Bug 92464

Summary:

RenderMarquee causes ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const

Product:

WebKit

Reporter:

Dimitris Apostolou <dimitris.apostolou>

Component:

Layout and Rendering

Assignee:

Simon Fraser (smfr) <simon.fraser>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cshu, dino, eric, jberlin, koivisto, mitz, simon.fraser, tabatkins, webkit.review.bot

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.8

URL:

http://www.filmfestplatform.com/

Attachments:

Description	Flags
Patch	sam: review+
Crash log.	none

Dimitris Apostolou

Reported 2012-07-26 23:29:13 PDT

r123837 Reproducibility: always Steps: http://www.filmfestplatform.com/ What happened: ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) /Users/rex/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp(85) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const 1 0x10e8230a2 WebCore::RenderGeometryMap::absoluteRect(WebCore::FloatRect const&) const 2 0x10e86c6ab WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 3 0x10e86cab6 WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 4 0x10e86cab6 WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 5 0x10e86cab6 WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 6 0x10e86c053 WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*) 7 0x10dcd796d WebCore::FrameView::updateCompositingLayersAfterStyleChange() 8 0x10d9bea6a WebCore::Document::recalcStyle(WebCore::Node::StyleChange) 9 0x10d9bf3c2 WebCore::Document::updateStyleIfNeeded() 10 0x10dcd8b2b WebCore::FrameView::layout(bool) 11 0x10dcd5520 WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView>*) 12 0x10dcefde3 WebCore::Timer<WebCore::FrameView>::fired() 13 0x10ed67bbd WebCore::ThreadTimers::sharedTimerFiredInternal() 14 0x10ed67959 WebCore::ThreadTimers::sharedTimerFired() 15 0x10eab7a33 WebCore::timerFired(__CFRunLoopTimer*, void*) 16 0x7fff937664b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 17 0x7fff93765fcd __CFRunLoopDoTimer 18 0x7fff9374b7b9 __CFRunLoopRun 19 0x7fff9374add2 CFRunLoopRunSpecific 20 0x7fff96b52774 RunCurrentEventLoopInMode 21 0x7fff96b52512 ReceiveNextEventCommon 22 0x7fff96b523a3 BlockUntilNextEventMatchingListInMode 23 0x7fff90ffbfa3 _DPSNextEvent 24 0x7fff90ffb862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 25 0x7fff90ff2c03 -[NSApplication run] 26 0x10ea0496c WebCore::RunLoop::run() 27 0x10bba1728 WebKit::WebProcessMain(WebKit::CommandLine const&) 28 0x10bab4a18 WebKitMain(WebKit::CommandLine const&) 29 0x10bab4934 WebKitMain 30 0x10b869da2 main 31 0x7fff90b327e1 start Expected result: No assert failure.

Attachments
Patch (4.59 KB, patch) 2012-09-21 19:58 PDT, Simon Fraser (smfr)	sam: review+	Details Formatted Diff Diff
Crash log. (67.47 KB, text/plain) 2012-10-06 03:27 PDT, Dimitris Apostolou	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Dimitris Apostolou

Comment 1 2012-08-04 07:46:55 PDT

Assert is hit always also with these steps: 1. Go to http://www.emporiki.gr/cbg/gr/cbg_index.jsp 2. Click on "e.Banking"

Dean Jackson

Comment 2 2012-08-08 16:10:47 PDT

Maybe causing this? http://build.webkit.org/results/Apple%20Lion%20Debug%20WK1%20(Tests)/r125091%20(1708)/fast/table/table-row-compositing-repaint-crash-crash-log.txt

Simon Fraser (smfr)

Comment 3 2012-08-08 16:17:12 PDT

On the greek banking site, we're in a weird state where we don't think we need to do layout, but there are a few renderers that are marked as needing layout: layer 0x11b46cf28 at (492,84) size 450x16 scrollWidth 1481 RenderBlock (positioned) 0x11b46b698 {DIV} at (492,84) size 450x16 id="scrollerDIV" (needs layout: child) layer 0x11c3c03a8 at (391,84) size 450x12 backgroundClip at (492,84) size 450x16 clip at (492,84) size 450x16 outlineClip at (492,84) size 450x16 RenderBlock (relative positioned) 0x11c36c058 {DIV} at (0,0) size 450x12 id="scrollerID" (needs layout: self)

Simon Fraser (smfr)

Comment 4 2012-08-08 16:29:12 PDT

Assertion is easily hit in LayoutTests/fast/events/resources/tabindex-focus-blur-all-frame1.html

Simon Fraser (smfr)

Comment 5 2012-08-08 17:18:55 PDT

The marquee case of this bug was triggered by the "map via layers" optimization in RenderGeometryMap <http://trac.webkit.org/changeset/121124> updateMarqueePosition() is called in the middle of updating layer positions. This calls start(), which ends up calling RenderLayer::scrollTo(), which forces a compositing layer update before we've finished updating layer positions: * thread #1: tid = 0x1e03, 0x000000010402a1de WebCore`WebCore::RenderGeometryMap::absoluteRect(WebCore::FloatRect const&) const + 654 at RenderGeometryMap.cpp:86, stop reason = breakpoint 1.1 frame #0: 0x000000010402a1de WebCore`WebCore::RenderGeometryMap::absoluteRect(WebCore::FloatRect const&) const + 654 at RenderGeometryMap.cpp:86 frame #1: 0x0000000104073b1b WebCore`WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) + 283 at RenderLayerCompositor.cpp:733 frame #2: 0x0000000104073e45 WebCore`WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) + 1093 at RenderLayerCompositor.cpp:800 frame #3: 0x0000000104073f26 WebCore`WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) + 1318 at RenderLayerCompositor.cpp:809 frame #4: 0x00000001040734c3 WebCore`WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*) + 675 at RenderLayerCompositor.cpp:405 frame #5: 0x000000010404873e WebCore`WebCore::RenderLayer::updateCompositingLayersAfterScroll() + 142 at RenderLayer.cpp:1816 frame #6: 0x00000001040482e5 WebCore`WebCore::RenderLayer::scrollTo(int, int) + 453 at RenderLayer.cpp:1691 frame #7: 0x000000010404ab8e WebCore`WebCore::RenderLayer::setScrollOffset(WebCore::IntPoint const&) + 62 at RenderLayer.cpp:1992 frame #8: 0x0000000104257290 WebCore`WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 96 at ScrollableArea.cpp:147 frame #9: 0x0000000104257571 WebCore`WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) + 81 at ScrollableArea.cpp:192 frame #10: 0x000000010425912b WebCore`WebCore::ScrollAnimator::notifyPositionChanged() + 59 at ScrollAnimator.cpp:149 frame #11: 0x000000010425d649 WebCore`WebCore::ScrollAnimatorMac::notifyPositionChanged() + 41 at ScrollAnimatorMac.mm:719 frame #12: 0x000000010425d192 WebCore`WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&) + 210 at ScrollAnimatorMac.mm:698 frame #13: 0x000000010425d0b3 WebCore`WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 67 at ScrollAnimatorMac.mm:674 frame #14: 0x00000001042570dc WebCore`WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 60 at ScrollableArea.cpp:126 frame #15: 0x0000000104047bc5 WebCore`WebCore::RenderLayer::scrollToOffset(WebCore::IntSize const&, WebCore::RenderLayer::ScrollOffsetClamping) + 197 at RenderLayer.cpp:1648 frame #16: 0x0000000104095463 WebCore`WebCore::RenderMarquee::start() + 323 at RenderMarquee.cpp:170 frame #17: 0x0000000104095687 WebCore`WebCore::RenderMarquee::updateMarqueePosition() + 247 at RenderMarquee.cpp:205 frame #18: 0x0000000104041b9f WebCore`WebCore::RenderLayer::updateLayerPositions(WebCore::FractionalLayoutPoint*, unsigned int) + 1855 at RenderLayer.cpp:436 frame #19: 0x0000000104041b0b WebCore`WebCore::RenderLayer::updateLayerPositions(WebCore::FractionalLayoutPoint*, unsigned int) + 1707 at RenderLayer.cpp:427 frame #20: 0x0000000104041b0b WebCore`WebCore::RenderLayer::updateLayerPositions(WebCore::FractionalLayoutPoint*, unsigned int) + 1707 at RenderLayer.cpp:427 frame #21: 0x00000001034c1702 WebCore`WebCore::FrameView::layout(bool) + 3506 at FrameView.cpp:1143 frame #22: 0x00000001034c6566 WebCore`WebCore::FrameView::visibleContentsResized() + 86 at FrameView.cpp:1880 frame #23: 0x000000010427b0c6 WebCore`WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) + 2230 at ScrollView.cpp:545 frame #24: 0x000000010427c970 WebCore`WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) + 176 at ScrollView.cpp:309 frame #25: 0x00000001034bf2f8 WebCore`WebCore::FrameView::setContentsSize(WebCore::IntSize const&) + 120 at FrameView.cpp:511 frame #26: 0x00000001034bf57a WebCore`WebCore::FrameView::adjustViewSize() + 426 at FrameView.cpp:540 frame #27: 0x00000001034c161e WebCore`WebCore::FrameView::layout(bool) + 3278 at FrameView.cpp:1133 frame #28: 0x00000001034ca1e5 WebCore`WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 101 at FrameView.cpp:3210 frame #29: 0x000000010122f80b WebKit2`WebKit::WebPage::layoutIfNeeded() + 107 at WebPage.cpp:850

Simon Fraser (smfr)

Comment 6 2012-08-08 17:26:44 PDT

Possible solutions here: 1. Make updateMarqueePosition() not call start() synchronously; use a timer or post-layout task 2. Make RenderLayer scrollTo() not update compositing layers outside of the marquee subtree (not possible with overlap)

Simon Fraser (smfr)

Comment 7 2012-08-08 18:05:37 PDT

> 1. Make updateMarqueePosition() not call start() synchronously; use a timer or post-layout task I tried this and it affects a bunch of test results. Maybe we should start marquees as a post-layout task.

