Bug 178621

Summary:

[FrameView::layout cleanup] Make m_subtreeLayoutRoot weak.

Product:

WebKit

Reporter:

zalan <zalan>

Component:

Layout and Rendering

Assignee:

zalan <zalan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, buildbot, commit-queue, dbates, koivisto, rniwa, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews114 for mac-elcapitan	none
Patch	none
Archive of layout-test-results from ews114 for mac-elcapitan	none
Patch	none
Archive of layout-test-results from ews103 for mac-elcapitan	none
Archive of layout-test-results from ews112 for mac-elcapitan	none
Patch	none
Patch	none
Patch	none
Patch	none

Description zalan 2017-10-21 08:08:41 PDT

ssia.

Comment 1 Radar WebKit Bug Importer 2017-10-21 08:09:06 PDT

<rdar://problem/35110321>

Comment 2 Radar WebKit Bug Importer 2017-10-21 08:14:44 PDT

<rdar://problem/35110347>

Comment 3 zalan 2017-10-21 08:45:16 PDT

Created attachment 324501 [details]
Patch

Comment 4 Build Bot 2017-10-21 14:47:22 PDT

Comment on attachment 324501 [details]
Patch

Attachment 324501 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/4946487

Number of test failures exceeded the failure limit.

Comment 5 Build Bot 2017-10-21 14:47:23 PDT

Created attachment 324505 [details]
Archive of layout-test-results from ews114 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114  Port: mac-elcapitan  Platform: Mac OS X 10.11.6

Comment 6 zalan 2017-10-21 16:08:27 PDT

Created attachment 324507 [details]
Patch

Comment 7 Daniel Bates 2017-10-21 16:38:50 PDT

Comment on attachment 324507 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=324507&action=review

> Source/WebCore/ChangeLog:9
> +        This patch turn m_subtreeLayoutRoot into a optional weak pointer. Optional, because

It seems weird that we need an optional weak ptr. Is it necessary to differentiate between having a null pointer and not having a pointer at all (std::nullopt)?

Comment 8 Build Bot 2017-10-21 17:40:16 PDT

Comment on attachment 324507 [details]
Patch

Attachment 324507 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/4947417

New failing tests:
svg/custom/delete-text-innerText-crash.html
fast/forms/textarea-paste-newline.html
svg/custom/bug79798.html
editing/pasteboard/smart-paste-in-text-control.html
svg/custom/delete-text-crash.html
editing/execCommand/insert-list-xml.xhtml
editing/pasteboard/copy-paste-pre-line-content.html
editing/pasteboard/copy-paste-first-line-in-textarea.html

Comment 9 Build Bot 2017-10-21 17:40:17 PDT

Created attachment 324514 [details]
Archive of layout-test-results from ews114 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114  Port: mac-elcapitan  Platform: Mac OS X 10.11.6

Comment 10 zalan 2017-10-21 18:37:41 PDT

(In reply to Daniel Bates from comment #7)
> Comment on attachment 324507 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=324507&action=review
> 
> > Source/WebCore/ChangeLog:9
> > +        This patch turn m_subtreeLayoutRoot into a optional weak pointer. Optional, because
> 
> It seems weird that we need an optional weak ptr. Is it necessary to
> differentiate between having a null pointer and not having a pointer at all
> (std::nullopt)?
Yes. Not having a pointer at all means we are not planning to run a subtree layout, while having a null pointer means that we are planning to run a subtree layout but due to some tree mutation we have destroyed the renderer that initiated this layout.

Comment 11 Daniel Bates 2017-10-21 20:15:49 PDT

(In reply to zalan from comment #10)
> (In reply to Daniel Bates from comment #7)
> > Comment on attachment 324507 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=324507&action=review
> > 
> > > Source/WebCore/ChangeLog:9
> > > +        This patch turn m_subtreeLayoutRoot into a optional weak pointer. Optional, because
> > 
> > It seems weird that we need an optional weak ptr. Is it necessary to
> > differentiate between having a null pointer and not having a pointer at all
> > (std::nullopt)?
> Yes. Not having a pointer at all means we are not planning to run a subtree
> layout, while having a null pointer means that we are planning to run a
> subtree layout but due to some tree mutation we have destroyed the renderer
> that initiated this layout.

Do we do something different for these cases when FrameView::layout() is called? From briefly looking at the now obsolete attachment #324507 [details] it seems that we always perform a full layout (unless we do not have a RenderView).

Comment 12 zalan 2017-10-21 23:03:12 PDT

(In reply to Build Bot from comment #9)
> Created attachment 324514 [details]
> Archive of layout-test-results from ews114 for mac-elcapitan
> 
> The attached test failures were seen while running run-webkit-tests on the
> mac-debug-ews.
> Bot: ews114  Port: mac-elcapitan  Platform: Mac OS X 10.11.6

These failures actually are not regressions. The patch reveals a bug where we mark the RenderView dirty soon after we schedule a subtree layout.

Comment 13 zalan 2017-10-21 23:09:59 PDT

(In reply to Daniel Bates from comment #11)
> (In reply to zalan from comment #10)
> > (In reply to Daniel Bates from comment #7)
> > > Comment on attachment 324507 [details]
> > > Patch
> > > 
> > > View in context:
> > > https://bugs.webkit.org/attachment.cgi?id=324507&action=review
> > > 
> > > > Source/WebCore/ChangeLog:9
> > > > +        This patch turn m_subtreeLayoutRoot into a optional weak pointer. Optional, because
> > > 
> > > It seems weird that we need an optional weak ptr. Is it necessary to
> > > differentiate between having a null pointer and not having a pointer at all
> > > (std::nullopt)?
> > Yes. Not having a pointer at all means we are not planning to run a subtree
> > layout, while having a null pointer means that we are planning to run a
> > subtree layout but due to some tree mutation we have destroyed the renderer
> > that initiated this layout.
> 
> Do we do something different for these cases when FrameView::layout() is
> called? From briefly looking at the now obsolete attachment #324507 [details]
> [details] it seems that we always perform a full layout (unless we do not
> have a RenderView).
ASSERT on the second case and skip the layout. (clearly missing from this patch)

Comment 14 zalan 2017-10-21 23:36:58 PDT

Created attachment 324518 [details]
Patch

Comment 15 Build Bot 2017-10-21 23:39:24 PDT

Attachment 324518 [details] did not pass style-queue:


ERROR: Source/WebCore/page/FrameView.cpp:1399:  Please replace ASSERT_WITH_SECURITY_IMPLICATION() with RELEASE_ASSERT_WITH_SECURITY_IMPLICATION().  [security/assertion] [5]
Total errors found: 1 in 3 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 16 zalan 2017-10-21 23:39:32 PDT

(In reply to zalan from comment #14)
> Created attachment 324518 [details]
> Patch
This is just for EWSing -needs to be split up into 2 separate patches.

Comment 17 Build Bot 2017-10-22 00:41:47 PDT

Comment on attachment 324518 [details]
Patch

Attachment 324518 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/4949265

New failing tests:
fast/dynamic/remove-invisible-node-inside-selection.html

Comment 18 Build Bot 2017-10-22 00:41:48 PDT

Created attachment 324520 [details]
Archive of layout-test-results from ews103 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103  Port: mac-elcapitan  Platform: Mac OS X 10.11.6

Comment 19 Build Bot 2017-10-22 00:59:36 PDT

Comment on attachment 324518 [details]
Patch

Attachment 324518 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/4949270

New failing tests:
fast/dynamic/remove-invisible-node-inside-selection.html

Comment 20 Build Bot 2017-10-22 00:59:38 PDT

Created attachment 324521 [details]
Archive of layout-test-results from ews112 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews112  Port: mac-elcapitan  Platform: Mac OS X 10.11.6

Comment 21 zalan 2017-10-22 15:04:12 PDT

Created attachment 324533 [details]
Patch

Comment 22 zalan 2017-10-22 20:24:34 PDT

(In reply to zalan from comment #12)
> (In reply to Build Bot from comment #9)
> > Created attachment 324514 [details]
> > Archive of layout-test-results from ews114 for mac-elcapitan
> > 
> > The attached test failures were seen while running run-webkit-tests on the
> > mac-debug-ews.
> > Bot: ews114  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
> 
> These failures actually are not regressions. The patch reveals a bug where
> we mark the RenderView dirty soon after we schedule a subtree layout.
See bug 178651

Comment 23 zalan 2017-10-22 20:42:25 PDT

Created attachment 324540 [details]
Patch

Comment 24 zalan 2017-10-22 21:34:28 PDT

Created attachment 324541 [details]
Patch

Comment 25 zalan 2017-10-23 12:59:03 PDT

Created attachment 324579 [details]
Patch

Comment 26 WebKit Commit Bot 2017-10-23 13:42:54 PDT

Comment on attachment 324579 [details]
Patch

Clearing flags on attachment: 324579

Committed r223853: <https://trac.webkit.org/changeset/223853>

Comment 27 WebKit Commit Bot 2017-10-23 13:42:56 PDT

All reviewed patches have been landed.  Closing bug.