103714 2012-11-29 23:49:35 -0800 [CoordinatedGraphics] Crash in TextureMapperLayer::setBackingStore() 2012-12-02 02:30:35 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 cdumez noam dongseong.hwang jturcotte kenneth noam webkit.review.bot zeno oldest_to_newest 779858 0 cdumez 2012-11-29 23:49:35 -0800 I sometimes get a crash in TextureMapperLayer::setBackingStore() when running the compositing layout tests. It is not very easy to reproduce but I basically do the following: Tools/Scripts/run-webkit-tests --debug --efl -2 --repeat-each=5 compositing I'm not quite sure what the source of the issue is yet. Sadly, I'm busy with something else at the moment so I'm filing a bug in hope someone has some time to investigate this issue before I do. The backtrace looks like: crash log for WebKitTestRunner (pid 19564): STDOUT: <empty> STDERR: 1 0x7f03ab762b67 STDERR: 2 0x7f03a3cd6cb0 STDERR: 3 0x4215a2 WTF::RefCountedBase::derefBase() STDERR: 4 0x7f03a7f988d4 WTF::RefCounted<WebCore::TextureMapperBackingStore>::deref() STDERR: 5 0x7f03a7f98308 void WTF::derefIfNotNull<WebCore::TextureMapperBackingStore>(WebCore::TextureMapperBackingStore*) STDERR: 6 0x7f03a896f5a2 WTF::RefPtr<WebCore::TextureMapperBackingStore>::operator=(WTF::PassRefPtr<WebCore::TextureMapperBackingStore> const&) STDERR: 7 0x7f03a896f290 WebCore::TextureMapperLayer::setBackingStore(WTF::PassRefPtr<WebCore::TextureMapperBackingStore>) STDERR: 8 0x7f03a4a5d6b9 WebKit::LayerTreeRenderer::commitPendingBackingStoreOperations() STDERR: 9 0x7f03a4a5d7aa WebKit::LayerTreeRenderer::flushLayerChanges() STDERR: 10 0x7f03a4a5a91c WTF::FunctionWrapper<void (WebKit::LayerTreeRenderer::*)()>::operator()(WebKit::LayerTreeRenderer*) STDERR: 11 0x7f03a4a59f3c WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (WebKit::LayerTreeRenderer::*)()>, void (WebKit::LayerTreeRenderer*)>::operator()() STDERR: 12 0x7f03ab797472 WTF::Function<void ()>::operator()() const STDERR: 13 0x7f03a4a5dabe WebKit::LayerTreeRenderer::syncRemoteContent() STDERR: 14 0x7f03a4a5b243 WebKit::LayerTreeRenderer::paintToCurrentGLContext(WebCore::TransformationMatrix const&, float, WebCore::FloatRect const&, unsigned int) STDERR: 15 0x7f03a4b8f236 EwkViewImpl::displayTimerFired(WebCore::Timer<EwkViewImpl>*) STDERR: 16 0x7f03a4b96884 WebCore::Timer<EwkViewImpl>::fired() STDERR: 17 0x7f03a7f0ab1e WebCore::ThreadTimers::sharedTimerFiredInternal() STDERR: 18 0x7f03a7f0aa3f WebCore::ThreadTimers::sharedTimerFired() STDERR: 19 0x7f03a891dd25 STDERR: 20 0x7f03abd0146e _ecore_timer_expired_call STDERR: 21 0x7f03abd0163b _ecore_timer_expired_timers_call STDERR: 22 0x7f03abcfe551 STDERR: 23 0x7f03abcfebe7 ecore_main_loop_begin STDERR: 24 0x433a69 WTR::TestController::platformRunUntil(bool&, double) STDERR: 25 0x41eb90 WTR::TestController::runUntil(bool&, WTR::TestController::TimeoutDuration) STDERR: 26 0x41e0ad WTR::TestController::resetStateToConsistentValues() STDERR: 27 0x425d06 WTR::TestInvocation::invoke() STDERR: 28 0x41e8c8 WTR::TestController::runTest(char const*) STDERR: 29 0x41ea01 WTR::TestController::runTestingServerLoop() STDERR: 30 0x41ea9b WTR::TestController::run() STDERR: 31 0x41c4b1 WTR::TestController::TestController(int, char const**) STDERR: LEAK: 1 WebPageProxy STDERR: LEAK: 1 WebContext STDERR: LEAK: 4 WebCoreNode 780120 1 176968 noam 2012-11-30 07:55:13 -0800 Created attachment 176968 Patch 780125 2 cdumez 2012-11-30 08:07:53 -0800 View in context: https://bugs.webkit.org/attachment.cgi?id=176968&action=review > Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:462 > + if (m_pendingSyncBackingStores.contains(layer)) { Why did you remove those lines? The difference seems to be that you are removing pending backing store removals as well, not just pending addition? The Changelog does not seem to explain this change. 780126 3 176968 jturcotte 2012-11-30 08:08:15 -0800 Comment on attachment 176968 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=176968&action=review > Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:463 > + if (m_pendingSyncBackingStores.contains(layer)) { > + m_pendingSyncBackingStores.remove(layer); What about the case where m_pendingSyncBackingStores[layer] == 0? That would mean that you remove the removal. So basically calling removeBackingStoreIfNeeded twice with the same layer would end up not removing it. 780131 4 noam 2012-11-30 08:16:00 -0800 (In reply to comment #3) > (From update of attachment 176968 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=176968&action=review > > > Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:463 > > + if (m_pendingSyncBackingStores.contains(layer)) { > > + m_pendingSyncBackingStores.remove(layer); > > What about the case where m_pendingSyncBackingStores[layer] == 0? That would mean that you remove the removal. > So basically calling removeBackingStoreIfNeeded twice with the same layer would end up not removing it. You're right, I'll remove those lines. 780133 5 176973 noam 2012-11-30 08:18:56 -0800 Created attachment 176973 Patch 780136 6 176973 cdumez 2012-11-30 08:21:00 -0800 Comment on attachment 176973 Patch Looks good. 780889 7 176973 webkit.review.bot 2012-12-02 02:30:30 -0800 Comment on attachment 176973 Patch Clearing flags on attachment: 176973 Committed r136322: <http://trac.webkit.org/changeset/136322> 780890 8 webkit.review.bot 2012-12-02 02:30:35 -0800 All reviewed patches have been landed. Closing bug. 176968 2012-11-30 07:55:13 -0800 2012-11-30 08:18:53 -0800 Patch bug-103714-20121130075245.patch text/plain 2275 noam U3VidmVyc2lvbiBSZXZpc2lvbjogMTM2MjI5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYmI5NGZkYjI2NmJjOThh OWZmZTc4NzI1ODY4MzM0NzBjOGM4ODRiMy4uMDJkZGE1Y2QxNmUyODBmYzUyMTZhMGI2MDk0NDAz OGU5MTk4MmMxMiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDEyLTExLTMwICBObydh bSBSb3NlbnRoYWwgIDxub2FtQHdlYmtpdC5vcmc+CisKKyAgICAgICAgW0Nvb3JkaW5hdGVkR3Jh cGhpY3NdIENyYXNoIGluIFRleHR1cmVNYXBwZXJMYXllcjo6c2V0QmFja2luZ1N0b3JlKCkKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwMzcxNAorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFJlbW92ZSBhIGxh eWVyIGZyb20gdGhlIG1fcGVuZGluZ1N5bmNCYWNraW5nU3RvcmVzIG1hcCB3aGVuIGl0J3MgZGVs ZXRlZC4KKworICAgICAgICAqIFVJUHJvY2Vzcy9Db29yZGluYXRlZEdyYXBoaWNzL0xheWVyVHJl ZVJlbmRlcmVyLmNwcDoKKyAgICAgICAgKFdlYktpdDo6TGF5ZXJUcmVlUmVuZGVyZXI6OmRlbGV0 ZUxheWVyKToKKyAgICAgICAgKFdlYktpdDo6TGF5ZXJUcmVlUmVuZGVyZXI6OnJlbW92ZUJhY2tp bmdTdG9yZUlmTmVlZGVkKToKKwogMjAxMi0xMS0zMCAgWmVubyBBbGJpc3NlciAgPHplbm9Ad2Vi a2l0Lm9yZz4KIAogICAgICAgICBbUXRdIEVuYWJsZSBXZWJHTCBieSBkZWZhdWx0LgpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0Nvb3JkaW5hdGVkR3JhcGhpY3MvTGF5ZXJU cmVlUmVuZGVyZXIuY3BwIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0Nvb3JkaW5hdGVkR3Jh cGhpY3MvTGF5ZXJUcmVlUmVuZGVyZXIuY3BwCmluZGV4IDcxYzRiY2JkNjlkZDY0MTJiYzhmZWYx YmExMWRmNzI1YzM3ZjdlMTkuLmJmNDcwMjdjOTRkNjIxMDVmOTRhYzhhNDcxYjFmNzZkOGEyNDlh ZjAgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9Db29yZGluYXRlZEdyYXBo aWNzL0xheWVyVHJlZVJlbmRlcmVyLmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3Mv Q29vcmRpbmF0ZWRHcmFwaGljcy9MYXllclRyZWVSZW5kZXJlci5jcHAKQEAgLTM2OCw2ICszNjgs NyBAQCB2b2lkIExheWVyVHJlZVJlbmRlcmVyOjpkZWxldGVMYXllcihXZWJMYXllcklEIGxheWVy SUQpCiAgICAgICAgIHJldHVybjsKIAogICAgIGxheWVyLT5yZW1vdmVGcm9tUGFyZW50KCk7Cisg ICAgbV9wZW5kaW5nU3luY0JhY2tpbmdTdG9yZXMucmVtb3ZlKHRvVGV4dHVyZU1hcHBlckxheWVy KGxheWVyLmdldCgpKSk7CiAgICAgbV9maXhlZExheWVycy5yZW1vdmUobGF5ZXJJRCk7CiAjaWYg VVNFKEdSQVBISUNTX1NVUkZBQ0UpCiAgICAgbV9zdXJmYWNlQmFja2luZ1N0b3Jlcy5yZW1vdmUo bGF5ZXJJRCk7CkBAIC00NTgsMTQgKzQ1OSw4IEBAIHZvaWQgTGF5ZXJUcmVlUmVuZGVyZXI6OnJl bW92ZUJhY2tpbmdTdG9yZUlmTmVlZGVkKEdyYXBoaWNzTGF5ZXIqIGdyYXBoaWNzTGF5ZXIpCiAg ICAgVGV4dHVyZU1hcHBlckxheWVyKiBsYXllciA9IHRvVGV4dHVyZU1hcHBlckxheWVyKGdyYXBo aWNzTGF5ZXIpOwogICAgIEFTU0VSVChsYXllcik7CiAKLSAgICAvLyBDaGVjayBpZiB0aGUgbGF5 b3V0IGFscmVhZHkgaGFzIGEgYmFja2luZyBzdG9yZSAoY29tbWl0dGVkIG9yIHBlbmRpbmcpLgot ICAgIEJhY2tpbmdTdG9yZU1hcDo6aXRlcmF0b3IgaXQgPSBtX3BlbmRpbmdTeW5jQmFja2luZ1N0 b3Jlcy5maW5kKGxheWVyKTsKLSAgICBpZiAoaXQgIT0gbV9wZW5kaW5nU3luY0JhY2tpbmdTdG9y ZXMuZW5kKCkpIHsKLSAgICAgICAgaWYgKGl0LT52YWx1ZSkgewotICAgICAgICAgICAgLy8gVGhl cmUgaXMgYSBwZW5kaW5nIGFkZGl0aW9uLCBjYW5jZWwgaXQuCi0gICAgICAgICAgICBtX3BlbmRp bmdTeW5jQmFja2luZ1N0b3Jlcy5yZW1vdmUoaXQpOwotICAgICAgICB9Ci0gICAgICAgIC8vIFRo ZXJlIGlzIGFscmVhZHkgYSBwZW5kaW5nIHJlbW92YWwuCisgICAgaWYgKG1fcGVuZGluZ1N5bmNC YWNraW5nU3RvcmVzLmNvbnRhaW5zKGxheWVyKSkgeworICAgICAgICBtX3BlbmRpbmdTeW5jQmFj a2luZ1N0b3Jlcy5yZW1vdmUobGF5ZXIpOwogICAgICAgICByZXR1cm47CiAgICAgfQogCg== 176973 2012-11-30 08:18:56 -0800 2012-12-02 02:30:30 -0800 Patch bug-103714-20121130081628.patch text/plain 1484 noam U3VidmVyc2lvbiBSZXZpc2lvbjogMTM2MjI5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYmI5NGZkYjI2NmJjOThh OWZmZTc4NzI1ODY4MzM0NzBjOGM4ODRiMy4uNTRhZjhiMGQzY2Q2MWE1ZGUxZDMyNmE0ODdjMDYz MWJjZGVlN2IzMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDEyLTExLTMwICBObydh bSBSb3NlbnRoYWwgIDxub2FtQHdlYmtpdC5vcmc+CisKKyAgICAgICAgW0Nvb3JkaW5hdGVkR3Jh cGhpY3NdIENyYXNoIGluIFRleHR1cmVNYXBwZXJMYXllcjo6c2V0QmFja2luZ1N0b3JlKCkKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwMzcxNAorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFJlbW92ZSBhIGxh eWVyIGZyb20gdGhlIG1fcGVuZGluZ1N5bmNCYWNraW5nU3RvcmVzIG1hcCB3aGVuIGl0IGlzIGRl bGV0ZWQuCisKKyAgICAgICAgKiBVSVByb2Nlc3MvQ29vcmRpbmF0ZWRHcmFwaGljcy9MYXllclRy ZWVSZW5kZXJlci5jcHA6CisgICAgICAgIChXZWJLaXQ6OkxheWVyVHJlZVJlbmRlcmVyOjpkZWxl dGVMYXllcik6CisKIDIwMTItMTEtMzAgIFplbm8gQWxiaXNzZXIgIDx6ZW5vQHdlYmtpdC5vcmc+ CiAKICAgICAgICAgW1F0XSBFbmFibGUgV2ViR0wgYnkgZGVmYXVsdC4KZGlmZiAtLWdpdCBhL1Nv dXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9Db29yZGluYXRlZEdyYXBoaWNzL0xheWVyVHJlZVJlbmRl cmVyLmNwcCBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9Db29yZGluYXRlZEdyYXBoaWNzL0xh eWVyVHJlZVJlbmRlcmVyLmNwcAppbmRleCA3MWM0YmNiZDY5ZGQ2NDEyYmM4ZmVmMWJhMTFkZjcy NWMzN2Y3ZTE5Li43Yzk2ZjQxN2M4MWUwNmM2MjMxNzkxOWRiMDMyMDllZjdjN2M2MDQ5IDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQ29vcmRpbmF0ZWRHcmFwaGljcy9MYXll clRyZWVSZW5kZXJlci5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0Nvb3JkaW5h dGVkR3JhcGhpY3MvTGF5ZXJUcmVlUmVuZGVyZXIuY3BwCkBAIC0zNjgsNiArMzY4LDcgQEAgdm9p ZCBMYXllclRyZWVSZW5kZXJlcjo6ZGVsZXRlTGF5ZXIoV2ViTGF5ZXJJRCBsYXllcklEKQogICAg ICAgICByZXR1cm47CiAKICAgICBsYXllci0+cmVtb3ZlRnJvbVBhcmVudCgpOworICAgIG1fcGVu ZGluZ1N5bmNCYWNraW5nU3RvcmVzLnJlbW92ZSh0b1RleHR1cmVNYXBwZXJMYXllcihsYXllci5n ZXQoKSkpOwogICAgIG1fZml4ZWRMYXllcnMucmVtb3ZlKGxheWVySUQpOwogI2lmIFVTRShHUkFQ SElDU19TVVJGQUNFKQogICAgIG1fc3VyZmFjZUJhY2tpbmdTdG9yZXMucmVtb3ZlKGxheWVySUQp Owo=