RESOLVED FIXED 69412
REGRESSION (r95399): Web process hangs when opening documents on Google Docs 
https://bugs.webkit.org/show_bug.cgi?id=69412
Summary REGRESSION (r95399): Web process hangs when opening documents on Google Docs
Juan Falgueras
Reported 2011-10-05 04:55:05 PDT
Entering in Google Doc (new interface at least) with Nightly Build hangs it.
Attachments
Safari WebContent sample (93.30 KB, text/plain)
2011-10-06 04:12 PDT, Juan Falgueras 		no flags
Details
Webkit sample (34.20 KB, text/plain)
2011-10-06 04:13 PDT, Juan Falgueras 		no flags
Details
the patch (7.47 KB, patch)
2011-10-10 13:36 PDT, Filip Pizlo 		oliver: review-
DetailsFormatted DiffDiff
the patch (6.44 KB, patch)
2011-10-10 13:51 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (7.58 KB, patch)
2011-10-10 15:14 PDT, Filip Pizlo 		oliver: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-10-05 23:38:53 PDT
I can open docs.google.com with r96636 without problem. What nightly build are you seeing this with? Could you please post more detailed steps to reproduce? Also could you please run "sample Safari" and "sample WebProcess" in command line, and attach the results if you can still reproduce this?
Juan Falgueras
Comment 2 2011-10-06 04:12:52 PDT
Created attachment 109943 [details] Safari WebContent sample
Juan Falgueras
Comment 3 2011-10-06 04:13:25 PDT
Created attachment 109944 [details] Webkit sample
Juan Falgueras
Comment 4 2011-10-06 04:13:38 PDT
The problem is not opening the Site, but a simple Document, My KBuild: r96792 If you get into any Doc it draws only its frame, but the contents (JavaScript related?) makes Knightly B. hang, irresponsive. After that (you must close the Gdoc via clicking the window close button) Webkit tells you you need to reload every page. Juan F.
Alexey Proskuryakov
Comment 5 2011-10-06 11:02:30 PDT
Thank you! This doesn't happen with every document, but I can now reproduce with <https://docs.google.com/document/d/1as5xYjyMSCph4960iz0-Kb7hZKf_L6f2vts57NMcVBI/edit?hl=en_US> (no login required). Regressed in <http://trac.webkit.org/changeset/95399>.
Filip Pizlo
Comment 6 2011-10-06 12:34:50 PDT
(In reply to comment #5) > Thank you! > > This doesn't happen with every document, but I can now reproduce with <https://docs.google.com/document/d/1as5xYjyMSCph4960iz0-Kb7hZKf_L6f2vts57NMcVBI/edit?hl=en_US> (no login required). > > Regressed in <http://trac.webkit.org/changeset/95399>. Thanks for zeroing in on this. I'll take a look!
Filip Pizlo
Comment 7 2011-10-10 13:07:20 PDT
*** Bug 69775 has been marked as a duplicate of this bug. ***
Filip Pizlo
Comment 8 2011-10-10 13:21:49 PDT
OK, looks like I see what's going on. The double case of ArithMin and ArithMax are totally broken. When the two values are equal, it adds them together. So Math.min(1.5, 1.5) == 3. The reason for the adding is to have efficient support for Math.min(1.5, NaN) and Math.min(NaN, 1.5). When the two values are unordered (either or both are NaN), Math.min() should return NaN. Easiest way to do that is if you know one is NaN (but you don't know *which* one) then you add the two numbers together, which is gauranteed to result in NaN. But the unordered case was erroneously being reached when the two values were equal. Patch forthcoming.
Filip Pizlo
Comment 9 2011-10-10 13:36:18 PDT
Created attachment 110392 [details] the patch
WebKit Review Bot
Comment 10 2011-10-10 13:38:30 PDT
Attachment 110392 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/fast..." exit_code: 1 Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:688: More than one command on the same line in if [whitespace/parens] [4] Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:707: More than one command on the same line in if [whitespace/parens] [4] Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:711: More than one command on the same line in if [whitespace/parens] [4] Total errors found: 3 in 9 files If any of these errors are false positives, please file a bug against check-webkit-style.
Oliver Hunt
Comment 11 2011-10-10 13:43:49 PDT
Comment on attachment 110392 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=110392&action=review >> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:688 >> + if (false) return false; > > More than one command on the same line in if [whitespace/parens] [4] This seems unlikely to be correct... >> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:707 >> + if (false) return false; > > More than one command on the same line in if [whitespace/parens] [4] :D >> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:711 >> + if (false) return false; > > More than one command on the same line in if [whitespace/parens] [4] :D > Source/JavaScriptCore/jit/JIT.cpp:540 > -#if ENABLE(DFG_JIT) > - if (m_canBeOptimized) > - m_startOfCode = label(); > +#if ENABLE(DFG_JIT) || ENABLE(JIT_VERBOSE) > + m_startOfCode = label(); Shouldn't this be if (m_canBeOptimized || ENABLE(JIT_VERBOSE)) ?
Filip Pizlo
Comment 12 2011-10-10 13:49:49 PDT
> >> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:688 > >> + if (false) return false; > > > > More than one command on the same line in if [whitespace/parens] [4] > > This seems unlikely to be correct… Ahhhh, that's embarrassing. > > Source/JavaScriptCore/jit/JIT.cpp:540 > > -#if ENABLE(DFG_JIT) > > - if (m_canBeOptimized) > > - m_startOfCode = label(); > > +#if ENABLE(DFG_JIT) || ENABLE(JIT_VERBOSE) > > + m_startOfCode = label(); > > Shouldn't this be if (m_canBeOptimized || ENABLE(JIT_VERBOSE)) ? The alternative scares me, and label() is free. I'm setting it whenever the field exists because otherwise you'd have something like: #if ENABLE(DFG_JIT) || ENABLE(JIT_VERBOSE) #if ENABLE(VALUE_PROFILER) if (m_canBeOptimized || ENABLE(JIT_VERBOSE)) #else if (true) #endif m_startOfCode = label(); #endif Or something like that. Problem is that m_canBeOptimized is a field that doesn't always exist, and m_startOfCode is also a field that doesn't always exist. I'd rather keep it simple.
Filip Pizlo
Comment 13 2011-10-10 13:51:42 PDT
Created attachment 110399 [details] the patch
Oliver Hunt
Comment 14 2011-10-10 14:17:00 PDT
Comment on attachment 110399 [details] the patch Have you verified that 32_64 is correct?
Filip Pizlo
Comment 15 2011-10-10 14:19:29 PDT
(In reply to comment #14) > (From update of attachment 110399 [details]) > Have you verified that 32_64 is correct? Of course not, because that would have been the sensible thing to do. New patch on the way...
Filip Pizlo
Comment 16 2011-10-10 15:14:41 PDT
Created attachment 110412 [details] the patch added 32_64 changes
Adam Barth
Comment 17 2011-10-15 01:50:04 PDT
Comment on attachment 110399 [details] the patch Cleared Oliver Hunt's review+ from obsolete attachment 110399 [details] so that this bug does not appear in http://webkit.org/pending-commit.
Filip Pizlo
Comment 18 2011-10-20 13:32:19 PDT
Landed in http://trac.webkit.org/changeset/97099
Note You need to log in before you can comment on or make changes to this bug.