ObjectPaintInvalidator.cpp(120)] Check failed: !m_object.paintingLayer() || m_object.paintingLayer()->needsRepaint(). |
|||||||
Issue descriptionVersion: ToT c71893f933af16266912649fb1543043323609b7 OS: Linux What steps will reproduce the problem? (1) Build with dchecks on. (2) Go to http://edition.cnn.com/2016/09/05/politics/philippines-president-rodrigo-duterte-barack-obama/ (3) Scroll down with the mouse wheel for a little bit. What is the expected output? No crash. What do you see instead? Crash [1:1:0906/121304:FATAL:ObjectPaintInvalidator.cpp(120)] Check failed: !m_object.paintingLayer() || m_object.paintingLayer()->needsRepaint(). #0 0x7fe0417691fe base::debug::StackTrace::StackTrace() #1 0x7fe041789ddb logging::LogMessage::~LogMessage() #2 0x7fe0341fa45d blink::ObjectPaintInvalidator::invalidatePaintOfPreviousPaintInvalidationRect() #3 0x7fe0341fae6a blink::traverseNonCompositingDescendantsInPaintOrder<>() #4 0x7fe0341fadf2 blink::ObjectPaintInvalidator::invalidatePaintIncludingNonCompositingDescendants() #5 0x7fe0340e192c blink::PaintLayerCompositor::paintInvalidationOnCompositingChange() #6 0x7fe0340db77f blink::CompositingLayerAssigner::updateSquashingAssignment() #7 0x7fe0340daab3 blink::CompositingLayerAssigner::assignLayersToBackingsInternal() #8 0x7fe0340dacd1 blink::CompositingLayerAssigner::assignLayersToBackingsInternal() #9 0x7fe0340dacd1 blink::CompositingLayerAssigner::assignLayersToBackingsInternal() #10 0x7fe0340dacd1 blink::CompositingLayerAssigner::assignLayersToBackingsInternal() #11 0x7fe0340dacd1 blink::CompositingLayerAssigner::assignLayersToBackingsInternal() #12 0x7fe0340da7e3 blink::CompositingLayerAssigner::assign() #13 0x7fe0340e083d blink::PaintLayerCompositor::updateIfNeeded() #14 0x7fe0340e0235 blink::PaintLayerCompositor::updateIfNeededRecursiveInternal() #15 0x7fe0340dff51 blink::PaintLayerCompositor::updateIfNeededRecursive() #16 0x7fe033cdb4d0 blink::FrameView::updateLifecyclePhasesInternal() #17 0x7fe0341add5a blink::PageAnimator::updateAllLifecyclePhases() #18 0x7fe03b9546ef blink::WebViewImpl::updateAllLifecyclePhases() #19 0x7fe03e2e8068 cc::ProxyMain::BeginMainFrame()
,
Sep 6 2016
Couldn't reproduce the bug. falken@, how frequently can you reproduce the bug?
,
Sep 7 2016
Hm, I can reproduce on my primary Chrome profile that has many different tabs open, but not in a clean profile --user-data-dir=/tmp/aeroigjaeogji. I also had to disable some other asserts that were firing to reach one ( issue 639100 ) not sure that's related.
,
Dec 8 2016
@falken have you seen the failure since Oct?
,
Jan 9 2017
I'm closing this bug. Please reopen if it is encountered again.
,
Jan 10 2017
Sure. Sorry about the lack of response to comment 4. I don't recall seeing this bug in a while.
,
Jan 16 2017
We are seeing this in one of our configurations and it's reproducing consistently. Can you tell us how severe that DCHECK is? Will this only mean a performance penalty or could there be visual artifacts coming this?
,
Jan 17 2017
It means that an object in a layer is invalidated without the layer is invalidated. In the next paint, we'll still use the cached painting of the whole layer, including the invalidated object. This will cause visual artifacts. Can you share the reproduction method?
,
Jan 17 2017
,
Jan 18 2017
> It means that an object in a layer is invalidated without the layer is invalidated. In the next paint, we'll still use the cached painting of the whole layer, including the invalidated object. This will cause visual artifacts. Thanks, I suspected this but hoped I was wrong. The solution I tried was to add a call to object.paintingLayer()->setNeedsRepaint() in ObjectPaintInvalidator::invalidatePaintIncludingNonCompositingDescendants. This solves the problem of hitting the DCHECK but my guess is that this is not a desired solution because of the performance penalties described in the comments. > Can you share the reproduction method? Unfortunately, we use this in a proprietary setup with a custom platform implementation that I can't share. I have tried to reproduce this in both chrome and content_shell but was unable to do so.
,
Jan 18 2017
Thanks for the analysis. invalidatePaintIncludingNonCompositingDescendants() contains code that invalidate any self painting layer encountered during the tree walk, which should be equivalent to calling object.paintingLayer()->setNeedsRepaint() on every object. The failure means that the tree walk order may be wrong at some places. Will investigate.
,
Jan 18 2017
I suspect this is related to the following pattern:
<div>
<span>
<div style="float: left"></div>
</span>
</div>
We just fixed some bugs about such scheme, but I found invalidatePaintIncludingNonCompositingDescendants() may still have issues about it.
landell@ does your setup contain such pattern?
,
Jan 19 2017
I tried with that snippet but didn't hit the DCHECK while scrolling. I have been reproducing with http://edition.cnn.com/2016/12/12/politics/china-trump-one-china-reaction/index.html but the URL in this issue also works.
,
Jan 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f105471106f4c821364165bdd991ce13196f5496 commit f105471106f4c821364165bdd991ce13196f5496 Author: wangxianzhu <wangxianzhu@chromium.org> Date: Tue Jan 24 08:15:34 2017 Fix traverseNonCompositingDescendantsInPaintOrder for float-under-inline cases We should traverse into composited inlines even if they are stacking context, because there might be floating objects which belong to ancestors in paint order. During traverse for paint invalidation, when we encounter a floating object, we should mark the real painting layer for paint invalidation which may be above the tip of the subtree being traversed. BUG= 644144 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Review-Url: https://codereview.chromium.org/2639283003 Cr-Commit-Position: refs/heads/master@{#445679} [modify] https://crrev.com/f105471106f4c821364165bdd991ce13196f5496/third_party/WebKit/Source/core/paint/ObjectPaintInvalidator.cpp [modify] https://crrev.com/f105471106f4c821364165bdd991ce13196f5496/third_party/WebKit/Source/core/paint/ObjectPaintInvalidatorTest.cpp
,
Jan 24 2017
Thanks, the CL resolves our propblems.
,
Jan 24 2017
Thanks for the feedback. I tried the cnn links and couldn't reproduce with the patch. Can you still reproduce with the cnn links?
,
Jan 25 2017
No, I can't reproduce with the patch applied.
,
Jan 25 2017
,
Jan 25 2017
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions. Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/246f4f0482e90289fd249360c558f9cee734f122 commit 246f4f0482e90289fd249360c558f9cee734f122 Author: wangxianzhu <wangxianzhu@chromium.org> Date: Wed Jan 25 17:58:26 2017 Fix traverseNonCompositingDescendantsInPaintOrder for float-under-inline cases We should traverse into composited inlines even if they are stacking context, because there might be floating objects which belong to ancestors in paint order. During traverse for paint invalidation, when we encounter a floating object, we should mark the real painting layer for paint invalidation which may be above the tip of the subtree being traversed. BUG= 644144 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 TBR=wangxianzhu@chromium.org NOTRY=true NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2639283003 Cr-Original-Commit-Position: refs/heads/master@{#445679} Review-Url: https://codereview.chromium.org/2657853002 Cr-Commit-Position: refs/branch-heads/2987@{#87} Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943} [modify] https://crrev.com/246f4f0482e90289fd249360c558f9cee734f122/third_party/WebKit/Source/core/paint/ObjectPaintInvalidator.cpp [modify] https://crrev.com/246f4f0482e90289fd249360c558f9cee734f122/third_party/WebKit/Source/core/paint/ObjectPaintInvalidatorTest.cpp
,
Jan 25 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by wangxianzhu@chromium.org
, Sep 6 2016Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)