RESOLVED FIXED 86385
[regression] animatedType crash when animations end 
https://bugs.webkit.org/show_bug.cgi?id=86385
Summary [regression] animatedType crash when animations end
Philip Rogers
Reported 2012-05-14 11:00:26 PDT
We can hit an assertion in animated types: ASSERTION FAILED: resultAnimationElement->m_animatedType ../../third_party/WebKit/Source/WebCore/svg/SVGAnimateElement.cpp(119) : virtual void WebCore::SVGAnimateElement::calculateAnimatedValue(float, unsigned int, WebCore::SVGSMILElement*) Original bug: http://code.google.com/p/chromium/issues/detail?id=127794 This may have been regressed by http://trac.webkit.org/changeset/116458
Attachments
Minimized testcase (334 bytes, image/svg+xml)
2012-05-14 19:06 PDT, Philip Rogers 		no flags
Details
Accumulate SVG animations into first contributing element (5.75 KB, patch)
2012-05-17 09:59 PDT, Philip Rogers 		zimmermann: review-
DetailsFormatted DiffDiff
Update per reviewer comments (29.69 KB, patch)
2012-05-17 18:41 PDT, Philip Rogers 		zimmermann: review+
DetailsFormatted DiffDiff
Patch for landing (29.62 KB, patch)
2012-05-20 13:06 PDT, Philip Rogers 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Philip Rogers
Comment 1 2012-05-14 19:06:41 PDT
Created attachment 141841 [details] Minimized testcase
Philip Rogers
Comment 2 2012-05-16 15:50:16 PDT
Just a quick update, no patch yet. When animating with multiple animate elements, we accumulate the result in the first animate element. This bug is due to us clearing the animated type of the first animate element (when it ends), and then trying to accumulate the other animate results into this cleared animated type.
Philip Rogers
Comment 3 2012-05-17 09:59:21 PDT
Created attachment 142494 [details] Accumulate SVG animations into first contributing element
Nikolas Zimmermann
Comment 4 2012-05-17 11:12:27 PDT
Comment on attachment 142494 [details] Accumulate SVG animations into first contributing element Code changes look good, but this should get tested more. Ideally your crash test turns into a reftest, then we can also verify the animation works as expected. Ideally you'll also add a test using the JS sampling framework (runAnimationTest), to sample eg. the 'cx' value at 0.099s, 0.1s, 0.1001s to make sure the transition between those animations works as expected. There should be plenty of examples on how to create a test for this (just use the new style tests which load a .svg file from svg/animations/resources/foo.svg, embed it into svg/animations/foo.html, and test it via svg/animation/script-tests/foo.svg
Philip Rogers
Comment 5 2012-05-17 18:41:06 PDT
Created attachment 142604 [details] Update per reviewer comments
Philip Rogers
Comment 6 2012-05-17 18:46:00 PDT
(In reply to comment #4) > (From update of attachment 142494 [details]) > Code changes look good, but this should get tested more. Ideally your crash test turns into a reftest, then we can also verify the animation works as expected. Done. > Ideally you'll also add a test using the JS sampling framework (runAnimationTest), to sample eg. the 'cx' value at 0.099s, 0.1s, 0.1001s to make sure the transition between those animations works as expected. There should be plenty of examples on how to create a test for this (just use the new style tests which load a .svg file from svg/animations/resources/foo.svg, embed it into svg/animations/foo.html, and test it via svg/animation/script-tests/foo.svg I added the multiple-animations-ending.html test which covers a bunch of end-animation cases. I hand-verified each value.
Nikolas Zimmermann
Comment 7 2012-05-18 22:45:45 PDT
Comment on attachment 142604 [details] Update per reviewer comments View in context: https://bugs.webkit.org/attachment.cgi?id=142604&action=review Excellent work Philip! r=me. Not setting cq+, as you might want to fixup these comments before landing: > LayoutTests/svg/animations/svg-two-animate-elements-crash-expected.svg:1 > +<svg xmlns="http://www.w3.org/2000/svg" onload="load()"> The onload="" should be removed. > LayoutTests/svg/animations/script-tests/multiple-animations-ending.js:337 > + ["an1", 0.0, sample1], > + ["an1", 0.499, sample2], We usually align those sample lines.
Philip Rogers
Comment 8 2012-05-20 13:06:09 PDT
Created attachment 142914 [details] Patch for landing
WebKit Review Bot
Comment 9 2012-05-20 13:57:20 PDT
Comment on attachment 142914 [details] Patch for landing Clearing flags on attachment: 142914 Committed r117711: <http://trac.webkit.org/changeset/117711>
WebKit Review Bot
Comment 10 2012-05-20 13:57:25 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.