282944 – LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer) on bbc.com

RESOLVED FIXED 282944

LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer) on bbc.com

https://bugs.webkit.org/show_bug.cgi?id=282944

Summary LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer) on bbc.com

Simon Fraser (smfr)

Reported 2024-11-11 11:09:09 PST

Reloading bbc.com a few times in a Safari private window (not sure if relevant), I hit: LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer); frame #0: 0x0000000300002ef8 WebCore`WTFCrashWithInfo(line=1219, file="/Volumes/Data/Development/system/webkit/OpenSource/Source/WebCore/rendering/RenderLayer.cpp", function="auto WebCore::RenderLayer::recursiveUpdateLayerPositions(RenderElement::LayoutIdentifier, OptionSet<UpdateLayerPositionsFlag>, CanUseSimplifiedRepaintPass)::(anonymous class)::operator()(bool) const", counter=4526) at Assertions.h:901:5 * frame #1: 0x0000000306bfd930 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000016f920880, checkForRepaint=true)::'lambda'(bool)::operator()(bool) const at RenderLayer.cpp:1219:13 frame #2: 0x0000000306bfca54 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b758230, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1271:5 frame #3: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b7580c0, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #4: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b74fe90, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #5: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b74fbb0, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #6: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000014e002010, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #7: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000014e000e80, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #8: 0x0000000306bc7ae0 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)0>(this=0x000000014e000e80, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1132:9 frame #9: 0x0000000306bc78a4 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterStyleChange(this=0x000000014e000e80) at RenderLayer.cpp:1045:5 frame #10: 0x0000000305d0202c WebCore`WebCore::LocalFrameView::updateCompositingLayersAfterStyleChange(this=0x000000014e000110) at LocalFrameView.cpp:775:26 frame #11: 0x0000000304a90ee4 WebCore`WebCore::Document::resolveStyle(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, type=Normal) at Document.cpp:2605:47 frame #12: 0x0000000304a91a64 WebCore`WebCore::Document::updateStyleIfNeeded(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at Document.cpp:2703:5 frame #13: 0x0000000304a91e68 WebCore`WebCore::Document::updateLayout(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, layoutOptions={ size = 1 }, context=0x0000000000000000) at Document.cpp:2747:13 frame #14: 0x0000000305d1a5a4 WebCore`WebCore::LocalFrameView::updateLayoutAndStyleIfNeededRecursive(this=0x000000014e000110, layoutOptions={ size = 0 }) at LocalFrameView.cpp:4914:44 frame #15: 0x0000000305d8c41c WebCore`WebCore::Page::layoutIfNeeded(this=0x0000000115051300, layoutOptions={ size = 0 }) at Page.cpp:1829:15 frame #16: 0x0000000305d8d1bc WebCore`WebCore::Page::updateRendering(this=0x0000000115051300) at Page.cpp:1991:5 frame #17: 0x000000011ac1224c WebKit`WebKit::WebPage::updateRendering(this=0x000000015c00b808) at WebPage.cpp:4998:13 frame #18: 0x0000000117d50038 WebKit`WebKit::RemoteLayerTreeDrawingArea::updateRendering(this=0x0000000115048840) at RemoteLayerTreeDrawingArea.mm:343:14 frame #19: 0x0000000117d56ea4 WebKit`WebCore::Timer::Timer<WebKit::RemoteLayerTreeDrawingArea, WebKit::RemoteLayerTreeDrawingArea>(this=0x00000001150957e8)())::'lambda'()::operator()() const at Timer.h:162:13 frame #20: 0x0000000117d56d9c WebKit`WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebKit::RemoteLayerTreeDrawingArea, WebKit::RemoteLayerTreeDrawingArea>(WebKit::RemoteLayerTreeDrawingArea&, void (WebKit::RemoteLayerTreeDrawingArea::*)())::'lambda'(), void>::call(this=0x00000001150957e0) at Function.h:53:39 frame #21: 0x0000000116f89704 WebKit`WTF::Function<void ()>::operator()(this=0x0000000115048940) const at Function.h:82:35 frame #22: 0x0000000117d5529c WebKit`WebCore::Timer::fired(this=0x0000000115048908) at Timer.h:194:9 frame #23: 0x00000003060b3a58 WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x0000000115028810) at ThreadTimers.cpp:128:23 frame #24: 0x00000003060bdf68 WebCore`WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()(this=0x0000000115014a98) const at ThreadTimers.cpp:68:80 frame #25: 0x00000003060bdf0c WebCore`WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call(this=0x0000000115014a90) at Function.h:53:39 frame #26: 0x0000000300033614 WebCore`WTF::Function<void ()>::operator()(this=0x000000030a8a3d00) const at Function.h:82:35 frame #27: 0x0000000306056cb0 WebCore`WebCore::MainThreadSharedTimer::fired(this=0x000000030a8a3cf8) at MainThreadSharedTimer.cpp:86:5 frame #28: 0x0000000306179644 WebCore`WebCore::timerFired((null)=0x0000600000360600, (null)=0x0000000000000000) at MainThreadSharedTimerCF.cpp:85:40 frame #29: 0x000000018ceda7a4 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32

Attachments
Add attachment proposed patch, testcase, etc.

Simon Fraser (smfr)

Comment 1 2024-11-11 11:09:40 PST

I was at 286195@main

Matt Woodrow

Comment 2 2024-11-12 14:37:16 PST

Looks like a bug in RenderLayerBacking::setBackingSharingLayers. We call `compositingStatusChanged` on layers that no longer share to recompute their repaint rects, but we haven't yet called `clearBackingSharingLayerProviders` to disconnect them. This results in the repaint rects being computed with the sharing layer as the repaint container still. The RenderLayer mutation assertions catch this now, which is nice.

Radar WebKit Bug Importer

Comment 3 2024-11-14 18:26:31 PST

<rdar://problem/139930342>

Matt Woodrow

Comment 4 2024-11-14 18:29:19 PST

Pull request: https://github.com/WebKit/WebKit/pull/36675

EWS

Comment 5 2024-11-15 00:33:42 PST

Committed 286633@main (9a66248c727c): <https://commits.webkit.org/286633@main> Reviewed commits have been landed. Closing PR #36675 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Compositing

Assignee

Matt Woodrow

Reported

2024-11-11 11:09 PST

Modified

2024-11-15 00:33 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks