Bug 137772

Summary: ASSERTION FAILED: growthShare > 0 in WebCore::RenderGrid::distributeSpaceToTracks
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: Layout and RenderingAssignee: Sergio Villar Senin <svillar>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, esprehn+autocc, glenn, jfernandez, kling, kondapallykalyan, rego, rniwa, svillar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 60731, 116980    
Attachments:
Description Flags
Test case
none
Patch
none
Patch kling: review+

Description Renata Hodovan 2014-10-16 01:45:21 PDT 
Created attachment 239939 [details]
Test case

The failing test case:

<!DOCTYPE html>
<style>
* {
    display:-webkit-grid;
    -webkit-grid-column-start: span 86000;
}
</style>


Backtrace:


ASSERTION FAILED: growthShare > 0
../../Source/WebCore/rendering/RenderGrid.cpp(650) : void WebCore::RenderGrid::distributeSpaceToTracks(WTF::Vector<WebCore::GridTrack*>&, WTF::Vector<long unsigned int>*, WebCore::RenderGrid::AccumulatorGetter, WebCore::RenderGrid::AccumulatorGrowFunction, WebCore::RenderGrid::GridSizingData&, WebCore::LayoutUnit&)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff99396700 (LWP 21734)]
0x00007fffedabe439 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007fffedabe439 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff398fca2 in WebCore::RenderGrid::distributeSpaceToTracks (this=0xacc680, tracks=..., growAboveMaxBreadthTrackIndexes=0x7fffffffbf40, 
    trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction=
    (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, sizingData=..., availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:650
#2  0x00007ffff398f8e1 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0xacc680, direction=WebCore::ForColumns, 
    sizingData=..., gridItemWithSpan=..., 
    filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff39930fa <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction=
    (WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff398ebb4 <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, 
    trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction=
    (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, 
    growAboveMaxBreadthFilterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff3993282 <WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth() const>) at ../../Source/WebCore/rendering/RenderGrid.cpp:616
#3  0x00007ffff398f050 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0xacc680, direction=WebCore::ForColumns, sizingData=...)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:572
#4  0x00007ffff398d7b9 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacc680, direction=WebCore::ForColumns, sizingData=..., 
    availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:322
#5  0x00007ffff398d2b1 in WebCore::RenderGrid::computeIntrinsicLogicalWidths (this=0xacc680, minLogicalWidth=..., maxLogicalWidth=...)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:249
#6  0x00007ffff398d458 in WebCore::RenderGrid::computePreferredLogicalWidths (this=0xacc680) at ../../Source/WebCore/rendering/RenderGrid.cpp:275
#7  0x00007ffff39071d6 in WebCore::RenderBox::minPreferredLogicalWidth (this=0xacc680) at ../../Source/WebCore/rendering/RenderBox.cpp:997
#8  0x00007ffff398ec3f in WebCore::RenderGrid::minContentForChild (this=0xacaf30, child=..., direction=WebCore::ForColumns, columnTracks=...)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:510
#9  0x00007ffff398f774 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems (this=0xacaf30, direction=WebCore::ForColumns, 
    sizingData=..., gridItemWithSpan=..., 
    filterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff39930fa <WebCore::GridTrackSize::hasMinOrMaxContentMinTrackBreadth() const>, sizingFunction=
    (WebCore::LayoutUnit (WebCore::RenderGrid::*)(WebCore::RenderGrid * const, WebCore::RenderBox &, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow> &)) 0x7ffff398ebb4 <WebCore::RenderGrid::minContentForChild(WebCore::RenderBox&, WebCore::GridTrackSizingDirection, WTF::Vector<WebCore::GridTrack, 0ul, WTF::CrashOnOverflow>&)>, 
    trackGetter=(WebCore::LayoutUnit (WebCore::GridTrack::*)(const WebCore::GridTrack * const)) 0x7ffff3993636 <WebCore::GridTrack::usedBreadth() const>, trackGrowthFunction=
    (void (WebCore::GridTrack::*)(WebCore::GridTrack * const, WebCore::LayoutUnit)) 0x7ffff39935d6 <WebCore::GridTrack::growUsedBreadth(WebCore::LayoutUnit)>, 
    growAboveMaxBreadthFilterFunction=(bool (WebCore::GridTrackSize::*)(const WebCore::GridTrackSize * const)) 0x7ffff3993282 <WebCore::GridTrackSize::hasMinContentMinTrackBreadthAndMinOrMaxContentMaxTrackBreadth() const>) at ../../Source/WebCore/rendering/RenderGrid.cpp:607
#10 0x00007ffff398f050 in WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions (this=0xacaf30, direction=WebCore::ForColumns, sizingData=...)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:572
#11 0x00007ffff398d7b9 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacaf30, direction=WebCore::ForColumns, sizingData=..., 
    availableLogicalSpace=...) at ../../Source/WebCore/rendering/RenderGrid.cpp:322
#12 0x00007ffff398d527 in WebCore::RenderGrid::computeUsedBreadthOfGridTracks (this=0xacaf30, direction=WebCore::ForColumns, sizingData=...)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:287
#13 0x00007ffff39917ae in WebCore::RenderGrid::layoutGridItems (this=0xacaf30) at ../../Source/WebCore/rendering/RenderGrid.cpp:905
