Created attachment 170413 [details] Patch

http://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/1394 http://build.webkit.org/builders/Apple%20Lion%20Release%20%28Perf%29/builds/6382

Comment on attachment 170413 [details] Patch You can land this without a review. But we do need a proper regression fix in JSC.

Committed r132362: <http://trac.webkit.org/changeset/132362>

Reopen since I landed only the skip.

This is a regression from http://trac.webkit.org/changeset/131982 so it should probably in the JSC component unless we find that the JSC changeset only revealed an existing SVG bug.

Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it.

(In reply to comment #7) > Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it. Unfortunately run-perf-tests doesn't report the stack trace :(

(In reply to comment #8) > (In reply to comment #7) > > Is there a backtrace anywhere? It'd be easier to figure out whether this was an underlying SVG bug or if the JSC patch caused it. > > Unfortunately run-perf-tests doesn't report the stack trace :( Oh my, is this the stacktrace? ASSERTION FAILED: (*it)->shadowTreeElement()->correspondingElement() /Users/progers7/Desktop/webkit/Source/WebCore/svg/SVGElementInstance.cpp(138) : static void WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement *) 1 0x111f04cd3 WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*) 2 0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 3 0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 4 0x111fd5d08 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&) 5 0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*) 6 0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*) 7 0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource() 8 0x111fd5c35 WebCore::SVGUseElement::svgAttributeChanged(WebCore::QualifiedName const&) 9 0x111ee3b7c WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget(WebCore::SVGElement*) 10 0x111fd661b WebCore::SVGUseElement::buildShadowAndInstanceTree(WebCore::SVGElement*) 11 0x111fd5ff8 WebCore::SVGUseElement::buildPendingResource() 12 0x111fd5e06 WebCore::SVGUseElement::willRecalcStyle(WebCore::Node::StyleChange) 13 0x110d7356e WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 14 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 15 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 16 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 17 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 18 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 19 0x110d73f31 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) 20 0x110b41876 WebCore::Document::recalcStyle(WebCore::Node::StyleChange) 21 0x110b4204c WebCore::Document::updateStyleIfNeeded() 22 0x111f04ebd WebCore::SVGElementInstance::invalidateAllInstancesOfElement(WebCore::SVGElement*) 23 0x111e994f8 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 24 0x111e98365 WebCore::SVGElementInstance::InvalidationGuard::~InvalidationGuard() 25 0x111fbaba1 WebCore::SVGStyledTransformableElement::svgAttributeChanged(WebCore::QualifiedName const&) 26 0x111f4a3f7 WebCore::SVGGElement::svgAttributeChanged(WebCore::QualifiedName const&) 27 0x111efa879 WebCore::SVGElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&) 28 0x110d75719 WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) 29 0x110d756c0 WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) 30 0x110d79459 WebCore::Element::setAttributeInternal(unsigned long, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) 31 0x110d714c8 WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&, int&)

I got this: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000107c75082 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 16706 (DFGRegisterBank.h:215) 1 com.apple.JavaScriptCore 0x0000000107c491dc JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 2988 (DFGSpeculativeJIT.cpp:1635) 2 com.apple.JavaScriptCore 0x0000000107c49921 JSC::DFG::SpeculativeJIT::compile() + 113 (DFGSpeculativeJIT.cpp:1744) 3 com.apple.JavaScriptCore 0x0000000107c2e2ff JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 543 (OwnPtr.h:74) 4 com.apple.JavaScriptCore 0x0000000107c285ae JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 830 (DFGDriver.cpp:155) 5 com.apple.JavaScriptCore 0x0000000107c2826d JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 29 (DFGDriver.cpp:173) 6 com.apple.JavaScriptCore 0x0000000107c9ec25 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::WriteBarrier<JSC::SharedSymbolTable>&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 325 (OwnPtr.h:72) 7 com.apple.JavaScriptCore 0x0000000107c9d66f JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) + 287 (ExecutionHarness.h:64) 8 com.apple.JavaScriptCore 0x0000000107cf1f8d cti_optimize + 237 (JITStubs.cpp:2029) 9 ??? 0x0000269d377ff547 0 + 42456682853703 10 com.apple.JavaScriptCore 0x0000000107caccf4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 548 (JSValueInlineMethods.h:360) 11 com.apple.JavaScriptCore 0x0000000107befb15 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39) 12 com.apple.WebCore 0x00000001086226bf WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 143 (JSMainThreadExecState.h:56) 13 com.apple.WebCore 0x000000010862239f WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 591 (JSCallbackData.cpp:78) 14 com.apple.WebCore 0x00000001087c62e9 WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 233 (JSRequestAnimationFrameCallbackCustom.cpp:50) 15 com.apple.WebCore 0x0000000108b76f6d WebCore::ScriptedAnimationController::serviceScriptedAnimations(double) + 413 (InspectorInstrumentation.h:257) 16 com.apple.WebCore 0x000000010825c819 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 329 (DisplayRefreshMonitor.cpp:112) 17 com.apple.JavaScriptCore 0x0000000107e61baa WTF::dispatchFunctionsFromMainThread() + 266 (MainThread.cpp:156) 18 com.apple.Foundation 0x00007fff899ba677 __NSThreadPerformPerform + 225 19 com.apple.CoreFoundation 0x00007fff91186101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 20 com.apple.CoreFoundation 0x00007fff91185a25 __CFRunLoopDoSources0 + 245 21 com.apple.CoreFoundation 0x00007fff911a8dc5 __CFRunLoopRun + 789 22 com.apple.CoreFoundation 0x00007fff911a86b2 CFRunLoopRunSpecific + 290 23 com.apple.HIToolbox 0x00007fff90ea10a4 RunCurrentEventLoopInMode + 209 24 com.apple.HIToolbox 0x00007fff90ea0e42 ReceiveNextEventCommon + 356 25 com.apple.HIToolbox 0x00007fff90ea0cd3 BlockUntilNextEventMatchingListInMode + 62 26 com.apple.AppKit 0x00007fff919b0613 _DPSNextEvent + 685 27 com.apple.AppKit 0x00007fff919afed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 28 com.apple.AppKit 0x00007fff919a7283 -[NSApplication run] + 517 29 com.apple.WebCore 0x0000000108b66273 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36) 30 com.apple.WebKit2 0x000000010776aa8b WebKit::WebProcessMain(WebKit::CommandLine const&) + 3888 (WebProcessMainMac.mm:190) 31 com.apple.WebKit2 0x0000000107715370 WebKitMain + 324 (WebKitMain.cpp:58) 32 com.apple.WebProcess 0x0000000107639e7b main + 214 (MainMacProcess.cpp:69) 33 libdyld.dylib 0x00007fff8bcf77e1 start + 1