Bug 100262 - REGRESSION(r131982): SVG/SvgNestedUse.html performancetest is crashing
Summary: REGRESSION(r131982): SVG/SvgNestedUse.html performancetest is crashing
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P1 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-24 09:10 PDT by Zoltan Horvath
Modified: 2012-10-24 13:10 PDT (History)
7 users (show)

See Also:

Attachments
Patch (1.09 KB, patch)
2012-10-24 09:13 PDT, Zoltan Horvath 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zoltan Horvath 2012-10-24 09:10:07 PDT 
Skip until proper fix.
Comment 1 Zoltan Horvath 2012-10-24 09:13:39 PDT 
Created attachment 170413 [details]
Patch
Comment 3 Ryosuke Niwa 2012-10-24 09:21:18 PDT 
Comment on attachment 170413 [details]
Patch

You can land this without a review. But we do need a proper regression fix in JSC.
Comment 4 Zoltan Horvath 2012-10-24 09:23:32 PDT 
Committed r132362: <http://trac.webkit.org/changeset/132362>
Comment 5 Zoltan Horvath 2012-10-24 09:24:03 PDT 
Reopen since I landed only the skip.
Comment 6 Ryosuke Niwa 2012-10-24 09:25:13 PDT 
This is a regression from http://trac.webkit.org/changeset/131982 so it should probably in the JSC component unless we find that the JSC changeset only revealed an existing SVG bug.
Comment 7 Mark Hahnenberg 2012-10-24 10:02:25 PDT 
Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it.
Comment 8 Ryosuke Niwa 2012-10-24 10:29:45 PDT 
(In reply to comment #7)
> Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it.

Unfortunately run-perf-tests doesn't report the stack trace :(
Comment 9 Philip Rogers 2012-10-24 12:05:59 PDT 
(In reply to comment #8)
> (In reply to comment #7)
> > Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it.
> 
> Unfortunately run-perf-tests doesn't report the stack trace :(

Oh my, is this the stacktrace?
ASSERTION FAILED: (*it)->shadowTreeElement()->correspondingElement()
/Users/progers7/Desktop/webkit/Source/WebCore/svg/SVGElementInstance.cpp(138) : static void WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement *)
1   0x111f04cd3 WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*)
2   0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard()
3   0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard()
4   0x111fd5d08 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&)
5   0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*)
6   0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*)
7   0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource()
8   0x111fd5c35 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&)
9   0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*)
10  0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*)
11  0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource()
12  0x111fd5e06 WebCore::SVGUseElement::willRecalcStyle(WebCore::Node::StyleChange)
13  0x110d7356e WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
14  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
15  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
16  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
17  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
18  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
19  0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
20  0x110b41876 WebCore::Document::recalcStyle(WebCore::Node::StyleChange)
21  0x110b4204c WebCore::Document::updateStyleIfNeeded()
22  0x111f04ebd WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*)
23  0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard()
24  0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard()
25  0x111fbaba1 WebCore::SVGStyledTransformableElement::svgAttributeChanged(WebCore::QualifiedName const&)
26  0x111f4a3f7 WebCore::SVGGElement::svgAttributeChanged(WebCore::QualifiedName const&)
27  0x111efa879 WebCore::SVGElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&)
28  0x110d75719 WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&)
29  0x110d756c0 WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute)
30  0x110d79459 WebCore::Element::setAttributeInternal(unsigned long, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute)
31  0x110d714c8 WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&, int&)
Comment 10 Ryosuke Niwa 2012-10-24 13:10:04 PDT 
I got this:


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000107c75082 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 16706 (DFGRegisterBank.h:215)
1   com.apple.JavaScriptCore      	0x0000000107c491dc JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 2988 (DFGSpeculativeJIT.cpp:1635)
2   com.apple.JavaScriptCore      	0x0000000107c49921 JSC::DFG::SpeculativeJIT::compile() + 113 (DFGSpeculativeJIT.cpp:1744)
3   com.apple.JavaScriptCore      	0x0000000107c2e2ff JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 543 (OwnPtr.h:74)
4   com.apple.JavaScriptCore      	0x0000000107c285ae JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 830 (DFGDriver.cpp:155)
5   com.apple.JavaScriptCore      	0x0000000107c2826d JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 29 (DFGDriver.cpp:173)
6   com.apple.JavaScriptCore      	0x0000000107c9ec25 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::WriteBarrier<JSC::SharedSymbolTable>&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 325 (OwnPtr.h:72)
7   com.apple.JavaScriptCore      	0x0000000107c9d66f JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) + 287 (ExecutionHarness.h:64)
8   com.apple.JavaScriptCore      	0x0000000107cf1f8d cti_optimize + 237 (JITStubs.cpp:2029)
9   ???                           	0x0000269d377ff547 0 + 42456682853703
10  com.apple.JavaScriptCore      	0x0000000107caccf4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548 (JSValueInlineMethods.h:360)
11  com.apple.JavaScriptCore      	0x0000000107befb15 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39)
12  com.apple.WebCore             	0x00000001086226bf WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 143 (JSMainThreadExecState.h:56)
13  com.apple.WebCore             	0x000000010862239f WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 591 (JSCallbackData.cpp:78)
14  com.apple.WebCore             	0x00000001087c62e9 WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 233 (JSRequestAnimationFrameCallbackCustom.cpp:50)
15  com.apple.WebCore             	0x0000000108b76f6d WebCore::ScriptedAnimationController::serviceScriptedAnimations(double) + 413 (InspectorInstrumentation.h:257)
16  com.apple.WebCore             	0x000000010825c819 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 329 (DisplayRefreshMonitor.cpp:112)
17  com.apple.JavaScriptCore      	0x0000000107e61baa WTF::dispatchFunctionsFromMainThread() + 266 (MainThread.cpp:156)
18  com.apple.Foundation          	0x00007fff899ba677 __NSThreadPerformPerform + 225
19  com.apple.CoreFoundation      	0x00007fff91186101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
20  com.apple.CoreFoundation      	0x00007fff91185a25 __CFRunLoopDoSources0 + 245
21  com.apple.CoreFoundation      	0x00007fff911a8dc5 __CFRunLoopRun + 789
22  com.apple.CoreFoundation      	0x00007fff911a86b2 CFRunLoopRunSpecific + 290
23  com.apple.HIToolbox           	0x00007fff90ea10a4 RunCurrentEventLoopInMode + 209
24  com.apple.HIToolbox           	0x00007fff90ea0e42 ReceiveNextEventCommon + 356
25  com.apple.HIToolbox           	0x00007fff90ea0cd3 BlockUntilNextEventMatchingListInMode + 62
26  com.apple.AppKit              	0x00007fff919b0613 _DPSNextEvent + 685
27  com.apple.AppKit              	0x00007fff919afed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
28  com.apple.AppKit              	0x00007fff919a7283 -[NSApplication run] + 517
29  com.apple.WebCore             	0x0000000108b66273 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36)
30  com.apple.WebKit2             	0x000000010776aa8b WebKit::WebProcessMain(WebKit::CommandLine const&) + 3888 (WebProcessMainMac.mm:190)
31  com.apple.WebKit2             	0x0000000107715370 WebKitMain + 324 (WebKitMain.cpp:58)
32  com.apple.WebProcess          	0x0000000107639e7b main + 214 (MainMacProcess.cpp:69)
33  libdyld.dylib                 	0x00007fff8bcf77e1 start + 1