162833 – [MultiCol] Render tree should be all clean by the end of FrameView::layout().

Bug 162833 - [MultiCol] Render tree should be all clean by the end of FrameView::layout().

Summary: [MultiCol] Render tree should be all clean by the end of FrameView::layout().

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	zalan

URL:
Keywords:

Depends on:
Blocks:	162834
	Show dependency tree / graph

Reported:	2016-09-30 19:34 PDT by zalan
Modified:	2016-11-15 08:02 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (9.12 KB, patch) 2016-11-14 20:20 PST, zalan	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zalan 2016-09-30 19:34:36 PDT

We fail to clean all the renderers while running the following test:
LayoutTests/imported/blink/fast/multicol/dynamic/multicol-with-abspos-svg-with-foreignobject-with-multicol-crash.html

Comment 1 zalan 2016-10-01 19:13:04 PDT

LayoutTests/fast/inline/quotation-text-changes-dynamically.html

Comment 2 zalan 2016-10-04 11:50:33 PDT

LayoutTests/fast/css/content/quote-crash-when-floating.html

Comment 3 zalan 2016-11-12 19:12:53 PST

(In reply to comment #0)
> We fail to clean all the renderers while running the following test:
> LayoutTests/imported/blink/fast/multicol/dynamic/multicol-with-abspos-svg-
> with-foreignobject-with-multicol-crash.html
Fixed by http://trac.webkit.org/changeset/208661

Comment 4 zalan 2016-11-14 20:20:28 PST

Created attachment 294800 [details]
Patch

Comment 5 Simon Fraser (smfr) 2016-11-14 20:48:01 PST

Comment on attachment 294800 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=294800&action=review

> Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:172
> +    RenderTreeInternalMutationScope reparentingIsOn(view());

Do you really want this scope to last until the end of the function?

Comment 6 Simon Fraser (smfr) 2016-11-14 20:51:03 PST

Comment on attachment 294800 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=294800&action=review

> Source/WebCore/rendering/RenderView.h:206
> +    bool renderTreeIsBeingMutatedInternally() const { return !!m_renderTreeInternalMutationCounter; }

No need for !! (C++ converts non-0 to true for you).

Comment 7 zalan 2016-11-14 20:53:58 PST

Comment on attachment 294800 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=294800&action=review

>> Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp:172
>> +    RenderTreeInternalMutationScope reparentingIsOn(view());
> 
> Do you really want this scope to last until the end of the function?

I do. While spanner removal probably won't impact the RenderQuote use case, it is still part of internal render tree mutation and in the future we might need to bail out in some other functions to avoid (similar) unintended changes.

Comment 8 WebKit Commit Bot 2016-11-15 08:02:48 PST

Comment on attachment 294800 [details]
Patch

Clearing flags on attachment: 294800

Committed r208731: <http://trac.webkit.org/changeset/208731>

Comment 9 WebKit Commit Bot 2016-11-15 08:02:52 PST

All reviewed patches have been landed.  Closing bug.