16951 – Assertion failure in FrameView::scheduleRelayout (!m_frame->document() || !m_frame->document()->inPageCache()) when going back from a page with a focused popup

Bug 16951 - Assertion failure in FrameView::scheduleRelayout (!m_frame->document() || !m_frame->document()->inPageCache()) when going back from a page with a focused popup

Summary: Assertion failure in FrameView::scheduleRelayout (!m_frame->document() || !m_...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-01-20 15:47 PST by mitz
Modified:	2008-01-20 18:02 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Do not allow focus to change in pages that are in the back/forward cache (1.28 KB, patch) 2008-01-20 16:53 PST, mitz	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2008-01-20 15:47:10 PST

Going back to about:blank from a back/forward-cacheable document that has a focused popup button results in an assertion failure:

ASSERTION FAILED: !m_frame->document() || !m_frame->document()->inPageCache()
(WebCore/page/FrameView.cpp:714 void WebCore::FrameView::scheduleRelayout())

Steps to reproduce:
1) Go to about:blank
2) Go to data:text/html,%3Cselect%3E
3) Press Tab to focus the popup button
4) Choose History > Back.

Backtrace:
#0  0x01bc0597 in WebCore::FrameView::scheduleRelayout (this=0x196326d0) at WebCore/page/FrameView.cpp:714
#1  0x01e1216d in WebCore::RenderObject::scheduleRelayout (this=0x19cef64c) at WebCore/rendering/RenderObject.cpp:2738
#2  0x01e1239b in WebCore::RenderObject::markContainingBlocksForLayout (this=0x19c8f3ec, scheduleRelayout=true, newRoot=0x0) at WebCore/rendering/RenderObject.cpp:757
#3  0x01e12493 in WebCore::RenderObject::setNeedsLayout (this=0x19c8f3ec, b=true, markParents=true) at WebCore/rendering/RenderObject.cpp:688
#4  0x01a3a53f in WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc (this=0x19c8f3ec) at RenderObject.h:393
#5  0x01e13112 in WebCore::RenderObject::setStyle (this=0x19c8f3ec, style=0x19c53b1c) at WebCore/rendering/RenderObject.cpp:2321
#6  0x01dcceeb in WebCore::RenderBox::setStyle (this=0x19c8f3ec, newStyle=0x19c53b1c) at WebCore/rendering/RenderBox.cpp:83
#7  0x01db6145 in WebCore::RenderBlock::setStyle (this=0x19c8f3ec, _style=0x19c53b1c) at WebCore/rendering/RenderBlock.cpp:127
#8  0x01db61fd in WebCore::RenderBlock::setStyle (this=0x196c49ec, _style=0x195dfc4c) at WebCore/rendering/RenderBlock.cpp:135
#9  0x01e07af5 in WebCore::RenderMenuList::setStyle (this=0x196c49ec, newStyle=0x195dfc4c) at WebCore/rendering/RenderMenuList.cpp:121
#10 0x01e1598f in WebCore::RenderObject::setAnimatableStyle (this=0x196c49ec, style=0x195dfc4c) at WebCore/rendering/RenderObject.cpp:2162
#11 0x01d8c665 in WebCore::Node::setRenderStyle (this=0x19ced530, s=0x195dfc4c) at WebCore/dom/Node.cpp:1052
#12 0x01b666d6 in WebCore::Element::recalcStyle (this=0x19ced530, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:741
#13 0x01bf1a5a in WebCore::HTMLGenericFormElement::recalcStyle (this=0x19ced530, change=WebCore::Node::NoChange) at WebCore/html/HTMLGenericFormElement.cpp:176
#14 0x01c25102 in WebCore::HTMLSelectElement::recalcStyle (this=0x19ced530, ch=WebCore::Node::NoChange) at WebCore/html/HTMLSelectElement.cpp:112
#15 0x01b6686c in WebCore::Element::recalcStyle (this=0x19634870, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:765
#16 0x01b6686c in WebCore::Element::recalcStyle (this=0x19e739e0, change=WebCore::Node::NoChange) at WebCore/dom/Element.cpp:765
#17 0x01b39aa6 in WebCore::Document::recalcStyle (this=0x3b5a200, change=WebCore::Node::NoChange) at WebCore/dom/Document.cpp:1103
#18 0x01b2fead in WebCore::Document::updateRendering (this=0x3b5a200) at WebCore/dom/Document.cpp:1126
#19 0x01b31e61 in WebCore::Document::updateDocumentsRendering () at WebCore/dom/Document.cpp:1136
#20 0x01b7799a in WebCore::EventTarget::dispatchGenericEvent (this=0x19ced558, referenceNode=0x19ced530, e=@0xbfffd43c, tempEvent=true) at WebCore/dom/EventTarget.cpp:264
#21 0x01b78912 in WebCore::EventTargetNode::dispatchEvent (this=0x19ced530, e=@0xbfffd478, ec=@0xbfffd474, tempEvent=true) at WebCore/dom/EventTargetNode.cpp:115
#22 0x01b7a0d2 in WebCore::EventTargetNode::dispatchHTMLEvent (this=0x19ced530, eventType=@0x233c5c4, canBubbleArg=false, cancelableArg=false) at WebCore/dom/EventTargetNode.cpp:350
#23 0x01b7a11e in WebCore::EventTargetNode::dispatchBlurEvent (this=0x19ced530) at WebCore/dom/EventTargetNode.cpp:343
#24 0x01c24f31 in WebCore::HTMLSelectElement::dispatchBlurEvent (this=0x19ced530) at WebCore/html/HTMLSelectElement.cpp:590
#25 0x01b35274 in WebCore::Document::setFocusedNode (this=0x3b5a200, newFocusedNode=@0xbfffd544) at WebCore/dom/Document.cpp:2286
#26 0x0032e248 in -[WebHTMLView clearFocus] (self=0x19e28620, _cmd=0x3b98f8) at WebKit/mac/WebView/WebHTMLView.mm:2723
#27 0x003271f4 in -[WebHTMLView resignFirstResponder] (self=0x19e28620, _cmd=0x900d789c) at WebKit/mac/WebView/WebHTMLView.mm:3192
#28 0x90edc2ed in -[NSWindow makeFirstResponder:] ()

Comment 1 mitz 2008-01-20 16:02:14 PST

Note that this does not happen with focused <input> text fields, because in that case -[WebHTMLView maintainsInactiveSelection] returns YES and therefore -resignFirstResponder does not call -clearFocus.

I think putting a page into the back/forward cache should never change the focused node in that document (so it should also not dispatch a blur event). That's how it works for text fields, and I see no reason why it should be different for popups.

Comment 2 mitz 2008-01-20 16:53:11 PST

Created attachment 18570 [details]
Do not allow focus to change in pages that are in the back/forward cache

Cannot make a regression test because the back/forward cache is disabled in DumpRenderTree.

Besides clearing the focused node, -[WebHTMLView resignFirstResponder] also clears the selection (if it is not in editable content). The patch leaves the selection clearing behavior intact.

Comment 3 Darin Adler 2008-01-20 17:57:06 PST

Comment on attachment 18570 [details]
Do not allow focus to change in pages that are in the back/forward cache

r=me

Comment 4 mitz 2008-01-20 18:02:44 PST

Fixed in <http://trac.webkit.org/projects/webkit/changeset/29679>.