[Webkit-unassigned] [Bug 32381] Assertion reached in FrameView::paintContents()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 27 03:26:51 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=32381


Zalan Bujtas <zbujtas at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zbujtas at gmail.com




--- Comment #5 from Zalan Bujtas <zbujtas at gmail.com>  2010-10-27 03:26:51 PST ---
I also ran into the layoutneeded() assert in FrameView::paintContents(). It isn't that easy to repro, but with trunk codebase (and qt WebKit2 build with tiling enabled), I was able to catch it a few times on nytimes.com.

I traced it down and found out that FrameView::layout() can actually return with dirty tree (pending layout). It looks, that calling FrameView::layout() (or FrameView::updateLayoutAndStyleIfNeededRecursive()) does not guarantee a clean tree anymore, so a subsequent call to FrameView::paintContents() could assert with !layoutneeded(). 
In the backtrace, i had on nytimes.com, i can see that performPostLayoutTasks() (line #839) can return with pending layout and layout() simply returns with that state. Notice, that last assert on needslayout is at #827, before performing the post layout tasks.
here is what happenes on nytimes.com
1, layout() gets called
2, it calls performPostLayoutTasks()
3, performPostLayoutTasks() initiates nested layout call
4, nested layout() returns with clean tree, but with pending post layout tasks.
5, sendEvent() inside performPostLayoutTasks() schedules a layout.
6, performPostLayoutTasks() returns with pending layout.
7, #842 checks whether layout is needed after performPostLayoutTasks(), but since there are pending post layout tasks from the nested layout() (m_hasPendingPostLayoutTasks = true), it ignores the needsLayout() and returns with pending layout.
8, needsLayout() asserts in a subsequent paint call

I did a quick check to clean the tree with calling layout(), but that introduced other issues.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list