On Tue, Sep 12, 2017 at 12:46 PM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: > On Tue, Sep 12, 2017 at 12:35 PM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: >> I'm rather unhappy about the prospect of having to examine another >> browser's HTML parser beyond reading the spec in order to achieve >> interop. :-( > > Fortunately, not too complicated: > https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp?sq&l=306
I did some additional testing with https://hsivonen.com/test/moz/deeptree/dom/ . The content process of 64-bit Chrome 61 on Windows 10 crashes when the depth is a bit over 2530. This happens at the same depth with display: block and display: table-cell. Curiously, despite its lower crash threshold for parser-generated trees, Edge can do over 4000 but slows to a crawl. (I didn't have the patience to watch what the exact crash number was, but unattended it did crash eventually.) So even though the HTML parser-enforced depth in Chrome is 513 elements, Chrome's call stack can tolerate much deeper trees even on Windows. This suggests that our frame constructor limit should be larger than 513. In particular, this would help when the parser hits the 513 limit in innerHTML. I suggest we do the following: 1) Change the HTML parser behave more like Blink's: Raise the limit to 513 elements deep and append elements violating the limit to the 512th element on the stack instead of dropping them. (Since the off-the-main-thread parser can't read from the DOM, the previous sentence is defined in terms of the stack and not in terms of looking up a parent as in Blink.) I already have the code for this. 2) Change the frame constructor limit to 1026. Rationale: This is notably larger than 513 by being 513 times two and just within what can be handled in the table-cell worst case on Mac and Linux with the existing run-time stack size limits. 3) Increase the run-time stack size on Windows such that 1026-deep display: table-cell doesn't overflow the stack. Thoughts? -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
