WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
117733
[WK2][GTK] ASSERTION in WebKit::LayerTreeHostGtk::invalidate
https://bugs.webkit.org/show_bug.cgi?id=117733
Summary
[WK2][GTK] ASSERTION in WebKit::LayerTreeHostGtk::invalidate
Sergio Villar Senin
Reported
2013-06-18 03:40:47 PDT
From time to time I hit this assertion: ASSERTION FAILED: m_isValid ../../Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp(171) : virtual void WebKit::LayerTreeHostGtk::invalidate() 1 0x7f130553e7c7 /home/sergio/opt/gnome3/lib64/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7f130553e7c7] 2 0x7f130034fac3 /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(+0x81bac3) [0x7f130034fac3] 3 0x7f1300304458 /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(+0x7d0458) [0x7f1300304458] 4 0x7f1300306ada /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(+0x7d2ada) [0x7f1300306ada] 5 0x7f13019ac8ce /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(+0x1e788ce) [0x7f13019ac8ce] 6 0x7f12fcb16b5e /home/sergio/opt/gnome3/lib64/libglib-2.0.so.0(+0x57b5e) [0x7f12fcb16b5e] 7 0x7f12fcb14e01 /home/sergio/opt/gnome3/lib64/libglib-2.0.so.0(+0x55e01) [0x7f12fcb14e01] 8 0x7f12fcb15b66 /home/sergio/opt/gnome3/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f12fcb15b66] 9 0x7f12fcb15d56 /home/sergio/opt/gnome3/lib64/libglib-2.0.so.0(+0x56d56) [0x7f12fcb15d56] 10 0x7f12fcb16186 /home/sergio/opt/gnome3/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d8) [0x7f12fcb16186] 11 0x7f13019ac46a /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(+0x1e7846a) [0x7f13019ac46a] 12 0x7f130025da5c /home/sergio/opt/gnome3/lib64/libwebkit2gtk-3.0.so.25(WebProcessMainGtk+0x114) [0x7f130025da5c] 13 0x4009bc /home/sergio/opt/gnome3/libexec/WebKitWebProcess(main+0x20) [0x4009bc] 14 0x7f12fc30fa55 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f12fc30fa55] 15 0x4008d9 /home/sergio/opt/gnome3/libexec/WebKitWebProcess() [0x4008d9]
Attachments
Patch
(1.52 KB, patch)
2013-07-02 04:45 PDT
,
Alberto Garcia
no flags
Details
Formatted Diff
Diff
Patch
(5.26 KB, patch)
2013-07-08 14:04 PDT
,
Alberto Garcia
no flags
Details
Formatted Diff
Diff
Patch
(5.50 KB, patch)
2013-07-08 14:16 PDT
,
Alberto Garcia
no flags
Details
Formatted Diff
Diff
Patch
(3.47 KB, patch)
2013-07-09 08:13 PDT
,
Alberto Garcia
no flags
Details
Formatted Diff
Diff
Patch using WebKitWebViewBase
(4.34 KB, patch)
2013-09-03 05:53 PDT
,
Alberto Garcia
mrobinson
: review+
Details
Formatted Diff
Diff
Show Obsolete
(4)
View All
Add attachment
proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1
2013-06-26 03:59:48 PDT
I can reproduce this always just by visiting the URL I pasted above in the URL field.
Alberto Garcia
Comment 2
2013-07-01 09:41:41 PDT
Reproduced, I'll take a look.
Alberto Garcia
Comment 3
2013-07-02 02:55:42 PDT
LayerTreeHostGtk::invalidate() is called from DrawingAreaImpl::exitAcceleratedCompositingMode() but m_isValid is false because the call to glContext() fails when LayerTreeHost is initialized.
Alberto Garcia
Comment 4
2013-07-02 04:45:13 PDT
Created
attachment 205891
[details]
Patch I think that m_isValid is incorrectly set to false if the GL context cannot be created (which happens if e.g. the display does not support XDamage or Xcomposite). That doesn't really do anything other than breaking the assertion in LayerTreeHostGtk::invalidate().
Sergio Villar Senin
Comment 5
2013-07-02 05:08:15 PDT
(In reply to
comment #4
)
> Created an attachment (id=205891) [details] > Patch > > I think that m_isValid is incorrectly set to false if the GL context > cannot be created (which happens if e.g. the display does not support > XDamage or Xcomposite).
I don't think this is the case at least in my environment. Note that it's set to false also at the end of ::invalidate()
> That doesn't really do anything other than breaking the assertion in > LayerTreeHostGtk::invalidate().
This is not true, in that case ::flushAndRederLayers will early return. So my guess is that for whatever reason ::invalidate() is incorrectly called twice in a row.
Alberto Garcia
Comment 6
2013-07-02 05:19:53 PDT
(In reply to
comment #5
)
> > I think that m_isValid is incorrectly set to false if the GL > > context cannot be created (which happens if e.g. the display does > > not support XDamage or Xcomposite). > I don't think this is the case at least in my environment. Note that > it's set to false also at the end of ::invalidate()
Maybe you're hitting a different problem then, but I could definitely reproduce it as I explained. Did you manage to reproduce it again in your environment?
> > That doesn't really do anything other than breaking the assertion in > > LayerTreeHostGtk::invalidate().
>
> This is not true, in that case ::flushAndRederLayers will early > return.
It would do it anyway because the call to glContext() immediately after that would fail as well.
> So my guess is that for whatever reason ::invalidate() is > incorrectly called twice in a row.
I can't see how that would happen, m_layerTreeHost is set to null immediately after invalidating it in DrawingAreaImpl.
Sergio Villar Senin
Comment 7
2013-07-04 04:53:39 PDT
(In reply to
comment #6
)
> (In reply to
comment #5
) > > > I think that m_isValid is incorrectly set to false if the GL > > > context cannot be created (which happens if e.g. the display does > > > not support XDamage or Xcomposite). > > I don't think this is the case at least in my environment. Note that > > it's set to false also at the end of ::invalidate() > > Maybe you're hitting a different problem then, but I could definitely > reproduce it as I explained. > > Did you manage to reproduce it again in your environment?
What I mean is that my environment does support XDamage and XComposite, but I don't deny that the context creation may fail for some other reasons. Our implementation is quite close to the Mac one, and it seems that we're maybe misusing m_isValid. The original purpose of that flag is to avoid flushes after an invalidation. We're setting it (incorrectly IMO) to false to track failures in the GLContext creation. So I indeed believe that your change is totally right (the flush won't happen anyway as you say if the context cannot be created).
Martin Robinson
Comment 8
2013-07-04 09:27:40 PDT
(In reply to
comment #4
)
> Created an attachment (id=205891) [details] > Patch > > I think that m_isValid is incorrectly set to false if the GL context > cannot be created (which happens if e.g. the display does not support > XDamage or Xcomposite). > > That doesn't really do anything other than breaking the assertion in > LayerTreeHostGtk::invalidate().
Perhaps the solution for this is to check host->m_isValid in LayerTreeHostGtk::create and return null from that factory if it's false.
Alberto Garcia
Comment 9
2013-07-04 11:40:32 PDT
(In reply to
comment #8
)
> Perhaps the solution for this is to check host->m_isValid in > LayerTreeHostGtk::create and return null from that factory if it's > false.
But we still need to invalidate and destroy the object, so we should probably attempt to create the glContext() at the beginning of the initialize method then.
Martin Robinson
Comment 10
2013-07-04 11:52:03 PDT
(In reply to
comment #9
)
> (In reply to
comment #8
) > > Perhaps the solution for this is to check host->m_isValid in > > LayerTreeHostGtk::create and return null from that factory if it's > > false. > > But we still need to invalidate and destroy the object, so we should > probably attempt to create the glContext() at the beginning of the > initialize method then.
I don't think we need to explicitly invalidate the object because when the RefPtr goes out of scope in LayerTreeHostGtk::create, the destructor will clean up its members. The only reason this doesn't happen now is because we call host.release().
Alberto Garcia
Comment 11
2013-07-04 12:46:06 PDT
(In reply to
comment #10
)
> > But we still need to invalidate and destroy the object, so we > > should probably attempt to create the glContext() at the beginning > > of the initialize method then. > I don't think we need to explicitly invalidate the object because > when the RefPtr goes out of scope in LayerTreeHostGtk::create, the > destructor will clean up its members. The only reason this doesn't > happen now is because we call host.release().
We do because of the ASSERT(!m_rootLayer) in the destructor. DrawingAreaImpl::enterAcceleratedCompositingMode() is also not considering the possibility that LayerTreeHost::create() returns 0. So there's a few things we need to look into.
Martin Robinson
Comment 12
2013-07-04 12:51:50 PDT
(In reply to
comment #11
)
> (In reply to
comment #10
) > > > But we still need to invalidate and destroy the object, so we > > > should probably attempt to create the glContext() at the beginning > > > of the initialize method then. > > I don't think we need to explicitly invalidate the object because > > when the RefPtr goes out of scope in LayerTreeHostGtk::create, the > > destructor will clean up its members. The only reason this doesn't > > happen now is because we call host.release(). > > We do because of the ASSERT(!m_rootLayer) in the destructor.
There's no reason the assertion has to remain, if the situation is no longer unexpected. :)
> DrawingAreaImpl::enterAcceleratedCompositingMode() is also not > considering the possibility that LayerTreeHost::create() returns 0.
This seems to be a bigger issue. It seems the code has changed a bit since I originally wrote it, as returning null would disable AC implicitly. It's probably safer to check during initialization if the system supports XComposite and XDamage and force the page settings to disable AC if not.
Alberto Garcia
Comment 13
2013-07-08 14:04:48 PDT
Created
attachment 206264
[details]
Patch Second attempt.
WebKit Commit Bot
Comment 14
2013-07-08 14:06:01 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See
http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Alberto Garcia
Comment 15
2013-07-08 14:16:18 PDT
Created
attachment 206265
[details]
Patch Oops, there was a hunk missing in the previous patch.
Martin Robinson
Comment 16
2013-07-08 16:18:35 PDT
Comment on
attachment 206265
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=206265&action=review
The bits in WebKitWebView look good to me, but I think any fixes for LayerTreeHost should be split out into another patch. I think given your comments earlier that the approach of returning null isn't a safe one (as the assertion you added attests). I think we are just going to have to make sure that we do not return an invalid LayerTreeHost.
> Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:70 > - return host.release(); > + return host->m_isValid ? host.release() : 0; > } >
It seems that we could actually dispense with this part of the patch entirely?
Alberto Garcia
Comment 17
2013-07-09 02:45:19 PDT
(In reply to
comment #16
)
> The bits in WebKitWebView look good to me, but I think any fixes for > LayerTreeHost should be split out into another patch. I think given > your comments earlier that the approach of returning null isn't a > safe one (as the assertion you added attests). I think we are just > going to have to make sure that we do not return an invalid > LayerTreeHost.
The situation here is that, with the changes in WebKitWebView, the scenario where LayerTreeHost fails to get the GL context is not supposed to happen, ever. So that change alone would be enough to fix the crash. The other part of the patch just tries to fix the inconsistencies in LayerTreeHost. If we still want to return a non-null LayerTreeHost we can do something like what I proposed in my first patch (
comment 4
). The code already deals with the scenario where glContext() returns null, it was only the assertion that was causing problems (that's why it only crashed in debug builds). Still I think it's a good idea to detect when we're incorrectly attempting to enter AC mode, because that's not supposed to happen.
Martin Robinson
Comment 18
2013-07-09 06:49:09 PDT
Sure. All that makes sense to me. I think these two things are just turning into two patches as they become two separate topics: fixing non-xcomposite situations and fixing the more general issues.
Alberto Garcia
Comment 19
2013-07-09 08:13:58 PDT
Created
attachment 206323
[details]
Patch Okay, this patch disables AC if the system doesn't support it. This fixes the crash. Later I can file a separate bug to fix the LayerTreeHost thing.
Martin Robinson
Comment 20
2013-07-09 10:16:13 PDT
Comment on
attachment 206323
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=206323&action=review
> Source/WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:383 > +#if USE(TEXTURE_MAPPER_GL) > + if (!webkitWebViewBaseHasRedirectedWindow(WEBKIT_WEB_VIEW_BASE(webView))) > + webkitSettingsGetPreferences(settings)->setAcceleratedCompositingEnabled(false); > +#endif
I'm realizing now that this might be an issue for WebKitTestRunner since it's implemented using WebkitWebViewBase instead of WebKitWebView. Is there any way to accomplish this in WebKitWebViewBase only?
Alberto Garcia
Comment 21
2013-07-09 14:34:38 PDT
(In reply to
comment #20
)
> I'm realizing now that this might be an issue for WebKitTestRunner > since it's implemented using WebkitWebViewBase instead of > WebKitWebView. Is there any way to accomplish this in > WebKitWebViewBase only?
That would be even better because all the redirectedWindow handling is made in WebKitWebViewBase already. However I didn't see the way to do it easily. I'll give it one more try.
Alberto Garcia
Comment 22
2013-09-03 05:53:56 PDT
Created
attachment 210362
[details]
Patch using WebKitWebViewBase Here's the implementation using WebKitWebViewBase. Still we need to touch code from WebKitWebView to make sure that AC is disabled if the settings are changed.
Martin Robinson
Comment 23
2013-09-04 11:46:43 PDT
Comment on
attachment 210362
[details]
Patch using WebKitWebViewBase Isn't it sufficient to do this in webkitWebViewGroupAttachSettingsToPageGroup, which is the other place that we disable accelerated compositing? If not, then it seems the Wayland path is wrong...
Alberto Garcia
Comment 24
2013-09-04 12:18:47 PDT
(In reply to
comment #23
)
> Isn't it sufficient to do this in webkitWebViewGroupAttachSettingsToPageGroup
How is it different from doing it in WebKitWebView (see
comment #20
)?
Martin Robinson
Comment 25
2013-09-04 13:20:40 PDT
(In reply to
comment #24
)
> (In reply to
comment #23
) > > Isn't it sufficient to do this in webkitWebViewGroupAttachSettingsToPageGroup > > How is it different from doing it in WebKitWebView (see
comment #20
)?
Oh yes! Good point. I think the Wayland check probably needs to move to WebKitWebViewBase as well.
Alberto Garcia
Comment 26
2013-09-04 14:59:40 PDT
Committed
r155066
: <
http://trac.webkit.org/changeset/155066
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug