Closed Bug 976369 Opened 10 years ago Closed 10 years ago

Firefox does not fetch additional segments of dzone web page

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
29 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla30
Tracking Flags:
Tracking Status
firefox27 --- unaffected
firefox28 --- unaffected
firefox29 + fixed
firefox30 + fixed
firefox-esr24 --- unaffected
b2g-v1.4 --- fixed

People

(Reporter: jaclemire, Assigned: till)

References

Details

(Keywords: regression, Whiteboard: [good first verify] [testday-20140523])

Attachments

(3 files)

Screenshot from 2014-02-24 18:58:03.png
12.72 KB, image/png
Details
Shell test case
96.95 KB, application/javascript
Details
Increase Yarr's match limit to unregress dzone website.
1.10 KB, patch
jandem
: review+
Sylvestre
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release)
Build ID: 20140224004003

Steps to reproduce:

Go to http://www.dzone.com/links/queue.html
Scroll down to the bottom to see more posts.



Actual results:

The fetch indicator shows NO additional segments of web page. It is struck at 50.


Expected results:

Additional segments of dzone web page are loaded. Just as they are loaded correctly and quickly with Google/Chrome and Seamonkey.
An error shown in Error Console:

Error: an error occurred while executing regular expression
Source File: http://www.dzone.com/links/combined.js.h-1448902423.pack
Line: 445

Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/441af05d123b
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140110055749
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/9ecbd1ca14e2
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140110062749
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=441af05d123b&tochange=9ecbd1ca14e2

Suspect:
9ecbd1ca14e2	Till Schneidereit — Bug 953013 - throw exceptions for uncorrectly-interpreted regular expressions instead of treating them as non-matching. r=jandem
Blocks: 953013
Status: UNCONFIRMED → NEW
status-firefox27: --- → unaffected
status-firefox28: --- → unaffected
status-firefox29: --- → affected
status-firefox30: --- → affected
status-firefox-esr24: --- → unaffected
tracking-firefox29: --- → ?
tracking-firefox30: --- → ?
Component: Untriaged → JavaScript Engine
Ever confirmed: true
Keywords: regression
OS: Linux → All
Product: Firefox → Core
Flags: needinfo?(till)
I'd be willing to place a bet on this RegExp (found on line 445), which seems to be a (poorly expressed) trim expression :

/^(\s|\u00A0)+|(\s|\u00A0)+$/

We could be reaching the 999999 pattern matches limit Till explained in Bug 953013 comment 5 ...
Attached file Shell test case 
Yup, that's caused by my change. It works in v8, though, and gives correct results in jsc. Whether the latter is by accident or because Yarr's unpatched behavior is actually correct here, I don't know.

Attached is a shell test case, which I'm investigating.
Assignee: nobody → till
Status: NEW → ASSIGNED
Flags: needinfo?(till)
So, the regexp Matthieu identified in comment 2 (thanks!) hits the match limit indeed: for the current input (which is ~99k chars of html source), it creates about 1.8M matches. That's not an ideal implementation of String#trim ...

Anyway, I think we should just bump the match limit and be done with this: the alternatives are to change back to the broken behavior of just returning false when the matching actually failed, or to drastically change Yarr.

Jandem, this simply bumps the limit from 1M to 2.5M. The test still completes in a couple of seconds (on my fairly high-end machine, yes.)
Attachment #8381893 - Flags: review?(jdemooij)
Comment on attachment 8381893 [details] [diff] [review]
Increase Yarr's match limit to unregress dzone website.

Review of attachment 8381893 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.
Attachment #8381893 - Flags: review?(jdemooij) → review+
Follow-up to update the regexp-match-limit.js jit-test, to fix the jit-test failures on TBPL:

https://hg.mozilla.org/integration/mozilla-inbound/rev/5103fc7d8c39
Comment on attachment 8381893 [details] [diff] [review]
Increase Yarr's match limit to unregress dzone website.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 953013
User impact if declined: some websites keep being broken
Testing completed (on m-c, etc.): not yet, about to land on m-c
Risk to taking this patch (and alternatives if risky): extremely low, just increases an execution limit
String or IDL/UUID changes made by this patch: none

Requesting this now because I'm going on vacation tomorrow.
An uplift needs to include the follow-up from comment 7.
Attachment #8381893 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/52577b51029a
https://hg.mozilla.org/mozilla-central/rev/5103fc7d8c39
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox30: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
Attachment #8381893 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Whiteboard: [good first verify]
No issues on 29/30 here.
Status: RESOLVED → VERIFIED
Verified fixed using Windows 7 64 bit and Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0. Verified in latest Nightly as well.
Whiteboard: [good first verify] → [good first verify] [testday-20140523]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: