Bug 158373

Summary:

REGRESSION (r201667): ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode)

Product:

WebKit

Reporter:

Ryan Haddad <ryanhaddad>

Component:

HTML Editing

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

enrica, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar, Regression

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=158241
https://bugs.webkit.org/show_bug.cgi?id=158569

Attachments:

Description	Flags
Fixes the bug	none
Archive of layout-test-results from ews114 for mac-yosemite	none
Fixed the test for WK1	bfulgham: review+

Description Ryan Haddad 2016-06-03 17:43:23 PDT

ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode)

Encountered on ios-simulator-wk2 debug
<https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Debug%20WK2%20(Tests)/r201667%20(2376)/results.html>

Full crashlog:
<https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Debug%20WK2%20(Tests)/r201667%20(2376)/editing/selection/selection-invalid-offset-crash-log.txt>

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	0x000000010a0337c7 WTFCrash + 39 (Assertions.cpp:317)
1   com.apple.WebCore             	0x000000010d6c422a WebCore::Position::Position(WTF::PassRefPtr<WebCore::Node>, int, WebCore::Position::AnchorType) + 154 (Position.cpp:130)
2   com.apple.WebCore             	0x000000010d6c42f1 WebCore::Position::Position(WTF::PassRefPtr<WebCore::Node>, int, WebCore::Position::AnchorType) + 33 (Position.cpp:133)
3   com.apple.WebCore             	0x000000010d6c4a89 WebCore::Position::parentAnchoredEquivalent() const + 281 (Position.cpp:236)
4   com.apple.WebCore             	0x000000010e09f5c0 WebCore::VisibleSelection::toNormalizedRange() const + 608 (VisibleSelection.cpp:181)
5   com.apple.WebKit              	0x0000000102c8df55 WebKit::WebPage::platformEditorState(WebCore::Frame&, WebKit::EditorState&, WebKit::WebPage::IncludePostLayoutDataHint) const + 2869 (WebPageIOS.mm:190)
6   com.apple.WebKit              	0x0000000102c42dbc WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const + 1292 (WebPage.cpp:880)
7   com.apple.WebKit              	0x0000000102c5061f WebKit::WebPage::didChangeSelection() + 175 (WebPage.cpp:4720)
8   com.apple.WebKit              	0x0000000102b60a7d WebKit::WebEditorClient::respondToChangedSelection(WebCore::Frame*) + 173 (WebEditorClient.cpp:202)
9   com.apple.WebCore             	0x000000010c5406f6 WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&, unsigned int) + 102 (Editor.cpp:3310)
10  com.apple.WebCore             	0x000000010c786056 WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 1206 (FrameSelection.cpp:328)
11  com.apple.WebCore             	0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335)
12  com.apple.WebCore             	0x000000010c786795 WebCore::FrameSelection::selectFrameElementInParentIfFullySelected() + 885 (FrameSelection.cpp:1884)
13  com.apple.WebCore             	0x000000010c786034 WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 1172 (FrameSelection.cpp:327)
14  com.apple.WebCore             	0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335)
15  com.apple.WebCore             	0x000000010c785e2d WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 653 (FrameSelection.cpp:289)
16  com.apple.WebCore             	0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335)
17  com.apple.WebCore             	0x000000010c784ce3 WebCore::FrameSelection::moveTo(WebCore::Range const*) + 355 (FrameSelection.cpp:162)
18  com.apple.WebCore             	0x000000010c4d882b WebCore::DOMSelection::addRange(WebCore::Range*) + 123 (DOMSelection.cpp:384)
19  com.apple.WebCore             	0x000000010cdcee66 WebCore::jsDOMSelectionPrototypeFunctionAddRange(JSC::ExecState*) + 454 (JSDOMSelection.cpp:522)
20  ???                           	0x0000042b3da31028 0 + 4583764201512
21  JavaScriptCore                	0x0000000109d4e18d llint_entry + 27817
22  JavaScriptCore                	0x0000000109d4e18d llint_entry + 27817
23  JavaScriptCore                	0x0000000109d472ce vmEntryToJavaScript + 334
24  JavaScriptCore                	0x0000000109b5d3ca JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80)
25  JavaScriptCore                	0x0000000109b0e26d JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4301 (Interpreter.cpp:953)
26  JavaScriptCore                	0x00000001095c5bb0 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 480 (Completion.cpp:107)
27  JavaScriptCore                	0x00000001095c5cee JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94 (Completion.cpp:122)
28  com.apple.WebCore             	0x000000010db4385b WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75 (JSMainThreadExecState.h:81)
29  com.apple.WebCore             	0x000000010db417b8 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 312 (ScriptController.cpp:163)
30  com.apple.WebCore             	0x000000010db42d6e WebCore::ScriptController::executeScriptInWorld(WebCore::DOMWrapperWorld&, WTF::String const&, bool) + 270 (ScriptController.cpp:506)
31  com.apple.WebCore             	0x000000010db37a90 WebCore::ScheduledAction::execute(WebCore::Document&) + 352 (ScheduledAction.cpp:127)
32  com.apple.WebCore             	0x000000010db37903 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:78)
33  com.apple.WebCore             	0x000000010c4ddb04 WebCore::DOMTimer::fired() + 1076 (DOMTimer.cpp:351)
34  com.apple.WebCore             	0x000000010df9d43a WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 (ThreadTimers.cpp:124)
35  com.apple.WebCore             	0x000000010df9e681 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:73)
36  com.apple.WebCore             	0x000000010df9e64d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 (__functional_base:441)
37  com.apple.WebCore             	0x000000010df9e5ec std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 (functional:1407)
38  com.apple.WebCore             	0x000000010bd6adea std::__1::function<void ()>::operator()() const + 26 (functional:1793)
39  com.apple.WebCore             	0x000000010d41833f WebCore::MainThreadSharedTimer::fired() + 111 (MainThreadSharedTimer.cpp:53)
40  com.apple.WebCore             	0x000000010d418739 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 (MainThreadSharedTimerCF.cpp:74)
41  com.apple.CoreFoundation      	0x000000010530b074 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
42  com.apple.CoreFoundation      	0x000000010530ac21 __CFRunLoopDoTimer + 1089
43  com.apple.CoreFoundation      	0x00000001052ccb11 __CFRunLoopRun + 1937
44  com.apple.CoreFoundation      	0x00000001052cc0f8 CFRunLoopRunSpecific + 488
45  com.apple.Foundation          	0x000000010228ca31 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267
46  com.apple.Foundation          	0x000000010231ffe1 -[NSRunLoop(NSRunLoop) run] + 74
47  libxpc.dylib                  	0x000000010680c4d4 _xpc_objc_main + 400
48  libxpc.dylib                  	0x000000010680e88e xpc_main + 189
49  com.apple.WebKit.WebContent.Development	0x00000001021b90ef main + 895 (XPCServiceMain.mm:114)
50  libdyld.dylib                 	0x000000010653e92d start + 1

Comment 1 Ryan Haddad 2016-06-03 17:43:56 PDT

Seen with LayoutTest editing/selection/selection-invalid-offset.html

Started after http://trac.webkit.org/changeset/201667

Comment 2 Ryosuke Niwa 2016-06-07 22:21:24 PDT

Created attachment 280770 [details]
Fixes the bug

Comment 3 Radar WebKit Bug Importer 2016-06-07 22:21:44 PDT

<rdar://problem/26690795>

Comment 4 Build Bot 2016-06-07 23:28:45 PDT

Comment on attachment 280770 [details]
Fixes the bug

Attachment 280770 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1463899

New failing tests:
editing/selection/selection-in-iframe-removed-crash.html

Comment 5 Build Bot 2016-06-07 23:28:48 PDT

Created attachment 280776 [details]
Archive of layout-test-results from ews114 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114  Port: mac-yosemite  Platform: Mac OS X 10.10.5

Comment 6 Ryosuke Niwa 2016-06-07 23:33:06 PDT

Created attachment 280778 [details]
Fixed the test for WK1

Comment 7 Brent Fulgham 2016-06-08 09:52:43 PDT

Comment on attachment 280778 [details]
Fixed the test for WK1

View in context: https://bugs.webkit.org/attachment.cgi?id=280778&action=review

r=me.

> Source/WebCore/ChangeLog:4
> +        https://bugs.webkit.org/show_bug.cgi?id=158373

Please add <rdar://problem/26690795>

Comment 8 Ryosuke Niwa 2016-06-08 12:17:54 PDT

Committed r201823: <http://trac.webkit.org/changeset/201823>

Comment 9 Ryan Haddad 2016-06-09 09:47:13 PDT

(In reply to comment #8)
> Committed r201823: <http://trac.webkit.org/changeset/201823>

This change appears to have made editing/selection/selection-in-iframe-removed-crash.html a flaky failure

https://bugs.webkit.org/show_bug.cgi?id=158569