[webkit-changes] [WebKit/WebKit] df0e51: REGRESSION (253865 at main): Crashes under RenderLaye...
Simon Fraser
noreply at github.com
Tue Dec 6 18:31:20 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: df0e5116081b07f064024f844c7a7111850e3298
https://github.com/WebKit/WebKit/commit/df0e5116081b07f064024f844c7a7111850e3298
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2022-12-06 (Tue, 06 Dec 2022)
Changed paths:
A LayoutTests/scrollingcoordinator/scrolling-tree/sticky-gain-composited-scrolling-ancestor-expected.txt
A LayoutTests/scrollingcoordinator/scrolling-tree/sticky-gain-composited-scrolling-ancestor.html
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
M Source/WebCore/rendering/RenderLayerCompositor.cpp
M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
Log Message:
-----------
REGRESSION (253865 at main): Crashes under RenderLayerCompositor::updateScrollingNodeForViewportConstrainedRole
https://bugs.webkit.org/show_bug.cgi?id=248827
rdar://102619100
Reviewed by Alan Baradlay.
In 253865 at main I introduced `m_viewportAnchorLayer`, which is used by the scrolling tree
to move fixed and sticky position layers. However, this revealed bugs in the compositing
dirty state management in the RenderLayer tree, where some types of tree mutations would
fail to trigger the "configuration" compositing update on a composited layer which is
responsible for the addition/removal of the `m_viewportAnchorLayer`.
>From the collection of crash reports, I diagnosed two scenarios:
On google.com, when selecting results in the map view (rdar://102713246), a fixed layer
gained/lost a transformed ancestor. Transforms act as containing block for fixed, so
this changes whether the fixed layer is viewport-constrained. Fixed by having
`RenderLayer::setBehavesAsFixed()` call `setNeedsCompositingConfigurationUpdate()` on
fixed layers. Normally repaints trigger `setNeedsCompositingConfigurationUpdate()`; I
was not able to creation a reduction for this (the google page has nested fixed and
`visibility:hidden`, which may contribute).
The second scenario involved a sticky position layer which gains/loses an
async-scrollable ancestor. Fixed by having
`RenderLayerScrollableArea::computeHasCompositedScrollableOverflow()` call
`setDescendantsNeedUpdateBackingAndHierarchyTraversal()` on the stacking context
ancestor. Tested by sticky-gain-composited-scrolling-ancestor.html.
Also defensively early return in `computeFixedViewportConstraints()` and
`computeStickyViewportConstraints()` if the anchor layer is null.
* LayoutTests/scrollingcoordinator/scrolling-tree/sticky-gain-composited-scrolling-ancestor-expected.txt: Added.
* LayoutTests/scrollingcoordinator/scrolling-tree/sticky-gain-composited-scrolling-ancestor.html: Added.
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::recursiveUpdateLayerPositions):
(WebCore::RenderLayer::setBehavesAsFixed):
* Source/WebCore/rendering/RenderLayer.h:
* Source/WebCore/rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::computeFixedViewportConstraints const):
(WebCore::RenderLayerCompositor::computeStickyViewportConstraints const):
* Source/WebCore/rendering/RenderLayerScrollableArea.cpp:
(WebCore::RenderLayerScrollableArea::computeHasCompositedScrollableOverflow):
Canonical link: https://commits.webkit.org/257455@main
More information about the webkit-changes
mailing list