[Webkit-unassigned] [Bug 36901] RVCT generates incorrect code for method Range::operator== when compiler optimizations are enabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 4 23:10:22 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=36901





--- Comment #9 from Daniel Bates <dbates at webkit.org>  2010-04-04 23:10:21 PST ---
(In reply to comment #7)
> I forgot to comment on the manual test case in this bug.
> 
> There are plenty of automated test cases that exercise finding text, so I think
> this could be automated.
> 
> LayoutTests/text/find-case-folding.html for example.

We cannot test this with DRT (at least not via
document.execCommand("FindString", ...)) as WebCore::Frame::findString is not
called with startInSelection := true (*). The call flow has the form: ... =>
WebCore::executeFindString => WebCore::Frame::findString. In particular,
startInSelection is hardcoded to false in method WebCore::executeFindString,
<http://trac.webkit.org/browser/trunk/WebCore/editing/EditorCommand.cpp?rev=55566#L399>.

In contrast, when you show the find banner in Safari and perform a search,
WebCore::Frame::findString is called with startInSelection := true. The call
flow has the form: -[WebView(WebPendingPublic)
searchFor:direction:caseSensitive:wrap:startInSelection:] =>
-[WebHTMLView(WebDocumentPrivateProtocols)
searchFor:direction:caseSensitive:wrap:startInSelection:] =>
WebCore::Frame::findString. Notice the value of startInSelection is passed in
as a parameter. I cannot see the code of the calling functions of 
-[WebView(WebPendingPublic)
searchFor:direction:caseSensitive:wrap:startInSelection:] (**) to determine how
this value is set since the calling functions are outside of WebKit. I am not
too familiar with EditorCommand, but we may be able to use similar logic as in
(**)  to set the value of startInSelection in WebCore::executeFindString.
Alternatively, we may consider allowing a user to explicitly specify this
parameter.

Therefore, a manual test is needed to reproduce the crash/verify the fix.

(*) Notice, the crash occurs when we evaluate the second conjunct of the
if-condition on line 1389 of Frame.cpp (i.e.
"*VisibleSelection(resultRange.get()).toNormalizedRange() ==
*selection.toNormalizedRange()"), and by the definition of logical AND this
occurs when the first conjunct is true (i.e. startInSelection := true).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list