Changeset 111480 in webkit

Timestamp:

Mar 20, 2012 6:19:23 PM (12 years ago)

Author:

morrita@google.com

Message:

Infinite repaint loop with SVGImageCache and deferred repaint timers
​https://bugs.webkit.org/show_bug.cgi?id=78315
<rdar://problem/10651634>

Patch by Tim Horton <​timothy_horton@apple.com> on 2012-03-18
Reviewed by Nikolas Zimmermann.

Only defer image redraw on a timer if we're in layout. This breaks
the repaint loop while still preventing us from drawing inside layout.

Completely disable repaint during relayout inside SVGImage::drawSVGToImageBuffer,
preventing deferred repaint timers from being started during that process.

No new tests, as the problem only occurs in a nonstandard configuration.

• page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::reset):
(WebCore::FrameView::repaintContentRectangle):
(WebCore::FrameView::endDeferredRepaints):
(WebCore::FrameView::startDeferredRepaintTimer):
(WebCore):
(WebCore::FrameView::doDeferredRepaints):
(WebCore::FrameView::deferredRepaintTimerFired):
(WebCore::FrameView::beginDisableRepaints):
(WebCore::FrameView::endDisableRepaints):

• page/FrameView.h:

(FrameView):
(WebCore::FrameView::repaintsDisabled):

• rendering/RenderView.cpp:

(WebCore::RenderView::shouldRepaint):

• svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::drawSVGToImageBuffer):
(WebCore::SVGImage::draw):
(WebCore::SVGImage::frameView):
(WebCore):

• svg/graphics/SVGImage.h:

(WebCore):

• svg/graphics/SVGImageCache.cpp:

(WebCore::SVGImageCache::imageContentChanged):
(WebCore::SVGImageCache::redraw):
(WebCore::SVGImageCache::redrawTimerFired):
(WebCore):

• svg/graphics/SVGImageCache.h:

(SVGImageCache):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/FrameView.cpp (modified) (8 diffs)
• page/FrameView.h (modified) (2 diffs)
• rendering/RenderView.cpp (modified) (1 diff)
• svg/graphics/SVGImage.cpp (modified) (4 diffs)
• svg/graphics/SVGImage.h (modified) (2 diffs)
• svg/graphics/SVGImageCache.cpp (modified) (3 diffs)
• svg/graphics/SVGImageCache.h (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-03-18  Tim Horton  <timothy_horton@apple.com>
+
+        Infinite repaint loop with SVGImageCache and deferred repaint timers
+        https://bugs.webkit.org/show_bug.cgi?id=78315
+        <rdar://problem/10651634>
+
+        Reviewed by Nikolas Zimmermann.
+
+        Only defer image redraw on a timer if we're in layout. This breaks
+        the repaint loop while still preventing us from drawing inside layout.
+
+        Completely disable repaint during relayout inside SVGImage::drawSVGToImageBuffer,
+        preventing deferred repaint timers from being started during that process.
+
+        No new tests, as the problem only occurs in a nonstandard configuration.
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::FrameView):
+        (WebCore::FrameView::reset):
+        (WebCore::FrameView::repaintContentRectangle):
+        (WebCore::FrameView::endDeferredRepaints):
+        (WebCore::FrameView::startDeferredRepaintTimer):
+        (WebCore):
+        (WebCore::FrameView::doDeferredRepaints):
+        (WebCore::FrameView::deferredRepaintTimerFired):
+        (WebCore::FrameView::beginDisableRepaints):
+        (WebCore::FrameView::endDisableRepaints):
+        * page/FrameView.h:
+        (FrameView):
+        (WebCore::FrameView::repaintsDisabled):
+        * rendering/RenderView.cpp:
+        (WebCore::RenderView::shouldRepaint):
+        * svg/graphics/SVGImage.cpp:
+        (WebCore::SVGImage::drawSVGToImageBuffer):
+        (WebCore::SVGImage::draw):
+        (WebCore::SVGImage::frameView):
+        (WebCore):
+        * svg/graphics/SVGImage.h:
+        (WebCore):
+        * svg/graphics/SVGImageCache.cpp:
+        (WebCore::SVGImageCache::imageContentChanged):
+        (WebCore::SVGImageCache::redraw):
+        (WebCore::SVGImageCache::redrawTimerFired):
+        (WebCore):
+        * svg/graphics/SVGImageCache.h:
+        (SVGImageCache):
+
 2012-03-20  Adam Klein  <adamk@chromium.org>
 

trunk/Source/WebCore/page/FrameView.cpp

@@ -140 +140 @@
     , m_inProgrammaticScroll(false)
     , m_deferredRepaintTimer(this, &FrameView::deferredRepaintTimerFired)
+    , m_disableRepaints(0)
     , m_isTrackingRepaints(false)
     , m_shouldUpdateWhileOffscreen(true)
@@ -246 +247 @@
     m_firstVisuallyNonEmptyLayoutCallbackPending = true;
     m_maintainScrollPositionAnchor = 0;
+    m_disableRepaints = 0;
 }
 
@@ -1782 +1784 @@
 {
     ASSERT(!m_frame->ownerElement());
-    
+
     if (m_isTrackingRepaints) {
         IntRect repaintRect = r;
@@ -1808 +1810 @@
             m_repaintRects[0].unite(paintRect);
         m_repaintCount++;
-    
-        if (!m_deferringRepaints && !m_deferredRepaintTimer.isActive())
-             m_deferredRepaintTimer.startOneShot(delay);
+
+        if (!m_deferringRepaints)
+            startDeferredRepaintTimer(delay);
+
         return;
     }
@@ -1863 +1866 @@
 }
 
-
 void FrameView::endDeferredRepaints()
 {
@@ -1876 +1878 @@
     if (--m_deferringRepaints)
         return;
-    
+
     if (m_deferredRepaintTimer.isActive())
         return;
 
     if (double delay = adjustedDeferredRepaintDelay()) {
-        m_deferredRepaintTimer.startOneShot(delay);
+        startDeferredRepaintTimer(delay);
         return;
     }
     
     doDeferredRepaints();
+}
+
+void FrameView::startDeferredRepaintTimer(double delay)
+{
+    if (m_deferredRepaintTimer.isActive())
+        return;
+
+    if (m_disableRepaints)
+        return;
+
+    m_deferredRepaintTimer.startOneShot(delay);
 }
 
@@ -1904 +1917 @@
 void FrameView::doDeferredRepaints()
 {
+    if (m_disableRepaints)
+        return;
+
     ASSERT(!m_deferringRepaints);
     if (!shouldUpdate()) {
@@ -1962 +1978 @@
 {
     doDeferredRepaints();
-}    
+}
+
+void FrameView::beginDisableRepaints()
+{
+    m_disableRepaints++;
+}
+
+void FrameView::endDisableRepaints()
+{
+    ASSERT(m_disableRepaints > 0);
+    m_disableRepaints--;
+}
 
 void FrameView::layoutTimerFired(Timer<FrameView>*)

trunk/Source/WebCore/page/FrameView.h

@@ -209 +209 @@
     void endDeferredRepaints();
     void checkStopDelayingDeferredRepaints();
+    void startDeferredRepaintTimer(double delay);
     void resetDeferredRepaintDelay();
+
+    void beginDisableRepaints();
+    void endDisableRepaints();
+    bool repaintsDisabled() { return m_disableRepaints > 0; }
 
 #if ENABLE(DASHBOARD_SUPPORT)
@@ -476 +481 @@
     double m_deferredRepaintDelay;
     double m_lastPaintTime;
-    
+
+    unsigned m_disableRepaints;
+
     bool m_isTrackingRepaints; // Used for testing.
     Vector<IntRect> m_trackedRepaintRects;

trunk/Source/WebCore/rendering/RenderView.cpp

@@ -302 +302 @@
     if (!m_frameView)
         return false;
-    
+
+    if (m_frameView->repaintsDisabled())
+        return false;
+
     return true;
 }

trunk/Source/WebCore/svg/graphics/SVGImage.cpp

@@ -178 +178 @@
     ASSERT(observer);
 
-    // Temporarily reset image observer, we don't want to receive any changeInRect() calls due this relayout.
+    // Temporarily reset image observer, we don't want to receive any changeInRect() calls due to this relayout.
     setImageObserver(0);
+
+    // Disable repainting; we don't want deferred repaints to schedule any timers due to this relayout.
+    frame->view()->beginDisableRepaints();
+
     renderer->setContainerSize(size);
     frame->view()->resize(this->size());
+
     if (zoom != 1)
         frame->setPageZoomFactor(zoom);
@@ -203 +208 @@
         frame->view()->layout();
 
-    setImageObserver(observer); 
+    setImageObserver(observer);
+
+    frame->view()->endDisableRepaints();
 }
 
@@ -211 +218 @@
         return;
 
-    FrameView* view = m_page->mainFrame()->view();
+    FrameView* view = frameView();
 
     GraphicsContextStateSaver stateSaver(*context);
@@ -254 +261 @@
         return 0;
     return toRenderBox(rootElement->renderer());
+}
+
+FrameView* SVGImage::frameView() const
+{
+    if (!m_page)
+        return 0;
+
+    return m_page->mainFrame()->view();
 }
 

trunk/Source/WebCore/svg/graphics/SVGImage.h

@@ -35 +35 @@
 namespace WebCore {
 
+class FrameView;
 class ImageBuffer;
 class Page;
@@ -54 +55 @@
     void drawSVGToImageBuffer(ImageBuffer*, const IntSize&, float zoom, ShouldClearBuffer);
     RenderBox* embeddedContentBox() const;
+    FrameView* frameView() const;
 
     virtual bool isSVGImage() const { return true; }

trunk/Source/WebCore/svg/graphics/SVGImageCache.cpp

@@ -22 +22 @@
 
 #if ENABLE(SVG)
+#include "FrameView.h"
 #include "GraphicsContext.h"
 #include "ImageBuffer.h"
@@ -82 +83 @@
         it->second.imageNeedsUpdate = true;
 
-    // Start redrawing dirty images with a timer, as imageContentChanged() may be called
-    // by the FrameView of the SVGImage which is currently in FrameView::layout().
-    if (!m_redrawTimer.isActive())
-        m_redrawTimer.startOneShot(0);
+    // If we're in the middle of layout, start redrawing dirty
+    // images on a timer; otherwise it's safe to draw immediately.
+
+    FrameView* frameView = m_svgImage->frameView();
+    if (frameView && frameView->needsLayout()) {
+        if (!m_redrawTimer.isActive())
+            m_redrawTimer.startOneShot(0);
+    } else
+       redraw();
 }
 
-void SVGImageCache::redrawTimerFired(Timer<SVGImageCache>*)
+void SVGImageCache::redraw()
 {
     ImageDataMap::iterator end = m_imageDataMap.end();
@@ -104 +110 @@
     ASSERT(m_svgImage->imageObserver());
     m_svgImage->imageObserver()->animationAdvanced(m_svgImage);
+}
+
+void SVGImageCache::redrawTimerFired(Timer<SVGImageCache>*)
+{
+    redraw();
 }
 

trunk/Source/WebCore/svg/graphics/SVGImageCache.h

@@ -71 +71 @@
 private:
     SVGImageCache(SVGImage*);
+    void redraw();
     void redrawTimerFired(Timer<SVGImageCache>*);