Closed Bug 1384625 Opened 2 years ago Closed 2 years ago

stylo: heap write hazards under Servo_GetEmptyVariables

Categories

(Core :: CSS Parsing and Computation, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: rillian, Assigned: heycam)

References

Details

Attachments

(1 file, 1 obsolete file)

Enabling stylo for the linux64 hazard build fails with an extra heap write entry:

[31.81s] #32 Analyzing Gecko_CalcStyleDifference ...
Error: External function
Location: Servo_GetEmptyVariables
Stack Trace:
_ZNK17ServoComputedData17GetStyleVariablesEv$nsStyleVariables* ServoComputedData:
:GetStyleVariables() const @ layout/style/ServoBindings.cpp#240
_ZN14nsStyleContext24ThreadsafeStyleVariablesEv$nsStyleVariables* nsStyleContext:
:ThreadsafeStyleVariables() @ obj-analyzed/dist/include/nsStyleStructList.h#80
_ZN14nsStyleContext19CalcStyleDifferenceEPS_PjS1_j$uint32 nsStyleContext::CalcSty
leDifference(nsStyleContext*, uint32*, uint32*, uint32) @ obj-analyzed/layout/sty le/nsStyleStructList.h#80 ### SafeArguments: aNewStyle aOldStyleBits
Gecko_CalcStyleDifference @ layout/style/ServoBindings.cpp#436 ### SafeArguments:
 <arg3>

Maybe bug 1382964 missed some instances in the debug case? I can work around by disabling stylo for this target, but hopefully there's something simple we can do to remove the hazard.
Thanks, I think it should be safe just to add Servo_GetEmptyVariables to the whitelist.
Comment on attachment 8890650 [details]
Bug 1384625 - Whitelist Servo_GetEmptyVariables from heap write analysis.

https://reviewboard.mozilla.org/r/161810/#review167226

r=me, though we should see which are the remaining callsites of this, and remove them.
Attachment #8890650 - Flags: review?(emilio+bugs) → review+
Yeah, now that you mention it, we probably don't even call this.  (But the analysis doesn't even know.)  Let's try a try run just crashing in ServoComputedValues::GetStyleVariables instead: https://treeherder.mozilla.org/#/jobs?repo=try&revision=379349f95b544d13a1195656ac7204d79d769bea
Flags: needinfo?(cam)
Attachment #8890650 - Attachment is obsolete: true
Comment on attachment 8890768 [details]
Bug 1384625 - Crash in ServoComputedValues::GetStyleVariables, which should never need to be called.

https://reviewboard.mozilla.org/r/161970/#review167266

We should remove the servo side too, but that can land independently.

::: layout/style/ServoBindings.cpp:240
(Diff revision 1)
>  }
>  
>  const nsStyleVariables*
>  ServoComputedData::GetStyleVariables() const
>  {
> -  return Servo_GetEmptyVariables();
> +  MOZ_RELEASE_ASSERT(false, "ServoComputedData::GetStyleVariables should never "

Just `MOZ_CRASH(..)`?
Attachment #8890768 - Flags: review?(emilio+bugs) → review+
Assignee: nobody → cam
Priority: -- → P1
Comment on attachment 8890768 [details]
Bug 1384625 - Crash in ServoComputedValues::GetStyleVariables, which should never need to be called.

https://reviewboard.mozilla.org/r/161970/#review167266

I'll file a PR for that after this lands and assume your r+.

> Just `MOZ_CRASH(..)`?

And return nullptr afterwards?  I guess that's OK.
Pushed by cmccormack@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/847e0a72b276
Crash in ServoComputedValues::GetStyleVariables, which should never need to be called. r=emilio
https://hg.mozilla.org/mozilla-central/rev/847e0a72b276
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.