Bug 12973 - REGRESSION: Reproducible assert while loading this test file if css is already in the cache
Summary: REGRESSION: Reproducible assert while loading this test file if css is alread...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P1 Normal
Assignee: Nobody
URL: LayoutTests/fast/dom/css-insert-impor...
Keywords: InRadar, Regression
Depends on:
Blocks:
 
Reported: 2007-03-05 14:33 PST by Grace Kloba
Modified: 2007-03-10 14:57 PST (History)
3 users (show)

See Also:


Attachments
Sample fix (384 bytes, patch)
2007-03-09 15:01 PST, mitz
no flags Details | Formatted Diff | Diff
Keep loadCompleted() in sync with the pending stylesheet count (11.51 KB, patch)
2007-03-10 02:43 PST, mitz
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Grace Kloba 2007-03-05 14:33:07 PST
Load LayoutTests/fast/dom/css-insert-import-rule.html first to get the resource in the cache.

Change address to be LayoutTests/fast/dom/css-insert-import-rule.txt. As there is no existing file, you should see an error page.

Now change address back to LayoutTests/fast/dom/css-insert-import-rule.html, you should see assertion like this,

WebCore/dom/Document.cpp:1878: failed assertion `m_pendingStylesheets > 0'
Comment 1 David Kilzer (:ddkilzer) 2007-03-05 21:00:55 PST
Confirmed with local debug build of WebKit r19972 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).

This is a regression from shipping Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).

Console output on debug build (CrashReporter does not launch!):

/path/to/WebKit/WebCore/dom/Document.cpp:1894: failed assertion `m_pendingStylesheets > 0'
Abort trap

Comment 2 Mark Rowe (bdash) 2007-03-07 06:47:33 PST
<rdar://problem/5045718>
Comment 3 mitz 2007-03-09 13:45:09 PST
(In reply to comment #1)
> Console output on debug build (CrashReporter does not launch!):

Evil lowercase assert()s!
Comment 4 mitz 2007-03-09 15:01:59 PST
Created attachment 13568 [details]
Sample fix

The problem is that the pending stylesheet counter and the stylesheet's loadCompleted() flag get out of sync. This patch fixes the test case, but I noticed several other calls to stylesheetLoaded() that need to be tested and possibly fixed...
Comment 5 mitz 2007-03-10 02:43:54 PST
Created attachment 13573 [details]
Keep loadCompleted() in sync with the pending stylesheet count
Comment 6 Darin Adler 2007-03-10 07:16:07 PST
Comment on attachment 13573 [details]
Keep loadCompleted() in sync with the pending stylesheet count

r=me
Comment 7 David Kilzer (:ddkilzer) 2007-03-10 12:09:39 PST
Comment on attachment 13573 [details]
Keep loadCompleted() in sync with the pending stylesheet count

Why is the m_sheet null check kept in one place, but not the other two?  In both methods were the null check is not kept, m_sheet is used previously in the method, but how do we know its value won't change between uses?

Not kept:

>Index: WebCore/dom/ProcessingInstruction.cpp
>-    // Tell the doc about the sheet.
>-    if (!isLoading() && m_sheet)
>-        document()->stylesheetLoaded();
>+    m_sheet->checkLoaded();
> }

Kept:

>Index: WebCore/dom/StyleElement.cpp
>-    if (!isLoading() && m_sheet)
>-        document->stylesheetLoaded();
>+    if (m_sheet)
>+        m_sheet->checkLoaded();
> }

Not kept:

>Index: WebCore/html/HTMLLinkElement.cpp
>-    // Tell the doc about the sheet.
>-    if (!isLoading() && m_sheet && !isDisabled() && !isAlternate())
>-        document()->stylesheetLoaded();
>+    m_sheet->checkLoaded();
> }
Comment 8 mitz 2007-03-10 12:37:04 PST
(In reply to comment #7)
> Why is the m_sheet null check kept in one place, but not the other two?

Because it's needed in that one place (in case the type attribute is wrong or the media doesn't match) and not in the other two.

> In
> both methods were the null check is not kept, m_sheet is used previously in the
> method, but how do we know its value won't change between uses?

In HTMLLinkElement it's obvious (setMedia() cannot get m_sheet changed). In ProcessingInstruction it's quite easy to verify that it cannot become 0.
Comment 9 David Kilzer (:ddkilzer) 2007-03-10 14:57:05 PST
Committed revision 20098.