Bug 239838

Summary:

ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex in WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns

Product:

WebKit

Reporter:

Fujii Hironori <Hironori.Fujii>

Component:

Layout and Rendering

Assignee:

zalan <zalan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, darin, koivisto, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

239879, 239886

Bug Blocks:

Attachments:

Description	Flags
a bit simplified content	none
Test reduction	none
Patch	ews-feeder: commit-queue-
Patch	ews-feeder: commit-queue-
[fast-cq]Patch	none

Fujii Hironori

Reported 2022-04-27 21:10:12 PDT

WinCairo WK2 Debug (250070@main) is failing an assertion by visiting the following page. https://news.yahoo.co.jp/articles/b046398e0a80d63a04221c45d2d2049ca22a5d41 ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex C:\home\webkit\gb\Source\WebCore\layout/formattingContexts/inline/InlineContentBreaker.cpp(581) : WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns callstack: > WTF.dll!WTFCrash() Line 322 C++ > WebKit2.dll!WTFCrashWithInfo(int __formal, const char * __formal, const char * __formal, int __formal) Line 749 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns(const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus, const WTF::Vector<WebCore::Layout::InlineContentBreaker::ContinuousContent::Run,3,WTF::CrashOnOverflow,16,WTF::FastMalloc> & runs, unsigned __int64 overflowingRunIndex, float nonOverflowingContentWidth) Line 581 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processOverflowingContentWithText(const WebCore::Layout::InlineContentBreaker::ContinuousContent & continuousContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 626 C++ > WebKit2.dll!`WebCore::Layout::InlineContentBreaker::processOverflowingContent'::`21'::<lambda_2>::operator()() Line 197 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processOverflowingContent(const WebCore::Layout::InlineContentBreaker::ContinuousContent & overflowContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 231 C++ > WebKit2.dll!`WebCore::Layout::InlineContentBreaker::processInlineContent'::`2'::<lambda_1>::operator()() Line 138 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processInlineContent(const WebCore::Layout::InlineContentBreaker::ContinuousContent & candidateContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 142 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::handleInlineContent(WebCore::Layout::InlineContentBreaker & inlineContentBreaker, const WebCore::Layout::LineBuilder::InlineItemRange & layoutRange, const WebCore::Layout::LineCandidate & lineCandidate) Line 944 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::placeInlineContent(const WebCore::Layout::LineBuilder::InlineItemRange & needsLayoutRange) Line 492 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::computedIntrinsicWidth(const WebCore::Layout::LineBuilder::InlineItemRange & needsLayoutRange, const std::optional<WebCore::Layout::LineBuilder::PreviousLine> & previousLine) Line 407 C++ > WebKit2.dll!WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthForConstraint(WebCore::Layout::IntrinsicWidthMode intrinsicWidthMode) Line 440 C++ > WebKit2.dll!WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraintsForIntegration() Line 170 C++ > WebKit2.dll!WebCore::LayoutIntegration::LineLayout::computeIntrinsicWidthConstraints() Line 363 C++ > WebKit2.dll!WebCore::RenderBlockFlow::tryComputePreferredWidthsUsingModernPath(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 4477 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 4089 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 351 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::minPreferredLogicalWidth() Line 1188 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2403 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & childObject, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 246 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2432 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 136 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::minPreferredLogicalWidth() Line 1188 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2403 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2432 C++ > WebKit2.dll!WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 2356 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 356 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::maxPreferredLogicalWidth() Line 1197 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeFlexBaseSizeForChild(WebCore::RenderBox & child, WebCore::LayoutUnit mainAxisBorderAndPadding, bool relayoutChildren) Line 1119 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::constructFlexItem(WebCore::RenderBox & child, bool relayoutChildren) Line 1507 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutFlexItems(bool relayoutChildren) Line 1149 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit __formal) Line 401 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderElement::layoutIfNeeded() Line 138 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit & crossAxisOffset, WTF::Vector<WebCore::FlexItem,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> & children, WebCore::LayoutUnit availableFreeSpace, bool relayoutChildren, WTF::Vector<WebCore::RenderFlexibleBox::LineContext,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> & lineContexts, WebCore::LayoutUnit gapBetweenItems) Line 2023 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutFlexItems(bool relayoutChildren) Line 1195 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit __formal) Line 401 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderView::layout() Line 189 C++ > WebKit2.dll!WebCore::FrameViewLayoutContext::layout() Line 237 C++ > WebKit2.dll!WebCore::Document::updateLayout() Line 2249 C++ > WebKit2.dll!WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element & element, WebCore::DimensionsCheck dimensionsCheck) Line 2405 C++ > WebKit2.dll!WebCore::DOMWindow::innerWidth() Line 1314 C++ > WebKit2.dll!WebCore::jsDOMWindow_innerWidthGetter(JSC::JSGlobalObject & lexicalGlobalObject, WebCore::JSDOMWindow & thisObject) Line 11279 C++ > WebKit2.dll!WebCore::IDLAttribute<WebCore::JSDOMWindow>::get<&WebCore::jsDOMWindow_innerWidthGetter,0>(JSC::JSGlobalObject & lexicalGlobalObject, __int64 thisValue, JSC::PropertyName attributeName) Line 100 C++ > WebKit2.dll!WebCore::jsDOMWindow_innerWidth(JSC::JSGlobalObject * lexicalGlobalObject, __int64 thisValue, JSC::PropertyName attributeName) Line 11285 C++ > JavaScriptCore.dll!JSC::PropertySlot::customGetter(JSC::VM & vm, JSC::PropertyName propertyName) Line 47 C++ > JavaScriptCore.dll!JSC::PropertySlot::getValue(JSC::JSGlobalObject * globalObject, JSC::PropertyName propertyName) Line 408 C++ > JavaScriptCore.dll!JSC::JSValue::get(JSC::JSGlobalObject * globalObject, JSC::PropertyName propertyName, JSC::PropertySlot & slot) Line 1021 C++ > JavaScriptCore.dll!JSC::LLInt::performLLIntGetByID(const JSC::BaseInstruction<JSC::JSOpcodeTraits> * pc, JSC::CodeBlock * codeBlock, JSC::JSGlobalObject * globalObject, JSC::JSValue baseValue, const JSC::Identifier & ident, JSC::GetByIdModeMetadata & metadata) Line 815 C++ > JavaScriptCore.dll!llint_slow_path_get_by_id(JSC::CallFrame * callFrame, const JSC::BaseInstruction<JSC::JSOpcodeTraits> * pc) Line 889 C++ > [External Code]

Attachments
a bit simplified content (74.05 KB, application/x-zip-compressed) 2022-04-27 22:06 PDT, Fujii Hironori	no flags	Details
Test reduction (206 bytes, text/html) 2022-04-28 10:02 PDT, zalan	no flags	Details
Patch (6.48 KB, patch) 2022-04-29 06:54 PDT, zalan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (6.48 KB, patch) 2022-04-30 06:52 PDT, zalan	ews-feeder: commit-queue-	Details Formatted Diff Diff
[fast-cq]Patch (6.95 KB, patch) 2022-04-30 07:03 PDT, zalan	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2022-04-27 21:11:56 PDT

trailingRunIndex was 0, and overflowingRunIndex was 1.

Fujii Hironori

Comment 2 2022-04-27 22:06:27 PDT

Created attachment 458491 [details] a bit simplified content

zalan

Comment 3 2022-04-28 05:41:09 PDT

I can repro the assertion with MiniBrowser loading the simplified content.

Radar WebKit Bug Importer

Comment 4 2022-04-28 05:41:31 PDT

<rdar://problem/92455051>

zalan

Comment 5 2022-04-28 10:02:44 PDT

Created attachment 458532 [details] Test reduction

zalan

Comment 6 2022-04-29 06:54:42 PDT

Created attachment 458586 [details] Patch

zalan

Comment 7 2022-04-30 06:52:43 PDT

Created attachment 458632 [details] Patch

zalan

Comment 8 2022-04-30 07:03:40 PDT

Created attachment 458633 [details] [fast-cq]Patch

EWS

Comment 9 2022-04-30 08:31:30 PDT

Committed r293646 (250150@main): <https://commits.webkit.org/250150@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 458633 [details].

Darin Adler

Comment 10 2022-04-30 21:31:35 PDT

Comment on attachment 458633 [details] [fast-cq]Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458633&action=review Some code style questions > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:410 > + auto overflow = std::optional<PartialContent> { }; Another way to write this is: std::optional<PartialContent> overflow; Antti, do you really prefer the auto style for this specific case? > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:63 > std::optional<PartialContent> partialOverflowingContent { }; Don’t think we need "{ }" here. > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:65 > + std::optional<InlineLayoutUnit> trailingOverflowingContentWidth { }; Was this change really needed? I’m pretty sure that std::optional objects are initialized to std::nullopt without requiring any { }. > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:91 > + std::optional<PartialContent> partialOverflowingContent { }; Don’t think we need "{ }" here.

zalan

Comment 11 2022-05-01 18:24:31 PDT

> > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:63 > > std::optional<PartialContent> partialOverflowingContent { }; > > Don’t think we need "{ }" here. > > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:65 > > + std::optional<InlineLayoutUnit> trailingOverflowingContentWidth { }; > > Was this change really needed? I’m pretty sure that std::optional objects > are initialized to std::nullopt without requiring any { }. > > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:91 > > + std::optional<PartialContent> partialOverflowingContent { }; > > Don’t think we need "{ }" here. EWS complained about it (see the first version of the patch) ./layout/formattingContexts/inline/InlineFormattingContext.cpp:438:139: error: missing field 'trailingOverflowingContentWidth' initializer [-Werror,-Wmissing-field-initializers] > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:410 > > + auto overflow = std::optional<PartialContent> { }; > > Another way to write this is: > > std::optional<PartialContent> overflow; > > Antti, do you really prefer the auto style for this specific case? Not sure about Antti, but the reason why I write it this way is simply for esthetic reasons e.g. auto overflow = std::optional<PartialContent> { }; auto logicalRect = LayoutRect { x, y, width, height }; vs. std::optional<PartialContent> overflow; auto logicalRect = LayoutRect { x, y, width, height };

Antti Koivisto

Comment 12 2022-05-02 06:05:47 PDT

Don't know why my opinion is important here but I agree with Alan that consistency is often preferable.

Darin Adler

Comment 13 2022-05-02 09:43:05 PDT

(In reply to zalan from comment #11) > EWS complained about it (see the first version of the patch) > ./layout/formattingContexts/inline/InlineFormattingContext.cpp:438:139: > error: missing field 'trailingOverflowingContentWidth' initializer > [-Werror,-Wmissing-field-initializers] Got it: if the compiler says it’s needed, I guess I am wrong. > Not sure about Antti, but the reason why I write it this way is simply for > esthetic reasons > > e.g. > auto overflow = std::optional<PartialContent> { }; > auto logicalRect = LayoutRect { x, y, width, height }; That sounds fine.

Note You need to log in before you can comment on or make changes to this bug.