RESOLVED FIXED 235194
<dialog> with transformed ancestor asserts under RenderGeometryMap 
https://bugs.webkit.org/show_bug.cgi?id=235194
Summary <dialog> with transformed ancestor asserts under RenderGeometryMap
Simon Fraser (smfr)
Reported 2022-01-13 11:31:39 PST
imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/top-layer-parent-transform.html triggers an assertion: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x7bf6ddf9e WTFCrash + 14 1 WebCore 0x7d2e0f49b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 WebCore 0x7d77b6ca6 WebCore::RenderObject::offsetFromAncestorContainer(WebCore::RenderElement&) const + 262 3 WebCore 0x7d7628382 WebCore::RenderBox::pushMappingToContainer(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap&) const + 226 (RenderBox.cpp:2361) 4 WebCore 0x7d76daa8f WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderObject const*, WebCore::RenderLayerModelObject const*) + 79 (RenderGeometryMap.cpp:140) 5 WebCore 0x7d76dae5d WebCore::RenderGeometryMap::pushMappingsToAncestor(WebCore::RenderLayer const*, WebCore::RenderLayer const*, bool) + 557 (RenderGeometryMap.cpp:197) 6 WebCore 0x7d7702142 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 162 (RenderLayer.cpp:962) 7 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 8 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 9 WebCore 0x7d7702921 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 2177 (RenderLayer.cpp:1053) 10 WebCore 0x7d7702bda WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool) + 218 (RenderLayer.cpp:952) 11 WebCore 0x7d6ca51e1 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::EmptyCounter>) + 129 (FrameView.cpp:1319) 12 WebCore 0x7d6c9abf8 WebCore::FrameViewLayoutContext::layout() + 2728 (FrameViewLayoutContext.cpp:259) 13 WebCore 0x7d5f8ac56 WebCore::Document::implicitClose() + 1046 (Document.cpp:3218) 14 WebCore 0x7d6aa428b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:942)
Attachments
Patch (15.56 KB, patch)
2022-01-13 21:37 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (13.62 KB, patch)
2022-01-18 09:32 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (21.54 KB, patch)
2022-01-19 11:16 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (18.32 KB, patch)
2022-01-19 11:22 PST, Simon Fraser (smfr) 		koivisto: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (18.14 KB, patch)
2022-01-19 12:05 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (19.44 KB, patch)
2022-01-19 12:20 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2022-01-13 21:37:36 PST
Created attachment 449140 [details] Patch
Simon Fraser (smfr)
Comment 2 2022-01-18 09:32:49 PST
Created attachment 449398 [details] Patch
Martin Robinson
Comment 3 2022-01-19 04:13:55 PST
*** Bug 235063 has been marked as a duplicate of this bug. ***
Simon Fraser (smfr)
Comment 4 2022-01-19 11:16:47 PST
Created attachment 449498 [details] Patch
Simon Fraser (smfr)
Comment 5 2022-01-19 11:22:51 PST
Created attachment 449499 [details] Patch
Antti Koivisto
Comment 6 2022-01-19 11:36:09 PST
Comment on attachment 449499 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=449499&action=review > Source/WebCore/rendering/RenderElement.h:112 > + RenderLayer* layerParentRespectingTopLayer() const; > + RenderLayer* layerNextSiblingRespectingTopLayer(RenderLayer& parentLayer) const; Do we have non-respecting versions and what are they good for? Could we just have these without "RespectingTopLayer" part?
Antti Koivisto
Comment 7 2022-01-19 11:49:32 PST
Comment on attachment 449499 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=449499&action=review > Source/WebCore/rendering/RenderElement.cpp:637 > +static RenderLayer* findNextLayer(const RenderElement& currRenderer, RenderLayer& parentLayer, const RenderObject* siblingToTraverseFrom, bool checkParent = true) I know this is just function that moves but it would nice to make it better. I suspect what it does could be expressed cleanly (by making it iterative and separation layer testing from traversal) but currently it is pretty incomprehensible. currRenderer is not current WebKit style It is not super clear what "next layer" here means. Next in depth-first order? siblingToTraverseFrom is really weird too.
Simon Fraser (smfr)
Comment 8 2022-01-19 12:05:16 PST
Created attachment 449504 [details] Patch
Simon Fraser (smfr)
Comment 9 2022-01-19 12:20:00 PST
Created attachment 449506 [details] Patch
Radar WebKit Bug Importer
Comment 10 2022-01-19 12:25:19 PST
<rdar://problem/87785288>
EWS
Comment 11 2022-01-19 19:54:37 PST
Committed r288267 (246209@main): <https://commits.webkit.org/246209@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 449506 [details].
Note You need to log in before you can comment on or make changes to this bug.