Bug 254034

Summary: [ iOS , macOS Debug ] ASSERTION FAILED: !isCalculated() in WebCore::Length::value() seen with imported/w3c/web-platform-tests/css/css-tables/auto-layout-calc-width-001.html
Product: WebKit Reporter: Bri Harris <bharris9>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ahmad.saleem792, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=253841

Description Bri Harris 2023-03-16 10:27:41 PDT 
imported/w3c/web-platform-tests/css/css-tables/auto-layout-calc-width-001.html

is a constant crash on iOS and macOS affecting Debug only.


HISTORY:
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fcss%2Fcss-tables%2Fauto-layout-calc-width-001.html


CRASH LOG TEXT:

ASSERTION FAILED: !isCalculated()
/Volumes/Data/worker/macOS-AppleSilicon-Ventura-Debug-Build-EWS/build/Source/WebCore/platform/Length.h(341) : float WebCore::Length::value() const
1   0x13a6d32b0 WTFCrash
2   0x28065d6a0 WebCore::JSANGLEInstancedArrays::createPrototype(JSC::VM&, WebCore::JSDOMGlobalObject&)
3   0x28218076c WebCore::Length::value() const
4   0x2857fc288 WebCore::AutoTableLayout::recalcColumn(unsigned int)
5   0x2857fd304 WebCore::AutoTableLayout::fullRecalc()
6   0x2857fd528 WebCore::AutoTableLayout::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::TableIntrinsics)
7   0x285b72314 WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::TableIntrinsics) const
8   0x285b7234c WebCore::RenderTable::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&, WebCore::LayoutUnit&) const
9   0x285b72418 WebCore::RenderTable::computePreferredLogicalWidths()
10  0x285983444 WebCore::RenderBox::minPreferredLogicalWidth() const
11  0x285b6dee8 WebCore::RenderTable::updateLogicalWidth()
12  0x285b6f3cc WebCore::RenderTable::layout()
13  0x285920518 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
14  0x28591f9f8 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
15  0x28591e3c8 WebCore::RenderBlockFlow::layoutInFlowChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
16  0x28591d774 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
17  0x285906578 WebCore::RenderBlock::layout()
18  0x285920518 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
19  0x28591f9f8 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
20  0x28591e3c8 WebCore::RenderBlockFlow::layoutInFlowChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
21  0x28591d774 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
22  0x285906578 WebCore::RenderBlock::layout()
23  0x285920518 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
24  0x28591f9f8 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
25  0x28591e3c8 WebCore::RenderBlockFlow::layoutInFlowChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
26  0x28591d774 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
27  0x285906578 WebCore::RenderBlock::layout()
28  0x285be8d40 WebCore::RenderView::layout()
29  0x284c7f140 WebCore::FrameViewLayoutContext::performLayout()
30  0x284c7ea54 WebCore::FrameViewLayoutContext::layout()
31  0x283bbd624 WebCore::Document::updateLayout()
com.apple.WebKit.WebContent.Development terminated (pid 7907) for reason: crash
LEAK: 1 WebPageProxy
Comment 1 Bri Harris 2023-03-16 10:28:17 PDT 
I was able to replicate this crash on iOS 16 and Ventura ToT as follows:

run-webkit-tests imported/w3c/web-platform-tests/css/css-tables/auto-layout-calc-width-001.html
Comment 2 Radar WebKit Bug Importer 2023-03-16 10:28:32 PDT 
<rdar://problem/106814579>
Comment 3 EWS 2023-03-16 10:53:45 PDT 
Test gardening commit 261752@main (b17c4ce2bf89): <https://commits.webkit.org/261752@main>

Reviewed commits have been landed. Closing PR #11614 and removing active labels.
Comment 4 Ryan Haddad 2023-03-17 09:57:56 PDT 
This test was added with https://commits.webkit.org/261623@main, the test has been asserting from the start.
Comment 5 Ryan Haddad 2023-03-17 10:01:45 PDT 

*** This bug has been marked as a duplicate of bug 254030 ***
Comment 6 Ryan Haddad 2023-03-17 10:03:11 PDT 
The change responsible was reverted in https://commits.webkit.org/261755@main>
Comment 7 Ryan Haddad 2023-03-17 10:03:36 PDT 
*** Bug 254030 has been marked as a duplicate of this bug. ***