Diff
Modified: trunk/Source/WebCore/ChangeLog (170450 => 170451)
--- trunk/Source/WebCore/ChangeLog 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/ChangeLog 2014-06-26 00:51:05 UTC (rev 170451)
@@ -1,3 +1,57 @@
+2014-06-25 Beth Dakin <bda...@apple.com>
+
+ Crash in ScrollingTree::isRubberBandInProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=134316
+ -and corresponding-
+ <rdar://problem/16247911>
+
+ Reviewed by Geoffrey Garen.
+
+ This crash appears to have been caused by http://trac.webkit.org/changeset/161276
+ which moved the ScrollingNode creation code from ScrollingTree over to
+ ScrollingCoordinator. This creates a thread safety issue. In the crashing case, we
+ believe that the ScrollingCoordinator's ScrollingTree pointer had been null-ed out
+ even though the ScrollingTree was kept alive by the bind call to propagate
+ commitNewTreeState() over to the scrolling thread. The fix is to move node
+ creation back to the ScrollingTree and to use the this pointer to create new
+ nodes rather than the ScrollingCoordinator's ScrollingTree pointer.
+
+ Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
+ * page/scrolling/AsyncScrollingCoordinator.h:
+
+ Re-name createNode to createScrollingTreeNode().
+ * page/scrolling/ScrollingTree.cpp:
+ (WebCore::ScrollingTree::updateTreeFromStateNode):
+ * page/scrolling/ScrollingTree.h:
+
+ Remove this implementation of createNode that called into the
+ ScrollingCoordinator.
+ * page/scrolling/ThreadedScrollingTree.cpp:
+ (WebCore::ThreadedScrollingTree::createNode): Deleted.
+ * page/scrolling/ThreadedScrollingTree.h:
+
+ Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
+ * page/scrolling/ios/ScrollingCoordinatorIOS.h:
+ * page/scrolling/ios/ScrollingCoordinatorIOS.mm:
+ (WebCore::ScrollingCoordinatorIOS::createScrollingTreeNode): Deleted.
+
+ Re-name createNode to createScrollingTreeNode, and actually create the nodes here.
+ * page/scrolling/ios/ScrollingTreeIOS.cpp:
+ (WebCore::ScrollingTreeIOS::createScrollingTreeNode):
+ (WebCore::ScrollingTreeIOS::createNode): Deleted.
+ * page/scrolling/ios/ScrollingTreeIOS.h:
+
+ Don't allow ScrollingCoordinator to handle ScrollingTreeNode creation.
+ * page/scrolling/mac/ScrollingCoordinatorMac.h:
+ * page/scrolling/mac/ScrollingCoordinatorMac.mm:
+ (WebCore::ScrollingCoordinatorMac::createScrollingTreeNode): Deleted.
+
+ Add the implementation of createScrollingTreeNode() for the Mac to
+ ScrollingTreeMac since it can create Mac-specific nodes.
+ * page/scrolling/mac/ScrollingTreeMac.cpp:
+ (ScrollingTreeMac::createScrollingTreeNode):
+ * page/scrolling/mac/ScrollingTreeMac.h:
+
2014-06-25 Enrica Casucci <enr...@apple.com>
iOS build fix after http://trac.webkit.org/changeset/170447.
Modified: trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -53,8 +53,6 @@
ScrollingTree* scrollingTree() const { return m_scrollingTree.get(); }
- virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) = 0;
-
void scrollingStateTreePropertiesChanged();
void scheduleUpdateScrollPositionAfterAsyncScroll(ScrollingNodeID, const FloatPoint&, bool programmaticScroll, SetOrSyncScrollingLayerPosition);
Modified: trunk/Source/WebCore/page/scrolling/ScrollingTree.cpp (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ScrollingTree.cpp 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ScrollingTree.cpp 2014-06-26 00:51:05 UTC (rev 170451)
@@ -172,7 +172,7 @@
if (it != m_nodeMap.end())
node = it->value;
else {
- node = createNode(stateNode->nodeType(), nodeID);
+ node = createScrollingTreeNode(stateNode->nodeType(), nodeID);
if (!parentNodeID) {
// This is the root node. Clear the node map.
ASSERT(stateNode->nodeType() == FrameScrollingNode);
Modified: trunk/Source/WebCore/page/scrolling/ScrollingTree.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ScrollingTree.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ScrollingTree.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -71,6 +71,8 @@
void setMainFramePinState(bool pinnedToTheLeft, bool pinnedToTheRight, bool pinnedToTheTop, bool pinnedToTheBottom);
+ virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) = 0;
+
// Called after a scrolling tree node has handled a scroll and updated its layers.
// Updates FrameView/RenderLayer scrolling state and GraphicsLayers.
virtual void scrollingTreeNodeDidScroll(ScrollingNodeID, const FloatPoint& scrollPosition, SetOrSyncScrollingLayerPosition = SyncScrollingLayerPosition) = 0;
@@ -135,8 +137,6 @@
typedef HashMap<ScrollingNodeID, RefPtr<ScrollingTreeNode>> OrphanScrollingNodeMap;
void updateTreeFromStateNode(const ScrollingStateNode*, OrphanScrollingNodeMap&);
- virtual PassRefPtr<ScrollingTreeNode> createNode(ScrollingNodeType, ScrollingNodeID) = 0;
-
ScrollingTreeNode* nodeForID(ScrollingNodeID) const;
RefPtr<ScrollingTreeNode> m_rootNode;
Modified: trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.cpp (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.cpp 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.cpp 2014-06-26 00:51:05 UTC (rev 170451)
@@ -116,11 +116,6 @@
}
#endif
-PassRefPtr<ScrollingTreeNode> ThreadedScrollingTree::createNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
-{
- return m_scrollingCoordinator->createScrollingTreeNode(nodeType, nodeID);
-}
-
} // namespace WebCore
#endif // ENABLE(ASYNC_SCROLLING)
Modified: trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ThreadedScrollingTree.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -59,8 +59,6 @@
protected:
explicit ThreadedScrollingTree(AsyncScrollingCoordinator*);
- virtual PassRefPtr<ScrollingTreeNode> createNode(ScrollingNodeType, ScrollingNodeID) override;
-
virtual void scrollingTreeNodeDidScroll(ScrollingNodeID, const FloatPoint& scrollPosition, SetOrSyncScrollingLayerPosition = SyncScrollingLayerPosition) override;
#if PLATFORM(MAC)
virtual void handleWheelEventPhase(PlatformWheelEventPhase) override;
Modified: trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -51,7 +51,6 @@
virtual bool handleWheelEvent(FrameView*, const PlatformWheelEvent&) override { return false; }
private:
- virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) override;
virtual void scheduleTreeStateCommit() override;
void scrollingStateTreeCommitterTimerFired(Timer<ScrollingCoordinatorIOS>*);
Modified: trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.mm (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.mm 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ios/ScrollingCoordinatorIOS.mm 2014-06-26 00:51:05 UTC (rev 170451)
@@ -104,25 +104,7 @@
// FIXME: figure out how to commit.
}
-PassRefPtr<ScrollingTreeNode> ScrollingCoordinatorIOS::createScrollingTreeNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
-{
- ASSERT(scrollingTree());
- switch (nodeType) {
- case FrameScrollingNode:
- return ScrollingTreeFrameScrollingNodeIOS::create(*scrollingTree(), nodeID);
- case OverflowScrollingNode:
- ASSERT_NOT_REACHED();
- return nullptr;
- case FixedNode:
- return ScrollingTreeFixedNode::create(*scrollingTree(), nodeID);
- case StickyNode:
- return ScrollingTreeStickyNode::create(*scrollingTree(), nodeID);
- }
- return nullptr;
-}
-
-
} // namespace WebCore
#endif // ENABLE(ASYNC_SCROLLING)
Modified: trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.cpp (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.cpp 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.cpp 2014-06-26 00:51:05 UTC (rev 170451)
@@ -32,6 +32,7 @@
#include "PlatformWheelEvent.h"
#include "ScrollingThread.h"
#include "ScrollingTreeFixedNode.h"
+#include "ScrollingTreeFrameScrollingNodeIOS.h"
#include "ScrollingTreeNode.h"
#include "ScrollingTreeScrollingNode.h"
#include "ScrollingTreeStickyNode.h"
@@ -92,9 +93,20 @@
callOnMainThread(bind(&AsyncScrollingCoordinator::scheduleUpdateScrollPositionAfterAsyncScroll, m_scrollingCoordinator.get(), nodeID, scrollPosition, isHandlingProgrammaticScroll(), scrollingLayerPositionAction));
}
-PassRefPtr<ScrollingTreeNode> ScrollingTreeIOS::createNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
+PassRefPtr<ScrollingTreeNode> ScrollingTreeIOS::createScrollingTreeNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
{
- return m_scrollingCoordinator->createScrollingTreeNode(nodeType, nodeID);
+ switch (nodeType) {
+ case FrameScrollingNode:
+ return ScrollingTreeFrameScrollingNodeIOS::create(*this, nodeID);
+ case OverflowScrollingNode:
+ ASSERT_NOT_REACHED();
+ return nullptr;
+ case FixedNode:
+ return ScrollingTreeFixedNode::create(*this, nodeID);
+ case StickyNode:
+ return ScrollingTreeStickyNode::create(*this, nodeID);
+ }
+ return nullptr;
}
FloatRect ScrollingTreeIOS::fixedPositionRect()
Modified: trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/ios/ScrollingTreeIOS.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -54,7 +54,7 @@
explicit ScrollingTreeIOS(AsyncScrollingCoordinator*);
virtual bool isScrollingTreeIOS() const override { return true; }
- virtual PassRefPtr<ScrollingTreeNode> createNode(ScrollingNodeType, ScrollingNodeID) override;
+ virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) override;
virtual void scrollingTreeNodeDidScroll(ScrollingNodeID, const FloatPoint& scrollPosition, SetOrSyncScrollingLayerPosition = SyncScrollingLayerPosition) override;
Modified: trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -51,7 +51,6 @@
virtual bool handleWheelEvent(FrameView*, const PlatformWheelEvent&) override;
private:
- virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) override;
virtual void scheduleTreeStateCommit() override;
void scrollingStateTreeCommitterTimerFired(Timer<ScrollingCoordinatorMac>*);
Modified: trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm 2014-06-26 00:51:05 UTC (rev 170451)
@@ -142,24 +142,6 @@
tiledBacking->setScrollingModeIndication(indicatorMode);
}
-PassRefPtr<ScrollingTreeNode> ScrollingCoordinatorMac::createScrollingTreeNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
-{
- ASSERT(scrollingTree());
-
- switch (nodeType) {
- case FrameScrollingNode:
- return ScrollingTreeFrameScrollingNodeMac::create(*scrollingTree(), nodeID);
- case OverflowScrollingNode:
- ASSERT_NOT_REACHED();
- return nullptr;
- case FixedNode:
- return ScrollingTreeFixedNode::create(*scrollingTree(), nodeID);
- case StickyNode:
- return ScrollingTreeStickyNode::create(*scrollingTree(), nodeID);
- }
- return nullptr;
-}
-
} // namespace WebCore
#endif // ENABLE(ASYNC_SCROLLING) && PLATFORM(MAC)
Modified: trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.cpp (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.cpp 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.cpp 2014-06-26 00:51:05 UTC (rev 170451)
@@ -26,6 +26,10 @@
#include "config.h"
#include "ScrollingTreeMac.h"
+#include "ScrollingTreeFixedNode.h"
+#include "ScrollingTreeFrameScrollingNodeMac.h"
+#include "ScrollingTreeStickyNode.h"
+
#if ENABLE(ASYNC_SCROLLING) && PLATFORM(MAC)
using namespace WebCore;
@@ -40,4 +44,20 @@
{
}
+PassRefPtr<ScrollingTreeNode> ScrollingTreeMac::createScrollingTreeNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
+{
+ switch (nodeType) {
+ case FrameScrollingNode:
+ return ScrollingTreeFrameScrollingNodeMac::create(*this, nodeID);
+ case OverflowScrollingNode:
+ ASSERT_NOT_REACHED();
+ return nullptr;
+ case FixedNode:
+ return ScrollingTreeFixedNode::create(*this, nodeID);
+ case StickyNode:
+ return ScrollingTreeStickyNode::create(*this, nodeID);
+ }
+ return nullptr;
+}
+
#endif // ENABLE(ASYNC_SCROLLING) && PLATFORM(MAC)
Modified: trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.h (170450 => 170451)
--- trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebCore/page/scrolling/mac/ScrollingTreeMac.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -35,6 +35,9 @@
class ScrollingTreeMac : public ThreadedScrollingTree {
public:
static RefPtr<ScrollingTreeMac> create(AsyncScrollingCoordinator*);
+
+ virtual PassRefPtr<ScrollingTreeNode> createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID) override;
+
private:
explicit ScrollingTreeMac(AsyncScrollingCoordinator*);
Modified: trunk/Source/WebKit2/ChangeLog (170450 => 170451)
--- trunk/Source/WebKit2/ChangeLog 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebKit2/ChangeLog 2014-06-26 00:51:05 UTC (rev 170451)
@@ -1,3 +1,23 @@
+2014-06-25 Beth Dakin <bda...@apple.com>
+
+ Crash in ScrollingTree::isRubberBandInProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=134316
+ -and corresponding-
+ <rdar://problem/16247911>
+
+ Reviewed by Geoffrey Garen.
