54123 2011-02-09 11:27:14 -0800 Assertion failure in BackingStore::BackingStore if new WebPage becomes active before receiving a size 2011-02-10 04:42:49 -0800 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) PC Windows XP RESOLVED FIXED InRadar, PlatformOnly P2 Normal --- 53805 1 aroben webkit-unassigned andersca oldest_to_newest 348403 0 aroben 2011-02-09 11:27:14 -0800 If a new WebPage becomes active before it receives a size, you'll hit this assertion in BackingStore::BackingStore: ASSERT(!m_size.isEmpty()); Continuing past the assertion shows no bad effects, so presumably Release builds are unaffected. Here's the backtrace: > WebKit.dll!WebKit::BackingStore::BackingStore(const WebCore::IntSize & size={...}, WebKit::WebPageProxy * webPageProxy=0x09755c90) Line 49 + 0x2d bytes C++ WebKit.dll!WebKit::BackingStore::create(const WebCore::IntSize & size={...}, WebKit::WebPageProxy * webPageProxy=0x09755c90) Line 42 + 0x23 bytes C++ WebKit.dll!WebKit::DrawingAreaProxyImpl::incorporateUpdate(const WebKit::UpdateInfo & updateInfo={...}) Line 203 + 0x14 bytes C++ WebKit.dll!WebKit::DrawingAreaProxyImpl::update(unsigned __int64 sequenceNumber=2, const WebKit::UpdateInfo & updateInfo={...}) Line 142 C++ WebKit.dll!CoreIPC::callMemberFunction<WebKit::DrawingAreaProxy,void (__thiscall WebKit::DrawingAreaProxy::*)(unsigned __int64,WebKit::UpdateInfo const &),unsigned __int64,WebKit::UpdateInfo>(const CoreIPC::Arguments2<unsigned __int64,WebKit::UpdateInfo> & args={...}, WebKit::DrawingAreaProxy * object=0x0972f508, void (unsigned __int64, const WebKit::UpdateInfo &)* function=0x0382cab3) Line 25 + 0x19 bytes C++ WebKit.dll!CoreIPC::handleMessage<Messages::DrawingAreaProxy::Update,WebKit::DrawingAreaProxy,void (__thiscall WebKit::DrawingAreaProxy::*)(unsigned __int64,WebKit::UpdateInfo const &)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x0a218f28, WebKit::DrawingAreaProxy * object=0x0972f508, void (unsigned __int64, const WebKit::UpdateInfo &)* function=0x0382cab3) Line 246 + 0x11 bytes C++ WebKit.dll!WebKit::DrawingAreaProxy::didReceiveDrawingAreaProxyMessage(CoreIPC::Connection * __formal=0x07943920, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0a218f28) Line 41 + 0x12 bytes C++ WebKit.dll!WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07943920, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0a218f28) Line 1169 C++ WebKit.dll!WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection * connection=0x07943920, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0a218f28) Line 245 C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 450 + 0x31 bytes C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 76 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 63 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x00190762, unsigned int message=1025, unsigned int wParam=115649320, long lParam=0) Line 57 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x00190762, unsigned int message=1025, unsigned int wParam=115649320, long lParam=0) Line 39 + 0x18 bytes C++ 348404 1 aroben 2011-02-09 11:27:24 -0800 <rdar://problem/8978383> 348406 2 aroben 2011-02-09 11:28:10 -0800 It looks like we end up scheduling a display in the web process before the WebPage has received a size. The display is being scheduled at this point: > WebKit.dll!WebKit::DrawingAreaImpl::scheduleDisplay() Line 334 C++ WebKit.dll!WebKit::DrawingAreaImpl::setNeedsDisplay(const WebCore::IntRect & rect={...}) Line 87 C++ WebKit.dll!WebKit::WebChromeClient::invalidateContentsAndWindow(const WebCore::IntRect & rect={...}, bool __formal=false) Line 362 + 0x21 bytes C++ WebKit.dll!WebCore::Chrome::invalidateContentsAndWindow(const WebCore::IntRect & updateRect={...}, bool immediate=false) Line 77 + 0x20 bytes C++ WebKit.dll!WebCore::FrameView::invalidateRect(const WebCore::IntRect & rect={...}) Line 316 + 0x2e bytes C++ WebKit.dll!WebCore::FrameView::invalidateScrollbarRect(WebCore::Scrollbar * scrollbar=0x022f8ab8, const WebCore::IntRect & rect={...}) Line 2012 + 0x17 bytes C++ WebKit.dll!WebCore::Scrollbar::invalidateRect(const WebCore::IntRect & rect={...}) Line 453 + 0x1d bytes C++ WebKit.dll!WebCore::Widget::invalidate() Line 166 + 0x3a bytes C++ WebKit.dll!WebCore::Scrollbar::setEnabled(bool e=false) Line 432 C++ WebKit.dll!WebCore::ScrollView::updateScrollbars(const WebCore::IntSize & desiredOffset={...}) Line 555 + 0x38 bytes C++ WebKit.dll!WebCore::ScrollView::setScrollbarModes(WebCore::ScrollbarMode horizontalMode=ScrollbarAuto, WebCore::ScrollbarMode verticalMode=ScrollbarAlwaysOn, bool horizontalLock=false, bool verticalLock=false) Line 161 C++ WebKit.dll!WebCore::ScrollView::setVerticalScrollbarMode(WebCore::ScrollbarMode mode=ScrollbarAlwaysOn, bool lock=false) Line 94 + 0x30 bytes C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 859 C++ WebKit.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() Line 2311 C++ WebKit.dll!WebCore::FocusController::setActive(bool active=true) Line 409 C++ WebKit.dll!WebKit::WebPage::setActive(bool isActive=true) Line 1061 C++ WebKit.dll!CoreIPC::callMemberFunction<WebKit::WebPage,void (__thiscall WebKit::WebPage::*)(bool),bool>(const CoreIPC::Arguments1<bool> & args={...}, WebKit::WebPage * object=0x022fd148, void (bool)* function=0x10005d53) Line 19 + 0x11 bytes C++ WebKit.dll!CoreIPC::handleMessage<Messages::WebPage::SetActive,WebKit::WebPage,void (__thiscall WebKit::WebPage::*)(bool)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x0231d308, WebKit::WebPage * object=0x022fd148, void (bool)* function=0x10005d53) Line 246 + 0x15 bytes C++ WebKit.dll!WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection * __formal=0x022be3a0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0231d308) Line 48 + 0x23 bytes C++ WebKit.dll!WebKit::WebPage::didReceiveMessage(CoreIPC::Connection * connection=0x022be3a0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0231d308) Line 1718 C++ WebKit.dll!WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection * connection=0x022be3a0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x0231d308) Line 539 C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 450 + 0x31 bytes C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 76 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 63 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x002f0a44, unsigned int message=1025, unsigned int wParam=36335296, long lParam=0) Line 57 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x002f0a44, unsigned int message=1025, unsigned int wParam=36335296, long lParam=0) Line 39 + 0x18 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes WebKit.dll!RunLoop::run() Line 73 + 0xc bytes C++ WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++ WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 48 + 0x9 bytes C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 172 + 0x9 bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 66 + 0x18 bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes I.e., the WebPage is becoming active, so invalidates its scrollbar, which is non-zero-sized due to this code in Scrollbar::Scrollbar: // FIXME: This is ugly and would not be necessary if we fix cross-platform code to actually query for // scrollbar thickness and use it when sizing scrollbars (rather than leaving one dimension of the scrollbar // alone when sizing). int thickness = m_theme->scrollbarThickness(controlSize); Widget::setFrameRect(IntRect(0, 0, thickness, thickness)); I think we should not schedule a display at all in this case, since the WebPage is zero-sized. 348408 3 81840 aroben 2011-02-09 11:30:54 -0800 Created attachment 81840 Don't invalidate outside of the WebPage's bounds 348942 4 aroben 2011-02-10 04:42:49 -0800 Committed r78197: <http://trac.webkit.org/changeset/78197> 81840 2011-02-09 11:30:54 -0800 2011-02-09 11:36:51 -0800 Don't invalidate outside of the WebPage's bounds bug-54123-20110209143052.patch text/plain 2421 aroben U3VidmVyc2lvbiBSZXZpc2lvbjogNzgwNTQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCAwMTQ2MmQyYTFjMTczOTYw YjdlZDhlYmRmMDRiMTQzZDE3MWE3N2MyLi5jMzcwYTQ2NjgyMTkyMmU1YTZjZWU0MTQ2MTAxN2Nm M2E2MDVmNTMyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMjAgQEAKIDIwMTEtMDItMDkgIEFkYW0g Um9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgogCisgICAgICAgIERvbid0IGludmFsaWRhdGUgb3V0 c2lkZSBvZiB0aGUgV2ViUGFnZSdzIGJvdW5kcworCisgICAgICAgIEZpeGVzIDxodHRwOi8vd2Vi a2l0Lm9yZy9iLzU0MTIzPiA8cmRhcjovL3Byb2JsZW0vODk3ODM4Mz4gQXNzZXJ0aW9uIGZhaWx1 cmUgaW4KKyAgICAgICAgQmFja2luZ1N0b3JlOjpCYWNraW5nU3RvcmUgaWYgYSBuZXcgV2ViUGFn ZSBiZWNvbWVzIGFjdGl2ZSBiZWZvcmUgcmVjZWl2aW5nIGEgc2l6ZQorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogV2ViUHJvY2Vzcy9XZWJQYWdlL0Ry YXdpbmdBcmVhSW1wbC5jcHA6CisgICAgICAgIChXZWJLaXQ6OkRyYXdpbmdBcmVhSW1wbDo6c2V0 TmVlZHNEaXNwbGF5KTogSW50ZXJzZWN0IHRoZSBkaXJ0eSByZWN0IHdpdGggb3VyIGJvdW5kcyBi ZWZvcmUKKyAgICAgICAgZG9pbmcgYW55dGhpbmcgZWxzZS4KKyAgICAgICAgKFdlYktpdDo6RHJh d2luZ0FyZWFJbXBsOjpkaXNwbGF5KTogQWRkZWQgYW4gYXNzZXJ0aW9uIHRvIGhlbHAgY2F0Y2gg dGhlIGJhZCBjYXNlIGEgbGl0dGxlCisgICAgICAgIGVhcmxpZXIuCisKKzIwMTEtMDItMDkgIEFk YW0gUm9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgorCiAgICAgICAgIEhpZGUgdGhlIHVnbHkgZGV0 YWlscyBvZiBXZWJWaWV3OjptX3dpbmRvdyBpbml0aWFsaXphdGlvbiBmcm9tIFdlYlBhZ2VQcm94 eSwgYW5kIG1ha2UgaXQKICAgICAgICAgbGVzcyB1Z2x5CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9X ZWJLaXQyL1dlYlByb2Nlc3MvV2ViUGFnZS9EcmF3aW5nQXJlYUltcGwuY3BwIGIvU291cmNlL1dl YktpdDIvV2ViUHJvY2Vzcy9XZWJQYWdlL0RyYXdpbmdBcmVhSW1wbC5jcHAKaW5kZXggZDI3OGY1 NzI2MGM3NGQ3OWE1ODExNzRjNjdjZmMwNGEwOGU1MjI5Yi4uNmZiOTNhMDUyNjU5YWNlNzhhOTA2 NWMyOTA5ZmQzZDJjOGFlN2ZjZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vz cy9XZWJQYWdlL0RyYXdpbmdBcmVhSW1wbC5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJv Y2Vzcy9XZWJQYWdlL0RyYXdpbmdBcmVhSW1wbC5jcHAKQEAgLTY5LDE3ICs2OSwyMCBAQCBEcmF3 aW5nQXJlYUltcGw6OkRyYXdpbmdBcmVhSW1wbChXZWJQYWdlKiB3ZWJQYWdlLCBjb25zdCBXZWJQ YWdlQ3JlYXRpb25QYXJhbWV0ZQogCiB2b2lkIERyYXdpbmdBcmVhSW1wbDo6c2V0TmVlZHNEaXNw bGF5KGNvbnN0IEludFJlY3QmIHJlY3QpCiB7Ci0gICAgaWYgKHJlY3QuaXNFbXB0eSgpKQorICAg IEludFJlY3QgZGlydHlSZWN0ID0gcmVjdDsKKyAgICBkaXJ0eVJlY3QuaW50ZXJzZWN0KG1fd2Vi UGFnZS0+Ym91bmRzKCkpOworCisgICAgaWYgKGRpcnR5UmVjdC5pc0VtcHR5KCkpCiAgICAgICAg IHJldHVybjsKIAogICAgIGlmIChtX2xheWVyVHJlZUhvc3QpIHsKICAgICAgICAgQVNTRVJUKG1f ZGlydHlSZWdpb24uaXNFbXB0eSgpKTsKIAotICAgICAgICBtX2xheWVyVHJlZUhvc3QtPnNldE5v bkNvbXBvc2l0ZWRDb250ZW50c05lZWREaXNwbGF5KHJlY3QpOworICAgICAgICBtX2xheWVyVHJl ZUhvc3QtPnNldE5vbkNvbXBvc2l0ZWRDb250ZW50c05lZWREaXNwbGF5KGRpcnR5UmVjdCk7CiAg ICAgICAgIHJldHVybjsKICAgICB9CiAgICAgCi0gICAgbV9kaXJ0eVJlZ2lvbi51bml0ZShyZWN0 KTsKKyAgICBtX2RpcnR5UmVnaW9uLnVuaXRlKGRpcnR5UmVjdCk7CiAgICAgc2NoZWR1bGVEaXNw bGF5KCk7CiB9CiAKQEAgLTM4MCw2ICszODMsNyBAQCB2b2lkIERyYXdpbmdBcmVhSW1wbDo6ZGlz cGxheShVcGRhdGVJbmZvJiB1cGRhdGVJbmZvKQogewogICAgIEFTU0VSVCghbV9pc1BhaW50aW5n U3VzcGVuZGVkKTsKICAgICBBU1NFUlQoIW1fbGF5ZXJUcmVlSG9zdCk7CisgICAgQVNTRVJUKCFt X3dlYlBhZ2UtPnNpemUoKS5pc0VtcHR5KCkpOwogCiAgICAgLy8gRklYTUU6IEl0IHdvdWxkIGJl IGJldHRlciBpZiB3ZSBjb3VsZCBhdm9pZCBwYWludGluZyBhbHRvZ2V0aGVyIHdoZW4gdGhlcmUg aXMgYSBjdXN0b20gcmVwcmVzZW50YXRpb24uCiAgICAgaWYgKG1fd2ViUGFnZS0+bWFpbkZyYW1l SGFzQ3VzdG9tUmVwcmVzZW50YXRpb24oKSkK