Bug 81002

Summary: ASSERTION FAILED: m_purgePreventCount in FontCache::getCachedFontData running svg/custom/animate-disallowed-use-element.svg
Product: WebKit Reporter: Nikolas Zimmermann <zimmermann>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz, simon.fraser, thorton, webkit-bug-importer, zimmermann
Priority: P2 Keywords: InRadar, MakingBotsRed
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch simon.fraser: review+

Description Nikolas Zimmermann 2012-03-13 09:08:48 PDT 
I sometimes see this assertion when using nrwt --tolerance 0 -p svg. Probably a FontCachePurgePreventer call missing somewhere. should be easy to fix.

ASSERTION FAILED: m_purgePreventCount
/Users/nzimmermann/Coding/WebKit/Source/WebCore/platform/graphics/FontCache.cpp(280) : WebCore::SimpleFontData *WebCore::FontCache::getCachedFontData(const WebCore::FontPlatformData *, WebCore::FontCache::ShouldRetain)
1   0x10ec70004 WebCore::FontCache::getCachedFontData(WebCore::FontPlatformData const*, WebCore::FontCache::ShouldRetain)
2   0x10ec80611 WebCore::FontCache::getFontDataForCharacters(WebCore::Font const&, unsigned short const*, int)
3   0x10ec86c3d WebCore::Font::glyphDataAndPageForCharacter(int, bool, WebCore::FontDataVariant) const
4   0x10f9a9dc9 WebCore::SVGTextRunRenderingContext::glyphDataForCharacter(WebCore::Font const&, WebCore::TextRun const&, WebCore::WidthIterator&, int, bool, int, unsigned int&)
5   0x10fe3efe6 WebCore::WidthIterator::glyphDataForCharacter(int, bool, int, unsigned int&)
6   0x10fe3f309 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*)
7   0x10f9aaf11 WebCore::SVGTextMetricsBuilder::advanceSimpleText()
8   0x10f9aac9c WebCore::SVGTextMetricsBuilder::advance()
9   0x10f9ab4d7 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
10  0x10f9ab908 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
11  0x10f9ab952 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
12  0x10f9a476e WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*)
13  0x10f99162f WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*)
14  0x10f97a87b WebCore::RenderSVGText::rebuildLayoutAttributes(WTF::Vector<WebCore::SVGTextLayoutAttributes*, 0ul>&)
15  0x10f97a5ee WebCore::RenderSVGInlineText::willBeDestroyed()
16  0x10f94150d WebCore::RenderObject::destroy()
17  0x10f9413fd WebCore::RenderObject::destroyAndCleanupAnonymousWrappers()
18  0x10f6f4d14 WebCore::Node::detach()
19  0x10e79a3e7 WebCore::ContainerNode::detachChildren()
20  0x10e797e09 WebCore::ContainerNode::detach()
21  0x10ebe46f2 WebCore::Element::detach()
22  0x10e79a3e7 WebCore::ContainerNode::detachChildren()
23  0x10e797e09 WebCore::ContainerNode::detach()
24  0x10ebe46f2 WebCore::Element::detach()
25  0x10e79a3e7 WebCore::ContainerNode::detachChildren()
26  0x10e797e09 WebCore::ContainerNode::detach()
27  0x10ebe46f2 WebCore::Element::detach()
28  0x10e79a3e7 WebCore::ContainerNode::detachChildren()
29  0x10e797e09 WebCore::ContainerNode::detach()
30  0x10ebe46f2 WebCore::Element::detach()
31  0x10e79a3e7 WebCore::ContainerNode::detachChildren()
Segmentation fault: 11
No leak checking done: At least one WebView is still open.
Comment 1 Nikolas Zimmermann 2012-04-01 05:47:03 PDT 
*** Bug 82815 has been marked as a duplicate of this bug. ***
Comment 2 Nikolas Zimmermann 2012-04-01 05:50:06 PDT 
I'll try to find a way to make this reproducible.
Comment 3 Simon Fraser (smfr) 2012-04-01 11:04:38 PDT 
This is causing crashes on the debug bots.

I question why all the work is being done under willBeDestroyed() though. Looks like useless work
Comment 4 Nikolas Zimmermann 2012-04-01 11:17:58 PDT 
(In reply to comment #3)
> This is causing crashes on the debug bots.
> 
> I question why all the work is being done under willBeDestroyed() though. Looks like useless work
In case you missed my comment from the other bug report 82815, the work done there is absolutely needed when removing eg. tspan children dynamically from a text subtree - it's an optimization actually, to avoid rebuilding the whole text tree upon the next layout, if only a child got removed. Part of that logic lives in willBeDestroyed(). I think Tim knows what this is about as well.
Comment 5 Tim Horton 2012-04-02 13:29:38 PDT 
smfr, from the dupe:

> I think there's a documentBeingDestroyed that you could consult.
Comment 6 Radar WebKit Bug Importer 2012-04-02 13:55:35 PDT 
<rdar://problem/11168969>
Comment 7 Tim Horton 2012-04-02 14:06:25 PDT 
Created attachment 135182 [details]
patch
Comment 8 Tim Horton 2012-04-02 14:24:10 PDT 
Landed in http://trac.webkit.org/changeset/112942