A selection of coding projects from 2002 - present
For some context, Gecko is the CSS layout engine underlying the Firefox web browser.
Its core data type is called a frame,
and it represents a box fragment in CSS terms.
Layout (called reflow in Gecko)
is an operation on the frame tree,
sizing and positioning each frame in accordance with the relevant layout rules.
In fragmented contexts (such as paragraph layout, columns, or pagination),
the frame tree is split at the breaks,
assigning each fragmentation container (page/column/line box) its own subtree of content.
Because a single element can cross fragmentation boundaries,
a single frame representing one CSS box can be split into multiple frames
in different subtrees;
these are chained up using next/previous pointers across the subtree boundaries.
Web pages are dynamic,
and thus layout in Gecko needs to accommodate not just splitting,
but also fusing and resplitting the frame
as sizes and positions of the document’s content are changed:
this is a large source of complexity in the engine.
Fixing this bug started with analyzing ambiguities in the CSS2 spec
and bringing these to the attention of the CSSWG on www-style.
I also posted a temporary fix
to make us compatible with other browsers until a proper fix could be made,
and a (somewhat obnoxiously colored) comprehensive test suite
to analyze implementations.
The final patch introduces a helper class, Fixing this bug was heavily dependent on its dependency—paginating overflowing content (Bug 379349)—which was fairly incompatible with Gecko’s architecture.
The patch for that
introduced a concept of “ghost frames” (called overflow continuations in the code)
which held overflowing content after the box had already been “completed” on a previous page.
These were maintained in a separate child list,
to avoid interfering with normal layout.
A helper class ( The patch for the initial bug
then extended the overflow continuation infrastructure
to manage absolutely-positioned content that fragmented onto a subsequent page/column.
A lot of the security bugs in Gecko’s codebase derive from improper deletion of frames from the frame tree.
This set of patches
(Part I,
Part II,
Part III)
removed the old frame deletion code, which used utility functions that looped over the frame tree,
with a recursive, inherited The resulting fix was net negative lines of code,
and fixed multiple security bugs including ones that had not even been filed
when the fix was written.
The patches were subsequently backported to the 1.9 branch as a 1.9.2 security fix.
See risk analysis.
Mozilla/Gecko
TableBackgroundPainter,
which accumulates the geometric information about the various internal table elements
that affect rendering within a given table cell’s background painting area,
allowing their backgrounds to be painted
correctly stacked,
correctly positioned according to their originating element,
not spilling into the border spacing area or ignoring collapsed borders,
and handling colspans and rowspans properly.
nsOverflowContinuationTracker)
helped the layout code interleave overflow continuations in the correct order
as items were added and removed from the list due to size changes during reflow.
Destroy() method on the frame itself,
which could be customized to handle any special relationships maintained by that type of frame.
Stupid Scripts