Bug 189608 - [iOS] ERROR: post-layout: dirty renderer(s) in WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
Summary: [iOS] ERROR: post-layout: dirty renderer(s) in WebCore::RenderTreeNeedsLayout...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: zalan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-09-13 18:22 PDT by Ryan Haddad
Modified: 2019-01-04 16:08 PST (History)
9 users (show)

See Also:

Attachments
Patch (2.76 KB, patch)
2019-01-04 14:22 PST, zalan 		no flags Details | Formatted Diff | Diff
Patch (2.88 KB, patch)
2019-01-04 14:36 PST, zalan 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2018-09-13 18:22:11 PDT 
The following is seen on iOS Simulator with layout test fast/frames/invalid-frameset.html

ERROR: post-layout: dirty renderer(s)
./page/FrameViewLayoutContext.cpp(87) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const

(B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout
B---YGLC --  RenderView at (0,0) size 800x600 renderer->(0x130000d48)
B-----L- --    HTML RenderBlock at (0,0) size 800x600 renderer->(0x13f0007e0) node->(0x130101728)
B------- --      FRAMESET RenderFrameSet at (0,0) size 800x600 renderer->(0x164600310) node->(0x16cd00630)
B------- --        FRAME RenderFrame at (0,0) size 800x600 renderer->(0x164500240) node->(0x163901710)
B-----L- --        FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x164600498) node->(0x16cd006c0)
B------- -+*         FRAME RenderFrame at (0,0) size 0x0 renderer->(0x164500360) node->(0x1639017a0) layout->[self]

SHOULD NEVER BE REACHED
./page/FrameViewLayoutContext.cpp(89) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const
1   0x1117e29d9 WTFCrash
2   0x11518e23b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x117a6bfc5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const
4   0x117a6bf12 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
5   0x117a632f5 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
6   0x117a43761 WebCore::FrameViewLayoutContext::layout()
7   0x117a62a6c WebCore::FrameViewLayoutContext::layoutTimerFired()
8   0x117a85e37 WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::FrameViewLayoutContext::*&)(), WebCore::FrameViewLayoutContext*> >::call()
9   0x11518f6bd WTF::Function<void ()>::operator()() const
10  0x11521c8a9 WebCore::Timer::fired()
11  0x117c33b46 WebCore::ThreadTimers::sharedTimerFiredInternal()
12  0x117c4a811 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
13  0x117c4a7c9 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call()
14  0x11518f6bd WTF::Function<void ()>::operator()() const
15  0x117c0aab7 WebCore::MainThreadSharedTimer::fired()
16  0x117cb2709 WebCore::timerFired(__CFRunLoopTimer*, void*)
17  0x107fb1e64 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
18  0x107fb1a52 __CFRunLoopDoTimer
19  0x107fb160a __CFRunLoopDoTimers
20  0x107fa8e4c __CFRunLoopRun
21  0x107fa830b CFRunLoopRunSpecific
22  0x1027d2b4a -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
23  0x1027d2a25 -[NSRunLoop(NSRunLoop) run]
24  0x109bd08c9 _xpc_objc_main
25  0x109bd2d73 xpc_main
26  0x102726bc4 WebKit::XPCServiceMain()
27  0x102726f0b main
28  0x109818955 start
29  0x1
LEAK: 1 WebPageProxy

https://build.webkit.org/results/Apple%20iOS%2011%20Simulator%20Debug%20WK2%20(Tests)/r235991%20(6431)/results.html
Comment 1 Ryan Haddad 2018-09-13 18:23:38 PDT 
Same assertion failure (with different output) also seen with imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html on the same run:

stderr:
ERROR: post-layout: dirty renderer(s)
./page/FrameViewLayoutContext.cpp(87) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const

(B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout
B---YGL- --  RenderView at (0,0) size 0x0 renderer->(0x14a303278)
B-----L- --    HTML RenderBlock at (0,0) size 0x0 renderer->(0x13b202400) node->(0x158e03bb8)
B------- --      FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x171501570) node->(0x16ac00b40)
B------- --        FRAME RenderFrame at (0,0) size 0x0 renderer->(0x177100120) node->(0x175300120)
B------- --        FRAMESET RenderFrameSet at (0,0) size 0x0 renderer->(0x1715016f8) node->(0x16ac00bd0)
B------- -+*         FRAME RenderFrame at (0,0) size 0x0 renderer->(0x177100240) node->(0x1753001b0) layout->[self]
Comment 3 Radar WebKit Bug Importer 2018-09-14 16:28:59 PDT 
<rdar://problem/44473299>
Comment 4 Ryan Haddad 2018-09-17 09:50:14 PDT 
fast/frames/invalid-frameset.html is hitting this consistently. The first occurrence blames: https://trac.webkit.org/log/webkit/?verbose=on&rev=235923&stop_rev=235920

imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html is flaky, with the first occurrence blaming this range:
https://trac.webkit.org/log/webkit/?verbose=on&rev=235939&stop_rev=235938
Comment 5 Ryan Haddad 2018-09-17 10:12:35 PDT 
I can reproduce the crash locally with fast/frames/invalid-frameset.html on r235921. I cannot reproduce with r235920.

This seems to have regressed with https://trac.webkit.org/changeset/235921/webkit
Comment 6 Ryan Haddad 2018-09-17 10:27:02 PDT 
I haven't yet been able to reproduce the crash with imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests2.html, so this could be related to test order.
Comment 7 Ryan Haddad 2018-09-24 10:28:45 PDT 
Zalan, is this something you could take a look at?
Comment 8 zalan 2018-09-24 10:30:01 PDT 
(In reply to Ryan Haddad from comment #7)
> Zalan, is this something you could take a look at?
Yes, unless it's a new test (or can be regressed to a certain commit).
Comment 9 zalan 2019-01-04 14:22:40 PST 
Created attachment 358369 [details]
Patch
Comment 10 Simon Fraser (smfr) 2019-01-04 14:31:14 PST 
Comment on attachment 358369 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=358369&action=review

> Source/WebCore/rendering/RenderFrameSet.cpp:497
> +static void clearSiblingSubtrees(RenderBox* sibling, RenderFrameSet& frameSet)

resetFrameRendererAndDescendents

> Source/WebCore/rendering/RenderFrameSet.cpp:549
>      // all the remaining frames are hidden to avoid ugly spurious unflowed frames

Make this a full sentence.

> Source/WebCore/rendering/RenderFrameSet.cpp:653
>      // all the remaining frames are hidden to avoid ugly spurious unflowed frames

Make this a full sentence.
Comment 11 zalan 2019-01-04 14:36:49 PST 
Created attachment 358373 [details]
Patch
Comment 12 WebKit Commit Bot 2019-01-04 16:08:38 PST 
Comment on attachment 358373 [details]
Patch

Clearing flags on attachment: 358373

Committed r239645: <https://trac.webkit.org/changeset/239645>
Comment 13 WebKit Commit Bot 2019-01-04 16:08:40 PST 
All reviewed patches have been landed.  Closing bug.