Bug 60111 - webkit crash opening JavaScript typed arrays matrix library benchmark
Summary: webkit crash opening JavaScript typed arrays matrix library benchmark
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.6
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-05-03 19:00 PDT by Stephen Bannasch
Modified: 2011-05-06 17:02 PDT (History)
6 users (show)

See Also:

Attachments
webkit crash log (76.94 KB, text/plain)
2011-05-03 19:00 PDT, Stephen Bannasch 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Bannasch 2011-05-03 19:00:50 PDT 
Created attachment 92183 [details]
webkit crash log

I've been maintaining a benchmark library comparing performance of a series of JavaScript libraries for doing matrix operations. Most of these libraries use JavaScript typed arrays which spun out of the WebGL standard,.

You can run the benchmarks here: http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html

Right now when I open this page with WebKit nightly: 85595 it crashes.

These used to work in WebKit nightly ... much more slowly than in Chrome or Minefield, but they worked.

FYI: this is how fast they run on Minefield: https://img.skitch.com/20110504-qbt1ajmg948jay37nasfwhtg2a.jpg

The repository for the source code is: https://github.com/stepheneb/webgl-matrix-benchmarks

There were some recent changes -- I'll see if older versions of the matrix benchmarks worked and if a specific commit is causing the problem for WebKit nightly I'll report back here.
Comment 1 Alexey Proskuryakov 2011-05-04 11:15:38 PDT 
Do you happen to now when this started?

Debug mode stack trace:

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000100db62f5 JSC::JSValue::toBoolean(JSC::ExecState*) const + 173 (JSCell.h:290)
1   com.apple.JavaScriptCore      	0x0000000100e7765f cti_op_jtrue + 76 (JITStubs.cpp:2846)
2   com.apple.JavaScriptCore      	0x0000000100e76d2d jscGeneratedNativeCode + 0 (JITStubs.cpp:951)
3   com.apple.JavaScriptCore      	0x0000000100e58c3f JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 73 (JITCode.h:77)
4   com.apple.JavaScriptCore      	0x0000000100e53a98 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1124 (Interpreter.cpp:838)
5   com.apple.JavaScriptCore      	0x0000000100ded265 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 167 (CallData.cpp:39)
6   com.apple.WebCore             	0x000000010246876f WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 87 (JSMainThreadExecState.h:48)
7   com.apple.WebCore             	0x000000010227b20c WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 418 (ScheduledAction.cpp:110)
8   com.apple.WebCore             	0x000000010227b7d6 WebCore::ScheduledAction::execute(WebCore::Document*) + 294 (ScheduledAction.cpp:133)
9   com.apple.WebCore             	0x000000010227b8ac WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) + 84 (ScheduledAction.cpp:80)
10  com.apple.WebCore             	0x00000001019e070e WebCore::DOMTimer::fired() + 420 (DOMTimer.cpp:150)
Comment 2 Geoffrey Garen 2011-05-04 11:53:29 PDT 
<rdar://problem/9383724>
Comment 3 Stephen Bannasch 2011-05-04 12:11:23 PDT 
I don't know when it started to stop working.

I do know it worked on 4/21/11 using Webkit Nightly (84467) 

See this message: http://groups.google.com/group/cc-developers/browse_thread/thread/3c81590d3269a03d
Comment 4 Stephen Bannasch 2011-05-04 19:58:47 PDT 
Testing on webkit 85764 it is this commit ii my webgl-matrix-benchmarks by Gregg Tavares where webkit starts crashing:

https://github.com/stepheneb/webgl-matrix-benchmarks/commit/26f1f74783297a50c8faf555ff7919a0c865684

commit 26f1f74783297a50c8faf555ff7919a0c8656840
Author: Gregg Tavares <gman@chromium.org>
Date:   Tue May 3 09:12:44 2011 -0700

    Changed random matrices to use more reasonable values.
    
    The old ones used Math.random()*100 which makes really bogus
    matrices. Multiplying 99 times itself 20000 times (the count
    for the tests) overflows. The doubles turn into 'infinity'.
    So I changed them all to make a more reasonable matrix of the
    type that would be seen in a real app.
Comment 5 Stephen Bannasch 2011-05-06 12:21:44 PDT 
I just tested again with 85949 and the benchmark here works now:

http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html

That's using this commit:

https://github.com/stepheneb/webgl-matrix-benchmarks/commit/6192455274e8056024d3ba8f88b1be6d7315282a

It's strange that the closure benchmarks mostly fail -- this is reported when the numerical results don't match what is expected. They pass on Chrome, FF v4.01 and Minefield Nightly.

It's also disappointing that the speed is about 6 times slower than Minefield Nightly.
Comment 6 Geoffrey Garen 2011-05-06 17:02:08 PDT 
> I just tested again with 85949 and the benchmark here works now:
> 
> http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html

Sounds like this issue is fixed.