Bug 44287

Summary: Assertion failure in FrameView::layout when clicking on a YouTube video on youtube.com front page
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: Layout and RenderingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, ap, hyatt, mitz, sam, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://youtube.com/
Attachments:
Description Flags
Patch mitz: review+

Description Adam Roben (:aroben) 2010-08-19 12:18:54 PDT 
To reproduce:

1. Go to http://youtube.com/
2. Click on a video

You'll hit this assertion in FrameView::layout:

    ASSERT(m_frame->view() == this);

The code bails out at this point in a Release build. Continuing past the assertion shows that the page seems to load OK (though it uses a windowed plugin which we don't yet support, so it's hard to say for sure). I don't know if this can be reproduced on Mac; I haven't been able to get plugins to work at all in WebKit2 on Mac so far.

Here's the backtrace:


>	WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 635 + 0x36 bytes	C++
 	WebKit.dll!WebCore::RenderWidget::updateWidgetPosition()  Line 355	C++
 	WebKit.dll!WebCore::RenderView::updateWidgetPositions()  Line 588 + 0x13 bytes	C++
 	WebKit.dll!WebCore::FrameView::performPostLayoutTasks()  Line 1611	C++
 	WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 833	C++
 	WebKit.dll!WebCore::Document::updateLayout()  Line 1519	C++
 	WebKit.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets()  Line 1551	C++
 	WebKit.dll!WebCore::HTMLEmbedElement::renderWidgetForJSBindings()  Line 73	C++
 	WebKit.dll!WebCore::HTMLPlugInElement::pluginWidget()  Line 103 + 0x12 bytes	C++
 	WebKit.dll!WebCore::pluginScriptObjectFromPluginViewBase(WebCore::HTMLPlugInElement * pluginElement=0x049def58, JSC::JSGlobalObject * globalObject=0x04208fc0)  Line 60 + 0x8 bytes	C++
 	WebKit.dll!WebCore::pluginScriptObject(JSC::ExecState * exec=0x03dd0528, WebCore::JSHTMLElement * jsHTMLElement=0x04a9cc40)  Line 90 + 0x12 bytes	C++
 	WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x04a9cc40)  Line 115 + 0xd bytes	C++
 	WebKit.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 38 + 0x15 bytes	C++
 	WebKit.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 157 + 0x14 bytes	C++
 	JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 404 + 0x1b bytes	C++
 	JavaScriptCore.dll!JSC::JSValue::get(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 658 + 0x14 bytes	C++
 	JavaScriptCore.dll!cti_op_get_by_id_proto_list(void * * args=0x0012f080)  Line 1649	C++
 	JavaScriptCore.dll!@cti_op_create_this@4()  + 0x1ef bytes	C++
 	JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x01e70fcc, JSC::ExecState * callFrame=0x03dd0048, JSC::JSGlobalData * globalData=0x01e65c50, JSC::JSValue * exception=0x01e66b88)  Line 77 + 0x24 bytes	C++
 	JavaScriptCore.dll!JSC::Interpreter::executeCall(JSC::ExecState * callFrame=0x04929768, JSC::JSObject * function=0x04225280, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}, JSC::JSValue * exception=0x01e66b88)  Line 780 + 0x2e bytes	C++
 	JavaScriptCore.dll!JSC::call(JSC::ExecState * exec=0x04929768, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})  Line 38 + 0x45 bytes	C++
 	WebKit.dll!WebCore::JSMainThreadExecState::call(JSC::ExecState * exec=0x04929768, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})  Line 48 + 0x29 bytes	C++
 	WebKit.dll!WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext * scriptExecutionContext=, WebCore::Event * event=)  Line 124 + 0x6a bytes	C++
