Bug 124177

Summary: REGRESSION (r158014): Many webpages throw stack overflow exceptions on iOS (because Parser::parseMemberExpression uses ~130K more stack)
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, msaboff, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://apple.com
Attachments:
Description Flags
Patch msaboff: review+

Michael Saboff
Reported 2013-11-11 17:40:05 PST
The introduction of StringPrintStream as well as WTFString variables in http://trac.webkit.org/changeset/158014 in the error handling macros caused an increase in the stack space needed by Parser<LexerType>::parseMemberExpression. On a X86 32 bit build, the size of the frame for parseMemberExpression (ebp - esp) is 82+K. According to disassembly of parseMemberExpression, counting the number of StringPrintStream constructor calls we end up with 336. Each of these appears to be allocated on the stack and has a static buffer of 128 bytes. There are also 1348 calls to the String() destructor. Each of the strings is a RefPtr and a StringImpl, which also appear to be allocated on the stack. Moving the StringPrintStream in the error macros to a member of the Parser class reduced the frame size to ~36K. Even after the reduction we still get a "RangeError: Maximum call stack size exceeded.” JSC exception.
Attachments
Patch (9.23 KB, patch)
2013-11-13 11:01 PST, Oliver Hunt 		msaboff: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2013-11-11 18:40:47 PST
hurk, i'll look into pushing that code out of the arser functions
Geoffrey Garen
Comment 2 2013-11-12 11:36:55 PST
<rdar://problem/15450444>
Oliver Hunt
Comment 3 2013-11-13 11:01:20 PST
Created attachment 216821 [details] Patch
Oliver Hunt
Comment 4 2013-11-13 11:10:26 PST
Committed r159210: <http://trac.webkit.org/changeset/159210>
Note You need to log in before you can comment on or make changes to this bug.