[Webkit-unassigned] [Bug 33230] svg/W3C-SVG-1.1/animate-elem-30-t.svg crashing occasionally on Leopard Build Bot

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 7 09:16:25 PST 2010


--- Comment #14 from Darin Adler <darin at apple.com>  2010-01-07 09:16:25 PST ---
(In reply to comment #13)
> Darin, can you enlighten us, what may be triggering these assertions? Thanks in
> advance!

The new assertions are in functions that assume layout. In general, functions
can't get at the render tree unless they know layout has been performed.

In the past we were sloppy and imprecise about which functions would trigger
layout if needed, and which required that layout already is done. This led to
various crashes, even ones with security impact.

If the assertion fires, it means a function that depends on up-to-date layout
was called when layout is needed but has not been done. There are two major
ways to fix that:

    1) Look at the backtrace and figure out a higher level that can guarantee
layout, usually by adding a call to Document::updateLayout. The design question
is which functions depend on the caller to make sure the layout is up to date,
and which take care of it themselves.

    2) Change the call with the assertion to perform layout instead of
requiring it already be done. This can be tricky because there may be multiple
call sites, and adding extra calls to layout can cause problems/crashes or
slower performance.

I added a small number of assertions to the selection code, but generally we
need more of these assertions in more places in the code.

The critical issue is figuring out who the caller is and what the backtrace is
for these assertions. This probably requires a reproducible case, a bot that
logs backtraces for crashes, or some inspired guesswork.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list