Changeset 131804 in webkit

Timestamp:

Oct 18, 2012, 2:25:35 PM (13 years ago)

Author:

Beth Dakin

Message:

​https://bugs.webkit.org/show_bug.cgi?id=99668
REGRESSION: Crash in
WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion
-and corresponding-
<rdar://problem/12491901>

Reviewed by Simon Fraser.

​http://trac.webkit.org/changeset/130783 changed the lifetime of the
ScrollingStateTree's rootStateNode. Before that patch, the root state
node was never destroyed. It was just constantly re-used for
different RenderLayerBackings. This crash is just one of a few bugs
that has occurred because of that change. I have fixed the other bugs
individually, but I think that long-term, it is the safest solution
to go back to the original ownership model.

So this patch ensures that the state tree will always have a root
state node. Instead of destroying and re-creating the root node when
it's scroll ID changes, we just update the ID.

attachToStateTree() now takes an additional ID representing the ID of
the parent node.

• page/scrolling/ScrollingCoordinator.h:

(WebCore::ScrollingCoordinator::attachToStateTree):

Add a way to set the scrolling node ID.

• page/scrolling/ScrollingStateNode.h:

(WebCore::ScrollingStateNode::setScrollingNodeID):

This code that provided a way to mark all properties as having
changed was added in ​http://trac.webkit.org/changeset/130989 as a way
to ensure we would re-set ScrollingThread's nodes when we destroyed
and re-created the rootStateNode. Now that we are no longer
destroying and re-creating the rootStateNode, this code is no longer
necessary.

• page/scrolling/ScrollingStateScrollingNode.cpp:
• page/scrolling/ScrollingStateScrollingNode.h:

create m_rootStateNode right in the ScrollingStateTree's constructor.

• page/scrolling/ScrollingStateTree.cpp:

(WebCore::ScrollingStateTree::ScrollingStateTree):

Don't let removeNode() destroy m_rootStateNode.
(WebCore::ScrollingStateTree::removeNode):

Also a part of r130989 that is no longer needed.
(WebCore::ScrollingStateTree::rootLayerDidChange():

• page/scrolling/ScrollingStateTree.h:

(WebCore::ScrollingStateTree::rootStateNode):
(ScrollingStateTree):
(WebCore::ScrollingStateTree::setRootStateNode):

attachToStateTree() now takes an additional ID representing the ID of
the parent node.

• page/scrolling/mac/ScrollingCoordinatorMac.h:

(ScrollingCoordinatorMac):

We no longer need ScrollingStateTree::rootLayerDidChange()

• page/scrolling/mac/ScrollingCoordinatorMac.mm:

(WebCore::ScrollingCoordinatorMac::frameViewRootLayerDidChange):

Do not destroy and re-create the state node. Just update its ID. When
we support child nodes soon, we will create them in this function.
(WebCore::ScrollingCoordinatorMac::attachToStateTree):

No need to null-check the rootStateNode.
(WebCore::ScrollingCoordinatorMac::clearStateTree):

Send 0 as the parent node ID to attachToStateTree() to represent the
root node.
(WebCore::ScrollingCoordinatorMac::ensureRootStateNodeForFrameView):

• rendering/RenderLayerBacking.cpp:

RenderLayerBacking::attachToScrollingCoordinator() now takes a parent
layer.
(WebCore::RenderLayerBacking::attachToScrollingCoordinator):

• rendering/RenderLayerBacking.h:

(RenderLayerBacking):

Since this is the root, send 0 to represent the parent layer.

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateBacking):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/scrolling/ScrollingCoordinator.h (modified) (1 diff)
• page/scrolling/ScrollingStateNode.h (modified) (1 diff)
• page/scrolling/ScrollingStateScrollingNode.cpp (modified) (1 diff)
• page/scrolling/ScrollingStateScrollingNode.h (modified) (2 diffs)
• page/scrolling/ScrollingStateTree.cpp (modified) (3 diffs)
• page/scrolling/ScrollingStateTree.h (modified) (3 diffs)
• page/scrolling/mac/ScrollingCoordinatorMac.h (modified) (1 diff)
• page/scrolling/mac/ScrollingCoordinatorMac.mm (modified) (4 diffs)
• rendering/RenderLayerBacking.cpp (modified) (2 diffs)
• rendering/RenderLayerBacking.h (modified) (1 diff)
• rendering/RenderLayerCompositor.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-10-18  Beth Dakin  <bdakin@apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=99668
+        REGRESSION: Crash in 
+        WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion
+        -and corresponding-
+        <rdar://problem/12491901>
+
+        Reviewed by Simon Fraser.
+
+        http://trac.webkit.org/changeset/130783 changed the lifetime of the 
+        ScrollingStateTree's rootStateNode. Before that patch, the root state 
+        node was never destroyed. It was just constantly re-used for 
+        different RenderLayerBackings. This crash is just one of a few bugs 
+        that has occurred because of that change. I have fixed the other bugs 
+        individually, but I think that long-term, it is the safest solution 
+        to go back to the original ownership model.
+
+        So this patch ensures that the state tree will always have a root 
+        state node. Instead of destroying and re-creating the root node when 
+        it's scroll ID changes, we just update the ID.
+
+        attachToStateTree() now takes an additional ID representing the ID of 
+        the parent node.
+        * page/scrolling/ScrollingCoordinator.h:
+        (WebCore::ScrollingCoordinator::attachToStateTree):
+
+        Add a way to set the scrolling node ID.
+        * page/scrolling/ScrollingStateNode.h:
+        (WebCore::ScrollingStateNode::setScrollingNodeID):
+
+        This code that provided a way to mark all properties as having 
+        changed was added in http://trac.webkit.org/changeset/130989 as a way 
+        to ensure we would re-set ScrollingThread's nodes when we destroyed 
+        and re-created the rootStateNode. Now that we are no longer 
+        destroying and re-creating the rootStateNode, this code is no longer 
+        necessary.
+        * page/scrolling/ScrollingStateScrollingNode.cpp:
+        * page/scrolling/ScrollingStateScrollingNode.h:
+
+        create m_rootStateNode right in the ScrollingStateTree's constructor.
+        * page/scrolling/ScrollingStateTree.cpp:
+        (WebCore::ScrollingStateTree::ScrollingStateTree):
+
+        Don't let removeNode() destroy m_rootStateNode.
+        (WebCore::ScrollingStateTree::removeNode):
+
+        Also a part of r130989 that is no longer needed.
+        (WebCore::ScrollingStateTree::rootLayerDidChange():
+        * page/scrolling/ScrollingStateTree.h:
+        (WebCore::ScrollingStateTree::rootStateNode):
+        (ScrollingStateTree):
+        (WebCore::ScrollingStateTree::setRootStateNode):
+
+        attachToStateTree() now takes an additional ID representing the ID of 
+        the parent node.
+        * page/scrolling/mac/ScrollingCoordinatorMac.h:
+        (ScrollingCoordinatorMac):
+
+        We no longer need ScrollingStateTree::rootLayerDidChange()
+        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
+        (WebCore::ScrollingCoordinatorMac::frameViewRootLayerDidChange):
+
+        Do not destroy and re-create the state node. Just update its ID. When 
+        we support child nodes soon, we will create them in this function.
+        (WebCore::ScrollingCoordinatorMac::attachToStateTree):
+
+        No need to null-check the rootStateNode.
+        (WebCore::ScrollingCoordinatorMac::clearStateTree):
+
+        Send 0 as the parent node ID to attachToStateTree() to represent the 
+        root node.
+        (WebCore::ScrollingCoordinatorMac::ensureRootStateNodeForFrameView):
+        * rendering/RenderLayerBacking.cpp:
+
+        RenderLayerBacking::attachToScrollingCoordinator() now takes a parent 
+        layer.
+        (WebCore::RenderLayerBacking::attachToScrollingCoordinator):
+        * rendering/RenderLayerBacking.h:
+        (RenderLayerBacking):
+
+        Since this is the root, send 0 to represent the parent layer.
+        * rendering/RenderLayerCompositor.cpp:
+        (WebCore::RenderLayerCompositor::updateBacking):
+
 2012-10-18  Yael Aharon  <yael.aharon@intel.com>
 

trunk/Source/WebCore/page/scrolling/ScrollingCoordinator.h

@@ -110 +110 @@
     virtual bool handleWheelEvent(FrameView*, const PlatformWheelEvent&) { return true; }
     virtual void updateMainFrameScrollPositionAndScrollLayerPosition() { }
-    virtual ScrollingNodeID attachToStateTree(ScrollingNodeID nodeID) { return nodeID; }
+    virtual ScrollingNodeID attachToStateTree(ScrollingNodeID newNodeID, ScrollingNodeID /*parentID*/) { return newNodeID; }
     virtual void detachFromStateTree(ScrollingNodeID) { }
     virtual void clearStateTree() { }

trunk/Source/WebCore/page/scrolling/ScrollingStateNode.h

@@ -72 +72 @@
 
     ScrollingNodeID scrollingNodeID() const { return m_nodeID; }
+    void setScrollingNodeID(ScrollingNodeID nodeID) { m_nodeID = nodeID; }
 
     ScrollingStateNode* parent() const { return m_parent; }

trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.cpp

@@ -78 +78 @@
 }
 
-void ScrollingStateScrollingNode::setHasChangedProperties()
-{
-    m_changedProperties = All;
-    ScrollingStateNode::setHasChangedProperties();
-}
-
 PassOwnPtr<ScrollingStateNode> ScrollingStateScrollingNode::cloneAndResetNode()
 {

trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h

@@ -57 +57 @@
         ScrollOrigin = 1 << 11,
         RequestedScrollPosition = 1 << 12,
-        All = (1 << 13) - 1 // This will need to be updated if we add or remove anything the ChangedProperties.
     };
 
@@ -67 +66 @@
     virtual unsigned changedProperties() const OVERRIDE { return m_changedProperties; }
     virtual void resetChangedProperties() OVERRIDE { m_changedProperties = 0; }
-    virtual void setHasChangedProperties();
 
     const IntRect& viewportRect() const { return m_viewportRect; }

trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp

@@ -37 +37 @@
 
 ScrollingStateTree::ScrollingStateTree()
-    : m_hasChangedProperties(false)
+    : m_rootStateNode(ScrollingStateScrollingNode::create(this, 0))
+    , m_hasChangedProperties(false)
 {
 }
@@ -64 +65 @@
 {
     ASSERT(m_rootStateNode);
-
-    if (node == m_rootStateNode) {
-        didRemoveNode(m_rootStateNode->scrollingNodeID());
-        m_rootStateNode = 0;
-        return;
-    }
-
     m_rootStateNode->removeChild(node);
 }
@@ -79 +73 @@
 }
 
-void ScrollingStateTree::rootLayerDidChange()
-{
-    // If the root layer has changed, then destroyed and re-created the root state node. That means that the
-    // cached properties in ScrollingStateScrollingNode are no longer reflective of the properties we have
-    // cached over in the ScrollingTree. To resolve this, we will mark all of the properties as having changed
-    // so that the ScrollingTree will be in synch with the state tree.
-    setHasChangedProperties(true);
-    rootStateNode()->setHasChangedProperties();
-}
-
 } // namespace WebCore
 

trunk/Source/WebCore/page/scrolling/ScrollingStateTree.h

@@ -56 +56 @@
 
     ScrollingStateScrollingNode* rootStateNode() const { return m_rootStateNode.get(); }
-    void setRootStateNode(PassOwnPtr<ScrollingStateScrollingNode> rootStateNode) { m_rootStateNode = rootStateNode; }
 
     // Copies the current tree state and clears the changed properties mask in the original.
@@ -65 +64 @@
     const Vector<ScrollingNodeID>& removedNodes() const { return m_nodesRemovedSinceLastCommit; }
 
-    void rootLayerDidChange();
-
     void setHasChangedProperties(bool changedProperties) { m_hasChangedProperties = changedProperties; }
     bool hasChangedProperties() const { return m_hasChangedProperties; }
@@ -72 +69 @@
 private:
     ScrollingStateTree();
+
+    void setRootStateNode(PassOwnPtr<ScrollingStateScrollingNode> rootStateNode) { m_rootStateNode = rootStateNode; }
 
     PassOwnPtr<ScrollingStateTree> clone();

trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h

@@ -67 +67 @@
     // These functions are used to indicate that a layer should be (or should not longer be) represented by a node
     // in the scrolling tree.
-    virtual ScrollingNodeID attachToStateTree(ScrollingNodeID);
+    virtual ScrollingNodeID attachToStateTree(ScrollingNodeID newNodeID, ScrollingNodeID parentID);
     virtual void detachFromStateTree(ScrollingNodeID);
 

trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm

@@ -148 +148 @@
     ensureRootStateNodeForFrameView(frameView);
     ASSERT(m_scrollingStateTree->rootStateNode());
-    m_scrollingStateTree->rootLayerDidChange();
 
     ScrollingCoordinator::frameViewRootLayerDidChange(frameView);
@@ -235 +234 @@
 }
 
-ScrollingNodeID ScrollingCoordinatorMac::attachToStateTree(ScrollingNodeID scrollLayerID)
-{
-    ASSERT(scrollLayerID);
-
-    ScrollingStateScrollingNode* existingNode = stateNodeForID(scrollLayerID);
+ScrollingNodeID ScrollingCoordinatorMac::attachToStateTree(ScrollingNodeID newNodeID, ScrollingNodeID parentID)
+{
+    ASSERT(newNodeID);
+
+    ScrollingStateScrollingNode* existingNode = stateNodeForID(newNodeID);
     if (existingNode && existingNode == m_scrollingStateTree->rootStateNode())
-        return scrollLayerID;
-
-    clearStateTree();
-
-    // FIXME: In the future, this function will have to take a parent ID so that it can
-    // append the node in the appropriate spot in the state tree. For now we always assume
-    // this is the root node.
-    m_scrollingStateTree->setRootStateNode(ScrollingStateScrollingNode::create(m_scrollingStateTree.get(), scrollLayerID));
-    m_stateNodeMap.set(scrollLayerID, m_scrollingStateTree->rootStateNode());
-    return scrollLayerID;
+        return newNodeID;
+
+    // If there is no parent, this is the root node. Right now, we only support the root node.
+    // FIXME: In the future, we should append child nodes in the appropriate spot in the state
+    // tree.
+    if (!parentID) {
+        // If we're resetting the root node, we should clear the HashMap and destroy the current children.
+        clearStateTree();
+
+        m_scrollingStateTree->rootStateNode()->setScrollingNodeID(newNodeID);
+        m_stateNodeMap.set(newNodeID, m_scrollingStateTree->rootStateNode());
+    }
+
+    return newNodeID;
 }
 
@@ -276 +279 @@
 {
     m_stateNodeMap.clear();
-    if (ScrollingStateScrollingNode* node = m_scrollingStateTree->rootStateNode())
-        m_scrollingStateTree->removeNode(node);
+    m_scrollingStateTree->removeNode(m_scrollingStateTree->rootStateNode());
 }
 
@@ -295 +297 @@
 void ScrollingCoordinatorMac::ensureRootStateNodeForFrameView(FrameView* frameView)
 {
-    attachToStateTree(frameView->scrollLayerID());
+    attachToStateTree(frameView->scrollLayerID(), 0);
 }
 

trunk/Source/WebCore/rendering/RenderLayerBacking.cpp

@@ -966 +966 @@
 }
 
-void RenderLayerBacking::attachToScrollingCoordinator()
+void RenderLayerBacking::attachToScrollingCoordinator(RenderLayerBacking* parent)
 {
     // If m_scrollLayerID non-zero, then this backing is already attached to the ScrollingCoordinator.
@@ -979 +979 @@
     if (!scrollingCoordinator)
         return;
-    
-    m_scrollLayerID = scrollingCoordinator->attachToStateTree(scrollingCoordinator->uniqueScrollLayerID());
+
+    ScrollingNodeID parentID = parent ? parent->scrollLayerID() : 0;
+    m_scrollLayerID = scrollingCoordinator->attachToStateTree(scrollingCoordinator->uniqueScrollLayerID(), parentID);
 }
 

trunk/Source/WebCore/rendering/RenderLayerBacking.h

@@ -89 +89 @@
     GraphicsLayer* scrollingContentsLayer() const { return m_scrollingContentsLayer.get(); }
 
-    void attachToScrollingCoordinator();
+    void attachToScrollingCoordinator(RenderLayerBacking* parent);
     uint64_t scrollLayerID() const { return m_scrollLayerID; }
     

trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp

@@ -511 +511 @@
             // At this time, the ScrollingCooridnator only supports the top-level frame.
             if (layer->isRootLayer() && !m_renderView->document()->ownerElement()) {
-                layer->backing()->attachToScrollingCoordinator();
+                layer->backing()->attachToScrollingCoordinator(0);
                 if (ScrollingCoordinator* scrollingCoordinator = this->scrollingCoordinator())
                     scrollingCoordinator->frameViewRootLayerDidChange(m_renderView->frameView());