#14 0x00007ffff398d0be in WebCore::RenderGrid::layoutBlock (this=0xacaf30, relayoutChildren=false)
    at ../../Source/WebCore/rendering/RenderGrid.cpp:219
#15 0x00007ffff38a9a37 in WebCore::RenderBlock::layout (this=0xacaf30) at ../../Source/WebCore/rendering/RenderBlock.cpp:949
#16 0x00007ffff38d5c84 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x791d50, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712
#17 0x00007ffff38d57a5 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x791d50, relayoutChildren=true, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633
#18 0x00007ffff38d4bc2 in WebCore::RenderBlockFlow::layoutBlock (this=0x791d50, relayoutChildren=true, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486
#19 0x00007ffff38a9a37 in WebCore::RenderBlock::layout (this=0x791d50) at ../../Source/WebCore/rendering/RenderBlock.cpp:949
#20 0x00007ffff3aa398f in WebCore::RenderView::layoutContent (this=0x791d50, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:232
#21 0x00007ffff3aa405f in WebCore::RenderView::layout (this=0x791d50) at ../../Source/WebCore/rendering/RenderView.cpp:357
#22 0x00007ffff36114ff in WebCore::FrameView::layout (this=0x78e5b0, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1307
#23 0x00007ffff2fde1b3 in WebCore::Document::implicitClose (this=0x949d60) at ../../Source/WebCore/dom/Document.cpp:2488
#24 0x00007ffff34c3383 in WebCore::FrameLoader::checkCallImplicitClose (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:898
#25 0x00007ffff34c30eb in WebCore::FrameLoader::checkCompleted (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:844
#26 0x00007ffff34c2e54 in WebCore::FrameLoader::finishedParsing (this=0x945de8) at ../../Source/WebCore/loader/FrameLoader.cpp:764
#27 0x00007ffff2fe6fbb in WebCore::Document::finishedParsing (this=0x949d60) at ../../Source/WebCore/dom/Document.cpp:4609
#28 0x00007ffff333f251 in WebCore::HTMLConstructionSite::finishedParsing (this=0xa8a248)
    at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#29 0x00007ffff337d20f in WebCore::HTMLTreeBuilder::finished (this=0xa8a230) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2998
#30 0x00007ffff3347eb4 in WebCore::HTMLDocumentParser::end (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#31 0x00007ffff3347f9f in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x981c20)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#32 0x00007ffff3346a4d in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x981c20)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#33 0x00007ffff3347fe2 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#34 0x00007ffff3348099 in WebCore::HTMLDocumentParser::finish (this=0x981c20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#35 0x00007ffff34b4c79 in WebCore::DocumentWriter::end (this=0xa1cfc0) at ../../Source/WebCore/loader/DocumentWriter.cpp:246
#36 0x00007ffff34a01c3 in WebCore::DocumentLoader::finishedLoading (this=0xa1cf20, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441
#37 0x00007ffff349ff2c in WebCore::DocumentLoader::notifyFinished (this=0xa1cf20, resource=0x9ba3f0)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:375
#38 0x00007ffff3552478 in WebCore::CachedResource::checkNotify (this=0x9ba3f0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347
#39 0x00007ffff3552582 in WebCore::CachedResource::finishLoading (this=0x9ba3f0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363
#40 0x00007ffff354ee84 in WebCore::CachedRawResource::finishLoading (this=0x9ba3f0, data=0x9bb240)
    at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101
#41 0x00007ffff35033b6 in WebCore::SubresourceLoader::didFinishLoading (this=0x9ba960, finishTime=0)
    at ../../Source/WebCore/loader/SubresourceLoader.cpp:309
#42 0x00007ffff34ff025 in WebCore::ResourceLoader::didFinishLoading (this=0x9ba960, finishTime=0)
    at ../../Source/WebCore/loader/ResourceLoader.cpp:512
#43 0x00007ffff3e9baa9 in WebCore::readCallback (asyncResult=0x9801c0, data=0x9afdb0)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1306
#44 0x00007fffeb8c37d6 in async_ready_callback_wrapper (source_object=0x9c7ad0, res=0x9801c0, user_data=user_data@entry=0x9afdb0)
    at ginputstream.c:523
#45 0x00007fffeb8e90d5 in g_task_return_now (task=0x9801c0) at gtask.c:1077
#46 0x00007fffeb8e90f9 in complete_in_idle_cb (task=0x9801c0) at gtask.c:1086
#47 0x00007fffeab28a2d in g_main_dispatch (context=0x677420) at gmain.c:3064
#48 g_main_context_dispatch (context=context@entry=0x677420) at gmain.c:3663
#49 0x00007fffeab28d98 in g_main_context_iterate (context=0x677420, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3734
#50 0x00007fffeab2905a in g_main_loop_run (loop=0xaeb080) at gmain.c:3928
#51 0x00007ffff456e7de in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#52 0x00007ffff2a8a50e in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd998)
    at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#53 0x00007ffff2a8a373 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd998) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#54 0x000000000040080d in main (argc=2, argv=0x7fffffffd998) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
Comment 1 Sergio Villar Senin 2014-10-16 07:16:40 PDT 
Working on it.
Comment 2 Sergio Villar Senin 2014-10-17 01:36:43 PDT 
Created attachment 240006 [details]
Patch
Comment 3 Benjamin Poulain 2014-10-27 14:22:34 PDT 
Comment on attachment 240006 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=240006&action=review

