Bug 180627

This is in relation to rdar://problem/35953017

Created attachment 328920 [details]
Patch

<rdar://problem/35954069>

Created attachment 328925 [details]
Patch

Comment on attachment 328925 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=328925&action=review

> Source/WebCore/ChangeLog:3
> +        FloatingObjects/FloatingObject classes should not hold references to renderers

A weak reference is still a reference. This should probably be retitled.

> Source/WebCore/rendering/FloatingObjects.h:50
> -    RenderBox& renderer() const { return m_renderer; }
> +    RenderBox* renderer() const { return m_renderer.get(); }

I think you should still be returning a reference as this is semantically still never supposed to return a null. Call sites don't test for a null renderer either. You'll get the same (safe) nullptr dereference crash either way.

(In reply to Antti Koivisto from comment #5)
> Comment on attachment 328925 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=328925&action=review
> 
> > Source/WebCore/ChangeLog:3
> > +        FloatingObjects/FloatingObject classes should not hold references to renderers
> 
> A weak reference is still a reference. This should probably be retitled.
> 
> > Source/WebCore/rendering/FloatingObjects.h:50
> > -    RenderBox& renderer() const { return m_renderer; }
> > +    RenderBox* renderer() const { return m_renderer.get(); }
> 
> I think you should still be returning a reference as this is semantically
> still never supposed to return a null. Call sites don't test for a null
> renderer either. You'll get the same (safe) nullptr dereference crash either
> way.
With this patch, now they all do. However I think it's okay to go back to the original RenderBox& renderer() as long as it's not stability critical. I'll make that patch and leave this here just in case.

Created attachment 328988 [details]
Patch

Comment on attachment 328988 [details]
Patch

Rejecting attachment 328988 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'validate-changelog', '--check-oops', '--non-interactive', 328988, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit

ChangeLog entry in Source/WebCore/ChangeLog contains OOPS!.

Full output: http://webkit-queues.webkit.org/results/5616414

Created attachment 328989 [details]
Patch

Comment on attachment 328989 [details]
Patch

Clearing flags on attachment: 328989

Committed r225748: <https://trac.webkit.org/changeset/225748>

All reviewed patches have been landed.  Closing bug.

Comment on attachment 328989 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=328989&action=review

> Source/WebCore/rendering/FloatingObjects.cpp:128
> +    ComputeFloatOffsetAdapter(RenderBlockFlow& renderer, LayoutUnit lineTop, LayoutUnit lineBottom, LayoutUnit offset)
> +        : m_renderer(makeWeakPtr(renderer))

It would be nice to keep the const. Is the problem that

WeakPtr<const RenderBlockFlow>

doesn't work?

(In reply to Antti Koivisto from comment #12)
> Comment on attachment 328989 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=328989&action=review
> 
> > Source/WebCore/rendering/FloatingObjects.cpp:128
> > +    ComputeFloatOffsetAdapter(RenderBlockFlow& renderer, LayoutUnit lineTop, LayoutUnit lineBottom, LayoutUnit offset)
> > +        : m_renderer(makeWeakPtr(renderer))
> 
> It would be nice to keep the const. Is the problem that
> 
> WeakPtr<const RenderBlockFlow>
> 
> doesn't work?
Yeah.