[webkit-changes] [254764] trunk/Source/bmalloc

[ysuzuki]

Title: [254764] trunk/Source/bmalloc

Revision

254764

Author

ysuz...@apple.com

Date

2020-01-17 13:43:13 -0800 (Fri, 17 Jan 2020)

Log Message

[bmalloc] Fix IsoHeapImpl's assertion introduced in r254708
https://bugs.webkit.org/show_bug.cgi?id=206440
<rdar://problem/58688794>

Reviewed by Mark Lam.

The assertion introduced in r254708 was wrong.
Fixing it to check the invariant we actually want to ensure.
This fixes TestWTF crash in Debug build.

* bmalloc/IsoHeapImplInlines.h:
(bmalloc::IsoHeapImpl<Config>::takeFirstEligible):

Modified Paths

• trunk/Source/bmalloc/ChangeLog
• trunk/Source/bmalloc/bmalloc/IsoHeapImplInlines.h

Diff

Modified: trunk/Source/bmalloc/ChangeLog (254763 => 254764)

--- trunk/Source/bmalloc/ChangeLog	2020-01-17 21:10:54 UTC (rev 254763)
+++ trunk/Source/bmalloc/ChangeLog	2020-01-17 21:43:13 UTC (rev 254764)
@@ -1,3 +1,18 @@
+2020-01-17  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [bmalloc] Fix IsoHeapImpl's assertion introduced in r254708
+        https://bugs.webkit.org/show_bug.cgi?id=206440
+        <rdar://problem/58688794>
+
+        Reviewed by Mark Lam.
+
+        The assertion introduced in r254708 was wrong.
+        Fixing it to check the invariant we actually want to ensure.
+        This fixes TestWTF crash in Debug build.
+
+        * bmalloc/IsoHeapImplInlines.h:
+        (bmalloc::IsoHeapImpl<Config>::takeFirstEligible):
+
 2020-01-16  Yusuke Suzuki  <ysuz...@apple.com>
 
         [bmalloc] IsoHeap's initial setup should be small

Modified: trunk/Source/bmalloc/bmalloc/IsoHeapImplInlines.h (254763 => 254764)

--- trunk/Source/bmalloc/bmalloc/IsoHeapImplInlines.h	2020-01-17 21:10:54 UTC (rev 254763)
+++ trunk/Source/bmalloc/bmalloc/IsoHeapImplInlines.h	2020-01-17 21:43:13 UTC (rev 254764)
@@ -60,9 +60,13 @@
             RELEASE_BASSERT(!m_headDirectory.get());
             RELEASE_BASSERT(!m_tailDirectory.get());
         } else {
+            auto* originalCursor = cursor;
+            BUNUSED(originalCursor);
             for (; cursor; cursor = cursor->next) {
                 EligibilityResult<Config> result = cursor->payload.takeFirstEligible(locker);
-                ASSERT(m_firstEligibleOrDecommitedDirectory.get() == cursor);
+                // While iterating, m_firstEligibleOrDecommitedDirectory is never changed. We are holding a lock,
+                // and IsoDirectory::takeFirstEligible must not populate a new eligibile / decommitted pages.
+                BASSERT(m_firstEligibleOrDecommitedDirectory.get() == originalCursor);
                 if (result.kind != EligibilityKind::Full) {
                     m_directoryHighWatermark = std::max(m_directoryHighWatermark, cursor->index());
                     m_firstEligibleOrDecommitedDirectory = cursor;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes