59212 2011-04-22 10:45:42 -0700 [chromium] Regression: r84631 causes crashes on Chromium GPU canvas tests 2011-04-22 16:18:49 -0700 1 1 1 Unclassified WebKit Canvas 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 enne enne abarth enne eric jamesr mdelaney7 rolandsteiner simon.fraser webkit.review.bot oldest_to_newest 390882 0 enne 2011-04-22 10:45:42 -0700 http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20GPU%20Mesa%20-%20chromium.org&tests=canvas%2Fphilip%2Ftests%2F2d.clearRect.negative.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.canvas.destination-over.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.clip.destination-out.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.globalAlpha.default.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.image.destination-over.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.operation.default.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.transparent.lighter.html%2Ccanvas%2Fphilip%2Ftests%2F2d.composite.uncovered.fill.source-out.html%2Ccanvas%2Fphilip%2Ftests%2F2d.drawImage.9arg.sourcepos.html%2Ccanvas%2Fphilip%2Ftests%2F2d.drawImage.floatsource.html%2Ccanvas%2Fphilip%2Ftests%2F2d.drawImage.nonfinite.html%2Ccanvas%2Fphilip%2Ftests%2F2d.drawImage.zerosource.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.get.semitransparent.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.hsl-1.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.hsla-1.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.invalid.hex2.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.invalid.hsl-4.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.invalid.rgb-2.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.invalid.rgba-5.html%2Ccanvas%2Fphilip%2Ftests%2F2d.fillStyle.parse.rgb-percent.html This only seems to repro locally for me in DRT and only if I run more than single test. 390896 1 simon.fraser 2011-04-22 10:55:44 -0700 Seems like your code has unmatched save/restore then? 390899 2 enne 2011-04-22 10:58:35 -0700 It's segfaulting, not asserting. Not to say we probably don't have mismatched save and restores somewhere too. 390904 3 enne 2011-04-22 11:04:52 -0700 Simon, I suspect your change just unearthed some preexisting Chromium bug here, but I figured I'd put you on the CC list. Didn't want you to feel left out. ;) I'm still investigating what's going on. It looks like the m_context.clear() call in HTMLCanvasElement changed the destruction order and some other Chromium-only pointer also needs to get cleaned up. 390992 4 enne 2011-04-22 13:08:59 -0700 James: this is crashing in PlatformContextSkia (the one owned by the ImageBufferData owned by the ImageBuffer owned by the HTMLCanvasElement). In the destructor, either m_gpuCanvas or m_gpuCanvas->drawingBuffer() is a stale pointer (or both). Maybe CanvasRenderingContext2D should clear its shared graphics context in the destructor? 390996 5 90747 enne 2011-04-22 13:10:45 -0700 Created attachment 90747 Patch 391010 6 90747 simon.fraser 2011-04-22 13:37:37 -0700 Comment on attachment 90747 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90747&action=review > Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:162 > + if (GraphicsContext* c = drawingContext()) > + c->setSharedGraphicsContext3D(0, 0, IntSize()); Would be nice to use 'context' instead of 'c' as I do above. 391015 7 enne 2011-04-22 13:40:32 -0700 (In reply to comment #6) > (From update of attachment 90747 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=90747&action=review > > > Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:162 > > + if (GraphicsContext* c = drawingContext()) > > + c->setSharedGraphicsContext3D(0, 0, IntSize()); > > Would be nice to use 'context' instead of 'c' as I do above. Sure. I'll fix that before landing. 391052 8 enne 2011-04-22 14:17:59 -0700 Committed r84680: <http://trac.webkit.org/changeset/84680> 391208 9 webkit.review.bot 2011-04-22 16:18:49 -0700 http://trac.webkit.org/changeset/84680 might have broken GTK Linux 64-bit Debug 90747 2011-04-22 13:10:45 -0700 2011-04-22 13:37:37 -0700 Patch bug-59212-20110422131044.patch text/plain 1360 enne U3VidmVyc2lvbiBSZXZpc2lvbjogODQ2MzQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA1NDZiYThiOGYxZDEyYWU0 MTg0Y2FhMTY3M2NjNjJiYTZkNjMyNjI0Li43NzliZWQ5ZWRmOGFkODQ3ZTM5Y2M3OTM3NDRhNmJh MDJhZmI0ODY5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTEtMDQtMjIgIEFkcmll bm5lIFdhbGtlciAgPGVubmVAZ29vZ2xlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JP RFkgKE9PUFMhKS4KKworICAgICAgICBDbGVhciBzaGFyZWQgZ3JhcGhpY3Mgd2hlbiBkZXN0cm95 aW5nIENhbnZhc1JlbmRlcmluZ0NvbnRleHQyRC4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTU5MjEyCisKKyAgICAgICAgKiBodG1sL2NhbnZhcy9DYW52 YXNSZW5kZXJpbmdDb250ZXh0MkQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q2FudmFzUmVuZGVy aW5nQ29udGV4dDJEOjp+Q2FudmFzUmVuZGVyaW5nQ29udGV4dDJEKToKKwogMjAxMS0wNC0yMSAg TU9SSVRBIEhhamltZSAgPG1vcnJpdGFAZ29vZ2xlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBi eSBEaW1pdHJpIEdsYXprb3YuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9odG1sL2NhbnZh cy9DYW52YXNSZW5kZXJpbmdDb250ZXh0MkQuY3BwIGIvU291cmNlL1dlYkNvcmUvaHRtbC9jYW52 YXMvQ2FudmFzUmVuZGVyaW5nQ29udGV4dDJELmNwcAppbmRleCBjZjkwYWUxYTRmOGE4NWRlNTMz ZjE0YzNlZGI3Y2I0YjVmYWYyY2FiLi4zMjkzM2EzNDhlNmYwNjJkNWE2YzliMzEyOTUzZWQ4Mjcx MmJjODE3IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9odG1sL2NhbnZhcy9DYW52YXNSZW5k ZXJpbmdDb250ZXh0MkQuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2h0bWwvY2FudmFzL0NhbnZh c1JlbmRlcmluZ0NvbnRleHQyRC5jcHAKQEAgLTE1Niw2ICsxNTYsMTEgQEAgQ2FudmFzUmVuZGVy aW5nQ29udGV4dDJEOjp+Q2FudmFzUmVuZGVyaW5nQ29udGV4dDJEKCkKICAgICAgICAgfQogICAg IH0KICNlbmRpZgorCisjaWYgRU5BQkxFKEFDQ0VMRVJBVEVEXzJEX0NBTlZBUykKKyAgICBpZiAo R3JhcGhpY3NDb250ZXh0KiBjID0gZHJhd2luZ0NvbnRleHQoKSkKKyAgICAgICAgYy0+c2V0U2hh cmVkR3JhcGhpY3NDb250ZXh0M0QoMCwgMCwgSW50U2l6ZSgpKTsKKyNlbmRpZgogfQogCiBib29s IENhbnZhc1JlbmRlcmluZ0NvbnRleHQyRDo6aXNBY2NlbGVyYXRlZCgpIGNvbnN0Cg==