RESOLVED FIXED 61964
Microsoft IE fishtank demo causes assertion in RenderLayer::convertToLayerCoords 
https://bugs.webkit.org/show_bug.cgi?id=61964
Summary Microsoft IE fishtank demo causes assertion in RenderLayer::convertToLayerCoords
Adrienne Walker
Reported 2011-06-02 14:34:33 PDT
This assert reproduces consistently in Chromium. It doesn't happen in Safari. Opening the page quickly hits the ASSERT(fixedPositionContainerLayer) line in RenderLayer.cpp:1139. For what it's worth foundAncestor is true in the loop above, there was just no fixed position container layer found. I don't know enough about this bit of WebKit to know what the implications of this assertion are or how to fix it. Here's a callstack: #0 0x00007ffff513998d in WebCore::RenderLayer::convertToLayerCoords (this=0x7fffe58d5b18, ancestorLayer=0x7fffe58cc178, location=...) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1139 #1 0x00007ffff515862e in WebCore::RenderLayerCompositor::layerWillBeRemoved (this=0x7ffff7ecc3c0, parent=0x7fffe58cc178, child=0x7fffe58d5b18) at third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:531 #2 0x00007ffff5139319 in WebCore::RenderLayer::removeChild (this=0x7fffe58cc178, oldChild=0x7fffe58d5b18) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1016 #3 0x00007ffff51395ac in WebCore::RenderLayer::removeOnlyThisLayer (this=0x7fffe58cc178) at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:1078 #4 0x00007ffff50fff28 in WebCore::RenderBoxModelObject::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBoxModelObject.cpp:361 #5 0x00007ffff50edd90 in WebCore::RenderBox::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBox.cpp:285 #6 0x00007ffff50a1381 in WebCore::RenderBlock::styleDidChange (this=0x7fffe58e1288, diff=WebCore::StyleDifferenceLayout, oldStyle=0x7fffe5d2c460) at third_party/WebKit/Source/WebCore/rendering/RenderBlock.cpp:229 #7 0x00007ffff517caba in WebCore::RenderObject::setStyle (this=0x7fffe58e1288, style=...) at third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:1630 #8 0x00007ffff517c3db in WebCore::RenderObject::setAnimatableStyle (this=0x7fffe58e1288, style=...) at third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:1543 #9 0x00007ffff4bb384b in WebCore::Node::setRenderStyle (this=0x7ffff7f0f1b0, s=...) at third_party/WebKit/Source/WebCore/dom/Node.cpp:1479 #10 0x00007ffff4b8da25 in WebCore::Element::recalcStyle (this=0x7ffff7f0f1b0, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Element.cpp:1146 #11 0x00007ffff4b8ddd6 in WebCore::Element::recalcStyle (this=0x7fffe5d30400, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Element.cpp:1180 #12 0x00007ffff4b49624 in WebCore::Document::recalcStyle (this=0x7fffe5d12800, change=WebCore::Node::NoChange) at third_party/WebKit/Source/WebCore/dom/Document.cpp:1533 #13 0x00007ffff4b49997 in WebCore::Document::updateStyleIfNeeded (this=0x7fffe5d12800) at third_party/WebKit/Source/WebCore/dom/Document.cpp:1586 #14 0x00007ffff528b31c in WebCore::CanvasRenderingContext2D::accessFont (this=0x7fffbdb98000) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:2023 #15 0x00007ffff528ada2 in WebCore::CanvasRenderingContext2D::drawTextInternal (this=0x7fffbdb98000, text=..., x=107.5, y=89.9199982, fill=true) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1904 #16 0x00007ffff528aae5 in WebCore::CanvasRenderingContext2D::fillText (this=0x7fffbdb98000, text=..., x=107.5, y=89.9199982) at third_party/WebKit/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1857 #17 0x00007ffff57d1780 in WebCore::CanvasRenderingContext2DInternal::fillTextCallback (args=...) at ninja/gen/webcore/bindings/V8CanvasRenderingContext2D.cpp:633 #18 0x00007ffff32c3ecc in v8::internal::HandleApiCallHelper<false> (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1105 #19 0x00007ffff32bec5a in v8::internal::Builtin_Impl_HandleApiCall (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1122 #20 0x00007ffff32bec2b in v8::internal::Builtin_HandleApiCall (args=..., isolate=0x7ffff7e56000) at v8/src/builtins.cc:1121
Attachments
proposed patch (2.82 KB, patch)
2012-01-19 13:48 PST, Alok Priyadarshi 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alok Priyadarshi
Comment 1 2012-01-19 13:48:55 PST
Created attachment 123186 [details] proposed patch I ran into this bug when investigating the performance issues with the demo. The attached patch seems to fix the issue but I am not sure if this is the correct fix as I am not very familiar with this code. If the patch looks reasonable I can try to add a test and land it.
Simon Fraser (smfr)
Comment 2 2012-01-19 15:11:07 PST
Comment on attachment 123186 [details] proposed patch If the assertion is chromium-only, why does this need a change that affects all platforms? I suspect this may regress the bug fixed by http://trac.webkit.org/changeset/85586
Alok Priyadarshi
Comment 3 2012-01-19 15:32:26 PST
(In reply to comment #2) > (From update of attachment 123186 [details]) > If the assertion is chromium-only, why does this need a change that affects all platforms? I suspect this may regress the bug fixed by http://trac.webkit.org/changeset/85586 It did not seem like a chromium-only assertion. At least I did not notice any chromium-specific stuff in the call stack. Would you mind verifying it in Safari?
Simon Fraser (smfr)
Comment 4 2012-01-19 15:40:09 PST
Ah, it does assert in Safari too.
James Robinson
Comment 5 2012-02-15 14:43:11 PST
Comment on attachment 123186 [details] proposed patch Looks good, R=me
Simon Fraser (smfr)
Comment 6 2012-02-15 14:45:29 PST
Did you test that this doesn't regress http://trac.webkit.org/changeset/85586 ?
James Robinson
Comment 7 2012-02-15 14:47:43 PST
Alok - can you run https://bugs.webkit.org/show_bug.cgi?id=78401 with ASAN a few times and see if this changes anything before landing?
James Robinson
Comment 8 2012-02-15 14:48:04 PST
(In reply to comment #7) > Alok - can you run https://bugs.webkit.org/show_bug.cgi?id=78401 with ASAN a few times and see if this changes anything before landing? Copy-paste fail, I meant can you run fast/reflections/remove-reflection-crash.html
Alok Priyadarshi
Comment 9 2012-02-23 12:00:01 PST
Ran with ASAN. Did not see any issues.
WebKit Review Bot
Comment 10 2012-02-23 12:46:14 PST
Comment on attachment 123186 [details] proposed patch Clearing flags on attachment: 123186 Committed r108659: <http://trac.webkit.org/changeset/108659>
WebKit Review Bot
Comment 11 2012-02-23 12:46:19 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.