Diff
Modified: releases/WebKitGTK/webkit-2.8/Source/WTF/ChangeLog (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/WTF/ChangeLog 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/WTF/ChangeLog 2015-03-11 10:06:49 UTC (rev 181377)
@@ -1,3 +1,54 @@
+2015-03-10 Geoffrey Garen <gga...@apple.com>
+
+ bmalloc: tryFastMalloc shouldn't crash
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+
+ Reviewed by Sam Weinig.
+
+ Rolling back in r181307 with a check for whether bmalloc is enabled, to
+ avoid crashes when running with ASan and GuardMalloc.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastRealloc):
+ (WTF::fastAlignedMalloc):
+ (WTF::tryFastMalloc):
+ (WTF::tryFastRealloc): Deleted.
+ * wtf/FastMalloc.h:
+
+2015-03-09 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, rolling out r181307.
+ https://bugs.webkit.org/show_bug.cgi?id=142525
+
+ Broke ASan tests (Requested by ap on #webkit).
+
+ Reverted changeset:
+
+ "bmalloc: tryFastMalloc shouldn't crash"
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+ http://trac.webkit.org/changeset/181307
+
+2015-03-09 Geoffrey Garen <gga...@apple.com>
+
+ bmalloc: tryFastMalloc shouldn't crash
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+
+ Reviewed by Darin Adler.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastRealloc):
+ (WTF::fastAlignedMalloc): Don't check for null. bmalloc automatically
+ crashes on allocation failure, and we'd rather not pay for an extra check.
+
+ (WTF::tryFastMalloc): Added an opt-out API to return null rather than
+ crashing, since some clients need this.
+
+ (WTF::tryFastRealloc): Deleted. Unused.
+
+ * wtf/FastMalloc.h:
+
2015-02-27 Darin Adler <da...@apple.com>
Remove unused PossiblyNull
Modified: releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.cpp (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.cpp 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.cpp 2015-03-11 10:06:49 UTC (rev 181377)
@@ -222,11 +222,6 @@
free(p);
}
-TryMallocReturnValue tryFastRealloc(void* p, size_t n)
-{
- return realloc(p, n);
-}
-
void* fastRealloc(void* p, size_t n)
{
void* result = realloc(p, n);
@@ -272,10 +267,7 @@
void* fastMalloc(size_t size)
{
- void* result = bmalloc::api::malloc(size);
- if (!result)
- CRASH();
- return result;
+ return bmalloc::api::malloc(size);
}
void* fastCalloc(size_t numElements, size_t elementSize)
@@ -290,10 +282,7 @@
void* fastRealloc(void* object, size_t size)
{
- void* result = bmalloc::api::realloc(object, size);
- if (!result)
- CRASH();
- return result;
+ return bmalloc::api::realloc(object, size);
}
void fastFree(void* object)
@@ -317,10 +306,7 @@
void* fastAlignedMalloc(size_t alignment, size_t size)
{
- void* result = bmalloc::api::memalign(alignment, size);
- if (!result)
- CRASH();
- return result;
+ return bmalloc::api::memalign(alignment, size);
}
void fastAlignedFree(void* p)
@@ -330,14 +316,9 @@
TryMallocReturnValue tryFastMalloc(size_t size)
{
- return bmalloc::api::malloc(size);
+ return bmalloc::api::tryMalloc(size);
}
-TryMallocReturnValue tryFastRealloc(void* object, size_t size)
-{
- return bmalloc::api::realloc(object, size);
-}
-
TryMallocReturnValue tryFastCalloc(size_t numElements, size_t elementSize)
{
Checked<size_t, RecordOverflow> checkedSize = elementSize;
Modified: releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/WTF/wtf/FastMalloc.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -48,7 +48,6 @@
WTF_EXPORT_PRIVATE TryMallocReturnValue tryFastMalloc(size_t);
TryMallocReturnValue tryFastZeroedMalloc(size_t);
WTF_EXPORT_PRIVATE TryMallocReturnValue tryFastCalloc(size_t numElements, size_t elementSize);
-WTF_EXPORT_PRIVATE TryMallocReturnValue tryFastRealloc(void*, size_t);
WTF_EXPORT_PRIVATE void fastFree(void*);
@@ -108,7 +107,6 @@
using WTF::fastZeroedMalloc;
using WTF::tryFastCalloc;
using WTF::tryFastMalloc;
-using WTF::tryFastRealloc;
using WTF::tryFastZeroedMalloc;
using WTF::fastAlignedMalloc;
using WTF::fastAlignedFree;
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog 2015-03-11 10:06:49 UTC (rev 181377)
@@ -1,3 +1,76 @@
+2015-03-10 Geoffrey Garen <gga...@apple.com>
+
+ bmalloc: tryFastMalloc shouldn't crash
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+
+ Reviewed by Sam Weinig.
+
+ Rolling back in r181307 with a check for whether bmalloc is enabled, to
+ avoid crashes when running with ASan and GuardMalloc.
+
+ * bmalloc/Allocator.cpp:
+ (bmalloc::Allocator::tryAllocate):
+ * bmalloc/Allocator.h:
+ * bmalloc/Cache.cpp:
+ (bmalloc::Cache::tryAllocateSlowCaseNullCache):
+ * bmalloc/Cache.h:
+ (bmalloc::Cache::tryAllocate):
+ * bmalloc/Heap.cpp:
+ (bmalloc::Heap::allocateXLarge):
+ (bmalloc::Heap::tryAllocateXLarge):
+ * bmalloc/Heap.h:
+ * bmalloc/VMAllocate.h:
+ (bmalloc::tryVMAllocate):
+ (bmalloc::vmAllocate):
+ * bmalloc/bmalloc.h:
+ (bmalloc::api::tryMalloc):
+ (bmalloc::api::realloc):
+ (bmalloc::api::free):
+
+2015-03-09 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, rolling out r181307.
+ https://bugs.webkit.org/show_bug.cgi?id=142525
+
+ Broke ASan tests (Requested by ap on #webkit).
+
+ Reverted changeset:
+
+ "bmalloc: tryFastMalloc shouldn't crash"
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+ http://trac.webkit.org/changeset/181307
+
+2015-03-09 Geoffrey Garen <gga...@apple.com>
+
+ bmalloc: tryFastMalloc shouldn't crash
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+
+ Reviewed by Darin Adler.
+
+ Added support for tryMalloc.
+
+ We assume that non-x-large allocations always succeed, and we crash
+ otherwise, since normal allocation failure will just cause the next
+ non-try allocation or internal metadata allocation to fail, and it's
+ hard and not really useful to keep limping along after that. But
+ extra-large allocations can meaningfully fail, and we can recover.
+
+ * bmalloc/Heap.cpp:
+ (bmalloc::Heap::allocateXLarge):
+ (bmalloc::Heap::tryAllocateXLarge):
+ * bmalloc/Heap.h: Added support for non-crashy x-large allocation.
+
+ * bmalloc/VMAllocate.h:
+ (bmalloc::tryVMAllocate):
+ (bmalloc::vmAllocate): Added support for non-crashy VM allocation.
+
+ * bmalloc/bmalloc.h:
+ (bmalloc::api::tryMalloc):
+ (bmalloc::api::realloc):
+ (bmalloc::api::free): Tried to clarify our behavior with some comments.
+ Unfortunately, calling what we do "malloc" is still not quite right, since
+ malloc returns null on failure and we don't.
+
2015-03-03 Geoffrey Garen <gga...@apple.com>
bmalloc: Don't branch when setting the owner of a large object
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.cpp (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.cpp 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.cpp 2015-03-11 10:06:49 UTC (rev 181377)
@@ -51,6 +51,18 @@
scavenge();
}
+void* Allocator::tryAllocate(size_t size)
+{
+ if (!m_isBmallocEnabled)
+ return malloc(size);
+
+ if (size <= largeMax)
+ return allocate(size);
+
+ std::lock_guard<StaticMutex> lock(PerProcess<Heap>::mutex());
+ return PerProcess<Heap>::get()->tryAllocateXLarge(lock, superChunkSize, roundUpToMultipleOf<xLargeAlignment>(size));
+}
+
void* Allocator::allocate(size_t alignment, size_t size)
{
BASSERT(isPowerOfTwo(alignment));
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Allocator.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -41,6 +41,7 @@
Allocator(Heap*, Deallocator&);
~Allocator();
+ void* tryAllocate(size_t);
void* allocate(size_t);
void* allocate(size_t alignment, size_t);
void* reallocate(void*, size_t);
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.cpp (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.cpp 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.cpp 2015-03-11 10:06:49 UTC (rev 181377)
@@ -56,6 +56,11 @@
{
}
+NO_INLINE void* Cache::tryAllocateSlowCaseNullCache(size_t size)
+{
+ return PerThread<Cache>::getSlowCase()->allocator().tryAllocate(size);
+}
+
NO_INLINE void* Cache::allocateSlowCaseNullCache(size_t size)
{
return PerThread<Cache>::getSlowCase()->allocator().allocate(size);
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Cache.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -39,10 +39,12 @@
void* operator new(size_t);
void operator delete(void*, size_t);
+ static void* tryAllocate(size_t);
static void* allocate(size_t);
static void* allocate(size_t alignment, size_t);
static void deallocate(void*);
static void* reallocate(void*, size_t);
+
static void scavenge();
Cache();
@@ -51,6 +53,7 @@
Deallocator& deallocator() { return m_deallocator; }
private:
+ static void* tryAllocateSlowCaseNullCache(size_t);
static void* allocateSlowCaseNullCache(size_t);
static void* allocateSlowCaseNullCache(size_t alignment, size_t);
static void deallocateSlowCaseNullCache(void*);
@@ -60,6 +63,14 @@
Allocator m_allocator;
};
+inline void* Cache::tryAllocate(size_t size)
+{
+ Cache* cache = PerThread<Cache>::getFastCase();
+ if (!cache)
+ return tryAllocateSlowCaseNullCache(size);
+ return cache->allocator().tryAllocate(size);
+}
+
inline void* Cache::allocate(size_t size)
{
Cache* cache = PerThread<Cache>::getFastCase();
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp 2015-03-11 10:06:49 UTC (rev 181377)
@@ -281,14 +281,10 @@
}
}
-void* Heap::allocateXLarge(std::lock_guard<StaticMutex>&, size_t alignment, size_t size)
+void* Heap::allocateXLarge(std::lock_guard<StaticMutex>& lock, size_t alignment, size_t size)
{
- BASSERT(isPowerOfTwo(alignment));
- BASSERT(alignment >= xLargeAlignment);
- BASSERT(size == roundUpToMultipleOf<xLargeAlignment>(size));
-
- void* result = vmAllocate(alignment, size);
- m_xLargeObjects.push(Range(result, size));
+ void* result = tryAllocateXLarge(lock, alignment, size);
+ RELEASE_BASSERT(result);
return result;
}
@@ -297,6 +293,19 @@
return allocateXLarge(lock, superChunkSize, size);
}
+void* Heap::tryAllocateXLarge(std::lock_guard<StaticMutex>&, size_t alignment, size_t size)
+{
+ BASSERT(isPowerOfTwo(alignment));
+ BASSERT(alignment >= superChunkSize);
+ BASSERT(size == roundUpToMultipleOf<xLargeAlignment>(size));
+
+ void* result = tryVMAllocate(alignment, size);
+ if (!result)
+ return nullptr;
+ m_xLargeObjects.push(Range(result, size));
+ return result;
+}
+
Range Heap::findXLarge(std::lock_guard<StaticMutex>&, void* object)
{
for (auto& range : m_xLargeObjects) {
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -65,6 +65,7 @@
void* allocateXLarge(std::lock_guard<StaticMutex>&, size_t);
void* allocateXLarge(std::lock_guard<StaticMutex>&, size_t alignment, size_t);
+ void* tryAllocateXLarge(std::lock_guard<StaticMutex>&, size_t alignment, size_t);
Range findXLarge(std::lock_guard<StaticMutex>&, void*);
void deallocateXLarge(std::unique_lock<StaticMutex>&, void*);
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -73,14 +73,22 @@
BASSERT(p == mask(p, ~(getpagesize() - 1)));
}
-inline void* vmAllocate(size_t vmSize)
+inline void* tryVMAllocate(size_t vmSize)
{
vmValidate(vmSize);
void* result = mmap(0, vmSize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, BMALLOC_VM_TAG, 0);
- RELEASE_BASSERT(result != MAP_FAILED);
+ if (result == MAP_FAILED)
+ return nullptr;
return result;
}
+inline void* vmAllocate(size_t vmSize)
+{
+ void* result = tryVMAllocate(vmSize);
+ RELEASE_BASSERT(result);
+ return result;
+}
+
inline void vmDeallocate(void* p, size_t vmSize)
{
vmValidate(p, vmSize);
@@ -90,13 +98,15 @@
// Allocates vmSize bytes at a specified power-of-two alignment.
// Use this function to create maskable memory regions.
-inline void* vmAllocate(size_t vmAlignment, size_t vmSize)
+inline void* tryVMAllocate(size_t vmAlignment, size_t vmSize)
{
vmValidate(vmSize);
vmValidate(vmAlignment);
size_t mappedSize = std::max(vmSize, vmAlignment) + vmAlignment;
- char* mapped = static_cast<char*>(vmAllocate(mappedSize));
+ char* mapped = static_cast<char*>(tryVMAllocate(mappedSize));
+ if (!mapped)
+ return nullptr;
char* mappedEnd = mapped + mappedSize;
char* aligned = roundUpToMultipleOf(vmAlignment, mapped);
@@ -111,6 +121,13 @@
return aligned;
}
+inline void* vmAllocate(size_t vmAlignment, size_t vmSize)
+{
+ void* result = tryVMAllocate(vmAlignment, vmSize);
+ RELEASE_BASSERT(result);
+ return result;
+}
+
inline void vmDeallocatePhysicalPages(void* p, size_t vmSize)
{
vmValidate(p, vmSize);
Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/bmalloc.h (181376 => 181377)
--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/bmalloc.h 2015-03-11 09:38:16 UTC (rev 181376)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/bmalloc.h 2015-03-11 10:06:49 UTC (rev 181377)
@@ -31,24 +31,33 @@
namespace bmalloc {
namespace api {
+// Returns null on failure.
+inline void* tryMalloc(size_t size)
+{
+ return Cache::tryAllocate(size);
+}
+
+// Crashes on failure.
inline void* malloc(size_t size)
{
return Cache::allocate(size);
}
+// Crashes on failure.
inline void* memalign(size_t alignment, size_t size)
{
return Cache::allocate(alignment, size);
}
-inline void free(void* object)
+// Crashes on failure.
+inline void* realloc(void* object, size_t newSize)
{
- Cache::deallocate(object);
+ return Cache::reallocate(object, newSize);
}
-inline void* realloc(void* object, size_t newSize)
+inline void free(void* object)
{
- return Cache::reallocate(object, newSize);
+ Cache::deallocate(object);
}
inline void scavengeThisThread()
