Closed
Bug 1384625
Opened 7 years ago
Closed 7 years ago
stylo: heap write hazards under Servo_GetEmptyVariables
Categories
(Core :: CSS Parsing and Computation, enhancement, P1)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: rillian, Assigned: heycam)
References
Details
Attachments
(1 file, 1 obsolete file)
Bug 1384625 - Crash in ServoComputedValues::GetStyleVariables, which should never need to be called.
(deleted),
text/x-review-board-request
|
emilio
:
review+
|
Details |
Enabling stylo for the linux64 hazard build fails with an extra heap write entry:
[31.81s] #32 Analyzing Gecko_CalcStyleDifference ...
Error: External function
Location: Servo_GetEmptyVariables
Stack Trace:
_ZNK17ServoComputedData17GetStyleVariablesEv$nsStyleVariables* ServoComputedData:
:GetStyleVariables() const @ layout/style/ServoBindings.cpp#240
_ZN14nsStyleContext24ThreadsafeStyleVariablesEv$nsStyleVariables* nsStyleContext:
:ThreadsafeStyleVariables() @ obj-analyzed/dist/include/nsStyleStructList.h#80
_ZN14nsStyleContext19CalcStyleDifferenceEPS_PjS1_j$uint32 nsStyleContext::CalcSty
leDifference(nsStyleContext*, uint32*, uint32*, uint32) @ obj-analyzed/layout/sty le/nsStyleStructList.h#80 ### SafeArguments: aNewStyle aOldStyleBits
Gecko_CalcStyleDifference @ layout/style/ServoBindings.cpp#436 ### SafeArguments:
<arg3>
Maybe bug 1382964 missed some instances in the debug case? I can work around by disabling stylo for this target, but hopefully there's something simple we can do to remove the hazard.
Assignee | ||
Comment 1•7 years ago
|
||
Thanks, I think it should be safe just to add Servo_GetEmptyVariables to the whitelist.
Comment hidden (mozreview-request) |
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8890650 [details]
Bug 1384625 - Whitelist Servo_GetEmptyVariables from heap write analysis.
https://reviewboard.mozilla.org/r/161810/#review167226
r=me, though we should see which are the remaining callsites of this, and remove them.
Attachment #8890650 -
Flags: review?(emilio+bugs) → review+
Assignee | ||
Comment 4•7 years ago
|
||
Yeah, now that you mention it, we probably don't even call this. (But the analysis doesn't even know.) Let's try a try run just crashing in ServoComputedValues::GetStyleVariables instead: https://treeherder.mozilla.org/#/jobs?repo=try&revision=379349f95b544d13a1195656ac7204d79d769bea
Assignee | ||
Updated•7 years ago
|
Flags: needinfo?(cam)
Assignee | ||
Updated•7 years ago
|
Attachment #8890650 -
Attachment is obsolete: true
Comment hidden (mozreview-request) |
Assignee | ||
Comment 6•7 years ago
|
||
Flags: needinfo?(cam)
Comment 7•7 years ago
|
||
mozreview-review |
Comment on attachment 8890768 [details]
Bug 1384625 - Crash in ServoComputedValues::GetStyleVariables, which should never need to be called.
https://reviewboard.mozilla.org/r/161970/#review167266
We should remove the servo side too, but that can land independently.
::: layout/style/ServoBindings.cpp:240
(Diff revision 1)
> }
>
> const nsStyleVariables*
> ServoComputedData::GetStyleVariables() const
> {
> - return Servo_GetEmptyVariables();
> + MOZ_RELEASE_ASSERT(false, "ServoComputedData::GetStyleVariables should never "
Just `MOZ_CRASH(..)`?
Attachment #8890768 -
Flags: review?(emilio+bugs) → review+
Updated•7 years ago
|
Assignee: nobody → cam
Priority: -- → P1
Assignee | ||
Comment 8•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8890768 [details]
Bug 1384625 - Crash in ServoComputedValues::GetStyleVariables, which should never need to be called.
https://reviewboard.mozilla.org/r/161970/#review167266
I'll file a PR for that after this lands and assume your r+.
> Just `MOZ_CRASH(..)`?
And return nullptr afterwards? I guess that's OK.
Comment hidden (mozreview-request) |
Comment 10•7 years ago
|
||
Pushed by cmccormack@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/847e0a72b276
Crash in ServoComputedValues::GetStyleVariables, which should never need to be called. r=emilio
Comment 11•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•