Bug 153576

Summary:

ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result)

Product:

WebKit

Reporter:

Fujii Hironori <fujii.hironori>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, esprehn+autocc, glenn, kondapallykalyan, sabouhallawa, simon.fraser

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=151030
https://bugs.webkit.org/show_bug.cgi?id=155580

Attachments:

Description	Flags
test content	none
patch	none
Patch	none
Patch	none

Fujii Hironori

Reported 2016-01-27 18:52:32 PST

Created attachment 270075 [details] test content ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) trunk@195653, MiniBrowser, Gtk port, Debug build. > fujii@vm-ubuntu $ ./Tools/Scripts/run-minibrowser --gtk ~/tmp/a.html > Starting MiniBrowser. > > (MiniBrowser:7957): GLib-GObject-WARNING **: The property GtkToolButton:stock-id is deprecated and shouldn't be used anymore. It will be removed in a future version. > ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) > ../../Source/WebCore/rendering/RenderGeometryMap.cpp(118) : WebCore::FloatPoint WebCore::RenderGeometryMap::mapToContainer(const WebCore::FloatPoint&, const WebCore::RenderLayerModelObject*) const > 1 0x7fa703f110e1 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7fa703f110e1] > 2 0x7fa70da25b39 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore17RenderGeometryMap14mapToContainerERKNS_10FloatPointEPKNS_22RenderLayerModelObjectE+0x223) [0x7fa70da25b39] > 3 0x7fa70da78624 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore17RenderGeometryMap13absolutePointERKNS_10FloatPointE+0x28) [0x7fa70da78624] > 4 0x7fa70da57a66 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0xda) [0x7fa70da57a66] > 5 0x7fa70da57f4f /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0x5c3) [0x7fa70da57f4f] > 6 0x7fa70da57f4f /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0x5c3) [0x7fa70da57f4f] > 7 0x7fa70da57f4f /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderLayer20updateLayerPositionsEPNS_17RenderGeometryMapEj+0x5c3) [0x7fa70da57f4f] > 8 0x7fa70da5793f /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderLayer31updateLayerPositionsAfterLayoutEPKS0_j+0x9d) [0x7fa70da5793f] > 9 0x7fa70d630a13 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore9FrameView6layoutEb+0x10a3) [0x7fa70d630a13] > 10 0x7fa70cf4b7e6 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore8Document33updateLayoutIfDimensionsOutOfDateERNS_7ElementENS_15DimensionsCheckE+0x586) [0x7fa70cf4b7e6] > 11 0x7fa70cfbd6c1 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore7Element11offsetWidthEv+0x3f) [0x7fa70cfbd6c1] > 12 0x7fa70e17b890 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20jsElementOffsetWidthEPN3JSC9ExecStateEPNS0_8JSObjectElNS0_12PropertyNameE+0xb9) [0x7fa70e17b890] > 13 0x7fa70c5b1a61 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK3JSC12PropertySlot8getValueEPNS_9ExecStateENS_12PropertyNameE+0x93) [0x7fa70c5b1a61] > 14 0x7fa70cc61d37 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK3JSC7JSValue3getEPNS_9ExecStateENS_12PropertyNameERNS_12PropertySlotE+0x4b) [0x7fa70cc61d37] > 15 0x7fa703dcb54b /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x19f454b) [0x7fa703dcb54b] > 16 0x7fa703dd71a9 /home/fujii/work/webkit/github/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1a001a9) [0x7fa703dd71a9] > fujii@vm-ubuntu $

Attachments
test content (806 bytes, text/html) 2016-01-27 18:52 PST, Fujii Hironori	no flags	Details
patch (1.72 KB, patch) 2016-01-29 02:38 PST, Fujii Hironori	no flags	Details Formatted Diff Diff
Patch (5.05 KB, patch) 2016-02-01 18:45 PST, Fujii Hironori	no flags	Details Formatted Diff Diff
Patch (5.01 KB, patch) 2016-02-02 17:37 PST, Fujii Hironori	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2016-01-27 18:54:23 PST

I guess this seems a same problem with a following bug: Bug 151030 – ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result) in WebCore::RenderGeometryMap::mapToContainer

Said Abou-Hallawa

Comment 2 2016-01-28 11:34:09 PST

In general I think using the roundIntPoint() for this assertion does not seem right. For example if we have, rendererMappedResult={2.4999, 3} and result={2.5, 3}, the assertion will fail although it should not. Maybe we can use something like: ASSERT((rendererMappedResult - result).lengthSquared() < some_epsilon); But we may have another bug which makes RenderGeometryMap::mapToContainer() returns inconsistent values.

Fujii Hironori

Comment 3 2016-01-29 02:38:01 PST

Created attachment 270196 [details] patch This seems caused by the uniqueness of LayoutUnit::round introduced by the following bug: Bug 107208 – LayoutUnit should round half consistently, not away from zero LayoutUnit::round of -1.5 is -1, not -2. Should convert to LayoutPoint once because of the uniqueness of LayoutUnit::round. This patch does not solve Bug 151030, it seems different bug.

Fujii Hironori

Comment 4 2016-02-01 18:45:24 PST

Created attachment 270462 [details] Patch

Darin Adler

Comment 5 2016-02-02 16:34:58 PST

Comment on attachment 270462 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270462&action=review Please post a new version of the patch with the unnecessary #if/#endif pairs removed. > Source/WebCore/rendering/RenderGeometryMap.cpp:113 > +#if !ASSERT_DISABLED This #if is not needed and should not be added. ASSERT takes care of this already. > Source/WebCore/rendering/RenderGeometryMap.cpp:121 > #if !ASSERT_DISABLED This #if is no longer needed and should be removed. It was here because of the code outside the assert that has now been moved elsewhere. ASSERT takes care of this already.

Fujii Hironori

Comment 6 2016-02-02 17:37:03 PST

Created attachment 270533 [details] Patch

Fujii Hironori

Comment 7 2016-02-02 17:38:28 PST

(In reply to comment #5) > Please post a new version of the patch with the unnecessary #if/#endif pairs > removed. Thank you for reviewing. I updated the patch.

WebKit Commit Bot

Comment 8 2016-02-02 23:01:34 PST

Comment on attachment 270533 [details] Patch Clearing flags on attachment: 270533 Committed r196052: <http://trac.webkit.org/changeset/196052>

WebKit Commit Bot

Comment 9 2016-02-02 23:01:38 PST

All reviewed patches have been landed. Closing bug.

Alex Christensen

Comment 10 2016-03-16 14:58:44 PDT

Comment on attachment 270533 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270533&action=review > Source/WebCore/rendering/RenderGeometryMap.cpp:119 > + ASSERT(rendererMappedResult == result); This assertion fails after logging in on drive.google.com. The values are close, but not equal.

Fujii Hironori

Comment 11 2016-03-17 01:35:37 PDT

I'm sorry. Filed another bug: Bug 155580 – ASSERTION FAILED: rendererMappedResult == result in RenderGeometryMap::mapToContainer

Note You need to log in before you can comment on or make changes to this bug.