Reproduction is coming. Note that this happens only if you use internals testing API. There is no shadow tree which has text node as its immediate child.
Created attachment 99052 [details] Patch
Comment on attachment 99052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=99052&action=review > Source/WebCore/dom/Element.cpp:1109 > + RefPtr<RenderStyle> newStyle = styleForRenderer(NodeRenderingContext(this, 0)); Using NodeRenderingContext(this, 0) constructor as a way to avoid running initialization code in NodeRenderingContext(Node*) seems inelegant. It seems we are having an abstraction problem here. It's not obvious what (this, 0) means in the context of this call.
Comment on attachment 99052 [details] Patch It seems like styleForRenderer is begging to be devirtualized and folded into NodeRenderingContext ... or something...
(In reply to comment #2) > (From update of attachment 99052 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=99052&action=review > > > Source/WebCore/dom/Element.cpp:1109 > > + RefPtr<RenderStyle> newStyle = styleForRenderer(NodeRenderingContext(this, 0)); > > Using NodeRenderingContext(this, 0) constructor as a way to avoid running initialization code in NodeRenderingContext(Node*) seems inelegant. It seems we are having an abstraction problem here. It's not obvious what (this, 0) means in the context of this call. Well, I'll introduce tag-type for making it clear. (In reply to comment #3) > (From update of attachment 99052 [details]) > It seems like styleForRenderer is begging to be devirtualized and folded into NodeRenderingContext ... or something... Yes. That's what I tried to do at first... or it might be a part of CSSSelector because it knows the parent node.
Comment on attachment 99052 [details] Patch Rejecting attachment 99052 [details] from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=ec2-cq-02', '--port..." exit_code: 2 Last 500 characters of output: 57086529701d950b16c617d4401733e5f55b8e22 r90088 = 03758942d934755c9c03bc963fb16a1d5258ea7d Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/origin/master. Updating chromium port dependencies using gclient... ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Full output: http://queues.webkit.org/results/8966336
Created attachment 99243 [details] patch for landing
Created attachment 99244 [details] patch for landing
Comment on attachment 99244 [details] patch for landing Clearing flags on attachment: 99244 Committed r90094: <http://trac.webkit.org/changeset/90094>
All reviewed patches have been landed. Closing bug.