Bug 10403

Hum... that log has been removed since.  This SVG doesnt' work quite right yet.  still have the null value to debug.

This no longer has trouble finding resources.  However there are a few errors printed to the console:

(event handler):Null value
(event handler):Can't find variable: im
(event handler):Can't find variable: svgdoc
(event handler):Can't find variable: svgdoc

I think this might come from <embed name="sv"> not making the embed available via document.getElementById("sv").  But I'm not sure.

Someone just needs to reduce this.

Even after all these years, it still has bugs, this time it leads to JSC crashes. Needs further investigation.

Backtrace:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.JavaScriptCore      	0x006dd60a JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) + 88 (Interpreter.cpp:678)
1   com.apple.JavaScriptCore      	0x00642a2f JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) + 223 (JSFunction.cpp:121)
2   com.apple.JavaScriptCore      	0x00642b0b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 211 (CallData.cpp:39)
3   com.apple.WebCore             	0x04084b48 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1020
4   com.apple.WebCore             	0x03e45439 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 631
5   com.apple.WebCore             	0x03e059d1 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 215
6   com.apple.WebCore             	0x03e0654d WebCore::DOMWindow::dispatchLoadEvent() + 101
7   com.apple.WebCore             	0x03d2d29b WebCore::Document::dispatchWindowLoadEvent() + 113
8   com.apple.WebCore             	0x03d382fb WebCore::Document::implicitClose() + 957
9   com.apple.WebCore             	0x03e8bc0c WebCore::FrameLoader::checkCallImplicitClose() + 122
10  com.apple.WebCore             	0x03e8ebab WebCore::FrameLoader::checkCompleted() + 199
11  com.apple.WebCore             	0x03e8ed18 WebCore::FrameLoader::completed() + 156
12  com.apple.WebCore             	0x03e8ebc1 WebCore::FrameLoader::checkCompleted() + 221
13  com.apple.WebCore             	0x03e900bd WebCore::FrameLoader::loadDone() + 17
14  com.apple.WebCore             	0x03d218b6 WebCore::DocLoader::setLoadInProgress(bool) + 116
15  com.apple.WebCore             	0x04225ded WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 545
16  com.apple.WebCore             	0x04451260 WebCore::SubresourceLoader::didFinishLoading() + 176
17  com.apple.WebCore             	0x043d4b82 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24
18  com.apple.WebCore             	0x043d13b7 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 215
19  com.apple.Foundation          	0x90d96497 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87
20  com.apple.Foundation          	0x90d96403 _NSURLConnectionDidFinishLoading + 147
21  com.apple.CFNetwork           	0x971e1ba4 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 212
22  com.apple.CFNetwork           	0x971e28fa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 310
23  com.apple.CFNetwork           	0x971e1370 URLConnectionClient::processEvents() + 104
24  com.apple.CFNetwork           	0x9718ed03 MultiplexerSource::perform() + 189
25  com.apple.CoreFoundation      	0x932883c5 CFRunLoopRunSpecific + 3141
26  com.apple.CoreFoundation      	0x93288aa8 CFRunLoopRunInMode + 88
27  com.apple.HIToolbox           	0x967e52ac RunCurrentEventLoopInMode + 283
28  com.apple.HIToolbox           	0x967e50c5 ReceiveNextEventCommon + 374
29  com.apple.HIToolbox           	0x967e4f39 BlockUntilNextEventMatchingListInMode + 106
30  com.apple.AppKit              	0x947316d5 _DPSNextEvent + 657
31  com.apple.AppKit              	0x94730f88 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
32  com.apple.Safari              	0x0000c303 0x1000 + 45827
33  com.apple.AppKit              	0x94729f9f -[NSApplication run] + 795
34  com.apple.AppKit              	0x946f71d8 NSApplicationMain + 574

I don't see JSC crashes anymore in trunk, but still doesn't work. Maybe a filter hacker can have a look?

CC'ing Reni, who might have a clue?

Created attachment 111583 [details]
Test image for testcase

I looked into the ripple.svg document contained in Davids waves testcase, we have a problem with the feDispMap filter, which is causing trouble. I've reduced it to a simpler testcase. You'll need foo.jpg as input.

Created attachment 111584 [details]
Reduced testcase showing filter problem

Created attachment 111590 [details]
ImageBuffer jpg dump of SVGFEImageElement m_targetImage

Fun! I've dumped the ImageBuffer at rx="160" ry="160" that SVGFEImageElement::build() produces.
Obviously the way renderSubtreeToImageBuffer is used here is flawed, more to come.

Created attachment 111600 [details]
Another simpler reduction w/o feDispMap

<rdar://problem/10588362>

I fixed the filter problem locally, though there's still a dynamic invalidation problem, which is tricky:
The embedded document looks like this:
<defs>
<filter id="d" >
	<feImage xlink:href="#r" result="grad" />
	<feDisplacementMap scale="20" id="feDM"
	 xChannelSelector="R" 
	in="SourceGraphic" in2="grad"/>
</filter> </defs>
<ellipse id="r" cx="50%" cy="50%" rx="80%" ry="80%"
style="fill:url(#f)"/>
<image filter='url(#d)' id="M" xlink:href='Manjbah4.jpg'  width="100%" 
height="100%" preserveAspectRatio="none"/>
</svg>

The host documents, add an <radialGradient id="f"><stop offset="..."> to the embedded document, and then changes the stop offsets using a <script>.

That _only_ invalidates the <ellipse> as it uses the fill="url(#f). There's no link between the <ellipse> and the <feImage/> so this filter is never going to be invalidated.

We don't support invalidation of any indirect references like this.
If the <ellipse> would be a child of the <feImage> everything would work...

(In reply to comment #13)
> I fixed the filter problem locally, though there's still a dynamic invalidation problem, which is tricky:
> The embedded document looks like this:
> <defs>
> <filter id="d" >
>     <feImage xlink:href="#r" result="grad" />
>     <feDisplacementMap scale="20" id="feDM"
>      xChannelSelector="R" 
>     in="SourceGraphic" in2="grad"/>
> </filter> </defs>
> <ellipse id="r" cx="50%" cy="50%" rx="80%" ry="80%"
> style="fill:url(#f)"/>
> <image filter='url(#d)' id="M" xlink:href='Manjbah4.jpg'  width="100%" 
> height="100%" preserveAspectRatio="none"/>
> </svg>
> 
> The host documents, add an <radialGradient id="f"><stop offset="..."> to the embedded document, and then changes the stop offsets using a <script>.
> 
> That _only_ invalidates the <ellipse> as it uses the fill="url(#f). There's no link between the <ellipse> and the <feImage/> so this filter is never going to be invalidated.
> 
> We don't support invalidation of any indirect references like this.
> If the <ellipse> would be a child of the <feImage> everything would work...

Technically <use> supports invalidation when a target referenced element changes, no? I wonder if we could adapt some of that mechanism?

(In reply to comment #14)
> Technically <use> supports invalidation when a target referenced element changes, no? I wonder if we could adapt some of that mechanism?
Well it clones the target into its shadow tree, so this is not really comparable.
Consider:
<filter id="foo">
<feImage xlink:href="#somerect"/>
</filter>
<rect id="someRect" fill="url(#gradient")/>
<linearGradient id="gradient"><stop/></linearGradient>
<image filter="url(#foo)"/>

Say I change the linearGradient stop offset using JS. That would invalidate the <linearGradient>, and cause a repaint of the "someRect". And that's where it stops. There's no connectionb etween "someRect" and the <feImage> that references it.

Note: I have already fixed this locally, by introducing a new HashMap<SVGElement*, OwnPtr<HashSet<SVGElement*>> > in SVGDocumentExtensions. SVGFEImageElement registers the hrefElement with itself there. I'll write up more details tomorrow, about to sleep :-)

While I got the test case working locally, I still have to reload a few times before it eventually works, because of bug 15505 - onload sometimes fires too early.
The onload handler of the host document tries to access "document.sv", and the document contains <embed name="sv" src="some.svg">. The unload handler is often fired before the some.svg document is loaded, leading to wrong results.
When chaining onload="prepare()" to onload="setTimeout(prepare, 0)" it seems to work always, but this is only a hack - the document onload event should be delayed until the embed is loaded.

Once bugs 76559 and 76800 landed, I'll post the patch which fixes this test case, except for the onload problem.

(In reply to comment #16)

> Once bugs 76559 and 76800 landed, I'll post the patch which fixes this test case, except for the onload problem.

76559 and 76800 landed, where is the patch? :)

(In reply to comment #17)
> (In reply to comment #16)
> 
> > Once bugs 76559 and 76800 landed, I'll post the patch which fixes this test case, except for the onload problem.
> 
> 76559 and 76800 landed, where is the patch? :)

Will post it as soon as the SVGLoad & repainting issues are resolved.

(In reply to comment #18)
> (In reply to comment #17)
> > (In reply to comment #16)
> > 
> > > Once bugs 76559 and 76800 landed, I'll post the patch which fixes this test case, except for the onload problem.
> > 
> > 76559 and 76800 landed, where is the patch? :)
Waiting at bug 73860.

Davids example now works in webkit trunk >r107067. Sometimes it takes one or two reloads until it starts animating, due to bug 15505 -- the SVG bugs are all resolved.