Closed Bug 1373750 Opened 7 years ago Closed 7 years ago

Assertion failure: aClipState->IsValid()

Categories

(Core :: Web Painting, defect)

Product:
Core
Component:
Web Painting
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- wontfix
firefox56 --- wontfix
firefox57 --- wontfix
firefox58 --- fixed

People

(Reporter: truber, Assigned: u459114)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(4 files)

testcase.html
254 bytes, text/html
Details
modified testcase for earlier version
265 bytes, text/html
Details
Bug 1373750 - Part 1. Except the bottom layer, recompute clip state of each mask layer by a clear clipState object.
59 bytes, text/x-review-board-request
mstange
: review+
Details
Bug 1373750 - Part 2. Add a crash test consists of two mask layers.
59 bytes, text/x-review-board-request
mstange
: review+
Details
Attached file testcase.html 
The attached testcase fails the below assertion in mozilla-central rev fe809f57bf22.

Assertion failure: aClipState->IsValid(), at /home/worker/workspace/build/src/layout/painting/nsCSSRendering.cpp:2195
#01: nsCSSRendering::PaintStyleImageLayerWithSC at layout/painting/nsCSSRendering.cpp:2682
#02: PaintMaskSurface at layout/svg/nsSVGIntegrationUtils.cpp:478
#03: nsSVGIntegrationUtils::PaintMaskAndClipPath at layout/svg/nsSVGIntegrationUtils.cpp:557
#04: nsDisplayMask::PaintAsLayer at layout/painting/nsDisplayList.cpp:8553
#05: mozilla::FrameLayerBuilder::PaintItems at layout/painting/FrameLayerBuilder.cpp:3704
#06: mozilla::FrameLayerBuilder::DrawPaintedLayer at layout/painting/FrameLayerBuilder.cpp:6247
#07: mozilla::layers::ClientPaintedLayer::PaintThebes at mfbt/RefPtr.h:40
#08: mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback at gfx/src/nsRegion.h:75
#09: mozilla::layers::ClientContainerLayer::RenderLayer at gfx/layers/client/ClientContainerLayer.h:57
#10: mozilla::layers::ClientContainerLayer::RenderLayer at gfx/layers/client/ClientContainerLayer.h:57
#11: mozilla::layers::ClientLayerManager::EndTransactionInternal at gfx/layers/client/ClientLayerManager.cpp:375
#12: mozilla::layers::ClientLayerManager::EndTransaction at gfx/layers/client/ClientLayerManager.cpp:434
#13: nsDisplayList::PaintRoot at layout/painting/nsDisplayList.cpp:2293
#14: nsLayoutUtils::PaintFrame at mfbt/RefPtr.h:129
#15: mozilla::PresShell::Paint at layout/base/PresShell.cpp:6444
INFO: Last good revision: c992c7e903ce1409aa3ad34a97ee2920ca0e45a9
INFO: First bad revision: abcf45c9ad660b35e892cd3736c28d11528bdc64
INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=c992c7e903ce1409aa3ad34a97ee2920ca0e45a9&tochange=abcf45c9ad660b35e892cd3736c28d11528bdc64
Blocks: 1188074
Has Regression Range: --- → yes
status-firefox55: --- → wontfix
status-firefox56: --- → wontfix
status-firefox57: --- → affected
status-firefox58: --- → affected
status-firefox-esr52: --- → unaffected
Flags: in-testsuite?
This is unrelated to bug 1188074. That bug just happens to make the given syntax valid. This assertion can be triggered with a slightly modified version of the testcase which uses valid syntax for earlier version.
No longer blocks: 1188074
Flags: needinfo?(cku)
I will check it next week
Assignee: nobody → cku
Flags: needinfo?(cku)
Depends on: 1342302
Blocks: 1342302
No longer blocks: 1351440
No longer depends on: 1342302
Attachment #8911690 - Flags: review?(mstange)
Attachment #8911691 - Flags: review?(mstange)
Comment on attachment 8911690 [details]
Bug 1373750 - Part 1. Except the bottom layer, recompute clip state of each mask layer by a clear clipState object.

https://reviewboard.mozilla.org/r/183082/#review188320

::: layout/painting/nsCSSRendering.cpp:2156
(Diff revision 1)
> +{
> +  mBGClipArea.SetEmpty();
> +  mAdditionalBGClipArea.SetEmpty();
> +  mDirtyRectInAppUnits.SetEmpty();
> +  mDirtyRectInDevPx.SetEmpty();
> +  for (int i = 0; i < 8; i++) {

Quick note: Our static analysis bot found a potential improvement for this line:

Warning: Use range-based for loop instead [clang-tidy: modernize-loop-convert]

::: layout/painting/nsCSSRendering.cpp:2160
(Diff revision 1)
> +  mDirtyRectInDevPx.SetEmpty();
> +  for (int i = 0; i < 8; i++) {
> +    mRadii[i] = 0;
> +  }
> +
> +  for (int i = 0; i < eCornerCount; i++) {

Same quick note as above:

Warning: Use range-based for loop instead [clang-tidy: modernize-loop-convert]
Attachment #8911690 - Flags: review?(janx)
Attachment #8911690 - Flags: review?(janx)
Comment on attachment 8911690 [details]
Bug 1373750 - Part 1. Except the bottom layer, recompute clip state of each mask layer by a clear clipState object.

https://reviewboard.mozilla.org/r/183082/#review189300

I'd prefer this be fixed in the caller. You could do something like this:

ImageLayerClipState currentLayerClipState;
if (isBottomLayer) {
  currentLayerClipState = clipState;
} else {
  GetImageLayerClip(..., &currentLayerClipState);
}
// use currentLayerClipState here

If you'd prefer to keep the current approach, would "void Clear() { *this = ImageLayerClipState(); }"  work?

::: commit-message-7e962:5
(Diff revision 2)
> +Bug 1373750 - Part 1. Implement ImageLayerClipState::Clear
> +
> +In nsCSSRendering::PaintStyleImageLayerWithSC, we reuse the same clip-state
> +object,  clipState, for all bg/mask layers. We hit this assertion if the
> +border-rarius of prevoius one is not 0, but the the border-radius of the next one

typos: "radius" and "previous"
Attachment #8911690 - Flags: review?(mstange)
Comment on attachment 8911691 [details]
Bug 1373750 - Part 2. Add a crash test consists of two mask layers.

https://reviewboard.mozilla.org/r/183084/#review189302
Attachment #8911691 - Flags: review?(mstange) → review+
Comment on attachment 8911690 [details]
Bug 1373750 - Part 1. Except the bottom layer, recompute clip state of each mask layer by a clear clipState object.

https://reviewboard.mozilla.org/r/183082/#review189848

Thanks!
Attachment #8911690 - Flags: review?(mstange) → review+
Pushed by cku@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/029918001381
Part 1. Except the bottom layer, recompute clip state of each mask layer by a clear clipState object. r=mstange
https://hg.mozilla.org/integration/autoland/rev/772f7c02ef19
Part 2. Add a crash test consists of two mask layers. r=mstange
Is there a user impact here that warrants Beta backport consideration or can this ride the 58 train?
Flags: needinfo?(cku)
It's an assertion failure, and the reason to cause this failure is because the assertion itself is not correct. There is no user impact at release version, so I think we can just ride 58 train.
Flags: needinfo?(cku)
See Also: → 1697311
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: