Yes, there is a call to `drop_slow`: ``` (lldb) disas -a 0x0000000005b70fd3 XUL`Servo_SupportsRule_GetRules: XUL[0x5b70f20] <+0>: pushq %rbp XUL[0x5b70f21] <+1>: movq %rsp, %rbp XUL[0x5b70f24] <+4>: pushq %r15 XUL[0x5b70f26] <+6>: pushq %r14 XUL[0x5b70f28] <+8>: pushq %rbx XUL[0x5b70f29] <+9>: subq $0x58, %rsp XUL[0x5b70f2d] <+13>: movq %rsi, %r14 XUL[0x5b70f30] <+16>: movq %rdi, %rbx XUL[0x5b70f33] <+19>: leaq 0x1b6eb9e(%rip), %rax ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) XUL[0x5b70f3a] <+26>: movq %rax, -0x28(%rbp) XUL[0x5b70f3e] <+30>: movq 0x1b6ebab(%rip), %rax ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) + 24 XUL[0x5b70f45] <+37>: cmpq $0x3, %rax XUL[0x5b70f49] <+41>: jne 0x5b70fe9 ; <+201> XUL[0x5b70f4f] <+47>: movq -0x28(%rbp), %rax XUL[0x5b70f53] <+51>: cmpb $0x2, 0x10(%rax) XUL[0x5b70f57] <+55>: je 0x5b7101e ; <+254> XUL[0x5b70f5d] <+61>: movq (%rax), %r15 XUL[0x5b70f60] <+64>: testq %r15, %r15 XUL[0x5b70f63] <+67>: je 0x5b7103b ; <+283> XUL[0x5b70f69] <+73>: movabsq $-0x8000000000000000, %rcx ; imm = 0x8000000000000000 XUL[0x5b70f73] <+83>: xorl %eax, %eax XUL[0x5b70f75] <+85>: lock XUL[0x5b70f76] <+86>: cmpxchgq %rcx, 0x8(%r15) XUL[0x5b70f7b] <+91>: jne 0x5b71047 ; <+295> XUL[0x5b70f81] <+97>: movq (%rbx), %rax XUL[0x5b70f84] <+100>: testq %rax, %rax XUL[0x5b70f87] <+103>: je 0x5b71023 ; <+259> XUL[0x5b70f8d] <+109>: cmpq %rax, %r15 XUL[0x5b70f90] <+112>: jne 0x5b71023 ; <+259> XUL[0x5b70f96] <+118>: movq -0x8(%r14), %rax XUL[0x5b70f9a] <+122>: addq $-0x8, %r14 XUL[0x5b70f9e] <+126>: cmpq $-0x1, %rax XUL[0x5b70fa2] <+130>: je 0x5b70fae ; <+142> XUL[0x5b70fa4] <+132>: lock XUL[0x5b70fa5] <+133>: incq (%r14) XUL[0x5b70fa8] <+136>: jle 0x5b710bc ; <+412> XUL[0x5b70fae] <+142>: movq 0x28(%rbx), %rax XUL[0x5b70fb2] <+146>: addq $0x28, %rbx XUL[0x5b70fb6] <+150>: movq (%rax), %rcx XUL[0x5b70fb9] <+153>: cmpq $-0x1, %rcx XUL[0x5b70fbd] <+157>: je 0x5b70fd3 ; <+179> XUL[0x5b70fbf] <+159>: lock XUL[0x5b70fc0] <+160>: decq (%rax) XUL[0x5b70fc3] <+163>: jne 0x5b70fd3 ; <+179> XUL[0x5b70fc5] <+165>: movq (%rbx), %rax XUL[0x5b70fc8] <+168>: movq (%rax), %rax XUL[0x5b70fcb] <+171>: movq %rbx, %rdi XUL[0x5b70fce] <+174>: callq 0x5af1210 ; servo_arc::Arc$LT$T$GT$::drop_slow::h5bfb4b1675d356ee XUL[0x5b70fd3] <+179>: movq %r14, (%rbx) XUL[0x5b70fd6] <+182>: movq $0x0, 0x8(%r15) XUL[0x5b70fde] <+190>: addq $0x58, %rsp XUL[0x5b70fe2] <+194>: popq %rbx XUL[0x5b70fe3] <+195>: popq %r14 XUL[0x5b70fe5] <+197>: popq %r15 XUL[0x5b70fe7] <+199>: popq %rbp XUL[0x5b70fe8] <+200>: retq XUL[0x5b70fe9] <+201>: leaq -0x28(%rbp), %rax XUL[0x5b70fed] <+205>: movq %rax, -0x38(%rbp) XUL[0x5b70ff1] <+209>: leaq -0x38(%rbp), %rax XUL[0x5b70ff5] <+213>: movq %rax, -0x68(%rbp) XUL[0x5b70ff9] <+217>: leaq 0x1b6eaf0(%rip), %rdi ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) + 24 XUL[0x5b71000] <+224>: leaq 0x1b1bd71(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.85.llvm.15187239529951727520 XUL[0x5b71007] <+231>: leaq -0x68(%rbp), %rsi XUL[0x5b7100b] <+235>: callq 0x5f24d50 ; std::sync::once::Once::call_inner::h3f5b185bfe61a1f0 (.llvm.15187239529951727520) XUL[0x5b71010] <+240>: movq -0x28(%rbp), %rax XUL[0x5b71014] <+244>: cmpb $0x2, 0x10(%rax) XUL[0x5b71018] <+248>: jne 0x5b70f5d ; <+61> XUL[0x5b7101e] <+254>: callq 0x5edf530 ; lazy_static::lazy::unreachable_unchecked::h77f590b606dfa998 (.llvm.15187239529951727520) XUL[0x5b71023] <+259>: leaq 0x80d97e(%rip), %rdi ; str.C.4618 + 104 XUL[0x5b7102a] <+266>: leaq 0x1b1b447(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.29.llvm.15187239529951727520 + 19440 XUL[0x5b71031] <+273>: movl $0x51, %esi XUL[0x5b71036] <+278>: callq 0x5ad5920 ; std::panicking::begin_panic::h753c026e2313fa3b (.llvm.15187239529951727520) XUL[0x5b7103b] <+283>: leaq 0x1b268d6(%rip), %rdi ; anon.0f09dff20376d92cc45253bc08e814bf.166.llvm.15187239529951727520 XUL[0x5b71042] <+290>: callq 0x5f2bf80 ; core::panicking::panic::haf72db49750c28ab (.llvm.15187239529951727520) XUL[0x5b71047] <+295>: xorl %ecx, %ecx XUL[0x5b71049] <+297>: testq %rax, %rax XUL[0x5b7104c] <+300>: setns %cl XUL[0x5b7104f] <+303>: leaq 0x80c631(%rip), %rax ; anon.20480550abd40f7c5a6ab6f2e04b754b.26.llvm.15187239529951727520 XUL[0x5b71056] <+310>: leaq 0x80c633(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.27.llvm.15187239529951727520 XUL[0x5b7105d] <+317>: cmovnsq %rax, %rdx XUL[0x5b71061] <+321>: leaq 0x7(%rcx,%rcx), %rax XUL[0x5b71066] <+326>: movq %rdx, -0x38(%rbp) XUL[0x5b7106a] <+330>: movq %rax, -0x30(%rbp) XUL[0x5b7106e] <+334>: leaq -0x38(%rbp), %rax XUL[0x5b71072] <+338>: movq %rax, -0x28(%rbp) XUL[0x5b71076] <+342>: leaq -0x3b970d(%rip), %rax ; _$LT$$RF$T$u20$as$u20$core..fmt..Display$GT$::fmt::h0031dc61ce6c65fd (.llvm.15187239529951727520) XUL[0x5b7107d] <+349>: movq %rax, -0x20(%rbp) XUL[0x5b71081] <+353>: leaq 0x1b167e0(%rip), %rax ; anon.20480550abd40f7c5a6ab6f2e04b754b.25.llvm.15187239529951727520 XUL[0x5b71088] <+360>: movq %rax, -0x68(%rbp) XUL[0x5b7108c] <+364>: movq $0x2, -0x60(%rbp) XUL[0x5b71094] <+372>: movq $0x0, -0x58(%rbp) XUL[0x5b7109c] <+380>: leaq -0x28(%rbp), %rax XUL[0x5b710a0] <+384>: movq %rax, -0x48(%rbp) XUL[0x5b710a4] <+388>: movq $0x1, -0x40(%rbp) XUL[0x5b710ac] <+396>: leaq 0x1b167d5(%rip), %rsi ; anon.20480550abd40f7c5a6ab6f2e04b754b.29.llvm.15187239529951727520 XUL[0x5b710b3] <+403>: leaq -0x68(%rbp), %rdi XUL[0x5b710b7] <+407>: callq 0x5f168c0 ; std::panicking::begin_panic_fmt::h50d17c3950ddfe2a (.llvm.15187239529951727520) XUL[0x5b710bc] <+412>: callq 0x5f251d0 ; std::process::abort::h1bde3ba12adc17b8 (.llvm.15187239529951727520) XUL[0x5b710c1] <+417>: nopw %cs:(%rax,%rax) XUL[0x5b710cb] <+427>: nopl (%rax,%rax) ``` Note that the right function in that stack is `Servo_SupportsRule_GetRules`, but that function is pretty similar to `Servo_StyleRule_GetStyle`, so I suspect the linker has unified them. However, those functions should not drop any arc. Looking around, it seems that the linker has also unified `Servo_StyleRule_SetRule` (which _does_ drop the `Arc<>`) too, since that symbol is at the same address. So I suspect that the LTO stuff has messed up, and has unified `Servo_SupportsRule_GetRules`, `Servo_StyleRule_GetStyle`, and `Servo_StyleRule_SetRule`. I think that explains those crashes. But I'm not sure I can debug further to figure out _why_ thinlto has unified those. Any idea?
Bug 1486042 Comment 63 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Yes, there is a call to `drop_slow`: ``` (lldb) disas -a 0x0000000005b70fd3 XUL`Servo_SupportsRule_GetRules: XUL[0x5b70f20] <+0>: pushq %rbp XUL[0x5b70f21] <+1>: movq %rsp, %rbp XUL[0x5b70f24] <+4>: pushq %r15 XUL[0x5b70f26] <+6>: pushq %r14 XUL[0x5b70f28] <+8>: pushq %rbx XUL[0x5b70f29] <+9>: subq $0x58, %rsp XUL[0x5b70f2d] <+13>: movq %rsi, %r14 XUL[0x5b70f30] <+16>: movq %rdi, %rbx XUL[0x5b70f33] <+19>: leaq 0x1b6eb9e(%rip), %rax ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) XUL[0x5b70f3a] <+26>: movq %rax, -0x28(%rbp) XUL[0x5b70f3e] <+30>: movq 0x1b6ebab(%rip), %rax ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) + 24 XUL[0x5b70f45] <+37>: cmpq $0x3, %rax XUL[0x5b70f49] <+41>: jne 0x5b70fe9 ; <+201> XUL[0x5b70f4f] <+47>: movq -0x28(%rbp), %rax XUL[0x5b70f53] <+51>: cmpb $0x2, 0x10(%rax) XUL[0x5b70f57] <+55>: je 0x5b7101e ; <+254> XUL[0x5b70f5d] <+61>: movq (%rax), %r15 XUL[0x5b70f60] <+64>: testq %r15, %r15 XUL[0x5b70f63] <+67>: je 0x5b7103b ; <+283> XUL[0x5b70f69] <+73>: movabsq $-0x8000000000000000, %rcx ; imm = 0x8000000000000000 XUL[0x5b70f73] <+83>: xorl %eax, %eax XUL[0x5b70f75] <+85>: lock XUL[0x5b70f76] <+86>: cmpxchgq %rcx, 0x8(%r15) XUL[0x5b70f7b] <+91>: jne 0x5b71047 ; <+295> XUL[0x5b70f81] <+97>: movq (%rbx), %rax XUL[0x5b70f84] <+100>: testq %rax, %rax