Bug 142345

Summary:

REGRESSION(r180924): ASSERTION FAILED: !from.isEmpty() in WebCore::TransformationMatrix::rectToRect

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mrobinson, zan

Priority:

Keywords:

Gtk, Regression

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Updated patch	mrobinson: review+

Description Carlos Garcia Campos 2015-03-05 08:36:21 PST

It's causing a lot of crashes running the layout tests in the debug bot

Comment 1 Carlos Garcia Campos 2015-03-05 08:41:14 PST

Created attachment 247954 [details]
Patch

Comment 2 Martin Robinson 2015-03-05 09:07:11 PST

Do you mind pasting the stack trace here, so that I can better understand the failure?

Comment 3 Carlos Garcia Campos 2015-03-05 09:20:51 PST

03:14:52.682 25393 worker/1 animations/matrix-anim.html crashed, (stderr lines):
03:14:52.682 25393   ASSERTION FAILED: !from.isEmpty()
03:14:52.682 25393   ../../Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp(1027) : static WebCore::TransformationMatrix WebCore::TransformationMatrix::rectToRect(const WebCore::FloatRect&, const WebCore::FloatRect&)
03:14:52.682 25393   1   0x2b772cbd3d93 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2b772cbd3d93]
03:14:52.682 25393   2   0x2b7726aff222 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20TransformationMatrix10rectToRectERKNS_9FloatRectES3_+0x48) [0x2b7726aff222]
03:14:52.682 25393   3   0x2b7726aefc29 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore30TextureMapperTiledBackingStore24adjustedTransformForRectERKNS_9FloatRectE+0x51) [0x2b7726aefc29]
03:14:52.682 25393   4   0x2b7726aefca3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore30TextureMapperTiledBackingStore20paintToTextureMapperEPNS_13TextureMapperERKNS_9FloatRectERKNS_20TransformationMatrixEf+0x69) [0x2b7726aefca3]
03:14:52.682 25393   5   0x2b7726ae905f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer9paintSelfERKNS_25TextureMapperPaintOptionsE+0x3c5) [0x2b7726ae905f]
03:14:52.682 25393   6   0x2b7726ae9407 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer20paintSelfAndChildrenERKNS_25TextureMapperPaintOptionsE+0x33) [0x2b7726ae9407]
03:14:52.682 25393   7   0x2b7726ae98d9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer31paintSelfAndChildrenWithReplicaERKNS_25TextureMapperPaintOptionsE+0xf5) [0x2b7726ae98d9]
03:14:52.682 25393   8   0x2b7726aeb4e8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer14paintRecursiveERKNS_25TextureMapperPaintOptionsE+0xa0) [0x2b7726aeb4e8]
03:14:52.682 25393   9   0x2b7726ae95d0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer20paintSelfAndChildrenERKNS_25TextureMapperPaintOptionsE+0x1fc) [0x2b7726ae95d0]
03:14:52.682 25393   10  0x2b7726ae98d9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer31paintSelfAndChildrenWithReplicaERKNS_25TextureMapperPaintOptionsE+0xf5) [0x2b7726ae98d9]
03:14:52.682 25393   11  0x2b7726aeb4e8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer14paintRecursiveERKNS_25TextureMapperPaintOptionsE+0xa0) [0x2b7726aeb4e8]
03:14:52.682 25393   12  0x2b7726ae89dc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18TextureMapperLayer5paintEv+0x78) [0x2b7726ae89dc]
03:14:52.682 25393   13  0x2b7725d9f7ae /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk24compositeLayersToContextENS0_16CompositePurposeE+0x100) [0x2b7725d9f7ae]
03:14:52.682 25393   14  0x2b7725d9f89a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk20flushAndRenderLayersEv+0x9c) [0x2b7725d9f89a]
03:14:52.682 25393   15  0x2b7725d9f2cc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16LayerTreeHostGtk20layerFlushTimerFiredEv+0x3e) [0x2b7725d9f2cc]
03:14:52.682 25393   16  0x2b7725da0fbd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNKSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEclIJEvEEvPS1_DpOT_+0x65) [0x2b7725da0fbd]
03:14:52.682 25393   17  0x2b7725da0f1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS2_EE6__callIvJEJLm0EEEET_OSt5tupleIJDpT0_EESt12_Index_tupleIJXspT1_EEE+0x48) [0x2b7725da0f1c]
03:14:52.682 25393   18  0x2b7725da0dae /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS2_EEclIJEvEET0_DpOT_+0x28) [0x2b7725da0dae]
03:14:52.682 25393   19  0x2b7725da0aa1 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNSt17_Function_handlerIFvvESt5_BindIFSt7_Mem_fnIMN6WebKit16LayerTreeHostGtkEFvvEEPS4_EEE9_M_invokeERKSt9_Any_data+0x20) [0x2b7725da0aa1]
03:14:52.682 25393   20  0x2b7725922cde /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x32) [0x2b7725922cde]
03:14:52.683 25393   21  0x2b772cc1c9fb /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0x6d) [0x2b772cc1c9fb]
03:14:52.683 25393   22  0x2b772cc1d0fd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x23) [0x2b772cc1d0fd]
03:14:52.683 25393   23  0x2b772f8662c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x562c8) [0x2b772f8662c8]
03:14:52.683 25393   24  0x2b772f8639ef /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x539ef) [0x2b772f8639ef]
03:14:52.683 25393   25  0x2b772f864758 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x2b772f864758]
03:14:52.683 25393   26  0x2b772f86494a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x5494a) [0x2b772f86494a]
03:14:52.683 25393   27  0x2b772f864d73 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d9) [0x2b772f864d73]
03:14:52.683 25393   28  0x2b77278b674e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0x42) [0x2b77278b674e]
03:14:52.683 25393   29  0x2b7725d9c558 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_10WebProcessENS_14WebProcessMainEEEiiPPc+0x82) [0x2b7725d9c558]
03:14:52.683 25393   30  0x2b7725d9c3c3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebProcessMainUnix+0x20) [0x2b7725d9c3c3]
03:14:52.683 25393   31  0x400c51 /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/WebKitWebProcess(main+0x34) [0x400c51]
03:14:52.687 25270 [1955/33924] animations/matrix-anim.html failed unexpectedly (WebProcess crashed)

