61964 2011-06-02 14:34:33 -0700 Microsoft IE fishtank demo causes assertion in RenderLayer::convertToLayerCoords 2012-02-23 12:46:19 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED http://ie.microsoft.com/testdrive/Performance/FishBowl/Default.html P2 Normal --- 1 enne alokp jamesr simon.fraser webkit.review.bot oldest_to_newest 414444 0 enne 2011-06-02 14:34:33 -0700 This assert reproduces consistently in Chromium. It doesn't happen in Safari. Opening the page quickly hits the ASSERT(fixedPositionContainerLayer) line in RenderLayer.cpp:1139. For what it's worth foundAncestor is true in the loop above, there was just no fixed position container layer found. I don't know enough about this bit of WebKit to know what the implications of this assertion are or how to fix it. Here's a callstack: #0 0x00007ffff513998d in WebCore::RenderLayer::convertToLayerCoords (this=0x7fffe58d5b18, ancestorLayer=0x7fffe58cc178, location=...) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1139 #1 0x00007ffff515862e in WebCore::RenderLayerCompositor::layerWillBeRemoved (this=0x7ffff7ecc3c0, parent=0x7fffe58cc178, child=0x7fffe58d5b18) at third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:531 #2 0x00007ffff5139319 in WebCore::RenderLayer::removeChild (this=0x7fffe58cc178, oldChild=0x7fffe58d5b18) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1016 #3 0x00007ffff51395ac in WebCore::RenderLayer::removeOnlyThisLayer (this=0x7fffe58cc178) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1078 #4 0x00007ffff50fff28 in WebCore::RenderBoxModelObject::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBoxModelObject.cpp:361 #5 0x00007ffff50edd90 in WebCore::RenderBox::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBox.cpp:285 #6 0x00007ffff50a1381 in WebCore::RenderBlock::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBlock.cpp:229 #7 0x00007ffff517caba in WebCore::RenderObject::setStyle (this=0x7fffe58e1288, style=...) at third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:1630 #8 0x00007ffff517c3db in WebCore::RenderObject::setAnimatableStyle (this=0x7fffe58e1288, style=...) at third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:1543 #9 0x00007ffff4bb384b in WebCore::Node::setRenderStyle (this=0x7ffff7f0f1b0, s=...) at third_party/WebKit/Source/WebCore/dom/Node.cpp:1479 #10 0x00007ffff4b8da25 in WebCore::Element::recalcStyle (this=0x7ffff7f0f1b0, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Element.cpp:1146 #11 0x00007ffff4b8ddd6 in WebCore::Element::recalcStyle (this=0x7fffe5d30400, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Element.cpp:1180 #12 0x00007ffff4b49624 in WebCore::Document::recalcStyle (this=0x7fffe5d12800, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Document.cpp:1533 #13 0x00007ffff4b49997 in WebCore::Document::updateStyleIfNeeded (this=0x7fffe5d12800) at third_party/WebKit/Source/WebCore/dom/Document.cpp:1586 #14 0x00007ffff528b31c in WebCore::CanvasRenderingContext2D::accessFont (this=0x7fffbdb98000) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:2023 #15 0x00007ffff528ada2 in WebCore::CanvasRenderingContext2D::drawTextInternal (this=0x7fffbdb98000, text=..., x=107.5, y=89.9199982, fill=true) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1904 #16 0x00007ffff528aae5 in WebCore::CanvasRenderingContext2D::fillText (this=0x7fffbdb98000, text=..., x=107.5, y=89.9199982) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1857 #17 0x00007ffff57d1780 in WebCore::CanvasRenderingContext2DInternal::fillTextCallback (args=...) at ninja/gen/webcore/bindings/V8CanvasRenderingContext2D.cpp:633 #18 0x00007ffff32c3ecc in v8::internal::HandleApiCallHelper<false> (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1105 #19 0x00007ffff32bec5a in v8::internal::Builtin_Impl_HandleApiCall (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1122 #20 0x00007ffff32bec2b in v8::internal::Builtin_HandleApiCall (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1121 539000 1 123186 alokp 2012-01-19 13:48:55 -0800 Created attachment 123186 proposed patch I ran into this bug when investigating the performance issues with the demo. The attached patch seems to fix the issue but I am not sure if this is the correct fix as I am not very familiar with this code. If the patch looks reasonable I can try to add a test and land it. 539067 2 123186 simon.fraser 2012-01-19 15:11:07 -0800 Comment on attachment 123186 proposed patch If the assertion is chromium-only, why does this need a change that affects all platforms? I suspect this may regress the bug fixed by http://trac.webkit.org/changeset/85586 539086 3 alokp 2012-01-19 15:32:26 -0800 (In reply to comment #2) > (From update of attachment 123186 [details]) > If the assertion is chromium-only, why does this need a change that affects all platforms? I suspect this may regress the bug fixed by http://trac.webkit.org/changeset/85586 It did not seem like a chromium-only assertion. At least I did not notice any chromium-specific stuff in the call stack. Would you mind verifying it in Safari? 539099 4 simon.fraser 2012-01-19 15:40:09 -0800 Ah, it does assert in Safari too. 557567 5 123186 jamesr 2012-02-15 14:43:11 -0800 Comment on attachment 123186 proposed patch Looks good, R=me 557572 6 simon.fraser 2012-02-15 14:45:29 -0800 Did you test that this doesn't regress http://trac.webkit.org/changeset/85586 ? 557577 7 jamesr 2012-02-15 14:47:43 -0800 Alok - can you run https://bugs.webkit.org/show_bug.cgi?id=78401 with ASAN a few times and see if this changes anything before landing? 557582 8 jamesr 2012-02-15 14:48:04 -0800 (In reply to comment #7) > Alok - can you run https://bugs.webkit.org/show_bug.cgi?id=78401 with ASAN a few times and see if this changes anything before landing? Copy-paste fail, I meant can you run fast/reflections/remove-reflection-crash.html 563335 9 alokp 2012-02-23 12:00:01 -0800 Ran with ASAN. Did not see any issues. 563374 10 123186 webkit.review.bot 2012-02-23 12:46:14 -0800 Comment on attachment 123186 proposed patch Clearing flags on attachment: 123186 Committed r108659: <http://trac.webkit.org/changeset/108659> 563375 11 webkit.review.bot 2012-02-23 12:46:19 -0800 All reviewed patches have been landed. Closing bug. 123186 2012-01-19 13:48:55 -0800 2012-02-23 12:46:14 -0800 proposed patch 61964.patch text/plain 2889 alokp SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEwNTQ0MCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBACisyMDEyLTAxLTE5ICBBbG9rIFBy aXlhZGFyc2hpICA8YWxva3BAY2hyb21pdW0ub3JnPgorCisgICAgICAgIE1pY3Jvc29mdCBJRSBm aXNodGFuayBkZW1vIGNhdXNlcyBhc3NlcnRpb24gaW4gUmVuZGVyTGF5ZXI6OmNvbnZlcnRUb0xh eWVyQ29vcmRzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD02MTk2NAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorICAgICAgICAK KyAgICAgICAgVGhlIGFzc2VydGlvbiBpcyBjYXVzZWQgd2l0aCB0aGUgZm9sbG93aW5nIGNhbGxz dGFjazoKKyAgICAgICAgV2ViQ29yZTo6UmVuZGVyTGF5ZXI6OmNvbnZlcnRUb0xheWVyQ29vcmRz CisgICAgICAgIFdlYkNvcmU6OlJlbmRlckxheWVyQ29tcG9zaXRvcjo6bGF5ZXJXaWxsQmVSZW1v dmVkCisgICAgICAgIFdlYkNvcmU6OlJlbmRlckxheWVyOjpyZW1vdmVDaGlsZAorICAgICAgICBX ZWJDb3JlOjpSZW5kZXJMYXllcjo6cmVtb3ZlT25seVRoaXNMYXllcgorICAgICAgICAKKyAgICAg ICAgV2ViQ29yZTo6UmVuZGVyTGF5ZXI6OnJlbW92ZU9ubHlUaGlzTGF5ZXIgcmVtb3ZlcyBpdHNl bGYgZnJvbSB0aGUgcGFyZW50CisgICAgICAgIGJlZm9yZSBtb3ZpbmcgaXRzIGNoaWxkcmVuIHRv IGl0cyBwYXJlbnQuIFdoZW4gV2ViQ29yZTo6UmVuZGVyTGF5ZXI6OmNvbnZlcnRUb0xheWVyQ29v cmRzCisgICAgICAgIGlzIGNhbGxlZCBmb3Igb25lIG9mIHRoZSBjaGlsZHJlbiwgaXQgdHJpZXMg dG8gd2FsayB0byByb290IG9ubHkgdG8gc3RvcCBhdCB0aGUgaW1tZWRpYXRlCisgICAgICAgIHBh cmVudCB3aGljaCB3YXMgZGlzY29ubmVjdGVkIGZyb20gdGhlIHRyZWUgaW4gV2ViQ29yZTo6UmVu ZGVyTGF5ZXI6OnJlbW92ZU9ubHlUaGlzTGF5ZXIuCisgICAgICAgIElmIHJlbW92YWwgb2YgbGF5 ZXIgaXMgZGVsYXllZCB1bnRpbCB0aGUgY2hpbGRyZW4gaGFzIGJlZW4gbW92ZWQsIHRoZSBBU1NF UlQgaXMgYXZvaWRlZC4KKworICAgICAgICAqIHJlbmRlcmluZy9SZW5kZXJMYXllci5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpSZW5kZXJMYXllcjo6cmVtb3ZlT25seVRoaXNMYXllcik6CisKIDIw MTItMDEtMTkgIEFuZHJlYXMgS2xpbmcgIDxhd2Vzb21la2xpbmdAYXBwbGUuY29tPgogCiAgICAg ICAgIFVucmV2aWV3ZWQgZGVidWcgYnVpbGQgZml4LgpJbmRleDogU291cmNlL1dlYkNvcmUvcmVu ZGVyaW5nL1JlbmRlckxheWVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9yZW5k ZXJpbmcvUmVuZGVyTGF5ZXIuY3BwCShyZXZpc2lvbiAxMDU0MTYpCisrKyBTb3VyY2UvV2ViQ29y ZS9yZW5kZXJpbmcvUmVuZGVyTGF5ZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xMTgzLDIyICsx MTgzLDE2IEBAIHZvaWQgUmVuZGVyTGF5ZXI6OnJlbW92ZU9ubHlUaGlzTGF5ZXIoKQogICAgIC8v IERpcnR5IHRoZSBjbGlwIHJlY3RzLgogICAgIGNsZWFyQ2xpcFJlY3RzSW5jbHVkaW5nRGVzY2Vu ZGFudHMoKTsKIAotICAgIC8vIFJlbW92ZSB1cyBmcm9tIHRoZSBwYXJlbnQuCi0gICAgUmVuZGVy TGF5ZXIqIHBhcmVudCA9IG1fcGFyZW50OwogICAgIFJlbmRlckxheWVyKiBuZXh0U2liID0gbmV4 dFNpYmxpbmcoKTsKICAgICBib29sIGhhc0xheWVyT2Zmc2V0OwogICAgIGNvbnN0IExheW91dFBv aW50IG9mZnNldEZyb21Sb290QmVmb3JlTW92ZSA9IGNvbXB1dGVPZmZzZXRGcm9tUm9vdChoYXNM YXllck9mZnNldCk7Ci0gICAgcGFyZW50LT5yZW1vdmVDaGlsZCh0aGlzKTsKLSAgICAKLSAgICBp ZiAocmVmbGVjdGlvbigpKQotICAgICAgICByZW1vdmVDaGlsZChyZWZsZWN0aW9uTGF5ZXIoKSk7 CiAKICAgICAvLyBOb3cgd2FsayBvdXIga2lkcyBhbmQgcmVhdHRhY2ggdGhlbSB0byBvdXIgcGFy ZW50LgogICAgIFJlbmRlckxheWVyKiBjdXJyZW50ID0gbV9maXJzdDsKICAgICB3aGlsZSAoY3Vy cmVudCkgewogICAgICAgICBSZW5kZXJMYXllciogbmV4dCA9IGN1cnJlbnQtPm5leHRTaWJsaW5n KCk7CiAgICAgICAgIHJlbW92ZUNoaWxkKGN1cnJlbnQpOwotICAgICAgICBwYXJlbnQtPmFkZENo aWxkKGN1cnJlbnQsIG5leHRTaWIpOworICAgICAgICBtX3BhcmVudC0+YWRkQ2hpbGQoY3VycmVu dCwgbmV4dFNpYik7CiAgICAgICAgIGN1cnJlbnQtPnNldFJlcGFpbnRTdGF0dXMoTmVlZHNGdWxs UmVwYWludCk7CiAgICAgICAgIExheW91dFBvaW50IG9mZnNldEZyb21Sb290ID0gb2Zmc2V0RnJv bVJvb3RCZWZvcmVNb3ZlOwogICAgICAgICAvLyB1cGRhdGVMYXllclBvc2l0aW9ucyBkZXBlbmRz IG9uIGhhc0xheWVyKCkgYWxyZWFkeSBiZWluZyBmYWxzZSBmb3IgcHJvcGVyIGxheW91dC4KQEAg LTEyMDcsNiArMTIwMSwxMSBAQCB2b2lkIFJlbmRlckxheWVyOjpyZW1vdmVPbmx5VGhpc0xheWVy KCkKICAgICAgICAgY3VycmVudCA9IG5leHQ7CiAgICAgfQogCisgICAgLy8gUmVtb3ZlIHVzIGZy b20gdGhlIHBhcmVudC4KKyAgICBpZiAocmVmbGVjdGlvbigpKQorICAgICAgICByZW1vdmVDaGls ZChyZWZsZWN0aW9uTGF5ZXIoKSk7CisgICAgbV9wYXJlbnQtPnJlbW92ZUNoaWxkKHRoaXMpOwor CiAgICAgbV9yZW5kZXJlci0+ZGVzdHJveUxheWVyKCk7CiB9CiAK