Bug 14118 - ASSERTION FAILED: !needsLayout() seen again
Summary: ASSERTION FAILED: !needsLayout() seen again
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Nobody
URL: http://www.eharmony.com/
Keywords: NeedsReduction
Depends on:
Blocks:
 
Reported: 2007-06-13 06:17 PDT by David Kilzer (:ddkilzer)
Modified: 2007-06-28 19:47 PDT (History)
4 users (show)

See Also:


Attachments
Possible fix (1.29 KB, patch)
2007-06-27 16:43 PDT, mitz
no flags Details | Formatted Diff | Diff
Test case (will ASSERT) (785 bytes, text/html)
2007-06-28 06:49 PDT, mitz
no flags Details
Remove midLayout guards around non-layout calls (4.64 KB, patch)
2007-06-28 07:10 PDT, mitz
bdakin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2007-06-13 06:17:03 PDT
* SUMMARY
I hit an assertion failure logging into eHarmony.com last night.  It's the same assertion failure as the one from Bug 13155.  I was running Safari 3.0 beta with a local debug build of WebKit r22098 on Mac OS X 10.4.9 (8P135).

* STEPS TO REPRODUCE
1. Launch Safari/WebKit.
2. Go to URL:  http://www.eharmony.com/
3. Enter username and password, then click Submit.

NOTE: These steps are in theory; I haven't tried yet!

* NOTES

Console output:

ASSERTION FAILED: !needsLayout()
(/path/to/WebKit/WebCore/rendering/RenderView.cpp:139 virtual void WebCore::RenderView::paint(WebCore::RenderObject::PaintInfo&, int, int))
Segmentation fault

Stack trace:

Version:        3.0 (522.11)
Build Version:  2
Project Name:   WebBrowser
Source Version: 45221100

PID:    731
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore              	0x011ad64c WebCore::RenderView::paint(WebCore::RenderObject::PaintInfo&, int, int) + 112 (RenderView.cpp:139)
1   com.apple.WebCore              	0x011d0438 WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, bool, WebCore::PaintRestriction, WebCore::RenderObject*) + 1092 (RenderLayer.cpp:1474)
2   com.apple.WebCore              	0x011d0998 WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, WebCore::PaintRestriction, WebCore::RenderObject*) + 72 (RenderLayer.cpp:1394)
3   com.apple.WebCore              	0x010f2690 WebCore::Frame::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 800 (Frame.cpp:1273)
4   com.apple.WebCore              	0x0111f548 -[WebCoreFrameBridge drawRect:] + 372 (WebCoreFrameBridge.mm:409)
5   com.apple.WebKit               	0x003513d0 -[WebHTMLView drawSingleRect:] + 760 (WebHTMLView.mm:2638)
6   com.apple.WebKit               	0x0035187c -[WebHTMLView drawRect:] + 540 (WebHTMLView.mm:2693)
7   com.apple.AppKit               	0x937e7858 -[NSView _drawRect:clip:] + 2128
8   com.apple.AppKit               	0x937e6e18 -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 404
9   com.apple.WebKit               	0x00348398 -[WebHTMLView(WebPrivate) _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 796 (WebHTMLView.mm:900)
10  com.apple.AppKit               	0x937e9b60 _recursiveDisplayInRect2 + 84
11  com.apple.CoreFoundation       	0x907ee3ec CFArrayApplyFunction + 416
12  com.apple.AppKit               	0x937e6f2c -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 680
13  com.apple.AppKit               	0x937e9b60 _recursiveDisplayInRect2 + 84
14  com.apple.CoreFoundation       	0x907ee3ec CFArrayApplyFunction + 416
15  com.apple.AppKit               	0x937e6f2c -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 680
16  com.apple.AppKit               	0x937e9b60 _recursiveDisplayInRect2 + 84
17  com.apple.CoreFoundation       	0x907ee3ec CFArrayApplyFunction + 416
18  com.apple.AppKit               	0x937e6f2c -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 680
19  com.apple.AppKit               	0x937e63e0 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 196
20  com.apple.AppKit               	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
21  com.apple.AppKit               	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
22  com.apple.AppKit               	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
23  com.apple.AppKit               	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
24  com.apple.AppKit               	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
25  com.apple.AppKit               	0x93807044 -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 192
26  com.apple.AppKit               	0x937e0054 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 384
27  com.apple.AppKit               	0x937d5348 -[NSView displayIfNeeded] + 248
28  com.apple.AppKit               	0x937d51b8 -[NSWindow displayIfNeeded] + 180
29  com.apple.Safari               	0x000133d4 0x1000 + 74708
30  com.apple.AppKit               	0x937d5064 _handleWindowNeedsDisplay + 200
31  com.apple.CoreFoundation       	0x907de76c __CFRunLoopDoObservers + 352
32  com.apple.CoreFoundation       	0x907dea0c __CFRunLoopRun + 420
33  com.apple.CoreFoundation       	0x907de4ac CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox            	0x9329bb20 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox            	0x9329b1b4 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox            	0x9329b020 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit               	0x937a1ae4 _DPSNextEvent + 384
38  com.apple.AppKit               	0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.Safari               	0x00006770 0x1000 + 22384
40  com.apple.AppKit               	0x9379dcec -[NSApplication run] + 472
41  com.apple.AppKit               	0x9388e87c NSApplicationMain + 452
42  com.apple.Safari               	0x0000244c 0x1000 + 5196
43  com.apple.Safari               	0x0004f1b0 0x1000 + 319920
Comment 1 David Kilzer (:ddkilzer) 2007-06-13 06:17:38 PDT
Copying Beth since she fixed Bug 13155.

Comment 2 David Kilzer (:ddkilzer) 2007-06-13 10:31:25 PDT
Hmm...I may have been loading a message on Yahoo! Mail at the time as well.  Need to try to reproduce the Yahoo! bug on the Safari 3 beta to see if it's present.
Comment 3 David Kilzer (:ddkilzer) 2007-06-14 10:53:14 PDT
I saw this again, but was loading bugzilla.mozilla.org (along with some other pages, possibly).  Still haven't figured out the trigger or how to reproduce it.

Reproduced with Safari 3.0 Beta with a local debug build of WebKit r23502 with Mac OS X 10.4.9 (8P135).

Console output:

ASSERTION FAILED: !needsLayout()
(/path/to/WebKit/WebCore/rendering/RenderView.cpp:139 virtual void WebCore::RenderView::paint(WebCore::RenderObject::PaintInfo&, int, int))
Segmentation fault

Stack trace:

Version:        3.0 (522.11)
Build Version:  2
Project Name:   WebBrowser
Source Version: 45221100

PID:    643
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore        	0x011ad42c WebCore::RenderView::paint(WebCore::RenderObject::PaintInfo&, int, int) + 112 (RenderView.cpp:139)
1   com.apple.WebCore        	0x011d0218 WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, bool, WebCore::PaintRestriction, WebCore::RenderObject*) + 1092 (RenderLayer.cpp:1474)
2   com.apple.WebCore        	0x011d0778 WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, WebCore::PaintRestriction, WebCore::RenderObject*) + 72 (RenderLayer.cpp:1394)
3   com.apple.WebCore        	0x010f2470 WebCore::Frame::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 800 (Frame.cpp:1273)
4   com.apple.WebCore        	0x0111f328 -[WebCoreFrameBridge drawRect:] + 372 (WebCoreFrameBridge.mm:409)
5   com.apple.WebKit         	0x003513d0 -[WebHTMLView drawSingleRect:] + 760 (WebHTMLView.mm:2638)
6   com.apple.WebKit         	0x0035187c -[WebHTMLView drawRect:] + 540 (WebHTMLView.mm:2693)
7   com.apple.AppKit         	0x937e7858 -[NSView _drawRect:clip:] + 2128
8   com.apple.AppKit         	0x937e6e18 -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 404
9   com.apple.WebKit         	0x00348398 -[WebHTMLView(WebPrivate) _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 796 (WebHTMLView.mm:900)
10  com.apple.AppKit         	0x937e63e0 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 196
11  com.apple.WebKit         	0x00347fe8 -[WebHTMLView(WebPrivate) _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 520 (WebHTMLView.mm:854)
12  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
13  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
14  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
15  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
16  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
17  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
18  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
19  com.apple.AppKit         	0x937e69a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676
20  com.apple.AppKit         	0x93807044 -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 192
21  com.apple.AppKit         	0x937e0054 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 384
22  com.apple.AppKit         	0x937d5348 -[NSView displayIfNeeded] + 248
23  com.apple.AppKit         	0x937d51b8 -[NSWindow displayIfNeeded] + 180
24  com.apple.Safari         	0x000133d4 0x1000 + 74708
25  com.apple.AppKit         	0x937d5064 _handleWindowNeedsDisplay + 200
26  com.apple.CoreFoundation 	0x907de76c __CFRunLoopDoObservers + 352
27  com.apple.CoreFoundation 	0x907dea0c __CFRunLoopRun + 420
28  com.apple.CoreFoundation 	0x907de4ac CFRunLoopRunSpecific + 268
29  com.apple.HIToolbox      	0x9329bb20 RunCurrentEventLoopInMode + 264
30  com.apple.HIToolbox      	0x9329b12c ReceiveNextEventCommon + 244
31  com.apple.HIToolbox      	0x9329b020 BlockUntilNextEventMatchingListInMode + 96
32  com.apple.AppKit         	0x937a1ae4 _DPSNextEvent + 384
33  com.apple.AppKit         	0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
34  com.apple.Safari         	0x00006770 0x1000 + 22384
35  com.apple.AppKit         	0x9379dcec -[NSApplication run] + 472
36  com.apple.AppKit         	0x9388e87c NSApplicationMain + 452
37  com.apple.Safari         	0x0000244c 0x1000 + 5196
38  com.apple.Safari         	0x0004f1b0 0x1000 + 319920

Comment 4 David Kilzer (:ddkilzer) 2007-06-14 11:18:29 PDT
(In reply to comment #3)
> I saw this again, but was loading bugzilla.mozilla.org (along with some other
> pages, possibly).  Still haven't figured out the trigger or how to reproduce
> it.

Saw this logging into usps.com web site when trying to reproduce Bug 4151 with a local debug build of WebKit r23502 with Safari 3.0 (522.11) on Mac OS X 10.4.9 (8P135).

Comment 5 David Kilzer (:ddkilzer) 2007-06-15 11:10:23 PDT
(In reply to comment #4)
> Saw this logging into usps.com web site when trying to reproduce Bug 4151 with
> a local debug build of WebKit r23502 with Safari 3.0 (522.11) on Mac OS X
> 10.4.9 (8P135).

NOTE: This doesn't produce a crash every time--only when I don't want it to crash.

* STEPS TO REPRODUCE
1. Open Safari/WebKit.
2. Go to URL: https://sss-web.usps.com/
3. Click the "Sign In" button.

As I mentioned above, this doesn't happen every time, but I think it usually happens in a tab (that's not the left-most tab) more often than not.

Comment 6 David Kilzer (:ddkilzer) 2007-06-15 11:14:57 PDT
(In reply to comment #5)
> * STEPS TO REPRODUCE
> 1. Open Safari/WebKit.
> 2. Go to URL: https://sss-web.usps.com/
> 3. Click the "Sign In" button.
> 
> As I mentioned above, this doesn't happen every time, but I think it usually
> happens in a tab (that's not the left-most tab) more often than not.

If this doesn't crash the first time you hit it, try hitting Reload.

Comment 7 Glenn Howes 2007-06-16 19:21:01 PDT
I'm seeing the same thing on the main http://yahoo.com page
Comment 8 mitz 2007-06-27 16:22:07 PDT
At least on Yahoo, the bug seems to be due to the midLayout guards around the call to invalidateSelection() in FrameView::layout(). Those guards prevent layout from happening, and there's no guarantee that it will happen later before returning from FrameView::layout() (there is a call to scheduleRelayout near the end, but that call is: never supposed to be reached anyway, doesn't always guarantee a relayout, and the early return after it messes up the suspend/resume scheduled events mechanism).

I think the same applies to the guards around updateWidgetPositions(). If I remember correctly. both of the above were added on a speculative basis. I don't think they're needed.
Comment 9 mitz 2007-06-27 16:37:24 PDT
See bug 13455 comment #3 regarding the scheduleRelayout and early return being not supposed to be reached.
Comment 10 mitz 2007-06-27 16:43:43 PDT
Created attachment 15282 [details]
Possible fix
Comment 11 Alexey Proskuryakov 2007-06-27 22:15:28 PDT
Opening maps.google.com causes this assertion failure for me each time today. I haven't tried applying the patch.
Comment 12 mitz 2007-06-28 06:49:25 PDT
Created attachment 15289 [details]
Test case (will ASSERT)

The beloved updateLayoutIgnorePendingStylesheets() is involved in this case. It is called under invalidateSelection and -- since there are pending stylesheets -- it calls updateStyleSelector() which dirties the root. Normally the root gets a layout after that, but now because of the guard around invalidateSelection it doesn't.

I'm going to add this test case to the patch an submit for review.
Comment 13 mitz 2007-06-28 07:10:04 PDT
Created attachment 15290 [details]
Remove midLayout guards around non-layout calls
Comment 14 Beth Dakin 2007-06-28 13:28:42 PDT
Comment on attachment 15290 [details]
Remove midLayout guards around non-layout calls

This looks good to me.
Comment 15 Sam Weinig 2007-06-28 19:47:26 PDT
Landed in r23866.