Bug 229848

Summary: FontFaceSet.has() needs to react to style changes
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: New BugsAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: clopez, darin, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, koivisto, macpherson, menard, sam, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 229850    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Description Myles C. Maxfield 2021-09-02 20:11:50 PDT 
FontFaceSet.has() needs to react to style changes
Comment 1 Myles C. Maxfield 2021-09-02 20:15:09 PDT 
Created attachment 437238 [details]
Patch
Comment 2 EWS Watchlist 2021-09-02 20:16:14 PDT 
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
Comment 3 Myles C. Maxfield 2021-09-02 20:34:54 PDT 
Created attachment 437239 [details]
Patch
Comment 4 Sam Weinig 2021-09-03 09:47:58 PDT 
Comment on attachment 437239 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=437239&action=review

> Source/WebCore/css/FontFaceSet.cpp:110
> +    auto protect = m_backing;

Same as the others, would use

Ref protect = m_backing;

> Source/WebCore/css/FontFaceSet.cpp:113
>      return m_backing->hasFace(face.backing());

Seems like this should use protect to?
Comment 5 Myles C. Maxfield 2021-09-03 13:13:11 PDT 
Created attachment 437305 [details]
Patch
Comment 6 Darin Adler 2021-09-03 16:07:29 PDT 
Comment on attachment 437305 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=437305&action=review

I don’t understand why m_backing is not sufficient protection and why we need a local variable.

> Source/WebCore/css/FontFaceSet.cpp:113
> -    return m_backing->hasFace(face.backing());
> +    Ref protect = m_backing;
> +    if (face.backing().cssConnection())
> +        protect->updateStyleIfNeeded();
> +    return protect->hasFace(face.backing());

I don’t understand why m_backing is not sufficient protection and why we need a local variable. A "protect" idiom should be very rarely needed. Instead the top level callers of functions need to use Ref or RefPtr.

If FontFaceSet *itself* might be dereferenced as a side effect of updating style, then the correct question is who could call this on a FontFaceSet without holding a reference to the FontFaceSet. If the call is from JavaScript, then the JavaScript bindings themselves will be holding a reference to the FontFaceSet, so it would have to be a call from within WebCore.
Comment 7 Myles C. Maxfield 2021-09-03 21:17:40 PDT 
Comment on attachment 437305 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=437305&action=review

>> Source/WebCore/css/FontFaceSet.cpp:113
>> +    return protect->hasFace(face.backing());
> 
> I don’t understand why m_backing is not sufficient protection and why we need a local variable. A "protect" idiom should be very rarely needed. Instead the top level callers of functions need to use Ref or RefPtr.
> 
> If FontFaceSet *itself* might be dereferenced as a side effect of updating style, then the correct question is who could call this on a FontFaceSet without holding a reference to the FontFaceSet. If the call is from JavaScript, then the JavaScript bindings themselves will be holding a reference to the FontFaceSet, so it would have to be a call from within WebCore.

You're right - the only callers of this are from JS. So, JS will maintain a ref to FontFaceSet, and FontFaceSet will maintain a ref to CSSFontFaceSet. So this doesn't need to be protected.
Comment 8 Myles C. Maxfield 2021-09-03 21:20:16 PDT 
Created attachment 437337 [details]
Patch
Comment 9 Myles C. Maxfield 2021-09-03 22:00:10 PDT 
Comment on attachment 437305 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=437305&action=review

>>> Source/WebCore/css/FontFaceSet.cpp:113
>>> +    return protect->hasFace(face.backing());
>> 
>> I don’t understand why m_backing is not sufficient protection and why we need a local variable. A "protect" idiom should be very rarely needed. Instead the top level callers of functions need to use Ref or RefPtr.
>> 
>> If FontFaceSet *itself* might be dereferenced as a side effect of updating style, then the correct question is who could call this on a FontFaceSet without holding a reference to the FontFaceSet. If the call is from JavaScript, then the JavaScript bindings themselves will be holding a reference to the FontFaceSet, so it would have to be a call from within WebCore.
> 
> You're right - the only callers of this are from JS. So, JS will maintain a ref to FontFaceSet, and FontFaceSet will maintain a ref to CSSFontFaceSet. So this doesn't need to be protected.

https://bugs.webkit.org/show_bug.cgi?id=229911
Comment 10 EWS 2021-09-09 02:38:48 PDT 
Committed r282204 (241491@main): <https://commits.webkit.org/241491@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 437337 [details].
Comment 11 Radar WebKit Bug Importer 2021-09-09 02:39:34 PDT 
<rdar://problem/82916442>