Skip to content

Commit

Permalink
Tighten RenderObject's type specific flags
Browse files Browse the repository at this point in the history 
https://bugs.webkit.org/show_bug.cgi?id=266673

Reviewed by Alan Baradlay.

This PR introduces TypeSpecificFlags to wrap type specific flags in RenderObject.

It can be instantiated by the default constructor as well as with an OptionSet of
LineBreakFlag, ReplacedFlag, or SVGModelObjectFlag. The object also remembers the
kind of flags stored as a security hardening measure (i.e. to prevent type
confusion even when m_type / m_typeFlags and m_typeSpecificFlags get out of sync).

Finally, this PR also makes RenderObject::m_typeSpecificFlags const so that it may
not get mutated once the render object is initialized.

* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::RenderBox):
* Source/WebCore/rendering/RenderBox.h:
(WebCore::RenderBox::RenderBox):
* Source/WebCore/rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::RenderBoxModelObject):
* Source/WebCore/rendering/RenderBoxModelObject.h:
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::RenderElement):
* Source/WebCore/rendering/RenderElement.h:
* Source/WebCore/rendering/RenderFrameSet.cpp:
(WebCore::RenderFrameSet::RenderFrameSet):
(WebCore::m_isResizing): Deleted.
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::RenderInline):
* Source/WebCore/rendering/RenderLayerModelObject.cpp:
(WebCore::RenderLayerModelObject::RenderLayerModelObject):
* Source/WebCore/rendering/RenderLayerModelObject.h:
* Source/WebCore/rendering/RenderLineBreak.cpp:
(WebCore::RenderLineBreak::RenderLineBreak):
(WebCore::m_cachedLineHeight):
* Source/WebCore/rendering/RenderListMarker.cpp:
(WebCore::RenderListMarker::RenderListMarker):
(WebCore::m_listItem): Deleted.
* Source/WebCore/rendering/RenderObject.cpp:
(WebCore::RenderObject::RenderObject):
* Source/WebCore/rendering/RenderObject.h:
(WebCore::RenderObject::TypeSpecificFlags::TypeSpecificFlags):
(WebCore::RenderObject::TypeSpecificFlags::lineBreakFlags const):
(WebCore::RenderObject::TypeSpecificFlags::replacedFlags const):
(WebCore::RenderObject::TypeSpecificFlags::svgFlags const):
(WebCore::RenderObject::TypeSpecificFlags::valueForKind const):
(WebCore::RenderObject::isRenderMedia const):
(WebCore::RenderObject::isRenderImage const):
(WebCore::RenderObject::isRenderWidget const):
(WebCore::RenderObject::isLegacyRenderSVGModelObject const):
(WebCore::RenderObject::isRenderSVGModelObject const):
(WebCore::RenderObject::isRenderSVGContainer const):
(WebCore::RenderObject::isLegacyRenderSVGContainer const):
(WebCore::RenderObject::isRenderSVGShape const):
(WebCore::RenderObject::isLegacyRenderSVGShape const):
(WebCore::RenderObject::isLegacyRenderSVGResourceContainer const):
(WebCore::RenderObject::isRenderSVGResourceContainer const):
(WebCore::RenderObject::isWBR const):
(WebCore::RenderObject::lineBreakFlags const): Deleted.
(WebCore::RenderObject::setLineBreakFlags): Deleted.
(WebCore::RenderObject::replacedFlags const): Deleted.
(WebCore::RenderObject::setReplacedFlags): Deleted.
(WebCore::RenderObject::svgFlags const): Deleted.
(WebCore::RenderObject::setSVGFlags): Deleted.
* Source/WebCore/rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::RenderReplaced):
* Source/WebCore/rendering/RenderReplica.cpp:
(WebCore::RenderReplica::RenderReplica):
* Source/WebCore/rendering/RenderTableCol.cpp:
(WebCore::RenderTableCol::RenderTableCol):
* Source/WebCore/rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::RenderTableRow):
(WebCore::m_rowIndex): Deleted.
* Source/WebCore/rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::RenderTableSection):
* Source/WebCore/rendering/RenderText.cpp:
(WebCore::RenderText::RenderText):
* Source/WebCore/rendering/svg/RenderSVGGradientStop.cpp:
(WebCore::RenderSVGGradientStop::RenderSVGGradientStop):
* Source/WebCore/rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::RenderSVGModelObject):
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGModelObject.cpp:
(WebCore::LegacyRenderSVGModelObject::LegacyRenderSVGModelObject):

Canonical link: https://commits.webkit.org/272324@main
  • Loading branch information
@rniwa
rniwa committed Dec 20, 2023
1 parent e4ad616 commit d154d61
Show file tree
Hide file tree
Showing 23 changed files with 113 additions and 81 deletions.
8 changes: 4 additions & 4 deletions Source/WebCore/rendering/RenderBox.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,14 +132,14 @@ static const unsigned backgroundObscurationTestMaxDepth = 4;

bool RenderBox::s_hadNonVisibleOverflow = false;

RenderBox::RenderBox(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> flags)
: RenderBoxModelObject(type, element, WTFMove(style), flags | TypeFlag::IsBox)
RenderBox::RenderBox(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> flags, TypeSpecificFlags typeSpecificFlags)
: RenderBoxModelObject(type, element, WTFMove(style), flags | TypeFlag::IsBox, typeSpecificFlags)
{
ASSERT(isRenderBox());
}

RenderBox::RenderBox(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> flags)
: RenderBoxModelObject(type, document, WTFMove(style), flags | TypeFlag::IsBox)
RenderBox::RenderBox(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> flags, TypeSpecificFlags typeSpecificFlags)
: RenderBoxModelObject(type, document, WTFMove(style), flags | TypeFlag::IsBox, typeSpecificFlags)
{
ASSERT(isRenderBox());
}
Expand Down
4 changes: 2 additions & 2 deletions Source/WebCore/rendering/RenderBox.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,8 +660,8 @@ class RenderBox : public RenderBoxModelObject {
bool computeHasTransformRelatedProperty(const RenderStyle&) const;

protected:
RenderBox(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>);
RenderBox(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>);
RenderBox(Type, Element&, RenderStyle&&, OptionSet<TypeFlag> = { }, TypeSpecificFlags = { });
RenderBox(Type, Document&, RenderStyle&&, OptionSet<TypeFlag> = { }, TypeSpecificFlags = { });

void styleWillChange(StyleDifference, const RenderStyle& newStyle) override;
void styleDidChange(StyleDifference, const RenderStyle* oldStyle) override;
Expand Down
8 changes: 4 additions & 4 deletions Source/WebCore/rendering/RenderBoxModelObject.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,14 +167,14 @@ bool RenderBoxModelObject::hasAcceleratedCompositing() const
return view().compositor().hasAcceleratedCompositing();
}

RenderBoxModelObject::RenderBoxModelObject(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderLayerModelObject(type, element, WTFMove(style), baseTypeFlags | TypeFlag::IsBoxModelObject)
RenderBoxModelObject::RenderBoxModelObject(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderLayerModelObject(type, element, WTFMove(style), baseTypeFlags | TypeFlag::IsBoxModelObject, typeSpecificFlags)
{
ASSERT(isRenderBoxModelObject());
}

RenderBoxModelObject::RenderBoxModelObject(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderLayerModelObject(type, document, WTFMove(style), baseTypeFlags | TypeFlag::IsBoxModelObject)
RenderBoxModelObject::RenderBoxModelObject(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderLayerModelObject(type, document, WTFMove(style), baseTypeFlags | TypeFlag::IsBoxModelObject, typeSpecificFlags)
{
ASSERT(isRenderBoxModelObject());
}
Expand Down
4 changes: 2 additions & 2 deletions Source/WebCore/rendering/RenderBoxModelObject.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,8 +213,8 @@ class RenderBoxModelObject : public RenderLayerModelObject {
void applyTransform(TransformationMatrix&, const RenderStyle&, const FloatRect& boundingBox, OptionSet<RenderStyle::TransformOperationOption>) const override;

protected:
RenderBoxModelObject(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>);
RenderBoxModelObject(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>);
RenderBoxModelObject(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
RenderBoxModelObject(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);

void willBeDestroyed() override;

Expand Down
12 changes: 6 additions & 6 deletions Source/WebCore/rendering/RenderElement.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,8 @@ struct SameSizeAsRenderElement : public RenderObject {

static_assert(sizeof(RenderElement) == sizeof(SameSizeAsRenderElement), "RenderElement should stay small");

inline RenderElement::RenderElement(Type type, ContainerNode& elementOrDocument, RenderStyle&& style, OptionSet<TypeFlag> flags)
: RenderObject(type, elementOrDocument, flags)
inline RenderElement::RenderElement(Type type, ContainerNode& elementOrDocument, RenderStyle&& style, OptionSet<TypeFlag> flags, TypeSpecificFlags typeSpecificFlags)
: RenderObject(type, elementOrDocument, flags, typeSpecificFlags)
, m_firstChild(nullptr)
, m_ancestorLineBoxDirty(false)
, m_hasInitializedStyle(false)
Expand All @@ -141,13 +141,13 @@ inline RenderElement::RenderElement(Type type, ContainerNode& elementOrDocument,
ASSERT(RenderObject::isRenderElement());
}

RenderElement::RenderElement(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderElement(type, static_cast<ContainerNode&>(element), WTFMove(style), baseTypeFlags)
RenderElement::RenderElement(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderElement(type, static_cast<ContainerNode&>(element), WTFMove(style), baseTypeFlags, typeSpecificFlags)
{
}

RenderElement::RenderElement(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderElement(type, static_cast<ContainerNode&>(document), WTFMove(style), baseTypeFlags)
RenderElement::RenderElement(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderElement(type, static_cast<ContainerNode&>(document), WTFMove(style), baseTypeFlags, typeSpecificFlags)
{
}

Expand Down
6 changes: 3 additions & 3 deletions Source/WebCore/rendering/RenderElement.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,8 +294,8 @@ class RenderElement : public RenderObject {
void clearNeedsLayoutForDescendants();

protected:
RenderElement(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>);
RenderElement(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>);
RenderElement(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
RenderElement(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);

bool layerCreationAllowedForSubtree() const;

Expand Down Expand Up @@ -338,7 +338,7 @@ class RenderElement : public RenderObject {
inline bool shouldApplySizeOrStyleContainment(bool) const;

private:
RenderElement(Type, ContainerNode&, RenderStyle&&, OptionSet<TypeFlag>);
RenderElement(Type, ContainerNode&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
void node() const = delete;
void nonPseudoNode() const = delete;
void generatingNode() const = delete;
Expand Down
2 changes: 1 addition & 1 deletion Source/WebCore/rendering/RenderFrameSet.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ static constexpr auto borderFillColor = SRGBA<uint8_t> { 208, 208, 208 };
WTF_MAKE_ISO_ALLOCATED_IMPL(RenderFrameSet);

RenderFrameSet::RenderFrameSet(HTMLFrameSetElement& frameSet, RenderStyle&& style)
: RenderBox(Type::FrameSet, frameSet, WTFMove(style), { })
: RenderBox(Type::FrameSet, frameSet, WTFMove(style))
, m_isResizing(false)
{
ASSERT(isRenderFrameSet());
Expand Down
4 changes: 2 additions & 2 deletions Source/WebCore/rendering/RenderInline.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,14 +65,14 @@ namespace WebCore {
WTF_MAKE_ISO_ALLOCATED_IMPL(RenderInline);

RenderInline::RenderInline(Type type, Element& element, RenderStyle&& style)
: RenderBoxModelObject(type, element, WTFMove(style), TypeFlag::IsRenderInline)
: RenderBoxModelObject(type, element, WTFMove(style), TypeFlag::IsRenderInline, { })
{
setChildrenInline(true);
ASSERT(isRenderInline());
}

RenderInline::RenderInline(Type type, Document& document, RenderStyle&& style)
: RenderBoxModelObject(type, document, WTFMove(style), TypeFlag::IsRenderInline)
: RenderBoxModelObject(type, document, WTFMove(style), TypeFlag::IsRenderInline, { })
{
setChildrenInline(true);
ASSERT(isRenderInline());
Expand Down
8 changes: 4 additions & 4 deletions Source/WebCore/rendering/RenderLayerModelObject.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,14 @@ bool RenderLayerModelObject::s_hadLayer = false;
bool RenderLayerModelObject::s_wasTransformed = false;
bool RenderLayerModelObject::s_layerWasSelfPainting = false;

RenderLayerModelObject::RenderLayerModelObject(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderElement(type, element, WTFMove(style), baseTypeFlags | TypeFlag::IsLayerModelObject)
RenderLayerModelObject::RenderLayerModelObject(Type type, Element& element, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderElement(type, element, WTFMove(style), baseTypeFlags | TypeFlag::IsLayerModelObject, typeSpecificFlags)
{
ASSERT(isRenderLayerModelObject());
}

RenderLayerModelObject::RenderLayerModelObject(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags)
: RenderElement(type, document, WTFMove(style), baseTypeFlags | TypeFlag::IsLayerModelObject)
RenderLayerModelObject::RenderLayerModelObject(Type type, Document& document, RenderStyle&& style, OptionSet<TypeFlag> baseTypeFlags, TypeSpecificFlags typeSpecificFlags)
: RenderElement(type, document, WTFMove(style), baseTypeFlags | TypeFlag::IsLayerModelObject, typeSpecificFlags)
{
ASSERT(isRenderLayerModelObject());
}
Expand Down
4 changes: 2 additions & 2 deletions Source/WebCore/rendering/RenderLayerModelObject.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ class RenderLayerModelObject : public RenderElement {
void applyTransform(TransformationMatrix&, const RenderStyle&, const FloatRect& boundingBox) const;

protected:
RenderLayerModelObject(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>);
RenderLayerModelObject(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>);
RenderLayerModelObject(Type, Element&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);
RenderLayerModelObject(Type, Document&, RenderStyle&&, OptionSet<TypeFlag>, TypeSpecificFlags);

void createLayer();
void willBeDestroyed() override;
Expand Down
4 changes: 1 addition & 3 deletions Source/WebCore/rendering/RenderLineBreak.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,10 @@ WTF_MAKE_ISO_ALLOCATED_IMPL(RenderLineBreak);
static const int invalidLineHeight = -1;

RenderLineBreak::RenderLineBreak(HTMLElement& element, RenderStyle&& style)
: RenderBoxModelObject(Type::LineBreak, element, WTFMove(style), { })
: RenderBoxModelObject(Type::LineBreak, element, WTFMove(style), { }, is<HTMLWBRElement>(element) ? OptionSet<LineBreakFlag> { LineBreakFlag::IsWBR } : OptionSet<LineBreakFlag> { })
, m_inlineBoxWrapper(nullptr)
, m_cachedLineHeight(invalidLineHeight)
{
if (is<HTMLWBRElement>(element))
setLineBreakFlags(LineBreakFlag::IsWBR);
ASSERT(isRenderLineBreak());
}

Expand Down
2 changes: 1 addition & 1 deletion Source/WebCore/rendering/RenderListMarker.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ WTF_MAKE_ISO_ALLOCATED_IMPL(RenderListMarker);
constexpr int cMarkerPadding = 7;

RenderListMarker::RenderListMarker(RenderListItem& listItem, RenderStyle&& style)
: RenderBox(Type::ListMarker, listItem.document(), WTFMove(style), { })
: RenderBox(Type::ListMarker, listItem.document(), WTFMove(style))
, m_listItem(listItem)
{
setInline(true);
Expand Down
3 changes: 2 additions & 1 deletion Source/WebCore/rendering/RenderObject.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ void RenderObjectDeleter::operator() (RenderObject* renderer) const
renderer->destroy();
}

RenderObject::RenderObject(Type type, Node& node, OptionSet<TypeFlag> typeFlags)
RenderObject::RenderObject(Type type, Node& node, OptionSet<TypeFlag> typeFlags, TypeSpecificFlags typeSpecificFlags)
: CachedImageClient()
#if ASSERT_ENABLED
, m_hasAXObject(false)
Expand All @@ -147,6 +147,7 @@ RenderObject::RenderObject(Type type, Node& node, OptionSet<TypeFlag> typeFlags)
, m_node(node)
, m_typeFlags(node.isDocumentNode() ? (typeFlags | TypeFlag::IsAnonymous) : typeFlags)
, m_type(type)
, m_typeSpecificFlags(typeSpecificFlags)
{
ASSERT(!typeFlags.contains(TypeFlag::IsAnonymous));
if (CheckedPtr renderView = node.document().renderView())
Expand Down

0 comments on commit d154d61

Please sign in to comment.