RESOLVED FIXED 175270
REGRESSION (r220052): ASSERTION FAILED: !frame().isMainFrame() || !needsStyleRecalcOrLayout() in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 
https://bugs.webkit.org/show_bug.cgi?id=175270
Summary REGRESSION (r220052): ASSERTION FAILED: !frame().isMainFrame() || !needsStyle...
Ryan Haddad
Reported 2017-08-07 10:32:36 PDT
ASSERTION FAILED: !frame().isMainFrame() || !needsStyleRecalcOrLayout() /Volumes/Data/slave/elcapitan-debug/build/Source/WebCore/page/FrameView.cpp(4617) : void WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 1 0x113da0740 WTFCrash 2 0x1070c649f WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 3 0x102ec793b WebKit::WebPage::layoutIfNeeded() 4 0x102c2a86c WebKit::TiledCoreAnimationDrawingArea::flushLayers() 5 0x102c2b03c non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() 6 0x10829d445 WebCore::LayerFlushScheduler::layerFlushCallback() 7 0x10829db3b WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0::operator()() const 8 0x10829dacc WTF::Function<void ()>::CallableWrapper<WebCore::LayerFlushScheduler::LayerFlushScheduler(WebCore::LayerFlushSchedulerClient*)::$_0>::call() 9 0x1065ae443 WTF::Function<void ()>::operator()() const 10 0x108b7382e WebCore::RunLoopObserver::runLoopObserverFired() 11 0x108b737b0 WebCore::RunLoopObserver::runLoopObserverFired(__CFRunLoopObserver*, unsigned long, void*) 12 0x7fff9bd6bfc7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 13 0x7fff9bd6bf37 __CFRunLoopDoObservers 14 0x7fff9bd4ae48 CFRunLoopRunSpecific 15 0x7fff9c8f2935 RunCurrentEventLoopInMode 16 0x7fff9c8f276f ReceiveNextEventCommon 17 0x7fff9c8f25af _BlockUntilNextEventMatchingListInModeWithFilter 18 0x7fff9346adf6 _DPSNextEvent 19 0x7fff9346a226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 20 0x7fff9345ed80 -[NSApplication run] 21 0x7fff93428368 NSApplicationMain 22 0x7fff8f147194 _xpc_objc_main 23 0x7fff8f145bbe xpc_main 24 0x1026bafdd main 25 0x7fff9293f5ad start 26 0x1 LEAK: 8 WebPageProxy This is seen with LayoutTest plugins/crash-restoring-plugin-page-from-page-cache.html on macOS Debug WK2 https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r220052%20(2329)/results.html https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=plugins%2Fcrash-restoring-plugin-page-from-page-cache.html
Attachments
Crash log (85.14 KB, text/plain)
2017-08-07 10:33 PDT, Ryan Haddad 		no flags
Details
Patch (8.14 KB, patch)
2017-08-22 09:30 PDT, Darin Adler 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews113 for mac-elcapitan (2.36 MB, application/zip)
2017-08-22 11:11 PDT, Build Bot 		no flags
Details
Patch (3.25 KB, patch)
2017-08-26 18:16 PDT, Darin Adler 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews101 for mac-elcapitan (1.44 MB, application/zip)
2017-08-26 19:22 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (1.57 MB, application/zip)
2017-08-26 19:28 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews116 for mac-elcapitan (2.20 MB, application/zip)
2017-08-26 19:39 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (1.38 MB, application/zip)
2017-08-26 19:53 PDT, Build Bot 		no flags
Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2017-08-07 10:33:04 PDT
Created attachment 317434 [details] Crash log
Radar WebKit Bug Importer
Comment 2 2017-08-07 10:33:45 PDT
<rdar://problem/33755779>
Ryan Haddad
Comment 3 2017-08-07 10:41:13 PDT
According to the flakiness dashboard, this started with https://trac.webkit.org/changeset/220052/webkit
Ryan Haddad
Comment 4 2017-08-08 13:56:11 PDT
Skipped test on debug to get the bots back to green in https://trac.webkit.org/changeset/220419/webkit.
Darin Adler
Comment 5 2017-08-21 13:04:18 PDT
I experienced this locally but thought it was due to some other work I had done. I have a potential fix for this and was going to discuss with experts on our layout system. The issue here is that object loading can cause a need for additional style recalculation in the post-style-calculation hook, which adds the need to cycle through one more time.
Darin Adler
Comment 6 2017-08-22 09:30:07 PDT
Created attachment 318760 [details] Patch
Simon Fraser (smfr)
Comment 7 2017-08-22 09:42:32 PDT
Comment on attachment 318760 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=318760&action=review > Source/WebCore/page/FrameView.cpp:4599 > + AnimationUpdateBlock animationUpdateBlock(&frame().animation()); I think AnimationUpdateBlock should be outside this lambda; all the passes should use the same animation start time.
Build Bot
Comment 8 2017-08-22 11:11:36 PDT
Comment on attachment 318760 [details] Patch Attachment 318760 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4361637 New failing tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html accessibility/mac/search-with-frames.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-to-javscript-url.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe.html fast/events/frame-tab-focus.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame-2-level.html svg/animations/animations-paused-when-inserted-in-hidden-document.html
Build Bot
Comment 9 2017-08-22 11:11:44 PDT
Created attachment 318772 [details] Archive of layout-test-results from ews113 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Darin Adler
Comment 10 2017-08-22 20:34:11 PDT
Comment on attachment 318760 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=318760&action=review >> Source/WebCore/page/FrameView.cpp:4599 >> + AnimationUpdateBlock animationUpdateBlock(&frame().animation()); > > I think AnimationUpdateBlock should be outside this lambda; all the passes should use the same animation start time. OK. I will fix that and try to figure out what’s up with the cases.
Darin Adler
Comment 11 2017-08-22 20:40:34 PDT
Comment on attachment 318760 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=318760&action=review >>> Source/WebCore/page/FrameView.cpp:4599 >>> + AnimationUpdateBlock animationUpdateBlock(&frame().animation()); >> >> I think AnimationUpdateBlock should be outside this lambda; all the passes should use the same animation start time. > > OK. I will fix that and try to figure out what’s up with the cases. With the assertion failures, not "the cases".
Darin Adler
Comment 12 2017-08-24 09:37:59 PDT
Committed r221139: <http://trac.webkit.org/changeset/221139>
Ryan Haddad
Comment 13 2017-08-24 17:37:15 PDT
(In reply to Darin Adler from comment #12) > Committed r221139: <http://trac.webkit.org/changeset/221139> plugins/crash-restoring-plugin-page-from-page-cache.html is still crashing after this change: ASSERTION FAILED: !frame().isMainFrame() || !needsStyleRecalcOrLayout() /Volumes/Data/slave/sierra-debug/build/Source/WebCore/page/FrameView.cpp(4645) : void WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r221160%20(2698)/results.html
Ryan Haddad
Comment 14 2017-08-24 17:39:45 PDT
Reverted r221139 for reason: This change did not resolve the LayoutTest assertion failure. Committed r221173: <http://trac.webkit.org/changeset/221173>
Darin Adler
Comment 15 2017-08-26 18:16:32 PDT
Created attachment 319145 [details] Patch
Darin Adler
Comment 16 2017-08-26 19:01:11 PDT
The original patch works if I set the number of passes to a number 10 or higher rather than to 4.
Darin Adler
Comment 17 2017-08-26 19:02:05 PDT
EWS runs on the newer patch indicate that a few of our tests depend on the old behavior, and aren’t incompatible with loading that takes another run loop cycle.
Build Bot
Comment 18 2017-08-26 19:22:42 PDT
Comment on attachment 319145 [details] Patch Attachment 319145 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4389163 New failing tests: accessibility/plugin.html fast/frames/sandboxed-iframe-plugins.html fast/frames/crash-display-none-iframe-during-onbeforeload.html editing/editability/ignored-content.html plugins/attach-during-destroy.html webarchive/loading/object.html svg/custom/bug79798.html plugins/clicking-missing-plugin-fires-delegate.html http/tests/plugins/navigation-during-load.html plugins/destroy-reentry.html
Build Bot
Comment 19 2017-08-26 19:22:44 PDT
Created attachment 319148 [details] Archive of layout-test-results from ews101 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 20 2017-08-26 19:27:58 PDT
Comment on attachment 319145 [details] Patch Attachment 319145 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4389183 New failing tests: accessibility/plugin.html fast/dom/adopt-node-crash-2.html svg/custom/bug79798.html plugins/attach-during-destroy.html editing/editability/ignored-content.html fast/frames/crash-display-none-iframe-during-onbeforeload.html fast/replaced/invalid-object-with-fallback.html plugins/clicking-missing-plugin-fires-delegate.html http/tests/plugins/navigation-during-load.html plugins/destroy-reentry.html
Build Bot
Comment 21 2017-08-26 19:28:01 PDT
Created attachment 319149 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Build Bot
Comment 22 2017-08-26 19:39:24 PDT
Comment on attachment 319145 [details] Patch Attachment 319145 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4389204 New failing tests: accessibility/plugin.html fast/frames/sandboxed-iframe-plugins.html svg/custom/bug79798.html editing/editability/ignored-content.html plugins/attach-during-destroy.html webarchive/loading/object.html fast/frames/crash-display-none-iframe-during-onbeforeload.html plugins/clicking-missing-plugin-fires-delegate.html http/tests/plugins/navigation-during-load.html plugins/destroy-reentry.html
Build Bot
Comment 23 2017-08-26 19:39:26 PDT
Created attachment 319150 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 24 2017-08-26 19:53:00 PDT
Comment on attachment 319145 [details] Patch Attachment 319145 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4389216 New failing tests: svg/custom/bug79798.html fast/replaced/replaced-breaking.html platform/ios/ios/plugin/youtube-flash-plugin-iframe.html fast/frames/crash-display-none-iframe-during-onbeforeload.html editing/editability/ignored-content.html
Build Bot
Comment 25 2017-08-26 19:53:02 PDT
Created attachment 319151 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
Darin Adler
Comment 26 2017-08-31 09:55:57 PDT
Committed r221423: <http://trac.webkit.org/changeset/221423>
Note You need to log in before you can comment on or make changes to this bug.