Closed
Bug 1445794
Opened 6 years ago
Closed 5 years ago
Ensure AccessibleCaretEventHub's scroll and reflow callbacks don't flush
Categories
(Core :: Layout, enhancement, P3)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla66
| Tracking | Status | |
|---|---|---|
| firefox66 | --- | fixed |
People
(Reporter: emilio, Assigned: TYLin)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 2 obsolete files)
That breaks invariants.
|
Reporter | |
Updated•6 years ago
|
Flags: needinfo?(emilio)
|
Assignee | |
Updated•6 years ago
|
Blocks: AccessibleCaret
| Comment hidden (typo) |
|
|
Assignee | |
Comment 3•5 years ago
|
||
(hide comment 2 because it contains typos and incorrect links) Mats, I'm thinking about adding nsAutoScriptBlocker to all the public entry points in AccessibleCaretEventHub [1] as you suggested in bug 1246918 Comment 26 so that no arbitrary script can delete frames, and we can remove a lot of MOZ_CAN_RUN_SCRIPT annotation. We might still need flush layout (at least styles) after dragging carets or selecting a word because AccessibleCaretManager needs to call Selection::Stringify [2] which flushes frames [3]. I can investigate whether there's any correctness issue if we don't flush in reflow or scroll callbacks. Does that sound like a good plan? [1] https://searchfox.org/mozilla-central/rev/6e0e603f4852b8e571e5b8ae133e772b18b6016e/layout/base/AccessibleCaretEventHub.h#74,78,84-85,87-88,92,94,96,103-105 [2] https://searchfox.org/mozilla-central/rev/6e0e603f4852b8e571e5b8ae133e772b18b6016e/layout/base/AccessibleCaretManager.cpp#1422 [3] https://searchfox.org/mozilla-central/rev/6e0e603f4852b8e571e5b8ae133e772b18b6016e/dom/base/Selection.cpp#420
|
||
Comment 4•5 years ago
|
||
I'm not sure if that helps with the underlying issue, which is
that *the callers* can't handle destruction of various Layout data.
So when the On* methods return that code crashes.
So perhaps a better solution is to make sure that can't happen by
making the On* methods post a script runner to do its work later?
Picking a random example, AccessibleCaretManager::OnSelectionChanged,
would do something like:
if (aSel->Type() != PRIMARY) return; // or whatever
AddScriptRunner(NewRunnableMethod(this, DoOnSelectionChanged))
and then:
DoOnSelectionChanged(...) {
if (IsTerminated())
return;
nsAutoScriptBlocker scriptBlocker;
if (!FlushLayout())
return;
... rest of OnSelectionChanged code ...
}
I still think we need MOZ_CAN_RUN_SCRIPT on the DoOn* methods since
nsAutoScriptBlocker may run script when it exits the scope, but any
On* methods that just posts a script runner do not need that
annotation.
Would that work?Flags: needinfo?(mats)
|
|
Assignee | |
Comment 5•5 years ago
|
||
Yep, I think moving the methods that flush layout to a runnable should work. I'll write patches based on the idea.
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → aethanyc
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 6•5 years ago
|
||
Without this change, for example, UpdateCarets(UpdateCaretsHint::DispatchNoEvent) won't update carets. We don't have a wrong use case yet, but it's good to fix that beforehand.
|
|
Assignee | |
Comment 7•5 years ago
|
||
We need AccessibleCaretManager to be a refcount object to ensure the validity when using NewRunnableMethod() to construct runnables. Depends on D15535
|
|
Assignee | |
Comment 8•5 years ago
|
||
These scrolling and reflow callbacks call UpdateCarets(), which need to flush layout to ensure the AccessibleCaret's position is correct. However, it's possible that PresShell and frame tree are destroyed after doing so. To prevent this from affecting other callbacks executing after the layout is flushed, we move carets callbacks to runnables. Depends on D15536
|
|
Assignee | |
Comment 9•5 years ago
|
||
OnReflow() can still call FlushLayout() that recursively enters OnReflow() again, so we make FlushLayout() return early if it's already flushing layout. Depends on D15537
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
Attachment #9033808 -
Attachment description: Bug 1445794 Part 3 - Move callbacks that handle scrolling and reflow to runnables. → Bug 1445794 Part 2 - Disallow flushing layout in reflow and scroll related callbacks.
|
|
||
Updated•5 years ago
|
Attachment #9033807 -
Attachment is obsolete: true
|
|
||
Updated•5 years ago
|
Attachment #9033809 -
Attachment is obsolete: true
|
||
Comment 10•5 years ago
|
||
Pushed by aethanyc@gmail.com: https://hg.mozilla.org/integration/autoland/rev/34151b0c56e9 Part 1 - Preemptively fix that carets are not updated if non-default hints are used. r=emilio https://hg.mozilla.org/integration/autoland/rev/267a452439f5 Part 2 - Disallow flushing layout in reflow and scroll related callbacks. r=emilio
|
||
Comment 11•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/34151b0c56e9 https://hg.mozilla.org/mozilla-central/rev/267a452439f5
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox66:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
|
|
Assignee | |
Updated•5 years ago
|
Summary: Ensure AccessibleEventCaret's scroll and reflow callbacks don't flush → Ensure AccessibleCaretEventHub's scroll and reflow callbacks don't flush
You need to log in
before you can comment on or make changes to this bug.
Description
•