WebKit Bugzilla
Attachment 362507 Details for
Bug 194856
: REGRESSION(r241789): GuardMalloc crashes (Requested by yusukesuzuki on #webkit).
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
ROLLOUT of r241789
bug-194856-20190220100257.patch (text/plain), 10.99 KB, created by
WebKit Commit Bot
on 2019-02-20 10:02:57 PST
(
hide
)
Description:
ROLLOUT of r241789
Filename:
MIME Type:
Creator:
WebKit Commit Bot
Created:
2019-02-20 10:02:57 PST
Size:
10.99 KB
patch
obsolete
>Subversion Revision: 241817 >diff --git a/Source/bmalloc/ChangeLog b/Source/bmalloc/ChangeLog >index ff9a88a69ec5cdcbb051425bb4081414e525f699..b0bfd65097003085e7ab59ef47056c9dfa016697 100644 >--- a/Source/bmalloc/ChangeLog >+++ b/Source/bmalloc/ChangeLog >@@ -1,3 +1,17 @@ >+2019-02-20 Commit Queue <commit-queue@webkit.org> >+ >+ Unreviewed, rolling out r241789. >+ https://bugs.webkit.org/show_bug.cgi?id=194856 >+ >+ GuardMalloc crashes (Requested by yusukesuzuki on #webkit). >+ >+ Reverted changeset: >+ >+ "[bmalloc] bmalloc::Cache should not be instantiated if we are >+ using system malloc" >+ https://bugs.webkit.org/show_bug.cgi?id=194811 >+ https://trac.webkit.org/changeset/241789 >+ > 2019-02-19 Yusuke Suzuki <ysuzuki@apple.com> > > [bmalloc] bmalloc::Cache should not be instantiated if we are using system malloc >diff --git a/Source/bmalloc/bmalloc/Allocator.cpp b/Source/bmalloc/bmalloc/Allocator.cpp >index cfd01fe3ed6fda8f443172394f448195f23169ba..4fbdb0964ab98ac6bce3c206181c9e7a31477a96 100644 >--- a/Source/bmalloc/bmalloc/Allocator.cpp >+++ b/Source/bmalloc/bmalloc/Allocator.cpp >@@ -27,7 +27,7 @@ > #include "BAssert.h" > #include "Chunk.h" > #include "Deallocator.h" >-#include "Environment.h" >+#include "DebugHeap.h" > #include "Heap.h" > #include "PerProcess.h" > #include "Sizes.h" >@@ -38,9 +38,9 @@ namespace bmalloc { > > Allocator::Allocator(Heap& heap, Deallocator& deallocator) > : m_heap(heap) >+ , m_debugHeap(heap.debugHeap()) > , m_deallocator(deallocator) > { >- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled()); > for (size_t sizeClass = 0; sizeClass < sizeClassCount; ++sizeClass) > m_bumpAllocators[sizeClass].init(objectSize(sizeClass)); > } >@@ -52,6 +52,9 @@ Allocator::~Allocator() > > void* Allocator::tryAllocate(size_t size) > { >+ if (m_debugHeap) >+ return m_debugHeap->malloc(size); >+ > if (size <= smallMax) > return allocate(size); > >@@ -75,6 +78,9 @@ void* Allocator::allocateImpl(size_t alignment, size_t size, bool crashOnFailure > { > BASSERT(isPowerOfTwo(alignment)); > >+ if (m_debugHeap) >+ return m_debugHeap->memalign(alignment, size, crashOnFailure); >+ > if (!size) > size = alignment; > >@@ -101,6 +107,9 @@ void* Allocator::tryReallocate(void* object, size_t newSize) > > void* Allocator::reallocateImpl(void* object, size_t newSize, bool crashOnFailure) > { >+ if (m_debugHeap) >+ return m_debugHeap->realloc(object, newSize, crashOnFailure); >+ > size_t oldSize = 0; > switch (objectType(m_heap.kind(), object)) { > case ObjectType::Small: { >@@ -191,6 +200,9 @@ BNO_INLINE void* Allocator::allocateLogSizeClass(size_t size) > > void* Allocator::allocateSlowCase(size_t size) > { >+ if (m_debugHeap) >+ return m_debugHeap->malloc(size); >+ > if (size <= maskSizeClassMax) { > size_t sizeClass = bmalloc::maskSizeClass(size); > BumpAllocator& allocator = m_bumpAllocators[sizeClass]; >diff --git a/Source/bmalloc/bmalloc/Allocator.h b/Source/bmalloc/bmalloc/Allocator.h >index 933aae6ed8ea0d8a742eebdba4ce9f21cc53e782..7c894de9b5c23c324155dc4ca7635c80af5c5d8d 100644 >--- a/Source/bmalloc/bmalloc/Allocator.h >+++ b/Source/bmalloc/bmalloc/Allocator.h >@@ -33,6 +33,7 @@ > namespace bmalloc { > > class Deallocator; >+class DebugHeap; > class Heap; > > // Per-cache object allocator. >@@ -68,6 +69,7 @@ private: > std::array<BumpRangeCache, sizeClassCount> m_bumpRangeCaches; > > Heap& m_heap; >+ DebugHeap* m_debugHeap; > Deallocator& m_deallocator; > }; > >diff --git a/Source/bmalloc/bmalloc/Cache.cpp b/Source/bmalloc/bmalloc/Cache.cpp >index 29ad1309866f12d809f6f121d9f6511ed735362a..c97b9095fb673b7f742471f681869cfc4c1a9353 100644 >--- a/Source/bmalloc/bmalloc/Cache.cpp >+++ b/Source/bmalloc/bmalloc/Cache.cpp >@@ -25,15 +25,11 @@ > > #include "BInline.h" > #include "Cache.h" >-#include "DebugHeap.h" >-#include "Environment.h" > #include "Heap.h" > #include "PerProcess.h" > > namespace bmalloc { > >-static DebugHeap* debugHeapCache { nullptr }; >- > void Cache::scavenge(HeapKind heapKind) > { > PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase(); >@@ -46,82 +42,34 @@ void Cache::scavenge(HeapKind heapKind) > caches->at(heapKind).deallocator().scavenge(); > } > >-static BINLINE DebugHeap* debugHeap() >-{ >- if (debugHeapCache) >- return debugHeapCache; >- if (PerProcess<Environment>::get()->isDebugHeapEnabled()) { >- debugHeapCache = PerProcess<DebugHeap>::get(); >- return debugHeapCache; >- } >- return nullptr; >-} >- > Cache::Cache(HeapKind heapKind) > : m_deallocator(PerProcess<PerHeapKind<Heap>>::get()->at(heapKind)) > , m_allocator(PerProcess<PerHeapKind<Heap>>::get()->at(heapKind), m_deallocator) > { >- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled()); > } > > BNO_INLINE void* Cache::tryAllocateSlowCaseNullCache(HeapKind heapKind, size_t size) > { >- // FIXME: DebugHeap does not have tryAllocate feature. >- // https://bugs.webkit.org/show_bug.cgi?id=194837 >- if (auto* heap = debugHeap()) >- return heap->malloc(size); > return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryAllocate(size); > } > > BNO_INLINE void* Cache::allocateSlowCaseNullCache(HeapKind heapKind, size_t size) > { >- if (auto* heap = debugHeap()) >- return heap->malloc(size); > return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().allocate(size); > } > >-BNO_INLINE void* Cache::tryAllocateSlowCaseNullCache(HeapKind heapKind, size_t alignment, size_t size) >-{ >- if (auto* heap = debugHeap()) { >- constexpr bool crashOnFailure = false; >- return heap->memalign(alignment, size, crashOnFailure); >- } >- return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryAllocate(alignment, size); >-} >- > BNO_INLINE void* Cache::allocateSlowCaseNullCache(HeapKind heapKind, size_t alignment, size_t size) > { >- if (auto* heap = debugHeap()) { >- constexpr bool crashOnFailure = true; >- return heap->memalign(alignment, size, crashOnFailure); >- } > return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().allocate(alignment, size); > } > > BNO_INLINE void Cache::deallocateSlowCaseNullCache(HeapKind heapKind, void* object) > { >- if (auto* heap = debugHeap()) { >- heap->free(object); >- return; >- } > PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).deallocator().deallocate(object); > } > >-BNO_INLINE void* Cache::tryReallocateSlowCaseNullCache(HeapKind heapKind, void* object, size_t newSize) >-{ >- if (auto* heap = debugHeap()) { >- constexpr bool crashOnFailure = false; >- return heap->realloc(object, newSize, crashOnFailure); >- } >- return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryReallocate(object, newSize); >-} >- > BNO_INLINE void* Cache::reallocateSlowCaseNullCache(HeapKind heapKind, void* object, size_t newSize) > { >- if (auto* heap = debugHeap()) { >- constexpr bool crashOnFailure = true; >- return heap->realloc(object, newSize, crashOnFailure); >- } > return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().reallocate(object, newSize); > } > >diff --git a/Source/bmalloc/bmalloc/Cache.h b/Source/bmalloc/bmalloc/Cache.h >index 9f525a7fcf4ea9d806531e13ab0e55ce7682962e..fde7e09ed0395d8b701994fb898db8c0aa02c6a6 100644 >--- a/Source/bmalloc/bmalloc/Cache.h >+++ b/Source/bmalloc/bmalloc/Cache.h >@@ -56,10 +56,8 @@ public: > private: > BEXPORT static void* tryAllocateSlowCaseNullCache(HeapKind, size_t); > BEXPORT static void* allocateSlowCaseNullCache(HeapKind, size_t); >- BEXPORT static void* tryAllocateSlowCaseNullCache(HeapKind, size_t alignment, size_t); > BEXPORT static void* allocateSlowCaseNullCache(HeapKind, size_t alignment, size_t); > BEXPORT static void deallocateSlowCaseNullCache(HeapKind, void*); >- BEXPORT static void* tryReallocateSlowCaseNullCache(HeapKind, void*, size_t); > BEXPORT static void* reallocateSlowCaseNullCache(HeapKind, void*, size_t); > > Deallocator m_deallocator; >@@ -86,7 +84,7 @@ inline void* Cache::tryAllocate(HeapKind heapKind, size_t alignment, size_t size > { > PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase(); > if (!caches) >- return tryAllocateSlowCaseNullCache(heapKind, alignment, size); >+ return allocateSlowCaseNullCache(heapKind, alignment, size); > return caches->at(mapToActiveHeapKindAfterEnsuringGigacage(heapKind)).allocator().tryAllocate(alignment, size); > } > >@@ -110,7 +108,7 @@ inline void* Cache::tryReallocate(HeapKind heapKind, void* object, size_t newSiz > { > PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase(); > if (!caches) >- return tryReallocateSlowCaseNullCache(heapKind, object, newSize); >+ return reallocateSlowCaseNullCache(heapKind, object, newSize); > return caches->at(mapToActiveHeapKindAfterEnsuringGigacage(heapKind)).allocator().tryReallocate(object, newSize); > } > >diff --git a/Source/bmalloc/bmalloc/Deallocator.cpp b/Source/bmalloc/bmalloc/Deallocator.cpp >index 58ce3a6a910f0530ec0d11ae8ee37ab79351303e..556f3279d52a243ff0db2b34f55a3c0eaf92d303 100644 >--- a/Source/bmalloc/bmalloc/Deallocator.cpp >+++ b/Source/bmalloc/bmalloc/Deallocator.cpp >@@ -27,7 +27,7 @@ > #include "BInline.h" > #include "Chunk.h" > #include "Deallocator.h" >-#include "Environment.h" >+#include "DebugHeap.h" > #include "Heap.h" > #include "Object.h" > #include "PerProcess.h" >@@ -39,8 +39,13 @@ namespace bmalloc { > > Deallocator::Deallocator(Heap& heap) > : m_heap(heap) >+ , m_debugHeap(heap.debugHeap()) > { >- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled()); >+ if (m_debugHeap) { >+ // Fill the object log in order to disable the fast path. >+ while (m_objectLog.size() != m_objectLog.capacity()) >+ m_objectLog.push(nullptr); >+ } > } > > Deallocator::~Deallocator() >@@ -50,6 +55,9 @@ Deallocator::~Deallocator() > > void Deallocator::scavenge() > { >+ if (m_debugHeap) >+ return; >+ > std::unique_lock<Mutex> lock(Heap::mutex()); > > processObjectLog(lock); >@@ -65,6 +73,9 @@ void Deallocator::processObjectLog(std::unique_lock<Mutex>& lock) > > void Deallocator::deallocateSlowCase(void* object) > { >+ if (m_debugHeap) >+ return m_debugHeap->free(object); >+ > if (!object) > return; > >diff --git a/Source/bmalloc/bmalloc/Deallocator.h b/Source/bmalloc/bmalloc/Deallocator.h >index 1342c4cafdc0f14552641ca23a14d53588056522..325d1df524ea28a43cc5f44f09c6d014149bc208 100644 >--- a/Source/bmalloc/bmalloc/Deallocator.h >+++ b/Source/bmalloc/bmalloc/Deallocator.h >@@ -33,6 +33,7 @@ > > namespace bmalloc { > >+class DebugHeap; > class Heap; > class Mutex; > >@@ -57,6 +58,7 @@ private: > Heap& m_heap; > FixedVector<void*, deallocatorLogCapacity> m_objectLog; > LineCache m_lineCache; // The Heap removes items from this cache. >+ DebugHeap* m_debugHeap; > }; > > inline bool Deallocator::deallocateFastCase(void* object)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362507">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194856
: 362507