239838 – ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex in WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns

RESOLVED FIXED Bug 239838

ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex in WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns

https://bugs.webkit.org/show_bug.cgi?id=239838

Summary ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex in WebCore::Layout...

Fujii Hironori

Reported 2022-04-27 21:10:12 PDT

WinCairo WK2 Debug (250070@main) is failing an assertion by visiting the following page. https://news.yahoo.co.jp/articles/b046398e0a80d63a04221c45d2d2049ca22a5d41 ASSERTION FAILED: *trailingRunIndex >= overflowingRunIndex C:\home\webkit\gb\Source\WebCore\layout/formattingContexts/inline/InlineContentBreaker.cpp(581) : WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns callstack: > WTF.dll!WTFCrash() Line 322 C++ > WebKit2.dll!WTFCrashWithInfo(int __formal, const char * __formal, const char * __formal, int __formal) Line 749 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::tryBreakingNextOverflowingRuns(const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus, const WTF::Vector<WebCore::Layout::InlineContentBreaker::ContinuousContent::Run,3,WTF::CrashOnOverflow,16,WTF::FastMalloc> & runs, unsigned __int64 overflowingRunIndex, float nonOverflowingContentWidth) Line 581 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processOverflowingContentWithText(const WebCore::Layout::InlineContentBreaker::ContinuousContent & continuousContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 626 C++ > WebKit2.dll!`WebCore::Layout::InlineContentBreaker::processOverflowingContent'::`21'::<lambda_2>::operator()() Line 197 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processOverflowingContent(const WebCore::Layout::InlineContentBreaker::ContinuousContent & overflowContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 231 C++ > WebKit2.dll!`WebCore::Layout::InlineContentBreaker::processInlineContent'::`2'::<lambda_1>::operator()() Line 138 C++ > WebKit2.dll!WebCore::Layout::InlineContentBreaker::processInlineContent(const WebCore::Layout::InlineContentBreaker::ContinuousContent & candidateContent, const WebCore::Layout::InlineContentBreaker::LineStatus & lineStatus) Line 142 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::handleInlineContent(WebCore::Layout::InlineContentBreaker & inlineContentBreaker, const WebCore::Layout::LineBuilder::InlineItemRange & layoutRange, const WebCore::Layout::LineCandidate & lineCandidate) Line 944 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::placeInlineContent(const WebCore::Layout::LineBuilder::InlineItemRange & needsLayoutRange) Line 492 C++ > WebKit2.dll!WebCore::Layout::LineBuilder::computedIntrinsicWidth(const WebCore::Layout::LineBuilder::InlineItemRange & needsLayoutRange, const std::optional<WebCore::Layout::LineBuilder::PreviousLine> & previousLine) Line 407 C++ > WebKit2.dll!WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthForConstraint(WebCore::Layout::IntrinsicWidthMode intrinsicWidthMode) Line 440 C++ > WebKit2.dll!WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraintsForIntegration() Line 170 C++ > WebKit2.dll!WebCore::LayoutIntegration::LineLayout::computeIntrinsicWidthConstraints() Line 363 C++ > WebKit2.dll!WebCore::RenderBlockFlow::tryComputePreferredWidthsUsingModernPath(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 4477 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 4089 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 351 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::minPreferredLogicalWidth() Line 1188 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2403 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & childObject, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 246 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2432 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 136 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::minPreferredLogicalWidth() Line 