XUL[0x5b70f87] <+103>: je 0x5b71023 ; <+259> XUL[0x5b70f8d] <+109>: cmpq %rax, %r15 XUL[0x5b70f90] <+112>: jne 0x5b71023 ; <+259> XUL[0x5b70f96] <+118>: movq -0x8(%r14), %rax XUL[0x5b70f9a] <+122>: addq $-0x8, %r14 XUL[0x5b70f9e] <+126>: cmpq $-0x1, %rax XUL[0x5b70fa2] <+130>: je 0x5b70fae ; <+142> XUL[0x5b70fa4] <+132>: lock XUL[0x5b70fa5] <+133>: incq (%r14) XUL[0x5b70fa8] <+136>: jle 0x5b710bc ; <+412> XUL[0x5b70fae] <+142>: movq 0x28(%rbx), %rax XUL[0x5b70fb2] <+146>: addq $0x28, %rbx XUL[0x5b70fb6] <+150>: movq (%rax), %rcx XUL[0x5b70fb9] <+153>: cmpq $-0x1, %rcx XUL[0x5b70fbd] <+157>: je 0x5b70fd3 ; <+179> XUL[0x5b70fbf] <+159>: lock XUL[0x5b70fc0] <+160>: decq (%rax) XUL[0x5b70fc3] <+163>: jne 0x5b70fd3 ; <+179> XUL[0x5b70fc5] <+165>: movq (%rbx), %rax XUL[0x5b70fc8] <+168>: movq (%rax), %rax XUL[0x5b70fcb] <+171>: movq %rbx, %rdi XUL[0x5b70fce] <+174>: callq 0x5af1210 ; servo_arc::Arc$LT$T$GT$::drop_slow::h5bfb4b1675d356ee XUL[0x5b70fd3] <+179>: movq %r14, (%rbx) XUL[0x5b70fd6] <+182>: movq $0x0, 0x8(%r15) XUL[0x5b70fde] <+190>: addq $0x58, %rsp XUL[0x5b70fe2] <+194>: popq %rbx XUL[0x5b70fe3] <+195>: popq %r14 XUL[0x5b70fe5] <+197>: popq %r15 XUL[0x5b70fe7] <+199>: popq %rbp XUL[0x5b70fe8] <+200>: retq XUL[0x5b70fe9] <+201>: leaq -0x28(%rbp), %rax XUL[0x5b70fed] <+205>: movq %rax, -0x38(%rbp) XUL[0x5b70ff1] <+209>: leaq -0x38(%rbp), %rax XUL[0x5b70ff5] <+213>: movq %rax, -0x68(%rbp) XUL[0x5b70ff9] <+217>: leaq 0x1b6eaf0(%rip), %rdi ; _$LT$style..global_style_data..GLOBAL_STYLE_DATA$u20$as$u20$core..ops..deref..Deref$GT$::deref::__stability::LAZY::hd2043aa93a146e3c (.llvm.15187239529951727520) + 24 XUL[0x5b71000] <+224>: leaq 0x1b1bd71(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.85.llvm.15187239529951727520 XUL[0x5b71007] <+231>: leaq -0x68(%rbp), %rsi XUL[0x5b7100b] <+235>: callq 0x5f24d50 ; std::sync::once::Once::call_inner::h3f5b185bfe61a1f0 (.llvm.15187239529951727520) XUL[0x5b71010] <+240>: movq -0x28(%rbp), %rax XUL[0x5b71014] <+244>: cmpb $0x2, 0x10(%rax) XUL[0x5b71018] <+248>: jne 0x5b70f5d ; <+61> XUL[0x5b7101e] <+254>: callq 0x5edf530 ; lazy_static::lazy::unreachable_unchecked::h77f590b606dfa998 (.llvm.15187239529951727520) XUL[0x5b71023] <+259>: leaq 0x80d97e(%rip), %rdi ; str.C.4618 + 104 XUL[0x5b7102a] <+266>: leaq 0x1b1b447(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.29.llvm.15187239529951727520 + 19440 XUL[0x5b71031] <+273>: movl $0x51, %esi XUL[0x5b71036] <+278>: callq 0x5ad5920 ; std::panicking::begin_panic::h753c026e2313fa3b (.llvm.15187239529951727520) XUL[0x5b7103b] <+283>: leaq 0x1b268d6(%rip), %rdi ; anon.0f09dff20376d92cc45253bc08e814bf.166.llvm.15187239529951727520 XUL[0x5b71042] <+290>: callq 0x5f2bf80 ; core::panicking::panic::haf72db49750c28ab (.llvm.15187239529951727520) XUL[0x5b71047] <+295>: xorl %ecx, %ecx XUL[0x5b71049] <+297>: testq %rax, %rax XUL[0x5b7104c] <+300>: setns %cl XUL[0x5b7104f] <+303>: leaq 0x80c631(%rip), %rax ; anon.20480550abd40f7c5a6ab6f2e04b754b.26.llvm.15187239529951727520 XUL[0x5b71056] <+310>: leaq 0x80c633(%rip), %rdx ; anon.20480550abd40f7c5a6ab6f2e04b754b.27.llvm.15187239529951727520 XUL[0x5b7105d] <+317>: cmovnsq %rax, %rdx XUL[0x5b71061] <+321>: leaq 0x7(%rcx,%rcx), %rax XUL[0x5b71066] <+326>: movq %rdx, -0x38(%rbp) XUL[0x5b7106a] <+330>: movq %rax, -0x30(%rbp) XUL[0x5b7106e] <+334>: leaq -0x38(%rbp), %rax XUL[0x5b71072] <+338>: movq %rax, -0x28(%rbp) XUL[0x5b71076] <+342>: leaq -0x3b970d(%rip), %rax ; _$LT$$RF$T$u20$as$u20$core..fmt..Display$GT$::fmt::h0031dc61ce6c65fd (.llvm.15187239529951727520) XUL[0x5b7107d] <+349>: movq %rax, -0x20(%rbp) XUL[0x5b71081] <+353>: leaq 0x1b167e0(%rip), %rax ; anon.20480550abd40f7c5a6ab6f2e04b754b.25.llvm.15187239529951727520 XUL[0x5b71088] <+360>: movq %rax, -0x68(%rbp) XUL[0x5b7108c] <+364>: movq $0x2, -0x60(%rbp) XUL[0x5b71094] <+372>: movq $0x0, -0x58(%rbp) XUL[0x5b7109c] <+380>: leaq -0x28(%rbp), %rax XUL[0x5b710a0] <+384>: movq %rax, -0x48(%rbp) XUL[0x5b710a4] <+388>: movq $0x1, -0x40(%rbp) XUL[0x5b710ac] <+396>: leaq 0x1b167d5(%rip), %rsi ; anon.20480550abd40f7c5a6ab6f2e04b754b.29.llvm.15187239529951727520 XUL[0x5b710b3] <+403>: leaq -0x68(%rbp), %rdi XUL[0x5b710b7] <+407>: callq 0x5f168c0 ; std::panicking::begin_panic_fmt::h50d17c3950ddfe2a (.llvm.15187239529951727520) XUL[0x5b710bc] <+412>: callq 0x5f251d0 ; std::process::abort::h1bde3ba12adc17b8 (.llvm.15187239529951727520) XUL[0x5b710c1] <+417>: nopw %cs:(%rax,%rax) XUL[0x5b710cb] <+427>: nopl (%rax,%rax) ``` Note that the right function in that stack is `Servo_SupportsRule_GetRules`, but that function is pretty similar to `Servo_StyleRule_GetStyle`, so I suspect the linker has unified them. However, those functions should not drop any arc. Looking around, it seems that the linker has also unified `Servo_StyleRule_SetStyle` (which _does_ drop the `Arc<>`) too, since that symbol is at the same address. So I suspect that the LTO stuff has messed up, and has unified `Servo_SupportsRule_GetRules`, `Servo_StyleRule_GetStyle`, and `Servo_StyleRule_SetStyle`. I think that explains those crashes. But I'm not sure I can debug further to figure out _why_ thinlto has unified those. Any idea?