Bug 132870

Summary:

ASSERTION FAILED: leftCategory != CalcOther && rightCategory != CalcOther in WebCore::CSSCalcBinaryOperation::createSimplified

Product:

WebKit

Reporter:

Martin Hodovan <mhodovan.u-szeged>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, darin, esprehn+autocc, giles_joplin, glenn, gyuyoung.kim, kling, krit, macpherson, menard, simon.fraser

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

134059

Bug Blocks:

Attachments:

Description	Flags
Proposed patch	none

Description Martin Hodovan 2014-05-13 08:49:09 PDT

The failing test case:

<style> 
* {
    width: calc(300hz/2);
}
</style>>


The output:

ASSERTION FAILED: leftCategory != CalcOther && rightCategory != CalcOther
/home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp(338) : static WTF::PassRefPtr<WebCore::CSSCalcExpressionNode> WebCore::CSSCalcBinaryOperation::createSimplified(WebCore::CalcOperator, WTF::PassRefPtr<WebCore::CSSCalcExpressionNode>, WTF::PassRefPtr<WebCore::CSSCalcExpressionNode>)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff92d86700 (LWP 24135)]
0x00007ffff583cd31 in WTFCrash () at /home/martin/Data/WebKit/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;


The backtrace:

#1  0x00007ffff0bda29f in WebCore::CSSCalcBinaryOperation::createSimplified (op=WebCore::CalcDivide, leftSide=..., rightSide=...)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:338
#2  0x00007ffff0bdb856 in WebCore::CSSCalcExpressionNodeParser::parseValueMultiplicativeExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=2, index=0x7fffffff9e7c, 
    result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:618
#3  0x00007ffff0bdb9a5 in WebCore::CSSCalcExpressionNodeParser::parseAdditiveValueExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=1, index=0x7fffffff9e7c, 
    result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:632
#4  0x00007ffff0bdbb93 in WebCore::CSSCalcExpressionNodeParser::parseValueExpression (this=0x7fffffff9edf, tokens=0x6dce40, depth=0, index=0x7fffffff9e7c, 
    result=0x7fffffff9e80) at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:656
#5  0x00007ffff0bdb3b0 in WebCore::CSSCalcExpressionNodeParser::parseCalc (this=0x7fffffff9edf, tokens=0x6dce40)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:541
#6  0x00007ffff0bd9047 in WebCore::CSSCalcValue::create (name=..., parserValueList=..., range=WebCore::CalculationRangeNonNegative)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSCalculationValue.cpp:727
#7  0x00007ffff0c64d65 in WebCore::CSSParser::parseCalculation (this=0x7fffffffbe70, value=0x6dcf18, range=WebCore::CalculationRangeNonNegative)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:9646
#8  0x00007ffff0c468b4 in WebCore::CSSParser::validCalculationUnit (this=0x7fffffffbe70, value=0x6dcf18, 
    unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1556
#9  0x00007ffff0c46ad7 in WebCore::CSSParser::validUnit (this=0x7fffffffbe70, value=0x6dcf18, 
    unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), cssParserMode=WebCore::CSSQuirksMode, 
    releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1599
#10 0x00007ffff0c6dac0 in WebCore::CSSParser::validUnit (this=0x7fffffffbe70, value=0x6dcf18, 
    unitflags=(WebCore::CSSParser::FPercent | WebCore::CSSParser::FLength | WebCore::CSSParser::FNonNeg), releaseCalc=WebCore::CSSParser::DoNotReleaseParsedCalcValue)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.h:617
#11 0x00007ffff0c46de0 in WebCore::CSSParser::validWidth (this=0x7fffffffbe70, value=0x6dcf18) at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:1705
#12 0x00007ffff0c487a2 in WebCore::CSSParser::parseValue (this=0x7fffffffbe70, propId=WebCore::CSSPropertyWidth, important=false)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:2150
#13 0x00007ffff1bd9d58 in cssyyparse (parser=0x7fffffffbe70) at /home/martin/Data/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/CSSGrammar.y:1054
#14 0x00007ffff0c43582 in WebCore::CSSParser::parseSheet (this=0x7fffffffbe70, sheet=0x6dc9c0, string=..., startLineNumber=6, ruleSourceDataResult=0x0, logErrors=true)
    at /home/martin/Data/WebKit/Source/WebCore/css/CSSParser.cpp:438
#15 0x00007ffff0d69913 in WebCore::StyleSheetContents::parseStringAtLine (this=0x6dc9c0, sheetText=..., startLineNumber=6, createdByParser=true)
    at /home/martin/Data/WebKit/Source/WebCore/css/StyleSheetContents.cpp:326
#16 0x00007ffff0e4a6e0 in WebCore::InlineStyleSheetOwner::createSheet (this=0x6db658, element=..., text=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:147
#17 0x00007ffff0e4a198 in WebCore::InlineStyleSheetOwner::createSheetFromTextContents (this=0x6db658, element=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:97
#18 0x00007ffff0e4a155 in WebCore::InlineStyleSheetOwner::finishParsingChildren (this=0x6db658, element=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/InlineStyleSheetOwner.cpp:91
#19 0x00007ffff1042c25 in WebCore::HTMLStyleElement::finishParsingChildren (this=0x6db5f0) at /home/martin/Data/WebKit/Source/WebCore/html/HTMLStyleElement.cpp:90
#20 0x00007ffff10e3ab6 in WebCore::HTMLElementStack::popCommon (this=0x6d1368) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLElementStack.cpp:578
#21 0x00007ffff10e24da in WebCore::HTMLElementStack::pop (this=0x6d1368) at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLElementStack.cpp:214
#22 0x00007ffff110a4fd in WebCore::HTMLTreeBuilder::processEndTag (this=0x6d1330, token=0x7fffffffd2a0)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2179
#23 0x00007ffff1100cf4 in WebCore::HTMLTreeBuilder::processToken (this=0x6d1330, token=0x7fffffffd2a0)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:386
#24 0x00007ffff1100b06 in WebCore::HTMLTreeBuilder::constructTree (this=0x6d1330, token=0x7fffffffd2a0)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:354
#25 0x00007ffff10dbd60 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x6f48c0, rawToken=...)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352
#26 0x00007ffff10db9e7 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x6f48c0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309
#27 0x00007ffff10db1ed in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x6f48c0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189
#28 0x00007ffff10dc2a7 in WebCore::HTMLDocumentParser::append (this=0x6f48c0, inputSource=...)
    at /home/martin/Data/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428
#29 0x00007ffff0dbf43d in WebCore::DecodedDataDocumentParser::flush (this=0x6f48c0, writer=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#30 0x00007ffff12298c7 in WebCore::DocumentWriter::end (this=0x766dd0) at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentWriter.cpp:245
#31 0x00007ffff1214229 in WebCore::DocumentLoader::finishedLoading (this=0x766d30, finishTime=0) at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentLoader.cpp:440
#32 0x00007ffff1213f92 in WebCore::DocumentLoader::notifyFinished (this=0x766d30, resource=0x7812e0)
    at /home/martin/Data/WebKit/Source/WebCore/loader/DocumentLoader.cpp:374
#33 0x00007ffff12bf300 in WebCore::CachedResource::checkNotify (this=0x7812e0) at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:332
#34 0x00007ffff12bf3de in WebCore::CachedResource::finishLoading (this=0x7812e0) at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:348
#35 0x00007ffff12bc0da in WebCore::CachedRawResource::finishLoading (this=0x7812e0, data=0x76b7e0)
    at /home/martin/Data/WebKit/Source/WebCore/loader/cache/CachedRawResource.cpp:97
#36 0x00007ffff12743e8 in WebCore::SubresourceLoader::didFinishLoading (this=0x781820, finishTime=0)
    at /home/martin/Data/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:310
#37 0x00007ffff12706fb in WebCore::ResourceLoader::didFinishLoading (this=0x781820, finishTime=0) at /home/martin/Data/WebKit/Source/WebCore/loader/ResourceLoader.cpp:510
#38 0x00007ffff1b55071 in WebCore::readCallback (asyncResult=0x7851e0, data=0x781c40)
    at /home/martin/Data/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1333
#39 0x00007fffec2d3aaa in async_ready_callback_wrapper (source_object=0x66ddb0, res=0x7851e0, user_data=0x781c40) at ginputstream.c:519
#40 0x00007fffec2f347b in g_task_return_now (task=0x7851e0) at gtask.c:1108
#41 0x00007fffec2f3499 in complete_in_idle_cb (task=0x7851e0) at gtask.c:1117
#42 0x00007fffebd43536 in g_main_dispatch (context=0x6691a0) at gmain.c:3065
#43 g_main_context_dispatch (context=context@entry=0x6691a0) at gmain.c:3641
#44 0x00007fffed024708 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffda10, rfds=0x7fffffffd990, ecore_fds=8, 
    ctx=<optimized out>) at ecore_glib.c:171
#45 _ecore_glib_select (ecore_fds=8, rfds=0x7fffffffd990, wfds=0x7fffffffda10, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205
#46 0x00007fffed01eb37 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#47 0x00007fffed01f6c5 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1894
#48 0x00007fffed01f9c7 in ecore_main_loop_begin () at ecore_main.c:956
#49 0x00007ffff7655ea7 in WTF::RunLoop::run () at /home/martin/Data/WebKit/Source/WTF/wtf/efl/RunLoopEfl.cpp:51
#50 0x00007ffff75dd989 in WebKit::WebProcessMainEfl (argc=2, argv=0x7fffffffde98) at /home/martin/Data/WebKit/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:126
#51 0x0000000000400840 in main (argc=2, argv=0x7fffffffde98) at /home/martin/Data/WebKit/Source/WebKit2/efl/MainEfl.cpp:30

Comment 1 Martin Hodovan 2014-05-13 08:57:01 PDT

Created attachment 231384 [details]
Proposed patch

Comment 2 Darin Adler 2014-05-13 09:38:02 PDT

Comment on attachment 231384 [details]
Proposed patch

View in context: https://bugs.webkit.org/attachment.cgi?id=231384&action=review

> LayoutTests/ChangeLog:8
> +        Added test contains calc() expressions with angle, time and frequency values,
> +        covering all the newly introduced unit types, each of which used to fail. 

But it doesn’t cover adding or subtracting combinations of these unit types, and the patch adds code to handle that.

It doesn’t cover the behavior either. Need much more test coverage.

I’d also like to see tests covering serialization of these kinds of style rules.

Comment 3 WebKit Commit Bot 2014-05-13 10:09:13 PDT

Comment on attachment 231384 [details]
Proposed patch

Clearing flags on attachment: 231384

Committed r168685: <http://trac.webkit.org/changeset/168685>

Comment 4 WebKit Commit Bot 2014-05-13 10:09:18 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Simon Fraser (smfr) 2014-06-20 08:28:19 PDT

This caused bug 134059.