Closed Bug 1358965 Opened 8 years ago Closed 8 years ago

stylo: Crash [@ alloc::arc::Arc<style::gecko_properties::GeckoBackground>::inner<style::gecko_properties::GeckoBackground> [arc.rs : 445 + 0x5]

Categories

(Core :: Layout, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 --- fixed

People

(Reporter: cbook, Assigned: hiro)

References

()

Details

(Keywords: crash)

Attachments

(3 files)

Attached file bughunter stack
Found via topsite tests and reproduced on latest Stylo debugBuild from taskcluster Steps to reproduce: -> Load http://www.visitmaldives.com --> Crash on load Non Stylo Builds are fine, so i guess its stylo bug
I see functions like Servo_GetComputedKeyframeValues in the stack. Guessing it's something related to animation. ni? hiro.
Flags: needinfo?(hikezoe)
This is a case that we call UpdateEffectProperties() for element which got in display:none subtree. We need null check for this case.
Assignee: nobody → hikezoe
Status: NEW → ASSIGNED
Flags: needinfo?(hikezoe)
Comment on attachment 8860854 [details] Bug 1358965 - Don't call UpdateEffectProperties and UpdateTransitions() for null computed values. https://reviewboard.mozilla.org/r/132848/#review135658 ::: commit-message-73752:6 (Diff revision 1) > +Even so Gecko_UpdateAnimations is called because we need to stop CSS > +animations in display:none subtree. I think we can also stop transitions in display:none subtree here (for most cases), but Boris does not think we don't need to do it here (see 1341372 comment 63).
This is a good opportunity to remove silly my mistake (redundant static_cast there).
Attachment #8860857 - Flags: review?(bbirtles) → review+
Comment on attachment 8860854 [details] Bug 1358965 - Don't call UpdateEffectProperties and UpdateTransitions() for null computed values. https://reviewboard.mozilla.org/r/132848/#review135990 ::: commit-message-73752:3 (Diff revision 2) > +We need null check for aOldComputedValues since the value might have been > +cleared after we create a SequentialTask for EffectProperties or > +CSSTransitions because the targe element got in display:none subtree. > +Even so Gecko_UpdateAnimations is called because we need to stop CSS > +animations in display:none subtree. (We don't need this here if we have the same comment in the patch itself.) ::: layout/style/ServoBindings.cpp:487 (Diff revision 2) > UpdateAnimations(const_cast<dom::Element*>(aElement), pseudoType, > servoValues); > } > + // We need null check for aOldComputedValues since the value might have been > + // cleared after we create a SequentialTask for EffectProperties or > + // CSSTransitions because the targe element got in display:none subtree. Nit: target element But actually I'm having trouble making sense of this comment. What is the sequence of events here? Is something like the following correct? // aOldComputedValues might be nullptr if the target element is now in // a display:none subtree. We still call Gecko_UpdateAnimations in this case // because we need to stop CSS animations in the display:none subtree. // However, we don't need to update transitions since they are stopped by // RestyleManager::AnimationsWithDestroyedFrame so we just return early // here.
(In reply to Hiroyuki Ikezoe (:hiro) from comment #4) > Comment on attachment 8860854 [details] > Bug 1358965 - Don't call UpdateEffectProperties and UpdateTransitions() for > null computed values. > > https://reviewboard.mozilla.org/r/132848/#review135658 > > ::: commit-message-73752:6 > (Diff revision 1) > > +Even so Gecko_UpdateAnimations is called because we need to stop CSS > > +animations in display:none subtree. > > I think we can also stop transitions in display:none subtree here (for most > cases), but Boris does not think we don't need to do it here (see 1341372 > comment 63). So Boris is saying that we don't need to do it here because that will be covered by RestyleManager::AnimationsWithDestroyedFrame, right? (Also, a very minor note, bugzilla will automatically link to comments in other bugs if you use the format "bug XXX comment XXX")
(In reply to Brian Birtles (:birtles) from comment #9) > ::: layout/style/ServoBindings.cpp:487 > (Diff revision 2) > > UpdateAnimations(const_cast<dom::Element*>(aElement), pseudoType, > > servoValues); > > } > > + // We need null check for aOldComputedValues since the value might have been > > + // cleared after we create a SequentialTask for EffectProperties or > > + // CSSTransitions because the targe element got in display:none subtree. > > Nit: target element > > But actually I'm having trouble making sense of this comment. What is the > sequence of events here? > > Is something like the following correct? > > // aOldComputedValues might be nullptr if the target element is now in > // a display:none subtree. We still call Gecko_UpdateAnimations in this > case > // because we need to stop CSS animations in the display:none subtree. > // However, we don't need to update transitions since they are stopped by > // RestyleManager::AnimationsWithDestroyedFrame so we just return early > // here. That's right.
(In reply to Brian Birtles (:birtles) from comment #10) > (In reply to Hiroyuki Ikezoe (:hiro) from comment #4) > > Comment on attachment 8860854 [details] > > Bug 1358965 - Don't call UpdateEffectProperties and UpdateTransitions() for > > null computed values. > > > > https://reviewboard.mozilla.org/r/132848/#review135658 > > > > ::: commit-message-73752:6 > > (Diff revision 1) > > > +Even so Gecko_UpdateAnimations is called because we need to stop CSS > > > +animations in display:none subtree. > > > > I think we can also stop transitions in display:none subtree here (for most > > cases), but Boris does not think we don't need to do it here (see 1341372 > > comment 63). > > So Boris is saying that we don't need to do it here because that will be > covered by RestyleManager::AnimationsWithDestroyedFrame, right? Right. Also I am guessing that if servo's machinery about display:none sub tree works as expected we will not need AnimationsWithDestroyedFrame eventually.
(In reply to Hiroyuki Ikezoe (:hiro) from comment #11) > (In reply to Brian Birtles (:birtles) from comment #9) > > Is something like the following correct? > > > > // aOldComputedValues might be nullptr if the target element is now in > > // a display:none subtree. We still call Gecko_UpdateAnimations in this > > case > > // because we need to stop CSS animations in the display:none subtree. > > // However, we don't need to update transitions since they are stopped by > > // RestyleManager::AnimationsWithDestroyedFrame so we just return early > > // here. > > That's right. Ok, r=me with that then.
Comment on attachment 8860854 [details] Bug 1358965 - Don't call UpdateEffectProperties and UpdateTransitions() for null computed values. https://reviewboard.mozilla.org/r/132848/#review135992
Attachment #8860854 - Flags: review?(bbirtles) → review+
A try run [1] noticed me that I made a big mistake that we have to check aComputedValues instead of aOldComputedValues. And considering the fact that checking aOldComputedValues fixed this crash, we should also check aOldComputedValues only for CSSTransitions case. I will revise the first patch, and post a new one for the transition. https://treeherder.mozilla.org/#/jobs?repo=try&revision=723dcf41694ddf1f3512069ce8b8406a4a008979&selectedJob=93901606 Thank to the test case, the only one test case caught the mistake.
(In reply to Hiroyuki Ikezoe (:hiro) from comment #15) > And considering the fact that > checking aOldComputedValues fixed this crash, we should also check > aOldComputedValues only for CSSTransitions case. I will revise the first > patch, and post a new one for the transition. This is wrong, we already check null old value in might_need_transitions_update().
Pushed by hikezoe@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5e652e7d35e7 Don't call UpdateEffectProperties and UpdateTransitions() for null computed values. r=birtles https://hg.mozilla.org/integration/autoland/rev/f4353d26ccd1 Drop unnecessary static_cast. r=birtles
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: