Bug 163905 - REGRESSION(r207753-207755): ASSERTION FAILED: m_parsedStyleSheetCache->isInMemoryCache()
Summary: REGRESSION(r207753-207755): ASSERTION FAILED: m_parsedStyleSheetCache->isInMe...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords:
: 164257 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-10-24 11:58 PDT by Ryan Haddad
Modified: 2016-11-02 06:21 PDT (History)
4 users (show)

See Also:

Attachments
Patch (5.39 KB, patch)
2016-10-26 05:34 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Patch for landing (8.12 KB, patch)
2016-10-27 01:54 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Patch for landing (8.25 KB, patch)
2016-11-02 05:46 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2016-10-24 11:58:28 PDT 
Flaky assertion failure seen with http/tests/misc/acid2.html

ASSERTION FAILED: m_parsedStyleSheetCache->isInMemoryCache()
/Volumes/Data/slave/elcapitan-debug/build/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp(167) : PassRefPtr<WebCore::StyleSheetContents> WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet(const WebCore::CSSParserContext &, WebCore::CachePolicy)
1   0x10fe69310 WTFCrash
2   0x1153778fd WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet(WebCore::CSSParserContext const&, WebCore::CachePolicy)
3   0x115e261f5 WebCore::HTMLLinkElement::setCSSStyleSheet(WTF::String const&, WebCore::URL const&, WTF::String const&, WebCore::CachedCSSStyleSheet const*)
4   0x115e265c7 non-virtual thunk to WebCore::HTMLLinkElement::setCSSStyleSheet(WTF::String const&, WebCore::URL const&, WTF::String const&, WebCore::CachedCSSStyleSheet const*)
5   0x1153770ea WebCore::CachedCSSStyleSheet::didAddClient(WebCore::CachedResourceClient&)
6   0x11538e430 WebCore::CachedResource::addClient(WebCore::CachedResourceClient&)
7   0x115e25541 WebCore::HTMLLinkElement::process()
8   0x115e25e2c WebCore::HTMLLinkElement::insertedInto(WebCore::ContainerNode&)
9   0x1154af9c8 WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
10  0x1154afdf0 WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
11  0x1154a09a6 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource)
12  0x11549fa2c WebCore::ContainerNode::parserAppendChild(WebCore::Node&)
13  0x115d94a63 WebCore::insert(WebCore::HTMLConstructionSiteTask&)
14  0x115d946ee WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&)
15  0x115d90ed2 WebCore::executeTask(WebCore::HTMLConstructionSiteTask&)
16  0x115d90e66 WebCore::HTMLConstructionSite::executeQueuedTasks()
17  0x115ee4f0e WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&)
18  0x115dc45e3 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&)
19  0x115dc44ef WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
20  0x115dc31ed WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
21  0x115dc2dee WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
22  0x115dc4fd3 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&)
23  0x1157ff2f5 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long)
24  0x115941e93 WebCore::DocumentWriter::addData(char const*, unsigned long)
25  0x1158fd01e WebCore::DocumentLoader::commitData(char const*, unsigned long)
26  0x11ec903fd -[WebFrame(WebInternal) _commitData:]
27  0x11ecce610 -[WebHTMLRepresentation receivedData:withDataSource:]
28  0x11ec6cbea -[WebDataSource(WebInternal) _receivedData:]
29  0x11eca09d7 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
30  0x1158ffb30 WebCore::DocumentLoader::commitLoad(char const*, int)
31  0x1158ffa56 WebCore::DocumentLoader::dataReceived(char const*, int)
Comment 1 Ryan Haddad 2016-10-24 11:59:07 PDT 
Seems to have started with https://trac.webkit.org/changeset/207757
Comment 2 Ryan Haddad 2016-10-24 12:04:43 PDT 
Per flakiness dashboard, this seems to be asserting on El Capitan and Sierra WK1

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fmisc%2Facid2.html
Comment 3 Ryan Haddad 2016-10-24 12:13:52 PDT 
Also, http/tests/misc/acid2-pixel.html seems to fail alongside this test:

http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fmisc%2Facid2-pixel.html
Comment 4 Ryan Haddad 2016-10-24 13:28:30 PDT 
There is one instance of these two tests failing (not asserting) with https://trac.webkit.org/log/?verbose=on&rev=207755&stop_rev=207753
Comment 5 Antti Koivisto 2016-10-25 06:04:07 PDT 
I suspect this is caused by https://bugs.webkit.org/show_bug.cgi?id=161859 even though flakes started later.
Comment 6 youenn fablet 2016-10-26 05:34:20 PDT 
Created attachment 292917 [details]
Patch
Comment 7 youenn fablet 2016-10-26 05:36:53 PDT 
(In reply to comment #6)
> Created attachment 292917 [details]
> Patch

Patch implements https://bugs.webkit.org/show_bug.cgi?id=161859#c7.
Comment 8 youenn fablet 2016-10-26 07:05:26 PDT 
(In reply to comment #7)
> (In reply to comment #6)
> > Created attachment 292917 [details]
> > Patch
> 
> Patch implements https://bugs.webkit.org/show_bug.cgi?id=161859#c7.

This patch has no test in it.
I am not exactly sure how to test it except than checking the flakiness is disappearing.
Comment 9 Antti Koivisto 2016-10-26 10:31:05 PDT 
I think you should try to make a test as this really needs coverage. Something along these lines should work

1) Load a simple stylesheet with <link>
2) Load the same stylesheet in a manner that setBodyDataFrom sharing gets used (in another frame I think, I don't know what the case exactly is)
3) Call internals.beginSimulatedMemoryPressure();

Memory pressure should cause destroyDecodedData() get called for both CachedCSSStyleSheets and the second one should hit ASSERT(m_isInMemoryCache) without this patch.

A test that actually produces wrong rendering would involve kicking one of the resources out from memory cache (via new Internals api maybe) and mutating the stylesheet.
Comment 10 youenn fablet 2016-10-27 00:48:00 PDT 
Thanks for the review.

(In reply to comment #9)
> I think you should try to make a test as this really needs coverage.
> Something along these lines should work
> 
> 1) Load a simple stylesheet with <link>
> 2) Load the same stylesheet in a manner that setBodyDataFrom sharing gets
> used (in another frame I think, I don't know what the case exactly is)

I wrote some tests in http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html and cached-cross-origin-preloading-css-stylesheet.html

setBodyDataFrom is used when a request is made that matches the cache but the origin or the fetch mode is not matching.

> 3) Call internals.beginSimulatedMemoryPressure();
> 
> Memory pressure should cause destroyDecodedData() get called for both
> CachedCSSStyleSheets and the second one should hit ASSERT(m_isInMemoryCache)
> without this patch.

Great, I was not aware of internals.beginSimulatedMemoryPressure().
This should indeed work.
I'll add this test.
Comment 11 Antti Koivisto 2016-10-27 01:07:46 PDT 
> Great, I was not aware of internals.beginSimulatedMemoryPressure().
> This should indeed work.
> I'll add this test.

You can also always add new Internals APIs as needed if you don't find something suitable already. They are very easy to add.
Comment 12 youenn fablet 2016-10-27 01:54:43 PDT 
Created attachment 293000 [details]
Patch for landing
Comment 13 WebKit Commit Bot 2016-10-27 02:29:29 PDT 
Comment on attachment 293000 [details]
Patch for landing

Clearing flags on attachment: 293000

Committed r207967: <http://trac.webkit.org/changeset/207967>
Comment 14 WebKit Commit Bot 2016-10-27 02:29:33 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 15 Ryan Haddad 2016-10-31 17:30:26 PDT 
Reverted r207967 for reason:

This change seems to be the cause of at least one LayoutTest becoming flaky.

Committed r208200: <http://trac.webkit.org/changeset/208200>
Comment 16 Ryan Haddad 2016-11-01 09:34:59 PDT 
*** Bug 164257 has been marked as a duplicate of this bug. ***
Comment 17 youenn fablet 2016-11-02 05:46:01 PDT 
Created attachment 293655 [details]
Patch for landing
Comment 18 youenn fablet 2016-11-02 05:47:45 PDT 
(In reply to comment #17)
> Created attachment 293655 [details]
> Patch for landing

The added test was calling internals.beginSimulatedMemoryPressure() but it was not calling internals.endSimulatedMemoryPressure().
This explains LayoutTests/memory/memory-pressure-simulation.html flakiness and may also explain other tests flakiness.
Let's check that.
Comment 19 WebKit Commit Bot 2016-11-02 06:21:43 PDT 
Comment on attachment 293655 [details]
Patch for landing

Clearing flags on attachment: 293655

Committed r208279: <http://trac.webkit.org/changeset/208279>
Comment 20 WebKit Commit Bot 2016-11-02 06:21:48 PDT 
All reviewed patches have been landed.  Closing bug.