100262 2012-10-24 09:10:07 -0700 REGRESSION(r131982): SVG/SvgNestedUse.html performancetest is crashing 2012-10-24 13:10:04 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified NEW P1 Normal --- 1 zoltan webkit-unassigned fpizlo mhahnenberg pdr rniwa schenney zimmermann zoltan oldest_to_newest 749728 0 zoltan 2012-10-24 09:10:07 -0700 Skip until proper fix. 749733 1 170413 zoltan 2012-10-24 09:13:39 -0700 Created attachment 170413 Patch 749735 2 rniwa 2012-10-24 09:18:25 -0700 http://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/1394 http://build.webkit.org/builders/Apple%20Lion%20Release%20%28Perf%29/builds/6382 749740 3 170413 rniwa 2012-10-24 09:21:18 -0700 Comment on attachment 170413 Patch You can land this without a review. But we do need a proper regression fix in JSC. 749741 4 zoltan 2012-10-24 09:23:32 -0700 Committed r132362: <http://trac.webkit.org/changeset/132362> 749742 5 zoltan 2012-10-24 09:24:03 -0700 Reopen since I landed only the skip. 749743 6 rniwa 2012-10-24 09:25:13 -0700 This is a regression from http://trac.webkit.org/changeset/131982 so it should probably in the JSC component unless we find that the JSC changeset only revealed an existing SVG bug. 749761 7 mhahnenberg 2012-10-24 10:02:25 -0700 Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it. 749793 8 rniwa 2012-10-24 10:29:45 -0700 (In reply to comment #7) > Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it. Unfortunately run-perf-tests doesn't report the stack trace :( 749895 9 pdr 2012-10-24 12:05:59 -0700 (In reply to comment #8) > (In reply to comment #7) > > Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it. > > Unfortunately run-perf-tests doesn't report the stack trace :( Oh my, is this the stacktrace? ASSERTION FAILED: (*it)->shadowTreeElement()->correspondingElement() /Users/progers7/Desktop/webkit/Source/WebCore/svg/SVGElementInstance.cpp(138) : static void WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement *) 1 0x111f04cd3 WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*) 2 0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 3 0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 4 0x111fd5d08 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&) 5 0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*) 6 0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*) 7 0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource() 8 0x111fd5c35 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&) 9 0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*) 10 0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*) 11 0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource() 12 0x111fd5e06 WebCore::SVGUseElement::willRecalcStyle(WebCore::Node::StyleChange) 13 0x110d7356e WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 14 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 15 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 16 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 17 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 18 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 19 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 20 0x110b41876 WebCore::Document::recalcStyle(WebCore::Node::StyleChange) 21 0x110b4204c WebCore::Document::updateStyleIfNeeded() 22 0x111f04ebd WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*) 23 0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 24 0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 25 0x111fbaba1 WebCore::SVGStyledTransformableElement::svgAttributeChanged(WebCore::QualifiedName const&) 26 0x111f4a3f7 WebCore::SVGGElement::svgAttributeChanged(WebCore::QualifiedName const&) 27 0x111efa879 WebCore::SVGElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&) 28 0x110d75719 WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) 29 0x110d756c0 WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) 30 0x110d79459 WebCore::Element::setAttributeInternal(unsigned long, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) 31 0x110d714c8 WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&, int&) 749959 10 rniwa 2012-10-24 13:10:04 -0700 I got this: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000107c75082 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 16706 (DFGRegisterBank.h:215) 1 com.apple.JavaScriptCore 0x0000000107c491dc JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 2988 (DFGSpeculativeJIT.cpp:1635) 2 com.apple.JavaScriptCore 0x0000000107c49921 JSC::DFG::SpeculativeJIT::compile() + 113 (DFGSpeculativeJIT.cpp:1744) 3 com.apple.JavaScriptCore 0x0000000107c2e2ff JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 543 (OwnPtr.h:74) 4 com.apple.JavaScriptCore 0x0000000107c285ae JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 830 (DFGDriver.cpp:155) 5 com.apple.JavaScriptCore 0x0000000107c2826d JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 29 (DFGDriver.cpp:173) 6 com.apple.JavaScriptCore 0x0000000107c9ec25 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::WriteBarrier<JSC::SharedSymbolTable>&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 325 (OwnPtr.h:72) 7 com.apple.JavaScriptCore 0x0000000107c9d66f JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) + 287 (ExecutionHarness.h:64) 8 com.apple.JavaScriptCore 0x0000000107cf1f8d cti_optimize + 237 (JITStubs.cpp:2029) 9 ??? 0x0000269d377ff547 0 + 42456682853703 10 com.apple.JavaScriptCore 0x0000000107caccf4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548 (JSValueInlineMethods.h:360) 11 com.apple.JavaScriptCore 0x0000000107befb15 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39) 12 com.apple.WebCore 0x00000001086226bf WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 143 (JSMainThreadExecState.h:56) 13 com.apple.WebCore 0x000000010862239f WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 591 (JSCallbackData.cpp:78) 14 com.apple.WebCore 0x00000001087c62e9 WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 233 (JSRequestAnimationFrameCallbackCustom.cpp:50) 15 com.apple.WebCore 0x0000000108b76f6d WebCore::ScriptedAnimationController::serviceScriptedAnimations(double) + 413 (InspectorInstrumentation.h:257) 16 com.apple.WebCore 0x000000010825c819 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 329 (DisplayRefreshMonitor.cpp:112) 17 com.apple.JavaScriptCore 0x0000000107e61baa WTF::dispatchFunctionsFromMainThread() + 266 (MainThread.cpp:156) 18 com.apple.Foundation 0x00007fff899ba677 __NSThreadPerformPerform + 225 19 com.apple.CoreFoundation 0x00007fff91186101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 20 com.apple.CoreFoundation 0x00007fff91185a25 __CFRunLoopDoSources0 + 245 21 com.apple.CoreFoundation 0x00007fff911a8dc5 __CFRunLoopRun + 789 22 com.apple.CoreFoundation 0x00007fff911a86b2 CFRunLoopRunSpecific + 290 23 com.apple.HIToolbox 0x00007fff90ea10a4 RunCurrentEventLoopInMode + 209 24 com.apple.HIToolbox 0x00007fff90ea0e42 ReceiveNextEventCommon + 356 25 com.apple.HIToolbox 0x00007fff90ea0cd3 BlockUntilNextEventMatchingListInMode + 62 26 com.apple.AppKit 0x00007fff919b0613 _DPSNextEvent + 685 27 com.apple.AppKit 0x00007fff919afed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 28 com.apple.AppKit 0x00007fff919a7283 -[NSApplication run] + 517 29 com.apple.WebCore 0x0000000108b66273 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36) 30 com.apple.WebKit2 0x000000010776aa8b WebKit::WebProcessMain(WebKit::CommandLine const&) + 3888 (WebProcessMainMac.mm:190) 31 com.apple.WebKit2 0x0000000107715370 WebKitMain + 324 (WebKitMain.cpp:58) 32 com.apple.WebProcess 0x0000000107639e7b main + 214 (MainMacProcess.cpp:69) 33 libdyld.dylib 0x00007fff8bcf77e1 start + 1 170413 2012-10-24 09:13:39 -0700 2012-10-24 09:21:18 -0700 Patch bug-100262-20121024091214.patch text/plain 1116 zoltan U3VidmVyc2lvbiBSZXZpc2lvbjogMTMyMzYwCmRpZmYgLS1naXQgYS9QZXJmb3JtYW5jZVRlc3Rz L0NoYW5nZUxvZyBiL1BlcmZvcm1hbmNlVGVzdHMvQ2hhbmdlTG9nCmluZGV4IDdmMmFiYTkzOTE5 ZjE3N2FhNTkwMTA4OTMyN2ViMWQ3YzYxNWUyNDQuLjVlYTY3NTI0MDk2N2UzNGZlZmM4ODFiMzhj ZjllZjg3MTlhMzM1OGIgMTAwNjQ0Ci0tLSBhL1BlcmZvcm1hbmNlVGVzdHMvQ2hhbmdlTG9nCisr KyBiL1BlcmZvcm1hbmNlVGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQgQEAKKzIwMTItMTAt MjQgIFpvbHRhbiBIb3J2YXRoICA8em9sdGFuQHdlYmtpdC5vcmc+CisKKyAgICAgICAgU2tpcCBT VkcvU3ZnTmVzdGVkVXNlLmh0bWwgcGVyZm9ybWFuY2V0ZXN0IHNpbmNlIGl0IGlzIGNyYXNoaW5n CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMDAyNjIK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBTa2lwIHVu dGlsIHByb3BlciBmaXguCisKKyAgICAgICAgKiBTa2lwcGVkOiBBZGQgU1ZHL1N2Z05lc3RlZFVz ZS5odG1sCisKIDIwMTItMTAtMjMgIFpvbHRhbiBIb3J2YXRoICA8em9sdGFuQHdlYmtpdC5vcmc+ CiAKICAgICAgICAgU3RvcmUgdGhlIGxvYWRlZCBmaWxlIGxvY2FsbHkgaW4gbWVhc3VyZVBhZ2VM b2FkVGltZQpkaWZmIC0tZ2l0IGEvUGVyZm9ybWFuY2VUZXN0cy9Ta2lwcGVkIGIvUGVyZm9ybWFu Y2VUZXN0cy9Ta2lwcGVkCmluZGV4IGJhNzI4NTc5MTA0MzA3Zjg2NWMzNGE2MjUzNDViNzYwYjE1 NjNlYWYuLjIxNTUxODEyZmYxOGE2ZjY1NTkwYWQ2NTQyODAxZWQzNTA2ZWEyOGYgMTAwNjQ0Ci0t LSBhL1BlcmZvcm1hbmNlVGVzdHMvU2tpcHBlZAorKysgYi9QZXJmb3JtYW5jZVRlc3RzL1NraXBw ZWQKQEAgLTU4LDMgKzU4LDYgQEAgRHJvbWFlby92OC1yaWNoYXJkcy5odG1sCiAjIEJ1ZyA3NzAy NCAtIFdlYiBJbnNwZWN0b3I6IHRlc3RzIGluIFBlcmZvcm1hbmNlVGVzdHMvaW5zcGVjdG9yLyBh cmUgdGltaW5nIG91dAogaW5zcGVjdG9yCiAKKyMgQnVnIDEwMDI2MiAtIFRoaXMgdGVzdCBpcyBj cmFzaGluZworU1ZHL1N2Z05lc3RlZFVzZS5odG1sCisK