Title: [200385] trunk/Source/bmalloc
- Revision
- 200385
- Author
- [email protected]
- Date
- 2016-05-03 12:43:56 -0700 (Tue, 03 May 2016)
Log Message
Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
https://bugs.webkit.org/show_bug.cgi?id=157047
Reviewed by Filip Pizlo.
The previous fix aligned the guard page sizes correctly but forgot to
align the guard page start address correctly.
* bmalloc/Algorithm.h:
(bmalloc::roundUpToMultipleOfSloppy): Use a new helper method to round
up when not working with a power of two, instead of writing out the
math by hand.
* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Make sure to round up the guard
page start address in addition to its size. Assert at the very end to
try to catch more bugs.
Modified Paths
Diff
Modified: trunk/Source/bmalloc/ChangeLog (200384 => 200385)
--- trunk/Source/bmalloc/ChangeLog 2016-05-03 18:38:59 UTC (rev 200384)
+++ trunk/Source/bmalloc/ChangeLog 2016-05-03 19:43:56 UTC (rev 200385)
@@ -1,3 +1,23 @@
+2016-05-03 Geoffrey Garen <[email protected]>
+
+ Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
+ https://bugs.webkit.org/show_bug.cgi?id=157047
+
+ Reviewed by Filip Pizlo.
+
+ The previous fix aligned the guard page sizes correctly but forgot to
+ align the guard page start address correctly.
+
+ * bmalloc/Algorithm.h:
+ (bmalloc::roundUpToMultipleOfSloppy): Use a new helper method to round
+ up when not working with a power of two, instead of writing out the
+ math by hand.
+
+ * bmalloc/VMHeap.cpp:
+ (bmalloc::VMHeap::allocateSmallChunk): Make sure to round up the guard
+ page start address in addition to its size. Assert at the very end to
+ try to catch more bugs.
+
2016-04-27 Geoffrey Garen <[email protected]>
Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
Modified: trunk/Source/bmalloc/bmalloc/Algorithm.h (200384 => 200385)
--- trunk/Source/bmalloc/bmalloc/Algorithm.h 2016-05-03 18:38:59 UTC (rev 200384)
+++ trunk/Source/bmalloc/bmalloc/Algorithm.h 2016-05-03 19:43:56 UTC (rev 200385)
@@ -101,6 +101,11 @@
return (numerator + denominator - 1) / denominator;
}
+template<typename T> inline T roundUpToMultipleOfSloppy(size_t divisor, T x)
+{
+ return divideRoundingUp(x, divisor) * divisor;
+}
+
// Version of sizeof that returns 0 for empty classes.
template<typename T> inline constexpr size_t sizeOf()
Modified: trunk/Source/bmalloc/bmalloc/VMHeap.cpp (200384 => 200385)
--- trunk/Source/bmalloc/bmalloc/VMHeap.cpp 2016-05-03 18:38:59 UTC (rev 200384)
+++ trunk/Source/bmalloc/bmalloc/VMHeap.cpp 2016-05-03 19:43:56 UTC (rev 200385)
@@ -61,26 +61,27 @@
size_t pageSize = bmalloc::pageSize(pageClass);
size_t smallPageCount = pageSize / smallPageSize;
- // We align to our page size in order to guarantee that we can service
- // aligned allocation requests at equal and smaller powers of two.
- size_t metadataSize = divideRoundingUp(sizeof(Chunk), pageSize) * pageSize;
-
void* memory = vmAllocate(chunkSize, chunkSize);
Chunk* chunk = static_cast<Chunk*>(memory);
+ // We align to our page size in order to honor OS APIs and in order to
+ // guarantee that we can service aligned allocation requests at equal
+ // and smaller powers of two.
+ size_t vmPageSize = roundUpToMultipleOf(bmalloc::vmPageSize(), pageSize);
+ size_t metadataSize = roundUpToMultipleOfSloppy(vmPageSize, sizeof(Chunk));
+
Object begin(chunk, metadataSize);
Object end(chunk, chunkSize);
// Establish guard pages before writing to Chunk memory to work around
// an edge case in the Darwin VM system (<rdar://problem/25910098>).
- size_t guardSize = roundUpToMultipleOf(vmPageSize(), pageSize);
- BASSERT(chunkSize >= 2 * guardSize + pageSize);
- vmRevokePermissions(begin.address(), guardSize);
- vmRevokePermissions(end.address() - guardSize, guardSize);
+ vmRevokePermissions(begin.address(), vmPageSize);
+ vmRevokePermissions(end.address() - vmPageSize, vmPageSize);
+
+ begin = begin + vmPageSize;
+ end = end - vmPageSize;
+ BASSERT(begin <= end && end.offset() - begin.offset() >= pageSize);
- begin = begin + guardSize;
- end = end - guardSize;
-
new (chunk) Chunk(lock);
#if BOS(DARWIN)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
