Bug 217108

Summary: CSS Selector an-plus-b serialization is incorrect
Product: WebKit Reporter: Keith Miller <keith_miller>
Component: New BugsAssignee: Keith Miller <keith_miller>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, keith_miller, macpherson, menard, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
ews-feeder: commit-queue-
Patch
none
Patch
none
Patch
none
Patch none

Keith Miller
Reported 2020-09-29 15:56:50 PDT
CSS Selector an-plus-b serialization is incorrect
Attachments
Patch (12.64 KB, patch)
2020-09-29 16:01 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (12.61 KB, patch)
2020-09-29 16:16 PDT, Keith Miller 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (13.49 KB, patch)
2020-09-29 18:04 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (13.70 KB, patch)
2020-09-30 10:20 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (13.35 KB, patch)
2020-09-30 15:34 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (13.41 KB, patch)
2020-09-30 15:39 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2020-09-29 16:01:41 PDT
Created attachment 410063 [details] Patch
Sam Weinig
Comment 2 2020-09-29 16:15:23 PDT
Comment on attachment 410063 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=410063&action=review > Source/WebCore/css/parser/CSSSelectorParser.cpp:763 > + if (!ab.first) > + return commonVM().numericStrings.add(ab.second); Why is the JS VM involved here? That seems almost certainly wrong.
Keith Miller
Comment 3 2020-09-29 16:16:53 PDT
Created attachment 410064 [details] Patch
Keith Miller
Comment 4 2020-09-29 16:19:38 PDT
Comment on attachment 410063 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=410063&action=review >> Source/WebCore/css/parser/CSSSelectorParser.cpp:763 >> + return commonVM().numericStrings.add(ab.second); > > Why is the JS VM involved here? That seems almost certainly wrong. Would recommend reading the ChangeLog :P
Keith Miller
Comment 5 2020-09-29 18:04:17 PDT
Created attachment 410077 [details] Patch
Keith Miller
Comment 6 2020-09-30 10:20:09 PDT
Created attachment 410134 [details] Patch
Sam Weinig
Comment 7 2020-09-30 13:47:34 PDT
(In reply to Keith Miller from comment #4) > Comment on attachment 410063 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=410063&action=review > > >> Source/WebCore/css/parser/CSSSelectorParser.cpp:763 > >> + return commonVM().numericStrings.add(ab.second); > > > > Why is the JS VM involved here? That seems almost certainly wrong. > > Would recommend reading the ChangeLog :P This doesn't seem like a good idea to me. In general, I don't think utilizing internal data structures of JavaScriptCore outside of the bindings (and the purpose driven JITs) is a good idea in WebCore code. If this optimization is really needed, we should probably find a way to make it work without involving JSC.
Keith Miller
Comment 8 2020-09-30 15:33:33 PDT
Comment on attachment 410063 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=410063&action=review >>>> Source/WebCore/css/parser/CSSSelectorParser.cpp:763 >>>> + return commonVM().numericStrings.add(ab.second); >>> >>> Why is the JS VM involved here? That seems almost certainly wrong. >> >> Would recommend reading the ChangeLog :P > > This doesn't seem like a good idea to me. In general, I don't think utilizing internal data structures of JavaScriptCore outside of the bindings (and the purpose driven JITs) is a good idea in WebCore code. If this optimization is really needed, we should probably find a way to make it work without involving JSC. I don't know if I would call this an internal data structure of JSC anymore than the AtomicString table is an internal JSC data structure. That said, I did it mostly because I figured it would be simple enough, so I'm happy to remove it.
Keith Miller
Comment 9 2020-09-30 15:34:20 PDT
Created attachment 410158 [details] Patch
Keith Miller
Comment 10 2020-09-30 15:39:47 PDT
Created attachment 410159 [details] Patch
EWS
Comment 11 2020-09-30 17:13:48 PDT
Committed r267812: <https://trac.webkit.org/changeset/267812> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410159 [details].
Radar WebKit Bug Importer
Comment 12 2020-09-30 17:14:19 PDT
<rdar://problem/69815393>
Note You need to log in before you can comment on or make changes to this bug.