[webkit-changes] [WebKit/WebKit] 0effd0: Incorrectly positioned out-of-flow box when layout...

Alan Baradlay noreply at github.com
Sat Apr 1 06:53:06 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0effd07b7ef33a8e616b754947910441b7186a17
      https://github.com/WebKit/WebKit/commit/0effd07b7ef33a8e616b754947910441b7186a17
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2023-04-01 (Sat, 01 Apr 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/block/positioning/static_out_of_flow_inside_layout_boundary-expected.html
    A LayoutTests/fast/block/positioning/static_out_of_flow_inside_layout_boundary.html
    M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp

  Log Message:
  -----------
  Incorrectly positioned out-of-flow box when layout boundary is present
https://bugs.webkit.org/show_bug.cgi?id=254666

Reviewed by Antti Koivisto.

Consider the following case:

<containing-block>
  <layout-boundary>
    Inline-content
    <out-of-flow-box>
  </layout-boundary>
</containing-block>

e.g. <div style="overflow: hidden">
  some text
  <div style="position: absolute"></div>
</div>

1. "inline content" gets mutated and the associated renderers are marked dirty.

During #1 we climb the ancestor chain and mark containing blocks dirty to ensure the subsequent layout has a correct entry point.
We either (most of the time) stop at the ICB (RenderView) during this walk or at a layout-boundary.

2. Subsequent layout is initiated starting at layout-boundary.

The geometry of the freshly laid out inline-content may affect the out-of-flow-box's static position.
In inline layout code (both legacy and IFC) at this point we only set the "static" position assuming
that layout eventually reaches the out-of-flow-box's containing block which would set the final top/left coords.
However since this layout is bound to layout-boundary's subtree, we never get to the containing-block.

While this is an invalidation bug where we fail to mark the containing-block dirty (by not stopping at layout-boundary),
it's expensive to figure out if there's a descendent of the layout-boundary with an ancestor containing block (outside of layout-boundary's subtree).

Instead set the out-of-flow-box's coordinates here at inline layout and let the containing block update it as part of the normal layout flow
(when we actually get to the containing block).
This is technically correct since this renderer's position is its static position until
the containing block updates it as applicable (and the special "static position" handling could be considered as a render tree artifact).

* LayoutTests/fast/block/positioning/static_out_of_flow_inside_layout_boundary-expected.html: Added.
* LayoutTests/fast/block/positioning/static_out_of_flow_inside_layout_boundary.html: Added.
* Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:
(WebCore::LayoutIntegration::LineLayout::updateRenderTreePositions):

Canonical link: https://commits.webkit.org/262470@main

More information about the webkit-changes mailing list