Changeset 159218 in webkit

Timestamp:

Nov 13, 2013, 12:03:53 PM (11 years ago)

Author:

Simon Fraser

Message:

ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()) after r135816
​https://bugs.webkit.org/show_bug.cgi?id=103432

Reviewed by Dave Hyatt.

RenderLayer caches repaint rects in m_repaintRect, and on updating layer
positions after scrolling, asserts that the cached rect is correct. However,
this assertion would sometimes fail if we were scrolling as a result of
doing adjustViewSize() in the middle of layout, because we haven't updated
layer positions post-layout yet.

Fix by having the poorly named FrameView::repaintFixedElementsAfterScrolling()
skip the layer updating if this FrameView is inside of adjusetViewSize() in
layout.

In order to know if we're inside view size adjusting, add a LayoutPhase
member to FrameView, replacing two existing bools that track laying out state.

Investigative work showed that there are many, many ways to re-enter FrameView::layout(),
which makes it hard (but desirable) to more assertions about state changes, but
indicated that saving and restoring the state (via TemporaryChange<LayoutPhase>)
was a good idea.

• page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::reset):
(WebCore::FrameView::updateCompositingLayersAfterStyleChange):
(WebCore::FrameView::layout):
(WebCore::FrameView::repaintFixedElementsAfterScrolling):

• page/FrameView.h:

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/FrameView.cpp (modified) (13 diffs)
• page/FrameView.h (modified) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-11-13  Simon Fraser  <simon.fraser@apple.com>
+
+        ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()) after r135816
+        https://bugs.webkit.org/show_bug.cgi?id=103432
+
+        Reviewed by Dave Hyatt.
+
+        RenderLayer caches repaint rects in m_repaintRect, and on updating layer
+        positions after scrolling, asserts that the cached rect is correct. However,
+        this assertion would sometimes fail if we were scrolling as a result of
+        doing adjustViewSize() in the middle of layout, because we haven't updated
+        layer positions post-layout yet.
+        
+        Fix by having the poorly named FrameView::repaintFixedElementsAfterScrolling()
+        skip the layer updating if this FrameView is inside of adjusetViewSize() in
+        layout.
+        
+        In order to know if we're inside view size adjusting, add a LayoutPhase
+        member to FrameView, replacing two existing bools that track laying out state.
+
+        Investigative work showed that there are many, many ways to re-enter FrameView::layout(),
+        which makes it hard (but desirable) to more assertions about state changes, but
+        indicated that saving and restoring the state (via TemporaryChange<LayoutPhase>)
+        was a good idea.
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::FrameView):
+        (WebCore::FrameView::reset):
+        (WebCore::FrameView::updateCompositingLayersAfterStyleChange):
+        (WebCore::FrameView::layout):
+        (WebCore::FrameView::repaintFixedElementsAfterScrolling):
+        * page/FrameView.h:
+
 2013-11-13  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/page/FrameView.cpp

@@ -174 +174 @@
     , m_layoutTimer(this, &FrameView::layoutTimerFired)
     , m_layoutRoot(0)
+    , m_layoutPhase(OutsideLayout)
     , m_inSynchronousPostLayout(false)
     , m_postLayoutTasksTimer(this, &FrameView::postLayoutTimerFired)
@@ -260 +261 @@
     m_needsFullRepaint = true;
     m_layoutSchedulingEnabled = true;
-    m_inLayout = false;
-    m_doingPreLayoutStyleUpdate = false;
+    m_layoutPhase = OutsideLayout;
     m_inSynchronousPostLayout = false;
     m_layoutCount = 0;
@@ -732 +732 @@
 
     // If we expect to update compositing after an incipient layout, don't do so here.
-    if (m_doingPreLayoutStyleUpdate || layoutPending() || renderView->needsLayout())
+    if (inPreLayoutStyleUpdate() || layoutPending() || renderView->needsLayout())
         return;
 
@@ -1066 +1066 @@
 void FrameView::layout(bool allowSubtree)
 {
-    if (m_inLayout)
-        return;
+    if (isInLayout())
+        return;
+
+    // Many of the tasks performed during layout can cause this function to be re-entered,
+    // so save the layout phase now and restore it on exit.
+    TemporaryChange<LayoutPhase> layoutPhaseRestorer(m_layoutPhase, InPreLayout);
 
     // Protect the view from being deleted during layout (in recalcStyle)
@@ -1113 +1117 @@
             // This is a new top-level layout. If there are any remaining tasks from the previous
             // layout, finish them now.
-            m_inSynchronousPostLayout = true;
+            TemporaryChange<bool> inSynchronousPostLayoutChange(m_inSynchronousPostLayout, true);
             performPostLayoutTasks();
-            m_inSynchronousPostLayout = false;
-        }
+        }
+
+        m_layoutPhase = InPreLayoutStyleUpdate;
 
         // Viewport-dependent media queries may cause us to need completely different style information.
@@ -1133 +1138 @@
         // Always ensure our style info is up-to-date. This can happen in situations where
         // the layout beats any sort of style recalc update that needs to occur.
-        TemporaryChange<bool> changeDoingPreLayoutStyleUpdate(m_doingPreLayoutStyleUpdate, true);
         document.updateStyleIfNeeded();
+        m_layoutPhase = InPreLayout;
 
         subtree = m_layoutRoot;
@@ -1198 +1203 @@
                     else
                         m_lastViewportSize = visibleContentRect(IncludeScrollbars).size();
+
                     m_lastZoomFactor = root->style().zoom();
 
@@ -1228 +1234 @@
                 }
             }
+
+            m_layoutPhase = InPreLayout;
         }
 
@@ -1241 +1249 @@
         LayoutStateDisabler layoutStateDisabler(disableLayoutState ? &root->view() : 0);
 
-        m_inLayout = true;
+        ASSERT(m_layoutPhase == InPreLayout);
+        m_layoutPhase = InLayout;
+
         beginDeferredRepaints();
         forceLayoutParentViewIfNeeded();
+
+        ASSERT(m_layoutPhase == InLayout);
+
         root->layout();
 #if ENABLE(IOS_TEXT_AUTOSIZING)
@@ -1260 +1273 @@
 #endif
         endDeferredRepaints();
-        m_inLayout = false;
+
+        ASSERT(m_layoutPhase == InLayout);
 
         if (subtree)
@@ -1270 +1284 @@
     }
 
+    m_layoutPhase = InViewSizeAdjust;
+
     bool neededFullRepaint = m_needsFullRepaint;
 
     if (!subtree && !toRenderView(*root).printing())
         adjustViewSize();
+
+    m_layoutPhase = InPostLayout;
 
     m_needsFullRepaint = neededFullRepaint;
@@ -1315 +1333 @@
                 updateWidgetPositions();
             else {
-                m_inSynchronousPostLayout = true;
+                TemporaryChange<bool> inSynchronousPostLayoutChange(m_inSynchronousPostLayout, true);
                 performPostLayoutTasks(); // Calls resumeScheduledEvents().
-                m_inSynchronousPostLayout = false;
             }
         }
@@ -1948 +1965 @@
 void FrameView::repaintFixedElementsAfterScrolling()
 {
+    // If we're scrolling as a result of updating the view size after layout, we'll update widgets and layer positions soon anyway.
+    if (m_layoutPhase == InViewSizeAdjust)
+        return;
+
     // For fixed position elements, update widget positions and compositing layers after scrolling,
     // but only if we're not inside of layout.

trunk/Source/WebCore/page/FrameView.h

@@ -110 +110 @@
     void unscheduleRelayout();
     bool layoutPending() const;
-    bool isInLayout() const { return m_inLayout; }
+    bool isInLayout() const { return m_layoutPhase == InLayout; }
 
     RenderObject* layoutRoot(bool onlyDuringLayout = false) const;
@@ -447 +447 @@
     void init();
 
+    enum LayoutPhase {
+        OutsideLayout,
+        InPreLayout,
+        InPreLayoutStyleUpdate,
+        InLayout,
+        InViewSizeAdjust,
+        InPostLayout,
+    };
+    LayoutPhase layoutPhase() const { return m_layoutPhase; }
+
+    bool inPreLayoutStyleUpdate() const { return m_layoutPhase == InPreLayoutStyleUpdate; }
+
     virtual bool isFrameView() const OVERRIDE { return true; }
 
@@ -564 +576 @@
     bool m_delayedLayout;
     RenderElement* m_layoutRoot;
-    
+
+    LayoutPhase m_layoutPhase;
     bool m_layoutSchedulingEnabled;
-    bool m_inLayout;
-    bool m_doingPreLayoutStyleUpdate;
     bool m_inSynchronousPostLayout;
     int m_layoutCount;