Simon Fraser (smfr)

Comment 8 2012-08-20 10:27:11 PDT

*** Bug 60696 has been marked as a duplicate of this bug. ***

Jessie Berlin

Comment 9 2012-08-29 11:10:43 PDT

Skipped a test that was hitting this assertion on both Lion and ML: http://trac.webkit.org/changeset/127022

Simon Fraser (smfr)

Comment 10 2012-09-04 21:20:32 PDT

<rdar://problem/12234349>

Simon Fraser (smfr)

Comment 11 2012-09-07 10:04:11 PDT

Keeping this bug for the marquee issue. Bug 94365 covers the non-marquee case.

Simon Fraser (smfr)

Comment 12 2012-09-21 19:58:58 PDT

Created attachment 165241 [details] Patch

Simon Fraser (smfr)

Comment 13 2012-09-21 20:04:11 PDT

http://trac.webkit.org/changeset/129294

Dimitris Apostolou

Comment 14 2012-10-06 03:26:50 PDT

Got it again.

Dimitris Apostolou

Comment 15 2012-10-06 03:27:10 PDT

r130578 Reproducibility: once Steps: 1. Go to http://runkeeper.com/user/apostolou/activity/119872658 2. Click on "minus" button to zoom out Google map. What happened: Assert failure. ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) /Users/rex/WebKit/Source/WebCore/rendering/RenderGeometryMap.cpp(85) : WebCore::FloatRect WebCore::RenderGeometryMap::absoluteRect(const WebCore::FloatRect &) const 1 0x10ff3b79f WebCore::RenderGeometryMap::absoluteRect(WebCore::FloatRect const&) const 2 0x10ff8610b WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 3 0x10ff86320 WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 4 0x10ff8651d WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 5 0x10ff8651d WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 6 0x10ff8651d WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::RenderLayerCompositor::OverlapMap*, WebCore::CompositingState&, bool&, bool&) 7 0x10ff85ab3 WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*) 8 0x10f3797bd WebCore::FrameView::updateCompositingLayersAfterStyleChange() 9 0x10f03d70e WebCore::Document::recalcStyle(WebCore::Node::StyleChange) 10 0x10f03de5c WebCore::Document::updateStyleIfNeeded() 11 0x10f37aa07 WebCore::FrameView::layout(bool) 12 0x10f3770e0 WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView>*) 13 0x10f3926c3 WebCore::Timer<WebCore::FrameView>::fired() 14 0x1104db54d WebCore::ThreadTimers::sharedTimerFiredInternal() 15 0x1104db2e9 WebCore::ThreadTimers::sharedTimerFired() 16 0x110207c53 WebCore::timerFired(__CFRunLoopTimer*, void*) 17 0x7fff8b168da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 18 0x7fff8b1688bd __CFRunLoopDoTimer 19 0x7fff8b14e099 __CFRunLoopRun 20 0x7fff8b14d6b2 CFRunLoopRunSpecific 21 0x7fff934420a4 RunCurrentEventLoopInMode 22 0x7fff93441e42 ReceiveNextEventCommon 23 0x7fff93441cd3 BlockUntilNextEventMatchingListInMode 24 0x7fff91908613 _DPSNextEvent 25 0x7fff91907ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 26 0x7fff918ff283 -[NSApplication run] 27 0x11014e21c WebCore::RunLoop::run() 28 0x10d0d652a WebKit::WebProcessMain(WebKit::CommandLine const&) 29 0x10cfe27d8 WebKitMain(WebKit::CommandLine const&) 30 0x10cfe26e9 WebKitMain 31 0x10cd86da2 main Expected result: No assert failure.

Dimitris Apostolou

Comment 16 2012-10-06 03:27:58 PDT

Created attachment 167452 [details] Crash log.

Dimitris Apostolou

Comment 17 2012-10-06 03:30:58 PDT

The steps from the banking site hit the assert always. https://bugs.webkit.org/show_bug.cgi?id=92464#c1

Simon Fraser (smfr)

Comment 18 2012-10-08 10:35:08 PDT

Bug 94365 covers the non-marquee case.

Note You need to log in before you can comment on or make changes to this bug.