Bug 137772

Summary: ASSERTION FAILED: growthShare > 0 in WebCore::RenderGrid::distributeSpaceToTracks
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: Layout and RenderingAssignee: Sergio Villar Senin <svillar>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, esprehn+autocc, glenn, jfernandez, kling, kondapallykalyan, rego, rniwa, svillar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 60731, 116980    
Attachments:
Description Flags
Test case
none
Patch
none
Patch kling: review+

Renata Hodovan
Reported 2014-10-16 01:45:21 PDT
Created attachment 239939 [details] Test case The failing test case: <!DOCTYPE html> <style> * { display:-webkit-grid; -webkit-grid-column-start: span 86000; } </style> Backtrace: ASSERTION FAILED: growthShare > 0 ../../Source/WebCore/rendering/RenderGrid.cpp(650) : void WebCore::RenderGrid::distributeSpaceToTracks(WTF::Vector<WebCore::GridTrack*>&, WTF::Vector<long unsigned int>*, WebCore::RenderGrid::AccumulatorGetter, WebCore::RenderGrid::AccumulatorGrowFunction, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff99396700 (LWP 21734)] 0x00007fffedabe439 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007fffedabe439 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff398fca2 in WebCore::RenderGrid::distributeSpaceToTracks (this=0xacc680, tracks=..., growAboveMaxBreadthTrackIndexes=0x7fffffffbf40, trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction= (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:650 #2 0x00007ffff398f8e1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0xacc680, direction=WebCore::ForColumns, sizingData=..., gridItemWithSpan=..., filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff39930fa <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction= (WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff398ebb4 <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction= (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, growAboveMaxBreadthFilterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff3993282 <WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth() const>) at ../../Source/WebCore/rendering/RenderGrid.cpp:616 #3 0x00007ffff398f050 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0xacc680, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:572 #4 0x00007ffff398d7b9 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacc680, direction=WebCore::ForColumns, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:322 #5 0x00007ffff398d2b1 in WebCore::RenderGrid::computeIntrinsicLogicalWidths (this=0xacc680, minLogicalWidth=..., maxLogicalWidth=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:249 #6 0x00007ffff398d458 in WebCore::RenderGrid::computePreferredLogicalWidths (this=0xacc680) at ../../Source/WebCore/rendering/RenderGrid.cpp:275 #7 0x00007ffff39071d6 in WebCore::RenderBox::minPreferredLogicalWidth (this=0xacc680) at ../../Source/WebCore/rendering/RenderBox.cpp:997 #8 0x00007ffff398ec3f in WebCore::RenderGrid::minContentForChild (this=0xacaf30, child=..., direction=WebCore::ForColumns, columnTracks=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:510 #9 0x00007ffff398f774 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0xacaf30, direction=WebCore::ForColumns, sizingData=..., gridItemWithSpan=..., filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff39930fa <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction= (WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff398ebb4 <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction= (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, growAboveMaxBreadthFilterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff3993282 <WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth() const>) at ../../Source/WebCore/rendering/RenderGrid.cpp:607 #10 0x00007ffff398f050 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0xacaf30, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:572 #11 0x00007ffff398d7b9 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacaf30, direction=WebCore::ForColumns, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:322 #12 0x00007ffff398d527 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacaf30, direction=WebCore::ForColumns, sizingData=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:287 #13 0x00007ffff39917ae in WebCore::RenderGrid::layoutGridItems (this=0xacaf30) at ../../Source/WebCore/rendering/RenderGrid.cpp:905 #14 0x00007ffff398d0be in WebCore::RenderGrid::layoutBlock (this=0xacaf30, relayoutChildren=false) at ../../Source/WebCore/rendering/RenderGrid.cpp:219 #15 0x00007ffff38a9a37 in WebCore::RenderBlock::layout (this=0xacaf30) at ../../Source/WebCore/rendering/RenderBlock.cpp:949 #16 0x00007ffff38d5c84 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x791d50, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712 #17 0x00007ffff38d57a5 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x791d50, relayoutChildren=true, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633 #18 0x00007ffff38d4bc2 in WebCore::RenderBlockFlow::layoutBlock (this=0x791d50, relayoutChildren=true, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486 #19 0x00007ffff38a9a37 in WebCore::RenderBlock::layout (this=0x791d50) at ../../Source/WebCore/rendering/RenderBlock.cpp:949 #20 0x00007ffff3aa398f in WebCore::RenderView::layoutContent (this=0x791d50, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232 #21 0x00007ffff3aa405f in WebCore::RenderView::layout (this=0x791d50) at ../../Source/WebCore/rendering/RenderView.cpp:357 #22 0x00007ffff36114ff in WebCore::FrameView::layout (this=0x78e5b0, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1307 #23 0x00007ffff2fde1b3 in WebCore::Document::implicitClose (this=0x949d60) at ../../Source/WebCore/dom/Document.cpp:2488 #24 0x00007ffff34c3383 in WebCore::FrameLoader::checkCallImplicitClose (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:898 #25 0x00007ffff34c30eb in WebCore::FrameLoader::checkCompleted (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:844 #26 0x00007ffff34c2e54 in WebCore::FrameLoader::finishedParsing (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:764 #27 0x00007ffff2fe6fbb in WebCore::Document::finishedParsing (this=0x949d60) at ../../Source/WebCore/dom/Document.cpp:4609 #28 0x00007ffff333f251 in WebCore::HTMLConstructionSite::finishedParsing (this=0xa8a248) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #29 0x00007ffff337d20f in WebCore::HTMLTreeBuilder::finished (this=0xa8a230) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2998 #30 0x00007ffff3347eb4 in WebCore::HTMLDocumentParser::end (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #31 0x00007ffff3347f9f in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #32 0x00007ffff3346a4d in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #33 0x00007ffff3347fe2 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #34 0x00007ffff3348099 in WebCore::HTMLDocumentParser::finish (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #35 0x00007ffff34b4c79 in WebCore::DocumentWriter::end (this=0xa1cfc0) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #36 0x00007ffff34a01c3 in WebCore::DocumentLoader::finishedLoading (this=0xa1cf20, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #37 0x00007ffff349ff2c in WebCore::DocumentLoader::notifyFinished (this=0xa1cf20, resource=0x9ba3f0) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #38 0x00007ffff3552478 in WebCore::CachedResource::checkNotify (this=0x9ba3f0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347 #39 0x00007ffff3552582 in WebCore::CachedResource::finishLoading (this=0x9ba3f0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363 #40 0x00007ffff354ee84 in WebCore::CachedRawResource::finishLoading (this=0x9ba3f0, data=0x9bb240) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101 #41 0x00007ffff35033b6 in WebCore::SubresourceLoader::didFinishLoading (this=0x9ba960, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:309 #42 0x00007ffff34ff025 in WebCore::ResourceLoader::didFinishLoading (this=0x9ba960, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:512 #43 0x00007ffff3e9baa9 in WebCore::readCallback (asyncResult=0x9801c0, data=0x9afdb0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1306 #44 0x00007fffeb8c37d6 in async_ready_callback_wrapper (source_object=0x9c7ad0, res=0x9801c0, user_data=user_data@entry=0x9afdb0) at ginputstream.c:523 #45 0x00007fffeb8e90d5 in g_task_return_now (task=0x9801c0) at gtask.c:1077 #46 0x00007fffeb8e90f9 in complete_in_idle_cb (task=0x9801c0) at gtask.c:1086 #47 0x00007fffeab28a2d in g_main_dispatch (context=0x677420) at gmain.c:3064 #48 g_main_context_dispatch (context=context@entry=0x677420) at gmain.c:3663 #49 0x00007fffeab28d98 in g_main_context_iterate (context=0x677420, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #50 0x00007fffeab2905a in g_main_loop_run (loop=0xaeb080) at gmain.c:3928 #51 0x00007ffff456e7de in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #52 0x00007ffff2a8a50e in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd998) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #53 0x00007ffff2a8a373 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd998) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #54 0x000000000040080d in main (argc=2, argv=0x7fffffffd998) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
Attachments
Test case (107 bytes, text/html)
2014-10-16 01:45 PDT, Renata Hodovan 		no flags
Details
Patch (4.59 KB, patch)
2014-10-17 01:36 PDT, Sergio Villar Senin 		no flags
DetailsFormatted DiffDiff
Patch (4.92 KB, patch)
2014-10-28 01:05 PDT, Sergio Villar Senin 		kling: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1 2014-10-16 07:16:40 PDT
Working on it.
Sergio Villar Senin
Comment 2 2014-10-17 01:36:43 PDT
Created attachment 240006 [details] Patch
Benjamin Poulain
Comment 3 2014-10-27 14:22:34 PDT
Comment on attachment 240006 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=240006&action=review Looks reasonable :) > Source/WebCore/rendering/RenderGrid.cpp:651 > + // We should never shrink any grid track or else we can't guarantee we abide by our min-sizing function. We > + // can still have 0 as growthShare if the amount of tracks greatly exceeds the availableLogicalSpace. The right way to do this kind of comment for an assertion is ASSERT_WITH_MESSAGE. > LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12 > + <div style="width: 1px; -webkit-grid-column-start: span 100;"></div> Let's increase test coverage. -Let's add multiple test covering big numbers: 100, 1000, 10000, etc -Let's cover width:0; and width:1px;
Sergio Villar Senin
Comment 4 2014-10-28 00:12:47 PDT
(In reply to comment #3) > Comment on attachment 240006 [details] > > LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12 > > + <div style="width: 1px; -webkit-grid-column-start: span 100;"></div> > > Let's increase test coverage. > -Let's add multiple test covering big numbers: 100, 1000, 10000, etc There is no different code path for those big numbers, once the difference between width and the number of tracks exceeds 2 orders of magnitude then the result is 0. Anyway it won't hurt. > -Let's cover width:0; and width:1px; The case of width: 0px was not intentionally added because in that case the function with the ASSERT won't ever be called.
Sergio Villar Senin
Comment 5 2014-10-28 01:02:21 PDT
(In reply to comment #4) > (In reply to comment #3) > > Comment on attachment 240006 [details] > > > LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12 > > > + <div style="width: 1px; -webkit-grid-column-start: span 100;"></div> > > > > Let's increase test coverage. > > -Let's add multiple test covering big numbers: 100, 1000, 10000, etc > > There is no different code path for those big numbers, once the difference > between width and the number of tracks exceeds 2 orders of magnitude then > the result is 0. Anyway it won't hurt. Actually it will :). The thing is that we avoid this kind of checks in Layout tests because they involve huge allocations that would make the test extremely slow. That's why I created a unit test to deal with this kind of things, it is waiting for a review :) (bug 136217).
Sergio Villar Senin
Comment 6 2014-10-28 01:05:24 PDT
Created attachment 240534 [details] Patch
Sergio Villar Senin
Comment 7 2014-10-28 08:45:53 PDT
(In reply to comment #6) > Created attachment 240534 [details] > Patch Beh, I'm sorry Benjamin, I did a webkit-patch upload instead of a webkit-patch land. Could you please reset the r+ ? thanks
Sergio Villar Senin
Comment 8 2014-10-29 01:30:41 PDT
Committed r175314: <http://trac.webkit.org/changeset/175314>
Note You need to log in before you can comment on or make changes to this bug.