Looks reasonable :)

> Source/WebCore/rendering/RenderGrid.cpp:651
> +            // We should never shrink any grid track or else we can't guarantee we abide by our min-sizing function. We
> +            // can still have 0 as growthShare if the amount of tracks greatly exceeds the availableLogicalSpace.

The right way to do this kind of comment for an assertion is ASSERT_WITH_MESSAGE.

> LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12
> +	<div style="width: 1px; -webkit-grid-column-start: span 100;"></div>

Let's increase test coverage.
-Let's add multiple test covering big numbers: 100, 1000, 10000, etc
-Let's cover width:0; and width:1px;
Comment 4 Sergio Villar Senin 2014-10-28 00:12:47 PDT 
(In reply to comment #3)
> Comment on attachment 240006 [details]
> > LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12
> > +	<div style="width: 1px; -webkit-grid-column-start: span 100;"></div>
> 
> Let's increase test coverage.
> -Let's add multiple test covering big numbers: 100, 1000, 10000, etc

There is no different code path for those big numbers, once the difference between width and the number of tracks exceeds 2 orders of magnitude then the result is 0. Anyway it won't hurt.

> -Let's cover width:0; and width:1px;

The case of width: 0px was not intentionally added because in that case the function with the ASSERT won't ever be called.
Comment 5 Sergio Villar Senin 2014-10-28 01:02:21 PDT 
(In reply to comment #4)
> (In reply to comment #3)
> > Comment on attachment 240006 [details]
> > > LayoutTests/fast/css-grid-layout/tracks-number-greatly-exceeding-available-size-crash.html:12
> > > +	<div style="width: 1px; -webkit-grid-column-start: span 100;"></div>
> > 
> > Let's increase test coverage.
> > -Let's add multiple test covering big numbers: 100, 1000, 10000, etc
> 
> There is no different code path for those big numbers, once the difference
> between width and the number of tracks exceeds 2 orders of magnitude then
> the result is 0. Anyway it won't hurt.

Actually it will :). The thing is that we avoid this kind of checks in Layout tests because they involve huge allocations that would make the test extremely slow. That's why I created a unit test to deal with this kind of things, it is waiting for a review :) (bug 136217).
Comment 6 Sergio Villar Senin 2014-10-28 01:05:24 PDT 
Created attachment 240534 [details]
Patch
Comment 7 Sergio Villar Senin 2014-10-28 08:45:53 PDT 
(In reply to comment #6)
> Created attachment 240534 [details]
> Patch

Beh, I'm sorry Benjamin, I did a webkit-patch upload instead of a webkit-patch land. Could you please reset the r+ ? thanks
Comment 8 Sergio Villar Senin 2014-10-29 01:30:41 PDT 
Committed r175314: <http://trac.webkit.org/changeset/175314>