RESOLVED FIXED 43707
REGRESSION: Hang logging into Google Analytics 
https://bugs.webkit.org/show_bug.cgi?id=43707
Summary REGRESSION: Hang logging into Google Analytics
mijnmsndus
Reported 2010-08-09 01:01:53 PDT
Webkit hangs on loading Google Analytics. I go into the profile page where it hangs in a loop. I can reproduce a crasjhlog and console is empty too after force quit
Attachments
Sample taken while WebKit r65398 hangs on Google Analytics (45.71 KB, text/plain)
2010-08-17 00:53 PDT, Jude Venn 		no flags
Details
Patch to constrain the size of Array backing data. (2.46 KB, patch)
2010-08-23 15:02 PDT, Michael Saboff 		ggaren: review-
DetailsFormatted DiffDiff
Patch to constrain Array backing store (2.47 KB, patch)
2010-08-24 11:19 PDT, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
mijnmsndus
Comment 1 2010-08-09 01:03:58 PDT
* can't get a crashlog i meant
Alexey Proskuryakov
Comment 2 2010-08-11 03:09:59 PDT
Could you please attach a sample of the hanging process? You can get one by running "sample Safari" command in Terminal, or via Activity Monitor graphical user interface.
Jude Venn
Comment 3 2010-08-17 00:53:36 PDT
Created attachment 64559 [details] Sample taken while WebKit r65398 hangs on Google Analytics Taken while viewing https://www.google.com/analytics/settings/home when already logged in to my Google account. WebKit hangs, after 10 seconds or so everything bogs down (webkit not responding, other apps very slow to respond). WebKit then either crashes or requires force quit.
Alexey Proskuryakov
Comment 4 2010-08-17 01:03:38 PDT
2305 cti_op_put_by_val 2305 JSC::JSArray::putSlowCase(JSC::ExecState*, unsigned int, JSC::JSValue) 2302 JSC::JSArray::putSlowCase(JSC::ExecState*, unsigned int, JSC::JSValue) 3 WTF::tryFastRealloc(void*, unsigned long)
Geoffrey Garen
Comment 5 2010-08-17 10:19:12 PDT
I can reproduce this in a WebKit nightly build but not Safari 5.0.1.
Geoffrey Garen
Comment 6 2010-08-17 10:19:57 PDT
<rdar://problem/8319413>
Michael Saboff
Comment 7 2010-08-23 15:02:32 PDT
Created attachment 65165 [details] Patch to constrain the size of Array backing data. Safari was hanging due to the large, but sparse array that Google Analytics creates. This patch bounds the vector size of sparse arrays to MIN_SPARSE_ARRAY_INDEX which is currently 10000.
Geoffrey Garen
Comment 8 2010-08-23 16:51:49 PDT
Michael mentioned that this patch is a .38% regression overall on SunSpider, mostly due to nsieve, but a .19% speedup on v8.
Geoffrey Garen
Comment 9 2010-08-23 16:53:35 PDT
Comment on attachment 65165 [details] Patch to constrain the size of Array backing data. I think it's worth trying 100000 as a limit to see if it can avoid the SunSpider regression. Ultimately, we want a better array growth policy that allows for large contiguous arrays but sniffs out sparse arrays -- but that task is probably worth a separate bug.
Michael Saboff
Comment 10 2010-08-24 11:19:27 PDT
Created attachment 65299 [details] Patch to constrain Array backing store Similar to the prior patch with the exception that this patch limits the initial vector size to 100,000 elements instead of 10,000 coded in the prior patch. The large value provides performance on SunSpider and V8 benchmarks equivalent to before the change.
Geoffrey Garen
Comment 11 2010-08-24 11:21:58 PDT
Comment on attachment 65299 [details] Patch to constrain Array backing store r=me
WebKit Commit Bot
Comment 12 2010-08-25 04:03:48 PDT
Comment on attachment 65299 [details] Patch to constrain Array backing store Clearing flags on attachment: 65299 Committed r66004: <http://trac.webkit.org/changeset/66004>
WebKit Commit Bot
Comment 13 2010-08-25 04:03:54 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 14 2010-08-25 09:49:05 PDT
*** Bug 44606 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.