Title: [157306] trunk/Source/WebCore
- Revision
- 157306
- Author
- [email protected]
- Date
- 2013-10-11 09:54:27 -0700 (Fri, 11 Oct 2013)
Log Message
Unreviewed, rolling out r157297.
http://trac.webkit.org/changeset/157297
https://bugs.webkit.org/show_bug.cgi?id=122651
Caused crashes on multiple platform/mac-wk2/tiled-drawing
tests (Requested by ap on #webkit).
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::operator new):
(WebCore::RenderLayer::operator delete):
(WebCore::RenderLayer::destroy):
* rendering/RenderLayer.h:
* rendering/RenderLayerModelObject.cpp:
(WebCore::RenderLayerModelObject::RenderLayerModelObject):
(WebCore::RenderLayerModelObject::destroyLayer):
(WebCore::RenderLayerModelObject::ensureLayer):
* rendering/RenderLayerModelObject.h:
(WebCore::RenderLayerModelObject::layer):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (157305 => 157306)
--- trunk/Source/WebCore/ChangeLog 2013-10-11 16:53:07 UTC (rev 157305)
+++ trunk/Source/WebCore/ChangeLog 2013-10-11 16:54:27 UTC (rev 157306)
@@ -1,3 +1,24 @@
+2013-10-11 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r157297.
+ http://trac.webkit.org/changeset/157297
+ https://bugs.webkit.org/show_bug.cgi?id=122651
+
+ Caused crashes on multiple platform/mac-wk2/tiled-drawing
+ tests (Requested by ap on #webkit).
+
+ * rendering/RenderLayer.cpp:
+ (WebCore::RenderLayer::operator new):
+ (WebCore::RenderLayer::operator delete):
+ (WebCore::RenderLayer::destroy):
+ * rendering/RenderLayer.h:
+ * rendering/RenderLayerModelObject.cpp:
+ (WebCore::RenderLayerModelObject::RenderLayerModelObject):
+ (WebCore::RenderLayerModelObject::destroyLayer):
+ (WebCore::RenderLayerModelObject::ensureLayer):
+ * rendering/RenderLayerModelObject.h:
+ (WebCore::RenderLayerModelObject::layer):
+
2013-10-11 Darin Adler <[email protected]>
Fix build.
Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (157305 => 157306)
--- trunk/Source/WebCore/rendering/RenderLayer.cpp 2013-10-11 16:53:07 UTC (rev 157305)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp 2013-10-11 16:54:27 UTC (rev 157306)
@@ -1731,6 +1731,25 @@
}
}
+void* RenderLayer::operator new(size_t sz, RenderArena& renderArena)
+{
+ return renderArena.allocate(sz);
+}
+
+void RenderLayer::operator delete(void* ptr, size_t sz)
+{
+ // Stash size where destroy can find it.
+ *(size_t *)ptr = sz;
+}
+
+void RenderLayer::destroy(RenderArena& renderArena)
+{
+ delete this;
+
+ // Recover the size left there for us by operator delete and free the memory.
+ renderArena.free(*(size_t *)this, this);
+}
+
void RenderLayer::addChild(RenderLayer* child, RenderLayer* beforeChild)
{
RenderLayer* prevSibling = beforeChild ? beforeChild->previousSibling() : lastChild();
Modified: trunk/Source/WebCore/rendering/RenderLayer.h (157305 => 157306)
--- trunk/Source/WebCore/rendering/RenderLayer.h 2013-10-11 16:53:07 UTC (rev 157305)
+++ trunk/Source/WebCore/rendering/RenderLayer.h 2013-10-11 16:54:27 UTC (rev 157306)
@@ -748,6 +748,13 @@
bool hasBlendMode() const { return false; }
#endif
+ // Overloaded new operator. Derived classes must override operator new
+ // in order to allocate out of the RenderArena.
+ void* operator new(size_t, RenderArena&);
+
+ // Overridden to prevent the normal delete from being called.
+ void operator delete(void*, size_t);
+
#if USE(ACCELERATED_COMPOSITING)
bool isComposited() const { return m_backing != 0; }
bool hasCompositedMask() const;
@@ -880,6 +887,9 @@
IntSize clampScrollOffset(const IntSize&) const;
+ // The normal operator new is disallowed on all render objects.
+ void* operator new(size_t) throw();
+
void setNextSibling(RenderLayer* next) { m_next = next; }
void setPreviousSibling(RenderLayer* prev) { m_previous = prev; }
void setParent(RenderLayer* parent);
@@ -1107,6 +1117,9 @@
friend class RenderLayerCompositor;
friend class RenderLayerModelObject;
+ // Only safe to call from RenderBoxModelObject::destroyLayer(RenderArena&)
+ void destroy(RenderArena&);
+
LayoutUnit overflowTop() const;
LayoutUnit overflowBottom() const;
LayoutUnit overflowLeft() const;
Modified: trunk/Source/WebCore/rendering/RenderLayerModelObject.cpp (157305 => 157306)
--- trunk/Source/WebCore/rendering/RenderLayerModelObject.cpp 2013-10-11 16:53:07 UTC (rev 157305)
+++ trunk/Source/WebCore/rendering/RenderLayerModelObject.cpp 2013-10-11 16:54:27 UTC (rev 157306)
@@ -39,6 +39,7 @@
RenderLayerModelObject::RenderLayerModelObject(Element* element, unsigned baseTypeFlags)
: RenderElement(element, baseTypeFlags | RenderLayerModelObjectFlag)
+ , m_layer(0)
{
}
@@ -53,7 +54,8 @@
{
ASSERT(!hasLayer()); // Callers should have already called setHasLayer(false)
ASSERT(m_layer);
- m_layer = nullptr;
+ m_layer->destroy(renderArena());
+ m_layer = 0;
}
void RenderLayerModelObject::ensureLayer()
@@ -61,7 +63,7 @@
if (m_layer)
return;
- m_layer = std::make_unique<RenderLayer>(*this);
+ m_layer = new (renderArena()) RenderLayer(*this);
setHasLayer(true);
m_layer->insertOnlyThisLayer();
}
Modified: trunk/Source/WebCore/rendering/RenderLayerModelObject.h (157305 => 157306)
--- trunk/Source/WebCore/rendering/RenderLayerModelObject.h 2013-10-11 16:53:07 UTC (rev 157305)
+++ trunk/Source/WebCore/rendering/RenderLayerModelObject.h 2013-10-11 16:54:27 UTC (rev 157306)
@@ -38,7 +38,7 @@
void destroyLayer();
bool hasSelfPaintingLayer() const;
- RenderLayer* layer() const { return m_layer.get(); }
+ RenderLayer* layer() const { return m_layer; }
virtual void styleWillChange(StyleDifference, const RenderStyle* newStyle) OVERRIDE;
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle) OVERRIDE;
@@ -56,7 +56,7 @@
virtual void willBeDestroyed() OVERRIDE;
private:
- std::unique_ptr<RenderLayer> m_layer;
+ RenderLayer* m_layer;
// Used to store state between styleWillChange and styleDidChange
static bool s_wasFloating;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
