- Revision
- 162956
- Author
- mmaxfi...@apple.com
- Date
- 2014-01-28 13:53:22 -0800 (Tue, 28 Jan 2014)
Log Message
Fixing several incorrect assumptions with handling isolated inlines.
https://bugs.webkit.org/show_bug.cgi?id=127608
Reviewed by Dave Hyatt.
Source/WebCore:
First, when an isolated inline spans multiple lines, we aren't guaranteed
to exit BidiResolver with a nested inline count of zero. Removing the
assert that says otherwise.
Previously in constructBidiRunsForSegment, we called bidiFirst in
an attempt to properly setup the isolatedResolver for any dom/style
that applied, but this only worked on the first line the isolated
inline appeared in. Adding a function that approaches this properly
by recursing through the parents of the starting object for the line
and post-fixing direction attributes to the resolver.
Finally, addressing an issue where the line following a removed isolated
inline (with a continuation) failed to be marked dirty.
Merged from Blink: https://chromium.googlesource.com/chromium/blink/+/72698f203b1c50900e535b80945563b92b7eef23
Tests: fast/text/nested-bidi-assert.html
fast/text/nested-bidi-with-continuation-crash.html
* platform/text/BidiResolver.h:
(WebCore::Run>::~BidiResolver):
* rendering/RenderBlockLineLayout.cpp:
(WebCore::setupResolverToResumeInIsolate):
(WebCore::constructBidiRunsForSegment):
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
LayoutTests:
See file-specific info.
Merged from Blink: https://chromium.googlesource.com/chromium/blink/+/72698f203b1c50900e535b80945563b92b7eef23
* fast/text/nested-bidi-assert-expected.txt: Added.
* fast/text/nested-bidi-assert.html: Added. Tests that no crash occurs
when an isolated inline spans several lines
* fast/text/nested-bidi-with-continuation-crash-expected.txt: Added.
* fast/text/nested-bidi-with-continuation-crash.html: Added. Tests that
no crash occurs when additional isolates need to be set up for a
continuation
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (162955 => 162956)
--- trunk/LayoutTests/ChangeLog 2014-01-28 21:42:37 UTC (rev 162955)
+++ trunk/LayoutTests/ChangeLog 2014-01-28 21:53:22 UTC (rev 162956)
@@ -1,3 +1,22 @@
+2014-01-28 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ Fixing several incorrect assumptions with handling isolated inlines.
+ https://bugs.webkit.org/show_bug.cgi?id=127608
+
+ Reviewed by Dave Hyatt.
+
+ See file-specific info.
+
+ Merged from Blink: https://chromium.googlesource.com/chromium/blink/+/72698f203b1c50900e535b80945563b92b7eef23
+
+ * fast/text/nested-bidi-assert-expected.txt: Added.
+ * fast/text/nested-bidi-assert.html: Added. Tests that no crash occurs
+ when an isolated inline spans several lines
+ * fast/text/nested-bidi-with-continuation-crash-expected.txt: Added.
+ * fast/text/nested-bidi-with-continuation-crash.html: Added. Tests that
+ no crash occurs when additional isolates need to be set up for a
+ continuation
+
2014-01-28 Antti Koivisto <an...@apple.com>
Rebase fast/repaint/background-shorthand-with-gradient-and-height-changes.html after https://trac.webkit.org/r162947
Added: trunk/LayoutTests/fast/text/nested-bidi-assert-expected.txt (0 => 162956)
--- trunk/LayoutTests/fast/text/nested-bidi-assert-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/nested-bidi-assert-expected.txt 2014-01-28 21:53:22 UTC (rev 162956)
@@ -0,0 +1 @@
+Test passes if there are no asserts in debug builds.
Added: trunk/LayoutTests/fast/text/nested-bidi-assert.html (0 => 162956)
--- trunk/LayoutTests/fast/text/nested-bidi-assert.html (rev 0)
+++ trunk/LayoutTests/fast/text/nested-bidi-assert.html 2014-01-28 21:53:22 UTC (rev 162956)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<div id="test"><output><br><output>foo<br>bar<output>baz</output></output></output><br></div>
+<div>Test passes if there are no asserts in debug builds.</div>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+var div = document.getElementById("test");
+div.offsetTop;
+div.parentNode.removeChild(div);
+</script>
\ No newline at end of file
Added: trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash-expected.txt (0 => 162956)
--- trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash-expected.txt 2014-01-28 21:53:22 UTC (rev 162956)
@@ -0,0 +1 @@
+Test passes if no crashes with asan.
Added: trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash.html (0 => 162956)
--- trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash.html (rev 0)
+++ trunk/LayoutTests/fast/text/nested-bidi-with-continuation-crash.html 2014-01-28 21:53:22 UTC (rev 162956)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<body _onload_="runTest();">
+<script>
+function reference(domNode)
+{
+ this.domNode = domNode;
+}
+function walk(a, currentPrefix, index, domNode)
+{
+ if (domNode == null)
+ return;
+ newPrefix = currentPrefix + "_" + index;
+ walk(a, currentPrefix, index + 1, domNode.nextSibling);
+ walk(a, newPrefix, 0, domNode.firstChild);
+ a[newPrefix] = new reference(domNode);
+}
+function clearAllNodes()
+{
+ var a = new Array();
+ walk(a, "", 0, document.body);
+ for (key in a)
+ {
+ document.body.offsetTop;
+ a[key].domNode.parentNode.removeChild(a[key].domNode);
+ }
+}
+function runTest() {
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ clearAllNodes();
+ document.write("Test passes if no crashes with asan.")
+}
+</script>
+<output> <div> <pre> <div> </div></div>f<div> </div>
+<output>o</output>
+<a><u><textarea></textarea>
+<br></br>
+</u>
Modified: trunk/Source/WebCore/ChangeLog (162955 => 162956)
--- trunk/Source/WebCore/ChangeLog 2014-01-28 21:42:37 UTC (rev 162955)
+++ trunk/Source/WebCore/ChangeLog 2014-01-28 21:53:22 UTC (rev 162956)
@@ -1,3 +1,37 @@
+2014-01-28 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ Fixing several incorrect assumptions with handling isolated inlines.
+ https://bugs.webkit.org/show_bug.cgi?id=127608
+
+ Reviewed by Dave Hyatt.
+
+ First, when an isolated inline spans multiple lines, we aren't guaranteed
+ to exit BidiResolver with a nested inline count of zero. Removing the
+ assert that says otherwise.
+
+ Previously in constructBidiRunsForSegment, we called bidiFirst in
+ an attempt to properly setup the isolatedResolver for any dom/style
+ that applied, but this only worked on the first line the isolated
+ inline appeared in. Adding a function that approaches this properly
+ by recursing through the parents of the starting object for the line
+ and post-fixing direction attributes to the resolver.
+
+ Finally, addressing an issue where the line following a removed isolated
+ inline (with a continuation) failed to be marked dirty.
+
+ Merged from Blink: https://chromium.googlesource.com/chromium/blink/+/72698f203b1c50900e535b80945563b92b7eef23
+
+ Tests: fast/text/nested-bidi-assert.html
+ fast/text/nested-bidi-with-continuation-crash.html
+
+ * platform/text/BidiResolver.h:
+ (WebCore::Run>::~BidiResolver):
+ * rendering/RenderBlockLineLayout.cpp:
+ (WebCore::setupResolverToResumeInIsolate):
+ (WebCore::constructBidiRunsForSegment):
+ * rendering/RenderLineBoxList.cpp:
+ (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
+
2014-01-28 Antti Koivisto <an...@apple.com>
REGRESSION(r162837): 5% regression on html5-full-render and 3% regression in DoYouEvenBench
Modified: trunk/Source/WebCore/platform/text/BidiResolver.h (162955 => 162956)
--- trunk/Source/WebCore/platform/text/BidiResolver.h 2014-01-28 21:42:37 UTC (rev 162955)
+++ trunk/Source/WebCore/platform/text/BidiResolver.h 2014-01-28 21:53:22 UTC (rev 162956)
@@ -307,10 +307,8 @@
template <class Iterator, class Run>
BidiResolver<Iterator, Run>::~BidiResolver()
{
- // The owner of this resolver should have handled the isolated runs
- // or should never have called enterIsolate().
+ // The owner of this resolver should have handled the isolated runs.
ASSERT(m_isolatedRuns.isEmpty());
- ASSERT(!m_nestedIsolateCount);
}
#endif
Modified: trunk/Source/WebCore/rendering/RenderBlockLineLayout.cpp (162955 => 162956)
--- trunk/Source/WebCore/rendering/RenderBlockLineLayout.cpp 2014-01-28 21:42:37 UTC (rev 162955)
+++ trunk/Source/WebCore/rendering/RenderBlockLineLayout.cpp 2014-01-28 21:53:22 UTC (rev 162956)
@@ -872,6 +872,15 @@
lastRootBox()->appendFloat(floatingObject->renderer());
}
+static inline void setupResolverToResumeInIsolate(InlineBidiResolver& resolver, RenderObject* root, RenderObject* startObject)
+{
+ if (root != startObject) {
+ RenderObject* parent = startObject->parent();
+ setupResolverToResumeInIsolate(resolver, root, parent);
+ notifyObserverEnteredObject(&resolver, startObject);
+ }
+}
+
// FIXME: BidiResolver should have this logic.
static inline void constructBidiRunsForSegment(InlineBidiResolver& topResolver, BidiRunList<BidiRun>& bidiRuns, const InlineIterator& endOfRuns, VisualDirectionOverride override, bool previousLineBrokeCleanly)
{
@@ -906,10 +915,7 @@
}
isolatedResolver.setStatus(BidiStatus(direction, isOverride(unicodeBidi)));
- // FIXME: The fact that we have to construct an Iterator here
- // currently prevents this code from moving into BidiResolver.
- if (!bidiFirstSkippingEmptyInlines(*isolatedInline, &isolatedResolver))
- continue;
+ setupResolverToResumeInIsolate(isolatedResolver, isolatedInline, &startObj);
// The starting position is the beginning of the first run within the isolate that was identified
// during the earlier call to createBidiRunsForLine. This can be but is not necessarily the
Modified: trunk/Source/WebCore/rendering/RenderLineBoxList.cpp (162955 => 162956)
--- trunk/Source/WebCore/rendering/RenderLineBoxList.cpp 2014-01-28 21:42:37 UTC (rev 162955)
+++ trunk/Source/WebCore/rendering/RenderLineBoxList.cpp 2014-01-28 21:53:22 UTC (rev 162956)
@@ -396,7 +396,8 @@
// space, the search for |child|'s linebox will go past the leading space to the previous linebox and select that
// one as |box|. If we hit that situation here, dirty the |box| actually containing the child too.
bool insertedAfterLeadingSpace = box->lineBreakObj() == child->previousSibling();
- if (adjacentBox && (adjacentBox->lineBreakObj() == child || child->isBR() || (curr && curr->isBR()) || insertedAfterLeadingSpace))
+ if (adjacentBox && (adjacentBox->lineBreakObj() == child || child->isBR() || (curr && curr->isBR())
+ || insertedAfterLeadingSpace || isIsolated(container->style().unicodeBidi())))
adjacentBox->markDirty();
}
}
