[webkit-changes] [204713] releases/WebKitGTK/webkit-2.12/Source/bmalloc

[carlosgc]

Title: [204713] releases/WebKitGTK/webkit-2.12/Source/bmalloc

Revision

204713

Author

carlo...@webkit.org

Date

2016-08-22 06:51:54 -0700 (Mon, 22 Aug 2016)

Log Message

Merge r204091 - [bmalloc] Merging of XLargeRanges can leak the upper range
https://bugs.webkit.org/show_bug.cgi?id=160403

Reviewed by Michael Saboff.

* bmalloc/Heap.cpp:
(bmalloc::Heap::scavengeLargeObjects): Don't use removePhysical().
Recorded physical size is a performance optimization. It is not the
truth. So it might be zero even if a range contains physical pages.

Instead, iterate each range in the map unconditionally.

The map can shrink when we release the lock, so we must clamp our
iterator each time through the loop.

The map can grow when we release the lock, but we don't care because
growth restarts the scavenger from the beginning.

* bmalloc/XLargeMap.cpp:
(bmalloc::XLargeMap::removePhysical): Deleted. Not used anymore.

* bmalloc/XLargeMap.h:
(bmalloc::XLargeMap::ranges): Added direct access for the sake of
scavengeLargeObjects. (This violates our naming conventions -- I'll do
a rename in a follow-up patch.)

Modified Paths

• releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog
• releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp
• releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.cpp
• releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.h

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog (204712 => 204713)

--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog	2016-08-22 13:51:47 UTC (rev 204712)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog	2016-08-22 13:51:54 UTC (rev 204713)
@@ -1,3 +1,31 @@
+2016-08-03  Geoffrey Garen  <gga...@apple.com>
+
+        [bmalloc] Merging of XLargeRanges can leak the upper range
+        https://bugs.webkit.org/show_bug.cgi?id=160403
+
+        Reviewed by Michael Saboff.
+
+        * bmalloc/Heap.cpp:
+        (bmalloc::Heap::scavengeLargeObjects): Don't use removePhysical().
+        Recorded physical size is a performance optimization. It is not the
+        truth. So it might be zero even if a range contains physical pages.
+
+        Instead, iterate each range in the map unconditionally.
+
+        The map can shrink when we release the lock, so we must clamp our
+        iterator each time through the loop.
+
+        The map can grow when we release the lock, but we don't care because
+        growth restarts the scavenger from the beginning.
+
+        * bmalloc/XLargeMap.cpp:
+        (bmalloc::XLargeMap::removePhysical): Deleted. Not used anymore.
+
+        * bmalloc/XLargeMap.h:
+        (bmalloc::XLargeMap::ranges): Added direct access for the sake of
+        scavengeLargeObjects. (This violates our naming conventions -- I'll do
+        a rename in a follow-up patch.)
+
 2016-07-11  Geoffrey Garen  <gga...@apple.com>
 
         Crash due to abort() calling libc++.1.dylib: std::__1::thread::detach()

Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp (204712 => 204713)

--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp	2016-08-22 13:51:47 UTC (rev 204712)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp	2016-08-22 13:51:54 UTC (rev 204713)
@@ -131,13 +131,16 @@
 
 void Heap::scavengeLargeObjects(std::unique_lock<StaticMutex>& lock, std::chrono::milliseconds sleepDuration)
 {
-    while (XLargeRange range = m_largeFree.removePhysical()) {
+    auto& ranges = m_largeFree.ranges();
+    for (size_t i = ranges.size(); i-- > 0; i = std::min(i, ranges.size())) {
+        auto range = ranges.pop(i);
+
         lock.unlock();
         vmDeallocatePhysicalPagesSloppy(range.begin(), range.size());
         lock.lock();
-        
+
         range.setPhysicalSize(0);
-        m_largeFree.add(range);
+        ranges.push(range);
 
         waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
     }

Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.cpp (204712 => 204713)

--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.cpp	2016-08-22 13:51:47 UTC (rev 204712)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.cpp	2016-08-22 13:51:54 UTC (rev 204713)
@@ -76,16 +76,4 @@
     m_free.push(merged);
 }
 
-XLargeRange XLargeMap::removePhysical()
-{
-    auto it = std::find_if(m_free.begin(), m_free.end(), [](const XLargeRange& range) {
-        return range.physicalSize();
-    });
-
-    if (it == m_free.end())
-        return XLargeRange();
-
-    return m_free.pop(it);
-}
-
 } // namespace bmalloc

Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.h (204712 => 204713)

--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.h	2016-08-22 13:51:47 UTC (rev 204712)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/XLargeMap.h	2016-08-22 13:51:54 UTC (rev 204713)
@@ -36,7 +36,7 @@
 public:
     void add(const XLargeRange&);
     XLargeRange remove(size_t alignment, size_t);
-    XLargeRange removePhysical();
+    Vector<XLargeRange>& ranges() { return m_free; }
 
 private:
     Vector<XLargeRange> m_free;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes