Bug 121892

Summary: Tie the life of DocumentStyleSheetCollection and Document together
Product: WebKit Reporter: Benjamin Poulain <benjamin>
Component: New BugsAssignee: Benjamin Poulain <benjamin>
Status: RESOLVED FIXED    
Severity: Normal CC: allan.jensen, cmarcelo, commit-queue, dbarton, esprehn+autocc, fred.wang, glenn, jer.noble, kangil.han, kling, kondapallykalyan, macpherson, menard, mrobinson, roger_fong
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch kling: review+

Benjamin Poulain
Reported 2013-09-24 21:51:22 PDT
Tie the life of DocumentStyleSheetCollection and Document together
Attachments
Patch (59.38 KB, patch)
2013-09-24 21:54 PDT, Benjamin Poulain 		kling: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2013-09-24 21:54:36 PDT
Created attachment 212535 [details] Patch
Andreas Kling
Comment 2 2013-09-25 12:28:04 PDT
Comment on attachment 212535 [details] Patch Great idea!
Benjamin Poulain
Comment 3 2013-09-25 14:13:09 PDT
Committed r156422: <http://trac.webkit.org/changeset/156422>
Roger Fong
Comment 4 2013-09-25 15:30:29 PDT
On the Windows debug tester the following assertion now fails: ASSERTION FAILED: documentInternal() c:\cygwin\home\buildbot\slave\win-debug\build\webkitbuild\debug\include\webcore\Node.h(403) : WebCore::Node::document See http://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r156423%20(54751)/results.html
Benjamin Poulain
Comment 5 2013-09-25 15:40:36 PDT
That's odd. Could you symbolicate one of the crash?
Jer Noble
Comment 6 2013-09-25 16:55:03 PDT
(In reply to comment #5) > That's odd. Could you symbolicate one of the crash? I'm hitting this very consistently. /Volumes/Users/jer/Projects/WebKit.git/OpenSource/Source/WebCore/dom/Node.h(403) : WebCore::Document &WebCore::Node::document() const 1 0x102e511b0 WTFCrash 2 0x10592b9c3 WebCore::Node::document() const 3 0x105cad2b1 WebCore::CSSStyleSheet::ownerDocument() const 4 0x105cad2f9 WebCore::CSSStyleSheet::clearOwnerNode() 5 0x105e1cb1b WebCore::DocumentStyleSheetCollection::~DocumentStyleSheetCollection() 6 0x105e1cac5 WebCore::DocumentStyleSheetCollection::~DocumentStyleSheetCollection() 7 0x105db1ddc WebCore::Document::~Document() 8 0x1061cea45 WebCore::HTMLDocument::~HTMLDocument() 9 0x1061ce915 WebCore::HTMLDocument::~HTMLDocument() 10 0x1061ce8e9 WebCore::HTMLDocument::~HTMLDocument() 11 0x1061ce93c non-virtual thunk to WebCore::HTMLDocument::~HTMLDocument() It looks like we're now referencing a node's document from the document's destructor. Seems bad.
Jer Noble
Comment 7 2013-09-25 16:58:26 PDT
Aha, now that it's a non-pointer member, we're destroying it after calling clearDocumentScope() rather than before. That causes the ASSERT we're seeing in Node::document().
Benjamin Poulain
Comment 8 2013-09-25 17:38:59 PDT
(In reply to comment #7) > Aha, now that it's a non-pointer member, we're destroying it after calling clearDocumentScope() rather than before. That causes the ASSERT we're seeing in Node::document(). I think CSSStyleSheet should not re-enter document at any point during destruction. I am trying something to that effect. It is building at the moment.
Benjamin Poulain
Comment 9 2013-09-25 18:18:38 PDT
Follow up: https://bugs.webkit.org/show_bug.cgi?id=121933
Note You need to log in before you can comment on or make changes to this bug.