[webkit-changes] [187096] branches/safari-601.1-branch/Source/WebKit2

[matthew_hanson]

Title: [187096] branches/safari-601.1-branch/Source/WebKit2

Revision

187096

Author

matthew_han...@apple.com

Date

2015-07-20 22:35:33 -0700 (Mon, 20 Jul 2015)

Log Message

Merge r187050. rdar://problem/21582858

Modified Paths

branches/safari-601.1-branch/Source/WebKit2/ChangeLog
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm

Diff

Modified: branches/safari-601.1-branch/Source/WebKit2/ChangeLog (187095 => 187096)

--- branches/safari-601.1-branch/Source/WebKit2/ChangeLog	2015-07-21 05:33:50 UTC (rev 187095)
+++ branches/safari-601.1-branch/Source/WebKit2/ChangeLog	2015-07-21 05:35:33 UTC (rev 187096)
@@ -1,5 +1,34 @@
 2015-07-20  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r187050. rdar://problem/21582858
+
+    2015-07-20  Wenson Hsieh  <wenson_hs...@apple.com>
+
+            Fix crash due to RemoteLayerTreeDisplayRefreshMonitor outliving RemoteLayerTreeDrawingArea
+            https://bugs.webkit.org/show_bug.cgi?id=147124
+            <rdar://problem/21582858>
+
+            Reviewed by Simon Fraser.
+
+            Refactors RemoteLayerTreeDisplayRefreshMonitor to use a weak pointer rather than a reference
+            to its RemoteLayerTreeDrawingArea, since the drawing area may be deallocated before the monitor
+            in some rare cases. This rarely caused pages using requestAnimationFrame to crash on iOS. However,
+            this should not be the case: logically, a RemoteLayerTreeDrawingArea should always outlive its
+            refresh monitors. Refer to https://bugs.webkit.org/show_bug.cgi?id=147128 for more details.
+
+            * WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h:
+            * WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm:
+            (WebKit::RemoteLayerTreeDisplayRefreshMonitor::RemoteLayerTreeDisplayRefreshMonitor):
+            (WebKit::RemoteLayerTreeDisplayRefreshMonitor::~RemoteLayerTreeDisplayRefreshMonitor): On destruction, checks
+                first to see whether or not the drawing area has been deallocated before telling it to update its monitors.
+            (WebKit::RemoteLayerTreeDisplayRefreshMonitor::requestRefreshCallback):
+            * WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
+            (WebKit::RemoteLayerTreeDrawingArea::createWeakPtr): Creates and returns a new weak pointer to itself.
+            * WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
+            (WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea):
+
+2015-07-20  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r187054. rdar://problem/21823349
 
     2015-07-20  Simon Fraser  <simon.fra...@apple.com>

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h (187095 => 187096)

--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h	2015-07-21 05:33:50 UTC (rev 187095)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h	2015-07-21 05:35:33 UTC (rev 187096)
@@ -49,7 +49,7 @@
 private:
     explicit RemoteLayerTreeDisplayRefreshMonitor(PlatformDisplayID, RemoteLayerTreeDrawingArea&);
 
-    RemoteLayerTreeDrawingArea& m_drawingArea;
+    WeakPtr<RemoteLayerTreeDrawingArea> m_drawingArea;
 };
 
 }

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm (187095 => 187096)

--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm	2015-07-21 05:33:50 UTC (rev 187095)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm	2015-07-21 05:35:33 UTC (rev 187096)
@@ -36,22 +36,23 @@
 
 RemoteLayerTreeDisplayRefreshMonitor::RemoteLayerTreeDisplayRefreshMonitor(PlatformDisplayID displayID, RemoteLayerTreeDrawingArea& drawingArea)
     : DisplayRefreshMonitor(displayID)
-    , m_drawingArea(drawingArea)
+    , m_drawingArea(drawingArea.createWeakPtr())
 {
 }
 
 RemoteLayerTreeDisplayRefreshMonitor::~RemoteLayerTreeDisplayRefreshMonitor()
 {
-    m_drawingArea.willDestroyDisplayRefreshMonitor(this);
+    if (m_drawingArea)
+        m_drawingArea->willDestroyDisplayRefreshMonitor(this);
 }
 
 bool RemoteLayerTreeDisplayRefreshMonitor::requestRefreshCallback()
 {
-    if (!isActive())
+    if (!m_drawingArea || !isActive())
         return false;
 
     if (!isScheduled())
-        static_cast<DrawingArea&>(m_drawingArea).scheduleCompositingLayerFlush();
+        static_cast<DrawingArea&>(*m_drawingArea.get()).scheduleCompositingLayerFlush();
 
     setIsActive(true);
     setIsScheduled(true);

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h (187095 => 187096)

--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h	2015-07-21 05:33:50 UTC (rev 187095)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h	2015-07-21 05:35:33 UTC (rev 187096)
@@ -56,6 +56,8 @@
 
     uint64_t nextTransactionID() const { return m_currentTransactionID + 1; }
 
+    WeakPtr<RemoteLayerTreeDrawingArea> createWeakPtr() { return m_weakPtrFactory.createWeakPtr(); }
+    
 private:
     // DrawingArea
     virtual void setNeedsDisplay() override;
@@ -166,6 +168,8 @@
 
     WebCore::GraphicsLayer* m_contentLayer;
     WebCore::GraphicsLayer* m_viewOverlayRootLayer;
+    
+    WeakPtrFactory<RemoteLayerTreeDrawingArea> m_weakPtrFactory;
 };
 
 } // namespace WebKit

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm (187095 => 187096)

--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm	2015-07-21 05:33:50 UTC (rev 187095)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm	2015-07-21 05:35:33 UTC (rev 187096)
@@ -72,6 +72,7 @@
     , m_currentTransactionID(0)
     , m_contentLayer(nullptr)
     , m_viewOverlayRootLayer(nullptr)
+    , m_weakPtrFactory(this)
 {
     webPage.corePage()->settings().setForceCompositingMode(true);
 #if PLATFORM(IOS)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes