Bug 105880
| Summary: | ASSERTION FAILED: cur || !toRenderInline(prev)->continuation() in WebCore::endOfContinuations() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bdakin, cfleizach, dmazzoni, eric, esprehn, inferno, jchaffraix, mitz, rniwa, thorton |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Chris Dumez
We sometimes hit the following assertion in WebCore::endOfContinuations(WebCore::RenderObject*):
crash log for WebProcess (pid <unknown>):
STDOUT: <empty>
STDERR: ASSERTION FAILED: cur || !toRenderInline(prev)->continuation()
STDERR: /home/buildslave-1/webkit-buildslave/efl-linux-64-debug-wk2/build/Source/WebCore/accessibility/AccessibilityRenderObject.cpp(279) : WebCore::RenderObject* WebCore::endOfContinuations(WebCore::RenderObject*)
STDERR: 1 0x7f4d0f2abf1f
STDERR: 2 0x7f4d0f2ac4e3 WebCore::AccessibilityRenderObject::nextSibling() const
STDERR: 3 0x7f4d0f29cbf2 WebCore::AccessibilityNodeObject::textUnderElement() const
STDERR: 4 0x7f4d0f2ad56f WebCore::AccessibilityRenderObject::textUnderElement() const
STDERR: 5 0x7f4d0f29cbb7 WebCore::AccessibilityNodeObject::textUnderElement() const
STDERR: 6 0x7f4d0f2ad56f WebCore::AccessibilityRenderObject::textUnderElement() const
STDERR: 7 0x7f4d0f29cbb7 WebCore::AccessibilityNodeObject::textUnderElement() const
STDERR: 8 0x7f4d0f2ad56f WebCore::AccessibilityRenderObject::textUnderElement() const
STDERR: 9 0x7f4d10689262 WebCore::AccessibilityObject::accessibilityPlatformIncludesObject() const
STDERR: 10 0x7f4d0f2aeef8 WebCore::AccessibilityRenderObject::accessibilityIsIgnoredBase() const
STDERR: 11 0x7f4d0f2aef3e WebCore::AccessibilityRenderObject::accessibilityIsIgnored() const
STDERR: 12 0x7f4d0f27cbc6 WebCore::AXObjectCache::childrenChanged(WebCore::AccessibilityObject*)
STDERR: 13 0x7f4d0f27cb49 WebCore::AXObjectCache::childrenChanged(WebCore::RenderObject*)
STDERR: 14 0x7f4d0fe03a14 WebCore::RenderObject::willBeDestroyed()
STDERR: 15 0x7f4d0fdd462c WebCore::RenderLayerModelObject::willBeDestroyed()
STDERR: 16 0x7f4d0fd305f0 WebCore::RenderBoxModelObject::willBeDestroyed()
STDERR: 17 0x7f4d0fd1073a WebCore::RenderBox::willBeDestroyed()
STDERR: 18 0x7f4d0fc9fe4c WebCore::RenderBlock::willBeDestroyed()
STDERR: 19 0x7f4d0fe042b9 WebCore::RenderObject::destroy()
STDERR: 20 0x7f4d0fd88ec1 WebCore::RenderInline::willBeDestroyed()
STDERR: 21 0x7f4d0fe042b9 WebCore::RenderObject::destroy()
STDERR: 22 0x7f4d0fe07464 WebCore::RenderObjectChildList::destroyLeftoverChildren()
STDERR: 23 0x7f4d0fd88e91 WebCore::RenderInline::willBeDestroyed()
STDERR: 24 0x7f4d0fe042b9 WebCore::RenderObject::destroy()
STDERR: 25 0x7f4d0fe04292 WebCore::RenderObject::destroyAndCleanupAnonymousWrappers()
STDERR: 26 0x7f4d0f57191e WebCore::Node::detach()
STDERR: 27 0x7f4d0f4a9b82 WebCore::ContainerNode::detach()
STDERR: 28 0x7f4d0f5284fa WebCore::Element::detach()
STDERR: 29 0x7f4d0f4a9150 WebCore::ContainerNode::removeChildren()
STDERR: 30 0x7f4d0f685745 WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&)
STDERR: 31 0x7f4d0f6e9442 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&)
At least the following test have been seen crashing sometimes:
fast/dom/Range/range-extract-contents.html
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Chris Dumez
Test skipped for EFL port in http://trac.webkit.org/changeset/138591.
Dominic Mazzoni
The best fix for this would be if EFL's accessibilityPlatformIncludesObject could avoid calling textUnderElement.
I made this change in cross-platform code in https://bugs.webkit.org/show_bug.cgi?id=104688
Note that accessibilityPlatformIncludesObject is an extremely hot function, so avoiding this computation should have performance benefits, too.
Dominic Mazzoni
Was this fixed by http://trac.webkit.org/changeset/140166 (bug https://bugs.webkit.org/show_bug.cgi?id=100688) by any chance?
Chris Dumez
(In reply to comment #3)
> Was this fixed by http://trac.webkit.org/changeset/140166 (bug https://bugs.webkit.org/show_bug.cgi?id=100688) by any chance?
Yes, it looks like it. At least, I cannot seem to reproduce the crashes locally anymore and I don't see the assertion on the bots either in recent builds.
I think we can close this and reopen later if it starts asserting on the bots again after we unskip those tests.
Thanks for notifying us!
Chris Dumez
I unskipped the tests in http://trac.webkit.org/changeset/140395. I'll watch the bots and make sure they don't hit the assertion still.