Analysis revealed: `CanvasRenderingContext2DBase::didDraw` (https://searchfox.org/wubkat/rev/b602c49c2b9f3a896acd327d0f0a13afb2e3c7db/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp#2313) is called in both cases: when the text is visible and when it's invisible. In both cases it calls `canvasBase().didDraw` (https://searchfox.org/wubkat/rev/b602c49c2b9f3a896acd327d0f0a13afb2e3c7db/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp#2364).

When the text is invisible, it becomes visible after hiding and showing the browser window (e.g. via twice alt-tab).

When opening the file in the MiniBrowser, the issue seems more likely to reproduce when the cursor is besides the browser window.

`HTMLCanvasElement::setImageBufferAndMarkDirty` (https://searchfox.org/wubkat/rev/b602c49c2b9f3a896acd327d0f0a13afb2e3c7db/Source/WebCore/html/HTMLCanvasElement.cpp#900) is also called when the text is invisible.

Moving the mouse above the content window does not call `HTMLCanvasElement::setImageBufferAndMarkDirty` again, but the text becomes visible.

`WebPage::finalizeRenderingUpdate` (https://searchfox.org/wubkat/rev/b602c49c2b9f3a896acd327d0f0a13afb2e3c7db/Source/WebKit/WebProcess/WebPage/WebPage.cpp#5147) is called when the text is invisible and when its visible.

When the text is invisible `LayerTreeHost::commitSceneState` (https://searchfox.org/wubkat/rev/b2323ec6eaf613835bbaf8964d6e6d53b5310653/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp#527) is only called before `HTMLCanvasElement::setImageBufferAndMarkDirty` is called. When the text becomes visible, `LayerTreeHost::commitSceneState` is called again.

`CanvasBase::notifyObserversCanvasChanged` (https://searchfox.org/wubkat/rev/b2323ec6eaf613835bbaf8964d6e6d53b5310653/Source/WebCore/html/CanvasBase.cpp#157) is called from `HTMLCanvasElement::setImageBufferAndMarkDirty`.

`CanvasBase::addCanvasNeedingPreparationForDisplayOrFlush` (https://searchfox.org/wubkat/rev/b2323ec6eaf613835bbaf8964d6e6d53b5310653/Source/WebCore/html/CanvasBase.cpp#340) calls `Document::addCanvasNeedingPreparationForDisplayOrFlush` (https://searchfox.org/wubkat/rev/b2323ec6eaf613835bbaf8964d6e6d53b5310653/Source/WebCore/dom/Document.cpp#10998). The latter does not call `scheduleRenderingUpdate(RenderingUpdateStep::PrepareCanvasesForDisplayOrFlush);`.

This seems to be fixable by forcing `Document::addCanvasNeedingPreparationForDisplayOrFlush` to call `scheduleRenderingUpdate(RenderingUpdateStep::PrepareCanvasesForDisplayOrFlush);`.

`OffscreenCanvas::didDraw` (https://searchfox.org/wubkat/rev/7341f7ddb8eee79cc9ccd2e9c6dbfe92998f83f7/Source/WebCore/html/OffscreenCanvas.cpp#350) schedules committing to the placeholder canvas and calls `CanvasBase::didDraw` (https://searchfox.org/wubkat/rev/7341f7ddb8eee79cc9ccd2e9c6dbfe92998f83f7/Source/WebCore/html/CanvasBase.cpp#163) Removing the latter call and overriding `CanvasRenderingContext::needsPreparationForDisplay` (https://searchfox.org/wubkat/rev/7341f7ddb8eee79cc9ccd2e9c6dbfe92998f83f7/Source/WebCore/html/canvas/CanvasRenderingContext.h#112) for `PlaceholderRenderingContext` (https://searchfox.org/wubkat/rev/7341f7ddb8eee79cc9ccd2e9c6dbfe92998f83f7/Source/WebCore/html/canvas/PlaceholderRenderingContext.h#61) with additional adaptations might work.

Pull request: https://github.com/WebKit/WebKit/pull/42688

<rdar://problem/147925254>

`fillText` after loading a FontFace and after `transferControllToOffscreen()` failed reliably: https://github.com/WebKit/WebKit/pull/42688/files#diff-569aa52dd7b76b7c6aa31cc120f8ec75356e60777ab397ea10aca371cde4b597.

canvas.2d.fillText-FontFace.html (https://github.com/WebKit/WebKit/pull/42688/files#diff-569aa52dd7b76b7c6aa31cc120f8ec75356e60777ab397ea10aca371cde4b597) calls the following functions in the following order: 1. `Document::addCanvasNeedingPreparationForDisplayOrFlush` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/dom/Document.cpp#11102) - 1.1 with `OffscreenCanvasRenderingContext2D` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/canvas/OffscreenCanvasRenderingContext2D.h#36) - 1.2 with `PlaceholderRenderingContext` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/canvas/PlaceholderRenderingContext.h#61) 2. `Page::doAfterUpdateRendering` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/page/Page.cpp#2248)

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c15: 3. `Document::prepareCanvasesForDisplayOrFlushIfNeeded` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/dom/Document.cpp#11079). That's the first call of that method happening after `OffscreenCanvasRenderingContext2D::fillText` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/canvas/OffscreenCanvasRenderingContext2D.cpp#166).

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c16: `RenderHTMLCanvas::paintReplaced` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/rendering/RenderHTMLCanvas.cpp#84) is called after 2. and before 3. More specifically, it calls `context.setContentfulPaintDetected()` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/rendering/RenderHTMLCanvas.cpp#84).

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c17: `Document::enqueuePaintTimingEntryIfNeeded` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/dom/Document.cpp#4230) is called after `RenderHTMLCanvas::paintReplaced` and qualifies for a contentful paint, that is, https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/dom/Document.cpp#4251 is executed.

`CanvasBase::buffer()` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/CanvasBase.cpp#83) which returns the image buffer, is not called after `HTMLCanvasElement::setImageBufferAndMarkDirty` was called.

Addition to https://bugs.webkit.org/show_bug.cgi?id=290042#c19: that's also the case for https://github.com/WebKit/WebKit/pull/42688/files#diff-f88c8669952a100812c97188be603ef16be45e362b79e27d146b5cf1a2b80688 when the changes to the canvas are visible.

Working hypothesis: something goes wrong in `CanvasRenderingContext2DBase::drawTextUnchecked` (https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp#2812): more specifically at https://searchfox.org/wubkat/rev/95b8a67e3715e5f442cadaf3532e007c8c7d2603/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp#2916-2926.

Continuing checking the working hypothesis of https://bugs.webkit.org/show_bug.cgi?id=290042#c21: when the text is invisible, there's the following call-sequence: `CanvasRenderingContext2DBase::drawTextUnchecked` (https://searchfox.org/wubkat/rev/77741e95522d501f4c337a6aa525583001c29456/Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp#2853) `GraphicsContext::drawBidiText` `FontCascade::drawText` `FontCascade::drawGlyphBuffer` `GraphicsContext::drawGlyphs` `GraphicsContextSkia::drawSkiaText` `SkCanvas::drawTextBlob` (https://searchfox.org/wubkat/rev/77741e95522d501f4c337a6aa525583001c29456/Source/ThirdParty/skia/include/core/SkCanvas.h#19960

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c22: the `SkGlyphID` and `SkScalar` set in `FontCascade::drawGlyphs` (https://searchfox.org/wubkat/rev/77741e95522d501f4c337a6aa525583001c29456/Source/WebCore/platform/graphics/skia/FontCascadeSkia.cpp#80,87) contain the same values (55 and 0) when the text is visible and when it's invisible.

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c23: `StyleCanvasImage::canvasChanged` (https://searchfox.org/wubkat/rev/77741e95522d501f4c337a6aa525583001c29456/Source/WebCore/rendering/style/StyleCanvasImage.cpp#113) is not called.

Returning to `canvas.2d.fillText.html`: with the mouse arrow next to the browser window, the call sequence is the same as in https://bugs.webkit.org/show_bug.cgi?id=290042#c22. After moving the mouse arrow over the content window and clicking, the text becomes visible, without `GraphicsContext::drawBidiText` being invoked again.

Returning to `canvas.2d.fillText-FontFace.html`: `HTMLCanvasElement::paint`(https://searchfox.org/wubkat/rev/d767e232791f782fdcd8f0d72fd04c836716246f/Source/WebCore/html/HTMLCanvasElement.cpp#639) is only called before `OffscreenCanvasRenderingContext2D::fillText` is called.

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c26: Removing the size comparison in `HTMLCanvasElement::setImageBufferAndMarkDirty` (https://searchfox.org/wubkat/rev/d767e232791f782fdcd8f0d72fd04c836716246f/Source/WebCore/html/HTMLCanvasElement.cpp#905) still lets `canvas.2d.fillText-FontFace.html` fail.

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c27: forcing a repaint in `HTMLCanvasElement::setImageBufferAndMarkDirty` (https://searchfox.org/wubkat/rev/d767e232791f782fdcd8f0d72fd04c836716246f/Source/WebCore/html/HTMLCanvasElement.cpp#620) via `canvasRenderer->repaint(RenderHTMLCanvas::ForceRepaint::Yes);` still lets the test fail.

Do we know if this bug affects Apple platforms, or just Skia-based ones?

(In reply to Simon Fraser (smfr) from comment #29) > Do we know if this bug affects Apple platforms, or just Skia-based ones? It affects Apple platforms too. See e.g. https://ews-build.s3-us-west-2.amazonaws.com/macOS-Sonoma-Release-WK2-Tests-EWS/995fd46a-6647-stress-mode/results.html.

`ContentfulPaintChecker::qualifiesForContentfulPaint` uses a `NullGraphicsContext`: https://searchfox.org/wubkat/rev/cfa4aa1a28ba4bf125f016ca98668f3bee093d28/Source/WebCore/rendering/ContentfulPaintChecker.cpp#42.

For `canvas.2d.fillText-FontFace.html`: `PlaceholderRenderingContextSource::setPlaceholderBuffer` has no `m_delegate`: https://searchfox.org/wubkat/rev/cfa4aa1a28ba4bf125f016ca98668f3bee093d28/Source/WebCore/html/canvas/PlaceholderRenderingContext.cpp#54.

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c32: The virtual method `CanvasRenderingContext::setContentsToLayer` is only called from `RenderLayerBacking::updateConfiguration`: https://searchfox.org/wubkat/query/default?q=calls-to%3A%27WebCore%3A%3ACanvasRenderingContext%3A%3AsetContentsToLayer%27+depth%3A3.

Working hypothesis: the code needs to be changed so that `RenderLayerCompositor::updateCompositingLayers` (https://searchfox.org/wubkat/rev/cfa4aa1a28ba4bf125f016ca98668f3bee093d28/Source/WebCore/rendering/RenderLayerCompositor.cpp#1032) is called after `OffscreenCanvasRenderingContext2D::fillText` (https://searchfox.org/wubkat/rev/cfa4aa1a28ba4bf125f016ca98668f3bee093d28/Source/WebCore/html/canvas/OffscreenCanvasRenderingContext2D.cpp#166) and before `PlaceholderRenderingContextSource::setPlaceholderBuffer` (https://searchfox.org/wubkat/rev/cfa4aa1a28ba4bf125f016ca98668f3bee093d28/Source/WebCore/html/canvas/PlaceholderRenderingContext.cpp#50).

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c34: the `RenderLayer` (https://searchfox.org/wubkat/rev/3fce852ff4e4172ed7e8b19f7f06f0e44b95f962/Source/WebCore/rendering/RenderLayer.cpp#313) for `RenderHTMLCanvas` is constructed after `CanvasRenderingContext2DBase::didDraw` and before `OffscreenCanvas::commitToPlaceholderCanvas`.

(In reply to Mirko Brodesser from comment #35) > Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c34: > > the `RenderLayer` > (https://searchfox.org/wubkat/rev/3fce852ff4e4172ed7e8b19f7f06f0e44b95f962/ > Source/WebCore/rendering/RenderLayer.cpp#313) > for `RenderHTMLCanvas` is constructed after > `CanvasRenderingContext2DBase::didDraw` > and before `OffscreenCanvas::commitToPlaceholderCanvas`. Correction: at least sometimes, the `RenderLayer` is constructed after `OffscreenCanvas::commitToPlaceholderCanvas`.

What I would expect to happen: `setImageBufferAndMarkDirty` calls `CanvasBase::didDraw`, which would then call `contentChanged(ContentChangeType::CanvasPixels);` (for an HTML canvas using a placeholder rendering context). That should call through to `RenderLayerBacking::contentChanged` and then into `GraphicsLayer::setContentsNeedDisplay`. The `GraphicsLayer` should then call `notifyFlushRequired` on its client (which is `RenderLayerBacking` again). That should result in `Page::scheduleRenderingUpdate(RenderingUpdateStep::LayerFlush)` being called, which triggers the actual rendering update to happen (including `updateCompositingLayers`). That seems like it'd have the same effect as your current PR (which is returning true for `hasDeferredOperations()`, but I believe works because it results in a call to `Page::scheduleRenderingUpdate(RenderingUpdateStep::PrepareCanvasesForDisplayOrFlush)`). Is part of that not working?

(In reply to Matt Woodrow from comment #37) > What I would expect to happen: > > `setImageBufferAndMarkDirty` calls `CanvasBase::didDraw`, which would then > call `contentChanged(ContentChangeType::CanvasPixels);` (for an HTML canvas > using a placeholder rendering context). > > That should call through to `RenderLayerBacking::contentChanged` and then > into `GraphicsLayer::setContentsNeedDisplay`. > > The `GraphicsLayer` should then call `notifyFlushRequired` on its client > (which is `RenderLayerBacking` again). That should result in > `Page::scheduleRenderingUpdate(RenderingUpdateStep::LayerFlush)` being > called, which triggers the actual rendering update to happen (including > `updateCompositingLayers`). > > That seems like it'd have the same effect as your current PR (which is > returning true for `hasDeferredOperations()`, but I believe works because it > results in a call to > `Page::scheduleRenderingUpdate(RenderingUpdateStep:: > PrepareCanvasesForDisplayOrFlush)`). > > Is part of that not working? Thanks for sharing the thoughts. Until `GraphicsLayer::setContentsNeedsDisplay` (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/Source/WebCore/platform/graphics/GraphicsLayer.h#506) it's working. The overload of that method is invoked: `GraphicsLayerCoordinated::setContentsNeedsDisplay` (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#330). Its `m_contentsDisplayDelegate` (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#332) is null.

`m_contentsDisplayDelegate` is set in `GraphicsLayerCoordinated::setContentsDisplayDelegate` (https://searchfox.org/wubkat/rev/cdeb683588e6b419a58d9735e7d98fc52dc2a094/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#355,360) after `GraphicsLayerCoordinated::setContentsNeedsDisplay` is called.

`GraphicsLayerCoordinated::setContentsNeedsDisplay` has the following call stack: ``` Thread 1 "WebKitWebProces" hit Breakpoint 1, WebCore::GraphicsLayerCoordinated::setContentsDisplayDelegate (this=0x76236e0aa800, delegate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp:362 362 { (gdb) bt #0 WebCore::GraphicsLayerCoordinated::setContentsDisplayDelegate (this=0x76236e0aa800, delegate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp:362 #1 0x00007624101be7e7 in WebCore::GraphicsLayerAsyncContentsDisplayDelegateCoordinated::GraphicsLayerAsyncContentsDisplayDelegateCoordinated (this=0x7623de2c3d00, layer=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerAsyncContentsDisplayDelegateCoordinated.cpp:47 #2 0x00007624101c0656 in WebCore::GraphicsLayerAsyncContentsDisplayDelegateCoordinated::create (layer=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerAsyncContentsDisplayDelegateCoordinated.h:39 #3 0x00007624101c234b in WebCore::GraphicsLayerCoordinated::createAsyncContentsDisplayDelegate (this=0x76236e0aa800, existing=0x0) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp:388 #4 0x00007624144ddf38 in WebCore::PlaceholderRenderingContextSource::setContentsToLayer (this=0x7623de1734b0, layer=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/html/canvas/PlaceholderRenderingContext.cpp:80 #5 0x00007624144de16d in WebCore::PlaceholderRenderingContext::setContentsToLayer (this=0x76234e009700, layer=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/html/canvas/PlaceholderRenderingContext.cpp:109 #6 0x0000762415b9460b in WebCore::RenderLayerBacking::updateConfiguration (this=0x7623de102060, compositingAncestor=0x76234e000e30) at /host/home/mirko/work/code/WebKit/Source/WebCore/rendering/RenderLayerBacking.cpp:1305 #7 0x0000762415bb0459 in WebCore::RenderLayerCompositor::updateBackingAndHierarchy (this=0x7623de165290, layer=..., childLayersOfEnclosingLayer=..., traversalState=..., scrollingTreeState=..., updateLevel=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:1722 #8 0x0000762415bb0976 in WebCore::RenderLayerCompositor::updateBackingAndHierarchy (this=0x7623de165290, layer=..., childLayersOfEnclosingLayer=..., traversalState=..., scrollingTreeState=..., updateLevel=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:1795 #9 0x0000762415bb0a23 in WebCore::RenderLayerCompositor::updateBackingAndHierarchy (this=0x7623de165290, layer=..., childLayersOfEnclosingLayer=..., traversalState=..., scrollingTreeState=..., updateLevel=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:1798 #10 0x0000762415bac5e5 in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7623de165290, updateType=WebCore::CompositingUpdateType::AfterLayout, updateRoot=0x76234e000e30) at /host/home/mirko/work/code/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:1152 #11 0x0000762414d74b73 in WebCore::LocalFrameViewLayoutContext::updateCompositingLayersAfterLayout (this=0x76234e006c70) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:398 #12 0x0000762414d74baf in WebCore::LocalFrameViewLayoutContext::updateCompositingLayersAfterLayoutIfNeeded (this=0x76234e006c70) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:405 #13 0x0000762413ce3a0e in WebCore::Document::updateLayout (this=0x76236e101200, layoutOptions=..., context=0x0) at /host/home/mirko/work/code/WebKit/Source/WebCore/dom/Document.cpp:3062 #14 0x0000762414d6b498 in WebCore::LocalFrameView::updateLayoutAndStyleIfNeededRecursive (this=0x76234e006b10, layoutOptions=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/LocalFrameView.cpp:5290 #15 0x0000762414ddafa5 in WebCore::Page::layoutIfNeeded (this=0x7623de0f8100, layoutOptions=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/Page.cpp:2015 #16 0x0000762414fdacdf in WebCore::ThreadedScrollingCoordinator::willStartRenderingUpdate (this=0x7623de012200) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/scrolling/ThreadedScrollingCoordinator.cpp:120 #17 0x0000762414ddbfb0 in WebCore::Page::updateRendering (this=0x7623de0f8100) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/Page.cpp:2126 #18 0x000076240fd450a4 in WebKit::WebPage::updateRendering (this=0x7623de008d80) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebPage/WebPage.cpp:5026 #19 0x000076240fdef734 in WebKit::LayerTreeHost::flushLayers (this=0x7623de0b05d0) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:184 #20 0x000076240fdefb9b in WebKit::LayerTreeHost::layerFlushTimerFired (this=0x7623de0b05d0) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:255 #21 0x000076240fdf76b5 in WTF::RunLoop::Timer::Timer<WebKit::LayerTreeHost>(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WebKit::Laye--Type <RET> for more, q to quit, c to continue without paging-- rTreeHost*, void (WebKit::LayerTreeHost::*)())::{lambda()#1}::operator()() const (__closure=0x7623de113448) at /host/home/mirko/work/code/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/RunLoop.h:199 ```

Correction of https://bugs.webkit.org/show_bug.cgi?id=290042#c40: that comment shows the call stack of `GraphicsLayerCoordinated::setContentsDisplayDelegate`.

Analyzing the call stack of https://bugs.webkit.org/show_bug.cgi?id=290042#c40: `LayerTreeHost::layerFlushTimerFired` (https://searchfox.org/wubkat/rev/d17a7c5952dbe4c9affb61ad7249c4cd6d1deb61/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp#234) is bound to the `RunLoop::Timer` of `LayerTreeHost::m_layerFlushTimer` (https://searchfox.org/wubkat/rev/d17a7c5952dbe4c9affb61ad7249c4cd6d1deb61/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp#77). That timer is only started in `LayerTreeHost::scheduleLayerFlush` (https://searchfox.org/wubkat/rev/d17a7c5952dbe4c9affb61ad7249c4cd6d1deb61/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp#150,166).

`LayerTreeHost::scheduleLayerFlush` is called after `OffscreenCanvasRenderingContext2D::fillText` and before `OffscreenCanvas::commitToPlaceholderCanvas` with the following call stack: ``` #0 WebKit::LayerTreeHost::scheduleLayerFlush (this=0x7f39ed0a85d0) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:153 #1 0x00007f3a1edec87e in WebKit::DrawingAreaCoordinatedGraphics::triggerRenderingUpdate (this=0x7f39ed0f0110) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:322 #2 0x00007f3a1ebca664 in WebKit::WebChromeClient::triggerRenderingUpdate (this=0x7f39ed0e7900) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:1147 #3 0x00007f3a23eac06c in WebCore::RenderingUpdateScheduler::triggerRenderingUpdate (this=0x7f39ed19cd00) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/RenderingUpdateScheduler.cpp:146 #4 0x00007f3a23eabff0 in WebCore::RenderingUpdateScheduler::displayRefreshFired (this=0x7f39ed19cd00) at /host/home/mirko/work/code/WebKit/Source/WebCore/page/RenderingUpdateScheduler.cpp:136 #5 0x00007f3a242ad228 in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded (this=0x7f39ed19cd00, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/DisplayRefreshMonitorClient.cpp:62 #6 0x00007f3a242acfec in WebCore::DisplayRefreshMonitor::displayDidRefresh (this=0x7f39ed00ed60, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/DisplayRefreshMonitor.cpp:205 #7 0x00007f3a242acdb4 in WebCore::DisplayRefreshMonitor::dispatchDisplayDidRefresh (this=0x7f39ed00ed60, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/DisplayRefreshMonitor.cpp:185 #8 0x00007f3a242acd03 in WebCore::DisplayRefreshMonitor::displayLinkFired (this=0x7f39ed00ed60, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/DisplayRefreshMonitor.cpp:179 #9 0x00007f3a242bf371 in WebCore::DisplayRefreshMonitorManager::displayDidRefresh (this=0x7f3a270cd0b0 <WebCore::DisplayRefreshMonitorManager::sharedManager()::manager>, displayID=1, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebCore/platform/graphics/DisplayRefreshMonitorManager.cpp:115 #10 0x00007f3a1e5c364d in WebKit::WebProcess::displayDidRefresh (this=0x7f39ed038100, displayID=1, displayUpdate=...) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/WebProcess.cpp:2300 #11 0x00007f3a1cd5fb09 in IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}::operator()<unsigned int, WebCore::DisplayUpdate>(unsigned int&&, WebCore::DisplayUpdate&&) const (__closure=0x7fff6c108e10) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:135 #12 0x00007f3a1cd6fa0c in std::__invoke_impl<void, IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}, unsigned int, WebCore::DisplayUpdate>(std::__invoke_other, IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}&&, unsigned int&&, WebCore::DisplayUpdate&&) (__f=...) at /usr/include/c++/13/bits/invoke.h:61 #13 0x00007f3a1cd67c6a in std::__invoke<IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}, unsigned int, WebCore::DisplayUpdate>(IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}&&, unsigned int&&, WebCore::DisplayUpdate&&) (__fn=...) at /usr/include/c++/13/bits/invoke.h:96 #14 0x00007f3a1cd5fb74 in std::__apply_impl<IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}, std::tuple<unsigned int, WebCore::DisplayUpdate>, 0ul, 1ul>(IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}&&, std::tuple<unsigned int, WebCore::DisplayUpdate>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (__f=..., __t=...) at /usr/include/c++/13/tuple:2302 #15 0x00007f3a1cd5fbb9 in std::apply<IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::Dis--Type <RET> for more, q to quit, c to continue without paging-- playUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}, std::tuple<unsigned int, WebCore::DisplayUpdate> >(IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&)::{lambda((auto:1&&)...)#1}&&, std::tuple<unsigned int, WebCore::DisplayUpdate>&&) (__f=..., __t=...) at /usr/include/c++/13/tuple:2313 #16 0x00007f3a1cd5fc22 in IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate> >(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&), std::tuple<unsigned int, WebCore::DisplayUpdate>&&) (object=0x7f39ed038100, function=(void (WebKit::WebProcess::*)(WebKit::WebProcess * const, unsigned int, const WebCore::DisplayUpdate &)) 0x7f3a1e5c3564 <WebKit::WebProcess::displayDidRefresh(unsigned int, WebCore::DisplayUpdate const&)>, tuple=...) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:132 #17 0x00007f3a1cd578d6 in IPC::handleMessage<Messages::WebProcess::DisplayDidRefresh, IPC::Connection, WebKit::WebProcess, WebKit::WebProcess, void (unsigned int, WebCore::DisplayUpdate const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned int, WebCore::DisplayUpdate const&)) (connection=..., decoder=..., object=0x7f39ed038100, function=(void (WebKit::WebProcess::*)(WebKit::WebProcess * const, unsigned int, const WebCore::DisplayUpdate &)) 0x7f3a1e5c3564 <WebKit::WebProcess::displayDidRefresh(unsigned int, WebCore::DisplayUpdate const&)>) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:337 #18 0x00007f3a1cd51164 in WebKit::WebProcess::didReceiveMessage (this=0x7f39ed038100, connection=..., decoder=...) at /host/home/mirko/work/code/WebKit/WebKitBuild/GTK/Debug/DerivedSources/WebKit/WebProcessMessageReceiver.cpp:352 #19 0x00007f3a1dcde04b in IPC::Connection::dispatchMessage (this=0x7f39ed060210, decoder=...) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1395 #20 0x00007f3a1dcde2bc in IPC::Connection::dispatchMessage (this=0x7f39ed060210, message=...) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1445 #21 0x00007f3a1dcde94b in IPC::Connection::dispatchOneIncomingMessage (this=0x7f39ed060210) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1524 #22 0x00007f3a1dcddcc0 in operator() (__closure=0x7f39ed064268) at /host/home/mirko/work/code/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1357 #23 0x00007f3a1dd0c9f2 in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::<lambda()>, void>::call(void) (this=0x7f39ed064260) at /host/home/mirko/work/code/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/Function.h:53 #24 0x00007f3a0d03403b in WTF::Function<void ()>::operator()() const (this=0x7fff6c109610) at /host/home/mirko/work/code/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/Function.h:82 #25 0x00007f3a0eafcdef in WTF::RunLoop::performWork (this=0x7f39ed01c180) at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/RunLoop.cpp:147 #26 0x00007f3a0ecb48c2 in operator() (__closure=0x0, userData=0x7f39ed01c180) at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #27 0x00007f3a0ecb48ea in _FUN () at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #28 0x00007f3a0ecb4811 in operator() (__closure=0x0, source=0x6553d84c88d0, callback=0x7f3a0ecb48c9 <_FUN(gpointer)>, userData=0x7f39ed01c180) at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #29 0x00007f3a0ecb4863 in _FUN () at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #30 0x00007f3a05f2148e in g_main_dispatch (context=0x6553d83fcea0) at ../../../glib/gmain.c:3344 #31 0x00007f3a05f80717 in g_main_context_dispatch_unlocked (context=0x6553d83fcea0) at ../../../glib/gmain.c:4152 #32 g_main_context_iterate_unlocked.isra.0 (context=0x6553d83fcea0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4217 #33 0x00007f3a05f21f77 in g_main_loop_run (loop=0x6553d84d2d10) at ../../../glib/gmain.c:4419 #34 0x00007f3a0ecb4f5a in WTF::RunLoop::run () at /host/home/mirko/work/code/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #35 0x00007f3a1ee3391a in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7fff6c1098d0, argc=4, argv=0x7fff6c109a98) at /host/home/mirko/work/code/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:77 #36 0x00007f3a1ee33183 in WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=4, argv=0x7fff6c109a98) at /host/home/mirko/work/code/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:103 #37 0x00007f3a1ee32b63 in WebKit::WebProcessMain (argc=4, argv=0x7fff6c109a98) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:114 #38 0x00006553b1ea37fd in main (argc=4, argv=0x7fff6c109a98) at /host/home/mirko/work/code/WebKit/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:31 ```

Extending https://bugs.webkit.org/show_bug.cgi?id=290042#c43: After `OffscreenCanvasRenderingContext2D::fillText`, `LayerTreeHost::scheduleLayerFlush` is sometimes first called after `GraphicsLayerCoordinated::setContentsNeedsDisplay`.

(In reply to Mirko Brodesser from comment #38) > (In reply to Matt Woodrow from comment #37) > > What I would expect to happen: > > > > `setImageBufferAndMarkDirty` calls `CanvasBase::didDraw`, which would then > > call `contentChanged(ContentChangeType::CanvasPixels);` (for an HTML canvas > > using a placeholder rendering context). > > > > That should call through to `RenderLayerBacking::contentChanged` and then > > into `GraphicsLayer::setContentsNeedDisplay`. > > > > The `GraphicsLayer` should then call `notifyFlushRequired` on its client > > (which is `RenderLayerBacking` again). That should result in > > `Page::scheduleRenderingUpdate(RenderingUpdateStep::LayerFlush)` being > > called, which triggers the actual rendering update to happen (including > > `updateCompositingLayers`). > > > > That seems like it'd have the same effect as your current PR (which is > > returning true for `hasDeferredOperations()`, but I believe works because it > > results in a call to > > `Page::scheduleRenderingUpdate(RenderingUpdateStep:: > > PrepareCanvasesForDisplayOrFlush)`). > > > > Is part of that not working? > > Thanks for sharing the thoughts. > > Until `GraphicsLayer::setContentsNeedsDisplay` > (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/ > Source/WebCore/platform/graphics/GraphicsLayer.h#506) it's working. > The overload of that method is invoked: > `GraphicsLayerCoordinated::setContentsNeedsDisplay` > (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/ > Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated. > cpp#330). > Its `m_contentsDisplayDelegate` > (https://searchfox.org/wubkat/rev/91adeac8b28caf815007f457c1eb67b531854aae/ > Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated. > cpp#332) is null. When `m_contentsDisplayDelegate` is set in `GraphicsLayerCoordinated::setContentsDisplayDelegate` it calls `GraphicsLayerCoordinated::noteLayerPropertyChanged` with at least `Change::ContentsBufferNeedsDisplay` (https://searchfox.org/wubkat/rev/d17a7c5952dbe4c9affb61ad7249c4cd6d1deb61/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#355,360,363,368,370). `GraphicsLayerCoordinated::setContentsNeedsDisplay` called `noteLayerPropertyChanged` with `Change::ContentsBufferNeedsDisplay`.

That much seems correct to me. If the `setImageBufferAndMarkDirty` call happens before the first rendering update, there won't be a delegate, but there should already be a scheduled rendering update which will install the delegate and mark the layer as needing display. If the call happens after, then we should just mark as needing display, and schedule a second rendering update for that to become visible.

(In reply to Matt Woodrow from comment #46) > That much seems correct to me. When `GraphicsLayerCoordinated::setContentsNeedsDisplay` is called before `GraphicsLayerCoordinated::setContentsDisplayDelegate`, some calls to `GraphicsLayerCoordinated::commitLayerChanges` (https://searchfox.org/wubkat/rev/6696af1b6d5aeff18a62101163a33395dc0c08ea/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#971) follow. The last of those calls clears `m_pendingChanges` and adds `Change::ContentsBufferNeedsDisplay` to it (https://searchfox.org/wubkat/rev/6696af1b6d5aeff18a62101163a33395dc0c08ea/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#1096-1097).

Continuing https://bugs.webkit.org/show_bug.cgi?id=290042#c47: after `child.recursiveCommitChanges` in `GraphicsLayerCoordinated::recursiveCommitChanges` (https://searchfox.org/wubkat/rev/6696af1b6d5aeff18a62101163a33395dc0c08ea/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#1158) it may have pending changes. That is, adding the assertion `ASSERT(child.m_pendingChanges.isEmpty());` after `child.recursiveCommitChanges` results in a violation of the assertion.

The patch which introduced adding an element to `m_pendingChanges` at the end of `GraphicsLayerCoordinated::commitLayerChanges` (https://searchfox.org/wubkat/rev/87ffa9eb985d4367ea42c6c953d37b077404a7eb/Source/WebCore/platform/graphics/texmap/coordinated/GraphicsLayerCoordinated.cpp#1096-1097) was introduced in https://commits.webkit.org/289418@main. I've tested this this issue with `canvas.2d.fillText-FontFace.html` with the commit before the above mentioned one. It already occurred with it. That is, it's not a regression of https://commits.webkit.org/289418@main.

Committed 295259@main (153da00a2526): <https://commits.webkit.org/295259@main> Reviewed commits have been landed. Closing PR #42688 and removing active labels.

Reopening this because I reverted the fix since a thread-safety assertion was triggered.

Pull request: https://github.com/WebKit/WebKit/pull/47048

Pull request: https://github.com/WebKit/WebKit/pull/47233

Committed 296714@main (323a59370e03): <https://commits.webkit.org/296714@main> Reviewed commits have been landed. Closing PR #47233 and removing active labels.