RESOLVED FIXED 60111
webkit crash opening JavaScript typed arrays matrix library benchmark 
https://bugs.webkit.org/show_bug.cgi?id=60111
Summary webkit crash opening JavaScript typed arrays matrix library benchmark
Stephen Bannasch
Reported 2011-05-03 19:00:50 PDT
Created attachment 92183 [details] webkit crash log I've been maintaining a benchmark library comparing performance of a series of JavaScript libraries for doing matrix operations. Most of these libraries use JavaScript typed arrays which spun out of the WebGL standard,. You can run the benchmarks here: http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html Right now when I open this page with WebKit nightly: 85595 it crashes. These used to work in WebKit nightly ... much more slowly than in Chrome or Minefield, but they worked. FYI: this is how fast they run on Minefield: https://img.skitch.com/20110504-qbt1ajmg948jay37nasfwhtg2a.jpg The repository for the source code is: https://github.com/stepheneb/webgl-matrix-benchmarks There were some recent changes -- I'll see if older versions of the matrix benchmarks worked and if a specific commit is causing the problem for WebKit nightly I'll report back here.
Attachments
webkit crash log (76.94 KB, text/plain)
2011-05-03 19:00 PDT, Stephen Bannasch 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-05-04 11:15:38 PDT
Do you happen to now when this started? Debug mode stack trace: Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000100db62f5 JSC::JSValue::toBoolean(JSC::ExecState*) const + 173 (JSCell.h:290) 1 com.apple.JavaScriptCore 0x0000000100e7765f cti_op_jtrue + 76 (JITStubs.cpp:2846) 2 com.apple.JavaScriptCore 0x0000000100e76d2d jscGeneratedNativeCode + 0 (JITStubs.cpp:951) 3 com.apple.JavaScriptCore 0x0000000100e58c3f JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 73 (JITCode.h:77) 4 com.apple.JavaScriptCore 0x0000000100e53a98 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1124 (Interpreter.cpp:838) 5 com.apple.JavaScriptCore 0x0000000100ded265 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 167 (CallData.cpp:39) 6 com.apple.WebCore 0x000000010246876f WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 87 (JSMainThreadExecState.h:48) 7 com.apple.WebCore 0x000000010227b20c WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 418 (ScheduledAction.cpp:110) 8 com.apple.WebCore 0x000000010227b7d6 WebCore::ScheduledAction::execute(WebCore::Document*) + 294 (ScheduledAction.cpp:133) 9 com.apple.WebCore 0x000000010227b8ac WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) + 84 (ScheduledAction.cpp:80) 10 com.apple.WebCore 0x00000001019e070e WebCore::DOMTimer::fired() + 420 (DOMTimer.cpp:150)
Geoffrey Garen
Comment 2 2011-05-04 11:53:29 PDT
<rdar://problem/9383724>
Stephen Bannasch
Comment 3 2011-05-04 12:11:23 PDT
I don't know when it started to stop working. I do know it worked on 4/21/11 using Webkit Nightly (84467) See this message: http://groups.google.com/group/cc-developers/browse_thread/thread/3c81590d3269a03d
Stephen Bannasch
Comment 4 2011-05-04 19:58:47 PDT
Testing on webkit 85764 it is this commit ii my webgl-matrix-benchmarks by Gregg Tavares where webkit starts crashing: https://github.com/stepheneb/webgl-matrix-benchmarks/commit/26f1f74783297a50c8faf555ff7919a0c865684 commit 26f1f74783297a50c8faf555ff7919a0c8656840 Author: Gregg Tavares <gman@chromium.org> Date: Tue May 3 09:12:44 2011 -0700 Changed random matrices to use more reasonable values. The old ones used Math.random()*100 which makes really bogus matrices. Multiplying 99 times itself 20000 times (the count for the tests) overflows. The doubles turn into 'infinity'. So I changed them all to make a more reasonable matrix of the type that would be seen in a real app.
Stephen Bannasch
Comment 5 2011-05-06 12:21:44 PDT
I just tested again with 85949 and the benchmark here works now: http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html That's using this commit: https://github.com/stepheneb/webgl-matrix-benchmarks/commit/6192455274e8056024d3ba8f88b1be6d7315282a It's strange that the closure benchmarks mostly fail -- this is reported when the numerical results don't match what is expected. They pass on Chrome, FF v4.01 and Minefield Nightly. It's also disappointing that the speed is about 6 times slower than Minefield Nightly.
Geoffrey Garen
Comment 6 2011-05-06 17:02:08 PDT
> I just tested again with 85949 and the benchmark here works now: > > http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html Sounds like this issue is fixed.
Note You need to log in before you can comment on or make changes to this bug.