Bug 131292

Summary: CSS JIT: change the node flags directly instead of using function calls when possible
Product: WebKit Reporter: Benjamin Poulain <benjamin>
Component: New BugsAssignee: Benjamin Poulain <benjamin>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, cmarcelo, commit-queue, esprehn+autocc, kangil.han, kling, ossy, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from webkit-ews-11 for mac-mountainlion-wk2
none
Archive of layout-test-results from webkit-ews-06 for mac-mountainlion
none
Patch none

Benjamin Poulain
Reported 2014-04-06 20:56:17 PDT
CSS JIT: change the node flags directly instead of using function calls when possible
Attachments
Patch (11.85 KB, patch)
2014-04-06 20:58 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-11 for mac-mountainlion-wk2 (648.67 KB, application/zip)
2014-04-06 22:14 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from webkit-ews-06 for mac-mountainlion (565.40 KB, application/zip)
2014-04-06 22:41 PDT, Build Bot 		no flags
Details
Patch (11.21 KB, patch)
2014-04-06 22:49 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2014-04-06 20:58:16 PDT
Created attachment 228716 [details] Patch
Build Bot
Comment 2 2014-04-06 22:14:39 PDT
Comment on attachment 228716 [details] Patch Attachment 228716 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/4578053791416320 New failing tests: platform/mac/fast/scrolling/scroll-iframe-latched-mainframe.html fast/css/first-letter-capitalized-edit-select-crash.html http/tests/misc/acid3.html fast/css/dynamic-pseudo-class.html platform/mac/fast/scrolling/scroll-div-latched-mainframe.html platform/mac/fast/scrolling/scroll-select-latched-mainframe.html
Build Bot
Comment 3 2014-04-06 22:14:42 PDT
Created attachment 228719 [details] Archive of layout-test-results from webkit-ews-11 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-11 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Build Bot
Comment 4 2014-04-06 22:41:17 PDT
Comment on attachment 228716 [details] Patch Attachment 228716 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/5766457283575808 New failing tests: fast/css/dynamic-pseudo-class.html fast/css/first-letter-capitalized-edit-select-crash.html http/tests/misc/acid3.html
Build Bot
Comment 5 2014-04-06 22:41:20 PDT
Created attachment 228720 [details] Archive of layout-test-results from webkit-ews-06 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-06 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Benjamin Poulain
Comment 6 2014-04-06 22:49:41 PDT
Created attachment 228721 [details] Patch
WebKit Commit Bot
Comment 7 2014-04-07 01:53:15 PDT
Comment on attachment 228721 [details] Patch Clearing flags on attachment: 228721 Committed r166870: <http://trac.webkit.org/changeset/166870>
WebKit Commit Bot
Comment 8 2014-04-07 01:53:19 PDT
All reviewed patches have been landed. Closing bug.
Csaba Osztrogonác
Comment 9 2014-04-07 04:58:04 PDT
(In reply to comment #7) > (From update of attachment 228721 [details]) > Clearing flags on attachment: 228721 > > Committed r166870: <http://trac.webkit.org/changeset/166870> It made Dromaeo/cssquery-dojo.html crash on the Mountain Lion and the EFL performance bots. Could you check this regression?
Benjamin Poulain
Comment 10 2014-04-07 11:03:45 PDT
(In reply to comment #9) > (In reply to comment #7) > > (From update of attachment 228721 [details] [details]) > > Clearing flags on attachment: 228721 > > > > Committed r166870: <http://trac.webkit.org/changeset/166870> > > It made Dromaeo/cssquery-dojo.html crash on the Mountain Lion > and the EFL performance bots. Could you check this regression? Yep. Do you have a backtrace of the crash?
Csaba Osztrogonác
Comment 11 2014-04-07 11:55:58 PDT
No, I don't have any backtrace. And I don't have time to debug the regression your patch caused.
Csaba Osztrogonác
Comment 12 2014-04-07 11:59:58 PDT
check - http://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/8542 - http://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/1559 It seems the EFL bot provides some kind of backtrace: Running Dromaeo/cssquery-dojo.html (46 of 128) error: Dromaeo/cssquery-dojo.html 1 0x7f775df41ae0 2 0x7f775e2cbff0 3 0x7f775dac18a7 JSC::speculationFromCell(JSC::JSCell*) 4 0x7f775dbc76c3 JSC::DFG::PredictionPropagationPhase::propagate(JSC::DFG::Node*) 5 0x7f775dbc9456 bool JSC::DFG::runAndLog<JSC::DFG::PredictionPropagationPhase>(JSC::DFG::PredictionPropagationPhase&) 6 0x7f775dbc9f1e JSC::DFG::performPredictionPropagation(JSC::DFG::Graph&) 7 0x7f775dbc6376 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) 8 0x7f775dbc6837 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) 9 0x7f775db58674 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) 10 0x7f775dce8c29 11 0x7f770402f5d7 FAILED Finished: 600.570791 s
Benjamin Poulain
Comment 13 2014-04-07 13:01:15 PDT
I doubt that crash is related to this patch. This JIT has nothing to do with the DFG JIT.
Csaba Osztrogonác
Comment 14 2014-04-08 05:05:58 PDT
I checked the bot history, it seems this patch is unrelated, the crash was present before it. Sorry for blaming you. I filed a new bug report about the regression: https://bugs.webkit.org/show_bug.cgi?id=131356
Note You need to log in before you can comment on or make changes to this bug.