Bug 131022 - [GTK][Cmake] Enable CSS JIT
Summary: [GTK][Cmake] Enable CSS JIT
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on: 131040
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-01 01:57 PDT by Sergio Villar Senin
Modified: 2014-04-03 02:24 PDT (History)
6 users (show)

See Also:


Attachments
Patch (1.13 KB, patch)
2014-04-01 04:26 PDT, Javier Fernandez
no flags Details | Formatted Diff | Diff
CSS JIT output (8.49 KB, text/plain)
2014-04-02 02:40 PDT, Sergio Villar Senin
no flags Details
Patch (1.15 KB, patch)
2014-04-03 01:39 PDT, Javier Fernandez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sergio Villar Senin 2014-04-01 01:57:25 PDT
We have to do the same as the EFL guys did in https://bugs.webkit.org/show_bug.cgi?id=131010
Comment 1 Javier Fernandez 2014-04-01 04:26:56 PDT
Created attachment 228266 [details]
Patch
Comment 2 Martin Robinson 2014-04-01 07:02:29 PDT
Comment on attachment 228266 [details]
Patch

Let's try it!
Comment 3 WebKit Commit Bot 2014-04-01 07:33:10 PDT
Comment on attachment 228266 [details]
Patch

Clearing flags on attachment: 228266

Committed r166583: <http://trac.webkit.org/changeset/166583>
Comment 4 WebKit Commit Bot 2014-04-01 07:33:14 PDT
All reviewed patches have been landed.  Closing bug.
Comment 5 Sergio Villar Senin 2014-04-01 08:52:14 PDT
I'm experiencing very frequent crashes in the WebProcess since this landed.
Comment 6 Martin Robinson 2014-04-01 08:53:28 PDT
Can you post a stack trace?
Comment 7 Sergio Villar Senin 2014-04-01 08:58:09 PDT
(In reply to comment #6)
> Can you post a stack trace?

Program received signal SIGSEGV, Segmentation fault.
0x00007fd97800877f in ?? ()
(gdb) bt
#0  0x00007fd97800877f in ?? ()
#1  0x00007fd9d2550110 in ?? () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#2  0x00007fd9d254ddb0 in ?? () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#3  0x00007fd9d254e350 in ?? () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#4  0x00007fd95d0b9930 in ?? ()
#5  0x0000000000000005 in ?? ()
#6  0x00007fd95d0b9900 in ?? ()
#7  0x00007fd95d142b40 in ?? ()
#8  0x00007fd9d051432e in WebCore::ElementRuleCollector::collectMatchingRulesForList(WTF::Vector<WebCore::RuleData, 0ul, WTF::CrashOnOverflow> const*, WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#9  0x00007fd9d0514d6b in WebCore::ElementRuleCollector::collectMatchingRules(WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#10 0x00007fd9d05152c0 in WebCore::ElementRuleCollector::matchUARules(WebCore::RuleSet*) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#11 0x00007fd9d0515326 in WebCore::ElementRuleCollector::matchUARules() () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#12 0x00007fd9d051538d in WebCore::ElementRuleCollector::matchAllRules(bool, bool) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#13 0x00007fd9d055615d in WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#14 0x00007fd9d0dac4f0 in WebCore::Style::styleForElement(WebCore::Element&, WebCore::ContainerNode&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#15 0x00007fd9d0dace18 in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#16 0x00007fd9d0dacf49 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#17 0x00007fd9d0dac99c in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#18 0x00007fd9d0dacf49 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#19 0x00007fd9d0dac99c in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#20 0x00007fd9d0dacf49 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#21 0x00007fd9d0dac99c in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#22 0x00007fd9d0dacf49 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#23 0x00007fd9d0dac99c in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#24 0x00007fd9d0dacf49 in WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#25 0x00007fd9d0dac99c in WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#26 0x00007fd9d0dad657 in WebCore::Style::resolveTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#27 0x00007fd9d0dad44a in WebCore::Style::resolveTree(WebCore::Element&, WebCore::ContainerNode&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#28 0x00007fd9d0dae6f0 in WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#29 0x00007fd9d0599168 in WebCore::Document::recalcStyle(WebCore::Style::Change) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#30 0x00007fd9d05996c7 in WebCore::Document::updateStyleIfNeeded() () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#31 0x00007fd9d05997cb in WebCore::Document::updateLayout() () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#32 0x00007fd9d059a523 in WebCore::Document::updateLayoutIgnorePendingStylesheets() () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#33 0x00007fd9d05bc039 in WebCore::Element::offsetHeight() () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#34 0x00007fd9d11f7f54 in WebCore::jsElementOffsetHeight(JSC::ExecState*, JSC::JSObject*, long, JSC::PropertyName) () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#35 0x00007fd9d283aedb in JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-3.0.so.0
#36 0x00007fd9d2ba6769 in llint_slow_path_get_by_id () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-3.0.so.0
#37 0x00007fd9d2bb16bc in llint_op_get_by_id () from /opt/checkout/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-3.0.so.0
Comment 8 Sergio Villar Senin 2014-04-01 08:58:34 PDT
Bots are also reporting crashes when running layout tests
Comment 9 WebKit Commit Bot 2014-04-01 09:01:53 PDT
Re-opened since this is blocked by bug 131040
Comment 10 Benjamin Poulain 2014-04-01 10:20:03 PDT
Damn, that is odd.
Can you find which libraries are at the missing addresses? The backtrace does not make much sense to me, the compiled code should only ever reenter WebKit.

Could you please set CSS_SELECTOR_JIT_DEBUGGING to 1 in SelectorCompiler.cpp, run the test again, and attach the output here?
Comment 11 Sergio Villar Senin 2014-04-02 02:39:08 PDT
A couple of backtraces got with a release build (Debug builds do not crash)

Program received signal SIGSEGV, Segmentation fault.
WebCore::SelectorCompiler::attributeValueMatchHyphenRule<(WebCore::SelectorCompiler::CaseSensitivity)0> (attribute=0x7ffff7e29a88, expectedString=0xf7e29a88) at ../../Source/WebCore/cssjit/SelectorCompiler.cpp:1247
1247	    if (valueImpl.length() < expectedString->length())
(gdb) bt
#0  WebCore::SelectorCompiler::attributeValueMatchHyphenRule<(WebCore::SelectorCompiler::CaseSensitivity)0> (attribute=0x7ffff7e29a88, expectedString=0xf7e29a88) at ../../Source/WebCore/cssjit/SelectorCompiler.cpp:1247
#1  0x00007fff9bfff34e in ?? ()
#2  0x0000000000bdcdd8 in ?? ()
#3  0x00007ffff740e670 in ?? () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#4  0x00007ffff74099d0 in ?? () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff9b7fc700 (LWP 25709)]
0x00007ffff54256b1 in attributeValueMatchHyphenRule<(WebCore::SelectorCompiler::CaseSensitivity)0> () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
(gdb) bt
#0  0x00007ffff54256b1 in attributeValueMatchHyphenRule<(WebCore::SelectorCompiler::CaseSensitivity)0> () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#1  0x00007fff9bfff34e in ?? ()
#2  0x0000000000d49678 in ?? ()
#3  0x00007ffff740e670 in ?? () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
#4  0x00007ffff74099d0 in ?? () from /home/sergio/checkout/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-3.0.so.25
Comment 12 Sergio Villar Senin 2014-04-02 02:40:02 PDT
Created attachment 228378 [details]
CSS JIT output
Comment 13 Benjamin Poulain 2014-04-02 14:30:32 PDT
(In reply to comment #12)
> Created an attachment (id=228378) [details]
> CSS JIT output

Thanks for the debugging infos.

From the generated code you attached, it looks like the code generation for function calls has a bug. I believe https://bugs.webkit.org/show_bug.cgi?id=131129 should address the issue (if not, it should at least crash at compile time and provide us more information).

Can you please try again with r166666 applied?
Comment 14 Javier Fernandez 2014-04-03 01:39:26 PDT
Created attachment 228490 [details]
Patch
Comment 15 Sergio Villar Senin 2014-04-03 01:45:23 PDT
Comment on attachment 228490 [details]
Patch

Go go go
Comment 16 WebKit Commit Bot 2014-04-03 02:23:57 PDT
Comment on attachment 228490 [details]
Patch

Clearing flags on attachment: 228490

Committed r166708: <http://trac.webkit.org/changeset/166708>
Comment 17 WebKit Commit Bot 2014-04-03 02:24:01 PDT
All reviewed patches have been landed.  Closing bug.