1188 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildIntrinsicLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2403 C++ > WebKit2.dll!WebCore::RenderBlock::computeChildPreferredLogicalWidths(WebCore::RenderObject & child, WebCore::LayoutUnit & minPreferredLogicalWidth, WebCore::LayoutUnit & maxPreferredLogicalWidth) Line 2432 C++ > WebKit2.dll!WebCore::RenderBlock::computeBlockPreferredLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 2356 C++ > WebKit2.dll!WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit & minLogicalWidth, WebCore::LayoutUnit & maxLogicalWidth) Line 356 C++ > WebKit2.dll!WebCore::RenderBlock::computePreferredLogicalWidths() Line 2292 C++ > WebKit2.dll!WebCore::RenderBox::maxPreferredLogicalWidth() Line 1197 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::computeFlexBaseSizeForChild(WebCore::RenderBox & child, WebCore::LayoutUnit mainAxisBorderAndPadding, bool relayoutChildren) Line 1119 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::constructFlexItem(WebCore::RenderBox & child, bool relayoutChildren) Line 1507 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutFlexItems(bool relayoutChildren) Line 1149 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit __formal) Line 401 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderElement::layoutIfNeeded() Line 138 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit & crossAxisOffset, WTF::Vector<WebCore::FlexItem,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> & children, WebCore::LayoutUnit availableFreeSpace, bool relayoutChildren, WTF::Vector<WebCore::RenderFlexibleBox::LineContext,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> & lineContexts, WebCore::LayoutUnit gapBetweenItems) Line 2023 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutFlexItems(bool relayoutChildren) Line 1195 C++ > WebKit2.dll!WebCore::RenderFlexibleBox::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit __formal) Line 401 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 783 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 685 C++ > WebKit2.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 537 C++ > WebKit2.dll!WebCore::RenderBlock::layout() Line 623 C++ > WebKit2.dll!WebCore::RenderView::layout() Line 189 C++ > WebKit2.dll!WebCore::FrameViewLayoutContext::layout() Line 237 C++ > WebKit2.dll!WebCore::Document::updateLayout() Line 2249 C++ > WebKit2.dll!WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element & element, WebCore::DimensionsCheck dimensionsCheck) Line 2405 C++ > WebKit2.dll!WebCore::DOMWindow::innerWidth() Line 1314 C++ > WebKit2.dll!WebCore::jsDOMWindow_innerWidthGetter(JSC::JSGlobalObject & lexicalGlobalObject, WebCore::JSDOMWindow & thisObject) Line 11279 C++ > WebKit2.dll!WebCore::IDLAttribute<WebCore::JSDOMWindow>::get<&WebCore::jsDOMWindow_innerWidthGetter,0>(JSC::JSGlobalObject & lexicalGlobalObject, __int64 thisValue, JSC::PropertyName attributeName) Line 100 C++ > WebKit2.dll!WebCore::jsDOMWindow_innerWidth(JSC::JSGlobalObject * lexicalGlobalObject, __int64 thisValue, JSC::PropertyName attributeName) Line 11285 C++ > JavaScriptCore.dll!JSC::PropertySlot::customGetter(JSC::VM & vm, JSC::PropertyName propertyName) Line 47 C++ > JavaScriptCore.dll!JSC::PropertySlot::getValue(JSC::JSGlobalObject * globalObject, JSC::PropertyName propertyName) Line 408 C++ > JavaScriptCore.dll!JSC::JSValue::get(JSC::JSGlobalObject * globalObject, JSC::PropertyName propertyName, JSC::PropertySlot & slot) Line 1021 C++ > JavaScriptCore.dll!JSC::LLInt::performLLIntGetByID(const JSC::BaseInstruction<JSC::JSOpcodeTraits> * pc, JSC::CodeBlock * codeBlock, JSC::JSGlobalObject * globalObject, JSC::JSValue baseValue, const JSC::Identifier & ident, JSC::GetByIdModeMetadata & metadata) Line 815 C++ > JavaScriptCore.dll!llint_slow_path_get_by_id(JSC::CallFrame * callFrame, const JSC::BaseInstruction<JSC::JSOpcodeTraits> * pc) Line 889 C++ > [External Code]

Attachments
a bit simplified content (74.05 KB, application/x-zip-compressed) 2022-04-27 22:06 PDT, Fujii Hironori	no flags	Details
Test reduction (206 bytes, text/html) 2022-04-28 10:02 PDT, zalan	no flags	Details
Patch (6.48 KB, patch) 2022-04-29 06:54 PDT, zalan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (6.48 KB, patch) 2022-04-30 06:52 PDT, zalan	ews-feeder: commit-queue-	Details Formatted Diff Diff
[fast-cq]Patch (6.95 KB, patch) 2022-04-30 07:03 PDT, zalan	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2022-04-27 21:11:56 PDT

trailingRunIndex was 0, and overflowingRunIndex was 1.

Fujii Hironori

Comment 2 2022-04-27 22:06:27 PDT

Created attachment 458491 [details] a bit simplified content

zalan

Comment 3 2022-04-28 05:41:09 PDT

I can repro the assertion with MiniBrowser loading the simplified content.

Radar WebKit Bug Importer

Comment 4 2022-04-28 05:41:31 PDT

<rdar://problem/92455051>

zalan

Comment 5 2022-04-28 10:02:44 PDT

Created attachment 458532 [details] Test reduction

zalan

Comment 6 2022-04-29 06:54:42 PDT

Created attachment 458586 [details] Patch

zalan

Comment 7 2022-04-30 06:52:43 PDT

Created attachment 458632 [details] Patch

zalan

Comment 8 2022-04-30 07:03:40 PDT

Created attachment 458633 [details] [fast-cq]Patch

EWS

Comment 9 2022-04-30 08:31:30 PDT

Committed r293646 (250150@main): <https://commits.webkit.org/250150@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 458633 [details].

Darin Adler

Comment 10 2022-04-30 21:31:35 PDT

Comment on attachment 458633 [details] [fast-cq]Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458633&action=review Some code style questions > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:410 > + auto overflow = std::optional<PartialContent> { }; Another way to write this is: std::optional<PartialContent> overflow; Antti, do you really prefer the auto style for this specific case? > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:63 > std::optional<PartialContent> partialOverflowingContent { }; Don’t think we need "{ }" here. > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:65 > + std::optional<InlineLayoutUnit> trailingOverflowingContentWidth { }; Was this change really needed? I’m pretty sure that std::optional objects are initialized to std::nullopt without requiring any { }. > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:91 > + std::optional<PartialContent> partialOverflowingContent { }; Don’t think we need "{ }" here.

zalan

Comment 11 2022-05-01 18:24:31 PDT

> > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:63 > > std::optional<PartialContent> partialOverflowingContent { }; > > Don’t think we need "{ }" here. > > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:65 > > + std::optional<InlineLayoutUnit> trailingOverflowingContentWidth { }; > > Was this change really needed? I’m pretty sure that std::optional objects > are initialized to std::nullopt without requiring any { }. > > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:91 > > + std::optional<PartialContent> partialOverflowingContent { }; > > Don’t think we need "{ }" here. EWS complained about it (see the first version of the patch) ./layout/formattingContexts/inline/InlineFormattingContext.cpp:438:139: error: missing field 'trailingOverflowingContentWidth' initializer [-Werror,-Wmissing-field-initializers] > > Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:410 > > + auto overflow = std::optional<PartialContent> { }; > > Another way to write this is: > > std::optional<PartialContent> overflow; > > Antti, do you really prefer the auto style for this specific case? Not sure about Antti, but the reason why I write it this way is simply for esthetic reasons e.g. auto overflow = std::optional<PartialContent> { }; auto logicalRect = LayoutRect { x, y, width, height }; vs. std::optional<PartialContent> overflow; auto logicalRect = LayoutRect { x, y, width, height };

Antti Koivisto

Comment 12 2022-05-02 06:05:47 PDT

Don't know why my opinion is important here but I agree with Alan that consistency is often preferable.

Darin Adler

Comment 13 2022-05-02 09:43:05 PDT

(In reply to zalan from comment #11) > EWS complained about it (see the first version of the patch) > ./layout/formattingContexts/inline/InlineFormattingContext.cpp:438:139: > error: missing field 'trailingOverflowingContentWidth' initializer > [-Werror,-Wmissing-field-initializers] Got it: if the compiler says it’s needed, I guess I am wrong. > Not sure about Antti, but the reason why I write it this way is simply for > esthetic reasons > > e.g. > auto overflow = std::optional<PartialContent> { }; > auto logicalRect = LayoutRect { x, y, width, height }; That sounds fine.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

zalan

Reported

2022-04-27 21:10 PDT

Modified

2022-05-02 09:43 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

239879 239886

Blocks

Dependancies

tree graph