Bug 12251

Summary: REGRESSION (r18822-r18823): Assertion failure opening document with non-existent resources (dom/xhtml/level2/html/HTMLIFrameElement11.xhtml)
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: andersca, ap, aroben, mitz
Priority: P1 Keywords: LayoutTestFailure, Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Stack trace
none
Patch v1
darin: review-
Patch v2 darin: review+

David Kilzer (:ddkilzer)
Reported 2007-01-13 03:36:21 PST
In my locally-build debug build of WebKit r18824, dom/xhtml/level2/html/HTMLIFrameElement11.xhtml fails with an assertion error: ASSERTION FAILED: _private->identifierMap->contains(identifier) (/path/to/WebKit/WebKit/WebView/WebView.mm:3696 -[WebView(WebViewInternal) _objectForIdentifier:]) Segmentation fault
Attachments
Stack trace (8.85 KB, text/plain)
2007-01-13 03:38 PST, David Kilzer (:ddkilzer) 		no flags
Details
Patch v1 (1.66 KB, patch)
2007-01-14 05:06 PST, David Kilzer (:ddkilzer) 		darin: review-
DetailsFormatted DiffDiff
Patch v2 (1.34 KB, patch)
2007-01-14 08:43 PST, David Kilzer (:ddkilzer) 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-01-13 03:38:03 PST
Created attachment 12413 [details] Stack trace
David Kilzer (:ddkilzer)
Comment 2 2007-01-13 15:11:56 PST
Confirmed that this broke with r18822-18823.
Adam Roben (:aroben)
Comment 3 2007-01-13 20:16:32 PST
fast/frames/empty-frame-src.html is failing with the same assertion.
Adam Roben (:aroben)
Comment 4 2007-01-13 20:21:32 PST
fast/frames/frame-element-name.html also suffers
Adam Roben (:aroben)
Comment 5 2007-01-13 20:25:31 PST
And fast/frames/frame-js-url-clientWidth.html
Adam Roben (:aroben)
Comment 6 2007-01-13 20:32:46 PST
And fast/frames/frame-limit.html, fast/frames/frame-name-reset.html, fast/frames/frame-set-same-location.html, fast/frames/frame-set-same-src.html, fast/frames/frame-src-attribute.html, fast/frames/frameElement-frame.html, and probably many others.
David Kilzer (:ddkilzer)
Comment 7 2007-01-14 04:38:09 PST
(In reply to comment #0) > In my locally-build debug build of WebKit r18824, > dom/xhtml/level2/html/HTMLIFrameElement11.xhtml fails with an assertion error: The problem here is that HTMLIFrameElement11.xhtml references two files that don't exist via <iframe> tags. The assertion code added in r18822 trips because these files (resources) aren't found and thus aren't loaded. The solution is to add equivalent nil checks. What's more disconcerting is that both frame.xhtml and iframe.xhtml exist in the same directory as HTMLIFrameElement11.xhtml, but apparently that's what the actual test does as well: http://dev.w3.org/cvsweb/2001/DOM-Test-Suite/tests/level2/html/files/iframe2.html?rev=1.4 I have a patch to fix this.
David Kilzer (:ddkilzer)
Comment 8 2007-01-14 05:06:45 PST
Created attachment 12424 [details] Patch v1 This is the obvious fix--to do the equivalent nil checking when retrieving an object or removing it from the hash map. Not sure if the callers of these methods should be smarter about when they call them, e.g., after an attempt was made to load a resource that didn't exist. Running layout tests now; will report results when completed.
mitz
Comment 9 2007-01-14 05:21:07 PST
(In reply to comment #7) > The problem here is that HTMLIFrameElement11.xhtml references two files that > don't exist via <iframe> tags. The assertion code added in r18822 trips > because these files (resources) aren't found and thus aren't loaded. This isn't quite accurate. Loader items for the missing resources are created. The assertion trips because when the resource fails to load, FrameLoader::didFailToLoad() is invoked twice, once from ResourceLoader::didFail(), then another time from ResourceLoader::didCancel(). In the first time, the identifier is removed from the map. Thus in the second time, it's missing and the assretion fails.
Darin Adler
Comment 10 2007-01-14 06:03:10 PST
Comment on attachment 12424 [details] Patch v1 We definitely need to fix this! Can't have layout tests failing. But HashMap remove already has the behavior of removing it only if it's there, so no need for the contains call. And if the object that comes back from _objectForIdentifier is nil, then the caller needs to not send the notification. I think we should land a fixed-up version of this now. The real problem is that the loader is sending multiple "done loading" calls to the client for the same resource -- it can be fixed entirely on the WebCore side. But it's a complex job that we should do later. This approach is correct for now.
David Kilzer (:ddkilzer)
Comment 11 2007-01-14 08:37:51 PST
(In reply to comment #8) > Running layout tests now; will report results when completed. No new regressions with this change, but I had to call run-webkit-tests with these arguments to get the non-patched version to finish: ./Tools/Scripts/run-webkit-tests --ignore-tests dom/xhtml/level2/html/HTMLIFrameElement11.xhtml,fast/frames
David Kilzer (:ddkilzer)
Comment 12 2007-01-14 08:43:38 PST
Created attachment 12428 [details] Patch v2 Updated per Comment #10. Reran failing tests (dom/xhtml/level2/html/HTMLIFrameElement11.xhtml, fast/frames) and they still pass.
Darin Adler
Comment 13 2007-01-14 13:56:54 PST
Comment on attachment 12428 [details] Patch v2 Looks fine for a first cut. We need to follow through and make sure that we don't pass the nil object through to the delegate callbacks. But I think that can wait. r=me
David Kilzer (:ddkilzer)
Comment 14 2007-01-14 14:03:36 PST
(In reply to comment #13) > Looks fine for a first cut. We need to follow through and make sure that we > don't pass the nil object through to the delegate callbacks. But I think that > can wait. Anders mentioned that he's working on it in IRC today. Committed revision 18846.
Note You need to log in before you can comment on or make changes to this bug.