Diff
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/ChangeLog (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/ChangeLog 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/ChangeLog 2019-03-05 08:43:03 UTC (rev 242415)
@@ -1,3 +1,17 @@
+2019-02-20 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, rolling out r241789.
+ https://bugs.webkit.org/show_bug.cgi?id=194856
+
+ GuardMalloc crashes (Requested by yusukesuzuki on #webkit).
+
+ Reverted changeset:
+
+ "[bmalloc] bmalloc::Cache should not be instantiated if we are
+ using system malloc"
+ https://bugs.webkit.org/show_bug.cgi?id=194811
+ https://trac.webkit.org/changeset/241789
+
2019-02-19 Yusuke Suzuki <ysuz...@apple.com>
[bmalloc] bmalloc::Cache should not be instantiated if we are using system malloc
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.cpp (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.cpp 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.cpp 2019-03-05 08:43:03 UTC (rev 242415)
@@ -27,7 +27,7 @@
#include "BAssert.h"
#include "Chunk.h"
#include "Deallocator.h"
-#include "Environment.h"
+#include "DebugHeap.h"
#include "Heap.h"
#include "PerProcess.h"
#include "Sizes.h"
@@ -38,9 +38,9 @@
Allocator::Allocator(Heap& heap, Deallocator& deallocator)
: m_heap(heap)
+ , m_debugHeap(heap.debugHeap())
, m_deallocator(deallocator)
{
- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled());
for (size_t sizeClass = 0; sizeClass < sizeClassCount; ++sizeClass)
m_bumpAllocators[sizeClass].init(objectSize(sizeClass));
}
@@ -52,6 +52,9 @@
void* Allocator::tryAllocate(size_t size)
{
+ if (m_debugHeap)
+ return m_debugHeap->malloc(size);
+
if (size <= smallMax)
return allocate(size);
@@ -75,6 +78,9 @@
{
BASSERT(isPowerOfTwo(alignment));
+ if (m_debugHeap)
+ return m_debugHeap->memalign(alignment, size, crashOnFailure);
+
if (!size)
size = alignment;
@@ -101,6 +107,9 @@
void* Allocator::reallocateImpl(void* object, size_t newSize, bool crashOnFailure)
{
+ if (m_debugHeap)
+ return m_debugHeap->realloc(object, newSize, crashOnFailure);
+
size_t oldSize = 0;
switch (objectType(m_heap.kind(), object)) {
case ObjectType::Small: {
@@ -191,6 +200,9 @@
void* Allocator::allocateSlowCase(size_t size)
{
+ if (m_debugHeap)
+ return m_debugHeap->malloc(size);
+
if (size <= maskSizeClassMax) {
size_t sizeClass = bmalloc::maskSizeClass(size);
BumpAllocator& allocator = m_bumpAllocators[sizeClass];
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.h (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.h 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Allocator.h 2019-03-05 08:43:03 UTC (rev 242415)
@@ -33,6 +33,7 @@
namespace bmalloc {
class Deallocator;
+class DebugHeap;
class Heap;
// Per-cache object allocator.
@@ -68,6 +69,7 @@
std::array<BumpRangeCache, sizeClassCount> m_bumpRangeCaches;
Heap& m_heap;
+ DebugHeap* m_debugHeap;
Deallocator& m_deallocator;
};
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.cpp (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.cpp 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.cpp 2019-03-05 08:43:03 UTC (rev 242415)
@@ -25,15 +25,11 @@
#include "BInline.h"
#include "Cache.h"
-#include "DebugHeap.h"
-#include "Environment.h"
#include "Heap.h"
#include "PerProcess.h"
namespace bmalloc {
-static DebugHeap* debugHeapCache { nullptr };
-
void Cache::scavenge(HeapKind heapKind)
{
PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase();
@@ -46,82 +42,34 @@
caches->at(heapKind).deallocator().scavenge();
}
-static BINLINE DebugHeap* debugHeap()
-{
- if (debugHeapCache)
- return debugHeapCache;
- if (PerProcess<Environment>::get()->isDebugHeapEnabled()) {
- debugHeapCache = PerProcess<DebugHeap>::get();
- return debugHeapCache;
- }
- return nullptr;
-}
-
Cache::Cache(HeapKind heapKind)
: m_deallocator(PerProcess<PerHeapKind<Heap>>::get()->at(heapKind))
, m_allocator(PerProcess<PerHeapKind<Heap>>::get()->at(heapKind), m_deallocator)
{
- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled());
}
BNO_INLINE void* Cache::tryAllocateSlowCaseNullCache(HeapKind heapKind, size_t size)
{
- // FIXME: DebugHeap does not have tryAllocate feature.
- // https://bugs.webkit.org/show_bug.cgi?id=194837
- if (auto* heap = debugHeap())
- return heap->malloc(size);
return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryAllocate(size);
}
BNO_INLINE void* Cache::allocateSlowCaseNullCache(HeapKind heapKind, size_t size)
{
- if (auto* heap = debugHeap())
- return heap->malloc(size);
return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().allocate(size);
}
-BNO_INLINE void* Cache::tryAllocateSlowCaseNullCache(HeapKind heapKind, size_t alignment, size_t size)
-{
- if (auto* heap = debugHeap()) {
- constexpr bool crashOnFailure = false;
- return heap->memalign(alignment, size, crashOnFailure);
- }
- return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryAllocate(alignment, size);
-}
-
BNO_INLINE void* Cache::allocateSlowCaseNullCache(HeapKind heapKind, size_t alignment, size_t size)
{
- if (auto* heap = debugHeap()) {
- constexpr bool crashOnFailure = true;
- return heap->memalign(alignment, size, crashOnFailure);
- }
return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().allocate(alignment, size);
}
BNO_INLINE void Cache::deallocateSlowCaseNullCache(HeapKind heapKind, void* object)
{
- if (auto* heap = debugHeap()) {
- heap->free(object);
- return;
- }
PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).deallocator().deallocate(object);
}
-BNO_INLINE void* Cache::tryReallocateSlowCaseNullCache(HeapKind heapKind, void* object, size_t newSize)
-{
- if (auto* heap = debugHeap()) {
- constexpr bool crashOnFailure = false;
- return heap->realloc(object, newSize, crashOnFailure);
- }
- return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().tryReallocate(object, newSize);
-}
-
BNO_INLINE void* Cache::reallocateSlowCaseNullCache(HeapKind heapKind, void* object, size_t newSize)
{
- if (auto* heap = debugHeap()) {
- constexpr bool crashOnFailure = true;
- return heap->realloc(object, newSize, crashOnFailure);
- }
return PerThread<PerHeapKind<Cache>>::getSlowCase()->at(mapToActiveHeapKind(heapKind)).allocator().reallocate(object, newSize);
}
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.h (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.h 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Cache.h 2019-03-05 08:43:03 UTC (rev 242415)
@@ -56,10 +56,8 @@
private:
BEXPORT static void* tryAllocateSlowCaseNullCache(HeapKind, size_t);
BEXPORT static void* allocateSlowCaseNullCache(HeapKind, size_t);
- BEXPORT static void* tryAllocateSlowCaseNullCache(HeapKind, size_t alignment, size_t);
BEXPORT static void* allocateSlowCaseNullCache(HeapKind, size_t alignment, size_t);
BEXPORT static void deallocateSlowCaseNullCache(HeapKind, void*);
- BEXPORT static void* tryReallocateSlowCaseNullCache(HeapKind, void*, size_t);
BEXPORT static void* reallocateSlowCaseNullCache(HeapKind, void*, size_t);
Deallocator m_deallocator;
@@ -86,7 +84,7 @@
{
PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase();
if (!caches)
- return tryAllocateSlowCaseNullCache(heapKind, alignment, size);
+ return allocateSlowCaseNullCache(heapKind, alignment, size);
return caches->at(mapToActiveHeapKindAfterEnsuringGigacage(heapKind)).allocator().tryAllocate(alignment, size);
}
@@ -110,7 +108,7 @@
{
PerHeapKind<Cache>* caches = PerThread<PerHeapKind<Cache>>::getFastCase();
if (!caches)
- return tryReallocateSlowCaseNullCache(heapKind, object, newSize);
+ return reallocateSlowCaseNullCache(heapKind, object, newSize);
return caches->at(mapToActiveHeapKindAfterEnsuringGigacage(heapKind)).allocator().tryReallocate(object, newSize);
}
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.cpp (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.cpp 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.cpp 2019-03-05 08:43:03 UTC (rev 242415)
@@ -27,7 +27,7 @@
#include "BInline.h"
#include "Chunk.h"
#include "Deallocator.h"
-#include "Environment.h"
+#include "DebugHeap.h"
#include "Heap.h"
#include "Object.h"
#include "PerProcess.h"
@@ -39,8 +39,13 @@
Deallocator::Deallocator(Heap& heap)
: m_heap(heap)
+ , m_debugHeap(heap.debugHeap())
{
- BASSERT(!PerProcess<Environment>::get()->isDebugHeapEnabled());
+ if (m_debugHeap) {
+ // Fill the object log in order to disable the fast path.
+ while (m_objectLog.size() != m_objectLog.capacity())
+ m_objectLog.push(nullptr);
+ }
}
Deallocator::~Deallocator()
@@ -50,6 +55,9 @@
void Deallocator::scavenge()
{
+ if (m_debugHeap)
+ return;
+
std::unique_lock<Mutex> lock(Heap::mutex());
processObjectLog(lock);
@@ -65,6 +73,9 @@
void Deallocator::deallocateSlowCase(void* object)
{
+ if (m_debugHeap)
+ return m_debugHeap->free(object);
+
if (!object)
return;
Modified: releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.h (242414 => 242415)
--- releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.h 2019-03-05 08:42:59 UTC (rev 242414)
+++ releases/WebKitGTK/webkit-2.24/Source/bmalloc/bmalloc/Deallocator.h 2019-03-05 08:43:03 UTC (rev 242415)
@@ -33,6 +33,7 @@
namespace bmalloc {
+class DebugHeap;
class Heap;
class Mutex;
@@ -57,6 +58,7 @@
Heap& m_heap;
FixedVector<void*, deallocatorLogCapacity> m_objectLog;
LineCache m_lineCache; // The Heap removes items from this cache.
+ DebugHeap* m_debugHeap;
};
inline bool Deallocator::deallocateFastCase(void* object)
