RESOLVED FIXED Bug 54344
REGRESSION (r77834): Assertion failing in svg/custom/use-multiple-on-nested-disallowed-font.svg 
https://bugs.webkit.org/show_bug.cgi?id=54344
Summary REGRESSION (r77834): Assertion failing in svg/custom/use-multiple-on-nested-d...
Darin Adler
Reported 2011-02-12 15:03:49 PST
I am getting this assertion failure when running regression tests: ASSERTION FAILED: m_pushedStyleSelector == m_parent->document()->styleSelector() /Users/darin/Safari/OpenSource/Source/WebCore/dom/Element.cpp(90) : WebCore::StyleSelectorParentPusher::~StyleSelectorParentPusher() -> WebCore::StyleSelectorParentPusher::~StyleSelectorParentPusher() -> WebCore::Element::recalcStyle(WebCore::Node::StyleChange) -> WebCore::Element::recalcStyle(WebCore::Node::StyleChange) -> WebCore::Element::recalcStyle(WebCore::Node::StyleChange) -> WebCore::Document::recalcStyle(WebCore::Node::StyleChange) -> WebCore::Document::updateStyleIfNeeded() -> WebCore::Document::updateLayout() -> WebCore::Document::updateLayoutIgnorePendingStylesheets() -> WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*) -> WebCore::SVGStyledElement::svgAttributeChanged(WebCore::QualifiedName const&) -> WebCore::SVGGradientElement::svgAttributeChanged(WebCore::QualifiedName const&) -> WebCore::SVGLinearGradientElement::svgAttributeChanged(WebCore::QualifiedName const&) -> WebCore::SVGElement::attributeChanged(WebCore::Attribute*, bool) -> WebCore::NamedNodeMap::addAttribute(WTF::PassRefPtr<WebCore::Attribute>) -> WebCore::Element::setAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, int&) -> WebCore::Element::setAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) -> WebCore::SVGAnimateTransformElement::resetToBaseValue(WTF::String const&) -> WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime) -> WebCore::SMILTimeContainer::begin() -> WebCore::SVGDocumentExtensions::startAnimations() -> WebCore::Document::implicitClose() -> WebCore::FrameLoader::checkCallImplicitClose() -> WebCore::FrameLoader::checkCompleted() -> WebCore::FrameLoader::finishedParsing() -> WebCore::Document::finishedParsing() -> WebCore::HTMLTreeBuilder::finished() -> WebCore::HTMLDocumentParser::end() -> WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() -> WebCore::HTMLDocumentParser::prepareToStopParsing() -> WebCore::HTMLDocumentParser::attemptToEnd() -> WebCore::HTMLDocumentParser::finish() I’m not sure if this is also happening on buildbots.
Attachments
patch (2.59 KB, patch)
2011-02-14 03:39 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
more correct patch (2.77 KB, patch)
2011-02-14 03:49 PST, Antti Koivisto 		kling: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Dirk Schulze
Comment 1 2011-02-12 15:21:02 PST
*** Bug 53989 has been marked as a duplicate of this bug. ***
Darin Adler
Comment 2 2011-02-12 15:23:23 PST
We could have marked this as a duplicate in the other direction. Sorry I didn’t find the duplicate!
Dirk Schulze
Comment 3 2011-02-12 15:35:24 PST
(In reply to comment #2) > We could have marked this as a duplicate in the other direction. Sorry I didn’t find the duplicate! Sure, we can mark it the other way around, both bugs have the same information. But this one has 'regression' in the title. So I choose this bug as valid bug instead of renaming the other one. If you look at the bt on the other bug, you'll see that the location, where the test fails, is the same: StyleSelectorParentPusher.
Antti Koivisto
Comment 4 2011-02-13 03:44:05 PST
This is not really a regression from r77834. Rather, the assert added there exposes an SVG bug (it is recomputing the style selector in the middle of a style recalc). Strangely, I have never seen this locally.
Antti Koivisto
Comment 5 2011-02-13 13:15:38 PST
I can catch this by adding this assert: Index: Source/WebCore/dom/Document.cpp =================================================================== --- Source/WebCore/dom/Document.cpp (revision 78321) +++ Source/WebCore/dom/Document.cpp (working copy) @@ -2944,6 +2944,7 @@ void Document::recalcStyleSelector() { + ASSERT(!m_inStyleRecalc); if (!renderer() || !attached()) return;
Antti Koivisto
Comment 6 2011-02-13 13:16:50 PST
It also fails svg/custom/use-invalid-style.svg
Antti Koivisto
Comment 7 2011-02-13 13:19:03 PST
2947 ASSERT(!m_inStyleRecalc); (gdb) bt #0 0x000000010113a875 in WebCore::Document::recalcStyleSelector (this=0x1060cf000) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Document.cpp:2947 #1 0x000000010113af45 in WebCore::Document::styleSelectorChanged (this=0x1060cf000, updateFlag=WebCore::DeferRecalcStyle) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Document.cpp:2871 #2 0x0000000101b440ef in WebCore::SVGFontFaceElement::removeFromMappedElementSheet (this=0x107181720) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGFontFaceElement.cpp:351 #3 0x0000000101b4410b in WebCore::SVGFontFaceElement::removedFromDocument (this=0x107181720) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGFontFaceElement.cpp:329 #4 0x0000000100ff778d in WebCore::ContainerNode::removedFromDocument (this=0x107192260) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:743 #5 0x000000010125b357 in WebCore::Element::removedFromDocument (this=0x107192260) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:919 #6 0x0000000101ba1c09 in WebCore::SVGStyledElement::removedFromDocument (this=0x107192260) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGStyledElement.cpp:362 #7 0x0000000100ff778d in WebCore::ContainerNode::removedFromDocument (this=0x107168960) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:743 #8 0x000000010125b357 in WebCore::Element::removedFromDocument (this=0x107168960) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:919 #9 0x0000000101ba1c09 in WebCore::SVGStyledElement::removedFromDocument (this=0x107168960) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGStyledElement.cpp:362 #10 0x0000000100ff778d in WebCore::ContainerNode::removedFromDocument (this=0x10719cc10) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:743 #11 0x000000010125b357 in WebCore::Element::removedFromDocument (this=0x10719cc10) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:919 #12 0x0000000101ba1c09 in WebCore::SVGStyledElement::removedFromDocument (this=0x10719cc10) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGStyledElement.cpp:362 #13 0x0000000100ff778d in WebCore::ContainerNode::removedFromDocument (this=0x107106c20) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:743 #14 0x000000010125b357 in WebCore::Element::removedFromDocument (this=0x107106c20) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:919 #15 0x0000000101ba1c09 in WebCore::SVGStyledElement::removedFromDocument (this=0x107106c20) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGStyledElement.cpp:362 #16 0x0000000100ff778d in WebCore::ContainerNode::removedFromDocument (this=0x10716dd70) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:743 #17 0x000000010125b357 in WebCore::Element::removedFromDocument (this=0x10716dd70) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:919 #18 0x0000000101ba1c09 in WebCore::SVGStyledElement::removedFromDocument (this=0x10716dd70) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGStyledElement.cpp:362 #19 0x0000000100ffae05 in WebCore::Private::NodeRemovalDispatcher<WebCore::Node, true>::dispatch (node=0x10716dd70) at ContainerNodeAlgorithms.h:99 #20 0x0000000100ffb4b1 in WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode> (head=@0x7fff5fbfd4e8, tail=@0x7fff5fbfd4e0, container=0x1071298a0) at ContainerNodeAlgorithms.h:139 #21 0x0000000100ffb50f in WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode> (container=0x1071298a0) at ContainerNodeAlgorithms.h:47 #22 0x0000000100ff68a3 in WebCore::ContainerNode::removeAllChildren (this=0x1071298a0) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/ContainerNode.cpp:72 #23 0x00000001019c4831 in WebCore::RenderSVGShadowTreeRootContainer::updateFromElement (this=0x107186168) at /Users/antti/webkit/OpenSource/Source/WebCore/rendering/svg/RenderSVGShadowTreeRootContainer.cpp:71 #24 0x0000000101bc4985 in WebCore::SVGUseElement::recalcStyle (this=0x1196ecad0, change=WebCore::Node::NoChange) at /Users/antti/webkit/OpenSource/Source/WebCore/svg/SVGUseElement.cpp:372 #25 0x000000010125af00 in WebCore::Element::recalcStyle (this=0x1196e9d80, change=WebCore::Node::NoChange) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:1107 #26 0x000000010125af00 in WebCore::Element::recalcStyle (this=0x119533780, change=WebCore::Node::NoChange) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:1107 #27 0x000000010125af00 in WebCore::Element::recalcStyle (this=0x105b44ee0, change=WebCore::Node::NoChange) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Element.cpp:1107 #28 0x0000000101142f6a in WebCore::Document::recalcStyle (this=0x1060cf000, change=WebCore::Node::NoChange) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Document.cpp:1520 #29 0x000000010113a17f in WebCore::Document::updateStyleIfNeeded (this=0x1060cf000) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Document.cpp:1562 #30 0x0000000101139ed1 in WebCore::Document::updateLayout (this=0x1060cf000) at /Users/antti/webkit/OpenSource/Source/WebCore/dom/Document.cpp:1589
Antti Koivisto
Comment 8 2011-02-13 13:20:39 PST
DOM mutation from recalcStyle is evil.
Antti Koivisto
Comment 9 2011-02-14 03:39:55 PST
Created attachment 82302 [details] patch Intead of recomputing, just mark style selector dirty if it is invalidated in the middle of a style recalc.
Antti Koivisto
Comment 10 2011-02-14 03:49:02 PST
Created attachment 82303 [details] more correct patch
Andreas Kling
Comment 11 2011-02-14 04:50:34 PST
Comment on attachment 82303 [details] more correct patch r=me (Niko/Dirk: heads up!)
Antti Koivisto
Comment 12 2011-02-14 05:13:34 PST
http://trac.webkit.org/changeset/78468
Csaba Osztrogonác
Comment 13 2011-02-14 06:35:49 PST
*** Bug 54086 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.