Skip to site navigation (Press enter)

[webkit-changes] [258589] branches/safari-609-branch/Source/WebCore

alancoon Tue, 17 Mar 2020 14:07:49 -0700

Title: [258589] branches/safari-609-branch/Source/WebCore

Revision: 258589
Author: [email protected]
Date: 2020-03-17 14:06:43 -0700 (Tue, 17 Mar 2020)

Log Message

Apply patch. rdar://problem/60396271

Modified Paths

branches/safari-609-branch/Source/WebCore/ChangeLog
branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.cpp
branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.h
branches/safari-609-branch/Source/WebCore/rendering/RenderLayerFilters.cpp
branches/safari-609-branch/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp

Diff

Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (258588 => 258589)


--- branches/safari-609-branch/Source/WebCore/ChangeLog	2020-03-17 21:04:20 UTC (rev 258588)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog	2020-03-17 21:06:43 UTC (rev 258589)
@@ -1,5 +1,31 @@
 2020-03-17  Alan Coon  <[email protected]>
 
+        Apply patch. rdar://problem/60396271
+
+    2020-03-17  Zalan Bujtas  <[email protected]>
+
+            SVG filter triggers unstable layout.
+            https://bugs.webkit.org/show_bug.cgi?id=207444
+            rdar://problem/59297004
+
+            Reviewed by Simon Fraser.
+
+            SVG filter code marks DOM nodes dirty and schedules style recalc outside of the SVG root
+            while in layout. This could lead to unstable layout and cause battery drain.
+            (See webkit.org/b/208903)
+
+            * rendering/RenderLayer.cpp: Remove filterNeedsRepaint(). It's a dangerously misleading name and should
+            not be part of RenderLayer.
+            (WebCore::RenderLayer::calculateClipRects const):
+            * rendering/RenderLayer.h:
+            * rendering/RenderLayerFilters.cpp:
+            (WebCore::RenderLayerFilters::notifyFinished):
+            * rendering/svg/RenderSVGResourceContainer.cpp:
+            (WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation):
+            (WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):
+
+2020-03-17  Alan Coon  <[email protected]>
+
         Cherry-pick r258459. rdar://problem/60539192
 
     SVGMatrix should have the access right of its owner SVGTransform always

Modified: branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.cpp (258588 => 258589)


--- branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.cpp	2020-03-17 21:04:20 UTC (rev 258588)
+++ branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.cpp	2020-03-17 21:06:43 UTC (rev 258589)
@@ -6908,16 +6908,6 @@
     m_filters->buildFilter(renderer(), page().deviceScaleFactor(), renderer().settings().acceleratedFiltersEnabled() ? Accelerated : Unaccelerated);
 }
 
-void RenderLayer::filterNeedsRepaint()
-{
-    // We use the enclosing element so that we recalculate style for the ancestor of an anonymous object.
-    if (Element* element = enclosingElement()) {
-        // FIXME: This really shouldn't have to invalidate layer composition, but tests like css3/filters/effect-reference-delete.html fail if that doesn't happen.
-        element->invalidateStyleAndLayerComposition();
-    }
-    renderer().repaint();
-}
-
 IntOutsets RenderLayer::filterOutsets() const
 {
     if (m_filters)

Modified: branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.h (258588 => 258589)


--- branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.h	2020-03-17 21:04:20 UTC (rev 258588)
+++ branches/safari-609-branch/Source/WebCore/rendering/RenderLayer.h	2020-03-17 21:06:43 UTC (rev 258589)
@@ -794,7 +794,6 @@
     bool has3DTransform() const { return m_transform && !m_transform->isAffine(); }
     bool hasTransformedAncestor() const { return m_hasTransformedAncestor; }
 
-    void filterNeedsRepaint();
     bool hasFilter() const { return renderer().hasFilter(); }
     bool hasFilterOutsets() const { return !filterOutsets().isZero(); }
     IntOutsets filterOutsets() const;

Modified: branches/safari-609-branch/Source/WebCore/rendering/RenderLayerFilters.cpp (258588 => 258589)


--- branches/safari-609-branch/Source/WebCore/rendering/RenderLayerFilters.cpp	2020-03-17 21:04:20 UTC (rev 258588)
+++ branches/safari-609-branch/Source/WebCore/rendering/RenderLayerFilters.cpp	2020-03-17 21:06:43 UTC (rev 258589)
@@ -67,7 +67,11 @@
 
 void RenderLayerFilters::notifyFinished(CachedResource&)
 {
-    m_layer.filterNeedsRepaint();
+    // FIXME: This really shouldn't have to invalidate layer composition,
+    // but tests like css3/filters/effect-reference-delete.html fail if that doesn't happen.
+    if (auto* enclosingElement = m_layer.enclosingElement())
+        enclosingElement->invalidateStyleAndLayerComposition();
+    m_layer.renderer().repaint();
 }
 
 void RenderLayerFilters::updateReferenceFilterClients(const FilterOperations& operations)

Modified: branches/safari-609-branch/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp (258588 => 258589)


--- branches/safari-609-branch/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2020-03-17 21:04:20 UTC (rev 258588)
+++ branches/safari-609-branch/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2020-03-17 21:06:43 UTC (rev 258589)
@@ -26,6 +26,7 @@
 #include "SVGRenderingContext.h"
 #include "SVGResourcesCache.h"
 #include <wtf/IsoMallocInlines.h>
+#include <wtf/SetForScope.h>
 #include <wtf/StackStats.h>
 
 namespace WebCore {
@@ -91,10 +92,13 @@
 
 void RenderSVGResourceContainer::markAllClientsForInvalidation(InvalidationMode mode)
 {
+    // FIXME: Style invalidation should either be a pre-layout task or this function
+    // should never get called while in layout. See webkit.org/b/208903.
     if ((m_clients.isEmpty() && m_clientLayers.isEmpty()) || m_isInvalidating)
         return;
 
-    m_isInvalidating = true;
+    SetForScope<bool> isInvalidating(m_isInvalidating, true);
+
     bool needsLayout = mode == LayoutAndBoundariesInvalidation;
     bool markForInvalidation = mode != ParentOnlyInvalidation;
     auto* root = SVGRenderSupport::findTreeRootObject(*this);
@@ -116,8 +120,6 @@
     }
 
     markAllClientLayersForInvalidation();
-
-    m_isInvalidating = false;
 }
 
 void RenderSVGResourceContainer::markAllClientLayersForInvalidation()
@@ -124,10 +126,23 @@
 {
     if (m_clientLayers.isEmpty())
         return;
-    if ((*m_clientLayers.begin())->renderer().renderTreeBeingDestroyed())
+
+    auto& document = (*m_clientLayers.begin())->renderer().document();
+    if (!document.view() || document.renderTreeBeingDestroyed())
         return;
-    for (auto* clientLayer : m_clientLayers)
-        clientLayer->filterNeedsRepaint();
+
+    auto inLayout = document.view()->layoutContext().isInLayout();
+    for (auto* clientLayer : m_clientLayers) {
+        // FIXME: We should not get here while in layout. See webkit.org/b/208903.
+        // Repaint should also be triggered through some other means.
+        if (inLayout) {
+            clientLayer->renderer().repaint();
+            continue;
+        }
+        if (auto* enclosingElement = clientLayer->enclosingElement())
+            enclosingElement->invalidateStyleAndLayerComposition();
+        clientLayer->renderer().repaint();
+    }
 }
 
 void RenderSVGResourceContainer::markClientForInvalidation(RenderObject& client, InvalidationMode mode)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes