Changeset 205701 in webkit
- Timestamp:
- Sep 9, 2016 12:42:56 AM (8 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r205695 r205701 1 2016-09-09 Antti Koivisto <antti@apple.com> 2 3 v3: WebContent crash due to RELEASE_ASSERT in WebCore: WebCore::StyleResolver::styleForElement 4 https://bugs.webkit.org/show_bug.cgi?id=161689 5 6 Reviewed by Andreas Kling. 7 8 These crashes happen because synchronously triggered resource loads generate callbacks that may end up 9 deleting the resource loader. 10 11 Stop triggering resource loads from StyleResolver. Instead trigger them when applying style to render tree. 12 13 * css/StyleResolver.cpp: 14 (WebCore::StyleResolver::~StyleResolver): 15 16 Replace the RELEASE_ASSERT against deletion during resource loads by a general isDeleted assert. 17 18 (WebCore::StyleResolver::styleForElement): 19 (WebCore::StyleResolver::styleForKeyframe): 20 (WebCore::StyleResolver::pseudoStyleForElement): 21 (WebCore::StyleResolver::styleForPage): 22 (WebCore::StyleResolver::applyMatchedProperties): 23 (WebCore::StyleResolver::loadPendingResources): Deleted. 24 * css/StyleResolver.h: 25 * page/animation/KeyframeAnimation.cpp: 26 (WebCore::KeyframeAnimation::KeyframeAnimation): 27 (WebCore::KeyframeAnimation::resolveKeyframeStyles): 28 29 Ensure resource load for all animation frames. 30 31 * page/animation/KeyframeAnimation.h: 32 * rendering/RenderElement.cpp: 33 (WebCore::RenderElement::createFor): 34 (WebCore::RenderElement::initializeStyle): 35 36 Load resources when renderer initializes a style. 37 38 (WebCore::RenderElement::setStyle): 39 (WebCore::RenderElement::getUncachedPseudoStyle): 40 41 Load resources for pseudo styles. 42 43 * rendering/RenderImage.cpp: 44 (WebCore::RenderImage::RenderImage): 45 (WebCore::RenderImage::styleWillChange): 46 47 Shuffle image resource initialization out from constructor so initializeStyle gets called before. 48 49 * rendering/RenderImage.h: 50 * rendering/style/StyleCachedImage.cpp: 51 (WebCore::StyleCachedImage::StyleCachedImage): 52 53 Track pending status with a bit instead of implicitly by the existence of CachedResource. 54 This is useful for asserts. 55 56 (WebCore::StyleCachedImage::load): 57 (WebCore::StyleCachedImage::isPending): 58 (WebCore::StyleCachedImage::addClient): 59 (WebCore::StyleCachedImage::removeClient): 60 (WebCore::StyleCachedImage::image): 61 * rendering/style/StyleCachedImage.h: 62 1 63 2016-09-08 Yusuke Suzuki <utatane.tea@gmail.com> 2 64 -
trunk/Source/WebCore/css/StyleResolver.cpp
r205421 r205701 310 310 StyleResolver::~StyleResolver() 311 311 { 312 RELEASE_ASSERT(!m_inLoadPendingImages); 312 RELEASE_ASSERT(!m_isDeleted); 313 m_isDeleted = true; 313 314 314 315 #if ENABLE(CSS_DEVICE_ADAPTATION) … … 386 387 ElementStyle StyleResolver::styleForElement(const Element& element, const RenderStyle* parentStyle, RuleMatchingBehavior matchingBehavior, const RenderRegion* regionForStyling, const SelectorFilter* selectorFilter) 387 388 { 388 RELEASE_ASSERT(!m_i nLoadPendingImages);389 RELEASE_ASSERT(!m_isDeleted); 389 390 390 391 m_state = State(element, parentStyle, m_overrideDocumentElementStyle, regionForStyling, selectorFilter); … … 447 448 std::unique_ptr<RenderStyle> StyleResolver::styleForKeyframe(const RenderStyle* elementStyle, const StyleKeyframe* keyframe, KeyframeValue& keyframeValue) 448 449 { 449 RELEASE_ASSERT(!m_i nLoadPendingImages);450 RELEASE_ASSERT(!m_isDeleted); 450 451 451 452 MatchResult result; … … 487 488 adjustRenderStyle(*state.style(), *state.parentStyle(), nullptr); 488 489 489 // Start loading resources referenced by this style.490 loadPendingResources();491 492 490 // Add all the animating properties to the keyframe. 493 491 unsigned propertyCount = keyframe->properties().propertyCount(); … … 643 641 document().setHasStyleWithViewportUnits(); 644 642 645 // Start loading resources referenced by this style.646 loadPendingResources();647 648 643 // Now return the style. 649 644 return state.takeStyle(); … … 652 647 std::unique_ptr<RenderStyle> StyleResolver::styleForPage(int pageIndex) 653 648 { 654 RELEASE_ASSERT(!m_i nLoadPendingImages);649 RELEASE_ASSERT(!m_isDeleted); 655 650 656 651 auto* documentElement = m_document.documentElement(); … … 686 681 687 682 cascade.applyDeferredProperties(*this, &result); 688 689 // Start loading resources referenced by this style.690 loadPendingResources();691 683 692 684 // Now return the style. … … 1414 1406 cascade.applyDeferredProperties(*this, &matchResult); 1415 1407 1416 // Start loading resources referenced by this style.1417 loadPendingResources();1418 1419 1408 ASSERT(!state.fontDirty()); 1420 1409 … … 2044 2033 } 2045 2034 2046 void StyleResolver::loadPendingResources()2047 {2048 ASSERT(style());2049 if (!style())2050 return;2051 2052 RELEASE_ASSERT(!m_inLoadPendingImages);2053 TemporaryChange<bool> changeInLoadPendingImages(m_inLoadPendingImages, true);2054 2055 Style::loadPendingResources(*style(), document(), m_state.element());2056 }2057 2058 2035 inline StyleResolver::MatchedProperties::MatchedProperties() 2059 2036 : possiblyPaddedMember(nullptr) -
trunk/Source/WebCore/css/StyleResolver.h
r205421 r205701 221 221 222 222 bool createFilterOperations(const CSSValue& inValue, FilterOperations& outOperations); 223 void loadPendingSVGDocuments();224 225 void loadPendingResources();226 223 227 224 struct RuleRange { … … 483 480 void applySVGProperty(CSSPropertyID, CSSValue*); 484 481 485 void loadPendingImages();486 487 482 static unsigned computeMatchedPropertiesHash(const MatchedProperties*, unsigned size); 488 483 struct MatchedPropertiesCacheItem { … … 526 521 State m_state; 527 522 528 // Try to catch a crash. https://bugs.webkit.org/show_bug.cgi?id=141561.529 bool m_i nLoadPendingImages{ false };523 // See if we still have crashes where StyleResolver gets deleted early. 524 bool m_isDeleted { false }; 530 525 531 526 friend bool operator==(const MatchedProperties&, const MatchedProperties&); -
trunk/Source/WebCore/page/animation/ImplicitAnimation.cpp
r200098 r205701 37 37 #include "KeyframeAnimation.h" 38 38 #include "RenderBox.h" 39 #include "StylePendingResources.h" 39 40 40 41 namespace WebCore { … … 213 214 m_toStyle = RenderStyle::clonePtr(*to); 214 215 216 if (m_object && m_object->element()) 217 Style::loadPendingResources(*m_toStyle, m_object->element()->document(), m_object->element()); 218 215 219 // Restart the transition 216 220 if (m_fromStyle && m_toStyle) -
trunk/Source/WebCore/page/animation/KeyframeAnimation.cpp
r200622 r205701 38 38 #include "RenderBox.h" 39 39 #include "RenderStyle.h" 40 #include "StylePendingResources.h" 40 41 #include "StyleResolver.h" 41 42 … … 47 48 , m_unanimatedStyle(RenderStyle::clonePtr(*unanimatedStyle)) 48 49 { 49 // Get the keyframe RenderStyles 50 if (m_object && m_object->element()) 51 m_object->element()->styleResolver().keyframeStylesForAnimation(*m_object->element(), unanimatedStyle, m_keyframes); 50 resolveKeyframeStyles(); 52 51 53 52 // Update the m_transformFunctionListValid flag based on whether the function lists in the keyframes match. … … 351 350 } 352 351 352 void KeyframeAnimation::resolveKeyframeStyles() 353 { 354 if (!m_object || !m_object->element()) 355 return; 356 auto& element = *m_object->element(); 357 358 element.styleResolver().keyframeStylesForAnimation(*m_object->element(), m_unanimatedStyle.get(), m_keyframes); 359 360 // Ensure resource loads for all the frames. 361 for (auto& keyframe : m_keyframes.keyframes()) { 362 if (auto* style = const_cast<RenderStyle*>(keyframe.style())) 363 Style::loadPendingResources(*style, element.document(), &element); 364 } 365 } 366 353 367 void KeyframeAnimation::validateTransformFunctionList() 354 368 { -
trunk/Source/WebCore/page/animation/KeyframeAnimation.h
r200098 r205701 82 82 bool computeExtentOfAnimationForMatchingTransformLists(const FloatRect& rendererBox, LayoutRect&) const; 83 83 84 void resolveKeyframeStyles(); 84 85 void validateTransformFunctionList(); 85 86 void checkForMatchingFilterFunctionLists(); -
trunk/Source/WebCore/rendering/RenderElement.cpp
r204667 r205701 67 67 #include "Settings.h" 68 68 #include "ShadowRoot.h" 69 #include "StylePendingResources.h" 69 70 #include "StyleResolver.h" 70 71 #include <wtf/MathExtras.h> … … 151 152 const ContentData* contentData = style.contentData(); 152 153 if (contentData && !contentData->next() && is<ImageContentData>(*contentData) && !element.isPseudoElement()) { 154 Style::loadPendingResources(style, element.document(), &element); 153 155 auto& styleImage = downcast<ImageContentData>(*contentData).image(); 154 156 auto image = createRenderer<RenderImage>(element, WTFMove(style), const_cast<StyleImage*>(&styleImage)); … … 364 366 void RenderElement::initializeStyle() 365 367 { 368 Style::loadPendingResources(m_style, document(), element()); 369 366 370 styleWillChange(StyleDifferenceNewStyle, style()); 367 371 … … 402 406 403 407 diff = adjustStyleDifference(diff, contextSensitiveProperties); 408 409 Style::loadPendingResources(style, document(), element()); 404 410 405 411 styleWillChange(diff, style); … … 1572 1578 auto& styleResolver = element()->styleResolver(); 1573 1579 1580 std::unique_ptr<RenderStyle> style; 1574 1581 if (pseudoStyleRequest.pseudoId == FIRST_LINE_INHERITED) { 1575 auto result = styleResolver.styleForElement(*element(), parentStyle).renderStyle; 1576 result->setStyleType(FIRST_LINE_INHERITED); 1577 return result; 1578 } 1579 1580 return styleResolver.pseudoStyleForElement(*element(), pseudoStyleRequest, *parentStyle); 1582 style = styleResolver.styleForElement(*element(), parentStyle).renderStyle; 1583 style->setStyleType(FIRST_LINE_INHERITED); 1584 } else 1585 style = styleResolver.pseudoStyleForElement(*element(), pseudoStyleRequest, *parentStyle); 1586 1587 if (style) 1588 Style::loadPendingResources(*style, document(), element()); 1589 1590 return style; 1581 1591 } 1582 1592 -
trunk/Source/WebCore/rendering/RenderImage.cpp
r204983 r205701 132 132 { 133 133 updateAltText(); 134 imageResource().initialize(this);135 134 if (is<HTMLImageElement>(element)) 136 135 m_hasShadowControls = downcast<HTMLImageElement>(element).hasShadowControls(); … … 141 140 , m_imageResource(styleImage ? std::make_unique<RenderImageResourceStyleImage>(*styleImage) : std::make_unique<RenderImageResource>()) 142 141 { 143 imageResource().initialize(this);144 142 } 145 143 … … 200 198 setIntrinsicSize(imageSize); 201 199 return ImageSizeChangeForAltText; 200 } 201 202 void RenderImage::styleWillChange(StyleDifference diff, const RenderStyle& newStyle) 203 { 204 if (!hasInitializedStyle()) 205 imageResource().initialize(this); 206 RenderReplaced::styleWillChange(diff, newStyle); 202 207 } 203 208 -
trunk/Source/WebCore/rendering/RenderImage.h
r200486 r205701 78 78 bool foregroundIsKnownToBeOpaqueInRect(const LayoutRect& localRect, unsigned maxDepthToTest) const override; 79 79 80 void styleWillChange(StyleDifference, const RenderStyle& newStyle) override; 80 81 void styleDidChange(StyleDifference, const RenderStyle*) override; 81 82 -
trunk/Source/WebCore/rendering/style/StyleCachedImage.cpp
r205421 r205701 41 41 42 42 // CSSImageValue doesn't get invalidated so we can grab the CachedImage immediately if it exists. 43 if (is<CSSImageValue>(m_cssValue)) 43 if (is<CSSImageValue>(m_cssValue)) { 44 44 m_cachedImage = downcast<CSSImageValue>(m_cssValue.get()).cachedImage(); 45 if (m_cachedImage) 46 m_isPending = false; 47 } 45 48 } 46 49 … … 67 70 void StyleCachedImage::load(CachedResourceLoader& loader, const ResourceLoaderOptions& options) 68 71 { 69 ASSERT(isPending()); 72 ASSERT(m_isPending); 73 m_isPending = false; 70 74 71 75 if (is<CSSImageValue>(m_cssValue)) { … … 107 111 bool StyleCachedImage::isPending() const 108 112 { 109 return !m_cachedImage;113 return m_isPending; 110 114 } 111 115 … … 170 174 void StyleCachedImage::addClient(RenderElement* renderer) 171 175 { 176 ASSERT(!m_isPending); 172 177 if (!m_cachedImage) 173 178 return; … … 177 182 void StyleCachedImage::removeClient(RenderElement* renderer) 178 183 { 184 ASSERT(!m_isPending); 179 185 if (!m_cachedImage) 180 186 return; … … 184 190 RefPtr<Image> StyleCachedImage::image(RenderElement* renderer, const FloatSize&) const 185 191 { 192 ASSERT(!m_isPending); 186 193 if (!m_cachedImage) 187 194 return nullptr; -
trunk/Source/WebCore/rendering/style/StyleCachedImage.h
r205419 r205701 70 70 71 71 Ref<CSSValue> m_cssValue; 72 bool m_isPending { true }; 72 73 mutable float m_scaleFactor { 1 }; 73 74 mutable CachedResourceHandle<CachedImage> m_cachedImage;
Note: See TracChangeset
for help on using the changeset viewer.