Bug 204687 - CSS Rules with the same selector from several large stylesheets are applied in the wrong order
Summary: CSS Rules with the same selector from several large stylesheets are applied i...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: Safari 13
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-11-28 10:20 PST by Anton Khlynovskiy
Modified: 2020-02-04 07:31 PST (History)
9 users (show)

See Also:

Attachments
Error reproduction demo and a screenshot (220.68 KB, application/zip)
2019-11-28 10:20 PST, Anton Khlynovskiy 		no flags Details
Web Inspector Screenshot (212.64 KB, image/jpeg)
2019-11-28 10:55 PST, Anton Khlynovskiy 		no flags Details
patch (5.00 KB, patch)
2020-02-04 02:00 PST, Antti Koivisto 		no flags Details | Formatted Diff | Diff
patch (5.00 KB, patch)
2020-02-04 02:30 PST, Antti Koivisto 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Khlynovskiy 2019-11-28 10:20:43 PST 
Created attachment 384463 [details]
Error reproduction demo and a screenshot

In some cases rules with the same selector from the different stylesheets override each other in the wrong order.

It is reproduced with the large stylesheets (> 10000 rules, probably less) and is somehow related to the count of css rules in those stylesheets. Most noticeable the error is when the count of rules is near power of two.

The reproduction demo is attached to this issue, or can be accessed https://saf-rule-order.subzey.now.sh/dist/0x7fff/ or GitHub: https://github.com/subzey/saf-rule-order/tree/master/dist

There are 20 styleheets on a page. Each features a rule that sets the ::before contents on the body element. Other than these rules each sheet contains lots of other rules, so there are 32767 total (0x7FFF). The contents of these "dummy" rules doesn't matter, it can be even empty.

*Expected:*
Once all the selectors are the same, the rule from the last stylesheet should "win" and the body::before contents should be "Hello from 20.css".

*Actual Behavior:*
It says, "Hello from 09.css". The Inspector shows the order of rules application (see the attached screenshot) and it's totally random and does not reflect the DOM order of link elements.

This order is changed if the count of "dummy" rules is changed. https://saf-rule-order.subzey.now.sh/dist/0x8000/ 32768 rules yields "Hello from 16.css"
Comment 1 Anton Khlynovskiy 2019-11-28 10:55:14 PST 
Created attachment 384468 [details]
Web Inspector Screenshot
Comment 2 Radar WebKit Bug Importer 2019-11-28 11:42:03 PST 
<rdar://problem/57522566>
Comment 3 Simon Fraser (smfr) 2019-12-02 11:46:29 PST 
CSS JIT bug?
Comment 4 Antti Koivisto 2020-02-04 01:08:15 PST 
RuleData has

unsigned m_position : 18;

so if you have > 256k rules it will get confused about the order. The test consists of 32k rule sheets and fails as expected on 9th.
Comment 5 Antti Koivisto 2020-02-04 01:11:36 PST 
There are some free bits here so we can increment the limit some.
Comment 6 Antti Koivisto 2020-02-04 02:00:48 PST 
Created attachment 389643 [details]
patch
Comment 7 Antti Koivisto 2020-02-04 02:30:55 PST 
Created attachment 389646 [details]
patch
Comment 8 Andreas Kling 2020-02-04 04:14:57 PST 
Comment on attachment 389646 [details]
patch

r=me
Comment 9 EWS 2020-02-04 04:21:10 PST 
Comment on attachment 389646 [details]
patch

Rejecting attachment 389646 [details] from review queue.

kling@webkit.org does not have reviewer permissions according to https://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/contributors.json.

- If you do not have reviewer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags.

- If you have reviewer rights please correct the error in Tools/Scripts/webkitpy/common/config/contributors.json by adding yourself to the file (no review needed).  The commit-queue restarts itself every 2 hours.  After restart the commit-queue will correctly respect your reviewer rights.
Comment 10 Antti Koivisto 2020-02-04 04:33:42 PST 
sad face
Comment 11 Andreas Kling 2020-02-04 05:17:06 PST 
(In reply to Antti Koivisto from comment #10)
> sad face

Sorry about that. I didn’t know I had been demoted. Patch looks good fwiw.
Comment 12 zalan 2020-02-04 06:34:55 PST 
Comment on attachment 389646 [details]
patch

trust kling.
Comment 13 Antti Koivisto 2020-02-04 06:46:53 PST 
I did but the bot had doubts.
Comment 14 WebKit Commit Bot 2020-02-04 07:30:58 PST 
Comment on attachment 389646 [details]
patch

Clearing flags on attachment: 389646

Committed r255671: <https://trac.webkit.org/changeset/255671>
Comment 15 WebKit Commit Bot 2020-02-04 07:31:00 PST 
All reviewed patches have been landed.  Closing bug.