45855 – Plugin added dynamically to the DOM fails to paint after initial creation

RESOLVED FIXED 45855

Plugin added dynamically to the DOM fails to paint after initial creation

https://bugs.webkit.org/show_bug.cgi?id=45855

Summary Plugin added dynamically to the DOM fails to paint after initial creation

Ananta Iyengar

Reported 2010-09-15 17:38:56 PDT

Created attachment 67747 [details] Test case. This bug was originally logged in Chromium against Flash. http://code.google.com/p/chromium/issues/detail?id=55370 In this case it is a windowed plugin which does not display in Chrome. It displays in Safari as the windowed plugin becomes visible when Widget::show is called. Chromium relies on a subsequent paint to make the plugin window visible. However Safari would have the same bug if the plugin is a windowless plugin. Based on our debugging it appears to be a bug in Webkit. If an object tag is added dynamically to the DOM it does not paint. Based on a discussion with james robinson it seems that RenderWidget::setWidget should mark the widget as needs painting. A simple test case is attached. The callstack in the debugger when the plugin element is added is as below. ChildEBP RetAddr 0012eabc 03286295 chrome_1c30000!webkit_glue::WebPluginImpl::updateGeometry+0x191 [z:\code\trunk\src\webkit\glue\plugins\webplugin_impl.cc @ 281] 0012eb5c 03285df4 chrome_1c30000!WebKit::WebPluginContainerImpl::reportGeometry+0xd5 [z:\code\trunk\src\third_party\webkit\webkit\chromium\src\webplugincontainerimpl.cpp @ 286] 0012eb6c 0440178a chrome_1c30000!WebKit::WebPluginContainerImpl::setParent+0x34 [z:\code\trunk\src\third_party\webkit\webkit\chromium\src\webplugincontainerimpl.cpp @ 221] 0012eba0 047e3273 chrome_1c30000!WebCore::ScrollView::addChild+0x7a [z:\code\trunk\src\third_party\webkit\webcore\platform\scrollview.cpp @ 69] 0012ebc8 047e316f chrome_1c30000!WebCore::moveWidgetToParentSoon+0x43 [z:\code\trunk\src\third_party\webkit\webcore\rendering\renderwidget.cpp @ 91] 0012ec20 04aceff2 chrome_1c30000!WebCore::RenderWidget::setWidget+0x18f [z:\code\trunk\src\third_party\webkit\webcore\rendering\renderwidget.cpp @ 211] 0012ec38 0472b56b chrome_1c30000!WebCore::RenderPart::setWidget+0x52 [z:\code\trunk\src\third_party\webkit\webcore\rendering\renderpart.cpp @ 54] 0012ec94 0472a732 chrome_1c30000!WebCore::SubframeLoader::loadPlugin+0x1ab [z:\code\trunk\src\third_party\webkit\webcore\loader\subframeloader.cpp @ 367] 0012ed80 0479d93c chrome_1c30000!WebCore::SubframeLoader::requestObject+0x242 [z:\code\trunk\src\third_party\webkit\webcore\loader\subframeloader.cpp @ 137] 0012edfc 044cc40c chrome_1c30000!WebCore::HTMLObjectElement::updateWidget+0x21c [z:\code\trunk\src\third_party\webkit\webcore\html\htmlobjectelement.cpp @ 292] 0012ee14 044cc58f chrome_1c30000!WebCore::FrameView::updateWidget+0xfc [z:\code\trunk\src\third_party\webkit\webcore\page\frameview.cpp @ 1607] 0012ee94 044cc7bb chrome_1c30000!WebCore::FrameView::updateWidgets+0x13f [z:\code\trunk\src\third_party\webkit\webcore\page\frameview.cpp @ 1640] 0012eec8 044c94aa chrome_1c30000!WebCore::FrameView::performPostLayoutTasks+0xdb [z:\code\trunk\src\third_party\webkit\webcore\page\frameview.cpp @ 1669] 0012ef7c 044cb6b8 chrome_1c30000!WebCore::FrameView::layout+0x95a [z:\code\trunk\src\third_party\webkit\webcore\page\frameview.cpp @ 849] 0012ef8c 044cf459 chrome_1c30000!WebCore::FrameView::layoutTimerFired+0x18 [z:\code\trunk\src\third_party\webkit\webcore\page\frameview.cpp @ 1362] 0012efa0 04707559 chrome_1c30000!WebCore::Timer<WebCore::FrameView>::fired+0x29 [z:\code\trunk\src\third_party\webkit\webcore\platform\timer.h @ 98] 0012efd8 04707476 chrome_1c30000!WebCore::ThreadTimers::sharedTimerFiredInternal+0xd9 [z:\code\trunk\src\third_party\webkit\webcore\platform\threadtimers.cpp @ 112] 0012efe0 0312a24b chrome_1c30000!WebCore::ThreadTimers::sharedTimerFired+0x16 [z:\code\trunk\src\third_party\webkit\webcore\platform\threadtimers.cpp @ 91] 0012eff0 0312b0dc chrome_1c30000!webkit_glue::WebKitClientImpl::DoTimeout+0x2b [z:\code\trunk\src\webkit\glue\webkitclient_impl.h @ 65] 0012effc 0312ab94 chrome_1c30000!DispatchToMethod<webkit_glue::WebKitClientImpl,void (__thiscall webkit_glue::WebKitClientImpl::*)(void)>+0xc [z:\code\trunk\src\base\tuple.h @ 537]

Attachments
Test case. (551 bytes, text/html) 2010-09-15 17:38 PDT, Ananta Iyengar	no flags	Details
Initial patch (4.15 KB, patch) 2011-03-29 21:01 PDT, Ananta Iyengar	no flags	Details Formatted Diff Diff
Patch with tabs removed. (4.15 KB, patch) 2011-03-29 21:05 PDT, Ananta Iyengar	no flags	Details Formatted Diff Diff
Patch with review comments addressed (3.94 KB, patch) 2011-03-30 12:46 PDT, Ananta Iyengar	no flags	Details Formatted Diff Diff
Updated patch which has the fixes for the new layout test to ensure that it works correctly with DumpRenderTree (4.01 KB, patch) 2011-03-31 16:44 PDT, Ananta Iyengar	no flags	Details Formatted Diff Diff
Updated patch which has the fixes for the new layout test to ensure that it does not crash on Windows XP. This test needs to be skipped on chromium(linux, mac), qt and gtk (6.32 KB, patch) 2011-03-31 23:01 PDT, Ananta Iyengar	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

James Robinson

Comment 1 2010-09-15 17:41:58 PDT

+cc some folks. My first suspicion is that we need to mark a RenderWidget as needing a repaint on the first call to setWidget()

Eric Seidel (no email)

Comment 2 2010-09-15 17:54:11 PDT

Is this a regression? I recently was in this code.

James Robinson

Comment 3 2010-09-15 18:13:05 PDT

We suspect it's not a regression, but is frequently covered up by further invalidations that cover the plugin.

Ananta Iyengar

Comment 4 2011-03-29 21:01:39 PDT

Created attachment 87456 [details] Initial patch

Ananta Iyengar

Comment 5 2011-03-29 21:05:07 PDT

Created attachment 87459 [details] Patch with tabs removed.

James Robinson

Comment 6 2011-03-30 12:09:36 PDT

Comment on attachment 87459 [details] Patch with tabs removed. View in context: https://bugs.webkit.org/attachment.cgi?id=87459&action=review > LayoutTests/plugins/windowless_plugin_paint_test.html:8 > + -webkit-transform: rotateZ(0deg) rotateX(0deg) rotateY(0deg); translateZ(0) is the more typical way to force compositing

Simon Fraser (smfr)

Comment 7 2011-03-30 12:25:45 PDT

Comment on attachment 87459 [details] Patch with tabs removed. View in context: https://bugs.webkit.org/attachment.cgi?id=87459&action=review >> LayoutTests/plugins/windowless_plugin_paint_test.html:8 >> + -webkit-transform: rotateZ(0deg) rotateX(0deg) rotateY(0deg); > > translateZ(0) is the more typical way to force compositing Why does compositing have anything to do with it? I don't see any mention of this in the bug.

Ananta Iyengar

Comment 8 2011-03-30 12:46:31 PDT

Created attachment 87598 [details] Patch with review comments addressed Removed the transform related code from the layout test.

James Robinson

Comment 9 2011-03-30 15:03:33 PDT

Comment on attachment 87598 [details] Patch with review comments addressed Looks good

WebKit Commit Bot

Comment 10 2011-03-31 14:25:36 PDT

Comment on attachment 87598 [details] Patch with review comments addressed Clearing flags on attachment: 87598 Committed r82616: <http://trac.webkit.org/changeset/82616>

WebKit Commit Bot

Comment 11 2011-03-31 14:25:42 PDT

All reviewed patches have been landed. Closing bug.

Adam Barth

Comment 12 2011-03-31 15:08:36 PDT

Here's the result diff on Chromium Win 7: --- E:\b\build\slave\Webkit_Win7\build\src\webkit\Release\..\../../layout-test-results\plugins/windowless_plugin_paint_test-expected.txt +++ E:\b\build\slave\Webkit_Win7\build\src\webkit\Release\..\../../layout-test-results\plugins/windowless_plugin_paint_test-actual.txt @@ -1,3 +1,3 @@ This tests that dynamically added windowless plugins receive paint events on creation. -SUCCESS +FAILURE

WebKit Review Bot

Comment 13 2011-03-31 15:15:22 PDT

http://trac.webkit.org/changeset/82616 might have broken Qt Linux Release

James Robinson

Comment 14 2011-03-31 15:23:57 PDT

Ananta, can you take a look? What platform did you test this on?

Ananta Iyengar

Comment 15 2011-03-31 16:44:39 PDT

Created attachment 87805 [details] Updated patch which has the fixes for the new layout test to ensure that it works correctly with DumpRenderTree

Adam Barth

Comment 16 2011-03-31 17:25:16 PDT

Comment on attachment 87805 [details] Updated patch which has the fixes for the new layout test to ensure that it works correctly with DumpRenderTree Thanks!

WebKit Commit Bot

Comment 17 2011-03-31 18:14:40 PDT

Comment on attachment 87805 [details] Updated patch which has the fixes for the new layout test to ensure that it works correctly with DumpRenderTree Clearing flags on attachment: 87805 Committed r82652: <http://trac.webkit.org/changeset/82652>

WebKit Commit Bot

Comment 18 2011-03-31 18:14:46 PDT

All reviewed patches have been landed. Closing bug.

WebKit Review Bot

Comment 19 2011-03-31 19:05:10 PDT

http://trac.webkit.org/changeset/82652 might have broken Qt Linux Release The following tests are not passing: plugins/windowless_plugin_paint_test.html

Adam Barth

Comment 20 2011-03-31 19:43:08 PDT

Still fails on Mac and Linux (as well as other non-Chromium ports) http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&group=%40ToT%20-%20chromium.org&tests=plugins%2Fwindowless_plugin_paint_test.html

James Robinson

Comment 21 2011-03-31 19:44:41 PDT

Do plugins block the onload event?

Adam Barth

Comment 22 2011-03-31 19:53:31 PDT

Looks like this crashes on XP: http://build.webkit.org/results/Windows%20XP%20Debug%20(Tests)/r82654%20(27040)/plugins/windowless_plugin_paint_test-crash-log.txt

James Robinson

Comment 23 2011-03-31 19:55:39 PDT

Hmm yeah, manipulating the DOM during painting is probably a bad idea.

Ananta Iyengar

Comment 24 2011-03-31 23:01:37 PDT

Created attachment 87827 [details] Updated patch which has the fixes for the new layout test to ensure that it does not crash on Windows XP. This test needs to be skipped on chromium(linux, mac), qt and gtk

Adam Barth

Comment 25 2011-03-31 23:09:54 PDT

Comment on attachment 87827 [details] Updated patch which has the fixes for the new layout test to ensure that it does not crash on Windows XP. This test needs to be skipped on chromium(linux, mac), qt and gtk Third time's the charm?

Adam Barth

Comment 26 2011-04-01 17:02:57 PDT

Reopen so the commit-queue sees the patch.

WebKit Commit Bot

Comment 27 2011-04-01 19:03:40 PDT

WebKit Commit Bot

Comment 28 2011-04-01 19:03:46 PDT

All reviewed patches have been landed. Closing bug.

Adam Barth

Comment 29 2011-04-01 19:34:49 PDT

Sorry ananta, this test still fails (at least on Chromium-Linux). :( http://build.chromium.org/f/chromium/layout_test_results/Webkit_Linux/results/layout-test-results/plugins/windowless_plugin_paint_test-wdiff.html

Adam Barth

Comment 30 2011-04-01 19:40:53 PDT

ananta set me straight. This just needs a TIMEOUT expectation.

WebKit Review Bot

Comment 31 2011-04-01 20:16:32 PDT

http://trac.webkit.org/changeset/82758 might have broken SnowLeopard Intel Release (WebKit2 Tests) The following tests are not passing: inspector/styles/styles-add-blank-property.html plugins/windowless_plugin_paint_test.html

Ananta Iyengar

Comment 32 2011-04-01 20:20:02 PDT

Looking at the mac failure.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component Plug-ins

Assignee

Ananta Iyengar

Reported

2010-09-15 17:38 PDT

Modified

2011-04-01 20:20 PDT History

CC List

9 users Show

URL

Keywords

Depends on

57585 57603 57690

Blocks

Dependencies

tree graph