    bool innerEdgeIsRectangular { true };
     BleedAvoidance bleedAvoidance { BleedAvoidance::None };
     RectEdges<bool> closedEdges = { true };
     bool appliedClipAlready { false };
@@ -140,37 +139,6 @@ BorderPainter::BorderPainter(const RenderElement& renderer, const PaintInfo& pai
 {
 }
 
-bool BorderPainter::allCornersClippedOut(const RoundedRect& border, const LayoutRect& clipRect)
-{
-    LayoutRect boundingRect = border.rect();
-    if (clipRect.contains(boundingRect))
-        return false;
-
-    RoundedRect::Radii radii = border.radii();
-
-    LayoutRect topLeftRect(boundingRect.location(), radii.topLeft());
-    if (clipRect.intersects(topLeftRect))
-        return false;
-
-    LayoutRect topRightRect(boundingRect.location(), radii.topRight());
-    topRightRect.setX(boundingRect.maxX() - topRightRect.width());
-    if (clipRect.intersects(topRightRect))
-        return false;
-
-    LayoutRect bottomLeftRect(boundingRect.location(), radii.bottomLeft());
-    bottomLeftRect.setY(boundingRect.maxY() - bottomLeftRect.height());
-    if (clipRect.intersects(bottomLeftRect))
-        return false;
-
-    LayoutRect bottomRightRect(boundingRect.location(), radii.bottomRight());
-    bottomRightRect.setX(boundingRect.maxX() - bottomRightRect.width());
-    bottomRightRect.setY(boundingRect.maxY() - bottomRightRect.height());
-    if (clipRect.intersects(bottomRightRect))
-        return false;
-
-    return true;
-}
-
 std::optional<Path> BorderPainter::pathForBorderArea(const LayoutRect& rect, const RenderStyle& style, float deviceScaleFactor, RectEdges<bool> closedEdges)
 {
     auto edges = borderEdges(style, deviceScaleFactor, closedEdges);
@@ -181,9 +149,9 @@ std::optional<Path> BorderPainter::pathForBorderArea(const LayoutRect& rect, con
     return borderShape.pathForBorderArea(deviceScaleFactor);
 }
 
-static LayoutRect calculateSideRect(const RoundedRect& outerBorder, const BorderEdges& edges, BoxSide side)
+static LayoutRect calculateSideRect(const LayoutRect& outerBorderRect, const BorderEdges& edges, BoxSide side)
 {
-    LayoutRect sideRect = outerBorder.rect();
+    auto sideRect = outerBorderRect;
     float width = edges.at(side).widthForPainting();
 
     switch (side) {
@@ -204,12 +172,20 @@ static LayoutRect calculateSideRect(const RoundedRect& outerBorder, const Border
     return sideRect;
 }
 
+static LayoutSize sizeForDevicePixel(const GraphicsContext& context, float devicePixelRatio)
+{
+    auto transform = context.getCTM();
+    return {
+        ceilToDevicePixel(1_lu / transform.xScale(), devicePixelRatio),
+        ceilToDevicePixel(1_lu / transform.yScale(), devicePixelRatio)
+    };
+}
+
 LayoutRect shrinkRectByOneDevicePixel(const GraphicsContext& context, const LayoutRect& rect, float devicePixelRatio)
 {
-    LayoutRect shrunkRect = rect;
-    AffineTransform transform = context.getCTM();
-    shrunkRect.inflateX(-ceilToDevicePixel(1_lu / transform.xScale(), devicePixelRatio));
-    shrunkRect.inflateY(-ceilToDevicePixel(1_lu / transform.yScale(), devicePixelRatio));
+    auto shrunkRect = rect;
+    auto devicePixelUnits = sizeForDevicePixel(context, devicePixelRatio);
+    shrunkRect.inflate(-devicePixelUnits);
     return shrunkRect;
 }
 
@@ -263,39 +239,46 @@ void BorderPainter::paintBorder(const LayoutRect& rect, const RenderStyle& style
     if (paintNinePieceImage(rect, style, style.borderImage()))
         return;
 
-    auto borderShape = BorderShape::shapeForBorderRect(style, rect, closedEdges);
+    auto [shape, edges] = [&]() {
+        switch (bleedAvoidance) {
+        case BleedAvoidance::None:
+        case BleedAvoidance::ShrinkBackground:
+        case BleedAvoidance::UseTransparencyLayer:
+            return std::tuple<BorderShape, BorderEdges> {
+                BorderShape::shapeForBorderRect(style, rect, closedEdges),
+                borderEdges(style, document().deviceScaleFactor(), closedEdges, { }, m_paintInfo.paintBehavior.contains(PaintBehavior::ForceBlackBorder))
+            };
 
-    // To handle corner styles other than `round`, we'll have to plumb the borderShape through all the border painting functions.
-    auto outerBorder = borderShape.deprecatedRoundedRect();
-    auto innerBorder = borderShape.deprecatedInnerRoundedRect();
-    auto unadjustedInnerBorder = innerBorder;
+        case BleedAvoidance::BackgroundOverBorder: {
+            // Shrink the inner edge so there's no gap between the border and the background, which will be painted atop.
+            auto shrinkAmount = sizeForDevicePixel(m_paintInfo.context(), document().deviceScaleFactor());
+            auto edges = borderEdges(style, document().deviceScaleFactor(), closedEdges, shrinkAmount, m_paintInfo.paintBehavior.contains(PaintBehavior::ForceBlackBorder));
+            auto borderWidths = RectEdges<LayoutUnit> {
+                edges.top().width(),
+                edges.right().width(),
+                edges.bottom().width(),
+                edges.left().width()
+            };
 
-    switch (bleedAvoidance) {
-    case BleedAvoidance::None:
-    case BleedAvoidance::ShrinkBackground:
-    case BleedAvoidance::UseTransparencyLayer:
-        break;
-    case BleedAvoidance::BackgroundOverBorder: {
-        auto shrunkBorderRect = borderRectAdjustedForBleedAvoidance(rect, bleedAvoidance);
-        auto shrunkBorderShape = BorderShape::shapeForBorderRect(style, shrunkBorderRect, closedEdges);
-        innerBorder = shrunkBorderShape.deprecatedInnerRoundedRect();
-        break;
-    }
-    }
+            return std::tuple<BorderShape, BorderEdges> {
+                BorderShape::shapeForBorderRect(style, rect, borderWidths, closedEdges),
+                WTFMove(edges)
+            };
+        }
+        }
 
-    auto edges = borderEdges(style, document().deviceScaleFactor(), closedEdges, m_paintInfo.paintBehavior.contains(PaintBehavior::ForceBlackBorder));
-    bool haveAllSolidEdges = decorationHasAllSolidEdges(edges);
+        return std::tuple<BorderShape, BorderEdges> { BorderShape({ }, { 0_lu }), { } };
+    }();
 
-    if (haveAllSolidEdges && outerBorder.isRounded() && allCornersClippedOut(outerBorder, m_paintInfo.rect))
-        outerBorder.setRadii(RoundedRect::Radii());
+    bool outerEdgeIsRectangular = !shape.isRounded() || shape.outerShapeContains(m_paintInfo.rect);
+    bool innerEdgeIsRectangular = shape.innerShapeIsRectangular();
 
-    paintSides({
-        outerBorder,
-        innerBorder,
-        unadjustedInnerBorder,
+    paintSides(shape, {
         style.hasBorderRadius() ? std::make_optional(style.borderRadii()) : std::nullopt,
         edges,
-        haveAllSolidEdges,
+        decorationHasAllSolidEdges(edges),
+        outerEdgeIsRectangular,
+        innerEdgeIsRectangular,
         bleedAvoidance,
         closedEdges,
         appliedClipAlready,
@@ -305,8 +288,6 @@ void BorderPainter::paintBorder(const LayoutRect& rect, const RenderStyle& style
 void BorderPainter::paintOutline(const LayoutRect& paintRect) const
 {
     auto& styleToUse = m_renderer->style();
-    auto outlineWidth = floorToDevicePixel(styleToUse.outlineWidth(), document().deviceScaleFactor());
-    auto outlineOffset = floorToDevicePixel(styleToUse.outlineOffset(), document().deviceScaleFactor());
 
     // Only paint the focus ring by hand if the theme isn't able to draw it.
     if (styleToUse.outlineStyleIsAuto() == OutlineIsAuto::On && !m_renderer->theme().supportsFocusRing(m_renderer, styleToUse)) {
@@ -324,53 +305,34 @@ void BorderPainter::paintOutline(const LayoutRect& paintRect) const
     if (styleToUse.outlineStyleIsAuto() == OutlineIsAuto::On || styleToUse.outlineStyle() == BorderStyle::None)
         return;
 
-    // FIXME: This prevents outlines from painting inside the object. See bug 12042
-    auto outer = paintRect;
-    outer.inflate(outlineOffset + outlineWidth);
-    if (outer.isEmpty())
+    auto outlineWidth = LayoutUnit { styleToUse.outlineWidth() };
+    auto outlineOffset = LayoutUnit { styleToUse.outlineOffset() };
+
+    auto outerRect = paintRect;
+    outerRect.inflate(outlineOffset + outlineWidth);
+    // FIXME: This prevents outlines from painting inside the object http://webkit.org/b/12042.
+    if (outerRect.isEmpty())
         return;
 
     auto hasBorderRadius = styleToUse.hasBorderRadius();
-    auto roundedBorderRectFor = [&] (auto& borderRect, auto borderOffset) {
-        auto adjustedRadius = [&] (auto& radius, auto offset) {
-            auto widthValue = radius.width.isAuto() ? 0 : intValueForLength(radius.width, paintRect.width());
-            auto heightValue = radius.height.isAuto() ? 0 : intValueForLength(radius.height, paintRect.height());
-            if (!widthValue && !heightValue)
-                return LengthSize { { 0, LengthType::Fixed }, { 0, LengthType::Fixed } };
-            if (!widthValue)
-                return LengthSize { { 0, LengthType::Fixed }, { heightValue + offset, LengthType::Fixed } };
-            return LengthSize { { widthValue + offset, LengthType::Fixed }, { heightValue + offset, LengthType::Fixed } };
-        };
-
-        auto borderRadii = std::optional<BorderData::Radii> { };
-        if (hasBorderRadius) {
-            borderRadii = BorderData::Radii {
-                adjustedRadius(styleToUse.borderTopLeftRadius(), borderOffset),
-                adjustedRadius(styleToUse.borderTopRightRadius(), borderOffset),
-                adjustedRadius(styleToUse.borderBottomLeftRadius(), borderOffset),
-                adjustedRadius(styleToUse.borderBottomRightRadius(), borderOffset)
-            };
-        }
-        return RenderStyle::getRoundedInnerBorderFor(borderRect, { }, { }, { }, { }, borderRadii, { true });
-    };
-    auto innerRectForOutline = paintRect;
-    innerRectForOutline.inflate(outlineOffset);
-    auto innerBorder = roundedBorderRectFor(innerRectForOutline, LayoutUnit { outlineOffset });
-    auto outerBorder = roundedBorderRectFor(outer, LayoutUnit { outlineWidth + outlineOffset });
+    auto closedEdges = RectEdges<bool> { true };
+
+    auto outlineEdgeWidths = RectEdges<LayoutUnit> { outlineWidth };
+    auto outlineShape = BorderShape::shapeForOutlineRect(styleToUse, paintRect, outerRect, outlineEdgeWidths, closedEdges);
+
     auto bleedAvoidance = BleedAvoidance::ShrinkBackground;
     auto appliedClipAlready = false;
     auto edges = borderEdgesForOutline(styleToUse, document().deviceScaleFactor());
     auto haveAllSolidEdges = decorationHasAllSolidEdges(edges);
 
-    paintSides({
-        outerBorder,
-        innerBorder,
-        innerBorder,
+    paintSides(outlineShape, {
         hasBorderRadius ? std::make_optional(styleToUse.borderRadii()) : std::nullopt,
         edges,
         haveAllSolidEdges,
+        outlineShape.outerShapeIsRectangular(),
+        outlineShape.innerShapeIsRectangular(),
         bleedAvoidance,
-        { true },
+        closedEdges,
         appliedClipAlready,
     });
 }
@@ -424,14 +386,14 @@ void BorderPainter::paintOutline(const LayoutPoint& paintOffset, const Vector<La
         graphicsContext.endTransparencyLayer();
 }
 
-void BorderPainter::paintSides(const Sides& sides) const
+void BorderPainter::paintSides(const BorderShape& borderShape, const Sides& sides) const
 {
     GraphicsContext& graphicsContext = m_paintInfo.context();
 
     ASSERT(!graphicsContext.paintingDisabled());
 
     // If no borders intersects with the dirty area, we can skip the painting.
-    if (sides.innerBorder.contains(m_paintInfo.rect))
+    if (borderShape.innerShapeContains(m_paintInfo.rect))
         return;
 
     auto deviceScaleFactor = document().deviceScaleFactor();
@@ -475,20 +437,10 @@ void BorderPainter::paintSides(const Sides& sides) const
         ASSERT(numEdgesVisible == 4);
         ASSERT(allEdgesShareColor);
         ASSERT(sides.haveAllSolidEdges);
-        ASSERT(sides.outerBorder.isRounded() || haveAlphaColor);
+        ASSERT(!sides.outerEdgeIsRectangular || haveAlphaColor);
 
-        Path path;
-        auto pixelSnappedOuterBorder = sides.outerBorder.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
-        if (pixelSnappedOuterBorder.isRounded() && sides.bleedAvoidance != BleedAvoidance::UseTransparencyLayer)
-            path.addRoundedRect(pixelSnappedOuterBorder);
-        else
-            path.addRect(pixelSnappedOuterBorder.rect());
-
-        auto pixelSnappedInnerBorder = sides.innerBorder.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
-        if (pixelSnappedInnerBorder.isRounded())
-            path.addRoundedRect(pixelSnappedInnerBorder);
-        else
-            path.addRect(pixelSnappedInnerBorder.rect());
+        auto path = borderShape.pathForOuterShape(deviceScaleFactor);
+        borderShape.addInnerShapeToPath(path, deviceScaleFactor);
 
         graphicsContext.setFillRule(WindRule::EvenOdd);
         graphicsContext.setFillColor(sides.edges.at(*firstVisibleSide).color());
@@ -500,15 +452,14 @@ void BorderPainter::paintSides(const Sides& sides) const
         ASSERT(allEdgesShareColor);
         ASSERT(haveAllDoubleEdges);
         ASSERT(haveAlphaColor);
-        // FIXME: We could update this to render double borders which are all rounded.
-        ASSERT(!sides.outerBorder.isRounded() && !sides.innerBorder.isRounded());
+        ASSERT(sides.outerEdgeIsRectangular && sides.innerEdgeIsRectangular);
 
         Path path;
-        auto pixelSnappedOuterBorder = snapRectToDevicePixels(sides.outerBorder.rect(), deviceScaleFactor);
+        auto pixelSnappedOuterBorder = borderShape.snappedOuterRect(deviceScaleFactor);
         path.addRect(pixelSnappedOuterBorder);
 
-        auto innerThirdRect = sides.outerBorder.rect();
-        auto outerThirdRect = sides.outerBorder.rect();
+        auto innerThirdRect = borderShape.borderRect();
+        auto outerThirdRect = borderShape.borderRect();
         for (auto side : allBoxSides) {
             LayoutUnit outerWidth;
             LayoutUnit innerWidth;
@@ -539,7 +490,7 @@ void BorderPainter::paintSides(const Sides& sides) const
         auto pixelSnappedInnerThird = snapRectToDevicePixels(innerThirdRect, deviceScaleFactor);
         path.addRect(pixelSnappedInnerThird);
 
-        auto pixelSnappedInnerBorder = snapRectToDevicePixels(sides.innerBorder.rect(), deviceScaleFactor);
+        auto pixelSnappedInnerBorder = borderShape.snappedInnerRect(deviceScaleFactor);
         path.addRect(pixelSnappedInnerBorder);
 
         graphicsContext.setFillRule(WindRule::EvenOdd);
@@ -549,25 +500,25 @@ void BorderPainter::paintSides(const Sides& sides) const
 
     if ((sides.haveAllSolidEdges || haveAllDoubleEdges) && allEdgesShareColor) {
         // Fast path for drawing all solid edges and all unrounded double edges which need path-based rendering because of rounding or alpha colors.
-        if (numEdgesVisible == 4 && (sides.outerBorder.isRounded() || haveAlphaColor)) {
+        if (numEdgesVisible == 4 && (!sides.outerEdgeIsRectangular || haveAlphaColor)) {
             if (sides.haveAllSolidEdges) {
                 drawUniformRoundedOrAlphaBorders();
                 return;
             }
 
-            if (haveAllDoubleEdges && !sides.outerBorder.isRounded() && !sides.innerBorder.isRounded()) {
+            if (haveAllDoubleEdges && sides.outerEdgeIsRectangular && sides.innerEdgeIsRectangular) {
                 drawUniformDoubleBorders();
                 return;
             }
         }
 
         // Avoid creating transparent layers
-        if (sides.haveAllSolidEdges && numEdgesVisible != 4 && !sides.outerBorder.isRounded() && haveAlphaColor) {
+        if (sides.haveAllSolidEdges && numEdgesVisible != 4 && sides.outerEdgeIsRectangular && haveAlphaColor) {
+            auto outerBorderRect = borderShape.borderRect();
             Path path;
-
             for (auto side : allBoxSides) {
                 if (sides.edges.at(side).shouldRender()) {
-                    auto sideRect = calculateSideRect(sides.outerBorder, sides.edges, side);
+                    auto sideRect = calculateSideRect(outerBorderRect, sides.edges, side);
                     path.addRect(sideRect); // FIXME: Need pixel snapping here.
                 }
             }
@@ -579,22 +530,21 @@ void BorderPainter::paintSides(const Sides& sides) const
         }
     }
 
-    bool clipToOuterBorder = sides.outerBorder.isRounded();
+    bool clipToOuterBorder = !sides.outerEdgeIsRectangular;
     GraphicsContextStateSaver stateSaver(graphicsContext, clipToOuterBorder && !sides.appliedClipAlready);
     if (clipToOuterBorder) {
         // Clip to the inner and outer radii rects.
         if (sides.bleedAvoidance != BleedAvoidance::UseTransparencyLayer)
-            graphicsContext.clipRoundedRect(sides.outerBorder.pixelSnappedRoundedRectForPainting(deviceScaleFactor));
-        graphicsContext.clipOutRoundedRect(sides.innerBorder.pixelSnappedRoundedRectForPainting(deviceScaleFactor));
+            borderShape.clipToOuterShape(graphicsContext, deviceScaleFactor);
+        borderShape.clipOutInnerShape(graphicsContext, deviceScaleFactor);
     }
 
     // If only one edge visible antialiasing doesn't create seams
     bool antialias = shouldAntialiasLines(graphicsContext) || numEdgesVisible == 1;
-    IntPoint innerBorderAdjustment(sides.innerBorder.rect().x() - sides.unadjustedInnerBorder.rect().x(), sides.innerBorder.rect().y() - sides.unadjustedInnerBorder.rect().y());
     if (haveAlphaColor)
-        paintTranslucentBorderSides(sides.outerBorder, sides.unadjustedInnerBorder, innerBorderAdjustment, sides.edges, edgesToDraw, sides.radii, sides.bleedAvoidance, sides.closedEdges, antialias);
+        paintTranslucentBorderSides(borderShape, sides, edgesToDraw, antialias);
     else
-        paintBorderSides(sides.outerBorder, sides.unadjustedInnerBorder, innerBorderAdjustment, sides.edges, edgesToDraw, sides.radii, sides.bleedAvoidance, sides.closedEdges, antialias);
+        paintBorderSides(borderShape, sides, edgesToDraw, antialias);
 }
 
 bool BorderPainter::paintNinePieceImage(const LayoutRect& rect, const RenderStyle& style, const NinePieceImage& ninePieceImage, CompositeOperator op) const
@@ -630,8 +580,7 @@ bool BorderPainter::paintNinePieceImage(const LayoutRect& rect, const RenderStyl
     return true;
 }
 
-void BorderPainter::paintTranslucentBorderSides(const RoundedRect& outerBorder, const RoundedRect& innerBorder, const IntPoint& innerBorderAdjustment,
-    const BorderEdges& edges, BoxSideSet edgesToDraw, std::optional<BorderData::Radii> radii, BleedAvoidance bleedAvoidance, RectEdges<bool> closedEdges, bool antialias) const
+void BorderPainter::paintTranslucentBorderSides(const BorderShape& borderShape, const Sides& sides, BoxSideSet edgesToDraw, bool antialias) const
 {
     // willBeOverdrawn assumes that we draw in order: top, bottom, left, right.
     // This is different from BoxSide enum order.
@@ -646,7 +595,7 @@ void BorderPainter::paintTranslucentBorderSides(const RoundedRect& outerBorder,
             if (!edgesToDraw.contains(edgeFlagForSide(side)))
                 continue;
 
-            auto& edge = edges.at(side);
+            auto& edge = sides.edges.at(side);
             bool includeEdge;
             if (commonColorEdgeSet.isEmpty()) {
                 commonColor = edge.color();
@@ -664,7 +613,7 @@ void BorderPainter::paintTranslucentBorderSides(const RoundedRect& outerBorder,
             commonColor = commonColor.opaqueColor();
         }
 
-        paintBorderSides(outerBorder, innerBorder, innerBorderAdjustment, edges, commonColorEdgeSet, radii, bleedAvoidance, closedEdges, antialias, &commonColor);
+        paintBorderSides(borderShape, sides, commonColorEdgeSet, antialias, &commonColor);
 
         if (useTransparencyLayer)
             m_paintInfo.context().endTransparencyLayer();
@@ -787,14 +736,15 @@ static bool joinRequiresMitre(BoxSide side, BoxSide adjacentSide, const BorderEd
     return false;
 }
 
-void BorderPainter::paintBorderSides(const RoundedRect& outerBorder, const RoundedRect& innerBorder,
-    const IntPoint& innerBorderAdjustment, const BorderEdges& edges, BoxSideSet edgeSet, std::optional<BorderData::Radii> radii, BleedAvoidance bleedAvoidance, RectEdges<bool> closedEdges, bool antialias, const Color* overrideColor) const
+void BorderPainter::paintBorderSides(const BorderShape& borderShape, const Sides& sides, BoxSideSet edgeSet, bool antialias, const Color* overrideColor) const
 {
-    bool renderRadii = outerBorder.isRounded();
-
     Path roundedPath;
-    if (renderRadii)
-        roundedPath.addRoundedRect(outerBorder);
+    if (!sides.outerEdgeIsRectangular) {
+        float deviceScaleFactor = document().deviceScaleFactor();
+        roundedPath = borderShape.pathForOuterShape(deviceScaleFactor);
+    }
+
+    auto innerBorder = borderShape.deprecatedInnerRoundedRect();
 
     // The inner border adjustment for bleed avoidance mode BleedAvoidance::BackgroundOverBorder
     // is only applied to sideRect, which is okay since BleedAvoidance::BackgroundOverBorder
@@ -802,39 +752,39 @@ void BorderPainter::paintBorderSides(const RoundedRect& outerBorder, const Round
     // only depends on sideRect when painting solid borders.
 
     auto paintOneSide = [&](BoxSide side, BoxSide adjacentSide1, BoxSide adjacentSide2) {
-        auto& edge = edges.at(side);
+        auto& edge = sides.edges.at(side);
         if (!edge.shouldRender() || !edgeSet.contains(edgeFlagForSide(side)))
             return;
 
-        LayoutRect sideRect = outerBorder.rect();
+        LayoutRect sideRect = borderShape.borderRect();
         LayoutSize firstRadius;
         LayoutSize secondRadius;
 
         switch (side) {
         case BoxSide::Top:
-            sideRect.setHeight(edge.widthForPainting() + innerBorderAdjustment.y());
+            sideRect.setHeight(borderShape.borderWidths().top());
             firstRadius = innerBorder.radii().topLeft();
             secondRadius = innerBorder.radii().topRight();
             break;
         case BoxSide::Right:
-            sideRect.shiftXEdgeTo(sideRect.maxX() - edge.widthForPainting() - innerBorderAdjustment.x());
+            sideRect.shiftXEdgeTo(sideRect.maxX() - borderShape.borderWidths().right());
             firstRadius = innerBorder.radii().bottomRight();
             secondRadius = innerBorder.radii().topRight();
             break;
         case BoxSide::Bottom:
-            sideRect.shiftYEdgeTo(sideRect.maxY() - edge.widthForPainting() - innerBorderAdjustment.y());
+            sideRect.shiftYEdgeTo(sideRect.maxY() - borderShape.borderWidths().bottom());
             firstRadius = innerBorder.radii().bottomLeft();
             secondRadius = innerBorder.radii().bottomRight();
             break;
         case BoxSide::Left:
-            sideRect.setWidth(edge.widthForPainting() + innerBorderAdjustment.x());
+            sideRect.setWidth(borderShape.borderWidths().left());
             firstRadius = innerBorder.radii().bottomLeft();
             secondRadius = innerBorder.radii().topLeft();
             break;
         }
 
-        bool usePath = renderRadii && (borderStyleHasInnerDetail(edge.style()) || borderWillArcInnerEdge(firstRadius, secondRadius));
-        paintOneBorderSide(outerBorder, innerBorder, sideRect, side, adjacentSide1, adjacentSide2, edges, radii, usePath ? &roundedPath : nullptr, bleedAvoidance, closedEdges, antialias, overrideColor);
+        bool usePath = !sides.outerEdgeIsRectangular && (borderStyleHasInnerDetail(edge.style()) || borderWillArcInnerEdge(firstRadius, secondRadius));
+        paintOneBorderSide(borderShape, sides, sideRect, side, adjacentSide1, adjacentSide2, usePath ? &roundedPath : nullptr, antialias, overrideColor);
     };
 
     paintOneSide(BoxSide::Top, BoxSide::Left, BoxSide::Right);
@@ -843,20 +793,18 @@ void BorderPainter::paintBorderSides(const RoundedRect& outerBorder, const Round
     paintOneSide(BoxSide::Right, BoxSide::Top, BoxSide::Bottom);
 }
 
-void BorderPainter::paintOneBorderSide(const RoundedRect& outerBorder, const RoundedRect& innerBorder,
-    const LayoutRect& sideRect, BoxSide side, BoxSide adjacentSide1, BoxSide adjacentSide2, const BorderEdges& edges, std::optional<BorderData::Radii> radii, const Path* path,
-    BleedAvoidance bleedAvoidance, RectEdges<bool> closedEdges, bool antialias, const Color* overrideColor) const
+void BorderPainter::paintOneBorderSide(const BorderShape& borderShape, const Sides& sides, const LayoutRect& sideRect, BoxSide side, BoxSide adjacentSide1, BoxSide adjacentSide2, const Path* path, bool antialias, const Color* overrideColor) const
 {
-    auto& edgeToRender = edges.at(side);
+    auto& edgeToRender = sides.edges.at(side);
     ASSERT(edgeToRender.widthForPainting());
-    auto& adjacentEdge1 = edges.at(adjacentSide1);
-    auto& adjacentEdge2 = edges.at(adjacentSide2);
+    auto& adjacentEdge1 = sides.edges.at(adjacentSide1);
+    auto& adjacentEdge2 = sides.edges.at(adjacentSide2);
 
-    bool mitreAdjacentSide1 = joinRequiresMitre(side, adjacentSide1, edges, !antialias);
-    bool mitreAdjacentSide2 = joinRequiresMitre(side, adjacentSide2, edges, !antialias);
+    bool mitreAdjacentSide1 = joinRequiresMitre(side, adjacentSide1, sides.edges, !antialias);
+    bool mitreAdjacentSide2 = joinRequiresMitre(side, adjacentSide2, sides.edges, !antialias);
 
-    bool adjacentSide1StylesMatch = colorsMatchAtCorner(side, adjacentSide1, edges);
-    bool adjacentSide2StylesMatch = colorsMatchAtCorner(side, adjacentSide2, edges);
+    bool adjacentSide1StylesMatch = colorsMatchAtCorner(side, adjacentSide1, sides.edges);
+    bool adjacentSide2StylesMatch = colorsMatchAtCorner(side, adjacentSide2, sides.edges);
 
     const Color& colorToPaint = overrideColor ? *overrideColor : edgeToRender.color();
 
@@ -865,22 +813,21 @@ void BorderPainter::paintOneBorderSide(const RoundedRect& outerBorder, const Rou
     if (path) {
         GraphicsContextStateSaver stateSaver(graphicsContext);
 
-        clipBorderSidePolygon(outerBorder, innerBorder, side, adjacentSide1StylesMatch, adjacentSide2StylesMatch);
+        clipBorderSidePolygon(borderShape, side, adjacentSide1StylesMatch, adjacentSide2StylesMatch);
 
         float thickness = std::max(std::max(edgeToRender.widthForPainting(), adjacentEdge1.widthForPainting()), adjacentEdge2.widthForPainting());
-        drawBoxSideFromPath(outerBorder.rect(), *path, edges, radii, edgeToRender.widthForPainting(), thickness, side,
-            colorToPaint, edgeToRender.style(), bleedAvoidance, closedEdges);
+        drawBoxSideFromPath(borderShape.borderRect(), *path, sides.edges, sides.radii, edgeToRender.widthForPainting(), thickness, side, colorToPaint, edgeToRender.style(), sides.bleedAvoidance, sides.closedEdges);
     } else {
         bool clipForStyle = styleRequiresClipPolygon(edgeToRender.style()) && (mitreAdjacentSide1 || mitreAdjacentSide2);
-        bool clipAdjacentSide1 = colorNeedsAntiAliasAtCorner(side, adjacentSide1, edges) && mitreAdjacentSide1;
-        bool clipAdjacentSide2 = colorNeedsAntiAliasAtCorner(side, adjacentSide2, edges) && mitreAdjacentSide2;
+        bool clipAdjacentSide1 = colorNeedsAntiAliasAtCorner(side, adjacentSide1, sides.edges) && mitreAdjacentSide1;
+        bool clipAdjacentSide2 = colorNeedsAntiAliasAtCorner(side, adjacentSide2, sides.edges) && mitreAdjacentSide2;
         bool shouldClip = clipForStyle || clipAdjacentSide1 || clipAdjacentSide2;
 
         GraphicsContextStateSaver clipStateSaver(graphicsContext, shouldClip);
         if (shouldClip) {
             bool aliasAdjacentSide1 = clipAdjacentSide1 || (clipForStyle && mitreAdjacentSide1);
             bool aliasAdjacentSide2 = clipAdjacentSide2 || (clipForStyle && mitreAdjacentSide2);
-            clipBorderSidePolygon(outerBorder, innerBorder, side, !aliasAdjacentSide1, !aliasAdjacentSide2);
+            clipBorderSidePolygon(borderShape, side, !aliasAdjacentSide1, !aliasAdjacentSide2);
             // Since we clipped, no need to draw with a mitre.
             mitreAdjacentSide1 = false;
             mitreAdjacentSide2 = false;
@@ -1036,13 +983,15 @@ void BorderPainter::drawBoxSideFromPath(const LayoutRect& borderRect, const Path
     graphicsContext.drawRect(snapRectToDevicePixels(borderRect, document().deviceScaleFactor()));
 }
 
-void BorderPainter::clipBorderSidePolygon(const RoundedRect& outerBorder, const RoundedRect& innerBorder, BoxSide side, bool firstEdgeMatches, bool secondEdgeMatches) const
+void BorderPainter::clipBorderSidePolygon(const BorderShape& borderShape, BoxSide side, bool firstEdgeMatches, bool secondEdgeMatches) const
 {
     auto& graphicsContext = m_paintInfo.context();
 
     float deviceScaleFactor = document().deviceScaleFactor();
-    const FloatRect& outerRect = snapRectToDevicePixels(outerBorder.rect(), deviceScaleFactor);
-    const FloatRect& innerRect = snapRectToDevicePixels(innerBorder.rect(), deviceScaleFactor);
+    auto outerRect = borderShape.snappedOuterRect(deviceScaleFactor);
+
+    auto innerRect = borderShape.snappedInnerRect(deviceScaleFactor);
+    auto innerBorder = borderShape.deprecatedInnerRoundedRect();
 
     // For each side, create a quad that encompasses all parts of that side that may draw,
     // including areas inside the innerBorder.
diff --git a/Source/WebCore/rendering/BorderPainter.h b/Source/WebCore/rendering/BorderPainter.h
index c51671949b572..d9d3d4d0622ae 100644
--- a/Source/WebCore/rendering/BorderPainter.h
+++ b/Source/WebCore/rendering/BorderPainter.h
@@ -28,6 +28,8 @@
 
 namespace WebCore {
 
+class BorderShape;
+
 class BorderPainter {
 public:
     BorderPainter(const RenderElement&, const PaintInfo&);
@@ -41,20 +43,19 @@ class BorderPainter {
 
     static std::optional<Path> pathForBorderArea(const LayoutRect&, const RenderStyle&, float deviceScaleFactor, RectEdges<bool> closedEdges = { true });
 
-    static bool allCornersClippedOut(const RoundedRect&, const LayoutRect&);
     static bool shouldAntialiasLines(GraphicsContext&);
 
 private:
     struct Sides;
-    void paintSides(const Sides&) const;
+    void paintSides(const BorderShape&, const Sides&) const;
+
+    void paintTranslucentBorderSides(const BorderShape&, const Sides&, BoxSideSet edgesToDraw, bool antialias) const;
+    void paintBorderSides(const BorderShape&, const Sides&, BoxSideSet edgesToDraw, bool antialias, const Color* overrideColor = nullptr) const;
+
+    void paintOneBorderSide(const BorderShape&, const Sides&, const LayoutRect& sideRect, BoxSide, BoxSide adjacentSide1, BoxSide adjacentSide2, const Path*, bool antialias, const Color* overrideColor) const;
 
-    void paintTranslucentBorderSides(const RoundedRect& outerBorder, const RoundedRect& innerBorder, const IntPoint& innerBorderAdjustment,
-        const BorderEdges&, BoxSideSet edgesToDraw, std::optional<BorderDataRadii>, BleedAvoidance, RectEdges<bool> closedEdges, bool antialias) const;
-    void paintBorderSides(const RoundedRect& outerBorder, const RoundedRect& innerBorder, const IntPoint& innerBorderAdjustment, const BorderEdges&, BoxSideSet edgeSet, std::optional<BorderDataRadii>, BleedAvoidance, RectEdges<bool> closedEdges, bool antialias, const Color* overrideColor = nullptr) const;
-    void paintOneBorderSide(const RoundedRect& outerBorder, const RoundedRect& innerBorder,
-        const LayoutRect& sideRect, BoxSide, BoxSide adjacentSide1, BoxSide adjacentSide2, const BorderEdges&, std::optional<BorderDataRadii>, const Path*, BleedAvoidance, RectEdges<bool> closedEdges, bool antialias, const Color* overrideColor) const;
     void drawBoxSideFromPath(const LayoutRect& borderRect, const Path& borderPath, const BorderEdges&, std::optional<BorderDataRadii>, float thickness, float drawThickness, BoxSide, Color, BorderStyle, BleedAvoidance, RectEdges<bool> closedEdges) const;
-    void clipBorderSidePolygon(const RoundedRect& outerBorder, const RoundedRect& innerBorder, BoxSide, bool firstEdgeMatches, bool secondEdgeMatches) const;
+    void clipBorderSidePolygon(const BorderShape&, BoxSide, bool firstEdgeMatches, bool secondEdgeMatches) const;
 
     LayoutRect borderRectAdjustedForBleedAvoidance(const LayoutRect&, BleedAvoidance) const;
 
diff --git a/Source/WebCore/rendering/BorderShape.cpp b/Source/WebCore/rendering/BorderShape.cpp
index 853aa1234cefd..8ea47e94ef193 100644
--- a/Source/WebCore/rendering/BorderShape.cpp
+++ b/Source/WebCore/rendering/BorderShape.cpp
@@ -102,14 +102,63 @@ BorderShape BorderShape::shapeForBorderRect(const RenderStyle& style, const Layo
     return BorderShape { borderRect, usedBorderWidths };
 }
 
+BorderShape BorderShape::shapeForOutlineRect(const RenderStyle& style, const LayoutRect& borderRect, const LayoutRect& outlineBoxRect, const RectEdges<LayoutUnit>& outlineWidths, RectEdges<bool> closedEdges)
+{
+    // top, right, bottom, left.
+    auto usedOutlineWidths = RectEdges<LayoutUnit> {
+        LayoutUnit(closedEdges.top() ? outlineWidths.top() : 0_lu),
+        LayoutUnit(closedEdges.right() ? outlineWidths.right() : 0_lu),
+        LayoutUnit(closedEdges.bottom() ? outlineWidths.bottom() : 0_lu),
+        LayoutUnit(closedEdges.left() ? outlineWidths.left() : 0_lu),
+    };
+
+    if (style.hasBorderRadius()) {
+        auto radii = calcRadiiFor(style.borderRadii(), borderRect.size());
+
+        auto leftOutset = std::max(borderRect.x() - outlineBoxRect.x(), 0_lu);
+        auto topOutset = std::max(borderRect.y() - outlineBoxRect.y(), 0_lu);
+        auto rightOutset = std::max(outlineBoxRect.maxX() - borderRect.maxX(), 0_lu);
+        auto bottomOutset = std::max(outlineBoxRect.maxY() - borderRect.maxY(), 0_lu);
+
+        radii.expand(topOutset, bottomOutset, leftOutset, rightOutset);
+
+        // FIXME: Share
+        if (!closedEdges.top()) {
+            radii.setTopLeft({ });
+            radii.setTopRight({ });
+        }
+        if (!closedEdges.right()) {
+            radii.setTopRight({ });
+            radii.setBottomRight({ });
+        }
+        if (!closedEdges.bottom()) {
+            radii.setBottomRight({ });
+            radii.setBottomLeft({ });
+        }
+        if (!closedEdges.left()) {
+            radii.setBottomLeft({ });
+            radii.setTopLeft({ });
+        }
+
+        if (!radii.areRenderableInRect(outlineBoxRect))
+            radii.makeRenderableInRect(outlineBoxRect);
+
+        return BorderShape { outlineBoxRect, usedOutlineWidths, radii };
+    }
+
+    return BorderShape { outlineBoxRect, usedOutlineWidths };
+}
+
 BorderShape::BorderShape(const LayoutRect& borderRect, const RectEdges<LayoutUnit>& borderWidths)
     : m_borderRect(borderRect)
+    , m_innerEdgeRect(computeInnerEdgeRoundedRect(m_borderRect, borderWidths))
     , m_borderWidths(borderWidths)
 {
 }
 
 BorderShape::BorderShape(const LayoutRect& borderRect, const RectEdges<LayoutUnit>& borderWidths, const RoundedRectRadii& radii)
     : m_borderRect(borderRect, radii)
+    , m_innerEdgeRect(computeInnerEdgeRoundedRect(m_borderRect, borderWidths))
     , m_borderWidths(borderWidths)
 {
     // The caller should have adjusted the radii already.
@@ -123,7 +172,7 @@ RoundedRect BorderShape::deprecatedRoundedRect() const
 
 RoundedRect BorderShape::deprecatedInnerRoundedRect() const
 {
-    return innerEdgeRoundedRect();
+    return m_innerEdgeRect;
 }
 
 FloatRoundedRect BorderShape::deprecatedPixelSnappedRoundedRect(float deviceScaleFactor) const
@@ -133,7 +182,7 @@ FloatRoundedRect BorderShape::deprecatedPixelSnappedRoundedRect(float deviceScal
 
 FloatRoundedRect BorderShape::deprecatedPixelSnappedInnerRoundedRect(float deviceScaleFactor) const
 {
-    return innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    return m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
 }
 
 FloatRect BorderShape::snappedOuterRect(float deviceScaleFactor) const
@@ -148,7 +197,7 @@ FloatRect BorderShape::snappedInnerRect(float deviceScaleFactor) const
 
 bool BorderShape::innerShapeContains(const LayoutRect& rect) const
 {
-    return innerEdgeRoundedRect().contains(rect);
+    return m_innerEdgeRect.contains(rect);
 }
 
 bool BorderShape::outerShapeContains(const LayoutRect& rect) const
@@ -156,6 +205,16 @@ bool BorderShape::outerShapeContains(const LayoutRect& rect) const
     return m_borderRect.contains(rect);
 }
 
+bool BorderShape::outerShapeIsRectangular() const
+{
+    return !m_borderRect.isRounded();
+}
+
+bool BorderShape::innerShapeIsRectangular() const
+{
+    return !m_innerEdgeRect.isRounded();
+}
+
 void BorderShape::move(LayoutSize offset)
 {
     m_borderRect.move(offset);
@@ -184,7 +243,7 @@ Path BorderShape::pathForOuterShape(float deviceScaleFactor) const
 
 Path BorderShape::pathForInnerShape(float deviceScaleFactor) const
 {
-    auto pixelSnappedRect = innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    auto pixelSnappedRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     ASSERT(pixelSnappedRect.isRenderable());
 
     Path path;
@@ -192,10 +251,23 @@ Path BorderShape::pathForInnerShape(float deviceScaleFactor) const
     return path;
 }
 
+void BorderShape::addOuterShapeToPath(Path& path, float deviceScaleFactor) const
+{
+    auto pixelSnappedRect = m_borderRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    addRoundedRectToPath(pixelSnappedRect, path);
+}
+
+void BorderShape::addInnerShapeToPath(Path& path, float deviceScaleFactor) const
+{
+    auto pixelSnappedRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    ASSERT(pixelSnappedRect.isRenderable());
+    addRoundedRectToPath(pixelSnappedRect, path);
+}
+
 Path BorderShape::pathForBorderArea(float deviceScaleFactor) const
 {
     auto pixelSnappedOuterRect = m_borderRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
-    auto pixelSnappedInnerRect = innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    auto pixelSnappedInnerRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
 
     ASSERT(pixelSnappedInnerRect.isRenderable());
 
@@ -205,7 +277,7 @@ Path BorderShape::pathForBorderArea(float deviceScaleFactor) const
     return path;
 }
 
-void BorderShape::clipToOuterShape(GraphicsContext& context, float deviceScaleFactor)
+void BorderShape::clipToOuterShape(GraphicsContext& context, float deviceScaleFactor) const
 {
     auto pixelSnappedRect = m_borderRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     if (pixelSnappedRect.isRounded())
@@ -214,9 +286,9 @@ void BorderShape::clipToOuterShape(GraphicsContext& context, float deviceScaleFa
         context.clip(pixelSnappedRect.rect());
 }
 
-void BorderShape::clipToInnerShape(GraphicsContext& context, float deviceScaleFactor)
+void BorderShape::clipToInnerShape(GraphicsContext& context, float deviceScaleFactor) const
 {
-    auto pixelSnappedRect = innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    auto pixelSnappedRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     ASSERT(pixelSnappedRect.isRenderable());
     if (pixelSnappedRect.isRounded())
         context.clipRoundedRect(pixelSnappedRect);
@@ -224,7 +296,7 @@ void BorderShape::clipToInnerShape(GraphicsContext& context, float deviceScaleFa
         context.clip(pixelSnappedRect.rect());
 }
 
-void BorderShape::clipOutOuterShape(GraphicsContext& context, float deviceScaleFactor)
+void BorderShape::clipOutOuterShape(GraphicsContext& context, float deviceScaleFactor) const
 {
     auto pixelSnappedRect = m_borderRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     if (pixelSnappedRect.isEmpty())
@@ -236,9 +308,9 @@ void BorderShape::clipOutOuterShape(GraphicsContext& context, float deviceScaleF
         context.clipOut(pixelSnappedRect.rect());
 }
 
-void BorderShape::clipOutInnerShape(GraphicsContext& context, float deviceScaleFactor)
+void BorderShape::clipOutInnerShape(GraphicsContext& context, float deviceScaleFactor) const
 {
-    auto pixelSnappedRect = innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    auto pixelSnappedRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     if (pixelSnappedRect.isEmpty())
         return;
 
@@ -248,7 +320,7 @@ void BorderShape::clipOutInnerShape(GraphicsContext& context, float deviceScaleF
         context.clipOut(pixelSnappedRect.rect());
 }
 
-void BorderShape::fillOuterShape(GraphicsContext& context, const Color& color, float deviceScaleFactor)
+void BorderShape::fillOuterShape(GraphicsContext& context, const Color& color, float deviceScaleFactor) const
 {
     auto pixelSnappedRect = m_borderRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     if (pixelSnappedRect.isRounded())
@@ -257,9 +329,9 @@ void BorderShape::fillOuterShape(GraphicsContext& context, const Color& color, f
         context.fillRect(pixelSnappedRect.rect(), color);
 }
 
-void BorderShape::fillInnerShape(GraphicsContext& context, const Color& color, float deviceScaleFactor)
+void BorderShape::fillInnerShape(GraphicsContext& context, const Color& color, float deviceScaleFactor) const
 {
-    auto pixelSnappedRect = innerEdgeRoundedRect().pixelSnappedRoundedRectForPainting(deviceScaleFactor);
+    auto pixelSnappedRect = m_innerEdgeRect.pixelSnappedRoundedRectForPainting(deviceScaleFactor);
     ASSERT(pixelSnappedRect.isRenderable());
     if (pixelSnappedRect.isRounded())
         context.fillRoundedRect(pixelSnappedRect, color);
@@ -267,32 +339,34 @@ void BorderShape::fillInnerShape(GraphicsContext& context, const Color& color, f
         context.fillRect(pixelSnappedRect.rect(), color);
 }
 
-RoundedRect BorderShape::innerEdgeRoundedRect() const
+RoundedRect BorderShape::computeInnerEdgeRoundedRect(const RoundedRect& borderRoundedRect, const RectEdges<LayoutUnit>& borderWidths)
 {
-    auto roundedRect = RoundedRect { innerEdgeRect() };
-    if (m_borderRect.isRounded()) {
-        auto innerRadii = m_borderRect.radii();
-        innerRadii.shrink(m_borderWidths.top(), m_borderWidths.bottom(), m_borderWidths.left(), m_borderWidths.right());
-        roundedRect.setRadii(innerRadii);
-    }
+    auto borderRect = borderRoundedRect.rect();
+    auto width = std::max(0_lu, borderRect.width() - borderWidths.left() - borderWidths.right());
+    auto height = std::max(0_lu, borderRect.height() - borderWidths.top() - borderWidths.bottom());
+    auto innerRect = LayoutRect {
+        borderRect.x() + borderWidths.left(),
+        borderRect.y() + borderWidths.top(),
+        width,
+        height
+    };
+
+    auto innerEdgeRect = RoundedRect { innerRect };
+    if (borderRoundedRect.isRounded()) {
+        auto innerRadii = borderRoundedRect.radii();
+        innerRadii.shrink(borderWidths.top(), borderWidths.bottom(), borderWidths.left(), borderWidths.right());
+        innerEdgeRect.setRadii(innerRadii);
 
-    if (!roundedRect.isRenderable())
-        roundedRect.adjustRadii();
+        if (!innerEdgeRect.isRenderable())
+            innerEdgeRect.adjustRadii();
+    }
 
-    return roundedRect;
+    return innerEdgeRect;
 }
 
 LayoutRect BorderShape::innerEdgeRect() const
 {
-    auto& borderRect = m_borderRect.rect();
-    auto width = std::max(0_lu, borderRect.width() - m_borderWidths.left() - m_borderWidths.right());
-    auto height = std::max(0_lu, borderRect.height() - m_borderWidths.top() - m_borderWidths.bottom());
-    return {
-        borderRect.x() + m_borderWidths.left(),
-        borderRect.y() + m_borderWidths.top(),
-        width,
-        height
-    };
+    return m_innerEdgeRect.rect();
 }
 
 } // namespace WebCore
diff --git a/Source/WebCore/rendering/BorderShape.h b/Source/WebCore/rendering/BorderShape.h
index 939cd17c336a4..42a88a6339e00 100644
--- a/Source/WebCore/rendering/BorderShape.h
+++ b/Source/WebCore/rendering/BorderShape.h
@@ -51,16 +51,17 @@ class BorderShape {
     // overrideBorderWidths describe custom insets from the border box, used instead of the border widths from the style.
     static BorderShape shapeForBorderRect(const RenderStyle&, const LayoutRect& borderRect, const RectEdges<LayoutUnit>& overrideBorderWidths, RectEdges<bool> closedEdges = { true });
 
+    // Create a BorderShape suitable for rendering an outline. borderRect is provided to allow for scaling the corner radii.
+    static BorderShape shapeForOutlineRect(const RenderStyle&, const LayoutRect& borderRect, const LayoutRect& outlineBoxRect, const RectEdges<LayoutUnit>& outlineWidths, RectEdges<bool> closedEdges = { true });
+
     BorderShape(const LayoutRect& borderRect, const RectEdges<LayoutUnit>& borderWidths);
     BorderShape(const LayoutRect& borderRect, const RectEdges<LayoutUnit>& borderWidths, const RoundedRectRadii&);
 
-    BorderShape(const BorderShape& other)
-        : m_borderRect(other.m_borderRect)
-        , m_borderWidths(other.m_borderWidths)
-    {
-    }
+    BorderShape(const BorderShape&) = default;
 
     LayoutRect borderRect() const { return m_borderRect.rect(); }
+    // Takes `closedEdges` into account.
+    const RectEdges<LayoutUnit>& borderWidths() const { return m_borderWidths; }
 
     RoundedRect deprecatedRoundedRect() const;
     RoundedRect deprecatedInnerRoundedRect() const;
@@ -78,6 +79,10 @@ class BorderShape {
     FloatRect snappedInnerRect(float deviceScaleFactor) const;
 
     bool isRounded() const { return m_borderRect.isRounded(); }
+
+    bool outerShapeIsRectangular() const;
+    bool innerShapeIsRectangular() const;
+
     bool isEmpty() const { return m_borderRect.rect().isEmpty(); }
 
     void move(LayoutSize);
@@ -88,22 +93,26 @@ class BorderShape {
     Path pathForOuterShape(float deviceScaleFactor) const;
     Path pathForInnerShape(float deviceScaleFactor) const;
 
+    void addOuterShapeToPath(Path&, float deviceScaleFactor) const;
+    void addInnerShapeToPath(Path&, float deviceScaleFactor) const;
+
     Path pathForBorderArea(float deviceScaleFactor) const;
 
-    void clipToOuterShape(GraphicsContext&, float deviceScaleFactor);
-    void clipToInnerShape(GraphicsContext&, float deviceScaleFactor);
+    void clipToOuterShape(GraphicsContext&, float deviceScaleFactor) const;
+    void clipToInnerShape(GraphicsContext&, float deviceScaleFactor) const;
 
-    void clipOutOuterShape(GraphicsContext&, float deviceScaleFactor);
-    void clipOutInnerShape(GraphicsContext&, float deviceScaleFactor);
+    void clipOutOuterShape(GraphicsContext&, float deviceScaleFactor) const;
+    void clipOutInnerShape(GraphicsContext&, float deviceScaleFactor) const;
 
-    void fillOuterShape(GraphicsContext&, const Color&, float deviceScaleFactor);
-    void fillInnerShape(GraphicsContext&, const Color&, float deviceScaleFactor);
+    void fillOuterShape(GraphicsContext&, const Color&, float deviceScaleFactor) const;
+    void fillInnerShape(GraphicsContext&, const Color&, float deviceScaleFactor) const;
 
 private:
-    RoundedRect innerEdgeRoundedRect() const;
     LayoutRect innerEdgeRect() const;
+    static RoundedRect computeInnerEdgeRoundedRect(const RoundedRect& borderRoundedRect, const RectEdges<LayoutUnit>& borderWidths);
 
     RoundedRect m_borderRect;
+    RoundedRect m_innerEdgeRect;
     RectEdges<LayoutUnit> m_borderWidths;
 };
 

From 097cc51b554238c9d459fba1eadc0c249fff2eab Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@igalia.com>
Date: Mon, 24 Feb 2025 08:22:10 -0800
Subject: [PATCH 131/174] Add myself as a contributor
 https://bugs.webkit.org/show_bug.cgi?id=288366

Reviewed by Philippe Normand.

To become entitled to add reviewers.

Canonical link: https://commits.webkit.org/290952@main
---
 metadata/contributors.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/metadata/contributors.json b/metadata/contributors.json
index bcb5be2ef3f12..a1eea5947e12f 100644
--- a/metadata/contributors.json
+++ b/metadata/contributors.json
@@ -6044,6 +6044,13 @@
       ],
       "name" : "Min Qin"
    },
+   {
+      "emails" : [
+         "mbrodesser@igalia.com"
+      ],
+      "github" : "mbrodesser-Igalia",
+      "name" : "Mirko Brodesser"
+   },
    {
       "emails" : [
          "bazzimoe3@gmail.com"

From 8bb1183b52ad26de532aed279fbdb9bb8e2e8471 Mon Sep 17 00:00:00 2001
From: Simon Fraser <simon.fraser@apple.com>
Date: Mon, 24 Feb 2025 08:29:23 -0800
Subject: [PATCH 132/174] [CSS Corner shape] Implement parsing for corner-shape
 https://bugs.webkit.org/show_bug.cgi?id=277913 rdar://133607859

Reviewed by Sam Weinig.

Add support for parsing `corner-shape` and the physical and logical longhands. The "edge" variants are not yet supported
(similarly, we don't support the border-radius edge properties either).

Currently just support the keyword values.

Add storage of the style values in `BorderData`. Repainting happens by virtue of `isEquivalentForPainting`.

* LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-computed-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-valid-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/css/css-ui/compute-kind-widget-no-fallback-props-001.html: Add corner-shape to the list of native-appearance-disabling properties.
* LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt:
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/animation/CSSPropertyAnimation.cpp:
(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
* Source/WebCore/css/CSSPrimitiveValueMappings.h:
* Source/WebCore/css/CSSProperties.json:
* Source/WebCore/css/CSSProperty.h:
* Source/WebCore/css/CSSValueKeywords.in:
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::ComputedStyleExtractor::valueForPropertyInStyle const):
* Source/WebCore/css/ShorthandSerializer.cpp:
(WebCore::ShorthandSerializer::serialize):
* Source/WebCore/css/parser/CSSPropertyParser.cpp:
(WebCore::CSSPropertyParser::parseShorthand):
* Source/WebCore/rendering/style/BorderData.cpp:
(WebCore::BorderData::dump const):
* Source/WebCore/rendering/style/BorderData.h:
(WebCore::BorderData::topLeftCornerShape const):
(WebCore::BorderData::topRightCornerShape const):
(WebCore::BorderData::bottomLeftCornerShape const):
(WebCore::BorderData::bottomRightCornerShape const):
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::conservativelyCollectChangedAnimatableProperties const):
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebCore/rendering/style/RenderStyleConstants.cpp:
(WebCore::operator<<):
* Source/WebCore/rendering/style/RenderStyleConstants.h:
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::RenderStyle::initialCornerShape):
(WebCore::RenderStyle::cornerBottomLeftShape const):
(WebCore::RenderStyle::cornerBottomRightShape const):
(WebCore::RenderStyle::cornerTopLeftShape const):
(WebCore::RenderStyle::cornerTopRightShape const):
* Source/WebCore/rendering/style/RenderStyleSetters.h:
(WebCore::RenderStyle::setCornerBottomLeftShape):
(WebCore::RenderStyle::setCornerBottomRightShape):
(WebCore::RenderStyle::setCornerTopLeftShape):
(WebCore::RenderStyle::setCornerTopRightShape):

Canonical link: https://commits.webkit.org/290953@main
---
 .../corner-shape-computed-expected.txt        |  52 +++---
 .../parsing/corner-shape-valid-expected.txt   |  86 ++++-----
 .../all-prop-initial-xml-expected.txt         |   8 +
 ...ute-kind-widget-no-fallback-props-001.html |   8 +
 .../all-prop-initial-xml-expected.txt         |   8 +
 .../all-prop-initial-xml-expected.txt         |   8 +
 .../Preferences/UnifiedWebPreferences.yaml    |  14 ++
 .../animation/CSSPropertyAnimation.cpp        |   7 +
 .../WebCore/css/CSSPrimitiveValueMappings.h   |   7 +
 Source/WebCore/css/CSSProperties.json         | 176 ++++++++++++++++++
 Source/WebCore/css/CSSProperty.h              |   1 +
 Source/WebCore/css/CSSValueKeywords.in        |   9 +
 Source/WebCore/css/ComputedStyleExtractor.cpp |  14 ++
 Source/WebCore/css/ShorthandSerializer.cpp    |   1 +
 .../WebCore/css/parser/CSSPropertyParser.cpp  |   2 +
 Source/WebCore/rendering/style/BorderData.cpp |   9 +
 Source/WebCore/rendering/style/BorderData.h   |  10 +
 .../WebCore/rendering/style/RenderStyle.cpp   |   9 +
 Source/WebCore/rendering/style/RenderStyle.h  |  12 ++
 .../rendering/style/RenderStyleConstants.cpp  |  12 ++
 .../rendering/style/RenderStyleConstants.h    |   9 +
 .../rendering/style/RenderStyleInlines.h      |   6 +
 .../rendering/style/RenderStyleSetters.h      |   5 +
 23 files changed, 404 insertions(+), 69 deletions(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-computed-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-computed-expected.txt
index b7884f0338652..2bb508f5ae3d2 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-computed-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-computed-expected.txt
@@ -1,28 +1,28 @@
 
-FAIL Property corner-top-left-shape value 'round' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'scoop' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(5)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(0.2)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(0)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(infinity)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(2)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(1)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse(4)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-left-shape value 'superellipse( .5)' assert_true: corner-top-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-right-shape value 'round' assert_true: corner-top-right-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-top-right-shape value 'superellipse(5)' assert_true: corner-top-right-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-bottom-right-shape value 'scoop' assert_true: corner-bottom-right-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-bottom-left-shape value 'superellipse(5)' assert_true: corner-bottom-left-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'superellipse(5) round' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'round' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'bevel superellipse(0.1) round squircle' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'superellipse(0.1) superellipse(3) superellipse(7) superellipse(0.1)' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'round round round round' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'round scoop' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'round scoop round scoop' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'bevel superellipse(2)' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) straight' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) superellipse(1)' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'bevel superellipse(2) squircle     round' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
-FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) superellipse(1) superellipse(infinity)' assert_true: corner-shape doesn't seem to be supported in the computed style expected true got false
+PASS Property corner-top-left-shape value 'round'
+PASS Property corner-top-left-shape value 'scoop'
+FAIL Property corner-top-left-shape value 'superellipse(5)' assert_true: 'superellipse(5)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(0.2)' assert_true: 'superellipse(0.2)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(0)' assert_true: 'superellipse(0)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(infinity)' assert_true: 'superellipse(infinity)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(2)' assert_true: 'superellipse(2)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(1)' assert_true: 'superellipse(1)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse(4)' assert_true: 'superellipse(4)' is a supported value for corner-top-left-shape. expected true got false
+FAIL Property corner-top-left-shape value 'superellipse( .5)' assert_true: 'superellipse( .5)' is a supported value for corner-top-left-shape. expected true got false
+PASS Property corner-top-right-shape value 'round'
+FAIL Property corner-top-right-shape value 'superellipse(5)' assert_true: 'superellipse(5)' is a supported value for corner-top-right-shape. expected true got false
+PASS Property corner-bottom-right-shape value 'scoop'
+FAIL Property corner-bottom-left-shape value 'superellipse(5)' assert_true: 'superellipse(5)' is a supported value for corner-bottom-left-shape. expected true got false
+FAIL Property corner-shape value 'superellipse(5) round' assert_true: 'superellipse(5) round' is a supported value for corner-shape. expected true got false
+PASS Property corner-shape value 'round'
+FAIL Property corner-shape value 'bevel superellipse(0.1) round squircle' assert_true: 'bevel superellipse(0.1) round squircle' is a supported value for corner-shape. expected true got false
+FAIL Property corner-shape value 'superellipse(0.1) superellipse(3) superellipse(7) superellipse(0.1)' assert_true: 'superellipse(0.1) superellipse(3) superellipse(7) superellipse(0.1)' is a supported value for corner-shape. expected true got false
+PASS Property corner-shape value 'round round round round'
+PASS Property corner-shape value 'round scoop'
+PASS Property corner-shape value 'round scoop round scoop'
+FAIL Property corner-shape value 'bevel superellipse(2)' assert_true: 'bevel superellipse(2)' is a supported value for corner-shape. expected true got false
+FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) straight' assert_true: 'superellipse(0.5) superellipse(3) straight' is a supported value for corner-shape. expected true got false
+FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) superellipse(1)' assert_true: 'superellipse(0.5) superellipse(3) superellipse(1)' is a supported value for corner-shape. expected true got false
+FAIL Property corner-shape value 'bevel superellipse(2) squircle     round' assert_true: 'bevel superellipse(2) squircle     round' is a supported value for corner-shape. expected true got false
+FAIL Property corner-shape value 'superellipse(0.5) superellipse(3) superellipse(1) superellipse(infinity)' assert_true: 'superellipse(0.5) superellipse(3) superellipse(1) superellipse(infinity)' is a supported value for corner-shape. expected true got false
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-valid-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-valid-expected.txt
index 2d186fbd4c99f..2aa63a49d7018 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-valid-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-borders/tentative/parsing/corner-shape-valid-expected.txt
@@ -1,10 +1,10 @@
 
-FAIL e.style['corner-top-left-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-left-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-left-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-left-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-top-left-shape'] = "round" should set the property value
+PASS e.style['corner-top-left-shape'] = "scoop" should set the property value
+PASS e.style['corner-top-left-shape'] = "notch" should set the property value
+PASS e.style['corner-top-left-shape'] = "bevel" should set the property value
 FAIL e.style['corner-top-left-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-left-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-top-left-shape'] = "straight" should set the property value
 FAIL e.style['corner-top-left-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-left-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-left-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -13,12 +13,12 @@ FAIL e.style['corner-top-left-shape'] = "superellipse(  0)" should set the prope
 FAIL e.style['corner-top-left-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-left-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-left-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-right-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-right-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-right-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-right-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-top-right-shape'] = "round" should set the property value
+PASS e.style['corner-top-right-shape'] = "scoop" should set the property value
+PASS e.style['corner-top-right-shape'] = "notch" should set the property value
+PASS e.style['corner-top-right-shape'] = "bevel" should set the property value
 FAIL e.style['corner-top-right-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-top-right-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-top-right-shape'] = "straight" should set the property value
 FAIL e.style['corner-top-right-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-right-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-right-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -27,12 +27,12 @@ FAIL e.style['corner-top-right-shape'] = "superellipse(  0)" should set the prop
 FAIL e.style['corner-top-right-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-right-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-top-right-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-left-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-left-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-left-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-left-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-bottom-left-shape'] = "round" should set the property value
+PASS e.style['corner-bottom-left-shape'] = "scoop" should set the property value
+PASS e.style['corner-bottom-left-shape'] = "notch" should set the property value
+PASS e.style['corner-bottom-left-shape'] = "bevel" should set the property value
 FAIL e.style['corner-bottom-left-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-left-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-bottom-left-shape'] = "straight" should set the property value
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -41,12 +41,12 @@ FAIL e.style['corner-bottom-left-shape'] = "superellipse(  0)" should set the pr
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-left-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-right-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-right-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-right-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-right-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-bottom-right-shape'] = "round" should set the property value
+PASS e.style['corner-bottom-right-shape'] = "scoop" should set the property value
+PASS e.style['corner-bottom-right-shape'] = "notch" should set the property value
+PASS e.style['corner-bottom-right-shape'] = "bevel" should set the property value
 FAIL e.style['corner-bottom-right-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-bottom-right-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-bottom-right-shape'] = "straight" should set the property value
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -55,12 +55,12 @@ FAIL e.style['corner-bottom-right-shape'] = "superellipse(  0)" should set the p
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-bottom-right-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-start-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-start-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-start-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-start-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-start-start-shape'] = "round" should set the property value
+PASS e.style['corner-start-start-shape'] = "scoop" should set the property value
+PASS e.style['corner-start-start-shape'] = "notch" should set the property value
+PASS e.style['corner-start-start-shape'] = "bevel" should set the property value
 FAIL e.style['corner-start-start-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-start-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-start-start-shape'] = "straight" should set the property value
 FAIL e.style['corner-start-start-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-start-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-start-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -69,12 +69,12 @@ FAIL e.style['corner-start-start-shape'] = "superellipse(  0)" should set the pr
 FAIL e.style['corner-start-start-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-start-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-start-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-end-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-end-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-end-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-end-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-start-end-shape'] = "round" should set the property value
+PASS e.style['corner-start-end-shape'] = "scoop" should set the property value
+PASS e.style['corner-start-end-shape'] = "notch" should set the property value
+PASS e.style['corner-start-end-shape'] = "bevel" should set the property value
 FAIL e.style['corner-start-end-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-start-end-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-start-end-shape'] = "straight" should set the property value
 FAIL e.style['corner-start-end-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-end-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-end-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -83,12 +83,12 @@ FAIL e.style['corner-start-end-shape'] = "superellipse(  0)" should set the prop
 FAIL e.style['corner-start-end-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-end-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-start-end-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-start-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-start-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-start-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-start-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-end-start-shape'] = "round" should set the property value
+PASS e.style['corner-end-start-shape'] = "scoop" should set the property value
+PASS e.style['corner-end-start-shape'] = "notch" should set the property value
+PASS e.style['corner-end-start-shape'] = "bevel" should set the property value
 FAIL e.style['corner-end-start-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-start-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-end-start-shape'] = "straight" should set the property value
 FAIL e.style['corner-end-start-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-start-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-start-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -97,12 +97,12 @@ FAIL e.style['corner-end-start-shape'] = "superellipse(  0)" should set the prop
 FAIL e.style['corner-end-start-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-start-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-start-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-end-shape'] = "round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-end-shape'] = "scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-end-shape'] = "notch" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-end-shape'] = "bevel" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-end-end-shape'] = "round" should set the property value
+PASS e.style['corner-end-end-shape'] = "scoop" should set the property value
+PASS e.style['corner-end-end-shape'] = "notch" should set the property value
+PASS e.style['corner-end-end-shape'] = "bevel" should set the property value
 FAIL e.style['corner-end-end-shape'] = "squircle" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-end-end-shape'] = "straight" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-end-end-shape'] = "straight" should set the property value
 FAIL e.style['corner-end-end-shape'] = "superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-end-shape'] = "superellipse(.5)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-end-shape'] = "superellipse(7)" should set the property value assert_not_equals: property should be set got disallowed value ""
@@ -111,9 +111,9 @@ FAIL e.style['corner-end-end-shape'] = "superellipse(  0)" should set the proper
 FAIL e.style['corner-end-end-shape'] = "superellipse(2 )" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-end-shape'] = "superellipse(infinity)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-end-end-shape'] = "superellipse(calc(0.5 * 4))" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-shape'] = "round round round round" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-shape'] = "round scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
-FAIL e.style['corner-shape'] = "round scoop round scoop" should set the property value assert_not_equals: property should be set got disallowed value ""
+PASS e.style['corner-shape'] = "round round round round" should set the property value
+PASS e.style['corner-shape'] = "round scoop" should set the property value
+PASS e.style['corner-shape'] = "round scoop round scoop" should set the property value
 FAIL e.style['corner-shape'] = "bevel superellipse(2)" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-shape'] = "superellipse(0.5) superellipse(3) straight" should set the property value assert_not_equals: property should be set got disallowed value ""
 FAIL e.style['corner-shape'] = "superellipse(0.5) superellipse(3) superellipse(1)" should set the property value assert_not_equals: property should be set got disallowed value ""
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 5a777b92bb4f5..d01daa2aaa313 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -115,6 +115,14 @@ PASS container-type
 PASS content
 PASS content-visibility
 PASS continue
+PASS corner-bottom-left-shape
+PASS corner-bottom-right-shape
+PASS corner-end-end-shape
+PASS corner-end-start-shape
+PASS corner-start-end-shape
+PASS corner-start-start-shape
+PASS corner-top-left-shape
+PASS corner-top-right-shape
 PASS counter-increment
 PASS counter-reset
 PASS counter-set
diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-ui/compute-kind-widget-no-fallback-props-001.html b/LayoutTests/imported/w3c/web-platform-tests/css/css-ui/compute-kind-widget-no-fallback-props-001.html
index a193bee3d9a77..9e41d362c1073 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-ui/compute-kind-widget-no-fallback-props-001.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-ui/compute-kind-widget-no-fallback-props-001.html
@@ -86,6 +86,14 @@
   'border-start-end-radius',
   'border-end-start-radius',
   'border-end-end-radius',
+  'corner-top-left-shape',
+  'corner-top-right-shape',
+  'corner-bottom-left-shape',
+  'corner-bottom-right-shape',
+  'corner-start-start-shape',
+  'corner-start-end-shape',
+  'corner-end-start-shape',
+  'corner-end-end-shape',
 ]);
 
 let mutations = []
diff --git a/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index eb54e0161547c..709b9edf8adb2 100644
--- a/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -115,6 +115,14 @@ PASS container-type
 PASS content
 PASS content-visibility
 PASS continue
+PASS corner-bottom-left-shape
+PASS corner-bottom-right-shape
+PASS corner-end-end-shape
+PASS corner-end-start-shape
+PASS corner-start-end-shape
+PASS corner-start-start-shape
+PASS corner-top-left-shape
+PASS corner-top-right-shape
 PASS counter-increment
 PASS counter-reset
 PASS counter-set
diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
index 8a0b59818c9b7..e651f8fc9b1c4 100644
--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/css/css-cascade/all-prop-initial-xml-expected.txt
@@ -114,6 +114,14 @@ PASS container-type
 PASS content
 PASS content-visibility
 PASS continue
+PASS corner-bottom-left-shape
+PASS corner-bottom-right-shape
+PASS corner-end-end-shape
+PASS corner-end-start-shape
+PASS corner-start-end-shape
+PASS corner-start-start-shape
+PASS corner-top-left-shape
+PASS corner-top-right-shape
 PASS counter-increment
 PASS counter-reset
 PASS counter-set
diff --git a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
index 0140e85691b80..45eb56740d792 100644
--- a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
+++ b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
@@ -1174,6 +1174,20 @@ CSSContrastColorEnabled:
     WebCore:
       default: true
 
+CSSCornerShapeEnabled:
+  type: bool
+  category: css
+  status: testable
+  humanReadableName: "CSS corner-shape property"
+  humanReadableDescription: "Enable support for CSS corner-shape property"
+  defaultValue:
+    WebKitLegacy:
+      default: false
+    WebKit:
+      default: false
+    WebCore:
+      default: false
+
 CSSCounterStyleAtRuleImageSymbolsEnabled:
   type: bool
   status: testable
diff --git a/Source/WebCore/animation/CSSPropertyAnimation.cpp b/Source/WebCore/animation/CSSPropertyAnimation.cpp
index 1ad5824244bba..a3f3b9cb3b66e 100644
--- a/Source/WebCore/animation/CSSPropertyAnimation.cpp
+++ b/Source/WebCore/animation/CSSPropertyAnimation.cpp
@@ -3910,6 +3910,12 @@ CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap()
         new LengthVariantPropertyWrapper<LengthSize>(CSSPropertyBorderTopRightRadius, &RenderStyle::borderTopRightRadius, &RenderStyle::setBorderTopRightRadius),
         new LengthVariantPropertyWrapper<LengthSize>(CSSPropertyBorderBottomLeftRadius, &RenderStyle::borderBottomLeftRadius, &RenderStyle::setBorderBottomLeftRadius),
         new LengthVariantPropertyWrapper<LengthSize>(CSSPropertyBorderBottomRightRadius, &RenderStyle::borderBottomRightRadius, &RenderStyle::setBorderBottomRightRadius),
+
+        new DiscretePropertyWrapper(CSSPropertyCornerTopLeftShape, &RenderStyle::cornerTopLeftShape, &RenderStyle::setCornerTopLeftShape),
+        new DiscretePropertyWrapper(CSSPropertyCornerTopRightShape, &RenderStyle::cornerTopRightShape, &RenderStyle::setCornerTopRightShape),
+        new DiscretePropertyWrapper(CSSPropertyCornerBottomLeftShape, &RenderStyle::cornerBottomLeftShape, &RenderStyle::setCornerBottomLeftShape),
+        new DiscretePropertyWrapper(CSSPropertyCornerBottomRightShape, &RenderStyle::cornerBottomRightShape, &RenderStyle::setCornerBottomRightShape),
+
         new VisibilityWrapper,
         new NonNormalizedDiscretePropertyWrapper<DisplayType>(CSSPropertyDisplay, &RenderStyle::display, &RenderStyle::setDisplay),
 
@@ -4198,6 +4204,7 @@ CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap()
         CSSPropertyBorderSpacing,
         CSSPropertyBlockStep,
         CSSPropertyColumns,
+        CSSPropertyCornerShape,
         CSSPropertyFlex,
         CSSPropertyFlexFlow,
         CSSPropertyGap,
diff --git a/Source/WebCore/css/CSSPrimitiveValueMappings.h b/Source/WebCore/css/CSSPrimitiveValueMappings.h
index 513f724fc3576..c8bf13708daf0 100644
--- a/Source/WebCore/css/CSSPrimitiveValueMappings.h
+++ b/Source/WebCore/css/CSSPrimitiveValueMappings.h
@@ -2193,6 +2193,13 @@ DEFINE_TO_FROM_CSS_VALUE_ID_FUNCTIONS
 #undef TYPE
 #undef FOR_EACH
 
+
+#define TYPE CornerShape
+#define FOR_EACH(CASE) CASE(Round) CASE(Scoop) CASE(Bevel) CASE(Notch) CASE(Straight)
+DEFINE_TO_FROM_CSS_VALUE_ID_FUNCTIONS
+#undef TYPE
+#undef FOR_EACH
+
 #define TYPE DominantBaseline
 #define FOR_EACH(CASE) CASE(Auto) CASE(UseScript) CASE(NoChange) CASE(ResetSize) CASE(Central) \
     CASE(Middle) CASE(TextBeforeEdge) CASE(TextAfterEdge) CASE(Ideographic) CASE(Alphabetic) \
diff --git a/Source/WebCore/css/CSSProperties.json b/Source/WebCore/css/CSSProperties.json
index f18d8b1634dbb..4c216d9da6f43 100644
--- a/Source/WebCore/css/CSSProperties.json
+++ b/Source/WebCore/css/CSSProperties.json
@@ -3825,6 +3825,169 @@
                 "url": "https://www.w3.org/TR/css-content-3/#content-property"
             }
         },
+        "corner-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "longhands": [
+                    "corner-top-left-shape",
+                    "corner-top-right-shape",
+                    "corner-bottom-right-shape",
+                    "corner-bottom-left-shape"
+                ],
+                "disables-native-appearance": true,
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-top-left-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "top-left"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "render-style-initial": "initialCornerShape",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-top-right-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "top-right"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "render-style-initial": "initialCornerShape",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-bottom-left-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "bottom-left"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "render-style-initial": "initialCornerShape",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-bottom-right-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "bottom-right"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "render-style-initial": "initialCornerShape",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-start-start-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "skip-style-builder": true,
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "start-start"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-start-end-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "skip-style-builder": true,
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "start-end"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "parser-exported": true,
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-end-start-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "skip-style-builder": true,
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "end-start"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
+        "corner-end-end-shape": {
+            "animation-type": "discrete",
+            "initial": "round",
+            "codegen-properties": {
+                "skip-style-builder": true,
+                "disables-native-appearance": true,
+                "logical-property-group": {
+                    "name": "corner-shape",
+                    "resolver": "end-end"
+                },
+                "parser-grammar": "<corner-shape-value>",
+                "settings-flag": "cssCornerShapeEnabled"
+            },
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
         "counter-increment": {
             "animation-type": "by computed value",
             "initial": "none",
@@ -12218,6 +12381,11 @@
             "longname": "CSS Backgrounds and Borders Module",
             "url": "https://www.w3.org/TR/css3-background/"
         },
+        "css-borders": {
+            "shortname": "CSS Borders and Box Decorations",
+            "longname": "CSS Borders and Box Decorations Module",
+            "url": "https://drafts.csswg.org/css-borders-4/"
+        },
         "css-box-4": {
             "shortname": "CSS Box 4",
             "longname": "CSS Box Model Module Level 4",
@@ -12989,6 +13157,14 @@
                 "url": "https://www.w3.org/TR/css-animations-1/#typedef-single-animation-play-state"
             }
         },
+        "<corner-shape-value>": {
+            "grammar": "round | scoop | bevel | notch | straight",
+            "exported": true,
+            "specification": {
+                "category": "css-borders",
+                "url": "https://drafts.csswg.org/css-borders-4/#corner-shaping"
+            }
+        },
         "<transition-behavior-value>": {
             "grammar": "normal | allow-discrete",
             "exported": true,
diff --git a/Source/WebCore/css/CSSProperty.h b/Source/WebCore/css/CSSProperty.h
index 99ace36004e67..14ba5550beecf 100644
--- a/Source/WebCore/css/CSSProperty.h
+++ b/Source/WebCore/css/CSSProperty.h
@@ -94,6 +94,7 @@ class CSSProperty {
     static bool isBorderStyleProperty(CSSPropertyID);
     static bool isBorderWidthProperty(CSSPropertyID);
     static bool isContainIntrinsicSizeProperty(CSSPropertyID);
+    static bool isCornerShapeProperty(CSSPropertyID);
     static bool isInsetProperty(CSSPropertyID);
     static bool isMarginProperty(CSSPropertyID);
     static bool isMaxSizeProperty(CSSPropertyID);
diff --git a/Source/WebCore/css/CSSValueKeywords.in b/Source/WebCore/css/CSSValueKeywords.in
index 6e2bb0d0374b0..437d0e0a22105 100644
--- a/Source/WebCore/css/CSSValueKeywords.in
+++ b/Source/WebCore/css/CSSValueKeywords.in
@@ -948,6 +948,15 @@ padding-box
 // text
 -webkit-text
 
+//
+// Corner-shape
+//
+// round
+scoop
+// bevel
+notch
+straight
+
 //
 // CSS_PROP_MASK_CLIP
 //
diff --git a/Source/WebCore/css/ComputedStyleExtractor.cpp b/Source/WebCore/css/ComputedStyleExtractor.cpp
index 1d8fd63048713..1cde5386e54d5 100644
--- a/Source/WebCore/css/ComputedStyleExtractor.cpp
+++ b/Source/WebCore/css/ComputedStyleExtractor.cpp
@@ -4851,6 +4851,16 @@ RefPtr<CSSValue> ComputedStyleExtractor::valueForPropertyInStyle(const RenderSty
             return style.hasAutoColumnCount() ? CSSPrimitiveValue::create(CSSValueAuto) : CSSPrimitiveValue::create(style.columnCount());
         return getCSSPropertyValuesForShorthandProperties(columnsShorthand());
     }
+    case CSSPropertyCornerShape:
+        return getCSSPropertyValuesFor4SidesShorthand(cornerShapeShorthand());
+    case CSSPropertyCornerTopLeftShape:
+        return createConvertingToCSSValueID(style.cornerTopLeftShape());
+    case CSSPropertyCornerTopRightShape:
+        return createConvertingToCSSValueID(style.cornerTopRightShape());
+    case CSSPropertyCornerBottomRightShape:
+        return createConvertingToCSSValueID(style.cornerBottomRightShape());
+    case CSSPropertyCornerBottomLeftShape:
+        return createConvertingToCSSValueID(style.cornerBottomLeftShape());
     case CSSPropertyInset:
         return getCSSPropertyValuesFor4SidesShorthand(insetShorthand());
     case CSSPropertyInsetBlock:
@@ -5044,6 +5054,10 @@ RefPtr<CSSValue> ComputedStyleExtractor::valueForPropertyInStyle(const RenderSty
     case CSSPropertyBorderInlineStartWidth:
     case CSSPropertyBorderStartEndRadius:
     case CSSPropertyBorderStartStartRadius:
+    case CSSPropertyCornerEndEndShape:
+    case CSSPropertyCornerEndStartShape:
+    case CSSPropertyCornerStartEndShape:
+    case CSSPropertyCornerStartStartShape:
     case CSSPropertyInsetBlockEnd:
     case CSSPropertyInsetBlockStart:
     case CSSPropertyInsetInlineEnd:
diff --git a/Source/WebCore/css/ShorthandSerializer.cpp b/Source/WebCore/css/ShorthandSerializer.cpp
index 6d80b3a8cff7e..1aa1283f5306a 100644
--- a/Source/WebCore/css/ShorthandSerializer.cpp
+++ b/Source/WebCore/css/ShorthandSerializer.cpp
@@ -360,6 +360,7 @@ String ShorthandSerializer::serialize()
     case CSSPropertyBorderColor:
     case CSSPropertyBorderStyle:
     case CSSPropertyBorderWidth:
+    case CSSPropertyCornerShape:
     case CSSPropertyInset:
     case CSSPropertyMargin:
     case CSSPropertyPadding:
diff --git a/Source/WebCore/css/parser/CSSPropertyParser.cpp b/Source/WebCore/css/parser/CSSPropertyParser.cpp
index 043d2348f3147..2518ee9904a73 100644
--- a/Source/WebCore/css/parser/CSSPropertyParser.cpp
+++ b/Source/WebCore/css/parser/CSSPropertyParser.cpp
@@ -3156,6 +3156,8 @@ bool CSSPropertyParser::parseShorthand(CSSPropertyID property, bool important)
             addProperty(longhand, CSSPropertyBorder, nullptr, important);
         return true;
     }
+    case CSSPropertyCornerShape:
+        return consume4ValueShorthand(cornerShapeShorthand(), important);
     case CSSPropertyBorderImage:
     case CSSPropertyWebkitBorderImage:
     case CSSPropertyWebkitMaskBoxImage:
diff --git a/Source/WebCore/rendering/style/BorderData.cpp b/Source/WebCore/rendering/style/BorderData.cpp
index 49c3f779d5fc2..dd6d585f0b1ef 100644
--- a/Source/WebCore/rendering/style/BorderData.cpp
+++ b/Source/WebCore/rendering/style/BorderData.cpp
@@ -72,6 +72,15 @@ void BorderData::dump(TextStream& ts, DumpStyleValues behavior) const
     if (behavior == DumpStyleValues::All || bottom() != BorderValue())
         ts.dumpProperty("bottom", bottom());
 
+    if (behavior == DumpStyleValues::All || topLeftCornerShape() != CornerShape::Round)
+        ts.dumpProperty("top-left corner shape", topLeftCornerShape());
+    if (behavior == DumpStyleValues::All || topRightCornerShape() != CornerShape::Round)
+        ts.dumpProperty("top-right corner shape", topRightCornerShape());
+    if (behavior == DumpStyleValues::All || bottomLeftCornerShape() != CornerShape::Round)
+        ts.dumpProperty("bottom-left corner shape", bottomLeftCornerShape());
+    if (behavior == DumpStyleValues::All || bottomRightCornerShape() != CornerShape::Round)
+        ts.dumpProperty("bottom-right corner shape", bottomRightCornerShape());
+
     ts.dumpProperty("image", image());
 
     if (behavior == DumpStyleValues::All || !topLeftRadius().isZero())
diff --git a/Source/WebCore/rendering/style/BorderData.h b/Source/WebCore/rendering/style/BorderData.h
index 24e5499c527a2..84eee35d11dbf 100644
--- a/Source/WebCore/rendering/style/BorderData.h
+++ b/Source/WebCore/rendering/style/BorderData.h
@@ -119,6 +119,11 @@ friend class RenderStyle;
     const BorderValue& top() const { return m_top; }
     const BorderValue& bottom() const { return m_bottom; }
 
+    CornerShape topLeftCornerShape() const { return m_topLeftCornerShape; }
+    CornerShape topRightCornerShape() const { return m_topRightCornerShape; }
+    CornerShape bottomLeftCornerShape() const { return m_bottomLeftCornerShape; }
+    CornerShape bottomRightCornerShape() const { return m_bottomRightCornerShape; }
+
     const NinePieceImage& image() const { return m_image; }
 
     const LengthSize& topLeftRadius() const { return m_radii.topLeft; }
@@ -134,6 +139,11 @@ friend class RenderStyle;
     BorderValue m_top;
     BorderValue m_bottom;
 
+    CornerShape m_topLeftCornerShape : 3 { CornerShape::Round };
+    CornerShape m_topRightCornerShape : 3 { CornerShape::Round };
+    CornerShape m_bottomLeftCornerShape : 3 { CornerShape::Round };
+    CornerShape m_bottomRightCornerShape : 3 { CornerShape::Round };
+
     NinePieceImage m_image;
 
     Radii m_radii;
diff --git a/Source/WebCore/rendering/style/RenderStyle.cpp b/Source/WebCore/rendering/style/RenderStyle.cpp
index ee6e1cfefaa91..c0cc84121d50b 100644
--- a/Source/WebCore/rendering/style/RenderStyle.cpp
+++ b/Source/WebCore/rendering/style/RenderStyle.cpp
@@ -1747,6 +1747,15 @@ void RenderStyle::conservativelyCollectChangedAnimatableProperties(const RenderS
                 changingProperties.m_properties.set(CSSPropertyBorderBottomLeftRadius);
             if (first.border.bottomRightRadius() != second.border.bottomRightRadius())
                 changingProperties.m_properties.set(CSSPropertyBorderBottomRightRadius);
+
+            if (first.border.topLeftCornerShape() != second.border.topLeftCornerShape())
+                changingProperties.m_properties.set(CSSPropertyCornerTopLeftShape);
+            if (first.border.topRightCornerShape() != second.border.topRightCornerShape())
+                changingProperties.m_properties.set(CSSPropertyCornerTopRightShape);
+            if (first.border.bottomLeftCornerShape() != second.border.bottomLeftCornerShape())
+                changingProperties.m_properties.set(CSSPropertyCornerBottomLeftShape);
+            if (first.border.bottomRightCornerShape() != second.border.bottomRightCornerShape())
+                changingProperties.m_properties.set(CSSPropertyCornerBottomRightShape);
         }
 
         // Non animated styles are followings.
diff --git a/Source/WebCore/rendering/style/RenderStyle.h b/Source/WebCore/rendering/style/RenderStyle.h
index 386afc2254e11..7febf67a96c02 100644
--- a/Source/WebCore/rendering/style/RenderStyle.h
+++ b/Source/WebCore/rendering/style/RenderStyle.h
@@ -146,6 +146,7 @@ enum class Containment : uint8_t;
 enum class ContentDistribution : uint8_t;
 enum class ContentPosition : uint8_t;
 enum class ContentVisibility : uint8_t;
+enum class CornerShape : uint8_t;
 enum class CursorType : uint8_t;
 enum class CursorVisibility : bool;
 enum class DisplayType : uint8_t;
@@ -548,6 +549,16 @@ class RenderStyle final : public CanMakeCheckedPtr<RenderStyle> {
 
     inline bool borderIsEquivalentForPainting(const RenderStyle&) const;
 
+    inline CornerShape cornerBottomLeftShape() const;
+    inline CornerShape cornerBottomRightShape() const;
+    inline CornerShape cornerTopLeftShape() const;
+    inline CornerShape cornerTopRightShape() const;
+
+    void setCornerBottomLeftShape(CornerShape);
+    void setCornerBottomRightShape(CornerShape);
+    void setCornerTopLeftShape(CornerShape);
+    void setCornerTopRightShape(CornerShape);
+
     float outlineSize() const { return std::max<float>(0, outlineWidth() + outlineOffset()); }
     float outlineWidth() const;
     inline bool hasOutline() const;
@@ -1934,6 +1945,7 @@ class RenderStyle final : public CanMakeCheckedPtr<RenderStyle> {
     static constexpr BorderStyle initialBorderStyle();
     static constexpr OutlineIsAuto initialOutlineStyleIsAuto();
     static inline LengthSize initialBorderRadius();
+    static constexpr CornerShape initialCornerShape();
     static constexpr CaptionSide initialCaptionSide();
     static constexpr ColumnAxis initialColumnAxis();
     static constexpr ColumnProgression initialColumnProgression();
diff --git a/Source/WebCore/rendering/style/RenderStyleConstants.cpp b/Source/WebCore/rendering/style/RenderStyleConstants.cpp
index b636067b092ca..e0f6337ad250b 100644
--- a/Source/WebCore/rendering/style/RenderStyleConstants.cpp
+++ b/Source/WebCore/rendering/style/RenderStyleConstants.cpp
@@ -396,6 +396,18 @@ TextStream& operator<<(TextStream& ts, ContentVisibility contentVisibility)
     return ts;
 }
 
+TextStream& operator<<(TextStream& ts, CornerShape shape)
+{
+    switch (shape) {
+    case CornerShape::Round: ts << "round"; break;
+    case CornerShape::Scoop: ts << "scoop"; break;
+    case CornerShape::Bevel: ts << "bevel"; break;
+    case CornerShape::Notch: ts << "notch"; break;
+    case CornerShape::Straight: ts << "straight"; break;
+    }
+    return ts;
+}
+
 TextStream& operator<<(TextStream& ts, CursorType cursor)
 {
     switch (cursor) {
diff --git a/Source/WebCore/rendering/style/RenderStyleConstants.h b/Source/WebCore/rendering/style/RenderStyleConstants.h
index 8b8afe7a1ce88..848ff54edfefc 100644
--- a/Source/WebCore/rendering/style/RenderStyleConstants.h
+++ b/Source/WebCore/rendering/style/RenderStyleConstants.h
@@ -242,6 +242,14 @@ enum class BorderPrecedence : uint8_t {
     Cell
 };
 
+enum class CornerShape : uint8_t {
+    Round,
+    Scoop,
+    Bevel,
+    Notch,
+    Straight,
+};
+
 enum class OutlineIsAuto : bool {
     Off,
     On
@@ -1264,6 +1272,7 @@ WTF::TextStream& operator<<(WTF::TextStream&, ColumnSpan);
 WTF::TextStream& operator<<(WTF::TextStream&, ContentDistribution);
 WTF::TextStream& operator<<(WTF::TextStream&, ContentPosition);
 WTF::TextStream& operator<<(WTF::TextStream&, ContentVisibility);
+WTF::TextStream& operator<<(WTF::TextStream&, CornerShape);
 WTF::TextStream& operator<<(WTF::TextStream&, CursorType);
 #if ENABLE(CURSOR_VISIBILITY)
 WTF::TextStream& operator<<(WTF::TextStream&, CursorVisibility);
diff --git a/Source/WebCore/rendering/style/RenderStyleInlines.h b/Source/WebCore/rendering/style/RenderStyleInlines.h
index 3af5b324650b3..265b19d5f337a 100644
--- a/Source/WebCore/rendering/style/RenderStyleInlines.h
+++ b/Source/WebCore/rendering/style/RenderStyleInlines.h
@@ -395,6 +395,7 @@ constexpr ContainerType RenderStyle::initialContainerType() { return ContainerTy
 constexpr OptionSet<Containment> RenderStyle::initialContainment() { return { }; }
 constexpr StyleContentAlignmentData RenderStyle::initialContentAlignment() { return { }; }
 constexpr ContentVisibility RenderStyle::initialContentVisibility() { return ContentVisibility::Visible; }
+constexpr CornerShape RenderStyle::initialCornerShape() { return CornerShape::Round; }
 constexpr CursorType RenderStyle::initialCursor() { return CursorType::Auto; }
 constexpr StyleSelfAlignmentData RenderStyle::initialDefaultAlignment() { return { ItemPosition::Normal, OverflowAlignment::Default }; }
 constexpr TextDirection RenderStyle::initialDirection() { return TextDirection::LTR; }
@@ -819,6 +820,11 @@ inline float RenderStyle::zoom() const { return m_nonInheritedData->rareData->zo
 
 inline bool RenderStyle::nativeAppearanceDisabled() const { return m_nonInheritedData->rareData->nativeAppearanceDisabled; }
 
+inline CornerShape RenderStyle::cornerBottomLeftShape() const { return border().bottomLeftCornerShape(); }
+inline CornerShape RenderStyle::cornerBottomRightShape() const { return border().bottomRightCornerShape(); }
+inline CornerShape RenderStyle::cornerTopLeftShape() const { return border().topLeftCornerShape(); }
+inline CornerShape RenderStyle::cornerTopRightShape() const { return border().topRightCornerShape(); }
+
 // ignore non-standard ::-webkit-scrollbar when standard properties are in use
 inline bool RenderStyle::usesStandardScrollbarStyle() const { return scrollbarWidth() != ScrollbarWidth::Auto || scrollbarColor().has_value(); }
 inline bool RenderStyle::usesLegacyScrollbarStyle() const { return hasPseudoStyle(PseudoId::WebKitScrollbar) && !usesStandardScrollbarStyle(); }
diff --git a/Source/WebCore/rendering/style/RenderStyleSetters.h b/Source/WebCore/rendering/style/RenderStyleSetters.h
index 938fc9698c700..6e9e479444f5d 100644
--- a/Source/WebCore/rendering/style/RenderStyleSetters.h
+++ b/Source/WebCore/rendering/style/RenderStyleSetters.h
@@ -361,6 +361,11 @@ inline void RenderStyle::setVisitedLinkTextStrokeColor(const Style::Color& value
 inline void RenderStyle::setWidth(Length&& length) { SET_NESTED(m_nonInheritedData, boxData, m_width, WTFMove(length)); }
 inline void RenderStyle::setWordBreak(WordBreak rule) { SET(m_rareInheritedData, wordBreak, static_cast<unsigned>(rule)); }
 
+inline void RenderStyle::setCornerBottomLeftShape(CornerShape shape) { SET_NESTED(m_nonInheritedData, surroundData, border.m_bottomLeftCornerShape, shape); }
+inline void RenderStyle::setCornerBottomRightShape(CornerShape shape) { SET_NESTED(m_nonInheritedData, surroundData, border.m_bottomRightCornerShape, shape); }
+inline void RenderStyle::setCornerTopLeftShape(CornerShape shape) { SET_NESTED(m_nonInheritedData, surroundData, border.m_topLeftCornerShape, shape); }
+inline void RenderStyle::setCornerTopRightShape(CornerShape shape) { SET_NESTED(m_nonInheritedData, surroundData, border.m_topRightCornerShape, shape); }
+
 inline void RenderStyle::setNativeAppearanceDisabled(bool value) { SET_NESTED(m_nonInheritedData, rareData, nativeAppearanceDisabled, value); }
 
 #if ENABLE(APPLE_PAY)

From 734c49b3d075dcc33f56becf3bde8aca5245b719 Mon Sep 17 00:00:00 2001
From: Basuke Suzuki <basuke@apple.com>
Date: Mon, 24 Feb 2025 09:00:53 -0800
Subject: [PATCH 133/174] Fix flaky crash in ResourceMonitor.
 https://bugs.webkit.org/show_bug.cgi?id=288357 rdar://145427232

Reviewed by Chris Dumez.

In ResourceMonitor.cpp, a macro to produce RELEASE_LOG is defined and m_frame weak ptr is used without checking.

Add check before calling that macro.

* Source/WebCore/loader/ResourceMonitor.cpp:
(WebCore::ResourceMonitor::setEligibility):
(WebCore::ResourceMonitor::addNetworkUsage):
(WebCore::ResourceMonitor::updateNetworkUsageThreshold):
* Source/WebCore/loader/ResourceMonitorChecker.cpp:
(WebCore::ResourceMonitorChecker::setNetworkUsageThreshold):

Canonical link: https://commits.webkit.org/290954@main
---
 Source/WebCore/loader/ResourceMonitor.cpp        | 2 +-
 Source/WebCore/loader/ResourceMonitorChecker.cpp | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/Source/WebCore/loader/ResourceMonitor.cpp b/Source/WebCore/loader/ResourceMonitor.cpp
index c2d920c6a9030..3624e8d04885d 100644
--- a/Source/WebCore/loader/ResourceMonitor.cpp
+++ b/Source/WebCore/loader/ResourceMonitor.cpp
@@ -41,7 +41,7 @@ namespace WebCore {
 
 #if ENABLE(CONTENT_EXTENSIONS)
 
-#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG(ResourceMonitoring, "ResourceMonitor(frame %" PRIu64 ")::" fmt, m_frame->frameID().object().toUInt64(), ##__VA_ARGS__)
+#define RESOURCEMONITOR_RELEASE_LOG(fmt, ...) RELEASE_LOG_IF(m_frame, ResourceMonitoring, "ResourceMonitor(frame %" PRIu64 ")::" fmt, m_frame->frameID().object().toUInt64(), ##__VA_ARGS__)
 
 Ref<ResourceMonitor> ResourceMonitor::create(LocalFrame& frame)
 {
diff --git a/Source/WebCore/loader/ResourceMonitorChecker.cpp b/Source/WebCore/loader/ResourceMonitorChecker.cpp
index 1b0f0703f0284..4bdf0227efcf4 100644
--- a/Source/WebCore/loader/ResourceMonitorChecker.cpp
+++ b/Source/WebCore/loader/ResourceMonitorChecker.cpp
@@ -159,9 +159,8 @@ void ResourceMonitorChecker::setNetworkUsageThreshold(size_t threshold, double r
     m_networkUsageThreshold = threshold;
     m_networkUsageThresholdRandomness = randomness;
 
-    m_resourceMonitors.forEach([this](auto& resourceMonitor) {
-        resourceMonitor.updateNetworkUsageThreshold(networkUsageThresholdWithNoise());
-    });
+    for (auto& resourceMonitor : copyToVectorOf<Ref<ResourceMonitor>>(m_resourceMonitors))
+        resourceMonitor->updateNetworkUsageThreshold(networkUsageThresholdWithNoise());
 }
 
 } // namespace WebCore

From 3cf9276ea2b718b25c64de8f7de9a909ceeff038 Mon Sep 17 00:00:00 2001
From: Ahmad Saleem <ahmad.saleem792+github@gmail.com>
Date: Mon, 24 Feb 2025 09:22:21 -0800
Subject: [PATCH 134/174] TransformationMatrix::inverse should use
 multiplication instead of division

https://bugs.webkit.org/show_bug.cgi?id=288228
rdar://145315926

Reviewed by Simon Fraser.

Merge: https://chromium.googlesource.com/chromium/src/+/97e30b35dd6b89ee97f08cf467c80df5d3369fa5

This is just merge of potential performance optimization since multiplication is faster compared
to division on certain platforms.

* Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp:
(WebCore::inverse):

Canonical link: https://commits.webkit.org/290955@main
---
 .../platform/graphics/transforms/TransformationMatrix.cpp    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp b/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp
index 0ce45399e18a8..5b76ee3636bcb 100644
--- a/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp
+++ b/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2005-2025 Apple Inc.  All rights reserved.
- * Copyright (C) 2020 Google Inc.  All rights reserved.
+ * Copyright (C) 2016-2020 Google Inc.  All rights reserved.
  * Copyright (C) 2009 Torch Mobile, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -220,10 +220,11 @@ static bool inverse(const TransformationMatrix::Matrix4& matrix, TransformationM
         return false;
 
     // Scale the adjoint matrix to get the inverse
+    double inverseDeterminant = 1 / determinant;
 
     for (int i = 0; i < 4; i++)
         for (int j = 0; j < 4; j++)
-            result[i][j] = result[i][j] / determinant;
+            result[i][j] = result[i][j] * inverseDeterminant;
 
     return true;
 }

From 41e8735376853d0611d0291cdd7147346d0ff0e1 Mon Sep 17 00:00:00 2001
From: Ben Schwartz <ben_schwartz@apple.com>
Date: Mon, 24 Feb 2025 10:08:28 -0800
Subject: [PATCH 135/174] Remove mac-ventura* platform folders, Ventura/+ test
 expectations. https://bugs.webkit.org/show_bug.cgi?id=288208 rdar://145303446

Reviewed by Alexey Proskuryakov.

Because WebKit has deprecated building and testing on macOS Ventura, we no
longer have a need for layout test baselines and expectations that are
Ventura-specific.

This PR removes Ventura-specific layout test expectations and baseline folders
and audits expectations that were marked Ventura+.

* LayoutTests/platform/mac-ventura-wk1/TestExpectations: Removed.
* LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/composited-iframe-with-fixed-background-doc-repaint-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-scroll-repaint-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/inserting/caret-position-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/anchor-element-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attrib-string-colors-with-color-filter-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attribute-string-for-copy-with-color-filter-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-3-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-4-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-5-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-with-color-filter-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/basic-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/comment-cdata-section-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-size-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-style-variant-effect-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-weight-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/letter-spacing-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/text-decorations-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/vertical-align-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/input/caret-primary-bidi-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-plain-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-styled-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/selection/5825350-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/editing/selection/mixed-editability-10-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/fast/forms/datalist/datalist-textinput-appearance-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/fast/replaced/replaced-breaking-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/css/css-tables/border-writing-mode-dynamic-001-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/TestExpectations: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/backing/inline-block-no-backing-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/backing/whitespace-nodes-no-backing-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/fixed-image-loading-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-scaled-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/tiling/huge-layer-img-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/dynamic/layer-hit-test-crash-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/forms/datalist/datalist-textinput-appearance-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/forms/time/time-input-rendering-basic-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/repaint/4776765-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/repaint/placeholder-after-caps-lock-hidden-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/fast/scrolling/mac/scrollbars/scrollbars-controller-type-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-offscreen-webgl-full-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-webgl-full-expected.txt: Removed.
* LayoutTests/platform/mac-ventura-wk2/scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-overflow-in-iframe-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/TestExpectations: Removed.
* LayoutTests/platform/mac-ventura/accessibility/datetime/input-datetime-local-label-value-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/accessibility/datetime/input-time-label-value-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/css2.1/t09-c5526c-display-00-e-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/css3/filters/composited-during-animation-layertree-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/caret/caret-position-sideways-lr-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/caret/caret-position-vertical-rl-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-background-expected.html: Removed.
* LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-expected.html: Removed.
* LayoutTests/platform/mac-ventura/editing/caret/insert-paragraph-does-not-paint-stale-carets-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-contenteditable-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-input-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/input/editable-container-with-word-wrap-normal-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/inserting/before-after-input-element-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/inserting/multiple-lines-selected-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/pasteboard/4806874-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/pasteboard/input-field-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/pasteboard/interchange-newline-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/3690703-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/3690703-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/3690719-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/4895428-3-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/4975120-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/block-cursor-overtype-mode-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/drag-select-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/internal-caret-rect-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/select-from-textfield-outwards-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/editing/selection/simple-line-layout-caret-is-gone-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/block/basic/minheight-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/block/margin-collapse/103-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/clip/outline-overflowClip-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/css/002-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/css/focus-ring-exists-for-search-field-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/css/line-height-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/css/rtl-ordering-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/css/text-overflow-input-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/events/context-no-deselect-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/hide-auto-fill-strong-password-viewable-treatment-when-form-is-reset-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-auto-fill-button-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-credit-card-auto-fill-button-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-strong-password-viewable-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/basic-inputs-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/box-shadow-override-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/control-restrict-line-height-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/cursor-at-editable-content-boundary-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/datalist/datalist-searchinput-appearance-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/encoding-test-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/fieldset-align-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/form-element-geometry-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-align-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-bkcolor-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-default-bkcolor-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-focus-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-height-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-preventDefault-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-selection-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-up-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-visibility-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-appearance-width-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-baseline-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-disabled-color-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-double-click-selection-gap-bug-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-3-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-spaces-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-table-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-click-inside-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-click-outside-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-double-click-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-drag-down-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-option-delete-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-scroll-left-on-blur-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-self-emptying-click-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-text-word-wrap-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-type-text-min-width-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-value-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/input-width-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/listbox-bidi-align-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/minWidthPercent-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-rtl-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-layer-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/placeholder-position-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/placeholder-pseudo-style-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-cancel-button-style-sharing-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-display-none-cancel-button-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-input-rtl-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-rtl-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-styled-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search-vertical-alignment-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search/search-padding-cancel-results-buttons-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/search/search-size-with-decorations-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/select-visual-hebrew-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/select-writing-direction-natural-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/tabbing-input-iframe-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/text-control-intrinsic-widths-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/textfield-focus-ring-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/textfield-outline-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/textfield-overflow-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/forms/visual-hebrew-text-field-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/frames/take-focus-from-iframe-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/html/details-no-summary4-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/html/details-open-javascript-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/html/details-open2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/html/details-open4-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/invalid/008-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/lists/dynamic-marker-crash-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/overflow/003-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/overflow/overflow-focus-ring-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/repaint/search-field-cancel-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/repaint/subtree-root-skipped-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-mixture-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/table/003-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/table/colspanMinWidth-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/table/spanOverlapRepaint-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/table/text-field-baseline-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/basic/generic-family-reset-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/linedash-COLR-expected-mismatch.html: Removed.
* LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-COLR-expected.html: Removed.
* LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-COLR-expected.html: Removed.
* LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-ctm-COLR-expected.html: Removed.
* LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-gradient-COLR-expected.html: Removed.
* LayoutTests/platform/mac-ventura/fast/text/drawBidiText-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-atsui-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/international/bidi-menulist-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/text/resources/Ahem-COLR.ttf: Removed.
* LayoutTests/platform/mac-ventura/fast/text/textIteratorNilRenderer-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/transforms/transformed-focused-text-input-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/fast/url/url-hostname-encoding-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/http/tests/navigation/javascriptlink-frames-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/http/wpt/mediarecorder/mimeType-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/rendering/widgets/field-sizing-input-text-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/url/toascii.window-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/xhr/open-method-case-sensitive-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/media/media-can-play-h265-video-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/media/media-can-play-mpeg4-video-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/media/media-can-play-wav-audio-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/media/video-source-type-params-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/printing/print-with-media-query-destory-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/scrollbars/overflow-scrollbar-combinations-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/svg/custom/inline-svg-in-xhtml-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/svg/custom/svg-fonts-in-html-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/svg/hixie/mixed/003-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug1188-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug12384-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug18359-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug24200-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-3-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-4-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug28928-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4382-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4527-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-2-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug51037-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug55545-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug59354-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug7342-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug96334-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug99948-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/dom/tableDom-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla/other/move_row-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug2479-5-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug92647-1-expected.txt: Removed.
* LayoutTests/platform/mac-ventura/transforms/3d/general/perspective-non-layer-expected.txt: Removed.
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* LayoutTests/platform/mac/TestExpectations:

Canonical link: https://commits.webkit.org/290956@main
---
 .../platform/mac-ventura-wk1/TestExpectations |    7 -
 ...-fixed-background-doc-repaint-expected.txt |   29 -
 ...ositing-iframe-scroll-repaint-expected.txt |   64 -
 ...-fixed-background-doc-repaint-expected.txt |   68 -
 .../inserting/caret-position-expected.txt     |   26 -
 .../anchor-element-expected.txt               |   40 -
 ...ring-colors-with-color-filter-expected.txt |   54 -
 ...ng-for-copy-with-color-filter-expected.txt |   33 -
 ...ng-across-shadow-boundaries-1-expected.txt |   42 -
 ...ng-across-shadow-boundaries-2-expected.txt |   37 -
 ...ng-across-shadow-boundaries-3-expected.txt |   37 -
 ...ng-across-shadow-boundaries-4-expected.txt |   37 -
 ...ng-across-shadow-boundaries-5-expected.txt |   42 -
 ...hadow-boundaries-with-style-1-expected.txt |   43 -
 ...hadow-boundaries-with-style-2-expected.txt |   44 -
 .../attributed-string-for-typing-expected.txt |   43 -
 ...-for-typing-with-color-filter-expected.txt |   44 -
 .../mac/attributed-string/basic-expected.txt  |  101 --
 .../comment-cdata-section-expected.txt        |   32 -
 .../attributed-string/font-size-expected.txt  |  126 --
 .../font-style-variant-effect-expected.txt    |   51 -
 .../font-weight-expected.txt                  |  126 --
 .../letter-spacing-expected.txt               |   37 -
 .../text-decorations-expected.txt             |   51 -
 .../vertical-align-expected.txt               |   75 -
 .../mac/input/caret-primary-bidi-expected.txt |   87 --
 ...strectforcharacterrange-plain-expected.txt |   17 -
 ...trectforcharacterrange-styled-expected.txt |   17 -
 .../editing/selection/5825350-2-expected.txt  |    3 -
 .../mixed-editability-10-expected.txt         |   25 -
 ...datalist-textinput-appearance-expected.txt |   10 -
 .../replaced/replaced-breaking-expected.txt   |   78 --
 ...rder-writing-mode-dynamic-001-expected.txt |    7 -
 .../mime-types/canPlayType-expected.txt       |   62 -
 .../platform/mac-ventura-wk2/TestExpectations |   80 --
 .../inline-block-no-backing-expected.txt      |   72 -
 .../whitespace-nodes-no-backing-expected.txt  |  112 --
 .../fixed-image-loading-expected.txt          |   23 -
 .../hidpi-image-backing-store-expected.txt    |   23 -
 ...pi-image-backing-store-scaled-expected.txt |   23 -
 .../tiling/huge-layer-img-expected.txt        |   18 -
 ...sibility-image-layers-dynamic-expected.txt |  160 ---
 .../dynamic/layer-hit-test-crash-expected.txt |   18 -
 ...datalist-textinput-appearance-expected.txt |   12 -
 .../time-input-rendering-basic-expected.txt   |   48 -
 .../fast/repaint/4776765-expected.txt         |   14 -
 ...holder-after-caps-lock-hidden-expected.txt |   20 -
 .../scrollbars-controller-type-expected.txt   |   10 -
 ...ecording-offscreen-webgl-full-expected.txt |  998 --------------
 .../canvas/recording-webgl-full-expected.txt  |  998 --------------
 ...kground-in-overflow-in-iframe-expected.txt |   17 -
 .../platform/mac-ventura/TestExpectations     |   45 -
 ...ut-datetime-local-label-value-expected.txt |   27 -
 .../input-time-label-value-expected.txt       |   27 -
 .../t09-c5526c-display-00-e-expected.txt      |   68 -
 ...ed-during-animation-layertree-expected.txt |   33 -
 .../caret-position-sideways-lr-expected.txt   |   26 -
 .../caret-position-vertical-rl-expected.txt   |   26 -
 ...n-inside-editable-background-expected.html |    4 -
 .../color-span-inside-editable-expected.html  |    4 -
 ...h-does-not-paint-stale-carets-expected.txt |    6 -
 ...t-the-edge-of-contenteditable-expected.txt |   14 -
 .../caret-at-the-edge-of-input-expected.txt   |   17 -
 ...ntainer-with-word-wrap-normal-expected.txt |   16 -
 .../before-after-input-element-expected.txt   |   27 -
 .../multiple-lines-selected-expected.txt      |   28 -
 .../editing/pasteboard/4806874-expected.txt   |   18 -
 .../pasteboard/input-field-1-expected.txt     |   32 -
 .../interchange-newline-2-expected.txt        |   17 -
 .../editing/selection/3690703-2-expected.txt  |  152 ---
 .../editing/selection/3690703-expected.txt    |  154 ---
 .../editing/selection/3690719-expected.txt    |  146 --
 .../editing/selection/4895428-3-expected.txt  |   26 -
 .../editing/selection/4975120-expected.txt    |   28 -
 .../block-cursor-overtype-mode-expected.txt   |  156 ---
 .../caret-in-empty-inline-1-expected.txt      |   13 -
 .../caret-in-empty-inline-2-expected.txt      |   13 -
 .../selection/drag-select-1-expected.txt      |   21 -
 .../internal-caret-rect-expected.txt          |   29 -
 ...elect-from-textfield-outwards-expected.txt |   52 -
 ...ple-line-layout-caret-is-gone-expected.txt |    1 -
 .../fast/block/basic/minheight-expected.txt   |   26 -
 .../block/margin-collapse/103-expected.txt    |  183 ---
 .../clip/outline-overflowClip-expected.txt    |   20 -
 .../mac-ventura/fast/css/002-expected.txt     |   15 -
 ...-ring-exists-for-search-field-expected.txt |   19 -
 .../fast/css/line-height-expected.txt         |   24 -
 .../fast/css/rtl-ordering-expected.txt        |   46 -
 .../fast/css/text-overflow-input-expected.txt |  360 -----
 .../events/context-no-deselect-expected.txt   |   14 -
 ...-treatment-when-form-is-reset-expected.txt |   18 -
 .../input-auto-fill-button-expected.txt       |   41 -
 ...put-contacts-auto-fill-button-expected.txt |   57 -
 ...-credit-card-auto-fill-button-expected.txt |   44 -
 ...nput-strong-password-viewable-expected.txt |   64 -
 .../fast/forms/basic-inputs-expected.txt      |   88 --
 .../forms/box-shadow-override-expected.txt    |   83 --
 .../control-restrict-line-height-expected.txt |   28 -
 ...-at-editable-content-boundary-expected.txt |   10 -
 ...talist-searchinput-appearance-expected.txt |   14 -
 .../fast/forms/encoding-test-expected.txt     |   13 -
 .../fast/forms/fieldset-align-expected.txt    |  181 ---
 .../forms/form-element-geometry-expected.txt  |  261 ----
 .../fast/forms/input-align-expected.txt       |   39 -
 .../input-appearance-bkcolor-expected.txt     |   18 -
 ...ut-appearance-default-bkcolor-expected.txt |   14 -
 .../forms/input-appearance-focus-expected.txt |   35 -
 .../input-appearance-height-expected.txt      |   97 --
 ...put-appearance-preventDefault-expected.txt |   21 -
 .../input-appearance-selection-expected.txt   |   82 --
 .../input-appearance-spinbutton-expected.txt  |  207 ---
 ...nput-appearance-spinbutton-up-expected.txt |   22 -
 .../input-appearance-visibility-expected.txt  |   17 -
 .../forms/input-appearance-width-expected.txt |   36 -
 .../fast/forms/input-baseline-expected.txt    |   21 -
 .../forms/input-disabled-color-expected.txt   |  190 ---
 ...ouble-click-selection-gap-bug-expected.txt |   31 -
 ...nput-placeholder-visibility-1-expected.txt |   19 -
 ...nput-placeholder-visibility-3-expected.txt |   20 -
 .../fast/forms/input-spaces-expected.txt      |   15 -
 .../fast/forms/input-table-expected.txt       |   98 --
 .../input-text-click-inside-expected.txt      |   14 -
 .../input-text-click-outside-expected.txt     |   14 -
 .../input-text-double-click-expected.txt      |   17 -
 .../forms/input-text-drag-down-expected.txt   |   17 -
 .../input-text-option-delete-expected.txt     |   16 -
 ...nput-text-scroll-left-on-blur-expected.txt |   61 -
 ...nput-text-self-emptying-click-expected.txt |   15 -
 .../forms/input-text-word-wrap-expected.txt   |   20 -
 .../input-type-text-min-width-expected.txt    |   15 -
 .../fast/forms/input-value-expected.txt       |  225 ---
 .../fast/forms/input-width-expected.txt       |    9 -
 .../forms/listbox-bidi-align-expected.txt     |   74 -
 .../fast/forms/minWidthPercent-expected.txt   |   16 -
 .../number/number-appearance-rtl-expected.txt |   97 --
 ...-spinbutton-disabled-readonly-expected.txt |   48 -
 ...r-appearance-spinbutton-layer-expected.txt |   26 -
 .../forms/placeholder-position-expected.txt   |  129 --
 .../placeholder-pseudo-style-expected.txt     |   66 -
 ...h-cancel-button-style-sharing-expected.txt |   28 -
 ...ch-display-none-cancel-button-expected.txt |   17 -
 .../fast/forms/search-input-rtl-expected.txt  |   54 -
 .../fast/forms/search-rtl-expected.txt        |   74 -
 .../fast/forms/search-styled-expected.txt     |   17 -
 .../search-vertical-alignment-expected.txt    |   66 -
 ...adding-cancel-results-buttons-expected.txt |   15 -
 .../search-size-with-decorations-expected.txt |   69 -
 .../forms/select-visual-hebrew-expected.txt   |   19 -
 ...ect-writing-direction-natural-expected.txt |  136 --
 .../forms/tabbing-input-iframe-expected.txt   |   29 -
 ...text-control-intrinsic-widths-expected.txt |  387 ------
 .../forms/textfield-focus-ring-expected.txt   |   15 -
 .../fast/forms/textfield-outline-expected.txt |   15 -
 .../forms/textfield-overflow-expected.txt     |   11 -
 .../visual-hebrew-text-field-expected.txt     |   29 -
 .../take-focus-from-iframe-expected.txt       |   25 -
 .../html/details-no-summary4-expected.txt     |   15 -
 .../html/details-open-javascript-expected.txt |   20 -
 .../fast/html/details-open2-expected.txt      |   16 -
 .../fast/html/details-open4-expected.txt      |   15 -
 .../mac-ventura/fast/invalid/008-expected.txt |   12 -
 .../lists/dynamic-marker-crash-expected.txt   |   19 -
 .../fast/overflow/003-expected.txt            |  193 ---
 .../overflow/overflow-focus-ring-expected.txt |   48 -
 ...-by-invalidateSelection-crash-expected.txt |   16 -
 .../repaint/search-field-cancel-expected.txt  |   24 -
 .../repaint/subtree-root-skipped-expected.txt |   22 -
 .../replaced/replaced-breaking-expected.txt   |   68 -
 .../replaced-breaking-mixture-expected.txt    |   39 -
 .../mac-ventura/fast/table/003-expected.txt   |   75 -
 .../fast/table/colspanMinWidth-expected.txt   |   24 -
 .../table/spanOverlapRepaint-expected.txt     |   26 -
 .../table/text-field-baseline-expected.txt    |  102 --
 .../basic/generic-family-reset-expected.txt   |   90 --
 .../linedash-COLR-expected-mismatch.html      |   29 -
 .../stroke-color-COLR-expected.html           |   25 -
 .../stroke-color-shadow-COLR-expected.html    |   19 -
 ...stroke-color-shadow-ctm-COLR-expected.html |   19 -
 .../stroke-gradient-COLR-expected.html        |    8 -
 .../fast/text/drawBidiText-expected.txt       |   10 -
 .../bidi-listbox-atsui-expected.txt           |   45 -
 .../international/bidi-listbox-expected.txt   |   45 -
 .../international/bidi-menulist-expected.txt  |   58 -
 ...-text-alignment-and-direction-expected.txt |  127 --
 ...de-bidi-plaintext-in-textarea-expected.txt |   51 -
 .../fast/text/resources/Ahem-COLR.ttf         |  Bin 21828 -> 0 bytes
 .../text/textIteratorNilRenderer-expected.txt |   34 -
 ...ransformed-focused-text-input-expected.txt |   12 -
 .../url/url-hostname-encoding-expected.txt    |   28 -
 .../javascriptlink-frames-expected.txt        |  133 --
 .../wpt/mediarecorder/mimeType-expected.txt   |   21 -
 .../field-sizing-input-text-expected.txt      |   57 -
 .../mime-types/canPlayType-expected.txt       |   62 -
 .../url/toascii.window-expected.txt           |  786 -----------
 .../open-method-case-sensitive-expected.txt   |   11 -
 .../media-can-play-h265-video-expected.txt    |   10 -
 .../media-can-play-mpeg4-video-expected.txt   |   12 -
 .../media-can-play-wav-audio-expected.txt     |   13 -
 .../video-source-type-params-expected.txt     |    4 -
 ...rint-with-media-query-destory-expected.txt |    1 -
 ...erflow-scrollbar-combinations-expected.txt | 1208 -----------------
 .../custom/inline-svg-in-xhtml-expected.txt   |   34 -
 .../svg/custom/svg-fonts-in-html-expected.txt |   89 --
 .../svg/hixie/mixed/003-expected.txt          |   19 -
 .../tables/mozilla/bugs/bug1188-expected.txt  |  141 --
 .../tables/mozilla/bugs/bug12384-expected.txt |   26 -
 .../tables/mozilla/bugs/bug18359-expected.txt |   45 -
 .../tables/mozilla/bugs/bug24200-expected.txt |   63 -
 .../mozilla/bugs/bug2479-2-expected.txt       |  120 --
 .../mozilla/bugs/bug2479-3-expected.txt       |  128 --
 .../mozilla/bugs/bug2479-4-expected.txt       |  244 ----
 .../tables/mozilla/bugs/bug28928-expected.txt |   51 -
 .../tables/mozilla/bugs/bug4382-expected.txt  |   35 -
 .../tables/mozilla/bugs/bug4527-expected.txt  |   44 -
 .../mozilla/bugs/bug46368-1-expected.txt      |   53 -
 .../mozilla/bugs/bug46368-2-expected.txt      |   41 -
 .../tables/mozilla/bugs/bug51037-expected.txt |   40 -
 .../tables/mozilla/bugs/bug55545-expected.txt |   20 -
 .../tables/mozilla/bugs/bug59354-expected.txt |   60 -
 .../tables/mozilla/bugs/bug7342-expected.txt  |   80 --
 .../tables/mozilla/bugs/bug96334-expected.txt |   45 -
 .../tables/mozilla/bugs/bug99948-expected.txt |   16 -
 .../tables/mozilla/dom/tableDom-expected.txt  |   69 -
 .../mozilla/other/move_row-expected.txt       |   51 -
 .../bugs/bug2479-5-expected.txt               |  182 ---
 .../bugs/bug92647-1-expected.txt              |   34 -
 .../perspective-non-layer-expected.txt        |   16 -
 LayoutTests/platform/mac-wk1/TestExpectations |   99 +-
 LayoutTests/platform/mac-wk2/TestExpectations |  117 +-
 LayoutTests/platform/mac/TestExpectations     |   85 +-
 230 files changed, 83 insertions(+), 15559 deletions(-)
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/TestExpectations
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/composited-iframe-with-fixed-background-doc-repaint-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-scroll-repaint-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/inserting/caret-position-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/anchor-element-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attrib-string-colors-with-color-filter-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attribute-string-for-copy-with-color-filter-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-3-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-4-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-5-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-with-color-filter-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/basic-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/comment-cdata-section-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-size-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-style-variant-effect-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-weight-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/letter-spacing-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/text-decorations-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/vertical-align-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/input/caret-primary-bidi-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-plain-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-styled-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/selection/5825350-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/editing/selection/mixed-editability-10-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/fast/forms/datalist/datalist-textinput-appearance-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/fast/replaced/replaced-breaking-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/css/css-tables/border-writing-mode-dynamic-001-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/TestExpectations
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/backing/inline-block-no-backing-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/backing/whitespace-nodes-no-backing-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/fixed-image-loading-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-scaled-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/tiling/huge-layer-img-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/dynamic/layer-hit-test-crash-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/forms/datalist/datalist-textinput-appearance-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/forms/time/time-input-rendering-basic-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/repaint/4776765-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/repaint/placeholder-after-caps-lock-hidden-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/fast/scrolling/mac/scrollbars/scrollbars-controller-type-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-offscreen-webgl-full-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-webgl-full-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura-wk2/scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-overflow-in-iframe-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/TestExpectations
 delete mode 100644 LayoutTests/platform/mac-ventura/accessibility/datetime/input-datetime-local-label-value-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/accessibility/datetime/input-time-label-value-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/css2.1/t09-c5526c-display-00-e-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/css3/filters/composited-during-animation-layertree-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/caret/caret-position-sideways-lr-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/caret/caret-position-vertical-rl-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-background-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/caret/insert-paragraph-does-not-paint-stale-carets-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-contenteditable-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-input-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/input/editable-container-with-word-wrap-normal-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/inserting/before-after-input-element-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/inserting/multiple-lines-selected-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/pasteboard/4806874-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/pasteboard/input-field-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/pasteboard/interchange-newline-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/3690703-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/3690703-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/3690719-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/4895428-3-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/4975120-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/block-cursor-overtype-mode-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/drag-select-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/internal-caret-rect-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/select-from-textfield-outwards-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/editing/selection/simple-line-layout-caret-is-gone-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/block/basic/minheight-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/block/margin-collapse/103-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/clip/outline-overflowClip-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/css/002-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/css/focus-ring-exists-for-search-field-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/css/line-height-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/css/rtl-ordering-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/css/text-overflow-input-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/events/context-no-deselect-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/hide-auto-fill-strong-password-viewable-treatment-when-form-is-reset-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-auto-fill-button-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-credit-card-auto-fill-button-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-strong-password-viewable-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/basic-inputs-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/box-shadow-override-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/control-restrict-line-height-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/cursor-at-editable-content-boundary-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/datalist/datalist-searchinput-appearance-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/encoding-test-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/fieldset-align-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/form-element-geometry-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-align-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-bkcolor-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-default-bkcolor-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-focus-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-height-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-preventDefault-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-selection-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-up-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-visibility-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-appearance-width-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-baseline-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-disabled-color-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-double-click-selection-gap-bug-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-3-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-spaces-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-table-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-click-inside-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-click-outside-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-double-click-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-drag-down-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-option-delete-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-scroll-left-on-blur-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-self-emptying-click-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-text-word-wrap-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-type-text-min-width-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-value-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/input-width-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/listbox-bidi-align-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/minWidthPercent-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-rtl-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-layer-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/placeholder-position-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/placeholder-pseudo-style-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-cancel-button-style-sharing-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-display-none-cancel-button-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-input-rtl-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-rtl-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-styled-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search-vertical-alignment-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search/search-padding-cancel-results-buttons-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/search/search-size-with-decorations-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/select-visual-hebrew-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/select-writing-direction-natural-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/tabbing-input-iframe-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/text-control-intrinsic-widths-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/textfield-focus-ring-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/textfield-outline-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/textfield-overflow-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/forms/visual-hebrew-text-field-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/frames/take-focus-from-iframe-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/html/details-no-summary4-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/html/details-open-javascript-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/html/details-open2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/html/details-open4-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/invalid/008-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/lists/dynamic-marker-crash-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/overflow/003-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/overflow/overflow-focus-ring-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/repaint/search-field-cancel-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/repaint/subtree-root-skipped-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-mixture-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/table/003-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/table/colspanMinWidth-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/table/spanOverlapRepaint-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/table/text-field-baseline-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/basic/generic-family-reset-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/linedash-COLR-expected-mismatch.html
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-COLR-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-COLR-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-ctm-COLR-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-gradient-COLR-expected.html
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/drawBidiText-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-atsui-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/international/bidi-menulist-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/resources/Ahem-COLR.ttf
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/text/textIteratorNilRenderer-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/transforms/transformed-focused-text-input-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/fast/url/url-hostname-encoding-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/http/tests/navigation/javascriptlink-frames-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/http/wpt/mediarecorder/mimeType-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/rendering/widgets/field-sizing-input-text-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/url/toascii.window-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/xhr/open-method-case-sensitive-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/media/media-can-play-h265-video-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/media/media-can-play-mpeg4-video-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/media/media-can-play-wav-audio-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/media/video-source-type-params-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/printing/print-with-media-query-destory-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/scrollbars/overflow-scrollbar-combinations-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/svg/custom/inline-svg-in-xhtml-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/svg/custom/svg-fonts-in-html-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/svg/hixie/mixed/003-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug1188-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug12384-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug18359-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug24200-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-3-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-4-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug28928-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4382-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4527-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-2-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug51037-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug55545-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug59354-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug7342-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug96334-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug99948-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/dom/tableDom-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla/other/move_row-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug2479-5-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug92647-1-expected.txt
 delete mode 100644 LayoutTests/platform/mac-ventura/transforms/3d/general/perspective-non-layer-expected.txt

diff --git a/LayoutTests/platform/mac-ventura-wk1/TestExpectations b/LayoutTests/platform/mac-ventura-wk1/TestExpectations
deleted file mode 100644
index 3b4f271236139..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/TestExpectations
+++ /dev/null
@@ -1,7 +0,0 @@
-webkit.org/b/267710 imported/w3c/web-platform-tests/accname/name/comp_host_language_label.html [ Failure ]
-
-# webkit.org/b/271916 [ Ventura WK1 Release ] 3x media/track/track and http/tests/media/hls/hls-we bvtt-flashing.html are constant timeout
-http/tests/media/hls/hls-webvtt-flashing.html [ Timeout ]
-media/track/track-in-band-cues-added-once.html [ Timeout ]
-media/track/track-in-band-layout.html [ Timeout Failure ]
-media/track/track-paint-on-captions.html [ Timeout ]
\ No newline at end of file
diff --git a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/composited-iframe-with-fixed-background-doc-repaint-expected.txt b/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/composited-iframe-with-fixed-background-doc-repaint-expected.txt
deleted file mode 100644
index d2492d2acc068..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/composited-iframe-with-fixed-background-doc-repaint-expected.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 2016.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 2016.00)
-      (contentsOpaque 1)
-      (children 2
-        (GraphicsLayer
-          (offsetFromRenderer width=-14 height=-14)
-          (position 14.00 14.00)
-          (bounds 432.00 332.00)
-          (drawsContent 1)
-          (repaint rects
-            (rect 16.00 16.00 400.00 300.00)
-            (rect 24.00 16.00 100.00 8.00)
-          )
-        )
-        (GraphicsLayer
-          (position 8.00 369.00)
-          (anchor 1.00 1.00)
-          (bounds 1.00 1.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-scroll-repaint-expected.txt b/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-scroll-repaint-expected.txt
deleted file mode 100644
index 734719a56b222..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-scroll-repaint-expected.txt
+++ /dev/null
@@ -1,64 +0,0 @@
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 2016.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 2016.00)
-      (contentsOpaque 1)
-      (children 2
-        (GraphicsLayer
-          (offsetFromRenderer width=-14 height=-14)
-          (position 14.00 14.00)
-          (bounds 432.00 332.00)
-          (drawsContent 1)
-          (repaint rects
-            (rect 16.00 16.00 400.00 300.00)
-          )
-          (children 1
-            (GraphicsLayer
-              (position 16.00 16.00)
-              (children 1
-                (GraphicsLayer
-                  (anchor 0.00 0.00)
-                  (bounds 400.00 300.00)
-                  (children 1
-                    (GraphicsLayer
-                      (position 0.00 -100.00)
-                      (anchor 0.00 0.00)
-                      (children 1
-                        (GraphicsLayer
-                          (anchor 0.00 0.00)
-                          (bounds 400.00 1016.00)
-                          (children 1
-                            (GraphicsLayer
-                              (bounds 400.00 1016.00)
-                              (drawsContent 1)
-                              (children 1
-                                (GraphicsLayer
-                                  (position 8.00 8.00)
-                                  (bounds 100.00 100.00)
-                                  (contentsOpaque 1)
-                                )
-                              )
-                            )
-                          )
-                        )
-                      )
-                    )
-                  )
-                )
-              )
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 8.00 369.00)
-          (anchor 1.00 1.00)
-          (bounds 1.00 1.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint-expected.txt b/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint-expected.txt
deleted file mode 100644
index 30d8391e08ca2..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/compositing/repaint/iframes/compositing-iframe-with-fixed-background-doc-repaint-expected.txt
+++ /dev/null
@@ -1,68 +0,0 @@
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 2016.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 2016.00)
-      (contentsOpaque 1)
-      (children 2
-        (GraphicsLayer
-          (offsetFromRenderer width=-14 height=-14)
-          (position 14.00 14.00)
-          (bounds 432.00 332.00)
-          (drawsContent 1)
-          (repaint rects
-            (rect 16.00 16.00 400.00 300.00)
-          )
-          (children 1
-            (GraphicsLayer
-              (position 16.00 16.00)
-              (children 1
-                (GraphicsLayer
-                  (anchor 0.00 0.00)
-                  (bounds 400.00 300.00)
-                  (children 1
-                    (GraphicsLayer
-                      (position 0.00 -100.00)
-                      (anchor 0.00 0.00)
-                      (children 1
-                        (GraphicsLayer
-                          (anchor 0.00 0.00)
-                          (bounds 400.00 1016.00)
-                          (children 1
-                            (GraphicsLayer
-                              (bounds 400.00 1016.00)
-                              (drawsContent 1)
-                              (repaint rects
-                                (rect 8.00 8.00 100.00 100.00)
-                              )
-                              (children 1
-                                (GraphicsLayer
-                                  (position 8.00 108.00)
-                                  (bounds 100.00 100.00)
-                                  (contentsOpaque 1)
-                                  (transform [1.00 0.00 0.00 0.00] [0.00 1.00 0.00 0.00] [0.00 0.00 1.00 0.00] [100.00 0.00 0.00 1.00])
-                                )
-                              )
-                            )
-                          )
-                        )
-                      )
-                    )
-                  )
-                )
-              )
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 8.00 369.00)
-          (anchor 1.00 1.00)
-          (bounds 1.00 1.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/inserting/caret-position-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/inserting/caret-position-expected.txt
deleted file mode 100644
index 819d2d485acc0..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/inserting/caret-position-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-
-Right aligned div.
-x
-
-RTL div.
-a
-
-0px right padding RTL textarea.
-
-LTR div and textarea.
-a
-
-
-NO WRAPPING
-No wrapping right aligned div.
-
-No wrapping RTL div.
-a
-
-No wrapping 0px right padding RTL textarea.
-
-No wrapping LTR div and textarea.
-a
-
-
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/anchor-element-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/anchor-element-expected.txt
deleted file mode 100644
index fc0da96152d74..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/anchor-element-expected.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-Input:
-<a href="https://webkit.org/">webkit.org</a>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[webkit.org]
-    NSColor: #0000ee (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSLink: https://webkit.org/
-    NSStrokeColor: #0000ee (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attrib-string-colors-with-color-filter-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attrib-string-colors-with-color-filter-expected.txt
deleted file mode 100644
index e90c9b8c81520..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attrib-string-colors-with-color-filter-expected.txt
+++ /dev/null
@@ -1,54 +0,0 @@
-Input:
-<div style="-apple-color-filter: apple-invert-lightness()">
-    <span style="color: blue; background-color: #EEE">This text is blue</span>
-    <span style="color: yellow; background-color: maroon">This text is yellow</span>
-</div>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[This text is blue]
-    NSBackgroundColor: #eeeeee (sRGB)
-    NSColor: #0000ff (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #0000ff (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[This text is yellow]
-    NSBackgroundColor: #800000 (sRGB)
-    NSColor: #ffff00 (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #ffff00 (sRGB)
-    NSStrokeWidth: 0
-[\n]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attribute-string-for-copy-with-color-filter-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attribute-string-for-copy-with-color-filter-expected.txt
deleted file mode 100644
index cb775e17d49a9..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attribute-string-for-copy-with-color-filter-expected.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-Test that an NSAttributedString for copy doesn't convert colors through -apple-color-filter.
-
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[is]
-    NSBackgroundColor: #336699 (sRGB)
-    NSColor: #cccccc (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #cccccc (sRGB)
-    NSStrokeWidth: 0
-
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-1-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-1-expected.txt
deleted file mode 100644
index 14b9c0dea4be6..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-1-expected.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-Input:
-hello <span id="host"><#shadow-start><slot></slot> WebKit<#shadow-end>world</span> rocks
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[world]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ WebKit rocks]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-2-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-2-expected.txt
deleted file mode 100644
index 193a6685b2190..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-2-expected.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-Input:
-hello <span id="host"><#shadow-start><slot></slot> WebKit<#shadow-end><#start>world</span> rocks<#end>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[world]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ WebKit rocks]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-3-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-3-expected.txt
deleted file mode 100644
index 7c91ee662b4ef..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-3-expected.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-Input:
-<span id="host"><#shadow-start>hello <slot></slot><#shadow-end><#start>world WebKit</span> rocks<#end>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[world WebKit]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ rocks]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-4-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-4-expected.txt
deleted file mode 100644
index 2dc544cd4df87..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-4-expected.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-Input:
-<span id="host"><#shadow-start><#start>hello <slot></slot><#shadow-end>world Web<#end>Kit</span> rocks
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[world Web]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-5-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-5-expected.txt
deleted file mode 100644
index 9baeb6a7098b9..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-5-expected.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-Input:
-<#start><span id="host"><#shadow-start>hello <slot></slot><span style="display:none;"></span><#shadow-end>world</span> WebKit<#end>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[world]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ WebKit]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-1-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-1-expected.txt
deleted file mode 100644
index a27e80b1d1259..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-1-expected.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-Input:
-<#start><b>hello <span id="host"><#shadow-start><slot style="color: blue;"></slot> Web<#end>Kit<#shadow-end>world</span></b> rocks
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello ]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[world]
-    NSColor: #0000ff (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #0000ff (sRGB)
-    NSStrokeWidth: 0
-[ Web]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-2-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-2-expected.txt
deleted file mode 100644
index 4d394341e4f80..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-across-shadow-boundaries-with-style-2-expected.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-Input:
-<#start><div style="font-style: italic" id="host1"><#shadow-start><slot style="color: blue;"></slot> world<#shadow-end><b>hello</b></div><div id="host2"><#shadow-start><u>WebKit <#end><slot></slot></u><#shadow-end>rocks</div>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello]
-    NSColor: #0000ff (sRGB)
-    NSFont: Times-BoldItalic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #0000ff (sRGB)
-    NSStrokeWidth: 0
-[ world\n]
-    NSFont: Times-Italic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[WebKit ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-expected.txt
deleted file mode 100644
index 749f418b6af08..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-expected.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-Some text here
-Input:
-<div id="editor" style="color: rgba(23, 45, 56, 0.4);" contenteditable="">Some text here</div>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: (    28L,
-    56L,
-    84L,
-    112L,
-    140L,
-    168L,
-    196L,
-    224L,
-    252L,
-    280L,
-    308L,
-    336L
-)
-    DefaultTabInterval: 0
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: -1
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[ ]
-    NSColor: rgba(23, 45, 56, 0.4) (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-with-color-filter-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-with-color-filter-expected.txt
deleted file mode 100644
index f1704f60321bf..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/attributed-string-for-typing-with-color-filter-expected.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-Some text here
-Input:
-<div id="editor" style="-apple-color-filter: apple-invert-lightness(); color: rgba(20, 20, 20, 0.4); background: #ccc;" contenteditable="">Some text here</div>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: (    28L,
-    56L,
-    84L,
-    112L,
-    140L,
-    168L,
-    196L,
-    224L,
-    252L,
-    280L,
-    308L,
-    336L
-)
-    DefaultTabInterval: 0
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: -1
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[ ]
-    NSBackgroundColor: #5c5c5c (sRGB)
-    NSColor: rgba(239, 239, 239, 0.4) (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/basic-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/basic-expected.txt
deleted file mode 100644
index e30ec4dd84ae4..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/basic-expected.txt
+++ /dev/null
@@ -1,101 +0,0 @@
-Input:
-hello <b style="background-color:blue; color:white;">world</b> <a href="https://webkit.org/">WebKit</a>.<br>
-<span style="background-color:yellow;">this is a <u><i>t</i>est</u> of <em>attributed</em> string.</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[world]
-    NSBackgroundColor: #0000ff (sRGB)
-    NSColor: #ffffff (sRGB)
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #ffffff (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[WebKit]
-    NSColor: #0000ee (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSLink: https://webkit.org/
-    NSStrokeColor: #0000ee (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-[.\n]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[this is a ]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[t]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Italic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-[est]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-[ of ]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[attributed]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Italic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ string.]
-    NSBackgroundColor: #ffff00 (sRGB)
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/comment-cdata-section-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/comment-cdata-section-expected.txt
deleted file mode 100644
index 842f5de3b6d7b..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/comment-cdata-section-expected.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-Input:
-hello <!-- FAIL1 --><!--[CDATA[ FAIL2 ]]--> world.
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[hello world. ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-size-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-size-expected.txt
deleted file mode 100644
index d2f0a365b74b4..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-size-expected.txt
+++ /dev/null
@@ -1,126 +0,0 @@
-Input:
-<small>small element</small>
-<span style="font-size: xx-small">xx-small</span>
-<span style="font-size: x-small">x-small</span>
-<span style="font-size: small">small</span>
-<span style="font-size: normal">normal</span>
-<span style="font-size: large">large</span>
-<span style="font-size: x-large">x-large</span>
-<span style="font-size: xx-large">xx-large</span>
-<span style="font-size: 5pt">5pt</span>
-<span style="font-size: 15pt">15pt</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[small element]
-    NSFont: Times-Roman 13.33 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[xx-small]
-    NSFont: Times-Roman 9.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[x-small]
-    NSFont: Times-Roman 10.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[small]
-    NSFont: Times-Roman 13.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ normal ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[large]
-    NSFont: Times-Roman 18.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[x-large]
-    NSFont: Times-Roman 24.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[xx-large]
-    NSFont: Times-Roman 32.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[5pt]
-    NSFont: Times-Roman 6.67 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[15pt]
-    NSFont: Times-Roman 20.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-style-variant-effect-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-style-variant-effect-expected.txt
deleted file mode 100644
index 5e57c846a7107..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-style-variant-effect-expected.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-Input:
-<i>italic</i>
-<span style="font-style: oblique">oblique</span>
-<span style="font-variant: small-caps">small-caps</span>
-<span style="font-effect: outline">outline</span>
-<span style="font-effect: emboss">emboss</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[italic]
-    NSFont: Times-Italic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[oblique]
-    NSFont: Times-Italic 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ small-caps outline emboss ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-weight-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-weight-expected.txt
deleted file mode 100644
index 9c8ef904c4e6d..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/font-weight-expected.txt
+++ /dev/null
@@ -1,126 +0,0 @@
-Input:
-<b>bold</b>
-<span style="font-weight: 100">font weight 100</span>
-<span style="font-weight: 200">font weight 200</span>
-<span style="font-weight: 300">font weight 300</span>
-<span style="font-weight: 400">font weight 400</span>
-<span style="font-weight: 500">font weight 500</span>
-<span style="font-weight: 600">font weight 600</span>
-<span style="font-weight: 700">font weight 700</span>
-<span style="font-weight: 800">font weight 800</span>
-<span style="font-weight: 900">font weight 900</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[bold]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 100]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 200]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 300]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ font weight 400 ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 500]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 600]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 700]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 800]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[font weight 900]
-    NSFont: Times-Bold 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/letter-spacing-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/letter-spacing-expected.txt
deleted file mode 100644
index 933e6d28b7d6a..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/letter-spacing-expected.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-Input:
-<span style="letter-spacing: 3pt">3pt</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[3pt]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/text-decorations-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/text-decorations-expected.txt
deleted file mode 100644
index b62af9f96260f..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/text-decorations-expected.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-Input:
-<u>underline</u>
-<strike>strike</strike>
-<span style="text-decoration: underline line-though">underline and strike</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[underline]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSUnderline: true
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[strike]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrikethrough: true
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[ underline and strike ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/vertical-align-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/vertical-align-expected.txt
deleted file mode 100644
index ee89c1ec118a4..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/attributed-string/vertical-align-expected.txt
+++ /dev/null
@@ -1,75 +0,0 @@
-Input:
-<sup>sup element</sup>
-<sub>sub element</sub>
-<span style="vertical-align: super">vertical align super</span>
-<span style="vertical-align: sub">vertical align sub</span>
-<span style="vertical-align: 50%">vertical align 50%</span>
-
-Output:
-NSParagraphStyle:
-Alignment 4
-    LineSpacing: 0
-    ParagraphSpacing: 0
-    ParagraphSpacingBefore: 0
-    HeadIndent: 0
-    TailIndent: 0
-    FirstLineHeadIndent: 0
-    LineHeight: 0/0
-    LineHeightMultiple: 0
-    LineBreakMode: 0
-    Tabs: ()
-    DefaultTabInterval: 36
-    Blocks: (
-)
-    Lists: (
-)
-    BaseWritingDirection: 0
-    HyphenationFactor: 0
-    TighteningForTruncation: YES
-    HeaderLevel: 0 LineBreakStrategy 0 PresentationIntents (
-) ListIntentOrdinal 0 CodeBlockIntentLanguageHint ''
-[sup element]
-    NSFont: Times-Roman 13.33 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSSuperScript: 1
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[sub element]
-    NSFont: Times-Roman 13.33 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSSuperScript: -1
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[vertical align super]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSSuperScript: 1
-[ ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-[vertical align sub]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-    NSSuperScript: -1
-[ vertical align 50% ]
-    NSFont: Times-Roman 16.00 pt.
-    NSKern: 0pt
-    NSStrokeColor: #000000 (sRGB)
-    NSStrokeWidth: 0
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/caret-primary-bidi-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/caret-primary-bidi-expected.txt
deleted file mode 100644
index 507bad9b21fc8..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/caret-primary-bidi-expected.txt
+++ /dev/null
@@ -1,87 +0,0 @@
-0: 8,564,0,28
-1: 21,564,0,28
-2: 36,564,0,28
-3: 49,564,0,28
-4: 155,564,0,28
-5: 141,564,0,28
-6: 85,564,0,28
-7: 101,564,0,28
-8: 116,564,0,28
-9: 131,564,0,28
-10: 73,564,0,28
-11: 56,564,0,28
-12: 170,564,0,28
-13: 185,564,0,28
-14: 199,564,0,28
-15: 208,564,0,28
-16: 8,536,0,28
-17: 114,536,0,28
-18: 101,536,0,28
-19: 45,536,0,28
-20: 60,536,0,28
-21: 75,536,0,28
-22: 90,536,0,28
-23: 33,536,0,28
-24: 16,536,0,28
-25: 130,536,0,28
-26: 8,508,0,28
-27: 141,508,0,28
-28: 127,508,0,28
-29: 117,508,0,28
-30: 33,508,0,28
-31: 16,508,0,28
-32: 156,508,0,28
-33: 8,480,0,28
-34: 32,480,0,28
-35: 18,480,0,28
-36: 47,480,0,28
-37: 61,480,0,28
-38: 76,480,0,28
-39: 88,480,0,28
-40: 113,480,0,28
-41: 96,480,0,28
-42: 125,480,0,28
-43: 791,452,0,28
-44: 765,452,0,28
-45: 780,452,0,28
-46: 751,452,0,28
-47: 736,452,0,28
-48: 722,452,0,28
-49: 712,452,0,28
-50: 682,452,0,28
-51: 697,452,0,28
-52: 667,452,0,28
-53: 655,452,0,28
-54: 637,452,0,28
-55: 630,452,0,28
-56: 608,452,0,28
-57: 621,452,0,28
-58: 592,452,0,28
-59: 791,424,0,28
-60: 777,424,0,28
-61: 763,424,0,28
-62: 753,424,0,28
-63: 722,424,0,28
-64: 738,424,0,28
-65: 707,424,0,28
-66: 695,424,0,28
-67: 678,424,0,28
-68: 670,424,0,28
-69: 791,396,0,28
-70: 777,396,0,28
-71: 763,396,0,28
-72: 753,396,0,28
-73: 669,396,0,28
-74: 652,396,0,28
-75: 644,396,0,28
-76: 791,368,0,28
-77: 765,368,0,28
-78: 780,368,0,28
-79: 751,368,0,28
-80: 736,368,0,28
-81: 722,368,0,28
-82: 712,368,0,28
-83: 690,368,0,28
-84: 703,368,0,28
-85: 675,368,0,28
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-plain-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-plain-expected.txt
deleted file mode 100644
index bb02c7be120e8..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-plain-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-123456
-caret at the beginning: (0,0), (10,572,0,18)
-caret after the first character: (1,0), (18,572,0,18)
-caret at the end of line: (6,0), (58,572,0,18)
-caret at the end of line: (6,100), (58,572,0,18)
-first character: (0,1), (10,572,8,18)
-last character: (5,1), (50,572,8,18)
-last character: (5,2), (50,572,8,18)
-last character: (5,100), (50,572,8,18)
-first line: (0,6), (10,572,48,18)
-first line: (0,7), (10,572,48,18)
-first line: (0,4294967295), (10,572,48,18)
-first line without the first character: (1,4294967295), (18,572,40,18)
-out of bounds, clamped to the end: (7,0), (58,572,0,18)
-out of bounds, clamped to the end: (1000,0), (58,572,0,18)
-out of bounds, clamped to the end: (7,1), (58,572,0,18)
-out of bounds, clamped to the end: (7,4294967295), (58,572,0,18)
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-styled-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-styled-expected.txt
deleted file mode 100644
index bb02c7be120e8..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/mac/input/firstrectforcharacterrange-styled-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-123456
-caret at the beginning: (0,0), (10,572,0,18)
-caret after the first character: (1,0), (18,572,0,18)
-caret at the end of line: (6,0), (58,572,0,18)
-caret at the end of line: (6,100), (58,572,0,18)
-first character: (0,1), (10,572,8,18)
-last character: (5,1), (50,572,8,18)
-last character: (5,2), (50,572,8,18)
-last character: (5,100), (50,572,8,18)
-first line: (0,6), (10,572,48,18)
-first line: (0,7), (10,572,48,18)
-first line: (0,4294967295), (10,572,48,18)
-first line without the first character: (1,4294967295), (18,572,40,18)
-out of bounds, clamped to the end: (7,0), (58,572,0,18)
-out of bounds, clamped to the end: (1000,0), (58,572,0,18)
-out of bounds, clamped to the end: (7,1), (58,572,0,18)
-out of bounds, clamped to the end: (7,4294967295), (58,572,0,18)
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/selection/5825350-2-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/selection/5825350-2-expected.txt
deleted file mode 100644
index 14d00808597da..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/selection/5825350-2-expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-This tests for a bug where moving the caret right towards a non-editable pocket of an editable region would make the caret disappear. The caret should be just after the 'y' in "Sally".
-
-Caret: (80, 538)
diff --git a/LayoutTests/platform/mac-ventura-wk1/editing/selection/mixed-editability-10-expected.txt b/LayoutTests/platform/mac-ventura-wk1/editing/selection/mixed-editability-10-expected.txt
deleted file mode 100644
index b86edce126458..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/editing/selection/mixed-editability-10-expected.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-#1 DIV element with a non-editable element only align center:
-
-Hello
-#2 DIV element with a non-editable element only align left:
-
-Hello
-#3 DIV element with a non-editable element only align right:
-
-Hello
-#4 DIV element with two non-editable elementwith padding:
-
-Hello World
-#5 DIV element empty
-
-#6 non editable DIV element with an editable empty span element
-
-Hello: 
-Anchor ([object HTMLDivElement], 0 caret[40,540] refpos=40) is correct.
-Anchor ([object HTMLDivElement], 3 caret[76,540] refpos=76) is correct.
-Anchor ([object HTMLDivElement], 1 caret[44,472] refpos=44) is correct.
-Anchor ([object HTMLDivElement], 0 caret[8,472] refpos=8) is correct.
-Anchor ([object HTMLDivElement], 0 caret[72,404] refpos=72) is correct.
-Anchor ([object HTMLDivElement], 3 caret[48,336] refpos=48) is correct.
-Anchor ([object HTMLDivElement], 0 caret[58,268] refpos=58) is correct.
-Anchor ([object HTMLSpanElement], 0 caret[0,600] refpos=0) is correct.
diff --git a/LayoutTests/platform/mac-ventura-wk1/fast/forms/datalist/datalist-textinput-appearance-expected.txt b/LayoutTests/platform/mac-ventura-wk1/fast/forms/datalist/datalist-textinput-appearance-expected.txt
deleted file mode 100644
index 2ae71bdd00b5e..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/fast/forms/datalist/datalist-textinput-appearance-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x35
-  RenderBlock {HTML} at (0,0) size 800x35
-    RenderBody {BODY} at (8,8) size 784x19
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura-wk1/fast/replaced/replaced-breaking-expected.txt b/LayoutTests/platform/mac-ventura-wk1/fast/replaced/replaced-breaking-expected.txt
deleted file mode 100644
index 3c47e61bf25d7..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/fast/replaced/replaced-breaking-expected.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 32x468 [border: (1px solid #FF0000)]
-        RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderTextControl {INPUT} at (1,20) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderImage {IMG} at (1,39) size 27x27 [border: (1px solid #000000)]
-        RenderImage {IMG} at (1,66) size 27x27 [border: (1px solid #000000)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderButton {INPUT} at (1,93) size 43x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 27x13
-            RenderText at (0,0) size 27x13
-              text run at (0,0) width 27: "input"
-        RenderButton {INPUT} at (1,111) size 43x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 27x13
-            RenderText at (0,0) size 27x13
-              text run at (0,0) width 27: "input"
-        RenderText {#text} at (0,0) size 0x0
-        RenderButton {BUTTON} at (1,129) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText {#text} at (0,0) size 35x13
-              text run at (0,0) width 35: "button"
-        RenderButton {BUTTON} at (1,147) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText {#text} at (0,0) size 35x13
-              text run at (0,0) width 35: "button"
-        RenderText {#text} at (0,0) size 0x0
-        RenderMenuList {SELECT} at (1,165) size 63x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 63x18
-            RenderText at (8,2) size 32x13
-              text run at (8,2) width 32: "select"
-        RenderMenuList {SELECT} at (1,183) size 63x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 63x18
-            RenderText at (8,2) size 32x13
-              text run at (8,2) width 32: "select"
-        RenderText {#text} at (0,0) size 0x0
-        RenderListBox {SELECT} at (1,201) size 49x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderListBox {SELECT} at (1,244) size 49x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBlock {INPUT} at (3,290) size 12x12
-        RenderBlock {INPUT} at (3,308) size 12x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderBlock {INPUT} at (3,326) size 12x12
-        RenderBlock {INPUT} at (3,344) size 12x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderIFrame {IFRAME} at (1,359) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderIFrame {IFRAME} at (1,386) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderText {#text} at (0,0) size 0x0
-        RenderEmbeddedObject {EMBED} at (1,413) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderEmbeddedObject {EMBED} at (1,440) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderText {#text} at (0,0) size 0x0
-layer at (12,12) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (12,31) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/css/css-tables/border-writing-mode-dynamic-001-expected.txt b/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/css/css-tables/border-writing-mode-dynamic-001-expected.txt
deleted file mode 100644
index b0f5b083c183f..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/css/css-tables/border-writing-mode-dynamic-001-expected.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-TABLE
-TBODY
-TR
-TD
-
-PASS Table borders track writing mode changes
-
diff --git a/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt b/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
deleted file mode 100644
index ebbaca971b170..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk1/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-PASS utility code
-PASS application/octet-stream not supported
-PASS fictional formats and codecs not supported
-PASS audio/mp4 (optional)
-PASS audio/mp4; codecs="mp4a.40.2" (optional)
-PASS audio/mp4 with bogus codec
-PASS audio/mp4 with and without codecs
-FAIL audio/ogg (optional) assert_equals: audio/ogg expected "maybe" but got ""
-FAIL audio/ogg; codecs="opus" (optional) assert_equals: audio/ogg; codecs="opus" expected "probably" but got ""
-FAIL audio/ogg; codecs="vorbis" (optional) assert_equals: audio/ogg; codecs="vorbis" expected "probably" but got ""
-PASS audio/ogg with bogus codec
-PASS audio/ogg with and without codecs
-PASS audio/wav (optional)
-FAIL audio/wav; codecs="1" (optional) assert_equals: audio/wav; codecs="1" expected "probably" but got ""
-PASS audio/wav with bogus codec
-FAIL audio/wav with and without codecs assert_equals: expected false but got true
-FAIL audio/webm (optional) assert_equals: audio/webm expected "maybe" but got ""
-FAIL audio/webm; codecs="opus" (optional) assert_equals: audio/webm; codecs="opus" expected "probably" but got ""
-FAIL audio/webm; codecs="vorbis" (optional) assert_equals: audio/webm; codecs="vorbis" expected "probably" but got ""
-PASS audio/webm with bogus codec
-PASS audio/webm with and without codecs
-PASS video/3gpp (optional)
-PASS video/3gpp; codecs="samr" (optional)
-PASS video/3gpp; codecs="mp4v.20.8" (optional)
-PASS video/3gpp codecs subset
-PASS video/3gpp codecs order
-PASS video/3gpp with bogus codec
-PASS video/3gpp with and without codecs
-PASS video/mp4 (optional)
-PASS video/mp4; codecs="mp4a.40.2" (optional)
-PASS video/mp4; codecs="avc1.42E01E" (optional)
-PASS video/mp4; codecs="avc1.4D401E" (optional)
-PASS video/mp4; codecs="avc1.58A01E" (optional)
-PASS video/mp4; codecs="avc1.64001E" (optional)
-PASS video/mp4; codecs="mp4v.20.8" (optional)
-PASS video/mp4; codecs="mp4v.20.240" (optional)
-PASS video/mp4 codecs subset
-PASS video/mp4 codecs order
-PASS video/mp4 with bogus codec
-PASS video/mp4 with and without codecs
-FAIL video/ogg (optional) assert_equals: video/ogg expected "maybe" but got ""
-FAIL video/ogg; codecs="opus" (optional) assert_equals: video/ogg; codecs="opus" expected "probably" but got ""
-FAIL video/ogg; codecs="vorbis" (optional) assert_equals: video/ogg; codecs="vorbis" expected "probably" but got ""
-FAIL video/ogg; codecs="theora" (optional) assert_equals: video/ogg; codecs="theora" expected "probably" but got ""
-PASS video/ogg codecs subset
-PASS video/ogg codecs order
-PASS video/ogg with bogus codec
-PASS video/ogg with and without codecs
-FAIL video/webm (optional) assert_equals: video/webm expected "maybe" but got ""
-FAIL video/webm; codecs="opus" (optional) assert_equals: video/webm; codecs="opus" expected "probably" but got ""
-FAIL video/webm; codecs="vorbis" (optional) assert_equals: video/webm; codecs="vorbis" expected "probably" but got ""
-FAIL video/webm; codecs="vp8" (optional) assert_equals: video/webm; codecs="vp8" expected "probably" but got ""
-FAIL video/webm; codecs="vp8.0" (optional) assert_equals: video/webm; codecs="vp8.0" expected "probably" but got ""
-FAIL video/webm; codecs="vp9" (optional) assert_equals: video/webm; codecs="vp9" expected "probably" but got ""
-FAIL video/webm; codecs="vp9.0" (optional) assert_equals: video/webm; codecs="vp9.0" expected "probably" but got ""
-PASS video/webm codecs subset
-PASS video/webm codecs order
-PASS video/webm with bogus codec
-PASS video/webm with and without codecs
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/TestExpectations b/LayoutTests/platform/mac-ventura-wk2/TestExpectations
deleted file mode 100644
index 8c610f6e34290..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/TestExpectations
+++ /dev/null
@@ -1,80 +0,0 @@
-# These are the layout test expectations for Apple's macOS Ventura port of WebKit.
-#
-
-#//////////////////////////////////////////////////////////////////////////////////////////
-# Platform-specific directories. Skipped globally, then re-enabled here.
-#//////////////////////////////////////////////////////////////////////////////////////////
-
-# These tests require compile-time flags in WebKit that are only enabled in Sonoma. They were marked as Skip in
-# https://bugs.webkit.org/show_bug.cgi?id=248545 — re-disable them here.
-fast/images/animations-resume-from-last-displayed-frame.html [ Skip ]
-fast/images/individual-animation-toggle.html [ Skip ]
-fast/images/page-wide-animation-toggle.html [ Skip ]
-fast/images/pagewide-play-pause-animateTransform-svg-animation.html [ Skip ]
-fast/images/pagewide-play-pause-offscreen-animations.html [ Skip ]
-fast/images/mac/play-all-pause-all-animations-context-menu-items.html [ Skip ]
-fast/images/mac/animation-context-menu-items-presence.html [ Skip ]
-
-# Failing after OS migration rdar://112624778 (Migrate macOS Sonoma test expectations to OpenSource, add expectation files to Down-Levels (259373))
-http/tests/permissions/permission-status-onchange-event-service-worker.html [ Pass Timeout ]
-imported/w3c/web-platform-tests/feature-policy/reporting/picture-in-picture-reporting.html [ Pass Failure ]
-imported/w3c/web-platform-tests/fetch/range/non-matching-range-response.html [ Pass Failure ]
-imported/w3c/web-platform-tests/resize-observer/callback-cross-realm-report-exception.html [ Pass Failure ]
-media/media-session/actionHandler-no-document-leak.html [ Pass Failure ]
-scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-nested-non-cb-overflow.html [ Pass Failure ]
-scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-nested-overflow.html [ Pass Failure ]
-scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-nested-overflow2.html [ Pass Failure ]
-storage/indexeddb/database-transaction-cycle.html [ Pass Failure ]
-webgl/1.0.x/conformance/glsl/misc/shader-with-non-reserved-words-3-of-8.html [ Pass Timeout ]
-
-webkit.org/b/261444 [ Debug x86_64 ] http/tests/security/referrer-policy-header.html [ Pass Timeout ]
-
-# Asserts on pre-Sonoma macOS: rdar://116291539
-[ Debug ] http/tests/site-isolation/window-properties.html [ Skip ]
-
-# This feature was introduced in macOS Sonoma.
-http/tests/paymentrequest/paymentrequest-applePayLaterAvailability.https.html [ Skip ]
-
-# webkit.org/b/263476 [ mac-wk2 ] Some WPTs exercising wheel actions interface timing out on pre-Sonoma macOS after 269632@main
-imported/w3c/web-platform-tests/css/css-overscroll-behavior/overscroll-behavior.html [ Skip ]
-imported/w3c/web-platform-tests/css/css-scroll-snap/input/snap-area-overflow-boundary.html [ Skip ]
-imported/w3c/web-platform-tests/css/css-transforms/scroll-preserve-3d.html [ Skip ]
-imported/w3c/web-platform-tests/dom/events/non-cancelable-when-passive/non-passive-mousewheel-event-listener-on-div.html [ Skip ]
-imported/w3c/web-platform-tests/dom/events/non-cancelable-when-passive/non-passive-wheel-event-listener-on-div.html [ Skip ]
-imported/w3c/web-platform-tests/dom/events/scrolling/iframe-chains.html [ Skip ]
-imported/w3c/web-platform-tests/dom/events/scrolling/scrollend-event-for-user-scroll.html [ Skip ]
-imported/w3c/web-platform-tests/html/semantics/popovers/popover-light-dismiss-scroll-within.html [ Skip ]
-imported/w3c/web-platform-tests/pointerevents/pointerevent_touch-action-mouse.html [ Skip ]
-
-# webkit.org/b/279236 [ Ventura wk2 ] view-gestures/smart-magnify/double-tap-zoom-scroll-above-top.html is a flaky timeout.
-view-gestures/smart-magnify/double-tap-zoom-scroll-above-top.html [ Timeout Pass ] 
-
-# webkit.org/b/279274 ([ macOS-Ventura-Release-WK2-Intel-Tests-EWS] [EWS] Multiple tests in media/media-source are constantly failing/timeout)
-[ Release x86_64 ] media/media-source/media-managedmse-multipletracks-bufferedchange.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-managedmse-video-with-poster.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-seek-back-after-ended.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm-append-buffer-after-abort.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm-configuration-change.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm-configuration-framerate.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm-configuration-vp9-header-color.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm-init-inside-segment.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-source-webm.html [ Skip ]
-[ Release x86_64 ] media/mediacapabilities/vp9.html [ Skip ]
-[ Release x86_64 ] platform/mac/media/media-source/is-type-supported-vp9-codec-check.html [ Skip ]
-[ Release x86_64 ] platform/mac/media/mediacapabilities/vp9-decodingInfo-sw.html [ Skip ]
-[ Release x86_64 ] media/media-source/media-managedmse-resume-after-remove.html [ Skip ]
-
-# webkit.org/b/280098 4 tests in imported/w3c/web-platform-tests/css/ are constant failures in Ventura Intel EWS
-[ Release x86_64 ] imported/w3c/web-platform-tests/css/css-backgrounds/box-shadow-border-radius-001.html [ Skip ]
-[ Release x86_64 ] imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html [ Skip ]
-[ Release x86_64 ] imported/w3c/web-platform-tests/css/css-images/tiled-radial-gradients.html [ Skip ]
-[ Release x86_64 ] imported/w3c/web-platform-tests/css/css-view-transitions/massive-element-below-viewport-offscreen-old.html [ Skip ]
-
-# webkit.org/b/280186 [EWS] imported/w3c/web-platform-tests/html/canvas/element/manual/drawing-images-to-the-canvas/drawimage_canvas.html is failing on Ventura Intel EWS
-[ Release x86_64 ] imported/w3c/web-platform-tests/html/canvas/element/manual/drawing-images-to-the-canvas/drawimage_canvas.html [ Skip ]
-
-# webkit.org/b/280187 [EWS] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType.html is constant failure on Ventura Intel EWS
-[ Release x86_64 ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType.html [ Skip ]
-
-# webkit.org/b/280189 [EWS] imported/w3c/web-platform-tests/webcodecs/videoFrame-construction.any.html is a constant failure on Ventura Intel EWS
-[ Release x86_64 ] imported/w3c/web-platform-tests/webcodecs/videoFrame-construction.any.html [ Skip ]
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/backing/inline-block-no-backing-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/backing/inline-block-no-backing-expected.txt
deleted file mode 100644
index 68a3bb350f4c2..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/backing/inline-block-no-backing-expected.txt
+++ /dev/null
@@ -1,72 +0,0 @@
- 
-
- (GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (children 4
-        (GraphicsLayer
-          (position 18.00 18.00)
-          (bounds 160.00 320.00)
-          (drawsContent 1)
-          (children 2
-            (GraphicsLayer
-              (position 18.00 10.00)
-              (bounds 120.00 120.00)
-            )
-            (GraphicsLayer
-              (position 10.00 154.00)
-              (bounds 120.00 120.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 202.00 18.00)
-          (bounds 160.00 320.00)
-          (children 2
-            (GraphicsLayer
-              (position 10.00 10.00)
-              (bounds 120.00 120.00)
-            )
-            (GraphicsLayer
-              (position 10.00 154.00)
-              (bounds 120.00 120.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 386.00 18.00)
-          (bounds 160.00 320.00)
-          (children 2
-            (GraphicsLayer
-              (position 10.00 10.00)
-              (bounds 120.00 120.00)
-            )
-            (GraphicsLayer
-              (position 10.00 154.00)
-              (bounds 120.00 120.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 570.00 18.00)
-          (bounds 160.00 320.00)
-          (children 2
-            (GraphicsLayer
-              (position 10.00 10.00)
-              (bounds 120.00 120.00)
-            )
-            (GraphicsLayer
-              (position 10.00 154.00)
-              (bounds 120.00 120.00)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/backing/whitespace-nodes-no-backing-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/backing/whitespace-nodes-no-backing-expected.txt
deleted file mode 100644
index 457eaa70438cf..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/backing/whitespace-nodes-no-backing-expected.txt
+++ /dev/null
@@ -1,112 +0,0 @@
-
-
-
-
-
-
-span
-inner span
-
- (GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (children 9
-        (GraphicsLayer
-          (position 10.00 8.00)
-          (bounds 780.00 58.00)
-          (drawsContent 1)
-          (children 2
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-            (GraphicsLayer
-              (position 60.00 2.00)
-              (bounds 50.00 50.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 10.00 68.00)
-          (bounds 780.00 58.00)
-          (children 2
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-            (GraphicsLayer
-              (position 60.00 2.00)
-              (bounds 50.00 50.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 10.00 128.00)
-          (bounds 780.00 58.00)
-          (children 1
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 10.00 188.00)
-          (bounds 780.00 58.00)
-          (children 1
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 10.00 248.00)
-          (bounds 780.00 78.00)
-          (drawsContent 1)
-          (children 1
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (position 10.00 328.00)
-          (bounds 780.00 54.00)
-          (drawsContent 1)
-        )
-        (GraphicsLayer
-          (position 10.00 384.00)
-          (bounds 780.00 18.00)
-          (drawsContent 1)
-        )
-        (GraphicsLayer
-          (position 10.00 404.00)
-          (bounds 780.00 18.00)
-          (drawsContent 1)
-        )
-        (GraphicsLayer
-          (position 10.00 424.00)
-          (bounds 780.00 78.00)
-          (children 2
-            (GraphicsLayer
-              (position 2.00 2.00)
-              (bounds 50.00 50.00)
-            )
-            (GraphicsLayer
-              (position 0.00 58.00)
-              (bounds 20.00 20.00)
-              (contentsOpaque 1)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/fixed-image-loading-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/fixed-image-loading-expected.txt
deleted file mode 100644
index d3818ceb0671c..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/fixed-image-loading-expected.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (children 1
-        (GraphicsLayer
-          (position 8.00 13.00)
-          (preserves3D 1)
-          (children 1
-            (GraphicsLayer
-              (bounds 214.00 232.00)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-expected.txt
deleted file mode 100644
index 8e2ffc4f185d9..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-expected.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-Tests whether a compositing layer containing only an image uses a standard DPI backing store.
-
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (device scale 2.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (device scale 2.00)
-      (children 1
-        (GraphicsLayer
-          (position 8.00 50.00)
-          (bounds 150.00 150.00)
-          (device scale 2.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-scaled-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-scaled-expected.txt
deleted file mode 100644
index 39ad20dc05599..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/hidpi-image-backing-store-scaled-expected.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-Tests whether a compositing layer containing only an image uses a standard DPI backing store.
-
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (device scale 2.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (device scale 2.00)
-      (children 1
-        (GraphicsLayer
-          (position 8.00 50.00)
-          (bounds 200.00 150.00)
-          (device scale 2.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/tiling/huge-layer-img-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/tiling/huge-layer-img-expected.txt
deleted file mode 100644
index 49f6bb0e58c6b..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/tiling/huge-layer-img-expected.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 20053.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 20053.00)
-      (contentsOpaque 1)
-      (children 1
-        (GraphicsLayer
-          (position 8.00 8.00)
-          (bounds 500.00 20000.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt b/LayoutTests/platform/mac-ventura-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt
deleted file mode 100644
index 980a7e7c5b9c4..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt
+++ /dev/null
@@ -1,160 +0,0 @@
-
-
-
-Initial
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 626.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 626.00)
-      (contentsOpaque 1)
-      (children 3
-        (GraphicsLayer
-          (position 18.00 10.00)
-          (anchor 0.50 0.50)
-          (bounds 749.00 144.00)
-          (children 1
-            (GraphicsLayer
-              (position 20.00 20.00)
-              (bounds 100.00 100.00)
-              (contentsVisible 0)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 160.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (contentsVisible 0)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-              (contentsVisible 0)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 314.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (contentsVisible 0)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-After step 1
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 1411.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 1411.00)
-      (contentsOpaque 1)
-      (children 3
-        (GraphicsLayer
-          (position 18.00 10.00)
-          (anchor 0.50 0.50)
-          (bounds 749.00 144.00)
-          (children 1
-            (GraphicsLayer
-              (position 20.00 20.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 160.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (contentsVisible 0)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-              (contentsVisible 0)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 314.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (contentsVisible 0)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-After step 2
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 785.00 2180.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 785.00 2180.00)
-      (contentsOpaque 1)
-      (children 3
-        (GraphicsLayer
-          (position 18.00 10.00)
-          (anchor 0.50 0.50)
-          (bounds 749.00 144.00)
-          (children 1
-            (GraphicsLayer
-              (position 20.00 20.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 160.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (drawsContent 1)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-        (GraphicsLayer
-          (offsetFromRenderer width=-4 height=-4)
-          (position 14.00 314.00)
-          (anchor 0.50 0.50)
-          (bounds 757.00 152.00)
-          (contentsVisible 0)
-          (children 1
-            (GraphicsLayer
-              (position 24.00 24.00)
-              (bounds 100.00 100.00)
-            )
-          )
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/dynamic/layer-hit-test-crash-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/dynamic/layer-hit-test-crash-expected.txt
deleted file mode 100644
index 984447bcc469e..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/dynamic/layer-hit-test-crash-expected.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 758x18
-          text run at (0,0) width 758: "Mousing over the yellow square below should not cause an assertion failure or crash. This tests for regressions against"
-        RenderInline {A} at (0,18) size 32x18 [color=#0000EE]
-          RenderText {#text} at (0,18) size 32x18
-            text run at (0,18) width 32: "6931"
-        RenderText {#text} at (32,18) size 4x18
-          text run at (32,18) width 4: "."
-layer at (50,50) size 200x200
-  RenderBlock (positioned) zI: 1 {DIV} at (50,50) size 200x200 [bgcolor=#FFFF00]
-layer at (70,50) size 100x100
-  RenderBlock (positioned) zI: 5 {DIV} at (20,0) size 100x100 [bgcolor=#FF0000]
-caret: position 1 of child 2 {#text} of child 1 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/forms/datalist/datalist-textinput-appearance-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/forms/datalist/datalist-textinput-appearance-expected.txt
deleted file mode 100644
index 797dee3a87ffa..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/forms/datalist/datalist-textinput-appearance-expected.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x35
-  RenderBlock {HTML} at (0,0) size 800x35
-    RenderBody {BODY} at (8,8) size 784x19
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderFlexibleBox {DIV} at (3,3) size 141x13
-          RenderBlock {DIV} at (0,0) size 129x13
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,11) size 129x13
-  RenderBlock {DIV} at (0,0) size 129x13
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/forms/time/time-input-rendering-basic-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/forms/time/time-input-rendering-basic-expected.txt
deleted file mode 100644
index c73807f4c7b14..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/forms/time/time-input-rendering-basic-expected.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (63,2) size 5x18
-        text run at (63,2) width 5: " "
-      RenderText {#text} at (0,0) size 0x0
-layer at (8,8) size 64x23 clip at (10,10) size 60x19
-  RenderFlexibleBox {INPUT} at (0,0) size 64x23 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (11,11) size 58x17
-  RenderBlock {DIV} at (3,3) size 58x17
-    RenderBlock {DIV} at (1,1) size 56x15
-      RenderBlock {DIV} at (0,0) size 16x15
-        RenderText {#text} at (1,1) size 14x13
-          text run at (1,1) width 14: "09"
-      RenderInline {DIV} at (16,1) size 4x13
-        RenderText {#text} at (16,1) size 4x13
-          text run at (16,1) width 4: ":"
-      RenderBlock {DIV} at (19,0) size 17x15
-        RenderText {#text} at (1,1) size 14x13
-          text run at (1,1) width 14: "41"
-      RenderInline {DIV} at (34,1) size 4x13
-        RenderText {#text} at (34,1) size 4x13
-          text run at (34,1) width 4: " "
-      RenderBlock {DIV} at (36,0) size 20x15
-        RenderText {#text} at (1,1) size 18x13
-          text run at (1,1) width 18: "AM"
-layer at (76,8) size 63x23 clip at (78,10) size 59x19
-  RenderFlexibleBox {INPUT} at (67,0) size 65x23 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (79,11) size 58x17 backgroundClip at (79,11) size 57x17 clip at (79,11) size 57x17
-  RenderBlock {DIV} at (3,3) size 58x17
-    RenderBlock {DIV} at (1,1) size 56x15
-      RenderBlock {DIV} at (39,0) size 17x15
-        RenderText {#text} at (1,1) size 14x13
-          text run at (1,1) width 14: "09"
-      RenderInline {DIV} at (36,1) size 4x13
-        RenderText {#text} at (36,1) size 4x13
-          text run at (36,1) width 4 RTL: ":"
-      RenderBlock {DIV} at (20,0) size 17x15
-        RenderText {#text} at (1,1) size 14x13
-          text run at (1,1) width 14: "41"
-      RenderInline {DIV} at (18,1) size 4x13
-        RenderText {#text} at (18,1) size 4x13
-          text run at (18,1) width 4 RTL: " "
-      RenderBlock {DIV} at (0,0) size 20x15
-        RenderText {#text} at (1,1) size 18x13
-          text run at (1,1) width 18: "AM"
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/repaint/4776765-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/repaint/4776765-expected.txt
deleted file mode 100644
index 2f2ee7c853427..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/repaint/4776765-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
-(repaint rects
-  (rect 1 37 798 32)
-  (rect 8 44 784 18)
-  (rect 1 51 798 18)
-  (rect 1 44 798 7)
-  (rect 1 19 15 32)
-  (rect 8 26 1 18)
-  (rect 1 37 15 32)
-  (rect 8 44 1 18)
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/repaint/placeholder-after-caps-lock-hidden-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/repaint/placeholder-after-caps-lock-hidden-expected.txt
deleted file mode 100644
index dc2a750611577..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/repaint/placeholder-after-caps-lock-hidden-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-Tests that the placeholder text is repainted when the caps lock indicator is hidden.
-
-
-(repaint rects
-  (rect 25 46 27 27)
-  (rect 30 51 17 17)
-  (rect 6 46 46 23)
-  (rect 11 53 36 13)
-  (rect 25 46 27 23)
-  (rect 30 53 17 13)
-  (rect 6 44 46 27)
-  (rect 11 51 36 17)
-  (rect 6 46 46 27)
-  (rect 11 51 36 17)
-  (rect 6 48 46 23)
-  (rect 11 53 36 13)
-  (rect 6 48 46 23)
-  (rect 11 53 36 13)
-)
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/fast/scrolling/mac/scrollbars/scrollbars-controller-type-expected.txt b/LayoutTests/platform/mac-ventura-wk2/fast/scrolling/mac/scrollbars/scrollbars-controller-type-expected.txt
deleted file mode 100644
index d3a49e04499b6..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/fast/scrolling/mac/scrollbars/scrollbars-controller-type-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Ensure scrollbars controller state is correct for scroller type
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS window.internals.scrollbarsControllerTypeForNode(svgScroller) is "ScrollbarsControllerMac"
-PASS window.internals.scrollbarsControllerTypeForNode(disabledScroller) is "ScrollbarsControllerMac"
-PASS window.internals.scrollbarsControllerTypeForNode(scroller) is "ScrollbarsControllerMac"
-PASS window.internals.scrollbarsControllerTypeForNode() is "ScrollbarsControllerMac"
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-offscreen-webgl-full-expected.txt b/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-offscreen-webgl-full-expected.txt
deleted file mode 100644
index 317045497429d..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-offscreen-webgl-full-expected.txt
+++ /dev/null
@@ -1,998 +0,0 @@
-Test that CanvasManager is able to record actions made to offscreen WebGL canvas contexts.
-
-
-== Running test suite: Canvas.recordingOffscreenWebGL
--- Running test case: Canvas.recordingOffscreenWebGL.multipleFrames
-initialState:
-  attributes:
-    width: 2
-    height: 2
-  parameters:
-    0: {"alpha":true,"depth":true,"stencil":false,"antialias":true,"premultipliedAlpha":true,"preserveDrawingBuffer":false,"powerPreference":"default","failIfMajorPerformanceCaveat":false}
-  content: <filtered>
-frames:
-  0: (duration)
-    0: activeTexture(1)
-      swizzleTypes: [Number]
-      trace:
-        0: activeTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-        3: performActions
-        4: Global Code
-  1: (duration)
-    0: attachShader(1, 4)
-      swizzleTypes: [WebGLProgram, WebGLShader]
-      trace:
-        0: attachShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  2: (duration)
-    0: bindAttribLocation(1, 1, "test")
-      swizzleTypes: [WebGLProgram, Number, String]
-      trace:
-        0: bindAttribLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  3: (duration)
-    0: bindBuffer(1, 1)
-      swizzleTypes: [Number, WebGLBuffer]
-      trace:
-        0: bindBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  4: (duration)
-    0: bindFramebuffer(1, 3)
-      swizzleTypes: [Number, WebGLFramebuffer]
-      trace:
-        0: bindFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  5: (duration)
-    0: bindRenderbuffer(1, 3)
-      swizzleTypes: [Number, WebGLRenderbuffer]
-      trace:
-        0: bindRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  6: (duration)
-    0: bindTexture(1, 2)
-      swizzleTypes: [Number, WebGLTexture]
-      trace:
-        0: bindTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  7: (duration)
-    0: blendColor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: blendColor
-        1: (anonymous function)
-        2: executeFrameFunction
-  8: (duration)
-    0: blendEquation(1)
-      swizzleTypes: [Number]
-      trace:
-        0: blendEquation
-        1: (anonymous function)
-        2: executeFrameFunction
-  9: (duration)
-    0: blendEquationSeparate(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: blendEquationSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  10: (duration)
-    0: blendFunc(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: blendFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  11: (duration)
-    0: blendFuncSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: blendFuncSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  12: (duration)
-    0: bufferData(1, 0, 2)
-      swizzleTypes: [Number, TypedArray, Number]
-      trace:
-        0: bufferData
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: bufferData(3, 4, 5)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: bufferData
-        1: (anonymous function)
-        2: executeFrameFunction
-  13: (duration)
-    0: bufferSubData(1, 2, 0)
-      swizzleTypes: [Number, Number, TypedArray]
-      trace:
-        0: bufferSubData
-        1: (anonymous function)
-        2: executeFrameFunction
-  14: (duration)
-    0: checkFramebufferStatus(1)
-      swizzleTypes: [Number]
-      trace:
-        0: checkFramebufferStatus
-        1: (anonymous function)
-        2: executeFrameFunction
-  15: (duration)
-    0: clear(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clear
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  16: (duration)
-    0: clearColor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: clearColor
-        1: (anonymous function)
-        2: executeFrameFunction
-  17: (duration)
-    0: clearDepth(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clearDepth
-        1: (anonymous function)
-        2: executeFrameFunction
-  18: (duration)
-    0: clearStencil(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clearStencil
-        1: (anonymous function)
-        2: executeFrameFunction
-  19: (duration)
-    0: colorMask(true, false, true, false)
-      swizzleTypes: [Boolean, Boolean, Boolean, Boolean]
-      trace:
-        0: colorMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  20: (duration)
-    0: compileShader(4)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: compileShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  21: (duration)
-    0: compressedTexImage2D(1, 2, 3, 4, 5, 6, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: compressedTexImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  22: (duration)
-    0: compressedTexSubImage2D(1, 2, 3, 4, 5, 6, 7, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: compressedTexSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  23: (duration)
-    0: copyTexImage2D(1, 2, 3, 4, 5, 6, 7, 8)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number]
-      trace:
-        0: copyTexImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  24: (duration)
-    0: copyTexSubImage2D(1, 2, 3, 4, 5, 6, 7, 8)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number]
-      trace:
-        0: copyTexSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  25: (duration)
-    0: createBuffer()
-      trace:
-        0: createBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  26: (duration)
-    0: createFramebuffer()
-      trace:
-        0: createFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  27: (duration)
-    0: createProgram()
-      trace:
-        0: createProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  28: (duration)
-    0: createRenderbuffer()
-      trace:
-        0: createRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  29: (duration)
-    0: createShader(1)
-      swizzleTypes: [Number]
-      trace:
-        0: createShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  30: (duration)
-    0: createTexture()
-      trace:
-        0: createTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  31: (duration)
-    0: cullFace(1)
-      swizzleTypes: [Number]
-      trace:
-        0: cullFace
-        1: (anonymous function)
-        2: executeFrameFunction
-  32: (duration)
-    0: deleteBuffer(1)
-      swizzleTypes: [WebGLBuffer]
-      trace:
-        0: deleteBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  33: (duration)
-    0: deleteFramebuffer(3)
-      swizzleTypes: [WebGLFramebuffer]
-      trace:
-        0: deleteFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  34: (duration)
-    0: deleteProgram(1)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: deleteProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  35: (duration)
-    0: deleteRenderbuffer(3)
-      swizzleTypes: [WebGLRenderbuffer]
-      trace:
-        0: deleteRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  36: (duration)
-    0: deleteShader(4)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: deleteShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  37: (duration)
-    0: deleteTexture(2)
-      swizzleTypes: [WebGLTexture]
-      trace:
-        0: deleteTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  38: (duration)
-    0: depthFunc(1)
-      swizzleTypes: [Number]
-      trace:
-        0: depthFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  39: (duration)
-    0: depthMask(true)
-      swizzleTypes: [Boolean]
-      trace:
-        0: depthMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  40: (duration)
-    0: depthRange(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: depthRange
-        1: (anonymous function)
-        2: executeFrameFunction
-  41: (duration)
-    0: detachShader(0, 0)
-      swizzleTypes: [WebGLProgram, WebGLShader]
-      trace:
-        0: detachShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  42: (duration)
-    0: disable(1)
-      swizzleTypes: [Number]
-      trace:
-        0: disable
-        1: (anonymous function)
-        2: executeFrameFunction
-  43: (duration)
-    0: disableVertexAttribArray(1)
-      swizzleTypes: [Number]
-      trace:
-        0: disableVertexAttribArray
-        1: (anonymous function)
-        2: executeFrameFunction
-  44: (duration)
-    0: drawArrays(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: drawArrays
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  45: (duration)
-    0: drawElements(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: drawElements
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  46: (duration)
-    0: enable(1)
-      swizzleTypes: [Number]
-      trace:
-        0: enable
-        1: (anonymous function)
-        2: executeFrameFunction
-  47: (duration)
-    0: enableVertexAttribArray(1)
-      swizzleTypes: [Number]
-      trace:
-        0: enableVertexAttribArray
-        1: (anonymous function)
-        2: executeFrameFunction
-  48: (duration)
-    0: finish()
-      trace:
-        0: finish
-        1: (anonymous function)
-        2: executeFrameFunction
-  49: (duration)
-    0: flush()
-      trace:
-        0: flush
-        1: (anonymous function)
-        2: executeFrameFunction
-  50: (duration)
-    0: framebufferRenderbuffer(1, 2, 3, 0)
-      swizzleTypes: [Number, Number, Number, WebGLRenderbuffer]
-      trace:
-        0: framebufferRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  51: (duration)
-    0: framebufferTexture2D(1, 2, 3, 0, 4)
-      swizzleTypes: [Number, Number, Number, WebGLTexture, Number]
-      trace:
-        0: framebufferTexture2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  52: (duration)
-    0: frontFace(1)
-      swizzleTypes: [Number]
-      trace:
-        0: frontFace
-        1: (anonymous function)
-        2: executeFrameFunction
-  53: (duration)
-    0: generateMipmap(1)
-      swizzleTypes: [Number]
-      trace:
-        0: generateMipmap
-        1: (anonymous function)
-        2: executeFrameFunction
-  54: (duration)
-    0: getActiveAttrib(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getActiveAttrib
-        1: (anonymous function)
-        2: executeFrameFunction
-  55: (duration)
-    0: getActiveUniform(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getActiveUniform
-        1: (anonymous function)
-        2: executeFrameFunction
-  56: (duration)
-    0: getAttachedShaders(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: getAttachedShaders
-        1: (anonymous function)
-        2: executeFrameFunction
-  57: (duration)
-    0: getAttribLocation(0, "test")
-      swizzleTypes: [WebGLProgram, String]
-      trace:
-        0: getAttribLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  58: (duration)
-    0: getBufferParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getBufferParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  59: (duration)
-    0: getContextAttributes()
-      trace:
-        0: getContextAttributes
-        1: (anonymous function)
-        2: executeFrameFunction
-  60: (duration)
-    0: getError()
-      trace:
-        0: getError
-        1: (anonymous function)
-        2: executeFrameFunction
-  61: (duration)
-    0: getExtension("test")
-      swizzleTypes: [String]
-      trace:
-        0: getExtension
-        1: (anonymous function)
-        2: executeFrameFunction
-  62: (duration)
-    0: getFramebufferAttachmentParameter(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: getFramebufferAttachmentParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  63: (duration)
-    0: getParameter(1)
-      swizzleTypes: [Number]
-      trace:
-        0: getParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  64: (duration)
-    0: getProgramInfoLog(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: getProgramInfoLog
-        1: (anonymous function)
-        2: executeFrameFunction
-  65: (duration)
-    0: getProgramParameter(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getProgramParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  66: (duration)
-    0: getRenderbufferParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getRenderbufferParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  67: (duration)
-    0: getShaderInfoLog(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: getShaderInfoLog
-        1: (anonymous function)
-        2: executeFrameFunction
-  68: (duration)
-    0: getShaderParameter(0, 1)
-      swizzleTypes: [WebGLShader, Number]
-      trace:
-        0: getShaderParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  69: (duration)
-    0: getShaderPrecisionFormat(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getShaderPrecisionFormat
-        1: (anonymous function)
-        2: executeFrameFunction
-  70: (duration)
-    0: getShaderSource(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: getShaderSource
-        1: (anonymous function)
-        2: executeFrameFunction
-  71: (duration)
-    0: getSupportedExtensions()
-      trace:
-        0: getSupportedExtensions
-        1: (anonymous function)
-        2: executeFrameFunction
-  72: (duration)
-    0: getTexParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getTexParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  73: (duration)
-    0: getUniform(0, 0)
-      swizzleTypes: [WebGLProgram, WebGLUniformLocation]
-      trace:
-        0: getUniform
-        1: (anonymous function)
-        2: executeFrameFunction
-  74: (duration)
-    0: getUniformLocation(0, "test")
-      swizzleTypes: [WebGLProgram, String]
-      trace:
-        0: getUniformLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  75: (duration)
-    0: getVertexAttrib(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getVertexAttrib
-        1: (anonymous function)
-        2: executeFrameFunction
-  76: (duration)
-    0: getVertexAttribOffset(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getVertexAttribOffset
-        1: (anonymous function)
-        2: executeFrameFunction
-  77: (duration)
-    0: hint(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: hint
-        1: (anonymous function)
-        2: executeFrameFunction
-  78: (duration)
-    0: isBuffer(0)
-      swizzleTypes: [WebGLBuffer]
-      trace:
-        0: isBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  79: (duration)
-    0: isContextLost()
-      trace:
-        0: isContextLost
-        1: (anonymous function)
-        2: executeFrameFunction
-  80: (duration)
-    0: isEnabled(1)
-      swizzleTypes: [Number]
-      trace:
-        0: isEnabled
-        1: (anonymous function)
-        2: executeFrameFunction
-  81: (duration)
-    0: isFramebuffer(0)
-      swizzleTypes: [WebGLFramebuffer]
-      trace:
-        0: isFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  82: (duration)
-    0: isProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: isProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  83: (duration)
-    0: isRenderbuffer(0)
-      swizzleTypes: [WebGLRenderbuffer]
-      trace:
-        0: isRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  84: (duration)
-    0: isShader(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: isShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  85: (duration)
-    0: isTexture(0)
-      swizzleTypes: [WebGLTexture]
-      trace:
-        0: isTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  86: (duration)
-    0: lineWidth(1)
-      swizzleTypes: [Number]
-      trace:
-        0: lineWidth
-        1: (anonymous function)
-        2: executeFrameFunction
-  87: (duration)
-    0: linkProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: linkProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  88: (duration)
-    0: pixelStorei(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: pixelStorei
-        1: (anonymous function)
-        2: executeFrameFunction
-  89: (duration)
-    0: polygonOffset(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: polygonOffset
-        1: (anonymous function)
-        2: executeFrameFunction
-  90: (duration)
-    0: readPixels(1, 2, 3, 4, 5, 6, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: readPixels
-        1: (anonymous function)
-        2: executeFrameFunction
-  91: (duration)
-    0: renderbufferStorage(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: renderbufferStorage
-        1: (anonymous function)
-        2: executeFrameFunction
-  92: (duration)
-    0: sampleCoverage(1, true)
-      swizzleTypes: [Number, Boolean]
-      trace:
-        0: sampleCoverage
-        1: (anonymous function)
-        2: executeFrameFunction
-  93: (duration)
-    0: scissor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: scissor
-        1: (anonymous function)
-        2: executeFrameFunction
-  94: (duration)
-    0: shaderSource(0, "test")
-      swizzleTypes: [WebGLShader, String]
-      trace:
-        0: shaderSource
-        1: (anonymous function)
-        2: executeFrameFunction
-  95: (duration)
-    0: stencilFunc(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: stencilFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  96: (duration)
-    0: stencilFuncSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: stencilFuncSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  97: (duration)
-    0: stencilMask(1)
-      swizzleTypes: [Number]
-      trace:
-        0: stencilMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  98: (duration)
-    0: stencilMaskSeparate(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: stencilMaskSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  99: (duration)
-    0: stencilOp(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: stencilOp
-        1: (anonymous function)
-        2: executeFrameFunction
-  100: (duration)
-    0: stencilOpSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: stencilOpSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  101: (duration)
-    0: texImage2D(1, 2, 3, 4, 5, [object HTMLImageElement])
-      swizzleTypes: [Number, Number, Number, Number, Number, Image]
-      trace:
-        0: texImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: texImage2D(6, 7, 8, 9, 10, 11, 12, 13, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: texImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  102: (duration)
-    0: texParameterf(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: texParameterf
-        1: (anonymous function)
-        2: executeFrameFunction
-  103: (duration)
-    0: texParameteri(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: texParameteri
-        1: (anonymous function)
-        2: executeFrameFunction
-  104: (duration)
-    0: texSubImage2D(1, 2, 3, 4, 5, 6, [object HTMLImageElement])
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Image]
-      trace:
-        0: texSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: texSubImage2D(7, 8, 9, 10, 11, 12, 13, 14, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: texSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  105: (duration)
-    0: uniform1f(0, 1)
-      swizzleTypes: [WebGLUniformLocation, Number]
-      trace:
-        0: uniform1f
-        1: (anonymous function)
-        2: executeFrameFunction
-  106: (duration)
-    0: uniform1fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform1fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  107: (duration)
-    0: uniform1i(0, 1)
-      swizzleTypes: [WebGLUniformLocation, Number]
-      trace:
-        0: uniform1i
-        1: (anonymous function)
-        2: executeFrameFunction
-  108: (duration)
-    0: uniform1iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform1iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  109: (duration)
-    0: uniform2f(0, 1, 2)
-      swizzleTypes: [WebGLUniformLocation, Number, Number]
-      trace:
-        0: uniform2f
-        1: (anonymous function)
-        2: executeFrameFunction
-  110: (duration)
-    0: uniform2fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  111: (duration)
-    0: uniform2i(0, 1, 2)
-      swizzleTypes: [WebGLUniformLocation, Number, Number]
-      trace:
-        0: uniform2i
-        1: (anonymous function)
-        2: executeFrameFunction
-  112: (duration)
-    0: uniform2iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform2iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  113: (duration)
-    0: uniform3f(0, 1, 2, 3)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number]
-      trace:
-        0: uniform3f
-        1: (anonymous function)
-        2: executeFrameFunction
-  114: (duration)
-    0: uniform3fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  115: (duration)
-    0: uniform3i(0, 1, 2, 3)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number]
-      trace:
-        0: uniform3i
-        1: (anonymous function)
-        2: executeFrameFunction
-  116: (duration)
-    0: uniform3iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform3iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  117: (duration)
-    0: uniform4f(0, 1, 2, 3, 4)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number, Number]
-      trace:
-        0: uniform4f
-        1: (anonymous function)
-        2: executeFrameFunction
-  118: (duration)
-    0: uniform4fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  119: (duration)
-    0: uniform4i(0, 1, 2, 3, 4)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number, Number]
-      trace:
-        0: uniform4i
-        1: (anonymous function)
-        2: executeFrameFunction
-  120: (duration)
-    0: uniform4iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform4iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  121: (duration)
-    0: uniformMatrix2fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  122: (duration)
-    0: uniformMatrix3fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  123: (duration)
-    0: uniformMatrix4fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  124: (duration)
-    0: useProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: useProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  125: (duration)
-    0: validateProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: validateProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  126: (duration)
-    0: vertexAttrib1f(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: vertexAttrib1f
-        1: (anonymous function)
-        2: executeFrameFunction
-  127: (duration)
-    0: vertexAttrib1fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib1fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  128: (duration)
-    0: vertexAttrib2f(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: vertexAttrib2f
-        1: (anonymous function)
-        2: executeFrameFunction
-  129: (duration)
-    0: vertexAttrib2fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  130: (duration)
-    0: vertexAttrib3f(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: vertexAttrib3f
-        1: (anonymous function)
-        2: executeFrameFunction
-  131: (duration)
-    0: vertexAttrib3fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  132: (duration)
-    0: vertexAttrib4f(1, 2, 3, 4, 5)
-      swizzleTypes: [Number, Number, Number, Number, Number]
-      trace:
-        0: vertexAttrib4f
-        1: (anonymous function)
-        2: executeFrameFunction
-  133: (duration)
-    0: vertexAttrib4fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  134: (duration)
-    0: vertexAttribPointer(1, 2, 3, true, 5, 6)
-      swizzleTypes: [Number, Number, Number, Boolean, Number, Number]
-      trace:
-        0: vertexAttribPointer
-        1: (anonymous function)
-        2: executeFrameFunction
-  135: (duration)
-    0: viewport(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: viewport
-        1: (anonymous function)
-        2: executeFrameFunction
-  136: (duration)
-    0: width
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-    1: width = 2
-      swizzleTypes: [Number]
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-  137: (duration)
-    0: height
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-    1: height = 2
-      swizzleTypes: [Number]
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-webgl-full-expected.txt b/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-webgl-full-expected.txt
deleted file mode 100644
index a2f63fddb39dd..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/inspector/canvas/recording-webgl-full-expected.txt
+++ /dev/null
@@ -1,998 +0,0 @@
-Test that CanvasManager is able to record actions made to WebGL canvas contexts.
-
-
-== Running test suite: Canvas.recordingWebGL
--- Running test case: Canvas.recordingWebGL.multipleFrames
-initialState:
-  attributes:
-    width: 2
-    height: 2
-  parameters:
-    0: {"alpha":true,"depth":true,"stencil":false,"antialias":true,"premultipliedAlpha":true,"preserveDrawingBuffer":false,"powerPreference":"default","failIfMajorPerformanceCaveat":false}
-  content: <filtered>
-frames:
-  0: (duration)
-    0: activeTexture(1)
-      swizzleTypes: [Number]
-      trace:
-        0: activeTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-        3: performActions
-        4: Global Code
-  1: (duration)
-    0: attachShader(1, 4)
-      swizzleTypes: [WebGLProgram, WebGLShader]
-      trace:
-        0: attachShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  2: (duration)
-    0: bindAttribLocation(1, 1, "test")
-      swizzleTypes: [WebGLProgram, Number, String]
-      trace:
-        0: bindAttribLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  3: (duration)
-    0: bindBuffer(1, 1)
-      swizzleTypes: [Number, WebGLBuffer]
-      trace:
-        0: bindBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  4: (duration)
-    0: bindFramebuffer(1, 3)
-      swizzleTypes: [Number, WebGLFramebuffer]
-      trace:
-        0: bindFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  5: (duration)
-    0: bindRenderbuffer(1, 3)
-      swizzleTypes: [Number, WebGLRenderbuffer]
-      trace:
-        0: bindRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  6: (duration)
-    0: bindTexture(1, 2)
-      swizzleTypes: [Number, WebGLTexture]
-      trace:
-        0: bindTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  7: (duration)
-    0: blendColor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: blendColor
-        1: (anonymous function)
-        2: executeFrameFunction
-  8: (duration)
-    0: blendEquation(1)
-      swizzleTypes: [Number]
-      trace:
-        0: blendEquation
-        1: (anonymous function)
-        2: executeFrameFunction
-  9: (duration)
-    0: blendEquationSeparate(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: blendEquationSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  10: (duration)
-    0: blendFunc(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: blendFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  11: (duration)
-    0: blendFuncSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: blendFuncSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  12: (duration)
-    0: bufferData(1, 0, 2)
-      swizzleTypes: [Number, TypedArray, Number]
-      trace:
-        0: bufferData
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: bufferData(3, 4, 5)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: bufferData
-        1: (anonymous function)
-        2: executeFrameFunction
-  13: (duration)
-    0: bufferSubData(1, 2, 0)
-      swizzleTypes: [Number, Number, TypedArray]
-      trace:
-        0: bufferSubData
-        1: (anonymous function)
-        2: executeFrameFunction
-  14: (duration)
-    0: checkFramebufferStatus(1)
-      swizzleTypes: [Number]
-      trace:
-        0: checkFramebufferStatus
-        1: (anonymous function)
-        2: executeFrameFunction
-  15: (duration)
-    0: clear(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clear
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  16: (duration)
-    0: clearColor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: clearColor
-        1: (anonymous function)
-        2: executeFrameFunction
-  17: (duration)
-    0: clearDepth(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clearDepth
-        1: (anonymous function)
-        2: executeFrameFunction
-  18: (duration)
-    0: clearStencil(1)
-      swizzleTypes: [Number]
-      trace:
-        0: clearStencil
-        1: (anonymous function)
-        2: executeFrameFunction
-  19: (duration)
-    0: colorMask(true, false, true, false)
-      swizzleTypes: [Boolean, Boolean, Boolean, Boolean]
-      trace:
-        0: colorMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  20: (duration)
-    0: compileShader(4)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: compileShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  21: (duration)
-    0: compressedTexImage2D(1, 2, 3, 4, 5, 6, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: compressedTexImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  22: (duration)
-    0: compressedTexSubImage2D(1, 2, 3, 4, 5, 6, 7, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: compressedTexSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  23: (duration)
-    0: copyTexImage2D(1, 2, 3, 4, 5, 6, 7, 8)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number]
-      trace:
-        0: copyTexImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  24: (duration)
-    0: copyTexSubImage2D(1, 2, 3, 4, 5, 6, 7, 8)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number]
-      trace:
-        0: copyTexSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  25: (duration)
-    0: createBuffer()
-      trace:
-        0: createBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  26: (duration)
-    0: createFramebuffer()
-      trace:
-        0: createFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  27: (duration)
-    0: createProgram()
-      trace:
-        0: createProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  28: (duration)
-    0: createRenderbuffer()
-      trace:
-        0: createRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  29: (duration)
-    0: createShader(1)
-      swizzleTypes: [Number]
-      trace:
-        0: createShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  30: (duration)
-    0: createTexture()
-      trace:
-        0: createTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  31: (duration)
-    0: cullFace(1)
-      swizzleTypes: [Number]
-      trace:
-        0: cullFace
-        1: (anonymous function)
-        2: executeFrameFunction
-  32: (duration)
-    0: deleteBuffer(1)
-      swizzleTypes: [WebGLBuffer]
-      trace:
-        0: deleteBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  33: (duration)
-    0: deleteFramebuffer(3)
-      swizzleTypes: [WebGLFramebuffer]
-      trace:
-        0: deleteFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  34: (duration)
-    0: deleteProgram(1)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: deleteProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  35: (duration)
-    0: deleteRenderbuffer(3)
-      swizzleTypes: [WebGLRenderbuffer]
-      trace:
-        0: deleteRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  36: (duration)
-    0: deleteShader(4)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: deleteShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  37: (duration)
-    0: deleteTexture(2)
-      swizzleTypes: [WebGLTexture]
-      trace:
-        0: deleteTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  38: (duration)
-    0: depthFunc(1)
-      swizzleTypes: [Number]
-      trace:
-        0: depthFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  39: (duration)
-    0: depthMask(true)
-      swizzleTypes: [Boolean]
-      trace:
-        0: depthMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  40: (duration)
-    0: depthRange(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: depthRange
-        1: (anonymous function)
-        2: executeFrameFunction
-  41: (duration)
-    0: detachShader(0, 0)
-      swizzleTypes: [WebGLProgram, WebGLShader]
-      trace:
-        0: detachShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  42: (duration)
-    0: disable(1)
-      swizzleTypes: [Number]
-      trace:
-        0: disable
-        1: (anonymous function)
-        2: executeFrameFunction
-  43: (duration)
-    0: disableVertexAttribArray(1)
-      swizzleTypes: [Number]
-      trace:
-        0: disableVertexAttribArray
-        1: (anonymous function)
-        2: executeFrameFunction
-  44: (duration)
-    0: drawArrays(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: drawArrays
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  45: (duration)
-    0: drawElements(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: drawElements
-        1: (anonymous function)
-        2: executeFrameFunction
-      snapshot: <filtered>
-  46: (duration)
-    0: enable(1)
-      swizzleTypes: [Number]
-      trace:
-        0: enable
-        1: (anonymous function)
-        2: executeFrameFunction
-  47: (duration)
-    0: enableVertexAttribArray(1)
-      swizzleTypes: [Number]
-      trace:
-        0: enableVertexAttribArray
-        1: (anonymous function)
-        2: executeFrameFunction
-  48: (duration)
-    0: finish()
-      trace:
-        0: finish
-        1: (anonymous function)
-        2: executeFrameFunction
-  49: (duration)
-    0: flush()
-      trace:
-        0: flush
-        1: (anonymous function)
-        2: executeFrameFunction
-  50: (duration)
-    0: framebufferRenderbuffer(1, 2, 3, 0)
-      swizzleTypes: [Number, Number, Number, WebGLRenderbuffer]
-      trace:
-        0: framebufferRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  51: (duration)
-    0: framebufferTexture2D(1, 2, 3, 0, 4)
-      swizzleTypes: [Number, Number, Number, WebGLTexture, Number]
-      trace:
-        0: framebufferTexture2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  52: (duration)
-    0: frontFace(1)
-      swizzleTypes: [Number]
-      trace:
-        0: frontFace
-        1: (anonymous function)
-        2: executeFrameFunction
-  53: (duration)
-    0: generateMipmap(1)
-      swizzleTypes: [Number]
-      trace:
-        0: generateMipmap
-        1: (anonymous function)
-        2: executeFrameFunction
-  54: (duration)
-    0: getActiveAttrib(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getActiveAttrib
-        1: (anonymous function)
-        2: executeFrameFunction
-  55: (duration)
-    0: getActiveUniform(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getActiveUniform
-        1: (anonymous function)
-        2: executeFrameFunction
-  56: (duration)
-    0: getAttachedShaders(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: getAttachedShaders
-        1: (anonymous function)
-        2: executeFrameFunction
-  57: (duration)
-    0: getAttribLocation(0, "test")
-      swizzleTypes: [WebGLProgram, String]
-      trace:
-        0: getAttribLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  58: (duration)
-    0: getBufferParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getBufferParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  59: (duration)
-    0: getContextAttributes()
-      trace:
-        0: getContextAttributes
-        1: (anonymous function)
-        2: executeFrameFunction
-  60: (duration)
-    0: getError()
-      trace:
-        0: getError
-        1: (anonymous function)
-        2: executeFrameFunction
-  61: (duration)
-    0: getExtension("test")
-      swizzleTypes: [String]
-      trace:
-        0: getExtension
-        1: (anonymous function)
-        2: executeFrameFunction
-  62: (duration)
-    0: getFramebufferAttachmentParameter(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: getFramebufferAttachmentParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  63: (duration)
-    0: getParameter(1)
-      swizzleTypes: [Number]
-      trace:
-        0: getParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  64: (duration)
-    0: getProgramInfoLog(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: getProgramInfoLog
-        1: (anonymous function)
-        2: executeFrameFunction
-  65: (duration)
-    0: getProgramParameter(0, 1)
-      swizzleTypes: [WebGLProgram, Number]
-      trace:
-        0: getProgramParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  66: (duration)
-    0: getRenderbufferParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getRenderbufferParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  67: (duration)
-    0: getShaderInfoLog(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: getShaderInfoLog
-        1: (anonymous function)
-        2: executeFrameFunction
-  68: (duration)
-    0: getShaderParameter(0, 1)
-      swizzleTypes: [WebGLShader, Number]
-      trace:
-        0: getShaderParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  69: (duration)
-    0: getShaderPrecisionFormat(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getShaderPrecisionFormat
-        1: (anonymous function)
-        2: executeFrameFunction
-  70: (duration)
-    0: getShaderSource(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: getShaderSource
-        1: (anonymous function)
-        2: executeFrameFunction
-  71: (duration)
-    0: getSupportedExtensions()
-      trace:
-        0: getSupportedExtensions
-        1: (anonymous function)
-        2: executeFrameFunction
-  72: (duration)
-    0: getTexParameter(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getTexParameter
-        1: (anonymous function)
-        2: executeFrameFunction
-  73: (duration)
-    0: getUniform(0, 0)
-      swizzleTypes: [WebGLProgram, WebGLUniformLocation]
-      trace:
-        0: getUniform
-        1: (anonymous function)
-        2: executeFrameFunction
-  74: (duration)
-    0: getUniformLocation(0, "test")
-      swizzleTypes: [WebGLProgram, String]
-      trace:
-        0: getUniformLocation
-        1: (anonymous function)
-        2: executeFrameFunction
-  75: (duration)
-    0: getVertexAttrib(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getVertexAttrib
-        1: (anonymous function)
-        2: executeFrameFunction
-  76: (duration)
-    0: getVertexAttribOffset(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: getVertexAttribOffset
-        1: (anonymous function)
-        2: executeFrameFunction
-  77: (duration)
-    0: hint(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: hint
-        1: (anonymous function)
-        2: executeFrameFunction
-  78: (duration)
-    0: isBuffer(0)
-      swizzleTypes: [WebGLBuffer]
-      trace:
-        0: isBuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  79: (duration)
-    0: isContextLost()
-      trace:
-        0: isContextLost
-        1: (anonymous function)
-        2: executeFrameFunction
-  80: (duration)
-    0: isEnabled(1)
-      swizzleTypes: [Number]
-      trace:
-        0: isEnabled
-        1: (anonymous function)
-        2: executeFrameFunction
-  81: (duration)
-    0: isFramebuffer(0)
-      swizzleTypes: [WebGLFramebuffer]
-      trace:
-        0: isFramebuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  82: (duration)
-    0: isProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: isProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  83: (duration)
-    0: isRenderbuffer(0)
-      swizzleTypes: [WebGLRenderbuffer]
-      trace:
-        0: isRenderbuffer
-        1: (anonymous function)
-        2: executeFrameFunction
-  84: (duration)
-    0: isShader(0)
-      swizzleTypes: [WebGLShader]
-      trace:
-        0: isShader
-        1: (anonymous function)
-        2: executeFrameFunction
-  85: (duration)
-    0: isTexture(0)
-      swizzleTypes: [WebGLTexture]
-      trace:
-        0: isTexture
-        1: (anonymous function)
-        2: executeFrameFunction
-  86: (duration)
-    0: lineWidth(1)
-      swizzleTypes: [Number]
-      trace:
-        0: lineWidth
-        1: (anonymous function)
-        2: executeFrameFunction
-  87: (duration)
-    0: linkProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: linkProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  88: (duration)
-    0: pixelStorei(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: pixelStorei
-        1: (anonymous function)
-        2: executeFrameFunction
-  89: (duration)
-    0: polygonOffset(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: polygonOffset
-        1: (anonymous function)
-        2: executeFrameFunction
-  90: (duration)
-    0: readPixels(1, 2, 3, 4, 5, 6, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: readPixels
-        1: (anonymous function)
-        2: executeFrameFunction
-  91: (duration)
-    0: renderbufferStorage(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: renderbufferStorage
-        1: (anonymous function)
-        2: executeFrameFunction
-  92: (duration)
-    0: sampleCoverage(1, true)
-      swizzleTypes: [Number, Boolean]
-      trace:
-        0: sampleCoverage
-        1: (anonymous function)
-        2: executeFrameFunction
-  93: (duration)
-    0: scissor(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: scissor
-        1: (anonymous function)
-        2: executeFrameFunction
-  94: (duration)
-    0: shaderSource(0, "test")
-      swizzleTypes: [WebGLShader, String]
-      trace:
-        0: shaderSource
-        1: (anonymous function)
-        2: executeFrameFunction
-  95: (duration)
-    0: stencilFunc(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: stencilFunc
-        1: (anonymous function)
-        2: executeFrameFunction
-  96: (duration)
-    0: stencilFuncSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: stencilFuncSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  97: (duration)
-    0: stencilMask(1)
-      swizzleTypes: [Number]
-      trace:
-        0: stencilMask
-        1: (anonymous function)
-        2: executeFrameFunction
-  98: (duration)
-    0: stencilMaskSeparate(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: stencilMaskSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  99: (duration)
-    0: stencilOp(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: stencilOp
-        1: (anonymous function)
-        2: executeFrameFunction
-  100: (duration)
-    0: stencilOpSeparate(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: stencilOpSeparate
-        1: (anonymous function)
-        2: executeFrameFunction
-  101: (duration)
-    0: texImage2D(1, 2, 3, 4, 5, [object HTMLImageElement])
-      swizzleTypes: [Number, Number, Number, Number, Number, Image]
-      trace:
-        0: texImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: texImage2D(6, 7, 8, 9, 10, 11, 12, 13, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: texImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  102: (duration)
-    0: texParameterf(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: texParameterf
-        1: (anonymous function)
-        2: executeFrameFunction
-  103: (duration)
-    0: texParameteri(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: texParameteri
-        1: (anonymous function)
-        2: executeFrameFunction
-  104: (duration)
-    0: texSubImage2D(1, 2, 3, 4, 5, 6, [object HTMLImageElement])
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Image]
-      trace:
-        0: texSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-    1: texSubImage2D(7, 8, 9, 10, 11, 12, 13, 14, 0)
-      swizzleTypes: [Number, Number, Number, Number, Number, Number, Number, Number, TypedArray]
-      trace:
-        0: texSubImage2D
-        1: (anonymous function)
-        2: executeFrameFunction
-  105: (duration)
-    0: uniform1f(0, 1)
-      swizzleTypes: [WebGLUniformLocation, Number]
-      trace:
-        0: uniform1f
-        1: (anonymous function)
-        2: executeFrameFunction
-  106: (duration)
-    0: uniform1fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform1fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  107: (duration)
-    0: uniform1i(0, 1)
-      swizzleTypes: [WebGLUniformLocation, Number]
-      trace:
-        0: uniform1i
-        1: (anonymous function)
-        2: executeFrameFunction
-  108: (duration)
-    0: uniform1iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform1iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  109: (duration)
-    0: uniform2f(0, 1, 2)
-      swizzleTypes: [WebGLUniformLocation, Number, Number]
-      trace:
-        0: uniform2f
-        1: (anonymous function)
-        2: executeFrameFunction
-  110: (duration)
-    0: uniform2fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  111: (duration)
-    0: uniform2i(0, 1, 2)
-      swizzleTypes: [WebGLUniformLocation, Number, Number]
-      trace:
-        0: uniform2i
-        1: (anonymous function)
-        2: executeFrameFunction
-  112: (duration)
-    0: uniform2iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform2iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  113: (duration)
-    0: uniform3f(0, 1, 2, 3)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number]
-      trace:
-        0: uniform3f
-        1: (anonymous function)
-        2: executeFrameFunction
-  114: (duration)
-    0: uniform3fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  115: (duration)
-    0: uniform3i(0, 1, 2, 3)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number]
-      trace:
-        0: uniform3i
-        1: (anonymous function)
-        2: executeFrameFunction
-  116: (duration)
-    0: uniform3iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform3iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  117: (duration)
-    0: uniform4f(0, 1, 2, 3, 4)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number, Number]
-      trace:
-        0: uniform4f
-        1: (anonymous function)
-        2: executeFrameFunction
-  118: (duration)
-    0: uniform4fv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  119: (duration)
-    0: uniform4i(0, 1, 2, 3, 4)
-      swizzleTypes: [WebGLUniformLocation, Number, Number, Number, Number]
-      trace:
-        0: uniform4i
-        1: (anonymous function)
-        2: executeFrameFunction
-  120: (duration)
-    0: uniform4iv(0, 0)
-      swizzleTypes: [WebGLUniformLocation, TypedArray]
-      trace:
-        0: uniform4iv
-        1: (anonymous function)
-        2: executeFrameFunction
-  121: (duration)
-    0: uniformMatrix2fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  122: (duration)
-    0: uniformMatrix3fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  123: (duration)
-    0: uniformMatrix4fv(0, true, 0)
-      swizzleTypes: [WebGLUniformLocation, Boolean, TypedArray]
-      trace:
-        0: uniformMatrix4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  124: (duration)
-    0: useProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: useProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  125: (duration)
-    0: validateProgram(0)
-      swizzleTypes: [WebGLProgram]
-      trace:
-        0: validateProgram
-        1: (anonymous function)
-        2: executeFrameFunction
-  126: (duration)
-    0: vertexAttrib1f(1, 2)
-      swizzleTypes: [Number, Number]
-      trace:
-        0: vertexAttrib1f
-        1: (anonymous function)
-        2: executeFrameFunction
-  127: (duration)
-    0: vertexAttrib1fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib1fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  128: (duration)
-    0: vertexAttrib2f(1, 2, 3)
-      swizzleTypes: [Number, Number, Number]
-      trace:
-        0: vertexAttrib2f
-        1: (anonymous function)
-        2: executeFrameFunction
-  129: (duration)
-    0: vertexAttrib2fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib2fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  130: (duration)
-    0: vertexAttrib3f(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: vertexAttrib3f
-        1: (anonymous function)
-        2: executeFrameFunction
-  131: (duration)
-    0: vertexAttrib3fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib3fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  132: (duration)
-    0: vertexAttrib4f(1, 2, 3, 4, 5)
-      swizzleTypes: [Number, Number, Number, Number, Number]
-      trace:
-        0: vertexAttrib4f
-        1: (anonymous function)
-        2: executeFrameFunction
-  133: (duration)
-    0: vertexAttrib4fv(1, 0)
-      swizzleTypes: [Number, TypedArray]
-      trace:
-        0: vertexAttrib4fv
-        1: (anonymous function)
-        2: executeFrameFunction
-  134: (duration)
-    0: vertexAttribPointer(1, 2, 3, true, 5, 6)
-      swizzleTypes: [Number, Number, Number, Boolean, Number, Number]
-      trace:
-        0: vertexAttribPointer
-        1: (anonymous function)
-        2: executeFrameFunction
-  135: (duration)
-    0: viewport(1, 2, 3, 4)
-      swizzleTypes: [Number, Number, Number, Number]
-      trace:
-        0: viewport
-        1: (anonymous function)
-        2: executeFrameFunction
-  136: (duration)
-    0: width
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-    1: width = 2
-      swizzleTypes: [Number]
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-  137: (duration)
-    0: height
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-    1: height = 2
-      swizzleTypes: [Number]
-      trace:
-        0: (anonymous function)
-        1: executeFrameFunction
-
diff --git a/LayoutTests/platform/mac-ventura-wk2/scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-overflow-in-iframe-expected.txt b/LayoutTests/platform/mac-ventura-wk2/scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-overflow-in-iframe-expected.txt
deleted file mode 100644
index 542eb5cda9f6f..0000000000000
--- a/LayoutTests/platform/mac-ventura-wk2/scrollingcoordinator/mac/fixed-backgrounds/fixed-background-in-overflow-in-iframe-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
-(scrolling tree
-  (frame scrolling node
-    (scrollable area size width=785 height=600)
-    (total content size width=785 height=2016)
-    (last committed scroll position (0,0))
-    (scrollable area parameters
-      (horizontal scroll elasticity 2)
-      (vertical scroll elasticity 2)
-      (horizontal scrollbar mode 0)
-      (vertical scrollbar mode 0)
-      (allows vertical scrolling 1))
-    (layout viewport (0,0) width=785 height=600)
-    (min layoutViewport origin (0,0))
-    (max layoutViewport origin (0,1416))
-    (behavior for fixed 1)))
diff --git a/LayoutTests/platform/mac-ventura/TestExpectations b/LayoutTests/platform/mac-ventura/TestExpectations
deleted file mode 100644
index 964b034525a40..0000000000000
--- a/LayoutTests/platform/mac-ventura/TestExpectations
+++ /dev/null
@@ -1,45 +0,0 @@
-# Failing after OS migration rdar://112624778 (Migrate macOS Sonoma test expectations to OpenSource, add expectation files to Down-Levels (259373))
-
-webkit.org/b/268789 [ Debug ] imported/w3c/web-platform-tests/css/css-break/table/repeated-section/special-elements-crash.html [ Skip ]
-
-# With CryptoKit, these tests start to work properly, but cryptoKit enablement is macOS 14.5 or higher so we need to mark them fail for 13.X  and < 14.5 bots
-# Instead of skipping them, we let them run atleast so that we have logs for the test cases in those logs that do actually work correctly.
-imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve25519.https.any.html [ Failure ]
-imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve25519.https.any.worker.html [ Failure ]
-imported/w3c/web-platform-tests/WebCryptoAPI/sign_verify/eddsa_small_order_points.https.any.html [ Failure ]
-imported/w3c/web-platform-tests/WebCryptoAPI/sign_verify/eddsa_small_order_points.https.any.worker.html [ Failure ]
-
-# HAVE(VOICEACTIVITYDETECTION) is false in Ventura.
-http/wpt/mediasession/voiceActivityDetection.html [ Skip ]
-
-# Skip these tests that enable UnifiedPDFPlugin, since it's only meaningful for macOS 14+.
-http/tests/pdf/linearized-pdf-in-iframe.html [ Skip ]
-http/tests/pdf/linearized-pdf-in-display-none-iframe.html [ Skip ]
-http/tests/pdf/page-in-window-update-with-linearized-pdf-in-display-none-iframe.html [ Skip ]
-pdf/pdf-in-embed-rounded-border.html [ Skip ]
-pdf/pdf-plugin-printing.html [ Skip ]
-pdf/annotations/checkbox-set-active.html [ Skip ]
-pdf/annotations/radio-buttons-select-second.html [ Skip ]
-pdf/annotations/dropdown-select-second-option.html [ Skip ]
-
-# linkedOnOrAfter(Sequoa) for Cross Origin Redirect Downloads.
-http/tests/download/anchor-download-redirect-cross-origin.html
-http/tests/download/anchor-download-redirect-cross-origin-top-level.html
-
-# CoreMaterial is unavailable on Ventura.
-apple-visual-effects [ Skip ]
-
-# These fail with an "IOSurface textures must use MTLStorageModeManaged" assertion on Ventura, but not on later OSes.
-fast/webgpu/nocrash/fuzz-274161.html [ Skip ]
-fast/webgpu/nocrash/fuzz-274270.html [ Skip ]
-fast/webgpu/nocrash/fuzz-274334.html [ Skip ]
-fast/webgpu/nocrash/fuzz-275294.html [ Skip ]
-fast/webgpu/nocrash/fuzz-278545.html [ Skip ]
-fast/webgpu/nocrash/fuzz-281614.html [ Skip ]
-
-# These fail with a shader validation error on Ventura, but not on later OSes.
-fast/webgpu/nocrash/fuzz-283071.html [ Skip ]
-fast/webgpu/nocrash/fuzz-283157.html [ Skip ]
-
-# webkit.org/b/285755 [EWS] macOS-Ventura-Release-WK2-Intel-Tests-EWS bots stuck in login page due to window server crashes
-[ x86_64 ] fast/webgpu [ Skip ]
diff --git a/LayoutTests/platform/mac-ventura/accessibility/datetime/input-datetime-local-label-value-expected.txt b/LayoutTests/platform/mac-ventura/accessibility/datetime/input-datetime-local-label-value-expected.txt
deleted file mode 100644
index b37f8cfcef9cf..0000000000000
--- a/LayoutTests/platform/mac-ventura/accessibility/datetime/input-datetime-local-label-value-expected.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-This tests input type=datetime-local label and value properties.
-
-datetime1:
-PASS: datetime.title === 'AXTitle: Meeting time:'
-AXValue: Oct 21, 2024 at 3:45 PM
-AXDateValue: 2024-10-21 15:45:59 +0000
-
-datetime2:
-PASS: datetime.title === 'AXTitle: Meeting time:'
-AXValue: Oct 21, 2024 at 3:45 PM
-AXDateValue: 2024-10-21 15:45:59 +0000
-
-datetime3:
-PASS: datetime.title === 'AXTitle: Meeting time:'
-AXValue: Oct 21, 2024 at 3:45 PM
-AXDateValue: 2024-10-21 15:45:59 +0000
-
-datetime4:
-PASS: datetime.title === 'AXTitle: '
-AXValue: Oct 21, 2024 at 3:45 PM
-AXDateValue: 2024-10-21 15:45:59 +0000
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
- Meeting time:  Meeting time:
diff --git a/LayoutTests/platform/mac-ventura/accessibility/datetime/input-time-label-value-expected.txt b/LayoutTests/platform/mac-ventura/accessibility/datetime/input-time-label-value-expected.txt
deleted file mode 100644
index 0b603ca737547..0000000000000
--- a/LayoutTests/platform/mac-ventura/accessibility/datetime/input-time-label-value-expected.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-This tests input type=time label and value properties.
-
-inputtime1:
-PASS: inputtime.title === 'AXTitle: Meeting time:'
-AXValue: 8:30 AM
-PASS: inputtime.dateValue === 'AXDateValue: 1970-01-01 08:30:00 +0000'
-inputtime2:
-PASS: inputtime.title === 'AXTitle: Meeting time:'
-AXValue: 8:30 AM
-PASS: inputtime.dateValue === 'AXDateValue: 1970-01-01 08:30:00 +0000'
-inputtime3:
-PASS: inputtime.title === 'AXTitle: Meeting time:'
-AXValue: 8:30 AM
-PASS: inputtime.dateValue === 'AXDateValue: 1970-01-01 08:30:00 +0000'
-inputtime4:
-PASS: inputtime.title === 'AXTitle: '
-AXValue: 3:45 PM
-PASS: inputtime.dateValue === 'AXDateValue: 1970-01-01 15:45:12 +0000'
-inputtime5:
-PASS: inputtime.title === 'AXTitle: '
-AXValue:
-PASS: inputtime.dateValue === 'AXDateValue: 1970-01-01 12:30:00 +0000'
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
- Meeting time: Meeting time:
diff --git a/LayoutTests/platform/mac-ventura/css2.1/t09-c5526c-display-00-e-expected.txt b/LayoutTests/platform/mac-ventura/css2.1/t09-c5526c-display-00-e-expected.txt
deleted file mode 100644
index 4fab21e1c736a..0000000000000
--- a/LayoutTests/platform/mac-ventura/css2.1/t09-c5526c-display-00-e-expected.txt
+++ /dev/null
@@ -1,68 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x420
-  RenderBlock {HTML} at (0,0) size 800x420 [color=#FFFFFF] [bgcolor=#0000FF]
-    RenderBody {BODY} at (15,15) size 490x390 [bgcolor=#FFFFFF] [border: (5px solid #000000)]
-      RenderBlock {DL} at (5,5) size 480x10
-        RenderBlock (floating) {DT} at (5,5) size 80x310 [bgcolor=#CC0000] [border: (5px solid #000000)]
-          RenderText {#text} at (15,14) size 32x12
-            text run at (15,14) width 32: "toggle"
-        RenderBlock (floating) {DD} at (95,5) size 380x310 [border: (10px solid #000000)]
-          RenderBlock {UL} at (20,20) size 340x0
-            RenderBlock (floating) {LI} at (0,0) size 80x120 [color=#000000] [bgcolor=#FFCC00] [border: (5px solid #000000)]
-              RenderText {#text} at (15,14) size 40x12
-                text run at (15,14) width 40: "the way"
-            RenderBlock (floating) {LI} at (90,0) size 160x110 [bgcolor=#000000]
-              RenderBlock {P} at (10,10) size 140x10
-                RenderText {#text} at (0,-1) size 75x12
-                  text run at (0,-1) width 75: "the world ends"
-              RenderBlock (anonymous) at (10,20) size 140x0
-                RenderInline {FORM} at (0,0) size 0x0
-                  RenderText {#text} at (0,0) size 0x0
-              RenderBlock (anonymous) at (10,20) size 140x38
-                RenderBlock {P} at (0,0) size 140x19
-                  RenderText {#text} at (0,3) size 29x12
-                    text run at (0,3) width 29: "bang "
-                  RenderBlock {INPUT} at (30,3) size 13x12 [color=#000000]
-                  RenderText {#text} at (0,0) size 0x0
-                RenderBlock {P} at (0,19) size 140x19
-                  RenderText {#text} at (0,3) size 47x12
-                    text run at (0,3) width 47: "whimper "
-                  RenderBlock {INPUT} at (48,3) size 13x12 [color=#000000]
-                  RenderText {#text} at (0,0) size 0x0
-              RenderBlock (anonymous) at (10,58) size 140x0
-                RenderInline {FORM} at (0,0) size 0x0
-                RenderText {#text} at (0,0) size 0x0
-            RenderBlock (floating) {LI} at (259,0) size 81x120 [color=#000000] [bgcolor=#FFCC00] [border: (5px solid #000000)]
-              RenderText {#text} at (15,14) size 50x12
-                text run at (15,14) width 50: "i grow old"
-            RenderBlock (floating) {LI} at (0,130) size 120x120 [bgcolor=#000000]
-              RenderText {#text} at (10,9) size 31x12
-                text run at (10,9) width 31: "pluot?"
-          RenderBlock (floating) {BLOCKQUOTE} at (160,150) size 70x140 [color=#000000] [bgcolor=#FFCC00] [border: (10px solid #000000) (15px solid #000000) (20px solid #000000) (5px solid #000000)]
-            RenderBlock {ADDRESS} at (5,20) size 50x20
-              RenderText {#text} at (0,-1) size 34x22
-                text run at (0,-1) width 17: "bar"
-                text run at (0,9) width 34: "maids,"
-          RenderBlock (floating) {H1} at (240,150) size 120x120 [bgcolor=#000000]
-            RenderText {#text} at (10,9) size 67x22
-              text run at (10,9) width 57: "sing to me,"
-              text run at (10,19) width 67: "erbarme dich"
-      RenderBlock {P} at (5,320) size 480x65 [color=#000000]
-        RenderText {#text} at (0,0) size 470x38
-          text run at (0,0) width 470: "This is a nonsensical document, but syntactically valid HTML 4.0. All 100%-conformant CSS1"
-          text run at (0,13) width 394: "agents should be able to render the document elements above this paragraph"
-          text run at (0,26) width 206: "indistinguishably (to the pixel) from this "
-        RenderInline {A} at (205,26) size 104x12 [color=#999999]
-          RenderText {#text} at (205,26) size 104x12
-            text run at (205,26) width 104: "reference rendering,"
-        RenderText {#text} at (0,26) size 463x38
-          text run at (308,26) width 5: " "
-          text run at (312,26) width 150: "(except font rasterization and"
-          text run at (0,39) width 463: "form widgets). All discrepancies should be traceable to CSS1 implementation shortcomings."
-          text run at (0,52) width 36: "Please "
-        RenderInline {A} at (35,52) size 87x12 [color=#CC0000]
-          RenderText {#text} at (35,52) size 87x12
-            text run at (35,52) width 87: "report any errors"
-        RenderText {#text} at (121,52) size 283x12
-          text run at (121,52) width 283: " you find between the CSS and the reference rendering."
diff --git a/LayoutTests/platform/mac-ventura/css3/filters/composited-during-animation-layertree-expected.txt b/LayoutTests/platform/mac-ventura/css3/filters/composited-during-animation-layertree-expected.txt
deleted file mode 100644
index 4c874b693292d..0000000000000
--- a/LayoutTests/platform/mac-ventura/css3/filters/composited-during-animation-layertree-expected.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
-
-
-(GraphicsLayer
-  (anchor 0.00 0.00)
-  (bounds 800.00 600.00)
-  (children 1
-    (GraphicsLayer
-      (bounds 800.00 600.00)
-      (contentsOpaque 1)
-      (children 4
-        (GraphicsLayer
-          (position 18.00 18.00)
-          (bounds 160.00 90.00)
-        )
-        (GraphicsLayer
-          (position 18.00 132.00)
-          (bounds 160.00 90.00)
-        )
-        (GraphicsLayer
-          (position 18.00 246.00)
-          (bounds 160.00 90.00)
-        )
-        (GraphicsLayer
-          (position 18.00 360.00)
-          (bounds 160.00 90.00)
-        )
-      )
-    )
-  )
-)
-
diff --git a/LayoutTests/platform/mac-ventura/editing/caret/caret-position-sideways-lr-expected.txt b/LayoutTests/platform/mac-ventura/editing/caret/caret-position-sideways-lr-expected.txt
deleted file mode 100644
index 3e235c92136c3..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/caret/caret-position-sideways-lr-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-This is a test of writingsideways in vertical text
-with multiline text and alongwordthat'slong andanotherword.
-Bug 286961 : 62,44,20,1
-Click at 5, 5 for left above first line : 17,21,25,1
-Click at 5, 275 for right above first line : 17,21,25,1
-Click at 25, 5 for left of first line : 17,21,25,1
-Click at 25, 275 for right of first line : 17,237,25,1
-Click at 45, 5 for left of second line : 42,21,20,1
-Click at 45, 275 for right of second line : 42,248,20,1
-Click at 65, 5 for left of third line : 62,21,20,1
-Click at 65, 275 for right of third line : 62,176,20,1
-Click at 85, 5 for left of fourth line : 82,21,20,1
-Click at 85, 275 for right of fourth line : 82,262,20,1
-Click at 105, 5 for left of fifth line : 102,21,19,1
-Click at 105, 275 for right of fifth line : 102,68,19,1
-Click at 125, 5 for left of sixth line : 121,21,20,1
-Click at 125, 275 for right of sixth line : 121,260,20,1
-Click at 145, 5 for left of seventh line : 141,21,20,1
-Click at 145, 275 for right of seventh line : 141,200,20,1
-Click at 170, 5 for left below last line : 141,200,20,1
-Click at 170, 275 for right below last line : 141,200,20,1
-Click at 25, 30 for inside first root inline fragment : 17,32,25,1
-Click at 125, 30 for inside middle fragment of root inline fragment : 121,32,20,1
-Click at 45, 30 for inside middle fragment of non-root inline fragment : 42,32,20,1
-Click at 65, 30 for inside last fragment of non-root inline fragment : 62,32,20,1
-Click at 85, 220 for inside unfragmented non-root inline : 82,225,20,1
diff --git a/LayoutTests/platform/mac-ventura/editing/caret/caret-position-vertical-rl-expected.txt b/LayoutTests/platform/mac-ventura/editing/caret/caret-position-vertical-rl-expected.txt
deleted file mode 100644
index a725d1690c32b..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/caret/caret-position-vertical-rl-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-This is a test of writingsideways in vertical text
-with multiline text and alongwordthat'slong andanotherword.
-Bug 286961 : 82,60,20,1
-Click at 5, 5 for left above first line : 42,20,25,1
-Click at 5, 275 for right above first line : 42,20,25,1
-Click at 25, 5 for left of first line : 42,32,25,1
-Click at 25, 275 for right of first line : 62,248,20,1
-Click at 45, 5 for left of second line : 82,60,20,1
-Click at 45, 275 for right of second line : 82,176,20,1
-Click at 65, 5 for left of third line : 82,176,20,1
-Click at 65, 275 for right of third line : 82,176,20,1
-Click at 85, 5 for left of fourth line : 102,80,20,1
-Click at 85, 275 for right of fourth line : 121,100,19,1
-Click at 105, 5 for left of fifth line : 141,120,20,1
-Click at 105, 275 for right of fifth line : 141,260,20,1
-Click at 125, 5 for left of sixth line : 161,140,20,1
-Click at 125, 275 for right of sixth line : 161,200,20,1
-Click at 145, 5 for left of seventh line : 161,140,20,1
-Click at 145, 275 for right of seventh line : 161,200,20,1
-Click at 170, 5 for left below last line : 161,200,20,1
-Click at 170, 275 for right below last line : 161,200,20,1
-Click at 25, 30 for inside first root inline fragment : 42,32,25,1
-Click at 125, 30 for inside middle fragment of root inline fragment : 141,120,20,1
-Click at 45, 30 for inside middle fragment of non-root inline fragment : 62,40,20,1
-Click at 65, 30 for inside last fragment of non-root inline fragment : 82,60,20,1
-Click at 85, 220 for inside unfragmented non-root inline : 102,225,20,1
diff --git a/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-background-expected.html b/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-background-expected.html
deleted file mode 100644
index 3de4d420ea37f..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-background-expected.html
+++ /dev/null
@@ -1,4 +0,0 @@
-This test makes sure that carets in content editable divs changes color if there is a span inside them with a foreground color specified.
- <div style="width: 505px; height: 505px; overflow: hidden;">
- <div style="width: 50px; height: 500px; background-color: red"></div>
- </div>
\ No newline at end of file
diff --git a/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-expected.html b/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-expected.html
deleted file mode 100644
index 3de4d420ea37f..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/caret/color-span-inside-editable-expected.html
+++ /dev/null
@@ -1,4 +0,0 @@
-This test makes sure that carets in content editable divs changes color if there is a span inside them with a foreground color specified.
- <div style="width: 505px; height: 505px; overflow: hidden;">
- <div style="width: 50px; height: 500px; background-color: red"></div>
- </div>
\ No newline at end of file
diff --git a/LayoutTests/platform/mac-ventura/editing/caret/insert-paragraph-does-not-paint-stale-carets-expected.txt b/LayoutTests/platform/mac-ventura/editing/caret/insert-paragraph-does-not-paint-stale-carets-expected.txt
deleted file mode 100644
index dabf74dd52605..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/caret/insert-paragraph-does-not-paint-stale-carets-expected.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-(repaint rects (rect 25 25 750 18) (rect 25 43 750 18) (rect 25 25 1 19) (rect 25 43 1 18) ) (repaint rects (rect 25 61 750 18) (rect 25 43 1 18) (rect 25 61 1 18) ) (repaint rects (rect 25 79 750 18) (rect 25 61 1 18) (rect 25 79 1 18) )
-
-
-
-
-
diff --git a/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-contenteditable-expected.txt b/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-contenteditable-expected.txt
deleted file mode 100644
index 2e5927d99d1f9..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-contenteditable-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x72
-  RenderBlock {HTML} at (0,0) size 800x72
-    RenderBody {BODY} at (8,8) size 784x56
-      RenderBlock {DIV} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 761x36
-          text run at (0,0) width 761: "When the caret reaches the edge of the input box or content editable div, on the next input if must jump to the center of"
-          text run at (0,18) width 73: "the control."
-layer at (8,44) size 82x20 clip at (9,45) size 80x18 scrollX 41 scrollWidth 337
-  RenderBlock {DIV} at (0,36) size 82x20 [border: (1px solid #000000)]
-    RenderText {#text} at (1,1) size 336x18
-      text run at (1,1) width 336: "012345678901012345678901234567890123456789"
-caret: position 12 of child 0 {#text} of child 5 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-input-expected.txt b/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-input-expected.txt
deleted file mode 100644
index ea155acd21702..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/input/caret-at-the-edge-of-input-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x53
-  RenderBlock {HTML} at (0,0) size 800x53
-    RenderBody {BODY} at (8,8) size 784x37
-      RenderBlock {DIV} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 692x18
-          text run at (0,0) width 692: "When the caret reaches the edge of the input box, on the next input if must jump to the center of the control."
-      RenderBlock (anonymous) at (0,18) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 77x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 71x13 scrollX 39 scrollWidth 282
-  RenderBlock {DIV} at (3,3) size 71x13
-    RenderText {#text} at (0,0) size 282x13
-      text run at (0,0) width 282: "012345678901012345678901234567890123456789"
-caret: position 12 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/input/editable-container-with-word-wrap-normal-expected.txt b/LayoutTests/platform/mac-ventura/editing/input/editable-container-with-word-wrap-normal-expected.txt
deleted file mode 100644
index 8799de613f6b8..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/input/editable-container-with-word-wrap-normal-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-Testcase for bug http://www.webkit.org/b/89649. The test case checks if caret is drawn properly(especially scrolls properly) inside a editable container having word-wrap:normal.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-To manually test, move the caret to the end of the line.
-The content must scroll for the caret to reach the end of the editable text.
-PASS editableContainer.scrollLeft > 0 is true
-
-Final caret rect is calculated by following constraints
-1) ScrollWidth = text content width + caret width
-2) Caret rect is always within container bounding box (thus substracting the scroll left)
-PASS startCaretRect.left + editableContainer.scrollWidth - editableContainer.scrollLeft - caretWidth is finalCaretRect.right
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/editing/inserting/before-after-input-element-expected.txt b/LayoutTests/platform/mac-ventura/editing/inserting/before-after-input-element-expected.txt
deleted file mode 100644
index 586ac74a0647a..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/inserting/before-after-input-element-expected.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 5 of #text > DIV > BODY > HTML > #document to 5 of #text > DIV > BODY > HTML > #document toDOMRange:range from 5 of #text > DIV > BODY > HTML > #document to 5 of #text > DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 2 of DIV > BODY > HTML > #document to 2 of DIV > BODY > HTML > #document toDOMRange:range from 5 of #text > DIV > BODY > HTML > #document to 5 of #text > DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 343x18
-          text run at (0,0) width 343: "This tests text insertion before/after an input element."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderText {#text} at (0,0) size 36x18
-          text run at (0,0) width 36: "Hello"
-        RenderTextControl {INPUT} at (35,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (182,0) size 41x18
-          text run at (182,0) width 41: "World"
-layer at (47,45) size 141x13 backgroundClip at (47,45) size 140x13 clip at (47,45) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 5 of child 2 {#text} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/inserting/multiple-lines-selected-expected.txt b/LayoutTests/platform/mac-ventura/editing/inserting/multiple-lines-selected-expected.txt
deleted file mode 100644
index 59a81d79da687..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/inserting/multiple-lines-selected-expected.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > BODY > HTML > #document to 2 of DIV > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 1 of DIV > DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document toDOMRange:range from 0 of DIV > DIV > BODY > HTML > #document to 0 of DIV > DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 775x36
-          text run at (0,0) width 571: "This tests inserting a paragraph separator into a selection that spans multiple paragraphs. "
-          text run at (570,0) width 205: "'ar' should be on the line after 'f'"
-          text run at (0,18) width 264: "and the caret should be just before the 'a'."
-      RenderBlock {DIV} at (0,52) size 784x36
-        RenderBlock {DIV} at (0,0) size 784x18
-          RenderText {#text} at (0,0) size 6x18
-            text run at (0,0) width 6: "f"
-        RenderBlock {DIV} at (0,18) size 784x18
-          RenderText {#text} at (0,0) size 13x18
-            text run at (0,0) width 13: "ar"
-caret: position 0 of child 0 {#text} of child 1 {DIV} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/pasteboard/4806874-expected.txt b/LayoutTests/platform/mac-ventura/editing/pasteboard/4806874-expected.txt
deleted file mode 100644
index 1aa7b9f576b00..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/pasteboard/4806874-expected.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 553x18
-          text run at (0,0) width 251: "This tests for an infinite loop on Paste. "
-          text run at (250,0) width 303: "You should see 'Hello: ' and then an input field."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderText {#text} at (0,0) size 36x18
-          text run at (0,0) width 36: "Hello"
-        RenderTextControl {INPUT} at (35,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (182,0) size 5x18
-          text run at (182,0) width 5: ":"
-layer at (47,45) size 141x13 backgroundClip at (47,45) size 140x13 clip at (47,45) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 1 of child 1 {INPUT} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/pasteboard/input-field-1-expected.txt b/LayoutTests/platform/mac-ventura/editing/pasteboard/input-field-1-expected.txt
deleted file mode 100644
index b256fbde6caf9..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/pasteboard/input-field-1-expected.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:(null) toDOMRange:range from 0 of DIV > BODY > HTML > #document to 0 of DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 0 of DIV > BODY > HTML > #document to 0 of DIV > BODY > HTML > #document toDOMRange:range from 0 of DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldInsertNode:#document-fragment replacingDOMRange:range from 1 of DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document givenAction:WebViewInsertActionPasted
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 1 of DIV > BODY > HTML > #document to 1 of DIV > BODY > HTML > #document toDOMRange:range from 2 of DIV > BODY > HTML > #document to 2 of DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 240x18
-          text run at (0,0) width 240: "This tests Copy/Paste of a input field."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderTextControl {INPUT} at (146,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {UL} at (0,69) size 784x18
-        RenderListItem {LI} at (40,0) size 744x18
-          RenderListMarker at (-17,0) size 7x18: bullet
-          RenderText {#text} at (0,0) size 44x18
-            text run at (0,0) width 44: "Passed"
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (158,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 1 of child 1 {INPUT} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/pasteboard/interchange-newline-2-expected.txt b/LayoutTests/platform/mac-ventura/editing/pasteboard/interchange-newline-2-expected.txt
deleted file mode 100644
index cc90ef561272c..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/pasteboard/interchange-newline-2-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > BODY > HTML > #document to 2 of DIV > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 1 of #text > DIV > DIV > BODY > HTML > #document to 3 of #text > DIV > BODY > HTML > #document toDOMRange:range from 0 of DIV > DIV > BODY > HTML > #document to 0 of DIV > DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
-EDITING DELEGATE: webViewDidEndEditing:WebViewDidEndEditingNotification
-This demonstrates a bug in interchange newline handling during paste.
-The selection being pasted into contain multiple blocks, which breaks the old code in paste that handled interchange newlines.
-| <div>
-|   "fbar"
-| "baz"
-| <div>
-|   "<#selection-caret>ar"
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/3690703-2-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/3690703-2-expected.txt
deleted file mode 100644
index 0652d6174260b..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/3690703-2-expected.txt
+++ /dev/null
@@ -1,152 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > CENTER > BODY > HTML > #document to 6 of DIV > CENTER > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,3) size 784x581 [bgcolor=#FFFFFF]
-      RenderBlock {CENTER} at (0,0) size 784x252
-        RenderTable {TABLE} at (0,0) size 784x19
-          RenderTableSection {TBODY} at (0,0) size 784x19
-            RenderTableRow {TR} at (0,0) size 784x15
-              RenderTableCell {TD} at (0,0) size 784x15 [r=0 c=0 rs=1 cs=1]
-                RenderInline {FONT} at (682,0) size 102x15
-                  RenderInline {A} at (682,0) size 102x15 [color=#0000CC]
-                    RenderText {#text} at (682,0) size 102x15
-                      text run at (682,0) width 102: "Personalized Home"
-            RenderTableRow {TR} at (0,15) size 784x4
-              RenderTableCell {TD} at (0,16) size 784x2 [r=1 c=0 rs=1 cs=1]
-                RenderImage {IMG} at (0,1) size 1x2
-        RenderBlock (anonymous) at (0,19) size 784x36
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-        RenderBlock {DIV} at (0,55) size 784x99 [border: (2px solid #AAAAFF)]
-          RenderTable {TABLE} at (214,2) size 355x23
-            RenderTableSection {TBODY} at (0,0) size 355x23
-              RenderTableRow {TR} at (0,0) size 355x23
-                RenderTableCell {TD} at (0,0) size 355x23 [r=0 c=0 rs=1 cs=1]
-                  RenderInline {FONT} at (4,4) size 347x15
-                    RenderInline {B} at (4,4) size 26x15
-                      RenderText {#text} at (4,4) size 26x15
-                        text run at (4,4) width 26: "Web"
-                    RenderText {#text} at (29,4) size 14x15
-                      text run at (29,4) width 14: "    "
-                    RenderInline {A} at (42,4) size 38x15 [color=#0000CC]
-                      RenderText {#text} at (42,4) size 38x15
-                        text run at (42,4) width 38: "Images"
-                    RenderText {#text} at (79,4) size 14x15
-                      text run at (79,4) width 14: "    "
-                    RenderInline {A} at (92,4) size 40x15 [color=#0000CC]
-                      RenderText {#text} at (92,4) size 40x15
-                        text run at (92,4) width 40: "Groups"
-                    RenderText {#text} at (131,4) size 14x15
-                      text run at (131,4) width 14: "    "
-                    RenderInline {A} at (144,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (144,4) size 30x15
-                        text run at (144,4) width 30: "News"
-                    RenderText {#text} at (173,4) size 14x15
-                      text run at (173,4) width 14: "    "
-                    RenderInline {A} at (186,4) size 42x15 [color=#0000CC]
-                      RenderText {#text} at (186,4) size 42x15
-                        text run at (186,4) width 42: "Froogle"
-                    RenderText {#text} at (227,4) size 14x15
-                      text run at (227,4) width 14: "    "
-                    RenderInline {A} at (240,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (240,4) size 30x15
-                        text run at (240,4) width 30: "Local"
-                      RenderInline {SUP} at (269,0) size 0x14
-                    RenderInline {A} at (269,4) size 30x15
-                      RenderInline {FONT} at (269,4) size 30x15 [color=#FF0000]
-                        RenderText {#text} at (269,4) size 30x15
-                          text run at (269,4) width 30: "New!"
-                    RenderText {#text} at (298,4) size 14x15
-                      text run at (298,4) width 14: "    "
-                    RenderInline {B} at (311,4) size 39x15
-                      RenderInline {A} at (311,4) size 39x15 [color=#0000CC]
-                        RenderText {#text} at (311,4) size 40x15
-                          text run at (311,4) width 40: "more \x{BB}"
-          RenderTable {TABLE} at (2,25) size 780x39
-            RenderTableSection {TBODY} at (0,0) size 780x39
-              RenderTableRow {TR} at (0,0) size 780x39
-                RenderTableCell {TD} at (0,10) size 195x19 [r=0 c=0 rs=1 cs=1]
-                  RenderText {#text} at (0,10) size 4x19
-                    text run at (0,0) width 4: " "
-                RenderTableCell {TD} at (194,1) size 392x37 [r=0 c=1 rs=1 cs=1]
-                  RenderTextControl {INPUT} at (0,1) size 392x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (391,1) size 1x18
-                  RenderButton {INPUT} at (95,20) size 94x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 77x13
-                      RenderText at (0,0) size 77x13
-                        text run at (0,0) width 77: "Google Search"
-                  RenderButton {INPUT} at (188,20) size 108x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 92x13
-                      RenderText at (0,0) size 92x13
-                        text run at (0,0) width 92: "I'm Feeling Lucky"
-                RenderTableCell {TD} at (585,0) size 196x39 [r=0 c=2 rs=1 cs=1]
-                  RenderInline {FONT} at (0,0) size 76x39
-                    RenderText {#text} at (0,0) size 5x13
-                      text run at (0,0) width 5: "  "
-                    RenderInline {A} at (5,0) size 71x13 [color=#0000CC]
-                      RenderText {#text} at (5,0) size 71x13
-                        text run at (5,0) width 71: "Advanced Search"
-                    RenderBR {BR} at (75,0) size 1x13
-                    RenderText {#text} at (0,13) size 5x13
-                      text run at (0,13) width 5: "  "
-                    RenderInline {A} at (5,13) size 47x13 [color=#0000CC]
-                      RenderText {#text} at (5,13) size 47x13
-                        text run at (5,13) width 47: "Preferences"
-                    RenderBR {BR} at (51,13) size 1x13
-                    RenderText {#text} at (0,26) size 5x13
-                      text run at (0,26) width 5: "  "
-                    RenderInline {A} at (5,26) size 65x13 [color=#0000CC]
-                      RenderText {#text} at (5,26) size 65x13
-                        text run at (5,26) width 65: "Language Tools"
-          RenderBlock (anonymous) at (2,64) size 780x33
-            RenderBR {BR} at (390,0) size 0x18
-            RenderInline {FONT} at (317,18) size 146x15
-              RenderInline {FONT} at (317,18) size 30x15 [color=#FF0000]
-                RenderText {#text} at (317,18) size 30x15
-                  text run at (317,18) width 30: "New!"
-              RenderText {#text} at (346,18) size 4x15
-                text run at (346,18) width 4: " "
-              RenderInline {A} at (349,18) size 111x15 [color=#0000CC]
-                RenderText {#text} at (349,18) size 111x15
-                  text run at (349,18) width 111: "Personalize this page"
-              RenderText {#text} at (459,18) size 4x15
-                text run at (459,18) width 4: "."
-            RenderText {#text} at (0,0) size 0x0
-        RenderBlock (anonymous) at (0,154) size 784x69
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-          RenderBR {BR} at (392,36) size 0x18
-          RenderInline {FONT} at (237,54) size 310x15
-            RenderInline {A} at (237,54) size 116x15 [color=#0000CC]
-              RenderText {#text} at (237,54) size 116x15
-                text run at (237,54) width 116: "Advertising Programs"
-            RenderText {#text} at (352,54) size 11x15
-              text run at (352,54) width 11: " - "
-            RenderInline {A} at (362,54) size 100x15 [color=#0000CC]
-              RenderText {#text} at (362,54) size 100x15
-                text run at (362,54) width 100: "Business Solutions"
-            RenderText {#text} at (461,54) size 12x15
-              text run at (461,54) width 12: " - "
-            RenderInline {A} at (472,54) size 75x15 [color=#0000CC]
-              RenderText {#text} at (472,54) size 75x15
-                text run at (472,54) width 75: "About Google"
-        RenderBlock {P} at (0,239) size 784x13
-          RenderInline {FONT} at (362,0) size 60x13
-            RenderText {#text} at (362,0) size 60x13
-              text run at (362,0) width 60: "\x{A9}2005 Google"
-layer at (207,87) size 386x13
-  RenderBlock {DIV} at (3,3) size 386x13
-selection start: position 0 of child 3 {INPUT} of child 1 {TD} of child 0 {TR} of child 0 {TBODY} of child 2 {TABLE} of child 4 {DIV} of child 0 {CENTER} of body
-selection end:   position 1 of child 2 {BR} of child 0 {FONT} of child 2 {TD} of child 0 {TR} of child 0 {TBODY} of child 2 {TABLE} of child 4 {DIV} of child 0 {CENTER} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/3690703-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/3690703-expected.txt
deleted file mode 100644
index 399abaaffe429..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/3690703-expected.txt
+++ /dev/null
@@ -1,154 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > CENTER > BODY > HTML > #document to 6 of DIV > CENTER > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,3) size 784x581 [bgcolor=#FFFFFF]
-      RenderBlock {CENTER} at (0,0) size 784x252
-        RenderTable {TABLE} at (0,0) size 784x19
-          RenderTableSection {TBODY} at (0,0) size 784x19
-            RenderTableRow {TR} at (0,0) size 784x15
-              RenderTableCell {TD} at (0,0) size 784x15 [r=0 c=0 rs=1 cs=1]
-                RenderInline {FONT} at (682,0) size 102x15
-                  RenderInline {A} at (682,0) size 102x15 [color=#0000CC]
-                    RenderText {#text} at (682,0) size 102x15
-                      text run at (682,0) width 102: "Personalized Home"
-            RenderTableRow {TR} at (0,15) size 784x4
-              RenderTableCell {TD} at (0,16) size 784x2 [r=1 c=0 rs=1 cs=1]
-                RenderImage {IMG} at (0,1) size 1x2
-        RenderBlock (anonymous) at (0,19) size 784x36
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-        RenderBlock {DIV} at (0,55) size 784x99 [border: (2px solid #AAAAFF)]
-          RenderTable {TABLE} at (214,2) size 355x23
-            RenderTableSection {TBODY} at (0,0) size 355x23
-              RenderTableRow {TR} at (0,0) size 355x23
-                RenderTableCell {TD} at (0,0) size 355x23 [r=0 c=0 rs=1 cs=1]
-                  RenderInline {FONT} at (4,4) size 347x15
-                    RenderInline {B} at (4,4) size 26x15
-                      RenderText {#text} at (4,4) size 26x15
-                        text run at (4,4) width 26: "Web"
-                    RenderText {#text} at (29,4) size 14x15
-                      text run at (29,4) width 14: "    "
-                    RenderInline {A} at (42,4) size 38x15 [color=#0000CC]
-                      RenderText {#text} at (42,4) size 38x15
-                        text run at (42,4) width 38: "Images"
-                    RenderText {#text} at (79,4) size 14x15
-                      text run at (79,4) width 14: "    "
-                    RenderInline {A} at (92,4) size 40x15 [color=#0000CC]
-                      RenderText {#text} at (92,4) size 40x15
-                        text run at (92,4) width 40: "Groups"
-                    RenderText {#text} at (131,4) size 14x15
-                      text run at (131,4) width 14: "    "
-                    RenderInline {A} at (144,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (144,4) size 30x15
-                        text run at (144,4) width 30: "News"
-                    RenderText {#text} at (173,4) size 14x15
-                      text run at (173,4) width 14: "    "
-                    RenderInline {A} at (186,4) size 42x15 [color=#0000CC]
-                      RenderText {#text} at (186,4) size 42x15
-                        text run at (186,4) width 42: "Froogle"
-                    RenderText {#text} at (227,4) size 14x15
-                      text run at (227,4) width 14: "    "
-                    RenderInline {A} at (240,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (240,4) size 30x15
-                        text run at (240,4) width 30: "Local"
-                      RenderInline {SUP} at (269,0) size 0x14
-                    RenderInline {A} at (269,4) size 30x15
-                      RenderInline {FONT} at (269,4) size 30x15 [color=#FF0000]
-                        RenderText {#text} at (269,4) size 30x15
-                          text run at (269,4) width 30: "New!"
-                    RenderText {#text} at (298,4) size 14x15
-                      text run at (298,4) width 14: "    "
-                    RenderInline {B} at (311,4) size 39x15
-                      RenderInline {A} at (311,4) size 39x15 [color=#0000CC]
-                        RenderText {#text} at (311,4) size 40x15
-                          text run at (311,4) width 40: "more \x{BB}"
-          RenderTable {TABLE} at (2,25) size 780x39
-            RenderTableSection {TBODY} at (0,0) size 780x39
-              RenderTableRow {TR} at (0,0) size 780x39
-                RenderTableCell {TD} at (0,10) size 195x19 [r=0 c=0 rs=1 cs=1]
-                  RenderText {#text} at (0,10) size 4x19
-                    text run at (0,0) width 4: " "
-                RenderTableCell {TD} at (194,1) size 392x37 [r=0 c=1 rs=1 cs=1]
-                  RenderTextControl {INPUT} at (0,1) size 392x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (391,1) size 1x18
-                  RenderButton {INPUT} at (95,20) size 94x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 77x13
-                      RenderText at (0,0) size 77x13
-                        text run at (0,0) width 77: "Google Search"
-                  RenderButton {INPUT} at (188,20) size 108x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 92x13
-                      RenderText at (0,0) size 92x13
-                        text run at (0,0) width 92: "I'm Feeling Lucky"
-                RenderTableCell {TD} at (585,0) size 196x39 [r=0 c=2 rs=1 cs=1]
-                  RenderInline {FONT} at (0,0) size 76x39
-                    RenderText {#text} at (0,0) size 5x13
-                      text run at (0,0) width 5: "  "
-                    RenderInline {A} at (5,0) size 71x13 [color=#0000CC]
-                      RenderText {#text} at (5,0) size 71x13
-                        text run at (5,0) width 71: "Advanced Search"
-                    RenderBR {BR} at (75,0) size 1x13
-                    RenderText {#text} at (0,13) size 5x13
-                      text run at (0,13) width 5: "  "
-                    RenderInline {A} at (5,13) size 47x13 [color=#0000CC]
-                      RenderText {#text} at (5,13) size 47x13
-                        text run at (5,13) width 47: "Preferences"
-                    RenderBR {BR} at (51,13) size 1x13
-                    RenderText {#text} at (0,26) size 5x13
-                      text run at (0,26) width 5: "  "
-                    RenderInline {A} at (5,26) size 65x13 [color=#0000CC]
-                      RenderText {#text} at (5,26) size 65x13
-                        text run at (5,26) width 65: "Language Tools"
-          RenderBlock (anonymous) at (2,64) size 780x33
-            RenderBR {BR} at (390,0) size 0x18
-            RenderInline {FONT} at (317,18) size 146x15
-              RenderInline {FONT} at (317,18) size 30x15 [color=#FF0000]
-                RenderText {#text} at (317,18) size 30x15
-                  text run at (317,18) width 30: "New!"
-              RenderText {#text} at (346,18) size 4x15
-                text run at (346,18) width 4: " "
-              RenderInline {A} at (349,18) size 111x15 [color=#0000CC]
-                RenderText {#text} at (349,18) size 111x15
-                  text run at (349,18) width 111: "Personalize this page"
-              RenderText {#text} at (459,18) size 4x15
-                text run at (459,18) width 4: "."
-            RenderText {#text} at (0,0) size 0x0
-        RenderBlock (anonymous) at (0,154) size 784x69
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-          RenderBR {BR} at (392,36) size 0x18
-          RenderInline {FONT} at (237,54) size 310x15
-            RenderInline {A} at (237,54) size 116x15 [color=#0000CC]
-              RenderText {#text} at (237,54) size 116x15
-                text run at (237,54) width 116: "Advertising Programs"
-            RenderText {#text} at (352,54) size 11x15
-              text run at (352,54) width 11: " - "
-            RenderInline {A} at (362,54) size 100x15 [color=#0000CC]
-              RenderText {#text} at (362,54) size 100x15
-                text run at (362,54) width 100: "Business Solutions"
-            RenderText {#text} at (461,54) size 12x15
-              text run at (461,54) width 12: " - "
-            RenderInline {A} at (472,54) size 75x15 [color=#0000CC]
-              RenderText {#text} at (472,54) size 75x15
-                text run at (472,54) width 75: "About Google"
-        RenderBlock {P} at (0,239) size 784x13
-          RenderInline {FONT} at (362,0) size 60x13
-            RenderText {#text} at (362,0) size 60x13
-              text run at (362,0) width 60: "\x{A9}2005 Google"
-layer at (207,87) size 386x13
-  RenderBlock {DIV} at (3,3) size 386x13
-selection start: position 0 of child 1 {TABLE} of child 4 {DIV} of child 0 {CENTER} of body
-selection end:   position 1 of child 3 {#text} of child 4 {FONT} of child 4 {DIV} of child 0 {CENTER} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/3690719-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/3690719-expected.txt
deleted file mode 100644
index 18626ce16042c..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/3690719-expected.txt
+++ /dev/null
@@ -1,146 +0,0 @@
-EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > CENTER > BODY > HTML > #document to 6 of DIV > CENTER > BODY > HTML > #document
-EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 1 of DIV > CENTER > BODY > HTML > #document to 1 of DIV > CENTER > BODY > HTML > #document toDOMRange:range from 1 of DIV > CENTER > BODY > HTML > #document to 1 of #text > FONT > DIV > CENTER > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,3) size 784x581 [bgcolor=#FFFFFF]
-      RenderBlock {CENTER} at (0,0) size 784x252
-        RenderTable {TABLE} at (0,0) size 784x19
-          RenderTableSection {TBODY} at (0,0) size 784x19
-            RenderTableRow {TR} at (0,0) size 784x15
-              RenderTableCell {TD} at (0,0) size 784x15 [r=0 c=0 rs=1 cs=1]
-                RenderInline {FONT} at (682,0) size 102x15
-                  RenderInline {A} at (682,0) size 102x15 [color=#0000CC]
-                    RenderText {#text} at (682,0) size 102x15
-                      text run at (682,0) width 102: "Personalized Home"
-            RenderTableRow {TR} at (0,15) size 784x4
-              RenderTableCell {TD} at (0,16) size 784x2 [r=1 c=0 rs=1 cs=1]
-                RenderImage {IMG} at (0,1) size 1x2
-        RenderBlock (anonymous) at (0,19) size 784x36
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-        RenderBlock {DIV} at (0,55) size 784x99 [border: (2px solid #AAAAFF)]
-          RenderTable {TABLE} at (214,2) size 355x23
-            RenderTableSection {TBODY} at (0,0) size 355x23
-              RenderTableRow {TR} at (0,0) size 355x23
-                RenderTableCell {TD} at (0,0) size 355x23 [r=0 c=0 rs=1 cs=1]
-                  RenderInline {FONT} at (4,4) size 347x15
-                    RenderInline {B} at (4,4) size 26x15
-                      RenderText {#text} at (4,4) size 26x15
-                        text run at (4,4) width 26: "Web"
-                    RenderText {#text} at (29,4) size 14x15
-                      text run at (29,4) width 14: "    "
-                    RenderInline {A} at (42,4) size 38x15 [color=#0000CC]
-                      RenderText {#text} at (42,4) size 38x15
-                        text run at (42,4) width 38: "Images"
-                    RenderText {#text} at (79,4) size 14x15
-                      text run at (79,4) width 14: "    "
-                    RenderInline {A} at (92,4) size 40x15 [color=#0000CC]
-                      RenderText {#text} at (92,4) size 40x15
-                        text run at (92,4) width 40: "Groups"
-                    RenderText {#text} at (131,4) size 14x15
-                      text run at (131,4) width 14: "    "
-                    RenderInline {A} at (144,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (144,4) size 30x15
-                        text run at (144,4) width 30: "News"
-                    RenderText {#text} at (173,4) size 14x15
-                      text run at (173,4) width 14: "    "
-                    RenderInline {A} at (186,4) size 42x15 [color=#0000CC]
-                      RenderText {#text} at (186,4) size 42x15
-                        text run at (186,4) width 42: "Froogle"
-                    RenderText {#text} at (227,4) size 14x15
-                      text run at (227,4) width 14: "    "
-                    RenderInline {A} at (240,4) size 30x15 [color=#0000CC]
-                      RenderText {#text} at (240,4) size 30x15
-                        text run at (240,4) width 30: "Local"
-                      RenderInline {SUP} at (269,0) size 0x14
-                    RenderInline {A} at (269,4) size 30x15
-                      RenderInline {FONT} at (269,4) size 30x15 [color=#FF0000]
-                        RenderText {#text} at (269,4) size 30x15
-                          text run at (269,4) width 30: "New!"
-                    RenderText {#text} at (298,4) size 14x15
-                      text run at (298,4) width 14: "    "
-                    RenderInline {B} at (311,4) size 39x15
-                      RenderInline {A} at (311,4) size 39x15 [color=#0000CC]
-                        RenderText {#text} at (311,4) size 40x15
-                          text run at (311,4) width 40: "more \x{BB}"
-          RenderTable {TABLE} at (2,25) size 780x39
-            RenderTableSection {TBODY} at (0,0) size 780x39
-              RenderTableRow {TR} at (0,0) size 780x39
-                RenderTableCell {TD} at (0,10) size 195x19 [r=0 c=0 rs=1 cs=1]
-                  RenderText {#text} at (0,10) size 4x19
-                    text run at (0,0) width 4: " "
-                RenderTableCell {TD} at (194,1) size 392x37 [r=0 c=1 rs=1 cs=1]
-                  RenderTextControl {INPUT} at (0,1) size 392x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (391,1) size 1x18
-                  RenderButton {INPUT} at (95,20) size 94x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 77x13
-                      RenderText at (0,0) size 77x13
-                        text run at (0,0) width 77: "Google Search"
-                  RenderButton {INPUT} at (188,20) size 108x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 92x13
-                      RenderText at (0,0) size 92x13
-                        text run at (0,0) width 92: "I'm Feeling Lucky"
-                RenderTableCell {TD} at (585,0) size 196x39 [r=0 c=2 rs=1 cs=1]
-                  RenderInline {FONT} at (0,0) size 76x39
-                    RenderText {#text} at (0,0) size 5x13
-                      text run at (0,0) width 5: "  "
-                    RenderInline {A} at (5,0) size 71x13 [color=#0000CC]
-                      RenderText {#text} at (5,0) size 71x13
-                        text run at (5,0) width 71: "Advanced Search"
-                    RenderBR {BR} at (75,0) size 1x13
-                    RenderText {#text} at (0,13) size 5x13
-                      text run at (0,13) width 5: "  "
-                    RenderInline {A} at (5,13) size 47x13 [color=#0000CC]
-                      RenderText {#text} at (5,13) size 47x13
-                        text run at (5,13) width 47: "Preferences"
-                    RenderBR {BR} at (51,13) size 1x13
-                    RenderText {#text} at (0,26) size 5x13
-                      text run at (0,26) width 5: "  "
-                    RenderInline {A} at (5,26) size 65x13 [color=#0000CC]
-                      RenderText {#text} at (5,26) size 65x13
-                        text run at (5,26) width 65: "Language Tools"
-          RenderBlock (anonymous) at (2,64) size 780x33
-            RenderBR {BR} at (390,0) size 0x18
-            RenderInline {FONT} at (317,18) size 146x15
-              RenderInline {FONT} at (317,18) size 30x15 [color=#FF0000]
-                RenderText {#text} at (317,18) size 30x15
-                  text run at (317,18) width 30: "New!"
-              RenderText {#text} at (346,18) size 4x15
-                text run at (346,18) width 4: " "
-              RenderInline {A} at (349,18) size 111x15 [color=#0000CC]
-                RenderText {#text} at (349,18) size 111x15
-                  text run at (349,18) width 111: "Personalize this page"
-              RenderText {#text} at (459,18) size 4x15
-                text run at (459,18) width 4: "."
-            RenderText {#text} at (0,0) size 0x0
-        RenderBlock (anonymous) at (0,154) size 784x69
-          RenderBR {BR} at (392,0) size 0x18
-          RenderBR {BR} at (392,18) size 0x18
-          RenderBR {BR} at (392,36) size 0x18
-          RenderInline {FONT} at (237,54) size 310x15
-            RenderInline {A} at (237,54) size 116x15 [color=#0000CC]
-              RenderText {#text} at (237,54) size 116x15
-                text run at (237,54) width 116: "Advertising Programs"
-            RenderText {#text} at (352,54) size 11x15
-              text run at (352,54) width 11: " - "
-            RenderInline {A} at (362,54) size 100x15 [color=#0000CC]
-              RenderText {#text} at (362,54) size 100x15
-                text run at (362,54) width 100: "Business Solutions"
-            RenderText {#text} at (461,54) size 12x15
-              text run at (461,54) width 12: " - "
-            RenderInline {A} at (472,54) size 75x15 [color=#0000CC]
-              RenderText {#text} at (472,54) size 75x15
-                text run at (472,54) width 75: "About Google"
-        RenderBlock {P} at (0,239) size 784x13
-          RenderInline {FONT} at (362,0) size 60x13
-            RenderText {#text} at (362,0) size 60x13
-              text run at (362,0) width 60: "\x{A9}2005 Google"
-layer at (207,87) size 386x13
-  RenderBlock {DIV} at (3,3) size 386x13
-selection start: position 0 of child 1 {TABLE} of child 4 {DIV} of child 0 {CENTER} of body
-selection end:   position 1 of child 3 {#text} of child 4 {FONT} of child 4 {DIV} of child 0 {CENTER} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/4895428-3-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/4895428-3-expected.txt
deleted file mode 100644
index b9c39a1fa0a16..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/4895428-3-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x54
-        RenderText {#text} at (0,0) size 768x54
-          text run at (0,0) width 768: "We delay focus until mouse up if the mouse down occurs inside a focusable node that is inside an already focused node."
-          text run at (0,18) width 568: "But we shouldn't delay focus unless the mouse down occurs in an already focused node. "
-          text run at (567,18) width 195: "The text field below should be"
-          text run at (0,36) width 58: "focused. "
-        RenderInline {B} at (57,36) size 661x18
-          RenderText {#text} at (57,36) size 661x18
-            text run at (57,36) width 661: "To run manually, select everything from 'foo' though 'baz', then mouse down inside the text field."
-      RenderBlock {DIV} at (0,70) size 784x55
-        RenderBlock {DIV} at (0,0) size 784x18
-          RenderText {#text} at (0,0) size 22x18
-            text run at (0,0) width 22: "foo"
-        RenderBlock (anonymous) at (0,18) size 784x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBlock {DIV} at (0,37) size 784x18
-          RenderText {#text} at (0,0) size 23x18
-            text run at (0,0) width 23: "baz"
-layer at (11,99) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/4975120-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/4975120-expected.txt
deleted file mode 100644
index 7a852165400b3..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/4975120-expected.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x54
-        RenderText {#text} at (0,0) size 770x54
-          text run at (0,0) width 768: "This tests for a bug that caused the parent of an active frame to paint as though it were active when its window becomes"
-          text run at (0,18) width 31: "key. "
-          text run at (30,18) width 740: "To run manually, make another window active and then make this window active. Only the subframe should appear"
-          text run at (0,36) width 43: "active."
-      RenderBlock (anonymous) at (0,70) size 784x173
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBR {BR} at (146,0) size 1x18
-        RenderIFrame {IFRAME} at (0,19) size 304x154 [border: (2px inset #000000)]
-          layer at (0,0) size 300x150
-            RenderView at (0,0) size 300x150
-          layer at (0,0) size 300x150
-            RenderBlock {HTML} at (0,0) size 300x150
-              RenderBody {BODY} at (8,8) size 284x134 [bgcolor=#FFFFE0]
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,81) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 17x13
-      text run at (0,0) width 17: "foo"
-selection start: position 0 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
-selection end:   position 3 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/block-cursor-overtype-mode-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/block-cursor-overtype-mode-expected.txt
deleted file mode 100644
index 5beb23a786b03..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/block-cursor-overtype-mode-expected.txt
+++ /dev/null
@@ -1,156 +0,0 @@
-This test checks that the cursor covers the next character to be overwritten in overtype mode instead of being painted as a caret (1px width bar)
-
-ABC
-ABC
-שדן
-שדן
-שדןABC
-שדןABC
-Verifying block cursor position and width for each position in 'ABC' in a ltr block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] < blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] < blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-Verifying block cursor position and width for each position in 'ABC' in a rtl block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] < blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] < blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-Verifying block cursor position and width for each position in 'שדן' in a ltr block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] > blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] > blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-Verifying block cursor position and width for each position in 'שדן' in a rtl block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] > blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] > blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-Verifying block cursor position and width for each position in 'שדןABC' in a ltr block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] > blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] > blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursorStartPosition[2] < blockCursorStartPosition[3] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 4)
-PASS blockCursorStartPosition[3] < blockCursorStartPosition[4] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 5)
-PASS blockCursorStartPosition[4] < blockCursorStartPosition[5] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 6)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-Verifying block cursor position and width for each position in 'שדןABC' in a rtl block
-getSelection().collapse(textNode, 0)
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 1)
-PASS blockCursorStartPosition[0] > blockCursorStartPosition[1] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 2)
-PASS blockCursorStartPosition[1] > blockCursorStartPosition[2] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 3)
-PASS blockCursorStartPosition[2] > blockCursorStartPosition[3] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 4)
-PASS blockCursorStartPosition[3] < blockCursorStartPosition[4] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 5)
-PASS blockCursorStartPosition[4] < blockCursorStartPosition[5] is true
-PASS getSelection().isCollapsed is true
-PASS blockCursor.width > 1 is true
-PASS internals.absoluteCaretBounds().width is 1
-getSelection().collapse(textNode, 6)
-PASS blockCursor.width is 0
-PASS internals.absoluteCaretBounds().width is 1
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-1-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-1-expected.txt
deleted file mode 100644
index 67649fab8beb7..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-1-expected.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Bug 85793: Caret is not rendered in empty inline contenteditable elements
-
-This test verifies that an empty inline contenteditable element gets a valid caret rect.
-
-
-PASS caretRect.left is 8
-PASS caretRect.top is 160
-PASS caretRect.width is 1
-PASS caretRect.height is 20
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-2-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-2-expected.txt
deleted file mode 100644
index fdcdc68b84270..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/caret-in-empty-inline-2-expected.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Bug 85793: Caret is not rendered in empty inline contenteditable elements
-
-This test verifies that an empty inline contenteditable element, placed after another inline element, gets a valid caret rect.
-
-Previous span
-PASS caretRect.left is 268
-PASS caretRect.top is 180
-PASS caretRect.width is 1
-PASS caretRect.height is 20
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/drag-select-1-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/drag-select-1-expected.txt
deleted file mode 100644
index 614cc7091f868..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/drag-select-1-expected.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-ALERT: 0.1724137931034483
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 221x18
-          text run at (0,0) width 221: "This tests for a drag select crasher."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderInline {SPAN} at (0,0) size 66x18
-          RenderText {#text} at (0,0) size 66x18
-            text run at (0,0) width 66: "Start here."
-        RenderText {#text} at (65,0) size 5x18
-          text run at (65,0) width 5: " "
-        RenderTextControl {INPUT} at (69,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {UL} at (0,69) size 784x0
-layer at (81,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-selection start: position 4 of child 0 {#text} of child 0 {SPAN} of child 2 {DIV} of body
-selection end:   position 1 of child 1 {#text} of child 2 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/internal-caret-rect-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/internal-caret-rect-expected.txt
deleted file mode 100644
index 359bb80be7045..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/internal-caret-rect-expected.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-Bug 86390: Expose FrameSelection::absoluteCaretBounds via window.internals
-
-This test demonstrates the usage of window.internals.absoluteCaretBounds()
-
-abcd
-PASS caretRects[0].left is 8
-PASS caretRects[0].top is 160
-PASS caretRects[0].width is 1
-PASS caretRects[0].height is 20
-PASS caretRects[1].left is 28
-PASS caretRects[1].top is 160
-PASS caretRects[1].width is 1
-PASS caretRects[1].height is 20
-PASS caretRects[2].left is 48
-PASS caretRects[2].top is 160
-PASS caretRects[2].width is 1
-PASS caretRects[2].height is 20
-PASS caretRects[3].left is 68
-PASS caretRects[3].top is 160
-PASS caretRects[3].width is 1
-PASS caretRects[3].height is 20
-PASS caretRects[4].left is 88
-PASS caretRects[4].top is 160
-PASS caretRects[4].width is 1
-PASS caretRects[4].height is 20
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/select-from-textfield-outwards-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/select-from-textfield-outwards-expected.txt
deleted file mode 100644
index 210deac9f93ac..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/select-from-textfield-outwards-expected.txt
+++ /dev/null
@@ -1,52 +0,0 @@
-EDITING DELEGATE: shouldChangeSelectedDOMRange:(null) toDOMRange:range from 13 of #text > DIV > #document-fragment to 13 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 13 of #text > DIV > #document-fragment to 13 of #text > DIV > #document-fragment toDOMRange:range from 12 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 12 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment toDOMRange:range from 0 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 0 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment toDOMRange:range from 12 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 12 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment toDOMRange:range from 0 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 0 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment toDOMRange:range from 12 of #text > DIV > #document-fragment to 17 of #text > DIV > #document-fragment affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
-EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 108x18
-          text run at (0,0) width 108: "This is a test for "
-        RenderInline {I} at (0,0) size 766x36
-          RenderInline {A} at (107,0) size 353x18 [color=#0000EE]
-            RenderText {#text} at (107,0) size 353x18
-              text run at (107,0) width 353: "http://bugzilla.opendarwin.org/show_bug.cgi?id=9312"
-          RenderText {#text} at (0,0) size 766x36
-            text run at (459,0) width 5: " "
-            text run at (463,0) width 303: "REGRESSION: Selection bug in new text fields"
-            text run at (0,18) width 216: "when selecting past the first letter"
-        RenderText {#text} at (215,18) size 5x18
-          text run at (215,18) width 5: "."
-      RenderBlock {P} at (0,70) size 784x54
-        RenderText {#text} at (0,0) size 771x54
-          text run at (0,0) width 761: "Curabitur pretium, quam quis semper malesuada, est libero feugiat libero, vel fringilla orci nibh sed neque. Quisque eu"
-          text run at (0,18) width 771: "nulla non nisi molestie accumsan. Etiam tellus urna, laoreet ac, laoreet non, suscipit sed, sapien. Phasellus vehicula, sem"
-          text run at (0,36) width 569: "at posuere vehicula, augue nibh molestie nisl, nec ullamcorper lacus ante vulputate pede."
-      RenderBlock (anonymous) at (0,140) size 784x92
-        RenderTextControl {INPUT} at (20,20) size 320x52 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,248) size 784x72
-        RenderText {#text} at (0,0) size 772x72
-          text run at (0,0) width 772: "Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Mauris viverra augue vitae purus."
-          text run at (0,18) width 728: "Morbi sed sem. Donec dui nisi, ultrices non, pretium quis, hendrerit non, est. Donec tellus. Donec eget dui id eros"
-          text run at (0,36) width 767: "pharetra rutrum. Suspendisse sodales lectus sit amet nulla. Morbi tortor arcu, convallis blandit, elementum eu, aliquet a,"
-          text run at (0,54) width 39: "tellus."
-layer at (8,60) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,52) size 784x2 [color=#808080] [border: (1px inset #808080)]
-layer at (40,180) size 296x28
-  RenderBlock {DIV} at (12,12) size 296x28
-    RenderText {#text} at (0,0) size 192x28
-      text run at (0,0) width 192: "Lorem ipsum dolor"
-selection start: position 12 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 7 {INPUT} of body
-selection end:   position 17 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 7 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/editing/selection/simple-line-layout-caret-is-gone-expected.txt b/LayoutTests/platform/mac-ventura/editing/selection/simple-line-layout-caret-is-gone-expected.txt
deleted file mode 100644
index ca48f3d005429..0000000000000
--- a/LayoutTests/platform/mac-ventura/editing/selection/simple-line-layout-caret-is-gone-expected.txt
+++ /dev/null
@@ -1 +0,0 @@
-36 0 1 18
diff --git a/LayoutTests/platform/mac-ventura/fast/block/basic/minheight-expected.txt b/LayoutTests/platform/mac-ventura/fast/block/basic/minheight-expected.txt
deleted file mode 100644
index 67995f9fb2e36..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/block/basic/minheight-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock (relative positioned) {DIV} at (0,0) size 800x600
-    RenderBlock {DIV} at (0,0) size 800x220 [bgcolor=#6CAAD9]
-      RenderBlock {H1} at (10,10) size 780x30
-        RenderText {#text} at (0,1) size 53x15
-          text run at (0,1) width 53: "Content"
-      RenderBlock {P} at (10,40) size 780x30
-        RenderText {#text} at (0,1) size 473x15
-          text run at (0,1) width 473: "Please resize the browser window to see how your 100% CSS footer behaves."
-      RenderBlock {P} at (10,70) size 780x102
-        RenderText {#text} at (0,1) size 779x87
-          text run at (0,1) width 762: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Cras porttitor. Ut nonummy vestibulum arcu. Nulla eros eros, mattis"
-          text run at (0,19) width 771: "et, dictum quis, convallis vel, mauris. Ut sed mauris vel metus pretium pretium. Curabitur tristique sem id justo. Nunc sit amet"
-          text run at (0,37) width 779: "felis. Duis luctus pharetra urna. Sed enim arcu, cursus a, posuere sed, sollicitudin in, justo. Pellentesque enim lacus, egestas ut,"
-          text run at (0,55) width 761: "elementum eu, molestie vel, urna. Integer quam. Phasellus tempor. Sed commodo porttitor justo. Vestibulum rhoncus lacinia"
-          text run at (0,73) width 436: "pede. Aliquam lectus velit, auctor a, fermentum a, accumsan et, neque."
-layer at (0,562) size 620x38
-  RenderBlock (positioned) {DIV} at (0,562) size 620x38 [bgcolor=#0066B2]
-    RenderBlock {H1} at (10,10) size 600x18 [color=#FFFFFF]
-      RenderText {#text} at (0,1) size 44x15
-        text run at (0,1) width 44: "Footer"
diff --git a/LayoutTests/platform/mac-ventura/fast/block/margin-collapse/103-expected.txt b/LayoutTests/platform/mac-ventura/fast/block/margin-collapse/103-expected.txt
deleted file mode 100644
index e3c5b130c42c5..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/block/margin-collapse/103-expected.txt
+++ /dev/null
@@ -1,183 +0,0 @@
-layer at (0,0) size 785x1707
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x1707
-  RenderBlock {HTML} at (0,0) size 785x1707
-    RenderBody {BODY} at (8,20) size 769x1667 [bgcolor=#A6A972]
-      RenderBlock {DIV} at (83,0) size 603x1667 [bgcolor=#FDFDE9] [border: (1px solid #000000)]
-        RenderBlock {DIV} at (1,31) size 600x70
-        RenderBlock {DIV} at (1,114) size 600x1481
-          RenderBlock {P} at (20,0) size 560x80 [color=#333333]
-            RenderText {#text} at (0,2) size 537x36
-              text run at (0,2) width 537: "We are trying to understand how UVic students perform Shakespeare related research for"
-              text run at (0,22) width 272: "classes as well as for their own interest. The "
-            RenderInline {A} at (271,22) size 179x16
-              RenderText {#text} at (271,22) size 179x16
-                text run at (271,22) width 179: "Internet Shakespeare Editions"
-            RenderText {#text} at (0,22) size 553x56
-              text run at (449,22) width 61: " are being"
-              text run at (0,42) width 282: "developed for students as well as Shakespeare "
-              text run at (281,42) width 272: "scholars world wide to better understand the"
-              text run at (0,62) width 249: "man, his plays and our interpretations of "
-              text run at (248,62) width 37: "them."
-          RenderBlock {P} at (20,93) size 560x21 [color=#333333]
-            RenderText {#text} at (0,2) size 475x16
-              text run at (0,2) width 475: "Please take the time to carefully review and complete the following questions."
-          RenderBlock {FORM} at (20,138) size 560x1310
-            RenderBlock {H2} at (0,0) size 560x16 [color=#333333]
-              RenderText {#text} at (0,0) size 202x16
-                text run at (0,0) width 202: "PERSONAL INFORMATION"
-            RenderBlock (floating) {SPAN} at (0,26) size 325x20 [color=#333333]
-              RenderText {#text} at (0,2) size 70x16
-                text run at (0,2) width 70: "Your Name*"
-            RenderTextControl {INPUT} at (325,26) size 186x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderBlock (floating) {SPAN} at (0,46) size 325x20 [color=#333333]
-              RenderText {#text} at (0,2) size 124x16
-                text run at (0,2) width 124: "Your e-mail address*"
-            RenderTextControl {INPUT} at (325,45) size 186x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderBlock (floating) {SPAN} at (0,66) size 325x20 [color=#333333]
-              RenderText {#text} at (0,2) size 131x16
-                text run at (0,2) width 131: "Your degree program*"
-            RenderMenuList {SELECT} at (325,64) size 180x18 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 87x13
-                  text run at (8,2) width 87: "Program options"
-            RenderBlock (floating) {SPAN} at (0,86) size 325x20 [color=#333333]
-              RenderText {#text} at (0,2) size 115x16
-                text run at (0,2) width 115: "Your year of study*"
-            RenderMenuList {SELECT} at (325,82) size 180x18 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 122x13
-                  text run at (8,2) width 122: "Years you've been here"
-            RenderBlock (floating) {SPAN} at (0,106) size 325x20 [color=#333333]
-              RenderText {#text} at (0,2) size 157x16
-                text run at (0,2) width 157: "Shakespeare classes taken"
-            RenderMenuList {SELECT} at (325,100) size 180x18 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 74x13
-                  text run at (8,2) width 74: "Number taken"
-            RenderBlock {P} at (0,131) size 560x21 [color=#333333]
-              RenderText {#text} at (0,2) size 161x16
-                text run at (0,2) width 161: "* indicates a required field"
-            RenderBlock {H2} at (0,176) size 560x17 [color=#333333]
-              RenderText {#text} at (0,0) size 298x16
-                text run at (0,0) width 298: "SHAKESPEARE RESEARCH QUESTIONS"
-            RenderBlock (floating) {SPAN} at (0,202) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 286x36
-                text run at (0,2) width 286: "What percentage of your research time is spent"
-                text run at (0,22) width 42: "online?"
-            RenderMenuList {SELECT} at (325,202) size 180x19 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 106x13
-                  text run at (8,2) width 106: "Percentages of time"
-            RenderBlock (floating) {SPAN} at (0,222) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 308x36
-                text run at (0,2) width 308: "What is holding you back from doing more research"
-                text run at (0,22) width 42: "online?"
-            RenderMenuList {SELECT} at (325,220) size 180x19 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 45x13
-                  text run at (8,2) width 45: "Reasons"
-            RenderBlock (floating) {SPAN} at (0,242) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 228x16
-                text run at (0,2) width 228: "Your research is primarily focused on:"
-            RenderBlock {SPAN} at (325,238) size 180x21 [color=#333333]
-              RenderBlock {INPUT} at (2,5) size 12x12 [color=#000000]
-              RenderText {#text} at (16,2) size 33x16
-                text run at (16,2) width 33: "Texts"
-            RenderBlock {SPAN} at (325,258) size 180x21 [color=#333333]
-              RenderBlock {INPUT} at (2,5) size 12x12 [color=#000000]
-              RenderText {#text} at (16,2) size 137x16
-                text run at (16,2) width 137: "Performance materials"
-            RenderBlock {SPAN} at (325,278) size 180x21 [color=#333333]
-              RenderBlock {INPUT} at (2,5) size 12x12 [color=#000000]
-              RenderText {#text} at (16,2) size 22x16
-                text run at (16,2) width 22: "n/a"
-            RenderBlock {H2} at (0,323) size 560x17 [color=#333333]
-              RenderText {#text} at (0,0) size 373x16
-                text run at (0,0) width 373: "INTERNET SHAKESPEARE EDITIONS QUESTIONS"
-            RenderBlock (floating) {SPAN} at (0,349) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 312x16
-                text run at (0,2) width 312: "Have you used UVic's Internet Shakespeare Editions?"
-            RenderBlock {SPAN} at (325,349) size 180x21 [color=#333333]
-              RenderText {#text} at (0,2) size 21x16
-                text run at (0,2) width 21: "Yes"
-              RenderBlock {INPUT} at (22,5) size 13x12 [color=#000000]
-              RenderText {#text} at (36,2) size 20x16
-                text run at (36,2) width 5: " "
-                text run at (40,2) width 16: "No"
-              RenderBlock {INPUT} at (57,5) size 13x12 [color=#000000]
-              RenderText {#text} at (0,0) size 0x0
-            RenderBlock {P} at (0,382) size 560x21 [color=#333333]
-              RenderText {#text} at (0,2) size 388x16
-                text run at (0,2) width 388: "-- If you answered no to this question, skip to the next section --"
-            RenderBlock (floating) {SPAN} at (0,415) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 282x16
-                text run at (0,2) width 282: "Which area of the ISE did you find most useful?"
-            RenderMenuList {SELECT} at (325,415) size 180x19 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 100x13
-                  text run at (8,2) width 100: "Sections of the ISE"
-            RenderBlock (floating) {SPAN} at (0,435) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 257x16
-                text run at (0,2) width 257: "How did you find the navigation of the ISE?"
-            RenderMenuList {SELECT} at (325,433) size 180x19 [bgcolor=#FFFFFF]
-              RenderBlock (anonymous) at (0,0) size 180x18
-                RenderText at (8,2) size 91x13
-                  text run at (8,2) width 91: "Level of difficulty"
-            RenderBlock (floating) {SPAN} at (0,455) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 214x16
-                text run at (0,2) width 214: "Please describe your use of the ISE."
-            RenderBlock {H2} at (0,607) size 560x17 [color=#333333]
-              RenderText {#text} at (0,0) size 290x16
-                text run at (0,0) width 290: "TOOLS IN DEVELOPMENT QUESTIONS"
-            RenderBlock {P} at (0,637) size 560x61 [color=#333333]
-              RenderText {#text} at (0,2) size 555x56
-                text run at (0,2) width 463: "We are in the process of both making new material available and developing "
-                text run at (462,2) width 75: "new tools to"
-                text run at (0,22) width 393: "view and extrapolate information from Shakespeare's works. The "
-                text run at (392,22) width 163: "following images are visual"
-                text run at (0,42) width 353: "representations of some of the ideas being thrown around."
-            RenderBlock {P} at (0,710) size 560x21 [color=#333333]
-              RenderText {#text} at (0,2) size 347x16
-                text run at (0,2) width 347: "Please review them carefully and provide feedback below"
-            RenderBlock (floating) {SPAN} at (0,743) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 149x16
-                text run at (0,2) width 149: "Your comments on Fig. 1"
-            RenderBlock (floating) {SPAN} at (0,874) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 149x16
-                text run at (0,2) width 149: "Your comments on Fig. 2"
-            RenderBlock (floating) {SPAN} at (0,1005) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 149x16
-                text run at (0,2) width 149: "Your comments on Fig. 3"
-            RenderBlock {H2} at (0,1156) size 560x17 [color=#333333]
-              RenderText {#text} at (0,0) size 143x16
-                text run at (0,0) width 143: "OTHER FEEDBACK"
-            RenderBlock (floating) {SPAN} at (0,1182) size 325x21 [color=#333333]
-              RenderText {#text} at (0,2) size 228x16
-                text run at (0,2) width 228: "Please enter any other thoughts here."
-          RenderBlock {P} at (20,1460) size 560x21 [color=#333333]
-            RenderText {#text} at (0,2) size 237x16
-              text run at (0,2) width 237: "Thank you for your time filling this out."
-        RenderBlock {DIV} at (1,1614) size 600x52 [border: (1px dashed #A6A972) none]
-          RenderBlock {SPAN} at (0,16) size 600x20 [color=#333333]
-            RenderText {#text} at (245,2) size 110x16
-              text run at (245,2) width 110: "\x{A9}2003 Kevin Davis"
-layer at (441,302) size 180x13
-  RenderBlock {DIV} at (3,3) size 180x13
-layer at (441,321) size 180x13
-  RenderBlock {DIV} at (3,3) size 180x13
-layer at (113,750) size 506x106 clip at (114,751) size 504x104
-  RenderTextControl {TEXTAREA} at (0,476) size 506x107 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 500x13
-layer at (113,1037) size 506x106 clip at (114,1038) size 504x104
-  RenderTextControl {TEXTAREA} at (0,763) size 506x107 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 500x13
-layer at (113,1168) size 506x106 clip at (114,1169) size 504x104
-  RenderTextControl {TEXTAREA} at (0,894) size 506x107 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 500x13
-layer at (113,1299) size 506x106 clip at (114,1300) size 504x104
-  RenderTextControl {TEXTAREA} at (0,1025) size 506x107 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 500x13
-layer at (113,1476) size 506x106 clip at (114,1477) size 504x104
-  RenderTextControl {TEXTAREA} at (0,1202) size 506x107 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 500x13
diff --git a/LayoutTests/platform/mac-ventura/fast/clip/outline-overflowClip-expected.txt b/LayoutTests/platform/mac-ventura/fast/clip/outline-overflowClip-expected.txt
deleted file mode 100644
index 3bcf609a13478..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/clip/outline-overflowClip-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 780x36
-        text run at (0,0) width 215: "This tests clipping of the outline. "
-        text run at (214,0) width 293: "It should not be clipped by the overflow rect. "
-        text run at (506,0) width 274: "The inner div has a green outline and a red"
-        text run at (0,18) width 45: "border."
-      RenderText {#text} at (0,0) size 0x0
-layer at (8,44) size 304x204 backgroundClip at (83,44) size 229x204 clip at (83,44) size 229x204
-  RenderBlock (positioned) {DIV} at (8,44) size 304x204 [border: (2px solid #0000FF)]
-    RenderText {#text} at (2,2) size 102x18
-      text run at (2,2) width 102: "text in outer div"
-    RenderText {#text} at (0,0) size 0x0
-layer at (60,64) size 108x24 backgroundClip at (83,61) size 88x30 clip at (83,67) size 82x18 scrollWidth 107
-  RenderBlock (positioned) {DIV} at (52,20) size 108x24 [bgcolor=#EEEEEE] [border: (3px solid #FF0000)]
-    RenderText {#text} at (3,3) size 106x18
-      text run at (3,3) width 106: "text in inner div "
diff --git a/LayoutTests/platform/mac-ventura/fast/css/002-expected.txt b/LayoutTests/platform/mac-ventura/fast/css/002-expected.txt
deleted file mode 100644
index 4a70dfc3e5cd4..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/css/002-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x560
-      RenderBlock (anonymous) at (0,0) size 784x78
-        RenderText {#text} at (0,0) size 745x78
-          text run at (0,0) width 667: "These two lines should both be Verdana. "
-          text run at (666,0) width 79: "They"
-          text run at (0,39) width 313: "should be identical."
-      RenderBlock {P} at (0,110) size 784x78
-        RenderText {#text} at (0,0) size 745x78
-          text run at (0,0) width 667: "These two lines should both be Verdana. "
-          text run at (666,0) width 79: "They"
-          text run at (0,39) width 313: "should be identical."
diff --git a/LayoutTests/platform/mac-ventura/fast/css/focus-ring-exists-for-search-field-expected.txt b/LayoutTests/platform/mac-ventura/fast/css/focus-ring-exists-for-search-field-expected.txt
deleted file mode 100644
index 813df4d64227b..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/css/focus-ring-exists-for-search-field-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 757x36
-          text run at (0,0) width 757: "Assuming the port-specific theme draws focus rings, this test can be used to ensure that a focus ring is drawn around a"
-          text run at (0,18) width 78: "search field."
-      RenderBlock (anonymous) at (0,52) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-layer at (19,63) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-caret: position 0 of child 0 {DIV} of child 1 {DIV} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/css/line-height-expected.txt b/LayoutTests/platform/mac-ventura/fast/css/line-height-expected.txt
deleted file mode 100644
index d36d09ddf7134..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/css/line-height-expected.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 54x18
-          text run at (0,0) width 54: "Test for "
-        RenderInline {A} at (53,0) size 121x18 [color=#0000EE]
-          RenderText {#text} at (53,0) size 121x18
-            text run at (53,0) width 121: "Bugzilla Bug 9934"
-        RenderText {#text} at (173,0) size 462x18
-          text run at (173,0) width 462: " Selecting text in text field with {line-height:100%} causes it to bounce."
-      RenderBlock {DIV} at (0,18) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {DIV} at (0,37) size 784x36
-        RenderText {#text} at (0,0) size 749x36
-          text run at (0,0) width 585: "Select the text in the text field using horizontal mouse movements, then drag up and down. "
-          text run at (584,0) width 165: "The text should not move"
-          text run at (0,18) width 64: "vertically."
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 68x13
-      text run at (0,0) width 68: "Lorem Ipsum"
diff --git a/LayoutTests/platform/mac-ventura/fast/css/rtl-ordering-expected.txt b/LayoutTests/platform/mac-ventura/fast/css/rtl-ordering-expected.txt
deleted file mode 100644
index f9011ec3e66d9..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/css/rtl-ordering-expected.txt
+++ /dev/null
@@ -1,46 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 218x18
-          text run at (0,0) width 218: "This tests for a regression against "
-        RenderInline {I} at (0,0) size 722x36
-          RenderInline {A} at (217,0) size 354x18 [color=#0000EE]
-            RenderText {#text} at (217,0) size 354x18
-              text run at (217,0) width 354: "http://bugzilla.opendarwin.org/show_bug.cgi?id=6334"
-          RenderText {#text} at (0,0) size 722x36
-            text run at (570,0) width 152: " REGRESSION: <input"
-            text run at (0,18) width 374: "type=\"button\"> text is reversed on \"visual Hebrew\" pages"
-        RenderText {#text} at (373,18) size 5x18
-          text run at (373,18) width 5: "."
-      RenderBlock {P} at (0,70) size 784x19
-        RenderText {#text} at (0,1) size 310x18
-          text run at (0,1) width 310: "The text on both buttons should like this: \x{5E8}\x{5D5}\x{5EA}\x{5E4}\x{5DB}"
-      RenderBlock (anonymous) at (0,105) size 784x36
-        RenderButton {BUTTON} at (0,0) size 47x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 31x13
-            RenderText {#text} at (0,0) size 31x13
-              text run at (0,0) width 31: "\x{5E8}\x{5D5}\x{5EA}\x{5E4}\x{5DB}"
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (46,-1) size 1x18
-        RenderButton {INPUT} at (0,18) size 47x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 31x13
-            RenderText at (0,0) size 31x13
-              text run at (0,0) width 31 RTL: "\x{5DB}\x{5E4}\x{5EA}\x{5D5}\x{5E8}"
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,167) size 784x18
-        RenderText {#text} at (0,0) size 255x18
-          text run at (0,0) width 255: "The following lines should be identical:"
-      RenderBlock {P} at (0,201) size 784x19
-        RenderText {#text} at (0,1) size 81x18
-          text run at (0,1) width 16: "21"
-          text run at (16,1) width 65 RTL: "\x{5D4}\x{5DE}\x{5D0}\x{5D4} \x{5D4}-"
-      RenderBlock {P} at (0,236) size 784x19
-        RenderText {#text} at (0,1) size 81x18
-          text run at (0,1) width 81: "21-\x{5D4} \x{5D4}\x{5D0}\x{5DE}\x{5D4}"
-layer at (8,60) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,52) size 784x2 [color=#808080] [border: (1px inset #808080)]
-layer at (8,157) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,149) size 784x2 [color=#808080] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/fast/css/text-overflow-input-expected.txt b/LayoutTests/platform/mac-ventura/fast/css/text-overflow-input-expected.txt
deleted file mode 100644
index f831065982a5c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/css/text-overflow-input-expected.txt
+++ /dev/null
@@ -1,360 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x266
-  RenderBlock {HTML} at (0,0) size 800x266
-    RenderBody {BODY} at (8,16) size 784x234
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 314x18
-          text run at (0,0) width 314: "This test is a basic check for using text-overflow."
-      RenderBlock {P} at (0,34) size 784x56
-        RenderText {#text} at (0,0) size 489x18
-          text run at (0,0) width 489: "Apply \"text-overflow:clip\" to inputs. The following input should be clipped:"
-        RenderBR {BR} at (488,0) size 1x18
-        RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (146,18) size 5x18
-          text run at (146,18) width 5: " "
-        RenderTextControl {INPUT} at (150,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (297,18) size 5x18
-          text run at (297,18) width 5: " "
-        RenderTextControl {INPUT} at (301,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (448,18) size 5x18
-          text run at (448,18) width 5: " "
-        RenderTextControl {INPUT} at (452,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (599,18) size 5x18
-          text run at (599,18) width 5: " "
-        RenderTextControl {INPUT} at (603,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 141x13
-        RenderBR {BR} at (750,18) size 1x18
-        RenderTextControl {INPUT} at (0,37) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (145,37) size 5x18
-          text run at (145,37) width 5: " "
-        RenderTextControl {INPUT} at (149,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (131,0) size 9x19
-            RenderBlock {DIV} at (19,3) size 113x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (295,37) size 5x18
-          text run at (295,37) width 5: " "
-        RenderTextControl {INPUT} at (299,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (445,37) size 5x18
-          text run at (445,37) width 5: " "
-        RenderTextControl {INPUT} at (449,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (131,0) size 9x19
-            RenderBlock {DIV} at (19,3) size 113x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (595,37) size 5x18
-          text run at (595,37) width 5: " "
-        RenderTextControl {INPUT} at (599,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 140x13
-            RenderBlock {DIV} at (0,0) size 140x13
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,106) size 784x56
-        RenderText {#text} at (0,0) size 546x18
-          text run at (0,0) width 546: "Apply \"text-overflow:ellipsis\" to inputs. The following input should show an ellipsis:"
-        RenderBR {BR} at (545,0) size 1x18
-        RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (146,18) size 5x18
-          text run at (146,18) width 5: " "
-        RenderTextControl {INPUT} at (150,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (297,18) size 5x18
-          text run at (297,18) width 5: " "
-        RenderTextControl {INPUT} at (301,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (448,18) size 5x18
-          text run at (448,18) width 5: " "
-        RenderTextControl {INPUT} at (452,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (599,18) size 5x18
-          text run at (599,18) width 5: " "
-        RenderTextControl {INPUT} at (603,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 141x13
-        RenderBR {BR} at (750,18) size 1x18
-        RenderTextControl {INPUT} at (0,37) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (145,37) size 5x18
-          text run at (145,37) width 5: " "
-        RenderTextControl {INPUT} at (149,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (131,0) size 9x19
-            RenderBlock {DIV} at (19,3) size 113x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (295,37) size 5x18
-          text run at (295,37) width 5: " "
-        RenderTextControl {INPUT} at (299,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (445,37) size 5x18
-          text run at (445,37) width 5: " "
-        RenderTextControl {INPUT} at (449,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (131,0) size 9x19
-            RenderBlock {DIV} at (19,3) size 113x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (595,37) size 5x18
-          text run at (595,37) width 5: " "
-        RenderTextControl {INPUT} at (599,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 140x13
-            RenderBlock {DIV} at (0,0) size 140x13
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,178) size 784x56
-        RenderText {#text} at (0,0) size 237x18
-          text run at (0,0) width 237: "Dynamic style change text-overflow:"
-        RenderBR {BR} at (236,0) size 1x18
-        RenderText {#text} at (0,18) size 247x18
-          text run at (0,18) width 247: "Clip to ellipsis (should show ellipsis): "
-        RenderTextControl {INPUT} at (246,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (393,18) size 5x18
-          text run at (393,18) width 5: " "
-        RenderTextControl {INPUT} at (397,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (543,18) size 1x18
-        RenderText {#text} at (0,37) size 270x18
-          text run at (0,37) width 270: "Ellipsis to clip (should not show ellipsis): "
-        RenderTextControl {INPUT} at (269,37) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (416,37) size 5x18
-          text run at (416,37) width 5: " "
-        RenderTextControl {INPUT} at (420,37) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (567,37) size 1x18
-layer at (11,71) size 141x13 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (11,71) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (170,71) size 114x13 scrollWidth 288
-  RenderBlock {DIV} at (11,3) size 114x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (170,71) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,71) size 141x13 scrollWidth 289
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (472,71) size 114x13 scrollWidth 289
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (615,71) size 141x13 backgroundClip at (615,71) size 140x13 clip at (615,71) size 140x13 scrollWidth 386
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 385x13
-      text run at (0,0) width 385: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
-layer at (11,90) size 140x13 scrollX 148 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 140x13 [color=#A9A9A9]
-    RenderText {#text} at (-148,0) size 288x13
-      text run at (-147,0) width 32: "Lorem"
-      text run at (-115,0) width 3: " "
-      text run at (-112,0) width 32: "ipsum"
-      text run at (-80,0) width 3: " "
-      text run at (-77,0) width 27: "dolor"
-      text run at (-50,0) width 3: " "
-      text run at (-47,0) width 13: "sit"
-      text run at (-34,0) width 3: " "
-      text run at (-31,0) width 30: "amet,"
-      text run at (-1,0) width 3: " "
-      text run at (1,0) width 64: "consectetur"
-      text run at (64,0) width 4: " "
-      text run at (67,0) width 54: "adipiscing"
-      text run at (120,0) width 4: " "
-      text run at (123,0) width 17: "elit"
-layer at (11,90) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (180,90) size 113x13 scrollX 175 scrollWidth 288
-  RenderBlock {DIV} at (22,3) size 113x13 [color=#A9A9A9]
-    RenderText {#text} at (-175,0) size 288x13
-      text run at (-174,0) width 32: "Lorem"
-      text run at (-142,0) width 3: " "
-      text run at (-139,0) width 32: "ipsum"
-      text run at (-107,0) width 3: " "
-      text run at (-104,0) width 27: "dolor"
-      text run at (-77,0) width 3: " "
-      text run at (-74,0) width 13: "sit"
-      text run at (-61,0) width 3: " "
-      text run at (-58,0) width 30: "amet,"
-      text run at (-28,0) width 3: " "
-      text run at (-25,0) width 63: "consectetur"
-      text run at (37,0) width 4: " "
-      text run at (40,0) width 54: "adipiscing"
-      text run at (93,0) width 4: " "
-      text run at (96,0) width 17: "elit"
-layer at (180,90) size 113x13
-  RenderBlock {DIV} at (0,0) size 113x13
-layer at (311,90) size 140x13 scrollX 148 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (-148,0) size 288x13
-      text run at (-147,0) width 32: "Lorem"
-      text run at (-115,0) width 3: " "
-      text run at (-112,0) width 32: "ipsum"
-      text run at (-80,0) width 3: " "
-      text run at (-77,0) width 27: "dolor"
-      text run at (-50,0) width 3: " "
-      text run at (-47,0) width 13: "sit"
-      text run at (-34,0) width 3: " "
-      text run at (-31,0) width 30: "amet,"
-      text run at (-1,0) width 3: " "
-      text run at (1,0) width 64: "consectetur"
-      text run at (64,0) width 4: " "
-      text run at (67,0) width 54: "adipiscing"
-      text run at (120,0) width 4: " "
-      text run at (123,0) width 17: "elit"
-layer at (480,90) size 113x13 scrollX 175 scrollWidth 288
-  RenderBlock {DIV} at (0,0) size 113x13
-    RenderText {#text} at (-175,0) size 288x13
-      text run at (-174,0) width 32: "Lorem"
-      text run at (-142,0) width 3: " "
-      text run at (-139,0) width 32: "ipsum"
-      text run at (-107,0) width 3: " "
-      text run at (-104,0) width 27: "dolor"
-      text run at (-77,0) width 3: " "
-      text run at (-74,0) width 13: "sit"
-      text run at (-61,0) width 3: " "
-      text run at (-58,0) width 30: "amet,"
-      text run at (-28,0) width 3: " "
-      text run at (-25,0) width 63: "consectetur"
-      text run at (37,0) width 4: " "
-      text run at (40,0) width 54: "adipiscing"
-      text run at (93,0) width 4: " "
-      text run at (96,0) width 17: "elit"
-layer at (611,90) size 140x13 backgroundClip at (611,90) size 139x13 clip at (611,90) size 139x13 scrollX 245 scrollWidth 385
-  RenderBlock {DIV} at (0,0) size 140x13
-    RenderText {#text} at (-245,0) size 385x13
-      text run at (-244,0) width 384: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
-layer at (11,143) size 141x13 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (11,143) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (170,143) size 114x13 scrollWidth 288
-  RenderBlock {DIV} at (11,3) size 114x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (170,143) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,143) size 141x13 scrollWidth 289
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (472,143) size 114x13 scrollWidth 289
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (615,143) size 141x13 backgroundClip at (615,143) size 140x13 clip at (615,143) size 140x13 scrollWidth 386
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 385x13
-      text run at (0,0) width 385: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
-layer at (11,162) size 140x13 scrollX 148 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 140x13 [color=#A9A9A9]
-    RenderText {#text} at (-148,0) size 288x13
-      text run at (-147,0) width 32: "Lorem"
-      text run at (-115,0) width 3: " "
-      text run at (-112,0) width 32: "ipsum"
-      text run at (-80,0) width 3: " "
-      text run at (-77,0) width 27: "dolor"
-      text run at (-50,0) width 3: " "
-      text run at (-47,0) width 13: "sit"
-      text run at (-34,0) width 3: " "
-      text run at (-31,0) width 30: "amet,"
-      text run at (-1,0) width 3: " "
-      text run at (1,0) width 64: "consectetur"
-      text run at (64,0) width 4: " "
-      text run at (67,0) width 54: "adipiscing"
-      text run at (120,0) width 4: " "
-      text run at (123,0) width 17: "elit"
-layer at (11,162) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (180,162) size 113x13 scrollX 175 scrollWidth 288
-  RenderBlock {DIV} at (22,3) size 113x13 [color=#A9A9A9]
-    RenderText {#text} at (-175,0) size 288x13
-      text run at (-174,0) width 32: "Lorem"
-      text run at (-142,0) width 3: " "
-      text run at (-139,0) width 32: "ipsum"
-      text run at (-107,0) width 3: " "
-      text run at (-104,0) width 27: "dolor"
-      text run at (-77,0) width 3: " "
-      text run at (-74,0) width 13: "sit"
-      text run at (-61,0) width 3: " "
-      text run at (-58,0) width 30: "amet,"
-      text run at (-28,0) width 3: " "
-      text run at (-25,0) width 63: "consectetur"
-      text run at (37,0) width 4: " "
-      text run at (40,0) width 54: "adipiscing"
-      text run at (93,0) width 4: " "
-      text run at (96,0) width 17: "elit"
-layer at (180,162) size 113x13
-  RenderBlock {DIV} at (0,0) size 113x13
-layer at (311,162) size 140x13 scrollX 148 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (-148,0) size 288x13
-      text run at (-147,0) width 32: "Lorem"
-      text run at (-115,0) width 3: " "
-      text run at (-112,0) width 32: "ipsum"
-      text run at (-80,0) width 3: " "
-      text run at (-77,0) width 27: "dolor"
-      text run at (-50,0) width 3: " "
-      text run at (-47,0) width 13: "sit"
-      text run at (-34,0) width 3: " "
-      text run at (-31,0) width 30: "amet,"
-      text run at (-1,0) width 3: " "
-      text run at (1,0) width 64: "consectetur"
-      text run at (64,0) width 4: " "
-      text run at (67,0) width 54: "adipiscing"
-      text run at (120,0) width 4: " "
-      text run at (123,0) width 17: "elit"
-layer at (480,162) size 113x13 scrollX 175 scrollWidth 288
-  RenderBlock {DIV} at (0,0) size 113x13
-    RenderText {#text} at (-175,0) size 288x13
-      text run at (-174,0) width 32: "Lorem"
-      text run at (-142,0) width 3: " "
-      text run at (-139,0) width 32: "ipsum"
-      text run at (-107,0) width 3: " "
-      text run at (-104,0) width 27: "dolor"
-      text run at (-77,0) width 3: " "
-      text run at (-74,0) width 13: "sit"
-      text run at (-61,0) width 3: " "
-      text run at (-58,0) width 30: "amet,"
-      text run at (-28,0) width 3: " "
-      text run at (-25,0) width 63: "consectetur"
-      text run at (37,0) width 4: " "
-      text run at (40,0) width 54: "adipiscing"
-      text run at (93,0) width 4: " "
-      text run at (96,0) width 17: "elit"
-layer at (611,162) size 140x13 backgroundClip at (611,162) size 139x13 clip at (611,162) size 139x13 scrollX 245 scrollWidth 385
-  RenderBlock {DIV} at (0,0) size 140x13
-    RenderText {#text} at (-245,0) size 385x13
-      text run at (-244,0) width 384: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
-layer at (257,215) size 141x13 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (257,215) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (408,215) size 141x13 scrollWidth 289
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (281,234) size 141x13 scrollWidth 288
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
-layer at (281,234) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (432,234) size 141x13 scrollWidth 289
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 288x13
-      text run at (0,0) width 288: "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
diff --git a/LayoutTests/platform/mac-ventura/fast/events/context-no-deselect-expected.txt b/LayoutTests/platform/mac-ventura/fast/events/context-no-deselect-expected.txt
deleted file mode 100644
index 67fedeb5af733..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/events/context-no-deselect-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 93x13
-      text run at (0,0) width 93: "some sample text"
-selection start: position 5 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of body
-selection end:   position 15 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/hide-auto-fill-strong-password-viewable-treatment-when-form-is-reset-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/hide-auto-fill-strong-password-viewable-treatment-when-form-is-reset-expected.txt
deleted file mode 100644
index 57bebbe5073a3..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/hide-auto-fill-strong-password-viewable-treatment-when-form-is-reset-expected.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x95
-  RenderBlock {HTML} at (0,0) size 800x95
-    RenderBody {BODY} at (8,16) size 784x71
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 780x36
-          text run at (0,0) width 780: "This tests that that an autofilled and viewable Strong Password decorated text field reverts to its original appearance when"
-          text run at (0,18) width 340: "the form is reset. It can only be tested in the test tool."
-      RenderBlock {FORM} at (0,52) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 141x13
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,71) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 63x13
-      text run at (0,0) width 63: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-auto-fill-button-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-auto-fill-button-expected.txt
deleted file mode 100644
index 2d644ba2495dc..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-auto-fill-button-expected.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600 isolatesBlending
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 503x18
-          text run at (0,0) width 503: "This tests that the AutoFill button renders. It can only be tested in the test tool."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,3) size 114x13
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,3) size 114x13
-        RenderText {#text} at (297,0) size 5x18
-          text run at (297,0) width 5: " "
-        RenderTextControl {INPUT} at (301,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,3) size 114x13
-        RenderTextControl {INPUT} at (448,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,3) size 114x13
-layer at (11,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (162,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (460,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (127,40) size 24x24 blendMode: luminosity
-  RenderBlock {DIV} at (115,-3) size 25x25
-layer at (278,40) size 24x24 blendMode: luminosity
-  RenderBlock {DIV} at (115,-3) size 25x25
-layer at (429,40) size 24x24 blendMode: luminosity
-  RenderBlock {DIV} at (115,-3) size 25x25
-layer at (576,40) size 24x24 blendMode: luminosity
-  RenderBlock {DIV} at (115,-3) size 25x25
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt
deleted file mode 100644
index 673840c55b792..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt
+++ /dev/null
@@ -1,57 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x96
-  RenderBlock {HTML} at (0,0) size 800x96
-    RenderBody {BODY} at (8,16) size 784x72
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 598x18
-          text run at (0,0) width 598: "This tests that the Address Book AutoFill button renders. It can only be tested in the test tool."
-      RenderBlock {DIV} at (0,34) size 784x38
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (297,0) size 5x18
-          text run at (297,0) width 5: " "
-        RenderTextControl {INPUT} at (301,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (448,0) size 5x18
-          text run at (448,0) width 5: " "
-        RenderTextControl {INPUT} at (452,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderTextControl {INPUT} at (599,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderTextControl {INPUT} at (0,19) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-layer at (11,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (162,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (464,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (611,53) size 114x13 backgroundClip at (611,53) size 113x13 clip at (611,53) size 113x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (11,72) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (128,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (279,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (430,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (581,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (727,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (128,73) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-credit-card-auto-fill-button-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-credit-card-auto-fill-button-expected.txt
deleted file mode 100644
index 88b7335e92244..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-credit-card-auto-fill-button-expected.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x77
-  RenderBlock {HTML} at (0,0) size 800x77
-    RenderBody {BODY} at (8,16) size 784x53
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 582x18
-          text run at (0,0) width 196: "This tests that the Credit Card "
-          text run at (195,0) width 387: "AutoFill button renders. It can only be tested in the test tool."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (297,0) size 5x18
-          text run at (297,0) width 5: " "
-        RenderTextControl {INPUT} at (301,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-        RenderText {#text} at (448,0) size 5x18
-          text run at (448,0) width 5: " "
-        RenderTextControl {INPUT} at (452,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 114x13
-layer at (11,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (162,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (464,53) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (128,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (279,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (430,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
-layer at (581,54) size 22x12
-  RenderBlock {DIV} at (116,0) size 23x13 [bgcolor=#000000]
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-strong-password-viewable-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-strong-password-viewable-expected.txt
deleted file mode 100644
index 1b9df24845087..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/auto-fill-button/input-strong-password-viewable-expected.txt
+++ /dev/null
@@ -1,64 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x202
-  RenderBlock {HTML} at (0,0) size 800x202
-    RenderBody {BODY} at (8,16) size 784x178
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 767x36
-          text run at (0,0) width 767: "This tests that the Strong Password AutoFill and viewable visual treatment renders in an auto-filled input. It can only be"
-          text run at (0,18) width 137: "tested in the test tool."
-      RenderBlock {DIV} at (0,52) size 784x126
-        RenderTextControl {INPUT} at (0,1) size 159x19 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-        RenderText {#text} at (159,0) size 4x18
-          text run at (159,0) width 4: " "
-        RenderTextControl {INPUT} at (163,1) size 159x19 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 153x13
-            RenderBlock {DIV} at (0,0) size 153x13
-        RenderText {#text} at (322,0) size 4x18
-          text run at (322,0) width 4: " "
-        RenderTextControl {INPUT} at (326,1) size 306x19 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 300x13
-            RenderBlock {DIV} at (0,0) size 300x13
-        RenderText {#text} at (632,0) size 4x18
-          text run at (632,0) width 4: " "
-        RenderTextControl {INPUT} at (636,1) size 26x19 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 20x13
-            RenderBlock {DIV} at (0,0) size 20x13
-        RenderText {#text} at (0,0) size 0x0
-        RenderTextControl {INPUT} at (0,20) size 159x106 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 153x100
-            RenderBlock {DIV} at (0,43) size 153x14
-        RenderText {#text} at (159,62) size 4x18
-          text run at (159,62) width 4: " "
-        RenderTextControl {INPUT} at (163,20) size 26x106 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 20x100
-            RenderBlock {DIV} at (0,43) size 20x14
-        RenderText {#text} at (189,62) size 4x18
-          text run at (189,62) width 4: " "
-        RenderTextControl {INPUT} at (193,63) size 159x19 [bgcolor=#FAFFBD] [border: (2px inset #808080)]
-layer at (11,72) size 153x13 scrollWidth 285
-  RenderBlock {DIV} at (3,3) size 153x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (174,72) size 153x13 scrollWidth 285
-  RenderBlock {DIV} at (0,0) size 153x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (337,72) size 300x13
-  RenderBlock {DIV} at (0,0) size 300x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (647,72) size 20x13 scrollWidth 285
-  RenderBlock {DIV} at (0,0) size 20x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (11,135) size 153x13 scrollWidth 285
-  RenderBlock {DIV} at (0,0) size 153x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (174,135) size 20x13 scrollWidth 285
-  RenderBlock {DIV} at (0,0) size 20x13
-    RenderText {#text} at (0,0) size 284x13
-      text run at (0,0) width 284: "A quick brown fox jumped over the lazy dog."
-layer at (204,134) size 153x13
-  RenderBlock {DIV} at (3,3) size 153x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/basic-inputs-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/basic-inputs-expected.txt
deleted file mode 100644
index 85150c3137807..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/basic-inputs-expected.txt
+++ /dev/null
@@ -1,88 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 470x582
-      RenderBlock (anonymous) at (0,0) size 470x306
-        RenderText {#text} at (0,0) size 328x18
-          text run at (0,0) width 328: "This tests basic inputs. Here's what you should see:"
-        RenderBR {BR} at (327,0) size 1x18
-        RenderBR {BR} at (0,18) size 0x18
-        RenderText {#text} at (0,36) size 461x54
-          text run at (0,36) width 442: "first line: the letter \"a\" and then a text input field filled with repeating"
-          text run at (0,54) width 86: "\"foobarbaz\", "
-          text run at (85,54) width 376: "then the word \"text\" followed by a disabled text input field"
-          text run at (0,72) width 331: "filled with \"foo\" and then the letter \"b\" and then \"a\""
-        RenderBR {BR} at (330,72) size 1x18
-        RenderBR {BR} at (0,90) size 0x18
-        RenderText {#text} at (0,108) size 467x54
-          text run at (0,108) width 437: "second line: and then a password input field that's filled and then the"
-          text run at (0,126) width 467: "word \"password\" and then a disabled password field that's filled and then"
-          text run at (0,144) width 82: "the letter \"b\""
-        RenderBR {BR} at (81,144) size 1x18
-        RenderBR {BR} at (0,162) size 0x18
-        RenderText {#text} at (0,180) size 459x36
-          text run at (0,180) width 459: "third line: the letter \"a\" and then a checkbox (unchecked) with the word"
-          text run at (0,198) width 356: "\"checkbox\" and then a disabled checkbox and letter \"b\""
-        RenderBR {BR} at (355,198) size 1x18
-        RenderBR {BR} at (0,216) size 0x18
-        RenderText {#text} at (0,234) size 457x54
-          text run at (0,234) width 411: "fourth line: the last line has the letter \"a\" and then a redio button"
-          text run at (0,252) width 457: "(unselected) and then the word \"radio\" and then a disabled radio button"
-          text run at (0,270) width 109: "and the letter \"b\""
-        RenderBR {BR} at (108,270) size 1x18
-        RenderBR {BR} at (0,288) size 0x18
-      RenderBlock {DIV} at (10,316) size 450x40 [border: (1px solid #FF0000)]
-        RenderText {#text} at (1,1) size 8x18
-          text run at (1,1) width 8: "a"
-        RenderTextControl {INPUT} at (8,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (154,1) size 29x18
-          text run at (154,1) width 29: "text "
-        RenderTextControl {INPUT} at (182,1) size 147x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (328,1) size 20x18
-          text run at (328,1) width 13: "b "
-          text run at (340,1) width 8: "a"
-        RenderTextControl {INPUT} at (1,20) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 141x13
-        RenderText {#text} at (147,20) size 66x18
-          text run at (147,20) width 66: "password "
-        RenderTextControl {INPUT} at (212,20) size 147x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 140x13
-            RenderBlock {DIV} at (0,0) size 140x13
-        RenderText {#text} at (358,20) size 9x18
-          text run at (358,20) width 9: "b"
-      RenderBlock {DIV} at (10,366) size 450x21 [border: (1px solid #FF0000)]
-        RenderText {#text} at (1,1) size 8x18
-          text run at (1,1) width 8: "a"
-        RenderBlock {INPUT} at (10,5) size 13x12
-        RenderText {#text} at (24,1) size 66x18
-          text run at (24,1) width 66: "checkbox "
-        RenderBlock {INPUT} at (91,5) size 13x12 [color=color(srgb 0.341176 0.341176 0.341176)]
-        RenderText {#text} at (105,1) size 9x18
-          text run at (105,1) width 9: "b"
-      RenderBlock {DIV} at (10,397) size 450x21 [border: (1px solid #FF0000)]
-        RenderText {#text} at (1,1) size 8x18
-          text run at (1,1) width 8: "a"
-        RenderBlock {INPUT} at (10,5) size 13x12
-        RenderText {#text} at (24,1) size 37x18
-          text run at (24,1) width 37: "radio "
-        RenderBlock {INPUT} at (62,5) size 13x12 [color=color(srgb 0.341176 0.341176 0.341176)]
-        RenderText {#text} at (76,1) size 9x18
-          text run at (76,1) width 9: "b"
-layer at (29,328) size 141x13 scrollWidth 160
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 160x13
-      text run at (0,0) width 160: "foobarbazfoobarbazfoobarbaz"
-layer at (204,328) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 17x13
-      text run at (0,0) width 17: "foo"
-layer at (22,347) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 21x13
-      text run at (0,0) width 21: "\x{F79A}\x{F79A}\x{F79A}"
-layer at (233,347) size 140x13
-  RenderBlock {DIV} at (0,0) size 140x13
-    RenderText {#text} at (0,0) size 21x13
-      text run at (0,0) width 21: "\x{F79A}\x{F79A}\x{F79A}"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/box-shadow-override-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/box-shadow-override-expected.txt
deleted file mode 100644
index f35a527f3006e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/box-shadow-override-expected.txt
+++ /dev/null
@@ -1,83 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 399x18
-          text run at (0,0) width 399: "Tests that box shadow is not applied to Aqua-themed controls."
-      RenderBlock {P} at (0,34) size 784x18
-        RenderText {#text} at (0,0) size 259x18
-          text run at (0,0) width 259: "You should not see any red on this page."
-      RenderBlock {DIV} at (0,68) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,87) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 17x19
-            RenderBlock {DIV} at (17,3) size 105x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,106) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 22x19
-            RenderBlock {DIV} at (22,3) size 100x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,125) size 784x28
-        RenderBlock {INPUT} at (2,11) size 12x12
-        RenderText {#text} at (16,7) size 4x18
-          text run at (16,7) width 4: " "
-        RenderBlock {INPUT} at (22,11) size 12x12
-        RenderText {#text} at (36,7) size 4x18
-          text run at (36,7) width 4: " "
-        RenderSlider {INPUT} at (42,4) size 129x17 [color=#909090] [bgcolor=#FFFFFF]
-          RenderFlexibleBox {DIV} at (0,0) size 129x17
-            RenderBlock {DIV} at (0,0) size 129x17
-              RenderBlock {DIV} at (56,0) size 17x17
-        RenderText {#text} at (173,7) size 4x18
-          text run at (173,7) width 4: " "
-        RenderFileUploadControl {INPUT} at (177,8) size 238x18 "no file selected"
-          RenderButton {INPUT} at (0,0) size 78x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 62x13
-              RenderText at (0,0) size 62x13
-                text run at (0,0) width 62: "Choose File"
-        RenderText {#text} at (415,7) size 4x18
-          text run at (415,7) width 4: " "
-        RenderButton {INPUT} at (419,0) size 75x28 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 59x23
-            RenderText at (0,0) size 59x23
-              text run at (0,0) width 59: "Button"
-        RenderText {#text} at (493,7) size 5x18
-          text run at (493,7) width 5: " "
-        RenderButton {INPUT} at (497,8) size 52x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText at (0,0) size 35x13
-              text run at (0,0) width 35: "Button"
-        RenderText {#text} at (548,7) size 5x18
-          text run at (548,7) width 5: " "
-        RenderButton {INPUT} at (552,12) size 34x15 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,4) size 17x6
-            RenderText at (0,0) size 17x6
-              text run at (0,0) width 17: "Button"
-        RenderText {#text} at (585,7) size 5x18
-          text run at (585,7) width 5: " "
-        RenderButton {BUTTON} at (589,0) size 75x28 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 59x23
-            RenderText {#text} at (0,0) size 59x23
-              text run at (0,0) width 59: "Button"
-        RenderText {#text} at (0,0) size 0x0
-layer at (19,79) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 37x13
-      text run at (0,0) width 37: "Search"
-layer at (28,98) size 105x13
-  RenderBlock {DIV} at (0,0) size 105x13
-layer at (33,117) size 100x13
-  RenderBlock {DIV} at (0,0) size 100x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/control-restrict-line-height-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/control-restrict-line-height-expected.txt
deleted file mode 100644
index 266510c8be5fd..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/control-restrict-line-height-expected.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 529x18
-        text run at (0,0) width 529: "This tests that we don't honor line-height for controls that have restricted font size."
-      RenderBR {BR} at (528,0) size 1x18
-      RenderMenuList {SELECT} at (0,18) size 302x18 [bgcolor=#FFFFFF]
-        RenderBlock (anonymous) at (0,0) size 302x18
-          RenderText at (8,2) size 271x13
-            text run at (8,2) width 271: "This text should be centered vertically in the button"
-      RenderBR {BR} at (302,17) size 0x18
-      RenderButton {INPUT} at (0,36) size 287x32 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-        RenderBlock (anonymous) at (8,2) size 271x27
-          RenderText at (0,6) size 271x13
-            text run at (0,6) width 271: "This text should be centered vertically in the button"
-      RenderBR {BR} at (286,41) size 1x18
-      RenderTextControl {INPUT} at (0,67) size 147x20 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 114x13
-          RenderBlock {DIV} at (121,0) size 20x19
-      RenderText {#text} at (0,0) size 0x0
-layer at (19,79) size 114x13 scrollWidth 271
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 271x13
-      text run at (0,0) width 271: "This text should be centered vertically in the button"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/cursor-at-editable-content-boundary-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/cursor-at-editable-content-boundary-expected.txt
deleted file mode 100644
index aa4dbd36f7fb2..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/cursor-at-editable-content-boundary-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-autowrap text area with dir=rtl.
-
-nowrap text area with dir=rtl.
-
-autowrap text area with dir=ltr.
-
-vertical text.
-
-FAIL test id: textarea_rtl_no_wrap (text width: 107 != caretRange: 106), which means moving caret in the text, caret might be invisible or overlap with element.
-
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/datalist/datalist-searchinput-appearance-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/datalist/datalist-searchinput-appearance-expected.txt
deleted file mode 100644
index 2566b6e4645f4..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/datalist/datalist-searchinput-appearance-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x35
-  RenderBlock {HTML} at (0,0) size 800x35
-    RenderBody {BODY} at (8,8) size 784x19
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 102x13
-          RenderBlock {DIV} at (109,0) size 20x19
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (19,11) size 102x13
-  RenderBlock {DIV} at (0,0) size 102x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/encoding-test-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/encoding-test-expected.txt
deleted file mode 100644
index fcc8fb02b2a94..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/encoding-test-expected.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {FORM} at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,35) size 784x18
-        RenderText {#text} at (0,0) size 127x18
-          text run at (0,0) width 127: "multipart/form-data"
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/fieldset-align-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/fieldset-align-expected.txt
deleted file mode 100644
index 4cb2e9ddaa171..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/fieldset-align-expected.txt
+++ /dev/null
@@ -1,181 +0,0 @@
-layer at (0,0) size 785x1323
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x1323
-  RenderBlock {HTML} at (0,0) size 785x1323
-    RenderBody {BODY} at (8,8) size 769x1300
-      RenderBlock {P} at (0,0) size 769x18
-        RenderText {#text} at (0,0) size 111x18
-          text run at (0,0) width 111: "Legend align test"
-      RenderFieldSet {FIELDSET} at (2,34) size 765x55 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (14,0) size 104x18
-          RenderText {#text} at (2,0) size 100x18
-            text run at (2,0) width 100: "My Legend left"
-        RenderBlock (anonymous) at (14,23) size 737x20
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (2,88) size 765x56 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (321,0) size 123x18
-          RenderText {#text} at (2,0) size 118x18
-            text run at (2,0) width 118: "My Legend center"
-        RenderBlock (anonymous) at (14,23) size 737x20
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (2,143) size 765x55 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (638,0) size 113x18
-          RenderText {#text} at (2,0) size 109x18
-            text run at (2,0) width 109: "My Legend right"
-        RenderBlock (anonymous) at (14,23) size 737x20
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (2,197) size 765x56 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (14,0) size 127x18
-          RenderText {#text} at (2,0) size 123x18
-            text run at (2,0) width 123: "My Legend default"
-        RenderBlock (anonymous) at (14,23) size 737x20
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,278) size 769x19
-        RenderText {#text} at (0,0) size 148x18
-          text run at (0,0) width 148: "Legend align test, RTL"
-      RenderBlock (anonymous) at (0,312) size 769x0
-        RenderInline {SPAN} at (0,0) size 0x0
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,312) size 769x219
-        RenderFieldSet {FIELDSET} at (2,0) size 765x55 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (14,0) size 104x18
-            RenderText {#text} at (2,0) size 100x18
-              text run at (2,0) width 100: "My Legend left"
-          RenderBlock (anonymous) at (14,23) size 737x20
-            RenderTextControl {INPUT} at (591,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (2,54) size 765x56 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (321,0) size 123x18
-            RenderText {#text} at (2,0) size 118x18
-              text run at (2,0) width 118: "My Legend center"
-          RenderBlock (anonymous) at (14,23) size 737x20
-            RenderTextControl {INPUT} at (591,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (2,109) size 765x55 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (638,0) size 113x18
-            RenderText {#text} at (2,0) size 109x18
-              text run at (2,0) width 109: "My Legend right"
-          RenderBlock (anonymous) at (14,23) size 737x20
-            RenderTextControl {INPUT} at (591,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (2,163) size 765x56 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (624,0) size 127x18
-            RenderText {#text} at (2,0) size 123x18
-              text run at (2,0) width 123: "My Legend default"
-          RenderBlock (anonymous) at (14,23) size 737x20
-            RenderTextControl {INPUT} at (591,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,530) size 769x0
-        RenderInline {SPAN} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,556) size 769x19
-        RenderText {#text} at (0,0) size 275x18
-          text run at (0,0) width 275: "Legend align test with margin and padding"
-      RenderFieldSet {FIELDSET} at (15,590) size 739x70 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (17,0) size 104x18
-          RenderText {#text} at (2,0) size 100x18
-            text run at (2,0) width 100: "My Legend left"
-        RenderBlock (anonymous) at (17,33) size 705x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (15,674) size 739x70 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (308,0) size 123x18
-          RenderText {#text} at (2,0) size 118x18
-            text run at (2,0) width 118: "My Legend center"
-        RenderBlock (anonymous) at (17,33) size 705x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (15,758) size 739x70 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (609,0) size 113x18
-          RenderText {#text} at (2,0) size 109x18
-            text run at (2,0) width 109: "My Legend right"
-        RenderBlock (anonymous) at (17,33) size 705x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderFieldSet {FIELDSET} at (15,842) size 739x70 [border: (2px groove #C0C0C0)]
-        RenderBlock {LEGEND} at (17,0) size 127x18
-          RenderText {#text} at (2,0) size 123x18
-            text run at (2,0) width 123: "My Legend default"
-        RenderBlock (anonymous) at (17,33) size 705x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,944) size 769x19
-        RenderText {#text} at (0,0) size 312x18
-          text run at (0,0) width 312: "Legend align test with margin and padding, RTL"
-      RenderBlock (anonymous) at (0,978) size 769x0
-        RenderInline {SPAN} at (0,0) size 0x0
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,978) size 769x322
-        RenderFieldSet {FIELDSET} at (15,0) size 739x69 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (17,0) size 104x18
-            RenderText {#text} at (2,0) size 100x18
-              text run at (2,0) width 100: "My Legend left"
-          RenderBlock (anonymous) at (17,33) size 705x19
-            RenderTextControl {INPUT} at (559,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (15,84) size 739x69 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (308,0) size 123x18
-            RenderText {#text} at (2,0) size 118x18
-              text run at (2,0) width 118: "My Legend center"
-          RenderBlock (anonymous) at (17,33) size 705x19
-            RenderTextControl {INPUT} at (559,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (15,168) size 739x69 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (609,0) size 113x18
-            RenderText {#text} at (2,0) size 109x18
-              text run at (2,0) width 109: "My Legend right"
-          RenderBlock (anonymous) at (17,33) size 705x19
-            RenderTextControl {INPUT} at (559,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-        RenderFieldSet {FIELDSET} at (15,252) size 739x69 [border: (2px groove #C0C0C0)]
-          RenderBlock {LEGEND} at (595,0) size 127x18
-            RenderText {#text} at (2,0) size 123x18
-              text run at (2,0) width 123: "My Legend default"
-          RenderBlock (anonymous) at (17,33) size 705x19
-            RenderTextControl {INPUT} at (559,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,1314) size 769x0
-        RenderInline {SPAN} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (27,69) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (27,123) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (27,178) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (27,232) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,268) size 769x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,260) size 769x3 [color=#808080] [border: (1px inset #808080)]
-layer at (618,347) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (618,402) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (618,456) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (618,511) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (8,547) size 769x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,538) size 769x3 [color=#808080] [border: (1px inset #808080)]
-layer at (43,635) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (43,719) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (43,803) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (43,887) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,935) size 769x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,926) size 769x3 [color=#808080] [border: (1px inset #808080)]
-layer at (602,1023) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (602,1107) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (602,1191) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (602,1275) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/form-element-geometry-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/form-element-geometry-expected.txt
deleted file mode 100644
index a884f29de68b8..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/form-element-geometry-expected.txt
+++ /dev/null
@@ -1,261 +0,0 @@
-layer at (0,0) size 785x614
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x614
-  RenderBlock {HTML} at (0,0) size 785x614
-    RenderBody {BODY} at (8,8) size 769x598
-      RenderBlock {H1} at (0,0) size 769x37
-        RenderText {#text} at (0,0) size 420x37
-          text run at (0,0) width 420: "Form Element Geometry Tests"
-      RenderBlock {P} at (0,58) size 769x19
-        RenderText {#text} at (0,0) size 551x18
-          text run at (0,0) width 551: "These tests help us tune the widget classes in KWQ to have all the right fudge factors."
-      RenderBlock {H2} at (0,96) size 769x29
-        RenderText {#text} at (0,0) size 167x28
-          text run at (0,0) width 167: "Bounding Boxes"
-      RenderTable {TABLE} at (0,144) size 169x29
-        RenderTableSection {TBODY} at (0,0) size 169x28
-          RenderTableRow {TR} at (0,2) size 169x24
-            RenderTableCell {TD} at (2,2) size 57x24 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 55x22 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,-7) size 51x28
-                  RenderButton {INPUT} at (2,2) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 35x13
-                      RenderText at (0,0) size 35x13
-                        text run at (0,0) width 35: "button"
-            RenderTableCell {TD} at (60,2) size 67x24 [r=0 c=1 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 64x22 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,-7) size 60x28
-                  RenderMenuList {SELECT} at (2,2) size 60x18 [bgcolor=#FFFFFF]
-                    RenderBlock (anonymous) at (0,0) size 60x18
-                      RenderText at (8,2) size 29x13
-                        text run at (8,2) width 29: "menu"
-            RenderTableCell {TD} at (128,5) size 19x18 [r=0 c=2 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,-10) size 12x28
-                  RenderBlock {INPUT} at (2,2) size 12x12
-            RenderTableCell {TD} at (148,5) size 19x18 [r=0 c=3 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,-10) size 12x28
-                  RenderBlock {INPUT} at (2,2) size 12x12
-      RenderTable {TABLE} at (0,172) size 169x29
-        RenderTableSection {TBODY} at (0,0) size 169x28
-          RenderTableRow {TR} at (0,2) size 169x24
-            RenderTableCell {TD} at (2,2) size 57x24 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 55x22 [border: (2px solid #0000FF)]
-                RenderButton {INPUT} at (2,2) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 35x13
-                    RenderText at (0,0) size 35x13
-                      text run at (0,0) width 35: "button"
-            RenderTableCell {TD} at (60,2) size 67x24 [r=0 c=1 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 64x22 [border: (2px solid #0000FF)]
-                RenderMenuList {SELECT} at (2,2) size 60x18 [bgcolor=#FFFFFF]
-                  RenderBlock (anonymous) at (0,0) size 60x18
-                    RenderText at (8,2) size 29x13
-                      text run at (8,2) width 29: "menu"
-            RenderTableCell {TD} at (128,5) size 19x18 [r=0 c=2 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderBlock {INPUT} at (2,2) size 12x12
-            RenderTableCell {TD} at (148,5) size 19x18 [r=0 c=3 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderBlock {INPUT} at (2,2) size 12x12
-      RenderTable {TABLE} at (0,200) size 169x29
-        RenderTableSection {TBODY} at (0,0) size 169x28
-          RenderTableRow {TR} at (0,2) size 169x24
-            RenderTableCell {TD} at (2,2) size 57x24 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 55x22 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,5) size 51x13
-                  RenderButton {INPUT} at (2,2) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 35x13
-                      RenderText at (0,0) size 35x13
-                        text run at (0,0) width 35: "button"
-            RenderTableCell {TD} at (60,2) size 67x24 [r=0 c=1 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 64x22 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,5) size 60x13
-                  RenderMenuList {SELECT} at (2,2) size 60x18 [bgcolor=#FFFFFF]
-                    RenderBlock (anonymous) at (0,0) size 60x18
-                      RenderText at (8,2) size 29x13
-                        text run at (8,2) width 29: "menu"
-            RenderTableCell {TD} at (128,5) size 19x18 [r=0 c=2 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,2) size 12x13
-                  RenderBlock {INPUT} at (2,2) size 12x12
-            RenderTableCell {TD} at (148,5) size 19x18 [r=0 c=3 rs=1 cs=1]
-              RenderBlock {DIV} at (1,4) size 16x16 [border: (2px solid #0000FF)]
-                RenderInline {FONT} at (2,2) size 12x13
-                  RenderBlock {INPUT} at (2,2) size 12x12
-      RenderTable {TABLE} at (0,228) size 543x68
-        RenderTableSection {TBODY} at (0,0) size 543x67
-          RenderTableRow {TR} at (0,2) size 543x63
-            RenderTableCell {TD} at (2,2) size 83x25 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 81x23 [border: (2px solid #0000FF)]
-                RenderTextControl {INPUT} at (2,2) size 77x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableCell {TD} at (86,2) size 40x63 [r=0 c=1 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 37x61 [border: (2px solid #0000FF)]
-                RenderListBox {SELECT} at (2,2) size 33x57 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (127,2) size 245x24 [r=0 c=2 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 242x22 [border: (2px solid #0000FF)]
-                RenderFileUploadControl {INPUT} at (2,2) size 238x18 "no file selected"
-                  RenderButton {INPUT} at (0,0) size 78x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 62x13
-                      RenderText at (0,0) size 62x13
-                        text run at (0,0) width 62: "Choose File"
-            RenderTableCell {TD} at (373,2) size 168x38 [r=0 c=3 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 165x36 [border: (2px solid #0000FF)]
-      RenderBlock {H2} at (0,315) size 769x29
-        RenderText {#text} at (0,0) size 200x28
-          text run at (0,0) width 200: "Baseline Alignment"
-      RenderBlock {DIV} at (0,363) size 769x29
-        RenderInline {FONT} at (0,0) size 203x28
-          RenderText {#text} at (0,0) size 42x28
-            text run at (0,0) width 42: "text "
-          RenderButton {INPUT} at (41,9) size 52x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 35x13
-              RenderText at (0,0) size 35x13
-                text run at (0,0) width 35: "button"
-          RenderText {#text} at (92,0) size 7x28
-            text run at (92,0) width 7: " "
-          RenderMenuList {SELECT} at (98,9) size 61x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 60x18
-              RenderText at (8,2) size 29x13
-                text run at (8,2) width 29: "menu"
-          RenderText {#text} at (158,0) size 7x28
-            text run at (158,0) width 7: " "
-          RenderBlock {INPUT} at (166,12) size 13x12
-          RenderText {#text} at (180,0) size 7x28
-            text run at (180,0) width 7: " "
-          RenderBlock {INPUT} at (188,12) size 13x12
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,391) size 769x20
-        RenderText {#text} at (0,0) size 28x18
-          text run at (0,0) width 28: "text "
-        RenderButton {INPUT} at (27,1) size 52x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText at (0,0) size 35x13
-              text run at (0,0) width 35: "button"
-        RenderText {#text} at (78,0) size 5x18
-          text run at (78,0) width 5: " "
-        RenderMenuList {SELECT} at (82,1) size 61x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 60x18
-            RenderText at (8,2) size 29x13
-              text run at (8,2) width 29: "menu"
-        RenderText {#text} at (142,0) size 5x18
-          text run at (142,0) width 5: " "
-        RenderBlock {INPUT} at (148,4) size 13x12
-        RenderText {#text} at (162,0) size 5x18
-          text run at (162,0) width 5: " "
-        RenderBlock {INPUT} at (168,4) size 13x12
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,410) size 769x19
-        RenderInline {FONT} at (0,3) size 168x13
-          RenderText {#text} at (0,3) size 18x13
-            text run at (0,3) width 18: "text "
-          RenderButton {INPUT} at (17,0) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 35x13
-              RenderText at (0,0) size 35x13
-                text run at (0,0) width 35: "button"
-          RenderText {#text} at (67,3) size 4x13
-            text run at (67,3) width 4: " "
-          RenderMenuList {SELECT} at (70,0) size 61x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 60x18
-              RenderText at (8,2) size 29x13
-                text run at (8,2) width 29: "menu"
-          RenderText {#text} at (130,3) size 3x13
-            text run at (130,3) width 3: " "
-          RenderBlock {INPUT} at (134,3) size 13x12
-          RenderText {#text} at (148,3) size 4x13
-            text run at (148,3) width 4: " "
-          RenderBlock {INPUT} at (153,3) size 13x12
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,428) size 769x38
-        RenderText {#text} at (0,18) size 28x18
-          text run at (0,18) width 28: "text "
-        RenderTextControl {INPUT} at (27,18) size 78x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (104,18) size 5x18
-          text run at (104,18) width 5: " "
-        RenderFileUploadControl {INPUT} at (108,19) size 239x18 "no file selected"
-          RenderButton {INPUT} at (0,0) size 78x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 62x13
-              RenderText at (0,0) size 62x13
-                text run at (0,0) width 62: "Choose File"
-        RenderText {#text} at (346,18) size 5x18
-          text run at (346,18) width 5: " "
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {H2} at (0,484) size 769x29
-        RenderText {#text} at (0,0) size 198x28
-          text run at (0,0) width 198: "Pop-up Menu Sizes"
-      RenderBlock {DIV} at (0,532) size 769x29
-        RenderInline {FONT} at (0,0) size 162x28
-          RenderText {#text} at (0,0) size 0x0
-          RenderMenuList {SELECT} at (0,9) size 36x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 36x18
-              RenderText at (8,2) size 0x13
-                text run at (8,2) width 0: " "
-          RenderText {#text} at (36,0) size 6x28
-            text run at (36,0) width 6: " "
-          RenderMenuList {SELECT} at (42,9) size 36x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 36x18
-              RenderText at (8,2) size 3x13
-                text run at (8,2) width 3: "|"
-          RenderText {#text} at (78,0) size 6x28
-            text run at (78,0) width 6: " "
-          RenderMenuList {SELECT} at (84,9) size 78x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 78x18
-              RenderText at (8,2) size 47x13
-                text run at (8,2) width 47: "xxxxxxxx"
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,560) size 769x20
-        RenderMenuList {SELECT} at (0,1) size 36x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 36x18
-            RenderText at (8,2) size 0x13
-              text run at (8,2) width 0: " "
-        RenderText {#text} at (36,0) size 4x18
-          text run at (36,0) width 4: " "
-        RenderMenuList {SELECT} at (40,1) size 36x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 36x18
-            RenderText at (8,2) size 3x13
-              text run at (8,2) width 3: "|"
-        RenderText {#text} at (76,0) size 4x18
-          text run at (76,0) width 4: " "
-        RenderMenuList {SELECT} at (80,1) size 78x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 78x18
-            RenderText at (8,2) size 47x13
-              text run at (8,2) width 47: "xxxxxxxx"
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,579) size 769x19
-        RenderInline {FONT} at (0,3) size 155x13
-          RenderText {#text} at (0,0) size 0x0
-          RenderMenuList {SELECT} at (0,0) size 36x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 36x18
-              RenderText at (8,2) size 0x13
-                text run at (8,2) width 0: " "
-          RenderText {#text} at (36,3) size 3x13
-            text run at (36,3) width 3: " "
-          RenderMenuList {SELECT} at (38,0) size 37x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 36x18
-              RenderText at (8,2) size 3x13
-                text run at (8,2) width 3: "|"
-          RenderText {#text} at (74,3) size 3x13
-            text run at (74,3) width 3: " "
-          RenderMenuList {SELECT} at (77,0) size 78x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 78x18
-              RenderText at (8,2) size 47x13
-                text run at (8,2) width 47: "xxxxxxxx"
-          RenderText {#text} at (0,0) size 0x0
-layer at (16,244) size 71x13
-  RenderBlock {DIV} at (3,3) size 71x13
-    RenderText {#text} at (0,0) size 47x13
-      text run at (0,0) width 47: "text field"
-layer at (385,241) size 161x32 clip at (386,242) size 159x30
-  RenderTextControl {TEXTAREA} at (2,2) size 161x32 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 155x13
-      RenderText {#text} at (0,0) size 43x13
-        text run at (0,0) width 43: "textarea"
-layer at (39,457) size 71x13
-  RenderBlock {DIV} at (3,3) size 71x13
-    RenderText {#text} at (0,0) size 47x13
-      text run at (0,0) width 47: "text field"
-layer at (359,436) size 161x32 clip at (360,437) size 159x30
-  RenderTextControl {TEXTAREA} at (350,0) size 162x32 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 155x13
-      RenderText {#text} at (0,0) size 43x13
-        text run at (0,0) width 43: "textarea"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-align-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-align-expected.txt
deleted file mode 100644
index a07f3eca81b37..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-align-expected.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 576x18
-          text run at (0,0) width 576: "The following 5 inputs should be all be rendered exactly the same, aligned to the left side."
-      RenderBlock (anonymous) at (0,34) size 784x76
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBR {BR} at (146,0) size 1x18
-        RenderTextControl {INPUT} at (0,19) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBR {BR} at (146,19) size 1x18
-        RenderTextControl {INPUT} at (0,38) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBR {BR} at (146,38) size 1x18
-        RenderTextControl {INPUT} at (0,57) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBR {BR} at (146,57) size 1x18
-      RenderBlock {DIV} at (0,110) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 97x13
-      text run at (0,0) width 97: "The quick brown..."
-layer at (11,64) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 97x13
-      text run at (0,0) width 97: "The quick brown..."
-layer at (11,83) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 97x13
-      text run at (0,0) width 97: "The quick brown..."
-layer at (11,102) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 97x13
-      text run at (0,0) width 97: "The quick brown..."
-layer at (11,121) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 97x13
-      text run at (0,0) width 97: "The quick brown..."
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-bkcolor-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-bkcolor-expected.txt
deleted file mode 100644
index 6bd2cd275f0c8..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-bkcolor-expected.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 574x18
-        text run at (0,0) width 574: "This tests that background color and background images can be set on the new text fields."
-      RenderBR {BR} at (573,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFC0CB] [border: (2px inset #808080)]
-      RenderBR {BR} at (146,18) size 1x18
-      RenderTextControl {INPUT} at (0,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 106x13
-      text run at (0,0) width 106: "This should be pink."
-layer at (11,48) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-default-bkcolor-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-default-bkcolor-expected.txt
deleted file mode 100644
index 2be8ee342d95e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-default-bkcolor-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584 [bgcolor=#800080]
-      RenderText {#text} at (0,0) size 479x18
-        text run at (0,0) width 479: "This tests that the default background color for the new text fields is white."
-      RenderBR {BR} at (479,0) size 0x18
-      RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 112x13
-      text run at (0,0) width 112: "This should be white."
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-focus-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-focus-expected.txt
deleted file mode 100644
index 6a310cbe74d91..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-focus-expected.txt
+++ /dev/null
@@ -1,35 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 769x18
-          text run at (0,0) width 769: "This test uses the new text field to test focus() and blur() and to make sure that onFocus and onBlur events fire correctly."
-      RenderBlock {P} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,69) size 784x72
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 324x18
-          text run at (0,18) width 324: "Test Passed. Text field 1's onFocus event has fired."
-        RenderBR {BR} at (323,18) size 1x18
-        RenderText {#text} at (0,36) size 314x18
-          text run at (0,36) width 314: "Test Passed. Text field 1's onBlur event has fired."
-        RenderBR {BR} at (313,36) size 1x18
-        RenderText {#text} at (0,54) size 324x18
-          text run at (0,54) width 324: "Test Passed. Text field 2's onFocus event has fired."
-      RenderBlock {P} at (0,157) size 784x0
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 78x13
-      text run at (0,0) width 78: "My Text Field 1"
-layer at (162,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 80x13
-      text run at (0,0) width 80: "My Text Field 2"
-selection start: position 0 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of child 1 {P} of body
-selection end:   position 15 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of child 1 {P} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-height-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-height-expected.txt
deleted file mode 100644
index 45ee1e6cd09fe..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-height-expected.txt
+++ /dev/null
@@ -1,97 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 781x18
-          text run at (0,0) width 781: "This tests the height attribute of form elements. The only element that should honour this value is the Image type of input."
-      RenderBlock {FORM} at (0,18) size 784x231
-        RenderText {#text} at (0,0) size 37x18
-          text run at (0,0) width 37: "input "
-        RenderTextControl {INPUT} at (36,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (183,0) size 1x18
-        RenderText {#text} at (0,19) size 28x18
-          text run at (0,19) width 28: "text "
-        RenderTextControl {INPUT} at (27,19) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (174,19) size 1x18
-        RenderText {#text} at (0,38) size 66x18
-          text run at (0,38) width 66: "checkbox "
-        RenderBlock {INPUT} at (67,42) size 13x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (81,38) size 1x18
-        RenderText {#text} at (0,57) size 25x18
-          text run at (0,57) width 25: "file "
-        RenderFileUploadControl {INPUT} at (24,58) size 239x18 "no file selected"
-          RenderButton {INPUT} at (0,0) size 78x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 62x13
-              RenderText at (0,0) size 62x13
-                text run at (0,0) width 62: "Choose File"
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (262,57) size 1x18
-        RenderText {#text} at (0,76) size 44x18
-          text run at (0,76) width 44: "image "
-        RenderImage {INPUT} at (43,89) size 11x1
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (53,76) size 1x18
-        RenderText {#text} at (0,94) size 37x18
-          text run at (0,94) width 37: "radio "
-        RenderBlock {INPUT} at (38,98) size 13x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (52,94) size 1x18
-        RenderText {#text} at (0,118) size 40x18
-          text run at (0,118) width 40: "range "
-        RenderSlider {INPUT} at (41,115) size 130x17 [color=#909090] [bgcolor=#FFFFFF]
-          RenderFlexibleBox {DIV} at (0,0) size 129x17
-            RenderBlock {DIV} at (0,0) size 129x17
-              RenderBlock {DIV} at (56,0) size 17x17
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (172,118) size 1x18
-        RenderText {#text} at (0,136) size 35x18
-          text run at (0,136) width 35: "reset "
-        RenderButton {INPUT} at (34,137) size 46x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 30x13
-            RenderText at (0,0) size 30x13
-              text run at (0,0) width 30: "Reset"
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (79,136) size 1x18
-        RenderText {#text} at (0,155) size 48x18
-          text run at (0,155) width 48: "submit "
-        RenderButton {INPUT} at (47,156) size 54x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 37x13
-            RenderText at (0,0) size 37x13
-              text run at (0,0) width 37: "Submit"
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (100,155) size 1x18
-        RenderText {#text} at (0,174) size 51x18
-          text run at (0,174) width 51: "isindex "
-        RenderTextControl {INPUT} at (50,174) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (197,174) size 1x18
-        RenderText {#text} at (0,193) size 65x18
-          text run at (0,193) width 65: "password "
-        RenderTextControl {INPUT} at (64,193) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x13
-            RenderBlock {DIV} at (0,0) size 141x13
-        RenderText {#text} at (0,0) size 0x0
-        RenderBR {BR} at (211,193) size 1x18
-        RenderText {#text} at (0,212) size 45x18
-          text run at (0,212) width 45: "search "
-        RenderTextControl {INPUT} at (44,212) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-layer at (48,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (39,48) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (61,203) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (75,222) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-layer at (64,241) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-preventDefault-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-preventDefault-expected.txt
deleted file mode 100644
index 962fa097c9826..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-preventDefault-expected.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBR {BR} at (0,0) size 0x18
-      RenderText {#text} at (0,18) size 681x18
-        text run at (0,18) width 681: "This tests that preventDefault called onmousedown will prevent a caret from being placed in the text field."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (10,50) size 147x19
-  RenderTextControl {INPUT} at (10,50) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (13,53) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 126x13
-      text run at (0,0) width 126: "No caret should be here"
-layer at (10,70) size 328x36
-  RenderBlock (positioned) {DIV} at (10,70) size 328x36
-    RenderBR {BR} at (0,0) size 0x18
-    RenderText {#text} at (0,18) size 328x18
-      text run at (0,18) width 328: "mousedown on target [object HTMLInputElement]"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-selection-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-selection-expected.txt
deleted file mode 100644
index 66b5c8b176898..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-selection-expected.txt
+++ /dev/null
@@ -1,82 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 343x18
-          text run at (0,0) width 343: "This tests the selection methods on the new text field."
-      RenderBlock {P} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,69) size 784x486
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 200x18
-          text run at (0,18) width 200: "Test 1: setSelectionRange(0, 0)"
-        RenderBR {BR} at (199,18) size 1x18
-        RenderText {#text} at (0,36) size 48x18
-          text run at (0,36) width 48: "Passed."
-        RenderBR {BR} at (47,36) size 1x18
-        RenderBR {BR} at (0,54) size 0x18
-        RenderText {#text} at (0,72) size 163x18
-          text run at (0,72) width 163: "Test 2: selectionEnd = 17"
-        RenderBR {BR} at (162,72) size 1x18
-        RenderText {#text} at (0,90) size 48x18
-          text run at (0,90) width 48: "Passed."
-        RenderBR {BR} at (47,90) size 1x18
-        RenderBR {BR} at (0,108) size 0x18
-        RenderText {#text} at (0,126) size 159x18
-          text run at (0,126) width 159: "Test 3: selectionStart = 1"
-        RenderBR {BR} at (158,126) size 1x18
-        RenderText {#text} at (0,144) size 48x18
-          text run at (0,144) width 48: "Passed."
-        RenderBR {BR} at (47,144) size 1x18
-        RenderBR {BR} at (0,162) size 0x18
-        RenderText {#text} at (0,180) size 208x18
-          text run at (0,180) width 208: "Test 4: setSelectionRange(10, 3)"
-        RenderBR {BR} at (207,180) size 1x18
-        RenderText {#text} at (0,198) size 48x18
-          text run at (0,198) width 48: "Passed."
-        RenderBR {BR} at (47,198) size 1x18
-        RenderBR {BR} at (0,216) size 0x18
-        RenderText {#text} at (0,234) size 155x18
-          text run at (0,234) width 155: "Test 5: selectionEnd = 2"
-        RenderBR {BR} at (154,234) size 1x18
-        RenderText {#text} at (0,252) size 48x18
-          text run at (0,252) width 48: "Passed."
-        RenderBR {BR} at (47,252) size 1x18
-        RenderBR {BR} at (0,270) size 0x18
-        RenderText {#text} at (0,288) size 200x18
-          text run at (0,288) width 200: "Test 6: setSelectionRange(5, 4)"
-        RenderBR {BR} at (199,288) size 1x18
-        RenderText {#text} at (0,306) size 48x18
-          text run at (0,306) width 48: "Passed."
-        RenderBR {BR} at (47,306) size 1x18
-        RenderBR {BR} at (0,324) size 0x18
-        RenderText {#text} at (0,342) size 211x18
-          text run at (0,342) width 211: "Test 7: setSelectionRange(-5, -4)"
-        RenderBR {BR} at (210,342) size 1x18
-        RenderText {#text} at (0,360) size 48x18
-          text run at (0,360) width 48: "Passed."
-        RenderBR {BR} at (47,360) size 1x18
-        RenderBR {BR} at (0,378) size 0x18
-        RenderText {#text} at (0,396) size 214x18
-          text run at (0,396) width 214: "Test 8: setSelectionRange(-5, 80)"
-        RenderBR {BR} at (213,396) size 1x18
-        RenderText {#text} at (0,414) size 48x18
-          text run at (0,414) width 48: "Passed."
-        RenderBR {BR} at (47,414) size 1x18
-        RenderBR {BR} at (0,432) size 0x18
-        RenderText {#text} at (0,450) size 208x18
-          text run at (0,450) width 208: "Test 9: setSelectionRange(3, 12)"
-        RenderBR {BR} at (207,450) size 1x18
-        RenderText {#text} at (0,468) size 48x18
-          text run at (0,468) width 48: "Passed."
-        RenderBR {BR} at (47,468) size 1x18
-      RenderBlock {P} at (0,571) size 784x0
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 133x13
-      text run at (0,0) width 133: "123456789 ABCDEFGHIJ"
-selection start: position 3 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {P} of body
-selection end:   position 12 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {P} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-expected.txt
deleted file mode 100644
index 7d7e519ecf7aa..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-expected.txt
+++ /dev/null
@@ -1,207 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 245x18
-          text run at (0,0) width 245: "Test appearances of outer-spin-button."
-      RenderBlock {DIV} at (0,34) size 784x0
-      RenderBlock {DIV} at (0,34) size 784x464
-        RenderTable {TABLE} at (0,0) size 489x464
-          RenderTableSection {TBODY} at (0,0) size 489x464
-            RenderTableRow {TR} at (0,2) size 489x460
-              RenderTableCell {TD} at (2,71) size 194x322 [r=0 c=0 rs=1 cs=1]
-                RenderBlock {DIV} at (1,70) size 192x32
-                  RenderTextControl {INPUT} at (0,0) size 112x16 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (111,-3) size 1x18
-                  RenderTextControl {INPUT} at (0,16) size 112x16 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 106x16
-                      RenderBlock {DIV} at (0,2) size 93x11
-                RenderBlock {DIV} at (1,102) size 192x34
-                  RenderTextControl {INPUT} at (0,0) size 124x17 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (123,-2) size 1x18
-                  RenderTextControl {INPUT} at (0,17) size 124x17 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 118x15
-                      RenderBlock {DIV} at (0,2) size 105x11
-                RenderBlock {DIV} at (1,136) size 192x36
-                  RenderTextControl {INPUT} at (0,0) size 136x18 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (135,-1) size 1x18
-                  RenderTextControl {INPUT} at (0,18) size 136x18 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 130x16
-                      RenderBlock {DIV} at (0,1) size 117x13
-                RenderBlock {DIV} at (1,172) size 192x38
-                  RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (146,0) size 1x18
-                  RenderTextControl {INPUT} at (0,19) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 141x17
-                      RenderBlock {DIV} at (0,1) size 128x14
-                RenderBlock {DIV} at (1,210) size 192x42
-                  RenderTextControl {INPUT} at (0,0) size 159x21 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (158,1) size 1x18
-                  RenderTextControl {INPUT} at (0,21) size 159x21 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 153x19
-                      RenderBlock {DIV} at (0,1) size 140x16
-                RenderBlock {DIV} at (1,252) size 192x44
-                  RenderTextControl {INPUT} at (0,0) size 170x22 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (169,2) size 1x18
-                  RenderTextControl {INPUT} at (0,22) size 170x22 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 164x20
-                      RenderBlock {DIV} at (0,1) size 149x17
-                RenderBlock {DIV} at (1,296) size 192x46
-                  RenderTextControl {INPUT} at (0,0) size 181x23 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (180,3) size 1x18
-                  RenderTextControl {INPUT} at (0,23) size 181x23 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,1) size 175x21
-                      RenderBlock {DIV} at (0,2) size 160x17
-                RenderBlock {DIV} at (1,342) size 192x48
-                  RenderTextControl {INPUT} at (0,0) size 192x24 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (191,4) size 1x18
-                  RenderTextControl {INPUT} at (0,24) size 192x24 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 186x24
-                      RenderBlock {DIV} at (0,2) size 171x19
-              RenderTableCell {TD} at (197,2) size 290x460 [r=0 c=1 rs=1 cs=1]
-                RenderBlock {DIV} at (1,1) size 288x48
-                  RenderTextControl {INPUT} at (0,0) size 203x24 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (202,4) size 1x18
-                  RenderTextControl {INPUT} at (0,24) size 203x24 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 197x24
-                      RenderBlock {DIV} at (0,3) size 182x18
-                RenderBlock {DIV} at (1,49) size 288x52
-                  RenderTextControl {INPUT} at (0,0) size 213x26 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (212,5) size 1x18
-                  RenderTextControl {INPUT} at (0,26) size 213x26 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 207x26
-                      RenderBlock {DIV} at (0,2) size 192x21
-                RenderBlock {DIV} at (1,101) size 288x54
-                  RenderTextControl {INPUT} at (0,0) size 225x27 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (224,6) size 1x18
-                  RenderTextControl {INPUT} at (0,27) size 225x27 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 219x27
-                      RenderBlock {DIV} at (0,3) size 200x21
-                RenderBlock {DIV} at (1,155) size 288x56
-                  RenderTextControl {INPUT} at (0,0) size 237x28 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (236,7) size 1x18
-                  RenderTextControl {INPUT} at (0,28) size 237x28 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 231x28
-                      RenderBlock {DIV} at (0,3) size 212x22
-                RenderBlock {DIV} at (1,211) size 288x58
-                  RenderTextControl {INPUT} at (0,0) size 248x29 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (247,8) size 1x18
-                  RenderTextControl {INPUT} at (0,29) size 248x29 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 242x29
-                      RenderBlock {DIV} at (0,3) size 223x23
-                RenderBlock {DIV} at (1,269) size 288x60
-                  RenderTextControl {INPUT} at (0,0) size 261x30 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (260,9) size 1x18
-                  RenderTextControl {INPUT} at (0,30) size 261x30 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 255x30
-                      RenderBlock {DIV} at (0,3) size 236x24
-                RenderBlock {DIV} at (1,329) size 288x64
-                  RenderTextControl {INPUT} at (0,0) size 274x32 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (273,10) size 1x18
-                  RenderTextControl {INPUT} at (0,32) size 274x32 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 268x32
-                      RenderBlock {DIV} at (0,3) size 249x26
-                RenderBlock {DIV} at (1,393) size 288x66
-                  RenderTextControl {INPUT} at (0,0) size 288x33 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderBR {BR} at (287,11) size 1x18
-                  RenderTextControl {INPUT} at (0,33) size 288x33 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                    RenderFlexibleBox {DIV} at (3,0) size 282x33
-                      RenderBlock {DIV} at (0,3) size 263x27
-layer at (14,117) size 106x10
-  RenderBlock {DIV} at (3,3) size 106x10
-layer at (14,133) size 93x10
-  RenderBlock {DIV} at (0,0) size 93x10
-layer at (14,149) size 118x11
-  RenderBlock {DIV} at (3,3) size 118x11
-layer at (14,166) size 105x11
-  RenderBlock {DIV} at (0,0) size 105x11
-layer at (14,183) size 129x12
-  RenderBlock {DIV} at (3,3) size 130x12
-layer at (14,201) size 116x12
-  RenderBlock {DIV} at (0,0) size 117x12
-layer at (14,219) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (14,238) size 128x13
-  RenderBlock {DIV} at (0,0) size 128x13
-layer at (14,257) size 152x15
-  RenderBlock {DIV} at (3,3) size 153x15
-layer at (14,278) size 139x15
-  RenderBlock {DIV} at (0,0) size 140x15
-layer at (14,299) size 163x16
-  RenderBlock {DIV} at (3,3) size 164x16
-layer at (14,321) size 148x16
-  RenderBlock {DIV} at (0,0) size 149x16
-layer at (14,343) size 174x17
-  RenderBlock {DIV} at (3,3) size 175x17
-layer at (14,366) size 159x17
-  RenderBlock {DIV} at (0,0) size 160x17
-layer at (14,389) size 185x18
-  RenderBlock {DIV} at (3,3) size 186x18
-layer at (14,413) size 170x18
-  RenderBlock {DIV} at (0,0) size 171x18
-layer at (209,48) size 196x18
-  RenderBlock {DIV} at (3,3) size 197x18
-layer at (209,72) size 181x18
-  RenderBlock {DIV} at (0,0) size 182x18
-layer at (209,96) size 207x20
-  RenderBlock {DIV} at (3,3) size 207x20
-layer at (209,122) size 192x20
-  RenderBlock {DIV} at (0,0) size 192x20
-layer at (209,148) size 219x21
-  RenderBlock {DIV} at (3,3) size 219x21
-layer at (209,175) size 200x21
-  RenderBlock {DIV} at (0,0) size 200x21
-layer at (209,202) size 231x22
-  RenderBlock {DIV} at (3,3) size 231x22
-layer at (209,230) size 212x22
-  RenderBlock {DIV} at (0,0) size 212x22
-layer at (209,258) size 242x23
-  RenderBlock {DIV} at (3,3) size 242x23
-layer at (209,287) size 223x23
-  RenderBlock {DIV} at (0,0) size 223x23
-layer at (209,316) size 255x24
-  RenderBlock {DIV} at (3,3) size 255x24
-layer at (209,346) size 236x24
-  RenderBlock {DIV} at (0,0) size 236x24
-layer at (209,376) size 268x26
-  RenderBlock {DIV} at (3,3) size 268x26
-layer at (209,408) size 249x26
-  RenderBlock {DIV} at (0,0) size 249x26
-layer at (209,440) size 281x27
-  RenderBlock {DIV} at (3,3) size 282x27
-layer at (209,473) size 262x27
-  RenderBlock {DIV} at (0,0) size 263x27
-layer at (107,131) size 13x15
-  RenderBlock (relative positioned) {DIV} at (92,0) size 14x15
-layer at (119,164) size 13x15
-  RenderBlock (relative positioned) {DIV} at (104,0) size 14x15
-layer at (130,200) size 13x15
-  RenderBlock (relative positioned) {DIV} at (116,0) size 14x15
-layer at (142,236) size 13x17
-  RenderBlock (relative positioned) {DIV} at (127,0) size 14x17
-layer at (153,277) size 13x18
-  RenderBlock (relative positioned) {DIV} at (139,0) size 14x18
-layer at (162,319) size 15x20
-  RenderBlock (relative positioned) {DIV} at (148,0) size 16x20
-layer at (173,364) size 15x21
-  RenderBlock (relative positioned) {DIV} at (159,0) size 16x21
-layer at (184,411) size 15x23
-  RenderBlock (relative positioned) {DIV} at (170,0) size 16x23
-layer at (391,69) size 15x24
-  RenderBlock (relative positioned) {DIV} at (181,0) size 16x24
-layer at (401,119) size 15x26
-  RenderBlock (relative positioned) {DIV} at (191,0) size 16x26
-layer at (409,172) size 19x27
-  RenderBlock (relative positioned) {DIV} at (199,0) size 20x27
-layer at (421,227) size 19x28
-  RenderBlock (relative positioned) {DIV} at (211,-1) size 20x30
-layer at (432,284) size 19x30
-  RenderBlock (relative positioned) {DIV} at (222,-1) size 20x31
-layer at (445,342) size 19x32
-  RenderBlock (relative positioned) {DIV} at (235,-1) size 20x32
-layer at (458,405) size 19x33
-  RenderBlock (relative positioned) {DIV} at (248,-1) size 20x34
-layer at (472,469) size 19x35
-  RenderBlock (relative positioned) {DIV} at (262,-1) size 20x35
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-up-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-up-expected.txt
deleted file mode 100644
index 494920be1fc8e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-spinbutton-up-expected.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 439x18
-          text run at (0,0) width 439: "Test appearances of outer-spin-button with its up button highlighted."
-      RenderBlock {DIV} at (0,34) size 784x0
-      RenderBlock (anonymous) at (0,34) size 784x27
-        RenderTextControl {INPUT} at (0,0) size 225x27 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 219x27
-            RenderBlock {DIV} at (0,3) size 200x21
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,45) size 200x21
-  RenderBlock {DIV} at (0,0) size 200x21
-    RenderText {#text} at (0,0) size 8x21
-      text run at (0,0) width 8: "1"
-layer at (211,42) size 19x27
-  RenderBlock (relative positioned) {DIV} at (199,0) size 20x27
-caret: position 1 of child 0 {#text} of child 0 {DIV} of child 0 {DIV} of child 0 {DIV} of {#document-fragment} of child 5 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-visibility-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-visibility-expected.txt
deleted file mode 100644
index fb0f46bcd9739..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-visibility-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 491x18
-          text run at (0,0) width 491: "This tests that the value becomes visible when the text field becomes visible."
-      RenderBlock {P} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,69) size 784x0
-      RenderBlock {P} at (0,69) size 784x0
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 63x13
-      text run at (0,0) width 63: "Test Passed"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-width-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-width-expected.txt
deleted file mode 100644
index bb3ccabe124cc..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-appearance-width-expected.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 352x18
-        text run at (0,0) width 352: "This tests that the new text fields use the correct width."
-      RenderBR {BR} at (351,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (146,18) size 1x18
-      RenderTextControl {INPUT} at (0,37) size 200x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (200,37) size 0x18
-      RenderTextControl {INPUT} at (0,56) size 357x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (356,56) size 1x18
-      RenderTextControl {INPUT} at (0,75) size 200x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (200,75) size 0x18
-      RenderTextControl {INPUT} at (0,94) size 77x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (76,94) size 1x18
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (11,48) size 194x13
-  RenderBlock {DIV} at (3,3) size 194x13
-    RenderText {#text} at (0,0) size 101x13
-      text run at (0,0) width 101: "styled width 200px"
-layer at (11,67) size 351x13
-  RenderBlock {DIV} at (3,3) size 351x13
-    RenderText {#text} at (0,0) size 38x13
-      text run at (0,0) width 38: "size 50"
-layer at (11,86) size 194x13
-  RenderBlock {DIV} at (3,3) size 194x13
-    RenderText {#text} at (0,0) size 155x13
-      text run at (0,0) width 155: "styled width 200px & size=10"
-layer at (11,105) size 71x13
-  RenderBlock {DIV} at (3,3) size 71x13
-    RenderText {#text} at (0,0) size 37x13
-      text run at (0,0) width 37: "size 10"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-baseline-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-baseline-expected.txt
deleted file mode 100644
index 00619b46f7b36..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-baseline-expected.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 298x18
-        text run at (0,0) width 298: "This tests that text fields get the right baseline."
-      RenderBR {BR} at (297,0) size 1x18
-      RenderBR {BR} at (0,18) size 0x18
-      RenderTextControl {INPUT} at (0,36) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,36) size 431x18
-        text run at (146,36) width 431: "This text should line up with the bottom of the text in the text field."
-      RenderBR {BR} at (576,36) size 1x18
-      RenderBR {BR} at (0,55) size 0x18
-      RenderTextControl {INPUT} at (0,73) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,73) size 431x18
-        text run at (146,73) width 431: "This text should line up with the bottom of the text in the text field."
-layer at (11,47) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (11,84) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-disabled-color-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-disabled-color-expected.txt
deleted file mode 100644
index 7bffa8b32f5cc..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-disabled-color-expected.txt
+++ /dev/null
@@ -1,190 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 521x18
-        text run at (0,0) width 521: "This tests that the text color changes appropriately when the text field is disabled."
-      RenderBR {BR} at (520,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 146x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (145,18) size 5x18
-        text run at (145,18) width 5: " "
-      RenderTextControl {INPUT} at (149,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,18) size 1x18
-      RenderTextControl {INPUT} at (0,37) size 146x19 [color=#FF0000] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (145,37) size 5x18
-        text run at (145,37) width 5: " "
-      RenderTextControl {INPUT} at (149,37) size 148x19 [color=#FF0000] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,37) size 1x18
-      RenderTextControl {INPUT} at (0,56) size 146x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#0000FF] [border: (2px inset #808080)]
-      RenderText {#text} at (145,56) size 5x18
-        text run at (145,56) width 5: " "
-      RenderTextControl {INPUT} at (149,56) size 148x19 [bgcolor=#0000FF] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,56) size 1x18
-      RenderTextControl {INPUT} at (0,75) size 146x19 [color=#FF0000] [bgcolor=#0000FF] [border: (2px inset #808080)]
-      RenderText {#text} at (145,75) size 5x18
-        text run at (145,75) width 5: " "
-      RenderTextControl {INPUT} at (149,75) size 148x19 [color=#FF0000] [bgcolor=#0000FF] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,75) size 1x18
-      RenderTextControl {INPUT} at (0,94) size 146x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderText {#text} at (145,94) size 5x18
-        text run at (145,94) width 5: " "
-      RenderTextControl {INPUT} at (149,94) size 148x19 [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,94) size 1x18
-      RenderTextControl {INPUT} at (0,113) size 146x19 [color=#FFFFFF] [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderText {#text} at (145,113) size 5x18
-        text run at (145,113) width 5: " "
-      RenderTextControl {INPUT} at (149,113) size 148x19 [color=#FFFFFF] [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,113) size 1x18
-      RenderTextControl {INPUT} at (0,132) size 146x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#808080] [border: (2px inset #808080)]
-      RenderText {#text} at (145,132) size 5x18
-        text run at (145,132) width 5: " "
-      RenderTextControl {INPUT} at (149,132) size 148x19 [bgcolor=#808080] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,132) size 1x18
-      RenderTextControl {INPUT} at (0,151) size 146x19 [color=#FFFFFF] [bgcolor=#A9A9A9] [border: (2px inset #808080)]
-      RenderText {#text} at (145,151) size 5x18
-        text run at (145,151) width 5: " "
-      RenderTextControl {INPUT} at (149,151) size 148x19 [color=#FFFFFF] [bgcolor=#A9A9A9] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,151) size 1x18
-      RenderTextControl {INPUT} at (0,170) size 146x19 [color=#808080] [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderText {#text} at (145,170) size 5x18
-        text run at (145,170) width 5: " "
-      RenderTextControl {INPUT} at (149,170) size 148x19 [color=#808080] [bgcolor=#000000] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,170) size 1x18
-      RenderTextControl {INPUT} at (0,189) size 146x19 [color=#FF0000] [bgcolor=#808080] [border: (2px inset #808080)]
-      RenderText {#text} at (145,189) size 5x18
-        text run at (145,189) width 5: " "
-      RenderTextControl {INPUT} at (149,189) size 148x19 [color=#FF0000] [bgcolor=#808080] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,189) size 1x18
-      RenderTextControl {INPUT} at (0,208) size 146x19 [color=#808080] [bgcolor=#FF0000] [border: (2px inset #808080)]
-      RenderText {#text} at (145,208) size 5x18
-        text run at (145,208) width 5: " "
-      RenderTextControl {INPUT} at (149,208) size 148x19 [color=#808080] [bgcolor=#FF0000] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,208) size 1x18
-      RenderTextControl {INPUT} at (0,227) size 146x19 [color=#FF0000] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (145,227) size 5x18
-        text run at (145,227) width 5: " "
-      RenderTextControl {INPUT} at (149,227) size 148x19 [color=#FF0000] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,227) size 1x18
-      RenderTextControl {INPUT} at (0,246) size 146x19 [color=#FF0000] [border: (2px inset #808080)]
-      RenderText {#text} at (145,246) size 5x18
-        text run at (145,246) width 5: " "
-      RenderTextControl {INPUT} at (149,246) size 148x19 [color=#FF0000] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,246) size 1x18
-      RenderTextControl {INPUT} at (0,265) size 146x19 [color=#ACACAC] [bgcolor=#F2F2F2] [border: (2px inset #808080)]
-      RenderText {#text} at (145,265) size 5x18
-        text run at (145,265) width 5: " "
-      RenderTextControl {INPUT} at (149,265) size 148x19 [color=#ACACAC] [bgcolor=#F2F2F2] [border: (2px inset #808080)]
-      RenderBR {BR} at (296,265) size 1x18
-layer at (11,29) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,29) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,48) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,48) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,67) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,67) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,86) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,86) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,105) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,105) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,124) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,124) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,143) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,143) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,162) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,162) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,181) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,181) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,200) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,200) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,219) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,219) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,238) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,238) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,257) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,257) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
-layer at (11,276) size 140x13 scrollWidth 343
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (0,0) size 344x13
-      text run at (0,0) width 344: "The text in this disabled field should displayed as dimmed or grey"
-layer at (161,276) size 141x13 scrollWidth 152
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 151x13
-      text run at (0,0) width 151: "This text field is not disabled"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-double-click-selection-gap-bug-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-double-click-selection-gap-bug-expected.txt
deleted file mode 100644
index 31592204b50ab..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-double-click-selection-gap-bug-expected.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x546
-  RenderBlock {HTML} at (0,0) size 800x546
-    RenderBody {BODY} at (8,16) size 784x522
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 421x18
-          text run at (0,0) width 331: "The top table was resized while the field\x{2019}s contents "
-          text run at (330,0) width 91: "were selected."
-      RenderTable {TABLE} at (0,34) size 191x244
-        RenderTableSection {TBODY} at (0,0) size 191x244
-          RenderTableRow {TR} at (0,2) size 191x240
-            RenderTableCell {TD} at (2,92) size 187x60 [bgcolor=#90EE90] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (20,110) size 147x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderText {#text} at (0,0) size 0x0
-      RenderTable {TABLE} at (0,278) size 191x244
-        RenderTableSection {TBODY} at (0,0) size 191x244
-          RenderTableRow {TR} at (0,2) size 191x240
-            RenderTableCell {TD} at (2,92) size 187x60 [bgcolor=#90EE90] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (20,110) size 147x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderText {#text} at (0,0) size 0x0
-layer at (33,166) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 38x13
-      text run at (0,0) width 38: "foo bar"
-layer at (33,410) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 38x13
-      text run at (0,0) width 38: "foo bar"
-selection start: position 0 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {TD} of child 0 {TR} of child 1 {TBODY} of child 3 {TABLE} of body
-selection end:   position 7 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {TD} of child 0 {TR} of child 1 {TBODY} of child 3 {TABLE} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-1-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-1-expected.txt
deleted file mode 100644
index 232d8411978fa..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-1-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 347x18
-          text run at (0,0) width 347: "Focus the field, focus away, then focus the field again."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "Placeholder"
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 1 {DIV} of {#document-fragment} of child 1 {INPUT} of child 3 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-3-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-3-expected.txt
deleted file mode 100644
index 23f867c9f2366..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-placeholder-visibility-3-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 390x18
-          text run at (0,0) width 390: "Focus field with a placeholder, then type, then delete all text."
-      RenderBlock {DIV} at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "Placeholder"
-layer at (11,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderBR {BR} at (0,0) size 0x13
-caret: position 0 of child 0 {BR} of child 1 {DIV} of {#document-fragment} of child 1 {INPUT} of child 3 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-spaces-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-spaces-expected.txt
deleted file mode 100644
index c9198e5951ddc..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-spaces-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 769x36
-        text run at (0,0) width 769: "This tests that leading and trailing spaces in a text field don't get lost. There should be 3 spaces before and 3 spaces after"
-        text run at (0,18) width 124: "the text in the field."
-      RenderBR {BR} at (123,18) size 1x18
-      RenderTextControl {INPUT} at (0,36) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,47) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 57x13
-      text run at (0,0) width 57: "   foo bar   "
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-table-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-table-expected.txt
deleted file mode 100644
index f8b2afaf0ea0c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-table-expected.txt
+++ /dev/null
@@ -1,98 +0,0 @@
-layer at (0,0) size 785x677
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x677
-  RenderBlock {HTML} at (0,0) size 785x677
-    RenderBody {BODY} at (8,8) size 769x661
-      RenderBlock (anonymous) at (0,0) size 769x18
-        RenderText {#text} at (0,0) size 252x18
-          text run at (0,0) width 252: "This tests minMaxWidth for text fields."
-      RenderBlock {P} at (0,34) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 1"
-      RenderTable {TABLE} at (0,68) size 118x37 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 112x31
-          RenderTableRow {TR} at (0,2) size 112x27
-            RenderTableCell {TD} at (2,2) size 108x27 [border: (3px solid #FF0000)] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 100x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,121) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 2"
-      RenderTable {TABLE} at (0,155) size 167x66 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 161x60
-          RenderTableRow {TR} at (0,2) size 161x27
-            RenderTableCell {TD} at (2,5) size 47x21 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,4) size 25x19
-                text run at (1,1) width 25: "first"
-            RenderTableCell {TD} at (50,2) size 109x27 [border: (3px solid #FF0000)] [r=0 c=1 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 100x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderTableRow {TR} at (0,31) size 161x27
-            RenderTableCell {TD} at (2,34) size 47x21 [r=1 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,4) size 45x19
-                text run at (1,1) width 45: "second"
-            RenderTableCell {TD} at (50,31) size 109x27 [border: (3px solid #FF0000)] [r=1 c=1 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 100x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,237) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 3"
-      RenderTable {TABLE} at (0,271) size 55x73 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 49x67
-          RenderTableRow {TR} at (0,2) size 49x63
-            RenderTableCell {TD} at (2,2) size 45x63 [border: (3px solid #FF0000)] [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (4,4) size 37x36
-                text run at (4,4) width 37: "width"
-                text run at (4,22) width 32: "30px"
-              RenderTextControl {INPUT} at (4,40) size 30x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,360) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 4"
-      RenderTable {TABLE} at (0,394) size 218x65 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 212x59
-          RenderTableRow {TR} at (0,2) size 212x27
-            RenderTableCell {TD} at (2,2) size 208x27 [border: (3px solid #FF0000)] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 200x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderTableRow {TR} at (0,31) size 212x26
-            RenderTableCell {TD} at (2,31) size 208x26 [border: (3px solid #FF0000)] [r=1 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (4,4) size 200x18
-                RenderText {#text} at (0,0) size 40x18
-                  text run at (0,0) width 40: "200px"
-      RenderBlock {P} at (0,475) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 5"
-      RenderTable {TABLE} at (0,509) size 88x37 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 82x31
-          RenderTableRow {TR} at (0,2) size 82x27
-            RenderTableCell {TD} at (2,2) size 78x27 [border: (3px solid #FF0000)] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 70x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,562) size 769x18
-        RenderText {#text} at (0,0) size 70x18
-          text run at (0,0) width 70: "Test case 6"
-      RenderTable {TABLE} at (0,596) size 165x65 [border: (3px solid #0000FF)]
-        RenderTableSection {TBODY} at (3,3) size 159x59
-          RenderTableRow {TR} at (0,2) size 159x27
-            RenderTableCell {TD} at (2,2) size 155x27 [border: (3px solid #FF0000)] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (4,4) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderTableRow {TR} at (0,31) size 159x26
-            RenderTableCell {TD} at (2,31) size 155x26 [border: (3px solid #FF0000)] [r=1 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (4,4) size 70x18
-                RenderText {#text} at (0,0) size 32x18
-                  text run at (0,0) width 32: "70px"
-layer at (20,88) size 94x13
-  RenderBlock {DIV} at (3,3) size 94x13
-layer at (68,175) size 94x13
-  RenderBlock {DIV} at (3,3) size 94x13
-layer at (68,204) size 94x13
-  RenderBlock {DIV} at (3,3) size 94x13
-layer at (20,327) size 24x13
-  RenderBlock {DIV} at (3,3) size 24x13
-layer at (20,414) size 194x13
-  RenderBlock {DIV} at (3,3) size 194x13
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "width 100%"
-layer at (20,529) size 64x13
-  RenderBlock {DIV} at (3,3) size 64x13
-    RenderText {#text} at (0,0) size 51x13
-      text run at (0,0) width 51: "max 70px"
-layer at (20,616) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 88x13
-      text run at (0,0) width 88: "min-width 100px"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-inside-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-inside-expected.txt
deleted file mode 100644
index 4563c018c70cd..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-inside-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {DIV} at (0,0) size 425x75 [bgcolor=#FFFF00]
-        RenderTextControl {INPUT} at (25,25) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,91) size 784x36
-        RenderText {#text} at (0,0) size 759x36
-          text run at (0,0) width 759: "This test clicks inside an input element, and must result in the element receiving focus. If the test succeeds the element"
-          text run at (0,18) width 161: "should have a focus ring."
-layer at (36,36) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of child 0 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-outside-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-outside-expected.txt
deleted file mode 100644
index 838a72181dc6f..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-click-outside-expected.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {DIV} at (0,0) size 425x75 [bgcolor=#FFFF00]
-        RenderTextControl {INPUT} at (25,25) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,91) size 784x36
-        RenderText {#text} at (0,0) size 737x36
-          text run at (0,0) width 737: "This test clicks outside an input element, and must not result in the element receiving focus. If the test succeeds the"
-          text run at (0,18) width 240: "element should not have a focus ring."
-layer at (36,36) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 1 of child 0 {INPUT} of child 0 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-double-click-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-double-click-expected.txt
deleted file mode 100644
index 156505771dbaa..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-double-click-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,35) size 784x18
-        RenderText {#text} at (0,0) size 575x18
-          text run at (0,0) width 575: "Tests double-clicking on a word. If the test succeeds, the word \"word\" should be selected."
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 70x13
-      text run at (0,0) width 70: "word another"
-selection start: position 0 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
-selection end:   position 4 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-drag-down-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-drag-down-expected.txt
deleted file mode 100644
index 627abc804c065..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-drag-down-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,35) size 784x18
-        RenderText {#text} at (0,0) size 748x18
-          text run at (0,0) width 748: "Tests drag-selecting down. If the test succeeds, the text from the center to the end of the text field should be selected."
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 120x13
-      text run at (0,0) width 120: "This is a bunch of text."
-selection start: position 8 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
-selection end:   position 24 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-option-delete-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-option-delete-expected.txt
deleted file mode 100644
index c82fb22c4b953..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-option-delete-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,35) size 784x18
-        RenderText {#text} at (0,0) size 654x18
-          text run at (0,0) width 654: "Tests option-deleting a word. If the test succeeds, the word \"word\" should end up with a space after it."
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 30x13
-      text run at (0,0) width 30: "word "
-caret: position 5 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-scroll-left-on-blur-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-scroll-left-on-blur-expected.txt
deleted file mode 100644
index e056592cae521..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-scroll-left-on-blur-expected.txt
+++ /dev/null
@@ -1,61 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (296,0) size 5x18
-          text run at (296,0) width 5: " "
-        RenderTextControl {INPUT} at (300,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,35) size 784x36
-        RenderText {#text} at (0,0) size 765x36
-          text run at (0,0) width 765: "Tests scrolling back to the beginning when a text field blurs. The first field should be scrolled to the left, the second and"
-          text run at (0,18) width 164: "third scrolled to the right."
-layer at (11,11) size 141x13 scrollWidth 306
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 306x13
-      text run at (0,0) width 306: "this text field has a lot of text in it so that it needs to scroll"
-layer at (162,11) size 140x13 scrollX 165 scrollWidth 305
-  RenderBlock {DIV} at (3,3) size 140x13
-    RenderText {#text} at (-166,0) size 306x13
-      text run at (-165,0) width 20: "this"
-      text run at (-145,0) width 3: " "
-      text run at (-142,0) width 20: "text"
-      text run at (-122,0) width 3: " "
-      text run at (-119,0) width 23: "field"
-      text run at (-96,0) width 3: " "
-      text run at (-93,0) width 18: "has"
-      text run at (-75,0) width 4: " "
-      text run at (-71,0) width 6: "a"
-      text run at (-65,0) width 3: " "
-      text run at (-62,0) width 13: "lot"
-      text run at (-49,0) width 3: " "
-      text run at (-46,0) width 11: "of"
-      text run at (-35,0) width 3: " "
-      text run at (-32,0) width 20: "text"
-      text run at (-12,0) width 3: " "
-      text run at (-9,0) width 10: "in"
-      text run at (0,0) width 4: " "
-      text run at (3,0) width 8: "it"
-      text run at (10,0) width 4: " "
-      text run at (13,0) width 13: "so"
-      text run at (25,0) width 4: " "
-      text run at (28,0) width 22: "that"
-      text run at (49,0) width 4: " "
-      text run at (52,0) width 8: "it"
-      text run at (59,0) width 4: " "
-      text run at (62,0) width 33: "needs"
-      text run at (94,0) width 4: " "
-      text run at (97,0) width 12: "to"
-      text run at (108,0) width 4: " "
-      text run at (111,0) width 29: "scroll"
-layer at (312,11) size 141x13 scrollX 165 scrollWidth 306
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 306x13
-      text run at (0,0) width 306: "this text field has a lot of text in it so that it needs to scroll"
-caret: position 66 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 4 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-self-emptying-click-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-self-emptying-click-expected.txt
deleted file mode 100644
index 18968c6413e59..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-self-emptying-click-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,35) size 784x36
-        RenderText {#text} at (0,0) size 778x36
-          text run at (0,0) width 778: "Tests clicking on an input element that has a value that self-destructs. If the test succeeds, there should be a blinking caret"
-          text run at (0,18) width 101: "in the text field."
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-text-word-wrap-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-text-word-wrap-expected.txt
deleted file mode 100644
index cdb5ea48a679c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-text-word-wrap-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 117x18
-          text run at (0,0) width 117: "This tests that the "
-        RenderInline {CODE} at (116,2) size 71x15
-          RenderText {#text} at (116,2) size 71x15
-            text run at (116,2) width 71: "word-wrap"
-        RenderText {#text} at (186,0) size 309x18
-          text run at (186,0) width 309: " property is ignored for single-line text controls."
-      RenderBlock (anonymous) at (0,34) size 784x33
-        RenderTextControl {INPUT} at (0,0) size 147x33 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,52) size 141x13 scrollWidth 255
-  RenderBlock {DIV} at (3,10) size 141x13
-    RenderText {#text} at (0,0) size 255x13
-      text run at (0,0) width 255: "This sentence should not wrap into the next line."
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-type-text-min-width-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-type-text-min-width-expected.txt
deleted file mode 100644
index 07d02aa31514b..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-type-text-min-width-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 783x36
-        text run at (0,0) width 783: "This test checks if correct min width is applied to \"input type=text\". To match IE and Firefox, the input field below should"
-        text run at (0,18) width 624: "show \"1987\", with the 7 slightly truncated. See https://bugs.webkit.org/show_bug.cgi?id=15312 ."
-      RenderBR {BR} at (623,18) size 1x18
-      RenderTextControl {INPUT} at (0,36) size 14x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,47) size 8x13 scrollWidth 40
-  RenderBlock {DIV} at (3,3) size 8x13
-    RenderText {#text} at (0,0) size 40x13
-      text run at (0,0) width 40: "198765"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-value-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-value-expected.txt
deleted file mode 100644
index 3a04c3f59361d..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-value-expected.txt
+++ /dev/null
@@ -1,225 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 765x36
-          text run at (0,0) width 765: "Results that match WinIE are two columns on the right that say \"after\" every time, except for the last row which should"
-          text run at (0,18) width 196: "have nothing in either column."
-      RenderBlock {P} at (0,52) size 784x18
-        RenderText {#text} at (0,0) size 725x18
-          text run at (0,0) width 725: "Results that match Gecko are like WinIE, but with \"before\" for the attribute in the first two rows and the last row."
-      RenderBlock {FORM} at (0,96) size 784x337
-        RenderTable {TABLE} at (0,0) size 766x337
-          RenderTableSection {THEAD} at (0,0) size 766x24
-            RenderTableRow {TR} at (0,2) size 766x20
-              RenderTableCell {TH} at (2,2) size 392x20 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 57x18
-                  text run at (1,1) width 57: "test case"
-              RenderTableCell {TH} at (395,2) size 241x20 [r=0 c=1 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 92x18
-                  text run at (1,1) width 92: "form element"
-              RenderTableCell {TH} at (637,2) size 63x20 [r=0 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 61x18
-                  text run at (1,1) width 61: "property"
-              RenderTableCell {TH} at (701,2) size 63x20 [r=0 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 61x18
-                  text run at (1,1) width 61: "attribute"
-          RenderTableSection {TBODY} at (0,24) size 766x313
-            RenderTableRow {TR} at (0,0) size 766x21
-              RenderTableCell {TD} at (2,0) size 392x21 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 211x19
-                  text run at (1,1) width 211: "text with value property changed"
-              RenderTableCell {TD} at (395,0) size 241x21 [r=0 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderTableCell {TD} at (637,0) size 63x21 [r=0 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,0) size 63x21 [r=0 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 41x19
-                  text run at (1,1) width 41: "before"
-            RenderTableRow {TR} at (0,23) size 766x21
-              RenderTableCell {TD} at (2,23) size 392x21 [r=1 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 248x19
-                  text run at (1,1) width 248: "password with value property changed"
-              RenderTableCell {TD} at (395,23) size 241x21 [r=1 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderFlexibleBox {DIV} at (3,3) size 141x13
-                    RenderBlock {DIV} at (0,0) size 141x13
-              RenderTableCell {TD} at (637,23) size 63x21 [r=1 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,23) size 63x21 [r=1 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 41x19
-                  text run at (1,1) width 41: "before"
-            RenderTableRow {TR} at (0,46) size 766x20
-              RenderTableCell {TD} at (2,46) size 392x20 [r=2 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 252x18
-                  text run at (1,1) width 252: "check box with value property changed"
-              RenderTableCell {TD} at (395,46) size 241x20 [r=2 c=1 rs=1 cs=1]
-                RenderBlock {INPUT} at (3,4) size 12x12
-              RenderTableCell {TD} at (637,46) size 63x20 [r=2 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,46) size 63x20 [r=2 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,68) size 766x20
-              RenderTableCell {TD} at (2,68) size 392x20 [r=3 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 231x18
-                  text run at (1,1) width 231: "hidden with value property changed"
-              RenderTableCell {TD} at (395,77) size 241x2 [r=3 c=1 rs=1 cs=1]
-              RenderTableCell {TD} at (637,68) size 63x20 [r=3 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,68) size 63x20 [r=3 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,90) size 766x20
-              RenderTableCell {TD} at (2,90) size 392x20 [r=4 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 228x18
-                  text run at (1,1) width 228: "button with value property changed"
-              RenderTableCell {TD} at (395,90) size 241x20 [r=4 c=1 rs=1 cs=1]
-                RenderButton {INPUT} at (1,1) size 41x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 25x13
-                    RenderText at (0,0) size 25x13
-                      text run at (0,0) width 25: "after"
-              RenderTableCell {TD} at (637,90) size 63x20 [r=4 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,90) size 63x20 [r=4 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,112) size 766x20
-              RenderTableCell {TD} at (2,112) size 392x20 [r=5 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 226x18
-                  text run at (1,1) width 226: "image with value property changed"
-              RenderTableCell {TD} at (395,112) size 241x20 [r=5 c=1 rs=1 cs=1]
-                RenderImage {INPUT} at (1,1) size 38x18
-              RenderTableCell {TD} at (637,112) size 63x20 [r=5 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,112) size 63x20 [r=5 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,134) size 766x20
-              RenderTableCell {TD} at (2,134) size 392x20 [r=6 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 220x18
-                  text run at (1,1) width 220: "radio with value property changed"
-              RenderTableCell {TD} at (395,134) size 241x20 [r=6 c=1 rs=1 cs=1]
-                RenderBlock {INPUT} at (3,4) size 12x12
-              RenderTableCell {TD} at (637,134) size 63x20 [r=6 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,134) size 63x20 [r=6 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,156) size 766x21
-              RenderTableCell {TD} at (2,156) size 392x21 [r=7 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 210x19
-                  text run at (1,1) width 210: "text with value attribute changed"
-              RenderTableCell {TD} at (395,156) size 241x21 [r=7 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderTableCell {TD} at (637,156) size 63x21 [r=7 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,156) size 63x21 [r=7 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,179) size 766x20
-              RenderTableCell {TD} at (2,179) size 392x20 [r=8 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 252x18
-                  text run at (1,1) width 252: "check box with value attribute changed"
-              RenderTableCell {TD} at (395,179) size 241x20 [r=8 c=1 rs=1 cs=1]
-                RenderBlock {INPUT} at (3,4) size 12x12
-              RenderTableCell {TD} at (637,179) size 63x20 [r=8 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,179) size 63x20 [r=8 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,201) size 766x20
-              RenderTableCell {TD} at (2,201) size 392x20 [r=9 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 390x18
-                  text run at (1,1) width 390: "text with value property changed, then turned into check box"
-              RenderTableCell {TD} at (395,201) size 241x20 [r=9 c=1 rs=1 cs=1]
-                RenderBlock {INPUT} at (3,4) size 12x12
-              RenderTableCell {TD} at (637,201) size 63x20 [r=9 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,201) size 63x20 [r=9 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,223) size 766x21
-              RenderTableCell {TD} at (2,223) size 392x21 [r=10 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 390x19
-                  text run at (1,1) width 390: "check box with value property changed, then turned into text"
-              RenderTableCell {TD} at (395,223) size 241x21 [r=10 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderTableCell {TD} at (637,223) size 63x21 [r=10 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,223) size 63x21 [r=10 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,246) size 766x20
-              RenderTableCell {TD} at (2,246) size 392x20 [r=11 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 389x18
-                  text run at (1,1) width 389: "text with value attribute changed, then turned into check box"
-              RenderTableCell {TD} at (395,246) size 241x20 [r=11 c=1 rs=1 cs=1]
-                RenderBlock {INPUT} at (3,4) size 12x12
-              RenderTableCell {TD} at (637,246) size 63x20 [r=11 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,246) size 63x20 [r=11 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x18
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,268) size 766x21
-              RenderTableCell {TD} at (2,268) size 392x21 [r=12 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 389x19
-                  text run at (1,1) width 389: "check box with value attribute changed, then turned into text"
-              RenderTableCell {TD} at (395,268) size 241x21 [r=12 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderTableCell {TD} at (637,268) size 63x21 [r=12 c=2 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-              RenderTableCell {TD} at (701,268) size 63x21 [r=12 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 30x19
-                  text run at (1,1) width 30: "after"
-            RenderTableRow {TR} at (0,291) size 766x20
-              RenderTableCell {TD} at (2,291) size 392x20 [r=13 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 208x18
-                  text run at (1,1) width 208: "file with value property changed"
-              RenderTableCell {TD} at (395,291) size 241x20 [r=13 c=1 rs=1 cs=1]
-                RenderFileUploadControl {INPUT} at (1,1) size 238x18 "no file selected"
-                  RenderButton {INPUT} at (0,0) size 78x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 62x13
-                      RenderText at (0,0) size 62x13
-                        text run at (0,0) width 62: "Choose File"
-              RenderTableCell {TD} at (637,300) size 63x2 [r=13 c=2 rs=1 cs=1]
-              RenderTableCell {TD} at (701,291) size 63x20 [r=13 c=3 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 41x18
-                  text run at (1,1) width 41: "before"
-layer at (8,94) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,86) size 784x2 [color=#808080] [border: (1px inset #808080)]
-layer at (407,132) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 34x13
-      text run at (0,0) width 34: "before"
-layer at (407,155) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 42x13
-      text run at (0,0) width 42: "\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}\x{F79A}"
-layer at (407,288) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 25x13
-      text run at (0,0) width 25: "after"
-layer at (407,355) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 25x13
-      text run at (0,0) width 25: "after"
-layer at (407,400) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 25x13
-      text run at (0,0) width 25: "after"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/input-width-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/input-width-expected.txt
deleted file mode 100644
index ff9f326ce9622..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/input-width-expected.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTextControl {INPUT} at (0,0) size 49x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,11) size 43x13
-  RenderBlock {DIV} at (3,3) size 43x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/listbox-bidi-align-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/listbox-bidi-align-expected.txt
deleted file mode 100644
index cebf36eff1550..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/listbox-bidi-align-expected.txt
+++ /dev/null
@@ -1,74 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x396
-  RenderBlock {HTML} at (0,0) size 800x396
-    RenderBody {BODY} at (8,8) size 784x380
-      RenderBlock (anonymous) at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 614x18
-          text run at (0,0) width 614: "This test verifies the visual alignment of items in a select element while changing text direction."
-        RenderBR {BR} at (613,0) size 1x18
-        RenderText {#text} at (0,18) size 438x18
-          text run at (0,18) width 438: "All the items in the following select elements should be left-aligned."
-      RenderTable {TABLE} at (0,36) size 642x96
-        RenderTableSection {TBODY} at (0,0) size 642x96
-          RenderTableRow {TR} at (0,2) size 642x45
-            RenderTableCell {TD} at (2,2) size 153x45 [r=0 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 151x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (157,2) size 163x45 [r=0 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 161x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (322,2) size 153x45 [r=0 c=2 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 151x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (477,2) size 163x45 [r=0 c=3 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 161x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-          RenderTableRow {TR} at (0,49) size 642x45
-            RenderTableCell {TD} at (2,49) size 153x45 [r=1 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 151x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (157,49) size 163x45 [r=1 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 161x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-      RenderBlock (anonymous) at (0,132) size 784x18
-        RenderText {#text} at (0,0) size 447x18
-          text run at (0,0) width 447: "All the items in the following select elements should be right-aligned."
-      RenderTable {TABLE} at (0,150) size 632x96
-        RenderTableSection {TBODY} at (0,0) size 632x96
-          RenderTableRow {TR} at (0,2) size 632x45
-            RenderTableCell {TD} at (2,2) size 160x45 [r=0 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 158x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (164,2) size 151x45 [r=0 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 149x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (317,2) size 160x45 [r=0 c=2 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 158x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (479,2) size 151x45 [r=0 c=3 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 149x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-          RenderTableRow {TR} at (0,49) size 632x45
-            RenderTableCell {TD} at (2,49) size 160x45 [r=1 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 158x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (164,49) size 151x45 [r=1 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 149x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-      RenderBlock (anonymous) at (0,246) size 784x18
-        RenderText {#text} at (0,0) size 456x18
-          text run at (0,0) width 456: "All the items in the following select elements should be center-aligned."
-      RenderTable {TABLE} at (0,264) size 672x49
-        RenderTableSection {TBODY} at (0,0) size 672x49
-          RenderTableRow {TR} at (0,2) size 672x45
-            RenderTableCell {TD} at (2,2) size 170x45 [r=0 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 168x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (174,2) size 161x45 [r=0 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 159x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (337,2) size 170x45 [r=0 c=2 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 168x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (509,2) size 161x45 [r=0 c=3 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 159x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-      RenderBlock (anonymous) at (0,313) size 784x18
-        RenderText {#text} at (0,0) size 296x18
-          text run at (0,0) width 296: "The following tables check mixed alignments."
-      RenderTable {TABLE} at (0,331) size 718x49
-        RenderTableSection {TBODY} at (0,0) size 718x49
-          RenderTableRow {TR} at (0,2) size 718x45
-            RenderTableCell {TD} at (2,2) size 165x45 [r=0 c=0 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 163x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (169,2) size 165x45 [r=0 c=1 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 163x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (336,2) size 189x45 [r=0 c=2 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 187x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-            RenderTableCell {TD} at (527,2) size 189x45 [r=0 c=3 rs=1 cs=1]
-              RenderListBox {SELECT} at (1,1) size 187x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/minWidthPercent-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/minWidthPercent-expected.txt
deleted file mode 100644
index 82b8468aa303f..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/minWidthPercent-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 120x25 [bgcolor=#C3D9FF]
-        RenderTable {TABLE} at (0,0) size 120x25
-          RenderTableSection {TBODY} at (0,0) size 120x25
-            RenderTableRow {TR} at (0,2) size 120x21
-              RenderTableCell {TD} at (2,2) size 116x21 [r=0 c=0 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 114x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (0,0) size 0x0
-layer at (14,14) size 107x13 scrollWidth 112
-  RenderBlock {DIV} at (3,3) size 108x13
-    RenderText {#text} at (0,0) size 111x13
-      text run at (0,0) width 111: "Should fit in blue box"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-rtl-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-rtl-expected.txt
deleted file mode 100644
index e154200ee3fe4..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-rtl-expected.txt
+++ /dev/null
@@ -1,97 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x304
-  RenderBlock {HTML} at (0,0) size 800x304
-    RenderBody {BODY} at (8,16) size 784x272
-      RenderBlock {P} at (0,0) size 784x20
-        RenderTextControl {INPUT} at (638,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,36) size 784x20
-        RenderTextControl {INPUT} at (638,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,72) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,108) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,144) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 141x17
-            RenderBlock {DIV} at (0,1) size 128x14
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,180) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 141x17
-            RenderBlock {DIV} at (0,1) size 128x14
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,216) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,252) size 784x20
-        RenderTextControl {INPUT} at (0,1) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,1) size 140x17
-            RenderBlock {DIV} at (13,1) size 127x14
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (662,20) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (121,0) size 6x13
-      text run at (121,0) width 6: "1"
-layer at (662,56) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (120,0) size 7x13
-      text run at (120,0) width 7: "2"
-layer at (24,92) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (119,0) size 8x13
-      text run at (119,0) width 8: "3"
-layer at (24,128) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (100,0) size 27x13
-      text run at (100,0) width 27: "1234"
-layer at (11,164) size 128x13
-  RenderBlock {DIV} at (0,0) size 128x13
-    RenderText {#text} at (0,0) size 7x13
-      text run at (0,0) width 7: "5"
-layer at (11,200) size 128x13
-  RenderBlock {DIV} at (0,0) size 128x13
-    RenderText {#text} at (0,0) size 8x13
-      text run at (0,0) width 8: "6"
-layer at (24,236) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (120,0) size 7x13
-      text run at (120,0) width 7: "7"
-layer at (24,272) size 127x13
-  RenderBlock {DIV} at (0,0) size 127x13
-    RenderText {#text} at (119,0) size 8x13
-      text run at (119,0) width 8: "8"
-layer at (649,18) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-layer at (649,54) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-layer at (11,90) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-layer at (11,126) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-layer at (139,162) size 13x17
-  RenderBlock (relative positioned) {DIV} at (127,0) size 14x17
-layer at (139,198) size 13x17
-  RenderBlock (relative positioned) {DIV} at (127,0) size 14x17
-layer at (11,234) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-layer at (11,270) size 13x17
-  RenderBlock (relative positioned) {DIV} at (0,0) size 13x17
-caret: position 4 of child 0 {#text} of child 0 {DIV} of child 0 {DIV} of child 0 {DIV} of {#document-fragment} of child 0 {INPUT} of child 6 {P} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt
deleted file mode 100644
index 5cbd6ab05e43d..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 762x36
-          text run at (0,0) width 762: "Test appearances of spin buttons. Disabled state and read-only state should have appearances different from the normal"
-          text run at (0,18) width 34: "state."
-      RenderBlock {DIV} at (0,52) size 784x29
-        RenderInline {LABEL} at (0,8) size 334x18
-          RenderTextControl {INPUT} at (0,0) size 248x29 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderFlexibleBox {DIV} at (3,0) size 242x29
-              RenderBlock {DIV} at (0,3) size 223x23
-          RenderText {#text} at (247,8) size 87x18
-            text run at (247,8) width 87: " Normal state"
-      RenderBlock {DIV} at (0,81) size 784x29
-        RenderInline {LABEL} at (0,8) size 341x18
-          RenderTextControl {INPUT} at (0,0) size 247x29 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderFlexibleBox {DIV} at (3,0) size 241x29
-              RenderBlock {DIV} at (0,3) size 222x23
-          RenderText {#text} at (246,8) size 95x18
-            text run at (246,8) width 95: " Disabled state"
-      RenderBlock {DIV} at (0,110) size 784x29
-        RenderInline {LABEL} at (0,8) size 351x18
-          RenderTextControl {INPUT} at (0,0) size 247x29 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderFlexibleBox {DIV} at (3,0) size 241x29
-              RenderBlock {DIV} at (0,3) size 222x23
-          RenderText {#text} at (246,8) size 105x18
-            text run at (246,8) width 105: " Read-only state"
-layer at (11,63) size 223x23
-  RenderBlock {DIV} at (0,0) size 223x23
-    RenderText {#text} at (0,0) size 13x23
-      text run at (0,0) width 13: "0"
-layer at (11,92) size 222x23
-  RenderBlock {DIV} at (0,0) size 222x23
-    RenderText {#text} at (0,0) size 13x23
-      text run at (0,0) width 13: "0"
-layer at (11,121) size 222x23
-  RenderBlock {DIV} at (0,0) size 222x23
-    RenderText {#text} at (0,0) size 13x23
-      text run at (0,0) width 13: "0"
-layer at (234,60) size 19x30
-  RenderBlock (relative positioned) {DIV} at (222,-1) size 20x31
-layer at (233,89) size 19x30
-  RenderBlock (relative positioned) {DIV} at (221,-1) size 20x31
-layer at (233,118) size 19x30
-  RenderBlock (relative positioned) {DIV} at (221,-1) size 20x31
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-layer-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-layer-expected.txt
deleted file mode 100644
index e35e7c7343f4f..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/number/number-appearance-spinbutton-layer-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x56
-  RenderBlock {HTML} at (0,0) size 800x56
-    RenderBody {BODY} at (8,8) size 784x40
-      RenderBR {BR} at (146,0) size 1x18
-      RenderTextControl {INPUT} at (0,21) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderFlexibleBox {DIV} at (3,1) size 141x17
-          RenderBlock {DIV} at (0,1) size 128x14
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,32) size 128x13
-  RenderBlock {DIV} at (0,0) size 128x13
-    RenderText {#text} at (0,0) size 13x13
-      text run at (0,0) width 13: "10"
-layer at (8,9) size 147x19
-  RenderTextControl {INPUT} at (0,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-    RenderFlexibleBox {DIV} at (3,1) size 141x17
-      RenderBlock {DIV} at (0,1) size 128x14
-layer at (11,12) size 128x13
-  RenderBlock {DIV} at (0,0) size 128x13
-    RenderText {#text} at (0,0) size 13x13
-      text run at (0,0) width 13: "10"
-layer at (139,10) size 13x17
-  RenderBlock (relative positioned) {DIV} at (127,0) size 14x17
-layer at (139,30) size 13x17
-  RenderBlock (relative positioned) {DIV} at (127,0) size 14x17
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/placeholder-position-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/placeholder-position-expected.txt
deleted file mode 100644
index 3ef43904d8ebc..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/placeholder-position-expected.txt
+++ /dev/null
@@ -1,129 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 114x13
-          RenderBlock {DIV} at (121,0) size 20x19
-      RenderBR {BR} at (146,0) size 1x18
-      RenderTextControl {INPUT} at (0,19) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (146,19) size 1x18
-      RenderTextControl {INPUT} at (0,38) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 140x19
-          RenderBlock {DIV} at (131,0) size 9x19
-          RenderBlock {DIV} at (19,3) size 113x13
-          RenderBlock {DIV} at (0,0) size 19x19
-      RenderBR {BR} at (145,38) size 1x18
-      RenderTextControl {INPUT} at (0,57) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 100x13
-          RenderBlock {DIV} at (121,0) size 20x19
-      RenderBR {BR} at (146,57) size 1x18
-      RenderBR {BR} at (161,94) size 0x18
-      RenderTextControl {INPUT} at (0,108) size 147x33 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBR {BR} at (146,108) size 1x18
-      RenderBR {BR} at (161,172) size 0x18
-      RenderTextControl {INPUT} at (5,191) size 198x30 [bgcolor=#FFFFFF] [border: (5px solid #000000)]
-      RenderBR {BR} at (207,198) size 1x18
-      RenderTextControl {INPUT} at (0,226) size 147x31 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,232) size 5x18
-        text run at (146,232) width 5: " "
-      RenderTextControl {INPUT} at (150,226) size 148x31 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderBR {BR} at (297,232) size 1x18
-      RenderTextControl {INPUT} at (0,257) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,257) size 5x18
-        text run at (146,257) width 5: " "
-      RenderTextControl {INPUT} at (150,257) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (297,257) size 5x18
-        text run at (297,257) width 5: " "
-      RenderTextControl {INPUT} at (301,257) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderBR {BR} at (448,257) size 1x18
-      RenderBR {BR} at (146,290) size 1x18
-layer at (19,11) size 114x13
-  RenderBlock {DIV} at (11,3) size 114x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (19,11) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (11,30) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (11,30) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (30,49) size 113x13
-  RenderBlock {DIV} at (22,3) size 113x13 [color=#A9A9A9]
-    RenderText {#text} at (51,0) size 62x13
-      text run at (51,0) width 62: "placeholder"
-layer at (30,49) size 113x13
-  RenderBlock {DIV} at (0,0) size 113x13
-layer at (33,68) size 100x13
-  RenderBlock {DIV} at (25,3) size 100x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (33,68) size 100x13
-  RenderBlock {DIV} at (0,0) size 100x13
-layer at (8,84) size 161x32 clip at (9,85) size 159x30
-  RenderTextControl {TEXTAREA} at (0,76) size 161x32 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 155x13
-    RenderBlock {DIV} at (3,3) size 155x13 [color=#A9A9A9]
-      RenderText {#text} at (0,0) size 62x13
-        text run at (0,0) width 62: "placeholder"
-layer at (11,119) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (11,119) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,149) size 161x45 clip at (9,150) size 159x43
-  RenderTextControl {TEXTAREA} at (0,141) size 161x45 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,16) size 155x13
-    RenderBlock {DIV} at (3,16) size 155x13 [color=#A9A9A9]
-      RenderText {#text} at (0,0) size 62x13
-        text run at (0,0) width 62: "placeholder"
-layer at (19,205) size 185x18
-  RenderBlock {DIV} at (6,6) size 186x18 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 81x18
-      text run at (0,0) width 81: "placeholder"
-layer at (19,205) size 185x18
-  RenderBlock {DIV} at (6,6) size 186x18
-layer at (11,237) size 141x25
-  RenderBlock {DIV} at (3,3) size 141x25
-    RenderText {#text} at (0,6) size 29x13
-      text run at (0,6) width 29: "Value"
-layer at (162,243) size 141x13
-  RenderBlock {DIV} at (3,9) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (162,237) size 141x25
-  RenderBlock {DIV} at (3,3) size 141x25
-layer at (11,268) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (56,0) size 29x13
-      text run at (56,0) width 29: "Value"
-layer at (162,268) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (39,0) size 63x13
-      text run at (39,0) width 63: "placeholder"
-layer at (162,268) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (313,268) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (39,0) size 63x13
-      text run at (39,0) width 63: "placeholder"
-layer at (313,268) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,284) size 147x33
-  RenderTextControl {INPUT} at (0,276) size 147x33 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (11,301) size 141x13
-  RenderBlock {DIV} at (3,17) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 62x13
-      text run at (0,0) width 62: "placeholder"
-layer at (11,301) size 141x13
-  RenderBlock {DIV} at (3,17) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/placeholder-pseudo-style-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/placeholder-pseudo-style-expected.txt
deleted file mode 100644
index 85269ee614d66..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/placeholder-pseudo-style-expected.txt
+++ /dev/null
@@ -1,66 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 336x18
-        text run at (0,0) width 336: "This tests that you can set the placeholder text color."
-      RenderBR {BR} at (335,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,18) size 5x18
-        text run at (146,18) width 5: " "
-      RenderTextControl {INPUT} at (150,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 114x13
-          RenderBlock {DIV} at (121,0) size 20x19
-      RenderText {#text} at (297,18) size 5x18
-        text run at (297,18) width 5: " "
-      RenderTextControl {INPUT} at (301,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderFlexibleBox {DIV} at (3,3) size 141x13
-          RenderBlock {DIV} at (0,0) size 141x13
-      RenderText {#text} at (448,18) size 5x18
-        text run at (448,18) width 5: " "
-      RenderTextControl {INPUT} at (452,18) size 147x19 [color=color(srgb 0.341176 0.341176 0.341176)] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (598,18) size 5x18
-        text run at (598,18) width 5: " "
-      RenderTextControl {INPUT} at (602,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderTextControl {INPUT} at (0,37) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#640000]
-    RenderText {#text} at (0,0) size 21x13
-      text run at (0,0) width 21: "text"
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (170,29) size 114x13
-  RenderBlock {DIV} at (11,3) size 114x13 [color=#640000]
-    RenderText {#text} at (0,0) size 36x13
-      text run at (0,0) width 36: "search"
-layer at (170,29) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (313,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#640000]
-    RenderText {#text} at (0,0) size 51x13
-      text run at (0,0) width 51: "password"
-layer at (313,29) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-layer at (464,29) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13 [color=#640000]
-    RenderText {#text} at (0,0) size 68x13
-      text run at (0,0) width 68: "disabled text"
-layer at (464,29) size 140x13
-  RenderBlock {DIV} at (3,3) size 140x13
-layer at (614,29) size 141x13 backgroundClip at (614,29) size 140x13 clip at (614,29) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 37x13
-      text run at (0,0) width 37: "default"
-layer at (614,29) size 141x13 backgroundClip at (614,29) size 140x13 clip at (614,29) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (11,48) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 85x13
-      text run at (0,0) width 85: "default disabled"
-layer at (11,48) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-cancel-button-style-sharing-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-cancel-button-style-sharing-expected.txt
deleted file mode 100644
index 06f8ca43f1572..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-cancel-button-style-sharing-expected.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 391x18
-          text run at (0,0) width 391: "Only the second search field should have a cancel button (\x{D7})."
-      RenderBlock (anonymous) at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-layer at (19,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-layer at (170,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 42x13
-      text run at (0,0) width 42: "this one"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-display-none-cancel-button-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-display-none-cancel-button-expected.txt
deleted file mode 100644
index 82660a68a9588..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-display-none-cancel-button-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 510x18
-        text run at (0,0) width 510: "This tests that the display:none style will work on a search field's cancel button."
-      RenderBR {BR} at (509,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 141x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 133x13
-      RenderText {#text} at (0,0) size 0x0
-layer at (19,29) size 133x13
-  RenderBlock {DIV} at (0,0) size 133x13
-    RenderText {#text} at (0,0) size 21x13
-      text run at (0,0) width 21: "test"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-input-rtl-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-input-rtl-expected.txt
deleted file mode 100644
index 6e84163afb62b..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-input-rtl-expected.txt
+++ /dev/null
@@ -1,54 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x54
-  RenderBlock {HTML} at (0,0) size 800x54
-    RenderBody {BODY} at (8,8) size 784x38
-      RenderBlock {DIV} at (0,0) size 784x19
-        RenderText {#text} at (620,0) size 164x18
-          text run at (620,0) width 9 RTL: ": "
-          text run at (628,0) width 156: "right to left search fields"
-        RenderTextControl {INPUT} at (474,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (131,0) size 9x19
-            RenderBlock {DIV} at (19,3) size 113x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (470,0) size 5x18
-          text run at (470,0) width 5 RTL: " "
-        RenderTextControl {INPUT} at (324,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (117,0) size 23x19
-            RenderBlock {DIV} at (19,3) size 99x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,19) size 784x19
-        RenderText {#text} at (0,0) size 164x18
-          text run at (0,0) width 164: "left to right search fields: "
-        RenderTextControl {INPUT} at (163,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (310,0) size 5x18
-          text run at (310,0) width 5: " "
-        RenderTextControl {INPUT} at (314,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 22x19
-            RenderBlock {DIV} at (22,3) size 100x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-layer at (504,11) size 113x13
-  RenderBlock {DIV} at (0,0) size 113x13
-    RenderText {#text} at (78,0) size 35x13
-      text run at (78,0) width 35: "foobar"
-layer at (354,11) size 99x13
-  RenderBlock {DIV} at (0,0) size 99x13
-    RenderText {#text} at (64,0) size 35x13
-      text run at (64,0) width 35: "foobar"
-layer at (183,30) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 35x13
-      text run at (0,0) width 35: "foobar"
-layer at (348,30) size 100x13
-  RenderBlock {DIV} at (0,0) size 100x13
-    RenderText {#text} at (0,0) size 35x13
-      text run at (0,0) width 35: "foobar"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-rtl-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-rtl-expected.txt
deleted file mode 100644
index b32484233b4b6..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-rtl-expected.txt
+++ /dev/null
@@ -1,74 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 54x18
-          text run at (0,0) width 54: "Test for "
-        RenderInline {I} at (53,0) size 702x18
-          RenderInline {A} at (53,0) size 304x18 [color=#0000EE]
-            RenderText {#text} at (53,0) size 304x18
-              text run at (53,0) width 304: "http://bugs.webkit.org/show_bug.cgi?id=11916"
-          RenderText {#text} at (356,0) size 399x18
-            text run at (356,0) width 5: " "
-            text run at (360,0) width 395: "REGRESSION (SearchField): RTL search fields are mixed up"
-        RenderText {#text} at (754,0) size 5x18
-          text run at (754,0) width 5: "."
-      RenderBlock {P} at (0,34) size 784x57
-        RenderTextControl {INPUT} at (0,0) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (117,0) size 23x19
-            RenderBlock {DIV} at (19,3) size 99x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderBR {BR} at (145,0) size 1x18
-        RenderTextControl {INPUT} at (0,19) size 257x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 251x19
-            RenderBlock {DIV} at (228,0) size 23x19
-            RenderBlock {DIV} at (19,3) size 210x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderBR {BR} at (256,19) size 1x18
-        RenderTextControl {INPUT} at (0,38) size 146x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 140x19
-            RenderBlock {DIV} at (117,0) size 23x19
-            RenderBlock {DIV} at (19,3) size 99x13
-            RenderBlock {DIV} at (0,0) size 19x19
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,107) size 784x18
-        RenderText {#text} at (0,0) size 37x18
-          text run at (0,0) width 37: "PASS"
-layer at (30,45) size 99x13 scrollX 33 scrollWidth 132
-  RenderBlock {DIV} at (0,0) size 99x13
-    RenderText {#text} at (-34,0) size 133x13
-      text run at (-33,0) width 19 RTL: "\x{5D5}\x{5D6}\x{5D4}\x{5D5}"
-      text run at (-14,0) width 3 RTL: " "
-      text run at (-11,0) width 19: "she"
-      text run at (7,0) width 4 RTL: " "
-      text run at (10,0) width 13 RTL: "\x{5D6}\x{5D4}"
-      text run at (22,0) width 4 RTL: " "
-      text run at (25,0) width 22 RTL: "\x{5D5}\x{5D4}\x{5D9}\x{5D0}"
-      text run at (46,0) width 4 RTL: " "
-      text run at (49,0) width 14: "he"
-      text run at (62,0) width 4 RTL: " "
-      text run at (65,0) width 14 RTL: "\x{5D6}\x{5D4}"
-      text run at (78,0) width 4 RTL: " "
-      text run at (81,0) width 18 RTL: "\x{5D4}\x{5D5}\x{5D0}"
-layer at (30,64) size 210x13
-  RenderBlock {DIV} at (0,0) size 210x13
-    RenderText {#text} at (77,0) size 133x13
-      text run at (77,0) width 20 RTL: "\x{5D5}\x{5D6}\x{5D4}\x{5D5}"
-      text run at (96,0) width 4 RTL: " "
-      text run at (99,0) width 20: "she"
-      text run at (118,0) width 4 RTL: " "
-      text run at (121,0) width 13 RTL: "\x{5D6}\x{5D4}"
-      text run at (133,0) width 4 RTL: " "
-      text run at (136,0) width 22 RTL: "\x{5D5}\x{5D4}\x{5D9}\x{5D0}"
-      text run at (157,0) width 4 RTL: " "
-      text run at (160,0) width 14: "he"
-      text run at (173,0) width 4 RTL: " "
-      text run at (176,0) width 13 RTL: "\x{5D6}\x{5D4}"
-      text run at (188,0) width 5 RTL: " "
-      text run at (192,0) width 18 RTL: "\x{5D4}\x{5D5}\x{5D0}"
-layer at (30,83) size 99x13
-  RenderBlock {DIV} at (0,0) size 99x13
-caret: position 0 of child 0 {DIV} of child 1 {DIV} of child 0 {DIV} of {#document-fragment} of child 7 {INPUT} of child 3 {P} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-styled-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-styled-expected.txt
deleted file mode 100644
index 1c9eed33f365c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-styled-expected.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x43
-  RenderBlock {HTML} at (0,0) size 800x43
-    RenderBody {BODY} at (8,8) size 784x27
-      RenderTextControl {INPUT} at (0,0) size 186x27 [bgcolor=#FFFFFF] [border: (1px solid #BDC7D8)]
-        RenderFlexibleBox {DIV} at (18,4) size 164x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 123x13
-          RenderBlock {DIV} at (145,0) size 19x19
-      RenderText {#text} at (0,0) size 0x0
-layer at (48,15) size 123x13
-  RenderBlock {DIV} at (40,7) size 123x13 [color=#A9A9A9]
-    RenderText {#text} at (0,0) size 92x13
-      text run at (0,0) width 92: "Search for Events"
-layer at (48,15) size 123x13
-  RenderBlock {DIV} at (0,0) size 123x13
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search-vertical-alignment-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search-vertical-alignment-expected.txt
deleted file mode 100644
index e10324e4f4d9d..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search-vertical-alignment-expected.txt
+++ /dev/null
@@ -1,66 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 772x36
-          text run at (0,0) width 431: "Test that search field text is vertically centered if the search field is "
-          text run at (430,0) width 342: "taller than the text. In each of the following pairs of a"
-          text run at (0,18) width 105: "search field and "
-          text run at (104,18) width 366: "a text field, the vertical position of the text should be the "
-          text run at (469,18) width 125: "same in both fields."
-      RenderBlock {P} at (0,52) size 784x45
-        RenderTextControl {INPUT} at (0,0) size 147x45 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,3) size 141x39
-            RenderBlock {DIV} at (0,10) size 17x19
-            RenderBlock {DIV} at (17,13) size 105x13
-            RenderBlock {DIV} at (121,10) size 20x19
-        RenderText {#text} at (146,13) size 5x18
-          text run at (146,13) width 5: " "
-        RenderTextControl {INPUT} at (150,0) size 148x45 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,113) size 784x18
-        RenderTextControl {INPUT} at (0,2) size 147x16 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x16
-            RenderBlock {DIV} at (0,0) size 17x19
-            RenderBlock {DIV} at (17,1) size 105x14
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,2) size 148x16 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,147) size 784x18
-        RenderTextControl {INPUT} at (0,5) size 147x12 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x12
-            RenderBlock {DIV} at (0,0) size 17x19
-            RenderBlock {DIV} at (17,3) size 105x6
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (146,0) size 5x18
-          text run at (146,0) width 5: " "
-        RenderTextControl {INPUT} at (150,4) size 148x12 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (28,76) size 105x13
-  RenderBlock {DIV} at (0,0) size 105x13
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
-layer at (162,76) size 141x13
-  RenderBlock {DIV} at (3,16) size 141x13
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
-layer at (28,125) size 105x13
-  RenderBlock {DIV} at (0,0) size 105x13
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
-layer at (162,125) size 141x13
-  RenderBlock {DIV} at (3,1) size 141x14
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
-layer at (28,163) size 105x6 scrollHeight 13
-  RenderBlock {DIV} at (0,0) size 105x6
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
-layer at (162,159) size 141x13
-  RenderBlock {DIV} at (3,-1) size 141x14
-    RenderText {#text} at (0,0) size 22x13
-      text run at (0,0) width 22: "Text"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search/search-padding-cancel-results-buttons-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search/search-padding-cancel-results-buttons-expected.txt
deleted file mode 100644
index d900d9788493a..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search/search-padding-cancel-results-buttons-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTextControl {INPUT} at (0,0) size 165x43 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderFlexibleBox {DIV} at (12,12) size 141x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 100x13
-          RenderBlock {DIV} at (121,0) size 20x19
-      RenderText {#text} at (0,0) size 0x0
-layer at (42,23) size 100x13
-  RenderBlock {DIV} at (0,0) size 100x13
-    RenderText {#text} at (0,0) size 21x13
-      text run at (0,0) width 21: "test"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/search/search-size-with-decorations-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/search/search-size-with-decorations-expected.txt
deleted file mode 100644
index 5e89e478a4fb8..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/search/search-size-with-decorations-expected.txt
+++ /dev/null
@@ -1,69 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x149
-  RenderBlock {HTML} at (0,0) size 800x149
-    RenderBody {BODY} at (8,8) size 784x133
-      RenderTextControl {INPUT} at (0,0) size 174x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 168x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 141x13
-          RenderBlock {DIV} at (148,0) size 20x19
-      RenderBR {BR} at (173,0) size 1x18
-      RenderTextControl {INPUT} at (0,19) size 174x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 168x19
-          RenderBlock {DIV} at (0,0) size 8x19
-          RenderBlock {DIV} at (8,3) size 141x13
-          RenderBlock {DIV} at (148,0) size 20x19
-      RenderBR {BR} at (173,19) size 1x18
-      RenderTextControl {INPUT} at (0,38) size 183x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 177x19
-          RenderBlock {DIV} at (0,0) size 17x19
-          RenderBlock {DIV} at (17,3) size 141x13
-          RenderBlock {DIV} at (157,0) size 20x19
-      RenderBR {BR} at (182,38) size 1x18
-      RenderTextControl {INPUT} at (0,57) size 183x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 177x19
-          RenderBlock {DIV} at (0,0) size 17x19
-          RenderBlock {DIV} at (17,3) size 141x13
-          RenderBlock {DIV} at (157,0) size 20x19
-      RenderBR {BR} at (182,57) size 1x18
-      RenderTextControl {INPUT} at (0,76) size 188x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 182x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 141x13
-          RenderBlock {DIV} at (162,0) size 20x19
-      RenderBR {BR} at (187,76) size 1x18
-      RenderTextControl {INPUT} at (0,95) size 188x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 182x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 141x13
-          RenderBlock {DIV} at (162,0) size 20x19
-      RenderBR {BR} at (187,95) size 1x18
-      RenderTextControl {INPUT} at (0,114) size 328x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-        RenderFlexibleBox {DIV} at (3,0) size 322x19
-          RenderBlock {DIV} at (0,0) size 22x19
-          RenderBlock {DIV} at (22,3) size 281x13
-          RenderBlock {DIV} at (302,0) size 20x19
-      RenderText {#text} at (0,0) size 0x0
-layer at (19,11) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-layer at (19,30) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 135x13
-      text run at (0,0) width 135: "12345678901234567890"
-layer at (28,49) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-layer at (28,68) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 135x13
-      text run at (0,0) width 135: "12345678901234567890"
-layer at (33,87) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-layer at (33,106) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
-    RenderText {#text} at (0,0) size 135x13
-      text run at (0,0) width 135: "12345678901234567890"
-layer at (33,125) size 281x13
-  RenderBlock {DIV} at (0,0) size 281x13
-    RenderText {#text} at (0,0) size 269x13
-      text run at (0,0) width 269: "1234567890123456789012345678901234567890"
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/select-visual-hebrew-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/select-visual-hebrew-expected.txt
deleted file mode 100644
index abe4abf5fd082..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/select-visual-hebrew-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 632x18
-          text run at (0,0) width 632: "This tests that native pop-ups are rendered in logical order even in visually-ordered Hebrew pages."
-      RenderBlock {P} at (0,52) size 784x19
-        RenderText {#text} at (0,1) size 398x18
-          text run at (0,1) width 398: "Text on the pop-up and in the list should look like this: \x{5E8}\x{5D5}\x{5EA}\x{5E4}\x{5DB}"
-      RenderBlock (anonymous) at (0,87) size 784x18
-        RenderMenuList {SELECT} at (0,0) size 62x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 62x18
-            RenderText at (8,2) size 31x13
-              text run at (8,2) width 31 RTL: "\x{5DB}\x{5E4}\x{5EA}\x{5D5}\x{5E8}"
-        RenderText {#text} at (0,0) size 0x0
-layer at (8,42) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,34) size 784x2 [color=#808080] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/select-writing-direction-natural-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/select-writing-direction-natural-expected.txt
deleted file mode 100644
index 6a5d57b3e387c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/select-writing-direction-natural-expected.txt
+++ /dev/null
@@ -1,136 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 54x18
-          text run at (0,0) width 54: "Test for "
-        RenderInline {I} at (0,0) size 716x36
-          RenderInline {A} at (53,0) size 305x18 [color=#0000EE]
-            RenderText {#text} at (53,0) size 305x18
-              text run at (53,0) width 305: "http://bugs.webkit.org/show_bug.cgi?id=13775"
-          RenderText {#text} at (0,0) size 716x36
-            text run at (357,0) width 5: " "
-            text run at (361,0) width 355: "REGRESSION: Popup button text should use \"natural\""
-            text run at (0,18) width 330: "directionality to match the items in the popup menu"
-        RenderText {#text} at (329,18) size 5x18
-          text run at (329,18) width 5: "."
-      RenderBlock {DIV} at (0,52) size 784x38
-        RenderBlock {DIV} at (0,0) size 784x19
-          RenderMenuList {SELECT} at (0,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 15x13
-                text run at (8,2) width 8 RTL: "\x{5D0}"
-                text run at (15,2) width 8: "A"
-          RenderText {#text} at (70,0) size 4x18
-            text run at (70,0) width 4: " "
-          RenderMenuList {SELECT} at (74,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 15x13
-                text run at (8,2) width 8: "A"
-                text run at (15,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (144,0) size 4x18
-            text run at (144,0) width 4: " "
-          RenderMenuList {SELECT} at (148,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 19x13
-                text run at (8,2) width 5: "("
-                text run at (12,2) width 8 RTL: "\x{5D0}"
-                text run at (19,2) width 8: "A"
-          RenderText {#text} at (218,0) size 4x18
-            text run at (218,0) width 4: " "
-          RenderMenuList {SELECT} at (222,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 19x13
-                text run at (8,2) width 12: "(A"
-                text run at (19,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (0,0) size 0x0
-        RenderBlock {DIV} at (0,19) size 784x19
-          RenderMenuList {SELECT} at (492,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 15x13
-                text run at (8,2) width 8 RTL: "\x{5D0}"
-                text run at (15,2) width 8: "A"
-          RenderText {#text} at (562,0) size 4x18
-            text run at (562,0) width 4: " "
-          RenderMenuList {SELECT} at (566,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 15x13
-                text run at (8,2) width 8: "A"
-                text run at (15,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (636,0) size 4x18
-            text run at (636,0) width 4: " "
-          RenderMenuList {SELECT} at (640,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 19x13
-                text run at (8,2) width 5: "("
-                text run at (12,2) width 8 RTL: "\x{5D0}"
-                text run at (19,2) width 8: "A"
-          RenderText {#text} at (710,0) size 4x18
-            text run at (710,0) width 4: " "
-          RenderMenuList {SELECT} at (714,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (8,2) size 19x13
-                text run at (8,2) width 12: "(A"
-                text run at (19,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,90) size 784x38
-        RenderBlock {DIV} at (0,0) size 784x19
-          RenderMenuList {SELECT} at (222,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (47,2) size 15x13
-                text run at (47,2) width 8: "A"
-                text run at (54,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (218,0) size 4x18
-            text run at (218,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (148,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (47,2) size 15x13
-                text run at (47,2) width 8 RTL: "\x{5D0}"
-                text run at (54,2) width 8: "A"
-          RenderText {#text} at (144,0) size 4x18
-            text run at (144,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (74,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (43,2) size 19x13
-                text run at (43,2) width 8: "A"
-                text run at (50,2) width 12 RTL: "(\x{5D0}"
-          RenderText {#text} at (70,0) size 4x18
-            text run at (70,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (0,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (43,2) size 19x13
-                text run at (43,2) width 8 RTL: "\x{5D0}"
-                text run at (50,2) width 8: "A"
-                text run at (57,2) width 5 RTL: "("
-          RenderText {#text} at (0,0) size 0x0
-        RenderBlock {DIV} at (0,19) size 784x19
-          RenderMenuList {SELECT} at (714,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (47,2) size 15x13
-                text run at (47,2) width 8: "A"
-                text run at (54,2) width 8 RTL: "\x{5D0}"
-          RenderText {#text} at (710,0) size 4x18
-            text run at (710,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (640,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (47,2) size 15x13
-                text run at (47,2) width 8 RTL: "\x{5D0}"
-                text run at (54,2) width 8: "A"
-          RenderText {#text} at (636,0) size 4x18
-            text run at (636,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (566,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (43,2) size 19x13
-                text run at (43,2) width 8: "A"
-                text run at (50,2) width 12 RTL: "(\x{5D0}"
-          RenderText {#text} at (562,0) size 4x18
-            text run at (562,0) width 4 RTL: " "
-          RenderMenuList {SELECT} at (492,1) size 70x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 70x18
-              RenderText at (43,2) size 19x13
-                text run at (43,2) width 8 RTL: "\x{5D0}"
-                text run at (50,2) width 8: "A"
-                text run at (57,2) width 5 RTL: "("
-          RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/tabbing-input-iframe-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/tabbing-input-iframe-expected.txt
deleted file mode 100644
index 09f1080573961..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/tabbing-input-iframe-expected.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 454x18
-        text run at (0,0) width 454: "This tests that you can tab out of a text field if an iframe comes after it."
-      RenderBR {BR} at (453,0) size 1x18
-      RenderTextControl {INPUT} at (0,156) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (146,156) size 5x18
-        text run at (146,156) width 5: " "
-      RenderIFrame {IFRAME} at (150,18) size 303x152 [border: (1px solid #000000)]
-        layer at (0,0) size 300x150
-          RenderView at (0,0) size 300x150
-        layer at (0,0) size 300x150
-          RenderBlock {HTML} at (0,0) size 300x150
-            RenderBody {BODY} at (8,8) size 284x134
-      RenderText {#text} at (452,156) size 5x18
-        text run at (452,156) width 5: " "
-      RenderTextControl {INPUT} at (456,156) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,167) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (468,167) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 121x13
-      text run at (0,0) width 121: "This should have focus"
-selection start: position 0 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 7 {INPUT} of body
-selection end:   position 22 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 7 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/text-control-intrinsic-widths-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/text-control-intrinsic-widths-expected.txt
deleted file mode 100644
index 67969dc4acd43..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/text-control-intrinsic-widths-expected.txt
+++ /dev/null
@@ -1,387 +0,0 @@
-This test measures the width of textareas and text inputs for different fonts.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-Lucida Grande
-input
-size=1 clientWidth=25
-size=2 clientWidth=30
-size=3 clientWidth=35
-size=4 clientWidth=40
-size=5 clientWidth=45
-size=10 clientWidth=70
-size=20 clientWidth=120
-size=50 clientWidth=270
-size=100 clientWidth=520
-size=500 clientWidth=2520
-size=1000 clientWidth=5020
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=33
-cols=3 clientWidth=40
-cols=4 clientWidth=47
-cols=5 clientWidth=54
-cols=10 clientWidth=89
-cols=20 clientWidth=159
-cols=50 clientWidth=369
-cols=100 clientWidth=719
-cols=500 clientWidth=3519
-cols=1000 clientWidth=7019
-
-Courier
-input
-size=1 clientWidth=10
-size=2 clientWidth=16
-size=3 clientWidth=23
-size=4 clientWidth=29
-size=5 clientWidth=36
-size=10 clientWidth=69
-size=20 clientWidth=135
-size=50 clientWidth=333
-size=100 clientWidth=663
-size=500 clientWidth=3304
-size=1000 clientWidth=6604
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=33
-cols=3 clientWidth=39
-cols=4 clientWidth=46
-cols=5 clientWidth=53
-cols=10 clientWidth=86
-cols=20 clientWidth=152
-cols=50 clientWidth=350
-cols=100 clientWidth=680
-cols=500 clientWidth=3320
-cols=1000 clientWidth=6621
-
-Helvetica
-input
-size=1 clientWidth=9
-size=2 clientWidth=15
-size=3 clientWidth=21
-size=4 clientWidth=27
-size=5 clientWidth=34
-size=10 clientWidth=64
-size=20 clientWidth=125
-size=50 clientWidth=309
-size=100 clientWidth=615
-size=500 clientWidth=3062
-size=1000 clientWidth=6121
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=32
-cols=3 clientWidth=38
-cols=4 clientWidth=44
-cols=5 clientWidth=50
-cols=10 clientWidth=81
-cols=20 clientWidth=142
-cols=50 clientWidth=325
-cols=100 clientWidth=631
-cols=500 clientWidth=3078
-cols=1000 clientWidth=6137
-
-Monaco
-input
-size=1 clientWidth=10
-size=2 clientWidth=16
-size=3 clientWidth=23
-size=4 clientWidth=29
-size=5 clientWidth=36
-size=10 clientWidth=69
-size=20 clientWidth=135
-size=50 clientWidth=333
-size=100 clientWidth=663
-size=500 clientWidth=3304
-size=1000 clientWidth=6604
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=33
-cols=3 clientWidth=39
-cols=4 clientWidth=46
-cols=5 clientWidth=53
-cols=10 clientWidth=86
-cols=20 clientWidth=152
-cols=50 clientWidth=350
-cols=100 clientWidth=680
-cols=500 clientWidth=3320
-cols=1000 clientWidth=6621
-
-Times
-input
-size=1 clientWidth=9
-size=2 clientWidth=14
-size=3 clientWidth=20
-size=4 clientWidth=25
-size=5 clientWidth=31
-size=10 clientWidth=58
-size=20 clientWidth=113
-size=50 clientWidth=278
-size=100 clientWidth=553
-size=500 clientWidth=2753
-size=1000 clientWidth=5503
-
-textarea
-cols=1 clientWidth=25
-cols=2 clientWidth=30
-cols=3 clientWidth=36
-cols=4 clientWidth=41
-cols=5 clientWidth=47
-cols=10 clientWidth=74
-cols=20 clientWidth=129
-cols=50 clientWidth=294
-cols=100 clientWidth=569
-cols=500 clientWidth=2769
-cols=1000 clientWidth=5519
-
-Andale Mono
-input
-size=1 clientWidth=10
-size=2 clientWidth=17
-size=3 clientWidth=24
-size=4 clientWidth=31
-size=5 clientWidth=38
-size=10 clientWidth=73
-size=20 clientWidth=143
-size=50 clientWidth=353
-size=100 clientWidth=703
-size=500 clientWidth=3503
-size=1000 clientWidth=7003
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=33
-cols=3 clientWidth=40
-cols=4 clientWidth=47
-cols=5 clientWidth=54
-cols=10 clientWidth=89
-cols=20 clientWidth=159
-cols=50 clientWidth=369
-cols=100 clientWidth=719
-cols=500 clientWidth=3519
-cols=1000 clientWidth=7019
-
-Arial
-input
-size=1 clientWidth=32
-size=2 clientWidth=37
-size=3 clientWidth=42
-size=4 clientWidth=47
-size=5 clientWidth=52
-size=10 clientWidth=77
-size=20 clientWidth=127
-size=50 clientWidth=277
-size=100 clientWidth=527
-size=500 clientWidth=2527
-size=1000 clientWidth=5027
-
-textarea
-cols=1 clientWidth=24
-cols=2 clientWidth=29
-cols=3 clientWidth=34
-cols=4 clientWidth=39
-cols=5 clientWidth=44
-cols=10 clientWidth=69
-cols=20 clientWidth=119
-cols=50 clientWidth=269
-cols=100 clientWidth=519
-cols=500 clientWidth=2519
-cols=1000 clientWidth=5019
-
-Comic Sans MS
-input
-size=1 clientWidth=17
-size=2 clientWidth=22
-size=3 clientWidth=27
-size=4 clientWidth=32
-size=5 clientWidth=37
-size=10 clientWidth=62
-size=20 clientWidth=112
-size=50 clientWidth=262
-size=100 clientWidth=512
-size=500 clientWidth=2512
-size=1000 clientWidth=5012
-
-textarea
-cols=1 clientWidth=24
-cols=2 clientWidth=29
-cols=3 clientWidth=34
-cols=4 clientWidth=39
-cols=5 clientWidth=44
-cols=10 clientWidth=69
-cols=20 clientWidth=119
-cols=50 clientWidth=269
-cols=100 clientWidth=519
-cols=500 clientWidth=2519
-cols=1000 clientWidth=5019
-
-Courier New
-input
-size=1 clientWidth=11
-size=2 clientWidth=18
-size=3 clientWidth=25
-size=4 clientWidth=32
-size=5 clientWidth=39
-size=10 clientWidth=74
-size=20 clientWidth=144
-size=50 clientWidth=354
-size=100 clientWidth=704
-size=500 clientWidth=3504
-size=1000 clientWidth=7004
-
-textarea
-cols=1 clientWidth=26
-cols=2 clientWidth=33
-cols=3 clientWidth=40
-cols=4 clientWidth=47
-cols=5 clientWidth=54
-cols=10 clientWidth=89
-cols=20 clientWidth=159
-cols=50 clientWidth=369
-cols=100 clientWidth=719
-cols=500 clientWidth=3519
-cols=1000 clientWidth=7019
-
-Georgia
-input
-size=1 clientWidth=28
-size=2 clientWidth=33
-size=3 clientWidth=38
-size=4 clientWidth=43
-size=5 clientWidth=48
-size=10 clientWidth=73
-size=20 clientWidth=123
-size=50 clientWidth=273
-size=100 clientWidth=523
-size=500 clientWidth=2523
-size=1000 clientWidth=5023
-
-textarea
-cols=1 clientWidth=24
-cols=2 clientWidth=29
-cols=3 clientWidth=34
-cols=4 clientWidth=39
-cols=5 clientWidth=44
-cols=10 clientWidth=69
-cols=20 clientWidth=119
-cols=50 clientWidth=269
-cols=100 clientWidth=519
-cols=500 clientWidth=2519
-cols=1000 clientWidth=5019
-
-Times New Roman
-input
-size=1 clientWidth=31
-size=2 clientWidth=35
-size=3 clientWidth=39
-size=4 clientWidth=43
-size=5 clientWidth=47
-size=10 clientWidth=67
-size=20 clientWidth=107
-size=50 clientWidth=227
-size=100 clientWidth=427
-size=500 clientWidth=2027
-size=1000 clientWidth=4027
-
-textarea
-cols=1 clientWidth=23
-cols=2 clientWidth=27
-cols=3 clientWidth=31
-cols=4 clientWidth=35
-cols=5 clientWidth=39
-cols=10 clientWidth=59
-cols=20 clientWidth=99
-cols=50 clientWidth=219
-cols=100 clientWidth=419
-cols=500 clientWidth=2019
-cols=1000 clientWidth=4019
-
-Trebuchet MS
-input
-size=1 clientWidth=16
-size=2 clientWidth=21
-size=3 clientWidth=26
-size=4 clientWidth=31
-size=5 clientWidth=36
-size=10 clientWidth=61
-size=20 clientWidth=111
-size=50 clientWidth=261
-size=100 clientWidth=511
-size=500 clientWidth=2511
-size=1000 clientWidth=5011
-
-textarea
-cols=1 clientWidth=24
-cols=2 clientWidth=29
-cols=3 clientWidth=34
-cols=4 clientWidth=39
-cols=5 clientWidth=44
-cols=10 clientWidth=69
-cols=20 clientWidth=119
-cols=50 clientWidth=269
-cols=100 clientWidth=519
-cols=500 clientWidth=2519
-cols=1000 clientWidth=5019
-
-Verdana
-input
-size=1 clientWidth=24
-size=2 clientWidth=30
-size=3 clientWidth=36
-size=4 clientWidth=42
-size=5 clientWidth=48
-size=10 clientWidth=78
-size=20 clientWidth=138
-size=50 clientWidth=318
-size=100 clientWidth=618
-size=500 clientWidth=3018
-size=1000 clientWidth=6018
-
-textarea
-cols=1 clientWidth=25
-cols=2 clientWidth=31
-cols=3 clientWidth=37
-cols=4 clientWidth=43
-cols=5 clientWidth=49
-cols=10 clientWidth=79
-cols=20 clientWidth=139
-cols=50 clientWidth=319
-cols=100 clientWidth=619
-cols=500 clientWidth=3019
-cols=1000 clientWidth=6019
-
-Webdings
-input
-size=1 clientWidth=47
-size=2 clientWidth=58
-size=3 clientWidth=69
-size=4 clientWidth=80
-size=5 clientWidth=91
-size=10 clientWidth=146
-size=20 clientWidth=256
-size=50 clientWidth=586
-size=100 clientWidth=1136
-size=500 clientWidth=5536
-size=1000 clientWidth=11036
-
-textarea
-cols=1 clientWidth=30
-cols=2 clientWidth=41
-cols=3 clientWidth=52
-cols=4 clientWidth=63
-cols=5 clientWidth=74
-cols=10 clientWidth=129
-cols=20 clientWidth=239
-cols=50 clientWidth=569
-cols=100 clientWidth=1119
-cols=500 clientWidth=5519
-cols=1000 clientWidth=11019
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/textfield-focus-ring-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/textfield-focus-ring-expected.txt
deleted file mode 100644
index 61e1b9dd7da34..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/textfield-focus-ring-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 759x36
-          text run at (0,0) width 759: "Assuming the port-specific theme draws focus rings, this test can be used to ensure that a focus ring is drawn for a text"
-          text run at (0,18) width 614: "input element. This test PASSED if a focus ring is drawn around the text input element (below)."
-      RenderBlock (anonymous) at (0,52) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,63) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/textfield-outline-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/textfield-outline-expected.txt
deleted file mode 100644
index 1ebec6a996b07..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/textfield-outline-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (0,0) size 563x18
-        text run at (0,0) width 563: "This tests that a negative outline-offset won't get in the way of a cursor in a text control."
-      RenderBR {BR} at (562,0) size 1x18
-      RenderTextControl {INPUT} at (0,18) size 246x27 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-      RenderText {#text} at (0,0) size 0x0
-layer at (10,28) size 242x23
-  RenderBlock {DIV} at (2,2) size 242x23
-    RenderText {#text} at (0,0) size 33x23
-      text run at (0,0) width 33: "abc"
-caret: position 3 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 3 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/textfield-overflow-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/textfield-overflow-expected.txt
deleted file mode 100644
index 71863bf806228..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/textfield-overflow-expected.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTextControl {INPUT} at (0,0) size 147x10 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-layer at (11,7) size 141x13
-  RenderBlock {DIV} at (3,-2) size 141x14
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/forms/visual-hebrew-text-field-expected.txt b/LayoutTests/platform/mac-ventura/fast/forms/visual-hebrew-text-field-expected.txt
deleted file mode 100644
index 800a681041839..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/forms/visual-hebrew-text-field-expected.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 218x18
-          text run at (0,0) width 218: "This tests for a regression against "
-        RenderInline {I} at (0,0) size 783x36
-          RenderInline {A} at (217,0) size 354x18 [color=#0000EE]
-            RenderText {#text} at (217,0) size 354x18
-              text run at (217,0) width 354: "http://bugzilla.opendarwin.org/show_bug.cgi?id=8076"
-          RenderText {#text} at (0,0) size 783x36
-            text run at (570,0) width 213: " REGRESSION: native text fields"
-            text run at (0,18) width 251: "are reversed on \"visual Hebrew\" pages"
-        RenderText {#text} at (250,18) size 5x18
-          text run at (250,18) width 5: "."
-      RenderBlock {P} at (0,70) size 784x19
-        RenderText {#text} at (0,1) size 286x18
-          text run at (0,1) width 286: "Text in the field should look like this: \x{5E8}\x{5D5}\x{5EA}\x{5E4}\x{5DB}"
-      RenderBlock (anonymous) at (0,105) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (8,60) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,52) size 784x2 [color=#808080] [border: (1px inset #808080)]
-layer at (11,116) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 31x13
-      text run at (0,0) width 31 RTL: "\x{5DB}\x{5E4}\x{5EA}\x{5D5}\x{5E8}"
diff --git a/LayoutTests/platform/mac-ventura/fast/frames/take-focus-from-iframe-expected.txt b/LayoutTests/platform/mac-ventura/fast/frames/take-focus-from-iframe-expected.txt
deleted file mode 100644
index ba7591f5a6942..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/frames/take-focus-from-iframe-expected.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x44
-        RenderIFrame {IFRAME} at (0,0) size 204x44 [border: (2px inset #000000)]
-          layer at (0,0) size 200x40
-            RenderView at (0,0) size 200x40
-          layer at (0,0) size 200x40
-            RenderBlock {HTML} at (0,0) size 200x40
-              RenderBody {BODY} at (8,8) size 184x24
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          layer at (11,11) size 141x13
-            RenderBlock {DIV} at (3,3) size 141x13
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,60) size 784x19
-        RenderText {#text} at (0,0) size 373x18
-          text run at (0,0) width 373: "This field should look and act focused. Try to type into it: "
-        RenderTextControl {INPUT} at (372,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-layer at (383,71) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 29x13
-      text run at (0,0) width 29: "PASS"
-caret: position 4 of child 0 {#text} of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 3 {P} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/html/details-no-summary4-expected.txt b/LayoutTests/platform/mac-ventura/fast/html/details-no-summary4-expected.txt
deleted file mode 100644
index c2121e6e91bf2..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/html/details-no-summary4-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DETAILS} at (0,0) size 784x37
-        RenderListItem {SUMMARY} at (0,0) size 784x18
-          RenderListMarker at (0,0) size 15x18: "\x{25BE}"
-          RenderText {#text} at (14,0) size 46x18
-            text run at (14,0) width 46: "Details"
-        RenderBlock {SLOT} at (0,18) size 784x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/html/details-open-javascript-expected.txt b/LayoutTests/platform/mac-ventura/fast/html/details-open-javascript-expected.txt
deleted file mode 100644
index 96afaf3977dcb..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/html/details-open-javascript-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DETAILS} at (0,0) size 784x37
-        RenderListItem {SUMMARY} at (0,0) size 784x18
-          RenderListMarker at (0,0) size 15x18: "\x{25BE}"
-          RenderText {#text} at (14,0) size 50x18
-            text run at (14,0) width 50: "details1"
-        RenderBlock {SLOT} at (0,18) size 784x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DETAILS} at (0,37) size 784x18
-        RenderListItem {SUMMARY} at (0,0) size 784x18
-          RenderListMarker at (0,0) size 13x18: "\x{25B8}"
-          RenderText {#text} at (12,0) size 51x18
-            text run at (12,0) width 51: "details2"
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/html/details-open2-expected.txt b/LayoutTests/platform/mac-ventura/fast/html/details-open2-expected.txt
deleted file mode 100644
index faa0f4c62bdf4..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/html/details-open2-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DETAILS} at (0,0) size 784x37
-        RenderListItem {SUMMARY} at (0,0) size 784x18
-          RenderListMarker at (0,0) size 15x18: "\x{25BE}"
-          RenderText {#text} at (14,0) size 60x18
-            text run at (14,0) width 60: "summary"
-        RenderBlock {SLOT} at (0,18) size 784x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-          RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/html/details-open4-expected.txt b/LayoutTests/platform/mac-ventura/fast/html/details-open4-expected.txt
deleted file mode 100644
index a8726ca61c2d1..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/html/details-open4-expected.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DETAILS} at (0,0) size 784x37
-        RenderListItem {SUMMARY} at (0,0) size 784x18
-          RenderListMarker at (0,0) size 15x18: "\x{25BE}"
-          RenderText {#text} at (14,0) size 60x18
-            text run at (14,0) width 60: "summary"
-        RenderBlock {SLOT} at (0,18) size 784x19
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-layer at (11,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/invalid/008-expected.txt b/LayoutTests/platform/mac-ventura/fast/invalid/008-expected.txt
deleted file mode 100644
index d8f203b9c889b..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/invalid/008-expected.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x577
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 32x18
-          text run at (0,0) width 32: "Test"
-layer at (250,50) size 247x62
-  RenderBlock (positioned) {DIV} at (250,50) size 248x62 [border: (2px solid #008000)]
-    RenderText {#text} at (22,22) size 204x18
-      text run at (22,22) width 204: "I should be absolute positioned."
diff --git a/LayoutTests/platform/mac-ventura/fast/lists/dynamic-marker-crash-expected.txt b/LayoutTests/platform/mac-ventura/fast/lists/dynamic-marker-crash-expected.txt
deleted file mode 100644
index fb06cdab016c6..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/lists/dynamic-marker-crash-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x85
-  RenderBlock {HTML} at (0,0) size 800x85
-    RenderBody {BODY} at (8,16) size 784x53
-      RenderBlock {UL} at (0,0) size 784x53
-        RenderListItem {LI} at (40,0) size 744x53
-          RenderBlock {FORM} at (0,0) size 744x19
-            RenderBlock {P} at (0,0) size 744x19
-              RenderListMarker at (-17,0) size 7x18: bullet
-              RenderTextControl {INPUT} at (0,0) size 287x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderText {#text} at (0,0) size 0x0
-          RenderBlock {P} at (0,35) size 744x18
-            RenderText {#text} at (0,0) size 339x18
-              text run at (0,0) width 339: "There should be an input field above this line of text."
-layer at (51,19) size 281x13
-  RenderBlock {DIV} at (3,3) size 281x13
-    RenderText {#text} at (0,0) size 56x13
-      text run at (0,0) width 56: "blah blubb"
diff --git a/LayoutTests/platform/mac-ventura/fast/overflow/003-expected.txt b/LayoutTests/platform/mac-ventura/fast/overflow/003-expected.txt
deleted file mode 100644
index 65f3a57cfccc1..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/overflow/003-expected.txt
+++ /dev/null
@@ -1,193 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (10,10) size 780x302
-  RenderBlock {fake} at (10,10) size 780x302 [bgcolor=#FFFF00]
-layer at (10,10) size 282x302 clip at (11,11) size 265x300 scrollHeight 1302
-  RenderBlock {channel} at (0,0) size 282x302 [bgcolor=#EEEEEE] [border: (1px solid #000000)]
-    RenderBlock {title} at (11,11) size 255x19
-      RenderText {#text} at (0,0) size 156x19
-        text run at (0,0) width 156: "scottandrew.com"
-    RenderBlock {description} at (11,40) size 255x12
-      RenderText {#text} at (0,0) size 193x12
-        text run at (0,0) width 193: "DHTML, DOM and JavaScript News"
-    RenderBlock {item} at (1,62) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 234x15
-        RenderText {#text} at (10,11) size 234x15
-          text run at (10,11) width 234: "DHTML Animation Array Generator"
-      RenderText {#text} at (0,0) size 0x0
-      RenderInline {description} at (10,26) size 237x60
-        RenderText {#text} at (10,26) size 237x60
-          text run at (10,26) width 237: "Robert points us to the first third-party"
-          text run at (10,41) width 217: "tool for the DomAPI: The Animation"
-          text run at (10,56) width 201: "Array Generator, a visual tool for"
-          text run at (10,71) width 62: "creating..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,169) size 265x82 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 180x15
-        RenderText {#text} at (10,11) size 180x15
-          text run at (10,11) width 180: "DOM and Extended Entries"
-      RenderText {#text} at (189,11) size 5x15
-        text run at (189,11) width 5: " "
-      RenderInline {description} at (10,11) size 244x60
-        RenderText {#text} at (10,11) size 244x60
-          text run at (193,11) width 61: "Aarondot:"
-          text run at (10,26) width 208: "A Better Way To Display Extended"
-          text run at (10,41) width 226: "Entries. Very cool, and uses the DOM"
-          text run at (10,56) width 243: "and JavaScript to reveal the extended..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,261) size 265x82 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 166x15
-        RenderText {#text} at (10,11) size 166x15
-          text run at (10,11) width 166: "cellspacing and the DOM"
-      RenderText {#text} at (175,11) size 5x15
-        text run at (175,11) width 5: " "
-      RenderInline {description} at (10,11) size 242x60
-        RenderText {#text} at (10,11) size 242x60
-          text run at (179,11) width 73: "By the way,"
-          text run at (10,26) width 217: "if you're using the DOM to generate"
-          text run at (10,41) width 203: "TABLE elements, you have to use"
-          text run at (10,56) width 158: "setAttribute() to set the..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,353) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 181x15
-        RenderText {#text} at (10,11) size 181x15
-          text run at (10,11) width 181: "contenteditable for Mozilla"
-      RenderText {#text} at (190,11) size 5x15
-        text run at (190,11) width 5: " "
-      RenderInline {description} at (10,11) size 242x75
-        RenderText {#text} at (10,11) size 242x75
-          text run at (194,11) width 55: "The folks"
-          text run at (10,26) width 215: "art Q42, creator of Quek (cute little"
-          text run at (10,41) width 242: "avatar/chat) and Xopus (browser-based"
-          text run at (10,56) width 225: "WYSIWYG XML-editor) have released"
-          text run at (10,71) width 132: "code that simulates..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,460) size 265x82 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 182x30
-        RenderText {#text} at (10,11) size 182x30
-          text run at (10,11) width 182: "DHTML Timeline/Keyframe"
-          text run at (10,26) width 70: "Animation"
-      RenderText {#text} at (79,26) size 5x15
-        text run at (79,26) width 5: " "
-      RenderInline {description} at (10,26) size 241x45
-        RenderText {#text} at (10,26) size 241x45
-          text run at (83,26) width 168: "Tim Morgan is working on a"
-          text run at (10,41) width 235: "Flash-like timeline/keyframe extension"
-          text run at (10,56) width 148: "for his DHTML toolset...."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,552) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 157x30
-        RenderText {#text} at (10,11) size 157x30
-          text run at (10,11) width 157: "DynAPI 2.9 and Mozilla"
-          text run at (10,26) width 128: "compatibility ports"
-      RenderText {#text} at (137,26) size 5x15
-        text run at (137,26) width 5: " "
-      RenderInline {description} at (10,26) size 240x60
-        RenderText {#text} at (10,26) size 240x60
-          text run at (141,26) width 107: "DynAPI 2.9 is the"
-          text run at (10,41) width 211: "latest release of the popular cross-"
-          text run at (10,56) width 240: "browser DHTML library, and is available"
-          text run at (10,71) width 204: "at Dan Steinman's original site...."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,659) size 265x67 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 155x15
-        RenderText {#text} at (10,11) size 155x15
-          text run at (10,11) width 155: "!lineDraw bookmarklet"
-      RenderText {#text} at (164,11) size 5x15
-        text run at (164,11) width 5: " "
-      RenderInline {description} at (10,11) size 217x45
-        RenderText {#text} at (10,11) size 217x45
-          text run at (168,11) width 42: "Milov's"
-          text run at (10,26) width 217: "!lineDraw bookmarklet is in fact the"
-          text run at (10,41) width 174: "Coolest Bookmarklet Ever...."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,736) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 204x15
-        RenderText {#text} at (10,11) size 204x15
-          text run at (10,11) width 204: "Mozilla, DHTML and DOM links"
-      RenderText {#text} at (213,11) size 5x15
-        text run at (213,11) width 5: " "
-      RenderInline {description} at (10,11) size 239x75
-        RenderText {#text} at (10,11) size 239x75
-          text run at (217,11) width 28: "Why"
-          text run at (10,26) width 214: "Mozilla Rules (Link via Dean) Steve"
-          text run at (10,41) width 239: "Champeon: Why DHTML Will Win. Glish"
-          text run at (10,56) width 199: "finds a not-quite-DOM-compliant"
-          text run at (10,71) width 196: "replacement for innerHTML. It..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,843) size 265x67 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 104x15
-        RenderText {#text} at (10,11) size 104x15
-          text run at (10,11) width 104: "Mozilla 1.0 RC2"
-      RenderText {#text} at (113,11) size 5x15
-        text run at (113,11) width 5: " "
-      RenderInline {description} at (10,11) size 239x45
-        RenderText {#text} at (10,11) size 239x45
-          text run at (117,11) width 132: "I'm late for this train:"
-          text run at (10,26) width 235: "Mozilla 1.0 Release Candidate 2 is now"
-          text run at (10,41) width 71: "available...."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,920) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 239x30
-        RenderText {#text} at (10,11) size 239x30
-          text run at (10,11) width 239: "javascript: is deprecated. Don't use"
-          text run at (10,26) width 14: "it."
-      RenderText {#text} at (23,26) size 6x15
-        text run at (23,26) width 6: " "
-      RenderInline {description} at (10,26) size 232x60
-        RenderText {#text} at (10,26) size 232x60
-          text run at (28,26) width 186: "Repeat after me: javascript: is"
-          text run at (10,41) width 232: "deprecated. Don't use it. javascript: is"
-          text run at (10,56) width 232: "deprecated. Don't use it. javascript: is"
-          text run at (10,71) width 147: "deprecated. Don't use..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,1027) size 265x67 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 178x15
-        RenderText {#text} at (10,11) size 178x15
-          text run at (10,11) width 178: "Conditional Script Loading"
-      RenderText {#text} at (0,0) size 0x0
-      RenderInline {description} at (10,26) size 236x30
-        RenderText {#text} at (10,26) size 236x30
-          text run at (10,26) width 236: "Webreference: DOM-Based Conditional"
-          text run at (10,41) width 181: "Script Loading in JavaScript..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,1104) size 265x82 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 117x15
-        RenderText {#text} at (10,11) size 117x15
-          text run at (10,11) width 117: "Stories and Tools"
-      RenderText {#text} at (126,11) size 5x15
-        text run at (126,11) width 5: " "
-      RenderInline {description} at (10,11) size 243x60
-        RenderText {#text} at (10,11) size 243x60
-          text run at (130,11) width 91: "Anil Dash talks"
-          text run at (10,26) width 200: "about Stories and Tools, drawing"
-          text run at (10,41) width 243: "comparisons between the Web as a text"
-          text run at (10,56) width 161: "medium and the Web as..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {item} at (1,1196) size 265x97 [bgcolor=#FFFFFF] [border: (1px solid #CCCCCC) none (1px solid #CCCCCC) none]
-      RenderInline {title} at (10,11) size 167x15
-        RenderText {#text} at (10,11) size 167x15
-          text run at (10,11) width 167: "Whole Lotto Gecko Links"
-      RenderText {#text} at (176,11) size 5x15
-        text run at (176,11) width 5: " "
-      RenderInline {description} at (10,11) size 245x75
-        RenderText {#text} at (10,11) size 245x75
-          text run at (180,11) width 67: "AOL Gecko"
-          text run at (10,26) width 216: "Browser Detection Tips Establishing"
-          text run at (10,41) width 195: "Dreamweaver compatibility with"
-          text run at (10,56) width 245: "Netscape 6 Stylesheets and MIME Types"
-          text run at (10,71) width 66: "in Gecko..."
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/platform/mac-ventura/fast/overflow/overflow-focus-ring-expected.txt b/LayoutTests/platform/mac-ventura/fast/overflow/overflow-focus-ring-expected.txt
deleted file mode 100644
index fe2889cafe080..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/overflow/overflow-focus-ring-expected.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 515x18
-          text run at (0,0) width 515: "The focus ring of the following div should not extend beyond the size of the div."
-layer at (8,26) size 500x400 scrollWidth 501 scrollHeight 648
-  RenderBlock {DIV} at (0,18) size 500x400
-    RenderText {#text} at (0,0) size 500x648
-      text run at (0,0) width 500: "............................................................................................................................."
-      text run at (0,18) width 500: "............................................................................................................................."
-      text run at (0,36) width 500: "............................................................................................................................."
-      text run at (0,54) width 500: "............................................................................................................................."
-      text run at (0,72) width 500: "............................................................................................................................."
-      text run at (0,90) width 500: "............................................................................................................................."
-      text run at (0,108) width 500: "............................................................................................................................."
-      text run at (0,126) width 500: "............................................................................................................................."
-      text run at (0,144) width 500: "............................................................................................................................."
-      text run at (0,162) width 500: "............................................................................................................................."
-      text run at (0,180) width 500: "............................................................................................................................."
-      text run at (0,198) width 500: "............................................................................................................................."
-      text run at (0,216) width 500: "............................................................................................................................."
-      text run at (0,234) width 500: "............................................................................................................................."
-      text run at (0,252) width 500: "............................................................................................................................."
-      text run at (0,270) width 500: "............................................................................................................................."
-      text run at (0,288) width 500: "............................................................................................................................."
-      text run at (0,306) width 500: "............................................................................................................................."
-      text run at (0,324) width 500: "............................................................................................................................."
-      text run at (0,342) width 500: "............................................................................................................................."
-      text run at (0,360) width 500: "............................................................................................................................."
-      text run at (0,378) width 500: "............................................................................................................................."
-      text run at (0,396) width 500: "............................................................................................................................."
-      text run at (0,414) width 500: "............................................................................................................................."
-      text run at (0,432) width 500: "............................................................................................................................."
-      text run at (0,450) width 500: "............................................................................................................................."
-      text run at (0,468) width 500: "............................................................................................................................."
-      text run at (0,486) width 500: "............................................................................................................................."
-      text run at (0,504) width 500: "............................................................................................................................."
-      text run at (0,522) width 500: "............................................................................................................................."
-      text run at (0,540) width 500: "............................................................................................................................."
-      text run at (0,558) width 500: "............................................................................................................................."
-      text run at (0,576) width 500: "............................................................................................................................."
-      text run at (0,594) width 500: "............................................................................................................................."
-      text run at (0,612) width 500: "............................................................................................................................."
-      text run at (0,630) width 212: "....................................................."
-caret: position 0 of child 0 {#text} of child 1 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt b/LayoutTests/platform/mac-ventura/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt
deleted file mode 100644
index b667a7a201c76..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,19) size 784x18
-        RenderText {#text} at (0,0) size 4x18
-          text run at (0,0) width 4: " "
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock {DIV} at (0,37) size 784x0
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/repaint/search-field-cancel-expected.txt b/LayoutTests/platform/mac-ventura/fast/repaint/search-field-cancel-expected.txt
deleted file mode 100644
index 645f5fd06e0a0..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/repaint/search-field-cancel-expected.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 54x18
-          text run at (0,0) width 54: "Test for "
-        RenderInline {A} at (53,0) size 310x18 [color=#0000EE]
-          RenderText {#text} at (53,0) size 310x18
-            text run at (53,0) width 310: "https://bugs.webkit.org/show_bug.cgi?id=23093"
-        RenderText {#text} at (362,0) size 328x18
-          text run at (362,0) width 328: ". The cancel button in a search field fails to redraw."
-      RenderBlock (anonymous) at (0,34) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #000000)]
-          RenderFlexibleBox {DIV} at (3,0) size 141x19
-            RenderBlock {DIV} at (0,0) size 8x19
-            RenderBlock {DIV} at (8,3) size 114x13
-            RenderBlock {DIV} at (121,0) size 20x19
-        RenderText {#text} at (0,0) size 0x0
-layer at (19,45) size 114x13
-  RenderBlock {DIV} at (0,0) size 114x13
-    RenderText {#text} at (0,0) size 52x13
-      text run at (0,0) width 52: "some text"
diff --git a/LayoutTests/platform/mac-ventura/fast/repaint/subtree-root-skipped-expected.txt b/LayoutTests/platform/mac-ventura/fast/repaint/subtree-root-skipped-expected.txt
deleted file mode 100644
index 66142d9a36f4c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/repaint/subtree-root-skipped-expected.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-layer at (8,8) size 300x300
-  RenderBlock (relative positioned) {DIV} at (0,0) size 300x300 [bgcolor=#F0F8FF]
-layer at (8,8) size 200x200
-  RenderBlock {DIV} at (0,0) size 200x200 [bgcolor=#C0C0C0]
-    RenderBlock (anonymous) at (0,0) size 200x19
-      RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderText {#text} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,19) size 200x18
-      RenderText {#text} at (0,0) size 106x18
-        text run at (0,0) width 106: "Selection is here"
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 29x13
-      text run at (0,0) width 29: "PASS"
-layer at (8,288) size 10x20
-  RenderBlock (positioned) {DIV} at (0,280) size 10x20 [bgcolor=#ADD8E6]
-caret: position 0 of child 0 {#text} of child 3 {DIV} of child 1 {DIV} of child 1 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-expected.txt b/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-expected.txt
deleted file mode 100644
index aa8727124f6c7..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-expected.txt
+++ /dev/null
@@ -1,68 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 32x468 [border: (1px solid #FF0000)]
-        RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderTextControl {INPUT} at (1,20) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderImage {IMG} at (1,39) size 27x27 [border: (1px solid #000000)]
-        RenderImage {IMG} at (1,66) size 27x27 [border: (1px solid #000000)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderButton {INPUT} at (1,93) size 43x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 27x13
-            RenderText at (0,0) size 27x13
-              text run at (0,0) width 27: "input"
-        RenderButton {INPUT} at (1,111) size 43x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 27x13
-            RenderText at (0,0) size 27x13
-              text run at (0,0) width 27: "input"
-        RenderText {#text} at (0,0) size 0x0
-        RenderButton {BUTTON} at (1,129) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText {#text} at (0,0) size 35x13
-              text run at (0,0) width 35: "button"
-        RenderButton {BUTTON} at (1,147) size 51x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 35x13
-            RenderText {#text} at (0,0) size 35x13
-              text run at (0,0) width 35: "button"
-        RenderText {#text} at (0,0) size 0x0
-        RenderMenuList {SELECT} at (1,165) size 63x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 63x18
-            RenderText at (8,2) size 32x13
-              text run at (8,2) width 32: "select"
-        RenderMenuList {SELECT} at (1,183) size 63x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 63x18
-            RenderText at (8,2) size 32x13
-              text run at (8,2) width 32: "select"
-        RenderText {#text} at (0,0) size 0x0
-        RenderListBox {SELECT} at (1,201) size 49x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderListBox {SELECT} at (1,244) size 49x43 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-        RenderBlock {INPUT} at (3,290) size 12x12
-        RenderBlock {INPUT} at (3,308) size 12x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderBlock {INPUT} at (3,326) size 12x12
-        RenderBlock {INPUT} at (3,344) size 12x12
-        RenderText {#text} at (0,0) size 0x0
-        RenderIFrame {IFRAME} at (1,359) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderIFrame {IFRAME} at (1,386) size 27x27 [border: (1px solid #000000)]
-          layer at (0,0) size 25x25
-            RenderView at (0,0) size 25x25
-          layer at (0,0) size 25x25
-            RenderBlock {HTML} at (0,0) size 25x25
-              RenderBody {BODY} at (8,8) size 9x9
-        RenderText {#text} at (0,0) size 0x0
-        RenderEmbeddedObject {EMBED} at (1,413) size 27x27 [border: (1px solid #000000)]
-        RenderEmbeddedObject {EMBED} at (1,440) size 27x27 [border: (1px solid #000000)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (12,12) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (12,31) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-mixture-expected.txt b/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-mixture-expected.txt
deleted file mode 100644
index ef6b5a1ded56a..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/replaced/replaced-breaking-mixture-expected.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {DIV} at (0,0) size 10x43
-        RenderText {#text} at (0,0) size 25x18
-          text run at (0,0) width 25: "Foo"
-        RenderImage {IMG} at (0,18) size 25x25
-      RenderBlock {DIV} at (0,43) size 10x36
-        RenderText {#text} at (0,0) size 25x18
-          text run at (0,0) width 25: "Foo"
-        RenderMenuList {SELECT} at (0,18) size 53x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 53x18
-            RenderText at (8,2) size 22x13
-              text run at (8,2) width 22: "One"
-      RenderBlock {DIV} at (0,79) size 10x37
-        RenderText {#text} at (0,0) size 25x18
-          text run at (0,0) width 25: "Foo"
-        RenderTextControl {INPUT} at (0,18) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {DIV} at (0,116) size 10x43
-        RenderImage {IMG} at (0,0) size 25x25
-        RenderText {#text} at (0,25) size 25x18
-          text run at (0,25) width 25: "Foo"
-      RenderBlock {DIV} at (0,159) size 10x36
-        RenderMenuList {SELECT} at (0,0) size 53x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 53x18
-            RenderText at (8,2) size 22x13
-              text run at (8,2) width 22: "One"
-        RenderText {#text} at (0,18) size 25x18
-          text run at (0,18) width 25: "Foo"
-      RenderBlock {DIV} at (0,195) size 10x37
-        RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,19) size 25x18
-          text run at (0,19) width 25: "Foo"
-layer at (11,108) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (11,206) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/table/003-expected.txt b/LayoutTests/platform/mac-ventura/fast/table/003-expected.txt
deleted file mode 100644
index 36aaa105c9366..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/table/003-expected.txt
+++ /dev/null
@@ -1,75 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 784x47
-        RenderTableSection {TBODY} at (0,0) size 784x47
-          RenderTableRow {TR} at (0,2) size 784x21
-            RenderTableCell {TD} at (2,2) size 53x21 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 37x19
-                text run at (1,1) width 37: "URL:"
-            RenderTableCell {TD} at (56,2) size 727x21 [r=0 c=1 rs=1 cs=1]
-              RenderTextControl {INPUT} at (1,1) size 724x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderTableRow {TR} at (0,25) size 784x20
-            RenderTableCell {TD} at (2,25) size 781x20 [bgcolor=#FF0000] [r=1 c=0 rs=1 cs=2]
-              RenderText {#text} at (1,1) size 257x18
-                text run at (1,1) width 257: "Alongwordtogiveyouanicebigminwidth."
-      RenderTable {TABLE} at (0,47) size 100x100 [bgcolor=#FF0000] [border: (2px outset #000000)]
-        RenderTableSection {TBODY} at (2,2) size 96x96
-          RenderTableRow {TR} at (0,2) size 96x92
-            RenderTableCell {TD} at (2,46) size 92x4 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-      RenderTable {TABLE} at (0,147) size 173x120 [border: (2px outset #000000)]
-        RenderTableSection {TBODY} at (2,2) size 169x116
-          RenderTableRow {TR} at (0,2) size 169x22
-            RenderTableCell {TD} at (2,2) size 165x22 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 32x18
-                text run at (2,2) width 32: "hello"
-          RenderTableRow {TR} at (0,26) size 169x22
-            RenderTableCell {TD} at (2,26) size 165x22 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 69x18
-                text run at (2,2) width 69: "more hello"
-          RenderTableRow {TR} at (0,50) size 169x22
-            RenderTableCell {TD} at (2,50) size 165x22 [border: (1px inset #000000)] [r=2 c=0 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 38x18
-                text run at (2,2) width 38: "world"
-          RenderTableRow {TR} at (0,74) size 169x40
-            RenderTableCell {TD} at (2,74) size 165x40 [border: (1px inset #000000)] [r=3 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 0x0
-      RenderTable {TABLE} at (0,267) size 337x24
-        RenderTableSection {TBODY} at (0,0) size 337x24
-          RenderTableRow {TR} at (0,2) size 337x20
-            RenderTableCell {TD} at (2,2) size 333x20 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 331x18
-                text run at (1,1) width 234: "I should wrap and not have nowrap. "
-                text run at (234,1) width 98: "I really should."
-      RenderTable {TABLE} at (0,291) size 337x24
-        RenderTableSection {TBODY} at (0,0) size 337x24
-          RenderTableRow {TR} at (0,2) size 337x20
-            RenderTableCell {TD} at (2,2) size 333x20 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 331x18
-                RenderText {#text} at (0,0) size 331x18
-                  text run at (0,0) width 234: "I should wrap and not have nowrap. "
-                  text run at (233,0) width 98: "I really should."
-      RenderTable {TABLE} at (0,315) size 373x24
-        RenderTableSection {TBODY} at (0,0) size 373x24
-          RenderTableRow {TR} at (0,2) size 373x20
-            RenderTableCell {TD} at (2,2) size 369x20 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 367x18
-                text run at (1,1) width 147: "I should have nowrap. "
-                text run at (147,1) width 101: "I really should. "
-                text run at (247,1) width 121: "Definitely. Should."
-      RenderTable {TABLE} at (0,339) size 373x24
-        RenderTableSection {TBODY} at (0,0) size 373x24
-          RenderTableRow {TR} at (0,2) size 373x20
-            RenderTableCell {TD} at (2,2) size 369x20 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {DIV} at (1,1) size 367x18
-                RenderText {#text} at (0,0) size 367x18
-                  text run at (0,0) width 147: "I should have nowrap. "
-                  text run at (146,0) width 101: "I really should. "
-                  text run at (246,0) width 121: "Definitely. Should."
-layer at (69,14) size 717x13
-  RenderBlock {DIV} at (3,3) size 718x13
-layer at (14,233) size 161x36 clip at (15,234) size 159x34
-  RenderTextControl {TEXTAREA} at (2,2) size 161x36 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 155x13
diff --git a/LayoutTests/platform/mac-ventura/fast/table/colspanMinWidth-expected.txt b/LayoutTests/platform/mac-ventura/fast/table/colspanMinWidth-expected.txt
deleted file mode 100644
index 7754f716008a6..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/table/colspanMinWidth-expected.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 167x39
-        RenderTableSection {TBODY} at (0,0) size 167x39
-          RenderTableRow {TR} at (0,2) size 167x2
-            RenderTableCell {TD} at (2,2) size 3x2 [bgcolor=#0000FF] [r=0 c=0 rs=1 cs=1]
-          RenderTableRow {TR} at (0,6) size 167x0
-            RenderTableCell {TD} at (2,6) size 159x2 [bgcolor=#008000] [r=1 c=0 rs=2 cs=2]
-          RenderTableRow {TR} at (0,8) size 167x0
-            RenderTableCell {TD} at (162,21) size 3x3 [bgcolor=#FF0000] [r=2 c=2 rs=2 cs=1]
-          RenderTableRow {TR} at (0,10) size 167x27
-            RenderTableCell {TD} at (2,10) size 159x27 [bgcolor=#00FFFF] [r=3 c=0 rs=1 cs=2]
-              RenderTable {TABLE} at (1,1) size 157x25
-                RenderTableSection {TBODY} at (0,0) size 157x25
-                  RenderTableRow {TR} at (0,2) size 157x21
-                    RenderTableCell {TD} at (2,11) size 2x3 [bgcolor=#FF00FF] [r=0 c=0 rs=1 cs=1]
-                    RenderTableCell {TD} at (6,2) size 149x21 [bgcolor=#FFFF00] [r=0 c=1 rs=1 cs=1]
-                      RenderTextControl {INPUT} at (1,1) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                      RenderText {#text} at (0,0) size 0x0
-layer at (21,25) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/table/spanOverlapRepaint-expected.txt b/LayoutTests/platform/mac-ventura/fast/table/spanOverlapRepaint-expected.txt
deleted file mode 100644
index 9bb24e83c8f1e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/table/spanOverlapRepaint-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 171x45
-        RenderTableSection {TBODY} at (0,0) size 171x45
-          RenderTableRow {TR} at (0,2) size 171x2
-            RenderTableCell {TD} at (2,2) size 6x2 [r=0 c=0 rs=1 cs=1]
-          RenderTableRow {TR} at (0,6) size 171x0
-            RenderTableCell {TD} at (2,6) size 6x2 [r=1 c=0 rs=2 cs=1]
-          RenderTableRow {TR} at (0,8) size 171x0
-            RenderTableCell {TD} at (10,24) size 159x3 [r=2 c=1 rs=2 cs=1]
-          RenderTableRow {TR} at (0,10) size 171x33
-            RenderTableCell {TD} at (2,10) size 167x33 [r=3 c=0 rs=1 cs=2]
-              RenderTable {TABLE} at (1,1) size 165x31 [border: (2px outset #000000)]
-                RenderTableSection {TBODY} at (2,2) size 161x27
-                  RenderTableRow {TR} at (0,2) size 161x23
-                    RenderTableCell {TD} at (2,11) size 4x5 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                    RenderTableCell {TD} at (8,2) size 151x23 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-                      RenderTextControl {INPUT} at (2,2) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                      RenderText {#text} at (0,0) size 0x0
-layer at (26,28) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 26x13
-      text run at (0,0) width 26: "hello"
diff --git a/LayoutTests/platform/mac-ventura/fast/table/text-field-baseline-expected.txt b/LayoutTests/platform/mac-ventura/fast/table/text-field-baseline-expected.txt
deleted file mode 100644
index 02a5fdc79aa1c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/table/text-field-baseline-expected.txt
+++ /dev/null
@@ -1,102 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x391
-  RenderBlock {HTML} at (0,0) size 800x391
-    RenderBody {BODY} at (8,16) size 784x359
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 177x18
-          text run at (0,0) width 177: "This is a regression test for "
-        RenderInline {I} at (0,0) size 750x36
-          RenderInline {A} at (176,0) size 354x18 [color=#0000EE]
-            RenderText {#text} at (176,0) size 354x18
-              text run at (176,0) width 354: "http://bugzilla.opendarwin.org/show_bug.cgi?id=9122"
-          RenderText {#text} at (0,0) size 750x36
-            text run at (529,0) width 5: " "
-            text run at (533,0) width 217: "REGRESSION: Incorrect vertical"
-            text run at (0,18) width 312: "position for text fields in a \"display: table\" block"
-        RenderText {#text} at (311,18) size 5x18
-          text run at (311,18) width 5: "."
-      RenderBlock {P} at (0,52) size 784x36
-        RenderText {#text} at (0,0) size 752x36
-          text run at (0,0) width 752: "Type something in the text field. Resize the window. The text field should not jump down. Delete what you typed and"
-          text run at (0,18) width 324: "resize the window. The text field should not move."
-      RenderBlock {FORM} at (0,104) size 784x255
-        RenderTable {DL} at (0,0) size 172x19
-          RenderTableSection (anonymous) at (0,0) size 172x19
-            RenderTableRow {DIV} at (0,0) size 172x19
-              RenderTableCell {DT} at (0,0) size 25x18 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,0) size 148x19 [r=0 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderBlock {P} at (0,53) size 784x36
-          RenderText {#text} at (0,0) size 771x36
-            text run at (0,0) width 771: "And here's more. There should not be a difference in distance between the labels, nor any difference in distance between"
-            text run at (0,18) width 91: "the text fields."
-        RenderTable {DL} at (0,105) size 237x150
-          RenderTableSection (anonymous) at (0,0) size 237x150
-            RenderTableRow {DIV} at (0,0) size 237x19
-              RenderTableCell {DT} at (0,0) size 25x18 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,0) size 213x19 [r=0 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,19) size 237x19
-              RenderTableCell {DT} at (0,19) size 25x18 [r=1 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,19) size 213x19 [r=1 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,38) size 237x19
-              RenderTableCell {DT} at (0,38) size 25x18 [r=2 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,38) size 213x19 [r=2 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,57) size 237x19
-              RenderTableCell {DT} at (0,57) size 25x18 [r=3 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,57) size 213x19 [r=3 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,76) size 237x19
-              RenderTableCell {DT} at (0,76) size 25x18 [r=4 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,76) size 213x19 [r=4 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,95) size 237x19
-              RenderTableCell {DT} at (0,95) size 25x18 [r=5 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,95) size 213x19 [r=5 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderTableRow {DIV} at (0,114) size 237x36
-              RenderTableCell {DT} at (0,132) size 25x18 [r=6 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,18) size 25x18
-                  text run at (0,0) width 25: "Foo"
-              RenderTableCell {DD} at (24,114) size 213x36 [r=6 c=1 rs=1 cs=1]
-                RenderBlock {DIV} at (0,0) size 212x36
-                  RenderBR {BR} at (0,0) size 0x18
-                  RenderText {#text} at (0,18) size 212x18
-                    text run at (0,18) width 212: "Bar (should be aligned with Foo)"
-layer at (36,123) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,155) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,35) size 784x2 [color=#808080] [border: (1px inset #808080)]
-layer at (36,228) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (36,247) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (36,266) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 18x13
-      text run at (0,0) width 18: "Bar"
-layer at (36,285) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 18x13
-      text run at (0,0) width 18: "Bar"
-layer at (36,304) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (36,323) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/fast/text/basic/generic-family-reset-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/basic/generic-family-reset-expected.txt
deleted file mode 100644
index ccc0ab19bf1f5..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/basic/generic-family-reset-expected.txt
+++ /dev/null
@@ -1,90 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {H3} at (0,0) size 784x23
-        RenderText {#text} at (0,0) size 491x23
-          text run at (0,0) width 491: "tt's, font-family inheriting and font-size: a bug"
-      RenderTable {TABLE} at (0,41) size 784x377
-        RenderTableSection {TBODY} at (0,0) size 784x376
-          RenderTableRow {TR} at (0,10) size 784x211
-            RenderTableCell {TD} at (10,10) size 764x211 [r=0 c=0 rs=1 cs=2]
-              RenderText {#text} at (1,1) size 336x19
-                text run at (1,1) width 336: "The css in the head of this file is like this:"
-              RenderBR {BR} at (336,1) size 1x19
-              RenderBR {BR} at (1,20) size 0x19
-              RenderText {#text} at (1,39) size 103x19
-                text run at (1,39) width 103: "html, body {"
-              RenderBR {BR} at (103,39) size 1x19
-              RenderText {#text} at (1,58) size 198x19
-                text run at (1,58) width 198: "    font-family: Verdana;"
-              RenderBR {BR} at (198,58) size 1x19
-              RenderText {#text} at (1,77) size 11x19
-                text run at (1,77) width 11: "}"
-              RenderBR {BR} at (11,77) size 1x19
-              RenderText {#text} at (1,96) size 78x19
-                text run at (1,96) width 78: "tt, span {"
-              RenderBR {BR} at (78,96) size 1x19
-              RenderText {#text} at (1,115) size 164x19
-                text run at (1,115) width 164: "    font-size: 0.8em;"
-              RenderBR {BR} at (164,115) size 1x19
-              RenderText {#text} at (1,134) size 11x19
-                text run at (1,134) width 11: "}"
-              RenderBR {BR} at (11,134) size 1x19
-              RenderBR {BR} at (1,153) size 0x19
-              RenderText {#text} at (1,172) size 739x38
-                text run at (1,172) width 739: "The two columns below show that inheriting the font does not correctly inherit the font-size"
-                text run at (1,191) width 136: "for a <tt> block."
-              RenderBR {BR} at (136,191) size 1x19
-          RenderTableRow {TR} at (0,231) size 784x21
-            RenderTableCell {TH} at (10,231) size 377x21 [r=1 c=0 rs=1 cs=1]
-              RenderText {#text} at (167,1) size 43x19
-                text run at (167,1) width 43: "<tt>"
-            RenderTableCell {TH} at (397,231) size 377x21 [r=1 c=1 rs=1 cs=1]
-              RenderText {#text} at (153,1) size 71x19
-                text run at (153,1) width 71: "<span>"
-          RenderTableRow {TR} at (0,262) size 784x18
-            RenderTableCell {TD} at (10,262) size 377x18 [r=2 c=0 rs=1 cs=1]
-              RenderInline {TT} at (1,1) size 258x16
-                RenderText {#text} at (1,1) size 258x16
-                  text run at (1,1) width 258: "font-family: Verdana; font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (397,262) size 377x18 [r=2 c=1 rs=1 cs=1]
-              RenderInline {SPAN} at (1,1) size 258x16
-                RenderText {#text} at (1,1) size 258x16
-                  text run at (1,1) width 258: "font-family: Verdana; font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
-          RenderTableRow {TR} at (0,290) size 784x18
-            RenderTableCell {TD} at (10,290) size 377x18 [r=3 c=0 rs=1 cs=1]
-              RenderInline {TT} at (1,1) size 315x16
-                RenderText {#text} at (1,1) size 315x16
-                  text run at (1,1) width 315: "font-family: inherit (Verdana); font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (397,290) size 377x18 [r=3 c=1 rs=1 cs=1]
-              RenderInline {SPAN} at (1,1) size 246x16
-                RenderText {#text} at (1,1) size 246x16
-                  text run at (1,1) width 246: "font-family: inherit; font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
-          RenderTableRow {TR} at (0,318) size 784x21
-            RenderTableCell {TD} at (10,318) size 377x21 [r=4 c=0 rs=1 cs=1]
-              RenderInline {TT} at (1,1) size 322x19
-                RenderText {#text} at (1,1) size 322x19
-                  text run at (1,1) width 322: "font-family: Verdana; font-size: 1.0em;"
-              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (397,318) size 377x21 [r=4 c=1 rs=1 cs=1]
-              RenderInline {SPAN} at (1,1) size 322x19
-                RenderText {#text} at (1,1) size 322x19
-                  text run at (1,1) width 322: "font-family: Verdana; font-size: 1.0em;"
-              RenderText {#text} at (0,0) size 0x0
-          RenderTableRow {TR} at (0,349) size 784x17
-            RenderTableCell {TD} at (10,350) size 377x15 [r=5 c=0 rs=1 cs=1]
-              RenderInline {TT} at (1,2) size 194x13
-                RenderText {#text} at (1,2) size 194x13
-                  text run at (1,1) width 194: "default font; font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (397,349) size 377x17 [r=5 c=1 rs=1 cs=1]
-              RenderInline {SPAN} at (1,1) size 300x15
-                RenderText {#text} at (1,1) size 300x15
-                  text run at (1,1) width 300: "font-family: courier; font-size: 0.8em;"
-              RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/linedash-COLR-expected-mismatch.html b/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/linedash-COLR-expected-mismatch.html
deleted file mode 100644
index abee612fb223c..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/linedash-COLR-expected-mismatch.html
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<style>
-@font-face {
-    font-family: "WebFont";
-    src: url("../resources/Ahem-COLR.ttf") format("truetype");
-}
-</style>
-</head>
-<body>
-<canvas id="canvas" width="700" height="500" style="width: 700px; height; 500px;"></canvas>
-<script>
-if (window.testRunner)
-    testRunner.waitUntilDone();
-
-let font = "50px 'WebFont'";
-document.fonts.load(font).then(function() {
-    let canvas = document.getElementById("canvas");
-    let context = canvas.getContext("2d");
-    context.font = font;
-    context.strokeText("A", 100, 100);
-    if (window.testRunner)
-        testRunner.notifyDone();
-});
-</script>
-</body>
-</html>
diff --git a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-COLR-expected.html b/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-COLR-expected.html
deleted file mode 100644
index 8d39f1b7f68c3..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-COLR-expected.html
+++ /dev/null
@@ -1,25 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<style>
-@font-face {
-    font-family: "WebFont";
-    src: url("../resources/Ahem-COLR.ttf") format("truetype");
-}
-</style>
-</head>
-<body>
-<canvas id="canvas" width="700" height="500" style="width: 700px; height; 500px;"></canvas>
-<script>
-let canvas = document.getElementById("canvas");
-let context = canvas.getContext("2d");
-context.strokeStyle = "green";
-context.lineWidth = 2;
-context.strokeRect(100, 20, 100, 100);
-context.strokeRect(200, 20, 100, 100);
-context.strokeRect(220, 20, 20, 100);
-context.strokeRect(300, 20, 100, 100);
-</script>
-</body>
-</html>
diff --git a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-COLR-expected.html b/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-COLR-expected.html
deleted file mode 100644
index d53a28a39d2ce..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-COLR-expected.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-</head>
-<body>
-<canvas id="canvas" width="700" height="500" style="width: 700px; height; 500px;"></canvas>
-<script>
-let canvas = document.getElementById("canvas");
-let context = canvas.getContext("2d");
-context.lineWidth = 2;
-context.strokeStyle = "green";
-context.strokeRect(200, 125, 100, 100);
-context.strokeRect(300, 125, 100, 100);
-context.strokeRect(320, 125, 20, 100);
-context.strokeRect(400, 125, 100, 100);
-</script>
-</body>
-</html>
diff --git a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-ctm-COLR-expected.html b/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-ctm-COLR-expected.html
deleted file mode 100644
index 70dac27e475d7..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-color-shadow-ctm-COLR-expected.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-</head>
-<body>
-<canvas id="canvas" width="700" height="500" style="width: 700px; height; 500px;"></canvas>
-<script>
-let canvas = document.getElementById("canvas");
-let context = canvas.getContext("2d");
-context.lineWidth = 2;
-context.strokeStyle = "green";
-context.strokeRect(300, 225, 100, 100);
-context.strokeRect(400, 225, 100, 100);
-context.strokeRect(420, 225, 20, 100);
-context.strokeRect(500, 225, 100, 100);
-</script>
-</body>
-</html>
diff --git a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-gradient-COLR-expected.html b/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-gradient-COLR-expected.html
deleted file mode 100644
index 1a30137530e16..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/canvas-color-fonts/stroke-gradient-COLR-expected.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-</head>
-<body>
-</body>
-</html>
diff --git a/LayoutTests/platform/mac-ventura/fast/text/drawBidiText-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/drawBidiText-expected.txt
deleted file mode 100644
index 4b9d4f45b577e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/drawBidiText-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 285x18
-          text run at (0,0) width 285: "This tests GraphicsContext::drawBidiText()."
-      RenderListBox {SELECT} at (0,34) size 330x199 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-      RenderListBox {SELECT} at (0,233) size 377x18 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-atsui-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-atsui-expected.txt
deleted file mode 100644
index 048a5c28239f6..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-atsui-expected.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 592x18
-          text run at (0,0) width 592: "This tests that bidirectional text is correctly rendered when using ATSUI in list box controls."
-        RenderBR {BR} at (591,0) size 1x18
-        RenderText {#text} at (0,18) size 578x18
-          text run at (0,18) width 578: "The order of the text below each list box should match the order of the select's option text."
-      RenderBlock (anonymous) at (0,52) size 784x47
-        RenderText {#text} at (0,0) size 102x18
-          text run at (0,0) width 102: "1) direction: rtl;"
-        RenderBR {BR} at (101,0) size 1x18
-        RenderListBox {SELECT} at (0,18) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,26) size 0x18
-      RenderBlock {DIV} at (0,99) size 100x19
-        RenderText {#text} at (18,1) size 82x18
-          text run at (18,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-          text run at (77,1) width 23: "a\x{300}bc"
-      RenderBlock (anonymous) at (0,118) size 784x65
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 102x18
-          text run at (0,18) width 102: "2) direction: ltr;"
-        RenderBR {BR} at (101,18) size 1x18
-        RenderListBox {SELECT} at (0,36) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,44) size 0x18
-      RenderBlock {DIV} at (0,183) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "a\x{300}bc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,202) size 784x65
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 72x18
-          text run at (0,18) width 72: "3) No style"
-        RenderBR {BR} at (71,18) size 1x18
-        RenderListBox {SELECT} at (0,36) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,44) size 0x18
-      RenderBlock {DIV} at (0,267) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "a\x{300}bc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,286) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
diff --git a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-expected.txt
deleted file mode 100644
index d737c94110c9a..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-listbox-expected.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 465x18
-          text run at (0,0) width 465: "This tests that bidirectional text is correctly rendered in list box controls."
-        RenderBR {BR} at (464,0) size 1x18
-        RenderText {#text} at (0,18) size 578x18
-          text run at (0,18) width 578: "The order of the text below each list box should match the order of the select's option text."
-      RenderBlock (anonymous) at (0,52) size 784x47
-        RenderText {#text} at (0,0) size 102x18
-          text run at (0,0) width 102: "1) direction: rtl;"
-        RenderBR {BR} at (101,0) size 1x18
-        RenderListBox {SELECT} at (0,18) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,26) size 0x18
-      RenderBlock {DIV} at (0,99) size 100x19
-        RenderText {#text} at (18,1) size 82x18
-          text run at (18,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-          text run at (77,1) width 23: "abc"
-      RenderBlock (anonymous) at (0,118) size 784x65
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 102x18
-          text run at (0,18) width 102: "2) direction: ltr;"
-        RenderBR {BR} at (101,18) size 1x18
-        RenderListBox {SELECT} at (0,36) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,44) size 0x18
-      RenderBlock {DIV} at (0,183) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "abc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,202) size 784x65
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 72x18
-          text run at (0,18) width 72: "3) No style"
-        RenderBR {BR} at (71,18) size 1x18
-        RenderListBox {SELECT} at (0,36) size 78x29 [bgcolor=#FFFFFF] [border: (1px inset #808080)]
-        RenderBR {BR} at (78,44) size 0x18
-      RenderBlock {DIV} at (0,267) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "abc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,286) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
diff --git a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-menulist-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/international/bidi-menulist-expected.txt
deleted file mode 100644
index ec9299f1eb383..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/international/bidi-menulist-expected.txt
+++ /dev/null
@@ -1,58 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {P} at (0,0) size 784x54
-        RenderText {#text} at (0,0) size 458x18
-          text run at (0,0) width 458: "This tests that bidirectional text is correctly rendered in popup controls."
-        RenderBR {BR} at (457,0) size 1x18
-        RenderText {#text} at (0,18) size 773x36
-          text run at (0,18) width 773: "The order of the text below each popup button should match the order of the select's option text, and the order of the text"
-          text run at (0,36) width 124: "in the popup menu."
-      RenderBlock (anonymous) at (0,70) size 784x36
-        RenderText {#text} at (0,0) size 286x18
-          text run at (0,0) width 286: "1) direction: rtl; -webkit-rtl-ordering: logical"
-        RenderBR {BR} at (285,0) size 1x18
-        RenderMenuList {SELECT} at (0,18) size 100x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 100x18
-            RenderText at (31,2) size 61x13
-              text run at (31,2) width 42 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-              text run at (72,2) width 20: "abc"
-        RenderBR {BR} at (100,17) size 0x18
-      RenderBlock {DIV} at (0,106) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "abc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,125) size 784x54
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 118x18
-          text run at (0,18) width 118: "2) text-align: right"
-        RenderBR {BR} at (117,18) size 1x18
-        RenderMenuList {SELECT} at (0,36) size 200x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 200x18
-            RenderText at (8,2) size 61x13
-              text run at (8,2) width 20: "abc"
-              text run at (27,2) width 42 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-        RenderBR {BR} at (200,35) size 0x18
-      RenderBlock {DIV} at (0,179) size 200x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "abc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,198) size 784x54
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 72x18
-          text run at (0,18) width 72: "3) No style"
-        RenderBR {BR} at (71,18) size 1x18
-        RenderMenuList {SELECT} at (0,36) size 100x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 100x18
-            RenderText at (8,2) size 61x13
-              text run at (8,2) width 20: "abc"
-              text run at (27,2) width 42 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-        RenderBR {BR} at (100,35) size 0x18
-      RenderBlock {DIV} at (0,252) size 100x19
-        RenderText {#text} at (0,1) size 82x18
-          text run at (0,1) width 23: "abc"
-          text run at (22,1) width 60 RTL: "\x{5D0}\x{5E4}\x{5E8}\x{5E1}\x{5DE}\x{5D5}\x{5DF}"
-      RenderBlock (anonymous) at (0,271) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
diff --git a/LayoutTests/platform/mac-ventura/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt
deleted file mode 100644
index 91b624640db78..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/international/pop-up-button-text-alignment-and-direction-expected.txt
+++ /dev/null
@@ -1,127 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x514
-  RenderBlock {HTML} at (0,0) size 800x514
-    RenderBody {BODY} at (8,16) size 784x490
-      RenderBlock {P} at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 709x18
-          text run at (0,0) width 497: "Verify that the alignment and writing direction of each selected item matches "
-          text run at (496,0) width 213: "the one below the pop-up button."
-      RenderBlock {DIV} at (0,34) size 784x228
-        RenderMenuList {SELECT} at (0,0) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (8,2) size 160x16
-              text run at (8,2) width 31: "First "
-              text run at (38,2) width 49 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (86,2) width 17: "03"
-              text run at (102,2) width 38 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-              text run at (139,2) width 29: " fifth"
-        RenderBlock {DIV} at (0,21) size 470x36
-          RenderText {#text} at (10,10) size 163x16
-            text run at (10,10) width 32: "First "
-            text run at (41,10) width 49 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-            text run at (89,10) width 17: "03"
-            text run at (105,10) width 37 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-            text run at (141,10) width 32: " fifth"
-        RenderMenuList {SELECT} at (0,57) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (8,2) size 160x16
-              text run at (8,2) width 25: "fifth"
-              text run at (32,2) width 5 RTL: " "
-              text run at (36,2) width 41 RTL: "\x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (76,2) width 4 RTL: " "
-              text run at (79,2) width 6 RTL: ")"
-              text run at (84,2) width 18: "03"
-              text run at (101,2) width 5 RTL: "("
-              text run at (105,2) width 5 RTL: " "
-              text run at (109,2) width 29 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4}"
-              text run at (137,2) width 5 RTL: " "
-              text run at (141,2) width 27: "First"
-        RenderBlock {DIV} at (0,78) size 470x36
-          RenderText {#text} at (10,10) size 163x16
-            text run at (10,10) width 27: "fifth"
-            text run at (36,10) width 52 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} "
-            text run at (87,10) width 18: "03"
-            text run at (104,10) width 41 RTL: " \x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-            text run at (144,10) width 29: "First"
-        RenderMenuList {SELECT} at (0,114) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (8,2) size 160x16
-              text run at (8,2) width 160: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
-        RenderBlock {DIV} at (0,135) size 470x36
-          RenderText {#text} at (10,10) size 163x16
-            text run at (10,10) width 163: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
-        RenderMenuList {SELECT} at (0,171) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (8,2) size 160x16
-              text run at (8,2) width 25 RTL: "fifth"
-              text run at (32,2) width 5 RTL: " "
-              text run at (36,2) width 41 RTL: "\x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (76,2) width 4 RTL: " "
-              text run at (79,2) width 27 RTL: "(03)"
-              text run at (105,2) width 5 RTL: " "
-              text run at (109,2) width 29 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4}"
-              text run at (137,2) width 5 RTL: " "
-              text run at (141,2) width 27 RTL: "First"
-        RenderBlock {DIV} at (0,192) size 470x36
-          RenderText {#text} at (10,10) size 163x16
-            text run at (10,10) width 163 RTL: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
-      RenderBlock {DIV} at (0,262) size 784x228
-        RenderMenuList {SELECT} at (0,0) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (332,2) size 160x16
-              text run at (332,2) width 31: "First "
-              text run at (362,2) width 50 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (411,2) width 17: "03"
-              text run at (427,2) width 37 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-              text run at (463,2) width 29: " fifth"
-        RenderBlock {DIV} at (0,21) size 470x36
-          RenderText {#text} at (297,10) size 163x16
-            text run at (297,10) width 33: "First "
-            text run at (329,10) width 48 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-            text run at (376,10) width 18: "03"
-            text run at (393,10) width 37 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-            text run at (429,10) width 31: " fifth"
-        RenderMenuList {SELECT} at (0,57) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (332,2) size 160x16
-              text run at (332,2) width 25: "fifth"
-              text run at (356,2) width 5 RTL: " "
-              text run at (360,2) width 41 RTL: "\x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (400,2) width 5 RTL: " "
-              text run at (404,2) width 6 RTL: ")"
-              text run at (409,2) width 17: "03"
-              text run at (425,2) width 6 RTL: "("
-              text run at (430,2) width 4 RTL: " "
-              text run at (433,2) width 29 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4}"
-              text run at (461,2) width 5 RTL: " "
-              text run at (465,2) width 27: "First"
-        RenderBlock {DIV} at (0,78) size 470x36
-          RenderText {#text} at (297,10) size 163x16
-            text run at (297,10) width 28: "fifth"
-            text run at (324,10) width 52 RTL: ") \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} "
-            text run at (375,10) width 17: "03"
-            text run at (391,10) width 42 RTL: " \x{5E9}\x{5E0}\x{5D9}\x{5D4} ("
-            text run at (432,10) width 28: "First"
-        RenderMenuList {SELECT} at (0,114) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (332,2) size 160x16
-              text run at (332,2) width 160: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
-        RenderBlock {DIV} at (0,135) size 470x36
-          RenderText {#text} at (297,10) size 163x16
-            text run at (297,10) width 163: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
-        RenderMenuList {SELECT} at (0,171) size 500x21 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 500x21
-            RenderText at (332,2) size 160x16
-              text run at (332,2) width 25 RTL: "fifth"
-              text run at (356,2) width 5 RTL: " "
-              text run at (360,2) width 41 RTL: "\x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA}"
-              text run at (400,2) width 5 RTL: " "
-              text run at (404,2) width 27 RTL: "(03)"
-              text run at (430,2) width 4 RTL: " "
-              text run at (433,2) width 29 RTL: "\x{5E9}\x{5E0}\x{5D9}\x{5D4}"
-              text run at (461,2) width 5 RTL: " "
-              text run at (465,2) width 27 RTL: "First"
-        RenderBlock {DIV} at (0,192) size 470x36
-          RenderText {#text} at (297,10) size 163x16
-            text run at (297,10) width 163 RTL: "First \x{5E9}\x{5E0}\x{5D9}\x{5D4} (03) \x{5E8}\x{5D1}\x{5D9}\x{5E2}\x{5D9}\x{5EA} fifth"
diff --git a/LayoutTests/platform/mac-ventura/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt
deleted file mode 100644
index fa948a1656840..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x300
-  RenderBlock {HTML} at (0,0) size 800x300
-    RenderBody {BODY} at (8,8) size 784x284
-      RenderBlock {DIV} at (0,0) size 784x284
-        RenderBlock (anonymous) at (0,0) size 784x36
-          RenderText {#text} at (0,0) size 777x36
-            text run at (0,0) width 777: "In all four cases below, the exclamation mark should be on the left side of the first line and on the right side of the second"
-            text run at (0,18) width 28: "line."
-        RenderBlock {DIV} at (0,36) size 784x248
-          RenderBR {BR} at (371,44) size 0x18
-          RenderBR {BR} at (371,106) size 0x18
-          RenderBR {BR} at (371,168) size 0x18
-          RenderText {#text} at (0,0) size 0x0
-layer at (8,44) size 371x58 clip at (9,45) size 369x56
-  RenderTextControl {TEXTAREA} at (0,0) size 371x58 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 365x39
-      RenderText {#text} at (0,0) size 365x26
-        text run at (336,0) width 29 RTL: "\x{5E9}\x{5DC}\x{5D5}\x{5DD}!"
-        text run at (365,0) width 0: " "
-        text run at (0,13) width 29: "hello!"
-        text run at (28,13) width 1: " "
-      RenderBR {BR} at (0,26) size 0x13
-layer at (8,106) size 371x58 clip at (9,107) size 369x56
-  RenderTextControl {TEXTAREA} at (0,62) size 371x58 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 365x39
-      RenderText {#text} at (0,0) size 365x26
-        text run at (336,0) width 29 RTL: "\x{5E9}\x{5DC}\x{5D5}\x{5DD}!"
-        text run at (365,0) width 0: " "
-        text run at (0,13) width 29: "hello!"
-        text run at (28,13) width 1: " "
-      RenderBR {BR} at (0,26) size 0x13
-layer at (8,168) size 371x58 clip at (9,169) size 369x56
-  RenderTextControl {TEXTAREA} at (0,124) size 371x58 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 365x39
-      RenderText {#text} at (0,0) size 365x26
-        text run at (336,0) width 29 RTL: "\x{5E9}\x{5DC}\x{5D5}\x{5DD}!"
-        text run at (365,0) width 0: " "
-        text run at (0,13) width 29: "hello!"
-        text run at (28,13) width 1: " "
-      RenderBR {BR} at (0,26) size 0x13
-layer at (8,230) size 371x58 clip at (9,231) size 369x56
-  RenderTextControl {TEXTAREA} at (0,186) size 371x58 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-    RenderBlock {DIV} at (3,3) size 365x39
-      RenderText {#text} at (0,0) size 365x26
-        text run at (336,0) width 29 RTL: "\x{5E9}\x{5DC}\x{5D5}\x{5DD}!"
-        text run at (365,0) width 0: " "
-        text run at (0,13) width 29: "hello!"
-        text run at (28,13) width 1: " "
-      RenderBR {BR} at (0,26) size 0x13
diff --git a/LayoutTests/platform/mac-ventura/fast/text/resources/Ahem-COLR.ttf b/LayoutTests/platform/mac-ventura/fast/text/resources/Ahem-COLR.ttf
deleted file mode 100644
index c223a55430659996851180e98b15454f7c4b2d86..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21828
zcmeHP33wD$wmwzWdv_p#5P?ChgdHX6Y@GnkU`Pls4<oyv&(TiOS)kM1rV|no9CXBe
z0S6uTQDz)m9}bES6`fH5fpI|{5LrT0#z6-e2ElP5)ca2@=}Jf#p3nEbkM~vjtEzkM
za<+T!y{AsyToQ;Vi58PYQ;IK~JWUuwlaR9;*MQ<FMUw?mQjq={SK5WsvvT59U;ms)
zNCtd)MO`p9>h75b0mq2!zUp8+MrV+l$gvRR$<^U2s~kgpMSyQ5>VJDpC|J2`%3EuQ
z(g&bCP=gGo$5sG%2H-(8bq&q^9AXmSW+L0{aI_-0cE##mM1!{yiJ5i5=9tir@ef0F
zk|V*o(Awb}`vI1ThOdZ4;|&#$Tr!Yo>Utsxd=g9716L}EgnZlwA+wK~FXAq0<q9eI
zBL$EoZ5Ni39aYzfHv_&ydkPyUN01nS4VnD6m}pfp$rDuow~KO%Wjdea<BB9Jg+L_J
zCMEfplYm>20TJ=VC{Tzi6?f(@m25WXR~QYzNuy~9T}=<uBlH{kEj>!Vqm}d+Jx)*1
zlk^llP5(iw=o$JwJxkBg8hW1olh)D;^dh}P>*!^Ah5kT)q*v)RdYv}VMtXxb(Pr90
zf1)?(9okCo(tGr0+D6;y1KL3!(k}G$9%`Yz)Jh-G$Mgy9qrcFn^jF$XpV8mw0DVD!
zr$h7)I!s^E5jsj=(LZ4g-_W;ojN0fpDMGd|U1%2W6gP@*h?~Wo;x2KwxJOzpJu0n~
z9+%chf0P}vS5A_X<y5(!++RLR&X9-5etEQ9lAe)1Bty(_Wc18P$>^2QFQb3PSsCYK
zOw71EBb0G?@D@M$on=%emAT6<ExWaB`P6w+>!ugY`e4?si_WedHg`lgFE;P$HOt;T
zBp&DfV+{{eb+_WAx?BA(b+^8g?%vXM_r6JYJ5Q>+&sE(W>_&Irwd-!0Nq0NC(48o|
zWgm3cTkZ?p4UlD3ccV_KyUPET?ud1#e4>1;e4`vuT9r2CGde@r19-3Usd7O19MFg4
zP~KH`Qy*oUvQv3S`5P=ZN%=t8gVE(figWiVA1OPO2bB%V188|aa(3alOF5`4S9U8O
zDsL!Dk$w(!wkfxO-aciea+7j{a-)8KN=;wiet$>d^b-C47%(nTexY2atOtchlxviQ
z%4}t9+ZSy|+YYp~w6(VFXxr2FleTEvytWa?-fv57J<@u(^~=3V>uaq`T3>Em*ZNZH
z+SXOAD_bAh`|94OTRv`ivt@hBwwBc`H?_RgvZdvfmPcD|Zn<I4ce@5{J^rrkS>ajR
z>Tg#+wR-;QD^@+Y>fWa}Kau~$@W&6|``5caTfTGYifb>Aj!pi%@Rd4(VR+Wx_tJnw
zF3g9?Bw+MPNG-zDI1h8Bgqe_XQ_@ogr>CSZ5)ZcBAsjjGljLKqi^L(UbEQz)uht_}
zN|*K@>x;s^R*9tp%MPruV9f{CoM^2JblR<r@FDPKl%3v3UC}qG?{C&hf4X`*=*$y+
zv{uVUvwSqmN3(o1%SW?(G|NXj{d_bl>e7W*V?~~<=$jRRw4$(9B-)C`pLS7~({Du=
zmP-4@*&HiM(PKs8Y%N;UZOJC35M}&jiF)Uz4BWJ7lll^hXhe4<YV?VO#q`9sGqzvW
z^Sq<vmiF^ku4ki{&Ee<zJx^jcfgYbyBUhY@KYX9k_W-E%(F!@{KOqfy_}0Y{66>;b
zVA;U`2OHq=EF97LQn&!Xx42f~!qh~SxbVkv8h<~q%$tCZDW&SabjqYLG?8XfIYnt9
z-9&d|Pth~jCA0;*fA(Qd&vC&k^c4mRIl@?BvM@)e65_&Q;WptuVI_Xg39kxo3%i8<
z!ckEadx`_Z;bK567N>}pigU##@j7vt_>lOdxK`XCz9;S#4~XAL4yiZxI*pV@OB19S
zQc#LWS4lTYcS$RxRoDr%S=ugrA{~<2Y;IecZJ^C>`?2k(wu@|)wkvE`+itPlV|&!L
z+V%(Ao3;;apW42(lRe4a-#*lyXD_ms*)Orz*c<KF+V8MGV1L~Hy#00iR{I|N=k|X(
zY>pJiS&nlYg^ux#X^zVrVaJt@>m9#zJnVSd@uK4m$DbV^ISx9$bGn>;oEgq6=XuUa
z&RNb1XUw_Cd9(9Z`2E)Td*>_8KRI_e|KdFCR9rq+Ki3dfuIqf)1+I%-)vgBDHLlxT
z_q!f*t#Q5PddIcf^_lA{x8zQCpXnaqE^wE)r@DXUp670MFLB@L{<Zrl_Y3Zg?)TlT
z?l0WmdYqnAPr4`5GsZK~Gt*P<iFy`#Zt~pi`Hklp&&!@Io)0|xJpb?<_j<j3y@S0u
z-m%`v-Z|bXZ``}sdz<$@?@I4;-dDYEdv|&Fdyo1=Ur*lv-*8``+h4J7itke2Twjy#
zI^QziL%t_{YkeDh@A>xn4*0%FawPRml9NUzjZT^XYr)DSq^Y|w*epA(Q=CPEgy+>K
zZo(lWg_^E*NTePD?-1lai84fomc&*$mpDvM+o`YU*V7K<Pt?<%<Qj2`p7zq9UTgJq
z51Q6%cRN2{_s-PQ0@+g49U!PDk~4LLo-a{KYPO!Xq0TrxZ6{x9sh)Nqf0~~5V4%#>
z(_ZS;p6)@zQ)~46WYk}#r&B=dE<N1~`42!+!G^tv!lBfM^)z&nwp33;Cu#TSY3L;F
zcX}E+N!z5Sp_8<&dKx-O+pnjgle9y68af%uo(|K3PKGYj)5+u-`nH}<p&moG>*-#|
z-$yg3hC(D$k@~DdstR*Jgc^`4M@d+Pswob*0cpN#En?J&8eyuX3glLztd4?!BA88N
z><x|JJ{NWBkrzif*K5F?v1{0BP@m~=TN$}g6{-i-3Z$!%Q%eg}?z*QXqh=FohCn9{
z&T1(JTv142a2i)JRG}n{RGiLjFVSQTt1>pBJOY|B6$4X9<*b(Gt8I&cuMR(h^NW#N
z4~RKuUc;zeueabjGSV^pST{^@G;(SnTLbb&Qx<;Qq8ufeXx)(-OP-*W38)@iaSPU8
z2-sPkIC5As%*9B^&w6KGvnU%l{dhL2by(tRl!jG}GPg!QPg6@8RZi+@79iH2);qF_
zB_DVac44&ZuBK6bGJ9e^x#yV==9X<MhG!-6%IQknXCS9ig-cPl20Up!%NmWS`4^y`
z){op%Y-tyutQq~yx(=&#G&^N04Ff;h0c(sctqB-wRhXsi%!!QJ+#80iavw3R1P1Og
z=29C0jo^u~F(#Iy9?uYZPev~1WkZAfGh18`*ypR#aBmtl3)|}%avGzIbrsipo+Z#Q
z=d{<?>M_@v26+t5LoLmg4J;a0ak>I_!M4hjL(p0fm>VD?>)u>yma<wck3nXZiDw6v
zlShN5(+ZSm_RqL9J2LoWi>iZeGzvkqV-KSl&nC2Di>^^|^4JWk_?cr(#_ssx5yD!D
z;mLAp`e(U$%xTt?n5i^eRgjx0bd-|0;QnJCn72f&&b?&l%+M!mq4T`KGXQJd81Xad
z9O8Z&3BQU{0o4w)bfKObpwjl-0@#aIw}8gC=N7eND5k>p++vJlt!}9aLpJ3C2U{Cc
z$)<cz)oO7%*Hltq!j(;<P|s+UgHaXGTXDLeL&+!;R014^Y$a6EUXlxZc_yd`v<>XJ
z;5&hlp#;WU8V7obn#GXZfLM<#ok5SG1P!e;!3~!db!uDOp>0CH+}7Mn44JjTu({{_
z;G!d6EN_A@mdVU@UI#w2J7H(oj9ud<(VpSX<q3;nPP6eds54~do#6y;44HXj*sKS}
zHqOL*4meL(9G3<<NX~GciFUx$&s@8-126gL+XQviq2FW)dEmsDDcN>4IAO6GoUj#!
z^G!C#aG}Y17&cpBK4cA;q|@Mp&GP8TLmfl&`KVoD;!lGU+Q~;*wrS)A0Oy#r6#y@c
z(ZE*#>CE&;p>>IgUa2a*F;{3%PKULo>sik{iyCuOS2JN8^Hm*YCT(`r)&^c3HQ&f+
z+5POs9!!RQ4b$f{KMhwsn=;_$^^biyo=M9w*YZl$-E2BW#S>HUX}DNB8m=krSa?n0
z^@e>APHDam<2@07$2C&JzuAPp7`AXS{2kkOMZwGg<7b&8u>Ep%Ej6#Waa9xA+OA2*
zGx+z{l;LZ#msg8*Pt!5`%BM=d6k~x`iLQAt{0&XdX5WP691kkIW^(VEW#V~>XU3D`
z<US0;4!8$T#LRwDcbId#!F*!hpNM$|tdKpN5c)^+%0?o6GHQ9<P&0JHy4Jiv_D$*`
zOIH$=qEGm3=TxcYpCVPmXVZMEt|(6jSIwtPH*kt{*>`K!?X7Dqv-j0~9~xt>^Zd|R
ztL(W~bxUU=Y=?E;J)NRcl!x`l-lFF1b+$)ioM}FxG0wWP&vE~PCXdgqdTNsDx$?U$
zdyDK-Yj4jd($QAPA7bX{D3LL9%ms(sf7)A1VovvC<vRJO?oPI@HP}6!lJ7}p0(8ft
zdmc1gp=yzRc%ErwT)f5^Bc)i?FaM_>`xKh*smaE3gl4@p&;!2{F2IwmL&L*wHk`}z
z2lu1)?s?J`ZSDxuiW7jZlY{Gji`uE{U?ybXk*vjW%(^h<pM);>oxC2BvrT?)JzTxU
zqz8VJ83#|TvmXAZlrqtO=6FgIR>vmzOHJtI3Ou!_Nyj?8%Foy97&WqB?bGqg!VIMK
zKSx$L^1v$wmtIIyXbz%TWi)|2GipL|QB9~$u8Kw)<nmBB8mW%U4N<uP1+m8RaBYQL
z8LbP}Ml$6|5qWN7eQmt5wxXdn8bP(1U;|3!NVGw&4^>2~Bee@UwUVPvkx+fSrZy%=
zs~BlKBv;jjL-BJ}3RTf?INDSjsg{fDL&1jH`60PDT35%&FAmj5<;qY+I9QK@XhaUi
zV&U3Qe6(EC&=4D)l@$(_$1^MRW))hi%xHae7I+Rt;-Prf0-zY#6a?0+>`Z@FV>~My
zst$%LqLm?*d0MEt5!h#eKgOS(neSJ1!DZ%5hIN`vO--3ixfM)C&#4T}M~+Ijc>44#
zR%1LXh!$DJ7fzWosceGBM2eH`u@)n~q(vZjq_Ur;#gN#aWnVGz*3YB1`<Nj|Hzr|B
zTk%ONK54cmD?ZuTXEEY<R(#TmPg?OwD?Vw(C$-qR7LT;zlZkI(R(w*6E_4+=>=<9P
z;*%X?iB^2licgy3PgZ=gvlq@YM%U4`6XS+jWZsHTo*1$2T7y=6Qd`4+*l4H~pX?ZW
z{6C6MBI2w?E~g<fR;})N;cvS}u6CjzwnHjcVdrlbe?l5|DT+9~P{NK(J2`N+mJ6pS
zdimrw>?!Pt^S4r{7xhN#K9q(N9Q#r~>Q6tS0dyvvMQ3B4N=Ni}AkI!4jME8+BJw_*
zMj-ZnF1}7>BA&`SGjh}~<NQUPccF~JH{>yN9{repLSyNC@XBvlCF(cJ3D}c7iGE7|
zMw7A2t4xi>PNivx*Umshe->Rtvk{xUm@c7zr%UN)bQxWa*ljr?!0d5VK?5A+pNlUA
zVMKHJyG0B;pm^t319USV(c)(8d|E(PVbAj-oTd149MyOY{erHeC3HRAh<(sE(=Bux
z-A+qs8T}HwqJKpX(nI>Wfqd#BpSEb6wWyu2_#$>qzuw_A#kc5f{Y1t0JDjMvv(uT1
ze2(Jh`bmlhJD;T}*aW+Jn&V42=kYQ6HQi6EakArj^?bq&bS=(tyaDGvZdA{8Tt~Ok
zJ#-)4i&G)*qzC8@T26OifB6eI(-CJr3Jwwlr{EIYf(QG$eL|AZL+B|a3n@Y`p|_AK
z^byj8GqB&gpU_|UkuX3wQ#eaFTablxAww7_48lI}A;M5$n5}H)<jF3a-5ION$;;If
z{yZa*FHW2xm5iV4Y>d>FjxR0cXO7>Wqd#-?XP*Ad*Pj9XIZA&P>CbWe%=P>I?qF4I
zZ6G@k$a8Wk*PqQLdE@<l?O9l?!zzaSK#AHiZ~Q2gQhs)zL@!r40IZkitNHo4c`80o
zD&Tr(uRaU>TD?GVu8Jp6kW<Lzqq0lX`uPRfs)YXBBDH>?C`aWSuqs)>_;LC4U*Rhe
A@&Et;

diff --git a/LayoutTests/platform/mac-ventura/fast/text/textIteratorNilRenderer-expected.txt b/LayoutTests/platform/mac-ventura/fast/text/textIteratorNilRenderer-expected.txt
deleted file mode 100644
index 8c1efc030e316..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/text/textIteratorNilRenderer-expected.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {CENTER} at (0,0) size 784x53
-        RenderBlock {FORM} at (0,0) size 784x19
-          RenderTable {TABLE} at (46,0) size 692x19
-            RenderTableSection {TBODY} at (0,0) size 692x19
-              RenderTableRow {TR} at (0,0) size 692x19
-                RenderTableCell {TD} at (0,0) size 150x19 [r=0 c=0 rs=2 cs=1]
-                  RenderText {#text} at (0,0) size 4x19
-                    text run at (0,0) width 4: " "
-                RenderTableCell {TD} at (150,0) size 287x19 [r=0 c=1 rs=1 cs=1]
-                  RenderTextControl {INPUT} at (0,0) size 287x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderText {#text} at (0,0) size 0x0
-                RenderTableCell {TD} at (436,0) size 96x19 [r=0 c=2 rs=1 cs=1]
-                  RenderButton {INPUT} at (0,0) size 96x19 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                    RenderBlock (anonymous) at (8,2) size 80x13
-                      RenderText at (0,0) size 80x13
-                        text run at (0,0) width 80: "Search Froogle"
-                  RenderText {#text} at (0,0) size 0x0
-                RenderTableCell {TD} at (531,0) size 161x19 [r=0 c=3 rs=2 cs=1]
-                  RenderInline {LABEL} at (10,3) size 115x14
-                    RenderText {#text} at (0,0) size 0x0
-                    RenderBlock {INPUT} at (12,3) size 12x13
-                    RenderText {#text} at (26,3) size 99x14
-                      text run at (26,3) width 99: " Remember this location"
-                  RenderText {#text} at (0,0) size 0x0
-        RenderBlock (anonymous) at (0,35) size 784x18
-          RenderBR {BR} at (392,0) size 0x18
-layer at (207,11) size 281x13
-  RenderBlock {DIV} at (3,3) size 281x13
-caret: position 1 of child 0 {#text} of child 1 {TD} of child 0 {TR} of child 1 {TBODY} of child 1 {TABLE} of child 1 {FORM} of child 1 {CENTER} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/transforms/transformed-focused-text-input-expected.txt b/LayoutTests/platform/mac-ventura/fast/transforms/transformed-focused-text-input-expected.txt
deleted file mode 100644
index b6c580c82099e..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/transforms/transformed-focused-text-input-expected.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-layer at (8,8) size 784x19
-  RenderBlock {DIV} at (0,0) size 784x19
-    RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-    RenderText {#text} at (0,0) size 0x0
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-caret: position 0 of child 0 {DIV} of {#document-fragment} of child 1 {INPUT} of child 1 {DIV} of body
diff --git a/LayoutTests/platform/mac-ventura/fast/url/url-hostname-encoding-expected.txt b/LayoutTests/platform/mac-ventura/fast/url/url-hostname-encoding-expected.txt
deleted file mode 100644
index ba20539995b3a..0000000000000
--- a/LayoutTests/platform/mac-ventura/fast/url/url-hostname-encoding-expected.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-Test that setting the host and hostname attributes of URL objects uses IDNA2008.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS url.hostname is 'xn--bcher-kva.de'
-PASS url.hostname is 'xn--fa-hia.de'
-PASS url.hostname is 'xn--nxasmm1c.com'
-PASS url.hostname is 'xn--10cl1a0b660p.com'
-PASS url.hostname is 'xn--mgba3gch31f060k.com'
-PASS url.hostname is 'lookout.net'
-PASS url.hostname is 'google.com'
-FAIL url.hostname should be xn--zca.com. Was ss.com.
-FAIL url.hostname should be xn--zca.foo.com. Was ss.foo.com.
-PASS url.host is 'xn--bcher-kva.de'
-PASS url.host is 'xn--fa-hia.de'
-PASS url.host is 'xn--nxasmm1c.com'
-PASS url.host is 'xn--10cl1a0b660p.com'
-PASS url.host is 'xn--mgba3gch31f060k.com'
-PASS url.host is 'lookout.net'
-PASS url.host is 'google.com'
-FAIL url.host should be xn--zca.com. Was ss.com.
-FAIL url.host should be xn--zca.foo.com. Was ss.foo.com.
-PASS successfullyParsed is true
-Some tests failed.
-
-TEST COMPLETE
-
diff --git a/LayoutTests/platform/mac-ventura/http/tests/navigation/javascriptlink-frames-expected.txt b/LayoutTests/platform/mac-ventura/http/tests/navigation/javascriptlink-frames-expected.txt
deleted file mode 100644
index 7921cb62df47c..0000000000000
--- a/LayoutTests/platform/mac-ventura/http/tests/navigation/javascriptlink-frames-expected.txt
+++ /dev/null
@@ -1,133 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderFrameSet {FRAMESET} at (0,0) size 800x600
-      RenderFrame {FRAME} at (0,0) size 800x534
-        layer at (0,0) size 785x1538
-          RenderView at (0,0) size 785x534
-        layer at (0,0) size 785x1538
-          RenderBlock {HTML} at (0,0) size 785x1538
-            RenderBody {BODY} at (8,8) size 769x1498
-              RenderBlock (anonymous) at (0,0) size 769x259
-                RenderText {#text} at (0,0) size 751x185
-                  text run at (0,0) width 679: "This is test page that we navigate to as part of testing"
-                  text run at (0,37) width 335: "various navigation styles. "
-                  text run at (334,37) width 417: "It includes a form so that we can"
-                  text run at (0,74) width 719: "test saving and restoring of form data, and it needs to be"
-                  text run at (0,111) width 747: "long enough that we can test saving and restoring of scroll"
-                  text run at (0,148) width 112: "position."
-                RenderBR {BR} at (111,148) size 1x37
-                RenderBR {BR} at (0,185) size 0x37
-                RenderBR {BR} at (0,222) size 0x37
-              RenderBlock {FORM} at (0,293) size 769x412
-                RenderButton {INPUT} at (0,0) size 111x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 95x13
-                    RenderText at (0,0) size 95x13
-                      text run at (0,0) width 95: "Submit with POST"
-                RenderBR {BR} at (110,-16) size 1x37
-                RenderButton {INPUT} at (0,18) size 228x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 212x13
-                    RenderText at (0,0) size 212x13
-                      text run at (0,0) width 212: "Submit with POST followed by a redirect"
-                RenderBR {BR} at (227,2) size 1x37
-                RenderText {#text} at (0,36) size 377x37
-                  text run at (0,36) width 377: "Here are some form elements"
-                RenderTextControl {INPUT} at (376,51) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderBR {BR} at (523,36) size 1x37
-                RenderText {#text} at (0,73) size 335x37
-                  text run at (0,73) width 335: "that we can use for testing"
-                RenderTextControl {INPUT} at (335,88) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderBR {BR} at (481,73) size 1x37
-                RenderBlock {INPUT} at (2,129) size 12x12
-                RenderText {#text} at (16,110) size 74x37
-                  text run at (16,110) width 74: " Male"
-                RenderBR {BR} at (89,110) size 1x37
-                RenderBlock {INPUT} at (2,166) size 12x12
-                RenderText {#text} at (16,147) size 103x37
-                  text run at (16,147) width 103: " Female"
-                RenderBR {BR} at (118,147) size 1x37
-                RenderBlock {INPUT} at (2,203) size 12x12
-                RenderText {#text} at (16,184) size 130x37
-                  text run at (16,184) width 130: " option #1"
-                RenderBR {BR} at (145,184) size 1x37
-                RenderBlock {INPUT} at (2,240) size 12x12
-                RenderText {#text} at (16,221) size 130x37
-                  text run at (16,221) width 130: " option #2"
-                RenderBR {BR} at (145,221) size 1x37
-                RenderMenuList {SELECT} at (0,258) size 252x18 [bgcolor=#FFFFFF]
-                  RenderBlock (anonymous) at (0,0) size 252x18
-                    RenderText at (8,2) size 61x13
-                      text run at (8,2) width 61: "Initial Value"
-                RenderBR {BR} at (252,242) size 0x37
-                RenderText {#text} at (0,0) size 0x0
-              RenderBlock {P} at (0,771) size 769x37
-                RenderText {#text} at (0,0) size 63x37
-                  text run at (0,0) width 63: "Now"
-              RenderBlock {P} at (0,840) size 769x37
-                RenderText {#text} at (0,0) size 68x37
-                  text run at (0,0) width 68: "some"
-              RenderBlock {P} at (0,909) size 769x37
-                RenderText {#text} at (0,0) size 61x37
-                  text run at (0,0) width 61: "filler"
-              RenderBlock {P} at (0,978) size 769x37
-                RenderText {#text} at (0,0) size 29x37
-                  text run at (0,0) width 29: "so"
-              RenderBlock {P} at (0,1047) size 769x37
-                RenderText {#text} at (0,0) size 40x37
-                  text run at (0,0) width 40: "the"
-              RenderBlock {P} at (0,1116) size 769x37
-                RenderText {#text} at (0,0) size 47x37
-                  text run at (0,0) width 47: "doc"
-              RenderBlock {P} at (0,1185) size 769x37
-                RenderText {#text} at (0,0) size 22x37
-                  text run at (0,0) width 22: "is"
-              RenderBlock {P} at (0,1254) size 769x37
-                RenderText {#text} at (0,0) size 57x37
-                  text run at (0,0) width 57: "long"
-              RenderBlock {P} at (0,1323) size 769x37
-                RenderText {#text} at (0,0) size 95x37
-                  text run at (0,0) width 95: "enough"
-              RenderBlock {P} at (0,1392) size 769x37
-                RenderText {#text} at (0,0) size 112x37
-                  text run at (0,0) width 112: "to scroll."
-              RenderBlock {P} at (0,1461) size 769x37
-                RenderInline {A} at (0,0) size 532x37
-                  RenderText {#text} at (0,0) size 532x37
-                    text run at (0,0) width 532: "This is an anchor point named \"anchor1\"."
-        layer at (8,283) size 769x2 clip at (0,0) size 0x0
-          RenderBlock {HR} at (0,275) size 769x2 [color=#808080] [border: (1px inset #808080)]
-        layer at (388,355) size 141x13 scrollWidth 145
-          RenderBlock {DIV} at (3,3) size 141x13
-            RenderText {#text} at (0,0) size 145x13
-              text run at (0,0) width 145: "Initial text before user input"
-        layer at (346,392) size 141x13
-          RenderBlock {DIV} at (3,3) size 141x13
-        layer at (8,577) size 231x136 clip at (9,578) size 229x134
-          RenderTextControl {TEXTAREA} at (0,276) size 231x136 [bgcolor=#FFFFFF] [border: (1px solid #000000)]
-            RenderBlock {DIV} at (3,3) size 225x26
-              RenderText {#text} at (0,0) size 178x13
-                text run at (0,0) width 178: "More initial text before user input."
-                text run at (177,0) width 1: " "
-              RenderBR {BR} at (0,13) size 0x13
-        layer at (8,745) size 769x2 clip at (0,0) size 0x0
-          RenderBlock {HR} at (0,737) size 769x2 [color=#808080] [border: (1px inset #808080)]
-      RenderFrame {FRAME} at (0,540) size 800x60
-        layer at (0,0) size 785x90
-          RenderView at (0,0) size 785x60
-        layer at (0,0) size 785x90
-          RenderBlock {HTML} at (0,0) size 785x90
-            RenderBody {BODY} at (8,8) size 769x74
-              RenderText {#text} at (0,0) size 724x74
-                text run at (0,0) width 724: "This is just a minimal page that we navigate to as part of"
-                text run at (0,37) width 272: "testing back/forward."
-
-============== Back Forward List ==============
-        http://127.0.0.1:8000/navigation/javascriptlink-frames.html
-        http://127.0.0.1:8000/navigation/resources/frameset.pl?frameURL=javascriptlink.html
-            http://127.0.0.1:8000/navigation/resources/otherpage.html (in frame "footer")
-            http://127.0.0.1:8000/navigation/resources/javascriptlink.html (in frame "main")
-curr->  http://127.0.0.1:8000/navigation/resources/frameset.pl?frameURL=javascriptlink.html
-            http://127.0.0.1:8000/navigation/resources/otherpage.html (in frame "footer")
-            http://127.0.0.1:8000/navigation/resources/success200.html (in frame "main")
-===============================================
diff --git a/LayoutTests/platform/mac-ventura/http/wpt/mediarecorder/mimeType-expected.txt b/LayoutTests/platform/mac-ventura/http/wpt/mediarecorder/mimeType-expected.txt
deleted file mode 100644
index 33ba63122a90d..0000000000000
--- a/LayoutTests/platform/mac-ventura/http/wpt/mediarecorder/mimeType-expected.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-
-PASS MediaRecorder.isTypeSupported - 'auDio/mp4'
-PASS MediaRecorder.isTypeSupported - 'video/mp4'
-PASS MediaRecorder.isTypeSupported - 'audio/MP4;codecs=" avc1.4d002a   ,mp4a.40.1"'
-PASS MediaRecorder.isTypeSupported - 'video/mp4;codecs="AVC1.4d002a,   mp4a.40.1"'
-PASS MediaRecorder.isTypeSupported - 'video/mp4;codecs="mP4a.40.1"'
-FAIL MediaRecorder.isTypeSupported - 'audio/mp4;codecs="avc1.4d002a, opus"' assert_equals: expected true but got false
-FAIL MediaRecorder.isTypeSupported - 'audio/mp4;codecs="opus"' assert_equals: expected true but got false
-PASS MediaRecorder.isTypeSupported - 'audio/webm'
-PASS MediaRecorder.isTypeSupported - 'audio/webm; codecs="opus"'
-PASS MediaRecorder.isTypeSupported - 'audio/webm; codecs="vorbis"'
-PASS MediaRecorder.isTypeSupported - 'video/webm'
-PASS MediaRecorder.isTypeSupported - 'video/webm; codecs="vp8"'
-PASS MediaRecorder.isTypeSupported - 'video/webm; codecs="vp8,opus"'
-PASS MediaRecorder.isTypeSupported - 'video/webm; codecs="vp8,vorbis"'
-PASS MediaRecorder.isTypeSupported - 'video/webm; codecs="vp09,opus"'
-PASS MediaRecorder.isTypeSupported - 'video/webm; codecs="vp09,vorbis"'
-PASS MediaRecorder mimeType MP4
-PASS MediaRecorder mimeType WebM
-FAIL MediaRecorder mimeType with Opus in MP4 promise_test: Unhandled rejection with value: object "NotSupportedError: mimeType is not supported"
-
diff --git a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/rendering/widgets/field-sizing-input-text-expected.txt b/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/rendering/widgets/field-sizing-input-text-expected.txt
deleted file mode 100644
index c3bff2c9fcc84..0000000000000
--- a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/rendering/widgets/field-sizing-input-text-expected.txt
+++ /dev/null
@@ -1,57 +0,0 @@
-
-
-PASS text: Empty value
-PASS text: Empty value with a size atttribute
-PASS text: Auto width and auto height with a long text
-PASS text: Explicit width and heigth
-PASS text: Explicit width and auto height
-PASS text: Explicit height and auto width
-PASS text: Text caret is taller than the placeholder
-FAIL text: Text caret is shorter than the placeholder assert_less_than: expected a number less than 29 but got 29
-FAIL text: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-PASS search: Empty value
-PASS search: Empty value with a size atttribute
-PASS search: Auto width and auto height with a long text
-PASS search: Explicit width and heigth
-PASS search: Explicit width and auto height
-PASS search: Explicit height and auto width
-PASS search: Text caret is taller than the placeholder
-FAIL search: Text caret is shorter than the placeholder assert_less_than: expected a number less than 19 but got 19
-FAIL search: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-PASS tel: Empty value
-PASS tel: Empty value with a size atttribute
-PASS tel: Auto width and auto height with a long text
-PASS tel: Explicit width and heigth
-PASS tel: Explicit width and auto height
-PASS tel: Explicit height and auto width
-PASS tel: Text caret is taller than the placeholder
-FAIL tel: Text caret is shorter than the placeholder assert_less_than: expected a number less than 29 but got 29
-FAIL tel: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-PASS url: Empty value
-PASS url: Empty value with a size atttribute
-PASS url: Auto width and auto height with a long text
-PASS url: Explicit width and heigth
-PASS url: Explicit width and auto height
-PASS url: Explicit height and auto width
-PASS url: Text caret is taller than the placeholder
-FAIL url: Text caret is shorter than the placeholder assert_less_than: expected a number less than 29 but got 29
-FAIL url: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-PASS email: Empty value
-PASS email: Empty value with a size atttribute
-PASS email: Auto width and auto height with a long text
-PASS email: Explicit width and heigth
-PASS email: Explicit width and auto height
-PASS email: Explicit height and auto width
-PASS email: Text caret is taller than the placeholder
-FAIL email: Text caret is shorter than the placeholder assert_less_than: expected a number less than 29 but got 29
-FAIL email: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-PASS password: Empty value
-PASS password: Empty value with a size atttribute
-PASS password: Auto width and auto height with a long text
-PASS password: Explicit width and heigth
-PASS password: Explicit width and auto height
-PASS password: Explicit height and auto width
-PASS password: Text caret is taller than the placeholder
-FAIL password: Text caret is shorter than the placeholder assert_less_than: expected a number less than 29 but got 29
-FAIL password: Update field-sizing property dynamically assert_less_than: expected a number less than 147 but got 147
-
diff --git a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt b/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
deleted file mode 100644
index 54a75b8ee799d..0000000000000
--- a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/mime-types/canPlayType-expected.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-PASS utility code
-PASS application/octet-stream not supported
-PASS fictional formats and codecs not supported
-PASS audio/mp4 (optional)
-PASS audio/mp4; codecs="mp4a.40.2" (optional)
-PASS audio/mp4 with bogus codec
-PASS audio/mp4 with and without codecs
-FAIL audio/ogg (optional) assert_equals: audio/ogg expected "maybe" but got ""
-FAIL audio/ogg; codecs="opus" (optional) assert_equals: audio/ogg; codecs="opus" expected "probably" but got ""
-FAIL audio/ogg; codecs="vorbis" (optional) assert_equals: audio/ogg; codecs="vorbis" expected "probably" but got ""
-PASS audio/ogg with bogus codec
-PASS audio/ogg with and without codecs
-PASS audio/wav (optional)
-FAIL audio/wav; codecs="1" (optional) assert_equals: audio/wav; codecs="1" expected "probably" but got ""
-PASS audio/wav with bogus codec
-FAIL audio/wav with and without codecs assert_equals: expected false but got true
-PASS audio/webm (optional)
-PASS audio/webm; codecs="opus" (optional)
-PASS audio/webm; codecs="vorbis" (optional)
-PASS audio/webm with bogus codec
-PASS audio/webm with and without codecs
-PASS video/3gpp (optional)
-PASS video/3gpp; codecs="samr" (optional)
-PASS video/3gpp; codecs="mp4v.20.8" (optional)
-PASS video/3gpp codecs subset
-PASS video/3gpp codecs order
-PASS video/3gpp with bogus codec
-PASS video/3gpp with and without codecs
-PASS video/mp4 (optional)
-PASS video/mp4; codecs="mp4a.40.2" (optional)
-PASS video/mp4; codecs="avc1.42E01E" (optional)
-PASS video/mp4; codecs="avc1.4D401E" (optional)
-PASS video/mp4; codecs="avc1.58A01E" (optional)
-PASS video/mp4; codecs="avc1.64001E" (optional)
-PASS video/mp4; codecs="mp4v.20.8" (optional)
-PASS video/mp4; codecs="mp4v.20.240" (optional)
-PASS video/mp4 codecs subset
-PASS video/mp4 codecs order
-PASS video/mp4 with bogus codec
-PASS video/mp4 with and without codecs
-FAIL video/ogg (optional) assert_equals: video/ogg expected "maybe" but got ""
-FAIL video/ogg; codecs="opus" (optional) assert_equals: video/ogg; codecs="opus" expected "probably" but got ""
-FAIL video/ogg; codecs="vorbis" (optional) assert_equals: video/ogg; codecs="vorbis" expected "probably" but got ""
-FAIL video/ogg; codecs="theora" (optional) assert_equals: video/ogg; codecs="theora" expected "probably" but got ""
-PASS video/ogg codecs subset
-PASS video/ogg codecs order
-PASS video/ogg with bogus codec
-PASS video/ogg with and without codecs
-PASS video/webm (optional)
-PASS video/webm; codecs="opus" (optional)
-PASS video/webm; codecs="vorbis" (optional)
-PASS video/webm; codecs="vp8" (optional)
-PASS video/webm; codecs="vp8.0" (optional)
-PASS video/webm; codecs="vp9" (optional)
-PASS video/webm; codecs="vp9.0" (optional)
-PASS video/webm codecs subset
-PASS video/webm codecs order
-PASS video/webm with bogus codec
-PASS video/webm with and without codecs
-
diff --git a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/url/toascii.window-expected.txt b/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/url/toascii.window-expected.txt
deleted file mode 100644
index ac11fe6dbf225..0000000000000
--- a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/url/toascii.window-expected.txt
+++ /dev/null
@@ -1,786 +0,0 @@
-
-PASS Loading data…
-PASS aa-- (using URL)
-PASS aa-- (using URL.host)
-PASS aa-- (using URL.hostname)
-PASS aa-- (using <a>)
-PASS aa-- (using <a>.host)
-PASS aa-- (using <a>.hostname)
-PASS aa-- (using <area>)
-PASS aa-- (using <area>.host)
-PASS aa-- (using <area>.hostname)
-PASS a†-- (using URL)
-PASS a†-- (using URL.host)
-PASS a†-- (using URL.hostname)
-PASS a†-- (using <a>)
-PASS a†-- (using <a>.host)
-PASS a†-- (using <a>.hostname)
-PASS a†-- (using <area>)
-PASS a†-- (using <area>.host)
-PASS a†-- (using <area>.hostname)
-PASS ab--c (using URL)
-PASS ab--c (using URL.host)
-PASS ab--c (using URL.hostname)
-PASS ab--c (using <a>)
-PASS ab--c (using <a>.host)
-PASS ab--c (using <a>.hostname)
-PASS ab--c (using <area>)
-PASS ab--c (using <area>.host)
-PASS ab--c (using <area>.hostname)
-PASS -x (using URL)
-PASS -x (using URL.host)
-PASS -x (using URL.hostname)
-PASS -x (using <a>)
-PASS -x (using <a>.host)
-PASS -x (using <a>.hostname)
-PASS -x (using <area>)
-PASS -x (using <area>.host)
-PASS -x (using <area>.hostname)
-PASS -† (using URL)
-PASS -† (using URL.host)
-PASS -† (using URL.hostname)
-PASS -† (using <a>)
-PASS -† (using <a>.host)
-PASS -† (using <a>.hostname)
-PASS -† (using <area>)
-PASS -† (using <area>.host)
-PASS -† (using <area>.hostname)
-PASS -x.xn--zca (using URL)
-PASS -x.xn--zca (using URL.host)
-PASS -x.xn--zca (using URL.hostname)
-PASS -x.xn--zca (using <a>)
-PASS -x.xn--zca (using <a>.host)
-PASS -x.xn--zca (using <a>.hostname)
-PASS -x.xn--zca (using <area>)
-PASS -x.xn--zca (using <area>.host)
-PASS -x.xn--zca (using <area>.hostname)
-PASS -x.ß (using URL)
-PASS -x.ß (using URL.host)
-PASS -x.ß (using URL.hostname)
-PASS -x.ß (using <a>)
-PASS -x.ß (using <a>.host)
-PASS -x.ß (using <a>.hostname)
-PASS -x.ß (using <area>)
-PASS -x.ß (using <area>.host)
-PASS -x.ß (using <area>.hostname)
-PASS x-.xn--zca (using URL)
-PASS x-.xn--zca (using URL.host)
-PASS x-.xn--zca (using URL.hostname)
-PASS x-.xn--zca (using <a>)
-PASS x-.xn--zca (using <a>.host)
-PASS x-.xn--zca (using <a>.hostname)
-PASS x-.xn--zca (using <area>)
-PASS x-.xn--zca (using <area>.host)
-PASS x-.xn--zca (using <area>.hostname)
-PASS x-.ß (using URL)
-PASS x-.ß (using URL.host)
-PASS x-.ß (using URL.hostname)
-PASS x-.ß (using <a>)
-PASS x-.ß (using <a>.host)
-PASS x-.ß (using <a>.hostname)
-PASS x-.ß (using <area>)
-PASS x-.ß (using <area>.host)
-PASS x-.ß (using <area>.hostname)
-PASS x..xn--zca (using URL)
-PASS x..xn--zca (using URL.host)
-PASS x..xn--zca (using URL.hostname)
-PASS x..xn--zca (using <a>)
-PASS x..xn--zca (using <a>.host)
-PASS x..xn--zca (using <a>.hostname)
-PASS x..xn--zca (using <area>)
-PASS x..xn--zca (using <area>.host)
-PASS x..xn--zca (using <area>.hostname)
-PASS x..ß (using URL)
-PASS x..ß (using URL.host)
-PASS x..ß (using URL.hostname)
-PASS x..ß (using <a>)
-PASS x..ß (using <a>.host)
-PASS x..ß (using <a>.hostname)
-PASS x..ß (using <area>)
-PASS x..ß (using <area>.host)
-PASS x..ß (using <area>.hostname)
-PASS xn--a (using URL)
-PASS xn--a (using URL.host)
-PASS xn--a (using URL.hostname)
-PASS xn--a (using <a>)
-PASS xn--a (using <a>.host)
-PASS xn--a (using <a>.hostname)
-PASS xn--a (using <area>)
-PASS xn--a (using <area>.host)
-PASS xn--a (using <area>.hostname)
-PASS xn--a.xn--zca (using URL)
-PASS xn--a.xn--zca (using URL.host)
-PASS xn--a.xn--zca (using URL.hostname)
-PASS xn--a.xn--zca (using <a>)
-PASS xn--a.xn--zca (using <a>.host)
-PASS xn--a.xn--zca (using <a>.hostname)
-PASS xn--a.xn--zca (using <area>)
-PASS xn--a.xn--zca (using <area>.host)
-PASS xn--a.xn--zca (using <area>.hostname)
-PASS xn--a.ß (using URL)
-PASS xn--a.ß (using URL.host)
-PASS xn--a.ß (using URL.hostname)
-PASS xn--a.ß (using <a>)
-PASS xn--a.ß (using <a>.host)
-PASS xn--a.ß (using <a>.hostname)
-PASS xn--a.ß (using <area>)
-PASS xn--a.ß (using <area>.host)
-PASS xn--a.ß (using <area>.hostname)
-PASS xn--ls8h= (using URL)
-PASS xn--ls8h= (using URL.host)
-PASS xn--ls8h= (using URL.hostname)
-PASS xn--ls8h= (using <a>)
-PASS xn--ls8h= (using <a>.host)
-PASS xn--ls8h= (using <a>.hostname)
-PASS xn--ls8h= (using <area>)
-PASS xn--ls8h= (using <area>.host)
-PASS xn--ls8h= (using <area>.hostname)
-PASS xn--tešla (using URL)
-PASS xn--tešla (using URL.host)
-PASS xn--tešla (using URL.hostname)
-PASS xn--tešla (using <a>)
-PASS xn--tešla (using <a>.host)
-PASS xn--tešla (using <a>.hostname)
-PASS xn--tešla (using <area>)
-PASS xn--tešla (using <area>.host)
-PASS xn--tešla (using <area>.hostname)
-PASS xn--zca.xn--zca (using URL)
-PASS xn--zca.xn--zca (using URL.host)
-PASS xn--zca.xn--zca (using URL.hostname)
-PASS xn--zca.xn--zca (using <a>)
-PASS xn--zca.xn--zca (using <a>.host)
-PASS xn--zca.xn--zca (using <a>.hostname)
-PASS xn--zca.xn--zca (using <area>)
-PASS xn--zca.xn--zca (using <area>.host)
-PASS xn--zca.xn--zca (using <area>.hostname)
-PASS xn--zca.ß (using URL)
-PASS xn--zca.ß (using URL.host)
-PASS xn--zca.ß (using URL.hostname)
-PASS xn--zca.ß (using <a>)
-PASS xn--zca.ß (using <a>.host)
-PASS xn--zca.ß (using <a>.hostname)
-PASS xn--zca.ß (using <area>)
-PASS xn--zca.ß (using <area>.host)
-PASS xn--zca.ß (using <area>.hostname)
-PASS ab--c.xn--zca (using URL)
-PASS ab--c.xn--zca (using URL.host)
-PASS ab--c.xn--zca (using URL.hostname)
-PASS ab--c.xn--zca (using <a>)
-PASS ab--c.xn--zca (using <a>.host)
-PASS ab--c.xn--zca (using <a>.hostname)
-PASS ab--c.xn--zca (using <area>)
-PASS ab--c.xn--zca (using <area>.host)
-PASS ab--c.xn--zca (using <area>.hostname)
-PASS ab--c.ß (using URL)
-PASS ab--c.ß (using URL.host)
-PASS ab--c.ß (using URL.hostname)
-PASS ab--c.ß (using <a>)
-PASS ab--c.ß (using <a>.host)
-PASS ab--c.ß (using <a>.hostname)
-PASS ab--c.ß (using <area>)
-PASS ab--c.ß (using <area>.host)
-PASS ab--c.ß (using <area>.hostname)
-PASS ‍.example (using URL)
-PASS ‍.example (using URL.host)
-PASS ‍.example (using URL.hostname)
-PASS ‍.example (using <a>)
-PASS ‍.example (using <a>.host)
-PASS ‍.example (using <a>.hostname)
-PASS ‍.example (using <area>)
-PASS ‍.example (using <area>.host)
-PASS ‍.example (using <area>.hostname)
-PASS xn--1ug.example (using URL)
-PASS xn--1ug.example (using URL.host)
-PASS xn--1ug.example (using URL.hostname)
-PASS xn--1ug.example (using <a>)
-PASS xn--1ug.example (using <a>.host)
-PASS xn--1ug.example (using <a>.hostname)
-PASS xn--1ug.example (using <area>)
-PASS xn--1ug.example (using <area>.host)
-PASS xn--1ug.example (using <area>.hostname)
-PASS يa (using URL)
-PASS يa (using URL.host)
-PASS يa (using URL.hostname)
-PASS يa (using <a>)
-PASS يa (using <a>.host)
-PASS يa (using <a>.hostname)
-PASS يa (using <area>)
-PASS يa (using <area>.host)
-PASS يa (using <area>.hostname)
-PASS xn--a-yoc (using URL)
-PASS xn--a-yoc (using URL.host)
-PASS xn--a-yoc (using URL.hostname)
-PASS xn--a-yoc (using <a>)
-PASS xn--a-yoc (using <a>.host)
-PASS xn--a-yoc (using <a>.hostname)
-PASS xn--a-yoc (using <area>)
-PASS xn--a-yoc (using <area>.host)
-PASS xn--a-yoc (using <area>.hostname)
-PASS ශ්‍රී (using URL)
-PASS ශ්‍රී (using URL.host)
-PASS ශ්‍රී (using URL.hostname)
-PASS ශ්‍රී (using <a>)
-PASS ශ්‍රී (using <a>.host)
-PASS ශ්‍රී (using <a>.hostname)
-PASS ශ්‍රී (using <area>)
-PASS ශ්‍රී (using <area>.host)
-PASS ශ්‍රී (using <area>.hostname)
-PASS نامه‌ای (using URL)
-PASS نامه‌ای (using URL.host)
-PASS نامه‌ای (using URL.hostname)
-PASS نامه‌ای (using <a>)
-PASS نامه‌ای (using <a>.host)
-PASS نامه‌ای (using <a>.hostname)
-PASS نامه‌ای (using <area>)
-PASS نامه‌ای (using <area>.host)
-PASS نامه‌ای (using <area>.hostname)
-PASS �.com (using URL)
-PASS �.com (using URL.host)
-PASS �.com (using URL.hostname)
-PASS �.com (using <a>)
-PASS �.com (using <a>.host)
-PASS �.com (using <a>.hostname)
-PASS �.com (using <area>)
-PASS �.com (using <area>.host)
-PASS �.com (using <area>.hostname)
-PASS xn--zn7c.com (using URL)
-PASS xn--zn7c.com (using URL.host)
-PASS xn--zn7c.com (using URL.hostname)
-PASS xn--zn7c.com (using <a>)
-PASS xn--zn7c.com (using <a>.host)
-PASS xn--zn7c.com (using <a>.hostname)
-PASS xn--zn7c.com (using <area>)
-PASS xn--zn7c.com (using <area>.host)
-PASS xn--zn7c.com (using <area>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <a>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <a>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <a>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <area>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <area>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x (using <area>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using URL)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using URL.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using URL.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <a>)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <a>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <a>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <area>)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <area>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901† (using <area>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using URL)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using URL.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using URL.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <a>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <a>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <a>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <area>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <area>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.xn--zca (using <area>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using URL)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using URL.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using URL.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <a>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <a>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <a>.hostname)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <area>)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <area>.host)
-PASS x01234567890123456789012345678901234567890123456789012345678901x.ß (using <area>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using URL)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using URL.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using URL.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <a>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <a>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <a>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <area>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <area>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.x (using <area>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using URL)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using URL.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using URL.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <a>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <a>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <a>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <area>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <area>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.xn--zca (using <area>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using URL)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using URL.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using URL.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <a>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <a>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <a>.hostname)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <area>)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <area>.host)
-PASS 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.0123456789012345678901234567890123456789012345678.ß (using <area>.hostname)
-PASS a­b (using URL)
-PASS a­b (using URL.host)
-PASS a­b (using URL.hostname)
-PASS a­b (using <a>)
-PASS a­b (using <a>.host)
-PASS a­b (using <a>.hostname)
-PASS a­b (using <area>)
-PASS a­b (using <area>.host)
-PASS a­b (using <area>.hostname)
-PASS ≠ (using URL)
-PASS ≠ (using URL.host)
-PASS ≠ (using URL.hostname)
-PASS ≠ (using <a>)
-PASS ≠ (using <a>.host)
-PASS ≠ (using <a>.hostname)
-PASS ≠ (using <area>)
-PASS ≠ (using <area>.host)
-PASS ≠ (using <area>.hostname)
-PASS ≮ (using URL)
-PASS ≮ (using URL.host)
-PASS ≮ (using URL.hostname)
-PASS ≮ (using <a>)
-PASS ≮ (using <a>.host)
-PASS ≮ (using <a>.hostname)
-PASS ≮ (using <area>)
-PASS ≮ (using <area>.host)
-PASS ≮ (using <area>.hostname)
-PASS ≯ (using URL)
-PASS ≯ (using URL.host)
-PASS ≯ (using URL.hostname)
-PASS ≯ (using <a>)
-PASS ≯ (using <a>.host)
-PASS ≯ (using <a>.hostname)
-PASS ≯ (using <area>)
-PASS ≯ (using <area>.host)
-PASS ≯ (using <area>.hostname)
-PASS ≠ (using URL)
-PASS ≠ (using URL.host)
-PASS ≠ (using URL.hostname)
-PASS ≠ (using <a>)
-PASS ≠ (using <a>.host)
-PASS ≠ (using <a>.hostname)
-PASS ≠ (using <area>)
-PASS ≠ (using <area>.host)
-PASS ≠ (using <area>.hostname)
-PASS ≮ (using URL)
-PASS ≮ (using URL.host)
-PASS ≮ (using URL.hostname)
-PASS ≮ (using <a>)
-PASS ≮ (using <a>.host)
-PASS ≮ (using <a>.hostname)
-PASS ≮ (using <area>)
-PASS ≮ (using <area>.host)
-PASS ≮ (using <area>.hostname)
-PASS ≯ (using URL)
-PASS ≯ (using URL.host)
-PASS ≯ (using URL.hostname)
-PASS ≯ (using <a>)
-PASS ≯ (using <a>.host)
-PASS ≯ (using <a>.hostname)
-PASS ≯ (using <area>)
-PASS ≯ (using <area>.host)
-PASS ≯ (using <area>.hostname)
-PASS =­̸ (using URL)
-PASS =­̸ (using URL.host)
-PASS =­̸ (using URL.hostname)
-PASS =­̸ (using <a>)
-PASS =­̸ (using <a>.host)
-PASS =­̸ (using <a>.hostname)
-PASS =­̸ (using <area>)
-PASS =­̸ (using <area>.host)
-PASS =­̸ (using <area>.hostname)
-PASS <­̸ (using URL)
-PASS <­̸ (using URL.host)
-PASS <­̸ (using URL.hostname)
-PASS <­̸ (using <a>)
-PASS <­̸ (using <a>.host)
-PASS <­̸ (using <a>.hostname)
-PASS <­̸ (using <area>)
-PASS <­̸ (using <area>.host)
-PASS <­̸ (using <area>.hostname)
-PASS >­̸ (using URL)
-PASS >­̸ (using URL.host)
-PASS >­̸ (using URL.hostname)
-PASS >­̸ (using <a>)
-PASS >­̸ (using <a>.host)
-PASS >­̸ (using <a>.hostname)
-PASS >­̸ (using <area>)
-PASS >­̸ (using <area>.host)
-PASS >­̸ (using <area>.hostname)
-PASS faß.de (using URL)
-PASS faß.de (using URL.host)
-PASS faß.de (using URL.hostname)
-PASS faß.de (using <a>)
-PASS faß.de (using <a>.host)
-PASS faß.de (using <a>.hostname)
-PASS faß.de (using <area>)
-PASS faß.de (using <area>.host)
-PASS faß.de (using <area>.hostname)
-PASS βόλος.com (using URL)
-PASS βόλος.com (using URL.host)
-PASS βόλος.com (using URL.hostname)
-PASS βόλος.com (using <a>)
-PASS βόλος.com (using <a>.host)
-PASS βόλος.com (using <a>.hostname)
-PASS βόλος.com (using <area>)
-PASS βόλος.com (using <area>.host)
-PASS βόλος.com (using <area>.hostname)
-PASS ශ්‍රී.com (using URL)
-PASS ශ්‍රී.com (using URL.host)
-PASS ශ්‍රී.com (using URL.hostname)
-PASS ශ්‍රී.com (using <a>)
-PASS ශ්‍රී.com (using <a>.host)
-PASS ශ්‍රී.com (using <a>.hostname)
-PASS ශ්‍රී.com (using <area>)
-PASS ශ්‍රී.com (using <area>.host)
-PASS ශ්‍රී.com (using <area>.hostname)
-PASS نامه‌ای.com (using URL)
-PASS نامه‌ای.com (using URL.host)
-PASS نامه‌ای.com (using URL.hostname)
-PASS نامه‌ای.com (using <a>)
-PASS نامه‌ای.com (using <a>.host)
-PASS نامه‌ای.com (using <a>.hostname)
-PASS نامه‌ای.com (using <area>)
-PASS نامه‌ای.com (using <area>.host)
-PASS نامه‌ای.com (using <area>.hostname)
-PASS www.looĸout.net (using URL)
-PASS www.looĸout.net (using URL.host)
-PASS www.looĸout.net (using URL.hostname)
-PASS www.looĸout.net (using <a>)
-PASS www.looĸout.net (using <a>.host)
-PASS www.looĸout.net (using <a>.hostname)
-PASS www.looĸout.net (using <area>)
-PASS www.looĸout.net (using <area>.host)
-PASS www.looĸout.net (using <area>.hostname)
-PASS ᗯᗯᗯ.lookout.net (using URL)
-PASS ᗯᗯᗯ.lookout.net (using URL.host)
-PASS ᗯᗯᗯ.lookout.net (using URL.hostname)
-PASS ᗯᗯᗯ.lookout.net (using <a>)
-PASS ᗯᗯᗯ.lookout.net (using <a>.host)
-PASS ᗯᗯᗯ.lookout.net (using <a>.hostname)
-PASS ᗯᗯᗯ.lookout.net (using <area>)
-PASS ᗯᗯᗯ.lookout.net (using <area>.host)
-PASS ᗯᗯᗯ.lookout.net (using <area>.hostname)
-PASS www.lookout.сом (using URL)
-PASS www.lookout.сом (using URL.host)
-PASS www.lookout.сом (using URL.hostname)
-PASS www.lookout.сом (using <a>)
-PASS www.lookout.сом (using <a>.host)
-PASS www.lookout.сом (using <a>.hostname)
-PASS www.lookout.сом (using <area>)
-PASS www.lookout.сом (using <area>.host)
-PASS www.lookout.сом (using <area>.hostname)
-PASS www‥lookout.net (using URL)
-PASS www‥lookout.net (using URL.host)
-PASS www‥lookout.net (using URL.hostname)
-PASS www‥lookout.net (using <a>)
-PASS www‥lookout.net (using <a>.host)
-PASS www‥lookout.net (using <a>.hostname)
-PASS www‥lookout.net (using <area>)
-PASS www‥lookout.net (using <area>.host)
-PASS www‥lookout.net (using <area>.hostname)
-PASS www.lookout‧net (using URL)
-PASS www.lookout‧net (using URL.host)
-PASS www.lookout‧net (using URL.hostname)
-PASS www.lookout‧net (using <a>)
-PASS www.lookout‧net (using <a>.host)
-PASS www.lookout‧net (using <a>.hostname)
-PASS www.lookout‧net (using <area>)
-PASS www.lookout‧net (using <area>.host)
-PASS www.lookout‧net (using <area>.hostname)
-PASS www.lookout.net⩴80 (using URL)
-PASS www.lookout.net⩴80 (using URL.host)
-PASS www.lookout.net⩴80 (using URL.hostname)
-PASS www.lookout.net⩴80 (using <a>)
-PASS www.lookout.net⩴80 (using <a>.host)
-PASS www.lookout.net⩴80 (using <a>.hostname)
-PASS www.lookout.net⩴80 (using <area>)
-PASS www.lookout.net⩴80 (using <area>.host)
-PASS www.lookout.net⩴80 (using <area>.hostname)
-PASS www .lookout.net (using URL)
-PASS www .lookout.net (using URL.host)
-PASS www .lookout.net (using URL.hostname)
-PASS www .lookout.net (using <a>)
-PASS www .lookout.net (using <a>.host)
-PASS www .lookout.net (using <a>.hostname)
-PASS www .lookout.net (using <area>)
-PASS www .lookout.net (using <area>.host)
-PASS www .lookout.net (using <area>.hostname)
-PASS  lookout.net (using URL)
-PASS  lookout.net (using URL.host)
-PASS  lookout.net (using URL.hostname)
-PASS  lookout.net (using <a>)
-PASS  lookout.net (using <a>.host)
-PASS  lookout.net (using <a>.hostname)
-PASS  lookout.net (using <area>)
-PASS  lookout.net (using <area>.host)
-PASS  lookout.net (using <area>.hostname)
-PASS lookout.net (using URL)
-PASS lookout.net (using URL.host)
-PASS lookout.net (using URL.hostname)
-PASS lookout.net (using <a>)
-PASS lookout.net (using <a>.host)
-PASS lookout.net (using <a>.hostname)
-PASS lookout.net (using <area>)
-PASS lookout.net (using <area>.host)
-PASS lookout.net (using <area>.hostname)
-PASS look۝out.net (using URL)
-PASS look۝out.net (using URL.host)
-PASS look۝out.net (using URL.hostname)
-PASS look۝out.net (using <a>)
-PASS look۝out.net (using <a>.host)
-PASS look۝out.net (using <a>.hostname)
-PASS look۝out.net (using <area>)
-PASS look۝out.net (using <area>.host)
-PASS look۝out.net (using <area>.hostname)
-PASS look᠎out.net (using URL)
-PASS look᠎out.net (using URL.host)
-PASS look᠎out.net (using URL.hostname)
-PASS look᠎out.net (using <a>)
-PASS look᠎out.net (using <a>.host)
-PASS look᠎out.net (using <a>.hostname)
-PASS look᠎out.net (using <area>)
-PASS look᠎out.net (using <area>.host)
-PASS look᠎out.net (using <area>.hostname)
-PASS look⁠out.net (using URL)
-PASS look⁠out.net (using URL.host)
-PASS look⁠out.net (using URL.hostname)
-PASS look⁠out.net (using <a>)
-PASS look⁠out.net (using <a>.host)
-PASS look⁠out.net (using <a>.hostname)
-PASS look⁠out.net (using <area>)
-PASS look⁠out.net (using <area>.host)
-PASS look⁠out.net (using <area>.hostname)
-PASS lookout.net (using URL)
-PASS lookout.net (using URL.host)
-PASS lookout.net (using URL.hostname)
-PASS lookout.net (using <a>)
-PASS lookout.net (using <a>.host)
-PASS lookout.net (using <a>.hostname)
-PASS lookout.net (using <area>)
-PASS lookout.net (using <area>.host)
-PASS lookout.net (using <area>.hostname)
-PASS look🿾out.net (using URL)
-PASS look🿾out.net (using URL.host)
-PASS look🿾out.net (using URL.hostname)
-PASS look🿾out.net (using <a>)
-PASS look🿾out.net (using <a>.host)
-PASS look🿾out.net (using <a>.hostname)
-PASS look🿾out.net (using <area>)
-PASS look🿾out.net (using <area>.host)
-PASS look🿾out.net (using <area>.hostname)
-PASS lookout.net (using URL)
-PASS lookout.net (using URL.host)
-PASS lookout.net (using URL.hostname)
-PASS lookout.net (using <a>)
-PASS lookout.net (using <a>.host)
-PASS lookout.net (using <a>.hostname)
-PASS lookout.net (using <area>)
-PASS lookout.net (using <area>.host)
-PASS lookout.net (using <area>.hostname)
-PASS look⿰out.net (using URL)
-PASS look⿰out.net (using URL.host)
-PASS look⿰out.net (using URL.hostname)
-PASS look⿰out.net (using <a>)
-PASS look⿰out.net (using <a>.host)
-PASS look⿰out.net (using <a>.hostname)
-PASS look⿰out.net (using <area>)
-PASS look⿰out.net (using <area>.host)
-PASS look⿰out.net (using <area>.hostname)
-PASS looḱout.net (using URL)
-PASS looḱout.net (using URL.host)
-PASS looḱout.net (using URL.hostname)
-PASS looḱout.net (using <a>)
-PASS looḱout.net (using <a>.host)
-PASS looḱout.net (using <a>.hostname)
-PASS looḱout.net (using <area>)
-PASS looḱout.net (using <area>.host)
-PASS looḱout.net (using <area>.hostname)
-PASS look‮out.net (using URL)
-PASS look‮out.net (using URL.host)
-PASS look‮out.net (using URL.hostname)
-PASS look‮out.net (using <a>)
-PASS look‮out.net (using <a>.host)
-PASS look‮out.net (using <a>.hostname)
-PASS look‮out.net (using <area>)
-PASS look‮out.net (using <area>.host)
-PASS look‮out.net (using <area>.hostname)
-PASS lookout.net (using URL)
-PASS lookout.net (using URL.host)
-PASS lookout.net (using URL.hostname)
-PASS lookout.net (using <a>)
-PASS lookout.net (using <a>.host)
-PASS lookout.net (using <a>.hostname)
-PASS lookout.net (using <area>)
-PASS lookout.net (using <area>.host)
-PASS lookout.net (using <area>.hostname)
-PASS look󠀁out.net (using URL)
-PASS look󠀁out.net (using URL.host)
-PASS look󠀁out.net (using URL.hostname)
-PASS look󠀁out.net (using <a>)
-PASS look󠀁out.net (using <a>.host)
-PASS look󠀁out.net (using <a>.hostname)
-PASS look󠀁out.net (using <area>)
-PASS look󠀁out.net (using <area>.host)
-PASS look󠀁out.net (using <area>.hostname)
-PASS look󠀠out.net (using URL)
-PASS look󠀠out.net (using URL.host)
-PASS look󠀠out.net (using URL.hostname)
-PASS look󠀠out.net (using <a>)
-PASS look󠀠out.net (using <a>.host)
-PASS look󠀠out.net (using <a>.hostname)
-PASS look󠀠out.net (using <area>)
-PASS look󠀠out.net (using <area>.host)
-PASS look󠀠out.net (using <area>.hostname)
-PASS look־out.net (using URL)
-PASS look־out.net (using URL.host)
-PASS look־out.net (using URL.hostname)
-PASS look־out.net (using <a>)
-PASS look־out.net (using <a>.host)
-PASS look־out.net (using <a>.hostname)
-PASS look־out.net (using <area>)
-PASS look־out.net (using <area>.host)
-PASS look־out.net (using <area>.hostname)
-PASS Bücher.de (using URL)
-PASS Bücher.de (using URL.host)
-PASS Bücher.de (using URL.hostname)
-PASS Bücher.de (using <a>)
-PASS Bücher.de (using <a>.host)
-PASS Bücher.de (using <a>.hostname)
-PASS Bücher.de (using <area>)
-PASS Bücher.de (using <area>.host)
-PASS Bücher.de (using <area>.hostname)
-PASS ♥.net (using URL)
-PASS ♥.net (using URL.host)
-PASS ♥.net (using URL.hostname)
-PASS ♥.net (using <a>)
-PASS ♥.net (using <a>.host)
-PASS ♥.net (using <a>.hostname)
-PASS ♥.net (using <area>)
-PASS ♥.net (using <area>.host)
-PASS ♥.net (using <area>.hostname)
-PASS ͸.net (using URL)
-PASS ͸.net (using URL.host)
-PASS ͸.net (using URL.hostname)
-PASS ͸.net (using <a>)
-PASS ͸.net (using <a>.host)
-PASS ͸.net (using <a>.hostname)
-PASS ͸.net (using <area>)
-PASS ͸.net (using <area>.host)
-PASS ͸.net (using <area>.hostname)
-PASS Ӏ.com (using URL)
-PASS Ӏ.com (using URL.host)
-PASS Ӏ.com (using URL.hostname)
-PASS Ӏ.com (using <a>)
-PASS Ӏ.com (using <a>.host)
-PASS Ӏ.com (using <a>.hostname)
-PASS Ӏ.com (using <area>)
-PASS Ӏ.com (using <area>.host)
-PASS Ӏ.com (using <area>.hostname)
-FAIL 㛼.com (using URL) "https://㛼.com/x" cannot be parsed as a URL.
-FAIL 㛼.com (using URL.host) assert_equals: expected "xn--snl.com" but got "x"
-FAIL 㛼.com (using URL.hostname) assert_equals: expected "xn--snl.com" but got "x"
-FAIL 㛼.com (using <a>) "https://㛼.com/x" cannot be parsed as a URL.
-FAIL 㛼.com (using <a>.host) assert_equals: expected "xn--snl.com" but got "x"
-FAIL 㛼.com (using <a>.hostname) assert_equals: expected "xn--snl.com" but got "x"
-FAIL 㛼.com (using <area>) "https://㛼.com/x" cannot be parsed as a URL.
-FAIL 㛼.com (using <area>.host) assert_equals: expected "xn--snl.com" but got "x"
-FAIL 㛼.com (using <area>.hostname) assert_equals: expected "xn--snl.com" but got "x"
-PASS Ↄ.com (using URL)
-PASS Ↄ.com (using URL.host)
-PASS Ↄ.com (using URL.hostname)
-PASS Ↄ.com (using <a>)
-PASS Ↄ.com (using <a>.host)
-PASS Ↄ.com (using <a>.hostname)
-PASS Ↄ.com (using <area>)
-PASS Ↄ.com (using <area>.host)
-PASS Ↄ.com (using <area>.hostname)
-PASS look͏out.net (using URL)
-PASS look͏out.net (using URL.host)
-PASS look͏out.net (using URL.hostname)
-PASS look͏out.net (using <a>)
-PASS look͏out.net (using <a>.host)
-PASS look͏out.net (using <a>.hostname)
-PASS look͏out.net (using <area>)
-PASS look͏out.net (using <area>.host)
-PASS look͏out.net (using <area>.hostname)
-PASS gOoGle.com (using URL)
-PASS gOoGle.com (using URL.host)
-PASS gOoGle.com (using URL.hostname)
-PASS gOoGle.com (using <a>)
-PASS gOoGle.com (using <a>.host)
-PASS gOoGle.com (using <a>.hostname)
-PASS gOoGle.com (using <area>)
-PASS gOoGle.com (using <area>.host)
-PASS gOoGle.com (using <area>.hostname)
-PASS ড়.com (using URL)
-PASS ড়.com (using URL.host)
-PASS ড়.com (using URL.hostname)
-PASS ড়.com (using <a>)
-PASS ড়.com (using <a>.host)
-PASS ড়.com (using <a>.hostname)
-PASS ড়.com (using <area>)
-PASS ড়.com (using <area>.host)
-PASS ড়.com (using <area>.hostname)
-FAIL ẞ.com (using URL) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using URL.host) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using URL.hostname) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <a>) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <a>.host) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <a>.hostname) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <area>) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <area>.host) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.com (using <area>.hostname) assert_equals: expected "xn--zca.com" but got "ss.com"
-FAIL ẞ.foo.com (using URL) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using URL.host) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using URL.hostname) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <a>) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <a>.host) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <a>.hostname) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <area>) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <area>.host) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-FAIL ẞ.foo.com (using <area>.hostname) assert_equals: expected "xn--zca.foo.com" but got "ss.foo.com"
-PASS -foo.bar.com (using URL)
-PASS -foo.bar.com (using URL.host)
-PASS -foo.bar.com (using URL.hostname)
-PASS -foo.bar.com (using <a>)
-PASS -foo.bar.com (using <a>.host)
-PASS -foo.bar.com (using <a>.hostname)
-PASS -foo.bar.com (using <area>)
-PASS -foo.bar.com (using <area>.host)
-PASS -foo.bar.com (using <area>.hostname)
-PASS foo-.bar.com (using URL)
-PASS foo-.bar.com (using URL.host)
-PASS foo-.bar.com (using URL.hostname)
-PASS foo-.bar.com (using <a>)
-PASS foo-.bar.com (using <a>.host)
-PASS foo-.bar.com (using <a>.hostname)
-PASS foo-.bar.com (using <area>)
-PASS foo-.bar.com (using <area>.host)
-PASS foo-.bar.com (using <area>.hostname)
-PASS ab--cd.com (using URL)
-PASS ab--cd.com (using URL.host)
-PASS ab--cd.com (using URL.hostname)
-PASS ab--cd.com (using <a>)
-PASS ab--cd.com (using <a>.host)
-PASS ab--cd.com (using <a>.hostname)
-PASS ab--cd.com (using <area>)
-PASS ab--cd.com (using <area>.host)
-PASS ab--cd.com (using <area>.hostname)
-PASS xn--0.com (using URL)
-PASS xn--0.com (using URL.host)
-PASS xn--0.com (using URL.hostname)
-PASS xn--0.com (using <a>)
-PASS xn--0.com (using <a>.host)
-PASS xn--0.com (using <a>.hostname)
-PASS xn--0.com (using <area>)
-PASS xn--0.com (using <area>.host)
-PASS xn--0.com (using <area>.hostname)
-PASS foò.bar.com (using URL)
-PASS foò.bar.com (using URL.host)
-PASS foò.bar.com (using URL.hostname)
-PASS foò.bar.com (using <a>)
-PASS foò.bar.com (using <a>.host)
-PASS foò.bar.com (using <a>.hostname)
-PASS foò.bar.com (using <area>)
-PASS foò.bar.com (using <area>.host)
-PASS foò.bar.com (using <area>.hostname)
-
diff --git a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/xhr/open-method-case-sensitive-expected.txt b/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/xhr/open-method-case-sensitive-expected.txt
deleted file mode 100644
index cd606472f86c0..0000000000000
--- a/LayoutTests/platform/mac-ventura/imported/w3c/web-platform-tests/xhr/open-method-case-sensitive-expected.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-
-PASS XMLHttpRequest: open() - case-sensitive methods test (XUNICORN)
-PASS XMLHttpRequest: open() - case-sensitive methods test (xUNIcorn)
-PASS XMLHttpRequest: open() - case-sensitive methods test (chiCKEN)
-PASS XMLHttpRequest: open() - case-sensitive methods test (PATCH)
-PASS XMLHttpRequest: open() - case-sensitive methods test (patCH)
-PASS XMLHttpRequest: open() - case-sensitive methods test (copy)
-PASS XMLHttpRequest: open() - case-sensitive methods test (COpy)
-PASS XMLHttpRequest: open() - case-sensitive methods test (inDEX)
-PASS XMLHttpRequest: open() - case-sensitive methods test (movE)
-
diff --git a/LayoutTests/platform/mac-ventura/media/media-can-play-h265-video-expected.txt b/LayoutTests/platform/mac-ventura/media/media-can-play-h265-video-expected.txt
deleted file mode 100644
index 75dc868886c29..0000000000000
--- a/LayoutTests/platform/mac-ventura/media/media-can-play-h265-video-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-
-Test HTMLMediaElement canPlayType() method with multiple video mpeg4 MIME types with H265 codecs.
-
-These tests may be expected to fail if the WebKit port does not support the format.
-
-EXPECTED (video.canPlayType('video/mp4') == 'maybe') OK
-EXPECTED (video.canPlayType('video/mp4; Codecs="hvc1.2.20000000.l123.b0"') == 'probably') OK
-EXPECTED (video.canPlayType(' Video/MP4 ; CODECS="hev1.1.6.L150.B0"') == 'probably'), OBSERVED '' FAIL
-END OF TEST
-
diff --git a/LayoutTests/platform/mac-ventura/media/media-can-play-mpeg4-video-expected.txt b/LayoutTests/platform/mac-ventura/media/media-can-play-mpeg4-video-expected.txt
deleted file mode 100644
index 5e6247457f6cd..0000000000000
--- a/LayoutTests/platform/mac-ventura/media/media-can-play-mpeg4-video-expected.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-
-Test HTMLMediaElement canPlayType() method with multiple video mpeg4 MIME types.
-
-These tests may be expected to fail if the WebKit port does not support the format.
-
-EXPECTED (video.canPlayType('video/x-m4v') == 'maybe') OK
-EXPECTED (video.canPlayType('video/mp4') == 'maybe') OK
-EXPECTED (video.canPlayType('video/mp4; Codecs="avc1"') == 'probably') OK
-EXPECTED (video.canPlayType('video/mp4; Codecs="avc1.4D400C"') == 'probably') OK
-EXPECTED (video.canPlayType(' Video/MP4 ; CODECS="mp4v.20.8, mp4a.40.2"') == 'probably') OK
-END OF TEST
-
diff --git a/LayoutTests/platform/mac-ventura/media/media-can-play-wav-audio-expected.txt b/LayoutTests/platform/mac-ventura/media/media-can-play-wav-audio-expected.txt
deleted file mode 100644
index cda3343b6faf3..0000000000000
--- a/LayoutTests/platform/mac-ventura/media/media-can-play-wav-audio-expected.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-
-Test HTMLMediaElement canPlayType() method with multiple .wav MIME types.
-
-These tests may be expected to fail if the WebKit port does not support the format.
-
-EXPECTED (audio.canPlayType('audio/wav') == 'maybe') OK
-EXPECTED (audio.canPlayType('audio/x-wav') == 'maybe') OK
-EXPECTED (audio.canPlayType('audio/vnd.wave') == 'maybe') OK
-EXPECTED (audio.canPlayType('audio/wav; codecs=1') == 'probably'), OBSERVED '' FAIL
-EXPECTED (audio.canPlayType('audio/x-wav; codecs=1') == 'probably'), OBSERVED '' FAIL
-EXPECTED (audio.canPlayType('audio/vnd.wave; codecs=1') == 'probably'), OBSERVED '' FAIL
-END OF TEST
-
diff --git a/LayoutTests/platform/mac-ventura/media/video-source-type-params-expected.txt b/LayoutTests/platform/mac-ventura/media/video-source-type-params-expected.txt
deleted file mode 100644
index a2571029e58bb..0000000000000
--- a/LayoutTests/platform/mac-ventura/media/video-source-type-params-expected.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-EVENT(loadstart)
-EXPECTED (stripExtension(relativeURL(video.currentSrc)) == 'content/test') OK
-END OF TEST
-
diff --git a/LayoutTests/platform/mac-ventura/printing/print-with-media-query-destory-expected.txt b/LayoutTests/platform/mac-ventura/printing/print-with-media-query-destory-expected.txt
deleted file mode 100644
index 36ef5be8a2517..0000000000000
--- a/LayoutTests/platform/mac-ventura/printing/print-with-media-query-destory-expected.txt
+++ /dev/null
@@ -1 +0,0 @@
-Pass if no crash or assert
diff --git a/LayoutTests/platform/mac-ventura/scrollbars/overflow-scrollbar-combinations-expected.txt b/LayoutTests/platform/mac-ventura/scrollbars/overflow-scrollbar-combinations-expected.txt
deleted file mode 100644
index 37100e53c0d49..0000000000000
--- a/LayoutTests/platform/mac-ventura/scrollbars/overflow-scrollbar-combinations-expected.txt
+++ /dev/null
@@ -1,1208 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderText {#text} at (165,0) size 4x18
-        text run at (165,0) width 4: " "
-      RenderText {#text} at (334,0) size 4x18
-        text run at (334,0) width 4: " "
-      RenderText {#text} at (503,0) size 4x18
-        text run at (503,0) width 4: " "
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (165,140) size 4x18
-        text run at (165,140) width 4: " "
-      RenderText {#text} at (334,140) size 4x18
-        text run at (334,140) width 4: " "
-      RenderText {#text} at (503,140) size 4x18
-        text run at (503,140) width 4: " "
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (165,280) size 4x18
-        text run at (165,280) width 4: " "
-      RenderText {#text} at (334,280) size 4x18
-        text run at (334,280) width 4: " "
-      RenderText {#text} at (503,280) size 4x18
-        text run at (503,280) width 4: " "
-      RenderText {#text} at (0,0) size 0x0
-      RenderText {#text} at (165,420) size 4x18
-        text run at (165,420) width 4: " "
-      RenderText {#text} at (334,420) size 4x18
-        text run at (334,420) width 4: " "
-      RenderText {#text} at (0,0) size 0x0
-layer at (28,28) size 125x100 clip at (29,29) size 110x85 scrollHeight 2135
-  RenderBlock {DIV} at (20,20) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (197,28) size 125x100 clip at (198,29) size 110x98 scrollHeight 2135
-  RenderBlock {DIV} at (189,20) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (366,28) size 125x100 clip at (367,29) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (358,20) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (535,28) size 125x100 clip at (536,29) size 110x85 scrollHeight 2135
-  RenderBlock {DIV} at (527,20) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (28,168) size 125x100 clip at (29,169) size 110x98 scrollHeight 2135
-  RenderBlock {DIV} at (20,160) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (197,168) size 125x100 clip at (198,169) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (189,160) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (366,168) size 125x100 clip at (367,169) size 110x98 scrollHeight 2135
-  RenderBlock {DIV} at (358,160) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (535,168) size 125x100 clip at (536,169) size 123x85 scrollWidth 420 scrollHeight 185
-  RenderBlock {DIV} at (527,160) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x185
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-layer at (28,308) size 125x100 clip at (29,309) size 110x98 scrollHeight 2135
-  RenderBlock {DIV} at (20,300) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderText {#text} at (11,11) size 89x810
-      text run at (11,11) width 79: "Lorem ipsum"
-      text run at (11,26) width 89: "dolor sit amet,"
-      text run at (11,41) width 78: "consectetuer"
-      text run at (11,56) width 87: "adipiscing elit."
-      text run at (11,71) width 75: "Morbi et nisi"
-      text run at (11,86) width 35: "ut est"
-      text run at (11,101) width 59: "venenatis"
-      text run at (11,116) width 47: "viverra."
-      text run at (11,131) width 79: "Aenean pede"
-      text run at (11,146) width 72: "orci, blandit"
-      text run at (11,161) width 84: "quis, faucibus"
-      text run at (11,176) width 80: "quis, egestas"
-      text run at (11,191) width 41: "ut, mi."
-      text run at (11,206) width 77: "Pellentesque"
-      text run at (11,221) width 73: "enim purus,"
-      text run at (11,236) width 59: "venenatis"
-      text run at (11,251) width 61: "dignissim,"
-      text run at (11,266) width 69: "tincidunt a,"
-      text run at (11,281) width 72: "ullamcorper"
-      text run at (11,296) width 66: "eget, nibh."
-      text run at (11,311) width 88: "Nullam ut sem"
-      text run at (11,326) width 86: "adipiscing orci"
-      text run at (11,341) width 50: "vehicula"
-      text run at (11,356) width 59: "interdum."
-      text run at (11,371) width 81: "Proin a enim."
-      text run at (11,386) width 56: "Phasellus"
-      text run at (11,401) width 69: "sollicitudin,"
-      text run at (11,416) width 75: "magna vitae"
-      text run at (11,431) width 67: "vestibulum"
-      text run at (11,446) width 85: "facilisis, tellus"
-      text run at (11,461) width 71: "nunc iaculis"
-      text run at (11,476) width 46: "arcu, in"
-      text run at (11,491) width 81: "molestie sem"
-      text run at (11,506) width 75: "velit tempus"
-      text run at (11,521) width 40: "est. In"
-      text run at (11,536) width 78: "eleifend velit"
-      text run at (11,551) width 42: "at sem"
-      text run at (11,566) width 60: "adipiscing"
-      text run at (11,581) width 84: "sodales. Nunc"
-      text run at (11,596) width 72: "sapien felis,"
-      text run at (11,611) width 69: "aliquam et,"
-      text run at (11,626) width 50: "volutpat"
-      text run at (11,641) width 53: "rhoncus,"
-      text run at (11,656) width 83: "condimentum"
-      text run at (11,671) width 60: "ut, tortor."
-      text run at (11,686) width 71: "Integer est."
-      text run at (11,701) width 49: "Quisque"
-      text run at (11,716) width 47: "viverra."
-      text run at (11,731) width 78: "Praesent sed"
-      text run at (11,746) width 31: "arcu."
-      text run at (11,761) width 74: "Maecenas id"
-      text run at (11,776) width 68: "lorem a leo"
-      text run at (11,791) width 45: "lobortis"
-      text run at (11,806) width 87: "condimentum."
-    RenderBR {BR} at (97,806) size 1x15
-    RenderBR {BR} at (11,821) size 0x15
-    RenderText {#text} at (11,836) size 89x735
-      text run at (11,836) width 27: "Cras"
-      text run at (11,851) width 59: "commodo"
-      text run at (11,866) width 88: "rutrum augue."
-      text run at (11,881) width 52: "Vivamus"
-      text run at (11,896) width 88: "iaculis. Nullam"
-      text run at (11,911) width 86: "est. Maecenas"
-      text run at (11,926) width 66: "consequat."
-      text run at (11,941) width 65: "Sed id dui."
-      text run at (11,956) width 63: "Vivamus a"
-      text run at (11,971) width 67: "nisl. Donec"
-      text run at (11,986) width 48: "pretium"
-      text run at (11,1001) width 79: "sapien. Proin"
-      text run at (11,1016) width 65: "et ligula et"
-      text run at (11,1031) width 85: "ligula placerat"
-      text run at (11,1046) width 54: "pulvinar."
-      text run at (11,1061) width 78: "Aliquam erat"
-      text run at (11,1076) width 89: "volutpat. Proin"
-      text run at (11,1091) width 38: "id est."
-      text run at (11,1106) width 75: "Suspendisse"
-      text run at (11,1121) width 89: "cursus, magna"
-      text run at (11,1136) width 72: "at hendrerit"
-      text run at (11,1151) width 66: "consequat,"
-      text run at (11,1166) width 64: "mauris est"
-      text run at (11,1181) width 58: "imperdiet"
-      text run at (11,1196) width 53: "neque, a"
-      text run at (11,1211) width 75: "ultrices arcu"
-      text run at (11,1226) width 55: "urna non"
-      text run at (11,1241) width 87: "nunc. Quisque"
-      text run at (11,1256) width 72: "tellus. Nulla"
-      text run at (11,1271) width 68: "nulla justo,"
-      text run at (11,1286) width 80: "vehicula nec,"
-      text run at (11,1301) width 77: "pellentesque"
-      text run at (11,1316) width 81: "eu, iaculis et,"
-      text run at (11,1331) width 37: "ligula."
-      text run at (11,1346) width 53: "Praesent"
-      text run at (11,1361) width 69: "mattis ante"
-      text run at (11,1376) width 52: "vel sem."
-      text run at (11,1391) width 75: "Suspendisse"
-      text run at (11,1406) width 84: "porta rhoncus"
-      text run at (11,1421) width 32: "urna."
-      text run at (11,1436) width 89: "Phasellus felis."
-      text run at (11,1451) width 53: "Praesent"
-      text run at (11,1466) width 43: "viverra"
-      text run at (11,1481) width 52: "convallis"
-      text run at (11,1496) width 38: "libero."
-      text run at (11,1511) width 86: "Maecenas non"
-      text run at (11,1526) width 84: "augue. Donec"
-      text run at (11,1541) width 56: "hendrerit"
-      text run at (11,1556) width 89: "lectus id enim."
-    RenderBR {BR} at (99,1556) size 1x15
-    RenderBR {BR} at (11,1571) size 0x15
-    RenderText {#text} at (11,1586) size 90x540
-      text run at (11,1586) width 67: "Nulla ligula"
-      text run at (11,1601) width 78: "dui, euismod"
-      text run at (11,1616) width 66: "et, sodales"
-      text run at (11,1631) width 29: "quis,"
-      text run at (11,1646) width 64: "sollicitudin"
-      text run at (11,1661) width 73: "quis, elit. In"
-      text run at (11,1676) width 82: "adipiscing est"
-      text run at (11,1691) width 60: "sed enim."
-      text run at (11,1706) width 51: "Fusce at"
-      text run at (11,1721) width 73: "massa vitae"
-      text run at (11,1736) width 87: "metus semper"
-      text run at (11,1751) width 60: "hendrerit."
-      text run at (11,1766) width 78: "Integer vitae"
-      text run at (11,1781) width 67: "urna. Nulla"
-      text run at (11,1796) width 68: "eget ligula."
-      text run at (11,1811) width 77: "Etiam libero."
-      text run at (11,1826) width 84: "Maecenas nisi"
-      text run at (11,1841) width 87: "nibh, convallis"
-      text run at (11,1856) width 58: "a, feugiat"
-      text run at (11,1871) width 87: "vitae, pulvinar"
-      text run at (11,1886) width 40: "et, mi."
-      text run at (11,1901) width 87: "Curabitur arcu"
-      text run at (11,1916) width 34: "pede,"
-      text run at (11,1931) width 90: "adipiscing sed,"
-      text run at (11,1946) width 76: "egestas nec,"
-      text run at (11,1961) width 79: "commodo in,"
-      text run at (11,1976) width 58: "elit. Nulla"
-      text run at (11,1991) width 77: "facilisi. Proin"
-      text run at (11,2006) width 87: "varius pede et"
-      text run at (11,2021) width 61: "dui lacinia"
-      text run at (11,2036) width 89: "dapibus. Morbi"
-      text run at (11,2051) width 67: "nec augue."
-      text run at (11,2066) width 31: "Proin"
-      text run at (11,2081) width 58: "imperdiet"
-      text run at (11,2096) width 50: "lacus eu"
-      text run at (11,2111) width 37: "tellus."
-layer at (197,308) size 125x100 clip at (198,309) size 123x85 scrollWidth 420 scrollHeight 185
-  RenderBlock {DIV} at (189,300) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x185
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-layer at (366,308) size 125x100 clip at (367,309) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (358,300) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (535,308) size 125x100 clip at (536,309) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (527,300) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (28,448) size 125x100 clip at (29,449) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (20,440) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (197,448) size 125x100 clip at (198,449) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (189,440) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
-layer at (366,448) size 125x100 clip at (367,449) size 110x85 scrollWidth 420 scrollHeight 455
-  RenderBlock {DIV} at (358,440) size 125x100 [color=#DCDCDC] [bgcolor=#718D93] [border: (1px solid #D3D3D3)]
-    RenderBlock {DIV} at (1,1) size 420x455
-      RenderText {#text} at (10,10) size 398x165
-        text run at (10,10) width 397: "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Morbi et"
-        text run at (10,25) width 364: "nisi ut est venenatis viverra. Aenean pede orci, blandit quis,"
-        text run at (10,40) width 398: "faucibus quis, egestas ut, mi. Pellentesque enim purus, venenatis"
-        text run at (10,55) width 371: "dignissim, tincidunt a, ullamcorper eget, nibh. Nullam ut sem"
-        text run at (10,70) width 348: "adipiscing orci vehicula interdum. Proin a enim. Phasellus"
-        text run at (10,85) width 381: "sollicitudin, magna vitae vestibulum facilisis, tellus nunc iaculis"
-        text run at (10,100) width 380: "arcu, in molestie sem velit tempus est. In eleifend velit at sem"
-        text run at (10,115) width 350: "adipiscing sodales. Nunc sapien felis, aliquam et, volutpat"
-        text run at (10,130) width 382: "rhoncus, condimentum ut, tortor. Integer est. Quisque viverra."
-        text run at (10,145) width 312: "Praesent sed arcu. Maecenas id lorem a leo lobortis"
-        text run at (10,160) width 87: "condimentum."
-      RenderBR {BR} at (96,160) size 1x15
-      RenderBR {BR} at (10,175) size 0x15
-      RenderText {#text} at (10,190) size 398x135
-        text run at (10,190) width 357: "Cras commodo rutrum augue. Vivamus iaculis. Nullam est."
-        text run at (10,205) width 387: "Maecenas consequat. Sed id dui. Vivamus a nisl. Donec pretium"
-        text run at (10,220) width 375: "sapien. Proin et ligula et ligula placerat pulvinar. Aliquam erat"
-        text run at (10,235) width 378: "volutpat. Proin id est. Suspendisse cursus, magna at hendrerit"
-        text run at (10,250) width 389: "consequat, mauris est imperdiet neque, a ultrices arcu urna non"
-        text run at (10,265) width 398: "nunc. Quisque tellus. Nulla nulla justo, vehicula nec, pellentesque"
-        text run at (10,280) width 386: "eu, iaculis et, ligula. Praesent mattis ante vel sem. Suspendisse"
-        text run at (10,295) width 372: "porta rhoncus urna. Phasellus felis. Praesent viverra convallis"
-        text run at (10,310) width 368: "libero. Maecenas non augue. Donec hendrerit lectus id enim."
-      RenderBR {BR} at (377,310) size 1x15
-      RenderBR {BR} at (10,325) size 0x15
-      RenderText {#text} at (10,340) size 397x105
-        text run at (10,340) width 397: "Nulla ligula dui, euismod et, sodales quis, sollicitudin quis, elit. In"
-        text run at (10,355) width 368: "adipiscing est sed enim. Fusce at massa vitae metus semper"
-        text run at (10,370) width 365: "hendrerit. Integer vitae urna. Nulla eget ligula. Etiam libero."
-        text run at (10,385) width 371: "Maecenas nisi nibh, convallis a, feugiat vitae, pulvinar et, mi."
-        text run at (10,400) width 381: "Curabitur arcu pede, adipiscing sed, egestas nec, commodo in,"
-        text run at (10,415) width 386: "elit. Nulla facilisi. Proin varius pede et dui lacinia dapibus. Morbi"
-        text run at (10,430) width 258: "nec augue. Proin imperdiet lacus eu tellus."
diff --git a/LayoutTests/platform/mac-ventura/svg/custom/inline-svg-in-xhtml-expected.txt b/LayoutTests/platform/mac-ventura/svg/custom/inline-svg-in-xhtml-expected.txt
deleted file mode 100644
index 806ac19bfc5ba..0000000000000
--- a/LayoutTests/platform/mac-ventura/svg/custom/inline-svg-in-xhtml-expected.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x0
-  RenderBlock {html} at (0,0) size 800x0
-layer at (48,38) size 722x542 layerType: background only
-layer at (49,39) size 720x540
-  RenderSVGRoot {svg} at (49,39) size 720x540
-    RenderSVGResourceLinearGradient {linearGradient} [id="gradient"] [gradientUnits=objectBoundingBox] [start=(0,0)] [end=(1,0)]
-      RenderSVGGradientStop {stop} [offset=0.00] [color=#FFFF00]
-      RenderSVGGradientStop {stop} [offset=1.00] [color=#008000]
-    RenderSVGRect {rect} at (49,39) size 720x540 [fill={[type=LINEAR-GRADIENT] [id="gradient"]}] [x=0.00] [y=0.00] [width=100.00] [height=100.00]
-    RenderSVGEllipse {circle} at (193,93) size 432x432 [fill={[type=LINEAR-GRADIENT] [id="gradient"]}] [cx=50.00] [cy=50.00] [r=30.00]
-layer at (48,38) size 722x542 layerType: foreground only
-  RenderBody {body} at (48,38) size 722x542 [border: (1px solid #000000)]
-    RenderBlock {form} at (1,1) size 720x122
-      RenderFieldSet {fieldset} at (2,0) size 716x122 [border: (2px groove #C0C0C0)]
-        RenderBlock {legend} at (14,0) size 88x18
-          RenderText {#text} at (2,0) size 84x18
-            text run at (2,0) width 84: "HTML Form"
-        RenderBlock {p} at (14,39) size 688x20
-          RenderInline {label} at (0,0) size 110x18
-            RenderText {#text} at (0,0) size 110x18
-              text run at (0,0) width 110: "Enter something:"
-          RenderText {#text} at (109,0) size 5x18
-            text run at (109,0) width 5: " "
-          RenderTextControl {input} at (113,0) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-        RenderBlock {p} at (14,74) size 688x20
-          RenderButton {button} at (0,1) size 63x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 47x13
-              RenderText {#text} at (0,0) size 47x13
-                text run at (0,0) width 47: "Activate!"
-layer at (182,82) size 141x13
-  RenderBlock {div} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/svg/custom/svg-fonts-in-html-expected.txt b/LayoutTests/platform/mac-ventura/svg/custom/svg-fonts-in-html-expected.txt
deleted file mode 100644
index 432230f9342df..0000000000000
--- a/LayoutTests/platform/mac-ventura/svg/custom/svg-fonts-in-html-expected.txt
+++ /dev/null
@@ -1,89 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x518
-  RenderBlock {HTML} at (0,0) size 800x518 [bgcolor=#FFFFFF]
-layer at (173,32) size 454x454
-  RenderBody {BODY} at (173,32) size 454x454 [color=#FFFFFF] [bgcolor=#DD6600]
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderBlock {DIV} at (0,0) size 454x0
-        RenderBlock {DIV} at (0,0) size 454x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-    RenderBlock {DIV} at (0,0) size 454x0
-      RenderInline {SPAN} at (0,0) size 0x0
-layer at (173,47) size 454x190
-  RenderBlock (positioned) {H1} at (0,15) size 454x191 [color=#DD9955]
-    RenderInline {SPAN} at (55,-1) size 343x192
-      RenderText {#text} at (55,-1) size 343x192
-        text run at (62,-1) width 165: "CSS"
-        text run at (198,-1) width 193: " ZEN"
-        text run at (55,94) width 343: "GARDEN"
-layer at (173,119) size 454x21
-  RenderBlock (positioned) {H2} at (0,87) size 454x22 [color=#EEFF00]
-    RenderInline {SPAN} at (152,1) size 149x19
-      RenderText {#text} at (152,1) size 88x19
-        text run at (152,1) width 88: "The Beauty of "
-      RenderInline {ACRONYM} at (239,1) size 22x19
-        RenderText {#text} at (239,1) size 22x19
-          text run at (239,1) width 22: "CSS"
-      RenderText {#text} at (260,1) size 41x19
-        text run at (260,1) width 41: " Design"
-layer at (173,351) size 454x135
-  RenderBlock (positioned) {DIV} at (0,319) size 454x135
-    RenderInline {P} at (11,0) size 431x28
-      RenderInline {SPAN} at (11,0) size 431x28
-        RenderText {#text} at (11,0) size 431x28
-          text run at (11,0) width 431: "Littering a dark and dreary road lay the past relics of browser-"
-          text run at (11,14) width 199: "specific tags, incompatible "
-        RenderInline {ACRONYM} at (209,14) size 31x14
-          RenderText {#text} at (209,14) size 31x14
-            text run at (209,14) width 31: "DOM"
-        RenderText {#text} at (239,14) size 113x14
-          text run at (239,14) width 113: "s, and broken "
-        RenderInline {ACRONYM} at (351,14) size 26x14
-          RenderText {#text} at (351,14) size 26x14
-            text run at (351,14) width 26: "CSS"
-        RenderText {#text} at (376,14) size 66x14
-          text run at (376,14) width 66: " support."
-    RenderText {#text} at (0,0) size 0x0
-    RenderInline {P} at (11,28) size 431x42
-      RenderInline {SPAN} at (11,28) size 431x42
-        RenderText {#text} at (11,28) size 431x42
-          text run at (11,28) width 431: "Today, we must clear the mind of past practices. Web"
-          text run at (11,42) width 431: "enlightenment has been achieved thanks to the tireless efforts"
-          text run at (11,56) width 104: "of folk like the "
-        RenderInline {ACRONYM} at (114,56) size 31x14
-          RenderText {#text} at (114,56) size 31x14
-            text run at (114,56) width 31: "W3C"
-        RenderText {#text} at (144,56) size 10x14
-          text run at (144,56) width 10: ", "
-        RenderInline {ACRONYM} at (153,56) size 39x14
-          RenderText {#text} at (153,56) size 39x14
-            text run at (153,56) width 39: "WaSP"
-        RenderText {#text} at (191,56) size 222x14
-          text run at (191,56) width 222: " and the major browser creators."
-    RenderText {#text} at (412,56) size 6x14
-      text run at (412,56) width 6: " "
-    RenderInline {P} at (11,56) size 431x70
-      RenderInline {SPAN} at (11,56) size 431x70
-        RenderText {#text} at (11,56) size 431x70
-          text run at (417,56) width 25: "The"
-          text run at (11,70) width 431: "css Zen Garden invites you to relax and meditate on the"
-          text run at (11,84) width 431: "important lessons of the masters. Begin to see with clarity."
-          text run at (11,98) width 431: "Learn to use the (yet to be) time-honored techniques in new and"
-          text run at (11,112) width 316: "invigorating fashion. Become one with the web."
-    RenderText {#text} at (0,0) size 0x0
-layer at (321,235) size 306x80
-  RenderBlock (positioned) {H3} at (148,-116) size 306x81 [color=#CCCC77] [bgcolor=#888811] [border: (3px solid #888811) none (3px solid #888811)]
-    RenderInline {SPAN} at (3,-2) size 276x83
-      RenderText {#text} at (3,-2) size 276x83
-        text run at (45,-2) width 231: "The Road to"
-        text run at (3,35) width 276: "Enlightenment"
diff --git a/LayoutTests/platform/mac-ventura/svg/hixie/mixed/003-expected.txt b/LayoutTests/platform/mac-ventura/svg/hixie/mixed/003-expected.txt
deleted file mode 100644
index 59730ebec8326..0000000000000
--- a/LayoutTests/platform/mac-ventura/svg/hixie/mixed/003-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x297
-  RenderBlock {html} at (0,0) size 800x297
-    RenderBody {body} at (8,16) size 784x273
-      RenderBlock {p} at (0,0) size 784x19
-        RenderTextControl {input} at (0,0) size 357x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {p} at (0,35) size 784x18
-        RenderText {#text} at (0,0) size 465x18
-          text run at (0,0) width 465: "It should say \"PASSED\" above and there should be a green circle below."
-      RenderBlock (anonymous) at (0,69) size 784x204
-        RenderSVGRoot {svg} at (8,85) size 100x100
-          RenderSVGEllipse {circle} at (8,85) size 100x100 [fill={[type=SOLID] [color=#008000]}] [cx=50.00] [cy=50.00] [r=50.00]
-        RenderText {#text} at (0,0) size 0x0
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,19) size 351x13
-  RenderBlock {div} at (3,3) size 351x13
-    RenderText {#text} at (0,0) size 117x13
-      text run at (0,0) width 117: "This test has PASSED."
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug1188-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug1188-expected.txt
deleted file mode 100644
index 364ad5484cd07..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug1188-expected.txt
+++ /dev/null
@@ -1,141 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {FORM} at (0,0) size 784x194
-        RenderTable {TABLE} at (0,10) size 600x184
-          RenderTableSection {TBODY} at (0,0) size 600x184
-            RenderTableRow {TR} at (0,2) size 600x44
-              RenderTableCell {TD} at (2,2) size 595x44 [r=0 c=0 rs=1 cs=3]
-                RenderImage {IMG} at (7,1) size 580x42
-                RenderText {#text} at (0,0) size 0x0
-            RenderTableRow {TR} at (0,48) size 600x55
-              RenderTableCell {TD} at (2,57) size 595x37 [bgcolor=#99CCCC] [r=1 c=0 rs=1 cs=3]
-                RenderInline {FONT} at (54,12) size 128x16
-                  RenderInline {B} at (54,12) size 128x16
-                    RenderText {#text} at (54,12) size 128x16
-                      text run at (54,3) width 128: "Search the Web with"
-                RenderText {#text} at (181,10) size 5x19
-                  text run at (181,1) width 5: " "
-                RenderMenuList {SELECT} at (185,11) size 82x19 [bgcolor=#FFFFFF]
-                  RenderBlock (anonymous) at (0,0) size 81x18
-                    RenderText at (8,2) size 50x13
-                      text run at (8,2) width 50: "Netscape"
-                RenderTextControl {INPUT} at (266,10) size 218x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (483,10) size 5x19
-                  text run at (483,1) width 5: " "
-                RenderButton {INPUT} at (487,11) size 53x19 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 37x13
-                    RenderText at (0,0) size 37x13
-                      text run at (0,0) width 37: "Search"
-                RenderBR {BR} at (539,10) size 1x19
-                RenderInline {SMALL} at (13,29) size 568x16
-                  RenderInline {A} at (13,29) size 100x16 [color=#0000EE]
-                    RenderText {#text} at (13,29) size 100x16
-                      text run at (13,20) width 100: "Classifieds< /A>   "
-                  RenderInline {A} at (112,29) size 60x16 [color=#0000EE]
-                    RenderText {#text} at (112,29) size 60x16
-                      text run at (112,20) width 24: "Net "
-                      text run at (135,20) width 37: "Search"
-                  RenderText {#text} at (171,29) size 11x16
-                    text run at (171,20) width 11: "   "
-                  RenderInline {A} at (181,29) size 83x16 [color=#0000EE]
-                    RenderText {#text} at (181,29) size 83x16
-                      text run at (181,20) width 57: "Find Web "
-                      text run at (237,20) width 27: "Sites"
-                  RenderText {#text} at (263,29) size 11x16
-                    text run at (263,20) width 4: " "
-                    text run at (266,20) width 8: "  "
-                  RenderInline {A} at (273,29) size 66x16 [color=#0000EE]
-                    RenderText {#text} at (273,29) size 66x16
-                      text run at (273,20) width 40: "What's "
-                      text run at (312,20) width 27: "Cool"
-                  RenderText {#text} at (338,29) size 11x16
-                    text run at (338,20) width 11: "   "
-                  RenderInline {A} at (348,29) size 66x16 [color=#0000EE]
-                    RenderText {#text} at (348,29) size 66x16
-                      text run at (348,20) width 66: "What's New"
-                  RenderText {#text} at (413,29) size 11x16
-                    text run at (413,20) width 11: "   "
-                  RenderInline {A} at (423,29) size 76x16 [color=#0000EE]
-                    RenderText {#text} at (423,29) size 76x16
-                      text run at (423,20) width 76: "People Finder"
-                  RenderText {#text} at (498,29) size 11x16
-                    text run at (498,20) width 11: "   "
-                  RenderInline {A} at (508,29) size 73x16 [color=#0000EE]
-                    RenderText {#text} at (508,29) size 73x16
-                      text run at (508,20) width 73: "Yellow Pages"
-                  RenderText {#text} at (0,0) size 0x0
-                RenderText {#text} at (0,0) size 0x0
-            RenderTableRow {TR} at (0,105) size 600x50
-              RenderTableCell {TD} at (2,114) size 160x32 [r=2 c=0 rs=1 cs=1]
-                RenderInline {A} at (21,8) size 118x33 [color=#0000EE]
-                  RenderInline {FONT} at (21,10) size 118x30 [color=#CC0033]
-                    RenderText {#text} at (21,10) size 118x30
-                      text run at (21,1) width 118: "Download Netscape"
-                      text run at (26,16) width 107: "Communicator 4.5"
-              RenderTableCell {TD} at (163,105) size 272x50 [r=2 c=1 rs=1 cs=1]
-                RenderInline {A} at (19,22) size 233x28 [color=#0000EE]
-                  RenderImage {IMG} at (19,1) size 233x35 [border: (1px solid #0000EE)]
-                  RenderBR {BR} at (251,22) size 1x18
-                  RenderInline {FONT} at (111,36) size 48x13
-                    RenderText {#text} at (111,36) size 48x13
-                      text run at (111,36) width 48: "Click Here!"
-                RenderBR {BR} at (158,32) size 1x18
-              RenderTableCell {TD} at (436,121) size 161x18 [r=2 c=2 rs=1 cs=1]
-                RenderInline {A} at (14,15) size 132x19 [color=#0000EE]
-                  RenderInline {FONT} at (14,17) size 132x16 [color=#0066FF]
-                    RenderText {#text} at (14,17) size 132x16
-                      text run at (14,1) width 132: "Hassle-Free Upgrades"
-                RenderText {#text} at (0,0) size 0x0
-            RenderTableRow {TR} at (0,157) size 600x20
-              RenderTableCell {TD} at (2,157) size 595x20 [r=3 c=0 rs=1 cs=3]
-                RenderInline {A} at (15,1) size 49x18 [color=#0000EE]
-                  RenderInline {FONT} at (15,3) size 49x15 [color=#0066FF]
-                    RenderInline {B} at (15,3) size 49x15
-                      RenderText {#text} at (15,3) size 49x15
-                        text run at (15,3) width 49: "Contact"
-                RenderText {#text} at (63,1) size 14x18
-                  text run at (63,1) width 14: " : "
-                RenderInline {SMALL} at (76,3) size 503x15
-                  RenderInline {A} at (76,3) size 77x15 [color=#0000EE]
-                    RenderText {#text} at (76,3) size 77x15
-                      text run at (76,3) width 77: "Address Book"
-                  RenderText {#text} at (152,3) size 12x15
-                    text run at (152,3) width 12: " - "
-                  RenderInline {A} at (163,3) size 65x15 [color=#0000EE]
-                    RenderText {#text} at (163,3) size 65x15
-                      text run at (163,3) width 65: "Discussions"
-                  RenderText {#text} at (227,3) size 12x15
-                    text run at (227,3) width 12: " - "
-                  RenderInline {A} at (238,3) size 98x15 [color=#0000EE]
-                    RenderText {#text} at (238,3) size 98x15
-                      text run at (238,3) width 98: "Instant Messenger"
-                  RenderText {#text} at (335,3) size 12x15
-                    text run at (335,3) width 12: " - "
-                  RenderInline {A} at (346,3) size 79x15 [color=#0000EE]
-                    RenderText {#text} at (346,3) size 79x15
-                      text run at (346,3) width 79: "Long Distance"
-                  RenderText {#text} at (424,3) size 12x15
-                    text run at (424,3) width 12: " - "
-                  RenderInline {A} at (435,3) size 52x15 [color=#0000EE]
-                    RenderText {#text} at (435,3) size 52x15
-                      text run at (435,3) width 52: "Members"
-                  RenderText {#text} at (486,3) size 12x15
-                    text run at (486,3) width 12: " - "
-                  RenderInline {A} at (497,3) size 82x15 [color=#0000EE]
-                    RenderText {#text} at (497,3) size 82x15
-                      text run at (497,3) width 82: "WebMail< /A>"
-                RenderInline {A} at (578,1) size 0x18 [color=#0000EE]
-                  RenderText {#text} at (0,0) size 0x0
-            RenderTableRow {TR} at (0,179) size 600x3
-              RenderTableCell {TD} at (2,179) size 597x3 [bgcolor=#99CCCC] [r=4 c=0 rs=1 cs=4]
-                RenderTable {TABLE} at (1,1) size 0x1
-                  RenderTableSection {TBODY} at (0,0) size 0x1
-                    RenderTableRow {TR} at (0,0) size 0x1
-                      RenderTableCell {TD} at (0,0) size 0x0 [r=0 c=0 rs=1 cs=1]
-layer at (8,8) size 602x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,0) size 602x2 [color=#808080] [border: (1px inset #808080)]
-layer at (279,80) size 211x13
-  RenderBlock {DIV} at (3,3) size 211x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug12384-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug12384-expected.txt
deleted file mode 100644
index a69bcfa7d8aec..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug12384-expected.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {FORM} at (0,0) size 784x23
-        RenderTable {TABLE} at (0,0) size 682x23 [bgcolor=#FFE030] [border: (1px outset #000000)]
-          RenderTableSection {TBODY} at (1,1) size 680x21
-            RenderTableRow {TR} at (0,0) size 680x21
-              RenderTableCell {TD} at (0,0) size 680x21 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                RenderInline {NOBR} at (1,1) size 678x18
-                  RenderTextControl {INPUT} at (1,1) size 217x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderText {#text} at (217,1) size 15x18
-                    text run at (217,1) width 15: " - "
-                  RenderTextControl {INPUT} at (231,1) size 217x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                  RenderText {#text} at (447,1) size 15x18
-                    text run at (447,1) width 15: " - "
-                  RenderTextControl {INPUT} at (461,1) size 218x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (0,0) size 0x0
-            RenderTableRow {TR} at (0,21) size 680x0
-layer at (13,13) size 211x13
-  RenderBlock {DIV} at (3,3) size 211x13
-layer at (243,13) size 211x13
-  RenderBlock {DIV} at (3,3) size 211x13
-layer at (473,13) size 211x13
-  RenderBlock {DIV} at (3,3) size 211x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug18359-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug18359-expected.txt
deleted file mode 100644
index 7840731258c46..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug18359-expected.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {H2} at (0,0) size 784x28
-        RenderText {#text} at (0,0) size 362x28
-          text run at (0,0) width 362: "SeaMonkey XPInstall Trigger Page"
-      RenderBlock {FORM} at (0,57) size 784x48
-        RenderTable {TABLE} at (0,0) size 661x47
-          RenderTableSection {TBODY} at (0,0) size 661x47
-            RenderTableRow {TR} at (0,2) size 661x21
-              RenderTableCell {TD} at (2,2) size 106x21 [r=0 c=0 rs=1 cs=1]
-                RenderInline {B} at (1,1) size 95x19
-                  RenderText {#text} at (1,1) size 95x19
-                    text run at (1,1) width 95: "Trigger URL:"
-              RenderTableCell {TD} at (109,2) size 464x21 [r=0 c=1 rs=1 cs=1]
-                RenderTextControl {INPUT} at (1,1) size 462x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderTableCell {TD} at (574,2) size 85x21 [r=0 c=2 rs=1 cs=1]
-                RenderButton {INPUT} at (1,1) size 54x19 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 38x13
-                    RenderText at (0,0) size 38x13
-                      text run at (0,0) width 38: "Trigger"
-            RenderTableRow {TR} at (0,25) size 661x20
-              RenderTableCell {TD} at (2,25) size 106x20 [r=1 c=0 rs=1 cs=1]
-                RenderInline {B} at (1,1) size 104x18
-                  RenderText {#text} at (1,1) size 104x18
-                    text run at (1,1) width 104: "Run Test Case:"
-              RenderTableCell {TD} at (109,25) size 464x20 [r=1 c=1 rs=1 cs=1]
-                RenderMenuList {SELECT} at (1,1) size 259x18 [bgcolor=#FFFFFF]
-                  RenderBlock (anonymous) at (0,0) size 259x18
-                    RenderText at (8,2) size 72x13
-                      text run at (8,2) width 72: "a_abortinstall"
-                RenderText {#text} at (0,0) size 0x0
-              RenderTableCell {TD} at (574,25) size 85x20 [r=1 c=2 rs=1 cs=1]
-                RenderButton {INPUT} at (1,1) size 82x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 66x13
-                    RenderText at (0,0) size 66x13
-                      text run at (0,0) width 66: "Trigger case"
-layer at (8,56) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,47) size 784x3 [color=#808080] [border: (1px inset #808080)]
-layer at (121,72) size 456x13
-  RenderBlock {DIV} at (3,3) size 456x13
-    RenderText {#text} at (0,0) size 93x13
-      text run at (0,0) width 93: "http://jimbob/jars/"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug24200-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug24200-expected.txt
deleted file mode 100644
index df8525a70a970..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug24200-expected.txt
+++ /dev/null
@@ -1,63 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {CENTER} at (0,0) size 784x200
-        RenderTable {TABLE} at (76,0) size 632x200 [border: (1px solid #FF0000)]
-          RenderTableSection {TBODY} at (1,1) size 628x197
-            RenderTableRow {TR} at (0,0) size 628x22
-              RenderTableCell {TD} at (0,0) size 628x22 [border: (2px solid #FF0000)] [r=0 c=0 rs=1 cs=2]
-                RenderText {#text} at (3,3) size 180x18
-                  text run at (3,3) width 180: "parent table, 1st row, 1st col"
-            RenderTableRow {TR} at (0,22) size 628x175
-              RenderTableCell {TD} at (0,22) size 143x175 [border: (1px solid #FF0000)] [r=1 c=0 rs=1 cs=1]
-                RenderBlock {FORM} at (3,2) size 139x155
-                  RenderTable {TABLE} at (0,0) size 139x155 [border: (1px solid #00FF00)]
-                    RenderTableSection {TBODY} at (1,1) size 136x152
-                      RenderTableRow {TR} at (0,0) size 136x22
-                        RenderTableCell {TD} at (0,0) size 136x22 [border: (2px solid #00FF00)] [r=0 c=0 rs=1 cs=1]
-                          RenderText {#text} at (3,3) size 24x18
-                            text run at (3,3) width 24: "text"
-                      RenderTableRow {TR} at (0,22) size 136x37
-                        RenderTableCell {TD} at (0,22) size 136x37 [border: (1px solid #00FF00)] [r=1 c=0 rs=1 cs=1]
-                          RenderTable {TABLE} at (3,2) size 131x34 [border: (1px solid #FFFF00)]
-                            RenderTableSection {TBODY} at (1,1) size 128x31
-                              RenderTableRow {TR} at (0,0) size 128x31
-                                RenderTableCell {TD} at (0,3) size 102x25 [border: (2px solid #FFFF00)] [r=0 c=0 rs=1 cs=1]
-                                  RenderTextControl {INPUT} at (3,6) size 84x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                                  RenderText {#text} at (0,0) size 0x0
-                                RenderTableCell {TD} at (101,0) size 28x31 [border: (2px solid #FFFF00)] [r=0 c=1 rs=1 cs=1]
-                                  RenderImage {INPUT} at (3,7) size 20x18
-                                  RenderText {#text} at (0,0) size 0x0
-                      RenderTableRow {TR} at (0,59) size 136x21
-                        RenderTableCell {TD} at (0,59) size 136x21 [border: (1px solid #00FF00)] [r=2 c=0 rs=1 cs=1]
-                          RenderText {#text} at (3,2) size 24x18
-                            text run at (3,2) width 24: "text"
-                      RenderTableRow {TR} at (0,80) size 136x50
-                        RenderTableCell {TD} at (0,80) size 136x50 [border: (1px solid #00FF00)] [r=3 c=0 rs=1 cs=1]
-                          RenderBlock (anonymous) at (3,2) size 131x0
-                            RenderInline {FONT} at (0,0) size 0x0
-                          RenderTable {TABLE} at (3,2) size 131x47 [border: (1px solid #FF00FF)]
-                            RenderTableSection {TBODY} at (1,1) size 128x44
-                              RenderTableRow {TR} at (0,0) size 128x22
-                                RenderTableCell {TD} at (0,0) size 128x22 [border: (2px solid #FF00FF)] [r=0 c=0 rs=1 cs=1]
-                                  RenderText {#text} at (3,3) size 54x18
-                                    text run at (3,3) width 54: "problem"
-                              RenderTableRow {TR} at (0,22) size 128x22
-                                RenderTableCell {TD} at (0,22) size 128x22 [border: (1px solid #FF00FF)] [r=1 c=0 rs=1 cs=1]
-                                  RenderText {#text} at (3,2) size 54x18
-                                    text run at (3,2) width 54: "problem"
-                      RenderTableRow {TR} at (0,130) size 136x22
-                        RenderTableCell {TD} at (0,130) size 136x22 [border: (1px solid #00FF00)] [r=4 c=0 rs=1 cs=1]
-                          RenderText {#text} at (3,2) size 24x18
-                            text run at (3,2) width 24: "text"
-              RenderTableCell {TD} at (143,22) size 485x30 [border: (1px solid #FF0000)] [r=1 c=1 rs=1 cs=1]
-                RenderTable {TABLE} at (2,2) size 481x26 [border: (1px solid #0000FF)]
-                  RenderTableSection {TBODY} at (1,1) size 478x23
-                    RenderTableRow {TR} at (0,0) size 478x23
-                      RenderTableCell {TD} at (0,0) size 478x23 [border: (2px solid #0000FF)] [r=0 c=0 rs=1 cs=1]
-                        RenderText {#text} at (3,3) size 48x18
-                          text run at (3,3) width 48: "overlap"
-layer at (100,69) size 78x13 backgroundClip at (100,69) size 77x13 clip at (100,69) size 77x13
-  RenderBlock {DIV} at (3,3) size 78x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-2-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-2-expected.txt
deleted file mode 100644
index 8cfdf2687a329..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-2-expected.txt
+++ /dev/null
@@ -1,120 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x553
-  RenderBlock {HTML} at (0,0) size 800x553 [bgcolor=#00FF99]
-    RenderBody {BODY} at (57,64) size 686x425 [bgcolor=#99FFCC] [border: (3px solid #000000)]
-      RenderBlock {P} at (3,3) size 680x64
-        RenderText {#text} at (0,6) size 632x51
-          text run at (0,6) width 593: "These links are in an element with display table-row, and the li elements "
-          text run at (592,6) width 40: "have"
-          text run at (0,38) width 155: "display: table-cell. "
-          text run at (154,38) width 131: "They disappear:"
-      RenderTable at (3,67) size 302x19
-        RenderTableSection (anonymous) at (0,0) size 302x19
-          RenderTableRow {UL} at (0,0) size 302x19 [bgcolor=#00CC99]
-            RenderTableCell {LI} at (0,0) size 76x19 [r=0 c=0 rs=1 cs=1]
-              RenderInline {A} at (11,0) size 54x19 [color=#0000EE]
-                RenderText {#text} at (11,0) size 54x19
-                  text run at (11,0) width 54: "people"
-            RenderTableCell {LI} at (75,0) size 76x19 [r=0 c=1 rs=1 cs=1]
-              RenderInline {A} at (12,0) size 51x19 [color=#0000EE]
-                RenderText {#text} at (12,0) size 51x19
-                  text run at (12,0) width 51: "places"
-            RenderTableCell {LI} at (150,0) size 76x19 [r=0 c=2 rs=1 cs=1]
-              RenderInline {A} at (0,0) size 76x19 [color=#0000EE]
-                RenderText {#text} at (0,0) size 76x19
-                  text run at (0,0) width 76: "members"
-            RenderTableCell {LI} at (225,0) size 77x19 [r=0 c=3 rs=1 cs=1]
-              RenderInline {A} at (19,0) size 38x19 [color=#0000EE]
-                RenderText {#text} at (19,0) size 38x19
-                  text run at (19,0) width 38: "links"
-      RenderBlock {DIV} at (3,86) size 680x336
-        RenderBlock (anonymous) at (16,16) size 648x19
-          RenderText {#text} at (0,0) size 510x19
-            text run at (0,0) width 227: "This text is not in the form. "
-            text run at (226,0) width 284: "The form should be indented 40px."
-        RenderBlock {FORM} at (96,35) size 568x285
-          RenderBlock {P} at (0,0) size 568x64
-            RenderText {#text} at (0,6) size 541x51
-              text run at (0,6) width 195: "This is text in the form. "
-              text run at (194,6) width 230: "It should be indented 40px. "
-              text run at (423,6) width 118: "The form itself"
-              text run at (0,38) width 373: "has the same table-row/table-cell problem as "
-              text run at (372,38) width 55: "above."
-          RenderBlock {P} at (0,64) size 568x63
-            RenderTable {SPAN} at (0,3) size 137x60
-              RenderTableSection (anonymous) at (0,0) size 137x60
-                RenderTableRow {SPAN} at (0,0) size 137x28
-                  RenderTableCell (anonymous) at (0,0) size 137x28 [r=0 c=0 rs=1 cs=1]
-                    RenderText {#text} at (0,6) size 137x16
-                      text run at (0,6) width 137: "First Name (required)"
-                RenderTableRow (anonymous) at (0,28) size 137x32
-                  RenderTableCell (anonymous) at (0,28) size 137x32 [r=1 c=0 rs=1 cs=1]
-                    RenderTextControl {INPUT} at (0,8) size 119x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (136,6) size 7x19
-              text run at (136,6) width 7: " "
-            RenderTable {SPAN} at (142,3) size 137x60
-              RenderTableSection (anonymous) at (0,0) size 137x60
-                RenderTableRow {SPAN} at (0,0) size 137x28
-                  RenderTableCell (anonymous) at (0,0) size 137x28 [r=0 c=0 rs=1 cs=1]
-                    RenderText {#text} at (0,6) size 137x16
-                      text run at (0,6) width 137: "Last Name (required)"
-                RenderTableRow (anonymous) at (0,28) size 137x32
-                  RenderTableCell (anonymous) at (0,28) size 137x32 [r=1 c=0 rs=1 cs=1]
-                    RenderTextControl {INPUT} at (0,8) size 119x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-          RenderBlock {P} at (0,127) size 568x63
-            RenderTable {SPAN} at (0,3) size 287x60
-              RenderTableSection (anonymous) at (0,0) size 287x60
-                RenderTableRow {SPAN} at (0,0) size 287x28
-                  RenderTableCell (anonymous) at (0,0) size 287x28 [r=0 c=0 rs=1 cs=1]
-                    RenderText {#text} at (0,6) size 93x16
-                      text run at (0,6) width 93: "Email Address"
-                RenderTableRow (anonymous) at (0,28) size 287x32
-                  RenderTableCell (anonymous) at (0,28) size 287x32 [r=1 c=0 rs=1 cs=1]
-                    RenderTextControl {INPUT} at (0,8) size 287x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-          RenderBlock {P} at (0,190) size 568x63
-            RenderTable {SPAN} at (0,3) size 119x60
-              RenderTableSection (anonymous) at (0,0) size 119x60
-                RenderTableRow {SPAN} at (0,0) size 119x28
-                  RenderTableCell (anonymous) at (0,0) size 119x28 [r=0 c=0 rs=1 cs=1]
-                    RenderText {#text} at (0,6) size 105x16
-                      text run at (0,6) width 105: "Company Name"
-                RenderTableRow (anonymous) at (0,28) size 119x32
-                  RenderTableCell (anonymous) at (0,28) size 119x32 [r=1 c=0 rs=1 cs=1]
-                    RenderTextControl {INPUT} at (0,8) size 119x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (118,6) size 7x19
-              text run at (118,6) width 7: " "
-            RenderTable {SPAN} at (124,3) size 120x60
-              RenderTableSection (anonymous) at (0,0) size 119x60
-                RenderTableRow {SPAN} at (0,0) size 119x28
-                  RenderTableCell (anonymous) at (0,0) size 119x28 [r=0 c=0 rs=1 cs=1]
-                    RenderText {#text} at (0,6) size 27x16
-                      text run at (0,6) width 27: "Title"
-                RenderTableRow (anonymous) at (0,28) size 119x32
-                  RenderTableCell (anonymous) at (0,28) size 119x32 [r=1 c=0 rs=1 cs=1]
-                    RenderTextControl {INPUT} at (0,8) size 119x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-            RenderText {#text} at (0,0) size 0x0
-          RenderBlock {P} at (0,253) size 568x32
-            RenderButton {INPUT} at (0,9) size 57x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-              RenderBlock (anonymous) at (8,2) size 41x13
-                RenderText at (0,0) size 41x13
-                  text run at (0,0) width 41: "Submit!"
-            RenderText {#text} at (56,6) size 6x19
-              text run at (56,6) width 6: " "
-            RenderButton {INPUT} at (61,9) size 75x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-              RenderBlock (anonymous) at (8,2) size 58x13
-                RenderText at (0,0) size 58x13
-                  text run at (0,0) width 58: "Clear Form"
-            RenderText {#text} at (0,0) size 0x0
-layer at (159,291) size 113x13
-  RenderBlock {DIV} at (3,3) size 113x13
-layer at (301,291) size 113x13
-  RenderBlock {DIV} at (3,3) size 113x13
-layer at (159,354) size 281x13
-  RenderBlock {DIV} at (3,3) size 281x13
-layer at (159,417) size 113x13
-  RenderBlock {DIV} at (3,3) size 113x13
-layer at (284,417) size 113x13 backgroundClip at (284,417) size 112x13 clip at (284,417) size 112x13
-  RenderBlock {DIV} at (3,3) size 113x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-3-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-3-expected.txt
deleted file mode 100644
index 3bca266fcf2b4..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-3-expected.txt
+++ /dev/null
@@ -1,128 +0,0 @@
-layer at (0,0) size 785x765
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x765
-  RenderBlock {HTML} at (0,0) size 785x765
-    RenderBody {BODY} at (8,21) size 769x728
-      RenderBlock {H1} at (0,0) size 769x32
-        RenderText {#text} at (0,0) size 757x32
-          text run at (0,0) width 757: "Generic Table Tests - 1"
-      RenderBlock {P} at (0,53) size 769x33
-        RenderText {#text} at (0,0) size 752x32
-          text run at (0,0) width 752: "If you have any comments to make regarding this"
-          text run at (0,16) width 208: "test, e-mail "
-        RenderInline {A} at (208,16) size 432x16 [color=#0000EE]
-          RenderText {#text} at (208,16) size 432x16
-            text run at (208,16) width 432: "py8ieh=eviltests@bath.ac.uk"
-        RenderText {#text} at (640,16) size 16x16
-          text run at (640,16) width 16: "."
-      RenderBlock {DL} at (0,101) size 769x65
-        RenderBlock {DT} at (0,0) size 769x16
-          RenderText {#text} at (0,0) size 208x16
-            text run at (0,0) width 208: "Prerequisites"
-        RenderBlock {DD} at (40,16) size 729x48
-          RenderText {#text} at (0,0) size 720x48
-            text run at (0,0) width 640: "Browsers that are subjected to this test"
-            text run at (0,16) width 720: "should support CSS1 and the CSS2 table model,"
-            text run at (0,32) width 336: "and multiple classes."
-      RenderBlock {P} at (0,181) size 769x126 [border: (5px double #FF0000)]
-        RenderBlock (anonymous) at (13,13) size 743x16
-          RenderText {#text} at (0,0) size 624x16
-            text run at (0,0) width 624: "If this paragraph breaks the line here:"
-        RenderTable {SPAN} at (13,29) size 144x16
-          RenderTableSection (anonymous) at (0,0) size 144x16
-            RenderTableRow (anonymous) at (0,0) size 144x16
-              RenderTableCell (anonymous) at (0,0) size 144x16 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 144x16
-                  text run at (0,0) width 144: "and here:"
-        RenderBlock (anonymous) at (13,45) size 743x67
-          RenderText {#text} at (0,0) size 288x16
-            text run at (0,0) width 288: "then your browser "
-          RenderInline {EM} at (288,0) size 192x16
-            RenderText {#text} at (288,0) size 192x16
-              text run at (288,0) width 192: "does support"
-          RenderText {#text} at (0,0) size 736x34
-            text run at (480,0) width 256: " table values on"
-            text run at (0,18) width 164: "'display'. "
-          RenderInline {STRONG} at (0,18) size 708x49
-            RenderText {#text} at (0,18) size 708x49
-              text run at (163,18) width 527: "If this paragraphs flows without"
-              text run at (0,35) width 708: "any undue breaks, then you should mark your"
-              text run at (0,51) width 642: "browser as not supporting table values!"
-      RenderBlock {H2} at (0,326) size 769x25
-        RenderText {#text} at (0,0) size 543x24
-          text run at (0,0) width 543: "1. Table -> Table Cell"
-      RenderBlock {P} at (0,370) size 769x65
-        RenderText {#text} at (0,0) size 736x64
-          text run at (0,0) width 736: "Below there should be a gray bar, spanning the"
-          text run at (0,16) width 736: "width of the BODY, with the text \"Left\" to the"
-          text run at (0,32) width 704: "left and the text \"Right\", on the same line,"
-          text run at (0,48) width 304: "flush to the right."
-      RenderTable {DIV} at (0,450) size 769x17 [bgcolor=#C0C0C0]
-        RenderTableSection (anonymous) at (0,0) size 769x16
-          RenderTableRow (anonymous) at (0,0) size 769x16
-            RenderTableCell {DIV} at (0,0) size 342x16 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 64x16
-                text run at (0,0) width 64: "Left"
-            RenderTableCell {DIV} at (341,0) size 429x16 [r=0 c=1 rs=1 cs=1]
-              RenderText {#text} at (347,0) size 81x16
-                text run at (347,0) width 81: "Right"
-      RenderBlock {H2} at (0,486) size 769x25
-        RenderText {#text} at (0,0) size 346x24
-          text run at (0,0) width 346: "Submit Results"
-      RenderBlock {FORM} at (0,530) size 769x36
-        RenderBlock {P} at (0,0) size 769x35
-          RenderText {#text} at (0,0) size 640x16
-            text run at (0,0) width 640: "How does your browser fare on this test?"
-          RenderMenuList {SELECT} at (0,17) size 241x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 241x18
-              RenderText at (8,2) size 139x13
-                text run at (8,2) width 139: "The test renders correctly."
-          RenderText {#text} at (241,17) size 16x16
-            text run at (241,17) width 16: " "
-          RenderInline {LABEL} at (257,17) size 291x16
-            RenderText {#text} at (257,17) size 144x16
-              text run at (257,17) width 144: "Comment: "
-            RenderTextControl {INPUT} at (401,16) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (547,17) size 17x16
-            text run at (547,17) width 17: " "
-          RenderButton {INPUT} at (563,17) size 54x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 37x13
-              RenderText at (0,0) size 37x13
-                text run at (0,0) width 37: "Submit"
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,599) size 769x17
-        RenderText {#text} at (0,0) size 160x16
-          text run at (0,0) width 160: "Up to the "
-        RenderInline {A} at (160,0) size 176x16 [color=#0000EE]
-          RenderText {#text} at (160,0) size 176x16
-            text run at (160,0) width 176: "Table Tests"
-        RenderText {#text} at (336,0) size 16x16
-          text run at (336,0) width 16: "."
-      RenderBlock {P} at (0,631) size 769x17
-        RenderText {#text} at (0,0) size 160x16
-          text run at (0,0) width 160: "Up to the "
-        RenderInline {A} at (160,0) size 240x16 [color=#0000EE]
-          RenderText {#text} at (160,0) size 240x16
-            text run at (160,0) width 240: "Evil Tests Page"
-        RenderText {#text} at (400,0) size 16x16
-          text run at (400,0) width 16: "."
-      RenderBlock {P} at (0,663) size 769x33
-        RenderText {#text} at (0,0) size 432x16
-          text run at (0,0) width 432: "This page is maintained by "
-        RenderInline {A} at (432,0) size 176x16 [color=#0000EE]
-          RenderText {#text} at (432,0) size 176x16
-            text run at (432,0) width 176: "Ian Hickson"
-        RenderText {#text} at (0,16) size 16x16
-          text run at (0,16) width 16: "("
-        RenderInline {A} at (16,16) size 272x16 [color=#0000EE]
-          RenderText {#text} at (16,16) size 272x16
-            text run at (16,16) width 272: "py8ieh@bath.ac.uk"
-        RenderText {#text} at (288,16) size 32x16
-          text run at (288,16) width 32: ")."
-      RenderBlock {P} at (0,711) size 769x17
-        RenderText {#text} at (0,0) size 432x16
-          text run at (0,0) width 432: "Last updated in March 1999."
-layer at (412,571) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,603) size 769x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,581) size 769x3 [color=#808080] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-4-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-4-expected.txt
deleted file mode 100644
index 58858751ccb5b..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug2479-4-expected.txt
+++ /dev/null
@@ -1,244 +0,0 @@
-layer at (0,0) size 785x2582
-  RenderView at (0,0) size 785x600
-layer at (0,0) size 785x2582
-  RenderBlock {HTML} at (0,0) size 785x2583
-    RenderBody {BODY} at (8,21) size 769x2546 [bgcolor=#FFFFFF]
-      RenderBlock {H1} at (0,0) size 769x37
-        RenderText {#text} at (0,0) size 361x37
-          text run at (0,0) width 361: "Table Inheritance Tests - 1"
-      RenderBlock {P} at (0,58) size 769x19
-        RenderText {#text} at (0,0) size 397x18
-          text run at (0,0) width 397: "If you have any comments to make regarding this test, e-mail "
-        RenderInline {A} at (396,0) size 186x18 [color=#0000EE]
-          RenderText {#text} at (396,0) size 186x18
-            text run at (396,0) width 186: "py8ieh=eviltests@bath.ac.uk"
-        RenderText {#text} at (581,0) size 5x18
-          text run at (581,0) width 5: "."
-      RenderBlock {DL} at (0,92) size 769x37
-        RenderBlock {DT} at (0,0) size 769x18
-          RenderText {#text} at (0,0) size 83x18
-            text run at (0,0) width 83: "Prerequisites"
-        RenderBlock {DD} at (40,18) size 729x18
-          RenderText {#text} at (0,0) size 560x18
-            text run at (0,0) width 560: "Browsers that are subjected to this test should support CSS1 and the CSS2 table model."
-      RenderBlock {H2} at (0,148) size 769x29
-        RenderText {#text} at (0,0) size 104x28
-          text run at (0,0) width 104: "0. Control"
-      RenderBlock {P} at (0,196) size 769x19
-        RenderText {#text} at (0,0) size 411x18
-          text run at (0,0) width 411: "The following four tests should look identical, namely, like this:"
-      RenderBlock {DIV} at (0,230) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderText {#text} at (0,0) size 761x74
-          text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-          text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {P} at (0,320) size 769x73
-        RenderText {#text} at (0,0) size 768x72
-          text run at (0,0) width 756: "There are some minor exceptions, however. The x.1 tests should fill the viewport width, the other tests need not. Also,"
-          text run at (0,18) width 766: "browsers attempting to have backwards compatability with the buggy behaviour of legacy browsers may omit to inherit"
-          text run at (0,36) width 768: "the color and font-size in 1.1, which will make 1.1 (but only 1.1) unreadable. That is the problem with not following the"
-          text run at (0,54) width 39: "specs."
-      RenderBlock {H2} at (0,412) size 769x29
-        RenderText {#text} at (0,0) size 168x28
-          text run at (0,0) width 168: "1. HTML Tables"
-      RenderBlock {H3} at (0,460) size 769x23
-        RenderText {#text} at (0,0) size 243x22
-          text run at (0,0) width 243: "1.1 Inheritance through a DIV"
-      RenderBlock {DIV} at (0,500) size 769x81 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTable {TABLE} at (0,0) size 769x80
-          RenderTableSection {TBODY} at (0,0) size 769x80
-            RenderTableRow {TR} at (0,2) size 769x76
-              RenderTableCell {TD} at (2,2) size 765x76 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (1,1) size 761x74
-                  text run at (1,1) width 761: "This text should be white on black, bold, twice the"
-                  text run at (1,38) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,599) size 769x23
-        RenderText {#text} at (0,0) size 259x22
-          text run at (0,0) width 259: "1.2 Styles set directly on TABLE"
-      RenderTable {TABLE} at (0,640) size 769x81 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTableSection {TBODY} at (0,0) size 769x80
-          RenderTableRow {TR} at (0,2) size 769x76
-            RenderTableCell {TD} at (2,2) size 765x76 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 761x74
-                text run at (1,1) width 761: "This text should be white on black, bold, twice the"
-                text run at (1,38) width 523: "size of normal text, and sans serif."
-      RenderBlock {H2} at (0,740) size 769x29
-        RenderText {#text} at (0,0) size 226x28
-          text run at (0,0) width 226: "2. Explicit CSS Tables"
-      RenderBlock {H3} at (0,788) size 769x23
-        RenderText {#text} at (0,0) size 243x22
-          text run at (0,0) width 243: "2.1 Inheritance through a DIV"
-      RenderBlock {DIV} at (0,828) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTable {DIV} at (0,0) size 769x74
-          RenderTableSection (anonymous) at (0,0) size 769x74
-            RenderTableRow {DIV} at (0,0) size 769x74
-              RenderTableCell {DIV} at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 761x74
-                  text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                  text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,921) size 769x23
-        RenderText {#text} at (0,0) size 259x22
-          text run at (0,0) width 259: "2.2 Styles set directly on TABLE"
-      RenderTable {DIV} at (0,962) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow {DIV} at (0,0) size 769x74
-            RenderTableCell {DIV} at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,1054) size 769x23
-        RenderText {#text} at (0,0) size 244x22
-          text run at (0,0) width 244: "2.3 Styles set directly on ROW"
-      RenderTable {DIV} at (0,1095) size 769x75
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow {DIV} at (0,0) size 769x74 [color=#FFFFFF] [bgcolor=#000000]
-            RenderTableCell {DIV} at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,1188) size 769x23
-        RenderText {#text} at (0,0) size 248x22
-          text run at (0,0) width 248: "2.4 Styles set directly on CELL"
-      RenderTable {DIV} at (0,1229) size 769x75
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow {DIV} at (0,0) size 769x74
-            RenderTableCell {DIV} at (0,0) size 769x74 [color=#FFFFFF] [bgcolor=#000000] [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H2} at (0,1322) size 769x29
-        RenderText {#text} at (0,0) size 381x28
-          text run at (0,0) width 381: "3. Implicit CSS Tables (table explicit)"
-      RenderBlock {H3} at (0,1370) size 769x23
-        RenderText {#text} at (0,0) size 243x22
-          text run at (0,0) width 243: "3.1 Inheritance through a DIV"
-      RenderBlock {DIV} at (0,1411) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTable {DIV} at (0,0) size 769x74
-          RenderTableSection (anonymous) at (0,0) size 769x74
-            RenderTableRow (anonymous) at (0,0) size 769x74
-              RenderTableCell (anonymous) at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 761x74
-                  text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                  text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,1504) size 769x23
-        RenderText {#text} at (0,0) size 259x22
-          text run at (0,0) width 259: "3.2 Styles set directly on TABLE"
-      RenderTable {DIV} at (0,1545) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow (anonymous) at (0,0) size 769x74
-            RenderTableCell (anonymous) at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H2} at (0,1638) size 769x29
-        RenderText {#text} at (0,0) size 370x28
-          text run at (0,0) width 370: "4. Implicit CSS Tables (row explicit)"
-      RenderBlock {H3} at (0,1686) size 769x23
-        RenderText {#text} at (0,0) size 243x22
-          text run at (0,0) width 243: "4.1 Inheritance through a DIV"
-      RenderBlock {DIV} at (0,1727) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTable at (0,0) size 769x74
-          RenderTableSection (anonymous) at (0,0) size 769x74
-            RenderTableRow {DIV} at (0,0) size 769x74
-              RenderTableCell (anonymous) at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 761x74
-                  text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                  text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,1820) size 769x23
-        RenderText {#text} at (0,0) size 244x22
-          text run at (0,0) width 244: "4.2 Styles set directly on ROW"
-      RenderTable at (0,1861) size 769x74
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow {DIV} at (0,0) size 769x74 [color=#FFFFFF] [bgcolor=#000000]
-            RenderTableCell (anonymous) at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H2} at (0,1954) size 769x29
-        RenderText {#text} at (0,0) size 365x28
-          text run at (0,0) width 365: "5. Implicit CSS Tables (cell explicit)"
-      RenderBlock {H3} at (0,2002) size 769x23
-        RenderText {#text} at (0,0) size 243x22
-          text run at (0,0) width 243: "5.1 Inheritance through a DIV"
-      RenderBlock {DIV} at (0,2043) size 769x75 [color=#FFFFFF] [bgcolor=#000000]
-        RenderTable at (0,0) size 769x74
-          RenderTableSection (anonymous) at (0,0) size 769x74
-            RenderTableRow (anonymous) at (0,0) size 769x74
-              RenderTableCell {DIV} at (0,0) size 769x74 [r=0 c=0 rs=1 cs=1]
-                RenderText {#text} at (0,0) size 761x74
-                  text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                  text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H3} at (0,2136) size 769x23
-        RenderText {#text} at (0,0) size 248x22
-          text run at (0,0) width 248: "5.2 Styles set directly on CELL"
-      RenderTable at (0,2176) size 769x75
-        RenderTableSection (anonymous) at (0,0) size 769x74
-          RenderTableRow (anonymous) at (0,0) size 769x74
-            RenderTableCell {DIV} at (0,0) size 769x74 [color=#FFFFFF] [bgcolor=#000000] [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (0,0) size 761x74
-                text run at (0,0) width 761: "This text should be white on black, bold, twice the"
-                text run at (0,37) width 523: "size of normal text, and sans serif."
-      RenderBlock {H2} at (0,2270) size 769x29
-        RenderText {#text} at (0,0) size 156x28
-          text run at (0,0) width 156: "Submit Results"
-      RenderBlock {FORM} at (0,2318) size 769x39
-        RenderBlock {P} at (0,0) size 769x38
-          RenderText {#text} at (0,0) size 267x18
-            text run at (0,0) width 267: "How does your browser fare on this test? "
-          RenderMenuList {SELECT} at (266,1) size 464x18 [bgcolor=#FFFFFF]
-            RenderBlock (anonymous) at (0,0) size 463x18
-              RenderText at (8,2) size 432x13
-                text run at (8,2) width 432: "The tests all render identically, and this browser may or may not grok CSS2 tables."
-          RenderText {#text} at (0,0) size 0x0
-          RenderInline {LABEL} at (0,19) size 219x18
-            RenderText {#text} at (0,19) size 72x18
-              text run at (0,19) width 72: "Comment: "
-            RenderTextControl {INPUT} at (71,19) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (218,19) size 5x18
-            text run at (218,19) width 5: " "
-          RenderButton {INPUT} at (222,20) size 54x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-            RenderBlock (anonymous) at (8,2) size 37x13
-              RenderText at (0,0) size 37x13
-                text run at (0,0) width 37: "Submit"
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock {P} at (0,2390) size 769x19
-        RenderText {#text} at (0,0) size 64x18
-          text run at (0,0) width 64: "Up to the "
-        RenderInline {A} at (63,0) size 73x18 [color=#0000EE]
-          RenderText {#text} at (63,0) size 73x18
-            text run at (63,0) width 73: "Table Tests"
-        RenderText {#text} at (135,0) size 5x18
-          text run at (135,0) width 5: "."
-      RenderBlock {P} at (0,2424) size 769x19
-        RenderText {#text} at (0,0) size 64x18
-          text run at (0,0) width 64: "Up to the "
-        RenderInline {A} at (63,0) size 99x18 [color=#0000EE]
-          RenderText {#text} at (63,0) size 99x18
-            text run at (63,0) width 99: "Evil Tests Page"
-        RenderText {#text} at (161,0) size 5x18
-          text run at (161,0) width 5: "."
-      RenderBlock {P} at (0,2458) size 769x19
-        RenderText {#text} at (0,0) size 63x18
-          text run at (0,0) width 63: "Bugzilla: "
-        RenderInline {A} at (62,0) size 64x18 [color=#0000EE]
-          RenderText {#text} at (62,0) size 64x18
-            text run at (62,0) width 64: "Bug 1044"
-      RenderBlock {P} at (0,2492) size 769x19
-        RenderText {#text} at (0,0) size 177x18
-          text run at (0,0) width 177: "This page is maintained by "
-        RenderInline {A} at (176,0) size 79x18 [color=#0000EE]
-          RenderText {#text} at (176,0) size 79x18
-            text run at (176,0) width 79: "Ian Hickson"
-        RenderText {#text} at (254,0) size 10x18
-          text run at (254,0) width 10: " ("
-        RenderInline {A} at (263,0) size 125x18 [color=#0000EE]
-          RenderText {#text} at (263,0) size 125x18
-            text run at (263,0) width 125: "py8ieh@bath.ac.uk"
-        RenderText {#text} at (387,0) size 10x18
-          text run at (387,0) width 10: ")."
-      RenderBlock {P} at (0,2526) size 769x19
-        RenderText {#text} at (0,0) size 185x18
-          text run at (0,0) width 185: "Last updated in March 1999."
-layer at (83,2362) size 141x13 backgroundClip at (83,2362) size 140x13 clip at (83,2362) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (8,2394) size 769x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,2372) size 769x3 [color=#808080] [border: (1px inset #808080)]
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug28928-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug28928-expected.txt
deleted file mode 100644
index 79de8094e5383..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug28928-expected.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {H3} at (0,0) size 784x22
-        RenderText {#text} at (0,0) size 194x22
-          text run at (0,0) width 194: "With long hidden values"
-      RenderTable {TABLE} at (0,40) size 198x64 [border: (1px solid #FF0000)]
-        RenderTableSection {TBODY} at (1,1) size 196x61
-          RenderTableRow {TR} at (0,2) size 196x55
-            RenderTableCell {TD} at (2,2) size 192x55 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {FORM} at (1,1) size 190x37
-                RenderTextControl {INPUT} at (0,0) size 98x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (97,0) size 5x18
-                  text run at (97,0) width 5: " "
-                RenderButton {INPUT} at (101,1) size 39x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 22x13
-                    RenderText at (0,0) size 22x13
-                      text run at (0,0) width 22: " Go "
-                RenderText {#text} at (0,0) size 0x0
-                RenderBR {BR} at (139,0) size 1x18
-                RenderText {#text} at (0,19) size 190x18
-                  text run at (0,19) width 190: "Enter City Name or Zip Code"
-          RenderTableRow {TR} at (0,59) size 196x0
-      RenderBlock {H3} at (0,132) size 784x23
-        RenderText {#text} at (0,0) size 201x22
-          text run at (0,0) width 201: "With short hidden values"
-      RenderTable {TABLE} at (0,173) size 198x64 [border: (1px solid #FF0000)]
-        RenderTableSection {TBODY} at (1,1) size 196x61
-          RenderTableRow {TR} at (0,2) size 196x55
-            RenderTableCell {TD} at (2,2) size 192x55 [r=0 c=0 rs=1 cs=1]
-              RenderBlock {FORM} at (1,1) size 190x37
-                RenderTextControl {INPUT} at (0,0) size 98x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (97,0) size 5x18
-                  text run at (97,0) width 5: " "
-                RenderButton {INPUT} at (101,1) size 39x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 22x13
-                    RenderText at (0,0) size 22x13
-                      text run at (0,0) width 22: " Go "
-                RenderText {#text} at (0,0) size 0x0
-                RenderBR {BR} at (139,0) size 1x18
-                RenderText {#text} at (0,19) size 190x18
-                  text run at (0,19) width 190: "Enter City Name or Zip Code"
-          RenderTableRow {TR} at (0,59) size 196x0
-layer at (15,56) size 92x13
-  RenderBlock {DIV} at (3,3) size 92x13
-layer at (8,120) size 784x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (0,111) size 784x3 [color=#808080] [border: (1px inset #808080)]
-layer at (15,188) size 92x13
-  RenderBlock {DIV} at (3,3) size 92x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4382-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4382-expected.txt
deleted file mode 100644
index ce271bd970e1d..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4382-expected.txt
+++ /dev/null
@@ -1,35 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 266x18
-          text run at (0,0) width 266: "The select should not contain blank items"
-        RenderBR {BR} at (265,0) size 1x18
-      RenderBlock {FORM} at (0,18) size 784x19
-        RenderInline {B} at (0,0) size 47x18
-          RenderText {#text} at (0,0) size 47x18
-            text run at (0,0) width 47: "Search"
-        RenderText {#text} at (46,0) size 5x18
-          text run at (46,0) width 5: " "
-        RenderTextControl {INPUT} at (50,0) size 134x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (183,0) size 5x18
-          text run at (183,0) width 5: " "
-        RenderMenuList {SELECT} at (187,1) size 77x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 76x18
-            RenderText at (8,2) size 32x13
-              text run at (8,2) width 32: "Excite"
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,53) size 784x36
-        RenderBR {BR} at (0,0) size 0x18
-        RenderText {#text} at (0,18) size 266x18
-          text run at (0,18) width 266: "The select should not contain blank items"
-        RenderBR {BR} at (265,18) size 1x18
-      RenderBlock {FORM} at (0,89) size 784x18
-        RenderMenuList {SELECT} at (0,0) size 221x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 221x18
-            RenderText at (8,2) size 55x13
-              text run at (8,2) width 55: "Quick Link"
-layer at (62,29) size 127x13
-  RenderBlock {DIV} at (3,3) size 127x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4527-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4527-expected.txt
deleted file mode 100644
index cab0006a61614..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug4527-expected.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584 [bgcolor=#000066]
-      RenderTable {TABLE} at (0,0) size 613x95
-        RenderTableSection {TBODY} at (0,0) size 613x95
-          RenderTableRow {TR} at (0,0) size 613x70
-            RenderTableCell {TD} at (0,5) size 126x85 [r=0 c=0 rs=2 cs=1]
-              RenderInline {A} at (0,76) size 126x18 [color=#0000EE]
-                RenderImage {IMG} at (0,5) size 126x85
-              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (126,0) size 488x70 [r=0 c=1 rs=1 cs=3]
-              RenderInline {NOBR} at (468,46) size 19x18
-                RenderIFrame {IFRAME} at (0,0) size 468x60
-                  layer at (0,0) size 468x60
-                    RenderView at (0,0) size 468x60
-                  layer at (0,0) size 468x60
-                    RenderBlock {HTML} at (0,0) size 468x60
-                      RenderBody {BODY} at (0,0) size 468x60
-                        RenderInline {A} at (0,46) size 468x18 [color=#0000EE]
-                          RenderText {#text} at (0,0) size 0x0
-                          RenderImage {IMG} at (0,0) size 468x60
-                        RenderText {#text} at (0,0) size 0x0
-                RenderInline {A} at (468,46) size 19x18 [color=#0000EE]
-                  RenderImage {IMG} at (468,0) size 19x60
-              RenderBR {BR} at (487,46) size 0x18
-              RenderImage {IMG} at (0,60) size 470x10
-              RenderBR {BR} at (470,56) size 0x18
-          RenderTableRow {TR} at (0,70) size 613x25
-            RenderTableCell {TD} at (126,70) size 248x25 [bgcolor=#CCCCCC] [r=1 c=1 rs=1 cs=1]
-              RenderImage {IMG} at (0,0) size 232x25
-            RenderTableCell {TD} at (373,72) size 110x21 [bgcolor=#CCCCCC] [r=1 c=2 rs=1 cs=1]
-              RenderTextControl {INPUT} at (3,2) size 78x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-              RenderImage {INPUT} at (80,4) size 26x19
-            RenderTableCell {TD} at (482,70) size 132x25 [bgcolor=#CCCCCC] [r=1 c=3 rs=1 cs=1]
-              RenderBlock {INPUT} at (2,6) size 12x13
-              RenderImage {IMG} at (16,0) size 40x25
-              RenderBlock {INPUT} at (58,6) size 12x13
-              RenderText {#text} at (72,2) size 4x19
-                text run at (72,2) width 4: " "
-              RenderImage {IMG} at (76,0) size 46x25
-layer at (388,84) size 71x13
-  RenderBlock {DIV} at (3,3) size 71x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-1-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-1-expected.txt
deleted file mode 100644
index a113156f1e425..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-1-expected.txt
+++ /dev/null
@@ -1,53 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 784x111 [bgcolor=#00FFFF] [border: (1px outset #000000)]
-        RenderTableSection {TBODY} at (1,1) size 782x109
-          RenderTableRow {TR} at (0,2) size 782x105
-            RenderTableCell {TD} at (2,2) size 454x105 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderTable {TABLE} at (2,2) size 450x101 [bgcolor=#FF00FF] [border: (1px outset #000000)]
-                RenderTableSection {TBODY} at (1,1) size 448x99
-                  RenderTableRow {TR} at (0,2) size 448x95
-                    RenderTableCell {TD} at (2,2) size 444x95 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                      RenderText {#text} at (2,2) size 203x18
-                        text run at (2,2) width 203: "Mozilla To Be Dually-Licensed"
-                      RenderBR {BR} at (204,2) size 1x18
-                      RenderText {#text} at (2,35) size 208x18
-                        text run at (2,35) width 208: "Plans are underway to make the "
-                      RenderInline {FONT} at (209,20) size 101x37 [color=#0000FF]
-                        RenderText {#text} at (209,20) size 101x37
-                          text run at (209,20) width 101: "Mozilla"
-                      RenderText {#text} at (2,35) size 404x58
-                        text run at (309,35) width 97: " code available"
-                        text run at (2,57) width 52: "under a "
-                        text run at (53,57) width 156: "dual MPL/GPL license. "
-                        text run at (208,57) width 181: "See the for more info. We're"
-                        text run at (2,75) width 326: "gathering contributor input now, in the newsgroup."
-                      RenderBR {BR} at (327,75) size 1x18
-            RenderTableCell {TD} at (457,25) size 324x59 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-              RenderText {#text} at (2,25) size 293x55
-                text run at (2,2) width 273: "This status update contains information on"
-                text run at (2,20) width 231: "MailNews, XML/DOM, XPToolkit,"
-                text run at (2,38) width 293: "Architecture, Bidi, Necko/Imglib, and more..."
-      RenderBlock (anonymous) at (0,111) size 784x37
-        RenderBR {BR} at (0,0) size 0x18
-        RenderButton {INPUT} at (0,19) size 52x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 36x13
-            RenderText at (0,0) size 36x13
-              text run at (0,0) width 36: "Reload"
-        RenderText {#text} at (51,18) size 9x18
-          text run at (51,18) width 9: "  "
-        RenderButton {INPUT} at (59,19) size 84x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 67x13
-            RenderText at (0,0) size 67x13
-              text run at (0,0) width 67: "Change Font"
-        RenderText {#text} at (142,18) size 9x18
-          text run at (142,18) width 9: "  "
-        RenderTextControl {INPUT} at (150,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (162,140) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 8x13
-      text run at (0,0) width 8: "6"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-2-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-2-expected.txt
deleted file mode 100644
index 1b85b6065e251..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug46368-2-expected.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 784x65 [bgcolor=#00FFFF] [border: (1px outset #000000)]
-        RenderTableSection {TBODY} at (1,1) size 782x63
-          RenderTableRow {TR} at (0,2) size 782x59
-            RenderTableCell {TD} at (2,2) size 304x59 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderInline {FONT} at (2,2) size 100x37 [color=#0000FF]
-                RenderText {#text} at (2,2) size 100x37
-                  text run at (2,2) width 100: "Mozilla"
-              RenderText {#text} at (2,17) size 279x40
-                text run at (101,17) width 153: " code available under a "
-                text run at (253,17) width 28: "dual"
-                text run at (2,39) width 124: "MPL/GPL license. "
-                text run at (125,39) width 141: "See the for more info."
-              RenderBR {BR} at (265,39) size 1x18
-            RenderTableCell {TD} at (308,20) size 472x23 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-              RenderText {#text} at (2,20) size 245x19
-                text run at (2,2) width 245: "foo bar foo bar foo bar foo bar foo bar"
-      RenderBlock (anonymous) at (0,65) size 784x37
-        RenderBR {BR} at (0,0) size 0x18
-        RenderButton {INPUT} at (0,19) size 52x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 36x13
-            RenderText at (0,0) size 36x13
-              text run at (0,0) width 36: "Reload"
-        RenderText {#text} at (51,18) size 9x18
-          text run at (51,18) width 9: "  "
-        RenderButton {INPUT} at (59,19) size 84x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 67x13
-            RenderText at (0,0) size 67x13
-              text run at (0,0) width 67: "Change Font"
-        RenderText {#text} at (142,18) size 9x18
-          text run at (142,18) width 9: "  "
-        RenderTextControl {INPUT} at (150,18) size 148x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (0,0) size 0x0
-layer at (162,94) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 8x13
-      text run at (0,0) width 8: "6"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug51037-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug51037-expected.txt
deleted file mode 100644
index af3f70d54634c..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug51037-expected.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 245x18
-          text run at (0,0) width 245: "The tables left position should be 250."
-      RenderBlock {P} at (0,34) size 784x19
-        RenderText {#text} at (0,0) size 36x18
-          text run at (0,0) width 36: "Left: "
-        RenderTextControl {INPUT} at (35,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,69) size 784x19
-        RenderText {#text} at (0,0) size 34x18
-          text run at (0,0) width 34: "Top: "
-        RenderTextControl {INPUT} at (33,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-      RenderBlock {P} at (0,104) size 784x18
-        RenderButton {INPUT} at (0,0) size 45x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 29x13
-            RenderText at (0,0) size 29x13
-              text run at (0,0) width 29: "Move"
-layer at (46,45) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 32x13
-      text run at (0,0) width 32: "120px"
-layer at (44,80) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 32x13
-      text run at (0,0) width 32: "120px"
-layer at (250,120) size 29x48
-  RenderTable {TABLE} at (250,120) size 30x48 [border: (1px outset #000000)]
-    RenderTableSection {TBODY} at (1,1) size 28x46
-      RenderTableRow {TR} at (0,2) size 28x20
-        RenderTableCell {TD} at (2,2) size 24x20 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-          RenderText {#text} at (1,1) size 22x18
-            text run at (1,1) width 22: "foo"
-      RenderTableRow {TR} at (0,24) size 28x20
-        RenderTableCell {TD} at (2,24) size 24x20 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-          RenderText {#text} at (1,1) size 21x18
-            text run at (1,1) width 21: "bar"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug55545-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug55545-expected.txt
deleted file mode 100644
index c5467eadfd1bf..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug55545-expected.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 362x31
-        RenderTableSection {TBODY} at (0,0) size 362x31
-          RenderTableRow {TR} at (0,2) size 362x27
-            RenderTableCell {TD} at (2,2) size 358x27 [r=0 c=0 rs=1 cs=1]
-              RenderTable {TABLE} at (1,1) size 356x25
-                RenderTableSection {TBODY} at (0,0) size 356x25
-                  RenderTableRow {TR} at (0,2) size 356x21
-                    RenderTableCell {TH} at (2,2) size 61x21 [r=0 c=0 rs=1 cs=1]
-                      RenderText {#text} at (1,1) size 59x19
-                        text run at (1,1) width 59: "User ID:"
-                    RenderTableCell {TD} at (64,2) size 290x21 [r=0 c=1 rs=1 cs=1]
-                      RenderTextControl {INPUT} at (1,1) size 287x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                      RenderText {#text} at (0,0) size 0x0
-layer at (80,17) size 281x13
-  RenderBlock {DIV} at (3,3) size 281x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug59354-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug59354-expected.txt
deleted file mode 100644
index 1f63885688610..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug59354-expected.txt
+++ /dev/null
@@ -1,60 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderTable {TABLE} at (0,0) size 468x142 [border: (1px outset #000000)]
-        RenderTableSection {TBODY} at (1,1) size 466x140
-          RenderTableRow {TR} at (0,0) size 466x140
-            RenderTableCell {TD} at (0,0) size 466x140 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderTable {TABLE} at (1,1) size 464x138 [border: (1px outset #000000)]
-                RenderTableSection {TBODY} at (1,1) size 462x136
-                  RenderTableRow {TR} at (0,1) size 462x28
-                    RenderTableCell {TD} at (1,1) size 140x28 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                      RenderText {#text} at (5,5) size 130x18
-                        text run at (5,5) width 130: "General Preferences"
-                    RenderTableCell {TD} at (141,1) size 148x28 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-                      RenderInline {A} at (5,5) size 137x18 [color=#0000EE]
-                        RenderText {#text} at (5,5) size 137x18
-                          text run at (5,5) width 137: "Groups / Permissions"
-                    RenderTableCell {TD} at (289,1) size 72x28 [border: (1px inset #000000)] [r=0 c=2 rs=1 cs=1]
-                      RenderInline {A} at (5,5) size 62x18 [color=#0000EE]
-                        RenderText {#text} at (5,5) size 62x18
-                          text run at (5,5) width 62: "Password"
-                    RenderTableCell {TD} at (361,1) size 49x28 [border: (1px inset #000000)] [r=0 c=3 rs=1 cs=1]
-                      RenderInline {A} at (5,5) size 39x18 [color=#0000EE]
-                        RenderText {#text} at (5,5) size 39x18
-                          text run at (5,5) width 39: "Email"
-                    RenderTableCell {TD} at (410,1) size 51x28 [border: (1px inset #000000)] [r=0 c=4 rs=1 cs=1]
-                      RenderText {#text} at (5,5) size 40x18
-                        text run at (5,5) width 40: "Views"
-                  RenderTableRow {TR} at (0,30) size 462x105
-                    RenderTableCell {TD} at (1,30) size 460x105 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=5]
-                      RenderBlock (anonymous) at (5,5) size 450x18
-                        RenderBR {BR} at (224,0) size 1x18
-                      RenderTable {TABLE} at (83,23) size 293x77
-                        RenderTableSection {TBODY} at (0,0) size 292x77
-                          RenderTableRow {TR} at (0,2) size 292x73
-                            RenderTableCell {TD} at (2,2) size 288x73 [r=0 c=0 rs=1 cs=1]
-                              RenderBlock {FORM} at (1,1) size 286x55
-                                RenderTable {TABLE} at (0,0) size 286x55 [border: (1px outset #000000)]
-                                  RenderTableSection {TBODY} at (1,1) size 284x53
-                                    RenderTableRow {TR} at (0,0) size 284x53
-                                      RenderTableCell {TD} at (0,0) size 284x53 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                                        RenderBlock (anonymous) at (1,1) size 282x18
-                                          RenderText {#text} at (86,0) size 110x18
-                                            text run at (86,0) width 110: "User Preferences"
-                                        RenderTable {TABLE} at (1,19) size 282x33 [border: (1px outset #000000)]
-                                          RenderTableSection {TBODY} at (1,1) size 280x31
-                                            RenderTableRow {TR} at (0,1) size 280x29
-                                              RenderTableCell {TH} at (1,1) size 120x29 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                                                RenderInline {NOBR} at (5,5) size 110x19
-                                                  RenderText {#text} at (5,5) size 110x19
-                                                    text run at (5,5) width 110: "Email Address :"
-                                              RenderTableCell {TD} at (121,1) size 158x29 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-                                                RenderTextControl {INPUT} at (5,5) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                                                RenderText {#text} at (0,0) size 0x0
-layer at (232,97) size 141x13 scrollWidth 191
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 190x13
-      text run at (0,0) width 190: "simon.king@pipinghotnetworks.com"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug7342-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug7342-expected.txt
deleted file mode 100644
index 48d81df1c9934..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug7342-expected.txt
+++ /dev/null
@@ -1,80 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576 [bgcolor=#FFFFFF]
-      RenderBlock {P} at (0,0) size 784x36
-        RenderText {#text} at (0,0) size 775x36
-          text run at (0,0) width 441: "Click on a link on the left hand column. Also note the overlap of the "
-          text run at (440,0) width 335: "text box with the submit button. (And, removing the"
-          text run at (0,18) width 156: "font tag that is wrapped "
-          text run at (155,18) width 239: "around the text box clears up layout)."
-      RenderBlock (anonymous) at (0,52) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
-      RenderBlock {FORM} at (0,70) size 784x136
-        RenderBlock {CENTER} at (0,0) size 784x136
-          RenderTable {TABLE} at (92,0) size 600x136 [bgcolor=#EEEEEE] [border: (1px outset #000000)]
-            RenderTableSection {TBODY} at (1,1) size 598x134
-              RenderTableRow {TR} at (0,3) size 598x128
-                RenderTableCell {TD} at (3,3) size 124x128 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                  RenderTable {TABLE} at (4,4) size 116x120 [bgcolor=#FFFFFF] [border: (1px outset #000000)]
-                    RenderTableSection {TBODY} at (1,1) size 114x118
-                      RenderTableRow {TR} at (0,2) size 114x28
-                        RenderTableCell {TD} at (2,3) size 110x25 [bgcolor=#CCCCCC] [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                          RenderInline {A} at (3,4) size 62x19 [color=#660099]
-                            RenderInline {B} at (3,4) size 62x19
-                              RenderText {#text} at (3,4) size 62x19
-                                text run at (3,3) width 62: "Netscape"
-                          RenderText {#text} at (0,0) size 0x0
-                      RenderTableRow {TR} at (0,31) size 114x28
-                        RenderTableCell {TD} at (2,33) size 110x25 [bgcolor=#FFFFFF] [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-                          RenderInline {A} at (3,4) size 58x19 [color=#660099]
-                            RenderInline {B} at (3,4) size 58x19
-                              RenderText {#text} at (3,4) size 58x19
-                                text run at (3,3) width 58: "Infoseek"
-                          RenderText {#text} at (0,0) size 0x0
-                      RenderTableRow {TR} at (0,61) size 114x28
-                        RenderTableCell {TD} at (2,62) size 110x25 [bgcolor=#FFFFFF] [border: (1px inset #000000)] [r=2 c=0 rs=1 cs=1]
-                          RenderInline {A} at (3,4) size 79x19 [color=#660099]
-                            RenderInline {B} at (3,4) size 79x19
-                              RenderText {#text} at (3,4) size 79x19
-                                text run at (3,3) width 79: "LookSmart"
-                          RenderText {#text} at (0,0) size 0x0
-                      RenderTableRow {TR} at (0,90) size 114x26
-                        RenderTableCell {TD} at (2,91) size 110x25 [bgcolor=#FFFFFF] [border: (1px inset #000000)] [r=3 c=0 rs=1 cs=1]
-                          RenderInline {A} at (3,3) size 66x19 [color=#660099]
-                            RenderInline {B} at (3,3) size 66x19
-                              RenderText {#text} at (3,3) size 66x19
-                                text run at (3,3) width 66: "Directory"
-                          RenderText {#text} at (0,0) size 0x0
-                RenderTableCell {TD} at (129,27) size 467x80 [bgcolor=#CCCCCC] [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-                  RenderTable {TABLE} at (4,28) size 458x72 [border: (1px outset #000000)]
-                    RenderTableSection {TBODY} at (1,1) size 456x69
-                      RenderTableRow {TR} at (0,4) size 456x29
-                        RenderTableCell {TD} at (4,4) size 349x29 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=3]
-                          RenderInline {FONT} at (5,7) size 294x15
-                            RenderText {#text} at (0,0) size 0x0
-                            RenderTextControl {INPUT} at (5,5) size 294x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                            RenderText {#text} at (0,0) size 0x0
-                          RenderText {#text} at (0,0) size 0x0
-                        RenderTableCell {TD} at (356,4) size 96x28 [border: (1px inset #000000)] [r=0 c=3 rs=1 cs=1]
-                          RenderButton {INPUT} at (5,5) size 53x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                            RenderBlock (anonymous) at (8,2) size 37x13
-                              RenderText at (0,0) size 37x13
-                                text run at (0,0) width 37: "Search"
-                          RenderText {#text} at (0,0) size 0x0
-                      RenderTableRow {TR} at (0,37) size 456x28
-                        RenderTableCell {TD} at (4,37) size 114x28 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-                          RenderText {#text} at (5,5) size 27x18
-                            text run at (5,5) width 27: "asdf"
-                        RenderTableCell {TD} at (121,37) size 114x28 [border: (1px inset #000000)] [r=1 c=1 rs=1 cs=1]
-                          RenderText {#text} at (5,5) size 27x18
-                            text run at (5,5) width 27: "asdf"
-                        RenderTableCell {TD} at (238,37) size 115x28 [border: (1px inset #000000)] [r=1 c=2 rs=1 cs=1]
-                          RenderText {#text} at (5,5) size 27x18
-                            text run at (5,5) width 27: "asdf"
-                        RenderTableCell {TD} at (356,37) size 96x28 [border: (1px inset #000000)] [r=1 c=3 rs=1 cs=1]
-                          RenderText {#text} at (5,5) size 27x18
-                            text run at (5,5) width 27: "asdf"
-layer at (247,124) size 288x13
-  RenderBlock {DIV} at (3,3) size 288x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug96334-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug96334-expected.txt
deleted file mode 100644
index 3d8e45f7922e6..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug96334-expected.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-layer at (0,0) size 985x585
-  RenderView at (0,0) size 800x585
-layer at (0,0) size 800x585
-  RenderBlock {HTML} at (0,0) size 800x585
-    RenderBody {BODY} at (8,8) size 784x569
-      RenderTable {TABLE} at (0,0) size 977x139 [border: (2px solid #0000FF)]
-        RenderTableSection {TBODY} at (2,2) size 973x135
-          RenderTableRow {TR} at (0,2) size 973x131
-            RenderTableCell {TD} at (2,2) size 211x131 [border: (1px solid #C0C0C0)] [r=0 c=0 rs=1 cs=1]
-              RenderTable {TABLE} at (2,2) size 207x127 [border: (2px solid #008000)]
-                RenderTableSection {TBODY} at (2,2) size 203x123
-                  RenderTableRow {TR} at (0,2) size 203x83
-                    RenderTableCell {TD} at (2,2) size 199x83 [border: (1px solid #C0C0C0)] [r=0 c=0 rs=1 cs=1]
-                      RenderTable {TABLE} at (2,2) size 159x31 [border: (2px solid #FF0000)]
-                        RenderTableSection {TBODY} at (2,2) size 155x27
-                          RenderTableRow {TR} at (0,2) size 155x23
-                            RenderTableCell {TD} at (2,2) size 151x23 [border: (1px solid #C0C0C0)] [r=0 c=0 rs=1 cs=1]
-                              RenderTextControl {INPUT} at (2,2) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                              RenderText {#text} at (0,0) size 0x0
-                      RenderTable {TABLE} at (2,33) size 195x48 [border: (2px solid #FF0000)]
-                        RenderTableSection {TBODY} at (2,2) size 191x44
-                          RenderTableRow {TR} at (0,2) size 191x40
-                            RenderTableCell {TD} at (2,2) size 187x40 [border: (1px solid #C0C0C0)] [r=0 c=0 rs=1 cs=1]
-                              RenderText {#text} at (2,2) size 171x36
-                                text run at (2,2) width 171: "THIS TABLE NEEDS TO"
-                                text run at (2,20) width 67: "BE HERE"
-                  RenderTableRow {TR} at (0,87) size 203x34
-                    RenderTableCell {TD} at (2,87) size 199x34 [border: (1px solid #C0C0C0)] [r=1 c=0 rs=1 cs=1]
-                      RenderTable {TABLE} at (2,2) size 195x30 [border: (2px solid #FF0000)]
-                        RenderTableSection {TBODY} at (2,2) size 191x26
-                          RenderTableRow {TR} at (0,2) size 191x22
-                            RenderTableCell {TD} at (2,2) size 187x22 [border: (1px solid #C0C0C0)] [r=0 c=0 rs=1 cs=1]
-                              RenderMenuList {SELECT} at (2,2) size 183x18 [bgcolor=#FFFFFF]
-                                RenderBlock (anonymous) at (0,0) size 183x18
-                                  RenderText at (8,2) size 152x13
-                                    text run at (8,2) width 152: "USE THIS JAVASCRIPT HERE"
-                              RenderText {#text} at (0,0) size 0x0
-            RenderTableCell {TD} at (215,2) size 756x40 [border: (1px solid #C0C0C0)] [r=0 c=1 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 752x36
-                text run at (2,2) width 752: "KEEPoTHEoTEXToHEREoASoLONGoASoPOSSIBLEooKEEPoTHEoTEXToHEREoASoLONGoASoPOSSIBLE"
-                text run at (2,20) width 602: "THIS SIMULATES THE PROBLEM ON THE WWW.MAPBLAST.COM/ \"CREATE MAP\""
-layer at (29,29) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-    RenderText {#text} at (0,0) size 132x13
-      text run at (0,0) width 132: "THIS NEEDS THIS VALUE"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug99948-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug99948-expected.txt
deleted file mode 100644
index cb69de7c36144..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/bugs/bug99948-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584 [bgcolor=#FFFFFF]
-      RenderBlock (anonymous) at (0,0) size 784x18
-        RenderText {#text} at (0,0) size 470x18
-          text run at (0,0) width 470: "the purple text input control must be in the same line with the grey image"
-      RenderTable {TABLE} at (0,18) size 287x44
-        RenderTableSection {TBODY} at (0,0) size 287x44
-          RenderTableRow {TR} at (0,2) size 287x40
-            RenderTableCell {TD} at (2,2) size 283x40 [bgcolor=#CCDDFF] [border: (1px solid #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderTextControl {INPUT} at (3,18) size 147x19 [bgcolor=#CCAAFF] [border: (2px inset #808080)]
-              RenderImage {IMG} at (152,4) size 127x26 [bgcolor=#C0C0C0] [border: (1px solid #000000)]
-layer at (16,49) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/dom/tableDom-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/dom/tableDom-expected.txt
deleted file mode 100644
index 2d3b6d4ec51c4..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/dom/tableDom-expected.txt
+++ /dev/null
@@ -1,69 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock {FORM} at (0,0) size 784x19
-        RenderMenuList {SELECT} at (0,1) size 93x18 [bgcolor=#FFFFFF]
-          RenderBlock (anonymous) at (0,0) size 93x18
-            RenderText at (8,2) size 61x13
-              text run at (8,2) width 61: "append cell"
-        RenderText {#text} at (93,0) size 53x18
-          text run at (93,0) width 53: "   tbody "
-        RenderTextControl {INPUT} at (145,0) size 43x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (187,0) size 42x18
-          text run at (187,0) width 42: "   row "
-        RenderTextControl {INPUT} at (228,0) size 43x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (270,0) size 36x18
-          text run at (270,0) width 36: "   col "
-        RenderTextControl {INPUT} at (305,0) size 43x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (347,0) size 75x18
-          text run at (347,0) width 75: "   row span "
-        RenderTextControl {INPUT} at (421,0) size 43x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (463,0) size 70x18
-          text run at (463,0) width 70: "   col span "
-        RenderTextControl {INPUT} at (532,0) size 43x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (574,0) size 21x18
-          text run at (574,0) width 21: "     "
-        RenderButton {INPUT} at (594,1) size 42x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 25x13
-            RenderText at (0,0) size 25x13
-              text run at (0,0) width 25: "Do It"
-        RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,35) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
-      RenderTable {TABLE} at (0,53) size 63x52 [bgcolor=#FFA500] [border: (1px outset #000000)]
-        RenderTableSection {TBODY} at (1,1) size 61x50
-          RenderTableRow {TR} at (0,2) size 61x22
-            RenderTableCell {TD} at (2,2) size 28x22 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 23x18
-                text run at (2,2) width 23: "c11"
-          RenderTableRow {TR} at (0,26) size 61x22
-            RenderTableCell {TD} at (2,26) size 28x22 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 24x18
-                text run at (2,2) width 24: "c21"
-            RenderTableCell {TD} at (31,26) size 28x22 [border: (1px inset #000000)] [r=1 c=1 rs=1 cs=1]
-              RenderText {#text} at (2,2) size 24x18
-                text run at (2,2) width 24: "c22"
-      RenderBlock (anonymous) at (0,105) size 784x18
-        RenderBR {BR} at (0,0) size 0x18
-layer at (156,11) size 36x13
-  RenderBlock {DIV} at (3,3) size 36x13
-    RenderText {#text} at (0,0) size 7x13
-      text run at (0,0) width 7: "0"
-layer at (239,11) size 36x13
-  RenderBlock {DIV} at (3,3) size 36x13
-    RenderText {#text} at (0,0) size 7x13
-      text run at (0,0) width 7: "0"
-layer at (317,11) size 36x13
-  RenderBlock {DIV} at (3,3) size 36x13
-    RenderText {#text} at (0,0) size 7x13
-      text run at (0,0) width 7: "0"
-layer at (433,11) size 36x13
-  RenderBlock {DIV} at (3,3) size 36x13
-    RenderText {#text} at (0,0) size 6x13
-      text run at (0,0) width 6: "1"
-layer at (544,11) size 36x13
-  RenderBlock {DIV} at (3,3) size 36x13
-    RenderText {#text} at (0,0) size 6x13
-      text run at (0,0) width 6: "1"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla/other/move_row-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla/other/move_row-expected.txt
deleted file mode 100644
index 8d53f8617970d..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla/other/move_row-expected.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584 [bgcolor=#FFFFFF]
-      RenderTable {TABLE} at (0,0) size 49x134
-        RenderTableSection {TBODY} at (0,0) size 49x134
-          RenderTableRow {TR} at (0,2) size 49x20
-            RenderTableCell {TD} at (2,2) size 45x20 [r=0 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 0"
-          RenderTableRow {TR} at (0,24) size 49x20
-            RenderTableCell {TD} at (2,24) size 45x20 [r=1 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 1"
-          RenderTableRow {TR} at (0,46) size 49x20
-            RenderTableCell {TD} at (2,46) size 45x20 [r=2 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 2"
-          RenderTableRow {TR} at (0,68) size 49x20
-            RenderTableCell {TD} at (2,68) size 45x20 [r=3 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 3"
-          RenderTableRow {TR} at (0,90) size 49x20
-            RenderTableCell {TD} at (2,90) size 45x20 [r=4 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 4"
-          RenderTableRow {TR} at (0,112) size 49x20
-            RenderTableCell {TD} at (2,112) size 45x20 [r=5 c=0 rs=1 cs=1]
-              RenderText {#text} at (1,1) size 43x18
-                text run at (1,1) width 43: "Row 5"
-      RenderBlock (anonymous) at (0,134) size 784x19
-        RenderTextControl {INPUT} at (0,0) size 14x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (14,0) size 4x18
-          text run at (14,0) width 4: " "
-        RenderTextControl {INPUT} at (18,0) size 14x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-        RenderText {#text} at (32,0) size 4x18
-          text run at (32,0) width 4: " "
-        RenderButton {INPUT} at (36,1) size 30x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-          RenderBlock (anonymous) at (8,2) size 14x13
-            RenderText at (0,0) size 14x13
-              text run at (0,0) width 14: "go"
-        RenderText {#text} at (0,0) size 0x0
-layer at (11,145) size 8x13
-  RenderBlock {DIV} at (3,3) size 8x13
-    RenderText {#text} at (0,0) size 7x13
-      text run at (0,0) width 7: "2"
-layer at (29,145) size 8x13
-  RenderBlock {DIV} at (3,3) size 8x13
-    RenderText {#text} at (0,0) size 8x13
-      text run at (0,0) width 8: "4"
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug2479-5-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug2479-5-expected.txt
deleted file mode 100644
index b211037fca03b..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug2479-5-expected.txt
+++ /dev/null
@@ -1,182 +0,0 @@
-layer at (0,0) size 785x1395
-  RenderView at (0,0) size 785x600
-layer at (8,8) size 769x1387
-  RenderBlock {HTML} at (8,8) size 769x1387 [bgcolor=#008000] [border: (16px solid #00FF00)]
-    RenderTable at (16,16) size 737x1355
-      RenderTableSection (anonymous) at (0,0) size 737x1355
-        RenderTableRow (anonymous) at (0,0) size 737x1355
-          RenderTableCell {HEAD} at (0,0) size 246x472 [color=#FFFFFF] [bgcolor=#FF0000] [border: (5px solid #FFFFFF)] [r=0 c=0 rs=1 cs=1]
-            RenderBlock {META} at (21,37) size 204x2 [border: (1px dotted #FFFFFF)]
-            RenderBlock {META} at (21,55) size 204x2 [border: (1px dotted #FFFFFF)]
-            RenderBlock {META} at (21,73) size 204x2 [border: (1px dotted #FFFFFF)]
-            RenderBlock {META} at (21,91) size 204x2 [border: (1px dotted #FFFFFF)]
-            RenderBlock {TITLE} at (21,109) size 204x56 [border: (1px dotted #FFFFFF)]
-              RenderText {#text} at (1,1) size 188x54
-                text run at (1,1) width 188: "Evil Tests: Rendering BODY"
-                text run at (1,19) width 163: "and HEAD as children of"
-                text run at (1,37) width 67: "HTML - 2"
-            RenderBlock {STYLE} at (21,181) size 204x254 [border: (1px dotted #FFFFFF)]
-              RenderText {#text} at (1,1) size 196x252
-                text run at (1,1) width 83: "/* Layout */ "
-                text run at (83,1) width 112: "HTML { display:"
-                text run at (1,19) width 194: "block; border: 1em lime solid;"
-                text run at (1,37) width 98: "margin: 8px; } "
-                text run at (98,37) width 98: "HEAD, BODY"
-                text run at (1,55) width 181: "{ display: table-cell; border:"
-                text run at (1,73) width 76: "solid thick; "
-                text run at (76,73) width 93: "padding: 1em;"
-                text run at (1,91) width 102: "margin: 1em; } "
-                text run at (102,91) width 74: "HEAD > *,"
-                text run at (1,109) width 181: "BODY > * { display: block;"
-                text run at (1,127) width 178: "border: thin dotted; margin:"
-                text run at (1,145) width 60: "1em 0; } "
-                text run at (60,145) width 105: "/* Formatting */"
-                text run at (1,163) width 141: "HTML { color: black;"
-                text run at (1,181) width 140: "background: green; } "
-                text run at (140,181) width 57: "HEAD {"
-                text run at (1,199) width 195: "color: white; background: red;"
-                text run at (1,217) width 12: "} "
-                text run at (12,217) width 151: "BODY { color: yellow;"
-                text run at (1,235) width 124: "background: teal; }"
-          RenderTableCell {BODY} at (246,41) size 491x1355 [color=#FFFF00] [bgcolor=#008080] [border: (5px solid #FFFF00)] [r=0 c=1 rs=1 cs=1]
-            RenderBlock {H1} at (21,94) size 449x76 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 152x37
-                text run at (1,1) width 152: "Rendering "
-              RenderInline {CODE} at (153,6) size 63x30
-                RenderText {#text} at (153,6) size 63x30
-                  text run at (153,6) width 63: "BODY"
-              RenderText {#text} at (215,1) size 69x37
-                text run at (215,1) width 69: " and "
-              RenderInline {CODE} at (283,6) size 63x30
-                RenderText {#text} at (283,6) size 63x30
-                  text run at (283,6) width 63: "HEAD"
-              RenderText {#text} at (1,1) size 382x74
-                text run at (345,1) width 38: " as"
-                text run at (1,38) width 156: "children of "
-              RenderInline {CODE} at (156,43) size 64x30
-                RenderText {#text} at (156,43) size 64x30
-                  text run at (156,43) width 64: "HTML"
-              RenderText {#text} at (219,38) size 44x37
-                text run at (219,38) width 44: " - 2"
-            RenderBlock {P} at (21,202) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 393x18
-                text run at (1,1) width 393: "If you have any comments to make regarding this test, e-mail"
-              RenderInline {A} at (1,19) size 186x18 [color=#0000EE]
-                RenderText {#text} at (1,19) size 186x18
-                  text run at (1,19) width 186: "py8ieh=eviltests@bath.ac.uk"
-              RenderText {#text} at (186,19) size 5x18
-                text run at (186,19) width 5: "."
-            RenderBlock {DL} at (21,256) size 449x92 [border: (1px dotted #FFFF00)]
-              RenderBlock {DT} at (1,1) size 447x18
-                RenderText {#text} at (0,0) size 83x18
-                  text run at (0,0) width 83: "Prerequisites"
-              RenderBlock {DD} at (41,19) size 407x72
-                RenderText {#text} at (0,0) size 392x54
-                  text run at (0,0) width 392: "Browsers that are subjected to this test should support the the"
-                  text run at (0,18) width 388: "background, padding, margin, border and color properties of"
-                  text run at (0,36) width 160: "CSS, and in addition the "
-                RenderInline {CODE} at (160,38) size 63x15
-                  RenderText {#text} at (160,38) size 63x15
-                    text run at (160,38) width 63: "overflow"
-                RenderText {#text} at (0,36) size 400x36
-                  text run at (222,36) width 178: " property and fixed position"
-                  text run at (0,54) width 109: "stuff from CSS2."
-            RenderBlock {H2} at (21,372) size 449x58 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 439x56
-                text run at (1,1) width 439: "1. Making the BODY and the HEAD into a"
-                text run at (1,29) width 51: "table"
-            RenderBlock {P} at (21,454) size 449x20 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 264x18
-                text run at (1,1) width 264: "This is really evil, but completely valid..."
-            RenderBlock {P} at (21,490) size 449x110 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 430x108
-                text run at (1,1) width 426: "This document should have two cells, side by side: one on the left,"
-                text run at (1,19) width 426: "the other on the right. The one on the left should be red with white"
-                text run at (1,37) width 430: "writing and a thick white border. It should contain four dotted lines"
-                text run at (1,55) width 388: "separated by a blank line, followed by a dotted bordered box"
-                text run at (1,73) width 403: "containing the document title, and another dotted bordered box"
-                text run at (1,91) width 286: "containing the stylesheet, also shown below:"
-            RenderBlock {PRE} at (21,616) size 449x17 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 40x15
-                text run at (1,1) width 40: "  ..."
-                text run at (40,1) width 1: " "
-            RenderBlock {P} at (21,649) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 419x36
-                text run at (1,1) width 419: "The dotted borders and lines and the text in the left cell should be"
-                text run at (1,19) width 40: "white."
-            RenderBlock {P} at (21,703) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 447x36
-                text run at (1,1) width 447: "The right cell should be teal, with yellow text. This paragraph you are"
-                text run at (1,19) width 255: "reading now should be in this right cell."
-            RenderBlock {P} at (21,757) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 413x36
-                text run at (1,1) width 413: "The width of the two cells is left up to the user agent to decide, I"
-                text run at (1,19) width 37: "think."
-            RenderBlock {P} at (21,811) size 449x74 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 443x72
-                text run at (1,1) width 443: "The right cell should look similar to the left cell in formatting -- each"
-                text run at (1,19) width 442: "box of text should have a yellow dotted border, and there should be a"
-                text run at (1,37) width 420: "blank line between each such box. No box should be nested -- the"
-                text run at (1,55) width 356: "dotted boxes should always be distinct from each other."
-            RenderBlock {P} at (21,901) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 417x36
-                text run at (1,1) width 417: "The cells should be the same height, and they should have grown"
-                text run at (1,19) width 229: "vertically to accommodate this text."
-            RenderBlock {P} at (21,955) size 449x56 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 437x54
-                text run at (1,1) width 436: "Around the whole setup should be two borders, dark green and light"
-                text run at (1,19) width 437: "green. The cells should be separated from each other and from these"
-                text run at (1,37) width 230: "outer borders by 1em of dark green."
-            RenderBlock {P} at (21,1027) size 449x38 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 446x36
-                text run at (1,1) width 446: "There should also be some alternate stylesheets set up to allow you to"
-                text run at (1,19) width 388: "display the <META> content. This may help with diagnosis."
-            RenderBlock {H2} at (21,1089) size 449x30 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 156x28
-                text run at (1,1) width 156: "Submit Results"
-            RenderBlock {FORM} at (21,1143) size 449x90 [border: (1px dotted #FFFF00)]
-              RenderBlock {P} at (1,17) size 447x56
-                RenderText {#text} at (0,0) size 263x18
-                  text run at (0,0) width 263: "How does your browser fare on this test?"
-                RenderMenuList {SELECT} at (0,19) size 447x18 [color=#000000] [bgcolor=#FFFFFF]
-                  RenderBlock (anonymous) at (0,0) size 447x18
-                    RenderText at (8,2) size 212x13
-                      text run at (8,2) width 212: "Document renders exactly as described."
-                RenderText {#text} at (0,0) size 0x0
-                RenderInline {LABEL} at (0,37) size 219x18
-                  RenderText {#text} at (0,37) size 72x18
-                    text run at (0,37) width 72: "Comment: "
-                  RenderTextControl {INPUT} at (71,37) size 148x19 [color=#000000] [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                RenderText {#text} at (218,37) size 5x18
-                  text run at (218,37) width 5: " "
-                RenderButton {INPUT} at (222,38) size 54x18 [color=#000000D8] [bgcolor=#C0C0C0] [border: none (2px outset #C0C0C0) none (2px outset #C0C0C0)]
-                  RenderBlock (anonymous) at (8,2) size 37x13
-                    RenderText at (0,0) size 37x13
-                      text run at (0,0) width 37: "Submit"
-                RenderText {#text} at (0,0) size 0x0
-            RenderBlock {P} at (21,1267) size 449x20 [border: (1px dotted #FFFF00)]
-              RenderInline {A} at (1,1) size 162x18 [color=#0000EE]
-                RenderText {#text} at (1,1) size 162x18
-                  text run at (1,1) width 162: "Up to the Evil Tests Page"
-              RenderText {#text} at (162,1) size 5x18
-                text run at (162,1) width 5: "."
-            RenderBlock {P} at (21,1303) size 449x20 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 177x18
-                text run at (1,1) width 177: "This page is maintained by "
-              RenderInline {A} at (177,1) size 79x18 [color=#0000EE]
-                RenderText {#text} at (177,1) size 79x18
-                  text run at (177,1) width 79: "Ian Hickson"
-              RenderText {#text} at (255,1) size 10x18
-                text run at (255,1) width 10: " ("
-              RenderInline {A} at (264,1) size 125x18 [color=#0000EE]
-                RenderText {#text} at (264,1) size 125x18
-                  text run at (264,1) width 125: "py8ieh@bath.ac.uk"
-              RenderText {#text} at (388,1) size 10x18
-                text run at (388,1) width 10: ")."
-            RenderBlock {P} at (21,1339) size 449x20 [border: (1px dotted #FFFF00)]
-              RenderText {#text} at (1,1) size 172x18
-                text run at (1,1) width 172: "Last updated in June 1999."
-layer at (367,1224) size 141x13 backgroundClip at (367,1224) size 140x13 clip at (367,1224) size 140x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (291,1273) size 449x2 clip at (0,0) size 0x0
-  RenderBlock {HR} at (21,1249) size 449x2 [color=#808080] [border: (1px dotted #808080)]
diff --git a/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug92647-1-expected.txt b/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug92647-1-expected.txt
deleted file mode 100644
index ea6ffd8358f59..0000000000000
--- a/LayoutTests/platform/mac-ventura/tables/mozilla_expected_failures/bugs/bug92647-1-expected.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x576
-      RenderBlock {FORM} at (0,0) size 784x83
-        RenderTable {TABLE} at (0,0) size 296x83 [border: (1px outset #000000)]
-          RenderTableSection {TBODY} at (1,1) size 294x81
-            RenderTableRow {TR} at (0,2) size 294x77
-              RenderTableCell {TD} at (2,2) size 290x77 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                RenderTable {TABLE} at (2,2) size 286x73 [border: (2px outset #000000)]
-                  RenderTableSection {TBODY} at (2,2) size 282x69
-                    RenderTableRow {TR} at (0,2) size 282x40
-                      RenderTableCell {TD} at (2,2) size 81x40 [border: (1px inset #000000)] [r=0 c=0 rs=1 cs=1]
-                        RenderText {#text} at (2,2) size 57x36
-                          text run at (2,2) width 55: "Member"
-                          text run at (2,20) width 57: "Number:"
-                      RenderTableCell {TD} at (84,10) size 190x24 [border: (1px inset #000000)] [r=0 c=1 rs=1 cs=1]
-                        RenderTextControl {INPUT} at (2,10) size 147x20 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                        RenderText {#text} at (0,0) size 0x0
-                    RenderTableRow {TR} at (0,44) size 282x23
-                      RenderTableCell {TD} at (2,44) size 81x23 [border: (1px inset #000000)] [r=1 c=0 rs=1 cs=1]
-                        RenderText {#text} at (2,2) size 31x19
-                          text run at (2,2) width 31: "PIN:"
-                      RenderTableCell {TD} at (84,44) size 190x23 [border: (1px inset #000000)] [r=1 c=1 rs=1 cs=1]
-                        RenderTextControl {INPUT} at (2,2) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-                          RenderFlexibleBox {DIV} at (3,3) size 141x13
-                            RenderBlock {DIV} at (0,0) size 141x13
-                        RenderText {#text} at (0,0) size 0x0
-                      RenderTableCell {TD} at (275,53) size 5x5 [border: (1px inset #000000)] [r=1 c=2 rs=1 cs=1]
-layer at (105,31) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
-layer at (105,64) size 141x13
-  RenderBlock {DIV} at (0,0) size 141x13
diff --git a/LayoutTests/platform/mac-ventura/transforms/3d/general/perspective-non-layer-expected.txt b/LayoutTests/platform/mac-ventura/transforms/3d/general/perspective-non-layer-expected.txt
deleted file mode 100644
index e5b1794c50a57..0000000000000
--- a/LayoutTests/platform/mac-ventura/transforms/3d/general/perspective-non-layer-expected.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-layer at (0,0) size 800x600
-  RenderView at (0,0) size 800x600
-layer at (0,0) size 800x600
-  RenderBlock {HTML} at (0,0) size 800x600
-    RenderBody {BODY} at (8,8) size 784x584
-      RenderBlock (anonymous) at (0,0) size 784x19
-        RenderInline {SPAN} at (0,0) size 147x18
-          RenderText {#text} at (0,0) size 0x0
-          RenderTextControl {INPUT} at (0,0) size 147x19 [bgcolor=#FFFFFF] [border: (2px inset #808080)]
-          RenderText {#text} at (0,0) size 0x0
-      RenderBlock (anonymous) at (0,19) size 784x0
-        RenderBlock {DIV} at (0,0) size 784x0
-      RenderBlock (anonymous) at (0,19) size 784x0
-        RenderInline {SPAN} at (0,0) size 0x0
-layer at (11,11) size 141x13
-  RenderBlock {DIV} at (3,3) size 141x13
diff --git a/LayoutTests/platform/mac-wk1/TestExpectations b/LayoutTests/platform/mac-wk1/TestExpectations
index 1df112037c79a..80933539efc13 100644
--- a/LayoutTests/platform/mac-wk1/TestExpectations
+++ b/LayoutTests/platform/mac-wk1/TestExpectations
@@ -2594,28 +2594,19 @@ imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/b
 imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-unicode.html?wss [ Pass Failure ]
 
 #webkit.org/b/248537 Batch mark expectations for Ventura test failures
-[ Ventura+ arm64 ] svg/transforms/transformed-text-fill-pattern.html [ ImageOnlyFailure ]
-[ Ventura+ ] media/accessibility-describes-video.html [ Crash ]
-[ Ventura+ ] media/modern-media-controls/pip-support/pip-support-click.html [ Pass Crash ]
-[ Ventura+ ] media/audio-playback-restriction-removed-track-enabled.html  [ Crash ]
-[ Ventura+ ] media/modern-media-controls/media-controller/media-controller-auto-hide-rewind-with-mouse-enter.html  [ Crash ]
-[ Ventura+ ] media/modern-media-controls/media-controls/media-controls-display-above-captions.html  [ Crash ]
-[ Ventura+ ] media/track/track-delete-during-setup.html  [ Crash ]
-[ Ventura+ ] media/track/track-in-band-cues-added-once.html  [ Crash ]
-[ Ventura+ ] media/track/track-in-band.html  [ Crash ]
-[ Ventura+ ] media/track/track-long-captions-file.html  [ Crash ]
-imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html [ Pass Failure ]
-[ Ventura+ ] http/wpt/webaudio/audioworklet-addModule-cors.sub.https.html
+[ arm64 ] svg/transforms/transformed-text-fill-pattern.html [ ImageOnlyFailure ]
+media/modern-media-controls/media-controller/media-controller-auto-hide-rewind-with-mouse-enter.html [ Pass Crash ]
+media/track/track-in-band-cues-added-once.html [ Pass Crash ]
+[ Debug ] media/track/track-long-captions-file.html [ Pass Crash ]
+imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html [ Failure ]
 http/wpt/fetch/fetch-metadata-websocket.html [ Failure ]
 http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html [ Pass Failure ]
-http/tests/media/hls/hls-webvtt-seek-backwards.html [ Timeout Crash ]
-[ Ventura+ ] http/tests/media/hls/hls-webvtt-default.html [ Crash ]
-[ Ventura+ ] http/tests/inspector/network/resource-timing.html [ Failure ]
+http/tests/media/hls/hls-webvtt-seek-backwards.html [ Timeout Failure ]
+http/tests/inspector/network/resource-timing.html [ Pass Failure ]
 http/tests/inspector/network/resource-security-certificate.html [ Pass Failure ]
-[ Ventura+ ] http/tests/inspector/network/getSerializedCertificate.html [ Failure ]
-[ Ventura+ arm64 ] fast/writing-mode/english-bt-text-with-spelling-marker.html [ ImageOnlyFailure ]
+http/tests/inspector/network/getSerializedCertificate.html [ Pass Failure ]
 css3/scroll-snap/scroll-padding-mainframe-paging.html [ Failure ]
-[ Ventura+ ] compositing/fixed-with-main-thread-scrolling.html [ ImageOnlyFailure ]
+compositing/fixed-with-main-thread-scrolling.html [ ImageOnlyFailure ]
 
 # https://bugs.webkit.org/show_bug.cgi?id=249544
 # Generic Permissions API is not supported in WK1
@@ -2700,8 +2691,7 @@ webkit.org/b/259546 [ Debug ] media/modern-media-controls/tracks-support/text-tr
 webkit.org/b/260070 fast/selectors/style-invalidation-hover-change-descendants.html [ Pass Failure ]
 webkit.org/b/260070 fast/selectors/style-invalidation-hover-change-siblings.html [ Failure ]
 
-webkit.org/b/260107 [ Debug ] http/wpt/workers/modules/dedicated-worker-import-csp.html [ Skip ]
-webkit.org/b/260111 [ Ventura+ Release ] http/wpt/workers/modules/dedicated-worker-import-csp.html [ Pass Failure ]
+webkit.org/b/264258 http/wpt/workers/modules/dedicated-worker-import-csp.html [ Pass Failure ]
 
 webkit.org/b/260280 fullscreen/fullscreen-no-scrollbars-on-ancestor-root.html [ ImageOnlyFailure ]
 
@@ -2712,8 +2702,6 @@ imported/w3c/web-platform-tests/css/css-backgrounds/background-clip-content-box-
 imported/w3c/web-platform-tests/css/selectors/invalidation/nth-last-child-in-shadow-root.html [ ImageOnlyFailure ]
 imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-085.html [ ImageOnlyFailure ]
 
-webkit.org/b/260888 [ Ventura+ ] media/track/track-user-stylesheet-override.html [ Crash ]
-
 webkit.org/b/261312 inspector/timeline/timeline-event-CancelAnimationFrame.html [ Pass Failure ]
 webkit.org/b/261312 inspector/timeline/timeline-event-performance-mark.html [ Pass Failure ]
 webkit.org/b/261312 inspector/timeline/timeline-event-RequestAnimationFrame.html [ Pass Failure ]
@@ -2772,13 +2760,12 @@ http/tests/media/fairplay/legacy-fairplay-hls.html [ Pass Failure ]
 
 # webkit.org/b/261308 Batch mark expectations for flaky imported/w3c/web-platform-tests
 imported/w3c/web-platform-tests/cookies/path/default.html [ Pass Failure ]
-imported/w3c/web-platform-tests/css/motion/offset-path-shape-polygon-002.html [ Pass ImageOnlyFailure ]
-imported/w3c/web-platform-tests/css/motion/offset-path-shape-polygon-003.html [ Pass ImageOnlyFailure ]
-imported/w3c/web-platform-tests/css/css-masking/clip-path/animations/clip-path-animation-custom-timing-function.html [ Pass ImageOnlyFailure ]
+imported/w3c/web-platform-tests/css/motion/offset-path-shape-polygon-002.html [ ImageOnlyFailure ]
+imported/w3c/web-platform-tests/css/motion/offset-path-shape-polygon-003.html [ ImageOnlyFailure ]
+imported/w3c/web-platform-tests/css/css-masking/clip-path/animations/clip-path-animation-custom-timing-function.html [ ImageOnlyFailure ]
 imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.transfer.to.imagebitmap.w.html [ Pass Failure ]
-[ Ventura+ ] imported/w3c/web-platform-tests/css/css-backgrounds/background-size-percentage-root.html [ Pass ImageOnlyFailure ]
 
-webkit.org/b/261427 [ Ventura+ ] media/track/track-in-band-mode.html [ Pass Crash ]
+webkit.org/b/261427 media/track/track-in-band-mode.html [ Pass Crash ]
 
 webkit.org/b/261618 [ Debug ] imported/w3c/web-platform-tests/preload/link-header-preload-non-html.html [ Pass Crash ]
 
@@ -2840,10 +2827,6 @@ fast/dom/no-scroll-when-command-click-fragment-URL.html [ Skip ]
 # Deletes nodes asynchronously using OpportunisticTaskScheduler, which is disabled on WK1
 intersection-observer/root-element-deleted.html [ Skip ]
 
-# webkit.org/b/267799 [ Ventura wk1 ] 2 tests in media/track are constant crash
-[ Ventura ] media/track/track-in-band-layout.html [ Crash ]
-[ Ventura ] media/track/track-paint-on-captions.html [ Crash ]
-
 # webkit.org/b/273522 2 backdrop-filter tests in imported/w3c/web-platform-tests/css/filter-effects are constant failures
 [ Sonoma+ ] imported/w3c/web-platform-tests/css/filter-effects/backdrop-filters-grayscale-001.html [ ImageOnlyFailure ]
 [ Sonoma+ ] imported/w3c/web-platform-tests/css/filter-effects/backdrop-filters-sepia.html [ ImageOnlyFailure ]
@@ -2864,8 +2847,6 @@ webkit.org/b/270310 [ Sonoma+ ] imported/w3c/web-platform-tests/html/semantics/i
 
 webkit.org/b/270385 [ Sonoma+ ] fast/images/jpegxl-with-color-profile.html [ ImageOnlyFailure ]
 
-webkit.org/b/259485 [ Ventura ] http/tests/media/hls/track-in-band-multiple-cues.html [ Skip ]
-
 # webkit.org/b/270199 [ MacOS WK1 Debug ] fast/frames/lots-of-iframes.html and fast/frames/lots-of-objects.html are consistent/flaky timeouts
 [ Debug ] fast/frames/lots-of-iframes.html [ Pass Timeout ]
 [ Debug ] fast/frames/lots-of-objects.html [ Pass Timeout ]
@@ -2897,9 +2878,9 @@ imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties
 [ Sonoma+ ] imported/w3c/web-platform-tests/worklets/paint-worklet-credentials.https.html [ Pass Failure ]
 
 # webkit.org/b/272115 REGRESSION (274826@main): [ Sonoma WK1 ] 2X imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades tests are flaky failures
-[ Ventura+ ] imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub.html [ Pass Failure ]
-[ Ventura+ ] imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub.html [ Pass Failure ]
-[ Ventura+ ] imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub.html [ Pass Failure ]
+imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub.html [ Failure ]
+imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub.html [ Failure ]
+imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/mixed-content-cors.https.sub.html [ Failure ]
 
 # webkit.org/b/272081 [web-animations] update WPT import for web-animations
 [ Sonoma ] imported/w3c/web-platform-tests/css/filter-effects/css-filters-animation-drop-shadow.html [ ImageOnlyFailure ]
@@ -2910,40 +2891,25 @@ imported/w3c/web-platform-tests/css/css-typed-om/the-stylepropertymap/properties
 [ Sonoma+ ] imported/w3c/web-platform-tests/web-animations/animation-model/side-effects-of-animations-in-effect.html [ ImageOnlyFailure ]
 
 # webkit.org/b/272926 [ Ventura wk1 ] 8 tests in imported/w3c/web-platform-tests/workers are flaky failures
-[ Ventura ] imported/w3c/web-platform-tests/worklets/animation-worklet-credentials.https.html [ Pass Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/worklets/audio-worklet-credentials.https.html [ Pass Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/worklets/audio-worklet-csp.https.html [ Pass Failure ] 
-[ Ventura ] imported/w3c/web-platform-tests/worklets/audio-worklet-import.https.html [ Pass Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/worklets/audio-worklet-referrer.https.html [ Pass Failure ] 
-[ Ventura ] imported/w3c/web-platform-tests/worklets/layout-worklet-credentials.https.html [ Pass Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/worklets/paint-worklet-credentials.https.html [ Pass Failure ]
-[ Ventura+ ] imported/w3c/web-platform-tests/workers/modules/dedicated-worker-import-referrer.html [ Pass Failure ]
+imported/w3c/web-platform-tests/workers/modules/dedicated-worker-import-referrer.html [ Pass Failure ]
 
-webkit.org/b/272939 [ Ventura+ ] imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/referrer-strict-policies.sub.html [ Pass Failure ]
+webkit.org/b/272939 imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/referrer-strict-policies.sub.html [ Pass Failure ]
 
 webkit.org/b/273279 fonts/font-fallback-prefers-pictographs.html [ Skip ]
 
 # rdar://127055453 ([ EWS MacOS WK1 ] http/tests/media/hls/hls-webvtt-style.html is a flaky timeout (273251))
 http/tests/media/hls/hls-webvtt-style.html [ Pass Timeout ]
 
-# rdar://127302101 ([ Ventura WK1 Debug ] 2x imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-mode are constant crashes (273501))
-[ Ventura Debug ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-mode-disabled.html [ Skip ]
-[ Ventura Debug ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-mode.html [ Skip ]
-
 # Test relies on GPUP.
 fast/canvas/image-buffer-resource-limits.html [ Skip ]
 
-webkit.org/b/273577 [ Ventura ] http/tests/media/hls/track-webvtt-multitracks.html [ Skip ]
-
-# rdar://65188503
- platform/mac/media/media-source/is-type-supported-vp9-codec-check.html [ Skip ]
-
 # rdar://65188503
+platform/mac/media/media-source/is-type-supported-vp9-codec-check.html [ Skip ]
 platform/mac/media/mediacapabilities/vp9-decodingInfo-sw.html [ Skip ]
 
 # webkit.org/b/235733 Skip 2 editing/execCommand tests for making subsequent tests fail on wk1 Apple Silicon macs.
-[ release ] editing/execCommand/insert-newline-in-quoted-content-crash.html [ Skip ]
-[ release ] editing/execCommand/paste-as-quotation-disconnected-paragraph-ancestor-crash.html [ Skip ]
+[ Release ] editing/execCommand/insert-newline-in-quoted-content-crash.html [ Skip ]
+[ Release ] editing/execCommand/paste-as-quotation-disconnected-paragraph-ancestor-crash.html [ Skip ]
 
 webkit.org/b/260883 inspector/timeline/timeline-recording.html [ Skip ]
 
@@ -2951,6 +2917,9 @@ webkit.org/b/274409 imported/w3c/web-platform-tests/content-security-policy/repo
 
 webkit.org/b/276145 http/tests/security/block-popup-to-all-zero-address.html [ Skip ]
 
+# webkit.org/b/255427 [ Ventura ] 4/13 batch mark expectations and branch bugs
+[ x86_64 ] fast/shrink-wrap/rect-shrink-wrap.html [ Pass ImageOnlyFailure ]
+
 # rdar://124363343 ([ Sequoia+ ] Multiple WebKit tests failing after explicit "SameSite" attribute change)
 http/tests/xmlhttprequest/cross-origin-authorization.html [ Failure ]
 
@@ -3014,17 +2983,17 @@ webkit.org/b/284068 [ Sequoia+ ] http/tests/download/anchor-download-redirect-cr
 webkit.org/b/284200 [ Sequoia+ ] http/tests/websocket/tests/hybi/websocket-allowed-setting-cookie-as-third-party.https.html [ Failure ]
 webkit.org/b/284200 [ Sequoia+ ] http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.https.html [ Failure ]
 
-webkit.org/b/284486 [ Ventura+ ] imported/w3c/web-platform-tests/css/css-grid/subgrid/alignment-in-subgridded-axes-001.html [ Pass Failure ]
-webkit.org/b/284486 [ Ventura+ ] imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-005.html [ Pass Failure ]
-webkit.org/b/284486 [ Ventura+ ] imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-006.html [ Pass Failure ]
-webkit.org/b/284486 [ Ventura+ ] imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-007.html [ Pass Failure ]
+webkit.org/b/284486 imported/w3c/web-platform-tests/css/css-grid/subgrid/alignment-in-subgridded-axes-001.html [ Pass Failure ]
+webkit.org/b/284486 imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-005.html [ Pass Failure ]
+webkit.org/b/284486 imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-006.html [ Pass Failure ]
+webkit.org/b/284486 imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid-baseline-007.html [ Pass Failure ]
 
-webkit.org/b/284898 [ Ventura+ ] fonts/font-weight-invalid-crash.html [ Pass Failure ]
-webkit.org/b/284898 [ Ventura+ ] fonts/ligature.html [ Pass Failure ImageOnlyFailure ]
+webkit.org/b/284898 fonts/font-weight-invalid-crash.html [ Pass Failure ]
+webkit.org/b/284898 fonts/ligature.html [ Pass Failure ImageOnlyFailure ]
 
-webkit.org/b/284954 [ Ventura+ ] imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html [ Pass Failure ]
+webkit.org/b/284954 imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-child-with-border.html [ Pass Failure ]
 
-webkit.org/b/285089 [ Ventura+ Debug ] imported/w3c/web-platform-tests/editing/crashtests/replace-document-root-and-refocus-window.html [ Skip ]
+webkit.org/b/285089 [ Debug ] imported/w3c/web-platform-tests/editing/crashtests/replace-document-root-and-refocus-window.html [ Skip ]
 
 webkit.org/b/286159 [ Debug ] fast/canvas/webgl/tex-image-and-sub-image-2d-with-video-rgba4444.html [ Pass Failure ]
 
@@ -3036,7 +3005,7 @@ webkit.org/b/286392 imported/w3c/web-platform-tests/css/css-grid/subgrid/subgrid
 
 webkit.org/b/286602 media/media-source/media-detachablemse-append.html [ Pass Failure ]
 
-webkit.org/b/255555 [ Ventura+ ] imported/w3c/web-platform-tests/xhr/request-content-length.any.worker.html [ Pass Failure ]
+webkit.org/b/255555 imported/w3c/web-platform-tests/xhr/request-content-length.any.worker.html [ Pass Failure ]
 
 webkit.org/b/287713 printing/background-clip-text.html [ Failure ]
 
diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations
index 8dd48e8fdbc16..2667e00bbdda5 100644
--- a/LayoutTests/platform/mac-wk2/TestExpectations
+++ b/LayoutTests/platform/mac-wk2/TestExpectations
@@ -722,8 +722,6 @@ imported/blink/fast/multicol/dynamic/add-spanner-inside-overflow-hidden.html [ P
 imported/blink/fast/multicol/newmulticol/multicol-becomes-regular-block.html [ Pass ImageOnlyFailure ]
 imported/blink/fast/transforms/transform-update-frame-overflow.html [ Pass ImageOnlyFailure ]
 
-webkit.org/b/261208 [ Ventura Release ] fast/text-autosizing/ios/text-autosizing-after-back.html [ Pass ImageOnlyFailure ]
-
 # PiP tests are only enabled for Sierra WebKit2.
 # rdar://problem/27574303
 media/fullscreen-api-enabled-media-with-presentation-mode.html [ Pass ]
@@ -1389,43 +1387,27 @@ webkit.org/b/245010 imported/w3c/web-platform-tests/html/browsers/browsing-the-w
 [ Debug ] http/tests/security/showModalDialog-sync-cross-origin-page-load2.html [ Skip ]
 [ Debug ] imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/choose-default-001.html [ Skip ]
 
-webkit.org/b/254778 [ Ventura Debug arm64 ] fast/images/avif-image-decoding.html [ Pass Crash ]
-
 #webkit.org/b/248537 Batch mark expectations for Ventura test failures
-[ Ventura+ ] webrtc/canvas-to-peer-connection-2d.html [ Pass Timeout ]
-[ Ventura+ ] webrtc/canvas-to-peer-connection.html [ Pass Failure Timeout ]
-[ Ventura+ ] webrtc/captureCanvas-webrtc-software-h264-baseline.html [ Pass Failure Timeout ]
-[ Ventura+ ] scrollbars/scrolling-backward-by-page-on-keyboard-spacebar.html [ Pass Failure ]
-[ Ventura+ ] webaudio/decode-audio-data-webm-vorbis.html [ Failure ]
-[ Ventura+ x86_64 ] svg/gradients/spreadMethodAlpha.svg [ ImageOnlyFailure ]
-[ Ventura+ x86_64 ] scrollbars/scrolling-by-page-accounting-oversized-fixed-elements-on-keyboard-spacebar.html [ Pass Failure ]
-[ Ventura+ ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/autoplay-allowed-by-feature-policy-attribute.https.sub.html [ Pass Failure ]
-imported/mozilla/svg/blend-color.svg [ Pass ImageOnlyFailure ]
-imported/w3c/web-platform-tests/css/css-grid/alignment/grid-item-aspect-ratio-stretch-2.html [ Pass ImageOnlyFailure ]
-imported/mozilla/svg/blend-luminosity.svg [ Pass ImageOnlyFailure ]
-[ Debug arm64 ] imported/w3c/web-platform-tests/fetch/api/request/destination/fetch-destination-frame.https.html [ Crash ]
-[ Ventura+ Debug x86_64 ] fast/visual-viewport/viewport-dimensions-exclude-custom-scrollbars.html [ Pass Failure ]
-[ Ventura+ Debug x86_64 ] fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolled-down-then-up.html [ Failure ]
-[ Ventura+ Debug x86_64 ] fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolled-down.html [ Failure ]
-[ Ventura+ Debug x86_64 ] fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolling-layers-state.html [ Failure ]
+webrtc/canvas-to-peer-connection-2d.html [ Pass Failure ]
+webrtc/canvas-to-peer-connection.html [ Pass Failure ]
+[ Sequoia x86_64 ] webrtc/captureCanvas-webrtc-software-h264-baseline.html [ Pass Failure ]
+webaudio/decode-audio-data-webm-vorbis.html [ Failure ]
+[ x86_64 ] scrollbars/scrolling-by-page-accounting-oversized-fixed-elements-on-keyboard-spacebar.html [ Pass Failure ]
+imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/autoplay-allowed-by-feature-policy-attribute.https.sub.html [ Pass Failure ]
+[ x86_64 ] imported/mozilla/svg/blend-color.svg [ ImageOnlyFailure ]
+[ x86_64 ] imported/w3c/web-platform-tests/css/css-grid/alignment/grid-item-aspect-ratio-stretch-2.html [ Pass ImageOnlyFailure ]
+[ x86_64 ] imported/mozilla/svg/blend-luminosity.svg [ ImageOnlyFailure ]
 fast/speechrecognition/start-recognition-then-stop.html [ Pass Failure ]
-[ x86_64 ] fast/mediastream/getUserMedia-to-canvas-1.html [ Pass Timeout ]
 [ x86_64 ] fast/mediastream/getUserMedia-to-canvas-2.html [ Pass Timeout ]
 fast/borders/border-painting-correctness-dashed.html [ ImageOnlyFailure ]
 fast/borders/border-painting-correctness-dotted.html [ ImageOnlyFailure ]
 [ x86_64 ] css3/blending/background-blend-mode-body-image.html [ ImageOnlyFailure ]
-[ Ventura+ ] fast/images/animated-heics-draw.html [ Pass Timeout ]
-[ Ventura+ ]  http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-in-js.html [ Failure ]
-[ Ventura+ x86_64 ] imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html [ Pass Failure ]
-[ Ventura+ x86_64 ] imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_go_no_argument.html [ Pass Failure ]
-[ x86_64 ] scrollbars/scrolling-by-page-on-keyboard-spacebar.html [ Pass Failure ]
-[ Ventura+ ] platform/mac-wk2/plugins/asynchronous-destroy-before-initialization.html [ Pass Failure ]
+http/tests/resourceLoadStatistics/capped-lifetime-for-cookie-set-in-js.html [ Failure ]
+[ x86_64 ] imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html [ Failure ]
+[ arm64 ] imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_go_no_argument.html [ Pass Failure ]
 imported/w3c/web-platform-tests/workers/SharedWorker_dataUrl.html [ Pass Failure ]
-[ Ventura+ Debug x86_64 ] webrtc/datachannel/bufferedAmountLowThreshold-default.html [ Pass Failure ]
-[ Ventura Debug x86_64 ] editing/caret/color-span-inside-editable-background.html [ Pass ImageOnlyFailure ]
-[ Ventura+ x86_64 ] fast/css/text-overflow-input-focus-placeholder.html [ Pass ImageOnlyFailure ]
-[ Ventura+ x86_64 Debug ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-3d-rg32f-rg-float.html [ Pass Timeout ]
-[ Ventura+ Debug x86_64 ] webgl/2.0.0/conformance/state/gl-object-get-calls.html [ Pass Timeout ]
+[ x86_64 Debug ] webgl/2.0.0/conformance2/textures/canvas_sub_rectangle/tex-3d-rg32f-rg-float.html [ Pass Failure ]
+css3/scroll-snap/scroll-padding-overflow-paging.html [ Pass Failure ]
 
 # WebGL in OffscreenCanvas requires the GPUP.
 imported/w3c/web-platform-tests/html/canvas/offscreen/manual/the-offscreen-canvas/offscreencanvas.getcontext.worker.html [ Skip ]
@@ -1472,9 +1454,7 @@ webkit.org/b/238749 imported/w3c/web-platform-tests/html/semantics/interactive-e
 [ Debug ] imported/w3c/web-platform-tests/webcodecs/videoFrame-construction.crossOriginSource.sub.html [ Pass Failure ]
 imported/w3c/web-platform-tests/css/css-sizing/aspect-ratio/replaced-element-035.html [ Pass ImageOnlyFailure ]
 fast/forms/file/entries-api/image-no-transcode-open-panel.html [ Pass Crash ]
-[ Debug Ventura arm64 ] http/tests/media/modern-media-controls/overflow-support/playback-speed-live-broadcast.html [ Pass Crash ]
 [ Debug arm64 ] media/track/track-css-visible-stroke.html [ Pass Crash ]
-[ Ventura Debug arm64 ] http/tests/media/modern-media-controls/skip-back-support/skip-back-support-button-click.html [ Pass Crash ]
 media/track/video-track-addition-and-frame-removal.html [ Pass Crash ]
 media/track/track-cue-left-align.html [ Pass Crash ]
 http/tests/media/modern-media-controls/skip-back-support/skip-back-support-live-broadcast.html [ Pass Crash ]
@@ -1502,8 +1482,6 @@ webkit.org/b/259464 fast/events/wheel/redispatched-wheel-event.html [ Pass Failu
 
 webkit.org/b/259708 fast/mediastream/video-rotation-gpu-process-crash.html [ Pass Crash Failure Timeout ]
 
-webkit.org/b/259740 [ Ventura Release arm64 ] css3/color-filters/color-filter-outline.html [ Pass ImageOnlyFailure ]
-
 webkit.org/b/260113 [ arm64 ] http/wpt/webauthn/ctap-hid-failure.https.html [ Pass Failure ]
 
 # These tests require compile-time flags in WebKit that are only enabled in iOS 17 and Sonoma. They were marked as Skip in
@@ -1549,8 +1527,6 @@ webkit.org/b/260113 [ arm64 ] http/wpt/webauthn/ctap-hid-failure.https.html [ Pa
 
 webkit.org/b/239627 [ arm64 ] fast/scrolling/mac/adjust-scroll-snap-during-gesture.html [ Pass Failure ]
 
-webkit.org/b/260917 [ Ventura ] fast/forms/border-color-relayout.html [ Pass ImageOnlyFailure ]
-
 # Enable Sonoma only test added in rdar://110488738.
 [ Sonoma+ ] accessibility/mac/attributed-string/attributed-string-has-completion-annotation.html [ Pass ]
 
@@ -1582,7 +1558,7 @@ webkit.org/b/261226 [ Sonoma+ ] fast/images/mac/play-pause-individual-animation-
 webkit.org/b/263044 imported/w3c/web-platform-tests/webrtc-stats/supported-stats.https.html [ Pass Failure ]
 
 # webkit.org/b/261308 Batch mark expectations for flaky imported/w3c/web-platform-tests
-[ Ventura+ ] imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ Pass Failure ]
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ Pass Failure ]
 
 webkit.org/b/261344 requestidlecallback/requestidlecallback-does-not-block-timer.html [ Pass Failure ]
 
@@ -1613,7 +1589,7 @@ webkit.org/b/263396 css3/color/text.html [ Skip ]
 fast/webgpu/nocrash/fuzz-286820.html [ Skip ]
 
 # skipped outside of macOS Sequoia due to crash in failed allocation
-[ Ventura Sonoma ] fast/webgpu/nocrash/fuzz-279086.html [ Skip ]
+[ Sonoma ] fast/webgpu/nocrash/fuzz-279086.html [ Skip ]
 
 # skipped on non-AS due to requiring features unavailable on Intel
 [ x86_64 ] fast/webgpu/nocrash/fuzz-273021.html [ Skip ]
@@ -1632,7 +1608,7 @@ fast/webgpu/nocrash/fuzz-286820.html [ Skip ]
 [ x86_64 ] fast/webgpu/nocrash/fuzz-282710.html [ Skip ]
 
 # skipped due to failing when run in stress test mode
-[ Ventura Sonoma ] fast/webgpu/nocrash/RenderBundle_WRITE.html [ Skip ]
+[ Sonoma ] fast/webgpu/nocrash/RenderBundle_WRITE.html [ Skip ]
 
 [ Release arm64 Sequoia+ ] http/tests/webgpu/webgpu/api [ Pass Failure Timeout ]
 [ Release arm64 Sequoia+ ] http/tests/webgpu/webgpu/shader [ Pass Failure Timeout ]
@@ -1681,11 +1657,7 @@ http/tests/webgpu/webgpu/shader/execution/flow_control/switch.html [ Pass ]
 # arm64 release only because the tests are incredibly slow due to their extensiveness
 [ Release arm64 ] http/tests/webgpu/webgpu/shader/execution/shader_io [ Pass ]
 
-webkit.org/b/264266 [ Ventura+ x86_64 ] imported/w3c/web-platform-tests/css/filter-effects/filters-drop-shadow-002.html [ ImageOnlyFailure ]
-
 webkit.org/b/264306 fast/scrolling/mac/scrollbars/very-wide-overlay-scrollbar.html [ Pass ImageOnlyFailure Timeout ]
-[ Ventura ] fast/scrolling/mac/scrollbars/scrollbar-width-dynamic-none-to-auto.html [ ImageOnlyFailure ]
-[ Ventura ] fast/scrolling/mac/scrollbars/scrollbar-width-paint-001.html [ ImageOnlyFailure ]
 
 webkit.org/b/265599 [ Sonoma+ Debug x86_64 ] imported/w3c/web-platform-tests/html/browsers/the-window-object/open-close/open-features-tokenization-noreferrer.html [ Pass Crash ]
 
@@ -1698,10 +1670,7 @@ http/wpt/opener/same-site-child-access-parent-iframe-via-windowproxy.html [ Pass
 
 webkit.org/b/265957 [ Release ] fullscreen/full-screen-layer-dump.html [ Pass Failure ]
 
-# rdar://102425691 ([ New Test ](256068@main): [ Ventura+ ] http/wpt/webcodecs/videoFrame-colorSpace.html is a consistent failure)
-[ Ventura+ ] http/wpt/webcodecs/videoFrame-colorSpace.html [ Pass Failure ]
-
-webkit.org/b/265954 [ Ventura+ Release x86_64 ] media/video-audio-session-mode.html [ Failure Crash ]
+webkit.org/b/265954 [ Release x86_64 ] media/video-audio-session-mode.html [ Failure Crash ]
 
 webkit.org/b/266490 [ Sonoma+ ] fast/scrolling/overlay-scrollbars-scroll-corner.html [ Pass ImageOnlyFailure ]
 
@@ -1738,7 +1707,7 @@ webkit.org/b/268398 [ Sonoma+ ] pdf/pdf-in-iframe-scrolling-tree-after-back.html
 [ Sonoma+ ] pdf/pdf-scrolling-tree-dynamic.html [ Failure Timeout ]
 [ Sonoma+ ] pdf/pdf-scrolling-tree.html [ Failure ]
 
-webkit.org/b/270235 [ Ventura+ Debug x86_64 ] webgl/pending/conformance/glsl/misc/shader-with-reserved-words-2.html [ Timeout ]
+webkit.org/b/270235 [ Debug x86_64 ] webgl/pending/conformance/glsl/misc/shader-with-reserved-words-2.html [ Timeout ]
 
 # webkit.org/b/266168 Two wheel/mousewheel passive event listeners WPT test pass on macOS Sonoma and up
 [ Sonoma+ ] imported/w3c/web-platform-tests/dom/events/non-cancelable-when-passive/passive-mousewheel-event-listener-on-div.html [ Pass ]
@@ -1746,14 +1715,9 @@ webkit.org/b/270235 [ Ventura+ Debug x86_64 ] webgl/pending/conformance/glsl/mis
 
 webkit.org/b/271318 [ Debug ] http/wpt/webauthn/public-key-credential-get-failure-local-silent.https.html [ Skip ]
 
-webkit.org/b/272685 [ Ventura+ x86_64 ] imported/w3c/web-platform-tests/svg/painting/reftests/percentage-attribute.svg [ ImageOnlyFailure ]
-
-# Inline predictions are only supported on Sonoma and later.
-[ Ventura ] editing/input/mac/show-inline-prediction-with-adjacent-text.html [ Skip ]
-[ Ventura ] editing/input/cocoa/writing-suggestions-textarea-multiple-lines.html [ Skip ]
-[ Ventura ] editing/input/cocoa/do-not-allow-inline-predictions-if-text-changes.html [ Skip ]
+webkit.org/b/272685 [ x86_64 ] imported/w3c/web-platform-tests/svg/painting/reftests/percentage-attribute.svg [ ImageOnlyFailure ]
 
-webkit.org/b/273012 [ Ventura+ x86_64 ] imported/w3c/web-platform-tests/svg/painting/reftests/percentage.svg [ ImageOnlyFailure ]
+webkit.org/b/273012 [ x86_64 ] imported/w3c/web-platform-tests/svg/painting/reftests/percentage.svg [ ImageOnlyFailure ]
 
 webkit.org/b/273905 [ X86_64 ] svg/filters/filter-on-root-tile-boundary.html [ Pass ImageOnlyFailure ]
 
@@ -1792,14 +1756,8 @@ webkit.org/b/258228 [ Sonoma+ Debug ] accessibility/mac/text-input-session-notif
 [ Release x86_64 ] http/tests/webgpu/webgpu/api/operation/memory_sync/texture/same_subresource.html [ Skip ]
 [ Release x86_64 ] http/tests/webgpu/webgpu/api/operation/command_buffer/programmable/state_tracking.html [ Skip ]
 
-webkit.org/b/273613 [ Ventura ] imported/w3c/web-platform-tests/css/css-view-transitions/no-painting-while-render-blocked.html [ Skip ]
-
 webkit.org/b/275913 [ Debug ] imported/w3c/web-platform-tests/media-source/dedicated-worker/mediasource-worker-detach-element.html [ Pass Crash ]
 
-# webkit.org/b/275928 (REGRESSION(280114@main): [ macOS wk2 ] 2 tests in css-view-transitions are constant failure
-[ Ventura ] imported/w3c/web-platform-tests/css/css-view-transitions/input-targets-root-while-render-blocked.html [ Pass Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/css/css-view-transitions/no-raf-while-render-blocked.html [ Pass Failure ]
-
 webkit.org/b/275873 storage/indexeddb/database-transaction-cycle.html [ Pass Failure ]
 
 webkit.org/b/276389 media/video-transformed.html [ Pass Failure ] 
@@ -1847,9 +1805,6 @@ fast/scrolling/mac/scrollbars/scrollbar-state.html [ Failure ]
 [ Sonoma+ Debug ] http/wpt/mediastream/mediastreamtrackprocessor-videoframe-timestamp.html  [ Skip ]
 [ Sonoma+ Debug ] http/wpt/mediasession/voiceActivityDetection.html [ Skip ]
 
-# webkit.org/b/279404 [ Ventura ] http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.https.html is a flaky failure
-[ Ventura ] http/tests/storageAccess/request-and-grant-access-then-navigate-cross-site-should-not-have-access.https.html [ Pass Failure ]
-
 # webkit.org/b/279477 REGRESSION (283102@main?): [macOS iOS wk2 Debug EWS ] ASSERTION FAILED: WebKit::WebPageProxy::startNetworkRequestsForPageLoadTiming(WebCore::FrameIdentifier) result of http/tests/site-isolation/window-open-with-name-cross-site.html to crash
 [ Debug ] http/tests/site-isolation/window-open-with-name-cross-site.html [ Skip ]
 
@@ -1859,9 +1814,6 @@ editing/input/scroll-viewport-page-up-down.html [ Pass Failure ]
 # webkit.org/b/279463 Flaky ASSERTION FAILED: m_clients.contains(client) in VideoTrack::clearClient on imported/w3c/web-platform-tests/media-source/URL-createObjectURL.html
 [ Sonoma Debug arm64 ] imported/w3c/web-platform-tests/media-source/URL-createObjectURL.html [ Pass Crash ]
 
-# webkit.org/b/280037 [ Ventura wk2 ] imported/w3c/web-platform-tests/pointerevents/pointerevent_lostpointercapture_remove_setcapture_node.html is a flaky failure
-[ Ventura ] imported/w3c/web-platform-tests/pointerevents/pointerevent_lostpointercapture_remove_setcapture_node.html [ Pass Failure ]
-
 # webkit.org/b/280413 [ macOS wk2 arm64 ] fast/forms/password-scrolled-after-caps-lock-toggled.html is a flaky failure 
 [ arm64 ] fast/forms/password-scrolled-after-caps-lock-toggled.html  [ Pass Failure ]
 
@@ -1872,9 +1824,6 @@ editing/input/scroll-viewport-page-up-down.html [ Pass Failure ]
 [ Sequoia+ arm64 Release ] http/tests/resourceLoadStatistics/prune-statistics.html [ Pass Failure ] 
 [ Sequoia+ arm64 Release ] http/tests/resourceLoadStatistics/remove-website-data-for-origin-deletes-link-decoration.html [ Pass Failure ]
 
-# webkit.org/b/280728 [ Ventura wk2 ] imported/w3c/web-platform-tests/screen-orientation/active-lock.html is a flaky failure.
-[ Ventura ] imported/w3c/web-platform-tests/screen-orientation/active-lock.html [ Pass Failure ]
-
 # webkit.org/b/280832 [ Sequoia wk2 ] http/wpt/prefetch/link-prefetch-cross-origin-vary-cookie.html is a constant failure.
 [ Sequoia+ ] http/wpt/prefetch/link-prefetch-cross-origin-vary-cookie.html [ Failure ]
 
@@ -1912,9 +1861,6 @@ webkit.org/b/282726 http/tests/media/fairplay/legacy-fairplay-hls.html [ Failure
 [ Sequoia+ ] http/tests/cookies/same-site/fetch-in-cross-origin-service-worker.html [ Failure ]
 [ Sequoia+ ] http/tests/cookies/same-site/popup-cross-site-post.html [ Failure ]
 
-# webkit.org/b/282665 [Ventura wk2] imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/setting-timeline.tentative.html is a flaky failure
-[ Ventura ] imported/w3c/web-platform-tests/scroll-animations/scroll-timelines/setting-timeline.tentative.html [ Pass Failure ]
-
 # webkit.org/b/282126 NEW TEST [ Sequoia+ x86_64 ] 5 swipe layout tests are timing due to "Timed out waiting for notifyDone to be called"
 swipe/main-frame-pinning-requirement.html [ Failure Timeout ]
 
@@ -1932,9 +1878,9 @@ webkit.org/b/284190 [ Sequoia+ ] imported/w3c/web-platform-tests/html/cross-orig
 webkit.org/b/284492 [ Sequoia+ ] imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html [ Failure ]
 webkit.org/b/284492 [ Sequoia+ ] imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html [ Failure ]
 
-webkit.org/b/232282 [ Ventura+ ] fast/scrolling/mac/scrollbars/overlay-scrollbar-hovered.html [ Pass Failure ]
+webkit.org/b/232282 fast/scrolling/mac/scrollbars/overlay-scrollbar-hovered.html [ Pass Failure ]
 
-webkit.org/b/285033 [ Ventura+ ] http/tests/download/sandboxed-iframe-download-not-allowed.html [ Pass Failure ]
+webkit.org/b/285033 http/tests/download/sandboxed-iframe-download-not-allowed.html [ Pass Failure ]
 
 # webkit.org/b/288409 [ MacOS iOS ] 3x imported/w3c/web-platform-tests/navigation-api/navigation are consistent failures 
 imported/w3c/web-platform-tests/navigation-api/navigation-activation/activation-traverse-not-in-entries.html [ Failure ]
@@ -1942,8 +1888,8 @@ imported/w3c/web-platform-tests/navigation-api/navigation-methods/disambigaute-f
 imported/w3c/web-platform-tests/navigation-api/navigation-methods/disambigaute-traverseTo-forward-multiple.html [ Failure ]
 
 # webkit.org/b/280415 [ Sequoia wk2 release arm64 ] 2x fast/selectors/* are flaky image only failures.
-[ Ventura+ arm64 ] fast/selectors/selection-window-inactive-stroke-color.html [ Pass ImageOnlyFailure ]
-[ Ventura+ arm64 ] fast/selectors/text-field-selection-stroke-color.html [ Pass ImageOnlyFailure ]
+[ arm64 ] fast/selectors/selection-window-inactive-stroke-color.html [ Pass ImageOnlyFailure ]
+[ arm64 ] fast/selectors/text-field-selection-stroke-color.html [ Pass ImageOnlyFailure ]
 
 webkit.org/b/286371 [ Sequoia Release x86_64 ] webrtc/captureCanvas-webrtc-software-h264-high.html [ Failure ]
 
@@ -1955,7 +1901,7 @@ webkit.org/b/287040 [ Sonoma arm64 ] fast/webgpu/ftoi.html [ Skip ]
 
 webkit.org/b/286653 [ Sequoia ] pdf/images/jpeg2000-embed-pdf.html [ Pass Failure ]
 
-webkit.org/b/287122 [ Ventura+ ] imported/w3c/web-platform-tests/html/capability-delegation/delegate-fullscreen-request-subframe-same-origin.https.tentative.html [ Pass Failure ]
+webkit.org/b/287122 imported/w3c/web-platform-tests/html/capability-delegation/delegate-fullscreen-request-subframe-same-origin.https.tentative.html [ Pass Failure ]
 
 # rdar://141631699 ([ macOS wk2 arm64 ] Multiple fast/webgpu/* tests are causing testing instability.)
 [ arm64 ] fast/webgpu/regression/repro_283595-for.html [ Skip ]
@@ -2000,9 +1946,11 @@ webkit.org/b/288026 [ Sonoma+ Release ] imported/w3c/web-platform-tests/css/css-
 webkit.org/b/288006 http/tests/dom/noreferrer-window-not-targetable.html [ Failure ]
 
 # webkit.org/b/287679 REGRESSION(289499@main):[macOS Debug ] imported/w3c/web-platform-tests/css/selectors/invalidation/modal-pseudo-class-in-has.html is flaky (failure in EWS)
-[ Debug ] imported/w3c/web-platform-tests/css/selectors/invalidation/modal-pseudo-class-in-has.html [ Pass Failure ]
-[ Debug ] imported/w3c/web-platform-tests/screen-orientation/fullscreen-interactions.html [ Pass Failure ]
-[ Debug ] imported/w3c/web-platform-tests/screen-orientation/lock-basic.html [ Pass Failure ]
+imported/w3c/web-platform-tests/css/selectors/invalidation/modal-pseudo-class-in-has.html [ Pass Failure ]
+imported/w3c/web-platform-tests/screen-orientation/fullscreen-interactions.html [ Pass Failure ]
+imported/w3c/web-platform-tests/screen-orientation/lock-basic.html [ Pass Failure ]
+imported/w3c/web-platform-tests/css/selectors/invalidation/fullscreen-pseudo-class-in-has.html [ Pass Failure ]
+imported/w3c/web-platform-tests/screen-orientation/orientation-reading.html [ Pass Failure ]
 
 webkit.org/b/288025 http/wpt/mediarecorder/MediaRecorder-AV-audio-video-dataavailable.html [ Pass Failure ]
 
@@ -2014,9 +1962,6 @@ webkit.org/b/288043 [ Release ] inspector/canvas/create-context-bitmaprenderer.h
  
 webkit.org/b/288053 imported/w3c/web-platform-tests/fetch/http-cache/invalidate.any.serviceworker.html [ Pass Failure ]
 
-webkit.org/b/288118 imported/w3c/web-platform-tests/css/selectors/invalidation/fullscreen-pseudo-class-in-has.html [ Pass Failure ]
-webkit.org/b/288118 imported/w3c/web-platform-tests/screen-orientation/orientation-reading.html [ Pass Failure ]
-
 webkit.org/b/288119 imported/w3c/web-platform-tests/preload/preload-type-match.html [ Pass Failure ]
 
 webkit.org/b/288120 [ Sonoma+ Release ] fast/animation/request-animation-frame-throttling-lowPowerMode.html [ Pass Failure ]
diff --git a/LayoutTests/platform/mac/TestExpectations b/LayoutTests/platform/mac/TestExpectations
index 725d6b903dcfb..059c2e165ceb9 100644
--- a/LayoutTests/platform/mac/TestExpectations
+++ b/LayoutTests/platform/mac/TestExpectations
@@ -74,9 +74,6 @@ media/media-source/remoteplayback-from-source-element.html [ Pass ]
 # Individually failing tests should be marked in separate expectations.
 [ Sonoma+ ] imported/w3c/web-platform-tests/css/css-text/word-break/auto-phrase [ Pass ]
 
-# Variable size packet is only supported on Sonoma and later.
-[ Ventura ] media/media-webm-opus-variable-length.html [ Failure ]
-
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific directories.
 #//////////////////////////////////////////////////////////////////////////////////////////
@@ -208,8 +205,6 @@ fast/images/animated-webp-expected.html
 
 # This test is highly time dependent on when a MediaStream will start. Failure is expected some time, but should pass most of the time.
 http/wpt/mediarecorder/MediaRecorder-first-frame.html [ Pass Failure ]
-# MediaRecorder Opus in MP4 is supported on Sonoma and later
-[ Ventura ] http/wpt/mediarecorder/MediaRecorder-audio-bitrate-mp4-opus.html [ Failure ]
 
 # DRT does not support toggling caret browsing on / off
 editing/selection/caret-mode-paragraph-keys-navigation.html
@@ -672,8 +667,6 @@ mathml/presentation/fenced-mi.html [ Pass ImageOnlyFailure ]
 # rdar://88981242 ([ Ventura ] media/accessibility-describes-video.html is a constant timeout)
 media/accessibility-describes-video.html [ Timeout ]
 
-# rdar://92286809 ([ Ventura ] 4x editing/spelling (layout-tests) Are constant timeouts)
-
 #rdar://92833592 ([ Ventura ] 4x imported/w3c/web-platform-tests/webrtc-encoded-transform/ are flaky text failures)
 imported/w3c/web-platform-tests/webrtc-encoded-transform/script-metadata-transform.https.html [ Pass Failure ]
 imported/w3c/web-platform-tests/webrtc-encoded-transform/script-transform.https.html [ Pass Failure ]
@@ -744,7 +737,6 @@ webkit.org/b/161725 imported/w3c/web-platform-tests/media-source/mediasource-seq
 webkit.org/b/161725 imported/w3c/web-platform-tests/media-source/mediasource-sourcebuffer-mode-timestamps.html [ Skip ]
 webkit.org/b/161725 imported/w3c/web-platform-tests/media-source/mediasource-sourcebuffer-mode.html [ Skip ]
 webkit.org/b/214166 imported/w3c/web-platform-tests/media-source/idlharness.window.html [ Skip ]
-webkit.org/b/263413 [ Ventura+ ] media/media-source/media-source-first-sample-pts-non-zero-canplay-without-renderer.html [ Timeout ]
 
 # Requires WebM
 imported/w3c/web-platform-tests/media-source/mediasource-config-change-webm-a-bitrate.html [ Skip ]
@@ -1541,9 +1533,6 @@ webkit.org/b/209072 [ Debug ] http/tests/css/shared-stylesheet-mutation-preconst
 
 webkit.org/b/207150 platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html [ Pass Failure Timeout ]
 
-# The line breaking rules changed in ICU 66. We've updated the tests to match, but old platforms won't get updated line breaking rules.
-[ Ventura ] imported/w3c/web-platform-tests/css/css-text/line-breaking/line-breaking-023.html [ ImageOnlyFailure ]
-
 webkit.org/b/207858 fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html [ Skip ]
 
 webkit.org/b/209619 compositing/clipping/border-radius-async-overflow-stacking.html [ Pass ImageOnlyFailure ]
@@ -1840,7 +1829,7 @@ webkit.org/b/226050 imported/w3c/web-platform-tests/IndexedDB/blob-valid-before-
 
 webkit.org/b/231328 http/tests/preload/onload_event.html [ Pass Failure ]
 
-webkit.org/b/271732 [ Ventura+ ] http/tests/workers/service/openwindow-from-notification-click.html [ Pass Failure Crash ]
+webkit.org/b/271732 http/tests/workers/service/openwindow-from-notification-click.html [ Pass Failure Crash ]
 
 webkit.org/b/215335 [ Release ] webanimations/css-transition-retargeting-during-ready-promise.html [ Pass Failure ]
 
@@ -2015,32 +2004,22 @@ imported/w3c/web-platform-tests/websockets/cookies/007.html?wss&wpt_flags=https
 
 #webkit.org/b/248537 Batch mark expectations for Ventura test failures
 imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/autoplay-disabled-by-feature-policy.https.sub.html [ Pass Failure ]
-imported/w3c/web-platform-tests/web-animations/interfaces/Animation/onremove.html [ Pass Failure ]
-[ Ventura+ x86_64 ] imported/w3c/web-platform-tests/html/canvas/element/manual/wide-gamut-canvas/canvas-display-p3-drawImage-video.html [ Pass Failure Timeout ]
-[ Ventura+ x86_64 ] http/tests/media/now-playing-info.html [ Pass Failure ]
-[ x86_64 ] animations/stop-animation-on-suspend.html [ Pass Failure ]
-fast/images/animated-avif.html [ Pass ImageOnlyFailure Timeout Crash ]
-[ Ventura+ ] animations/animation-events-not-cancelable.html [ Pass Failure ]
-css3/scroll-snap/scroll-padding-mainframe-paging.html [ Pass Failure ]
-css3/scroll-snap/scroll-padding-overflow-paging.html [ Pass Failure ]
-[ Ventura+ ] fast/events/before-unload-navigate-different-window.html [ Pass Failure ]
-http/tests/media/fairplay/fps-mse-unmuxed-key-rotation.html [ Pass Failure ]
+animations/stop-animation-on-suspend.html [ Pass Failure ]
+fast/images/animated-avif.html [ ImageOnlyFailure ]
+http/tests/media/fairplay/fps-mse-unmuxed-key-rotation.html [ Failure ]
 [ x86_64 ] imported/w3c/web-platform-tests/html/canvas/element/manual/wide-gamut-canvas/canvas-display-p3-drawImage-ImageBitmap-video.html [ Pass Failure Timeout ]
-[ Ventura+ x86_64 ] imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_go_undefined.html [ Pass Failure ]
-[ x86_64 ] imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-security-check-failure.sub.html [ Pass Failure ]
+[ Debug ] imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-security-check-failure.sub.html [ Pass Failure ]
 imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/autoplay-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html [ Pass Failure ]
-[ Ventura+ ] fast/text/synthetic-bold-transformed.html [ Pass ImageOnlyFailure ]
-[ x86_64 ] js/promises-tests/promises-tests-2-3-3.html [ Pass Timeout ]
-[ Ventura+ ] editing/execCommand/delete-non-editable-range-crash.html [ Pass Timeout ]
+fast/text/synthetic-bold-transformed.html [ Pass ImageOnlyFailure ]
+[ x86_64 Debug ] js/promises-tests/promises-tests-2-3-3.html [ Pass Timeout ]
+[ Debug ] editing/execCommand/delete-non-editable-range-crash.html [ Pass Timeout ]
 
 webkit.org/b/254637 fast/text/web-font-load-invisible-during-loading.html [ Pass Failure ]
 
 webkit.org/b/242804 media/track/track-forced-subtitles-in-band.html [ Pass Failure ]
 
-webkit.org/b/251099 [ Ventura+ ] fast/images/avif-image-document.html [ Pass Crash ]
-
-# AVIF overlay images are only supported on macOS and iOS post Ventura.
-[ Ventura+ ] fast/images/image-overlay-mutiple-frames.html [ Pass ImageOnlyFailure ]
+# FIXME: needs new bug
+webkit.org/b/245099 fast/images/image-overlay-mutiple-frames.html [ ImageOnlyFailure ]
 
 http/wpt/service-workers/basic-fetch-with-contentfilter-allow-after-adding-data.html [ Pass ]
 http/wpt/service-workers/basic-fetch-with-contentfilter.https.html [ Pass ]
@@ -2055,17 +2034,13 @@ webkit.org/b/254044 imported/w3c/web-platform-tests/feature-policy/reporting/xr-
 
 webkit.org/b/237415 webgl/1.0.x/conformance/rendering/clipping-wide-points.html [ Pass Failure ]
 
-# webkit.org/b/255178 [ Ventura iOS arm64 ] 3X imported/w3c/web-platform-tests/css/css-color/parsing (layout-tests) are constant text failures
-[ Ventura x86_64 ] imported/w3c/web-platform-tests/css/css-color/parsing/color-valid-relative-color.html [ Failure ]
-
 # color float value is rounded differently on x86
 [ x86_64 ] imported/w3c/web-platform-tests/css/css-color/parsing/color-computed-color-mix-function.html [ Failure ]
 
 # webkit.org/b/255427 [ Ventura ] 4/13 batch mark expectations and branch bugs
-[ Ventura+ arm64 ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioparam-interface/k-rate-audiobuffersource-connections.html [ Failure ]
-[ Ventura+ arm64 ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioparam-interface/k-rate-dynamics-compressor-connections.html [ Failure ]
-[ Ventura+ arm64 ] webaudio/ScriptProcessor/scriptprocessor-offlineaudiocontext.html [ Failure ]
-[ Ventura+ x86_64 ] fast/shrink-wrap/rect-shrink-wrap.html [ Pass ImageOnlyFailure ]
+[ arm64 ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioparam-interface/k-rate-audiobuffersource-connections.html [ Failure ]
+[ arm64 ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioparam-interface/k-rate-dynamics-compressor-connections.html [ Failure ]
+[ arm64 ] webaudio/ScriptProcessor/scriptprocessor-offlineaudiocontext.html [ Failure ]
 
 # webkit.org/b/275963 -- these tests have slight differences on x86_64 and arm64
 # they've been re-baselined to pass on arm64, so we expect failure on x86_64
@@ -2073,8 +2048,6 @@ webkit.org/b/237415 webgl/1.0.x/conformance/rendering/clipping-wide-points.html
 [ x86_64 ] svg/W3C-SVG-1.1/metadata-example-01-b.svg [ Failure ]
 [ x86_64 ] svg/custom/use-on-symbol-inside-pattern.svg [ Failure ]
 
-webkit.org/b/255788 [ Ventura+ Debug ] tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-async-overflow.html [ Skip ]
-
 webkit.org/b/256108 media/video-audio-session-mode.html [ Failure ]
 
 webkit.org/b/258181 [ Debug ] inspector/debugger/async-stack-trace-truncate.html [ Slow Failure ]
@@ -2094,22 +2067,10 @@ webkit.org/b/259712 media/media-source/media-source-paint-after-display-none.htm
 
 webkit.org/b/259190 http/tests/images/heic-as-heif.html [ Pass ImageOnlyFailure ]
 
-webkit.org/b/260224 [ Ventura ] compositing/geometry/clipped-out-perspective.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] compositing/overlap-blending/opacity-and-infinity.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/perspective-split-by-zero-w.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/preserve3d-and-filter-with-perspective.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/preserve3d-pseudo-element.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/transform-table-009.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/transform-table-010.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/transform-table-011.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/transform3d-preserve3d-011.html [ ImageOnlyFailure ]
-webkit.org/b/260224 [ Ventura ] imported/w3c/web-platform-tests/css/css-transforms/transform3d-preserve3d-014.html [ ImageOnlyFailure ]
-
 webkit.org/b/130490 media/video-remote-control-playpause.html [ Pass Timeout Crash ]
 
-webkit.org/b/260529 [ Ventura+ x86_64 ] animations/suspend-resume-animation-events.html [ Pass Failure ]
 # rdar://102494267 ([ New Test ] (248203@main): [ Sonoma ] http/tests/media/hls/track-in-band-hls-metadata-cue-duration.html is a consistent failure)
-[ Ventura+ ] http/tests/media/hls/track-in-band-hls-metadata-cue-duration.html [ Failure ]
+http/tests/media/hls/track-in-band-hls-metadata-cue-duration.html [ Failure ]
 
 
 # rdar://100422705 ([ macOS iOS16 ] fast/text/system-font-fallb ack.html is a constant failure (245686))
@@ -2337,9 +2298,6 @@ imported/w3c/web-platform-tests/fetch/metadata/generated/element-meta-refresh.op
 imported/w3c/web-platform-tests/fetch/metadata/generated/form-submission.sub.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/metadata/generated/window-location.sub.html [ Skip ]
 
-[ Ventura ] imported/w3c/web-platform-tests/css/css-view-transitions/window-resize-aborts-transition.html [ Failure ]
-[ Ventura ] imported/w3c/web-platform-tests/css/css-view-transitions/navigation/hide-before-reveal.html [ Failure ]
-
 # rdar://129424261 (REGRESSION (279443@main): [ Sonoma Release ] WindowServer watchdog timeout on Intel machine)
 [ Release arm64 ] http/tests/webgpu/webgpu [ Skip ]
 
@@ -2391,13 +2349,6 @@ imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/
 [ Sequoia arm64 ] http/tests/media/fairplay/fps-mse-unmuxed-same-key.html [ Failure ]
 http/tests/media/fairplay/fps-mse-multi-key-renewal.html [ Pass Failure ] 
 
-# webkit.org/b/284075 Opus decoder isn't working with raw content (no magic cookie provided)
-[ Ventura ] imported/w3c/web-platform-tests/webcodecs/audioDecoder-codec-specific.https.any.html?opus [ Skip ]
-[ Ventura ] imported/w3c/web-platform-tests/webcodecs/audioDecoder-codec-specific.https.any.worker.html?opus [ Skip ]
-
-# Ventura doesn't support resampling when encoding to Opus, causing the test to fail.
-[ Ventura ] imported/w3c/web-platform-tests/webcodecs/audio-encoder.https.any.html [ Failure ]
-
 webkit.org/b/257011 imported/w3c/web-platform-tests/css/css-text/hyphens/hyphenate-character-002.html [ ImageOnlyFailure ]
 
 # webkit.org/b/280646 [macOS Debug EWS] media/video-webkit-playsinline.html is a flaky crash
@@ -2419,7 +2370,7 @@ webanimations/scroll-timeline-clamped-current-time-while-rubber-banding-mac.html
 media/webkit-media-controls-not-visible-after-exiting-fullscreen.html [ Pass ]
 
 # Modern AVContentKeySession is only available on Sonoma
-[ Ventura Sonoma ] http/tests/media/fairplay/legacy-fairplay-mse-muxed-nowait.html [ Skip ]
+[ Sonoma ] http/tests/media/fairplay/legacy-fairplay-mse-muxed-nowait.html [ Skip ]
 
 # webkit.org/b/280304 [ Sequoia ] fast/ruby/ruby-expansion-cjk-4.html is a constant image only failure.
 [ Sequoia ] fast/ruby/ruby-expansion-cjk-4.html [ ImageOnlyFailure ]
@@ -2433,11 +2384,11 @@ inspector/worker/console-basic-subworker.html [ Skip ]
 
 webkit.org/b/284082 [ Sequoia+ ] http/tests/media/fairplay/legacy-fairplay-mse-muxed-nowait.html [ Timeout Failure ]
 
-webkit.org/b/284597 [ Ventura+ ] http/tests/misc/repeat-open-cancel.html [ Slow ]
+webkit.org/b/284597 http/tests/misc/repeat-open-cancel.html [ Slow ]
 
-webkit.org/b/284653 [ Ventura+ ] http/tests/site-isolation/compositing/iframes/resize-from-zero-size.html [ Pass Failure ]
+webkit.org/b/284653 http/tests/site-isolation/compositing/iframes/resize-from-zero-size.html [ Pass Failure ]
 
-webkit.org/b/285954 [ Ventura+ Debug ] inspector/worker/runtime-basic-subworker.html [ Pass Crash ]
+webkit.org/b/285954 [ Debug ] inspector/worker/runtime-basic-subworker.html [ Pass Crash ]
 
 webkit.org/b/286039 imported/w3c/web-platform-tests/scroll-to-text-fragment/scroll-to-text-fragment.html [ Pass Failure ]
 

From 785a4e3b033dd4e0c483fa961891d1e461123ff1 Mon Sep 17 00:00:00 2001
From: Jamie <hello@itsjamie.dev>
Date: Mon, 24 Feb 2025 10:14:43 -0800
Subject: [PATCH 136/174] [GTK] Create WebKitWebExtension
 https://webkit.org/b/285379

Reviewed by Adrian Perez de Castro and Michael Catanzaro.

This creates a GLib API of WebExtension, along with some utility functions needed for Linux-specific pathways.

* Source/WebKit/PlatformGTK.cmake:
* Source/WebKit/Shared/Extensions/glib/WebExtensionUtilitiesGlib.cpp: Copied from Source/WebKit/UIProcess/API/glib/WebKitPrivate.h.
(WebKit::availableScreenScales):
* Source/WebKit/SourcesGTK.txt:
* Source/WebKit/UIProcess/API/glib/WebKitError.cpp:
(webkit_web_extension_error_quark):
* Source/WebKit/UIProcess/API/glib/WebKitError.h.in:
* Source/WebKit/UIProcess/API/glib/WebKitPrivate.cpp:
(toWebKitWebExtensionError):
* Source/WebKit/UIProcess/API/glib/WebKitPrivate.h:
* Source/WebKit/UIProcess/API/glib/WebKitWebExtension.cpp: Added.
(webkit_web_extension_class_init):
(webkitWebExtensionCreate):
(webkitWebExtensionCreateWithBytes):
(webkit_web_extension_get_manifest_version):
(webkit_web_extension_supports_manifest_version):
(webkit_web_extension_get_default_locale):
(webkit_web_extension_get_display_name):
(webkit_web_extension_get_display_short_name):
(webkit_web_extension_get_display_version):
(webkit_web_extension_get_display_description):
(webkit_web_extension_get_display_action_label):
(webkit_web_extension_get_icon):
(webkit_web_extension_get_action_icon):
(webkit_web_extension_get_version):
(webkit_web_extension_get_requested_permissions):
(webkit_web_extension_get_optional_permissions):
(webkit_web_extension_get_requested_permission_match_patterns):
(webkit_web_extension_get_optional_permission_match_patterns):
(webkit_web_extension_get_all_requested_match_patterns):
(webkit_web_extension_get_has_background_content):
(webkit_web_extension_get_has_service_worker_background_content):
(webkit_web_extension_get_has_modular_background_content):
(webkit_web_extension_get_has_persistent_background_content):
(webkit_web_extension_get_has_injected_content):
(webkit_web_extension_get_has_options_page):
(webkit_web_extension_get_has_override_new_tab_page):
(webkit_web_extension_get_has_commands):
(webkit_web_extension_get_has_content_modification_rules):
* Source/WebKit/UIProcess/API/glib/WebKitWebExtension.h.in: Added.
* Source/WebKit/UIProcess/API/glib/WebKitWebExtensionInternal.h: Added.
* Source/WebKit/UIProcess/API/glib/webkit.h.in:
* Source/WebKit/UIProcess/Extensions/WebExtension.cpp:
* Source/WebKit/UIProcess/Extensions/WebExtension.h:
(WebKit::WebExtension::WebExtension):
* Source/WebKit/UIProcess/Extensions/gtk/WebExtensionGtk.cpp: Added.
(WebKit::WebExtension::WebExtension):
(WebKit::WebExtension::resourceDataForPath):
(WebKit::WebExtension::recordError):
(WebKit::WebExtension::iconForPath):
(WebKit::WebExtension::bestIcon):
* Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp: Added.
(testDisplayStringParsing):
(testDefaultLocaleParsing):
(testDisplayStringParsingWithLocalization):
(testActionParsing):
(testContentScriptsParsing):
(testPermissionsParsing):
(testBackgroundParsing):
(testBackgroundPreferredEnvironmentParsing):
(testOptionsPageParsing):
(testURLOverridesParsing):
(testContentSecurityPolicyParsing):
(testWebAccessibleResourcesV2):
(testWebAccessibleResourcesV3):
(testCommandsParsing):
(testDeclarativeNetRequestParsing):
(testExternallyConnectableParsing):
(beforeAll):
(afterAll):
* Tools/TestWebKitAPI/glib/CMakeLists.txt:
* Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp: Copied from Source/WebKit/UIProcess/API/glib/WebKitPrivate.h.
(TestWebKitAPI::Util::makePNGData):
* Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.h: Copied from Source/WebKit/UIProcess/API/glib/WebKitPrivate.h.

Canonical link: https://commits.webkit.org/290957@main
---
 Source/WebCore/platform/graphics/Icon.h       |    4 +-
 .../WebCore/platform/graphics/gtk/IconGtk.cpp |    6 +-
 Source/WebKit/PlatformGTK.cmake               |    1 +
 Source/WebKit/Shared/API/APIData.h            |   14 +
 .../gtk/WebExtensionUtilitiesGtk.cpp          |   60 +
 Source/WebKit/SourcesGTK.txt                  |    5 +
 .../WebKit/UIProcess/API/glib/WebKitError.cpp |   16 +
 .../UIProcess/API/glib/WebKitError.h.in       |   36 +-
 .../UIProcess/API/glib/WebKitPrivate.cpp      |   29 +
 .../WebKit/UIProcess/API/glib/WebKitPrivate.h |    1 +
 .../UIProcess/API/glib/WebKitWebExtension.cpp | 1156 +++++++++++++++++
 .../API/glib/WebKitWebExtension.h.in          |  113 ++
 .../API/glib/WebKitWebExtensionInternal.h     |   37 +
 Source/WebKit/UIProcess/API/glib/webkit.h.in  |    1 +
 .../UIProcess/Extensions/WebExtension.h       |    2 +
 .../Extensions/gtk/WebExtensionGtk.cpp        |  207 +++
 .../WebKitGLib/TestWebKitWebExtension.cpp     | 1122 ++++++++++++++++
 Tools/TestWebKitAPI/glib/CMakeLists.txt       |    2 +
 .../glib/WebKitGLib/WebExtensionUtilities.cpp |   59 +
 .../glib/WebKitGLib/WebExtensionUtilities.h   |   46 +
 20 files changed, 2911 insertions(+), 6 deletions(-)
 create mode 100644 Source/WebKit/Shared/Extensions/gtk/WebExtensionUtilitiesGtk.cpp
 create mode 100644 Source/WebKit/UIProcess/API/glib/WebKitWebExtension.cpp
 create mode 100644 Source/WebKit/UIProcess/API/glib/WebKitWebExtension.h.in
 create mode 100644 Source/WebKit/UIProcess/API/glib/WebKitWebExtensionInternal.h
 create mode 100644 Source/WebKit/UIProcess/Extensions/gtk/WebExtensionGtk.cpp
 create mode 100644 Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp
 create mode 100644 Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp
 create mode 100644 Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.h

diff --git a/Source/WebCore/platform/graphics/Icon.h b/Source/WebCore/platform/graphics/Icon.h
index e0cc1d8710a99..4dae0d69d9559 100644
--- a/Source/WebCore/platform/graphics/Icon.h
+++ b/Source/WebCore/platform/graphics/Icon.h
@@ -67,7 +67,7 @@ class Icon : public RefCounted<Icon> {
 #endif
 
 #if PLATFORM(GTK)
-    WEBCORE_EXPORT static RefPtr<Icon> create(GIcon*);
+    WEBCORE_EXPORT static RefPtr<Icon> create(GRefPtr<GIcon>&&);
 
     GIcon* icon() const { return m_icon.get(); };
 #endif
@@ -92,7 +92,7 @@ class Icon : public RefCounted<Icon> {
     Icon(HICON);
     HICON m_hIcon;
 #elif PLATFORM(GTK)
-    explicit Icon(GIcon*);
+    explicit Icon(GRefPtr<GIcon>&&);
     GRefPtr<GIcon> m_icon;
 #endif
 };
diff --git a/Source/WebCore/platform/graphics/gtk/IconGtk.cpp b/Source/WebCore/platform/graphics/gtk/IconGtk.cpp
index ba9461b0278e3..adb1f0515e1bb 100644
--- a/Source/WebCore/platform/graphics/gtk/IconGtk.cpp
+++ b/Source/WebCore/platform/graphics/gtk/IconGtk.cpp
@@ -35,7 +35,7 @@
 
 namespace WebCore {
 
-Icon::Icon(GIcon* icon)
+Icon::Icon(GRefPtr<GIcon>&& icon)
     : m_icon(icon)
 {
 }
@@ -44,12 +44,12 @@ Icon::~Icon()
 {
 }
 
-RefPtr<Icon> Icon::create(GIcon* icon)
+RefPtr<Icon> Icon::create(GRefPtr<GIcon>&& icon)
 {
     if (!icon)
         return nullptr;
 
-    return adoptRef(new Icon(icon));
+    return adoptRef(new Icon(WTFMove(icon)));
 }
 
 void Icon::paint(GraphicsContext&, const FloatRect&)
diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
index 2f33b1c02a7d0..d757c6b37930e 100644
--- a/Source/WebKit/PlatformGTK.cmake
+++ b/Source/WebKit/PlatformGTK.cmake
@@ -186,6 +186,7 @@ set(WebKitGTK_HEADER_TEMPLATES
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitUserMediaPermissionRequest.h.in
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitUserMessage.h.in
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitWebContext.h.in
+    ${WEBKIT_DIR}/UIProcess/API/glib/WebKitWebExtension.h.in
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitWebExtensionMatchPattern.h.in
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitWebResource.h.in
     ${WEBKIT_DIR}/UIProcess/API/glib/WebKitWebView.h.in
diff --git a/Source/WebKit/Shared/API/APIData.h b/Source/WebKit/Shared/API/APIData.h
index e5439a9fce4ec..f119f5adee694 100644
--- a/Source/WebKit/Shared/API/APIData.h
+++ b/Source/WebKit/Shared/API/APIData.h
@@ -34,6 +34,12 @@
 #include <wtf/RetainPtr.h>
 #endif
 
+#if PLATFORM(GTK)
+#include <wtf/glib/GRefPtr.h>
+#include <wtf/glib/GSpanExtras.h>
+#include <wtf/glib/WTFGType.h>
+#endif
+
 OBJC_CLASS NSData;
 
 namespace API {
@@ -76,6 +82,14 @@ class Data : public ObjectImpl<API::Object::Type::Data> {
     static Ref<Data> createWithoutCopying(NSData *);
 #endif
 
+#if PLATFORM(GTK)
+    static Ref<Data> createWithoutCopying(GRefPtr<GBytes>&& bytes)
+    {
+        auto span = WTF::span(bytes);
+        return createWithoutCopying(span, [bytes = WTFMove(bytes)] () { });
+    }
+#endif
+
     ~Data()
     {
         m_freeDataFunction();
diff --git a/Source/WebKit/Shared/Extensions/gtk/WebExtensionUtilitiesGtk.cpp b/Source/WebKit/Shared/Extensions/gtk/WebExtensionUtilitiesGtk.cpp
new file mode 100644
index 0000000000000..69279cf1a4d1f
--- /dev/null
+++ b/Source/WebKit/Shared/Extensions/gtk/WebExtensionUtilitiesGtk.cpp
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2024 Igalia, S.L. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "WebExtensionUtilities.h"
+
+#include <gdk/gdk.h>
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+namespace WebKit {
+
+Vector<double> availableScreenScales()
+{
+    Vector<double> screenScales;
+
+    auto* display = gdk_display_get_default();
+
+#if USE(GTK4)
+    auto* monitors = gdk_display_get_monitors(display);
+    unsigned currentMonitor = 0;
+    while (auto* item = g_list_model_get_item(monitors, currentMonitor++)) {
+        auto* monitor = GDK_MONITOR(item);
+        ASSERT(GDK_IS_MONITOR(monitor));
+        screenScales.append(gdk_monitor_get_scale_factor(monitor));
+    }
+#endif
+
+    if (!screenScales.isEmpty())
+        return screenScales;
+
+    // Assume 1x if we got no results. This can happen on headless devices (bots).
+    return { 1.0 };
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Source/WebKit/SourcesGTK.txt b/Source/WebKit/SourcesGTK.txt
index 3c8d209cba714..e29182bab2d75 100644
--- a/Source/WebKit/SourcesGTK.txt
+++ b/Source/WebKit/SourcesGTK.txt
@@ -74,6 +74,8 @@ Shared/API/glib/WebKitURIRequest.cpp @no-unify
 Shared/API/glib/WebKitURIResponse.cpp @no-unify
 Shared/API/glib/WebKitUserMessage.cpp @no-unify
 
+Shared/Extensions/gtk/WebExtensionUtilitiesGtk.cpp
+
 Shared/glib/ArgumentCodersGLib.cpp
 Shared/glib/InputMethodState.cpp
 Shared/glib/ProcessExecutablePathGLib.cpp
@@ -176,6 +178,7 @@ UIProcess/API/glib/WebKitUserContentManager.cpp @no-unify
 UIProcess/API/glib/WebKitUserMediaPermissionRequest.cpp @no-unify
 UIProcess/API/glib/WebKitVersion.cpp @no-unify
 UIProcess/API/glib/WebKitWebContext.cpp @no-unify
+UIProcess/API/glib/WebKitWebExtension.cpp @no-unify
 UIProcess/API/glib/WebKitWebExtensionMatchPattern.cpp @no-unify
 UIProcess/API/glib/WebKitWebResource.cpp @no-unify
 UIProcess/API/glib/WebKitWebResourceLoadManager.cpp @no-unify
@@ -220,6 +223,8 @@ UIProcess/Automation/gtk/WebAutomationSessionGtk.cpp @no-unify
 
 UIProcess/CoordinatedGraphics/DrawingAreaProxyCoordinatedGraphics.cpp
 
+UIProcess/Extensions/gtk/WebExtensionGtk.cpp
+
 UIProcess/Gamepad/gtk/UIGamepadProviderGtk.cpp
 UIProcess/Gamepad/manette/UIGamepadProviderManette.cpp
 
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitError.cpp b/Source/WebKit/UIProcess/API/glib/WebKitError.cpp
index fc408fdeb75da..120802f914927 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitError.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitError.cpp
@@ -112,12 +112,28 @@ GQuark webkit_snapshot_error_quark()
     return g_quark_from_static_string("WebKitSnapshotError");
 }
 
+/**
+ * webkit_web_extension_error_quark:
+ *
+ * Gets the quark for the domain of Web Extension errors.
+ *
+ * Returns: web extension error domain.
+ * 
+ * Since: 2.48
+ */
+GQuark webkit_web_extension_error_quark()
+{
+    return g_quark_from_static_string("WebKitWebExtensionError");
+}
+
 /**
  * webkit_web_extension_match_pattern_error_quark:
  *
  * Gets the quark for the domain of Web Extension Match Pattern errors.
  *
  * Returns: web extension match pattern error domain.
+ * 
+ * Since: 2.48
  */
 GQuark webkit_web_extension_match_pattern_error_quark()
 {
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitError.h.in b/Source/WebKit/UIProcess/API/glib/WebKitError.h.in
index 844c14440b2cb..8d54ba83416d8 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitError.h.in
+++ b/Source/WebKit/UIProcess/API/glib/WebKitError.h.in
@@ -36,7 +36,8 @@ G_BEGIN_DECLS
 #define WEBKIT_JAVASCRIPT_ERROR                  webkit_javascript_error_quark ()
 #define WEBKIT_SNAPSHOT_ERROR                    webkit_snapshot_error_quark ()
 #define WEBKIT_USER_CONTENT_FILTER_ERROR         webkit_user_content_filter_error_quark ()
-#define WEBKIT_WEB_EXTENSION_MATCH_PATTERN_ERROR webkit_web_extension_error_quark ()
+#define WEBKIT_WEB_EXTENSION_ERROR               webkit_web_extension_error_quark ()
+#define WEBKIT_WEB_EXTENSION_MATCH_PATTERN_ERROR webkit_web_extension_match_pattern_error_quark ()
 
 #if PLATFORM(GTK)
 #define WEBKIT_PRINT_ERROR                       webkit_print_error_quark ()
@@ -158,6 +159,34 @@ typedef enum {
     WEBKIT_SNAPSHOT_ERROR_FAILED_TO_CREATE = 799
 } WebKitSnapshotError;
 
+/**
+ * WebKitWebExtensionError:
+ * @WEBKIT_WEB_EXTENSION_ERROR_UNKNOWN: An unknown error occured.
+ * @WEBKIT_WEB_EXTENSION_ERROR_RESOURCE_NOT_FOUND: A specified resource was not found on disk.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_RESOURCE_CODE_SIGNATURE: A resource failed the bundle's code signature checks.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST: An invalid `manifest.json` was encountered.
+ * @WEBKIT_WEB_EXTENSION_ERROR_UNSUPPORTED_MANIFEST_VERSION: The manifest version is not supported.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY: An invalid manifest entry was encountered.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY: An invalid declarative net request entry was encountered.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_BACKGROUND_PERSISTENCE: The extension specified background persistence that was not compatible with the platform or features requested.
+ * @WEBKIT_WEB_EXTENSION_ERROR_INVALID_ARCHIVE: The archive file is invalid or corrupt.
+ *
+ * Enum values used to denote errors happening when parsing a #WebKitWebExtension
+ * 
+ * Since: 2.48
+ */
+typedef enum {
+    WEBKIT_WEB_EXTENSION_ERROR_UNKNOWN = 899,
+    WEBKIT_WEB_EXTENSION_ERROR_RESOURCE_NOT_FOUND = 800,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_RESOURCE_CODE_SIGNATURE = 801,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST = 802,
+    WEBKIT_WEB_EXTENSION_ERROR_UNSUPPORTED_MANIFEST_VERSION = 803,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY = 804,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY = 805,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_BACKGROUND_PERSISTENCE = 806,
+    WEBKIT_WEB_EXTENSION_ERROR_INVALID_ARCHIVE = 807,
+} WebKitWebExtensionError;
+
 /**
  * WebKitWebExtensionMatchPatternError:
  * @WEBKIT_WEB_EXTENSION_MATCH_PATTERN_ERROR_UNKNOWN: An unknown error occured.
@@ -166,6 +195,8 @@ typedef enum {
  * @WEBKIT_WEB_EXTENSION_MATCH_PATTERN_ERROR_INVALID_PATH: The path component was invalid.
  *
  * Enum values used to denote errors happening when creating a #WebKitWebExtensionMatchPattern
+ * 
+ * Since: 2.48
  */
 typedef enum {
     WEBKIT_WEB_EXTENSION_MATCH_PATTERN_ERROR_UNKNOWN = 899,
@@ -227,6 +258,9 @@ webkit_javascript_error_quark                  (void);
 WEBKIT_API GQuark
 webkit_snapshot_error_quark                    (void);
 
+WEBKIT_API GQuark
+webkit_web_extension_error_quark               (void);
+
 WEBKIT_API GQuark
 webkit_web_extension_match_pattern_error_quark (void);
 
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitPrivate.cpp b/Source/WebKit/UIProcess/API/glib/WebKitPrivate.cpp
index 7a00070a9a532..f6ea41e7c7ce3 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitPrivate.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitPrivate.cpp
@@ -31,6 +31,7 @@
 #endif
 
 #if ENABLE(WK_WEB_EXTENSIONS)
+#include "WebExtension.h"
 #include "WebExtensionMatchPattern.h"
 #endif
 
@@ -155,6 +156,34 @@ unsigned toWebKitError(unsigned webCoreError)
 }
 
 #if ENABLE(WK_WEB_EXTENSIONS)
+unsigned toWebKitWebExtensionError(unsigned apiError)
+{
+    auto error = static_cast<WebKit::WebExtension::APIError>(apiError);
+
+    switch (error) {
+    case WebKit::WebExtension::APIError::ResourceNotFound:
+        return WEBKIT_WEB_EXTENSION_ERROR_RESOURCE_NOT_FOUND;
+    case WebKit::WebExtension::APIError::InvalidResourceCodeSignature:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_RESOURCE_CODE_SIGNATURE;
+    case WebKit::WebExtension::APIError::InvalidManifest:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST;
+    case WebKit::WebExtension::APIError::UnsupportedManifestVersion:
+        return WEBKIT_WEB_EXTENSION_ERROR_UNSUPPORTED_MANIFEST_VERSION;
+    case WebKit::WebExtension::APIError::InvalidManifestEntry:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY;
+    case WebKit::WebExtension::APIError::InvalidDeclarativeNetRequestEntry:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY;
+    case WebKit::WebExtension::APIError::InvalidBackgroundPersistence:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_BACKGROUND_PERSISTENCE;
+    case WebKit::WebExtension::APIError::InvalidArchive:
+        return WEBKIT_WEB_EXTENSION_ERROR_INVALID_ARCHIVE;
+    case WebKit::WebExtension::APIError::Unknown:
+        return WEBKIT_WEB_EXTENSION_ERROR_UNKNOWN;
+    }
+
+    return WEBKIT_WEB_EXTENSION_ERROR_UNKNOWN;
+}
+
 unsigned toWebKitWebExtensionMatchPatternError(unsigned apiError)
 {
     auto error = static_cast<WebKit::WebExtensionMatchPattern::Error>(apiError);
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitPrivate.h b/Source/WebKit/UIProcess/API/glib/WebKitPrivate.h
index 7923dcfb84360..1b541f28dc49d 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitPrivate.h
+++ b/Source/WebKit/UIProcess/API/glib/WebKitPrivate.h
@@ -34,6 +34,7 @@ WebKitNavigationType toWebKitNavigationType(WebCore::NavigationType);
 unsigned toWebKitMouseButton(WebKit::WebMouseEventButton);
 unsigned toWebKitError(unsigned webCoreError);
 #if ENABLE(WK_WEB_EXTENSIONS)
+unsigned toWebKitWebExtensionError(unsigned apiError);
 unsigned toWebKitWebExtensionMatchPatternError(unsigned apiError);
 #endif
 unsigned toWebCoreError(unsigned webKitError);
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.cpp
new file mode 100644
index 0000000000000..2db0cf06feb1a
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.cpp
@@ -0,0 +1,1156 @@
+/*
+ * Copyright (C) 2024 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include "config.h"
+#include "WebKitWebExtension.h"
+
+#include "WebExtension.h"
+#include "WebKitError.h"
+#include "WebKitPrivate.h"
+#include "WebKitWebExtensionInternal.h"
+#include "WebKitWebExtensionMatchPatternPrivate.h"
+#include <WebCore/Icon.h>
+#include <wtf/RefPtr.h>
+#include <wtf/glib/WTFGType.h>
+#include <wtf/text/CString.h>
+
+using namespace WebKit;
+
+/**
+ * WebKitWebExtension:
+ *
+ * Represents a [WebExtension](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions).
+ * 
+ * A #WebKitWebExtension object encapsulates a web extension’s
+ * resources that are defined by a [`manifest.json` file](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json).
+ * 
+ * This class handles the reading and parsing of the manifest file
+ * along with the supporting resources like icons and localizations.
+ *
+ * Since: 2.48
+ */
+
+struct _WebKitWebExtensionPrivate {
+#if ENABLE(WK_WEB_EXTENSIONS)
+    RefPtr<WebExtension> extension;
+    CString defaultLocale;
+    CString displayName;
+    CString displayShortName;
+    CString displayVersion;
+    CString displayDescription;
+    CString displayActionLabel;
+    CString version;
+    GRefPtr<GPtrArray> requestedPermissions;
+    GRefPtr<GPtrArray> optionalPermissions;
+#endif
+};
+
+WEBKIT_DEFINE_FINAL_TYPE(WebKitWebExtension, webkit_web_extension, G_TYPE_OBJECT, GObject)
+
+enum {
+    PROP_0,
+    PROP_MANIFEST_VERSION,
+    PROP_DEFAULT_LOCALE,
+    PROP_DISPLAY_NAME,
+    PROP_DISPLAY_SHORT_NAME,
+    PROP_DISPLAY_VERSION,
+    PROP_DISPLAY_DESCRIPTION,
+    PROP_DISPLAY_ACTION_LABEL,
+    PROP_VERSION,
+    PROP_REQUESTED_PERMISSIONS,
+    PROP_OPTIONAL_PERMISSIONS,
+    PROP_HAS_BACKGROUND_CONTENT,
+    PROP_HAS_PERSISTENT_BACKGROUND_CONTENT,
+    PROP_HAS_INJECTED_CONTENT,
+    PROP_HAS_OPTIONS_PAGE,
+    PROP_HAS_OVERRIDE_NEW_TAB_PAGE,
+    PROP_HAS_COMMANDS,
+    PROP_HAS_CONTENT_MODIFICATION_RULES,
+    N_PROPERTIES,
+};
+
+static std::array<GParamSpec*, N_PROPERTIES> properties;
+
+static void webkitWebExtensionGetProperty(GObject* object, guint propId, GValue* value, GParamSpec* paramSpec)
+{
+    WebKitWebExtension* extension = WEBKIT_WEB_EXTENSION(object);
+
+    switch (propId) {
+    case PROP_MANIFEST_VERSION:
+        g_value_set_double(value, webkit_web_extension_get_manifest_version(extension));
+        break;
+    case PROP_DEFAULT_LOCALE:
+        g_value_set_string(value, webkit_web_extension_get_default_locale(extension));
+        break;
+    case PROP_DISPLAY_NAME:
+        g_value_set_string(value, webkit_web_extension_get_display_name(extension));
+        break;
+    case PROP_DISPLAY_SHORT_NAME:
+        g_value_set_string(value, webkit_web_extension_get_display_short_name(extension));
+        break;
+    case PROP_DISPLAY_VERSION:
+        g_value_set_string(value, webkit_web_extension_get_display_version(extension));
+        break;
+    case PROP_DISPLAY_DESCRIPTION:
+        g_value_set_string(value, webkit_web_extension_get_display_description(extension));
+        break;
+    case PROP_DISPLAY_ACTION_LABEL:
+        g_value_set_string(value, webkit_web_extension_get_display_action_label(extension));
+        break;
+    case PROP_VERSION:
+        g_value_set_string(value, webkit_web_extension_get_version(extension));
+        break;
+    case PROP_REQUESTED_PERMISSIONS:
+        g_value_set_boxed(value, webkit_web_extension_get_requested_permissions(extension));
+        break;
+    case PROP_OPTIONAL_PERMISSIONS:
+        g_value_set_boxed(value, webkit_web_extension_get_optional_permissions(extension));
+        break;
+    case PROP_HAS_BACKGROUND_CONTENT:
+        g_value_set_boolean(value, webkit_web_extension_get_has_background_content(extension));
+        break;
+    case PROP_HAS_PERSISTENT_BACKGROUND_CONTENT:
+        g_value_set_boolean(value, webkit_web_extension_get_has_persistent_background_content(extension));
+        break;
+    case PROP_HAS_INJECTED_CONTENT:
+        g_value_set_boolean(value, webkit_web_extension_get_has_injected_content(extension));
+        break;
+    case PROP_HAS_OPTIONS_PAGE:
+        g_value_set_boolean(value, webkit_web_extension_get_has_options_page(extension));
+        break;
+    case PROP_HAS_OVERRIDE_NEW_TAB_PAGE:
+        g_value_set_boolean(value, webkit_web_extension_get_has_override_new_tab_page(extension));
+        break;
+    case PROP_HAS_COMMANDS:
+        g_value_set_boolean(value, webkit_web_extension_get_has_commands(extension));
+        break;
+    case PROP_HAS_CONTENT_MODIFICATION_RULES:
+        g_value_set_boolean(value, webkit_web_extension_get_has_content_modification_rules(extension));
+        break;
+    default:
+        G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
+    }
+}
+
+static void webkit_web_extension_class_init(WebKitWebExtensionClass* klass)
+{
+    GObjectClass* objectClass = G_OBJECT_CLASS(klass);
+    objectClass->get_property = webkitWebExtensionGetProperty;
+
+    /**
+     * WebKitWebExtension:manifest-version:
+     * 
+     * The parsed manifest version of the #WebKitWebExtension.
+     * See webkit_web_extension_get_manifest_version() for more details.
+     *
+     * Since: 2.48
+     */
+    properties[PROP_MANIFEST_VERSION] =
+        g_param_spec_string(
+            "manifest-version",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:default-locale:
+     * 
+     * The default locale for the #WebKitWebExtension.
+     * See webkit_web_extension_get_default_locale() for more details.
+     *
+     * Since: 2.48
+     */
+    properties[PROP_DEFAULT_LOCALE] =
+        g_param_spec_string(
+            "default-locale",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:display-name:
+     * 
+     * The localized name of the #WebKitWebExtension.
+     * See webkit_web_extension_get_display_name() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_DISPLAY_NAME] =
+        g_param_spec_string(
+            "display-name",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:display-short-name:
+     * 
+     * The localized short name of the #WebKitWebExtension.
+     * See webkit_web_extension_get_display_short_name() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_DISPLAY_SHORT_NAME] =
+        g_param_spec_string(
+            "display-short-name",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:display-version:
+     * 
+     * The localized display version of the #WebKitWebExtension.
+     * See webkit_web_extension_get_display_version() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_DISPLAY_VERSION] =
+        g_param_spec_string(
+            "display-version",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:display-description:
+     * 
+     * The localized description of the #WebKitWebExtension.
+     * See webkit_web_extension_get_display_description() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_DISPLAY_DESCRIPTION] =
+        g_param_spec_string(
+            "display-description",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:display-action-label:
+     * 
+     * The localized extension action label of the #WebKitWebExtension.
+     * See webkit_web_extension_get_display_action_label() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_DISPLAY_ACTION_LABEL] =
+        g_param_spec_string(
+            "display-action-label",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:version:
+     * 
+     * The version of the #WebKitWebExtension.
+     * See webkit_web_extension_get_version() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_VERSION] =
+        g_param_spec_string(
+            "version",
+            nullptr, nullptr,
+            nullptr,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:requested-permissions:
+     * 
+     * The set of permissions that the #WebKitWebExtension requires for its base functionality.
+     * See webkit_web_extension_get_requested_permissions() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_REQUESTED_PERMISSIONS] =
+        g_param_spec_boxed(
+            "requested-permissions",
+            nullptr, nullptr,
+            G_TYPE_STRV,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:optional-permissions:
+     * 
+     * The set of permissions that the #WebKitWebExtension may need for optional functionality.
+     * See webkit_web_extension_get_optional_permissions() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_OPTIONAL_PERMISSIONS] =
+        g_param_spec_boxed(
+            "optional-permissions",
+            nullptr, nullptr,
+            G_TYPE_STRV,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-background-content:
+     * 
+     * Whether the #WebKitWebExtension has background content that can run when needed.
+     * See webkit_web_extension_get_has_background_content() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_BACKGROUND_CONTENT] =
+        g_param_spec_boolean(
+            "has-background-content",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-persistent-background-content:
+     * 
+     * Whether the #WebKitWebExtension has background content that stays in memory as long as the extension is loaded.
+     * See webkit_web_extension_get_has_persistent_background_content() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_PERSISTENT_BACKGROUND_CONTENT] =
+        g_param_spec_boolean(
+            "has-persistent-background-content",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-injected-content:
+     * 
+     * Whether the #WebKitWebExtension has script or stylesheet content that can be injected into webpages.
+     * See webkit_web_extension_get_has_injected_content() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_INJECTED_CONTENT] =
+        g_param_spec_boolean(
+            "has-injected-content",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-options-page:
+     * 
+     * Whether the #WebKitWebExtension has an options page.
+     * See webkit_web_extension_get_has_options_page() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_OPTIONS_PAGE] =
+        g_param_spec_boolean(
+            "has-options-page",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-override-new-tab-page:
+     * 
+     * Whether the #WebKitWebExtension provides an alternative to the default new tab page.
+     * See webkit_web_extension_get_has_override_new_tab_page() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_OVERRIDE_NEW_TAB_PAGE] =
+        g_param_spec_boolean(
+            "has-override-new-tab-page",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-commands:
+     * 
+     * Whether the #WebKitWebExtension includes commands that users can invoke.
+     * See webkit_web_extension_get_has_commands() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_COMMANDS] =
+        g_param_spec_boolean(
+            "has-commands",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    /**
+     * WebKitWebExtension:has-content-modification-rules:
+     * 
+     * Whether the #WebKitWebExtension includes rules used for content modification or blocking.
+     * See webkit_web_extension_get_content_modification_rules() for more details.
+     * 
+     * Since: 2.48
+     */
+    properties[PROP_HAS_CONTENT_MODIFICATION_RULES] =
+        g_param_spec_boolean(
+            "has-content-modification-rules",
+            nullptr, nullptr,
+            FALSE,
+            WEBKIT_PARAM_READABLE);
+
+    g_object_class_install_properties(objectClass, properties.size(), properties.data());
+}
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+WebKitWebExtension* webkitWebExtensionCreate(HashMap<String, GRefPtr<GBytes>>&& resources, GError** error)
+{
+    WebExtension::Resources newResources;
+    for (auto& it : resources)
+        newResources.add(it.key, API::Data::createWithoutCopying(WTFMove(it.value)));
+
+    Ref extension = WebKit::WebExtension::create(WTFMove(newResources));
+
+    if (!extension->errors().isEmpty()) {
+        Ref internalError = extension->errors().last();
+        g_set_error(error, webkit_web_extension_error_quark(),
+            toWebKitWebExtensionError(internalError->errorCode()), internalError->localizedDescription().utf8().data(), nullptr);
+    }
+
+    WebKitWebExtension* object = WEBKIT_WEB_EXTENSION(g_object_new(WEBKIT_TYPE_WEB_EXTENSION, nullptr));
+    object->priv->extension = WTFMove(extension);
+    return object;
+}
+
+/**
+ * webkit_web_extension_get_manifest_version:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the parsed manifest version, or `0` if there is no
+ * version specified in the manifest.
+ *
+ * An ``WKWebExtensionErrorUnsupportedManifestVersion`` error will be
+ * reported if the manifest version isn't specified.
+ * 
+ * Returns: the parsed manifest version.
+ * 
+ * Since: 2.48
+ */
+gdouble webkit_web_extension_get_manifest_version(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), 0);
+
+    return extension->priv->extension->manifestVersion();
+}
+
+/**
+ * webkit_web_extension_supports_manifest_version:
+ * @extension: a #WebKitWebExtension
+ * @manifest_version: the version number to check
+ * 
+ * Checks if a manifest version is supported by the extension.
+ * 
+ * Returns: `TRUE` if the extension specified a manifest version
+ * that is greater than or equal to @manifest_version.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_supports_manifest_version(WebKitWebExtension* extension, gdouble manifestVersion)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->supportsManifestVersion(manifestVersion);
+}
+
+/**
+ * webkit_web_extension_get_default_locale:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the default locale for the extension.
+ * 
+ * Returns: (nullable): the default locale, or %NULL if there was no default
+ * locale specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_default_locale(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->defaultLocale.isNull())
+        return priv->defaultLocale.data();
+
+    auto defaultLocale = priv->extension->defaultLocale();
+    if (defaultLocale.isEmpty())
+        return nullptr;
+
+    priv->defaultLocale = defaultLocale.utf8();
+    return priv->defaultLocale.data();
+}
+
+/**
+ * webkit_web_extension_get_display_name:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the localized name for the extension.
+ * 
+ * Returns: (nullable): the localized name, or %NULL if there was no
+ * name specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_display_name(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->displayName.isNull())
+        return priv->displayName.data();
+
+    auto displayName = priv->extension->displayName();
+    if (displayName.isEmpty())
+        return nullptr;
+
+    priv->displayName = displayName.utf8();
+    return priv->displayName.data();
+}
+
+/**
+ * webkit_web_extension_get_display_short_name:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the localized short name for the extension.
+ * 
+ * Returns: (nullable): the localized name, or %NULL if there was no
+ * short name specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_display_short_name(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->displayShortName.isNull())
+        return priv->displayShortName.data();
+
+    auto displayShortName = priv->extension->displayShortName();
+    if (displayShortName.isEmpty())
+        return nullptr;
+
+    priv->displayShortName = displayShortName.utf8();
+    return priv->displayShortName.data();
+}
+
+/**
+ * webkit_web_extension_get_display_version:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the localized display version for the extension.
+ * 
+ * Returns: (nullable): the localized display version, or %NULL if there was no
+ * display version specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_display_version(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->displayVersion.isNull())
+        return priv->displayVersion.data();
+
+    auto displayVersion = priv->extension->displayVersion();
+    if (displayVersion.isEmpty())
+        return nullptr;
+
+    priv->displayVersion = displayVersion.utf8();
+    return priv->displayVersion.data();
+}
+
+/**
+ * webkit_web_extension_get_display_description:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the localized display description for the extension.
+ * 
+ * Returns: (nullable): the localized display description, or %NULL if there
+ * was no display description specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_display_description(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->displayDescription.isNull())
+        return priv->displayDescription.data();
+
+    auto displayDescription = priv->extension->displayDescription();
+    if (displayDescription.isEmpty())
+        return nullptr;
+
+    priv->displayDescription = displayDescription.utf8();
+    return priv->displayDescription.data();
+}
+
+/**
+ * webkit_web_extension_get_display_action_label:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the localized display action label for the extension.
+ * 
+ * This label serves as a default and should be used to represent the extension in contexts like action sheets or toolbars prior to 
+ * the extension being loaded into an extension context.
+ * Once the extension is loaded, use the ``actionForTab:`` API to get the tab-specific label.
+ * 
+ * Returns: (nullable): the localized display action label, or %NULL if there
+ * was no display action label specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_display_action_label(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->displayActionLabel.isNull())
+        return priv->displayActionLabel.data();
+
+    auto displayActionLabel = priv->extension->displayActionLabel();
+    if (displayActionLabel.isEmpty())
+        return nullptr;
+
+    priv->displayActionLabel = displayActionLabel.utf8();
+    return priv->displayActionLabel.data();
+}
+
+/**
+ * webkit_web_extension_get_icon:
+ * @extension: a #WebKitWebExtension
+ * @width: The width to use when looking up the icon.
+ * @height: The height to use when looking up the icon.
+ *
+ * Returns the extension's icon image for the specified size.
+ * This icon should represent the extension in settings or other areas that show the extension.
+ * The returned image will be the best match for the specified size that is available in the extension's
+ * icon set. If no matching icon can be found, the method will return %NULL.
+ * 
+ * Returns: (nullable) (transfer none): the icon image, or %NULL if no icon could be loaded.
+ * 
+ * Since: 2.48
+ */
+GIcon* webkit_web_extension_get_icon(WebKitWebExtension* extension, gdouble width, gdouble height)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    auto icon = priv->extension->icon(WebCore::FloatSize(width, height));
+    if (!icon)
+        return nullptr;
+    return icon->icon();
+}
+
+/**
+ * webkit_web_extension_get_action_icon:
+ * @extension: a #WebKitWebExtension
+ * @width: The width to use when looking up the icon.
+ * @height: The height to use when looking up the icon.
+ *
+ * Returns the extension's default action icon image for the specified size.
+ * This icon serves as a default and should be used to represent the extension in contexts like action sheets or toolbars prior to 
+ * the extension being loaded into an extension context. Once the extension is loaded, use the
+ * ``actionForTab:`` API to get the tab-specific icon.
+ * The returned image will be the best match for the specified size that is available in the extension's action icon set. If no matching icon is available,
+ * the method will fall back to the extension's icon.
+ * 
+ * Returns: (nullable) (transfer none): the icon image, or %NULL if no icon could be loaded.
+ * 
+ * Since: 2.48
+ */
+GIcon* webkit_web_extension_get_action_icon(WebKitWebExtension* extension, gdouble width, gdouble height)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    auto icon = priv->extension->actionIcon(WebCore::FloatSize(width, height));
+    if (!icon)
+        return nullptr;
+    return icon->icon();
+}
+
+/**
+ * webkit_web_extension_get_version:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the version for the extension.
+ * 
+ * Returns: (nullable): the version, or %NULL if there was no
+ * version specified.
+ * 
+ * Since: 2.48
+ */
+const gchar* webkit_web_extension_get_version(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (!priv->version.isNull())
+        return priv->version.data();
+
+    auto version = priv->extension->version();
+    if (version.isEmpty())
+        return nullptr;
+
+    priv->version = version.utf8();
+    return priv->version.data();
+}
+
+/**
+ * webkit_web_extension_get_requested_permissions:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the set of permissions that the extension requires
+ * for its base functionality.
+ * 
+ * Returns: (nullable) (array zero-terminated=1) (transfer none): a
+ * %NULL-terminated array of strings containing permission names,
+ * or %NULL otherwise. This array and its contents are owned by
+ * WebKit and should not be modified or freed.
+ * 
+ * Since: 2.48
+ */
+const gchar* const * webkit_web_extension_get_requested_permissions(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (priv->requestedPermissions)
+        return reinterpret_cast<gchar**>(priv->requestedPermissions->pdata);
+
+    auto requestedPermissions = priv->extension->requestedPermissions();
+    if (!requestedPermissions.size())
+        return nullptr;
+
+    priv->requestedPermissions = adoptGRef(g_ptr_array_new_with_free_func(g_free));
+    for (auto permission : requestedPermissions)
+        g_ptr_array_add(priv->requestedPermissions.get(), g_strdup(permission.utf8().data()));
+    g_ptr_array_add(priv->requestedPermissions.get(), nullptr);
+
+    return reinterpret_cast<gchar**>(priv->requestedPermissions->pdata);
+}
+
+/**
+ * webkit_web_extension_get_optional_permissions:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the set of permissions that the extension may need for
+ * optional functionality. These permissions can be requested
+ * by the extension at a later time.
+ * 
+ * Returns: (nullable) (array zero-terminated=1) (transfer none): a
+ * %NULL-terminated array of strings containing permission names,
+ * or %NULL otherwise. This array and its contents are owned by
+ * WebKit and should not be modified or freed.
+ * 
+ * Since: 2.48
+ */
+const gchar* const * webkit_web_extension_get_optional_permissions(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    WebKitWebExtensionPrivate* priv = extension->priv;
+    if (priv->optionalPermissions)
+        return reinterpret_cast<gchar**>(priv->optionalPermissions->pdata);
+
+    auto optionalPermissions = priv->extension->optionalPermissions();
+    if (!optionalPermissions.size())
+        return nullptr;
+
+    priv->optionalPermissions = adoptGRef(g_ptr_array_new_with_free_func(g_free));
+    for (auto permission : optionalPermissions)
+        g_ptr_array_add(priv->optionalPermissions.get(), g_strdup(permission.utf8().data()));
+    g_ptr_array_add(priv->optionalPermissions.get(), nullptr);
+
+    return reinterpret_cast<gchar**>(priv->optionalPermissions->pdata);
+}
+
+/**
+ * webkit_web_extension_get_requested_permission_match_patterns:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the set of websites that the extension requires access to for its base functionality.
+ *
+ * Returns: (element-type WebKitWebExtensionMatchPattern) (transfer full): a #GList of
+ *    match patterns matching the required websites.
+ * 
+ * Since: 2.48
+ */
+GList* webkit_web_extension_get_requested_permission_match_patterns(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    auto matchPatternSet = extension->priv->extension->requestedPermissionMatchPatterns();
+
+    GList* returnValue = nullptr;
+    for (Ref pattern : matchPatternSet)
+        returnValue = g_list_prepend(returnValue, webkitWebExtensionMatchPatternCreate(pattern));
+
+    return returnValue;
+}
+
+/**
+ * webkit_web_extension_get_optional_permission_match_patterns:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the set of websites that the extension may need access to for optional functionality.
+ * These match patterns can be requested by the extension at a later time.
+ *
+ * Returns: (element-type WebKitWebExtensionMatchPattern) (transfer full): a #GList of
+ *    match patterns matching the optional websites.
+ * 
+ * Since: 2.48
+ */
+GList* webkit_web_extension_get_optional_permission_match_patterns(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    auto matchPatternSet = extension->priv->extension->optionalPermissionMatchPatterns();
+
+    GList* returnValue = nullptr;
+    for (Ref pattern : matchPatternSet)
+        returnValue = g_list_prepend(returnValue, webkitWebExtensionMatchPatternCreate(pattern));
+
+    return returnValue;
+}
+
+/**
+ * webkit_web_extension_get_all_requested_match_patterns:
+ * @extension: a #WebKitWebExtension
+ *
+ * Get the set of websites that the extension requires access to for injected content
+ * and for receiving messages from websites.
+ *
+ * Returns: (element-type WebKitWebExtensionMatchPattern) (transfer full): a #GList of
+ *    match patterns matching all requested websites.
+ * 
+ * Since: 2.48
+ */
+GList* webkit_web_extension_get_all_requested_match_patterns(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), nullptr);
+
+    auto matchPatternSet = extension->priv->extension->allRequestedMatchPatterns();
+
+    GList* returnValue = nullptr;
+    for (Ref pattern : matchPatternSet)
+        returnValue = g_list_prepend(returnValue, webkitWebExtensionMatchPatternCreate(pattern));
+
+    return g_list_reverse(returnValue);
+}
+
+/**
+ * webkit_web_extension_get_has_background_content:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension has background content that can run when needed.
+ * 
+ * Returns: `TRUE` if the extension can run in the background even when no
+ * webpages are open.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_background_content(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasBackgroundContent();
+}
+
+gboolean webkit_web_extension_get_has_service_worker_background_content(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->backgroundContentIsServiceWorker();
+}
+
+gboolean webkit_web_extension_get_has_modular_background_content(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->backgroundContentUsesModules();
+}
+
+/**
+ * webkit_web_extension_get_has_persistent_background_content:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension has background content that stays in memory as long
+ * as the extension is loaded.
+ * 
+ * Returns: `TRUE` if the extension can run in the background.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_persistent_background_content(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->backgroundContentIsPersistent();
+}
+
+/**
+ * webkit_web_extension_get_has_injected_content:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension has script or stylesheet content
+ * that can be injected into webpages.
+ * 
+ * Once the extension is loaded, use the ``hasInjectedContent``
+ * property on an extension context, as the injectable content
+ * can change after the extension is loaded.
+ * 
+ * Returns: `TRUE` if the extension has content that can be
+ * injected by matching against the extension's
+ * requested match patterns.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_injected_content(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasStaticInjectedContent();
+}
+
+/**
+ * webkit_web_extension_get_has_options_page:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension has an options page.
+ * 
+ * The app should provide access to this page through a
+ * user interface element, which can be accessed via
+ * ``optionsPageURL`` on an extension context.
+ * 
+ * Returns: `TRUE` if the extension includes a dedicated options
+ * page where users can customize settings.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_options_page(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasOptionsPage();
+}
+
+/**
+ * webkit_web_extension_get_has_override_new_tab_page:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension provides an alternative to
+ * the default new tab page.
+ * 
+ * The app should prompt the user for permission to use
+ * the extension's new tab page as the default, which can
+ * be accessed via ``overrideNewTabPageURL``
+ * on an extension context.
+ * 
+ * Returns: `TRUE` if the extension can specify a custom page
+ * that can be displayed when a new tab is opened in the app,
+ * instead of the default new tab page.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_override_new_tab_page(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasOverrideNewTabPage();
+}
+
+/**
+ * webkit_web_extension_get_has_commands:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension includes commands that users can invoke.
+ * 
+ * These commands should be accessible via keyboard shortcuts,
+ * menu items, or other user interface elements provided
+ * by the app. The list of commands can be accessed
+ * via ``commands`` on an extension context, and
+ * invoked via ``performCommand:``.
+ * 
+ * Returns: `TRUE` if the extension contains one or more commands
+ * that can be performed by the user.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_commands(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasCommands();
+}
+
+/**
+ * webkit_web_extension_get_has_content_modification_rules:
+ * @extension: a #WebKitWebExtension
+ * 
+ * Get whether the extension includes rules used for
+ * content modification or blocking.
+ * 
+ * Returns: `TRUE` if the extension contains one or more rules
+ * for content modification.
+ * 
+ * Since: 2.48
+ */
+gboolean webkit_web_extension_get_has_content_modification_rules(WebKitWebExtension* extension)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_EXTENSION(extension), FALSE);
+
+    return extension->priv->extension->hasContentModificationRules();
+}
+
+#else // ENABLE(WK_WEB_EXTENSIONS)
+
+gdouble webkit_web_extension_get_manifest_version(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_supports_manifest_version(WebKitWebExtension* extension, gdouble manifestVersion)
+{
+    return 0;
+}
+
+const gchar* webkit_web_extension_get_default_locale(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* webkit_web_extension_get_display_name(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* webkit_web_extension_get_display_short_name(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* webkit_web_extension_get_display_version(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* webkit_web_extension_get_display_description(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* webkit_web_extension_get_display_action_label(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+GIcon* webkit_web_extension_get_icon(WebKitWebExtension* extension, gdouble width, gdouble height)
+{
+    return nullptr;
+}
+
+GIcon* webkit_web_extension_get_action_icon(WebKitWebExtension* extension, gdouble width, gdouble height)
+{
+    return nullptr;
+}
+
+const gchar* webkit_web_extension_get_version(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* const * webkit_web_extension_get_requested_permissions(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+const gchar* const * webkit_web_extension_get_optional_permissions(WebKitWebExtension* extension)
+{
+    return "";
+}
+
+GList* webkit_web_extension_get_requested_permission_match_patterns(WebKitWebExtension* extension)
+{
+    return nullptr;
+}
+
+GList* webkit_web_extension_get_optional_permission_match_patterns(WebKitWebExtension* extension)
+{
+    return nullptr;
+}
+
+GList* webkit_web_extension_get_all_requested_match_patterns(WebKitWebExtension* extension)
+{
+    return nullptr;
+}
+
+gboolean webkit_web_extension_get_has_background_content(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_service_worker_background_content(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_modular_background_content(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_persistent_background_content(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_injected_content(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_options_page(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_override_new_tab_page(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_commands(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+gboolean webkit_web_extension_get_has_content_modification_rules(WebKitWebExtension* extension)
+{
+    return 0;
+}
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.h.in b/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.h.in
new file mode 100644
index 0000000000000..da28233d8d24a
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebExtension.h.in
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2024 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+@API_SINGLE_HEADER_CHECK@
+
+#ifndef WebKitWebExtension_h
+#define WebKitWebExtension_h
+
+#include <glib-object.h>
+#include <gio/gio.h>
+#include <@API_INCLUDE_PREFIX@/WebKitDefines.h>
+
+#include "WebKitWebExtensionMatchPattern.h"
+
+G_BEGIN_DECLS
+
+#define WEBKIT_TYPE_WEB_EXTENSION                            (webkit_web_extension_get_type ())
+
+WEBKIT_DECLARE_FINAL_TYPE (WebKitWebExtension, webkit_web_extension, WEBKIT, WEB_EXTENSION, GObject)
+
+WEBKIT_API gdouble
+webkit_web_extension_get_manifest_version                    (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_supports_manifest_version               (WebKitWebExtension *extension,
+                                                              gdouble             manifest_version);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_default_locale                      (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_display_name                        (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_display_short_name                  (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_display_version                     (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_display_description                 (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_display_action_label                (WebKitWebExtension *extension);
+
+WEBKIT_API GIcon *
+webkit_web_extension_get_icon                                (WebKitWebExtension *extension,
+                                                              gdouble             width,
+                                                              gdouble             height);
+
+WEBKIT_API GIcon *
+webkit_web_extension_get_action_icon                         (WebKitWebExtension *extension,
+                                                              gdouble             width,
+                                                              gdouble             height);
+
+WEBKIT_API const gchar *
+webkit_web_extension_get_version                             (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar * const *
+webkit_web_extension_get_requested_permissions               (WebKitWebExtension *extension);
+
+WEBKIT_API const gchar * const *
+webkit_web_extension_get_optional_permissions                (WebKitWebExtension *extension);
+
+WEBKIT_API GList *
+webkit_web_extension_get_requested_permission_match_patterns (WebKitWebExtension *extension);
+
+WEBKIT_API GList *
+webkit_web_extension_get_optional_permission_match_patterns  (WebKitWebExtension *extension);
+
+WEBKIT_API GList *
+webkit_web_extension_get_all_requested_match_patterns        (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_background_content              (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_persistent_background_content   (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_injected_content                (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_options_page                    (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_override_new_tab_page           (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_commands                        (WebKitWebExtension *extension);
+
+WEBKIT_API gboolean
+webkit_web_extension_get_has_content_modification_rules      (WebKitWebExtension *extension);
+
+G_END_DECLS
+
+#endif
\ No newline at end of file
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebExtensionInternal.h b/Source/WebKit/UIProcess/API/glib/WebKitWebExtensionInternal.h
new file mode 100644
index 0000000000000..314728711de39
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebExtensionInternal.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2024 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#pragma once
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+#include "WebKitWebExtension.h"
+#include <WebKit/WKBase.h>
+#include <wtf/HashMap.h>
+#include <wtf/text/WTFString.h>
+
+// Private API required by the unit tests
+
+typedef struct _WebKitWebExtension WebKitWebExtension;
+
+WK_EXPORT WebKitWebExtension* webkitWebExtensionCreate(HashMap<String, GRefPtr<GBytes>>&& resources, GError**);
+WK_EXPORT gboolean webkit_web_extension_get_has_service_worker_background_content(WebKitWebExtension*);
+WK_EXPORT gboolean webkit_web_extension_get_has_modular_background_content(WebKitWebExtension*);
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Source/WebKit/UIProcess/API/glib/webkit.h.in b/Source/WebKit/UIProcess/API/glib/webkit.h.in
index 763cd55f7abca..2b9ffd78aee1b 100644
--- a/Source/WebKit/UIProcess/API/glib/webkit.h.in
+++ b/Source/WebKit/UIProcess/API/glib/webkit.h.in
@@ -123,6 +123,7 @@
 #include <@API_INCLUDE_PREFIX@/WebKitVersion.h>
 #include <@API_INCLUDE_PREFIX@/WebKitWebContext.h>
 #if PLATFORM(GTK)
+#include <@API_INCLUDE_PREFIX@/WebKitWebExtension.h>
 #include <@API_INCLUDE_PREFIX@/WebKitWebExtensionMatchPattern.h>
 #endif
 #if PLATFORM(GTK)
diff --git a/Source/WebKit/UIProcess/Extensions/WebExtension.h b/Source/WebKit/UIProcess/Extensions/WebExtension.h
index 942d188bf2ea9..6e46d28d4fdb1 100644
--- a/Source/WebKit/UIProcess/Extensions/WebExtension.h
+++ b/Source/WebKit/UIProcess/Extensions/WebExtension.h
@@ -72,6 +72,8 @@ class WebExtension : public API::ObjectImpl<API::Object::Type::WebExtension>, pu
 #if PLATFORM(COCOA)
     explicit WebExtension(NSBundle *appExtensionBundle, NSURL *resourceURL, RefPtr<API::Error>&);
     explicit WebExtension(NSDictionary *manifest, Resources&& = { });
+#else
+    explicit WebExtension(const JSON::Value& manifest, Resources&& = { });
 #endif
 
     explicit WebExtension(Resources&& = { });
diff --git a/Source/WebKit/UIProcess/Extensions/gtk/WebExtensionGtk.cpp b/Source/WebKit/UIProcess/Extensions/gtk/WebExtensionGtk.cpp
new file mode 100644
index 0000000000000..e0e2c20b63365
--- /dev/null
+++ b/Source/WebKit/UIProcess/Extensions/gtk/WebExtensionGtk.cpp
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2024 Igalia S.L. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "WebExtension.h"
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+#include "Logging.h"
+#include "WebExtensionLocalization.h"
+#include "WebExtensionUtilities.h"
+#include <WebCore/LocalizedStrings.h>
+#include <gtk/gtk.h>
+#include <wtf/FileSystem.h>
+#include <wtf/Language.h>
+#include <wtf/glib/GRefPtr.h>
+#include <wtf/text/Base64.h>
+
+namespace WebKit {
+
+static constexpr auto generatedBackgroundPageFilename = "_generated_background_page.html"_s;
+static constexpr auto generatedBackgroundServiceWorkerFilename = "_generated_service_worker.js"_s;
+
+WebExtension::WebExtension(const JSON::Value& manifest, Resources&& resources)
+    : m_manifestJSON(manifest)
+    , m_resources(WTFMove(resources))
+{
+    auto manifestString = manifest.toJSONString();
+    RELEASE_ASSERT(manifestString);
+
+    m_resources.set("manifest.json"_s, manifestString);
+}
+
+RefPtr<API::Data> WebExtension::resourceDataForPath(const String& originalPath, RefPtr<API::Error>& outError, CacheResult cacheResult, SuppressNotFoundErrors suppressErrors)
+{
+    ASSERT(originalPath);
+
+    outError = nullptr;
+
+    String path = originalPath;
+
+    // Remove leading slash to normalize the path for lookup/storage in the cache dictionary.
+    if (path.startsWith('/'))
+        path = path.substring(1);
+
+    if (path.startsWith("data:"_s)) {
+        if (auto base64Position = path.find(";base64,"_s); base64Position != notFound) {
+            auto base64String = base64DecodeToString(path.substring(base64Position));
+            return API::Data::create(base64String.utf8().span());
+        }
+
+        if (auto commaPosition = path.find(','); commaPosition != notFound) {
+            auto urlEncodedString = path.substring(commaPosition);
+            auto decodedString = URL(urlEncodedString).string();
+            return API::Data::create(decodedString.utf8().span());
+        }
+
+        ASSERT(path == "data:"_s);
+        return API::Data::create(std::span<const uint8_t> { });
+    }
+
+    if (path == generatedBackgroundPageFilename || path  == generatedBackgroundServiceWorkerFilename)
+        return API::Data::create(generatedBackgroundContent().utf8().span());
+
+    if (auto entry = m_resources.find(path); entry != m_resources.end()) {
+        return WTF::switchOn(entry->value,
+            [](const Ref<API::Data>& data) {
+                return data;
+            },
+            [](const String& string) {
+                return API::Data::create(string.utf8().span());
+            });
+    }
+
+    auto resourceURL = resourceFileURLForPath(path);
+    if (!resourceURL.isEmpty()) {
+        if (suppressErrors == SuppressNotFoundErrors::No)
+            outError = createError(Error::ResourceNotFound, WEB_UI_FORMAT_STRING("Unable to find \"%s\" in the extension’s resources. It is an invalid path.", "WKWebExtensionErrorResourceNotFound description with invalid file path", path.utf8().data()));
+        return nullptr;
+    }
+
+    auto rawData = FileSystem::readEntireFile((resourceURL).fileSystemPath());
+    if (!rawData.has_value()) {
+        if (suppressErrors == SuppressNotFoundErrors::No)
+            outError = createError(Error::ResourceNotFound, WEB_UI_FORMAT_STRING("Unable to find \"%s\" in the extension’s resources.", "WKWebExtensionErrorResourceNotFound description with file name", path.utf8().data()));
+        return nullptr;
+    }
+
+    auto data = API::Data::create(*rawData);
+
+    if (cacheResult == CacheResult::Yes)
+        m_resources.set(path, data);
+
+    return data;
+}
+
+void WebExtension::recordError(Ref<API::Error> error)
+{
+    RELEASE_LOG_ERROR(Extensions, "Error recorded: %s", error->platformError());
+
+    // Only the first occurrence of each error is recorded in the array. This prevents duplicate errors,
+    // such as repeated "resource not found" errors, from being included multiple times.
+    if (m_errors.contains(error))
+        return;
+
+    m_errors.append(error);
+}
+
+RefPtr<WebCore::Icon> WebExtension::iconForPath(const String& path, RefPtr<API::Error>& outError, WebCore::FloatSize sizeForResizing, std::optional<double> idealDisplayScale)
+{
+    ASSERT(path);
+
+    auto imageData = resourceDataForPath(path, outError);
+    if (imageData->span().empty())
+        return nullptr;
+
+    auto gimageBytes = adoptGRef(g_bytes_new(imageData->span().data(), imageData->size()));
+
+    if (!sizeForResizing.isZero()) {
+        GUniqueOutPtr<GError> error;
+
+        auto loader = adoptGRef(gdk_pixbuf_loader_new());
+        gdk_pixbuf_loader_write_bytes(loader.get(), gimageBytes.get(), &error.outPtr());
+        if (error) {
+            RELEASE_LOG_ERROR(Extensions, "Unknown error when loading an icon: %s", error.get()->message);
+            outError = createError(Error::Unknown);
+        }
+        if (!gdk_pixbuf_loader_close(loader.get(), &error.outPtr()) && error) {
+            RELEASE_LOG_ERROR(Extensions, "Unknown error when loading an icon: %s", error.get()->message);
+            outError = createError(Error::Unknown);
+        }
+        auto pixbuf = adoptGRef(gdk_pixbuf_copy(gdk_pixbuf_loader_get_pixbuf(loader.get())));
+        if (!pixbuf)
+            return nullptr;
+
+        // Proportionally scale the size
+        auto originalWidth = gdk_pixbuf_get_width(pixbuf.get());
+        auto originalHeight = gdk_pixbuf_get_height(pixbuf.get());
+        auto aspectWidth = originalWidth ? (sizeForResizing.width() / originalWidth) : 0;
+        auto aspectHeight = originalHeight ? (sizeForResizing.height() / originalHeight) : 0;
+        auto aspectRatio = std::min(aspectWidth, aspectHeight);
+
+        gdk_pixbuf_scale_simple(pixbuf.get(), originalWidth * aspectRatio, originalHeight * aspectRatio, GDK_INTERP_BILINEAR);
+
+        gchar* buffer;
+        gsize bufferSize;
+        if (!gdk_pixbuf_save_to_buffer(pixbuf.get(), &buffer, &bufferSize, "png", &error.outPtr(), nullptr) && error) {
+            RELEASE_LOG_ERROR(Extensions, "Unknown error when loading an icon: %s", error.get()->message);
+            outError = createError(Error::Unknown);
+        }
+
+        gimageBytes = adoptGRef(g_bytes_new_take(buffer, bufferSize));
+    }
+
+    GRefPtr<GIcon> image = adoptGRef(g_bytes_icon_new(gimageBytes.get()));
+
+    return WebCore::Icon::create(WTFMove(image));
+}
+
+RefPtr<WebCore::Icon> WebExtension::bestIcon(RefPtr<JSON::Object> icons, WebCore::FloatSize idealSize, const Function<void(Ref<API::Error>)>& reportError)
+{
+    if (!icons)
+        return nullptr;
+
+    auto idealPointSize = idealSize.width() > idealSize.height() ? idealSize.width() : idealSize.height();
+    auto bestScale = largestDisplayScale();
+
+    auto pixelSize = idealPointSize * bestScale;
+    auto iconPath = pathForBestImage(*icons, pixelSize);
+    if (iconPath.isEmpty())
+        return nullptr;
+
+    RefPtr<API::Error> resourceError;
+    if (RefPtr image = iconForPath(iconPath, resourceError, idealSize))
+        return image;
+
+    if (reportError && resourceError)
+        reportError(*resourceError);
+
+    return nullptr;
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp b/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp
new file mode 100644
index 0000000000000..e60b6e0046395
--- /dev/null
+++ b/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp
@@ -0,0 +1,1122 @@
+/*
+ * Copyright (C) 2024 Igalia, S.L. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include "config.h"
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+#include "TestMain.h"
+#include "WebExtensionUtilities.h"
+#include <WebKitWebExtensionInternal.h>
+#include <wtf/HashMap.h>
+#include <wtf/text/StringBuilder.h>
+#include <wtf/text/StringHash.h>
+#include <wtf/text/WTFString.h>
+
+using namespace TestWebKitAPI;
+
+static GRefPtr<GBytes> createGBytes(const gchar* string)
+{
+    return adoptGRef(g_bytes_new_static(string, strlen(string)));
+}
+
+static void testDisplayStringParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 2 }");
+
+    g_assert_null(webkit_web_extension_get_display_name(extension.get()));
+    g_assert_null(webkit_web_extension_get_display_short_name(extension.get()));
+    g_assert_null(webkit_web_extension_get_display_version(extension.get()));
+    g_assert_null(webkit_web_extension_get_display_description(extension.get()));
+    g_assert_null(webkit_web_extension_get_version(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+
+    g_assert_cmpstr(webkit_web_extension_get_display_name(extension.get()), ==, "Test");
+    g_assert_cmpstr(webkit_web_extension_get_display_short_name(extension.get()), ==,  "Test");
+    g_assert_cmpstr(webkit_web_extension_get_display_version(extension.get()), ==,  "1.0");
+    g_assert_cmpstr(webkit_web_extension_get_display_description(extension.get()), ==,  "Test description");
+    g_assert_cmpstr(webkit_web_extension_get_version(extension.get()), ==,  "1.0");
+    g_assert_cmpint(webkit_web_extension_get_manifest_version(extension.get()), ==, 2);
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+
+    g_assert_cmpstr(webkit_web_extension_get_display_name(extension.get()), ==, "Test");
+    g_assert_cmpstr(webkit_web_extension_get_display_short_name(extension.get()), ==,  "Test");
+    g_assert_cmpstr(webkit_web_extension_get_display_version(extension.get()), ==,  "1.0");
+    g_assert_cmpstr(webkit_web_extension_get_display_description(extension.get()), ==,  "Test description");
+    g_assert_cmpstr(webkit_web_extension_get_version(extension.get()), ==,  "1.0");
+    g_assert_cmpint(webkit_web_extension_get_manifest_version(extension.get()), ==, 3);
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"name\": \"Test\", \"short_name\": \"Tst\", \"version\": \"1.0\", \"version_name\": \"1.0 Final\", \"description\": \"Test description\" }");
+
+    g_assert_cmpstr(webkit_web_extension_get_display_name(extension.get()), ==, "Test");
+    g_assert_cmpstr(webkit_web_extension_get_display_short_name(extension.get()), ==,  "Tst");
+    g_assert_cmpstr(webkit_web_extension_get_display_version(extension.get()), ==,  "1.0 Final");
+    g_assert_cmpstr(webkit_web_extension_get_display_description(extension.get()), ==,  "Test description");
+    g_assert_cmpstr(webkit_web_extension_get_version(extension.get()), ==,  "1.0");
+    g_assert_no_error(error.get());
+}
+
+static void testDefaultLocaleParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString, const gchar* localeFile) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) }, { String::fromUTF8(localeFile), createGBytes("{}") } }, &error.outPtr()));
+    };
+
+    // Test no default locale
+    GRefPtr<WebKitWebExtension> extension = adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes("{ \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }") } }, &error.outPtr()));
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_default_locale(extension.get()));
+
+    // Test with language locale file existing
+    extension = parse("{ \"manifest_version\": 2, \"default_locale\": \"en\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", "_locales/en/messages.json");
+    auto* defaultLocale = webkit_web_extension_get_default_locale(extension.get());
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_default_locale(extension.get()), ==, "en");
+
+    // Test with language locale file existing
+    extension = parse("{ \"manifest_version\": 2, \"default_locale\": \"en_US\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", "_locales/en_US/messages.json");
+    defaultLocale = webkit_web_extension_get_default_locale(extension.get());
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_default_locale(extension.get()), ==, "en_US");
+
+    // Test with less specific locale file existing
+    extension = parse("{ \"manifest_version\": 2, \"default_locale\": \"en_US\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", "_locales/en/messages.json");
+    defaultLocale = webkit_web_extension_get_default_locale(extension.get());
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_null(defaultLocale);
+
+    // Test with wrong locale file existing
+    extension = parse("{ \"manifest_version\": 2, \"default_locale\": \"en_US\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", "_locales/zh_CN/messages.json");
+    defaultLocale = webkit_web_extension_get_default_locale(extension.get());
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_null(defaultLocale);
+
+    // Test with no locale file existing
+    extension = parse("{ \"manifest_version\": 2, \"default_locale\": \"en_US\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", "");
+    defaultLocale = webkit_web_extension_get_default_locale(extension.get());
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_null(defaultLocale);
+}
+
+static void testDisplayStringParsingWithLocalization(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+
+    const gchar* manifest =
+        "{"
+        "\"manifest_version\": 2,"
+        "\"default_locale\": \"en_US\","
+        "\"name\": \"__MSG_default_name__\","
+        "\"short_name\": \"__MSG_regional_name__\","
+        "\"version\": \"1.0\","
+        "\"description\": \"__MSG_default_description__\""
+        "}";
+
+    const gchar* defaultMessages =
+        "{"
+        "\"default_name\": {"
+        "\"message\": \"Default String\","
+        "\"description\": \"The test name.\""
+        "},"
+        "\"default_description\": {"
+        "\"message\": \"Default Description\","
+        "\"description\": \"The test description.\""
+        "}"
+        "}";
+
+    const gchar* regionalMessages =
+        "{"
+        "\"regional_name\": {"
+        "\"message\": \"Regional String\","
+        "\"description\": \"The regional name.\""
+        "}"
+        "}";
+
+    HashMap<String, GRefPtr<GBytes>> resources = {
+        { "manifest.json"_s, createGBytes(manifest) },
+        { "_locales/en/messages.json"_s, createGBytes(defaultMessages) },
+        { "_locales/en_US/messages.json"_s, createGBytes(regionalMessages) }
+    };
+
+    GRefPtr<WebKitWebExtension> extension = adoptGRef(webkitWebExtensionCreate(WTFMove(resources), &error.outPtr()));
+
+    g_assert_cmpstr(webkit_web_extension_get_display_name(extension.get()), ==, "Default String");
+    g_assert_cmpstr(webkit_web_extension_get_display_short_name(extension.get()), ==,  "Regional String");
+    g_assert_cmpstr(webkit_web_extension_get_display_version(extension.get()), ==,  "1.0");
+    g_assert_cmpstr(webkit_web_extension_get_display_description(extension.get()), ==,  "Default Description");
+    g_assert_cmpstr(webkit_web_extension_get_version(extension.get()), ==,  "1.0");
+    g_assert_no_error(error.get());
+
+    manifest =
+        "{"
+        "\"manifest_version\": 2,"
+        "\"default_locale\": \"en_US\","
+        "\"name\": \"__MSG_default_name__\","
+        "\"short_name\": \"__MSG_default_name__\","
+        "\"version\": \"1.0\","
+        "\"description\": \"__MSG_default_description__\""
+        "}";
+    resources = {
+        { "manifest.json"_s, createGBytes(manifest) },
+        { "_locales/en/messages.json"_s, createGBytes(defaultMessages) },
+        { "_locales/en_US/messages.json"_s, createGBytes(regionalMessages) }
+    };
+
+    extension = adoptGRef(webkitWebExtensionCreate(WTFMove(resources), &error.outPtr()));
+
+    g_assert_cmpstr(webkit_web_extension_get_display_short_name(extension.get()), ==,  "Default String");
+    g_assert_no_error(error.get());
+}
+
+static void testActionParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+    auto parseWithIcon = [&](const gchar* manifestString, GRefPtr<GBytes> imageData) {
+        return adoptGRef(webkitWebExtensionCreate({
+            { "manifest.json"_s, createGBytes(manifestString) },
+            { "test.png"_s, imageData }
+        }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 2, \"browser_action\": {}, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 2, \"page_action\": {}, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 2, \"browser_action\": {}, \"page_action\": {}, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 2, \"browser_action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 2, \"page_action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    // `action` should be ignored in manifest v2
+    extension = parse("{ \"manifest_version\": 2, \"action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    // manifest v3 should look for an `action` key
+    extension = parse("{ \"manifest_version\": 3, \"action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    // Manifest v3 should never find a browser_action.
+    extension = parse("{ \"manifest_version\": 3, \"browser_action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    // Or a page action
+    extension = parse("{ \"manifest_version\": 3, \"page_action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parse("{ \"manifest_version\": 3, \"action\": { }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_no_error(error.get());
+    g_assert_null(webkit_web_extension_get_display_action_label(extension.get()));
+    g_assert_null(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    GRefPtr<GBytes> imageData = Util::makePNGData(16, 16, 0x008000);
+
+    extension = parseWithIcon("{ \"manifest_version\": 3, \"action\": { \"default_icon\": \"test.png\", \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", imageData);
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_nonnull(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parseWithIcon("{ \"manifest_version\": 3, \"action\": { \"default_icon\": { \"16\": \"test.png\" }, \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", imageData);
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_nonnull(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+
+    extension = parseWithIcon("{ \"manifest_version\": 3, \"icons\": { \"16\": \"test.png\" }, \"action\": { \"default_title\": \"Button Title\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }", imageData);
+    g_assert_no_error(error.get());
+    g_assert_cmpstr(webkit_web_extension_get_display_action_label(extension.get()), ==, "Button Title");
+    g_assert_nonnull(webkit_web_extension_get_action_icon(extension.get(), 16, 16));
+}
+
+static void testContentScriptsParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"content_scripts\": [{ \"js\": [\"\test.js\", 1, \"\"], \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*/\"] }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [\"\test.js\", 1, \"\"], \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*/\"], \"exclude_matches\": [\"*://*.example.com/\"] }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [\"\test.js\", 1, \"\"], \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*.example.com/\"] }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [\"\test.js\"], \"matches\": [\"*://*.example.com/\"], \"world\": \"MAIN\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*.example.com/\"], \"css_origin\": \"user\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*.example.com/\"], \"css_origin\": \"author\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    // Invalid cases
+
+    extension = parse("{ \"content_scripts\": [], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": { \"invalid\": true }, \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [ \"test.js\" ], \"matches\": [] }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    // Non-critical invalid cases
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [ \"test.js\" ], \"matches\": [\"*://*.example.com/\"], \"run_at\": \"invalid\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"js\": [ \"test.js\" ], \"matches\": [\"*://*.example.com/\"], \"world\": \"INVALID\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+
+    extension = parse("{ \"content_scripts\": [{ \"css\": [false, \"test.css\", \"\"], \"matches\": [\"*://*.example.com/\"], \"css_origin\": \"bad\" }], \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_true(webkit_web_extension_get_has_injected_content(extension.get()));
+}
+
+static void testPermissionsParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    // Failure Testing
+
+    // Neither of the "permissions" and "optional_permissions" keys are defined.
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 2, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    const gchar* const* requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    const gchar* const* optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // The "permissions" key alone is defined and empty
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // The "optional_permissions" key alone is defined and empty
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // The "permissions" and "optional_permissions" keys are defined as invalid types
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": 2, \"optional_permissions\": \"foo\", \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // The "permissions" keys is defined with an invalid permission.
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"invalid\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // The "permissions" key is defined with a valid permission
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"tabs\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(requestedPermissions[0], ==, "tabs");
+    g_assert_null(requestedPermissions[1]);
+
+    // The "permissions" key is defined with a valid & invalid permission
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"tabs\", \"invalid\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(requestedPermissions[0], ==, "tabs");
+    g_assert_null(requestedPermissions[1]);
+
+    // The "permissions" key is defined with a valid permission & origin
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"tabs\", \"http://www.webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(requestedPermissions);
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_requested_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_requested_permission_match_patterns(extension.get()), 0))), ==, "http://www.webkit.org/");
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(requestedPermissions[0], ==, "tabs");
+    g_assert_null(requestedPermissions[1]);
+
+    // The "permissions" key is defined with a valid permission & invalid origin
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"tabs\", \"foo://www.webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(requestedPermissions[0], ==, "tabs");
+    g_assert_null(requestedPermissions[1]);
+
+    // The "optional_permissions" keys is defined with an invalid permission.
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"invalid\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+
+    // The "optional_permissions" key is defined with a valid permission
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"tabs\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(optionalPermissions[0], ==, "tabs");
+    g_assert_null(optionalPermissions[1]);
+
+    // The "optional_permissions" key is defined with a valid & invalid permission
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"tabs\", \"invalid\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(optionalPermissions[0], ==, "tabs");
+    g_assert_null(optionalPermissions[1]);
+
+    // The "optional_permissions" key is defined with a valid permission & origin
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"tabs\", \"http://www.webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_nonnull(optionalPermissions);
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_optional_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_optional_permission_match_patterns(extension.get()), 0))), ==, "http://www.webkit.org/");
+    g_assert_cmpstr(optionalPermissions[0], ==, "tabs");
+    g_assert_null(optionalPermissions[1]);
+
+    // The "optional_permissions" key is defined with a valid permission & invalid origin
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"tabs\", \"foo://www.webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_nonnull(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(optionalPermissions[0], ==, "tabs");
+    g_assert_null(optionalPermissions[1]);
+
+    // The "optional_permissions" key is defined with a valid & forbidden invalid permission
+
+    extension = parse("{ \"manifest_version\": 2, \"optional_permissions\": [ \"tabs\", \"geolocation\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_null(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(optionalPermissions[0], ==, "tabs");
+    g_assert_null(optionalPermissions[1]);
+
+    // The "optional_permissions" key is defined in "permissions"
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"tabs\", \"geolocation\" ], \"optional_permissions\": [ \"tabs\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    requestedPermissions = webkit_web_extension_get_requested_permissions(extension.get());
+    optionalPermissions = webkit_web_extension_get_optional_permissions(extension.get());
+    g_assert_nonnull(requestedPermissions);
+    g_assert_null(webkit_web_extension_get_requested_permission_match_patterns(extension.get()));
+    g_assert_null(optionalPermissions);
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+    g_assert_cmpstr(requestedPermissions[0], ==, "tabs");
+    g_assert_null(requestedPermissions[1]);
+
+    // The "optional_permissions" key contains an origin defined in "permissions"
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"http://www.webkit.org/\" ], \"optional_permissions\": [ \"http://www.webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_requested_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_requested_permission_match_patterns(extension.get()), 0))), ==, "http://www.webkit.org/");
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // Make sure manifest v2 extensions ignore hosts from host_permissions (this should only be checked for manifest v3).
+
+    extension = parse("{ \"manifest_version\": 2, \"permissions\": [ \"http://www.webkit.org/\" ], \"optional_permissions\": [ \"http://www.example.com/\" ], \"host_permissions\": [ \"https://webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_requested_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_requested_permission_match_patterns(extension.get()), 0))), ==, "http://www.webkit.org/");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_optional_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_optional_permission_match_patterns(extension.get()), 0))), ==, "http://www.example.com/");
+
+    // Make sure manifest v3 parses hosts from host_permissions, and ignores hosts in permissions and optional_permissions.
+
+    extension = parse("{ \"manifest_version\": 3, \"permissions\": [ \"http://www.webkit.org/\" ], \"optional_permissions\": [ \"http://www.example.com/\" ], \"host_permissions\": [ \"https://webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_requested_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_requested_permission_match_patterns(extension.get()), 0))), ==, "https://webkit.org/");
+    g_assert_null(webkit_web_extension_get_optional_permission_match_patterns(extension.get()));
+
+    // Make sure manifest v3 parses optional_host_permissions.
+
+    extension = parse("{ \"manifest_version\": 3, \"optional_host_permissions\": [ \"http://www.example.com/\" ], \"host_permissions\": [ \"https://webkit.org/\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_requested_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_requested_permission_match_patterns(extension.get()), 0))), ==, "https://webkit.org/");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_optional_permission_match_patterns(extension.get())), ==, 1);
+    g_assert_cmpstr(webkit_web_extension_match_pattern_get_string(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_optional_permission_match_patterns(extension.get()), 0))), ==, "http://www.example.com/");
+}
+
+static void testBackgroundParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ \"test.js\" ] }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{\"manifest_version\":2,\"background\":{\"page\":\"test.html\",\"persistent\":false},\"name\":\"Test\",\"version\":\"1.0\",\"description\":\"Test\"}");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ \"test-1.js\", \"\", \"test-2.js\" ], \"persistent\": true }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": \"test.js\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ \"test-1.js\", \"test-2.js\" ], \"service_worker\": \"test.js\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"page\": \"test.html\", \"service_worker\": \"test.js\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ \"test-1.js\", \"test-2.js\" ], \"page\": \"test.html\", \"service_worker\": \"test.js\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": \"test.js\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": \"test.js\", \"type\": \"module\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ \"test-1.js\", \"test-2.js\" ], \"type\": \"module\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    // Invalid cases
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"page\": \"test.html\", \"persistent\": true }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_BACKGROUND_PERSISTENCE);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": \"test.js\", \"persistent\": true }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_modular_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_BACKGROUND_PERSISTENCE);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": [ \"invalid\" ], \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [], \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"page\": \"\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"page\": [ \"test.html\" ], \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"scripts\": [ [ \"test.js\" ] ], \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": \"\", \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 2, \"background\": { \"service_worker\": [ \"test.js\" ], \"persistent\": false }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_persistent_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testBackgroundPreferredEnvironmentParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"service_worker\", \"document\" ], \"service_worker\": \"background.js\", \"scripts\": [ \"background.js\" ], \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"document\", \"service_worker\" ], \"service_worker\": \"background.js\", \"scripts\": [ \"background.js\" ], \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": \"service_worker\", \"service_worker\": \"background.js\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"document\" ], \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": \"document\", \"scripts\": [ \"background.js\" ] }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"document\", \"service_worker\" ], \"scripts\": [ \"background.js\" ] }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"document\", 42, \"unknown\" ], \"scripts\": [ \"background.js\" ] }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"unknown\", 42 ], \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": \"unknown\", \"service_worker\": \"background.js\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"unknown\", \"document\" ], \"service_worker\": \"background.js\", \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_no_error(error.get());
+
+    // Invalid cases
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [], \"service_worker\": \"background.js\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_true(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": 42, \"service_worker\": \"background.js\", \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_true(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_false(webkit_web_extension_get_has_service_worker_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": [ \"service_worker\", \"document\" ] }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": \"document\", \"service_worker\": \"background.js\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"manifest_version\": 3, \"background\": { \"preferred_environment\": \"service_worker\", \"page\": \"background.html\" }, \"name\": \"Test\", \"version\": \"1.0\", \"description\": \"Test description\" }");
+    g_assert_false(webkit_web_extension_get_has_background_content(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testOptionsPageParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 3, \"options_page\": \"options.html\", \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_page\": \"\", \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_page\": 123, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_ui\": { \"page\": \"options.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_ui\": { \"bad\": \"options.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_ui\": { \"page\": 123 }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_ui\": { }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"options_ui\": { \"page\": \"\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_options_page(extension.get()));
+}
+
+static void testURLOverridesParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"manifest_version\": 3, \"browser_url_overrides\": { \"newtab\": \"newtab.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"browser_url_overrides\": { \"bad\": \"newtab.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"browser_url_overrides\": { \"newtab\": 123 }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"browser_url_overrides\": { }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"browser_url_overrides\": { \"newtab\": \"\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"chrome_url_overrides\": { \"newtab\": \"newtab.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"chrome_url_overrides\": { \"bad\": \"newtab.html\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"chrome_url_overrides\": { \"newtab\": 123 }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"chrome_url_overrides\": { }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+
+    extension = parse("{ \"manifest_version\": 3, \"chrome_url_overrides\": { \"newtab\": \"\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+    g_assert_false(webkit_web_extension_get_has_override_new_tab_page(extension.get()));
+}
+
+static void testContentSecurityPolicyParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    // Manifest V3
+    parse("{ \"manifest_version\": 3, \"content_security_policy\": { \"extension_pages\": \"script-src 'self'; object-src 'self'\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"manifest_version\": 3, \"content_security_policy\": { \"sandbox\": \"sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'self'\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"manifest_version\": 3, \"content_security_policy\": { }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"manifest_version\": 2, \"content_security_policy\": { \"extension_pages\": 123 }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Manifest V2
+    parse("{ \"manifest_version\": 2, \"content_security_policy\": \"script-src 'self'; object-src 'self'\", \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"manifest_version\": 2, \"content_security_policy\": [ \"invalid\", \"type\" ], \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"manifest_version\": 2, \"content_security_policy\": 123, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"manifest_version\": 2, \"content_security_policy\": { \"extension_pages\": \"script-src 'self'; object-src 'self'\" }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testWebAccessibleResourcesV2(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    parse("{ \"manifest_version\": 2, \"web_accessible_resources\": [ \"images/*.png\", \"styles/*.css\" ], \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"manifest_version\": 2, \"web_accessible_resources\": [ ], \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"manifest_version\": 2, \"web_accessible_resources\": \"bad\", \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"manifest_version\": 2, \"web_accessible_resources\": { }, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testWebAccessibleResourcesV3(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    parse("{ \"web_accessible_resources\": [ { \"resources\": [ \"images/*.png\", \"styles/*.css\" ], \"matches\": [ \"<all_urls>\" ] }, { \"resources\": [ \"scripts/*.js\" ], \"matches\": [ \"*://localhost/*\" ] } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"web_accessible_resources\": [ { \"resources\": [], \"matches\": [] } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_no_error(error.get());
+
+    parse("{ \"web_accessible_resources\": [ { \"resources\": \"bad\", \"matches\": [ \"<all_urls>\" ] } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"web_accessible_resources\": [ { \"resources\": [ \"images/*.png\" ], \"matches\": \"bad\" } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"web_accessible_resources\": [ { \"matches\": [ \"<all_urls>\" ] } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    parse("{ \"web_accessible_resources\": [ { \"resources\": [] } ], \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testCommandsParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"commands\": { \"show-popup\": { \"suggested_key\": { \"default\": \"Ctrl+Shift+P\", \"linux\": \"Ctrl+Shift+A\" }, \"description\": \"Show the popup\" } }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"commands\": { }, \"action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"commands\": { }, \"browser_action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 2, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"commands\": { }, \"page_action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 2, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_false(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"browser_action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 2, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"page_action\": { \"default_title\": \"Test Action\" }, \"manifest_version\": 2, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_true(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"commands\": { \"show-popup\": \"Invalid\" }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_false(webkit_web_extension_get_has_commands(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+}
+
+static void testDeclarativeNetRequestParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"id\": \"test\", \"enabled\": true, \"path\": \"rules.json\" }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    g_assert_true(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    g_assert_no_error(error.get());
+
+    // Missing id
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"enabled\": true, \"path\": \"rules.json\" }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    g_assert_false(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY);
+
+    // Missing enabled
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"id\": \"test\", \"path\": \"rules.json\" }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    g_assert_false(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY);
+
+    // Missing path
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"id\": \"test\", \"enabled\": true }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    g_assert_false(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY);
+
+    // Duplicate names
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"id\": \"test\", \"enabled\": true, \"path\": \"rules.json\" }, { \"id\": \"test\", \"enabled\": true, \"path\": \"rules2.json\" }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    // The first rule should be loaded
+    g_assert_true(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    // But an error should still be emitted
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY);
+
+    // One valid rule, one invalid rule
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [{ \"id\": \"test\", \"enabled\": true, \"path\": \"rules.json\" }, { \"enabled\": true, \"path\": \"rules2.json\" }] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    // The first rule should be loaded
+    g_assert_true(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    // But an error should still be emitted
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_DECLARATIVE_NET_REQUEST_ENTRY);
+
+    // No rules
+    extension = parse("{ \"declarative_net_request\": { \"rule_resources\": [] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\", \"permissions\": [ \"declarativeNetRequest\"] }");
+    g_assert_false(webkit_web_extension_get_has_content_modification_rules(extension.get()));
+    g_assert_no_error(error.get());
+}
+
+static void testExternallyConnectableParsing(Test*, gconstpointer)
+{
+    GUniqueOutPtr<GError> error;
+    auto parse = [&](const gchar* manifestString) {
+        return adoptGRef(webkitWebExtensionCreate({ { "manifest.json"_s, createGBytes(manifestString) } }, &error.outPtr()));
+    };
+
+    GRefPtr<WebKitWebExtension> extension = parse("{ \"externally_connectable\": {}, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Expect an error since 'externally_connectable' is specified, but there are no valid match patterns or extension ids.
+    extension = parse("{ \"externally_connectable\": { \"matches\": [] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    extension = parse("{ \"externally_connectable\": { \"matches\": [], \"ids\": [ \"\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Expect an error if <all_urls> is specified.
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"<all_urls>\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Still expect the errork, but have a valid match pattern
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"*://*.example.com/\", \"<all_urls>\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_all_requested_match_patterns(extension.get())), ==, 1);
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Expect an error for not having a second level domain.
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"*://*.com/\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_error(error.get(), WEBKIT_WEB_EXTENSION_ERROR, WEBKIT_WEB_EXTENSION_ERROR_INVALID_MANIFEST_ENTRY);
+
+    // Match for *://*.example.com/*
+    auto* matchingPattern = webkit_web_extension_match_pattern_new_with_string("*://*.example.com/", nullptr);
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"*://*.example.com/\" ] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_all_requested_match_patterns(extension.get())), ==, 1);
+    g_assert_no_error(error.get());
+    g_assert_true(webkit_web_extension_match_pattern_matches_pattern(static_cast<WebKitWebExtensionMatchPattern*>(g_list_nth_data(webkit_web_extension_get_all_requested_match_patterns(extension.get()), 0)), matchingPattern, WEBKIT_WEB_EXTENSION_MATCH_PATTERN_OPTIONS_NONE));
+
+    extension = parse("{ \"externally_connectable\": { \"matches\": [ \"*://*.example.com/\" ], \"ids\": [ \"*\"] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_cmpint(g_list_length(webkit_web_extension_get_all_requested_match_patterns(extension.get())), ==, 1);
+    g_assert_no_error(error.get());
+
+    extension = parse("{ \"externally_connectable\": { \"ids\": [ \"*\"] }, \"manifest_version\": 3, \"name\": \"Test\", \"description\": \"Test\", \"version\": \"1.0\" }");
+    g_assert_null(webkit_web_extension_get_all_requested_match_patterns(extension.get()));
+    g_assert_no_error(error.get());
+
+    // FIXME: <https://webkit.org/b/269299> Add more tests for externally_connectable "ids" keys.
+}
+
+void beforeAll()
+{
+    Test::add("WebKitWebExtension", "display-string-parsing", testDisplayStringParsing);
+    Test::add("WebKitWebExtension", "default-locale-parsing", testDefaultLocaleParsing);
+    Test::add("WebKitWebExtension", "display-string-parsing-with-localization", testDisplayStringParsingWithLocalization);
+    Test::add("WebKitWebExtension", "action-parsing", testActionParsing);
+    Test::add("WebKitWebExtension", "content-scripts-parsing", testContentScriptsParsing);
+    Test::add("WebKitWebExtension", "permissions-parsing", testPermissionsParsing);
+    Test::add("WebKitWebExtension", "background-parsing", testBackgroundParsing);
+    Test::add("WebKitWebExtension", "background-preferred-environment-parsing", testBackgroundPreferredEnvironmentParsing);
+    Test::add("WebKitWebExtension", "options-page-parsing", testOptionsPageParsing);
+    Test::add("WebKitWebExtension", "url-overrides-parsing", testURLOverridesParsing);
+    Test::add("WebKitWebExtension", "content-security-policy-parsing", testContentSecurityPolicyParsing);
+    Test::add("WebKitWebExtension", "web-accessible-resources-v2", testWebAccessibleResourcesV2);
+    Test::add("WebKitWebExtension", "web-accessible-resources-v3", testWebAccessibleResourcesV3);
+    Test::add("WebKitWebExtension", "commands", testCommandsParsing);
+    Test::add("WebKitWebExtension", "declarative-net-request", testDeclarativeNetRequestParsing);
+    Test::add("WebKitWebExtension", "externally-connectable", testExternallyConnectableParsing);
+}
+
+void afterAll()
+{
+}
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Tools/TestWebKitAPI/glib/CMakeLists.txt b/Tools/TestWebKitAPI/glib/CMakeLists.txt
index 048ec58741a37..3f84417f64be5 100644
--- a/Tools/TestWebKitAPI/glib/CMakeLists.txt
+++ b/Tools/TestWebKitAPI/glib/CMakeLists.txt
@@ -1,6 +1,7 @@
 set(WebKitGLibAPITests_SOURCES
     ${TOOLS_DIR}/TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp
     ${TOOLS_DIR}/TestWebKitAPI/glib/WebKitGLib/TestMain.cpp
+    ${TOOLS_DIR}/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp
     ${TOOLS_DIR}/TestWebKitAPI/glib/WebKitGLib/WebKitTestServer.cpp
     ${TOOLS_DIR}/TestWebKitAPI/glib/WebKitGLib/WebViewTest.cpp
 )
@@ -208,6 +209,7 @@ ADD_WK2_TEST(TestGeolocationManager ${TOOLS_DIR}/TestWebKitAPI/Tests/WebKitGLib/
 ADD_WK2_TEST(TestInputMethodContext ${TOOLS_DIR}/TestWebKitAPI/Tests/WebKitGLib/TestInputMethodContext.cpp)
 
 if (ENABLE_WK_WEB_EXTENSIONS)
+    ADD_WK2_TEST(TestWebKitWebExtension ${TOOLS_DIR}/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtension.cpp)
     ADD_WK2_TEST(TestWebKitWebExtensionMatchPattern ${TOOLS_DIR}/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebExtensionMatchPattern.cpp)
 endif ()
 
diff --git a/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp b/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp
new file mode 100644
index 0000000000000..61b6460d08ad6
--- /dev/null
+++ b/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2024 Igalia S.L.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "WebExtensionUtilities.h"
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+#include <gtk/gtk.h>
+#include <wtf/glib/GRefPtr.h>
+#include <wtf/glib/GUniquePtr.h>
+
+namespace TestWebKitAPI {
+namespace Util {
+
+GRefPtr<GBytes> makePNGData(int width, int height, int color)
+{
+    GRefPtr<GdkPixbuf> pixbuf = adoptGRef(gdk_pixbuf_new(GDK_COLORSPACE_RGB, FALSE, 8, width, height));
+
+    if (!pixbuf)
+        return { };
+
+    gdk_pixbuf_fill(pixbuf.get(), color);
+
+    GUniqueOutPtr<GError> error;
+    gchar* buffer;
+    gsize bufferSize;
+    if (!gdk_pixbuf_save_to_buffer(pixbuf.get(), &buffer, &bufferSize, "png", &error.outPtr(), nullptr))
+        return { };
+
+    return adoptGRef(g_bytes_new_take(buffer, bufferSize));
+}
+
+} // namespace Util
+} // namespace TestWebKitAPI
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)
diff --git a/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.h b/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.h
new file mode 100644
index 0000000000000..311ec64abb4a1
--- /dev/null
+++ b/Tools/TestWebKitAPI/glib/WebKitGLib/WebExtensionUtilities.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2024 Igalia S.L.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "Utilities.h"
+#include "WTFTestUtilities.h"
+
+#include <wtf/Vector.h>
+#include <wtf/glib/GRefPtr.h>
+
+#if ENABLE(WK_WEB_EXTENSIONS)
+
+namespace TestWebKitAPI {
+
+namespace Util {
+
+GRefPtr<GBytes> makePNGData(int width, int height, int color);
+
+} // namespace Util
+
+} // namespace TestWebKitAPI
+
+#endif // ENABLE(WK_WEB_EXTENSIONS)

From 7e4c841cabbb21d2ac3aaf7a9e60270e601efcac Mon Sep 17 00:00:00 2001
From: Ahmad Saleem <ahmad.saleem792+github@gmail.com>
Date: Mon, 24 Feb 2025 10:21:55 -0800
Subject: [PATCH 137/174] [Interop 2025] Sync `workers/constructors` tests from
 WPT upstream https://bugs.webkit.org/show_bug.cgi?id=288367 rdar://145474518

Reviewed by Anne van Kesteren.

Upstream commit: https://github.com/web-platform-tests/wpt/commit/240b357348202856b077417a3ebf944301776a89

* LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin.html:
* LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin.html:

Canonical link: https://commits.webkit.org/290958@main
---
 .../constructors/SharedWorker/same-origin-expected.txt     | 3 ++-
 .../workers/constructors/SharedWorker/same-origin.html     | 7 ++++++-
 .../workers/constructors/Worker/same-origin-expected.txt   | 3 ++-
 .../workers/constructors/Worker/same-origin.html           | 7 ++++++-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt
index 9f7cba609f8de..f1cbe0ad4370d 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt
@@ -1,5 +1,6 @@
 
-PASS unsupported_scheme
+PASS non-parsable URL
+FAIL unsupported_scheme URL of the shared worker is cross-origin
 PASS data_url
 FAIL javascript_url URL of the shared worker is cross-origin
 FAIL about_blank URL of the shared worker is cross-origin
diff --git a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin.html b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin.html
index ad464ad50d13d..4f1b62a6605b5 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin.html
@@ -17,7 +17,12 @@
 }
 
 test(() => {
-  assert_throws_dom("SecurityError", () => { new SharedWorker('unsupported:', ''); });
+  assert_throws_dom("SyntaxError", () => { new SharedWorker('https://test:test', ''); });
+}, "non-parsable URL");
+
+async_test(t => {
+  // Parses fine as a URL, fails to fetch according to Fetch
+  testSharedWorkerHelper(t, 'unsupported:');
 }, "unsupported_scheme");
 
 async_test(t => {
diff --git a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt
index 989bd5be3b5fd..25dbd8585dad5 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt
@@ -1,5 +1,6 @@
 
-PASS unsupported_scheme
+PASS non-parsable URL
+FAIL unsupported_scheme The operation is insecure.
 PASS data_url
 FAIL about_blank The operation is insecure.
 FAIL example_invalid The operation is insecure.
diff --git a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin.html b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin.html
index 7c86319c14d48..56dbfe3b3f3ac 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin.html
@@ -19,7 +19,12 @@
 }
 
 test(function() {
-  assert_throws_dom("SecurityError", function() { new Worker('unsupported:'); });
+  assert_throws_dom("SyntaxError", function() { new Worker('https://test:test'); });
+}, "non-parsable URL");
+
+async_test(function(t) {
+  // Parses fine as a URL, fails to fetch according to Fetch
+  testWorkerHelper(t, 'unsupported:');
 }, "unsupported_scheme");
 
 async_test(function() {

From 5ad630e24829dd185d426e3258c5a26245710218 Mon Sep 17 00:00:00 2001
From: Yasmin Karimi <y_karimi@apple.com>
Date: Mon, 24 Feb 2025 10:52:27 -0800
Subject: [PATCH 138/174] [Gardening] [ macOS Sonoma Release wk2 ]
 fast/canvas/webgl/drawingbu ffer-test.html is constant failure (flaky in
 EWS). https://bugs.webkit.org/show_bug.cgi?id=287990 rdar://145157445

Unreviewed test gardening.

Added a test expectation for a failing bug.

* LayoutTests/platform/mac-wk2/TestExpectations:
* LayoutTests/platform/mac/TestExpectations:

Canonical link: https://commits.webkit.org/290959@main
---
 LayoutTests/platform/mac-wk2/TestExpectations | 2 --
 LayoutTests/platform/mac/TestExpectations     | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations
index 2667e00bbdda5..4705b04e7ebdc 100644
--- a/LayoutTests/platform/mac-wk2/TestExpectations
+++ b/LayoutTests/platform/mac-wk2/TestExpectations
@@ -1931,8 +1931,6 @@ webkit.org/b/287974 [ Sonoma Release arm64 ] imported/w3c/web-platform-tests/css
 
 webkit.org/b/287987 media/media-source/media-source-minimumupcomingpresentationtime.html [ Pass Failure ]
 
-webkit.org/b/287990 [ Sonoma Release ] fast/canvas/webgl/drawingbuffer-test.html [ Pass Failure ]
-
 webkit.org/b/288005 imported/w3c/web-platform-tests/css/selectors/invalidation/nth-last-child-in-shadow-root.html [ Pass ImageOnlyFailure ]
 
 webkit.org/b/288015 [ Sonoma+ Release ] media/media-source/media-managedmse-video-with-poster.html [ Pass ImageOnlyFailure ]
diff --git a/LayoutTests/platform/mac/TestExpectations b/LayoutTests/platform/mac/TestExpectations
index 059c2e165ceb9..5578efbb40ae3 100644
--- a/LayoutTests/platform/mac/TestExpectations
+++ b/LayoutTests/platform/mac/TestExpectations
@@ -2405,3 +2405,5 @@ imported/w3c/web-platform-tests/editing/other/insertparagraph-in-child-of-html.t
 imported/w3c/web-platform-tests/editing/other/insertparagraph-in-child-of-html.tentative.html?designMode=on&white-space=pre-wrap [ Pass Failure ] 
 
 webkit.org/b/288133 imported/w3c/web-platform-tests/scroll-to-text-fragment/find-range-from-text-directive.html [ Pass Failure ]
+
+webkit.org/b/287990 [ Sonoma+ ] fast/canvas/webgl/drawingbuffer-test.html [ Pass Failure ]

From 188e126c3653225abd7056dc90eaecda4c8cff18 Mon Sep 17 00:00:00 2001
From: Claudio Saavedra <csaavedra@igalia.com>
Date: Mon, 24 Feb 2025 11:24:36 -0800
Subject: [PATCH 139/174] Suppress uncounted lambda capture warning in
 WebCore::Timer https://bugs.webkit.org/show_bug.cgi?id=288370

Reviewed by Chris Dumez.

The use pattern of Timer objects is that they are stored as a member variable
of the object that is captured in the lambda, so its lifetime is bound
to the lifetime of the object, therefore there's no risk in capturing
the object uncounted. Furthermore, capturing a reference will cause a circular
reference and a leak. So this warning can be suppressed.

* Source/WebCore/platform/Timer.h:
(WebCore::Timer::Timer):

Canonical link: https://commits.webkit.org/290960@main
---
 Source/WebCore/platform/Timer.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebCore/platform/Timer.h b/Source/WebCore/platform/Timer.h
index 0c48d36066d6e..986913ce07fcc 100644
--- a/Source/WebCore/platform/Timer.h
+++ b/Source/WebCore/platform/Timer.h
@@ -158,7 +158,7 @@ class Timer : public TimerBase {
     template<typename TimerFiredClass, typename TimerFiredBaseClass>
     requires (WTF::HasRefPtrMemberFunctions<TimerFiredClass>::value)
     Timer(TimerFiredClass& object, void (TimerFiredBaseClass::*function)())
-        : m_function([objectPtr = &object, function] {
+        : m_function([objectPtr = &object, function] SUPPRESS_UNCOUNTED_LAMBDA_CAPTURE {
             Ref protectedObject { *objectPtr };
             (objectPtr->*function)();
         })

From f4ed96d58ea8f73496c8a9ce6bd515bd80f09d90 Mon Sep 17 00:00:00 2001
From: Dominic Mazzoni <dm_mazzoni@apple.com>
Date: Mon, 24 Feb 2025 12:07:20 -0800
Subject: [PATCH 140/174] AX: performDeferredCacheUpdate needs to check
 document.hasPendingStyleRecalc https://bugs.webkit.org/show_bug.cgi?id=287716
 rdar://problem/144875397

Reviewed by Tyler Wilcock.

When AXObjectCache::performDeferredCacheUpdate is called, it checks to
see if the document needs layout first before updating the
accessibility tree. If this isn't done, walking the accessibility tree
can trigger a layout in the middle, leading to inconsistencies and
crashes.

However, if there's a pending style recalc, that can trigger a layout too,
so we need to check that and do a layout in that scenario too.

I wrote a layout test, but I'm going to merge it in a follow-up because
it triggers a second assertion and needs an additional fix:
https://bugs.webkit.org/show_bug.cgi?id=287715

* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::documentNeedsLayoutOrStyleRecalc):
(WebCore::AXObjectCache::performDeferredCacheUpdate):

Canonical link: https://commits.webkit.org/290961@main
---
 .../UncheckedCallArgsCheckerExpectations          |  1 -
 Source/WebCore/accessibility/AXObjectCache.cpp    | 15 +++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
index 0412c94e7abe6..dc539e2590023 100644
--- a/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
@@ -1,7 +1,6 @@
 Modules/cookie-store/CookieStore.cpp
 Modules/mediarecorder/MediaRecorder.cpp
 Modules/websockets/WorkerThreadableWebSocketChannel.cpp
-accessibility/AXObjectCache.cpp
 accessibility/AccessibilityListBox.cpp
 accessibility/AccessibilityObject.cpp
 accessibility/AccessibilityRenderObject.cpp
diff --git a/Source/WebCore/accessibility/AXObjectCache.cpp b/Source/WebCore/accessibility/AXObjectCache.cpp
index bdd3887ec5934..d8c1c3a26e913 100644
--- a/Source/WebCore/accessibility/AXObjectCache.cpp
+++ b/Source/WebCore/accessibility/AXObjectCache.cpp
@@ -4316,6 +4316,17 @@ bool AXObjectCache::elementIsTextControl(const Element& element)
     return axObject && axObject->isTextControl();
 }
 
+static bool documentNeedsLayoutOrStyleRecalc(Document& document)
+{
+    auto* frameView = document.view();
+    if (frameView) {
+        if (frameView->needsLayout() || frameView->layoutContext().isLayoutPending())
+            return true;
+    }
+
+    return document.hasPendingStyleRecalc();
+}
+
 void AXObjectCache::performDeferredCacheUpdate(ForceLayout forceLayout)
 {
     AXTRACE(makeString("AXObjectCache::performDeferredCacheUpdate 0x"_s, hex(reinterpret_cast<uintptr_t>(this))));
@@ -4335,7 +4346,7 @@ void AXObjectCache::performDeferredCacheUpdate(ForceLayout forceLayout)
     if (!document->view())
         return;
 
-    if (document->view()->needsLayout()) {
+    if (documentNeedsLayoutOrStyleRecalc(*document)) {
         // Layout became dirty while waiting to performDeferredCacheUpdate, and we require clean layout
         // to update the accessibility tree correctly in this function.
         if ((m_cacheUpdateDeferredCount >= 3 || forceLayout == ForceLayout::Yes) && !Accessibility::inRenderTreeOrStyleUpdate(*document)) {
@@ -4355,7 +4366,7 @@ void AXObjectCache::performDeferredCacheUpdate(ForceLayout forceLayout)
         for (; frame; frame = frame->tree().traverseNext()) {
             auto* localFrame = dynamicDowncast<LocalFrame>(frame.get());
             RefPtr subDocument = localFrame ? localFrame->document() : nullptr;
-            if (subDocument && subDocument->view() && subDocument->view()->needsLayout())
+            if (subDocument && documentNeedsLayoutOrStyleRecalc(*subDocument))
                 subDocument->updateLayoutIgnorePendingStylesheets();
         }
     }

From d405685fd9435c64ade32ab36707c3cd02cc2094 Mon Sep 17 00:00:00 2001
From: Claudio Saavedra <csaavedra@igalia.com>
Date: Mon, 24 Feb 2025 12:10:52 -0800
Subject: [PATCH 141/174] [GTK] Garden failing inspector API test
 https://bugs.webkit.org/show_bug.cgi?id=288387

Unreviewed gardening.

* Tools/TestWebKitAPI/glib/TestExpectations.json:

Canonical link: https://commits.webkit.org/290962@main
---
 Tools/TestWebKitAPI/glib/TestExpectations.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Tools/TestWebKitAPI/glib/TestExpectations.json b/Tools/TestWebKitAPI/glib/TestExpectations.json
index 2abdf38d88a0e..5e64c3c1fc059 100644
--- a/Tools/TestWebKitAPI/glib/TestExpectations.json
+++ b/Tools/TestWebKitAPI/glib/TestExpectations.json
@@ -507,5 +507,12 @@
                 "expected": {"gtk": {"status": ["TIMEOUT", "PASS"], "bug": "webkit.org/b/284812"}}
             }
         }
+    },
+    "TestInspector": {
+        "subtests": {
+            "/webkit/WebKitWebInspector/manual-attach-detach": {
+                "expected": {"gtk": { "status": ["FAIL"], "bug": "webkit.org/b/288385"}}
+            }
+        }
     }
 }

From 5b80752a5caab4a3ef2ff0af2d586768dc51f1a3 Mon Sep 17 00:00:00 2001
From: Andy Estes <aestes@apple.com>
Date: Mon, 24 Feb 2025 12:12:51 -0800
Subject: [PATCH 142/174] Use the org.webkit prefix for TestWebKitAPI.app's
 bundle identifier https://bugs.webkit.org/show_bug.cgi?id=288245

Reviewed by Richard Robinson and Elliott Williams.

Using a bundle identifier prefix of com.apple. is incompatible with apps built against a Public
SDK. For consistency with WebKitTestRunner.app, MiniBrowser.app, etc., changed TestWebKitAPI.app's
bundle identifier to org.webkit.TestWebKitAPI.

* Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig:

Canonical link: https://commits.webkit.org/290963@main
---
 Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig b/Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig
index 4be524ab1a6ce..b963e767d6f2a 100644
--- a/Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig
+++ b/Tools/TestWebKitAPI/Configurations/TestWebKitAPIApp.xcconfig
@@ -24,7 +24,7 @@
 #include "TestWebKitAPIBase.xcconfig"
 
 PRODUCT_NAME = TestWebKitAPI;
-PRODUCT_BUNDLE_IDENTIFIER = com.apple.WebKit.TestWebKitAPIApp;
+PRODUCT_BUNDLE_IDENTIFIER = org.webkit.$(PRODUCT_NAME:rfc1034identifier);
 
 EXCLUDED_SOURCE_FILE_NAMES[sdk=macosx*] = ios/app/*;
 EXCLUDED_SOURCE_FILE_NAMES[sdk=embedded*] = mac/app/*;

From 36fbb6b8eee7cb8caf806b06f6716913d4311b34 Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Mon, 24 Feb 2025 12:18:29 -0800
Subject: [PATCH 143/174] [Site Isolation] Going back while creating remote
 iframes may create incorrect history state
 https://bugs.webkit.org/show_bug.cgi?id=288319 rdar://142485711

Reviewed by Alex Christensen.

When an iframe is embedded into a new process, we set state from the current back/forward item onto its
WebFrameProxy to indicate that we expect the iframe to soon load its initial history state. This approach
fails if, at the time of embedding, the current back/forward item has not yet been updated to reference
the page that is embedding the iframe. Instead, we should just set a bool on the WebFrameProxy to
indicate that its initial history state is not yet created, and then search and update the current
back/forward item to include the child frame's state when the history item is committed.

* LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back-expected.txt: Added.
* LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back.html: Added.
* LayoutTests/http/tests/site-isolation/history/resources/add-recursive-iframes-then-go-back.html: Added.
* LayoutTests/http/tests/site-isolation/resources/recursive-create-remote-iframe.html: Added.
* Source/WebKit/UIProcess/WebBackForwardList.cpp:
(WebKit::WebBackForwardList::addChildItem):
* Source/WebKit/UIProcess/WebBackForwardList.h:
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::setPendingChildBackForwardItem): Deleted.
(WebKit::WebFrameProxy::takePendingChildBackForwardItem): Deleted.
* Source/WebKit/UIProcess/WebFrameProxy.h:
(WebKit::WebFrameProxy::setIsPendingInitialHistoryItem):
(WebKit::WebFrameProxy::isPendingInitialHistoryItem const):
(WebKit::WebFrameProxy::hasPendingChildBackForwardItem const): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::continueNavigationInNewProcess):
(WebKit::WebPageProxy::backForwardAddItemShared):

Canonical link: https://commits.webkit.org/290964@main
---
 .../add-iframes-and-go-back-expected.txt       | 10 ++++++++++
 .../history/add-iframes-and-go-back.html       | 18 ++++++++++++++++++
 .../add-recursive-iframes-then-go-back.html    | 16 ++++++++++++++++
 .../recursive-create-remote-iframe.html        | 12 ++++++++++++
 Source/WebKit/UIProcess/WebBackForwardList.cpp | 13 +++++++++++++
 Source/WebKit/UIProcess/WebBackForwardList.h   |  1 +
 Source/WebKit/UIProcess/WebFrameProxy.cpp      | 10 ----------
 Source/WebKit/UIProcess/WebFrameProxy.h        |  7 +++----
 Source/WebKit/UIProcess/WebPageProxy.cpp       | 14 ++++++++------
 9 files changed, 81 insertions(+), 20 deletions(-)
 create mode 100644 LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back-expected.txt
 create mode 100644 LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back.html
 create mode 100644 LayoutTests/http/tests/site-isolation/history/resources/add-recursive-iframes-then-go-back.html
 create mode 100644 LayoutTests/http/tests/site-isolation/resources/recursive-create-remote-iframe.html

diff --git a/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back-expected.txt b/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back-expected.txt
new file mode 100644
index 0000000000000..9ab91c4f3fe38
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back-expected.txt
@@ -0,0 +1,10 @@
+Verifies that using history.back() while recursively creating iframes does not increase history.length.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS history.length is 2
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back.html b/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back.html
new file mode 100644
index 0000000000000..c34500ed59b44
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/add-iframes-and-go-back.html
@@ -0,0 +1,18 @@
+<!-- webkit-test-runner [ SiteIsolationEnabled=true ] -->
+<script src="/js-test-resources/js-test.js"></script>
+<script>
+description("Verifies that using history.back() while recursively creating iframes does not increase history.length.");
+jsTestIsAsync = true;
+
+onload = async () => {
+    if (sessionStorage.didNavigate) {
+        delete sessionStorage.didNavigate;
+        shouldBe("history.length", "2");
+        finishJSTest();
+    } else {
+        await testRunner?.clearBackForwardList();
+        sessionStorage.didNavigate = true;
+        location.href = 'http://127.0.0.1:8000/site-isolation/history/resources/add-recursive-iframes-then-go-back.html';
+    }
+}
+</script>
diff --git a/LayoutTests/http/tests/site-isolation/history/resources/add-recursive-iframes-then-go-back.html b/LayoutTests/http/tests/site-isolation/history/resources/add-recursive-iframes-then-go-back.html
new file mode 100644
index 0000000000000..f5592e1ede5e2
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/resources/add-recursive-iframes-then-go-back.html
@@ -0,0 +1,16 @@
+<script>
+onload = () => {
+    setInterval(() => {
+        const iframe = document.createElement('iframe');
+        iframe.src = 'http://localhost:8000/site-isolation/resources/recursive-create-remote-iframe.html#1';
+        document.body.appendChild(iframe);
+    }, 10);
+
+    onmessage = () => {
+        onmessage = null;
+        setTimeout(() => {
+            history.back();
+        }, 50);
+    }
+}
+</script>
diff --git a/LayoutTests/http/tests/site-isolation/resources/recursive-create-remote-iframe.html b/LayoutTests/http/tests/site-isolation/resources/recursive-create-remote-iframe.html
new file mode 100644
index 0000000000000..4eb403093b088
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/resources/recursive-create-remote-iframe.html
@@ -0,0 +1,12 @@
+<script>
+onload = () => {
+    const host = location.hash === '#1' ? 'localhost' : '127.0.0.1';
+    const nextHash = location.hash === '#1' ? '#2' : '#1';
+    setTimeout(() => {
+        const iframe = document.createElement('iframe');
+        iframe.src = `http://${host}:8000/site-isolation/resources/recursive-create-remote-iframe.html${nextHash}`;
+        document.body.appendChild(iframe);
+        window.top.postMessage("", '*');
+    }, 10);
+}
+</script>
diff --git a/Source/WebKit/UIProcess/WebBackForwardList.cpp b/Source/WebKit/UIProcess/WebBackForwardList.cpp
index 0bb9f2d3e732d..ab3fcd4009211 100644
--- a/Source/WebKit/UIProcess/WebBackForwardList.cpp
+++ b/Source/WebKit/UIProcess/WebBackForwardList.cpp
@@ -190,6 +190,19 @@ void WebBackForwardList::addItem(Ref<WebBackForwardListItem>&& newItem)
     page->didChangeBackForwardList(newItemPtr, WTFMove(removedItems));
 }
 
+void WebBackForwardList::addChildItem(FrameIdentifier parentFrameID, Ref<FrameState>&& frameState)
+{
+    RefPtr currentItem = this->currentItem();
+    if (!currentItem)
+        return;
+
+    RefPtr parentItem = currentItem->protectedMainFrameItem()->childItemForFrameID(parentFrameID);
+    if (!parentItem)
+        return;
+
+    parentItem->setChild(WTFMove(frameState));
+}
+
 void WebBackForwardList::goToItem(WebBackForwardListItem& item)
 {
     if (m_provisionalIndex)
diff --git a/Source/WebKit/UIProcess/WebBackForwardList.h b/Source/WebKit/UIProcess/WebBackForwardList.h
index 88ae67d0ea672..619494e946147 100644
--- a/Source/WebKit/UIProcess/WebBackForwardList.h
+++ b/Source/WebKit/UIProcess/WebBackForwardList.h
@@ -56,6 +56,7 @@ class WebBackForwardList : public API::ObjectImpl<API::Object::Type::BackForward
     WebBackForwardListItem* itemForID(WebCore::BackForwardItemIdentifier);
 
     void addItem(Ref<WebBackForwardListItem>&&);
+    void addChildItem(WebCore::FrameIdentifier, Ref<FrameState>&&);
     void goToItem(WebBackForwardListItem&);
     void removeAllItems();
     void clear();
diff --git a/Source/WebKit/UIProcess/WebFrameProxy.cpp b/Source/WebKit/UIProcess/WebFrameProxy.cpp
index e23797e706886..285a3b279c418 100644
--- a/Source/WebKit/UIProcess/WebFrameProxy.cpp
+++ b/Source/WebKit/UIProcess/WebFrameProxy.cpp
@@ -689,16 +689,6 @@ bool WebFrameProxy::isMainFrame() const
     return m_frameLoadState.isMainFrame() == IsMainFrame::Yes;
 }
 
-void WebFrameProxy::setPendingChildBackForwardItem(WebBackForwardListFrameItem* pendingChildBackForwardItem)
-{
-    m_pendingChildBackForwardItem = pendingChildBackForwardItem;
-}
-
-WebBackForwardListFrameItem* WebFrameProxy::takePendingChildBackForwardItem()
-{
-    return std::exchange(m_pendingChildBackForwardItem, nullptr).get();
-}
-
 void WebFrameProxy::updateScrollingMode(WebCore::ScrollbarMode scrollingMode)
 {
     m_scrollingMode = scrollingMode;
diff --git a/Source/WebKit/UIProcess/WebFrameProxy.h b/Source/WebKit/UIProcess/WebFrameProxy.h
index 253722e6b481b..6234291402e3f 100644
--- a/Source/WebKit/UIProcess/WebFrameProxy.h
+++ b/Source/WebKit/UIProcess/WebFrameProxy.h
@@ -199,9 +199,8 @@ class WebFrameProxy : public API::ObjectImpl<API::Object::Type::Frame>, public C
     TraversalResult traverseNext(CanWrap) const;
     TraversalResult traversePrevious(CanWrap);
 
-    void setPendingChildBackForwardItem(WebBackForwardListFrameItem*);
-    bool hasPendingChildBackForwardItem() const { return !!m_pendingChildBackForwardItem; };
-    WebBackForwardListFrameItem* takePendingChildBackForwardItem();
+    void setIsPendingInitialHistoryItem(bool isPending) { m_isPendingInitialHistoryItem = isPending; }
+    bool isPendingInitialHistoryItem() const { return m_isPendingInitialHistoryItem; }
 
     WebCore::LayerHostingContextIdentifier layerHostingContextIdentifier() const { return m_layerHostingContextIdentifier; }
     void setRemoteFrameSize(WebCore::IntSize size) { m_remoteFrameSize = size; }
@@ -247,7 +246,7 @@ class WebFrameProxy : public API::ObjectImpl<API::Object::Type::Frame>, public C
 #endif
     CompletionHandler<void(std::optional<WebCore::PageIdentifier>, std::optional<WebCore::FrameIdentifier>)> m_navigateCallback;
     const WebCore::LayerHostingContextIdentifier m_layerHostingContextIdentifier;
-    WeakPtr<WebBackForwardListFrameItem> m_pendingChildBackForwardItem;
+    bool m_isPendingInitialHistoryItem { false };
     std::optional<WebCore::IntSize> m_remoteFrameSize;
     WebCore::SandboxFlags m_effectiveSandboxFlags;
     WebCore::ScrollbarMode m_scrollingMode;
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 5eb9439d6b735..fda220425e2c2 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -5141,10 +5141,8 @@ void WebPageProxy::continueNavigationInNewProcess(API::Navigation& navigation, W
 
         RefPtr provisionalPage = m_provisionalPage;
         Ref processNavigatingFrom = frame.isMainFrame() && provisionalPage ? provisionalPage->process() : frame.process();
-        if (RefPtr parentFrame = frame.parentFrame(); parentFrame && parentFrame->process() == processNavigatingFrom) {
-            if (RefPtr currentItem = m_backForwardList->currentItem())
-                frame.setPendingChildBackForwardItem(currentItem->protectedNavigatedFrameItem()->protectedChildItemForFrameID(parentFrame->frameID()).get());
-        }
+        if (RefPtr parentFrame = frame.parentFrame(); parentFrame && parentFrame->process() == processNavigatingFrom)
+            frame.setIsPendingInitialHistoryItem(true);
 
         frame.prepareForProvisionalLoadInProcess(newProcess, navigation, m_browsingContextGroup, [
             loadParameters = WTFMove(loadParameters),
@@ -9623,8 +9621,12 @@ void WebPageProxy::backForwardAddItemShared(IPC::Connection& connection, Ref<Fra
 #endif
 
     if (RefPtr targetFrame = WebFrameProxy::webFrame(navigatedFrameState->frameID)) {
-        if (RefPtr pendingChildBackForwardItem = targetFrame->takePendingChildBackForwardItem())
-            return pendingChildBackForwardItem->setChild(WTFMove(navigatedFrameState));
+        if (targetFrame->isPendingInitialHistoryItem()) {
+            targetFrame->setIsPendingInitialHistoryItem(false);
+            if (RefPtr parent = targetFrame->parentFrame())
+                m_backForwardList->addChildItem(parent->frameID(), WTFMove(navigatedFrameState));
+            return;
+        }
     } else
         return;
 

From a2fed17afc244c40b709b501c6b1c1ec3621da5d Mon Sep 17 00:00:00 2001
From: Rupin Mittal <rupin@apple.com>
Date: Mon, 24 Feb 2025 12:21:41 -0800
Subject: [PATCH 144/174] Adopt more smart pointers in GlyphPageCoreText,
 MediaSelectionGroupAVFObjC, ScrollingStateTree
 https://bugs.webkit.org/show_bug.cgi?id=287920 rdar://145102824

Reviewed by Ryosuke Niwa.

Smart pointer adoption as per the static analyzer.

* Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations:
* Source/WebCore/page/scrolling/ScrollingStateTree.cpp:
(WebCore::ScrollingStateTree::createAfterReconstruction):
(WebCore::ScrollingStateTree::attachDeserializedNodes):
(WebCore::ScrollingStateTree::commit):
(WebCore::ScrollingStateTree::isValid const):
* Source/WebCore/platform/graphics/Font.cpp:
(WebCore::m_shouldNotBeUsedForArabic):
* Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h:
(WebCore::MediaSelectionGroupAVFObjC::selectedOption const):
* Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
(WebCore::MediaSelectionOptionAVFObjC::setSelected):
* Source/WebCore/platform/graphics/coretext/GlyphPageCoreText.cpp:
(WebCore::GlyphPage::fill):

Canonical link: https://commits.webkit.org/290965@main
---
 .../NoUncountedMemberCheckerExpectations      |  1 -
 .../UncountedCallArgsCheckerExpectations      |  2 --
 .../UncountedLocalVarsCheckerExpectations     |  1 -
 .../page/scrolling/ScrollingStateTree.cpp     | 19 ++++++++++---------
 Source/WebCore/platform/graphics/Font.cpp     |  1 +
 .../avfoundation/MediaSelectionGroupAVFObjC.h | 12 ++++++------
 .../MediaSelectionGroupAVFObjC.mm             |  5 +++--
 .../graphics/coretext/GlyphPageCoreText.cpp   |  8 ++++----
 8 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
index c19a3bce2decd..d8f010260efad 100644
--- a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
@@ -71,7 +71,6 @@ platform/graphics/ComplexTextController.h
 platform/graphics/DrawGlyphsRecorder.h
 platform/graphics/GraphicsLayer.h
 platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm
-platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h
 platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h
 platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm
 platform/graphics/ca/TileController.h
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 35e8520f3ac72..c91cb51d2af5c 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -992,7 +992,6 @@ page/scrolling/AsyncScrollingCoordinator.cpp
 page/scrolling/ScrollAnchoringController.cpp
 page/scrolling/ScrollSnapOffsetsInfo.cpp
 page/scrolling/ScrollingCoordinator.cpp
-page/scrolling/ScrollingStateTree.cpp
 page/scrolling/ScrollingThread.cpp
 page/scrolling/ScrollingTreeGestureState.cpp
 page/scrolling/ScrollingTreeScrollingNodeDelegate.h
@@ -1051,7 +1050,6 @@ platform/graphics/TransparencyLayerContextSwitcher.cpp
 platform/graphics/WidthIterator.cpp
 platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm
 platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp
-platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h
 platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
 platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm
diff --git a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
index 67af62ef3369d..c85f8facdf95e 100644
--- a/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/UncountedLocalVarsCheckerExpectations
@@ -601,7 +601,6 @@ platform/graphics/ca/TileGrid.cpp
 platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm
 platform/graphics/cocoa/controls/ApplePayButtonCocoa.mm
 platform/graphics/coretext/ComplexTextControllerCoreText.mm
-platform/graphics/coretext/GlyphPageCoreText.cpp
 platform/graphics/displaylists/DisplayListItem.cpp
 platform/graphics/displaylists/DisplayListItems.cpp
 platform/graphics/displaylists/DisplayListRecorder.cpp
diff --git a/Source/WebCore/page/scrolling/ScrollingStateTree.cpp b/Source/WebCore/page/scrolling/ScrollingStateTree.cpp
index 2983838e935e0..a00e1285dbee9 100644
--- a/Source/WebCore/page/scrolling/ScrollingStateTree.cpp
+++ b/Source/WebCore/page/scrolling/ScrollingStateTree.cpp
@@ -75,8 +75,8 @@ std::optional<ScrollingStateTree> ScrollingStateTree::createAfterReconstruction(
     ScrollingStateTree tree(hasNewRootStateNode, hasChangedProperties, WTFMove(rootStateNode));
 
     bool allIdentifiersUnique { true };
-    if (tree.m_rootStateNode) {
-        tree.m_rootStateNode->traverse([&] (auto& node) {
+    if (RefPtr rootStateNode = tree.m_rootStateNode) {
+        rootStateNode->traverse([&] (auto& node) {
             auto addResult = tree.m_stateNodeMap.add(node.scrollingNodeID(), node);
             if (!addResult.isNewEntry)
                 allIdentifiersUnique = false;
@@ -101,9 +101,9 @@ void ScrollingStateTree::attachDeserializedNodes()
     // into a ScrollingStateTree then move to a std::unique_ptr<ScrollingStateTree> and if we
     // did this in the constructor, createAfterReconstruction would be setting nodes' tree pointers
     // to the wrong ScrollingStateTree.
-    if (m_rootStateNode) {
-        m_rootStateNode->attachAfterDeserialization(*this);
-        ASSERT(m_rootStateNode->parentPointersAreCorrect());
+    if (RefPtr rootStateNode = m_rootStateNode) {
+        rootStateNode->attachAfterDeserialization(*this);
+        ASSERT(rootStateNode->parentPointersAreCorrect());
     }
 }
 
@@ -347,8 +347,8 @@ std::unique_ptr<ScrollingStateTree> ScrollingStateTree::commit(LayerRepresentati
     auto treeStateClone = makeUnique<ScrollingStateTree>();
     treeStateClone->setPreferredLayerRepresentation(preferredLayerRepresentation);
 
-    if (m_rootStateNode)
-        treeStateClone->setRootStateNode(downcast<ScrollingStateFrameScrollingNode>(m_rootStateNode->cloneAndReset(*treeStateClone)));
+    if (RefPtr rootStateNode = m_rootStateNode)
+        treeStateClone->setRootStateNode(downcast<ScrollingStateFrameScrollingNode>(rootStateNode->cloneAndReset(*treeStateClone)));
 
     // Now the clone tree has changed properties, and the original tree does not.
     treeStateClone->m_hasChangedProperties = std::exchange(m_hasChangedProperties, false);
@@ -367,11 +367,12 @@ void ScrollingStateTree::traverse(const ScrollingStateNode& node, NOESCAPE const
 
 bool ScrollingStateTree::isValid() const
 {
-    if (!m_rootStateNode)
+    RefPtr rootStateNode = m_rootStateNode;
+    if (!rootStateNode)
         return true;
 
     bool isValid = true;
-    traverse(*m_rootStateNode, [&](const ScrollingStateNode& node) {
+    traverse(*rootStateNode, [&](const ScrollingStateNode& node) {
         switch (node.nodeType()) {
         case ScrollingNodeType::MainFrame:
             break;
diff --git a/Source/WebCore/platform/graphics/Font.cpp b/Source/WebCore/platform/graphics/Font.cpp
index b7f3e94d7d8fe..10bf7fcc4b991 100644
--- a/Source/WebCore/platform/graphics/Font.cpp
+++ b/Source/WebCore/platform/graphics/Font.cpp
@@ -92,6 +92,7 @@ Font::Font(const FontPlatformData& platformData, Origin origin, IsInterstitial i
     , m_shouldNotBeUsedForArabic(false)
 #endif
 {
+    relaxAdoptionRequirement();
     platformInit();
     platformGlyphInit();
     platformCharWidthInit();
diff --git a/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h b/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h
index a2965182d1774..9ddba93466cd7 100644
--- a/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h
+++ b/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h
@@ -31,7 +31,7 @@
 #include <wtf/HashMap.h>
 #include <wtf/IteratorRange.h>
 #include <wtf/Ref.h>
-#include <wtf/RefCounted.h>
+#include <wtf/RefCountedAndCanMakeWeakPtr.h>
 #include <wtf/RefPtr.h>
 #include <wtf/RetainPtr.h>
 #include <wtf/text/WTFString.h>
@@ -45,7 +45,7 @@ namespace WebCore {
 
 class MediaSelectionGroupAVFObjC;
 
-class MediaSelectionOptionAVFObjC : public RefCounted<MediaSelectionOptionAVFObjC> {
+class MediaSelectionOptionAVFObjC : public RefCountedAndCanMakeWeakPtr<MediaSelectionOptionAVFObjC> {
 public:
     static Ref<MediaSelectionOptionAVFObjC> create(MediaSelectionGroupAVFObjC&, AVMediaSelectionOption *);
 
@@ -64,17 +64,17 @@ class MediaSelectionOptionAVFObjC : public RefCounted<MediaSelectionOptionAVFObj
 
     void clearGroup() { m_group = nullptr; }
 
-    MediaSelectionGroupAVFObjC* m_group;
+    WeakPtr<MediaSelectionGroupAVFObjC> m_group;
     RetainPtr<AVMediaSelectionOption> m_mediaSelectionOption;
 };
 
-class MediaSelectionGroupAVFObjC : public RefCounted<MediaSelectionGroupAVFObjC> {
+class MediaSelectionGroupAVFObjC : public RefCountedAndCanMakeWeakPtr<MediaSelectionGroupAVFObjC> {
 public:
     static Ref<MediaSelectionGroupAVFObjC> create(AVPlayerItem*, AVMediaSelectionGroup*, const Vector<String>& characteristics);
     ~MediaSelectionGroupAVFObjC();
 
     void setSelectedOption(MediaSelectionOptionAVFObjC*);
-    MediaSelectionOptionAVFObjC* selectedOption() const { return m_selectedOption; }
+    MediaSelectionOptionAVFObjC* selectedOption() const { return m_selectedOption.get(); }
 
     void updateOptions(const Vector<String>& characteristics);
 
@@ -92,7 +92,7 @@ class MediaSelectionGroupAVFObjC : public RefCounted<MediaSelectionGroupAVFObjC>
     RetainPtr<AVPlayerItem> m_playerItem;
     RetainPtr<AVMediaSelectionGroup> m_mediaSelectionGroup;
     OptionContainer m_options;
-    MediaSelectionOptionAVFObjC* m_selectedOption { nullptr };
+    WeakPtr<MediaSelectionOptionAVFObjC> m_selectedOption;
     Timer m_selectionTimer;
     bool m_shouldSelectOptionAutomatically { true };
 };
diff --git a/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm b/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm
index 884e4f56d5431..d21375bc1c066 100644
--- a/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm
+++ b/Source/WebCore/platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm
@@ -58,13 +58,14 @@
 
 void MediaSelectionOptionAVFObjC::setSelected(bool selected)
 {
-    if (!m_group)
+    RefPtr group = m_group.get();
+    if (!group)
         return;
 
     if (selected == this->selected())
         return;
 
-    m_group->setSelectedOption(selected ? this : nullptr);
+    group->setSelectedOption(selected ? this : nullptr);
 }
 
 bool MediaSelectionOptionAVFObjC::selected() const
diff --git a/Source/WebCore/platform/graphics/coretext/GlyphPageCoreText.cpp b/Source/WebCore/platform/graphics/coretext/GlyphPageCoreText.cpp
index 63f582d1af619..562bb5e2f62e2 100644
--- a/Source/WebCore/platform/graphics/coretext/GlyphPageCoreText.cpp
+++ b/Source/WebCore/platform/graphics/coretext/GlyphPageCoreText.cpp
@@ -52,20 +52,20 @@ bool GlyphPage::fill(std::span<const UChar> buffer)
 {
     ASSERT(buffer.size() == GlyphPage::size || buffer.size() == 2 * GlyphPage::size);
 
-    const Font& font = this->font();
+    Ref<const Font> font = this->font();
     Vector<CGGlyph, 512> glyphs(buffer.size());
     unsigned glyphStep = buffer.size() / GlyphPage::size;
 
     if (shouldFillWithVerticalGlyphs(buffer, font))
-        CTFontGetVerticalGlyphsForCharacters(font.platformData().ctFont(), reinterpret_cast<const UniChar*>(buffer.data()), glyphs.data(), buffer.size());
+        CTFontGetVerticalGlyphsForCharacters(font->platformData().ctFont(), reinterpret_cast<const UniChar*>(buffer.data()), glyphs.data(), buffer.size());
     else
-        CTFontGetGlyphsForCharacters(font.platformData().ctFont(), reinterpret_cast<const UniChar*>(buffer.data()), glyphs.data(), buffer.size());
+        CTFontGetGlyphsForCharacters(font->platformData().ctFont(), reinterpret_cast<const UniChar*>(buffer.data()), glyphs.data(), buffer.size());
 
     bool haveGlyphs = false;
     for (unsigned i = 0; i < GlyphPage::size; ++i) {
         auto theGlyph = glyphs[i * glyphStep];
         if (theGlyph && theGlyph != deletedGlyph) {
-            setGlyphForIndex(i, theGlyph, font.colorGlyphType(theGlyph));
+            setGlyphForIndex(i, theGlyph, font->colorGlyphType(theGlyph));
             haveGlyphs = true;
         }
     }

From 9240eac1e801f2fe5f1d0bb30ef1a7066a762b78 Mon Sep 17 00:00:00 2001
From: Richard Robinson <richard_robinson2@apple.com>
Date: Mon, 24 Feb 2025 12:31:15 -0800
Subject: [PATCH 145/174] [SwiftUI] Provide ability for clients to tell when
 WebView scroll geometry has changed
 https://bugs.webkit.org/show_bug.cgi?id=288242 rdar://145321354

Reviewed by Aditya Keerthi.

Add a new `webViewOnScrollGeometryChange` view modifier to `WebView` to provide clients the ability
to respond to changes to various sizes and geometries that are modified by scrolling.

To facilitate this, layer tree transaction updates are propogated through a new `WKUIDelegateInternal`
protocol. The `WKUIDelegateAdapter` type now conforms to this new protocol, and passes the information
to `CocoaWebViewAdapter`, which then notifies the closures provided by the view modifier.

The `WKUIDelegateAdapter` type is made to more accurately reflect its conformance by conforming to `WKUIDelegatePrivate`.
However, this is still not _entirely_ accurate since it does also conform to `WKUIDelegateInternal`, however this
conformance cannot be statically stated since types imported via `internal import` can't appear in places that are outside
the project scope, which `WKUIDelegateAdapter` is.

* Source/WebKit/Modules/Internal/WebKitInternal.h:
* Source/WebKit/SourcesCocoa.txt:
* Source/WebKit/UIProcess/API/APIUIClient.h:
(API::UIClient::geometryDidChange):
* Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKScrollGeometry.h: Copied from Source/WebKit/Modules/Internal/WebKitInternal.h.
* Source/WebKit/UIProcess/API/Cocoa/_WKScrollGeometry.mm: Copied from Source/WebKit/Modules/Internal/WebKitInternal.h.
(-[_WKScrollGeometry initWithContainerSize:contentInsets:contentOffset:contentSize:]):
* Source/WebKit/UIProcess/API/Swift/WKScrollGeometryAdapter.swift: Copied from Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift.
* Source/WebKit/UIProcess/API/Swift/WKUIDelegateAdapter.swift:
(WKUIDelegateAdapter._webView(_:geometryDidChange:)):
* Source/WebKit/UIProcess/API/Swift/WebPage.swift:
(WebPageWebView.geometryDidChange(_:)):
(Delegate.geometryDidChange(_:)):
* Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm:
(WebKit::PageClientImplCocoa::didCommitLayerTree):
* Source/WebKit/UIProcess/Cocoa/UIDelegate.h:
* Source/WebKit/UIProcess/Cocoa/UIDelegate.mm:
(WebKit::UIDelegate::setDelegate):
(WebKit::UIDelegate::UIClient::geometryDidChange):
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTreeTransaction):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/_WebKit_SwiftUI/CocoaWebViewAdapter.swift:
(CocoaWebViewAdapter.onScrollGeometryChange):
(CocoaWebViewAdapter.currentScrollGeometry):
(CocoaWebViewAdapter.contentView):
(CocoaWebViewAdapter.findBarViewDidChangeHeight):
(CocoaWebViewAdapter.geometryDidChange(_:)):
* Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift:
* Source/WebKit/_WebKit_SwiftUI/SwiftUI+Extras.swift: Added.
* Source/WebKit/_WebKit_SwiftUI/View+WebViewModifiers.swift:
(EnvironmentValues.webViewOnScrollGeometryChange):
(View.webViewContentBackground(_:)):
(FindContext.isPresented): Deleted.
* Source/WebKit/_WebKit_SwiftUI/ViewModifierContexts.swift: Copied from Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift.
(FindContext.isPresented):
* Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift:
(WebViewRepresentable.updatePlatformView(_:context:)):

Canonical link: https://commits.webkit.org/290966@main
---
 .../WebKit/Modules/Internal/WebKitInternal.h  |  2 +
 Source/WebKit/SourcesCocoa.txt                |  1 +
 .../UIProcess/API/Cocoa/WKScrollGeometry.h    | 54 +++++++++++++++
 .../UIProcess/API/Cocoa/WKScrollGeometry.mm   | 67 +++++++++++++++++++
 .../API/Cocoa/WKUIDelegateInternal.h          | 36 ++++++++++
 .../UIProcess/API/Cocoa/WKUIDelegatePrivate.h |  1 +
 .../WebKit/UIProcess/API/Cocoa/WKWebView.mm   | 27 +++++++-
 .../UIProcess/API/Cocoa/WKWebViewInternal.h   |  4 ++
 .../API/Swift/WKScrollGeometryAdapter.swift   | 56 ++++++++++++++++
 .../API/Swift/WKUIDelegateAdapter.swift       |  8 ++-
 .../WebKit/UIProcess/API/Swift/WebPage.swift  |  7 ++
 .../UIProcess/Cocoa/PageClientImplCocoa.mm    |  2 +
 Source/WebKit/UIProcess/Cocoa/UIDelegate.mm   |  3 +-
 .../WebKit/WebKit.xcodeproj/project.pbxproj   | 47 +++++++------
 .../_WebKit_SwiftUI/CocoaWebViewAdapter.swift | 29 +++++++-
 .../_WebKit_SwiftUI/Foundation+Extras.swift   | 14 ++++
 .../_WebKit_SwiftUI/SwiftUI+Extras.swift      | 43 ++++++++++++
 .../View+WebViewModifiers.swift               | 26 ++++---
 .../ViewModifierContexts.swift                | 42 ++++++++++++
 .../WebViewRepresentable.swift                |  3 +-
 20 files changed, 438 insertions(+), 34 deletions(-)
 create mode 100644 Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.h
 create mode 100644 Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.mm
 create mode 100644 Source/WebKit/UIProcess/API/Cocoa/WKUIDelegateInternal.h
 create mode 100644 Source/WebKit/UIProcess/API/Swift/WKScrollGeometryAdapter.swift
 create mode 100644 Source/WebKit/_WebKit_SwiftUI/SwiftUI+Extras.swift
 create mode 100644 Source/WebKit/_WebKit_SwiftUI/ViewModifierContexts.swift

diff --git a/Source/WebKit/Modules/Internal/WebKitInternal.h b/Source/WebKit/Modules/Internal/WebKitInternal.h
index 76951a4c08ca7..b5794b44f8f38 100644
--- a/Source/WebKit/Modules/Internal/WebKitInternal.h
+++ b/Source/WebKit/Modules/Internal/WebKitInternal.h
@@ -29,5 +29,7 @@
 
 #import "WKMaterialHostingSupport.h"
 #import "WKPreferencesInternal.h"
+#import "WKScrollGeometry.h"
+#import "WKUIDelegateInternal.h"
 #import "WKWebViewConfigurationInternal.h"
 #import "WKWebViewInternal.h"
diff --git a/Source/WebKit/SourcesCocoa.txt b/Source/WebKit/SourcesCocoa.txt
index 5584143acd295..19e2664300bd0 100644
--- a/Source/WebKit/SourcesCocoa.txt
+++ b/Source/WebKit/SourcesCocoa.txt
@@ -359,6 +359,7 @@ UIProcess/API/Cocoa/WKPreviewElementInfo.mm
 UIProcess/API/Cocoa/WKProcessGroup.mm
 UIProcess/API/Cocoa/WKProcessPool.mm
 UIProcess/API/Cocoa/WKScriptMessage.mm
+UIProcess/API/Cocoa/WKScrollGeometry.mm
 UIProcess/API/Cocoa/WKSecurityOrigin.mm
 UIProcess/API/Cocoa/WKSnapshotConfiguration.mm
 UIProcess/API/Cocoa/WKURLSchemeTask.mm
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.h b/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.h
new file mode 100644
index 0000000000000..6e31fa2024d09
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import <Foundation/Foundation.h>
+#import <WebKit/WKFoundation.h>
+
+#if PLATFORM(IOS_FAMILY)
+#import <UIKit/UIKit.h>
+#endif
+
+NS_SWIFT_SENDABLE
+@interface WKScrollGeometry : NSObject
+
+@property (nonatomic, readonly) CGSize containerSize;
+
+#if PLATFORM(IOS_FAMILY)
+@property (nonatomic, readonly) UIEdgeInsets contentInsets;
+#else
+@property (nonatomic, readonly) NSEdgeInsets contentInsets;
+#endif
+
+@property (nonatomic, readonly) CGPoint contentOffset;
+
+@property (nonatomic, readonly) CGSize contentSize;
+
+#if PLATFORM(IOS_FAMILY)
+- (instancetype)initWithContainerSize:(CGSize)containerSize contentInsets:(UIEdgeInsets)contentInsets contentOffset:(CGPoint)contentOffset contentSize:(CGSize)contentSize;
+#else
+- (instancetype)initWithContainerSize:(CGSize)containerSize contentInsets:(NSEdgeInsets)contentInsets contentOffset:(CGPoint)contentOffset contentSize:(CGSize)contentSize;
+#endif
+
+@end
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.mm b/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.mm
new file mode 100644
index 0000000000000..91627609c7264
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKScrollGeometry.mm
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT ( INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "WKScrollGeometry.h"
+
+#if PLATFORM(IOS_FAMILY)
+#define CocoaEdgeInsets UIEdgeInsets
+#define CocoaEdgeInsetsEqual UIEdgeInsetsEqualToEdgeInsets
+#else
+#define CocoaEdgeInsets NSEdgeInsets
+#define CocoaEdgeInsetsEqual NSEdgeInsetsEqual
+#endif
+
+@implementation WKScrollGeometry
+
+- (instancetype)initWithContainerSize:(CGSize)containerSize contentInsets:(CocoaEdgeInsets)contentInsets contentOffset:(CGPoint)contentOffset contentSize:(CGSize)contentSize
+{
+    if (!(self = [self init]))
+        return nil;
+
+    _containerSize = containerSize;
+    _contentInsets = contentInsets;
+    _contentOffset = contentOffset;
+    _contentSize = contentSize;
+
+    return self;
+}
+
+- (BOOL)isEqual:(id)other
+{
+    if (other == self)
+        return YES;
+
+    RetainPtr otherGeometry = dynamic_objc_cast<WKScrollGeometry>(other);
+    if (!otherGeometry)
+        return NO;
+
+    return CGSizeEqualToSize(_containerSize, otherGeometry->_containerSize)
+        && CocoaEdgeInsetsEqual(_contentInsets, otherGeometry->_contentInsets)
+        && CGPointEqualToPoint(_contentOffset, otherGeometry->_contentOffset)
+        && CGSizeEqualToSize(_contentSize, otherGeometry->_contentSize);
+}
+
+@end
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegateInternal.h b/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegateInternal.h
new file mode 100644
index 0000000000000..79e13fd62754a
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegateInternal.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import <WebKit/WKUIDelegatePrivate.h>
+
+@class WKScrollGeometry;
+
+@protocol WKUIDelegateInternal <WKUIDelegatePrivate>
+
+@optional
+
+- (void)_webView:(WKWebView *)webView geometryDidChange:(WKScrollGeometry *)geometry;
+
+@end
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h
index 3595b2e43f1cf..a3273eb8d62f7 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKUIDelegatePrivate.h
@@ -35,6 +35,7 @@
 @class UIScrollView;
 @class UIViewController;
 @class WKFrameInfo;
+@class WKScrollGeometry;
 @class _WKContextMenuElementInfo;
 @class _WKActivatedElementInfo;
 @class _WKElementAction;
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
index ffcf8ac4b63f7..b3ce859c3bd83 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
@@ -81,6 +81,7 @@
 #import "WKPDFView.h"
 #import "WKPreferencesInternal.h"
 #import "WKProcessPoolInternal.h"
+#import "WKScrollGeometry.h"
 #import "WKSecurityOriginInternal.h"
 #import "WKSharedAPICast.h"
 #import "WKSnapshotConfigurationPrivate.h"
@@ -88,7 +89,7 @@
 #import "WKTextExtractionItem.h"
 #import "WKTextExtractionUtilities.h"
 #import "WKUIDelegate.h"
-#import "WKUIDelegatePrivate.h"
+#import "WKUIDelegateInternal.h"
 #import "WKUserContentControllerInternal.h"
 #import "WKWebViewConfigurationInternal.h"
 #import "WKWebViewContentProvider.h"
@@ -2953,6 +2954,30 @@ - (_WKRectEdge)_fixedContainerEdges
     return [self _sampledRightFixedPositionContentColor:_fixedContainerEdges];
 }
 
+- (void)_updateScrollGeometryWithContentOffset:(CGPoint)contentOffset contentSize:(CGSize)contentSize
+{
+    CGSize containerSize = self.frame.size;
+    auto contentInsets = _page->obscuredContentInsets();
+#if PLATFORM(IOS_FAMILY)
+    UIEdgeInsets cocoaInsets = UIEdgeInsetsMake(contentInsets.top(), contentInsets.left(), contentInsets.bottom(), contentInsets.right());
+#else
+    NSEdgeInsets cocoaInsets = NSEdgeInsetsMake(contentInsets.top(), contentInsets.left(), contentInsets.bottom(), contentInsets.right());
+#endif
+
+    RetainPtr oldScrollGeometry = _currentScrollGeometry;
+    RetainPtr newScrollGeometry = adoptNS([[WKScrollGeometry alloc] initWithContainerSize:containerSize contentInsets:cocoaInsets contentOffset:contentOffset contentSize:contentSize]);
+
+    if (oldScrollGeometry && [oldScrollGeometry isEqual:newScrollGeometry.get()])
+        return;
+
+    id<WKUIDelegateInternal> uiDelegate = (id<WKUIDelegateInternal>)self.UIDelegate;
+    if (![uiDelegate respondsToSelector:@selector(_webView:geometryDidChange:)])
+        return;
+
+    _currentScrollGeometry = newScrollGeometry;
+    [uiDelegate _webView:self geometryDidChange:newScrollGeometry.get()];
+}
+
 - (void)_updateFixedContainerEdges:(const WebCore::FixedContainerEdges&)edges
 {
     if (_fixedContainerEdges == edges)
diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
index b8c1f8485f3e5..66cdb573910f2 100644
--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebViewInternal.h
@@ -132,6 +132,7 @@ class ViewGestureController;
 
 @class WKContentView;
 @class WKPasswordView;
+@class WKScrollGeometry;
 @class WKScrollView;
 @class WKTextExtractionItem;
 @class WKTextExtractionRequest;
@@ -426,6 +427,8 @@ struct PerWebProcessState {
 #endif
 
     WebCore::FixedContainerEdges _fixedContainerEdges;
+
+    RetainPtr<WKScrollGeometry> _currentScrollGeometry;
 }
 
 - (BOOL)_isValid;
@@ -515,6 +518,7 @@ struct PerWebProcessState {
 #endif
 
 - (void)_updateFixedContainerEdges:(const WebCore::FixedContainerEdges&)edges;
+- (void)_updateScrollGeometryWithContentOffset:(CGPoint)contentOffset contentSize:(CGSize)contentSize;
 
 - (WKPageRef)_pageForTesting;
 - (NakedPtr<WebKit::WebPageProxy>)_page;
diff --git a/Source/WebKit/UIProcess/API/Swift/WKScrollGeometryAdapter.swift b/Source/WebKit/UIProcess/API/Swift/WKScrollGeometryAdapter.swift
new file mode 100644
index 0000000000000..30767b3d99aa8
--- /dev/null
+++ b/Source/WebKit/UIProcess/API/Swift/WKScrollGeometryAdapter.swift
@@ -0,0 +1,56 @@
+// Copyright (C) 2025 Apple Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+//    notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+//    notice, this list of conditions and the following disclaimer in the
+//    documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+
+#if ENABLE_SWIFTUI && compiler(>=6.0)
+
+public import Foundation
+internal import WebKit_Internal
+
+@_spi(CrossImportOverlay)
+public struct WKScrollGeometryAdapter {
+    @_spi(CrossImportOverlay)
+    public let containerSize: CGSize
+
+#if canImport(UIKit)
+    @_spi(CrossImportOverlay)
+    public let contentInsets: UIEdgeInsets
+#else
+    @_spi(CrossImportOverlay)
+    public let contentInsets: NSEdgeInsets
+#endif
+
+    @_spi(CrossImportOverlay)
+    public let contentOffset: CGPoint
+
+    @_spi(CrossImportOverlay)
+    public let contentSize: CGSize
+
+    init(_ geometry: WKScrollGeometry) {
+        self.containerSize = geometry.containerSize
+        self.contentInsets = geometry.contentInsets
+        self.contentOffset = geometry.contentOffset
+        self.contentSize = geometry.contentSize
+    }
+}
+
+#endif
diff --git a/Source/WebKit/UIProcess/API/Swift/WKUIDelegateAdapter.swift b/Source/WebKit/UIProcess/API/Swift/WKUIDelegateAdapter.swift
index e4d9e26f215d4..ea1364e8f1f10 100644
--- a/Source/WebKit/UIProcess/API/Swift/WKUIDelegateAdapter.swift
+++ b/Source/WebKit/UIProcess/API/Swift/WKUIDelegateAdapter.swift
@@ -25,6 +25,7 @@
 
 import Foundation
 internal import WebKit_Private
+internal import WebKit_Internal
 
 #if os(macOS) && !targetEnvironment(macCatalyst)
 @_spiOnly import WebKit_Private._WKContextMenuElementInfo
@@ -35,7 +36,7 @@ private struct DefaultDialogPresenting: DialogPresenting {
 }
 
 @MainActor
-final class WKUIDelegateAdapter: NSObject, WKUIDelegate {
+final class WKUIDelegateAdapter: NSObject, WKUIDelegatePrivate {
     init(dialogPresenter: (any DialogPresenting)?) {
         self.dialogPresenter = dialogPresenter ?? DefaultDialogPresenting()
     }
@@ -112,6 +113,11 @@ final class WKUIDelegateAdapter: NSObject, WKUIDelegate {
         return menuBuilder(info)
     }
 #endif
+
+    @objc(_webView:geometryDidChange:)
+    func _webView(_ webView: WKWebView!, geometryDidChange geometry: WKScrollGeometry) {
+        owner?.backingWebView.geometryDidChange(WKScrollGeometryAdapter(geometry))
+    }
 }
 
 #endif
diff --git a/Source/WebKit/UIProcess/API/Swift/WebPage.swift b/Source/WebKit/UIProcess/API/Swift/WebPage.swift
index 8200c3ec9603d..766676d08facd 100644
--- a/Source/WebKit/UIProcess/API/Swift/WebPage.swift
+++ b/Source/WebKit/UIProcess/API/Swift/WebPage.swift
@@ -26,6 +26,7 @@
 import Foundation
 import Observation
 internal import WebKit_Private
+internal import WebKit_Internal
 
 @MainActor
 @_spi(CrossImportOverlay)
@@ -52,6 +53,10 @@ public final class WebPageWebView: WKWebView {
         return super.supportsTextReplacement() && delegate.supportsTextReplacement()
     }
 #endif
+
+    func geometryDidChange(_ geometry: WKScrollGeometryAdapter) {
+        delegate?.geometryDidChange(geometry)
+    }
 }
 
 extension WebPageWebView {
@@ -65,6 +70,8 @@ extension WebPageWebView {
 
         func supportsTextReplacement() -> Bool
 #endif
+
+        func geometryDidChange(_ geometry: WKScrollGeometryAdapter)
     }
 }
 
diff --git a/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm b/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
index d51c3b8719d14..97278361a7127 100644
--- a/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
+++ b/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm
@@ -26,6 +26,7 @@
 #import "config.h"
 #import "PageClientImplCocoa.h"
 
+#import "APIUIClient.h"
 #import "RemoteLayerTreeTransaction.h"
 #import "WKTextAnimationType.h"
 #import "WKWebViewInternal.h"
@@ -440,6 +441,7 @@
 void PageClientImplCocoa::didCommitLayerTree(const RemoteLayerTreeTransaction& transaction)
 {
     [webView() _updateFixedContainerEdges:transaction.fixedContainerEdges()];
+    [webView() _updateScrollGeometryWithContentOffset:transaction.scrollPosition() contentSize:transaction.contentsSize()];
 }
 
 } // namespace WebKit
diff --git a/Source/WebKit/UIProcess/Cocoa/UIDelegate.mm b/Source/WebKit/UIProcess/Cocoa/UIDelegate.mm
index 9c9aa3fb440dc..da5818f79cb0f 100644
--- a/Source/WebKit/UIProcess/Cocoa/UIDelegate.mm
+++ b/Source/WebKit/UIProcess/Cocoa/UIDelegate.mm
@@ -46,9 +46,10 @@
 #import "WKNSDictionary.h"
 #import "WKNavigationActionInternal.h"
 #import "WKOpenPanelParametersInternal.h"
+#import "WKScrollGeometry.h"
 #import "WKSecurityOriginInternal.h"
 #import "WKStorageAccessAlert.h"
-#import "WKUIDelegatePrivate.h"
+#import "WKUIDelegateInternal.h"
 #import "WKWebViewConfigurationInternal.h"
 #import "WKWebViewInternal.h"
 #import "WKWindowFeaturesInternal.h"
diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
index 6f91c07e92055..53f900a159560 100644
--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj
+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj
@@ -166,8 +166,6 @@
 		074F34812CC5F7D500CA5301 /* WKIntelligenceTextEffectCoordinator.h in Headers */ = {isa = PBXBuildFile; fileRef = 074F34802CC5F7D500CA5301 /* WKIntelligenceTextEffectCoordinator.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		075A9CF326169BAB006DFA3A /* MediaSessionCoordinatorProxyPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 077BA570260E8F630072F19F /* MediaSessionCoordinatorProxyPrivate.h */; };
 		076867FF2D4C283E004DA801 /* WebViewRepresentable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F72D4C26A8004DA801 /* WebViewRepresentable.swift */; };
-		076868002D4C2848004DA801 /* CocoaWebViewAdapter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F42D4C26A8004DA801 /* CocoaWebViewAdapter.swift */; };
-		076868012D4C2853004DA801 /* PlatformTextSearching.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F52D4C26A8004DA801 /* PlatformTextSearching.swift */; };
 		076868022D4C285B004DA801 /* WebView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F62D4C26A8004DA801 /* WebView.swift */; };
 		076868032D4C2867004DA801 /* View+WebViewModifiers.swift in Sources */ = {isa = PBXBuildFile; fileRef = 078B04B52CF2B4D300B453A6 /* View+WebViewModifiers.swift */; };
 		076897EE2D07B0BE006F9FA7 /* WebPage+DialogPresenting.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076897ED2D07B0BE006F9FA7 /* WebPage+DialogPresenting.swift */; };
@@ -183,9 +181,16 @@
 		078B04B42CF1A27F00B453A6 /* WebPage+FrameInfo.swift in Sources */ = {isa = PBXBuildFile; fileRef = 078B04B32CF1A27F00B453A6 /* WebPage+FrameInfo.swift */; };
 		0792314C239CBCB8009598E2 /* RemoteMediaPlayerManagerProxyMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 07923146239CBCB7009598E2 /* RemoteMediaPlayerManagerProxyMessages.h */; };
 		079D1D9A26960CD300883577 /* SystemStatusSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 079D1D9926960CD300883577 /* SystemStatusSPI.h */; };
+		07A33C9A2D67BE2200F30A05 /* WKScrollGeometry.h in Headers */ = {isa = PBXBuildFile; fileRef = 07A33C992D67BE2200F30A05 /* WKScrollGeometry.h */; };
 		07A4CEC72D0933E700764F5E /* WebPageNavigationAction+SwiftUI.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07A4CEC62D0933E700764F5E /* WebPageNavigationAction+SwiftUI.swift */; };
-		07A4FAC82D4C4A0D004474F5 /* Foundation+Extras.swift in Sources */ = {isa = PBXBuildFile; fileRef = 073EFBB72D0F448500FAE7CF /* Foundation+Extras.swift */; };
 		07A5EBBC1C7BA43E00B9CA69 /* WKFrameHandleRef.h in Headers */ = {isa = PBXBuildFile; fileRef = 07A5EBBA1C7BA43E00B9CA69 /* WKFrameHandleRef.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		07AF79CF2D68E1DB004E8D3A /* CocoaWebViewAdapter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F42D4C26A8004DA801 /* CocoaWebViewAdapter.swift */; };
+		07AF79D02D68E210004E8D3A /* ViewModifierContexts.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07A33C9E2D67EEF600F30A05 /* ViewModifierContexts.swift */; };
+		07AF79D12D68E67F004E8D3A /* PlatformTextSearching.swift in Sources */ = {isa = PBXBuildFile; fileRef = 076867F52D4C26A8004DA801 /* PlatformTextSearching.swift */; };
+		07AF79DD2D6938A1004E8D3A /* Foundation+Extras.swift in Sources */ = {isa = PBXBuildFile; fileRef = 073EFBB72D0F448500FAE7CF /* Foundation+Extras.swift */; };
+		07AF79DF2D693BAA004E8D3A /* SwiftUI+Extras.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07AF79DE2D693BAA004E8D3A /* SwiftUI+Extras.swift */; };
+		07AF79E12D693DD7004E8D3A /* WKScrollGeometryAdapter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07AF79E02D693DD7004E8D3A /* WKScrollGeometryAdapter.swift */; };
+		07AF79E92D695195004E8D3A /* WKUIDelegateInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 07AF79E82D695195004E8D3A /* WKUIDelegateInternal.h */; };
 		07CB79962CE9435700199C49 /* WebPage.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07CB79952CE9435700199C49 /* WebPage.swift */; };
 		07CB79982CE943E400199C49 /* WKNavigationDelegateAdapter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 07CB79972CE943E400199C49 /* WKNavigationDelegateAdapter.swift */; };
 		07CF2D512C2147A50064DF23 /* PlatformWritingToolsUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 07CA7FE92C20FAAA00798167 /* PlatformWritingToolsUtilities.h */; };
@@ -3199,6 +3204,9 @@
 		0794B4AF24452A2C0001B9C4 /* MediaUsageManagerCocoa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MediaUsageManagerCocoa.h; sourceTree = "<group>"; };
 		079D1D9926960CD300883577 /* SystemStatusSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SystemStatusSPI.h; sourceTree = "<group>"; };
 		079D1D9C2698DBD000883577 /* cocoa */ = {isa = PBXFileReference; lastKnownFileType = folder; path = cocoa; sourceTree = "<group>"; };
+		07A33C992D67BE2200F30A05 /* WKScrollGeometry.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WKScrollGeometry.h; sourceTree = "<group>"; };
+		07A33C9B2D67BF3000F30A05 /* WKScrollGeometry.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WKScrollGeometry.mm; sourceTree = "<group>"; };
+		07A33C9E2D67EEF600F30A05 /* ViewModifierContexts.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewModifierContexts.swift; sourceTree = "<group>"; };
 		07A4CEC62D0933E700764F5E /* WebPageNavigationAction+SwiftUI.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "WebPageNavigationAction+SwiftUI.swift"; sourceTree = "<group>"; };
 		07A5EBB91C7BA43E00B9CA69 /* WKFrameHandleRef.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WKFrameHandleRef.cpp; sourceTree = "<group>"; };
 		07A5EBBA1C7BA43E00B9CA69 /* WKFrameHandleRef.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKFrameHandleRef.h; sourceTree = "<group>"; };
@@ -3206,6 +3214,9 @@
 		07A6E5E4260E411400959478 /* RemoteMediaSessionCoordinatorMessageReceiver.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = RemoteMediaSessionCoordinatorMessageReceiver.cpp; sourceTree = "<group>"; };
 		07A6E5E5260E411500959478 /* RemoteMediaSessionCoordinatorProxyMessages.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteMediaSessionCoordinatorProxyMessages.h; sourceTree = "<group>"; };
 		07A6E5E7260E411600959478 /* RemoteMediaSessionCoordinatorMessages.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteMediaSessionCoordinatorMessages.h; sourceTree = "<group>"; };
+		07AF79DE2D693BAA004E8D3A /* SwiftUI+Extras.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SwiftUI+Extras.swift"; sourceTree = "<group>"; };
+		07AF79E02D693DD7004E8D3A /* WKScrollGeometryAdapter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WKScrollGeometryAdapter.swift; sourceTree = "<group>"; };
+		07AF79E82D695195004E8D3A /* WKUIDelegateInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WKUIDelegateInternal.h; sourceTree = "<group>"; };
 		07B1D04B23D38FCE00399A6E /* MediaPlayerPrivateRemote.messages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = MediaPlayerPrivateRemote.messages.in; sourceTree = "<group>"; };
 		07B3B46F23AB2CB300BA5B12 /* RemoteMediaPlayerState.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteMediaPlayerState.h; sourceTree = "<group>"; };
 		07B3B47523AD890400BA5B12 /* RemoteMediaPlayerProxyConfiguration.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteMediaPlayerProxyConfiguration.h; sourceTree = "<group>"; };
@@ -7075,9 +7086,6 @@
 		99A514612D5AC33F00937177 /* WebDriverBidiFrontendDispatchers.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebDriverBidiFrontendDispatchers.cpp; sourceTree = "<group>"; };
 		99A514622D5AC33F00937177 /* WebDriverBidiProtocolObjects.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebDriverBidiProtocolObjects.h; sourceTree = "<group>"; };
 		99A514632D5AC33F00937177 /* WebDriverBidiProtocolObjects.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebDriverBidiProtocolObjects.cpp; sourceTree = "<group>"; };
-		99A514992D5C0CA000937177 /* BidiBrowser.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = BidiBrowser.json; sourceTree = "<group>"; };
-		99A5149A2D5C0CA000937177 /* BidiBrowsingContext.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = BidiBrowsingContext.json; sourceTree = "<group>"; };
-		99A5149D2D5C0CF600937177 /* BidiLog.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = BidiLog.json; sourceTree = "<group>"; };
 		99A7ACE326012919006D57FD /* WKInspectorResourceURLSchemeHandler.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WKInspectorResourceURLSchemeHandler.h; sourceTree = "<group>"; };
 		99A7ACE42601291A006D57FD /* WKInspectorResourceURLSchemeHandler.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WKInspectorResourceURLSchemeHandler.mm; sourceTree = "<group>"; };
 		99B16754252BB7E00073140E /* _WKInspectorExtension.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKInspectorExtension.h; sourceTree = "<group>"; };
@@ -8655,7 +8663,9 @@
 				073EFBB72D0F448500FAE7CF /* Foundation+Extras.swift */,
 				07275C832D00F782002315A5 /* Info.plist */,
 				076867F52D4C26A8004DA801 /* PlatformTextSearching.swift */,
+				07AF79DE2D693BAA004E8D3A /* SwiftUI+Extras.swift */,
 				078B04B52CF2B4D300B453A6 /* View+WebViewModifiers.swift */,
+				07A33C9E2D67EEF600F30A05 /* ViewModifierContexts.swift */,
 				07275C622D00D32D002315A5 /* WebPage+SwiftUI.swift */,
 				07A4CEC62D0933E700764F5E /* WebPageNavigationAction+SwiftUI.swift */,
 				076867F62D4C26A8004DA801 /* WebView.swift */,
@@ -8919,6 +8929,7 @@
 				07CB79952CE9435700199C49 /* WebPage.swift */,
 				0718F1162D1C73450060C030 /* WKDownloadDelegateAdapter.swift */,
 				07CB79972CE943E400199C49 /* WKNavigationDelegateAdapter.swift */,
+				07AF79E02D693DD7004E8D3A /* WKScrollGeometryAdapter.swift */,
 				076897EF2D07B330006F9FA7 /* WKUIDelegateAdapter.swift */,
 			);
 			path = Swift;
@@ -11953,6 +11964,8 @@
 				1A7E377418E4A33A003D0FFF /* WKScriptMessageHandler.h */,
 				5109099423D41F13003B1E4C /* WKScriptMessageHandlerWithReply.h */,
 				7CC99A3518EF7CBC0048C8B4 /* WKScriptMessageInternal.h */,
+				07A33C992D67BE2200F30A05 /* WKScrollGeometry.h */,
+				07A33C9B2D67BF3000F30A05 /* WKScrollGeometry.mm */,
 				51CD1C5F1B34B9C900142CA5 /* WKSecurityOrigin.h */,
 				51CD1C601B34B9C900142CA5 /* WKSecurityOrigin.mm */,
 				51CD1C611B34B9C900142CA5 /* WKSecurityOriginInternal.h */,
@@ -11961,6 +11974,7 @@
 				93F549B51E3174DA000E7239 /* WKSnapshotConfiguration.mm */,
 				DF7A231B291B088D00B98DF3 /* WKSnapshotConfigurationPrivate.h */,
 				1AD8790918B6C38A006CAFD7 /* WKUIDelegate.h */,
+				07AF79E82D695195004E8D3A /* WKUIDelegateInternal.h */,
 				3743925718BC4C60001C8675 /* WKUIDelegatePrivate.h */,
 				51D1242D1E6DDDD7002B2820 /* WKURLSchemeHandler.h */,
 				51D1242F1E6DDDD7002B2820 /* WKURLSchemeTask.h */,
@@ -13821,16 +13835,6 @@
 			path = Automation;
 			sourceTree = "<group>";
 		};
-		99A5149C2D5C0CA000937177 /* protocol */ = {
-			isa = PBXGroup;
-			children = (
-				99A514992D5C0CA000937177 /* BidiBrowser.json */,
-				99A5149A2D5C0CA000937177 /* BidiBrowsingContext.json */,
-				99A5149D2D5C0CF600937177 /* BidiLog.json */,
-			);
-			path = protocol;
-			sourceTree = "<group>";
-		};
 		99C3AE221DAD8E1400AF5C16 /* mac */ = {
 			isa = PBXGroup;
 			children = (
@@ -17961,6 +17965,7 @@
 				1A7E377518E4A33A003D0FFF /* WKScriptMessageHandler.h in Headers */,
 				5109099723DACBF2003B1E4C /* WKScriptMessageHandlerWithReply.h in Headers */,
 				7CC99A3618EF7CBC0048C8B4 /* WKScriptMessageInternal.h in Headers */,
+				07A33C9A2D67BE2200F30A05 /* WKScrollGeometry.h in Headers */,
 				0FCB4E5418BBE044000FCFC9 /* WKScrollView.h in Headers */,
 				F416F1C02C5C3E360085D8DD /* WKScrollViewTrackingTapGestureRecognizer.h in Headers */,
 				51CD1C651B34B9D400142CA5 /* WKSecurityOrigin.h in Headers */,
@@ -18006,6 +18011,7 @@
 				F4E727232A547F0400CE34FD /* WKTouchEventsGestureRecognizerTypes.h in Headers */,
 				BC407608124FF0270068F20A /* WKType.h in Headers */,
 				1AD8790A18B6C38A006CAFD7 /* WKUIDelegate.h in Headers */,
+				07AF79E92D695195004E8D3A /* WKUIDelegateInternal.h in Headers */,
 				3743925818BC4C60001C8675 /* WKUIDelegatePrivate.h in Headers */,
 				BC40760A124FF0270068F20A /* WKURL.h in Headers */,
 				BC40761C124FF0370068F20A /* WKURLCF.h in Headers */,
@@ -19830,12 +19836,14 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				076868002D4C2848004DA801 /* CocoaWebViewAdapter.swift in Sources */,
+				07AF79CF2D68E1DB004E8D3A /* CocoaWebViewAdapter.swift in Sources */,
 				07275C612D00CD24002315A5 /* CrossImportOverlay.swift in Sources */,
 				07275C8F2D011396002315A5 /* Empty.swift in Sources */,
-				07A4FAC82D4C4A0D004474F5 /* Foundation+Extras.swift in Sources */,
-				076868012D4C2853004DA801 /* PlatformTextSearching.swift in Sources */,
+				07AF79DD2D6938A1004E8D3A /* Foundation+Extras.swift in Sources */,
+				07AF79D12D68E67F004E8D3A /* PlatformTextSearching.swift in Sources */,
+				07AF79DF2D693BAA004E8D3A /* SwiftUI+Extras.swift in Sources */,
 				076868032D4C2867004DA801 /* View+WebViewModifiers.swift in Sources */,
+				07AF79D02D68E210004E8D3A /* ViewModifierContexts.swift in Sources */,
 				07275C632D00D32D002315A5 /* WebPage+SwiftUI.swift in Sources */,
 				07A4CEC72D0933E700764F5E /* WebPageNavigationAction+SwiftUI.swift in Sources */,
 				076868022D4C285B004DA801 /* WebView.swift in Sources */,
@@ -20441,6 +20449,7 @@
 				07CB79982CE943E400199C49 /* WKNavigationDelegateAdapter.swift in Sources */,
 				DF84CEE4249AA24D009096F6 /* WKPDFHUDView.mm in Sources */,
 				E31869C42B1A7C2400571519 /* WKProcessExtension.mm in Sources */,
+				07AF79E12D693DD7004E8D3A /* WKScrollGeometryAdapter.swift in Sources */,
 				B62449482CF672D800CBB3CF /* WKSeparatedImageView.mm in Sources */,
 				B66047412CED45F600ADE38E /* WKSeparatedImageView.swift in Sources */,
 				1DB01944211CF005009FB3E8 /* WKShareSheet.mm in Sources */,
diff --git a/Source/WebKit/_WebKit_SwiftUI/CocoaWebViewAdapter.swift b/Source/WebKit/_WebKit_SwiftUI/CocoaWebViewAdapter.swift
index bf084c307ccc4..b05c85a2e2965 100644
--- a/Source/WebKit/_WebKit_SwiftUI/CocoaWebViewAdapter.swift
+++ b/Source/WebKit/_WebKit_SwiftUI/CocoaWebViewAdapter.swift
@@ -25,7 +25,6 @@
 
 public import SwiftUI
 @_spi(Private) @_spi(CrossImportOverlay) import WebKit
-internal import WebKit_Internal
 
 #if canImport(UIKit)
 typealias PlatformView = UIView
@@ -155,6 +154,11 @@ class CocoaWebViewAdapter: PlatformView, PlatformTextSearching {
     }
 #endif
 
+    // MARK: Scroll Geometry
+
+    var onScrollGeometryChange: OnScrollGeometryChangeContext?
+    private var currentScrollGeometry = ScrollGeometry(contentOffset: .zero, contentSize: .zero, contentInsets: .init(), containerSize: .zero)
+
     // MARK: Constraints
 
     private var webViewConstraints: [NSLayoutConstraint] = []
@@ -248,6 +252,29 @@ extension CocoaWebViewAdapter: WebPageWebView.Delegate {
         findContext?.canReplace ?? false
     }
 #endif
+
+    func geometryDidChange(_ geometry: WKScrollGeometryAdapter) {
+        let newScrollGeometry = ScrollGeometry(geometry)
+
+        defer {
+            self.currentScrollGeometry = newScrollGeometry
+        }
+
+        let oldScrollGeometry = self.currentScrollGeometry
+
+        guard let onScrollGeometryChange = self.onScrollGeometryChange else {
+            return
+        }
+
+        let transformedNew = onScrollGeometryChange.transform(newScrollGeometry)
+        let transformedOld = onScrollGeometryChange.transform(oldScrollGeometry)
+
+        guard transformedOld != transformedNew else {
+            return
+        }
+
+        onScrollGeometryChange.action(transformedOld, transformedNew)
+    }
 }
 
 #endif
diff --git a/Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift b/Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift
index 3520069981c59..5aa7aaab18b99 100644
--- a/Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift
+++ b/Source/WebKit/_WebKit_SwiftUI/Foundation+Extras.swift
@@ -34,4 +34,18 @@ func onNextMainRunLoop(do body: @escaping @MainActor () -> Void) {
     }
 }
 
+struct AnyEquatable: Equatable {
+    let value: Any
+    private let equals: (Any) -> Bool
+
+    init<E: Equatable>(_ value: E) {
+        self.value = value
+        self.equals = { ($0 as! E) == value }
+    }
+
+    static func == (lhs: AnyEquatable, rhs: AnyEquatable) -> Bool {
+        lhs.equals(rhs.value)
+    }
+}
+
 #endif
diff --git a/Source/WebKit/_WebKit_SwiftUI/SwiftUI+Extras.swift b/Source/WebKit/_WebKit_SwiftUI/SwiftUI+Extras.swift
new file mode 100644
index 0000000000000..eac031d8655a9
--- /dev/null
+++ b/Source/WebKit/_WebKit_SwiftUI/SwiftUI+Extras.swift
@@ -0,0 +1,43 @@
+// Copyright (C) 2025 Apple Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+//    notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+//    notice, this list of conditions and the following disclaimer in the
+//    documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+
+public import SwiftUI
+@_spi(CrossImportOverlay) public import WebKit
+
+extension EdgeInsets {
+#if canImport(UIKit)
+    init(_ edgeInsets: UIEdgeInsets) {
+        self = EdgeInsets(top: edgeInsets.top, leading: edgeInsets.left, bottom: edgeInsets.bottom, trailing: edgeInsets.right)
+    }
+#else
+    init(_ edgeInsets: NSEdgeInsets) {
+        self = EdgeInsets(top: edgeInsets.top, leading: edgeInsets.left, bottom: edgeInsets.bottom, trailing: edgeInsets.right)
+    }
+#endif
+}
+
+extension ScrollGeometry {
+    init(_ geometry: WKScrollGeometryAdapter) {
+        self = ScrollGeometry(contentOffset: geometry.contentOffset, contentSize: geometry.contentSize, contentInsets: EdgeInsets(geometry.contentInsets), containerSize: geometry.containerSize)
+    }
+}
diff --git a/Source/WebKit/_WebKit_SwiftUI/View+WebViewModifiers.swift b/Source/WebKit/_WebKit_SwiftUI/View+WebViewModifiers.swift
index d4a2aec388ffd..fa82ced2572b7 100644
--- a/Source/WebKit/_WebKit_SwiftUI/View+WebViewModifiers.swift
+++ b/Source/WebKit/_WebKit_SwiftUI/View+WebViewModifiers.swift
@@ -46,6 +46,9 @@ extension EnvironmentValues {
 
     @Entry
     var webViewContentBackground: Visibility = .automatic
+
+    @Entry
+    var webViewOnScrollGeometryChange: OnScrollGeometryChangeContext? = nil
 }
 
 extension View {
@@ -108,16 +111,19 @@ extension View {
     public func webViewContentBackground(_ visibility: Visibility) -> some View {
         environment(\.webViewContentBackground, visibility)
     }
-}
 
-struct ContextMenuContext {
-#if os(macOS)
-    let menu: (WebPage.ElementInfo) -> NSMenu
-#endif
-}
+    @_spi(Private)
+    public func webViewOnScrollGeometryChange<T>(
+        for type: T.Type,
+        of transform: @escaping (ScrollGeometry) -> T,
+        action: @escaping (T, T) -> Void
+    ) -> some View where T : Equatable {
+        let change = OnScrollGeometryChangeContext {
+            AnyEquatable(transform($0))
+        } action: {
+            action($0.value as! T, $1.value as! T)
+        }
 
-struct FindContext {
-    var isPresented: Binding<Bool>?
-    var canFind = true
-    var canReplace = true
+        return environment(\.webViewOnScrollGeometryChange, change)
+    }
 }
diff --git a/Source/WebKit/_WebKit_SwiftUI/ViewModifierContexts.swift b/Source/WebKit/_WebKit_SwiftUI/ViewModifierContexts.swift
new file mode 100644
index 0000000000000..264636e8badf9
--- /dev/null
+++ b/Source/WebKit/_WebKit_SwiftUI/ViewModifierContexts.swift
@@ -0,0 +1,42 @@
+// Copyright (C) 2025 Apple Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+//    notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+//    notice, this list of conditions and the following disclaimer in the
+//    documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+
+internal import SwiftUI
+@_spi(Private) @_spi(CrossImportOverlay) internal import WebKit
+
+struct ContextMenuContext {
+#if os(macOS)
+    let menu: (WebPage.ElementInfo) -> NSMenu
+#endif
+}
+
+struct OnScrollGeometryChangeContext {
+    let transform: (ScrollGeometry) -> AnyEquatable
+    let action: (AnyEquatable, AnyEquatable) -> Void
+}
+
+struct FindContext {
+    var isPresented: Binding<Bool>?
+    var canFind = true
+    var canReplace = true
+}
diff --git a/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift b/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
index 9af54e82e2d99..c0d887c73f1c6 100644
--- a/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
+++ b/Source/WebKit/_WebKit_SwiftUI/WebViewRepresentable.swift
@@ -23,7 +23,6 @@
 
 internal import SwiftUI
 @_spi(Private) @_spi(CrossImportOverlay) import WebKit
-internal import WebKit_Internal
 
 @MainActor
 struct WebViewRepresentable {
@@ -83,6 +82,8 @@ struct WebViewRepresentable {
         webView.configuration.preferences.isTextInteractionEnabled = environment.webViewTextSelection
         webView.configuration.preferences.isElementFullscreenEnabled = environment.webViewAllowsElementFullscreen
 
+        platformView.onScrollGeometryChange = environment.webViewOnScrollGeometryChange
+
         context.coordinator.update(platformView, configuration: self, environment: environment)
 
 #if os(macOS) && !targetEnvironment(macCatalyst)

From 0ee109c50d1f7066d48f5957e0b644dad2092a92 Mon Sep 17 00:00:00 2001
From: Geoffrey Garen <ggaren@apple.com>
Date: Mon, 24 Feb 2025 12:46:57 -0800
Subject: [PATCH 146/174] Unreviewed, re-landing 290928@main
 https://bugs.webkit.org/show_bug.cgi?id=288379 rdar://145490867
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed the Safari build.

Re-landed changeset:

"RetainPtr’s leakRef() and move constructors are incorrect when ARC is enabled"

* Source/WTF/wtf/RetainPtr.h:
(WTF::RetainPtr::RetainPtr):
(WTF::RetainPtr::isHashTableDeletedValue const):
(WTF::RetainPtr::get const):
(WTF::RetainPtr::operator-> const):
(WTF::RetainPtr::operator PtrType const):
(WTF::RetainPtr::hashTableDeletedValue):
(WTF::RetainPtr::retainFoundationPtr):
(WTF::RetainPtr::releaseFoundationPtr):
(WTF::RetainPtr::autoreleaseFoundationPtr):
(WTF::RetainPtr<T>::~RetainPtr):
(WTF::RetainPtr<T>::RetainPtr):
(WTF::RetainPtr<T>::clear):
(WTF::RetainPtr<T>::autorelease):
(WTF::adoptCF):
(WTF::adoptNS):
(WTF::RetainPtr::checkType): Deleted.
(WTF::RetainPtr::fromStorageTypeHelper): Deleted.
(WTF::RetainPtr::fromStorageType): Deleted.
(WTF::RetainPtr::toStorageType): Deleted.
* Source/WTF/wtf/cocoa/TypeCastsCocoa.h:
* Source/WebCore/bridge/objc/objc_runtime.h:
* Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h:
* Source/WebCore/platform/network/cf/AuthenticationChallenge.h:
* Tools/DumpRenderTree/AccessibilityUIElement.cpp:
(getIsValidCallback):
(AccessibilityUIElement::makeJSAccessibilityUIElement):
(AccessibilityUIElement::isEqual): Deleted.
* Tools/DumpRenderTree/AccessibilityUIElement.h:
(AccessibilityUIElement::hasPlatformUIElement const):
* Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm:
(AccessibilityUIElement::isEqual):
* Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm:
(AccessibilityTextMarker::AccessibilityTextMarker):
* Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm:
(AccessibilityUIElement::isEqual):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm:
(TestWebKitAPI::TEST(TypeCastsCocoa, bridge_cast)):
* Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm:
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromMutableNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromSimilarNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, ConstructionFromSimilarNSTypeReversed)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSType)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSTypeReversed)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, BridgingAutorelease)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, URLBridgeCast)):
(TestWebKitAPI::TEST(RETAIN_PTR_TEST_NAME, HashMapCFTypeDeletedValue)):
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp:
(WTR::AccessibilityTextMarker::AccessibilityTextMarker):
(WTR::AccessibilityTextMarker::platformTextMarker const): Deleted.
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h:
(WTR::AccessibilityTextMarker::platformTextMarker const):
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp:
(WTR::AccessibilityTextMarkerRange::AccessibilityTextMarkerRange):
(WTR::AccessibilityTextMarkerRange::platformTextMarkerRange const): Deleted.
* Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h:
(WTR::AccessibilityTextMarkerRange::platformTextMarkerRange const):

Canonical link: https://commits.webkit.org/290967@main
---
 Source/WTF/wtf/RetainPtr.h                    | 137 +++++++++---------
 Source/WTF/wtf/cocoa/TypeCastsCocoa.h         |   2 +-
 Source/WebCore/bridge/objc/objc_runtime.h     |   4 +-
 .../PlatformSpeechSynthesisUtterance.h        |   2 +-
 .../network/cf/AuthenticationChallenge.h      |   2 +
 .../DumpRenderTree/AccessibilityUIElement.cpp |  13 +-
 Tools/DumpRenderTree/AccessibilityUIElement.h |   4 +
 .../ios/AccessibilityUIElementIOS.mm          |   7 +
 .../mac/AccessibilityTextMarkerMac.mm         |   2 +-
 .../mac/AccessibilityUIElementMac.mm          |   7 +
 .../Tests/WTF/cocoa/TypeCastsCocoa.mm         |  46 ++++--
 Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm |  59 ++++++--
 .../AccessibilityTextMarker.cpp               |  11 +-
 .../InjectedBundle/AccessibilityTextMarker.h  |  14 ++
 .../AccessibilityTextMarkerRange.cpp          |  11 +-
 .../AccessibilityTextMarkerRange.h            |  16 +-
 16 files changed, 205 insertions(+), 132 deletions(-)

diff --git a/Source/WTF/wtf/RetainPtr.h b/Source/WTF/wtf/RetainPtr.h
index 96333b2875ef0..4ed5ee49a5cfb 100644
--- a/Source/WTF/wtf/RetainPtr.h
+++ b/Source/WTF/wtf/RetainPtr.h
@@ -77,42 +77,48 @@ template<typename T> class RetainPtr;
 template<typename T> constexpr bool IsNSType = std::is_convertible_v<T, id>;
 template<typename T> using RetainPtrType = std::conditional_t<IsNSType<T>, std::remove_pointer_t<T>, T>;
 
-template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-#ifdef __OBJC__
-template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
-#endif
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 template<typename T> class RetainPtr {
 public:
     using ValueType = std::remove_pointer_t<T>;
     using PtrType = ValueType*;
 
+#ifdef __OBJC__
+    using StorageType = PtrType;
+#else
+    // Type pun id to CFTypeRef in C++ files. This is valid because they're ABI equivalent.
+    using StorageType = std::conditional_t<IsNSType<PtrType>, CFTypeRef, PtrType>;
+#endif
+
     RetainPtr() = default;
     RetainPtr(PtrType);
 
     RetainPtr(const RetainPtr&);
     template<typename U> RetainPtr(const RetainPtr<U>&);
 
-    constexpr RetainPtr(RetainPtr&& o) : m_ptr(toStorageType(o.leakRef())) { }
-    template<typename U> constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(toStorageType(checkType(o.leakRef()))) { }
+    constexpr RetainPtr(RetainPtr&& o) : m_ptr(o.leakRef()) { }
+    template<typename U, typename = std::enable_if_t<std::is_convertible_v<typename RetainPtr<RetainPtrType<U>>::PtrType, PtrType>>>
+    constexpr RetainPtr(RetainPtr<U>&& o) : m_ptr(o.leakRef()) { }
 
     // Hash table deleted values, which are only constructed and never copied or destroyed.
-    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(toStorageType(hashTableDeletedValue())) { }
-    constexpr bool isHashTableDeletedValue() const { return m_ptr == toStorageType(hashTableDeletedValue()); }
+    constexpr RetainPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
+    constexpr bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
 
     ~RetainPtr();
 
     void clear();
 
-    template<typename U = PtrType>
-    std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return fromStorageType(std::exchange(m_ptr, nullptr));
+    template<typename U = StorageType>
+    std::enable_if_t<IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() NS_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return std::exchange(m_ptr, nullptr);
     }
 
-    template<typename U = PtrType>
-    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
-        return fromStorageType(std::exchange(m_ptr, nullptr));
+    template<typename U = StorageType>
+    std::enable_if_t<!IsNSType<U> && std::is_same_v<U, StorageType>, StorageType> leakRef() CF_RETURNS_RETAINED WARN_UNUSED_RETURN {
+        return std::exchange(m_ptr, nullptr);
     }
 
 #if HAVE(CFAUTORELEASE)
@@ -123,9 +129,9 @@ template<typename T> class RetainPtr {
     id bridgingAutorelease();
 #endif
 
-    constexpr PtrType get() const { return fromStorageType(m_ptr); }
-    constexpr PtrType operator->() const { return fromStorageType(m_ptr); }
-    constexpr explicit operator PtrType() const { return fromStorageType(m_ptr); }
+    constexpr PtrType get() const { return m_ptr; }
+    constexpr PtrType operator->() const { return m_ptr; }
+    constexpr explicit operator PtrType() const { return m_ptr; }
     constexpr explicit operator bool() const { return m_ptr; }
 
     constexpr bool operator!() const { return !m_ptr; }
@@ -140,44 +146,44 @@ template<typename T> class RetainPtr {
 
     void swap(RetainPtr&);
 
-    template<typename U> friend constexpr RetainPtr<U> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
+    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptCF(U CF_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
-#ifdef __OBJC__
-    template<typename U> friend RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
-#endif
+    template<typename U> friend constexpr RetainPtr<RetainPtrType<U>> adoptNS(U NS_RELEASES_ARGUMENT) WARN_UNUSED_RETURN;
 
 private:
     enum AdoptTag { Adopt };
-    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(toStorageType(ptr)) { }
+    constexpr RetainPtr(PtrType ptr, AdoptTag) : m_ptr(ptr) { }
 
-    static constexpr PtrType checkType(PtrType ptr) { return ptr; }
+#if __has_feature(objc_arc)
+    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_isTaggedPointer() in <objc-internal.h>.
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> hashTableDeletedValue() { return (__bridge PtrType)(void*)-1; }
 
-    // ARC will try to retain/release this value, but it looks like a tagged immediate, so retain/release ends up being a no-op -- see _objc_registerTaggedPointerClass.
-    static constexpr PtrType hashTableDeletedValue() { return fromStorageType(reinterpret_cast<CFTypeRef>(-1)); }
+    template<typename U = PtrType>
+    static constexpr std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> hashTableDeletedValue() { return reinterpret_cast<PtrType>(-1); }
+#else
+    static constexpr PtrType hashTableDeletedValue() { return reinterpret_cast<PtrType>(-1); }
+#endif
+
+    static inline void retainFoundationPtr(CFTypeRef ptr) { CFRetain(ptr); }
+    static inline void releaseFoundationPtr(CFTypeRef ptr) { CFRelease(ptr); }
+#if HAVE(CFAUTORELEASE)
+    static inline void autoreleaseFoundationPtr(CFTypeRef ptr) { CFAutorelease(ptr); }
+#endif
 
 #ifdef __OBJC__
-    template<typename U = PtrType>
-    static constexpr std::enable_if_t<IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
-    {
-        return (__bridge PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    template<typename U = PtrType>
-    static constexpr std::enable_if_t<!IsNSType<U> && std::is_same_v<U, PtrType>, PtrType> fromStorageTypeHelper(CFTypeRef ptr)
-    {
-        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    static constexpr PtrType fromStorageType(CFTypeRef ptr) { return fromStorageTypeHelper<PtrType>(ptr); }
-    static constexpr CFTypeRef toStorageType(id ptr) { return (__bridge CFTypeRef)ptr; }
-    static constexpr CFTypeRef toStorageType(CFTypeRef ptr) { return ptr; }
+#if __has_feature(objc_arc)
+    static inline void retainFoundationPtr(id) { }
+    static inline void releaseFoundationPtr(id) { }
+    static inline void autoreleaseFoundationPtr(id) { }
 #else
-    static constexpr PtrType fromStorageType(CFTypeRef ptr)
-    {
-        return (PtrType)const_cast<CF_BRIDGED_TYPE(id) void*>(ptr);
-    }
-    static constexpr CFTypeRef toStorageType(PtrType ptr) { return (CFTypeRef)ptr; }
+    static inline void retainFoundationPtr(id ptr) { [ptr retain]; }
+    static inline void releaseFoundationPtr(id ptr) { [ptr release]; }
+    static inline void autoreleaseFoundationPtr(id ptr) { [ptr autorelease]; }
+#endif
 #endif
 
-    CFTypeRef m_ptr { nullptr };
+    StorageType m_ptr { nullptr };
 };
 
 template<typename T> RetainPtr(T) -> RetainPtr<RetainPtrType<T>>;
@@ -188,19 +194,21 @@ template<typename T> RetainPtr<RetainPtrType<T>> retainPtr(T) WARN_UNUSED_RETURN
 template<typename T> inline RetainPtr<T>::~RetainPtr()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        CFRelease(ptr);
+        releaseFoundationPtr(ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(PtrType ptr)
-    : m_ptr(toStorageType(ptr))
+    : m_ptr(ptr)
 {
     if (m_ptr)
-        CFRetain(m_ptr);
+        retainFoundationPtr(m_ptr);
 }
 
 template<typename T> inline RetainPtr<T>::RetainPtr(const RetainPtr& o)
-    : RetainPtr(o.get())
+    : m_ptr(o.m_ptr)
 {
+    if (m_ptr)
+        retainFoundationPtr(m_ptr);
 }
 
 template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const RetainPtr<U>& o)
@@ -211,32 +219,27 @@ template<typename T> template<typename U> inline RetainPtr<T>::RetainPtr(const R
 template<typename T> inline void RetainPtr<T>::clear()
 {
     if (auto ptr = std::exchange(m_ptr, nullptr))
-        CFRelease(ptr);
+        releaseFoundationPtr(ptr);
 }
 
 #if HAVE(CFAUTORELEASE)
 template<typename T> inline auto RetainPtr<T>::autorelease() -> PtrType
 {
-#ifdef __OBJC__
-    if constexpr (IsNSType<PtrType>)
-        return CFBridgingRelease(std::exchange(m_ptr, nullptr));
-#endif
-    if (m_ptr)
-        CFAutorelease(m_ptr);
-    return leakRef();
+    auto ptr = std::exchange(m_ptr, nullptr);
+    if (ptr)
+        autoreleaseFoundationPtr(ptr);
+    return ptr;
 }
-#endif // PLATFORM(COCOA)
+#endif // HAVE(CFAUTORELEASE)
 
 #ifdef __OBJC__
-
 // FIXME: It would be better if we could base the return type on the type that is toll-free bridged with T rather than using id.
 template<typename T> inline id RetainPtr<T>::bridgingAutorelease()
 {
     static_assert(!IsNSType<PtrType>, "Don't use bridgingAutorelease for Objective-C pointer types.");
     return CFBridgingRelease(leakRef());
 }
-
-#endif
+#endif // __OBJC__
 
 template<typename T> inline RetainPtr<T>& RetainPtr<T>::operator=(const RetainPtr& o)
 {
@@ -305,25 +308,17 @@ template<typename T, typename U> constexpr bool operator==(T* a, const RetainPtr
     return a == b.get(); 
 }
 
-template<typename T> constexpr RetainPtr<T> adoptCF(T CF_RELEASES_ARGUMENT ptr)
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptCF(T CF_RELEASES_ARGUMENT ptr)
 {
-#ifdef __OBJC__
     static_assert(!IsNSType<T>, "Don't use adoptCF with Objective-C pointer types, use adoptNS.");
-#endif
-    return RetainPtr<T>(ptr, RetainPtr<T>::Adopt);
+    return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
 }
 
-#ifdef __OBJC__
-template<typename T> RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
+template<typename T> constexpr RetainPtr<RetainPtrType<T>> adoptNS(T NS_RELEASES_ARGUMENT ptr)
 {
     static_assert(IsNSType<T>, "Don't use adoptNS with Core Foundation pointer types, use adoptCF.");
-#if __has_feature(objc_arc)
-    return ptr;
-#else
     return { ptr, RetainPtr<RetainPtrType<T>>::Adopt };
-#endif
 }
-#endif
 
 template<typename T> inline RetainPtr<RetainPtrType<T>> retainPtr(T ptr)
 {
diff --git a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
index 8a776d349b354..5815f9d69ace5 100644
--- a/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
+++ b/Source/WTF/wtf/cocoa/TypeCastsCocoa.h
@@ -35,7 +35,7 @@ namespace WTF {
 
 #if __has_feature(objc_arc)
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge_transfer type)value)
-#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((type)reinterpret_cast<uintptr_t>(value))
+#define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge_retained type)value)
 #else
 #define WTF_CF_TO_NS_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
 #define WTF_NS_TO_CF_BRIDGE_TRANSFER(type, value) ((__bridge type)value)
diff --git a/Source/WebCore/bridge/objc/objc_runtime.h b/Source/WebCore/bridge/objc/objc_runtime.h
index 3ecc988401e3d..105d7c2cc4864 100644
--- a/Source/WebCore/bridge/objc/objc_runtime.h
+++ b/Source/WebCore/bridge/objc/objc_runtime.h
@@ -81,8 +81,10 @@ class ObjcArray : public Array {
     virtual bool setValueAt(JSGlobalObject*, unsigned int index, JSValue aValue) const;
     virtual JSValue valueAt(JSGlobalObject*, unsigned int index) const;
     virtual unsigned int getLength() const;
-    
+
+#ifdef __OBJC__
     ObjectStructPtr getObjcArray() const { return _array.get(); }
+#endif
 
 private:
     RetainPtr<ObjectStructPtr> _array;
diff --git a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
index dd111166fe7cb..a90145b228a72 100644
--- a/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
+++ b/Source/WebCore/platform/PlatformSpeechSynthesisUtterance.h
@@ -76,7 +76,7 @@ class PlatformSpeechSynthesisUtterance : public RefCounted<PlatformSpeechSynthes
     PlatformSpeechSynthesisUtteranceClient* client() const { return m_client.get(); }
     void setClient(PlatformSpeechSynthesisUtteranceClient* client) { m_client = client; }
 
-#if PLATFORM(COCOA)
+#ifdef __OBJC__
     id wrapper() const { return m_wrapper.get(); }
     void setWrapper(id utterance) { m_wrapper = utterance; }
 #endif
diff --git a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
index 42acb7eec8422..cda8ed221ecb8 100644
--- a/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
+++ b/Source/WebCore/platform/network/cf/AuthenticationChallenge.h
@@ -40,8 +40,10 @@ class AuthenticationChallenge : public AuthenticationChallengeBase {
 
     WEBCORE_EXPORT AuthenticationChallenge(NSURLAuthenticationChallenge *);
 
+#ifdef __OBJC__
     id sender() const { return m_sender.get(); }
     NSURLAuthenticationChallenge *nsURLAuthenticationChallenge() const { return m_nsChallenge.get(); }
+#endif
 
     WEBCORE_EXPORT void setAuthenticationClient(AuthenticationClient*); // Changes sender to one that invokes client methods.
     WEBCORE_EXPORT AuthenticationClient* authenticationClient() const;
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.cpp b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
index b2fadab97f57d..c185f5e927110 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.cpp
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.cpp
@@ -1185,7 +1185,7 @@ static JSValueRef getIsGrabbedCallback(JSContextRef context, JSObjectRef thisObj
 static JSValueRef getIsValidCallback(JSContextRef context, JSObjectRef thisObject, JSStringRef propertyName, JSValueRef* exception)
 {
     AccessibilityUIElement* uiElement = toAXElement(thisObject);
-    if (!uiElement->platformUIElement())
+    if (!uiElement->hasPlatformUIElement())
         return JSValueMakeBoolean(context, false);
     
     // There might be other platform logic that one could check here...
@@ -1720,15 +1720,6 @@ void AccessibilityUIElement::setValue(JSStringRef) { }
 void AccessibilityUIElement::uiElementArrayAttributeValue(JSStringRef, Vector<AccessibilityUIElement>&) const { }
 #endif
 
-#if !PLATFORM(WIN)
-bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
-{
-    if (!otherElement)
-        return false;
-    return platformUIElement() == otherElement->platformUIElement();
-}
-#endif
-
 #if !PLATFORM(MAC)
 void AccessibilityUIElement::setBoolAttributeValue(JSStringRef, bool) { }
 bool AccessibilityUIElement::isOnScreen() const { return true; }
@@ -1950,7 +1941,7 @@ static void finalize(JSObjectRef thisObject)
 
 JSObjectRef AccessibilityUIElement::makeJSAccessibilityUIElement(JSContextRef context, const AccessibilityUIElement& element)
 {
-    if (!element.platformUIElement())
+    if (!element.hasPlatformUIElement())
         return nullptr;
 
     return JSObjectMake(context, AccessibilityUIElement::getJSClass(), new AccessibilityUIElement(element));
diff --git a/Tools/DumpRenderTree/AccessibilityUIElement.h b/Tools/DumpRenderTree/AccessibilityUIElement.h
index 568a7e4b1a8f1..94f83f8382ee5 100644
--- a/Tools/DumpRenderTree/AccessibilityUIElement.h
+++ b/Tools/DumpRenderTree/AccessibilityUIElement.h
@@ -57,13 +57,17 @@ class AccessibilityUIElement {
 #endif
 
 #if PLATFORM(COCOA)
+#ifdef __OBJC__
     id platformUIElement() const { return m_element.get(); }
 #endif
+#endif
 
 #if !PLATFORM(COCOA)
     PlatformUIElement platformUIElement() const { return m_element; }
 #endif
 
+    bool hasPlatformUIElement() const { return !!m_element; }
+
     static JSObjectRef makeJSAccessibilityUIElement(JSContextRef, const AccessibilityUIElement&);
 
     bool isEqual(AccessibilityUIElement* otherElement);
diff --git a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
index fad04c5351c2e..c17d66e7375ba 100644
--- a/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
+++ b/Tools/DumpRenderTree/ios/AccessibilityUIElementIOS.mm
@@ -149,6 +149,13 @@ - (CGPathRef)_accessibilityPath;
     return adopt(JSStringCreateWithCharacters(buffer.data(), buffer.size()));
 }
 
+bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
+{
+    if (!otherElement)
+        return false;
+    return platformUIElement() == otherElement->platformUIElement();
+}
+
 #pragma mark iPhone Attributes
 
 JSRetainPtr<JSStringRef> AccessibilityUIElement::identifier()
diff --git a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
index 1bfcac7fb34cf..d04b11b8269ad 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityTextMarkerMac.mm
@@ -38,7 +38,7 @@
 }
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
-    : m_textMarker(marker.platformTextMarker())
+    : m_textMarker(marker.m_textMarker)
 {
 }
 
diff --git a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
index 46688c937a8f3..49f06a6059de2 100644
--- a/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
+++ b/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm
@@ -294,6 +294,13 @@ - (void)_accessibilitySetValue:(id)value forAttribute:(NSString*)attributeName;
 }
 #endif
 
+bool AccessibilityUIElement::isEqual(AccessibilityUIElement* otherElement)
+{
+    if (!otherElement)
+        return false;
+    return platformUIElement() == otherElement->platformUIElement();
+}
+
 void AccessibilityUIElement::getLinkedUIElements(Vector<AccessibilityUIElement>& elementVector)
 {
     BEGIN_AX_OBJC_EXCEPTIONS
diff --git a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
index 0e4e2d323a8b9..96662f8bca7c1 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/cocoa/TypeCastsCocoa.mm
@@ -59,41 +59,55 @@ static size_t helloWorldCStringLength()
 
 TEST(TypeCastsCocoa, bridge_cast)
 {
-    @autoreleasepool {
-        auto objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
-        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+    RetainPtr<NSString> objectNS;
+    uintptr_t objectNSPtr;
 
-        auto objectCF = bridge_cast(WTFMove(objectNS));
-        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+    RetainPtr<CFStringRef> objectCF;
+    uintptr_t objectCFPtr;
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectNS = adoptNS([[NSString alloc] initWithFormat:@"%s", helloWorldCString]);
+        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectCF = bridge_cast(WTFMove(objectNS));
+        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectNS = bridge_cast(WTFMove(objectCF));
         objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
     }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
-    @autoreleasepool {
-        auto objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
-        auto objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectCF = adoptCF(CFStringCreateWithBytes(NULL, (const UInt8*)helloWorldCString, helloWorldCStringLength(), kCFStringEncodingUTF8, false));
+        objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 
-        auto objectNS = bridge_cast(WTFMove(objectCF));
-        auto objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        objectNS = bridge_cast(WTFMove(objectCF));
+        objectNSPtr = reinterpret_cast<uintptr_t>(objectNS.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(NULL, objectCF.get());
         EXPECT_EQ(objectCFPtr, objectNSPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
+    }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectNSPtr));
 
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
         objectCF = bridge_cast(WTFMove(objectNS));
         objectCFPtr = reinterpret_cast<uintptr_t>(objectCF.get());
         SUPPRESS_USE_AFTER_MOVE EXPECT_EQ(nil, objectNS.get());
         EXPECT_EQ(objectNSPtr, objectCFPtr);
-        EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
     }
+    EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectCFPtr));
 }
 
 TEST(TypeCastsCocoa, bridge_id_cast)
diff --git a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
index 5caf6d606d54d..f23ce84142cc5 100644
--- a/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
+++ b/Tools/TestWebKitAPI/Tests/WTF/ns/RetainPtr.mm
@@ -27,7 +27,9 @@
  */
 
 #import "config.h"
+#import <wtf/HashMap.h>
 #import <wtf/RetainPtr.h>
+#import <wtf/URL.h>
 
 #if __has_feature(objc_arc)
 #ifndef RETAIN_PTR_TEST_NAME
@@ -79,6 +81,8 @@
 
 TEST(RETAIN_PTR_TEST_NAME, ConstructionFromMutableNSType)
 {
+    static_assert(std::is_convertible_v<NSMutableString*, NSString*>, "NSMutableString must convert to NSString");
+
     NSMutableString *string = [NSMutableString stringWithUTF8String:"foo"];
 
     // This should invoke RetainPtr's move constructor.
@@ -124,11 +128,11 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString> ptr = RetainPtr<NSString *>(string);
+    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
-    RetainPtr<NSString *> temp = string;
+    RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move constructor.
     RetainPtr<NSString> ptr2(WTFMove(temp));
@@ -144,14 +148,14 @@
     // This should invoke RetainPtr's move constructor.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    RetainPtr<NSString *> ptr = RetainPtr<NSString>(string);
+    RetainPtr<NSString> ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
     RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move constructor.
-    RetainPtr<NSString *> ptr2(WTFMove(temp));
+    RetainPtr<NSString> ptr2(WTFMove(temp));
 
     EXPECT_EQ(string, ptr2);
     SUPPRESS_USE_AFTER_MOVE EXPECT_EQ((NSString *)nil, temp.get());
@@ -209,12 +213,12 @@
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
     // NSObject that logs -retain and -release calls.
-    ptr = RetainPtr<NSString *>(string);
+    ptr = RetainPtr<NSString>(string);
 
     EXPECT_EQ(string, ptr);
 
     ptr = nil;
-    RetainPtr<NSString *> temp = string;
+    RetainPtr<NSString> temp = string;
 
     // This should invoke RetainPtr's move assignment operator.
     ptr = WTFMove(temp);
@@ -226,7 +230,7 @@
 TEST(RETAIN_PTR_TEST_NAME, MoveAssignmentFromSimilarNSTypeReversed)
 {
     NSString *string = @"foo";
-    RetainPtr<NSString *> ptr;
+    RetainPtr<NSString> ptr;
 
     // This should invoke RetainPtr's move assignment operator.
     // FIXME: This doesn't actually test that we moved the value. We should use a mock
@@ -344,7 +348,6 @@
     EXPECT_EQ(1L, CFGetRetainCount((CFTypeRef)objectPtr3));
 }
 
-/* This test is disabled for now because it fails (!!).
 TEST(RETAIN_PTR_TEST_NAME, LeakRef)
 {
     RetainPtr<NSObject> foo;
@@ -364,6 +367,44 @@
 
     (void)adoptNS(object);
 }
-*/
+
+TEST(RETAIN_PTR_TEST_NAME, BridgingAutorelease)
+{
+    NSString *nsString;
+    uintptr_t nsStringPtr;
+
+    AUTORELEASEPOOL_FOR_ARC_DEBUG {
+        RetainPtr<CFStringRef> string = adoptCF(CFStringCreateWithCString(nullptr, "hello world", kCFStringEncodingASCII));
+        nsString = string.bridgingAutorelease();
+        nsStringPtr = reinterpret_cast<uintptr_t>(nsString);
+    }
+
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsStringPtr));
+}
+
+TEST(RETAIN_PTR_TEST_NAME, URLBridgeCast)
+{
+    RetainPtr<NSURL> nsURL;
+    uintptr_t nsURLPtr;
+    @autoreleasepool {
+        URL url(""_str);
+        nsURL = static_cast<NSURL *>(url);
+        nsURLPtr = reinterpret_cast<uintptr_t>(nsURL.get());
+    }
+
+    EXPECT_EQ(1, CFGetRetainCount((CFTypeRef)nsURLPtr));
+}
+
+TEST(RETAIN_PTR_TEST_NAME, HashMapCFTypeDeletedValue)
+{
+    HashMap<RetainPtr<CFStringRef>, int> map;
+
+    auto key = adoptCF(CFStringCreateWithCString(nullptr, "hello world", kCFStringEncodingASCII));
+    map.add(key, 1);
+    EXPECT_EQ(true, map.contains(key));
+    map.remove(key);
+
+    EXPECT_EQ(1, CFGetRetainCount(key.get()));
+}
 
 } // namespace TestWebKitAPI
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
index d2acac79377a8..fdd1d97880a21 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarker::AccessibilityTextMarker(PlatformTextMarker marker)
 
 AccessibilityTextMarker::AccessibilityTextMarker(const AccessibilityTextMarker& marker)
     : JSWrappable()
-    , m_textMarker(marker.platformTextMarker())
+    , m_textMarker(marker.m_textMarker)
 {
 }
 
@@ -57,15 +57,6 @@ AccessibilityTextMarker::~AccessibilityTextMarker()
 {
 }
 
-PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
-{
-#if PLATFORM(COCOA)
-    return m_textMarker.get();
-#else
-    return m_textMarker;
-#endif
-}
-    
 JSClassRef AccessibilityTextMarker::wrapperClass()
 {
     return JSAccessibilityTextMarker::accessibilityTextMarkerClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
index 8fc94f6f54948..0349974f2f399 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarker.h
@@ -69,4 +69,18 @@ class AccessibilityTextMarker : public JSWrappable {
 inline bool AccessibilityTextMarker::isEqual(AccessibilityTextMarker*) { return false; }
 #endif
 
+#if PLATFORM(COCOA)
+#ifdef __OBJC__
+inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
+{
+    return m_textMarker.get();
+}
+#endif
+#else
+inline PlatformTextMarker AccessibilityTextMarker::platformTextMarker() const
+{
+    return m_textMarker;
+}
+#endif
+
 } // namespace WTR
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
index 96f9fcfc09deb..fb967b9210272 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.cpp
@@ -49,7 +49,7 @@ AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(PlatformTextMarkerRan
 
 AccessibilityTextMarkerRange::AccessibilityTextMarkerRange(const AccessibilityTextMarkerRange& markerRange)
     : JSWrappable()
-    , m_textMarkerRange(markerRange.platformTextMarkerRange())
+    , m_textMarkerRange(markerRange.m_textMarkerRange)
 {
 }
 
@@ -57,15 +57,6 @@ AccessibilityTextMarkerRange::~AccessibilityTextMarkerRange()
 {
 }
 
-PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
-{
-#if PLATFORM(COCOA)
-    return m_textMarkerRange.get();
-#else
-    return m_textMarkerRange;
-#endif
-}
-    
 JSClassRef AccessibilityTextMarkerRange::wrapperClass()
 {
     return JSAccessibilityTextMarkerRange::accessibilityTextMarkerRangeClass();
diff --git a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
index fb982f3b9f593..9fbdda91ef452 100644
--- a/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
+++ b/Tools/WebKitTestRunner/InjectedBundle/AccessibilityTextMarkerRange.h
@@ -62,10 +62,24 @@ class AccessibilityTextMarkerRange : public JSWrappable {
     PlatformTextMarkerRange m_textMarkerRange;
 #endif
 };
-    
+
 #if !PLATFORM(COCOA)
 inline bool AccessibilityTextMarkerRange::isEqual(AccessibilityTextMarkerRange*) { return false; }
 #endif
+
+#if PLATFORM(COCOA)
+#ifdef __OBJC__
+inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
+{
+    return m_textMarkerRange.get();
+}
+#endif
+#else
+inline PlatformTextMarkerRange AccessibilityTextMarkerRange::platformTextMarkerRange() const
+{
+    return m_textMarkerRange;
+}
+#endif
     
 #ifdef __OBJC__
 inline std::optional<RefPtr<AccessibilityTextMarkerRange>> makeVectorElement(const RefPtr<AccessibilityTextMarkerRange>*, id range) { return { { AccessibilityTextMarkerRange::create(range) } }; }

From fe53fcca62761d8a3da3103eaacf4b6cf002bf82 Mon Sep 17 00:00:00 2001
From: Dan Hecht <dan.hecht@apple.com>
Date: Mon, 24 Feb 2025 12:56:10 -0800
Subject: [PATCH 147/174] [JSC][GreedyRegAlloc] Add GreedyAllocator::dump() for
 easier debugging https://bugs.webkit.org/show_bug.cgi?id=288391
 rdar://145498276

Reviewed by Yijia Huang.

Add GreedyAllocator::dump() for an easy way to dump all the
internal state of the allocator.

* Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp:
(JSC::B3::Air::Greedy::LiveRange::size const):
(JSC::B3::Air::Greedy::RegisterRange::isEmpty const):
(JSC::B3::Air::Greedy::GreedyAllocator::run):
(JSC::B3::Air::Greedy::GreedyAllocator::dump const):
(JSC::B3::Air::Greedy::GreedyAllocator::dumpRegRanges const):
(JSC::B3::Air::Greedy::GreedyAllocator::buildLiveRanges):
(JSC::B3::Air::Greedy::GreedyAllocator::allocateRegisters):
(JSC::B3::Air::Greedy::GreedyAllocator::assignRegisters):
(JSC::B3::Air::Greedy::LiveRange::size): Deleted.
(JSC::B3::Air::Greedy::GreedyAllocator::dumpRegRanges): Deleted.

Canonical link: https://commits.webkit.org/290968@main
---
 .../b3/air/AirAllocateRegistersByGreedy.cpp   | 76 ++++++++++---------
 1 file changed, 42 insertions(+), 34 deletions(-)

diff --git a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
index a4cdb40b324c4..5128f6239f17f 100644
--- a/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
+++ b/Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
@@ -186,7 +186,7 @@ class LiveRange {
         return m_intervals;
     }
 
-    size_t size()
+    size_t size() const
     {
         return m_size;
     }
@@ -476,6 +476,11 @@ class RegisterRange {
         }
     }
 
+    bool isEmpty() const
+    {
+        return m_allocations.empty();
+    }
+
     void dump(PrintStream& out) const
     {
         CommaPrinter comma;
@@ -591,6 +596,8 @@ class GreedyAllocator {
         finalizeGroups<GP>();
         finalizeGroups<FP>();
 
+        dataLogLnIf(verbose(), "State before greedy register allocation:\n", *this);
+
         allocateRegisters<GP>();
         allocateRegisters<FP>();
 
@@ -603,9 +610,38 @@ class GreedyAllocator {
         fixSpillsAfterTerminals(m_code);
     }
 
+    void dump(PrintStream& out) const
+    {
+        out.println("RegRanges:");
+        dumpRegRanges<GP>(out);
+        dumpRegRanges<FP>(out);
+        out.println("LiveRanges:");
+        auto dumpRegTmpData = [&](Reg r) {
+            const TmpData& tmpData = m_map[Tmp(r)];
+            if (tmpData.liveRange.size())
+                out.println("    ", r, ": ", m_map[Tmp(r)]);
+        };
+        for (Reg r : m_allowedRegistersInPriorityOrder[GP])
+            dumpRegTmpData(r);
+        for (Reg r : m_allowedRegistersInPriorityOrder[FP])
+            dumpRegTmpData(r);
+        m_code.forEachTmp([&](Tmp tmp) {
+            out.println("    ", tmp, ": ", m_map[tmp]);
+        });
+    }
+
 private:
     static constexpr Point pointsPerInst = 2;
 
+    template<Bank bank>
+    void dumpRegRanges(PrintStream& out) const
+    {
+        for (Reg r : m_allowedRegistersInPriorityOrder[bank]) {
+            if (!m_regRanges[r].isEmpty())
+                out.println("    ", r, ": ", m_regRanges[r]);
+        }
+    }
+
     void buildRegisterSets()
     {
         forEachBank([&] (Bank bank) {
@@ -1003,21 +1039,6 @@ class GreedyAllocator {
             ASSERT(!activeIntervals[tmp]);
         });
 #endif
-        if (verbose()) {
-            dataLog("Intervals:\n");
-            auto dumpRegTmpData = [&](Reg r) {
-                TmpData& tmpData = m_map[Tmp(r)];
-                if (tmpData.liveRange.size())
-                    dataLog("    ", r, ": ", m_map[Tmp(r)], "\n");
-            };
-            for (Reg r : m_allowedRegistersInPriorityOrder[GP])
-                dumpRegTmpData(r);
-            for (Reg r : m_allowedRegistersInPriorityOrder[FP])
-                dumpRegTmpData(r);
-            m_code.forEachTmp([&](Tmp tmp) {
-                dataLog("    ", tmp, ": ", m_map[tmp], "\n");
-            });
-        }
     }
 
     template<typename Func>
@@ -1208,12 +1229,6 @@ class GreedyAllocator {
         return tmp;
     }
 
-    void dumpRegRanges(Bank bank)
-    {
-        for (Reg r : m_allowedRegistersInPriorityOrder[bank])
-            dataLogLn("   regRanges[", r, "]: ", m_regRanges[r]);
-    }
-
     void setStageAndEnqueue(Tmp tmp, TmpData& tmpData, Stage stage)
     {
         ASSERT(!tmp.isReg());
@@ -1259,8 +1274,10 @@ class GreedyAllocator {
                 ASSERT(tmp && tmp.bank() == bank);
                 TmpData& tmpData = m_map[tmp];
                 if (verbose()) {
-                    dataLogLn("Pop: ", entry, " tmp: ", tmpData);
-                    dumpRegRanges(bank);
+                    StringPrintStream out;
+                    out.println("Pop: ", entry, " tmp: ", tmpData);
+                    dumpRegRanges<bank>(out);
+                    dataLog(out.toCString());
                 }
                 if (tmpData.stage == Stage::Replaced)
                     continue; // Tmp no longer relevant
@@ -1881,16 +1898,7 @@ class GreedyAllocator {
     void assignRegisters()
     {
         CompilerTimingScope timingScope("Air"_s, "GreedyRegAlloc::assignRegisters"_s);
-
-        if (verbose()) {
-            dataLog("About to assign registers. State of all tmps:\n");
-            m_code.forEachTmp(
-                [&] (Tmp tmp) {
-                    dataLog("    ", tmp, ": ", m_map[tmp], "\n");
-                });
-            dataLog("IR:\n");
-            dataLog(m_code);
-        }
+        dataLogLnIf(verbose(), "Greedy register allocator about to assign registers:\n", *this, "IR:\n", m_code);
 
         for (BasicBlock* block : m_code) {
             for (Inst& inst : *block) {

From c25135a6b793d9799f5076153c9b969f58af78cb Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Mon, 24 Feb 2025 13:03:43 -0800
Subject: [PATCH 148/174] [GPUP][macOS] Add sandbox telemetry for IOKit user
 client AppleAVDUserClient https://bugs.webkit.org/show_bug.cgi?id=288154
 rdar://145250311

Reviewed by Sihui Liu.

* Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

Canonical link: https://commits.webkit.org/290969@main
---
 .../mac/com.apple.WebKit.GPUProcess.sb.in           | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in b/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in
index 53a48e3360fda..8235aa298dd4f 100644
--- a/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in
+++ b/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in
@@ -1076,8 +1076,17 @@
 (allow mach-lookup
     (global-name "com.apple.relatived.tempest"))
 
-(allow IOKIT_OPEN_USER_CLIENT
-    (iokit-user-client-class "AppleAVDUserClient"))
+(if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+    (allow IOKIT_OPEN_USER_CLIENT (with report) (with telemetry)
+        (iokit-user-client-class "AppleAVDUserClient")
+        (apply-message-filter
+            (allow (with report) (with telemetry)
+                iokit-async-external-method
+                iokit-external-method
+                iokit-external-trap)))
+    ;; else
+    (allow IOKIT_OPEN_USER_CLIENT
+        (iokit-user-client-class "AppleAVDUserClient")))
 
 (when (equal? (param "CPU") "arm64")
     (allow IOKIT_OPEN_USER_CLIENT

From a4a7342013a5e62e20e8e13a920cd36092409c58 Mon Sep 17 00:00:00 2001
From: Fady Farag <com.idmsa@gmail.com>
Date: Mon, 24 Feb 2025 13:16:35 -0800
Subject: [PATCH 149/174] Address safer C++ static analysis warnings in
 ElementAncestorIterator https://bugs.webkit.org/show_bug.cgi?id=288293
 rdar://problem/145374613

Reviewed by Chris Dumez.

Fix a clang static analyzer warning caused by using a raw reference to
store element in ElementAncestorIterator.

* Source/WebCore/dom/ElementAncestorIterator.h:
(WebCore::ElementAncestorRange::first const):
* Source/WebCore/dom/ElementAncestorIteratorInlines.h:
(WebCore::ElementAncestorRange<ElementType>::begin const):

Canonical link: https://commits.webkit.org/290970@main
---
 Source/WebCore/dom/ElementAncestorIterator.h        | 4 ++--
 Source/WebCore/dom/ElementAncestorIteratorInlines.h | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/dom/ElementAncestorIterator.h b/Source/WebCore/dom/ElementAncestorIterator.h
index 3000612fb86c5..dd9150911feae 100644
--- a/Source/WebCore/dom/ElementAncestorIterator.h
+++ b/Source/WebCore/dom/ElementAncestorIterator.h
@@ -56,10 +56,10 @@ class ElementAncestorRange {
     explicit ElementAncestorRange(ElementType* first);
     ElementAncestorIterator<ElementType> begin() const;
     static constexpr std::nullptr_t end() { return nullptr; }
-    ElementType* first() const { return m_first; }
+    ElementType* first() const { return m_first.get(); }
 
 private:
-    ElementType* const m_first;
+    RefPtr<ElementType> m_first;
 };
 
 // ElementAncestorIterator
diff --git a/Source/WebCore/dom/ElementAncestorIteratorInlines.h b/Source/WebCore/dom/ElementAncestorIteratorInlines.h
index 643f3fa314eab..c4adc2e58d66b 100644
--- a/Source/WebCore/dom/ElementAncestorIteratorInlines.h
+++ b/Source/WebCore/dom/ElementAncestorIteratorInlines.h
@@ -44,7 +44,7 @@ inline ElementAncestorIterator<ElementType>& ElementAncestorIterator<ElementType
 template <typename ElementType>
 inline ElementAncestorIterator<ElementType> ElementAncestorRange<ElementType>::begin() const
 {
-    return ElementAncestorIterator<ElementType>(m_first);
+    return ElementAncestorIterator<ElementType>(m_first.get());
 }
 
 // Standalone functions

From 79c7714754da2910874687c438a1ee0e8d18000c Mon Sep 17 00:00:00 2001
From: Richard Robinson <richard_robinson2@apple.com>
Date: Mon, 24 Feb 2025 13:19:12 -0800
Subject: [PATCH 150/174] Local macCatalyst build fails in
 PlatformIntelligenceTextEffectView.swift
 https://bugs.webkit.org/show_bug.cgi?id=288399 rdar://145084246

Unreviewed build fix.

* Source/WebKit/WebKitSwift/WritingTools/PlatformIntelligenceTextEffectView.swift:

Canonical link: https://commits.webkit.org/290971@main
---
 .../WritingTools/PlatformIntelligenceTextEffectView.swift   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WebKit/WebKitSwift/WritingTools/PlatformIntelligenceTextEffectView.swift b/Source/WebKit/WebKitSwift/WritingTools/PlatformIntelligenceTextEffectView.swift
index 639a1e229c84e..ef1ec189eeb8b 100644
--- a/Source/WebKit/WebKitSwift/WritingTools/PlatformIntelligenceTextEffectView.swift
+++ b/Source/WebKit/WebKitSwift/WritingTools/PlatformIntelligenceTextEffectView.swift
@@ -25,7 +25,7 @@ import Foundation
 
 #if canImport(WritingTools)
 
-#if canImport(AppKit)
+#if canImport(AppKit) && !targetEnvironment(macCatalyst)
 import AppKit
 // WritingToolsUI is not present in the base system, but WebKit is, so it must be weak-linked.
 // WritingToolsUI need not be soft-linked from WebKitSwift because although WTUI links WebKit, WebKit does not directly link WebKitSwift.
@@ -46,7 +46,7 @@ internal import SwiftUI
 
 // MARK: Platform abstraction type aliases
 
-#if canImport(AppKit)
+#if canImport(AppKit) && !targetEnvironment(macCatalyst)
 typealias PlatformView = NSView
 typealias PlatformBounds = NSRect
 typealias PlatformTextPreview = [_WTTextPreview]
@@ -507,7 +507,7 @@ struct PlatformIntelligenceTextEffectID: Hashable {
         self.chunk = chunk
     }
 
-#if canImport(AppKit)
+#if canImport(AppKit) && !targetEnvironment(macCatalyst)
     private func didCompletePartialWrappedEffect<Source>(for source: Source) where Source: PlatformIntelligenceTextEffectViewSource, Source.Chunk == Chunk {
         if self.hasCompletedPartialWrappedEffect {
             Task { @MainActor in

From 57d53c85b1ab7ef839066c08ed54a7e12d550b92 Mon Sep 17 00:00:00 2001
From: Per Arne Vollan <pvollan@apple.com>
Date: Mon, 24 Feb 2025 13:27:07 -0800
Subject: [PATCH 151/174] The Networking process sometimes crash in
 Download::resume https://bugs.webkit.org/show_bug.cgi?id=288376
 rdar://145354369

Reviewed by Chris Dumez.

If we fail to create a NSURLSessionDownloadTask from the resume data, we will attempt to create a hash map
entry where the task identifier key is 0. This will cause a release assert when the key is checked.

* Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:
(WebKit::Download::resume):

Canonical link: https://commits.webkit.org/290972@main
---
 .../NetworkProcess/Downloads/cocoa/DownloadCocoa.mm       | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm b/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm
index dc98389afaf3c..0d8a6879e54f9 100644
--- a/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm
+++ b/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm
@@ -60,7 +60,15 @@
     // FIXME: Use nsData instead of updatedData once we've migrated from _WKDownload to WKDownload
     // because there's no reason to set the local path we got from the data back into the data.
     m_downloadTask = [cocoaSession.sessionWrapperForDownloadResume().session downloadTaskWithResumeData:updatedData];
+    if (!m_downloadTask) {
+        RELEASE_LOG_ERROR(Network, "Could not create download task from resume data");
+        return;
+    }
     auto taskIdentifier = [m_downloadTask taskIdentifier];
+    if (!taskIdentifier) {
+        RELEASE_LOG_ERROR(Network, "Could not resume download, since task identifier is 0");
+        return;
+    }
     ASSERT(!cocoaSession.sessionWrapperForDownloadResume().downloadMap.contains(taskIdentifier));
     cocoaSession.sessionWrapperForDownloadResume().downloadMap.add(taskIdentifier, m_downloadID);
     m_downloadTask.get()._pathToDownloadTaskFile = path;

From 566a752de39314794431dc7c191818a6a8b2cce1 Mon Sep 17 00:00:00 2001
From: Fady Farag <com.idmsa@gmail.com>
Date: Mon, 24 Feb 2025 13:33:25 -0800
Subject: [PATCH 152/174] Address safer C++ static analysis warnings in
 ChildChangeInvalidation https://bugs.webkit.org/show_bug.cgi?id=287871
 rdar://problem/145073441

Reviewed by Chris Dumez.

Fix a clang static analyzer warning caused by using a raw reference to
store element in ChildChangeInvalidation.

* Source/WebCore/style/ChildChangeInvalidation.h:
(): Deleted.

Canonical link: https://commits.webkit.org/290973@main
---
 .../SaferCPPExpectations/NoUncountedMemberCheckerExpectations   | 1 -
 Source/WebCore/style/ChildChangeInvalidation.h                  | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
index d8f010260efad..495f0e0d478d7 100644
--- a/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
+++ b/Source/WebCore/SaferCPPExpectations/NoUncountedMemberCheckerExpectations
@@ -90,7 +90,6 @@ rendering/TextBoxPainter.h
 rendering/style/StyleGeneratedImage.cpp
 rendering/svg/SVGTextLayoutAttributesBuilder.h
 rendering/updating/RenderTreeUpdater.h
-style/ChildChangeInvalidation.h
 style/ClassChangeInvalidation.cpp
 style/ElementRuleCollector.cpp
 style/PseudoClassChangeInvalidation.h
diff --git a/Source/WebCore/style/ChildChangeInvalidation.h b/Source/WebCore/style/ChildChangeInvalidation.h
index 643efb8c9c973..50020d6c33a95 100644
--- a/Source/WebCore/style/ChildChangeInvalidation.h
+++ b/Source/WebCore/style/ChildChangeInvalidation.h
@@ -56,7 +56,7 @@ class ChildChangeInvalidation {
 
     Element& parentElement() { return *m_parentElement; }
 
-    Element* m_parentElement { nullptr };
+    RefPtr<Element> m_parentElement;
     const ContainerNode::ChildChange& m_childChange;
 
     const bool m_isEnabled;

From 5fe3d98d875c07920326de33b217144fe3b4a302 Mon Sep 17 00:00:00 2001
From: Nathan Solomon <nathan_solomon@apple.com>
Date: Mon, 24 Feb 2025 13:35:34 -0800
Subject: [PATCH 153/174] Add Nathan Solomon as committer in contributors.json
 https://bugs.webkit.org/show_bug.cgi?id=288403 rdar://145504488

Reviewed by Ryan Reno.

Adding Nathan Solomon as committer in contributors.json

* metadata/contributors.json:

Canonical link: https://commits.webkit.org/290974@main
---
 metadata/contributors.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/metadata/contributors.json b/metadata/contributors.json
index a1eea5947e12f..2c2341c5696b9 100644
--- a/metadata/contributors.json
+++ b/metadata/contributors.json
@@ -6171,7 +6171,8 @@
       "name" : "Nathan Solomon",
       "nicks" : [
          "NathanSolomon733"
-      ]
+      ],
+      "status" : "committer"
    },
    {
       "emails" : [

From 72f89a14d8f833f1c6656d07d311b89d92ee31d8 Mon Sep 17 00:00:00 2001
From: Karl Rackler <rackler@apple.com>
Date: Mon, 24 Feb 2025 13:37:49 -0800
Subject: [PATCH 154/174] [Gardening]: EWS REGRESSION (Sonoma): [ macOS wk2
 release ] fast/text/canvas-color-fonts/stroke-gradient-COLR.html is a
 consistent image failure (failure in EWS)
 https://bugs.webkit.org/show_bug.cgi?id=288404 rdar://145504776

Unreviewed test gardening.

Add test expectation.

* LayoutTests/platform/mac-wk2/TestExpectations:

Canonical link: https://commits.webkit.org/290975@main
---
 LayoutTests/platform/mac-wk2/TestExpectations | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations
index 4705b04e7ebdc..b161cd4383035 100644
--- a/LayoutTests/platform/mac-wk2/TestExpectations
+++ b/LayoutTests/platform/mac-wk2/TestExpectations
@@ -1963,3 +1963,5 @@ webkit.org/b/288053 imported/w3c/web-platform-tests/fetch/http-cache/invalidate.
 webkit.org/b/288119 imported/w3c/web-platform-tests/preload/preload-type-match.html [ Pass Failure ]
 
 webkit.org/b/288120 [ Sonoma+ Release ] fast/animation/request-animation-frame-throttling-lowPowerMode.html [ Pass Failure ]
+
+webkit.org/b/288404 [ Sonoma+ Release ] fast/text/canvas-color-fonts/stroke-gradient-COLR.html [ Pass ImageOnlyFailure ]

From 037ef87c97ac4d5073bd436d5b5dad4b422ee64b Mon Sep 17 00:00:00 2001
From: Abrar Rahman Protyasha <a_protyasha@apple.com>
Date: Mon, 24 Feb 2025 13:46:10 -0800
Subject: [PATCH 155/174] [ Gardening ] NEW-TEST(290565@main): [ iOS Debug ]
 TestWebKitAPI.UnifiedPDF.ShouldNotRespectSetViewScale(api-test) is a constant
 timeout https://bugs.webkit.org/show_bug.cgi?id=288401 rdar://145504391

Unreviewed test gardening.

Skip this API test on iOS debug for now because we started asserting
under WebCore::ScrollView::scrollTo() since 290220@main.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm:
(TestWebKitAPI::UNIFIED_PDF_TEST):

Canonical link: https://commits.webkit.org/290976@main
---
 Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
index fd42e9814cbd4..e9060a0c786a9 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
@@ -473,7 +473,12 @@ void pressKey(auto key, unsigned short code, Seconds duration = 200_ms)
     EXPECT_EQ(pdf->pageCount(), 16UL);
 }
 
+// FIXME: <webkit.org/b/288401> [ iOS Debug ] TestWebKitAPI.UnifiedPDF.ShouldNotRespectSetViewScale(api-test) is a constant timeout
+#if !defined(NDEBUG)
+UNIFIED_PDF_TEST(DISABLED_ShouldNotRespectSetViewScale)
+#else
 UNIFIED_PDF_TEST(ShouldNotRespectSetViewScale)
+#endif
 {
     RetainPtr webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configurationForWebViewTestingUnifiedPDF().get()]);
 

From ac53bcad6b25233e8ac38860ccaa63ff28b9ef65 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Mon, 24 Feb 2025 13:50:22 -0800
Subject: [PATCH 156/174] Address Safer cpp failures in NetworkDataTask.cpp
 https://bugs.webkit.org/show_bug.cgi?id=288368

Reviewed by Darin Adler.

* Source/WebKit/NetworkProcess/NetworkDataTask.cpp:
(WebKit::NetworkDataTask::scheduleFailure):
(WebKit::NetworkDataTask::didReceiveInformationalResponse):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::shouldCaptureExtraNetworkLoadMetrics const):
* Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:

Canonical link: https://commits.webkit.org/290977@main
---
 .../WebKit/NetworkProcess/NetworkDataTask.cpp | 33 +++++++++++--------
 Source/WebKit/NetworkProcess/NetworkLoad.cpp  |  1 +
 .../UncountedCallArgsCheckerExpectations      |  1 -
 3 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp
index fa8b32d433e5c..4d06e42bd1421 100644
--- a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp
@@ -122,29 +122,33 @@ void NetworkDataTask::scheduleFailure(FailureType type)
     m_failureScheduled = true;
     RunLoop::protectedMain()->dispatch([weakThis = ThreadSafeWeakPtr { *this }, type] {
         auto protectedThis = weakThis.get();
-        if (!protectedThis || !protectedThis->m_client)
+        if (!protectedThis)
+            return;
+
+        RefPtr client = protectedThis->m_client.get();
+        if (!client)
             return;
 
         switch (type) {
         case FailureType::Blocked:
-            protectedThis->m_client->wasBlocked();
+            client->wasBlocked();
             return;
         case FailureType::InvalidURL:
-            protectedThis->m_client->cannotShowURL();
+            client->cannotShowURL();
             return;
         case FailureType::RestrictedURL:
-            protectedThis->m_client->wasBlockedByRestrictions();
+            client->wasBlockedByRestrictions();
             return;
         case FailureType::FTPDisabled:
-            protectedThis->m_client->wasBlockedByDisabledFTP();
+            client->wasBlockedByDisabledFTP();
         }
     });
 }
 
 void NetworkDataTask::didReceiveInformationalResponse(ResourceResponse&& headers)
 {
-    if (m_client)
-        m_client->didReceiveInformationalResponse(WTFMove(headers));
+    if (RefPtr client = m_client.get())
+        client->didReceiveInformationalResponse(WTFMove(headers));
 }
 
 void NetworkDataTask::didReceiveResponse(ResourceResponse&& response, NegotiatedLegacyTLS negotiatedLegacyTLS, PrivateRelayed privateRelayed, std::optional<IPAddress> resolvedIPAddress, ResponseCompletionHandler&& completionHandler)
@@ -155,8 +159,8 @@ void NetworkDataTask::didReceiveResponse(ResourceResponse&& response, Negotiated
         if (port && !WTF::isDefaultPortForProtocol(port.value(), url.protocol())) {
             completionHandler(PolicyAction::Ignore);
             cancel();
-            if (m_client)
-                m_client->didCompleteWithError({ String(), 0, url, makeString("Cancelled load from '"_s, url.stringCenterEllipsizedToLength(), "' because it is using HTTP/0.9."_s) });
+            if (RefPtr client = m_client.get())
+                client->didCompleteWithError({ String(), 0, url, makeString("Cancelled load from '"_s, url.stringCenterEllipsizedToLength(), "' because it is using HTTP/0.9."_s) });
             return;
         }
     }
@@ -169,8 +173,8 @@ void NetworkDataTask::didReceiveResponse(ResourceResponse&& response, Negotiated
         if (resolvedIPAddress && !resolvedIPAddress->isLoopback()) {
             completionHandler(PolicyAction::Ignore);
             cancel();
-            if (m_client)
-                m_client->didCompleteWithError({ String(), 0, url, makeString("Cancelled load from '"_s, url.stringCenterEllipsizedToLength(), "' because localhost did not resolve to a loopback address."_s) });
+            if (RefPtr client = m_client.get())
+                client->didCompleteWithError({ String(), 0, url, makeString("Cancelled load from '"_s, url.stringCenterEllipsizedToLength(), "' because localhost did not resolve to a loopback address."_s) });
             return;
         }
     }
@@ -181,15 +185,16 @@ void NetworkDataTask::didReceiveResponse(ResourceResponse&& response, Negotiated
     if (privateRelayed == PrivateRelayed::Yes)
         response.setWasPrivateRelayed(WasPrivateRelayed::Yes);
 
-    if (m_client)
-        m_client->didReceiveResponse(WTFMove(response), negotiatedLegacyTLS, privateRelayed, WTFMove(completionHandler));
+    if (RefPtr client = m_client.get())
+        client->didReceiveResponse(WTFMove(response), negotiatedLegacyTLS, privateRelayed, WTFMove(completionHandler));
     else
         completionHandler(PolicyAction::Ignore);
 }
 
 bool NetworkDataTask::shouldCaptureExtraNetworkLoadMetrics() const
 {
-    return m_client ? m_client->shouldCaptureExtraNetworkLoadMetrics() : false;
+    RefPtr client = m_client.get();
+    return client && client->shouldCaptureExtraNetworkLoadMetrics();
 }
 
 String NetworkDataTask::description() const
diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.cpp b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
index 162f69675b0c4..6c5ec0039b5ee 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoad.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkLoad.cpp
@@ -55,6 +55,7 @@ NetworkLoad::NetworkLoad(NetworkLoadClient& client, NetworkLoadParameters&& para
     , m_parameters(WTFMove(parameters))
     , m_currentRequest(m_parameters.request)
 {
+    relaxAdoptionRequirement();
     if (m_parameters.request.url().protocolIsBlob())
         m_task = NetworkDataTaskBlob::create(networkSession, *this, m_parameters.request, m_parameters.blobFileReferences, m_parameters.topOrigin);
     else
diff --git a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
index 8db3520662457..61926540b257e 100644
--- a/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
+++ b/Source/WebKit/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
@@ -7,7 +7,6 @@ NetworkProcess/Downloads/DownloadManager.cpp
 NetworkProcess/Downloads/PendingDownload.cpp
 NetworkProcess/Downloads/cocoa/DownloadCocoa.mm
 NetworkProcess/Downloads/cocoa/WKDownloadProgress.mm
-NetworkProcess/NetworkDataTask.cpp
 NetworkProcess/PingLoad.cpp
 NetworkProcess/PrivateClickMeasurement/PrivateClickMeasurementClientImpl.cpp
 NetworkProcess/PrivateClickMeasurement/PrivateClickMeasurementManager.cpp

From c7d6142e894fc9ca22be5151076c5c3e40e99f77 Mon Sep 17 00:00:00 2001
From: Marcus Plutowski <marcus_plutowski@apple.com>
Date: Mon, 24 Feb 2025 14:07:24 -0800
Subject: [PATCH 157/174] [JSC] Add scavenger hook for scavenging external
 tasks https://bugs.webkit.org/show_bug.cgi?id=287984 rdar://145154078

Reviewed by Yusuke Suzuki.

This patch should strike a balance between convenience and performance.
Using a fixed array of callbacks is suitable because we always
know which systems are going to hook into libpas -- it's not like
someone will decide at runtime that they need to fall back on
the scavenger.

Re.: the additional mutex, it's possible to do without it -- we would
just need two atomic integers, "next_open_slot" and
"last_initialized_slot". However, this is a nontrivial amount of
complexity and much easier to mess up.

* Source/WTF/wtf/SequesteredAllocator.h:
* Source/WTF/wtf/SequesteredImmortalHeap.h:
(WTF::SequesteredImmortalHeap::installScavengerHook):
(WTF::SequesteredImmortalHeap::scavenge):
* Source/WTF/wtf/Threading.cpp:
(WTF::initialize):
* Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj:
* Source/bmalloc/libpas/src/libpas/pas_scavenger.c:
(ensure_data_instance):
(scavenger_thread_main):
(pas_scavenger_try_install_foreign_work_callback):
* Source/bmalloc/libpas/src/libpas/pas_scavenger.h:
* Source/bmalloc/libpas/src/test/ScavengerExternalWorkTests.cpp: Added.
(incrementCounter):
(testCallbacksAreCalledWhenExpected):
(addScavengerExternalWorkTests):
* Source/bmalloc/libpas/src/test/TestHarness.cpp:

Canonical link: https://commits.webkit.org/290978@main
---
 .../libpas/libpas.xcodeproj/project.pbxproj   |  4 ++
 .../bmalloc/libpas/src/libpas/pas_scavenger.c | 46 +++++++++++-
 .../bmalloc/libpas/src/libpas/pas_scavenger.h | 36 ++++++++++
 .../src/test/ScavengerExternalWorkTests.cpp   | 72 +++++++++++++++++++
 .../bmalloc/libpas/src/test/TestHarness.cpp   |  1 +
 5 files changed, 158 insertions(+), 1 deletion(-)
 create mode 100644 Source/bmalloc/libpas/src/test/ScavengerExternalWorkTests.cpp

diff --git a/Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj b/Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj
index b242d43f15009..acb99aca5aaae 100644
--- a/Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj
+++ b/Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj
@@ -332,6 +332,7 @@
 		0F9E9466234660D4009FAFDD /* pas_dyld_state.c in Sources */ = {isa = PBXBuildFile; fileRef = 0F9E9464234660D3009FAFDD /* pas_dyld_state.c */; };
 		0F9E9467234660D4009FAFDD /* pas_dyld_state.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F9E9465234660D3009FAFDD /* pas_dyld_state.h */; };
 		0FA18546236B3C82003609AD /* IsoHeapChaosTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA18545236B3C82003609AD /* IsoHeapChaosTests.cpp */; };
+		0FA18546236B3C82003609A7 /* ScavengerExternalWorkTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA18545236B3C82003609A7 /* ScavengerExternalWorkTests.cpp.cpp */; };
 		0FA5E4562492D5BA00CE962A /* pas_thread_local_cache_layout_node.c in Sources */ = {isa = PBXBuildFile; fileRef = 0FA5E4512492D5B900CE962A /* pas_thread_local_cache_layout_node.c */; };
 		0FA5E4572492D5BA00CE962A /* pas_redundant_local_allocator_node.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA5E4522492D5B900CE962A /* pas_redundant_local_allocator_node.h */; };
 		0FA5E4582492D5BA00CE962A /* pas_thread_local_cache_layout_node.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA5E4532492D5B900CE962A /* pas_thread_local_cache_layout_node.h */; };
@@ -1042,6 +1043,7 @@
 		0F9E9464234660D3009FAFDD /* pas_dyld_state.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pas_dyld_state.c; sourceTree = "<group>"; };
 		0F9E9465234660D3009FAFDD /* pas_dyld_state.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pas_dyld_state.h; sourceTree = "<group>"; };
 		0FA18545236B3C82003609AD /* IsoHeapChaosTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IsoHeapChaosTests.cpp; sourceTree = "<group>"; };
+		0FA18545236B3C82003609A7 /* ScavengerExternalWorkTests.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScavengerExternalWorkTests.cpp; sourceTree = "<group>"; };
 		0FA5E4512492D5B900CE962A /* pas_thread_local_cache_layout_node.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pas_thread_local_cache_layout_node.c; sourceTree = "<group>"; };
 		0FA5E4522492D5B900CE962A /* pas_redundant_local_allocator_node.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pas_redundant_local_allocator_node.h; sourceTree = "<group>"; };
 		0FA5E4532492D5B900CE962A /* pas_thread_local_cache_layout_node.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pas_thread_local_cache_layout_node.h; sourceTree = "<group>"; };
@@ -1435,6 +1437,7 @@
 				2B2A589B2742D815005EE07C /* PGMTests.cpp */,
 				0F5E483923D69F610046DA5C /* RaceTests.cpp */,
 				0FF08F3522A59DB300386575 /* RedBlackTreeTests.cpp */,
+				0FA18545236B3C82003609A7 /* ScavengerExternalWorkTests.cpp */,
 				0FDE52552342B7C400A0808F /* SuspendScavenger.h */,
 				0FC681EB21127A16003C6A13 /* TestHarness.cpp */,
 				0FC681EA210FEDB5003C6A13 /* TestHarness.h */,
@@ -2708,6 +2711,7 @@
 				2B2A589C2742D815005EE07C /* PGMTests.cpp in Sources */,
 				0F5E483A23D69F610046DA5C /* RaceTests.cpp in Sources */,
 				0FF08F3622A59DB300386575 /* RedBlackTreeTests.cpp in Sources */,
+				0FA18546236B3C82003609A7 /* ScavengerExternalWorkTests.cpp in Sources */,
 				0FC681ED21127A19003C6A13 /* TestHarness.cpp in Sources */,
 				0F8700C225B0B26A000E1ABF /* ThingyAndUtilityHeapAllocationTests.cpp in Sources */,
 				2C473162277D4C9E00B62C49 /* TLCDecommitTests.cpp in Sources */,
diff --git a/Source/bmalloc/libpas/src/libpas/pas_scavenger.c b/Source/bmalloc/libpas/src/libpas/pas_scavenger.c
index 35875632ad766..ac62f6d73ea7b 100644
--- a/Source/bmalloc/libpas/src/libpas/pas_scavenger.c
+++ b/Source/bmalloc/libpas/src/libpas/pas_scavenger.c
@@ -44,6 +44,7 @@
 #include "pas_status_reporter.h"
 #include "pas_thread_local_cache.h"
 #include "pas_utility_heap.h"
+#include "pas_utils.h"
 #include <stdio.h>
 #include <sys/time.h>
 #include <unistd.h>
@@ -108,6 +109,7 @@ static pas_scavenger_data* ensure_data_instance(pas_lock_hold_mode heap_lock_hol
         
         pthread_mutex_init(&instance->lock, NULL);
         pthread_cond_init(&instance->cond, NULL);
+        pthread_mutex_init(&instance->foreign_work.lock, NULL);
 
         pas_fence();
         
@@ -202,6 +204,7 @@ static void* scavenger_thread_main(void* arg)
         uint64_t epoch;
         uint64_t delta;
         uint64_t max_epoch;
+        int installed_foreign_work_descriptors;
         bool did_overflow;
 #if PAS_OS(DARWIN)
         qos_class_t current_qos_class;
@@ -286,13 +289,24 @@ static void* scavenger_thread_main(void* arg)
             break;
         } }
 
+
+        installed_foreign_work_descriptors = data->foreign_work.next_open_descriptor;
+        PAS_ASSERT(installed_foreign_work_descriptors <= PAS_SCAVENGER_MAX_FOREIGN_WORK_DESCRIPTORS);
+        pas_fence();
+        for (int i = 0; i < installed_foreign_work_descriptors; i++) {
+            void* userdata = data->foreign_work.descriptors[i].userdata;
+            uint32_t requested_period_ticks = 1 << data->foreign_work.descriptors[i].period_log2_ticks;
+            if (!requested_period_ticks || pas_scavenger_tick_count % requested_period_ticks == 0)
+                should_go_again |= data->foreign_work.descriptors[i].func(userdata);
+        }
+
         if (verbose) {
             pas_log("%d: %.0lf: scavenger freed %zu bytes (%s, should_go_again = %s).\n",
                     getpid(), get_time_in_milliseconds(), scavenge_result.total_bytes,
                     pas_page_sharing_pool_take_result_get_string(scavenge_result.take_result),
                     should_go_again ? "yes" : "no");
         }
-        
+
         completion_callback = pas_scavenger_completion_callback;
         if (completion_callback)
             completion_callback();
@@ -387,6 +401,36 @@ static void* scavenger_thread_main(void* arg)
     return NULL;
 }
 
+bool pas_scavenger_try_install_foreign_work_callback(
+    pas_scavenger_foreign_work_callback callback,
+    uint32_t period_log2_ms,
+    void* userdata)
+{
+    pas_scavenger_data* data;
+
+    PAS_ASSERT(callback);
+
+    data = ensure_data_instance(pas_lock_is_not_held);
+    pthread_mutex_lock(&data->foreign_work.lock);
+
+    int slot = data->foreign_work.next_open_descriptor;
+    if (slot >= PAS_SCAVENGER_MAX_FOREIGN_WORK_DESCRIPTORS)
+        return false;
+
+    double requested_period_ms = pow(2.0, period_log2_ms);
+    uint32_t requested_ticks = (uint32_t)(requested_period_ms / pas_scavenger_period_in_milliseconds);
+
+    data->foreign_work.descriptors[slot].period_log2_ticks = pas_log2(requested_ticks);
+    data->foreign_work.descriptors[slot].func = callback;
+    data->foreign_work.descriptors[slot].userdata = userdata;
+    pas_store_store_fence();
+    data->foreign_work.next_open_descriptor = slot + 1;
+
+    pthread_mutex_unlock(&data->foreign_work.lock);
+
+    return true;
+}
+
 bool pas_scavenger_did_create_eligible(void)
 {
     if (pas_scavenger_current_state == pas_scavenger_state_polling)
diff --git a/Source/bmalloc/libpas/src/libpas/pas_scavenger.h b/Source/bmalloc/libpas/src/libpas/pas_scavenger.h
index c089346c3dfe4..5b68f96ac0e4a 100644
--- a/Source/bmalloc/libpas/src/libpas/pas_scavenger.h
+++ b/Source/bmalloc/libpas/src/libpas/pas_scavenger.h
@@ -52,10 +52,32 @@ PAS_BEGIN_EXTERN_C;
 struct pas_scavenger_data;
 typedef struct pas_scavenger_data pas_scavenger_data;
 
+/* Returns true if any work is still left to be done. */
+typedef bool (*pas_scavenger_foreign_work_callback)(void*);
+
+struct pas_scavenger_foreign_work_descriptor;
+typedef struct pas_scavenger_foreign_work_descriptor pas_scavenger_foreign_work_descriptor;
+struct pas_scavenger_foreign_work_data;
+typedef struct pas_scavenger_foreign_work_data pas_scavenger_foreign_work_data;
+#define PAS_SCAVENGER_MAX_FOREIGN_WORK_DESCRIPTORS 1
+
+struct pas_scavenger_foreign_work_descriptor {
+    pas_scavenger_foreign_work_callback func;
+    void* userdata;
+    uint32_t period_log2_ticks;
+};
+
+struct pas_scavenger_foreign_work_data {
+    pthread_mutex_t lock; /* Only guards writes. */
+    pas_scavenger_foreign_work_descriptor descriptors[PAS_SCAVENGER_MAX_FOREIGN_WORK_DESCRIPTORS];
+    int next_open_descriptor;
+};
+
 /* Holds data that needs to be initialized somehow. */
 struct pas_scavenger_data {
     pthread_mutex_t lock;
     pthread_cond_t cond;
+    pas_scavenger_foreign_work_data foreign_work;
 };
 
 /* This is available extern for testing and debugging only. */
@@ -92,6 +114,20 @@ PAS_API extern pas_scavenger_activity_callback pas_scavenger_completion_callback
    scavenger thread with no locks held. */
 PAS_API extern pas_scavenger_activity_callback pas_scavenger_will_shut_down_callback;
 
+/* If successful, arranges for the scavenger to call the callback
+ * with userdata as an argument. The scavenger will try to call it
+ * approximately once per the specified period, but no faster than once every
+ * pas_scavenger_period_in_milliseconds ms.
+ * This callback will only be called from the scavenger thread with no locks
+ * held.
+ * At most PAS_SCAVENGER_MAX_FOREIGN_WORK_DESCRIPTORS can be installed.
+ * Returns false if the callback could not be installed. */
+PAS_API bool pas_scavenger_try_install_foreign_work_callback(
+    pas_scavenger_foreign_work_callback callback,
+    uint32_t period_log2_ms,
+    void* userdata);
+
+
 /* This defers an eligibility notification. */
 PAS_API bool pas_scavenger_did_create_eligible(void);
 
diff --git a/Source/bmalloc/libpas/src/test/ScavengerExternalWorkTests.cpp b/Source/bmalloc/libpas/src/test/ScavengerExternalWorkTests.cpp
new file mode 100644
index 0000000000000..2d96da334baff
--- /dev/null
+++ b/Source/bmalloc/libpas/src/test/ScavengerExternalWorkTests.cpp
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2025 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "TestHarness.h"
+
+#include <atomic>
+#include <chrono>
+#include <thread>
+
+#include "pas_scavenger.h"
+
+using namespace std;
+
+extern "C" inline bool incrementCounter(void* counter)
+{
+    auto* atomic_counter = reinterpret_cast<std::atomic<int>*>(counter);
+    (*atomic_counter)++;
+    return false;
+}
+
+inline void testCallbacksAreCalledWhenExpected(int scavenger_on_ms, int scavenger_off_ms)
+{
+    TestScope frequentScavenging(
+        "frequent-scavenging",
+        [] () {
+            pas_scavenger_period_in_milliseconds = 1.;
+            pas_scavenger_max_epoch_delta = -1ll * 1000ll * 1000ll;
+        });
+
+    auto counter = 0;
+    [[maybe_unused]] void* counter_ptr = reinterpret_cast<void*>(&counter);
+    CHECK(pas_scavenger_try_install_foreign_work_callback(incrementCounter, 1, counter_ptr));
+
+    int prevCounterValue;
+    {
+        SuspendScavengerScope suspendScavenger;
+        prevCounterValue = counter;
+
+        std::this_thread::sleep_for(std::chrono::milliseconds(scavenger_off_ms));
+        CHECK_EQUAL(counter, prevCounterValue);
+    }
+
+    std::this_thread::sleep_for(std::chrono::milliseconds(scavenger_on_ms));
+    CHECK_GREATER(counter, prevCounterValue);
+}
+
+void addScavengerExternalWorkTests()
+{
+    ADD_TEST(testCallbacksAreCalledWhenExpected(50, 50));
+}
diff --git a/Source/bmalloc/libpas/src/test/TestHarness.cpp b/Source/bmalloc/libpas/src/test/TestHarness.cpp
index 2bf87780f8b54..2d4d51eb961e8 100644
--- a/Source/bmalloc/libpas/src/test/TestHarness.cpp
+++ b/Source/bmalloc/libpas/src/test/TestHarness.cpp
@@ -373,6 +373,7 @@ void addMinHeapTests();
 void addPGMTests();
 void addRaceTests();
 void addRedBlackTreeTests();
+void addScavengerExternalWorkTests();
 void addTLCDecommitTests();
 void addTSDTests();
 void addThingyAndUtilityHeapAllocationTests();

From abac75d5057f05b131c17c93a70925418f672cba Mon Sep 17 00:00:00 2001
From: Andy Estes <aestes@apple.com>
Date: Mon, 24 Feb 2025 14:12:36 -0800
Subject: [PATCH 158/174] [iOS] Enable speaker selection APIs by default
 https://bugs.webkit.org/show_bug.cgi?id=288231 rdar://145317248

Reviewed by Eric Carlson.

Enabled ExposeSpeakersEnabled, ExposeSpeakersWithoutMicrophoneEnabled, and
PerElementSpeakerSelectionEnabled by default on iOS-family platforms.

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:

Canonical link: https://commits.webkit.org/290979@main
---
 Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
index 45eb56740d792..70c912b1c720c 100644
--- a/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
+++ b/Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
@@ -2902,7 +2902,7 @@ ExposeSpeakersEnabled:
   condition: ENABLE(MEDIA_STREAM)
   defaultValue:
     WebKit:
-      "PLATFORM(MAC)": true
+      "PLATFORM(COCOA)": true
       default: false
     WebCore:
       default: false
@@ -2916,7 +2916,7 @@ ExposeSpeakersWithoutMicrophoneEnabled:
   condition: ENABLE(MEDIA_STREAM)
   defaultValue:
     WebKit:
-      "PLATFORM(MAC)": true
+      "PLATFORM(COCOA)": true
       default: false
     WebCore:
       default: false
@@ -5777,7 +5777,7 @@ PerElementSpeakerSelectionEnabled:
   condition: ENABLE(MEDIA_STREAM)
   defaultValue:
     WebKit:
-      "PLATFORM(MAC)": true
+      "PLATFORM(COCOA)": true
       default: false
     WebCore:
       default: false

From a93a850d95abeff529f1c0fac4bb23d60db9508c Mon Sep 17 00:00:00 2001
From: Nathan Solomon <nathan_solomon@apple.com>
Date: Mon, 24 Feb 2025 14:19:13 -0800
Subject: [PATCH 159/174] Revert "Document Leak Occurs when opening Context
 Menu"

This reverts commit a6ce7b296295f0b388d6c7ea235bdc2490d13508.

rdar://144376351
https://bugs.webkit.org/show_bug.cgi?id=288389

Reviewed by Ryan Reno.

Reverting this document leak fix because we think that this change is likely causing a nullptr dereference crash in certain cases
where a Ref to a Node (contained in the Context Menu state) has been cleared after dismissing the context menu but the
user still needs to select an item from the context menu item. The Node is then accessed while its null.

Combined changes:
* LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak-expected.txt: Removed.
* LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html: Removed.
* LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html:
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/resources/document-leak-test.js:
(runDocumentLeakTest):
(async runDocumentLeakTestSynchronously): Deleted.
(cleanIframeUponMessageReceived): Deleted.
* Source/WebCore/page/ContextMenuController.cpp:
(WebCore::ContextMenuController::didDismissContextMenu):
* Source/WebCore/page/ContextMenuController.h:
(WebCore::ContextMenuController::setContextMenuContext):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didDismissContextMenu):

Canonical link: https://commits.webkit.org/290980@main
---
 ...ntext-menu-item-does-not-leak-expected.txt | 10 ----
 ...ction-context-menu-item-does-not-leak.html | 13 -----
 ...spelling-correction-context-menu-item.html | 15 +-----
 LayoutTests/platform/mac-wk1/TestExpectations |  1 -
 LayoutTests/resources/document-leak-test.js   | 52 -------------------
 Source/WebCore/page/ContextMenuController.cpp |  1 -
 Source/WebCore/page/ContextMenuController.h   |  1 +
 Source/WebCore/testing/Internals.cpp          |  4 --
 Source/WebKit/UIProcess/WebPageProxy.cpp      |  6 +--
 9 files changed, 5 insertions(+), 98 deletions(-)
 delete mode 100644 LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak-expected.txt
 delete mode 100644 LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html

diff --git a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak-expected.txt b/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak-expected.txt
deleted file mode 100644
index 49bd11e077926..0000000000000
--- a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak-expected.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Tests that opening the context menu does not leak the document object.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS The iframe document didn't leak.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
diff --git a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html b/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html
deleted file mode 100644
index b5a0cbdc3dbd7..0000000000000
--- a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src="../../../resources/js-test-pre.js"></script>
-<script src="../../../resources/document-leak-test.js"></script>
-</head>
-<script>
-    description("Tests that opening the context menu does not leak the document object.");
-    onload = () => runDocumentLeakTestSynchronously("disable-automatic-spelling-correction-context-menu-item.html");
-</script>
-<script src="../../../resources/js-test-post.js"></script>
-</body>
-</html>
diff --git a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html b/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html
index 842244b4bf912..87b27c18f1a3b 100644
--- a/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html
+++ b/LayoutTests/editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html
@@ -6,24 +6,18 @@
 <body>
     <div><input id="top" autocorrect="off"></input></div>
     <div><input id="bottom"></input></div>
+</body>
 <p id="description"></p>
 <p id="console"></p>
 </body>
 <script>
 function isSpellingCorrectionMenuItemEnabled(element)
 {
-    if (window.frameElement)
-        window.frameElement.scrollIntoView(true);
-
     const elementRect = element.getBoundingClientRect();
     eventSender.mouseMoveTo(elementRect.left + elementRect.width / 2, elementRect.top + elementRect.height / 2);
 
     const spellingMenuItem = eventSender.contextClick().find(item => item.title === "Spelling and Grammar");
-    var isFound = spellingMenuItem.children.find(item => item.title === "Correct Spelling Automatically").enabled;
-    // open the context menu through the UI process
-    eventSender.mouseDown(2);
-    eventSender.mouseUp(2);
-    return isFound;
+    return spellingMenuItem.children.find(item => item.title === "Correct Spelling Automatically").enabled;
 }
 
 description("Verifies that autocorrect='off' disables the 'Correct Spelling Automatically' context menu item on macOS. To manually test, check that the menu item is disabled when right clicking the top text field, but enabled when clicking the bottom text field.");
@@ -34,11 +28,6 @@
 if (window.eventSender) {
     shouldBeFalse("isSpellingCorrectionMenuItemEnabled(topInput)");
     shouldBeTrue("isSpellingCorrectionMenuItemEnabled(bottomInput)");
-    // remove focus from the input element by clicking somewhere else or this document won't be gc'able on an iframe-based document leak test
-    eventSender.mouseMoveTo(0, 0);
-    eventSender.mouseDown();
 }
-
-onload = () => parent.postMessage("iframe loaded");
 </script>
 </html>
diff --git a/LayoutTests/platform/mac-wk1/TestExpectations b/LayoutTests/platform/mac-wk1/TestExpectations
index 80933539efc13..105017f3779fc 100644
--- a/LayoutTests/platform/mac-wk1/TestExpectations
+++ b/LayoutTests/platform/mac-wk1/TestExpectations
@@ -1353,7 +1353,6 @@ editing/secure-input/reset-state-on-navigation.html [ Failure ]
 
 # Context menu API is not exposed on DumpRenderTree.
 editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item.html [ Skip ]
-editing/mac/spelling/disable-automatic-spelling-correction-context-menu-item-does-not-leak.html [ Skip ]
 
 # Color input is not yet implemented on Mac WK1. Currently, using it erroneously triggers an ASSERT_NOT_REACHED.
 webkit.org/b/119094 fast/forms/color/input-color-onchange-event.html [ Skip ]
diff --git a/LayoutTests/resources/document-leak-test.js b/LayoutTests/resources/document-leak-test.js
index 1822f801f7a13..c51f47d0a3c4e 100644
--- a/LayoutTests/resources/document-leak-test.js
+++ b/LayoutTests/resources/document-leak-test.js
@@ -85,55 +85,3 @@ function runDocumentLeakTest(options)
     window.addEventListener("message", message => iframeSentMessage(message));
     allFrames.forEach(iframe => iframe.src = options.frameURL);
 }
-
-
-async function runDocumentLeakTestSynchronously(frameURL)
-{
-    for (var i = 0; i < 20; i++) {
-        createFrames(1);
-        allFrames[0].src = frameURL;
-        let result = await cleanIframeUponMessageReceived();
-        if (result) {
-            testPassed("The iframe document didn't leak.");
-            finishJSTest();
-        }
-    }
-    testFailed("All iframe documents leaked.");
-    finishJSTest();
-}
-
-function cleanIframeUponMessageReceived()
-{
-    return new Promise((resolve) => {
-        const listener = (message) => {
-            if (message.data === "testFailed") {
-                testFailed("Error loading the initial frameURL.");
-                return finishJSTest();
-            }
-            let iframe = iframeForMessage(message);
-            let frameDocumentID = internals.documentIdentifier(iframe.contentWindow.document);
-            let checkCount = 0;
-            iframe.addEventListener("load", () => {
-                let handle = setInterval(() => {
-                    gc();
-                    if (!internals.isDocumentAlive(frameDocumentID)) {
-                        clearInterval(handle);
-                        window.removeEventListener("message", listener);
-                        resolve(true);
-                        return;
-                    }
-        
-                    if (++checkCount > 5) {
-                        clearInterval(handle);
-                        window.removeEventListener("message", listener);
-                        resolve(false);
-                        return;
-                    }
-                }, 10);
-            }, { once: true });
-            iframe.src = "about:blank";
-        }
-        window.addEventListener("message", listener);
-      });
-}
-
diff --git a/Source/WebCore/page/ContextMenuController.cpp b/Source/WebCore/page/ContextMenuController.cpp
index 475d8a5ddf22e..ea88e193905d5 100644
--- a/Source/WebCore/page/ContextMenuController.cpp
+++ b/Source/WebCore/page/ContextMenuController.cpp
@@ -259,7 +259,6 @@ void ContextMenuController::didDismissContextMenu()
 {
     if (RefPtr menuProvider = m_menuProvider)
         menuProvider->didDismissContextMenu();
-    m_context = ContextMenuContext();
 }
 
 static void openNewWindow(const URL& urlToLoad, LocalFrame& frame, Event* event, ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy)
diff --git a/Source/WebCore/page/ContextMenuController.h b/Source/WebCore/page/ContextMenuController.h
index e853e491a9009..5f37f1a97c954 100644
--- a/Source/WebCore/page/ContextMenuController.h
+++ b/Source/WebCore/page/ContextMenuController.h
@@ -65,6 +65,7 @@ class ContextMenuController {
 
     WEBCORE_EXPORT void checkOrEnableIfNeeded(ContextMenuItem&) const;
 
+    void setContextMenuContext(const ContextMenuContext& context) { m_context = context; }
     const ContextMenuContext& context() const { return m_context; }
     const HitTestResult& hitTestResult() const { return m_context.hitTestResult(); }
 
diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp
index b1dce7a3ef269..c42b115173135 100644
--- a/Source/WebCore/testing/Internals.cpp
+++ b/Source/WebCore/testing/Internals.cpp
@@ -58,7 +58,6 @@
 #include "ColorChooser.h"
 #include "ColorSerialization.h"
 #include "ComposedTreeIterator.h"
-#include "ContextMenuController.h"
 #include "CookieJar.h"
 #include "CrossOriginPreflightResultCache.h"
 #include "Cursor.h"
@@ -602,9 +601,6 @@ void Internals::resetToConsistentState(Page& page)
     localMainFrame->loader().clearTestingOverrides();
     if (auto* applicationCacheStorage = page.applicationCacheStorage())
         applicationCacheStorage->setDefaultOriginQuota(ApplicationCacheStorage::noQuota());
-#if ENABLE(CONTEXT_MENUS)
-    page.contextMenuController().didDismissContextMenu();
-#endif
 #if ENABLE(VIDEO)
     page.group().ensureCaptionPreferences().setCaptionDisplayMode(CaptionUserPreferences::CaptionDisplayMode::ForcedOnly);
     page.group().ensureCaptionPreferences().setCaptionsStyleSheetOverride(emptyString());
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index fda220425e2c2..46b6aba711bd4 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -10083,10 +10083,8 @@ void WebPageProxy::didShowContextMenu()
 
 void WebPageProxy::didDismissContextMenu()
 {
-    RunLoop::protectedMain()->dispatch([weakPage = WeakPtr { *this }] {
-        if (RefPtr page = weakPage.get())
-            page->send(Messages::WebPage::DidDismissContextMenu());
-    });
+    send(Messages::WebPage::DidDismissContextMenu());
+
     if (RefPtr pageClient = this->pageClient())
         pageClient->didDismissContextMenu();
 }

From 4688eebc510255859bc0b118bc08d12f0cccfe01 Mon Sep 17 00:00:00 2001
From: Abrar Rahman Protyasha <a_protyasha@apple.com>
Date: Mon, 24 Feb 2025 14:31:27 -0800
Subject: [PATCH 160/174] [ Gardening ] REGRESSION(290220@main): [ iOS Debug ]
 TestWebKitAPI.WKWebView.IsDisplayingPDF is a constant timeout
 https://bugs.webkit.org/show_bug.cgi?id=288406 rdar://145507942

Unreviewed test gardening.

Skip the UnifiedPDF portion of this API test on iOS debug for now since
we assert under WebCore::ScrollView::scrollTo() after 290220@main.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm:
(TEST(WKWebView, IsDisplayingPDF)):

Canonical link: https://commits.webkit.org/290981@main
---
 Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm
index 084d8e353f38e..a910dd1ecffaa 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKPDFView.mm
@@ -211,12 +211,15 @@ static void createHostViewForExtensionIdentifier(void(^callback)(id hostViewCont
 
     runTest(webView);
 
+    // FIXME: <webkit.org/b/288406> REGRESSION(290220@main): [ iOS Debug ] TestWebKitAPI.WKWebView.IsDisplayingPDF is a constant timeout
+#if !PLATFORM(IOS_FAMILY) || defined(NDEBUG)
 #if ENABLE(UNIFIED_PDF)
     if constexpr (TestWebKitAPI::unifiedPDFForTestingEnabled) {
         webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:TestWebKitAPI::configurationForWebViewTestingUnifiedPDF().get() addToWindow:YES]);
         runTest(webView);
     }
 #endif
+#endif
 }
 
 #endif

From 5d4feeaef67a95a369beb8242abd28bf64bc4251 Mon Sep 17 00:00:00 2001
From: Michael Saboff <msaboff@apple.com>
Date: Mon, 24 Feb 2025 14:34:49 -0800
Subject: [PATCH 161/174] [Yarr] Improve processing of an alternation of
 strings https://bugs.webkit.org/show_bug.cgi?id=288102 rdar://145222010

Reviewed by Yusuke Suzuki.

Added the notion of a string list to a parsed RegExp that is in the form of
  /^(?:break|case|which|do|for)/ with an optional trailing $.
Such a RegExp will not backtrack and therefore we can streamline the code we emit for such a pattern.

This change involves recognizing beginning of string anchored alternations of strings while parsing and
then treating the generation of JIT code differently for these patterns.  This includes changing how
conditional branching works, specifically that instead of the "fall through on match" for each term,
to a "jump on match" for the whole alternation.

Fixed a bug in the original version where we weren't properly checking the nested alternatives to see
if they only contain fixed single count PatternCharacter terms.

The current code generated for the "case" elternative is:
   8:Term PatternCharacter checked-offset:(3) 'c'
               <156> 0x11381430c:    add      w1, w1, #2
               <160> 0x113814310:    cmp      w1, w2
               <164> 0x113814314:    b.hi     0x113814444 -> <468>
  10:Term PatternCharacter checked-offset:(4) 'c'
               <168> 0x113814318:    sub      x17, x0, #4
               <172> 0x11381431c:    ldr      w17, [x17, x1]
               <176> 0x113814320:    movz     w16, #0x6163
               <180> 0x113814324:    movk     w16, #0x6573, lsl #16 -> 0x65736163
               <184> 0x113814328:    cmp      w17, w16
               <188> 0x11381432c:    b.ne     0x113814444 -> <468>
  11:Term PatternCharacter checked-offset:(4) 'a' already handled
  12:Term PatternCharacter checked-offset:(4) 's' already handled
  13:Term PatternCharacter checked-offset:(4) 'e' already handled
  14:NestedAlternativeNext minimum-size:(5),checked-offset:(5)
               <192> 0x113814330:    movz     x16, #0x4444
               <196> 0x113814334:    movk     x16, #0x1381, lsl #16
               <200> 0x113814338:    movk     x16, #0x8001, lsl #32
               <204> 0x11381433c:    movk     x16, #0xc973, lsl #48 -> 0x113814444 JIT PC
               <208> 0x113814340:    stur     x16, [sp, #8]
               <212> 0x113814344:    b        0x113814404 -> <404>
With some additional backtracking code:
   9:NestedAlternativeNext minimum-size:(4),checked-offset:(4)
               <468> 0x113814444:    sub      w1, w1, #2
               <472> 0x113814448:    b        0x113814348 -> <216>

With this change, the processing of "case" becomes:
   9:StringListAlternativeNext minimum-size:(4),checked-offset:(4)
               <132> 0x12a8285c4:    sub      w1, w1, #1
               <136> 0x12a8285c8:    cmp      w1, w2
               <140> 0x12a8285cc:    b.hi     0x12a8285e8 -> <168>
  10:Term PatternCharacter checked-offset:(4) 'c'
               <144> 0x12a8285d0:    sub      x17, x0, #4
               <148> 0x12a8285d4:    ldr      w17, [x17, x1]
               <152> 0x12a8285d8:    movz     w16, #0x6163
               <156> 0x12a8285dc:    movk     w16, #0x6573, lsl #16 -> 0x65736163
               <160> 0x12a8285e0:    cmp      w17, w16
               <164> 0x12a8285e4:    b.eq     0x12a82866c -> <300>
  11:Term PatternCharacter checked-offset:(4) 'a' already handled
  12:Term PatternCharacter checked-offset:(4) 's' already handled
  13:Term PatternCharacter checked-offset:(4) 'e' already handled
  14:StringListAlternativeNext minimum-size:(5),checked-offset:(5)
With no backtracking code.

We are able to eliminate one branch and the saving of the continuation PC for backtracking.
The code size to process these string list RegExp is reduces.  For the example RegExp above,
the prior version created 1940 bytes (485 instructions) of code while the code created with this
1392 bytes (345 instructions) of code, a nearly 30% reduction in code.

This change is a ~18% progression on the new regexp-keyword-parsing microbenchmark:

                                 Baseline               YarrStringList

regexp-keyword-parsing      136.7065+-0.9807     ^    116.0161+-1.1791        ^ definitely 1.1783x faster

<geometric>                 136.7065+-0.9807     ^    116.0161+-1.1791        ^ definitely 1.1783x faster

* JSTests/microbenchmarks/regexp-keyword-parsing.js: Added.
(arrayToString):
(objectToString):
(dumpValue):
(compareArray):
(compareGroups):
(testRegExp):
(testRegExpSyntaxError):
(let.re.break.case.catch.continue.debugger.default.else.finally.if):
(let.re1.break.case.catch.continue.debugger.default.else.finally.if):
* JSTests/stress/regexp-parsing-tokens.js: Added.
(arrayToString):
(objectToString):
(dumpValue):
(compareArray):
(compareGroups):
(testRegExp):
(testRegExpSyntaxError):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
(JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
(JSC::Yarr::PatternAlternative::dump):
(JSC::Yarr::PatternTerm::dump):
* Source/JavaScriptCore/yarr/YarrPattern.h:
(JSC::Yarr::PatternTerm::PatternTerm):
(JSC::Yarr::PatternAlternative::PatternAlternative):

Canonical link: https://commits.webkit.org/290982@main
---
 .../microbenchmarks/regexp-keyword-parsing.js | 175 ++++++++++
 JSTests/stress/regexp-parsing-tokens.js       | 253 ++++++++++++++
 Source/JavaScriptCore/yarr/YarrJIT.cpp        | 323 +++++++++++++-----
 Source/JavaScriptCore/yarr/YarrPattern.cpp    |  61 +++-
 Source/JavaScriptCore/yarr/YarrPattern.h      |   4 +
 5 files changed, 732 insertions(+), 84 deletions(-)
 create mode 100644 JSTests/microbenchmarks/regexp-keyword-parsing.js
 create mode 100644 JSTests/stress/regexp-parsing-tokens.js

diff --git a/JSTests/microbenchmarks/regexp-keyword-parsing.js b/JSTests/microbenchmarks/regexp-keyword-parsing.js
new file mode 100644
index 0000000000000..ca1779072791b
--- /dev/null
+++ b/JSTests/microbenchmarks/regexp-keyword-parsing.js
@@ -0,0 +1,175 @@
+// With verbose set to false, this test is successful if there is no output.  Set verbose to true to see expected matches.
+let verbose = false;
+
+function arrayToString(arr)
+{
+    let str = '';
+    arr.forEach(function(v, index) {
+        if (typeof v == "string")
+            str += "\"" + v + "\"";
+        else
+            str += v;
+
+        if (index != (arr.length - 1))
+            str += ',';
+      });
+  return str;
+}
+
+function objectToString(obj)
+{
+    let str = "";
+
+    firstEntry = true;
+
+    for (const [key, value] of Object.entries(obj)) {
+        if (!firstEntry)
+            str += ", ";
+
+        str += key + ": " + dumpValue(value);
+
+        firstEntry = false;
+    }
+
+    return "{ " + str + " }";
+}
+
+function dumpValue(v)
+{
+    if (v === null)
+        return "<null>";
+
+    if (v === undefined)
+        return "<undefined>";
+
+    if (typeof v == "string")
+        return "\"" + v + "\"";
+
+    let str = "";
+
+    if (v.length)
+        str += arrayToString(v);
+
+    if (v.groups) {
+        groupStr = objectToString(v.groups);
+
+        if (str.length) {
+            if ( groupStr.length)
+                str += ", " + groupStr;
+        } else
+            str = groupStr;
+    }
+
+    return "[ " + str + " ]";
+}
+
+function compareArray(expected, actual)
+{
+    if (expected === null && actual === null)
+        return true;
+
+    if (expected === null) {
+        print("### expected is null, actual is not null");
+        return false;
+    }
+
+    if (actual === null) {
+        print("### expected is not null, actual is null");
+        return false;
+    }
+
+    if (expected.length !== actual.length) {
+        print("### expected.length: " + expected.length + ", actual.length: " + actual.length);
+        return false;
+    }
+
+    for (var i = 0; i < expected.length; i++) {
+        if (expected[i] !== actual[i]) {
+            print("### expected[" + i + "]: \"" + expected[i] + "\" !== actual[" + i + "]: \"" + actual[i] + "\"");
+            return false;
+        }
+    }
+
+    return true;
+}
+
+function compareGroups(expected, actual)
+{
+    if (expected === null && actual === null)
+        return true;
+
+    if (expected === null) {
+        print("### expected group is null, actual group is not null");
+        return false;
+    }
+
+    if (actual === null) {
+        print("### expected group is not null, actual group is null");
+        return false;
+    }
+
+    for (const key in expected) {
+        if (expected[key] !== actual[key]) {
+            print("### expected." + key + ": " + dumpValue(expected[key]) + " !== actual." + key + ": " + dumpValue(actual[key]));
+            return false;
+        }
+    }
+
+    return true;
+}
+
+let testNumber = 0;
+
+function testRegExp(re, str, exp, groups)
+{
+    testNumber++;
+
+    if (groups)
+        exp.groups = groups;
+
+    let actual = re.exec(str);
+
+    let result = compareArray(exp, actual);;
+
+    if (exp && exp.groups) {
+        if (!compareGroups(exp.groups, actual.groups))
+            result = false;
+    }
+
+    if (result) {
+        if (verbose)
+            print(re.toString() + ".exec(" + dumpValue(str) + "), passed ", dumpValue(exp));
+    } else
+        print(re.toString() + ".exec(" + dumpValue(str) + "), FAILED test #" + testNumber + ", Expected ", dumpValue(exp), " got ", dumpValue(actual));
+}
+
+function testRegExpSyntaxError(reString, flags, expError)
+{
+    testNumber++;
+
+
+    try {
+        let re = new RegExp(reString, flags);
+        print("FAILED test #" + testNumber + ", Expected /" + reString + "/" + flags + " to throw \"" + expError + "\", but it didn't");
+    } catch (e) {
+        if (e != expError)
+            print("FAILED test #" + testNumber + ", Expected /" + reString + "/" + flags + " to throw \"" + expError + "\" got \"" + e + "\"");
+        else if (verbose)
+            print("/" + reString + "/" + flags + " passed, it threw \"" + expError + "\" as expected");
+    }
+}
+
+let re = /^(?:break|case|catch|continue|debugger|default|do|else|finally|for|function|if|return|switch|throw|try|var|while|with|null|true|false|instanceof|typeof|void|delete|new|in|this)/;
+
+for (i = 0; i < 1000000; i++) {
+    testRegExp(re, "function", ["function"]);
+    testRegExp(re, "return", ["return"]);
+    testRegExp(re, "let", null);
+}
+
+let re1 = /^(?:break|case|catch|continue|debugger|default|do|else|finally|for|function|if|return|switch|throw|try|var|while|with|null|true|false|instanceof|typeof|void|delete|new|in|this)$/;
+
+for (i = 0; i < 1000000; i++) {
+    testRegExp(re1, "throw", ["throw"]);
+    testRegExp(re1, "while", ["while"]);
+}
diff --git a/JSTests/stress/regexp-parsing-tokens.js b/JSTests/stress/regexp-parsing-tokens.js
new file mode 100644
index 0000000000000..c3030d88178a7
--- /dev/null
+++ b/JSTests/stress/regexp-parsing-tokens.js
@@ -0,0 +1,253 @@
+// With verbose set to false, this test is successful if there is no output.  Set verbose to true to see expected matches.
+let verbose = false;
+
+function arrayToString(arr)
+{
+    let str = '';
+    arr.forEach(function(v, index) {
+        if (typeof v == "string")
+            str += "\"" + v + "\"";
+        else
+            str += v;
+
+        if (index != (arr.length - 1))
+            str += ',';
+      });
+  return str;
+}
+
+function objectToString(obj)
+{
+    let str = "";
+
+    firstEntry = true;
+
+    for (const [key, value] of Object.entries(obj)) {
+        if (!firstEntry)
+            str += ", ";
+
+        str += key + ": " + dumpValue(value);
+
+        firstEntry = false;
+    }
+
+    return "{ " + str + " }";
+}
+
+function dumpValue(v)
+{
+    if (v === null)
+        return "<null>";
+
+    if (v === undefined)
+        return "<undefined>";
+
+    if (typeof v == "string")
+        return "\"" + v + "\"";
+
+    let str = "";
+
+    if (v.length)
+        str += arrayToString(v);
+
+    if (v.groups) {
+        groupStr = objectToString(v.groups);
+
+        if (str.length) {
+            if ( groupStr.length)
+                str += ", " + groupStr;
+        } else
+            str = groupStr;
+    }
+
+    return "[ " + str + " ]";
+}
+
+function compareArray(expected, actual)
+{
+    if (expected === null && actual === null)
+        return true;
+
+    if (expected === null) {
+        print("### expected is null, actual is not null");
+        return false;
+    }
+
+    if (actual === null) {
+        print("### expected is not null, actual is null");
+        return false;
+    }
+
+    if (expected.length !== actual.length) {
+        print("### expected.length: " + expected.length + ", actual.length: " + actual.length);
+        return false;
+    }
+
+    for (var i = 0; i < expected.length; i++) {
+        if (expected[i] !== actual[i]) {
+            print("### expected[" + i + "]: \"" + expected[i] + "\" !== actual[" + i + "]: \"" + actual[i] + "\"");
+            return false;
+        }
+    }
+
+    return true;
+}
+
+function compareGroups(expected, actual)
+{
+    if (expected === null && actual === null)
+        return true;
+
+    if (expected === null) {
+        print("### expected group is null, actual group is not null");
+        return false;
+    }
+
+    if (actual === null) {
+        print("### expected group is not null, actual group is null");
+        return false;
+    }
+
+    for (const key in expected) {
+        if (expected[key] !== actual[key]) {
+            print("### expected." + key + ": " + dumpValue(expected[key]) + " !== actual." + key + ": " + dumpValue(actual[key]));
+            return false;
+        }
+    }
+
+    return true;
+}
+
+let testNumber = 0;
+
+function testRegExp(re, str, exp, groups)
+{
+    testNumber++;
+
+    if (groups)
+        exp.groups = groups;
+
+    let actual = re.exec(str);
+
+    let result = compareArray(exp, actual);;
+
+    if (exp && exp.groups) {
+        if (!compareGroups(exp.groups, actual.groups))
+            result = false;
+    }
+
+    if (result) {
+        if (verbose)
+            print(re.toString() + ".exec(" + dumpValue(str) + "), passed ", dumpValue(exp));
+    } else
+        print(re.toString() + ".exec(" + dumpValue(str) + "), FAILED test #" + testNumber + ", Expected ", dumpValue(exp), " got ", dumpValue(actual));
+}
+
+function testRegExpSyntaxError(reString, flags, expError)
+{
+    testNumber++;
+
+
+    try {
+        let re = new RegExp(reString, flags);
+        print("FAILED test #" + testNumber + ", Expected /" + reString + "/" + flags + " to throw \"" + expError + "\", but it didn't");
+    } catch (e) {
+        if (e != expError)
+            print("FAILED test #" + testNumber + ", Expected /" + reString + "/" + flags + " to throw \"" + expError + "\" got \"" + e + "\"");
+        else if (verbose)
+            print("/" + reString + "/" + flags + " passed, it threw \"" + expError + "\" as expected");
+    }
+}
+
+// Test 1
+let re1 = /^(?:break|case|which|do|for)/i;
+
+testRegExp(re1, "case", ["case"]);
+testRegExp(re1, "FOR", ["FOR"]);
+testRegExp(re1, "throw", null);
+
+// Test 4
+// ЛЕВЫЙ | ПРАВЫЙ | left | right  note: ЛЕВЫЙ is Russian for left and ПРАВЫЙ is Russian for right
+let re2 = /^(?:\u{041b}\u{0415}\u{0412}\u{042b}\u{0419}|\u{041f}\u{0420}\u{0410}\u{0412}\u{042b}\u{0419}|left|right)$/u;
+
+testRegExp(re2, "\u{041f}\u{0420}\u{0410}\u{0412}\u{042b}\u{0419}", ["\u{041f}\u{0420}\u{0410}\u{0412}\u{042b}\u{0419}"]);
+testRegExp(re2, "\u{041b}\u{0415}\u{0412}\u{042b} ", null);
+testRegExp(re2, "left", ["left"]);
+testRegExp(re2, "center", null);
+
+// Test 8
+let re3 = /^(?:something|everything|anything)$/;
+testRegExp(re3, "something", ["something"]);
+testRegExp(re3, "anything", ["anything"]);
+testRegExp(re3, "everything", ["everything"]);
+testRegExp(re3, "anything but", null);
+
+// Test 12
+let re4 = /^(?:break|case|catch|continue|debugger|default|do|else|finally|for|function|if|return|switch|throw|try|var|while|with|null|true|false|instanceof|typeof|void|delete|new|in|this)/;
+
+testRegExp(re4, "break", ["break"]);
+testRegExp(re4, "catch", ["catch"]);
+testRegExp(re4, "throw", ["throw"]);
+testRegExp(re4, " throw", null);
+testRegExp(re4, "return", ["return"]);
+testRegExp(re4, "until", null);
+
+// Test 18
+let re5 = /^(?:break|case|catch|continue|debugger|default|do|else|finally|for|function|if|return|switch|throw|try|var|while|with|null|true|false|instanceof|typeof|void|delete|new|in|this)$/;
+
+testRegExp(re5, "throw", ["throw"]);
+testRegExp(re5, " throw", null);
+testRegExp(re5, "function", ["function"]);
+testRegExp(re5, "return", ["return"]);
+testRegExp(re5, "let", null);
+testRegExp(re5, "until", null);
+
+// Test 24
+let re6 = /^(?:a*|b*|c*)/;
+
+testRegExp(re6, "", [""]);
+testRegExp(re6, "a", ["a"]);
+testRegExp(re6, "aa", ["aa"]);
+testRegExp(re6, "b", [""]);
+testRegExp(re6, "bbb", [""]);
+testRegExp(re6, "c", [""]);
+testRegExp(re6, "cc", [""]);
+
+// Test 31
+let re7 = /^(?:a+|b+|c+)/;
+
+testRegExp(re7, "a", ["a"]);
+testRegExp(re7, "aaa", ["aaa"]);
+testRegExp(re7, "aa", ["aa"]);
+testRegExp(re7, "b", ["b"]);
+testRegExp(re7, "bb", ["bb"]);
+testRegExp(re7, "bbb", ["bbb"]);
+testRegExp(re7, "c", ["c"]);
+testRegExp(re7, "cc", ["cc"]);
+testRegExp(re7, "ccc", ["ccc"]);
+
+// Test 40
+let re8 = /^(?:a{1,}|b{1,}|c{1,})/;
+
+testRegExp(re8, "a", ["a"]);
+testRegExp(re8, "aa", ["aa"]);
+testRegExp(re8, "aaa", ["aaa"]);
+testRegExp(re8, "b", ["b"]);
+testRegExp(re8, "bb", ["bb"]);
+testRegExp(re8, "bbb", ["bbb"]);
+testRegExp(re8, "c", ["c"]);
+testRegExp(re8, "cc", ["cc"]);
+testRegExp(re8, "ccc", ["ccc"]);
+
+// Test 49
+let re9 = /^(?:a{2}|b{2}|c{2})/;
+
+testRegExp(re9, "a", null);
+testRegExp(re9, "aa", ["aa"]);
+testRegExp(re9, "aaa", ["aa"]);
+testRegExp(re9, "b", null);
+testRegExp(re9, "bb", ["bb"]);
+testRegExp(re9, "bbb", ["bb"]);
+testRegExp(re9, "c", null);
+testRegExp(re9, "cc", ["cc"]);
+testRegExp(re9, "ccc", ["cc"]);
diff --git a/Source/JavaScriptCore/yarr/YarrJIT.cpp b/Source/JavaScriptCore/yarr/YarrJIT.cpp
index 5da9cdcac26b3..c431b11db5bc9 100644
--- a/Source/JavaScriptCore/yarr/YarrJIT.cpp
+++ b/Source/JavaScriptCore/yarr/YarrJIT.cpp
@@ -317,13 +317,17 @@ class YarrGenerator final : public YarrJITInfo {
             MatchSuccessFallThrough = PreferMatchFailed
         };
 
+        MatchTargets(PreferredTarget preferredTarget = PreferredTarget::NoPreference)
+            : m_preferredTarget(preferredTarget)
+        { }
+
         MatchTargets(MacroAssembler::JumpList& matchDest)
             : m_matchSucceededTargets(&matchDest)
             , m_preferredTarget(PreferredTarget::PreferMatchSucceeded)
         { }
 
         MatchTargets(MacroAssembler::JumpList& compareDest, PreferredTarget preferredTarget)
-            : m_preferredTarget(&preferredTarget)
+            : m_preferredTarget(preferredTarget)
         {
             if (preferredTarget == PreferredTarget::PreferMatchFailed)
                 m_matchFailedTargets = &compareDest;
@@ -1077,7 +1081,8 @@ class YarrGenerator final : public YarrJITInfo {
             m_jit.load16Unaligned(address, resultReg);
     }
 
-    MacroAssembler::Jump jumpIfCharNotEquals(char32_t ch, Checked<unsigned> negativeCharacterOffset, MacroAssembler::RegisterID character, bool ignoreCase)
+    template<MacroAssembler::RelationalCondition cond>
+    MacroAssembler::Jump jumpIfCharCond(char32_t ch, Checked<unsigned> negativeCharacterOffset, MacroAssembler::RegisterID character, bool ignoreCase)
     {
         readCharacter(negativeCharacterOffset, character);
 
@@ -1089,7 +1094,17 @@ class YarrGenerator final : public YarrJITInfo {
             ch |= 0x20;
         }
 
-        return m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(ch));
+        return m_jit.branch32(cond, character, MacroAssembler::Imm32(ch));
+    }
+
+    MacroAssembler::Jump jumpIfCharNotEquals(char32_t ch, Checked<unsigned> negativeCharacterOffset, MacroAssembler::RegisterID character, bool ignoreCase)
+    {
+        return jumpIfCharCond<MacroAssembler::NotEqual>(ch, negativeCharacterOffset, character, ignoreCase);
+    }
+
+    MacroAssembler::Jump jumpIfCharEquals(char32_t ch, Checked<unsigned> negativeCharacterOffset, MacroAssembler::RegisterID character, bool ignoreCase)
+    {
+        return jumpIfCharCond<MacroAssembler::Equal>(ch, negativeCharacterOffset, character, ignoreCase);
     }
     
     void storeToFrame(MacroAssembler::RegisterID reg, unsigned frameLocation)
@@ -1248,6 +1263,15 @@ class YarrGenerator final : public YarrJITInfo {
         SimpleNestedAlternativeBegin,
         SimpleNestedAlternativeNext,
         SimpleNestedAlternativeEnd,
+        // Used for alternatives in subpatterns where there is a list of BOL anchored
+        // string alternatives. Such a string list doesn't need backtracking. If the
+        // pattern is also EOL anchored, e.g. /^(?:cat|dog|doggy)$/, the list of strings
+        // needs to be sorted such that all longer strings with a prefix prior in the
+        // list appear first. In the example, we'd sort the alternatives to something
+        // like: /^(?:cat|doggy|dog)$/. This elimnates the need to backktrack.
+        StringListAlternativeBegin,
+        StringListAlternativeNext,
+        StringListAlternativeEnd,
         // Used to wrap 'Once' subpattern matches (quantityMaxCount == 1).
         ParenthesesSubpatternOnceBegin,
         ParenthesesSubpatternOnceEnd,
@@ -1956,13 +1980,16 @@ class YarrGenerator final : public YarrJITInfo {
     }
 #endif
 
-    void generatePatternCharacterOnce(size_t opIndex)
+    void generatePatternCharacterOnce(size_t opIndex, MatchTargets& matchTargets)
     {
         YarrOp& op = m_ops[opIndex];
 
         if (op.m_isDeadCode)
             return;
-        
+
+        MatchTargets defaultMatchTargets(matchTargets.hasFailedTarget() ? matchTargets.matchFailed() : op.m_jumps, MatchTargets::PreferredTarget::MatchSuccessFallThrough);
+        MatchTargets lastMatchTargets(matchTargets.matchSucceeded(), matchTargets.hasFailedTarget() ? matchTargets.matchFailed() : op.m_jumps, matchTargets.preferredTarget());
+
         // m_ops always ends with a YarrOpCode::BodyAlternativeEnd or YarrOpCode::MatchFailed
         // node, so there must always be at least one more node.
         ASSERT(opIndex + 1 < m_ops.size());
@@ -1973,7 +2000,7 @@ class YarrGenerator final : public YarrJITInfo {
 
         if (!isLatin1(ch) && (m_charSize == CharSize::Char8)) {
             // Have a 16 bit pattern character and an 8 bit string - short circuit
-            op.m_jumps.append(m_jit.jump());
+            defaultMatchTargets.appendFailed(m_jit.jump());
             return;
         }
 
@@ -2028,7 +2055,7 @@ class YarrGenerator final : public YarrJITInfo {
 
             if (!isLatin1(currentCharacter) && (m_charSize == CharSize::Char8)) {
                 // Have a 16 bit pattern character and an 8 bit string - short circuit
-                op.m_jumps.append(m_jit.jump());
+                defaultMatchTargets.appendFailed(m_jit.jump());
                 return;
             }
 
@@ -2050,127 +2077,172 @@ class YarrGenerator final : public YarrJITInfo {
         }
 #endif
 
+        // Start with defaultMatchTargets and then prove that we are handling the last
+        // PatternCharacter fixed size 1 term in the list.
+        bool isLastCharOnce = false;
+        if (m_ops.size() < opIndex + numberCharacters + 1)
+            isLastCharOnce = true;
+        else {
+            YarrOp* followingOp = &m_ops[opIndex + numberCharacters];
+            if (followingOp->m_op != YarrOpCode::Term)
+                isLastCharOnce = true;
+            else if (followingOp->m_term->type == PatternTerm::Type::AssertionEOL
+                && m_ops.size() > opIndex + numberCharacters + 1
+                && m_ops[opIndex + numberCharacters + 1].m_op != YarrOpCode::Term)
+                isLastCharOnce = true;
+        }
+        MatchTargets* matchTargetForFinalComparison = isLastCharOnce ? &lastMatchTargets : &defaultMatchTargets;
+
         if (m_decodeSurrogatePairs)
-            op.m_jumps.append(jumpIfNoAvailableInput());
+            defaultMatchTargets.appendFailed(jumpIfNoAvailableInput());
 
         if (m_charSize == CharSize::Char8) {
-            auto check1 = [&] (Checked<unsigned> offset, char32_t characters) {
-                op.m_jumps.append(jumpIfCharNotEquals(characters, offset, character, term->ignoreCase()));
+            auto check1 = [&] (Checked<unsigned> offset, char32_t characters, MatchTargets& matchTargets) {
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(jumpIfCharNotEquals(characters, offset, character, term->ignoreCase()));
+                else
+                    matchTargets.appendSucceeded(jumpIfCharEquals(characters, offset, character, term->ignoreCase()));
             };
 
-            auto check2 = [&] (Checked<unsigned> offset, uint16_t characters, uint16_t mask) {
+            auto check2 = [&] (Checked<unsigned> offset, uint16_t characters, uint16_t mask, MatchTargets& matchTargets) {
                 m_jit.load16Unaligned(negativeOffsetIndexedAddress(offset, character), character);
                 if (mask)
                     m_jit.or32(MacroAssembler::Imm32(mask), character);
-                op.m_jumps.append(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                else
+                    matchTargets.appendSucceeded(m_jit.branch32(MacroAssembler::Equal, character, MacroAssembler::Imm32(characters | mask)));
             };
 
-            auto check4 = [&] (Checked<unsigned> offset, unsigned characters, unsigned mask) {
+            auto check4 = [&] (Checked<unsigned> offset, unsigned characters, unsigned mask, MatchTargets& matchTargets) {
                 if (mask) {
                     m_jit.load32WithUnalignedHalfWords(negativeOffsetIndexedAddress(offset, character), character);
                     if (mask)
                         m_jit.or32(MacroAssembler::Imm32(mask), character);
-                    op.m_jumps.append(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                    if (!matchTargets.hasSucceedTarget())
+                        defaultMatchTargets.appendFailed(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                    else
+                        matchTargets.appendSucceeded(m_jit.branch32(MacroAssembler::Equal, character, MacroAssembler::Imm32(characters | mask)));
                     return;
                 }
-                op.m_jumps.append(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::NotEqual, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::NotEqual, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
+                else
+                    matchTargets.appendSucceeded(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::Equal, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
             };
 
 #if CPU(X86_64) || CPU(ARM64) || CPU(RISCV64)
-            auto check8 = [&] (Checked<unsigned> offset, uint64_t characters, uint64_t mask) {
+            auto check8 = [&] (Checked<unsigned> offset, uint64_t characters, uint64_t mask, MatchTargets& matchTargets) {
                 m_jit.load64(negativeOffsetIndexedAddress(offset, character), character);
                 if (mask)
                     m_jit.or64(MacroAssembler::TrustedImm64(mask), character);
-                op.m_jumps.append(m_jit.branch64(MacroAssembler::NotEqual, character, MacroAssembler::TrustedImm64(characters | mask)));
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(m_jit.branch64(MacroAssembler::NotEqual, character, MacroAssembler::TrustedImm64(characters | mask)));
+                else
+                    matchTargets.appendSucceeded(m_jit.branch64(MacroAssembler::Equal, character, MacroAssembler::TrustedImm64(characters | mask)));
             };
 #endif
 
             switch (numberCharacters) {
             case 1:
                 // Use 32bit width of allCharacters since Yarr counts surrogate pairs as one character with unicode flag.
-                check1(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff);
+                check1(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, *matchTargetForFinalComparison);
                 return;
             case 2: {
-                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffff, ignoreCaseMask & 0xffff);
+                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffff, ignoreCaseMask & 0xffff, lastMatchTargets);
                 return;
             }
             case 3: {
-                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffff, ignoreCaseMask & 0xffff);
-                check1(op.m_checkedOffset - startTermPosition - 2, (allCharacters >> 16) & 0xff);
+                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffff, ignoreCaseMask & 0xffff, defaultMatchTargets);
+                check1(op.m_checkedOffset - startTermPosition - 2, (allCharacters >> 16) & 0xff, *matchTargetForFinalComparison);
                 return;
             }
             case 4: {
-                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
+                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, *matchTargetForFinalComparison);
                 return;
             }
 #if CPU(X86_64) || CPU(ARM64) || CPU(RISCV64)
             case 5: {
-                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
-                check1(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xff);
+                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, defaultMatchTargets);
+                check1(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xff, *matchTargetForFinalComparison);
                 return;
             }
             case 6: {
-                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
-                check2(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xffff, (ignoreCaseMask >> 32) & 0xffff);
+                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, defaultMatchTargets);
+                check2(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xffff, (ignoreCaseMask >> 32) & 0xffff, *matchTargetForFinalComparison);
                 return;
             }
             case 7: {
-                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
-                check2(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xffff, (ignoreCaseMask >> 32) & 0xffff);
-                check1(op.m_checkedOffset - startTermPosition - 6, (allCharacters >> 48) & 0xff);
+                check4(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, defaultMatchTargets);
+                check2(op.m_checkedOffset - startTermPosition - 4, (allCharacters >> 32) & 0xffff, (ignoreCaseMask >> 32) & 0xffff, defaultMatchTargets);
+                check1(op.m_checkedOffset - startTermPosition - 6, (allCharacters >> 48) & 0xff, *matchTargetForFinalComparison);
                 return;
             }
             case 8: {
-                check8(op.m_checkedOffset - startTermPosition, allCharacters, ignoreCaseMask);
+                check8(op.m_checkedOffset - startTermPosition, allCharacters, ignoreCaseMask, *matchTargetForFinalComparison);
                 return;
             }
 #endif
             }
         } else {
-            auto check1 = [&] (Checked<unsigned> offset, char32_t characters) {
-                op.m_jumps.append(jumpIfCharNotEquals(characters, offset, character, term->ignoreCase()));
+            auto check1 = [&] (Checked<unsigned> offset, char32_t characters, MatchTargets& matchTargets) {
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(jumpIfCharNotEquals(characters, offset, character, term->ignoreCase()));
+                else
+                    matchTargets.appendSucceeded(jumpIfCharEquals(characters, offset, character, term->ignoreCase()));
             };
 
-            auto check2 = [&] (Checked<unsigned> offset, unsigned characters, unsigned mask) {
+            auto check2 = [&] (Checked<unsigned> offset, unsigned characters, unsigned mask, MatchTargets& matchTargets) {
                 if (mask) {
                     m_jit.load32WithUnalignedHalfWords(negativeOffsetIndexedAddress(offset, character), character);
                     if (mask)
                         m_jit.or32(MacroAssembler::Imm32(mask), character);
-                    op.m_jumps.append(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                    if (!matchTargets.hasSucceedTarget())
+                        defaultMatchTargets.appendFailed(m_jit.branch32(MacroAssembler::NotEqual, character, MacroAssembler::Imm32(characters | mask)));
+                    else
+                        matchTargets.appendSucceeded(m_jit.branch32(MacroAssembler::Equal, character, MacroAssembler::Imm32(characters | mask)));
+
                     return;
                 }
-                op.m_jumps.append(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::NotEqual, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::NotEqual, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
+                else
+                    matchTargets.appendSucceeded(m_jit.branch32WithUnalignedHalfWords(MacroAssembler::Equal, negativeOffsetIndexedAddress(offset, character), MacroAssembler::TrustedImm32(characters)));
             };
 
 #if CPU(X86_64) || CPU(ARM64) || CPU(RISCV64)
-            auto check4 = [&] (Checked<unsigned> offset, uint64_t characters, uint64_t mask) {
+            auto check4 = [&] (Checked<unsigned> offset, uint64_t characters, uint64_t mask, MatchTargets& matchTargets) {
                 m_jit.load64(negativeOffsetIndexedAddress(offset, character), character);
                 if (mask)
                     m_jit.or64(MacroAssembler::TrustedImm64(mask), character);
-                op.m_jumps.append(m_jit.branch64(MacroAssembler::NotEqual, character, MacroAssembler::TrustedImm64(characters | mask)));
+                if (!matchTargets.hasSucceedTarget())
+                    defaultMatchTargets.appendFailed(m_jit.branch64(MacroAssembler::NotEqual, character, MacroAssembler::TrustedImm64(characters | mask)));
+                else
+                    matchTargets.appendSucceeded(m_jit.branch64(MacroAssembler::Equal, character, MacroAssembler::TrustedImm64(characters | mask)));
             };
 #endif
 
             switch (numberCharacters) {
             case 1:
                 // Use 32bit width of allCharacters since Yarr counts surrogate pairs as one character with unicode flag.
-                check1(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff);
+                check1(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, *matchTargetForFinalComparison);
                 return;
             case 2:
-                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
+                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, *matchTargetForFinalComparison);
                 return;
 #if CPU(X86_64) || CPU(ARM64) || CPU(RISCV64)
             case 3:
-                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff);
-                check1(op.m_checkedOffset - startTermPosition - 2, (allCharacters >> 32) & 0xffff);
+                check2(op.m_checkedOffset - startTermPosition, allCharacters & 0xffffffff, ignoreCaseMask & 0xffffffff, defaultMatchTargets);
+                check1(op.m_checkedOffset - startTermPosition - 2, (allCharacters >> 32) & 0xffff, *matchTargetForFinalComparison);
                 return;
             case 4:
-                check4(op.m_checkedOffset - startTermPosition, allCharacters, ignoreCaseMask);
+                check4(op.m_checkedOffset - startTermPosition, allCharacters, ignoreCaseMask, *matchTargetForFinalComparison);
                 return;
 #endif
             }
         }
     }
+
     void backtrackPatternCharacterOnce(size_t opIndex)
     {
         backtrackTermDefault(opIndex);
@@ -2666,7 +2738,7 @@ class YarrGenerator final : public YarrJITInfo {
     // Code generation/backtracking for simple terms
     // (pattern characters, character classes, and assertions).
     // These methods farm out work to the set of functions above.
-    void generateTerm(size_t opIndex)
+    void generateTerm(size_t opIndex, MatchTargets& matchTargets)
     {
         YarrOp& op = m_ops[opIndex];
         PatternTerm* term = op.m_term;
@@ -2676,7 +2748,7 @@ class YarrGenerator final : public YarrJITInfo {
             switch (term->quantityType) {
             case QuantifierType::FixedCount:
                 if (term->quantityMaxCount == 1)
-                    generatePatternCharacterOnce(opIndex);
+                    generatePatternCharacterOnce(opIndex, matchTargets);
                 else
                     generatePatternCharacterFixed(opIndex);
                 break;
@@ -2826,6 +2898,9 @@ class YarrGenerator final : public YarrJITInfo {
         // Forwards generate the matching code.
         ASSERT(m_ops.size());
         size_t opIndex = 0;
+        Vector<MatchTargets, 8> termMatchTargets;
+
+        termMatchTargets.append(MatchTargets());
 
         do {
             if (m_disassembler)
@@ -2835,7 +2910,7 @@ class YarrGenerator final : public YarrJITInfo {
             switch (op.m_op) {
 
             case YarrOpCode::Term:
-                generateTerm(opIndex);
+                generateTerm(opIndex, termMatchTargets.last());
                 break;
 
             // YarrOpCode::BodyAlternativeBegin/Next/End
@@ -2863,6 +2938,8 @@ class YarrGenerator final : public YarrJITInfo {
             case YarrOpCode::BodyAlternativeBegin: {
                 PatternAlternative* alternative = op.m_alternative;
 
+                termMatchTargets.append(MatchTargets());
+
                 // Upon entry at the head of the set of alternatives, check if input is available
                 // to run the first alternative. (This progresses the input position).
                 op.m_jumps.append(jumpIfNoAvailableInput(alternative->m_minimumSize));
@@ -2977,6 +3054,9 @@ class YarrGenerator final : public YarrJITInfo {
                 PatternAlternative* priorAlternative = m_ops[op.m_previousOp].m_alternative;
                 PatternAlternative* alternative = op.m_alternative;
 
+                if (op.m_op == YarrOpCode::BodyAlternativeEnd)
+                    termMatchTargets.takeLast();
+
                 // If we get here, the prior alternative matched - return success.
                 
                 // Adjust the stack pointer to remove the pattern's frame.
@@ -3031,6 +3111,7 @@ class YarrGenerator final : public YarrJITInfo {
             }
 
             // YarrOpCode::SimpleNestedAlternativeBegin/Next/End
+            // YarrOpCode::StringListAlternativeBegin/Next/End
             // YarrOpCode::NestedAlternativeBegin/Next/End
             //
             // These nodes are used to handle sets of alternatives that are nested within
@@ -3047,11 +3128,23 @@ class YarrGenerator final : public YarrJITInfo {
             // 'return address' using a DataLabelPtr, used to store the address to jump
             // to when backtracking, to get to the code for the appropriate alternative.
             case YarrOpCode::SimpleNestedAlternativeBegin:
+            case YarrOpCode::StringListAlternativeBegin:
             case YarrOpCode::NestedAlternativeBegin: {
                 PatternTerm* term = op.m_term;
                 PatternAlternative* alternative = op.m_alternative;
                 PatternDisjunction* disjunction = term->parentheses.disjunction;
 
+                if (op.m_op == YarrOpCode::StringListAlternativeBegin) {
+                    YarrOp* endOp = &m_ops[op.m_nextOp];
+                    while (endOp->m_nextOp != notFound) {
+                        ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeNext || endOp->m_op == YarrOpCode::StringListAlternativeNext || endOp->m_op == YarrOpCode::NestedAlternativeNext);
+                        endOp = &m_ops[endOp->m_nextOp];
+                    }
+                    ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeEnd || endOp->m_op == YarrOpCode::StringListAlternativeEnd || endOp->m_op == YarrOpCode::NestedAlternativeEnd);
+
+                    termMatchTargets.last() = alternative->m_isLastAlternative ? MatchTargets(MatchTargets::PreferredTarget::MatchSuccessFallThrough) : MatchTargets(endOp->m_jumps, op.m_jumps, MatchTargets::PreferredTarget::MatchFailFallThrough);
+                }
+
                 // Calculate how much input we need to check for, and if non-zero check.
                 op.m_checkAdjust = Checked<unsigned>(alternative->m_minimumSize);
                 if ((term->quantityType == QuantifierType::FixedCount) && (term->type != PatternTerm::Type::ParentheticalAssertion))
@@ -3061,11 +3154,22 @@ class YarrGenerator final : public YarrJITInfo {
                 break;
             }
             case YarrOpCode::SimpleNestedAlternativeNext:
+            case YarrOpCode::StringListAlternativeNext:
             case YarrOpCode::NestedAlternativeNext: {
                 PatternTerm* term = op.m_term;
                 PatternAlternative* alternative = op.m_alternative;
                 PatternDisjunction* disjunction = term->parentheses.disjunction;
 
+                YarrOp* endOp = &m_ops[op.m_nextOp];
+                while (endOp->m_nextOp != notFound) {
+                    ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeNext || endOp->m_op == YarrOpCode::StringListAlternativeNext || endOp->m_op == YarrOpCode::NestedAlternativeNext);
+                    endOp = &m_ops[endOp->m_nextOp];
+                }
+                ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeEnd || endOp->m_op == YarrOpCode::StringListAlternativeEnd || endOp->m_op == YarrOpCode::NestedAlternativeEnd);
+
+                if (op.m_op == YarrOpCode::StringListAlternativeNext)
+                    termMatchTargets.last() = alternative->m_isLastAlternative ? MatchTargets(MatchTargets::PreferredTarget::MatchSuccessFallThrough) : MatchTargets(endOp->m_jumps, op.m_jumps, MatchTargets::PreferredTarget::MatchFailFallThrough);
+
                 // In the non-simple case, store a 'return address' so we can backtrack correctly.
                 if (op.m_op == YarrOpCode::NestedAlternativeNext) {
                     unsigned parenthesesFrameLocation = term->frameLocation;
@@ -3078,21 +3182,17 @@ class YarrGenerator final : public YarrJITInfo {
                     op.m_zeroLengthMatch = m_jit.branch32(MacroAssembler::Equal, m_regs.index, MacroAssembler::Address(MacroAssembler::stackPointerRegister, term->frameLocation * sizeof(void*)));
                 }
 
-                // If we reach here then the last alternative has matched - jump to the
-                // End node, to skip over any further alternatives.
-                //
-                // FIXME: this is logically O(N^2) (though N can be expected to be very
-                // small). We could avoid this either by adding an extra jump to the JIT
-                // data structures, or by making backtracking code that jumps to Next
-                // alternatives are responsible for checking that input is available (if
-                // we didn't need to plant the input checks, then m_jumps would be free).
-                YarrOp* endOp = &m_ops[op.m_nextOp];
-                while (endOp->m_nextOp != notFound) {
-                    ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeNext || endOp->m_op == YarrOpCode::NestedAlternativeNext);
-                    endOp = &m_ops[endOp->m_nextOp];
+                if (op.m_op != YarrOpCode::StringListAlternativeNext) {
+                    // If we reach here then the last alternative has matched - jump to the
+                    // End node, to skip over any further alternatives.
+                    //
+                    // FIXME: this is logically O(N^2) (though N can be expected to be very
+                    // small). We could avoid this either by adding an extra jump to the JIT
+                    // data structures, or by making backtracking code that jumps to Next
+                    // alternatives are responsible for checking that input is available (if
+                    // we didn't need to plant the input checks, then m_jumps would be free).
+                    endOp->m_jumps.append(m_jit.jump());
                 }
-                ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeEnd || endOp->m_op == YarrOpCode::NestedAlternativeEnd);
-                endOp->m_jumps.append(m_jit.jump());
 
                 // This is the entry point for the next alternative.
                 op.m_reentry = m_jit.label();
@@ -3101,11 +3201,25 @@ class YarrGenerator final : public YarrJITInfo {
                 op.m_checkAdjust = alternative->m_minimumSize;
                 if ((term->quantityType == QuantifierType::FixedCount) && (term->type != PatternTerm::Type::ParentheticalAssertion))
                     op.m_checkAdjust -= disjunction->m_minimumSize;
-                if (op.m_checkAdjust)
+                if (op.m_op == YarrOpCode::StringListAlternativeNext) {
+                    YarrOp* prevOp = &m_ops[op.m_previousOp];
+
+                    prevOp->m_jumps.link(&m_jit);
+                    prevOp->m_jumps.clear();
+                    op.m_jumps.link(&m_jit);
+                    op.m_jumps.clear();
+                    auto lastCheckAdjust = prevOp->m_checkAdjust;
+                    if (lastCheckAdjust > op.m_checkAdjust)
+                        m_jit.sub32(MacroAssembler::Imm32(lastCheckAdjust - op.m_checkAdjust), m_regs.index);
+                    else if (op.m_checkAdjust > lastCheckAdjust)
+                        m_jit.add32(MacroAssembler::Imm32(op.m_checkAdjust - lastCheckAdjust), m_regs.index);
+                    op.m_jumps.append(jumpIfNoAvailableInput());
+                } else if (op.m_checkAdjust)
                     op.m_jumps.append(jumpIfNoAvailableInput(op.m_checkAdjust));
                 break;
             }
             case YarrOpCode::SimpleNestedAlternativeEnd:
+            case YarrOpCode::StringListAlternativeEnd:
             case YarrOpCode::NestedAlternativeEnd: {
                 PatternTerm* term = op.m_term;
 
@@ -3135,6 +3249,9 @@ class YarrGenerator final : public YarrJITInfo {
             // quantity count of 1 (this covers fixed once, and ?/?? quantifiers). 
             case YarrOpCode::ParenthesesSubpatternOnceBegin: {
                 PatternTerm* term = op.m_term;
+
+                termMatchTargets.append(MatchTargets());
+
                 unsigned parenthesesFrameLocation = term->frameLocation;
                 const MacroAssembler::RegisterID indexTemporary = m_regs.regT0;
                 ASSERT(term->quantityMaxCount == 1);
@@ -3185,6 +3302,8 @@ class YarrGenerator final : public YarrJITInfo {
                 const MacroAssembler::RegisterID indexTemporary = m_regs.regT0;
                 ASSERT(term->quantityMaxCount == 1);
 
+                termMatchTargets.takeLast();
+
                 // If the nested alternative matched without consuming any characters, punt this back to the interpreter.
                 // FIXME: <https://bugs.webkit.org/show_bug.cgi?id=200786> Add ability for the YARR JIT to properly
                 // handle nested expressions that can match without consuming characters
@@ -3226,9 +3345,13 @@ class YarrGenerator final : public YarrJITInfo {
             // YarrOpCode::ParenthesesSubpatternTerminalBegin/End
             case YarrOpCode::ParenthesesSubpatternTerminalBegin: {
                 PatternTerm* term = op.m_term;
-                ASSERT(term->quantityType == QuantifierType::Greedy);
-                ASSERT(term->quantityMaxCount == quantifyInfinite);
                 ASSERT(!term->capture());
+                if (term->quantityType == QuantifierType::Greedy)
+                    ASSERT(term->quantityMaxCount == quantifyInfinite);
+                if (term->quantityType == QuantifierType::FixedCount)
+                    ASSERT(term->quantityMaxCount == 1);
+
+                termMatchTargets.append(MatchTargets());
 
                 // Upon entry set a label to loop back to.
                 op.m_reentry = m_jit.label();
@@ -3242,6 +3365,8 @@ class YarrGenerator final : public YarrJITInfo {
                 YarrOp& beginOp = m_ops[op.m_previousOp];
                 PatternTerm* term = op.m_term;
 
+                termMatchTargets.takeLast();
+
                 // If the nested alternative matched without consuming any characters, punt this back to the interpreter.
                 // FIXME: <https://bugs.webkit.org/show_bug.cgi?id=200786> Add ability for the YARR JIT to properly
                 // handle nested expressions that can match without consuming characters
@@ -3262,6 +3387,8 @@ class YarrGenerator final : public YarrJITInfo {
             //
             // These nodes support generic subpatterns.
             case YarrOpCode::ParenthesesSubpatternBegin: {
+                termMatchTargets.append(MatchTargets());
+
 #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS)
                 PatternTerm* term = op.m_term;
                 unsigned parenthesesFrameLocation = term->frameLocation;
@@ -3324,6 +3451,8 @@ class YarrGenerator final : public YarrJITInfo {
                 break;
             }
             case YarrOpCode::ParenthesesSubpatternEnd: {
+                termMatchTargets.takeLast();
+
 #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS)
                 PatternTerm* term = op.m_term;
                 unsigned parenthesesFrameLocation = term->frameLocation;
@@ -3388,6 +3517,8 @@ class YarrGenerator final : public YarrJITInfo {
             case YarrOpCode::ParentheticalAssertionBegin: {
                 PatternTerm* term = op.m_term;
 
+                termMatchTargets.append(MatchTargets());
+
                 // Store the current index - assertions should not update index, so
                 // we will need to restore it upon a successful match.
                 unsigned parenthesesFrameLocation = term->frameLocation;
@@ -3400,6 +3531,8 @@ class YarrGenerator final : public YarrJITInfo {
             case YarrOpCode::ParentheticalAssertionEnd: {
                 PatternTerm* term = op.m_term;
 
+                termMatchTargets.takeLast();
+
                 // Restore the input index value.
                 unsigned parenthesesFrameLocation = term->frameLocation;
                 loadFromFrame(parenthesesFrameLocation + BackTrackInfoParentheticalAssertion::beginIndex(), m_regs.index);
@@ -3426,6 +3559,8 @@ class YarrGenerator final : public YarrJITInfo {
 
             ++opIndex;
         } while (opIndex < m_ops.size());
+
+        termMatchTargets.takeLast();
     }
 
     void backtrack()
@@ -3694,6 +3829,7 @@ class YarrGenerator final : public YarrJITInfo {
             }
 
             // YarrOpCode::SimpleNestedAlternativeBegin/Next/End
+            // YarrOpCode::StringListAlternativeBegin/Next/End
             // YarrOpCode::NestedAlternativeBegin/Next/End
             //
             // Generate code for when we backtrack back out of an alternative into
@@ -3706,13 +3842,15 @@ class YarrGenerator final : public YarrJITInfo {
             // alternative.
             case YarrOpCode::SimpleNestedAlternativeBegin:
             case YarrOpCode::SimpleNestedAlternativeNext:
+            case YarrOpCode::StringListAlternativeBegin:
+            case YarrOpCode::StringListAlternativeNext:
             case YarrOpCode::NestedAlternativeBegin:
             case YarrOpCode::NestedAlternativeNext: {
                 YarrOp& nextOp = m_ops[op.m_nextOp];
                 bool isBegin = op.m_previousOp == notFound;
                 bool isLastAlternative = nextOp.m_nextOp == notFound;
-                ASSERT(isBegin == (op.m_op == YarrOpCode::SimpleNestedAlternativeBegin || op.m_op == YarrOpCode::NestedAlternativeBegin));
-                ASSERT(isLastAlternative == (nextOp.m_op == YarrOpCode::SimpleNestedAlternativeEnd || nextOp.m_op == YarrOpCode::NestedAlternativeEnd));
+                ASSERT(isBegin == (op.m_op == YarrOpCode::SimpleNestedAlternativeBegin || op.m_op == YarrOpCode::StringListAlternativeBegin || op.m_op == YarrOpCode::NestedAlternativeBegin));
+                ASSERT(isLastAlternative == (nextOp.m_op == YarrOpCode::SimpleNestedAlternativeEnd || nextOp.m_op == YarrOpCode::StringListAlternativeEnd || nextOp.m_op == YarrOpCode::NestedAlternativeEnd));
 
                 // Treat an input check failure the same as a failed match.
                 m_backtrackingState.append(op.m_jumps);
@@ -3738,18 +3876,20 @@ class YarrGenerator final : public YarrJITInfo {
                 // backtracking to here, correct, and then jump on. If not we can
                 // link the backtracks directly to their destination.
                 if (op.m_checkAdjust) {
-                    // Handle the cases where we need to link the backtracks here.
-                    m_backtrackingState.link(&m_jit);
-                    m_jit.sub32(MacroAssembler::Imm32(op.m_checkAdjust), m_regs.index);
-                    if (!isLastAlternative) {
-                        // An alternative that is not the last should jump to its successor.
-                        m_jit.jump(nextOp.m_reentry);
-                    } else if (!isBegin) {
-                        // The last of more than one alternatives must jump back to the beginning.
-                        nextOp.m_jumps.append(m_jit.jump());
-                    } else {
-                        // A single alternative on its own can fall through.
-                        m_backtrackingState.fallthrough();
+                    if (!m_backtrackingState.isEmpty()) {
+                        // Handle the cases where we need to link the backtracks here.
+                        m_backtrackingState.link(&m_jit);
+                        m_jit.sub32(MacroAssembler::Imm32(op.m_checkAdjust), m_regs.index);
+                        if (!isLastAlternative) {
+                            // An alternative that is not the last should jump to its successor.
+                            m_jit.jump(nextOp.m_reentry);
+                        } else if (!isBegin) {
+                            // The last of more than one alternatives must jump back to the beginning.
+                            nextOp.m_jumps.append(m_jit.jump());
+                        } else {
+                            // A single alternative on its own can fall through.
+                            m_backtrackingState.fallthrough();
+                        }
                     }
                 } else {
                     // Handle the cases where we can link the backtracks directly to their destinations.
@@ -3781,15 +3921,16 @@ class YarrGenerator final : public YarrJITInfo {
                 if (isBegin) {
                     YarrOp* endOp = &m_ops[op.m_nextOp];
                     while (endOp->m_nextOp != notFound) {
-                        ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeNext || endOp->m_op == YarrOpCode::NestedAlternativeNext);
+                        ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeNext || endOp->m_op == YarrOpCode::StringListAlternativeNext || endOp->m_op == YarrOpCode::NestedAlternativeNext);
                         endOp = &m_ops[endOp->m_nextOp];
                     }
-                    ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeEnd || endOp->m_op == YarrOpCode::NestedAlternativeEnd);
+                    ASSERT(endOp->m_op == YarrOpCode::SimpleNestedAlternativeEnd || endOp->m_op == YarrOpCode::StringListAlternativeEnd || endOp->m_op == YarrOpCode::NestedAlternativeEnd);
                     m_backtrackingState.append(endOp->m_jumps);
                 }
                 break;
             }
             case YarrOpCode::SimpleNestedAlternativeEnd:
+            case YarrOpCode::StringListAlternativeEnd:
             case YarrOpCode::NestedAlternativeEnd: {
                 PatternTerm* term = op.m_term;
 
@@ -4139,8 +4280,13 @@ class YarrGenerator final : public YarrJITInfo {
             parenthesesBeginOpCode = YarrOpCode::ParenthesesSubpatternOnceBegin;
             parenthesesEndOpCode = YarrOpCode::ParenthesesSubpatternOnceEnd;
 
-            // If there is more than one alternative we cannot use the 'simple' nodes.
-            if (term->parentheses.disjunction->m_alternatives.size() != 1) {
+            if (term->parentheses.isStringList) {
+                // This is an anchored non-capturing string list parenthesis that can't backtrack, we use the 'string list' nodes.
+                alternativeBeginOpCode = YarrOpCode::StringListAlternativeBegin;
+                alternativeNextOpCode = YarrOpCode::StringListAlternativeNext;
+                alternativeEndOpCode = YarrOpCode::StringListAlternativeEnd;
+            } else if (term->parentheses.disjunction->m_alternatives.size() != 1) {
+                // Otherwise, check if there is more than one alternative. If so, we cannot use the 'simple' nodes.
                 alternativeBeginOpCode = YarrOpCode::NestedAlternativeBegin;
                 alternativeNextOpCode = YarrOpCode::NestedAlternativeNext;
                 alternativeEndOpCode = YarrOpCode::NestedAlternativeEnd;
@@ -5035,7 +5181,8 @@ class YarrGenerator final : public YarrJITInfo {
         }
 
         if (m_disassembler) {
-            m_jit.addLateLinkTask([=, this] (LinkBuffer& linkBuffer) {
+            // Disassemble after all link tasks are complete.
+            m_jit.addLinkTask([=, this] (LinkBuffer& linkBuffer) {
                 m_disassembler->dump(linkBuffer);
             });
         }
@@ -5284,6 +5431,10 @@ class YarrGenerator final : public YarrJITInfo {
             out.printf("SimpleNestedAlternativeBegin minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
             return 1;
 
+        case YarrOpCode::StringListAlternativeBegin:
+            out.printf("StringListAlternativeBegin minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
+            return 1;
+
         case YarrOpCode::NestedAlternativeBegin:
             out.printf("NestedAlternativeBegin minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
             return 1;
@@ -5292,6 +5443,10 @@ class YarrGenerator final : public YarrJITInfo {
             out.printf("SimpleNestedAlternativeNext minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
             return 0;
 
+        case YarrOpCode::StringListAlternativeNext:
+            out.printf("StringListAlternativeNext minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
+            return 0;
+
         case YarrOpCode::NestedAlternativeNext:
             out.printf("NestedAlternativeNext minimum-size:(%u),checked-offset:(%u)\n", op.m_alternative->m_minimumSize, op.m_checkedOffset.value());
             return 0;
@@ -5302,6 +5457,12 @@ class YarrGenerator final : public YarrJITInfo {
             out.print("\n");
             return -1;
 
+        case YarrOpCode::StringListAlternativeEnd:
+            out.printf("StringListAlternativeEnd checked-offset:(%u) ", op.m_checkedOffset.value());
+            term->dumpQuantifier(out);
+            out.print("\n");
+            return -1;
+
         case YarrOpCode::NestedAlternativeEnd:
             out.printf("NestedAlternativeEnd checked-offset:(%u) ", op.m_checkedOffset.value());
             term->dumpQuantifier(out);
diff --git a/Source/JavaScriptCore/yarr/YarrPattern.cpp b/Source/JavaScriptCore/yarr/YarrPattern.cpp
index 5a8a710907fd4..e3915ed6de0fe 100644
--- a/Source/JavaScriptCore/yarr/YarrPattern.cpp
+++ b/Source/JavaScriptCore/yarr/YarrPattern.cpp
@@ -1417,8 +1417,9 @@ class YarrPatternConstructor {
 
         PatternTerm& lastTerm = m_alternative->lastTerm();
 
-        unsigned numParenAlternatives = parenthesesDisjunction->m_alternatives.size();
         unsigned numBOLAnchoredAlts = 0;
+        unsigned numParenAlternatives = parenthesesDisjunction->m_alternatives.size();
+        ASSERT(numParenAlternatives);
 
         for (unsigned i = 0; i < numParenAlternatives; i++) {
             // Bubble up BOL flags
@@ -1426,6 +1427,8 @@ class YarrPatternConstructor {
                 numBOLAnchoredAlts++;
         }
 
+        parenthesesDisjunction->m_alternatives.last()->m_isLastAlternative = true;
+
         if (numBOLAnchoredAlts) {
             m_alternative->m_containsBOL = true;
             // If all the alternatives in parens start with BOL, then so does this one
@@ -1857,6 +1860,12 @@ class YarrPatternConstructor {
     //     alternatives of the main body disjunction).
     //   * where the parens are non-capturing, and quantified unbounded greedy (*).
     //   * where the parens do not contain any capturing subpatterns.
+    //   * Where the parens contains a BOL anchored non-captured subpattern with a single
+    //     alternative of fixed strings, e.g. /^(?:foo|bar|baz).
+    //     In such a case we can simplify matching a little more by stopping at the first
+    //     matched string alternative, without jumping to backtracking doe to fixup offests.
+    //     Instead we fixup the offsets, if needed, at the top of the next alternative's
+    //     matching JIT code.
     void checkForTerminalParentheses()
     {
         // This check is much too crude; should be just checking whether the candidate
@@ -1865,8 +1874,49 @@ class YarrPatternConstructor {
             return;
 
         Vector<std::unique_ptr<PatternAlternative>>& alternatives = m_pattern.m_body->m_alternatives;
-        for (size_t i = 0; i < alternatives.size(); ++i) {
-            Vector<PatternTerm>& terms = alternatives[i]->m_terms;
+        alternatives.last()->m_isLastAlternative = true;
+
+        if (alternatives.size() == 1 && alternatives[0]->m_startsWithBOL) {
+            Vector<PatternTerm>& terms = alternatives[0]->m_terms;
+
+            bool isStringList = false;
+
+            if (terms.size() >= 2
+                && terms[0].type == PatternTerm::Type::AssertionBOL
+                && terms[1].type == PatternTerm::Type::ParenthesesSubpattern
+                && terms[1].quantityType == QuantifierType::FixedCount
+                && terms[1].quantityMaxCount == 1
+                && (terms.size() == 2
+                    || (terms.size() == 3 && terms[2].type == PatternTerm::Type::AssertionEOL))) {
+                // We start assuming this is a string list and then prove the negative.
+                isStringList = true;
+
+                PatternTerm& term = terms[1];
+
+                PatternDisjunction* nestedDisjunction = term.parentheses.disjunction;
+                for (unsigned alt = 0; isStringList && alt < nestedDisjunction->m_alternatives.size(); ++alt) {
+                    Vector<PatternTerm>& innerTerms = nestedDisjunction->m_alternatives[alt]->m_terms;
+
+                    for (size_t termIndex = 0; termIndex < innerTerms.size(); ++termIndex) {
+                        PatternTerm& innerTerm = innerTerms[termIndex];
+                        if (innerTerm.type != PatternTerm::Type::PatternCharacter
+                            || innerTerm.quantityType != QuantifierType::FixedCount
+                            || innerTerm.quantityMaxCount != 1) {
+                            isStringList = false;
+                            break;
+                        }
+                    }
+                }
+
+                term.parentheses.isStringList = isStringList;
+            }
+
+            if (isStringList)
+                return;
+        }
+
+        for (auto& alternative : alternatives) {
+            auto& terms = alternative->m_terms;
             if (terms.size()) {
                 PatternTerm& term = terms.last();
                 if (term.type == PatternTerm::Type::ParenthesesSubpattern
@@ -2440,6 +2490,8 @@ void PatternAlternative::dump(PrintStream& out, YarrPattern* thisPattern, unsign
         out.print(",starts with ^");
     if (m_containsBOL)
         out.print(",contains ^");
+    if (m_isLastAlternative)
+        out.print(", last alternative");
     out.print("\n");
 
     for (size_t i = 0; i < m_terms.size(); ++i)
@@ -2563,6 +2615,9 @@ void PatternTerm::dump(PrintStream& out, YarrPattern* thisPattern, unsigned nest
         if (parentheses.isTerminal)
             out.print(",terminal");
 
+        if (parentheses.isStringList)
+            out.print(",string-list");
+
         out.println(",frame location ", frameLocation);
 
         if (parentheses.disjunction->m_alternatives.size() > 1) {
diff --git a/Source/JavaScriptCore/yarr/YarrPattern.h b/Source/JavaScriptCore/yarr/YarrPattern.h
index 8080fe7840857..1ba02b6218ff2 100644
--- a/Source/JavaScriptCore/yarr/YarrPattern.h
+++ b/Source/JavaScriptCore/yarr/YarrPattern.h
@@ -234,6 +234,7 @@ struct PatternTerm {
             unsigned lastSubpatternId;
             bool isCopy : 1;
             bool isTerminal : 1;
+            bool isStringList : 1;
         } parentheses;
         struct {
             bool bolAnchor : 1;
@@ -278,6 +279,7 @@ struct PatternTerm {
         parentheses.subpatternId = subpatternId;
         parentheses.isCopy = false;
         parentheses.isTerminal = false;
+        parentheses.isStringList = false;
         quantityType = QuantifierType::FixedCount;
         quantityMinCount = quantityMaxCount = 1;
     }
@@ -426,6 +428,7 @@ struct PatternAlternative {
         , m_hasFixedSize(false)
         , m_startsWithBOL(false)
         , m_containsBOL(false)
+        , m_isLastAlternative(false)
     {
     }
 
@@ -491,6 +494,7 @@ struct PatternAlternative {
     bool m_hasFixedSize : 1;
     bool m_startsWithBOL : 1;
     bool m_containsBOL : 1;
+    bool m_isLastAlternative : 1;
 };
 
 struct PatternDisjunction {

From 2f9c119b986a52177fb403226f4175d9e3e2e7c5 Mon Sep 17 00:00:00 2001
From: Abrar Rahman Protyasha <a_protyasha@apple.com>
Date: Mon, 24 Feb 2025 14:36:17 -0800
Subject: [PATCH 162/174] NEW-TEST(290390@main): [ iOS ]
 TestWebKitAPI.UnifiedPDF.SelectionClearsOnAnchorLinkTap(api-test) is a
 constant crash https://bugs.webkit.org/show_bug.cgi?id=288400
 rdar://145503896

Reviewed by Wenson Hsieh.

This test is crashing like this:

```
CRASH:
 TestWebKitAPI.UnifiedPDF.SelectionClearsOnAnchorLinkTap
        SHOULD NEVER BE REACHED
        /Volumes/Data/worker/Apple-iOS-18-Simulator-Debug-Build/build/Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm(137) : WebCore::MouseEventPolicy WebKit::coreMouseEventPolicy(_WKWebsiteMouseEventPolicy)
        1   0x14c30e084 WebKit::coreMouseEventPolicy(unsigned long)
        2   0x14c30dff4 -[WKWebpagePreferences _setMouseEventPolicy:]
        3   0x101d13628 TestWebKitAPI::UnifiedPDF_SelectionClearsOnAnchorLinkTap_Test::TestBody()
```

The crash happens in open source iOS configurations because we are not
able to handle _WKWebsiteMouseEventPolicySynthesizeTouchEvents, since
ENABLE_IOS_TOUCH_EVENTS==0 in these configurations.

As such, let us gate this test behind ENABLE(IOS_TOUCH_EVENTS).

* Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm:

Canonical link: https://commits.webkit.org/290983@main
---
 Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
index e9060a0c786a9..3188ee0f7814c 100644
--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
@@ -521,6 +521,7 @@ void pressKey(auto key, unsigned short code, Seconds duration = 200_ms)
     TestWebKitAPI::Util::run(&done);
 }
 
+#if ENABLE(IOS_TOUCH_EVENTS)
 UNIFIED_PDF_TEST(SelectionClearsOnAnchorLinkTap)
 {
     RetainPtr webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configurationForWebViewTestingUnifiedPDF().get()]);
@@ -542,6 +543,7 @@ void pressKey(auto key, unsigned short code, Seconds duration = 200_ms)
     [webView waitForNextPresentationUpdate];
     EXPECT_WK_STREQ("", [contentView selectedText]);
 }
+#endif
 
 #endif
 

From 85281022afdc07897f5b4596431939356a36d3dd Mon Sep 17 00:00:00 2001
From: Karl Rackler <rackler@apple.com>
Date: Mon, 24 Feb 2025 14:37:33 -0800
Subject: [PATCH 163/174] [Gardening]:
 http/tests/pdf/linearized-pdf-in-iframe.html is crashing at
 WTF::Lock::assertIsOwner() under
 PDFPluginBase::streamedBytesForDebugLogging()
 https://bugs.webkit.org/show_bug.cgi?id=287012 rdar://144058653

Unreviewed test gardening.

Add test expectation.

* LayoutTests/platform/mac-wk2/TestExpectations:

Canonical link: https://commits.webkit.org/290984@main
---
 LayoutTests/platform/mac-wk2/TestExpectations | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations
index b161cd4383035..9efd58cb995fc 100644
--- a/LayoutTests/platform/mac-wk2/TestExpectations
+++ b/LayoutTests/platform/mac-wk2/TestExpectations
@@ -1965,3 +1965,5 @@ webkit.org/b/288119 imported/w3c/web-platform-tests/preload/preload-type-match.h
 webkit.org/b/288120 [ Sonoma+ Release ] fast/animation/request-animation-frame-throttling-lowPowerMode.html [ Pass Failure ]
 
 webkit.org/b/288404 [ Sonoma+ Release ] fast/text/canvas-color-fonts/stroke-gradient-COLR.html [ Pass ImageOnlyFailure ]
+
+webkit.org/b/287012 [ Sonoma+ Debug ] http/tests/pdf/linearized-pdf-in-iframe.html [ Pass Crash ]

From ebd6a49978b37580be6b6915b924bf76b89ee365 Mon Sep 17 00:00:00 2001
From: Chris Dumez <cdumez@apple.com>
Date: Mon, 24 Feb 2025 14:39:46 -0800
Subject: [PATCH 164/174] Address Safer CPP failures in Vector.h
 https://bugs.webkit.org/show_bug.cgi?id=288373

Reviewed by Ryosuke Niwa.

* Source/WTF/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations:
* Source/WTF/wtf/AlignedStorage.h:
* Source/WTF/wtf/Vector.h:

Canonical link: https://commits.webkit.org/290985@main
---
 .../MemoryUnsafeCastCheckerExpectations             |  1 -
 Source/WTF/wtf/AlignedStorage.h                     |  4 ++--
 Source/WTF/wtf/Vector.h                             | 13 +++++--------
 3 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/Source/WTF/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations b/Source/WTF/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
index 8751c0164bc56..b722be6857661 100644
--- a/Source/WTF/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
+++ b/Source/WTF/SaferCPPExpectations/MemoryUnsafeCastCheckerExpectations
@@ -1,6 +1,5 @@
 wtf/Ref.h
 wtf/RefPtr.h
 wtf/ThreadSpecific.h
-wtf/Vector.h
 wtf/text/AtomStringImpl.cpp
 wtf/text/SymbolRegistry.cpp
diff --git a/Source/WTF/wtf/AlignedStorage.h b/Source/WTF/wtf/AlignedStorage.h
index d097809bf7650..538d148cb110c 100644
--- a/Source/WTF/wtf/AlignedStorage.h
+++ b/Source/WTF/wtf/AlignedStorage.h
@@ -30,7 +30,7 @@
 
 namespace WTF {
 
-template<typename T>
+template<typename T, size_t alignment = std::alignment_of_v<T>>
 class AlignedStorage {
 public:
     AlignedStorage() = default;
@@ -48,7 +48,7 @@ class AlignedStorage {
     const T* operator->() const { return get(); }
 
 private:
-    struct alignas(T) Storage {
+    struct alignas(alignment) Storage {
         std::byte data[sizeof(T)];
     } m_storage;
 };
diff --git a/Source/WTF/wtf/Vector.h b/Source/WTF/wtf/Vector.h
index 6303984d527a3..964f82a48f8f4 100644
--- a/Source/WTF/wtf/Vector.h
+++ b/Source/WTF/wtf/Vector.h
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <type_traits>
 #include <utility>
+#include <wtf/AlignedStorage.h>
 #include <wtf/CheckedArithmetic.h>
 #include <wtf/FailureAction.h>
 #include <wtf/FastMalloc.h>
@@ -669,21 +670,17 @@ class VectorBuffer : private VectorBufferBase<T, Malloc> {
         VectorTypeOperations<T>::move(right + swapBound, right + rightSize, left + swapBound);
     }
 
-    T* inlineBuffer() LIFETIME_BOUND { return reinterpret_cast_ptr<T*>(m_inlineBuffer); }
-    const T* inlineBuffer() const LIFETIME_BOUND { return reinterpret_cast_ptr<const T*>(m_inlineBuffer); }
+    T* inlineBuffer() LIFETIME_BOUND { SUPPRESS_MEMORY_UNSAFE_CAST return reinterpret_cast_ptr<T*>(m_inlineBuffer); }
+    const T* inlineBuffer() const LIFETIME_BOUND { SUPPRESS_MEMORY_UNSAFE_CAST return reinterpret_cast_ptr<const T*>(m_inlineBuffer); }
 
 #if ASAN_ENABLED
     // ASan needs the buffer to begin and end on 8-byte boundaries for annotations to work.
     // FIXME: Add a redzone before the buffer to catch off by one accesses. We don't need a guard after, because the buffer is the last member variable.
     static constexpr size_t asanInlineBufferAlignment = std::alignment_of<T>::value >= 8 ? std::alignment_of<T>::value : 8;
     static constexpr size_t asanAdjustedInlineCapacity = ((sizeof(T) * inlineCapacity + 7) & ~7) / sizeof(T);
-    ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-    typename std::aligned_storage<sizeof(T), asanInlineBufferAlignment>::type m_inlineBuffer[asanAdjustedInlineCapacity];
-    ALLOW_DEPRECATED_DECLARATIONS_END
+    AlignedStorage<T, asanInlineBufferAlignment> m_inlineBuffer[asanAdjustedInlineCapacity];
 #else
-    ALLOW_DEPRECATED_DECLARATIONS_BEGIN
-    typename std::aligned_storage<sizeof(T), std::alignment_of<T>::value>::type m_inlineBuffer[inlineCapacity];
-    ALLOW_DEPRECATED_DECLARATIONS_END
+    AlignedStorage<T> m_inlineBuffer[inlineCapacity];
 #endif
 };
 

From 2c7c77fce750f3219472b8528f8ff42b97ab7152 Mon Sep 17 00:00:00 2001
From: Ben Schwartz <ben_schwartz@apple.com>
Date: Mon, 24 Feb 2025 14:42:04 -0800
Subject: [PATCH 165/174] [Gardening] REGRESSION (289309@main): [wk1]
 fast/harness/internals-object-property-access-on-window-without-frame-crash.html
 causing multiple tests to fail under
 imported/w3c/web-platform-tests/css/css-grid/grid-items/*.
 https://bugs.webkit.org/show_bug.cgi?id=288378 rdar://145488787

Unreviewed test gardening.

Skipping a test that's causing subsequent failures on WK1 on both post-commit
and EWS.

* LayoutTests/platform/mac-wk1/TestExpectations:

Canonical link: https://commits.webkit.org/290986@main
---
 LayoutTests/platform/mac-wk1/TestExpectations | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LayoutTests/platform/mac-wk1/TestExpectations b/LayoutTests/platform/mac-wk1/TestExpectations
index 105017f3779fc..c8d87ab8bb939 100644
--- a/LayoutTests/platform/mac-wk1/TestExpectations
+++ b/LayoutTests/platform/mac-wk1/TestExpectations
@@ -3025,3 +3025,5 @@ webkit.org/b/287973 imported/w3c/web-platform-tests/css/css-grid/grid-definition
 webkit.org/b/215773 http/tests/websocket/tests/hybi/client-close-2.html [ Pass Failure ]
 
 webkit.org/b/287976 imported/w3c/web-platform-tests/css/css-box/margin-trim/computed-margin-values/block-container-block-start-self-collapsing-nested.html [ Pass Failure ]
+
+webkit.org/b/288378 fast/harness/internals-object-property-access-on-window-without-frame-crash.html [ Skip ]

From ece55a8a531f1bd4ec8fca77a10dc8ac973b2d6f Mon Sep 17 00:00:00 2001
From: Yasmin Karimi <y_karimi@apple.com>
Date: Mon, 24 Feb 2025 15:01:03 -0800
Subject: [PATCH 166/174] [Gardening] REGRESSION(288612@main - 288617@main): [
 Sequoia wk2 x86_64 ]
 imported/w3c/web-platform-tests/webrtc/simulcast/getStats.https.html is a
 constant failure. https://bugs.webkit.org/show_bug.cgi?id=288411
 rdar://145509592

Unreviewed test gardening.

Added a test expectation for a constantly failing test.

* LayoutTests/platform/mac-wk2/TestExpectations:

Canonical link: https://commits.webkit.org/290987@main
---
 LayoutTests/platform/mac-wk2/TestExpectations | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations
index 9efd58cb995fc..884107a3f69ec 100644
--- a/LayoutTests/platform/mac-wk2/TestExpectations
+++ b/LayoutTests/platform/mac-wk2/TestExpectations
@@ -1967,3 +1967,5 @@ webkit.org/b/288120 [ Sonoma+ Release ] fast/animation/request-animation-frame-t
 webkit.org/b/288404 [ Sonoma+ Release ] fast/text/canvas-color-fonts/stroke-gradient-COLR.html [ Pass ImageOnlyFailure ]
 
 webkit.org/b/287012 [ Sonoma+ Debug ] http/tests/pdf/linearized-pdf-in-iframe.html [ Pass Crash ]
+
+webkit.org/b/288411 [ Sequoia x86_64 ] imported/w3c/web-platform-tests/webrtc/simulcast/getStats.https.html [ Failure ]

From 1ff9501e4411edc4be61cbe88d1981d57a6cae46 Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Mon, 24 Feb 2025 15:10:30 -0800
Subject: [PATCH 167/174] =?UTF-8?q?[Site=20Isolation]=20Can=E2=80=99t=20go?=
 =?UTF-8?q?=20back=20after=20navigating=20a=20same-site=20iframe=20into=20?=
 =?UTF-8?q?a=20new=20process=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
 =?UTF-8?q?=3D288393=20rdar://138924071?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed by Alex Christensen.

The condition in WebPageProxy::continueNavigationInNewProcess was incorrect; it should be true only for
the first load of a child frame but could have been true when a same-site iframe was navigated
cross-site.

* LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back-expected.txt: Added.
* LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back.html: Added.
* LayoutTests/http/tests/site-isolation/history/resources/go-back.html: Added.
* Source/WebKit/Shared/NavigationActionData.h:
* Source/WebKit/Shared/NavigationActionData.serialization.in:
* Source/WebKit/UIProcess/API/APINavigation.h:
(API::Navigation::isInitialFrameSrcLoad const):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::continueNavigationInNewProcess):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::createWindow):
* Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::navigationActionData const):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::didSameDocumentNavigationForFrameViaJS):
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):

Canonical link: https://commits.webkit.org/290988@main
---
 ...me-into-new-process-and-go-back-expected.txt |  9 +++++++++
 ...ite-iframe-into-new-process-and-go-back.html | 17 +++++++++++++++++
 .../history/resources/go-back.html              |  2 ++
 Source/WebKit/Shared/NavigationActionData.h     |  1 +
 .../NavigationActionData.serialization.in       |  1 +
 Source/WebKit/UIProcess/API/APINavigation.h     |  1 +
 Source/WebKit/UIProcess/WebPageProxy.cpp        |  4 +---
 .../WebCoreSupport/WebChromeClient.cpp          |  1 +
 .../WebCoreSupport/WebFrameLoaderClient.cpp     |  1 +
 .../WebLocalFrameLoaderClient.cpp               |  2 ++
 10 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back-expected.txt
 create mode 100644 LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back.html
 create mode 100644 LayoutTests/http/tests/site-isolation/history/resources/go-back.html

diff --git a/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back-expected.txt b/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back-expected.txt
new file mode 100644
index 0000000000000..ede66e9fbc7f6
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back-expected.txt
@@ -0,0 +1,9 @@
+Verifies that history.back() works when a same-site iframe is navigated cross-site.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back.html b/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back.html
new file mode 100644
index 0000000000000..bbead3e105121
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/navigate-same-site-iframe-into-new-process-and-go-back.html
@@ -0,0 +1,17 @@
+<!-- webkit-test-runner [ SiteIsolationEnabled=true ] -->
+<script src="/js-test-resources/js-test.js"></script>
+<script>
+description("Verifies that history.back() works when a same-site iframe is navigated cross-site.");
+jsTestIsAsync = true;
+
+onmessage = () => {
+    if (sessionStorage.didNavigate) {
+        delete sessionStorage.didNavigate;
+        finishJSTest();
+    } else {
+        sessionStorage.didNavigate = true;
+        document.querySelector('iframe').src = 'http://localhost:8000/site-isolation/history/resources/go-back.html';
+    }
+}
+</script>
+<iframe src="http://127.0.0.1:8000/site-isolation/resources/green-background.html"></iframe>
diff --git a/LayoutTests/http/tests/site-isolation/history/resources/go-back.html b/LayoutTests/http/tests/site-isolation/history/resources/go-back.html
new file mode 100644
index 0000000000000..8dd6831eda94f
--- /dev/null
+++ b/LayoutTests/http/tests/site-isolation/history/resources/go-back.html
@@ -0,0 +1,2 @@
+<body onload="history.back()">
+</body>
diff --git a/Source/WebKit/Shared/NavigationActionData.h b/Source/WebKit/Shared/NavigationActionData.h
index 759080c7d8d55..63ae2aef0427a 100644
--- a/Source/WebKit/Shared/NavigationActionData.h
+++ b/Source/WebKit/Shared/NavigationActionData.h
@@ -64,6 +64,7 @@ struct NavigationActionData {
     bool openedByDOMWithOpener { false };
     bool hasOpener { false };
     bool isPerformingHTTPFallback { false };
+    bool isInitialFrameSrcLoad { false };
     String openedMainFrameName;
     WebCore::SecurityOriginData requesterOrigin;
     WebCore::SecurityOriginData requesterTopOrigin;
diff --git a/Source/WebKit/Shared/NavigationActionData.serialization.in b/Source/WebKit/Shared/NavigationActionData.serialization.in
index cbd5d03c523ba..fec295e03e069 100644
--- a/Source/WebKit/Shared/NavigationActionData.serialization.in
+++ b/Source/WebKit/Shared/NavigationActionData.serialization.in
@@ -38,6 +38,7 @@ struct WebKit::NavigationActionData {
     bool openedByDOMWithOpener;
     bool hasOpener;
     bool isPerformingHTTPFallback;
+    bool isInitialFrameSrcLoad;
     String openedMainFrameName;
     WebCore::SecurityOriginData requesterOrigin;
     WebCore::SecurityOriginData requesterTopOrigin;
diff --git a/Source/WebKit/UIProcess/API/APINavigation.h b/Source/WebKit/UIProcess/API/APINavigation.h
index a45bbcf60f9f9..70c5d928453d2 100644
--- a/Source/WebKit/UIProcess/API/APINavigation.h
+++ b/Source/WebKit/UIProcess/API/APINavigation.h
@@ -132,6 +132,7 @@ class Navigation : public ObjectImpl<Object::Type::Navigation> {
     bool treatAsSameOriginNavigation() const { return m_lastNavigationAction.treatAsSameOriginNavigation; }
     bool hasOpenedFrames() const { return m_lastNavigationAction.hasOpenedFrames; }
     bool openedByDOMWithOpener() const { return m_lastNavigationAction.openedByDOMWithOpener; }
+    bool isInitialFrameSrcLoad() const { return m_lastNavigationAction.isInitialFrameSrcLoad; }
     const WebCore::SecurityOriginData& requesterOrigin() const { return m_lastNavigationAction.requesterOrigin; }
 
     void setUserContentExtensionsEnabled(bool enabled) { m_userContentExtensionsEnabled = enabled; }
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 46b6aba711bd4..e26b390557d25 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -5139,9 +5139,7 @@ void WebPageProxy::continueNavigationInNewProcess(API::Navigation& navigation, W
         loadParameters.ownerPermissionsPolicy = navigation.lastNavigationAction().ownerPermissionsPolicy;
         loadParameters.isPerformingHTTPFallback = isPerformingHTTPFallback == IsPerformingHTTPFallback::Yes;
 
-        RefPtr provisionalPage = m_provisionalPage;
-        Ref processNavigatingFrom = frame.isMainFrame() && provisionalPage ? provisionalPage->process() : frame.process();
-        if (RefPtr parentFrame = frame.parentFrame(); parentFrame && parentFrame->process() == processNavigatingFrom)
+        if (navigation.isInitialFrameSrcLoad())
             frame.setIsPendingInitialHistoryItem(true);
 
         frame.prepareForProvisionalLoadInProcess(newProcess, navigation, m_browsingContextGroup, [
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
index 5b4af3c777192..0770cf42a2e94 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
@@ -350,6 +350,7 @@ RefPtr<Page> WebChromeClient::createWindow(LocalFrame& frame, const String& open
         false, /* openedByDOMWithOpener */
         navigationAction.newFrameOpenerPolicy() == NewFrameOpenerPolicy::Allow, /* hasOpener */
         frame.loader().isHTTPFallbackInProgress(),
+        navigationAction.isInitialFrameSrcLoad(),
         openedMainFrameName,
         { }, /* requesterOrigin */
         { }, /* requesterTopOrigin */
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
index 8894e9561c068..60cfc5d4daf13 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
@@ -143,6 +143,7 @@ std::optional<NavigationActionData> WebFrameLoaderClient::navigationActionData(c
         navigationAction.openedByDOMWithOpener(),
         hasOpener,
         isPerformingHTTPFallback == IsPerformingHTTPFallback::Yes,
+        navigationAction.isInitialFrameSrcLoad(),
         { },
         requester.securityOrigin->data(),
         requester.topOrigin->data(),
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
index ea76f07e27fbc..2ca3d14d0003f 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
@@ -499,6 +499,7 @@ void WebLocalFrameLoaderClient::didSameDocumentNavigationForFrameViaJS(SameDocum
         false, /* openedByDOMWithOpener */
         !!localFrame->opener(), /* hasOpener */
         localFrame->loader().isHTTPFallbackInProgress(),
+        false, /* isInitialFrameSrcLoad */
         { }, /* openedMainFrameName */
         { }, /* requesterOrigin */
         { }, /* requesterTopOrigin */
@@ -983,6 +984,7 @@ void WebLocalFrameLoaderClient::dispatchDecidePolicyForNewWindowAction(const Nav
         false, /* openedByDOMWithOpener */
         navigationAction.newFrameOpenerPolicy() == NewFrameOpenerPolicy::Allow, /* hasOpener */
         localFrame->loader().isHTTPFallbackInProgress(),
+        navigationAction.isInitialFrameSrcLoad(),
         { }, /* openedMainFrameName */
         { }, /* requesterOrigin */
         { }, /* requesterTopOrigin */

From 49fd56f14d9b6432f41ae1fe2d8e7b0f6de5889a Mon Sep 17 00:00:00 2001
From: Aditya Keerthi <akeerthi@apple.com>
Date: Mon, 24 Feb 2025 15:12:20 -0800
Subject: [PATCH 168/174] [macOS] Add a vector-based version of <progress>
 https://bugs.webkit.org/show_bug.cgi?id=288354 rdar://145446366

Reviewed by Abrar Rahman Protyasha.

* Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm:
* Source/WebCore/rendering/ios/RenderThemeIOS.mm:
(WebCore::RenderThemeIOS::paintProgressBar):

Allow macOS and Mac Catalyst to use the same vector-based version.

Canonical link: https://commits.webkit.org/290989@main
---
 Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm | 1 +
 Source/WebCore/rendering/ios/RenderThemeIOS.mm     | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm b/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
index d3885f6fbcd56..eca8d19ffc111 100644
--- a/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
+++ b/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
@@ -43,6 +43,7 @@
 #import "RenderProgress.h"
 #import "RenderSlider.h"
 #import "RenderText.h"
+#import "Theme.h"
 #import "TypedElementDescendantIteratorInlines.h"
 #import "UserAgentScripts.h"
 #import "UserAgentStyleSheets.h"
diff --git a/Source/WebCore/rendering/ios/RenderThemeIOS.mm b/Source/WebCore/rendering/ios/RenderThemeIOS.mm
index 9aefd2d5e8e11..98e05c12f2891 100644
--- a/Source/WebCore/rendering/ios/RenderThemeIOS.mm
+++ b/Source/WebCore/rendering/ios/RenderThemeIOS.mm
@@ -773,8 +773,8 @@ static bool renderThemePaintSwitchTrack(OptionSet<ControlStyle::State>, const Re
 bool RenderThemeIOS::paintProgressBar(const RenderObject& renderer, const PaintInfo& paintInfo, const IntRect& rect)
 {
 #if ENABLE(MAC_STYLE_CONTROLS_ON_CATALYST)
-    if (paintProgressBarForCatalyst(renderer, paintInfo, rect))
-        return false;
+    if (renderer.settings().macStyleControlsOnCatalyst())
+        return RenderThemeCocoa::paintProgressBar(renderer, paintInfo, rect);
 #endif
 
     auto* renderProgress = dynamicDowncast<RenderProgress>(renderer);

From e7cdf7bc94b91846af8a3b8fa939c0cb1a374787 Mon Sep 17 00:00:00 2001
From: Robert Jenner <jenner@apple.com>
Date: Mon, 24 Feb 2025 15:28:55 -0800
Subject: [PATCH 169/174] [GARDENING]Temporaririly Skip 8X JSC tests while fix
 is under investigation rdar://144246030

Reviewed by Yijia Huang.

* JSTests/stress/bigint-toLocaleString.js:
* JSTests/stress/intl-datetimeformat.js:
* JSTests/stress/intl-displaynames-v2.js:
* JSTests/stress/intl-displaynames.js:
* JSTests/stress/intl-locale-exceptions.js:
* JSTests/stress/intl-long-locale-id-maximize-minimize.js:
* JSTests/stress/intl-numberformat-unified.js:
* JSTests/stress/number-toLocaleString.js:

Canonical link: https://commits.webkit.org/290990@main
---
 JSTests/stress/bigint-toLocaleString.js                 | 2 ++
 JSTests/stress/intl-datetimeformat.js                   | 2 ++
 JSTests/stress/intl-displaynames-v2.js                  | 2 ++
 JSTests/stress/intl-displaynames.js                     | 2 ++
 JSTests/stress/intl-locale-exceptions.js                | 2 ++
 JSTests/stress/intl-long-locale-id-maximize-minimize.js | 2 ++
 JSTests/stress/intl-numberformat-unified.js             | 2 ++
 JSTests/stress/number-toLocaleString.js                 | 2 ++
 8 files changed, 16 insertions(+)

diff --git a/JSTests/stress/bigint-toLocaleString.js b/JSTests/stress/bigint-toLocaleString.js
index 9ccb5d6bdbb82..6be3e4b455c48 100644
--- a/JSTests/stress/bigint-toLocaleString.js
+++ b/JSTests/stress/bigint-toLocaleString.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`expected ${expected} but got ${actual}`);
diff --git a/JSTests/stress/intl-datetimeformat.js b/JSTests/stress/intl-datetimeformat.js
index 89e36170edad3..6f17f49e42abd 100644
--- a/JSTests/stress/intl-datetimeformat.js
+++ b/JSTests/stress/intl-datetimeformat.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`expected ${expected} but got ${actual}`);
diff --git a/JSTests/stress/intl-displaynames-v2.js b/JSTests/stress/intl-displaynames-v2.js
index bd42ae7b5f176..edbfa4d014f07 100644
--- a/JSTests/stress/intl-displaynames-v2.js
+++ b/JSTests/stress/intl-displaynames-v2.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
diff --git a/JSTests/stress/intl-displaynames.js b/JSTests/stress/intl-displaynames.js
index e4d68af247691..76ad06a32c04e 100644
--- a/JSTests/stress/intl-displaynames.js
+++ b/JSTests/stress/intl-displaynames.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
diff --git a/JSTests/stress/intl-locale-exceptions.js b/JSTests/stress/intl-locale-exceptions.js
index 2f55deaac7c21..06c267dc32c07 100644
--- a/JSTests/stress/intl-locale-exceptions.js
+++ b/JSTests/stress/intl-locale-exceptions.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldThrow(func, errorType) {
     let error;
     try {
diff --git a/JSTests/stress/intl-long-locale-id-maximize-minimize.js b/JSTests/stress/intl-long-locale-id-maximize-minimize.js
index 9e704b27c1a44..da96837335dff 100644
--- a/JSTests/stress/intl-long-locale-id-maximize-minimize.js
+++ b/JSTests/stress/intl-long-locale-id-maximize-minimize.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
diff --git a/JSTests/stress/intl-numberformat-unified.js b/JSTests/stress/intl-numberformat-unified.js
index 7f3f1bb6e0d3e..9a9d0b31e0312 100644
--- a/JSTests/stress/intl-numberformat-unified.js
+++ b/JSTests/stress/intl-numberformat-unified.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error('bad value: ' + actual);
diff --git a/JSTests/stress/number-toLocaleString.js b/JSTests/stress/number-toLocaleString.js
index 8c57070a83cfa..46443709ae7f2 100644
--- a/JSTests/stress/number-toLocaleString.js
+++ b/JSTests/stress/number-toLocaleString.js
@@ -1,3 +1,5 @@
+//@ skip
+
 function shouldBe(actual, expected) {
     if (actual !== expected)
         throw new Error(`expected ${expected} but got ${actual}`);

From bc82205e7ef89756a44ccf963003c2cb439efe06 Mon Sep 17 00:00:00 2001
From: Karl Rackler <rackler@apple.com>
Date: Mon, 24 Feb 2025 15:31:06 -0800
Subject: [PATCH 170/174] [EWS]
 imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html
 is a constant failure on Ventura Intel
 https://bugs.webkit.org/show_bug.cgi?id=280213 rdar://136530901

Unreviewed test modification.

Modify pixel tolerance.

* LayoutTests/imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html:

Canonical link: https://commits.webkit.org/290991@main
---
 .../image-orientation-background-properties.html                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LayoutTests/imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html b/LayoutTests/imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html
index 431fba1330eb0..81876c6ecc1de 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html
+++ b/LayoutTests/imported/w3c/web-platform-tests/css/css-images/image-orientation/image-orientation-background-properties.html
@@ -6,7 +6,7 @@
 <link rel="author" title="Stephen Chenney" href="mailto:schenney@chromium.org">
 <link rel="help" href="https://drafts.csswg.org/css-images-3/#propdef-image-orientation">
 <link rel="match" href="reference/image-orientation-background-properties-ref.html">
-<meta name="fuzzy" content="maxDifference=0-100; totalPixels=0-313">
+<meta name="fuzzy" content="maxDifference=0-100; totalPixels=0-320">
 <style>
     div {
         position: absolute;

From b2a7676f607cf74297789c0e75aef38509b006ad Mon Sep 17 00:00:00 2001
From: Yasmin Karimi <y_karimi@apple.com>
Date: Mon, 24 Feb 2025 16:03:56 -0800
Subject: [PATCH 171/174] [Gardening] REGRESSION(290200@main): [ wk2 ]
 imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index.html
 is a constant failure. https://bugs.webkit.org/show_bug.cgi?id=288422
 rdar://145516131

Unreviewed test gardening.

Added a test expectation for a constantly failing test.

* LayoutTests/platform/mac/imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index-expected.png: Added.
* LayoutTests/platform/wk2/TestExpectations:

Canonical link: https://commits.webkit.org/290992@main
---
 ...vigate-destination-dynamic-index-expected.png | Bin 0 -> 9896 bytes
 LayoutTests/platform/wk2/TestExpectations        |   2 ++
 2 files changed, 2 insertions(+)
 create mode 100644 LayoutTests/platform/mac/imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index-expected.png

diff --git a/LayoutTests/platform/mac/imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index-expected.png b/LayoutTests/platform/mac/imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index-expected.png
new file mode 100644
index 0000000000000000000000000000000000000000..adbe7f0756e83535b71d09fa983cdf927890fcaa
GIT binary patch
literal 9896
zcmeAS@N?(olHy`uVBq!ia0y~yU{+vYV2a>i1B%QlYbpRznkB9gCCM47$=SuFxeO)-
zhAAnjCYC7%7RHu_Nycd@DJe#2$*BfusmTV0mIjec-MfLB7>k44ofy`glX(f`<fKM;
zruq6ZXaU(A3@nUN46Gm}Ky1e-4QIPCYA`T^#hDlw+A|qgplbYpGzfSAF-Q-DW?H}m
zQ^BmTfEmVSiU29y7@3$2q&N#aB8wRqxP?KOkzv*x2?hq$1)eUBAr*{ouW#gKP~c%P
zO!z;SIjLjy9M-r^m+s6fKP{->(7?dR#KIw<;GiI2aj=aO!iEUeFfu+81W7^FoM2(`
zaLet0X#k2cK4Kr09}S<;^a0L8qxoaBd>AbsN9zY@g*sY4j<yd*+ef4A!_oHPX!~%q
zeF*Ghj<%0S+sC8r<I(o<X!{sE;5OPn80{a7_76t;2c!Li(f+|`|6sI#Fxo#FonIWC
zUmcxa9-Uu@FG3hyUog79Vs!n<==vK-kvQzej~lsPhI6cWzg<%Sw2;fw)z4*}Q$iB}
D>`!@n

literal 0
HcmV?d00001

diff --git a/LayoutTests/platform/wk2/TestExpectations b/LayoutTests/platform/wk2/TestExpectations
index 6875cff48b881..dbfc7cfe89746 100644
--- a/LayoutTests/platform/wk2/TestExpectations
+++ b/LayoutTests/platform/wk2/TestExpectations
@@ -810,3 +810,5 @@ webkit.org/b/286450 imported/w3c/web-platform-tests/webcodecs/audio-encoder.http
 webkit.org/b/287126 fast/forms/datalist/datalist-hide-using-escape-key.html [ Pass Timeout Failure ]
 
 webkit.org/b/287724 imported/w3c/web-platform-tests/feature-policy/reporting/picture-in-picture-reporting.html [ Pass Failure ]
+
+webkit.org/b/288422 imported/w3c/web-platform-tests/navigation-api/navigate-event/navigate-destination-dynamic-index.html [ Failure ]

From 8c7eecf2912ad544e1369927918d8a208626f73c Mon Sep 17 00:00:00 2001
From: Aditya Keerthi <akeerthi@apple.com>
Date: Mon, 24 Feb 2025 16:14:56 -0800
Subject: [PATCH 172/174] [macOS] Add a vector-based version of switch inputs
 https://bugs.webkit.org/show_bug.cgi?id=288353 rdar://145446428

Reviewed by Wenson Hsieh.

Move logic to `RenderThemeCocoa` so that macOS and Mac Catalyst can share
switch painting code.

* Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm:
(renderThemePaintSwitchThumb):
(renderThemePaintSwitchTrack):
(WebCore::RenderThemeCocoa::adjustSwitchStyle const):
(WebCore::RenderThemeCocoa::paintSwitchThumb):
(WebCore::RenderThemeCocoa::paintSwitchTrack):
* Source/WebCore/rendering/ios/RenderThemeIOS.h:
* Source/WebCore/rendering/ios/RenderThemeIOS.mm:
(WebCore::renderThemePaintSwitchThumb): Deleted.
(WebCore::renderThemePaintSwitchTrack): Deleted.
(WebCore::RenderThemeIOS::adjustSwitchStyle const): Deleted.
(WebCore::RenderThemeIOS::paintSwitchThumb): Deleted.
(WebCore::RenderThemeIOS::paintSwitchTrack): Deleted.

Canonical link: https://commits.webkit.org/290993@main
---
 .../rendering/cocoa/RenderThemeCocoa.mm       | 64 ++++++++++++++++---
 Source/WebCore/rendering/ios/RenderThemeIOS.h |  3 -
 .../WebCore/rendering/ios/RenderThemeIOS.mm   | 46 -------------
 3 files changed, 56 insertions(+), 57 deletions(-)

diff --git a/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm b/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
index eca8d19ffc111..ea3b102bed12b 100644
--- a/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
+++ b/Source/WebCore/rendering/cocoa/RenderThemeCocoa.mm
@@ -76,6 +76,29 @@
 #import <pal/ios/UIKitSoftLink.h>
 #endif
 
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/RenderThemeCocoaAdditionsBefore.mm>
+#else
+
+namespace WebCore {
+
+constexpr auto logicalSwitchHeight = 31.f;
+constexpr auto logicalSwitchWidth = 51.f;
+
+static bool renderThemePaintSwitchThumb(OptionSet<ControlStyle::State>, const RenderObject&, const PaintInfo&, const FloatRect&, const Color&)
+{
+    return true;
+}
+
+static bool renderThemePaintSwitchTrack(OptionSet<ControlStyle::State>, const RenderObject&, const PaintInfo&, const FloatRect&)
+{
+    return true;
+}
+
+}
+
+#endif
+
 @interface WebCoreRenderThemeBundle : NSObject
 @end
 
@@ -751,27 +774,52 @@ static inline FontSelectionValue cssWeightOfSystemFont(CTFontRef font)
         return;
 #endif
 
+#if PLATFORM(MAC)
     RenderTheme::adjustSwitchStyle(style, element);
+#else
+    UNUSED_PARAM(element);
+
+    // FIXME: Deduplicate sizing with the generic code somehow.
+    if (style.width().isAuto() || style.height().isAuto()) {
+        style.setLogicalWidth({ logicalSwitchWidth * style.usedZoom(), LengthType::Fixed });
+        style.setLogicalHeight({ logicalSwitchHeight * style.usedZoom(), LengthType::Fixed });
+    }
+
+    adjustSwitchStyleDisplay(style);
+
+    if (style.outlineStyleIsAuto() == OutlineIsAuto::On)
+        style.setOutlineStyle(BorderStyle::None);
+#endif
 }
 
-bool RenderThemeCocoa::paintSwitchThumb(const RenderObject& box, const PaintInfo& paintInfo, const FloatRect& rect)
+bool RenderThemeCocoa::paintSwitchThumb(const RenderObject& renderer, const PaintInfo& paintInfo, const FloatRect& rect)
 {
+#if PLATFORM(MAC)
+    bool useDefaultImplementation = true;
 #if ENABLE(VECTOR_BASED_CONTROLS_ON_MAC)
-    if (paintSwitchThumbForVectorBasedControls(box, paintInfo, rect))
-        return false;
+    if (renderer.settings().vectorBasedControlsOnMacEnabled())
+        useDefaultImplementation = false;
+#endif
+    if (useDefaultImplementation)
+        return RenderTheme::paintSwitchThumb(renderer, paintInfo, rect);
 #endif
 
-    return RenderTheme::paintSwitchThumb(box, paintInfo, rect);
+    return renderThemePaintSwitchThumb(extractControlStyleStatesForRenderer(renderer), renderer, paintInfo, rect, platformFocusRingColor(renderer.styleColorOptions()));
 }
 
-bool RenderThemeCocoa::paintSwitchTrack(const RenderObject& box, const PaintInfo& paintInfo, const FloatRect& rect)
+bool RenderThemeCocoa::paintSwitchTrack(const RenderObject& renderer, const PaintInfo& paintInfo, const FloatRect& rect)
 {
+#if PLATFORM(MAC)
+    bool useDefaultImplementation = true;
 #if ENABLE(VECTOR_BASED_CONTROLS_ON_MAC)
-    if (paintSwitchTrackForVectorBasedControls(box, paintInfo, rect))
-        return false;
+    if (renderer.settings().vectorBasedControlsOnMacEnabled())
+        useDefaultImplementation = false;
+#endif
+    if (useDefaultImplementation)
+        return RenderTheme::paintSwitchTrack(renderer, paintInfo, rect);
 #endif
 
-    return RenderTheme::paintSwitchTrack(box, paintInfo, rect);
+    return renderThemePaintSwitchTrack(extractControlStyleStatesForRenderer(renderer), renderer, paintInfo, rect);
 }
 
 }
diff --git a/Source/WebCore/rendering/ios/RenderThemeIOS.h b/Source/WebCore/rendering/ios/RenderThemeIOS.h
index f2046c2d6fd5b..5d77b77e13bec 100644
--- a/Source/WebCore/rendering/ios/RenderThemeIOS.h
+++ b/Source/WebCore/rendering/ios/RenderThemeIOS.h
@@ -101,9 +101,6 @@ class RenderThemeIOS final : public RenderThemeCocoa {
 
     void adjustSliderThumbSize(RenderStyle&, const Element*) const override;
 
-    void adjustSwitchStyle(RenderStyle&, const Element*) const final;
-    bool paintSwitchThumb(const RenderObject&, const PaintInfo&, const FloatRect&) final;
-    bool paintSwitchTrack(const RenderObject&, const PaintInfo&, const FloatRect&) final;
     Seconds switchAnimationVisuallyOnDuration() const final { return 0.4880138408543766_s; }
     Seconds switchAnimationHeldDuration() const final { return 0.5073965509413827_s; }
 #if HAVE(UI_IMPACT_FEEDBACK_GENERATOR)
diff --git a/Source/WebCore/rendering/ios/RenderThemeIOS.mm b/Source/WebCore/rendering/ios/RenderThemeIOS.mm
index 98e05c12f2891..6d3b44d37b95f 100644
--- a/Source/WebCore/rendering/ios/RenderThemeIOS.mm
+++ b/Source/WebCore/rendering/ios/RenderThemeIOS.mm
@@ -724,52 +724,6 @@ static void adjustInputElementButtonStyle(RenderStyle& style, const HTMLInputEle
 constexpr auto reducedMotionProgressAnimationMinOpacity = 0.3f;
 constexpr auto reducedMotionProgressAnimationMaxOpacity = 0.6f;
 
-#if !USE(APPLE_INTERNAL_SDK)
-constexpr auto logicalSwitchHeight = 31.f;
-constexpr auto logicalSwitchWidth = 51.f;
-
-static bool renderThemePaintSwitchThumb(OptionSet<ControlStyle::State>, const RenderObject&, const PaintInfo&, const FloatRect&, const Color&)
-{
-    return true;
-}
-
-static bool renderThemePaintSwitchTrack(OptionSet<ControlStyle::State>, const RenderObject&, const PaintInfo&, const FloatRect&, const Color&)
-{
-    return true;
-}
-#endif
-
-void RenderThemeIOS::adjustSwitchStyle(RenderStyle& style, const Element* element) const
-{
-#if ENABLE(MAC_STYLE_CONTROLS_ON_CATALYST)
-    if (adjustSwitchStyleForCatalyst(style, element))
-        return;
-#else
-    UNUSED_PARAM(element);
-#endif
-
-    // FIXME: Deduplicate sizing with the generic code somehow.
-    if (style.width().isAuto() || style.height().isAuto()) {
-        style.setLogicalWidth({ logicalSwitchWidth * style.usedZoom(), LengthType::Fixed });
-        style.setLogicalHeight({ logicalSwitchHeight * style.usedZoom(), LengthType::Fixed });
-    }
-
-    adjustSwitchStyleDisplay(style);
-
-    if (style.outlineStyleIsAuto() == OutlineIsAuto::On)
-        style.setOutlineStyle(BorderStyle::None);
-}
-
-bool RenderThemeIOS::paintSwitchThumb(const RenderObject& renderer, const PaintInfo& paintInfo, const FloatRect& rect)
-{
-    return renderThemePaintSwitchThumb(extractControlStyleStatesForRenderer(renderer), renderer, paintInfo, rect, systemFocusRingColor());
-}
-
-bool RenderThemeIOS::paintSwitchTrack(const RenderObject& renderer, const PaintInfo& paintInfo, const FloatRect& rect)
-{
-    return renderThemePaintSwitchTrack(extractControlStyleStatesForRenderer(renderer), renderer, paintInfo, rect, systemColor(CSSValueAppleSystemGreen, renderer.styleColorOptions()));
-}
-
 bool RenderThemeIOS::paintProgressBar(const RenderObject& renderer, const PaintInfo& paintInfo, const IntRect& rect)
 {
 #if ENABLE(MAC_STYLE_CONTROLS_ON_CATALYST)

From 36a8f4813835e0ec865a59aff8b500a682443134 Mon Sep 17 00:00:00 2001
From: Fujii Hironori <Hironori.Fujii@sony.com>
Date: Mon, 24 Feb 2025 16:24:12 -0800
Subject: [PATCH 173/174] Non-unified source build fix of February 2025 (part
 9) https://bugs.webkit.org/show_bug.cgi?id=286904

Unreviewed non-unified build fix.

* Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp:
* Source/WebCore/bindings/js/InternalWritableStream.cpp:
* Source/WebCore/html/HTMLSlotElement.cpp:
* Source/WebCore/rendering/BorderEdge.h:
* Source/WebCore/rendering/RenderBlockInlines.h:
* Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp:
* Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp:
(WebKit::WebFileSystemStorageConnection::errorWritable):

Canonical link: https://commits.webkit.org/290994@main
---
 .../Modules/filesystemaccess/FileSystemStorageConnection.cpp  | 4 ++--
 Source/WebCore/bindings/js/InternalWritableStream.cpp         | 1 +
 Source/WebCore/html/HTMLSlotElement.cpp                       | 1 +
 Source/WebCore/rendering/BorderEdge.h                         | 1 +
 Source/WebCore/rendering/RenderBlockInlines.h                 | 1 +
 Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp         | 2 ++
 .../WebCoreSupport/WebFileSystemStorageConnection.cpp         | 2 +-
 7 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp
index 31c308aa01813..a788a0fd77589 100644
--- a/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp
+++ b/Source/WebCore/Modules/filesystemaccess/FileSystemStorageConnection.cpp
@@ -23,11 +23,11 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#pragma once
-
 #include "config.h"
 #include "FileSystemStorageConnection.h"
 
+#include "FileSystemWritableFileStream.h"
+
 namespace WebCore {
 
 bool FileSystemStorageConnection::errorFileSystemWritable(FileSystemWritableFileStreamIdentifier identifier)
diff --git a/Source/WebCore/bindings/js/InternalWritableStream.cpp b/Source/WebCore/bindings/js/InternalWritableStream.cpp
index 10f6e62343017..2edb75c47eb48 100644
--- a/Source/WebCore/bindings/js/InternalWritableStream.cpp
+++ b/Source/WebCore/bindings/js/InternalWritableStream.cpp
@@ -27,6 +27,7 @@
 #include "InternalWritableStream.h"
 
 #include "Exception.h"
+#include "JSDOMExceptionHandling.h"
 #include "WebCoreJSClientData.h"
 #include <JavaScriptCore/JSArrayBufferViewInlines.h>
 #include <JavaScriptCore/JSObjectInlines.h>
diff --git a/Source/WebCore/html/HTMLSlotElement.cpp b/Source/WebCore/html/HTMLSlotElement.cpp
index 7a7a7791f5fe8..dbcffb27bdc46 100644
--- a/Source/WebCore/html/HTMLSlotElement.cpp
+++ b/Source/WebCore/html/HTMLSlotElement.cpp
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "HTMLSlotElement.h"
 
+#include "AXObjectCache.h"
 #include "ElementInlines.h"
 #include "Event.h"
 #include "EventNames.h"
diff --git a/Source/WebCore/rendering/BorderEdge.h b/Source/WebCore/rendering/BorderEdge.h
index 3f587a6d8f6c1..69281bf5c4cf5 100644
--- a/Source/WebCore/rendering/BorderEdge.h
+++ b/Source/WebCore/rendering/BorderEdge.h
@@ -26,6 +26,7 @@
 #pragma once
 
 #include "Color.h"
+#include "LayoutSize.h"
 #include "LayoutUnit.h"
 #include "RectEdges.h"
 #include "RenderObjectEnums.h"
diff --git a/Source/WebCore/rendering/RenderBlockInlines.h b/Source/WebCore/rendering/RenderBlockInlines.h
index d828b3b72a1c5..512c119bf169a 100644
--- a/Source/WebCore/rendering/RenderBlockInlines.h
+++ b/Source/WebCore/rendering/RenderBlockInlines.h
@@ -20,6 +20,7 @@
 #pragma once
 
 #include "RenderBlock.h"
+#include "RenderBoxInlines.h"
 #include "RenderObjectInlines.h"
 #include "RenderStyleInlines.h"
 
diff --git a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
index 4fcac5b93338d..b9058e66ab5fc 100644
--- a/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
+++ b/Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
@@ -33,6 +33,7 @@
 #include "MessageSenderInlines.h"
 #include "RemotePageFullscreenManagerProxy.h"
 #include "WebAutomationSession.h"
+#include "WebFrameProxy.h"
 #include "WebFullScreenManagerMessages.h"
 #include "WebFullScreenManagerProxyMessages.h"
 #include "WebPageProxy.h"
@@ -41,6 +42,7 @@
 #include <WebCore/IntRect.h>
 #include <WebCore/MIMETypeRegistry.h>
 #include <WebCore/ScreenOrientationType.h>
+#include <wtf/CallbackAggregator.h>
 #include <wtf/LoggerHelper.h>
 #include <wtf/TZoneMallocInlines.h>
 #include <wtf/text/MakeString.h>
diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
index bde9708fe368d..e38cc452af2d2 100644
--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
@@ -53,7 +53,7 @@ void WebFileSystemStorageConnection::errorWritable(WebCore::ScriptExecutionConte
         return;
 
     WebCore::ScriptExecutionContext::postTaskTo(contextIdentifier, [writableIdentifier, protectedThis = Ref { *this }](auto& context) mutable {
-        RefPtr globalScope = dynamicDowncast<WorkerGlobalScope>(context);
+        RefPtr globalScope = dynamicDowncast<WebCore::WorkerGlobalScope>(context);
         RefPtr connection = globalScope ? globalScope->fileSystemStorageConnection() : nullptr;
         if (connection)
             connection->errorFileSystemWritable(writableIdentifier);

From 5f23c786d3aa0cd7d683554ec91414068f73707b Mon Sep 17 00:00:00 2001
From: Dan Hecht <dan.hecht@apple.com>
Date: Mon, 24 Feb 2025 16:28:28 -0800
Subject: [PATCH 174/174] [JSC] Add some missing exception checks to
 arrayProtoFuncIncludes https://bugs.webkit.org/show_bug.cgi?id=288416
 rdar://145514228

Reviewed by Yijia Huang and Michael Saboff.

Need to keep the exception check verifier happy.

* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):

Canonical link: https://commits.webkit.org/290995@main
---
 Source/JavaScriptCore/runtime/ArrayPrototype.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
index 64daf2e3b52d6..a9947491d61ad 100644
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -2157,14 +2157,18 @@ JSC_DEFINE_HOST_FUNCTION(arrayProtoFuncIncludes, (JSGlobalObject* globalObject,
 
     if (LIKELY(isJSArray(thisObject))) {
         JSArray* thisArray = jsCast<JSArray*>(thisObject);
-        if (auto fastResult = thisArray->fastIncludes(globalObject, searchElement, index, length))
+        auto fastResult = thisArray->fastIncludes(globalObject, searchElement, index, length);
+        RETURN_IF_EXCEPTION(scope, { });
+        if (fastResult)
             return JSValue::encode(jsBoolean(fastResult.value()));
     }
 
     for (; index < length; ++index) {
         auto currentElement = thisObject->getIndex(globalObject, index);
         RETURN_IF_EXCEPTION(scope, { });
-        if (sameValueZero(globalObject, searchElement, currentElement))
+        bool isEqual = sameValueZero(globalObject, searchElement, currentElement);
+        RETURN_IF_EXCEPTION(scope, { });
+        if (isEqual)
             return JSValue::encode(jsBoolean(true));
     }