[Webkit-unassigned] [Bug 203445] New: RenderTreeNeedsLayoutChecker asserts with css-position/position-absolute* tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 25 21:12:26 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=203445

            Bug ID: 203445
           Summary: RenderTreeNeedsLayoutChecker asserts with
                    css-position/position-absolute* tests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

These two tests:

imported/w3c/web-platform-tests/css/css-position/position-absolute-container-dynamic-002.html
imported/w3c/web-platform-tests/css/css-position/position-absolute-crash-chrome-005.html

hit:

ERROR: post-layout: dirty renderer(s)
./page/FrameViewLayoutContext.cpp(81) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const

(B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout
B---YGLC --  RenderView at (0,0) size 800x600 renderer->(0x34da015f0)
B-----L- --    HTML RenderBlock at (0,0) size 800x216 renderer->(0x34da01ad0) node->(0x3513e8d80)
B------- --      BODY RenderBody at (8,8) size 784x200 renderer->(0x34da01c00) node->(0x3513f0d80)
BR----L- --        DIV RenderBlock at (0,0) size 784x200 renderer->(0x34db0e280) node->(0x3513dce80)
B--O--L- --          DIV RenderBlock at (0,0) size 200x200 renderer->(0x34db0e3b0) node->(0x3513dcf00)
B------- --            DIV RenderBlock at (0,0) size 200x100 renderer->(0x34db0e4e0) node->(0x3513dcf80)
BA----L- -+*           DIV RenderBlock at (0,200) size 200x100 renderer->(0x34db0e610) node->(0x3513dd000) layout->[normal child]

SHOULD NEVER BE REACHED
./page/FrameViewLayoutContext.cpp(83) : auto WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::(anonymous class)::operator()(const WebCore::RenderObject &) const
1   0x3446e0af9 WTFCrash
2   0x32a8d0a4b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x32de4d36d WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::'lambda'(WebCore::RenderObject const&)::operator()(WebCore::RenderObject const&) const
4   0x32de4d2c2 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
5   0x32de43225 WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
6   0x32de427d6 WebCore::FrameViewLayoutContext::layout()
7   0x32d0e70f6 WebCore::Document::updateLayout()
8   0x32d0e860e WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
9   0x32d1b35c9 WebCore::Element::offsetTop()
10  0x32d1b33ac WebCore::Element::offsetTopForBindings()
11  0x32b38b68d WebCore::jsHTMLElementOffsetTopGetter(JSC::JSGlobalObject&, WebCore::JSHTMLElement&, JSC::ThrowScope&)
12  0x32b2d0910 long long WebCore::IDLAttribute<WebCore::JSHTMLElement>::get<&(WebCore::jsHTMLElementOffsetTopGetter(JSC::JSGlobalObject&, WebCore::JSHTMLElement&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, char const*)
13  0x32b2d07f8 WebCore::jsHTMLElementOffsetTop(JSC::JSGlobalObject*, long long, JSC::PropertyName)
14  0x345eaa54f JSC::PropertySlot::customGetter(JSC::JSGlobalObject*, JSC::PropertyName) const
15  0x344c309e1 JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const
16  0x345580a55 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const
17  0x345a4dd10 llint_slow_path_get_by_id
18  0x344bd749e llint_entry
19  0x344beafaf llint_entry
20  0x344be9e0e llint_entry
21  0x344be9e0e llint_entry
22  0x344bcd6e3 vmEntryToJavaScript
23  0x345932757 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
24  0x345931d19 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
25  0x345c7bfbc JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
26  0x345c7c168 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
27  0x32cbc40d8 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
28  0x32cbc3e37 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*)
29  0x32cbc41ad WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*)
30  0x32d2cde01 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
31  0x32d2cc06a WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191026/1b87d18f/attachment-0001.htm>


More information about the webkit-unassigned mailing list