Bug 180785
| Summary: | ASSERT in RenderLayer::updateLayerPositionsAfterScroll using icloud.com - cached rects incorrect | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Joseph Pecoraro <joepeck> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | bfulgham, hyatt, joepeck, simon.fraser, zalan |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Joseph Pecoraro
ASSERT in RenderLayer::updateLayerPositionsAfterScroll using icloud.com - cached rects incorrect
Seen on WebKit r225753. Logged into icloud.com, resized the page, clicked an icon => ASSERT.
ASSERTION FAILED: !renderer().hasRepaintLayoutRects() || renderer().repaintLayoutRects().m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint())
Source/WebCore/rendering/RenderLayer.cpp(940) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap *, UpdateLayerPositionsAfterScrollFlags)
1 0x3d78a382d WTFCrash
2 0x3cacf0ca6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
3 0x3cacf0df6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
4 0x3cacf0df6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
5 0x3cacf0df6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
6 0x3cacf0df6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
7 0x3cacf0df6 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int)
8 0x3cacf08fa WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll()
9 0x3ca565dc0 WebCore::FrameView::updateLayerPositionsAfterScrolling()
10 0x3ca6fdf0c WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&)
11 0x3ca6fe1c4 WebCore::ScrollView::scrollTo(WebCore::IntPoint const&)
12 0x3ca56a6c4 WebCore::FrameView::scrollTo(WebCore::IntPoint const&)
13 0x3ca6fda13 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&)
14 0x3ca6fdb0c non-virtual thunk to WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&)
15 0x3ca703e8f WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&)
16 0x3ca703ddf WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&)
17 0x3ca6ca3a8 WebCore::AsyncScrollingCoordinator::reconcileScrollingState(WebCore::FrameView&, WebCore::FloatPoint const&, WTF::Variant<std::optional<WebCore::FloatPoint>, std::optional<WebCore::FloatRect> > const&, bool, WebCore::ViewportRectStability, WebCore::ScrollingLayerPositionAction)
18 0x3ca6c97a4 WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll(unsigned long long, WebCore::FloatPoint const&, std::optional<WebCore::FloatPoint>, bool, WebCore::ScrollingLayerPositionAction)
19 0x3ca6c8163 WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScrollTimerFired()
20 0x3ca6d2591 WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::AsyncScrollingCoordinator::*&)(), WebCore::AsyncScrollingCoordinator*> >::call()
21 0x3c800f48b WTF::Function<void ()>::operator()() const
22 0x3c80893c9 WebCore::Timer::fired()
23 0x3ca71b864 WebCore::ThreadTimers::sharedTimerFiredInternal()
24 0x3ca730141 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
25 0x3ca7300f9 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call()
26 0x3c800f48b WTF::Function<void ()>::operator()() const
27 0x3ca6f2fd5 WebCore::MainThreadSharedTimer::fired()
28 0x3ca792f59 WebCore::timerFired(__CFRunLoopTimer*, void*)
...
LLDB session:
> (lldb) bt 10
> * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
> frame #0: 0x00000003d78a3834 JavaScriptCore`::WTFCrash() at Assertions.cpp:272
> * frame #1: 0x00000003cacf0ca6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003e1ed1000, geometryMap=0x00007ffeea1809c0, flags=4) at RenderLayer.cpp:940
> frame #2: 0x00000003cacf0df6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003e72f15f0, geometryMap=0x00007ffeea1809c0, flags=4) at RenderLayer.cpp:945
> frame #3: 0x00000003cacf0df6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003e251a720, geometryMap=0x00007ffeea1809c0, flags=4) at RenderLayer.cpp:945
> frame #4: 0x00000003cacf0df6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003ebade850, geometryMap=0x00007ffeea1809c0, flags=0) at RenderLayer.cpp:945
> frame #5: 0x00000003cacf0df6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003ebadfd10, geometryMap=0x00007ffeea1809c0, flags=0) at RenderLayer.cpp:945
> frame #6: 0x00000003cacf0df6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003ebadfbe0, geometryMap=0x00007ffeea1809c0, flags=0) at RenderLayer.cpp:945
> frame #7: 0x00000003cacf08fa WebCore`WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll(this=0x00000003ebadfbe0) at RenderLayer.cpp:887
> frame #8: 0x00000003ca565dc0 WebCore`WebCore::FrameView::updateLayerPositionsAfterScrolling(this=0x00000003e66f5a00) at FrameView.cpp:2389
> frame #9: 0x00000003ca6fdf0c WebCore`WebCore::ScrollView::completeUpdatesAfterScrollTo(this=0x00000003e66f5a00, scrollDelta=0x00007ffeea180ea0) at ScrollView.cpp:472
>
> (lldb) f
> frame #1: 0x00000003cacf0ca6 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterScroll(this=0x00000003e1ed1000, geometryMap=0x00007ffeea1809c0, flags=4) at RenderLayer.cpp:940
> 937 computeRepaintRects(renderer().containerForRepaint(), geometryMap);
> 938 } else {
> 939 // Check that our cached rects are correct.
> -> 940 ASSERT(!renderer().hasRepaintLayoutRects() || renderer().repaintLayoutRects().m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()));
> 941 ASSERT(!renderer().hasRepaintLayoutRects() || renderer().repaintLayoutRects().m_outlineBox == renderer().outlineBoundsForRepaint(renderer().containerForRepaint()));
> 942 }
> 943
>
> (lldb) p renderer().hasRepaintLayoutRects()
> (bool) $0 = true
>
> (lldb) p renderer().repaintLayoutRects()
> (WebCore::RepaintLayoutRects) $1 = {
> m_repaintRect = (m_location = { x = 1168px (74752), y = 356px (22784) }, m_size = { width = 141px (9024), height = 141px (9024) })
> m_outlineBox = (m_location = { x = 1169px (74816), y = 357px (22848) }, m_size = { width = 140px (8960), height = 139px (8896) })
> }
>
> (lldb) p renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint())
> (WebCore::LayoutRect) $2 = (m_location = { x = 0.015625px (1), y = 0px (0) }, m_size = { width = -5.74259e+06px (-367525888), height = 511.969px (32766) })
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Joseph Pecoraro
I had Web Inspector open and docked to the bottom, I'm not sure if that impacts this.