Make WebNode::to<Type>() (and toConst) casts contain type asserts.

Make WebNode::to<Type>() (and toConst) casts contain type asserts.

Previously you could cast a WebNode to any subclass and then call invalid
methods on it resulting in invalid address access. Instead we change the
to<Type>() and toConst<Type>() casting methods to contain type checks just
like the toFoo() casting methods inside Blink. This will catch the bad casts
early by crashing on an ASSERT_WITH_SECURITY_IMPLICATION.

These new asserts caught bad casts inside WebFrameTest where it was casting
a WebElement(div) into a WebInputElement. It also caught one in the
form_autofill_browsertest where it was casting a WebElement(textarea) to a
WebInputElement.

Finally I fixed a case of this I found inside form_autofill_util.cc's
MatchLabelsAndFields method which converted correspondingControl() to a
WebFormControlElement without checking if it was one first. This code was
actually safe since it always checked isFormControlElement() on the
WebFormControlElement afterwards, but doing that is super subtle.

This also lets us remove the usage of nodeType() in the WebViewTest.cpp
since now the to<WebElement>() calls contain asserts, and with that being
the last usage of nodeType() we can remove WebNode::nodeType() completely.

Committed: https://crrev.com/740cd24e4e3db9f160462f7bf861929b18e4861f
Cr-Commit-Position: refs/heads/master@{#350944}

[esprehn, 2015-09-25 00:52:57]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2015-09-25 00:54:51]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/1

[commit-bot: I haz the power, 2015-09-25 01:10:59]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-09-25 01:11:00]

Dry run: Try jobs failed on following builders:
  android_chromium_gn_compile_rel on tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/android_chromiu...)
  linux_chromium_compile_dbg_32_ng on tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_gn_chromeos_rel on tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  mac_chromium_compile_dbg_ng on tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)

[esprehn, 2015-09-25 01:46:43]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[esprehn, 2015-09-25 01:47:20]

The CQ bit was unchecked by esprehn@chromium.org

[esprehn, 2015-09-25 02:36:30]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2015-09-25 02:36:43]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/40001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/40001

[commit-bot: I haz the power, 2015-09-25 03:17:48]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-09-25 03:17:49]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[esprehn, 2015-09-25 03:36:43]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2015-09-25 03:37:17]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/60001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/60001

[esprehn, 2015-09-25 03:40:33]

The CQ bit was unchecked by esprehn@chromium.org

[esprehn, 2015-09-25 03:42:36]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2015-09-25 03:43:16]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/80001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/80001

[esprehn, 2015-09-25 04:08:15]

The CQ bit was checked by esprehn@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2015-09-25 04:08:56]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/100001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/100001

[commit-bot: I haz the power, 2015-09-25 05:28:05]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-09-25 05:28:06]

Dry run: This issue passed the CQ dry run.

[esprehn, 2015-09-25 05:59:30]

esprehn@chromium.org changed reviewers:
+ dglazkov@chromium.org, estade@chromium.org, isherman@chromium.org,
pdr@chromium.org

[Ilya Sherman, 2015-09-25 06:18:23]

https://codereview.chromium.org/1365203002/diff/100001/chrome/renderer/autofi...
File chrome/renderer/autofill/form_autofill_browsertest.cc (right):

https://codereview.chromium.org/1365203002/diff/100001/chrome/renderer/autofi...
chrome/renderer/autofill/form_autofill_browsertest.cc:2006:
TEST_F(FormAutofillTest, WebFormElementConsiderNonControlLabelableElements) {
Sorry, what is this test testing?  That <progress> elements are ignored?

[esprehn, 2015-09-25 08:30:38]

https://codereview.chromium.org/1365203002/diff/100001/chrome/renderer/autofi...
File chrome/renderer/autofill/form_autofill_browsertest.cc (right):

https://codereview.chromium.org/1365203002/diff/100001/chrome/renderer/autofi...
chrome/renderer/autofill/form_autofill_browsertest.cc:2006:
TEST_F(FormAutofillTest, WebFormElementConsiderNonControlLabelableElements) {
On 2015/09/25 at 06:18:23, Ilya Sherman wrote:
> Sorry, what is this test testing?  That <progress> elements are ignored?

Yeah previously this did a bad cast since it casted first then checked
isFormControlElement() after, and the associated element for a label doesn't
need to be a FormControlElement (ex. <progress> and <output>).

[dglazkov, 2015-09-25 14:39:08]

https://codereview.chromium.org/1365203002/diff/100001/third_party/WebKit/pub...
File third_party/WebKit/public/web/WebNode.h (right):

https://codereview.chromium.org/1365203002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/web/WebNode.h:146: #define
DEFINE_WEB_NODE_TYPE_CASTS(type, predicate) \
this guy should be only when BLINK_IMPLEMENTATION, right?

[Evan Stade, 2015-09-25 17:14:38]

autofill lgtm

[esprehn, 2015-09-25 22:06:54]

https://codereview.chromium.org/1365203002/diff/100001/third_party/WebKit/pub...
File third_party/WebKit/public/web/WebNode.h (right):

https://codereview.chromium.org/1365203002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/web/WebNode.h:146: #define
DEFINE_WEB_NODE_TYPE_CASTS(type, predicate) \
On 2015/09/25 at 14:39:08, dglazkov wrote:
> this guy should be only when BLINK_IMPLEMENTATION, right?

Yeah done.

[dglazkov, 2015-09-25 22:07:14]

lgtm

[esprehn, 2015-09-25 22:10:19]

The CQ bit was checked by esprehn@chromium.org

[esprehn, 2015-09-25 22:10:20]

The patchset sent to the CQ was uploaded after l-g-t-m from estade@chromium.org
Link to the patchset: https://codereview.chromium.org/1365203002/#ps120001
(title: "Add BLINK_IMPLEMENTATION guard.")

[commit-bot: I haz the power, 2015-09-25 22:11:48]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1365203002/120001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1365203002/120001

[commit-bot: I haz the power, 2015-09-25 23:27:23]

Committed patchset #7 (id:120001)

[commit-bot: I haz the power, 2015-09-25 23:28:05]

Patchset 7 (id:??) landed as
https://crrev.com/740cd24e4e3db9f160462f7bf861929b18e4861f
Cr-Commit-Position: refs/heads/master@{#350944}