+
+ Move all ScrollingTreeNode creation from ScrollingCoordinator subclasses into
+ ScrollingTree subclasses.
+
+ * UIProcess/Scrolling/RemoteScrollingTree.cpp:
+ (WebKit::RemoteScrollingTree::createScrollingTreeNode):
+ (WebKit::RemoteScrollingTree::createNode): Deleted.
+ * UIProcess/Scrolling/RemoteScrollingTree.h:
+ * WebProcess/Scrolling/RemoteScrollingCoordinator.h:
+ * WebProcess/Scrolling/RemoteScrollingCoordinator.mm:
+ (WebKit::RemoteScrollingCoordinator::createScrollingTreeNode): Deleted.
+
2014-06-25 Dan Bernstein <m...@apple.com>
Web process should become active when sent a message that requires a callback
Modified: trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.cpp (170450 => 170451)
--- trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.cpp 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.cpp 2014-06-26 00:51:05 UTC (rev 170451)
@@ -99,7 +99,7 @@
m_scrollingCoordinatorProxy.scrollingTreeNodeRequestsScroll(nodeID, scrollPosition, representsProgrammaticScroll);
}
-PassRefPtr<ScrollingTreeNode> RemoteScrollingTree::createNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
+PassRefPtr<ScrollingTreeNode> RemoteScrollingTree::createScrollingTreeNode(ScrollingNodeType nodeType, ScrollingNodeID nodeID)
{
switch (nodeType) {
case FrameScrollingNode:
Modified: trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.h (170450 => 170451)
--- trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebKit2/UIProcess/Scrolling/RemoteScrollingTree.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -61,7 +61,7 @@
virtual void scrollingTreeNodeWillStartPanGesture() override;
#endif
- virtual PassRefPtr<WebCore::ScrollingTreeNode> createNode(WebCore::ScrollingNodeType, WebCore::ScrollingNodeID);
+ virtual PassRefPtr<WebCore::ScrollingTreeNode> createScrollingTreeNode(WebCore::ScrollingNodeType, WebCore::ScrollingNodeID) override;
RemoteScrollingCoordinatorProxy& m_scrollingCoordinatorProxy;
};
Modified: trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.h (170450 => 170451)
--- trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.h 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.h 2014-06-26 00:51:05 UTC (rev 170451)
@@ -64,7 +64,6 @@
virtual bool coordinatesScrollingForFrameView(WebCore::FrameView*) const override;
virtual void scheduleTreeStateCommit() override;
- virtual PassRefPtr<WebCore::ScrollingTreeNode> createScrollingTreeNode(WebCore::ScrollingNodeType, WebCore::ScrollingNodeID) override;
virtual bool isRubberBandInProgress() const override;
virtual void setScrollPinningBehavior(WebCore::ScrollPinningBehavior) override;
Modified: trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.mm (170450 => 170451)
--- trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.mm 2014-06-26 00:34:58 UTC (rev 170450)
+++ trunk/Source/WebKit2/WebProcess/Scrolling/RemoteScrollingCoordinator.mm 2014-06-26 00:51:05 UTC (rev 170451)
@@ -67,13 +67,6 @@
m_webPage->drawingArea()->scheduleCompositingLayerFlush();
}
-PassRefPtr<ScrollingTreeNode> RemoteScrollingCoordinator::createScrollingTreeNode(ScrollingNodeType, ScrollingNodeID)
-{
- // We never created scrolling nodes in the WebProcess with remote scrolling.
- ASSERT_NOT_REACHED();
- return nullptr;
-}
-
bool RemoteScrollingCoordinator::coordinatesScrollingForFrameView(FrameView* frameView) const
{
RenderView* renderView = frameView->renderView();
