[Webkit-unassigned] [Bug 78315] New: REGRESSION(99539): Infinite repaint loop with SVGImage and deferred repaint timers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 9 19:11:47 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=78315

           Summary: REGRESSION(99539): Infinite repaint loop with SVGImage
                    and deferred repaint timers
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: timothy_horton at apple.com
                CC: adele at apple.com, koivisto at iki.fi, zimmermann at kde.org,
                    simon.fraser at apple.com


<rdar://problem/10651634>

Turning on deferred repaint timers exposes an issue in SVGImage/SVGImageChromeClient which gets WebKit into a state of infinitely repainting.

Steps to Reproduce:

0. Turn on layer borders, to make the repainting clear.
1. Switch on deferred repaint timers in JavaScriptCore/wtf/Platform.h (#define ENABLE_REPAINT_THROTTLING 1)
2. Open the attached (extremely simple) test case.

The result is that after the deferred repaint timer fires, SVGImageChromeClient ends up invalidating the SVGImageCache, and we repaint the image, causing another deferred repaint timer to be started, and so on.

Niko, my question for you: why do we invalidate the image in this situation? Where do you think it's best to break the loop? Antti is of the belief that we should break it somewhere between SVGImageChromeClient and SVGImageCache, but neither of us are sure where to do so!

Here's a partial backtrace of the interesting bit:

#0  WebCore::SVGImageCache::imageContentChanged (this=0x7f9f8f00bf20) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/svg/graphics/SVGImageCache.cpp:80
#1  0x000000010e680326 in WebCore::CachedImage::changedInRect (this=0x7f9f8b820800, image=0x7f9f8f00d3e0, rect=@0x7fff6c4c7448) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/loader/cache/CachedImage.cpp:462
#2  0x000000010e680377 in non-virtual thunk to WebCore::CachedImage::changedInRect(WebCore::Image const*, WebCore::IntRect const&) () at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/loader/cache/CachedImage.cpp:467
#3  0x000000010f953cff in WebCore::SVGImageChromeClient::invalidateContentsAndRootView (this=0x7f9f8f00d530, r=@0x7fff6c4c7448) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/svg/graphics/SVGImage.cpp:80
#4  0x000000010e6b9a25 in WebCore::Chrome::invalidateContentsAndRootView (this=0x7f9f8f00c030, updateRect=@0x7fff6c4c7448, immediate=false) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/page/Chrome.cpp:86
#5  0x000000010f814935 in WebCore::ScrollView::repaintContentRectangle (this=0x7f9f8f010ce0, rect=@0x7f9f910010b0, now=false) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/platform/ScrollView.cpp:959
#6  0x000000010ebd7227 in WebCore::FrameView::doDeferredRepaints (this=0x7f9f8f010ce0) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/page/FrameView.cpp:1907
#7  0x000000010ebcf2b9 in WebCore::FrameView::deferredRepaintTimerFired (this=0x7f9f8f010ce0) at /Volumes/SSD/src/WebKit/OpenSource/Source/WebCore/page/FrameView.cpp:1950

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list