[Webkit-unassigned] [Bug 119818] New: [Windows] Test fails in DRT, succeeds in WinLauncher
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 14 15:00:46 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119818
Summary: [Windows] Test fails in DRT, succeeds in WinLauncher
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: bfulgham at webkit.org
For some reason, the test "compositing/tiling/empty-to-tiled.html" crashes when run via DumpRenderTree, but works correctly inside WinLauncher.
The crash happens because we encounter a CACFLayer in the PlatformCALayer::adoptSublayers call that does not have an PlatformCALayerWinInternal object attached to its UserData node. We dereference this null pointer and crash.
The crashing callstack looks like this:
> WebKit.dll!WTF::VectorBufferBase<WebCore::StyleRule *>::buffer() Line 50 + 0xa bytes C++
WebKit.dll!WebCore::PlatformCALayer::platformLayer() Line 180 C++
WebKit.dll!WebCore::PlatformCALayerWinInternal::setSublayers(const WTF::Vector<WTF::RefPtr<WebCore::PlatformCALayer>,0,WTF::CrashOnOverflow> & list) Line 205 + 0x1a bytes C++
WebKit.dll!WebCore::PlatformCALayer::setSublayers(const WTF::Vector<WTF::RefPtr<WebCore::PlatformCALayer>,0,WTF::CrashOnOverflow> & list) Line 264 C++
WebKit.dll!WebCore::PlatformCALayer::adoptSublayers(WebCore::PlatformCALayer * source) Line 316 C++
WebKit.dll!WebCore::GraphicsLayerCA::swapFromOrToTiledLayer(bool useTiledLayer) Line 2706 C++
WebKit.dll!WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(WebCore::GraphicsLayerCA::CommitState & commitState, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, const WebCore::FloatRect & oldVisibleRect) Line 1145 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1064 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::flushCompositingState(const WebCore::FloatRect & clipRect) Line 893 C++
WebKit.dll!WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool isFlushRoot) Line 399 C++
WebKit.dll!WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame * rootFrameForFlush) Line 938 C++
WebKit.dll!WebCore::FrameView::flushCompositingStateIncludingSubframes() Line 1038 + 0x17 bytes C++
WebKit.dll!WebView::flushPendingGraphicsLayerChanges() Line 6736 C++
WebKit.dll!WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow() Line 296 C++
WebKit.dll!WebView::paint(HDC__ * dc, long options) Line 1066 C++
WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam) Line 2189 C++
user32.dll!_InternalCallWinProc at 20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow at 36() + 0xbd bytes
user32.dll!_CallWindowProcAorW at 24() + 0x5d bytes
user32.dll!_CallWindowProcW at 20() + 0x1c bytes
comctl32.dll!_CallOriginalWndProc at 24() + 0x1a bytes
comctl32.dll!CallNextSubclassProc() + 0x92 bytes
comctl32.dll!TTSubclassProc() + 0x97 bytes
comctl32.dll!CallNextSubclassProc() + 0x92 bytes
comctl32.dll!MasterSubclassProc() + 0xa4 bytes
user32.dll!_InternalCallWinProc at 20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow at 36() + 0x18d9 bytes
user32.dll!_SendMessageWorker at 24() + 0x47b9 bytes
user32.dll!_SendMessageW at 16() + 0x52 bytes
DumpRenderTree.dll!dump() Line 749 C++
DumpRenderTree.dll!FrameLoadDelegate::locationChangeDone(IWebError * __formal, IWebFrame * frame) Line 254 C++
DumpRenderTree.dll!FrameLoadDelegate::didFinishLoadForFrame(IWebView * webView, IWebFrame * frame) Line 264 C++
WebKit.dll!WebFrameLoaderClient::dispatchDidFinishLoad() Line 413 C++
WebKit.dll!WebCore::FrameLoader::checkLoadCompleteForThisFrame() Line 2197 C++
WebKit.dll!WebCore::FrameLoader::checkLoadComplete() Line 2363 + 0x24 bytes C++
WebKit.dll!WebCore::DocumentLoader::finishedLoading(double finishTime) Line 411 C++
WebKit.dll!WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource * resource) Line 345 C++
WebKit.dll!WebCore::CachedResource::checkNotify() Line 369 + 0x11 bytes C++
WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::ResourceBuffer * __formal) Line 386 C++
WebKit.dll!WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer * data) Line 95 C++
WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime) Line 284 C++
WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal, double finishTime) Line 489 C++
WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn, const void * clientInfo) Line 263 C++
CFNetwork.dll!URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue * preQ) Line 1739 + 0x13 bytes C++
CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<enum XClientEvent,XClientEventParams> * e, long count) Line 2256 C++
CFNetwork.dll!XConnectionEventQueue<enum XClientEvent,XClientEventParams>::processAllEvents() Line 231 C++
CFNetwork.dll!URLConnectionClient::processEvents() Line 362 C++
CFNetwork.dll!URLConnectionWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam) Line 109 C++
user32.dll!_InternalCallWinProc at 20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow at 36() + 0xbd bytes
user32.dll!_DispatchMessageWorker at 8() + 0xf8 bytes
user32.dll!_DispatchMessageW at 4() + 0x10 bytes
DumpRenderTree.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1134 C++
DumpRenderTree.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1425 + 0x23 bytes C++
DumpRenderTree.exe!main(int argc, const char * * argv) Line 202 + 0xe bytes C++
DumpRenderTree.exe!__tmainCRTStartup() Line 555 + 0x17 bytes C
kernel32.dll!@BaseThreadInitThunk at 12() + 0xe bytes
ntdll.dll!___RtlUserThreadStart at 8() + 0x27 bytes
ntdll.dll!__RtlUserThreadStart at 8() + 0x1b bytes
The same break position (in WinLauncher) is hit from a different starting point. In WinLauncher we are in the midst of a flush operation from the parent layers.
> WebKit.dll!WebCore::GraphicsLayerCA::swapFromOrToTiledLayer(bool useTiledLayer) Line 2696 C++
WebKit.dll!WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(WebCore::GraphicsLayerCA::CommitState & commitState, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, const WebCore::FloatRect & oldVisibleRect) Line 1145 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1064 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(const WebCore::GraphicsLayerCA::CommitState & commitState, const WebCore::TransformState & state, float pageScaleFactor, const WebCore::FloatPoint & positionRelativeToBase, bool affectedByPageScale) Line 1080 C++
WebKit.dll!WebCore::GraphicsLayerCA::flushCompositingState(const WebCore::FloatRect & clipRect) Line 893 C++
WebKit.dll!WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool isFlushRoot) Line 399 C++
WebKit.dll!WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame * rootFrameForFlush) Line 938 C++
WebKit.dll!WebCore::FrameView::flushCompositingStateIncludingSubframes() Line 1038 + 0x17 bytes C++
WebKit.dll!WebView::flushPendingGraphicsLayerChanges() Line 6736 C++
WebKit.dll!WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow() Line 296 C++
WebKit.dll!WebCore::LayerChangesFlusher::hookFired(int code, unsigned int wParam, long lParam) Line 93 + 0x1e bytes C++
WebKit.dll!WebCore::LayerChangesFlusher::hookCallback(int code, unsigned int wParam, long lParam) Line 78 + 0x18 bytes C++
user32.dll!_DispatchHookW at 16() + 0x36 bytes
user32.dll!_CallHookWithSEH at 16() + 0x25 bytes
user32.dll!___fnHkINLPMSG at 4() + 0x51 bytes
ntdll.dll!_KiUserCallbackDispatcher at 12() + 0x2e bytes
user32.dll!_PeekMessageW at 20() + 0x11f bytes
CoreFoundation.dll!__CFRunLoopRun(__CFRunLoop * rl, __CFRunLoopMode * rlm, double seconds, unsigned char stopAfterHandle, __CFRunLoopMode * previousMode) Line 42286 + 0xf bytes C++
CoreFoundation.dll!CFRunLoopRunSpecific(__CFRunLoop * rl, const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42413 + 0x12 bytes C++
CoreFoundation.dll!CFRunLoopRun() Line 42440 + 0x1d bytes C++
WinLauncher.dll!dllLauncherEntryPoint(HINSTANCE__ * __formal, HINSTANCE__ * __formal, HINSTANCE__ * __formal, int nCmdShow) Line 475 C++
WinLauncher.exe!004012ca()
[Frames below may be incorrect and/or missing, no symbols loaded for WinLauncher.exe]
ntdll.dll!_RtlpHeapAddListEntry at 24() + 0xc16 bytes
ntdll.dll!@RtlpFreeHeap at 16() + 0x20c bytes
I have two initial thoughts:
1. DRT is not properly setting up the run environment. Perhaps not using a CFRunLoop to handle Windows messages means that certain dispatch operations are not occurring, which we rely on to sync/flush our CALayers?
2. Maybe we have a bug in our CACFLayer setup code that is allowing a layer to be created with no "intern" member.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list