[SPv2] Check failed: DisplayItem::IsDrawingType(display_item.GetType()) |
||||||||
Issue descriptionrun-webkit-tests --additional-driver-flag=--enable-slimming-paint-v2 svg/text/selection-style-within-mask-crash.html crash log for renderer (pid <unknown>): STDOUT: #CRASHED - renderer STDERR: [1:1:0524/113039.696225:1755285789:FATAL:PaintChunksToCcLayer.cpp(184)] Check failed: DisplayItem::IsDrawingType(display_item.GetType()). STDERR: #0 0x00000199df97 base::debug::StackTrace::StackTrace() STDERR: #1 0x0000019b53ad logging::LogMessage::~LogMessage() STDERR: #2 0x000002eacb80 blink::PaintChunksToCcLayer::Convert() STDERR: #3 0x0000046b0052 blink::PaintArtifactCompositor::CompositedLayerForPendingLayer() STDERR: #4 0x0000046b20e4 blink::PaintArtifactCompositor::Update() STDERR: #5 0x00000331120f blink::FrameView::PushPaintArtifactToCompositor() STDERR: #6 0x00000330e911 blink::FrameView::UpdateLifecyclePhasesInternal() STDERR: #7 0x00000330e281 blink::FrameView::UpdateAllLifecyclePhases() STDERR: #8 0x0000037e2d0a blink::PageAnimator::UpdateAllLifecyclePhases() STDERR: #9 0x000004d07eaa blink::WebViewImpl::UpdateAllLifecyclePhases() STDERR: #10 0x00000197062e content::BlinkTestRunner::TestFinished() STDERR: #11 0x000003f58e85 test_runner::TestRunner::WorkQueue::ProcessWorkSoon() STDERR: #12 0x000003f5b6a8 test_runner::TestRunner::LocationChangeDone() STDERR: #13 0x000003f5b5b2 test_runner::TestRunner::tryToClearTopLoadingFrame() STDERR: #14 0x00000378d6f6 blink::ProgressTracker::ProgressCompleted() STDERR: #15 0x000003777517 blink::FrameLoader::DidFinishNavigation() STDERR: #16 0x0000030b0ba5 blink::Document::CheckCompleted() STDERR: #17 0x0000030bff2a blink::Document::DecrementLoadEventDelayCountAndCheckLoadEvent() STDERR: #18 0x0000047a36e1 blink::IncrementLoadEventDelayCount::ClearAndCheckLoadEvent() STDERR: #19 0x0000033e5137 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink15HTMLLinkElementEFvSt10unique_ptrINS3_28IncrementLoadEventDelayCountESt14default_deleteIS6_EEEJNS3_10PersistentIS4_EEN3WTF13PassedWrapperIS9_EEEEEFvvEE3RunEPNS0_13BindStateBaseE STDERR: #20 0x000000510331
,
May 24 2017
About 70 layout tests crash due to this bug. Most of them seem related to masks ( bug 707444 ?)
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fdbb38c6094f9cf41267851ca437b5d204d0eb48 commit fdbb38c6094f9cf41267851ca437b5d204d0eb48 Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Thu May 25 00:40:31 2017 [SPv2] Update test expectations for crbug.com/726041 , 726066 and 644358 Bug: 726041 , 726066 , 644358 Change-Id: Ief87f225dd6fac867c8872cf396501c75d059215 Reviewed-on: https://chromium-review.googlesource.com/514324 Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Stephen Chenney <schenney@google.com> Reviewed-by: Stephen Chenney <schenney@chromium.org> Cr-Commit-Position: refs/heads/master@{#474495} [modify] https://crrev.com/fdbb38c6094f9cf41267851ca437b5d204d0eb48/third_party/WebKit/LayoutTests/FlagExpectations/enable-slimming-paint-v2
,
Jun 1 2017
Here are the types of display items causing the DCHECK failure: - BeginCompositing and EndCompositing (e.g. svg/text/selection-style-within-mask-crash.html) - ClipBoxPaintPhaseXXX (e.g. fast/borders/border-radius-mask-canvas-with-mask.html) Do these types of display items apply in spv2?
,
Jun 1 2017
Paired display items don't exist in SPv2 any more.
,
Jun 1 2017
,
Jun 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/002c71a1681c9fe724ac10efaf91dfe73940c3d4 commit 002c71a1681c9fe724ac10efaf91dfe73940c3d4 Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Tue Jun 06 06:19:53 2017 [SPv2] Don't create BeginCompositing/EndCompositing display items We already created ScopedPaintChunkProperties for SPv2 for SVG masks. BUG= 727072 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I43a665031ddc7477c6c373203fd6e61220ba3132 Reviewed-on: https://chromium-review.googlesource.com/522346 Reviewed-by: Chris harrelson <chrishtr@chromium.org> Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Cr-Commit-Position: refs/heads/master@{#477211} [modify] https://crrev.com/002c71a1681c9fe724ac10efaf91dfe73940c3d4/third_party/WebKit/LayoutTests/FlagExpectations/enable-slimming-paint-v2 [modify] https://crrev.com/002c71a1681c9fe724ac10efaf91dfe73940c3d4/third_party/WebKit/Source/core/paint/SVGMaskPainter.cpp
,
Jun 6 2017
The remaining ones are about clip display items created for rounded borders. trchen@ can you take a look?
,
Jun 7 2017
Yep I found it. https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/paint/ReplacedPainter.cpp?rcl=73ba34deaf39eb774f8541d84480833527a47572&l=103 Shouldn't change SPv2 behavior if we just skip it, but I should file a bug for myself to build corresponding clip node. (The standard overflow clip use the padding box while replaced elements use the content box.)
,
Jun 7 2017
,
Jun 7 2017
I see your method. This bug is about the crash only and should not be blocked by bug 730284 .
,
Jun 7 2017
https://chromium-review.googlesource.com/526311 I think it's the last of them. Thanks Xianzhu for letting me do the honor. :>
,
Jun 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/11bf69b92baee0882e592083b23a0c153a49eda7 commit 11bf69b92baee0882e592083b23a0c153a49eda7 Author: Tien-Ren Chen <trchen@chromium.org> Date: Thu Jun 08 01:31:52 2017 [Blink/SPv2] Stop creating clip display items in SPv2 mode. SPv2 uses property node state to apply clips. Meta display items will be ignored and we have DCHECKs to make sure we no longer create them. BUG= 726041 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I353d9aa02ceed7f746fc2de5522dae28c7075bb8 Reviewed-on: https://chromium-review.googlesource.com/526311 Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Commit-Queue: Tien-Ren Chen <trchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#477852} [modify] https://crrev.com/11bf69b92baee0882e592083b23a0c153a49eda7/third_party/WebKit/LayoutTests/FlagExpectations/enable-slimming-paint-v2 [modify] https://crrev.com/11bf69b92baee0882e592083b23a0c153a49eda7/third_party/WebKit/Source/core/paint/RoundedInnerRectClipper.cpp
,
Jun 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bc6de64824a8b0a96e6f5ecb04682357be14f1ad commit bc6de64824a8b0a96e6f5ecb04682357be14f1ad Author: Tien-Ren Chen <trchen@chromium.org> Date: Fri Jun 09 20:13:56 2017 [SPv2] Ban paired display items from being created SPv2 switched from paired display items in favor of drawing items annotated by property states. Prior to this CL, we already append no paired display items to display list, but still may create temporary ones for immediate replay into a recording. This CL replaces the temporary items with direct drawing commands, and banned paired display items from ever being created. BUG= 726041 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Iad3ad355dc72f9620b55832c6c811322ecc518ff Reviewed-on: https://chromium-review.googlesource.com/528625 Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Philip Rogers <pdr@chromium.org> Commit-Queue: Tien-Ren Chen <trchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#478390} [modify] https://crrev.com/bc6de64824a8b0a96e6f5ecb04682357be14f1ad/third_party/WebKit/Source/core/paint/RoundedInnerRectClipper.cpp [modify] https://crrev.com/bc6de64824a8b0a96e6f5ecb04682357be14f1ad/third_party/WebKit/Source/platform/graphics/paint/DisplayItem.h
,
Jun 9 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by schenney@chromium.org
, May 24 2017