Title: [190961] releases/WebKitGTK/webkit-2.10
- Revision
- 190961
- Author
- [email protected]
- Date
- 2015-10-13 03:55:28 -0700 (Tue, 13 Oct 2015)
Log Message
Merge r190592 - Reference cycles during SVG dependency invalidation
https://bugs.webkit.org/show_bug.cgi?id=149824
<rdar://problem/22771412>
Reviewed by Tim Horton.
Source/WebCore:
Detect any reference cycles as we are invalidating.
This is mostly a merge of the following Blink commit:
https://chromium.googlesource.com/chromium/blink/+/a4bc83453bda89823b672877dc02247652a02d51
Test: svg/custom/reference-cycle.svg
* rendering/svg/RenderSVGResource.cpp:
(WebCore::removeFromCacheAndInvalidateDependencies): Keep around a hash
table of dependencies, so that we can detect if an element is already
present before marking it.
LayoutTests:
Adding a test that has a cycle between feImage resources.
Merge Blink commit:
https://chromium.googlesource.com/chromium/blink/+/a4bc83453bda89823b672877dc02247652a02d51
* svg/custom/reference-cycle-expected.txt: Added.
* svg/custom/reference-cycle.svg: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (190960 => 190961)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2015-10-13 10:54:35 UTC (rev 190960)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2015-10-13 10:55:28 UTC (rev 190961)
@@ -1,3 +1,19 @@
+2015-10-05 Dean Jackson <[email protected]>
+
+ Reference cycles during SVG dependency invalidation
+ https://bugs.webkit.org/show_bug.cgi?id=149824
+ <rdar://problem/22771412>
+
+ Reviewed by Tim Horton.
+
+ Adding a test that has a cycle between feImage resources.
+
+ Merge Blink commit:
+ https://chromium.googlesource.com/chromium/blink/+/a4bc83453bda89823b672877dc02247652a02d51
+
+ * svg/custom/reference-cycle-expected.txt: Added.
+ * svg/custom/reference-cycle.svg: Added.
+
2015-10-05 Jiewen Tan <[email protected]>
Fix null pointer dereference in WebSocket::connect()
Added: releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle-expected.txt (0 => 190961)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle-expected.txt 2015-10-13 10:55:28 UTC (rev 190961)
@@ -0,0 +1 @@
+PASS: did not crash.
Added: releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle.svg (0 => 190961)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle.svg (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/svg/custom/reference-cycle.svg 2015-10-13 10:55:28 UTC (rev 190961)
@@ -0,0 +1,19 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <defs>
+ <filter>
+ <feImage id="self" xlink:href=""
+ </filter>
+
+ <filter>
+ <feImage id="indirect_1" xlink:href=""
+ <feImage id="indirect_2" xlink:href=""
+ </filter>
+ </defs>
+
+ <text y="100">PASS: did not crash.</text>
+
+ <script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ </script>
+</svg>
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (190960 => 190961)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-10-13 10:54:35 UTC (rev 190960)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-10-13 10:55:28 UTC (rev 190961)
@@ -1,3 +1,23 @@
+2015-10-05 Dean Jackson <[email protected]>
+
+ Reference cycles during SVG dependency invalidation
+ https://bugs.webkit.org/show_bug.cgi?id=149824
+ <rdar://problem/22771412>
+
+ Reviewed by Tim Horton.
+
+ Detect any reference cycles as we are invalidating.
+
+ This is mostly a merge of the following Blink commit:
+ https://chromium.googlesource.com/chromium/blink/+/a4bc83453bda89823b672877dc02247652a02d51
+
+ Test: svg/custom/reference-cycle.svg
+
+ * rendering/svg/RenderSVGResource.cpp:
+ (WebCore::removeFromCacheAndInvalidateDependencies): Keep around a hash
+ table of dependencies, so that we can detect if an element is already
+ present before marking it.
+
2015-10-05 Jiewen Tan <[email protected]>
Fix null pointer dereference in WebSocket::connect()
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/svg/RenderSVGResource.cpp (190960 => 190961)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/svg/RenderSVGResource.cpp 2015-10-13 10:54:35 UTC (rev 190960)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/svg/RenderSVGResource.cpp 2015-10-13 10:55:28 UTC (rev 190961)
@@ -172,9 +172,20 @@
HashSet<SVGElement*>* dependencies = renderer.document().accessSVGExtensions().setOfElementsReferencingTarget(downcast<SVGElement>(renderer.element()));
if (!dependencies)
return;
+
+ // We allow cycles in SVGDocumentExtensions reference sets in order to avoid expensive
+ // reference graph adjustments on changes, so we need to break possible cycles here.
+ static NeverDestroyed<HashSet<SVGElement*>> invalidatingDependencies;
+
for (auto* element : *dependencies) {
- if (auto* renderer = element->renderer())
+ if (auto* renderer = element->renderer()) {
+ if (UNLIKELY(!invalidatingDependencies.get().add(element).isNewEntry)) {
+ // Reference cycle: we are in process of invalidating this dependant.
+ continue;
+ }
RenderSVGResource::markForLayoutAndParentResourceInvalidation(*renderer, needsLayout);
+ invalidatingDependencies.get().remove(element);
+ }
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
