Bug 82815

Summary: Several SVG tests asserting in FontCache::getCachedFontData()
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: krit, mitz, msaboff, simon.fraser, thorton, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Simon Fraser (smfr) 2012-03-30 19:14:04 PDT 
svg/custom/animate-disallowed-use-element.svg asserted here:

0   com.apple.WebCore             	0x0000000101d0fcf0 WebCore::FontCache::getCachedFontData(WebCore::FontPlatformData const*, WebCore::FontCache::ShouldRetain) + 160 (FontCache.cpp:280)
1   com.apple.WebCore             	0x0000000101d1fc71 WebCore::FontCache::getFontDataForCharacters(WebCore::Font const&, unsigned short const*, int) + 1761 (FontCacheMac.mm:166)
2   com.apple.WebCore             	0x0000000101d2629d WebCore::Font::glyphDataAndPageForCharacter(int, bool, WebCore::FontDataVariant) const + 4445 (FontFastPath.cpp:201)
3   com.apple.WebCore             	0x0000000102a43939 WebCore::SVGTextRunRenderingContext::glyphDataForCharacter(WebCore::Font const&, WebCore::TextRun const&, WebCore::WidthIterator&, int, bool, int, unsigned int&) + 185 (SVGTextRunRenderingContext.cpp:181)
4   com.apple.WebCore             	0x0000000102ef19d6 WebCore::WidthIterator::glyphDataForCharacter(int, bool, int, unsigned int&) + 246 (WidthIterator.cpp:77)
5   com.apple.WebCore             	0x0000000102ef1cf9 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 729 (WidthIterator.cpp:112)
6   com.apple.WebCore             	0x0000000102a44a81 WebCore::SVGTextMetricsBuilder::advanceSimpleText() + 81 (SVGTextMetricsBuilder.cpp:68)
7   com.apple.WebCore             	0x0000000102a4480c WebCore::SVGTextMetricsBuilder::advance() + 124 (SVGTextMetricsBuilder.cpp:60)
8   com.apple.WebCore             	0x0000000102a45047 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 263 (SVGTextMetricsBuilder.cpp:159)
9   com.apple.WebCore             	0x0000000102a45478 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 184 (SVGTextMetricsBuilder.cpp:204)
10  com.apple.WebCore             	0x0000000102a454c2 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 258 (SVGTextMetricsBuilder.cpp:193)
11  com.apple.WebCore             	0x0000000102a3e2de WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*) + 190 (SVGTextMetricsBuilder.cpp:227)
12  com.apple.WebCore             	0x0000000102a2b0af WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*) + 127 (SVGTextLayoutAttributesBuilder.cpp:67)
13  com.apple.WebCore             	0x0000000102a1444b WebCore::RenderSVGText::rebuildLayoutAttributes(WTF::Vector<WebCore::SVGTextLayoutAttributes*, 0ul>&) + 347 (RenderSVGText.cpp:432)
14  com.apple.WebCore             	0x0000000102a141be WebCore::RenderSVGInlineText::willBeDestroyed() + 158 (RenderSVGInlineText.cpp:91)
15  com.apple.WebCore             	0x00000001029da62d WebCore::RenderObject::destroy() + 29 (RenderObject.cpp:2375)
16  com.apple.WebCore             	0x00000001029da51d WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() + 93 (RenderObject.cpp:2352)

svg/dom/animated-tearoff-equality.xhtml asserted here:


0   com.apple.WebCore             	0x0000000101d0fcf0 WebCore::FontCache::getCachedFontData(WebCore::FontPlatformData const*, WebCore::FontCache::ShouldRetain) + 160 (FontCache.cpp:280)
1   com.apple.WebCore             	0x0000000101d1fc71 WebCore::FontCache::getFontDataForCharacters(WebCore::Font const&, unsigned short const*, int) + 1761 (FontCacheMac.mm:166)
2   com.apple.WebCore             	0x0000000101d2629d WebCore::Font::glyphDataAndPageForCharacter(int, bool, WebCore::FontDataVariant) const + 4445 (FontFastPath.cpp:201)
3   com.apple.WebCore             	0x0000000102a43939 WebCore::SVGTextRunRenderingContext::glyphDataForCharacter(WebCore::Font const&, WebCore::TextRun const&, WebCore::WidthIterator&, int, bool, int, unsigned int&) + 185 (SVGTextRunRenderingContext.cpp:181)
4   com.apple.WebCore             	0x0000000102ef19d6 WebCore::WidthIterator::glyphDataForCharacter(int, bool, int, unsigned int&) + 246 (WidthIterator.cpp:77)
5   com.apple.WebCore             	0x0000000102ef1cf9 WebCore::WidthIterator::advance(int, WebCore::GlyphBuffer*) + 729 (WidthIterator.cpp:112)
6   com.apple.WebCore             	0x0000000102a44a81 WebCore::SVGTextMetricsBuilder::advanceSimpleText() + 81 (SVGTextMetricsBuilder.cpp:68)
7   com.apple.WebCore             	0x0000000102a4480c WebCore::SVGTextMetricsBuilder::advance() + 124 (SVGTextMetricsBuilder.cpp:60)
8   com.apple.WebCore             	0x0000000102a45047 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 263 (SVGTextMetricsBuilder.cpp:159)
9   com.apple.WebCore             	0x0000000102a45478 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 184 (SVGTextMetricsBuilder.cpp:204)
10  com.apple.WebCore             	0x0000000102a454c2 WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) + 258 (SVGTextMetricsBuilder.cpp:193)
11  com.apple.WebCore             	0x0000000102a3e2de WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*) + 190 (SVGTextMetricsBuilder.cpp:227)
12  com.apple.WebCore             	0x0000000102a2b0af WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*) + 127 (SVGTextLayoutAttributesBuilder.cpp:67)
13  com.apple.WebCore             	0x0000000102a1444b WebCore::RenderSVGText::rebuildLayoutAttributes(WTF::Vector<WebCore::SVGTextLayoutAttributes*, 0ul>&) + 347 (RenderSVGText.cpp:432)
14  com.apple.WebCore             	0x0000000102a141be WebCore::RenderSVGInlineText::willBeDestroyed() + 158 (RenderSVGInlineText.cpp:91)
15  com.apple.WebCore             	0x00000001029da62d WebCore::RenderObject::destroy() + 29 (RenderObject.cpp:2375)
16  com.apple.WebCore             	0x00000001029da51d WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() + 93 (RenderObject.cpp:2352)
17  com.apple.WebCore             	0x0000000102797a34 WebCore::Node::detach() + 68 (Node.cpp:1350)
18  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
19  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
20  com.apple.WebCore             	0x0000000101c86da2 WebCore::Element::detach() + 130 (Element.cpp:991)
21  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
22  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
23  com.apple.WebCore             	0x0000000101c86da2 WebCore::Element::detach() + 130 (Element.cpp:991)
24  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
25  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
26  com.apple.WebCore             	0x0000000101c86da2 WebCore::Element::detach() + 130 (Element.cpp:991)
27  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
28  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
29  com.apple.WebCore             	0x0000000101c86da2 WebCore::Element::detach() + 130 (Element.cpp:991)
30  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
31  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
32  com.apple.WebCore             	0x0000000101c86da2 WebCore::Element::detach() + 130 (Element.cpp:991)
33  com.apple.WebCore             	0x00000001018401c7 WebCore::ContainerNode::detachChildren() + 55 (ContainerNode.h:198)
34  com.apple.WebCore             	0x000000010183d5e9 WebCore::ContainerNode::detach() + 25 (ContainerNode.cpp:695)
35  com.apple.WebCore             	0x0000000101a8c66c WebCore::Document::detach() + 652 (Document.cpp:1971)
36  com.apple.WebCore             	0x0000000101d49352 WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) + 242 (Frame.cpp:273)
...
Comment 1 Simon Fraser (smfr) 2012-03-30 19:18:25 PDT 
We need a FontCachePurgePreventer somewhere in the SVG code I guess.

But why are we doing work in RenderSVGInlineText::willBeDestroyed() ?
Comment 2 Nikolas Zimmermann 2012-04-01 05:47:03 PDT 
(In reply to comment #1)
> We need a FontCachePurgePreventer somewhere in the SVG code I guess.
> 
> But why are we doing work in RenderSVGInlineText::willBeDestroyed() ?

When eg. a <tspan>foo</tspan> gets dynamically removed from a <text> tree, we have to rebuild all layout attributes of the remaining text. In general this shouldn't happen if the whole document tears down. That's probably buggy.
(Maybe we can find an approach, which only marks the remaining tree for 'need to remeasure' instead of doing it from willBeDestroyed).

Marking as duplicate of bug 81002, which covers this already.

*** This bug has been marked as a duplicate of bug 81002 ***
Comment 3 Simon Fraser (smfr) 2012-04-01 22:37:58 PDT 
I think there's a documentBeingDestroyed that you could consult.