RESOLVED FIXED 198323
[WinCairo] ASSERTION FAILED: info.bmBitsPixel == 32 in createCairoContextWithHDC 
https://bugs.webkit.org/show_bug.cgi?id=198323
Summary [WinCairo] ASSERTION FAILED: info.bmBitsPixel == 32 in createCairoContextWithHDC
Fujii Hironori
Reported 2019-05-28 22:55:27 PDT
[WinCairo] ASSERTION FAILED: info.bmBitsPixel == 32 in createCairoContextWithHDC WinCairo port, Debug build, trunk@245847. editing/execCommand/change-list-type.html fast/animation/request-animation-frame-prefix.html Callstack: > Frame[00] Triage Symbol: [WTF!WTFCrash+0xe] > Frame[01] Triage Symbol: [WebKit!WTFCrashWithInfo+0x20] > Frame[02] Triage Symbol: [WebKit!WebCore::createCairoContextWithHDC+0xe8] > Frame[03] Triage Symbol: [WebKit!WebCore::GraphicsContext::platformInit+0x53] > Frame[04] Triage Symbol: [WebKit!WebCore::GraphicsContext::GraphicsContext+0x8e] > Frame[05] Triage Symbol: [WebKit!WebView::paintIntoBackingStore+0x160] > Frame[06] Triage Symbol: [WebKit!WebView::updateBackingStore+0x3fc] > Frame[07] Triage Symbol: [WebKit!WebView::paint+0x3de] > Frame[08] Ignore Symbol: [WebKit!WebView::WebViewWndProc+0x7e5] > Frame[09] Triage Symbol: [USER32!UserCallWinProcCheckWow+0x266] > Frame[0a] Triage Symbol: [USER32!CallWindowProcW+0x8b] > Frame[0b] Ignore Symbol: [COMCTL32!CallNextSubclassProc+0x9a] > Frame[0c] Ignore Symbol: [COMCTL32!TTSubclassProc+0xb8] > Frame[0d] Ignore Symbol: [COMCTL32!CallNextSubclassProc+0x9a] > Frame[0e] Ignore Symbol: [COMCTL32!MasterSubclassProc+0xa2] > Frame[0f] Triage Symbol: [USER32!UserCallWinProcCheckWow+0x266] > Frame[10] Triage Symbol: [USER32!SendMessageWorker+0x218] > Frame[11] Triage Symbol: [USER32!SendMessageW+0xf8] > Frame[12] Triage Symbol: [DumpRenderTreeLib!dump+0x9f] > Frame[13] Triage Symbol: [DumpRenderTreeLib!TestRunner::notifyDone+0x4f] > Frame[14] Triage Symbol: [DumpRenderTreeLib!notifyDoneCallback+0x4c] > Frame[15] Triage Symbol: [JavaScriptCore!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>+0x25a] > Frame[16] Bad Symbol: [] > Frame[17] Bad Symbol: [] > Frame[18] Bad Symbol: [] > Frame[19] Bad Symbol: [] > Frame[1a] Triage Symbol: [JavaScriptCore!llint_entry+0x132fb] > Frame[1b] Bad Symbol: [] > Frame[1c] Triage Symbol: [JavaScriptCore!llint_entry+0x132fb] > python ./Tools/Scripts/run-webkit-tests --debug --wincairo --no-new-test-results --dump-render-tree editing/execCommand/change-list-type.html fast/animation/request-animation-frame-prefix.html
Attachments
request-animation-frame-prefix-crash-log.txt (112.08 KB, text/plain)
2019-05-29 00:06 PDT, Fujii Hironori 		no flags
Details
Patch (5.14 KB, patch)
2019-06-27 00:07 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews214 for win-future (13.40 MB, application/zip)
2019-06-27 02:10 PDT, EWS Watchlist 		no flags
Details
Patch only for trying EWS (5.79 KB, patch)
2019-06-30 19:36 PDT, Fujii Hironori 		ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews107 for mac-highsierra-wk2 (2.71 MB, application/zip)
2019-06-30 20:52 PDT, EWS Watchlist 		no flags
Details
Patch (5.17 KB, patch)
2019-07-02 20:49 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2019-05-28 23:29:44 PDT
info.bmBitsPixel was 1. > info.bmType 0x00000000 long > info.bmWidth 0x00000001 long > info.bmHeight 0x00000001 long > info.bmWidthBytes 0x00000002 long > info.bmPlanes 0x0001 unsigned short > info.bmBitsPixel 0x0001 unsigned short > info.bmBits 0x0000000000000000 void *
Fujii Hironori
Comment 2 2019-05-29 00:06:51 PDT
Created attachment 370834 [details] request-animation-frame-prefix-crash-log.txt
Fujii Hironori
Comment 3 2019-05-29 02:40:19 PDT
SelectObject in WebView::paint failed, the return value (oldBitmap) was NULL. > HGDIOBJ oldBitmap = ::SelectObject(bitmapDC.get(), m_backingStoreBitmap->get()); WebView::paint is called recursively. The first call was from displayAndTrackRepaintsCallback. > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1347 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!displayWebView() Line 391 C++ > DumpRenderTreeLib.dll!TestRunner::displayAndTrackRepaints() Line 251 C++ > DumpRenderTreeLib.dll!displayAndTrackRepaintsCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 494 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 63 C++ > [External Code] And the second call was from notifyDoneCallback. > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1347 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!dump() Line 692 C++ > DumpRenderTreeLib.dll!TestRunner::notifyDone() Line 311 C++ > DumpRenderTreeLib.dll!notifyDoneCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 606 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 63 C++ > [External Code] Unfortunately Visual Studio debugger doesn't show the complete callstack under JSC. So, I mean these callstacks are consequtive. I combined them: > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1347 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!dump() Line 692 C++ > DumpRenderTreeLib.dll!TestRunner::notifyDone() Line 311 C++ > DumpRenderTreeLib.dll!notifyDoneCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 606 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 63 C++ > [External Code] > (...) > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1347 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!displayWebView() Line 391 C++ > DumpRenderTreeLib.dll!TestRunner::displayAndTrackRepaints() Line 251 C++ > DumpRenderTreeLib.dll!displayAndTrackRepaintsCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 494 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 63 C++ > [External Code]
Fujii Hironori
Comment 4 2019-05-29 02:44:08 PDT
(In reply to Fujii Hironori from comment #0) > editing/execCommand/change-list-type.html > fast/animation/request-animation-frame-prefix.html Both tests call notifyDone in RequestAnimationFrame callback.
Fujii Hironori
Comment 5 2019-05-29 03:43:28 PDT
RequestAnimationFrame callback is call back during WebView::paint. > WebKit.dll!WTF::RefPtr<WebCore::RequestAnimationFrameCallback,WTF::DumbPtrTraits<WebCore::RequestAnimationFrameCallback> >::operator->() Line 79 C++ > WebKit.dll!WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks(double timestamp) Line 216 C++ > WebKit.dll!WebCore::Document::serviceRequestAnimationFrameCallbacks(double timestamp) Line 6224 C++ > WebKit.dll!WebCore::Page::updateRendering() Line 1299 C++ > WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1177 C++ > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1353 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1255 C++ > DumpRenderTreeLib.dll!main(int argc, const char * * argv) Line 1612 C++ > DumpRenderTreeLib.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1652 C++ > DumpRenderTree.exe!main(int argc, const char * * argv) Line 230 C++ > [External Code]
Fujii Hironori
Comment 6 2019-06-26 02:52:31 PDT
By using LLint CLoop, I get the full callstack. > WTF.dll!WTFCrash() Line 305 C++ > WebKit.dll!WTFCrashWithInfo(int __formal, const char * __formal, const char * __formal, int __formal) Line 569 C++ > WebKit.dll!WebCore::createCairoContextWithHDC(HDC__ * hdc, bool hasAlpha) Line 54 C++ > WebKit.dll!WebCore::GraphicsContext::platformInit(HDC__ * dc, bool hasAlpha) Line 79 C++ > WebKit.dll!WebCore::GraphicsContext::GraphicsContext(HDC__ * dc, bool hasAlpha) Line 72 C++ > WebKit.dll!WebView::paintIntoBackingStore(WebCore::FrameView * frameView, HDC__ * bitmapDC, const WebCore::IntRect & dirtyRectPixels, WebView::WindowsToPaint windowsToPaint) Line 1425 C++ > WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1189 C++ > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1353 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!dump() Line 694 C++ > DumpRenderTreeLib.dll!TestRunner::notifyDone() Line 311 C++ > DumpRenderTreeLib.dll!notifyDoneCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 606 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 63 C++ > JavaScriptCore.dll!JSC::NativeFunction::operator()(JSC::ExecState * exec) Line 50 C++ > JavaScriptCore.dll!JSC::LLInt::CLoop::execute(JSC::OpcodeID entryOpcodeID, void * executableAddress, JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame, bool isInitializationPass) Line 20746 C++ > JavaScriptCore.dll!vmEntryToJavaScript(void * executableAddress, JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 150 C++ > JavaScriptCore.dll!JSC::JITCode::execute(JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 38 C++ > JavaScriptCore.dll!JSC::Interpreter::executeCall(JSC::ExecState * callFrame, JSC::JSObject * function, JSC::CallType callType, const JSC::CallData & callData, JSC::JSValue thisValue, const JSC::ArgList & args) Line 904 C++ > JavaScriptCore.dll!JSC::call(JSC::ExecState * exec, JSC::JSValue functionObject, JSC::CallType callType, const JSC::CallData & callData, JSC::JSValue thisValue, const JSC::ArgList & args) Line 59 C++ > JavaScriptCore.dll!JSC::profiledCall(JSC::ExecState * exec, JSC::ProfilingReason reason, JSC::JSValue functionObject, JSC::CallType callType, const JSC::CallData & callData, JSC::JSValue thisValue, const JSC::ArgList & args) Line 80 C++ > JavaScriptCore.dll!JSC::JSMicrotask::run(JSC::ExecState * exec) Line 90 C++ > WebKit.dll!WebCore::JSExecState::runTask(JSC::ExecState * exec, JSC::Microtask & task) Line 93 C++ > WebKit.dll!WebCore::JSMicrotaskCallback::call() Line 47 C++ > WebKit.dll!WebCore::JSDOMWindowBase::queueTaskToEventLoop::__l2::<lambda>() Line 215 C++ > WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52 C++ > WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 80 C++ > WebKit.dll!WebCore::ActiveDOMCallbackMicrotask::run() Line 46 C++ > WebKit.dll!WebCore::MicrotaskQueue::performMicrotaskCheckpoint() Line 98 C++ > WebKit.dll!WebCore::JSExecState::didLeaveScriptContext(JSC::ExecState * exec) Line 43 C++ > WebKit.dll!WebCore::JSExecState::~JSExecState() Line 146 C++ > WebKit.dll!WebCore::JSExecState::profiledCall(JSC::ExecState * exec, JSC::ProfilingReason reason, JSC::JSValue functionObject, JSC::CallType callType, const JSC::CallData & callData, JSC::JSValue thisValue, const JSC::ArgList & args, WTF::NakedPtr<JSC::Exception> & returnedException) Line 74 C++ > WebKit.dll!WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject & globalObject, JSC::JSObject * callback, JSC::JSValue thisValue, JSC::MarkedArgumentBuffer & args, WebCore::JSCallbackData::CallbackType method, JSC::PropertyName functionName, WTF::NakedPtr<JSC::Exception> & returnedException) Line 83 C++ > WebKit.dll!WebCore::JSCallbackDataStrong::invokeCallback(JSC::JSValue thisValue, JSC::MarkedArgumentBuffer & args, WebCore::JSCallbackData::CallbackType callbackType, JSC::PropertyName functionName, WTF::NakedPtr<JSC::Exception> & returnedException) Line 89 C++ > WebKit.dll!WebCore::JSRequestAnimationFrameCallback::handleEvent(double highResTime) Line 70 C++ > WebKit.dll!WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks(double timestamp) Line 217 C++ > WebKit.dll!WebCore::Document::serviceRequestAnimationFrameCallbacks(double timestamp) Line 6190 C++ > WebKit.dll!WebCore::Page::updateRendering() Line 1303 C++ > WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1177 C++ > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1353 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2586 C++ > [External Code] > DumpRenderTreeLib.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1256 C++ > DumpRenderTreeLib.dll!main(int argc, const char * * argv) Line 1617 C++ > DumpRenderTreeLib.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1653 C++ > DumpRenderTree.exe!main(int argc, const char * * argv) Line 230 C++ > [External Code] WebView::paint was called recursively.
Fujii Hironori
Comment 7 2019-06-26 22:46:39 PDT
Similar issue: Bug 17737 – ASSERTION FAILED: info.bmBitsPixel == 32
Fujii Hironori
Comment 8 2019-06-26 23:01:54 PDT
webView::isPainting was add in r23462. It has not used since r29415.
Fujii Hironori
Comment 9 2019-06-27 00:07:59 PDT
Created attachment 373004 [details] Patch
EWS Watchlist
Comment 10 2019-06-27 02:10:34 PDT
Comment on attachment 373004 [details] Patch Attachment 373004 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/12589699 New failing tests: imported/blink/animations/display-inline-style-adjust.html
EWS Watchlist
Comment 11 2019-06-27 02:10:36 PDT
Created attachment 373012 [details] Archive of layout-test-results from ews214 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews214 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit
Fujii Hironori
Comment 12 2019-06-30 19:36:23 PDT
Created attachment 373201 [details] Patch only for trying EWS
EWS Watchlist
Comment 13 2019-06-30 20:52:26 PDT
Comment on attachment 373201 [details] Patch only for trying EWS Attachment 373201 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12623445 New failing tests: svg/clip-path/clip-hidpi.svg
EWS Watchlist
Comment 14 2019-06-30 20:52:28 PDT
Created attachment 373209 [details] Archive of layout-test-results from ews107 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Fujii Hironori
Comment 15 2019-07-02 20:49:39 PDT
Created attachment 373379 [details] Patch
Per Arne Vollan
Comment 16 2019-07-03 08:47:50 PDT
I think this patch looks very good. Looking at the previous EWS results, it seems the test 'imported/blink/animations/display-inline-style-adjust.html' is failing for AppleWin. Do we know why this is happening?
Fujii Hironori
Comment 17 2019-07-03 18:47:55 PDT
Yup. I filed it in Bug 199311, and removed the test case in r247086.
Per Arne Vollan
Comment 18 2019-07-05 07:14:51 PDT
Comment on attachment 373379 [details] Patch R=me.
Fujii Hironori
Comment 19 2019-07-08 18:08:34 PDT
Comment on attachment 373379 [details] Patch Clearing flags on attachment: 373379 Committed r247245: <https://trac.webkit.org/changeset/247245>
Fujii Hironori
Comment 20 2019-07-08 18:08:38 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 21 2019-07-08 18:14:05 PDT
<rdar://problem/52808308>
Note You need to log in before you can comment on or make changes to this bug.