Closed Bug 931627 Opened 11 years ago Closed 10 years ago

ABORT: aRelevantLinkVisited should only be set when we have a separate style: 'aRulesIfVisited || !aRelevantLinkVisited'

Categories

(Core :: CSS Parsing and Computation, defect, P3)

Product:
Core
Component:
CSS Parsing and Computation
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 575675

People

(Reporter: gal, Unassigned)

Details

(Keywords: assertion, reproducible) 

I am constantly hitting this bug even on trivial content. Happy to help debug if someone can guide me, otherwise please disable this assert. It makes debugging anything else impossible.

Hit MOZ_CRASH() at /Users/gal/workspace/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:30

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
mozalloc_abort (msg=0x7fff5fbfbfb8 "###!!! ABORT: aRelevantLinkVisited should only be set when we have a separate style: 'aRulesIfVisited || !aRelevantLinkVisited', file /Users/gal/workspace/mozilla-central/layout/style/nsStyleContext.c"...) at /Users/gal/workspace/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:30
30	    MOZ_CRASH();
(gdb) bt
#0  mozalloc_abort (msg=0x7fff5fbfbfb8 "###!!! ABORT: aRelevantLinkVisited should only be set when we have a separate style: 'aRulesIfVisited || !aRelevantLinkVisited', file /Users/gal/workspace/mozilla-central/layout/style/nsStyleContext.c"...) at /Users/gal/workspace/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:30
#1  0x00000001044384d5 in Abort (aMsg=0x7fff5fbfbfb8 "###!!! ABORT: aRelevantLinkVisited should only be set when we have a separate style: 'aRulesIfVisited || !aRelevantLinkVisited', file /Users/gal/workspace/mozilla-central/layout/style/nsStyleContext.c"...) at /Users/gal/workspace/mozilla-central/xpcom/base/nsDebugImpl.cpp:430
#2  0x0000000104437f1c in NS_DebugBreak (aSeverity=3, aStr=0x10615b527 "aRelevantLinkVisited should only be set when we have a separate style", aExpr=0x10615b56d "aRulesIfVisited || !aRelevantLinkVisited", aFile=0x10615b39f "/Users/gal/workspace/mozilla-central/layout/style/nsStyleContext.cpp", aLine=158) at /Users/gal/workspace/mozilla-central/xpcom/base/nsDebugImpl.cpp:387
#3  0x0000000102062ed5 in nsStyleContext::FindChildWithRules (this=0x1282d9af0, aPseudoTag=0x0, aRuleNode=0x151aa9680, aRulesIfVisited=0x0, aRelevantLinkVisited=true) at /Users/gal/workspace/mozilla-central/layout/style/nsStyleContext.cpp:157
#4  0x000000010206aae1 in nsStyleSet::GetContext (this=0x1253bee00, aParentContext=0x1282d9af0, aRuleNode=0x151aa9680, aVisitedRuleNode=0x0, aPseudoTag=0x0, aPseudoType=nsCSSPseudoElements::ePseudo_NotPseudoElement, aElementForAnimation=0x0, aFlags=3) at /Users/gal/workspace/mozilla-central/layout/style/nsStyleSet.cpp:780
#5  0x000000010206d15d in nsStyleSet::ResolveStyleForRules (this=0x1253bee00, aParentContext=0x1282d9af0, aOldStyle=0x12c31f950, aRules=@0x7fff5fbfc718) at /Users/gal/workspace/mozilla-central/layout/style/nsStyleSet.cpp:1260
#6  0x00000001020888dc in nsTransitionManager::UpdateThrottledStyle (this=0x1257356c0, aElement=0x12419ecc0, aParentStyle=0x1282d9af0, aChangeList=@0x7fff5fbfc8b0) at /Users/gal/workspace/mozilla-central/layout/style/nsTransitionManager.cpp:310
#7  0x0000000102088f8c in nsTransitionManager::UpdateThrottledStylesForSubtree (this=0x1257356c0, aContent=0x12419ecc0, aParentStyle=0x1282d9af0, aChangeList=@0x7fff5fbfc8b0) at /Users/gal/workspace/mozilla-central/layout/style/nsTransitionManager.cpp:348
#8  0x0000000102089435 in nsTransitionManager::UpdateAllThrottledStyles (this=0x1257356c0) at /Users/gal/workspace/mozilla-central/layout/style/nsTransitionManager.cpp:429
#9  0x0000000101ddf896 in mozilla::RestyleManager::ProcessPendingRestyles (this=0x115c43400) at /Users/gal/workspace/mozilla-central/layout/base/RestyleManager.cpp:1374
#10 0x0000000101dacf2d in PresShell::FlushPendingNotifications (this=0x11bb53c00, aFlush={mFlushType = Flush_Style, mFlushAnimations = false}) at /Users/gal/workspace/mozilla-central/layout/base/nsPresShell.cpp:3830
#11 0x0000000101dd093d in nsRefreshDriver::Tick (this=0x115c43800, aNowEpoch=1382916549835174, aNowTime={mValue = 230523635204549}) at /Users/gal/workspace/mozilla-central/layout/base/nsRefreshDriver.cpp:1139
#12 0x0000000101dd6d8c in mozilla::RefreshDriverTimer::TickDriver (driver=0x115c43800, jsnow=1382916549835174, now={mValue = 230523635204549}) at /Users/gal/workspace/mozilla-central/layout/base/nsRefreshDriver.cpp:168
#13 0x0000000101dd6c54 in mozilla::RefreshDriverTimer::Tick (this=0x11263f640) at /Users/gal/workspace/mozilla-central/layout/base/nsRefreshDriver.cpp:160
#14 0x0000000101dd6b11 in mozilla::RefreshDriverTimer::TimerTick (aTimer=0x111efeca0, aClosure=0x11263f640) at /Users/gal/workspace/mozilla-central/layout/base/nsRefreshDriver.cpp:185
#15 0x000000010441d4c5 in nsTimerImpl::Fire (this=0x111efeca0) at /Users/gal/workspace/mozilla-central/xpcom/threads/nsTimerImpl.cpp:546
#16 0x000000010441d8d1 in nsTimerEvent::Run (this=0x111ebf2f0) at /Users/gal/workspace/mozilla-central/xpcom/threads/nsTimerImpl.cpp:630
This ABORT_IF_FALSE was added back in 2010:
 http://hg.mozilla.org/mozilla-central/rev/902a9bca379b
...so it appears we've had this for quite a while without tripping over it enough to disable it.

So, most likely, it's catching a recently-introduced bug, which we should find and fix.

Andreas, do you happen to have a testcase or a URL that triggers this?  And does it seem to fail reliably, on pages that trigger it?
Version: unspecified → Trunk
I can definitely trigger this. Basically most pages can cause this. If I reload a couple times I usually die. I don't know the code here at all. If you give me pointers what to look for, I am happy to debug.
Google voice triggers this for me reliably on every load.
Just to double-check, in frame 10 what's the mDocumentURI of the presshell's document?  And is this in a clean desktop Firefox or some other browser with a different default stylesheet setup?
(In reply to Andreas Gal :gal from comment #3)
> Google voice triggers this for me reliably on every load.

(Not for me, FWIW. :-/ I tried loading it in my linux debug build (at cset 64d531ae16c7 from today), logged in, clicked back and forth between the upper 4 categories (inbox, starred, voicemails, texts). No abort.)
Component: Layout → CSS Parsing and Computation
Clean browser, I didn't twiddle with the stylesheet setup. I am on mac. This might have to do with loading flash or something (I have flash disabled). I will try to get an answer for comment 4.
  mSpec = {
    <nsACString_internal> = {
      mData = 0x121c27fa8 "https://www.google.com/voice#inbox", 
      mLength = 34, 
      mFlags = 5
    }, <No data fields>}, 

Still catching this reliably. Happy to help debug with instructions.
So the first thing to check are which stylesheets the rules applying to that node are from.  If it's an anchor, there should be rules from the preferences stylesheet that are different for visited and not-visited... Also, _is_ this an anchor node?
Perhaps someone who knows the style system should simply debug this on Andreas machine
when you happen to be in the same location?
Severity: normal → major
Keywords: assertion, reproducible
Priority: -- → P3
Assertion removed in bug 575675, although it's still quite curious that this was ever happening, since the style sheet created in PresShell::SetPrefLinkRules should have ensured there was separate style.

(I presume Andreas stopped seeing this at some point?)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.