[LayoutNG] DCHECK failure at CheckPositionedObjectsNeedLayout |
|||
Issue descriptionChrome Version: ToT content_shell OS: Linux What steps will reproduce the problem? (1) Go to https://www.msn.com/ja-jp [1:1:1112/153141.776846:FATAL:layout_block.cc(2198)] Check failed: !curr_box->NeedsLayout(). #0 0x7ff8af88354d base::debug::StackTrace::StackTrace() #1 0x7ff8af576e6a base::debug::StackTrace::StackTrace() #2 0x7ff8af5e8c4b logging::LogMessage::~LogMessage() #3 0x7ff89a86570e blink::LayoutBlock::CheckPositionedObjectsNeedLayout() #4 0x7ff89a950389 blink::LayoutObject::CheckBlockPositionedObjectsNeedLayout() #5 0x7ff89a7fd0ad blink::LayoutObject::ClearNeedsLayout() #6 0x7ff89aa603a7 blink::NGInlineNode::MarkLineBoxesDirty() #7 0x7ff89aa5fdef blink::NGInlineNode::PrepareReuseFragments() #8 0x7ff89aa9ba39 blink::NGBlockLayoutAlgorithm::ReusableLineBoxContainer() #9 0x7ff89aa9baf3 blink::NGBlockLayoutAlgorithm::TryReuseFragmentsFromCache() #10 0x7ff89aa990f3 blink::NGBlockLayoutAlgorithm::HandleInflow() #11 0x7ff89aa95d49 blink::NGBlockLayoutAlgorithm::Layout() #12 0x7ff89aaa5ba9 blink::(anonymous namespace)::LayoutWithAlgorithm() #13 0x7ff89aaa47d1 blink::NGBlockNode::Layout() #14 0x7ff89aacb26d blink::NGOutOfFlowLayoutPart::GenerateFragment() #15 0x7ff89aacabe8 blink::NGOutOfFlowLayoutPart::LayoutDescendant() #16 0x7ff89aac90a8 blink::NGOutOfFlowLayoutPart::Run() #17 0x7ff89aa81dec blink::LayoutNGBlockFlow::UpdateOutOfFlowBlockLayout() #18 0x7ff89aa8120f blink::LayoutNGBlockFlow::UpdateBlockLayout() #19 0x7ff89a85cac0 blink::LayoutBlock::UpdateLayout() #20 0x7ff89a331528 blink::LocalFrameView::LayoutFromRootObject() #21 0x7ff89a33251d blink::LocalFrameView::PerformLayout() #22 0x7ff89a33027a blink::LocalFrameView::UpdateLayout() #23 0x7ff899e601bc blink::Document::UpdateStyleAndLayout() #24 0x7ff899e5ff66 blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets() #25 0x7ff89a2feb0b blink::LocalDOMWindow::scrollX() #26 0x7ff89b4ace25 blink::LocalDOMWindow::pageXOffset() #27 0x7ff89b470edb blink::dom_window_v8_internal::pageXOffsetAttributeGetter() #28 0x7ff89b470e6a blink::V8Window::pageXOffsetAttributeGetterCallback() #29 0x7ff89c8a89e3 v8::internal::FunctionCallbackArguments::Call() #30 0x7ff89c8a72e4 v8::internal::(anonymous namespace)::HandleApiCallHelper<>() #31 0x7ff89c8a62cb v8::internal::Builtins::InvokeApiFunction() #32 0x7ff89cf0b0fa v8::internal::Object::GetPropertyWithAccessor() #33 0x7ff89cf0a21e v8::internal::Object::GetProperty() #34 0x7ff89d0ed2f2 v8::internal::Runtime::GetObjectProperty() #35 0x7ff89d0f3d84 v8::internal::__RT_impl_Runtime_GetProperty()
,
Nov 12
It's during NGInlineNode::MarkLineBoxesDirty(), probably mine.
,
Nov 12
NeedsLayout check also fails when OOFDescendants are not propagated correctly. Like in #901391, "Absolute boxes with right: 0 in left-floating elements are placed to the left instead". Will take a look.
,
Dec 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/757dcc189067d644ae24bcb6f1c86354bbc7774e commit 757dcc189067d644ae24bcb6f1c86354bbc7774e Author: Koji Ishii <kojii@chromium.org> Date: Mon Dec 10 06:01:36 2018 [LayoutNG] Stop clearning NeedsLayout on block in MarkLineBoxesDirty This patch stops clearning NeedsLayout on the LayoutBLockFlow in MarkLineBoxesDirty. MarkLineBoxesDirty turns NeedsLayout of inline boxes and text into IsDirty on existing line boxes, to determine which line boxes are dirty and which are reusable. Since it marks line boxes as dirty, it's safe to clear NeedsLayout on objects within the line box, but it's not proper to clear NeedsLayout on LayoutBlockFlow. When layout is done, it will be cleared, so this was just redundant. Bug: 904291 Change-Id: I1f9e767c6d7a3ec5fc9ba6c2b4090581ece5123b Reviewed-on: https://chromium-review.googlesource.com/c/1366472 Commit-Queue: Koji Ishii <kojii@chromium.org> Reviewed-by: Aleks Totic <atotic@chromium.org> Reviewed-by: Morten Stenshorne <mstensho@chromium.org> Cr-Commit-Position: refs/heads/master@{#615053} [modify] https://crrev.com/757dcc189067d644ae24bcb6f1c86354bbc7774e/third_party/blink/renderer/core/layout/ng/inline/ng_inline_node.cc [add] https://crrev.com/757dcc189067d644ae24bcb6f1c86354bbc7774e/third_party/blink/web_tests/fast/text/absolute-in-inline-block-change-crash-expected.txt [add] https://crrev.com/757dcc189067d644ae24bcb6f1c86354bbc7774e/third_party/blink/web_tests/fast/text/absolute-in-inline-block-change-crash.html
,
Dec 11
,
Dec 11
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c35a4307ef33675024311b29c16448f81fda7474 commit c35a4307ef33675024311b29c16448f81fda7474 Author: Koji Ishii <kojii@chromium.org> Date: Tue Dec 11 09:50:49 2018 [LayoutNG] Remove unneeded comments in a test This patch removes a comment in a test that is not needed. It was a left over in r615053 (CL:1366472). Bug: 904291 Change-Id: I785080fd401426261d6259c22f5f20059fdcba1f Reviewed-on: https://chromium-review.googlesource.com/c/1370148 Reviewed-by: Christian Biesinger <cbiesinger@chromium.org> Commit-Queue: Koji Ishii <kojii@chromium.org> Cr-Commit-Position: refs/heads/master@{#615473} [modify] https://crrev.com/c35a4307ef33675024311b29c16448f81fda7474/third_party/blink/web_tests/fast/text/absolute-in-inline-block-change-crash.html |
|||
►
Sign in to add a comment |
|||
Comment 1 by kojii@chromium.org
, Nov 12