Comment 4 Martin Robinson 2015-03-05 10:29:56 PST

Comment on attachment 247954 [details]
Patch

Okay. This is my suggestion for how to make this order independent:

1. In LayerTreeHostGtk::initialize, exit early if there is no contextID yet, but set a new boolean m_needsLazyInitialization to true.
2. In LayerTreeHostGtk::setNativeSurfaceHandleForCompositing, if m_needsLazyInitialization is true, call ::initialize.
3. Keep the rest of the code in the same position.

Hopefully, the issue with LayerTreeHostGtk::compositeLayersToContext will disappear because the first call to scheduleLayerFlush won't happen until ::initialize doesn't return early.

Comment 5 Carlos Garcia Campos 2015-03-05 10:42:32 PST

(In reply to comment #4)
> Comment on attachment 247954 [details]
> Patch
> 
> Okay. This is my suggestion for how to make this order independent:
> 
> 1. In LayerTreeHostGtk::initialize, exit early if there is no contextID yet,
> but set a new boolean m_needsLazyInitialization to true.
> 2. In LayerTreeHostGtk::setNativeSurfaceHandleForCompositing, if
> m_needsLazyInitialization is true, call ::initialize.
> 3. Keep the rest of the code in the same position.
> 
> Hopefully, the issue with LayerTreeHostGtk::compositeLayersToContext will
> disappear because the first call to scheduleLayerFlush won't happen until
> ::initialize doesn't return early.

This is not possible, when the drawing area creates the LayerTreeHost it expects it to be initialized, because the initialize method is called from the ::create(). What would be do in LayerTreeHostGtk::setRootCompositingLayer() for example if we are not initialized yet? Do we need to check it on every single method?.

Comment 6 Carlos Garcia Campos 2015-03-05 11:06:54 PST

Created attachment 247971 [details]
Updated patch

Added an early return to not schedule layer flushes if the texture mapper hasn't been created yet, as suggested by Martin on IRC.

Comment 7 Martin Robinson 2015-03-05 11:09:03 PST

Comment on attachment 247971 [details]
Updated patch

View in context: https://bugs.webkit.org/attachment.cgi?id=247971&action=review

Looks good! One minor suggestion...

> Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:377
> +    ASSERT(m_isValid);
> +    m_textureMapper = TextureMapper::create(TextureMapper::OpenGLMode);

Might want to add ASSERT(!m_textureMapper); here as well.

Comment 8 Carlos Garcia Campos 2015-03-05 11:09:36 PST

(In reply to comment #7)
> Comment on attachment 247971 [details]
> Updated patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=247971&action=review
> 
> Looks good! One minor suggestion...
> 
> > Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:377
> > +    ASSERT(m_isValid);
> > +    m_textureMapper = TextureMapper::create(TextureMapper::OpenGLMode);
> 
> Might want to add ASSERT(!m_textureMapper); here as well.

good point!

Comment 9 Carlos Garcia Campos 2015-03-05 22:16:36 PST

Committed r181138: <http://trac.webkit.org/changeset/181138>

Comment 10 Carlos Garcia Campos 2015-03-06 01:11:51 PST

Debug bot is still exiting early after 50 crashes, but I don't see more ASSERTION FAILED: !from.isEmpty() in WebCore::TransformationMatrix::rectToRect, so there must be something else. Maybe bug #142333

Comment 11 Carlos Garcia Campos 2015-03-06 05:17:43 PST

(In reply to comment #10)
> Debug bot is still exiting early after 50 crashes, but I don't see more
> ASSERTION FAILED: !from.isEmpty() in
> WebCore::TransformationMatrix::rectToRect, so there must be something else.
> Maybe bug #142333

Ok, current crashes are unrelated, but they were hidden by this ASSERT, I'm bisecting now.

Comment 12 Carlos Garcia Campos 2015-03-06 09:15:07 PST

So, new crashes were because of r181139, that has been recently rolled out.