Skip to site navigation (Press enter)

[webkit-changes] [129294] trunk/Source/WebCore

simon . fraser Fri, 21 Sep 2012 20:03:14 -0700

Title: [129294] trunk/Source/WebCore

Revision: 129294
Author: [email protected]
Date: 2012-09-21 20:04:16 -0700 (Fri, 21 Sep 2012)

Log Message

RenderMarquee causes ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const
https://bugs.webkit.org/show_bug.cgi?id=92464


Reviewed by Sam Weinig.

Marquees could cause an updateCompositingLayersAfterScroll() to be called when
we're in the middle of updating layer positions. updateCompositingLayersAfterScroll()
does a full RenderLayer tree walk, but its use of RenderGeomeryMap reveals that
it's using layers whose positions haven't been updated yet.

Fix by avoiding the updateCompositingLayersAfterScroll() if we're in the process
of updating a marquee when updating layer positions. We'll do a compositing update
soon anyway.

Tested by fast/events/tabindex-focus-blur-all.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::RenderLayer):
(WebCore::RenderLayer::updateLayerPositions):
(WebCore::RenderLayer::updateLayerPositionsAfterScroll):
(WebCore::RenderLayer::scrollTo):
* rendering/RenderLayer.h:
(RenderLayer):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/RenderLayer.cpp
trunk/Source/WebCore/rendering/RenderLayer.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (129293 => 129294)


--- trunk/Source/WebCore/ChangeLog	2012-09-22 02:22:26 UTC (rev 129293)
+++ trunk/Source/WebCore/ChangeLog	2012-09-22 03:04:16 UTC (rev 129294)
@@ -1,3 +1,29 @@
+2012-09-21  Simon Fraser  <[email protected]>
+
+        RenderMarquee causes ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const
+        https://bugs.webkit.org/show_bug.cgi?id=92464
+
+        Reviewed by Sam Weinig.
+
+        Marquees could cause an updateCompositingLayersAfterScroll() to be called when
+        we're in the middle of updating layer positions. updateCompositingLayersAfterScroll()
+        does a full RenderLayer tree walk, but its use of RenderGeomeryMap reveals that
+        it's using layers whose positions haven't been updated yet.
+        
+        Fix by avoiding the updateCompositingLayersAfterScroll() if we're in the process
+        of updating a marquee when updating layer positions. We'll do a compositing update
+        soon anyway.
+
+        Tested by fast/events/tabindex-focus-blur-all.html
+
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::RenderLayer):
+        (WebCore::RenderLayer::updateLayerPositions):
+        (WebCore::RenderLayer::updateLayerPositionsAfterScroll):
+        (WebCore::RenderLayer::scrollTo):
+        * rendering/RenderLayer.h:
+        (RenderLayer):
+
 2012-09-21  Adam Klein  <[email protected]>
 
         Remove bogus assertions from ChildListMutationScope

Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (129293 => 129294)


--- trunk/Source/WebCore/rendering/RenderLayer.cpp	2012-09-22 02:22:26 UTC (rev 129293)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp	2012-09-22 03:04:16 UTC (rev 129294)
@@ -154,6 +154,7 @@
     , m_indirectCompositingReason(NoIndirectCompositingReason)
 #endif
     , m_containsDirtyOverlayScrollbars(false)
+    , m_updatingMarqueePosition(false)
 #if !ASSERT_DISABLED
     , m_layerListMutationAllowed(true)
 #endif
@@ -435,8 +436,13 @@
 #endif
         
     // With all our children positioned, now update our marquee if we need to.
-    if (m_marquee)
+    if (m_marquee) {
+        // FIXME: would like to use TemporaryChange<> but it doesn't work with bitfields.
+        bool oldUpdatingMarqueePosition = m_updatingMarqueePosition;
+        m_updatingMarqueePosition = true;
         m_marquee->updateMarqueePosition();
+        m_updatingMarqueePosition = oldUpdatingMarqueePosition;
+    }
 
     if (offsetFromRoot)
         *offsetFromRoot = oldOffsetFromRoot;
@@ -542,8 +548,12 @@
     // of an object, thus RenderReplica will still repaint itself properly as the layer position was
     // updated above.
 
-    if (m_marquee)
+    if (m_marquee) {
+        bool oldUpdatingMarqueePosition = m_updatingMarqueePosition;
+        m_updatingMarqueePosition = true;
         m_marquee->updateMarqueePosition();
+        m_updatingMarqueePosition = oldUpdatingMarqueePosition;
+    }
 }
 
 #if ENABLE(CSS_COMPOSITING)
@@ -1717,7 +1727,13 @@
         view->updateWidgetPositions();
     }
 
-    updateCompositingLayersAfterScroll();
+    if (!m_updatingMarqueePosition) {
+        // Avoid updating compositing layers if, higher on the stack, we're already updating layer
+        // positions. Updating layer positions requires a full walk of up-to-date RenderLayers, and
+        // in this case we're still updating their positions; we'll update compositing layers later
+        // when that completes.
+        updateCompositingLayersAfterScroll();
+    }
 
     RenderBoxModelObject* repaintContainer = renderer()->containerForRepaint();
     Frame* frame = renderer()->frame();

Modified: trunk/Source/WebCore/rendering/RenderLayer.h (129293 => 129294)


--- trunk/Source/WebCore/rendering/RenderLayer.h	2012-09-22 02:22:26 UTC (rev 129293)
+++ trunk/Source/WebCore/rendering/RenderLayer.h	2012-09-22 03:04:16 UTC (rev 129294)
@@ -938,6 +938,8 @@
 #endif
 
     bool m_containsDirtyOverlayScrollbars : 1;
+    bool m_updatingMarqueePosition : 1;
+
 #if !ASSERT_DISABLED
     bool m_layerListMutationAllowed : 1;
 #endif

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes