Bug 111663 - Make RuleData support up to 8191 selectors
Summary: Make RuleData support up to 8191 selectors
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Android Android
: P1 Blocker
Assignee: Nobody
Depends on:
Reported: 2013-03-06 19:04 PST by Philippe Liard
Modified: 2013-03-06 20:56 PST (History)
8 users (show)

See Also:

Patch (1.82 KB, patch)
2013-03-06 19:24 PST, Philippe Liard
no flags Details | Formatted Diff | Diff
Patch (1.86 KB, patch)
2013-03-06 20:02 PST, Philippe Liard
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe Liard 2013-03-06 19:04:47 PST
r125294 made RuleData consume less memory by replacing a pointer with an index encoded on 12 bits.

This unfortunately breaks Chrome for Android when it is used with Adblock plus which injects a lot of CSS. This leads to blank pages on page load and is caused by an integer overflow when |m_selectorIndex| (encoded on 12 bits) is set.
Comment 1 Andreas Kling 2013-03-06 19:11:21 PST
You can probably steal a bit from RuleData::m_position without causing much trouble.
Comment 2 Philippe Liard 2013-03-06 19:20:52 PST
Yes, I'm uploading a patch doing this right now. Thanks for the quick response. The other approach could also be to use the least significant bit of |m_rule| which is a pointer in case |m_position| cannot be shrunk (should be fine IMO).
Comment 3 Philippe Liard 2013-03-06 19:24:41 PST
Created attachment 191896 [details]
Comment 4 Philippe Liard 2013-03-06 19:25:40 PST
I've just uploaded a patch. FYI, here is the corresponding Chromium bug: https://code.google.com/p/chromium/issues/detail?id=172276.
Comment 5 Andreas Kling 2013-03-06 19:28:49 PST
Comment on attachment 191896 [details]

We should look into the calculation of m_specificity at some point, it's very likely that it can be compressed to a much smaller value that won't have us scrambling for single bits like this.
Comment 6 Philippe Liard 2013-03-06 19:33:00 PST
Thanks guys, that was quick! I agree that things can probably be improved here although I'm not familiar with this code at all.
Comment 7 WebKit Review Bot 2013-03-06 19:50:07 PST
Comment on attachment 191896 [details]

Rejecting attachment 191896 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=webkit-commit-queue.appspot.com', '--bot-id=gce-cq-01', 'validate-changelog', '--non-interactive', 191896, '--port=chromium-xvfb']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue

/mnt/git/webkit-commit-queue/Source/WebCore/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive).

Full output: http://webkit-commit-queue.appspot.com/results/17064151
Comment 8 Philippe Liard 2013-03-06 20:02:33 PST
Created attachment 191902 [details]
Comment 9 Philippe Liard 2013-03-06 20:03:56 PST
Sorry guys for the missing 'Reviewed by' line. I have just uploaded an updated patch.
Comment 10 WebKit Review Bot 2013-03-06 20:56:46 PST
Comment on attachment 191902 [details]

Clearing flags on attachment: 191902

Committed r145034: <http://trac.webkit.org/changeset/145034>
Comment 11 WebKit Review Bot 2013-03-06 20:56:50 PST
All reviewed patches have been landed.  Closing bug.