1927270 - Fuzz testcase from bug 1473612 loads indefinitely spending time around layout stuff (testcase loaded instantly prior to regression)

Status: RESOLVED FIXED

(Core :: Layout: Columns, defect)

Description

[Mayank Bansal]

Attachment: Fuzz testcase from bug 1473612.html

Open the fuzz testcase from bug 1473612 (https://bugzilla.mozilla.org/attachment.cgi?id=9265392)

AR: Loooong loading: https://share.firefox.dev/3AepZim
ER: Not so

Bisection:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=17df1e9794687c0d56a85bc975e6b650c911b69f&tochange=fbae7216fa061be5b7521010f78bb51dade2a5a9

cc :jfkthame and :dholbert.

This is a regression, but not recent.

Comment 1

[Alice0775 White]

I got a different range:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b9f69ae629973941209679347af8ee6a32fd0c6c&tochange=f69ff4d8bbf2dc344dc5ac0a2aab6de7574850c1

Susprct: Bug 793686

Comment 2

[Jonathan Kew [:jfkthame]]

From the range in comment 0, bug 1784208 might also be a suspect; but if the range in comment 1 is more correct, then bug 793686 does sound plausible. Maybe :TYLin can take a look sometime.

Comment 3

[Ting-Yu Lin [:TYLin] (PST, UTC-8)]

The browser is stuck in multi-column layout, which keeps creating columns. It can be easily seen when loading the testcase in my local debug build with multi-column log enabled:

MOZ_LOG="ColumnSet:5" ./mach run --layoutdebug https://bugzilla.mozilla.org/attachment.cgi?id=9433472

The testcase produces a lot of log prints, and I see the following within a few seconds:

D/ColumnSet ReflowColumns: Reflowed child #4165
...
D/ColumnSet ReflowColumns: Reflowed child #4166
...
D/ColumnSet ReflowColumns: Reflowed child #4166
...

This means the browser has created at least 4166 columns. It is a signal that it will likely never end.

Comment 4

[Ting-Yu Lin [:TYLin] (PST, UTC-8)]

Attachment: Bug 1927270 - Force fill columns if the current multicol's nested balancing depth exceeds the maximum. r?#layout

Currently, only a maximum of two levels of nested "balancing" multicol are
allowed. In the third or deeper levels of a multicol container that uses the
balancing behavior (column-fill: balancing), we don't honor the balancing
request and make it act as if column-count: 1 is set, for performance reasons
[1].

In such scenarios, this patch sets the mForceAuto to true, allowing the
content to be laid out regardless of whether the multicol is at the top of the
page or not [2]. This prevents the indefinite creation of columns.

This change should have minimal impact on real sites, as nested multicol layouts
beyond two levels are rare.

WARNING: Opening the testcase in Firefox without this patch applied can hang the
browser.

[1] https://searchfox.org/mozilla-central/rev/ead020d3989d3e9477b353d3d117f9c0f4b16f53/layout/generic/nsColumnSetFrame.cpp#296-301
[2] https://searchfox.org/mozilla-central/rev/6b61714b224f8cdca1a48ef1c51edab027f2c09f/layout/generic/nsColumnSetFrame.cpp#650-654

Comment 5

[BugBot [:suhaib / :marco/ :calixte]]

Set release status flags based on info from the regressing bug 793686

Comment 6

[Pulsebot]

Pushed by aethanyc@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/c0d9ef2b735c
Force fill columns if the current multicol's nested balancing depth exceeds the maximum. r=dshin

Comment 7

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/50010 for changes under testing/web-platform/tests

Comment 9

[Atila Butkovits]

https://hg.mozilla.org/mozilla-central/rev/c0d9ef2b735c

Comment 10

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Upstream PR merged by moz-wptsync-bot

Comment 11

[BugBot [:suhaib / :marco/ :calixte]]

The patch landed in nightly and beta is affected.
:TYLin, is this bug important enough to require an uplift?

• If yes, please nominate the patch for beta approval.
• If no, please set status-firefox135 to wontfix.

For more information, please visit BugBot documentation.

Comment 12

[Ting-Yu Lin [:TYLin] (PST, UTC-8)]

This bug is unlikely to occur on real websites, and we have this bug since Firefox 105. Therefore, I'm OK for this to ride the train.