DCHECK failure in LayoutObject::offsetFromAncestorContainer() during compositing update |
|||
Issue descriptionIn CompositingInputsUpdater::updateRecursive(): m_geometryMap.pushMappingsToAncestor(layer, layer->parent()); if layer->parent()->layoutObject() is not an ancestor container of layer->layoutObject(), DCHECK(nextContainer) will fail in LayoutObject::offsetFromAncestorContainer(). To reproduce, open the test in bug 691339 in a debug build of content_shell. After sometime the DCHECK will trigger. The layout tree is: ... $ LayoutBlockFlow (relative positioned) 0x1bed6d81e760 TD class="c2" LayoutBlockFlow (column spanner) 0x1bed6d81d608 FIGURE class="c18" - LayoutMultiColumnFlowThread (anonymous) 0x1bed6d8384f0 * LayoutBlockFlow (positioned) 0x1bed6d81df48 ARTICLE class="c6" LayoutMultiColumnFlowThread (anonymous) 0x1bed6d8391f0 LayoutText 0x1bed6d82ad60 #text "1458165563" LayoutBlockFlow (positioned) 0x1bed6d81e638 CITE class="c3" LayoutBlockFlow (positioned) 0x1bed6d81fb08 CAPTION class="c5" LayoutMultiColumnFlowThread (anonymous) 0x1bed6d839a10 LayoutInline 0x1bed6d828588 SUP class="c18" LayoutMultiColumnSet (anonymous) 0x1bed6d849328 LayoutMultiColumnSet (anonymous) 0x1bed6d848768 ... -: layer->parent()->layoutObject() *: layer->layoutObject() $: layer->layoutObject()->container() We can also trigger with with the following test which is related to bug 688774 : <!DOCTYPE html> <style> #video::-webkit-media-controls { float: left; } #video { position: absolute; } </style> <video id="video"></video> LayoutBlockFlow 0x9400c61c010 HTML $ LayoutBlockFlow 0x9400c61c138 BODY - LayoutVideo (positioned) 0x9400c628010 VIDEO id="video" * LayoutFlexibleBox (relative positioned) (floating) 0x9400c638010 DIV LayoutFlexibleBox (relative positioned) 0x9400c6381e0 DIV LayoutBlockFlow 0x9400c61c260 DIV
,
Feb 16 2017
The fix for bug 688774 fixed the second case. The first case from bug 691339 still asserts.
,
Feb 16 2017
Ah, yes, I can reproduce it. From a LayoutObject-centric perspective:
€ LayoutBlockFlow 0x21d055e1d3b8 BLOCKQUOTE class="c18"
LayoutMultiColumnFlowThread (anonymous) 0x21d055e38350
LayoutBlockFlow (anonymous) 0x21d055e1f0a0
LayoutInline 0x21d055e28bc8 <pseudo:first-letter>
LayoutTextFragment (anonymous) 0x21d055e7c100 "q"
LayoutTextFragment 0x21d055e7c010 "pcmuhvey" #text "qpcmuhvey"
% LayoutBlockFlow (relative positioned) 0x21d055e1d4e0 TD class="c2"
$ LayoutBlockFlow (column spanner) 0x21d055e200d0 FIGURE class="c18"
* LayoutMultiColumnFlowThread (anonymous) 0x21d055e384f0
LayoutBlockFlow (positioned) 0x21d055e1ca78 ARTICLE class="c6"
LayoutMultiColumnFlowThread (anonymous) 0x21d055e39050
*: |this| in LayoutObject::offsetFromAncestorContainer()
%: |ancestorContainer| parameter to LayoutObject::offsetFromAncestorContainer()
$: this->container()
€: this->container()->container()
So "%" isn't in the container chain of "*", so we'll miss and trip over the root.
Back to your layer-centric observation:
Right, layer->parent()->layoutObject() is not an ancestor container of layer->layoutObject(). That's not a safe assumption to make.
Similar situation here, I guess:
<div id="relpos" style="position:relative;">
<div id="clipped" style="overflow:hidden;">
<div id="abspos" style="position:absolute;">
All three elements establish layers. The parent layer of #abspos layer is #clipped. The parent layer of #clipped is #relpos. At the same time, the container() of #abspos is #relpos. In other words, #clipped is not an ancestor container of #abspos, although it's its parent layer.
,
Feb 21 2018
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 21 2018
|
|||
►
Sign in to add a comment |
|||
Comment 1 by msten...@opera.com
, Feb 16 2017