Bug 199524

Summary:

Flaky API Test TestWTF.bmalloc.ScavengedMemoryShouldBeReused

Product:

WebKit

Reporter:

Aakash Jain <aakash_jain>

Component:

Tools / Tests

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aakash_jain, ap, keith_miller, ryanhaddad, saam, webkit-bot-watchers-bugzilla, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
TestWTF_2019-07-05-094659_ews150.crash	none
Patch	none
Patch	none
Patch	saam: review+

Aakash Jain

Reported 2019-07-05 12:06:52 PDT

Created attachment 373521 [details] TestWTF_2019-07-05-094659_ews150.crash TestWTF.bmalloc.ScavengedMemoryShouldBeReused seems flaky. In https://ews-build.webkit.org/#/builders/3/builds/4182, the test passed in run-api-tests step. However, in the immediately next retry step (re-run-api-tests), it Crashed. Crash log attached.

Attachments
TestWTF_2019-07-05-094659_ews150.crash (47.78 KB, text/plain) 2019-07-05 12:06 PDT, Aakash Jain	no flags	Details
Patch (4.94 KB, patch) 2019-07-11 14:38 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (4.59 KB, patch) 2019-07-11 14:39 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (4.63 KB, patch) 2019-07-11 14:41 PDT, Yusuke Suzuki	saam: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Aakash Jain

Comment 1 2019-07-05 12:06:56 PDT

This test seems to be added in http://trac.webkit.org/changeset/245908/webkit

Aakash Jain

Comment 2 2019-07-06 16:33:03 PDT

More instances of flakiness of this test: https://ews-build.webkit.org/#/builders/3/builds/4250 https://ews-build.webkit.org/#/builders/3/builds/4266

Ryan Haddad

Comment 3 2019-07-08 10:11:17 PDT

<rdar://problem/52783816>

Yusuke Suzuki

Comment 4 2019-07-11 02:48:01 PDT

This test has strong assumption on how we allocate pages in IsoHeap. But this assumption is broken because we have IsoHeap sharing tier. I think this crash is due to passing a garbage pointer to IsoHeap deallocator. I'll fix the test to make it work.

Yusuke Suzuki

Comment 5 2019-07-11 13:56:24 PDT

(In reply to Yusuke Suzuki from comment #4) > This test has strong assumption on how we allocate pages in IsoHeap. But > this assumption is broken because we have IsoHeap sharing tier. > I think this crash is due to passing a garbage pointer to IsoHeap > deallocator. > I'll fix the test to make it work. Yeah, my guess was correct. ptrs.size() is 2021. And IsoPage<decltype(heap)::Config>::numObjects - 1 is 2047. So we are accessing OoB of std::vector, getting a garbage, and passing it to IsoHeap::deallocate, and crashing. I'll fix the test.

Yusuke Suzuki

Comment 6 2019-07-11 14:38:43 PDT

Created attachment 373955 [details] Patch

Yusuke Suzuki

Comment 7 2019-07-11 14:39:27 PDT

Created attachment 373957 [details] Patch

Yusuke Suzuki

Comment 8 2019-07-11 14:41:21 PDT

Created attachment 373958 [details] Patch

Yusuke Suzuki

Comment 9 2019-07-11 14:56:37 PDT

Committed r247368: <https://trac.webkit.org/changeset/247368>

Note You need to log in before you can comment on or make changes to this bug.