[webkit-changes] [WebKit/WebKit] 225e7c: [Grid] RELEASE_ASSERT when subgrid is modified to ...

Thu Jan 16 20:14:11 PST 2025

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 225e7c33ad4957c20efeb74e0a3c05f909fd8d5f
      https://github.com/WebKit/WebKit/commit/225e7c33ad4957c20efeb74e0a3c05f909fd8d5f
  Author: Sammy Gill <sammy.gill at apple.com>
  Date:   2025-01-16 (Thu, 16 Jan 2025)

  Changed paths:
    A LayoutTests/fast/css-grid-layout/subgrid-establishes-independent-formatting-context-crash-expected.txt
    A LayoutTests/fast/css-grid-layout/subgrid-establishes-independent-formatting-context-crash.html
    M LayoutTests/imported/w3c/web-platform-tests/css/css-contain/contain-layout-dynamic-001-expected.txt
    M Source/WebCore/rendering/RenderBox.cpp
    M Source/WebCore/rendering/RenderBox.h
    M Source/WebCore/rendering/RenderElement.cpp
    M Source/WebCore/rendering/RenderElement.h
    M Source/WebCore/rendering/RenderGrid.cpp
    M Source/WebCore/rendering/RenderGrid.h
    M Source/WebCore/rendering/style/RenderStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.h
    M Source/WebCore/rendering/style/RenderStyleInlines.h

  Log Message:
  -----------
  [Grid] RELEASE_ASSERT when subgrid is modified to establish an independent formatting context.
https://bugs.webkit.org/show_bug.cgi?id=284862
rdar://problem/137177436

Reviewed by Alan Baradlay.

According to the grid spec, a grid which has grid-template-rows/column: subgrid is not supposed
to behave as a subgrid if it establishes an independent formatting context.
https://drafts.csswg.org/css-grid-2/#track-sizing

Currently, this can lead to a RELEASE_ASSERT in copyUsedTrackSizesForSubgrid in certain types of content, such as
nested subgrids. This is because we fail to perform item placement again in the parent (of the
subgrid that established an independent formatting context) grid and end up with stale information
in copyUsedTrackSizesForSubgrid.

This patch fixes the RELEASE_ASSERT from the testcase by:
1.) Making sure a change so that a layout containment style mutation requires layout
2.) Allowing callers to pass in an overriding RenderStyle to establishesIndependentFormattingContext
to use instead of the one on the renderer.
3.) Changing RenderElement::establishesIndependentFormattingContext to make its decisions
based purely off the passed in style.

By allowing establishesIndependentFormattingContext to take in an overriding RenderStyle,
we can use this to compare the old and new styles that are used in styleDidChange.
RenderGrid::styleDidChange is able to learn when a style mutation causes a change that
results in the box establishing an independent formatting context or not and call dirtyGrid()
as a result.

In order for this overriding style to have any practical effect in RenderElement::establishesIndependentFormattingContext,
We need to change its logic slightly so that it only checks the used RenderStyle to make
its decision. Otherwise, it may return an incorrect result from the perspective of the caller who
wanted information based upon the passed-in style. This should be no
functional change as these helpers were indirectly referencing the RenderStyle on the
renderer anyway in some form. This also required a new helper on RenderStyle which determines
whether the display type "generates a block container" according to:
https://drafts.csswg.org/css-display/#the-display-properties

There is also an unforunate side effect of having slight code
duplication,  but we should be able to clean this up in a future patch by refactoring the
helper functions that were previously being used.

* LayoutTests/fast/css-grid-layout/subgrid-establishes-independent-formatting-context-crash-expected.txt: Added.
* LayoutTests/fast/css-grid-layout/subgrid-establishes-independent-formatting-context-crash.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-contain/contain-layout-dynamic-001-expected.txt:
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::establishesIndependentFormattingContext const):
* Source/WebCore/rendering/RenderBox.h:
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::establishesIndependentFormattingContext const):
* Source/WebCore/rendering/RenderElement.h:
* Source/WebCore/rendering/RenderGrid.cpp:
(WebCore::RenderGrid::styleDidChange):
(WebCore::RenderGrid::establishesIndependentFormattingContext const):
* Source/WebCore/rendering/RenderGrid.h:
* Source/WebCore/rendering/style/RenderStyle.cpp:
(WebCore::rareDataChangeRequiresLayout):
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebCore/rendering/style/RenderStyleInlines.h:
(WebCore::RenderStyle::doesDisplayGenerateBlockContainer const):

Canonical link: https://commits.webkit.org/289038@main

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications