Bug 12665 - REGRESSION: Assertion failure in scheduleRelayout visiting Bookmarks view while a page is loading
Summary: REGRESSION: Assertion failure in scheduleRelayout visiting Bookmarks view whi...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 420+
Hardware: Macintosh OS X 10.4
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2007-02-06 23:33 PST by Maciej Stachowiak
Modified: 2007-03-19 11:31 PDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej Stachowiak 2007-02-06 23:33:58 PST
2007-01-30 13:42:44 John Sullivan:
To reproduce:
1. visit bookmarks view
2. double-click some bookmark that's reasonably slow to load
3. after the page appears, but before it's finished loading, click Back button

Assertion fires:

    ASSERT(m_frame->view() == this);

#0  0x01267934 in WebCore::FrameView::scheduleRelayout (this=0xf7c3a90) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/page/FrameView.cpp:643
#1  0x0126b0e7 in WebCore::Document::setParsing (this=0x2ae5400, b=false) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/dom/Document.cpp:1418
#2  0x0126c6f7 in WebCore::Document::finishedParsing (this=0x2ae5400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/dom/Document.cpp:3285
#3  0x0119d84b in WebCore::HTMLParser::finished (this=0xfa5d560) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/html/HTMLParser.cpp:1399
#4  0x011a214a in WebCore::HTMLTokenizer::end (this=0x2add400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/html/HTMLTokenizer.cpp:1492
#5  0x011a250f in WebCore::HTMLTokenizer::finish (this=0x2add400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/html/HTMLTokenizer.cpp:1532
#6  0x0126b240 in WebCore::Document::finishParsing (this=0x2ae5400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/dom/Document.cpp:1500
#7  0x0154368e in WebCore::FrameLoader::endIfNotLoading (this=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:935
#8  0x015436cf in WebCore::FrameLoader::end (this=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:919
#9  0x015463d5 in WebCore::DocumentLoader::finishedLoading (this=0x2ae8e00) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/DocumentLoader.cpp:289
#10 0x0153e316 in WebCore::FrameLoader::finishedLoading (this=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:2515
#11 0x01547b07 in WebCore::MainResourceLoader::didFinishLoading (this=0x2aee400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:298
#12 0x0154809b in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x2aee400, contentPolicy=WebCore::PolicyUse, r=@0x2aee4fc) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:234
#13 0x01548151 in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x2aee400, policy=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:247
#14 0x0154817e in WebCore::MainResourceLoader::callContinueAfterContentPolicy (argument=0x2aee400, policy=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:239
#15 0x01535a73 in WebCore::PolicyCheck::call (this=0xbfffd6e4, action=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:4209
#16 0x0153d5d8 in WebCore::FrameLoader::continueAfterContentPolicy (this=0x2882400, policy=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:2718
#17 0x00590c64 in WebFrameLoaderClient::receivedPolicyDecison (this=0x25b85c0, action=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1016
#18 0x00591485 in -[WebFramePolicyListener receivedPolicyDecision:] (self=0xfa8fa10, _cmd=0x5dd260, action=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1202
#19 0x005906de in -[WebFramePolicyListener use] (self=0xfa8fa10, _cmd=0x90d8cdec) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1217
#20 0x0012771b in -[BrowserWebView(FileInternal) _informDecisionListener:ofPolicyDecision:] (self=0x2345060, _cmd=0x19d23c, listener=0xfa8fa10, decision=PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWebView.m:2890
#21 0x00122b55 in -[BrowserWebView webView:decidePolicyForMIMEType:request:frame:decisionListener:] (self=0x2345060, _cmd=0x90dc106c, c=0x2345060, type=0xfa9f000, request=0xfa88940, frame=0x25b8db0, listener=0xfa8fa10) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWebView.m:1509
#22 0x92d351dd in __invoking___ ()
#23 0x92c44188 in -[NSInvocation invoke] ()
#24 0x92c68a18 in -[NSInvocation invokeWithTarget:] ()
#25 0x0055ae4b in -[_WebSafeForwarder forwardInvocation:] (self=0x23c7f10, _cmd=0x90db6f78, anInvocation=0xfa9f130) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:1426
#26 0x92d34f04 in ___forwarding___ ()
#27 0x92d35172 in __forwarding_prep_0___ ()
#28 0x0059106e in WebFrameLoaderClient::dispatchDecidePolicyForMIMEType (this=0x25b85c0, function={__pfn = 0x153d594 <WebCore::FrameLoader::continueAfterContentPolicy(WebCore::PolicyAction)>, __delta = 0}, MIMEType=@0x2aee554, request=@0x2ae9040) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:506
#29 0x0153cbbe in WebCore::FrameLoader::checkContentPolicy (this=0x2882400, MIMEType=@0x2aee554, function=0x1548166 <WebCore::MainResourceLoader::callContinueAfterContentPolicy(void*, WebCore::PolicyAction)>, argument=0x2aee400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:1958
#30 0x01548f44 in WebCore::MainResourceLoader::didReceiveResponse (this=0x2aee400, r=@0xbfffdb6c) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:274
#31 0x01548453 in WebCore::MainResourceLoader::handleEmptyLoad (this=0x2aee400, url=@0xbfffdd98, forURLScheme=true) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:318
#32 0x01548722 in WebCore::MainResourceLoader::loadNow (this=0x2aee400, r=@0xbfffdd98) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:355
#33 0x01548b73 in WebCore::MainResourceLoader::load (this=0x2aee400, r=@0x2ae9040, substituteData=@0x2ae8ef8) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/MainResourceLoader.cpp:376
#34 0x01538b29 in WebCore::FrameLoader::startLoadingMainResource (this=0x2882400, docLoader=0x2ae8e00, identifier=39) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3033
#35 0x01538cc8 in WebCore::FrameLoader::startLoading (this=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3059
#36 0x01538cfd in WebCore::FrameLoader::continueAfterWillSubmitForm (this=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:2723
#37 0x0153da60 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x2882400, request=@0xbfffe0a4, formState=@0xbfffe008, shouldContinue=true) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3370
#38 0x0153daae in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x2882400, request=@0xbfffe0a4, formState=@0xbfffe058, shouldContinue=true) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3318
#39 0x0153a20c in WebCore::PolicyCheck::call (this=0xbfffe0a4, shouldContinue=true) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:4198
#40 0x0153d4b5 in WebCore::FrameLoader::continueAfterNavigationPolicy (this=0x2882400, policy=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3311
#41 0x00590c64 in WebFrameLoaderClient::receivedPolicyDecison (this=0x25b85c0, action=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1016
#42 0x00591485 in -[WebFramePolicyListener receivedPolicyDecision:] (self=0xfa44a20, _cmd=0x5dd260, action=WebCore::PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1202
#43 0x005906de in -[WebFramePolicyListener use] (self=0xfa44a20, _cmd=0x90d8cdec) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1217
#44 0x0012771b in -[BrowserWebView(FileInternal) _informDecisionListener:ofPolicyDecision:] (self=0x2345060, _cmd=0x19d23c, listener=0xfa44a20, decision=PolicyUse) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWebView.m:2890
#45 0x00127201 in -[BrowserWebView(FileInternal) _decidePolicyForAction:request:frame:newFrameName:decisionListener:] (self=0x2345060, _cmd=0x19d114, actionInformation=0xfa8a240, request=0xfa5b520, frame=0x25b8db0, newFrameName=0x0, listener=0xfa44a20) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWebView.m:2808
#46 0x00122bf5 in -[BrowserWebView webView:decidePolicyForNavigationAction:request:frame:decisionListener:] (self=0x2345060, _cmd=0x90d738dc, c=0x2345060, actionInformation=0xfa8a240, request=0xfa5b520, frame=0x25b8db0, listener=0xfa44a20) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWebView.m:1523
#47 0x92d351dd in __invoking___ ()
#48 0x92c44188 in -[NSInvocation invoke] ()
#49 0x92c68a18 in -[NSInvocation invokeWithTarget:] ()
#50 0x0055ae4b in -[_WebSafeForwarder forwardInvocation:] (self=0x23c7f10, _cmd=0x90db6f78, anInvocation=0xfa42ef0) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:1426
#51 0x92d34f04 in ___forwarding___ ()
#52 0x92d35172 in __forwarding_prep_0___ ()
#53 0x00590ea7 in WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0x25b85c0, function={__pfn = 0x153d330 <WebCore::FrameLoader::continueAfterNavigationPolicy(WebCore::PolicyAction)>, __delta = 0}, action=@0xbfffe5f4, request=@0x2ae9040) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:528
#54 0x0153cfee in WebCore::FrameLoader::checkNavigationPolicy (this=0x2882400, request=@0x2ae9040, loader=0x2ae8e00, formState=@0xbfffe708, function=0x153da68 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x2882400) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3284
#55 0x0153e5b0 in WebCore::FrameLoader::load (this=0x2882400, loader=0x2ae8e00, type=WebCore::FrameLoadTypeBack, formState=@0xbfffe7ac) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:1892
#56 0x0153e9bd in WebCore::FrameLoader::load (this=0x2882400, request=@0xbfffe808, action=@0xbfffe8ec, type=WebCore::FrameLoadTypeBack, formState=@0xbfffeca0) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:1842
#57 0x0154187f in WebCore::FrameLoader::loadItem (this=0x2882400, item=0xf7c33c0, loadType=WebCore::FrameLoadTypeBack) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3821
#58 0x01541cf5 in WebCore::FrameLoader::recursiveGoToItem (this=0x2882400, item=0xf7c33c0, fromItem=0xf7c1fe0, type=WebCore::FrameLoadTypeBack) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3916
#59 0x01541de4 in WebCore::FrameLoader::goToItem (this=0x2882400, targetItem=0xf7c33c0, type=WebCore::FrameLoadTypeBack) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/loader/FrameLoader.cpp:3864
#60 0x013237a5 in WebCore::Page::goToItem (this=0x25bb640, item=0xf7c33c0, type=WebCore::FrameLoadTypeBack) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/page/Page.cpp:137
#61 0x0132383f in WebCore::Page::goBack (this=0x25bb640) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebCore/page/Page.cpp:113
#62 0x0055d36d in -[WebView goBack] (self=0x2345060, _cmd=0x90d7ff88) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:1939
#63 0x0055f4fe in -[WebView(WebIBActions) goBack:] (self=0x2345060, _cmd=0x90d9a27c, sender=0x23af880) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:2425
#64 0x00044cf7 in -[BrowserWindowController goBack:] (self=0x2385de0, _cmd=0x90d9a27c, sender=0x23af880) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWindowController.m:478
#65 0x00044f66 in -[BrowserWindowController goBackOrForwardFromSegmentedControl:] (self=0x2385de0, _cmd=0x16a000, sender=0x23af880) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserWindowController.m:496
#66 0x943a5c81 in -[NSApplication sendAction:to:from:] ()
#67 0x00026ff8 in -[BrowserApplication sendAction:to:from:] (self=0x2322f00, _cmd=0x90dbf6ec, theAction=0x16a000, theTarget=0x2385de0, sender=0x23af880) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserApplication.m:85
#68 0x943a5bd2 in -[NSControl sendAction:to:] ()
#69 0x943a80a9 in -[NSCell _sendActionFrom:] ()
#70 0x94538a6e in -[NSSegmentedCell _sendActionFrom:] ()
#71 0x943ba8b1 in -[NSCell trackMouse:inRect:ofView:untilMouseUp:] ()
#72 0x945385bc in -[NSSegmentedCell trackMouse:inRect:ofView:untilMouseUp:] ()
#73 0x943d8d47 in -[NSControl mouseDown:] ()
#74 0x9439560d in -[NSWindow sendEvent:] ()
#75 0x000c58ad in -[Window sendEvent:] (self=0x238d880, _cmd=0x90d92420, event=0xfa0a0f0) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/Window.m:84
#76 0x94387082 in -[NSApplication sendEvent:] ()
#77 0x0002735b in -[BrowserApplication sendEvent:] (self=0x2322f00, _cmd=0x90d92420, event=0xfa0a0f0) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/BrowserApplication.m:137
#78 0x942b9993 in -[NSApplication run] ()
#79 0x942ad513 in NSApplicationMain ()
#80 0x000bfe89 in main (argc=1, argv=0xbffff908) at /Volumes/Big/Users/johnsullivan/Projects/Labyrinth/Internal/WebBrowser/main.m:26

2007-01-30 13:50:04 John Sullivan:
This is easy to reproduce, but doesn't necessarily happen every single time, possibly just because it depends on the timing of clicking the Back button.

On a release build I often get a crash following these steps, which could be a downstream symptom of the same problem. That is written up separately as 4964698 in case it is not the same problem.

2007-01-30 20:31:01 Maciej Stachowiak:
I strongly suspect this and 4964698 are the same bug.

2007-02-05 13:16:04 Stephanie Lewis:
By virtue of being Safari Blocker Reviewed, these have been Safari BRB Reviewed

<rdar://problem/4964684>
Comment 1 Darin Adler 2007-03-11 10:42:16 PDT
The bookmarks view is a non-HTML view. I think this bug is about trouble with the back/forward cache when non-HTML views are involved.

I find I can reproduce the crash when doing "forward" after the steps described above.

The crash I can reproduce is a call to scheduleRelayout on a document that's being loaded from the page cache. The page from the cache trying to schedule the layout before it's been installed as the current view of the frame.
Comment 2 Darin Adler 2007-03-11 11:39:55 PDT
Looks to me like the issue is that when the bookmarks view is up there's also an empty document in the frame. When we return from the bookmarks view to the non-HTML view we "close" the document, which results in adding a body element, which results in a desire to do layout.

For the case of leaving the bookmarks view, this is a sort of pathological situation, since the bookmarks view doesn't really need a document at all.

But it seems like this could legitimately happen if you are leaving a view that happens to have a document where you have not yet reached the end or the body element. Maybe there's some simple way to rework the back/forward cache code so that we don't attempt this layout when we're no longer associated with a view.
Comment 3 mitz 2007-03-11 12:33:29 PDT
(In reply to comment #2)
> Looks to me like the issue is that when the bookmarks view is up there's also
> an empty document in the frame. When we return from the bookmarks view to the
> non-HTML view we "close" the document, which results in adding a body element,
> which results in a desire to do layout.
> 
> For the case of leaving the bookmarks view, this is a sort of pathological
> situation, since the bookmarks view doesn't really need a document at all.
> 
> But it seems like this could legitimately happen if you are leaving a view that
> happens to have a document where you have not yet reached the end or the body
> element. Maybe there's some simple way to rework the back/forward cache code so
> that we don't attempt this layout when we're no longer associated with a view.
> 

Regarding the last case, see bug 12661 comment #2. Calling clear() earlier did fix the bug, leaving minor issues with the scrollbars not being reset properly. However, I suspect that the deeper cause for many, if not all, cases of these bugs (see also bug 11457) is the regression where documents can enter the page cache even they haven't finished parsing and loading all their resources. When you go back to such a document that you left mid-load, it is fetched from the page cache in its unfinished form and parsing/loading doesn't resume.

I really think at least one of this bug, bug 12661 and bug 11457 should be closed as a dupe (note that the assertion that's being hit is rather new, with bug 11457 probably predating it).
Comment 4 mitz 2007-03-11 12:34:29 PDT
CC:ing Darin in hope that he'll find my last comment helpful.
Comment 5 mitz 2007-03-14 15:55:24 PDT
I think <http://trac.webkit.org/projects/webkit/changeset/20178> fixed this bug.
Comment 6 Darin Adler 2007-03-19 11:31:23 PDT
Yes, Brady agrees.