RESOLVED FIXED 189608
[iOS] ERROR: post-layout: dirty renderer(s) in WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker() 
https://bugs.webkit.org/show_bug.cgi?id=189608
Summary [iOS] ERROR: post-layout: dirty renderer(s) in WebCore::RenderTreeNeedsLayout...
Ryan Haddad
Reported 2018-09-13 18:22:11 PDT
The following is seen on iOS Simulator with layout test fast/frames/invalid-frameset.html ERROR: post-layout: dirty renderer(s) ./page/FrameViewLayoutContext.cpp(87) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const (B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout B---YGLC -- RenderView at (0,0) size 800x600 renderer->(0x130000d48) B-----L- -- HTML RenderBlock at (0,0) size 800x600 renderer->(0x13f0007e0) node->(0x130101728) B------- -- FRAMESET RenderFrameSet at (0,0) size 800x600 renderer->(0x164600310) node->(0x16cd00630) B------- -- FRAME RenderFrame at (0,0) size 800x600 renderer->(0x164500240) node->(0x163901710) B-----L- -- FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x164600498) node->(0x16cd006c0) B------- -+* FRAME RenderFrame at (0,0) size 0x0 renderer->(0x164500360) node->(0x1639017a0) layout->[self] SHOULD NEVER BE REACHED ./page/FrameViewLayoutContext.cpp(89) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const 1 0x1117e29d9 WTFCrash 2 0x11518e23b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x117a6bfc5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const 4 0x117a6bf12 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker() 5 0x117a632f5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker() 6 0x117a43761 WebCore::FrameViewLayoutContext::layout() 7 0x117a62a6c WebCore::FrameViewLayoutContext::layoutTimerFired() 8 0x117a85e37 WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*> >::call() 9 0x11518f6bd WTF::Function<void ()>::operator()() const 10 0x11521c8a9 WebCore::Timer::fired() 11 0x117c33b46 WebCore::ThreadTimers::sharedTimerFiredInternal() 12 0x117c4a811 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 13 0x117c4a7c9 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() 14 0x11518f6bd WTF::Function<void ()>::operator()() const 15 0x117c0aab7 WebCore::MainThreadSharedTimer::fired() 16 0x117cb2709 WebCore::timerFired(__CFRunLoopTimer*, void*) 17 0x107fb1e64 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 18 0x107fb1a52 __CFRunLoopDoTimer 19 0x107fb160a __CFRunLoopDoTimers 20 0x107fa8e4c __CFRunLoopRun 21 0x107fa830b CFRunLoopRunSpecific 22 0x1027d2b4a -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 23 0x1027d2a25 -[NSRunLoop(NSRunLoop) run] 24 0x109bd08c9 _xpc_objc_main 25 0x109bd2d73 xpc_main 26 0x102726bc4 WebKit::XPCServiceMain() 27 0x102726f0b main 28 0x109818955 start 29 0x1 LEAK: 1 WebPageProxy https://build.webkit.org/results/Apple%20iOS%2011%20Simulator%20Debug%20WK2%20(Tests)/r235991%20(6431)/results.html
Attachments
Patch (2.76 KB, patch)
2019-01-04 14:22 PST, zalan 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2019-01-04 14:36 PST, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2018-09-13 18:23:38 PDT
Same assertion failure (with different output) also seen with imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html on the same run: stderr: ERROR: post-layout: dirty renderer(s) ./page/FrameViewLayoutContext.cpp(87) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const (B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout B---YGL- -- RenderView at (0,0) size 0x0 renderer->(0x14a303278) B-----L- -- HTML RenderBlock at (0,0) size 0x0 renderer->(0x13b202400) node->(0x158e03bb8) B------- -- FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x171501570) node->(0x16ac00b40) B------- -- FRAME RenderFrame at (0,0) size 0x0 renderer->(0x177100120) node->(0x175300120) B------- -- FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x1715016f8) node->(0x16ac00bd0) B------- -+* FRAME RenderFrame at (0,0) size 0x0 renderer->(0x177100240) node->(0x1753001b0) layout->[self]
Radar WebKit Bug Importer
Comment 3 2018-09-14 16:28:59 PDT
<rdar://problem/44473299>
Ryan Haddad
Comment 4 2018-09-17 09:50:14 PDT
fast/frames/invalid-frameset.html is hitting this consistently. The first occurrence blames: https://trac.webkit.org/log/webkit/?verbose=on&rev=235923&stop_rev=235920 imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html is flaky, with the first occurrence blaming this range: https://trac.webkit.org/log/webkit/?verbose=on&rev=235939&stop_rev=235938
Ryan Haddad
Comment 5 2018-09-17 10:12:35 PDT
I can reproduce the crash locally with fast/frames/invalid-frameset.html on r235921. I cannot reproduce with r235920. This seems to have regressed with https://trac.webkit.org/changeset/235921/webkit
Ryan Haddad
Comment 6 2018-09-17 10:27:02 PDT
I haven't yet been able to reproduce the crash with imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html, so this could be related to test order.
Ryan Haddad
Comment 7 2018-09-24 10:28:45 PDT
Zalan, is this something you could take a look at?
zalan
Comment 8 2018-09-24 10:30:01 PDT
(In reply to Ryan Haddad from comment #7) > Zalan, is this something you could take a look at? Yes, unless it's a new test (or can be regressed to a certain commit).
zalan
Comment 9 2019-01-04 14:22:40 PST
Created attachment 358369 [details] Patch
Simon Fraser (smfr)
Comment 10 2019-01-04 14:31:14 PST
Comment on attachment 358369 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358369&action=review > Source/WebCore/rendering/RenderFrameSet.cpp:497 > +static void clearSiblingSubtrees(RenderBox* sibling, RenderFrameSet& frameSet) resetFrameRendererAndDescendents > Source/WebCore/rendering/RenderFrameSet.cpp:549 > // all the remaining frames are hidden to avoid ugly spurious unflowed frames Make this a full sentence. > Source/WebCore/rendering/RenderFrameSet.cpp:653 > // all the remaining frames are hidden to avoid ugly spurious unflowed frames Make this a full sentence.
zalan
Comment 11 2019-01-04 14:36:49 PST
Created attachment 358373 [details] Patch
WebKit Commit Bot
Comment 12 2019-01-04 16:08:38 PST
Comment on attachment 358373 [details] Patch Clearing flags on attachment: 358373 Committed r239645: <https://trac.webkit.org/changeset/239645>
WebKit Commit Bot
Comment 13 2019-01-04 16:08:40 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.