Bug 142345

Summary:

REGRESSION(r180924): ASSERTION FAILED: !from.isEmpty() in WebCore::TransformationMatrix::rectToRect

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mrobinson, zan

Priority:

Keywords:

Gtk, Regression

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Updated patch	mrobinson: review+

Carlos Garcia Campos

Reported 2015-03-05 08:36:21 PST

It's causing a lot of crashes running the layout tests in the debug bot

Attachments
Patch (5.02 KB, patch) 2015-03-05 08:41 PST, Carlos Garcia Campos	no flags	Details Formatted Diff Diff
Updated patch (5.38 KB, patch) 2015-03-05 11:06 PST, Carlos Garcia Campos	mrobinson: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Carlos Garcia Campos

Comment 1 2015-03-05 08:41:14 PST

Created attachment 247954 [details] Patch

Martin Robinson

Comment 2 2015-03-05 09:07:11 PST

Do you mind pasting the stack trace here, so that I can better understand the failure?

Carlos Garcia Campos

Comment 3 2015-03-05 09:20:51 PST

03:14:52.682 25393 worker/1 animations/matrix-anim.html crashed, (stderr lines): 03:14:52.682 25393 ASSERTION FAILED: !from.isEmpty() 03:14:52.682 25393 ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp(1027) : static WebCore::TransformationMatrix WebCore::TransformationMatrix::rectToRect(const WebCore::FloatRect&, const WebCore::FloatRect&) 03:14:52.682 25393 1 0x2b772cbd3d93 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2b772cbd3d93] 03:14:52.682 25393 2 0x2b7726aff222 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20TransformationMatrix10rectToRectERKNS_9FloatRectES3_+0x48) [0x2b7726aff222] 03:14:52.682 25393 3 0x2b7726aefc29 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore30TextureMapperTiledBackingStore24adjustedTransformForRectERKNS_9FloatRectE+0x51) [0x2b7726aefc29] 03:14:52.682 25393 4 0x2b7726aefca3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore30TextureMapperTiledBackingStore20paintToTextureMapperEPNS_13TextureMapperERKNS_9FloatRectERKNS_20TransformationMatrixEf+0x69) [0x2b7726aefca3] 03:14:52.682 25393 5 0x2b7726ae905f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer9paintSelfERKNS_25TextureMapperPaintOptionsE+0x3c5) [0x2b7726ae905f] 03:14:52.682 25393 6 0x2b7726ae9407 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer20paintSelfAndChildrenERKNS_25TextureMapperPaintOptionsE+0x33) [0x2b7726ae9407] 03:14:52.682 25393 7 0x2b7726ae98d9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer31paintSelfAndChildrenWithReplicaERKNS_25TextureMapperPaintOptionsE+0xf5) [0x2b7726ae98d9] 03:14:52.682 25393 8 0x2b7726aeb4e8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer14paintRecursiveERKNS_25TextureMapperPaintOptionsE+0xa0) [0x2b7726aeb4e8] 03:14:52.682 25393 9 0x2b7726ae95d0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer20paintSelfAndChildrenERKNS_25TextureMapperPaintOptionsE+0x1fc) [0x2b7726ae95d0] 03:14:52.682 25393 10 0x2b7726ae98d9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer31paintSelfAndChildrenWithReplicaERKNS_25TextureMapperPaintOptionsE+0xf5) [0x2b7726ae98d9] 03:14:52.682 25393 11 0x2b7726aeb4e8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer14paintRecursiveERKNS_25TextureMapperPaintOptionsE+0xa0) [0x2b7726aeb4e8] 03:14:52.682 25393 12 0x2b7726ae89dc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer5paintEv+0x78) [0x2b7726ae89dc] 03:14:52.682 25393 13 0x2b7725d9f7ae /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk24compositeLayersToContextENS0_16CompositePurposeE+0x100) [0x2b7725d9f7ae] 03:14:52.682 25393 14 0x2b7725d9f89a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk20flushAndRenderLayersEv+0x9c) [0x2b7725d9f89a] 03:14:52.682 25393 15 0x2b7725d9f2cc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk20layerFlushTimerFiredEv+0x3e) [0x2b7725d9f2cc] 03:14:52.682 25393 16 0x2b7725da0fbd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNKSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEclIJEvEEvPS1_DpOT_+0x65) [0x2b7725da0fbd] 03:14:52.682 25393 17 0x2b7725da0f1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS2_EE6__callIvJEJLm0EEEET_OSt5tupleIJDpT0_EESt12_Index_tupleIJXspT1_EEE+0x48) [0x2b7725da0f1c] 03:14:52.682 25393 18 0x2b7725da0dae /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS2_EEclIJEvEET0_DpOT_+0x28) [0x2b7725da0dae] 03:14:52.682 25393 19 0x2b7725da0aa1 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt17_Function_handlerIFvvESt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS4_EEE9_M_invokeERKSt9_Any_data+0x20) [0x2b7725da0aa1] 03:14:52.682 25393 20 0x2b7725922cde /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x32) [0x2b7725922cde] 03:14:52.683 25393 21 0x2b772cc1c9fb /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0x6d) [0x2b772cc1c9fb] 03:14:52.683 25393 22 0x2b772cc1d0fd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x23) [0x2b772cc1d0fd] 03:14:52.683 25393 23 0x2b772f8662c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x562c8) [0x2b772f8662c8] 03:14:52.683 25393 24 0x2b772f8639ef /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x539ef) [0x2b772f8639ef] 03:14:52.683 25393 25 0x2b772f864758 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x2b772f864758] 03:14:52.683 25393 26 0x2b772f86494a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x5494a) [0x2b772f86494a] 03:14:52.683 25393 27 0x2b772f864d73 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d9) [0x2b772f864d73] 03:14:52.683 25393 28 0x2b77278b674e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0x42) [0x2b77278b674e] 03:14:52.683 25393 29 0x2b7725d9c558 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_10WebProcessENS_14WebProcessMainEEEiiPPc+0x82) [0x2b7725d9c558] 03:14:52.683 25393 30 0x2b7725d9c3c3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebProcessMainUnix+0x20) [0x2b7725d9c3c3] 03:14:52.683 25393 31 0x400c51 /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/WebKitWebProcess(main+0x34) [0x400c51] 03:14:52.687 25270 [1955/33924] animations/matrix-anim.html failed unexpectedly (WebProcess crashed)

Martin Robinson

Comment 4 2015-03-05 10:29:56 PST

Comment on attachment 247954 [details] Patch Okay. This is my suggestion for how to make this order independent: 1. In LayerTreeHostGtk::initialize, exit early if there is no contextID yet, but set a new boolean m_needsLazyInitialization to true. 2. In LayerTreeHostGtk::setNativeSurfaceHandleForCompositing, if m_needsLazyInitialization is true, call ::initialize. 3. Keep the rest of the code in the same position. Hopefully, the issue with LayerTreeHostGtk::compositeLayersToContext will disappear because the first call to scheduleLayerFlush won't happen until ::initialize doesn't return early.

Carlos Garcia Campos

Comment 5 2015-03-05 10:42:32 PST

(In reply to comment #4) > Comment on attachment 247954 [details] > Patch > > Okay. This is my suggestion for how to make this order independent: > > 1. In LayerTreeHostGtk::initialize, exit early if there is no contextID yet, > but set a new boolean m_needsLazyInitialization to true. > 2. In LayerTreeHostGtk::setNativeSurfaceHandleForCompositing, if > m_needsLazyInitialization is true, call ::initialize. > 3. Keep the rest of the code in the same position. > > Hopefully, the issue with LayerTreeHostGtk::compositeLayersToContext will > disappear because the first call to scheduleLayerFlush won't happen until > ::initialize doesn't return early. This is not possible, when the drawing area creates the LayerTreeHost it expects it to be initialized, because the initialize method is called from the ::create(). What would be do in LayerTreeHostGtk::setRootCompositingLayer() for example if we are not initialized yet? Do we need to check it on every single method?.

Carlos Garcia Campos

Comment 6 2015-03-05 11:06:54 PST

Created attachment 247971 [details] Updated patch Added an early return to not schedule layer flushes if the texture mapper hasn't been created yet, as suggested by Martin on IRC.

Martin Robinson

Comment 7 2015-03-05 11:09:03 PST

Comment on attachment 247971 [details] Updated patch View in context: https://bugs.webkit.org/attachment.cgi?id=247971&action=review Looks good! One minor suggestion... > Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:377 > + ASSERT(m_isValid); > + m_textureMapper = TextureMapper::create(TextureMapper::OpenGLMode); Might want to add ASSERT(!m_textureMapper); here as well.

Carlos Garcia Campos

Comment 8 2015-03-05 11:09:36 PST

(In reply to comment #7) > Comment on attachment 247971 [details] > Updated patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=247971&action=review > > Looks good! One minor suggestion... > > > Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:377 > > + ASSERT(m_isValid); > > + m_textureMapper = TextureMapper::create(TextureMapper::OpenGLMode); > > Might want to add ASSERT(!m_textureMapper); here as well. good point!

Carlos Garcia Campos

Comment 9 2015-03-05 22:16:36 PST

Committed r181138: <http://trac.webkit.org/changeset/181138>

Carlos Garcia Campos

Comment 10 2015-03-06 01:11:51 PST

Debug bot is still exiting early after 50 crashes, but I don't see more ASSERTION FAILED: !from.isEmpty() in WebCore::TransformationMatrix::rectToRect, so there must be something else. Maybe bug #142333

Carlos Garcia Campos

Comment 11 2015-03-06 05:17:43 PST

(In reply to comment #10) > Debug bot is still exiting early after 50 crashes, but I don't see more > ASSERTION FAILED: !from.isEmpty() in > WebCore::TransformationMatrix::rectToRect, so there must be something else. > Maybe bug #142333 Ok, current crashes are unrelated, but they were hidden by this ASSERT, I'm bisecting now.

Carlos Garcia Campos

Comment 12 2015-03-06 09:15:07 PST

So, new crashes were because of r181139, that has been recently rolled out.

Note You need to log in before you can comment on or make changes to this bug.