 	WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x04754ee0, WebCore::EventTargetData * d=0x048dd644, WTF::Vector<WebCore::RegisteredEventListener,1> & entry=[1]({listener=0x0493e7c8 {m_jsFunction=0x04225280 m_wrapper={...} m_isAttribute=false ...} useCapture=true }))  Line 339 + 0x35 bytes	C++
 	WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x04754ee0)  Line 305	C++
 	WebKit.dll!WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}, WTF::PassRefPtr<WebCore::EventTarget> prpTarget={...})  Line 1522 + 0x11 bytes	C++
 	WebKit.dll!WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy unloadEventPolicy=UnloadEventPolicyUnloadAndPageHide, WebCore::DatabasePolicy databasePolicy=DatabasePolicyStop)  Line 388	C++
 	WebKit.dll!WebCore::FrameLoader::closeURL()  Line 464	C++
 	WebKit.dll!WebCore::FrameLoader::detachFromParent()  Line 2575	C++
 	WebKit.dll!WebCore::FrameLoader::detachChildren()  Line 2492 + 0xf bytes	C++
 	WebKit.dll!WebCore::FrameLoader::detachFromParent()  Line 2580	C++
 	WebKit.dll!WebCore::FrameLoader::detachChildren()  Line 2492 + 0xf bytes	C++
 	WebKit.dll!WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader * loader=0x049cd518)  Line 1757	C++
 	WebKit.dll!WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage> cachedPage={...})  Line 1929	C++
 	WebKit.dll!WebCore::FrameLoader::commitProvisionalLoad()  Line 1848	C++
 	WebKit.dll!WebCore::DocumentLoader::commitIfReady()  Line 261	C++
 	WebKit.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x05e33b20, int length=1623)  Line 280	C++
 	WebKit.dll!WebCore::DocumentLoader::receivedData(const char * data=0x05e33b20, int length=1623)  Line 294	C++
 	WebKit.dll!WebCore::FrameLoader::receivedData(const char * data=0x05e33b20, int length=1623)  Line 1498	C++
 	WebKit.dll!WebCore::MainResourceLoader::addData(const char * data=0x05e33b20, int length=1623, bool allAtOnce=false)  Line 150	C++
 	WebKit.dll!WebCore::ResourceLoader::didReceiveData(const char * data=0x05e33b20, int length=1623, __int64 lengthReceived=1623, bool allAtOnce=false)  Line 260 + 0x1b bytes	C++
 	WebKit.dll!WebCore::MainResourceLoader::didReceiveData(const char * data=0x05e33b20, int length=1623, __int64 lengthReceived=1623, bool allAtOnce=false)  Line 421	C++
 	WebKit.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x05e32020, const char * data=0x05e33b20, int length=1623, int lengthReceived=1623)  Line 431 + 0x1f bytes	C++
 	WebKit.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x042d3850, const __CFData * data=0x05e62770, long originalLength=1623, const void * clientInfo=0x05e32020)  Line 214 + 0x2a bytes	C++
Comment 1 Adam Roben (:aroben) 2010-08-19 12:19:34 PDT 
<rdar://problem/8330881>
Comment 2 Simon Fraser (smfr) 2010-08-19 12:27:12 PDT 
Bug 43152 is about this same assertion.
Comment 3 Adam Roben (:aroben) 2010-08-19 12:29:20 PDT 
It looks like m_frame->view() is null when the assertion fails.
Comment 4 Simon Fraser (smfr) 2010-08-19 14:57:00 PDT 
It seems bad that renderWidgetForJSBindings() causes layout to happen.
Comment 5 Alexey Proskuryakov 2010-08-19 15:26:21 PDT 
Bug 36675 sounded remotely related, FWIW.
Comment 6 Simon Fraser (smfr) 2010-09-13 10:28:26 PDT 
I see this on Mac too, also in old WebKit.
Comment 7 Simon Fraser (smfr) 2010-11-01 16:01:50 PDT 
Created attachment 72583 [details]
Patch
Comment 8 Simon Fraser (smfr) 2010-11-01 16:42:49 PDT 
http://trac.webkit.org/changeset/71074