Changeset 157306 in webkit


Ignore:
Timestamp:
Oct 11, 2013 9:54:27 AM (10 years ago)
Author:
commit-queue@webkit.org
Message:

Unreviewed, rolling out r157297.
http://trac.webkit.org/changeset/157297
https://bugs.webkit.org/show_bug.cgi?id=122651

Caused crashes on multiple platform/mac-wk2/tiled-drawing
tests (Requested by ap on #webkit).

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::operator new):
(WebCore::RenderLayer::operator delete):
(WebCore::RenderLayer::destroy):

  • rendering/RenderLayer.h:
  • rendering/RenderLayerModelObject.cpp:

(WebCore::RenderLayerModelObject::RenderLayerModelObject):
(WebCore::RenderLayerModelObject::destroyLayer):
(WebCore::RenderLayerModelObject::ensureLayer):

  • rendering/RenderLayerModelObject.h:

(WebCore::RenderLayerModelObject::layer):

Location:
trunk/Source/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r157302 r157306  
     12013-10-11  Commit Queue  <commit-queue@webkit.org>
     2
     3        Unreviewed, rolling out r157297.
     4        http://trac.webkit.org/changeset/157297
     5        https://bugs.webkit.org/show_bug.cgi?id=122651
     6
     7        Caused crashes on multiple platform/mac-wk2/tiled-drawing
     8        tests (Requested by ap on #webkit).
     9
     10        * rendering/RenderLayer.cpp:
     11        (WebCore::RenderLayer::operator new):
     12        (WebCore::RenderLayer::operator delete):
     13        (WebCore::RenderLayer::destroy):
     14        * rendering/RenderLayer.h:
     15        * rendering/RenderLayerModelObject.cpp:
     16        (WebCore::RenderLayerModelObject::RenderLayerModelObject):
     17        (WebCore::RenderLayerModelObject::destroyLayer):
     18        (WebCore::RenderLayerModelObject::ensureLayer):
     19        * rendering/RenderLayerModelObject.h:
     20        (WebCore::RenderLayerModelObject::layer):
     21
    1222013-10-11  Darin Adler  <darin@apple.com>
    223
  • trunk/Source/WebCore/rendering/RenderLayer.cpp

    r157297 r157306  
    17321732}
    17331733
     1734void* RenderLayer::operator new(size_t sz, RenderArena& renderArena)
     1735{
     1736    return renderArena.allocate(sz);
     1737}
     1738
     1739void RenderLayer::operator delete(void* ptr, size_t sz)
     1740{
     1741    // Stash size where destroy can find it.
     1742    *(size_t *)ptr = sz;
     1743}
     1744
     1745void RenderLayer::destroy(RenderArena& renderArena)
     1746{
     1747    delete this;
     1748
     1749    // Recover the size left there for us by operator delete and free the memory.
     1750    renderArena.free(*(size_t *)this, this);
     1751}
     1752
    17341753void RenderLayer::addChild(RenderLayer* child, RenderLayer* beforeChild)
    17351754{
  • trunk/Source/WebCore/rendering/RenderLayer.h

    r157297 r157306  
    749749#endif
    750750
     751    // Overloaded new operator. Derived classes must override operator new
     752    // in order to allocate out of the RenderArena.
     753    void* operator new(size_t, RenderArena&);
     754
     755    // Overridden to prevent the normal delete from being called.
     756    void operator delete(void*, size_t);
     757
    751758#if USE(ACCELERATED_COMPOSITING)
    752759    bool isComposited() const { return m_backing != 0; }
     
    880887
    881888    IntSize clampScrollOffset(const IntSize&) const;
     889
     890    // The normal operator new is disallowed on all render objects.
     891    void* operator new(size_t) throw();
    882892
    883893    void setNextSibling(RenderLayer* next) { m_next = next; }
     
    11081118    friend class RenderLayerModelObject;
    11091119
     1120    // Only safe to call from RenderBoxModelObject::destroyLayer(RenderArena&)
     1121    void destroy(RenderArena&);
     1122
    11101123    LayoutUnit overflowTop() const;
    11111124    LayoutUnit overflowBottom() const;
  • trunk/Source/WebCore/rendering/RenderLayerModelObject.cpp

    r157297 r157306  
    4040RenderLayerModelObject::RenderLayerModelObject(Element* element, unsigned baseTypeFlags)
    4141    : RenderElement(element, baseTypeFlags | RenderLayerModelObjectFlag)
     42    , m_layer(0)
    4243{
    4344}
     
    5455    ASSERT(!hasLayer()); // Callers should have already called setHasLayer(false)
    5556    ASSERT(m_layer);
    56     m_layer = nullptr;
     57    m_layer->destroy(renderArena());
     58    m_layer = 0;
    5759}
    5860
     
    6264        return;
    6365
    64     m_layer = std::make_unique<RenderLayer>(*this);
     66    m_layer = new (renderArena()) RenderLayer(*this);
    6567    setHasLayer(true);
    6668    m_layer->insertOnlyThisLayer();
  • trunk/Source/WebCore/rendering/RenderLayerModelObject.h

    r157297 r157306  
    3939
    4040    bool hasSelfPaintingLayer() const;
    41     RenderLayer* layer() const { return m_layer.get(); }
     41    RenderLayer* layer() const { return m_layer; }
    4242
    4343    virtual void styleWillChange(StyleDifference, const RenderStyle* newStyle) OVERRIDE;
     
    5757
    5858private:
    59     std::unique_ptr<RenderLayer> m_layer;
     59    RenderLayer* m_layer;
    6060
    6161    // Used to store state between styleWillChange and styleDidChange
Note: See TracChangeset for help on using the changeset viewer.