RESOLVED WONTFIX 167772
[EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in UI process at WebCore::Length::ref() 
https://bugs.webkit.org/show_bug.cgi?id=167772
Summary [EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in U...
Fujii Hironori
Reported 2017-02-02 18:37:16 PST
Created attachment 300482 [details] test content of layer animation with calc [EFL][CoordinatedGraphics] Layer animations involving calc cause a crash in UI process at WebCore::Length::ref() This bug happens only in multiprocess CoordinatedGraphics which is used only in EFL port. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x00007fa6e3215373 in WebCore::Length::ref() const () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > [Current thread is 1 (Thread 0x7fa6e4b2dac0 (LWP 52089))] > (gdb) bt > #0 0x00007fa6e3215373 in WebCore::Length::ref() const () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #1 0x00007fa6e2b2eadf in IPC::ArgumentCoder<WebCore::TransformOperations>::decode(IPC::Decoder&, WebCore::TransformOperations&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #2 0x00007fa6e2b2efcd in IPC::ArgumentCoder<WebCore::TextureMapperAnimation>::decode(IPC::Decoder&, WebCore::TextureMapperAnimation&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #3 0x00007fa6e2b2f4bf in IPC::ArgumentCoder<WebCore::TextureMapperAnimations>::decode(IPC::Decoder&, WebCore::TextureMapperAnimations&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #4 0x00007fa6e2b30bcd in IPC::ArgumentCoder<WebCore::CoordinatedGraphicsLayerState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsLayerState&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #5 0x00007fa6e2b325cd in IPC::VectorArgumentCoder<false, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul>::decode(IPC::Decoder&, WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #6 0x00007fa6e2b35947 in IPC::ArgumentCoder<WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsState&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #7 0x00007fa6e2bf858b in WebKit::CoordinatedLayerTreeHostProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #8 0x00007fa6e28d4689 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #9 0x00007fa6e2999192 in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #10 0x00007fa6e28d1e2b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () > from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #11 0x00007fa6e28d2be8 in IPC::Connection::dispatchOneMessage() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #12 0x00007fa6e3b09e51 in WTF::RunLoop::performWork() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libewebkit2.so.1 > #13 0x00007fa6e164db2e in _ecore_pipe_handler_call (p=p@entry=0x1190d40, buf=0x236d0f0 "W\b7\002", len=<optimized out>) > at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_pipe.c:511 > #14 0x00007fa6e164e1e9 in _ecore_pipe_read (data=0x1190d40, fd_handler=<optimized out>) > at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_pipe.c:637 > #15 0x00007fa6e164bb82 in _ecore_call_fd_cb (fd_handler=0x1186da0, data=<optimized out>, func=<optimized out>) > at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_private.h:333 > #16 _ecore_main_fd_handlers_call () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:1974 > #17 _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) > at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:2339 > #18 0x00007fa6e164bf67 in ecore_main_loop_begin () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesEFL/Source/efl-1.18.4/src/lib/ecore/ecore_main.c:1286 > #19 0x000000000040c9c1 in elm_main () > #20 0x00000000004066ec in main ()
Attachments
test content of layer animation with calc (380 bytes, text/html)
2017-02-02 18:37 PST, Fujii Hironori 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2017-02-02 18:39:58 PST
An assertion failed in the debug build. > ASSERTION FAILED: m_map.contains(handle) > ../../Source/WebCore/platform/Length.cpp(220) : void WebCore::CalculationValueMap::ref(unsigned int) > 1 0x7fd7ca6d39ca WTFCrash > 2 0x7fd7c992cd59 WebCore::CalculationValueMap::ref(unsigned int) > 3 0x7fd7c992bb65 WebCore::Length::ref() const > 4 0x7fd7c8ce350a WebCore::Length::Length(WebCore::Length const&) > 5 0x7fd7c8ce5d2c WebCore::TranslateTransformOperation::TranslateTransformOperation(WebCore::Length const&, WebCore::Length const&, WebCore::Length const&, WebCore::TransformOperation::OperationType) > 6 0x7fd7c8ce5c07 WebCore::TranslateTransformOperation::create(WebCore::Length const&, WebCore::Length const&, WebCore::Length const&, WebCore::TransformOperation::OperationType) > 7 0x7fd7c8cdf5a6 IPC::ArgumentCoder<WebCore::TransformOperations>::decode(IPC::Decoder&, WebCore::TransformOperations&) > 8 0x7fd7c8ce9a1f std::enable_if<!std::is_enum<WebCore::TransformOperations>::value, bool>::type IPC::Decoder::decode<WebCore::TransformOperations>(WebCore::TransformOperations&) > 9 0x7fd7c8ce0b46 IPC::ArgumentCoder<WebCore::TextureMapperAnimation>::decode(IPC::Decoder&, WebCore::TextureMapperAnimation&) > 10 0x7fd7c8ceffc5 std::enable_if<!std::is_enum<WebCore::TextureMapperAnimation>::value, bool>::type IPC::Decoder::decode<WebCore::TextureMapperAnimation>(WebCore::TextureMapperAnimation&) > 11 0x7fd7c8cedd20 IPC::VectorArgumentCoder<false, WebCore::TextureMapperAnimation, 0ul>::decode(IPC::Decoder&, WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul>&) > 12 0x7fd7c8cea027 std::enable_if<!std::is_enum<WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul> >::value, bool>::type IPC::Decoder::decode<WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul> >(WTF::Vector<WebCore::TextureMapperAnimation, 0ul, WTF::CrashOnOverflow, 16ul>&) > 13 0x7fd7c8ce0fc2 IPC::ArgumentCoder<WebCore::TextureMapperAnimations>::decode(IPC::Decoder&, WebCore::TextureMapperAnimations&) > 14 0x7fd7c8cea2bf std::enable_if<!std::is_enum<WebCore::TextureMapperAnimations>::value, bool>::type IPC::Decoder::decode<WebCore::TextureMapperAnimations>(WebCore::TextureMapperAnimations&) > 15 0x7fd7c8ce18fd IPC::ArgumentCoder<WebCore::CoordinatedGraphicsLayerState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsLayerState&) > 16 0x7fd7c8cf4461 std::enable_if<!std::is_enum<WebCore::CoordinatedGraphicsLayerState>::value, bool>::type IPC::Decoder::decode<WebCore::CoordinatedGraphicsLayerState>(WebCore::CoordinatedGraphicsLayerState&) > 17 0x7fd7c8cf2769 IPC::ArgumentCoder<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >::decode(IPC::Decoder&, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>&) > 18 0x7fd7c8cf0917 std::enable_if<!std::is_enum<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >::value, bool>::type IPC::Decoder::decode<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState> >(std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>&) > 19 0x7fd7c8cee6e4 IPC::VectorArgumentCoder<false, std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul>::decode(IPC::Decoder&, WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&) > 20 0x7fd7c8cea673 std::enable_if<!std::is_enum<WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul> >::value, bool>::type IPC::Decoder::decode<WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul> >(WTF::Vector<std::pair<unsigned int, WebCore::CoordinatedGraphicsLayerState>, 0ul, WTF::CrashOnOverflow, 16ul>&) > 21 0x7fd7c8ce2275 IPC::ArgumentCoder<WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, WebCore::CoordinatedGraphicsState&) > 22 0x7fd7c8ea1939 std::enable_if<!std::is_enum<WebCore::CoordinatedGraphicsState>::value, bool>::type IPC::Decoder::decode<WebCore::CoordinatedGraphicsState>(WebCore::CoordinatedGraphicsState&) > 23 0x7fd7c8ea18f3 IPC::TupleCoder<1ul, WebCore::CoordinatedGraphicsState>::decode(IPC::Decoder&, std::tuple<WebCore::CoordinatedGraphicsState>&) > 24 0x7fd7c8ea17af IPC::ArgumentCoder<std::tuple<WebCore::CoordinatedGraphicsState> >::decode(IPC::Decoder&, std::tuple<WebCore::CoordinatedGraphicsState>&) > 25 0x7fd7c8ea170d std::enable_if<!std::is_enum<std::tuple<WebCore::CoordinatedGraphicsState> >::value, bool>::type IPC::Decoder::decode<std::tuple<WebCore::CoordinatedGraphicsState> >(std::tuple<WebCore::CoordinatedGraphicsState>&) > 26 0x7fd7c8ea161a void IPC::handleMessage<Messages::CoordinatedLayerTreeHostProxy::CommitCoordinatedGraphicsState, WebKit::CoordinatedLayerTreeHostProxy, void (WebKit::CoordinatedLayerTreeHostProxy::*)(WebCore::CoordinatedGraphicsState const&)>(IPC::Decoder&, WebKit::CoordinatedLayerTreeHostProxy*, void (WebKit::CoordinatedLayerTreeHostProxy::*)(WebCore::CoordinatedGraphicsState const&)) > 27 0x7fd7c8ea146f WebKit::CoordinatedLayerTreeHostProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) > 28 0x7fd7c87ba086 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) > 29 0x7fd7c8883ee1 WebKit::ChildProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) > 30 0x7fd7c8966a8a WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) > 31 0x7fd7c879d366 IPC::Connection::dispatchMessage(IPC::Decoder&)
Michael Catanzaro
Comment 2 2017-03-11 10:33:55 PST
Closing this bug because the EFL port has been removed from trunk. If you feel this bug applies to a different upstream WebKit port and was closed in error, please either update the title and reopen the bug, or leave a comment to request this.
Note You need to log in before you can comment on or make changes to this bug.