Avoid crash when updating stylesheets during a remove operation.

Avoid crash when updating stylesheets during a remove operation.

When we are in the middle of removing a subtree of a shadow tree
containing a style element, and one of the other elements schedules
style invalidation, we are synchronously trying to update rule features
when the style node is still inDocument() and isInShadowTree() while the
treeScope() has been reset to the document scope in preparation for
removing it from the tree. That caused us to add the sheet for the style
element being removed to our style data/rule features.

We should make updateActiveStyleSheets asynchronous (crbug.com/567021)
and schedule invalidations with the current rule features instead of
forcing an update of rule features through appendPendingAuthorStyleSheets.

Since updateActiveStyleSheets is currently synchronous and
appendPendingAuthorStyleSheets happens lazily, we are in an inconsistent
state which means we need to execute the latter in order to avoid
glitches in style invalidation because we are marking for
invalidation/recalc in the former step.

This crasher surfaced when we started looking up the treeScope() directly
in https://codereview.chromium.org/1285293003

R=esprehn@chromium.org
BUG=559292
Committed: https://crrev.com/0b0f3ace8820d371e6f4b2b61354728a71ce8356
Cr-Commit-Position: refs/heads/master@{#369004}

[rune, 2016-01-04 15:18:39]

I'm not proud of this workaround, but the issue's been nagged for a while.
crbug.com/567021 has not been started and it will take some time to fix.

[rune, 2016-01-04 15:18:48]

The CQ bit was checked by rune@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2016-01-04 15:19:09]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1556963002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1556963002/1

[commit-bot: I haz the power, 2016-01-04 18:10:19]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-01-04 18:10:20]

Dry run: This issue passed the CQ dry run.

[rune, 2016-01-11 11:37:51]

ping

[esprehn, 2016-01-12 20:41:01]

Lgtm, gross but this seems okay as a bandaid. Hopefully we don't have it for
years.

[rune, 2016-01-12 20:42:29]

The CQ bit was checked by rune@opera.com

[commit-bot: I haz the power, 2016-01-12 20:42:57]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1556963002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1556963002/1

[commit-bot: I haz the power, 2016-01-12 22:11:32]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-01-12 22:12:55]

Description was changed from

==========
Avoid crash when updating stylesheets during a remove operation.

When we are in the middle of removing a subtree of a shadow tree
containing a style element, and one of the other elements schedules
style invalidation, we are synchronously trying to update rule features
when the style node is still inDocument() and isInShadowTree() while the
treeScope() has been reset to the document scope in preparation for
removing it from the tree. That caused us to add the sheet for the style
element being removed to our style data/rule features.

We should make updateActiveStyleSheets asynchronous (crbug.com/567021)
and schedule invalidations with the current rule features instead of
forcing an update of rule features through appendPendingAuthorStyleSheets.

Since updateActiveStyleSheets is currently synchronous and
appendPendingAuthorStyleSheets happens lazily, we are in an inconsistent
state which means we need to execute the latter in order to avoid
glitches in style invalidation because we are marking for
invalidation/recalc in the former step.

This crasher surfaced when we started looking up the treeScope() directly
in https://codereview.chromium.org/1285293003

R=esprehn@chromium.org
BUG=559292
==========

to

==========
Avoid crash when updating stylesheets during a remove operation.

When we are in the middle of removing a subtree of a shadow tree
containing a style element, and one of the other elements schedules
style invalidation, we are synchronously trying to update rule features
when the style node is still inDocument() and isInShadowTree() while the
treeScope() has been reset to the document scope in preparation for
removing it from the tree. That caused us to add the sheet for the style
element being removed to our style data/rule features.

We should make updateActiveStyleSheets asynchronous (crbug.com/567021)
and schedule invalidations with the current rule features instead of
forcing an update of rule features through appendPendingAuthorStyleSheets.

Since updateActiveStyleSheets is currently synchronous and
appendPendingAuthorStyleSheets happens lazily, we are in an inconsistent
state which means we need to execute the latter in order to avoid
glitches in style invalidation because we are marking for
invalidation/recalc in the former step.

This crasher surfaced when we started looking up the treeScope() directly
in https://codereview.chromium.org/1285293003

R=esprehn@chromium.org
BUG=559292

Committed: https://crrev.com/0b0f3ace8820d371e6f4b2b61354728a71ce8356
Cr-Commit-Position: refs/heads/master@{#369004}
==========

[commit-bot: I haz the power, 2016-01-12 22:12:56]

Patchset 1 (id:??) landed as
https://crrev.com/0b0f3ace8820d371e6f4b2b61354728a71ce8356
Cr-Commit-Position: refs/heads/master@{#369004}