[Webkit-unassigned] [Bug 242879] New: REGRESSION(r294536): Drawing the ImageBuffer should not invalidate its cached copied images

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 18 18:13:33 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=242879

            Bug ID: 242879
           Summary: REGRESSION(r294536): Drawing the ImageBuffer should
                    not invalidate its cached copied images
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

When copying the IOSurface to a CGImage, the memory of this CGImage is allocated as copy-on-write. Before any draws committed to the IOSurface, the all copied CGImages are invalidated such that they have their memory copied so they are not affected by the new changes. Because changing the pixels of the IOSurface directly through putPixelBuffer() does not invalidate the IOSurface image cache, ImageBufferIOSurfaceBackend::invalidateCachedNativeImage() handles this case by a simple hack: draw an empty rect to the IOSurface context. invalidateCachedNativeImage() relies on the flag m_mayHaveOutstandingBackingStoreReferences which is set to true when a CGImage is copied from the backend.

When drawing an accelerated ImageBuffer, the backend IOSurface is copied to a CGImage then this it is drawn to the context and finally it is destroyed. But creating it causes the flag m_mayHaveOutstandingBackingStoreReferences to be set to true. Any subsequent calls to putPixelBuffer() will be preceded by invalidating the cache of the copied images. This invalidation is not needed because the copied image is volatile. It will be destroyed before any subsequent draws or putPixelBuffer() calls.

Consider this sequence:

ImageBuffer::getPixelBuffer()
ImageBuffer::putPixelBuffer()
ImageBuffer::draw(); // Calls copyNativeImage(), sets m_mayHaveOutstandingBackingStoreReferences = true
ImageBuffer::getPixelBuffer()
ImageBuffer::putPixelBuffer(); // Because m_mayHaveOutstandingBackingStoreReferences, IOSurface image cache is invalidated.
ImageBuffer::draw(); // Calls copyNativeImage(), sets m_mayHaveOutstandingBackingStoreReferences = true

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220719/e563f367/attachment.htm>

More information about the webkit-unassigned mailing list