Since updating the style or layout can currently execute scripts, we should assert that these functions are only called when it's safe to execute scripts.
<rdar://problem/35144778>
Created attachment 325691 [details] Fixes the bug
Comment on attachment 325691 [details] Fixes the bug Wrong bug
Created attachment 325695 [details] Adds the assertions
Comment on attachment 325695 [details] Adds the assertions Attachment 325695 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/5073448 New failing tests: fast/forms/textarea-set-defaultvalue-after-value.html svg/custom/check-intersection-basic.svg
Created attachment 325699 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Comment on attachment 325695 [details] Adds the assertions View in context: https://bugs.webkit.org/attachment.cgi?id=325695&action=review > Source/WebCore/svg/SVGSVGElement.cpp:344 > +static bool checkIntersectionWithoutUpdatingLayout(RefPtr<SVGElement>&& element, SVGRect& rect) > +{ > + return element && RenderSVGModelObject::checkIntersection(element->renderer(), rect.propertyReference()); > +} > + > +static bool checkEnclosureWithoutUpdatingLayout(RefPtr<SVGElement>&& element, SVGRect& rect) > +{ > + return element && RenderSVGModelObject::checkEnclosure(element->renderer(), rect.propertyReference()); > +} Why rvalue references? These functions don't appear to be moving ownership. (I see existing code in SVGSVGElement::checkIntersection uses them too.)
Created attachment 325794 [details] Fixed builds & tests
Attachment 325794 [details] did not pass style-queue: ERROR: Source/WebCore/dom/ContainerNode.cpp:152: Please replace ASSERT_WITH_SECURITY_IMPLICATION() with RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(). [security/assertion] [5] Total errors found: 1 in 7 files If any of these errors are false positives, please file a bug against check-webkit-style.
Committed r224378: <https://trac.webkit.org/changeset/224378>