Title: [200167] trunk/Source/bmalloc
- Revision
- 200167
- Author
- [email protected]
- Date
- 2016-04-27 19:11:18 -0700 (Wed, 27 Apr 2016)
Log Message
Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
https://bugs.webkit.org/show_bug.cgi?id=157047
Reviewed by Darin Adler.
* bmalloc/Chunk.h:
(bmalloc::Chunk::Chunk):
(bmalloc::Chunk::get):
(bmalloc::Chunk::offset):
(bmalloc::Chunk::address):
(bmalloc::Object::Object):
(bmalloc::Object::address):
(bmalloc::Object::line):
(bmalloc::Chunk::object): Deleted.
(bmalloc::Object::begin): Deleted.
* bmalloc/Heap.cpp:
(bmalloc::Heap::allocateSmallBumpRangesByObject):
* bmalloc/Object.h:
(bmalloc::Object::chunk):
(bmalloc::Object::offset): Renamed begin() to address() because this is
not an iterator.
* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::allocateSmallChunk): Round up pageSize to a vmPageSize
multiple because pageSize might be smaller than vmPageSize, but we
think the VM system requires vmPageSize-aligned values.
Modified Paths
Diff
Modified: trunk/Source/bmalloc/ChangeLog (200166 => 200167)
--- trunk/Source/bmalloc/ChangeLog 2016-04-28 01:54:12 UTC (rev 200166)
+++ trunk/Source/bmalloc/ChangeLog 2016-04-28 02:11:18 UTC (rev 200167)
@@ -1,3 +1,32 @@
+2016-04-27 Geoffrey Garen <[email protected]>
+
+ Assertion failure in bmalloc::vmRevokePermissions(void*, unsigned long).
+ https://bugs.webkit.org/show_bug.cgi?id=157047
+
+ Reviewed by Darin Adler.
+
+ * bmalloc/Chunk.h:
+ (bmalloc::Chunk::Chunk):
+ (bmalloc::Chunk::get):
+ (bmalloc::Chunk::offset):
+ (bmalloc::Chunk::address):
+ (bmalloc::Object::Object):
+ (bmalloc::Object::address):
+ (bmalloc::Object::line):
+ (bmalloc::Chunk::object): Deleted.
+ (bmalloc::Object::begin): Deleted.
+ * bmalloc/Heap.cpp:
+ (bmalloc::Heap::allocateSmallBumpRangesByObject):
+ * bmalloc/Object.h:
+ (bmalloc::Object::chunk):
+ (bmalloc::Object::offset): Renamed begin() to address() because this is
+ not an iterator.
+
+ * bmalloc/VMHeap.cpp:
+ (bmalloc::VMHeap::allocateSmallChunk): Round up pageSize to a vmPageSize
+ multiple because pageSize might be smaller than vmPageSize, but we
+ think the VM system requires vmPageSize-aligned values.
+
2016-04-25 Geoffrey Garen <[email protected]>
bmalloc: vm allocations should plant guard pages
Modified: trunk/Source/bmalloc/bmalloc/Chunk.h (200166 => 200167)
--- trunk/Source/bmalloc/bmalloc/Chunk.h 2016-04-28 01:54:12 UTC (rev 200166)
+++ trunk/Source/bmalloc/bmalloc/Chunk.h 2016-04-28 02:11:18 UTC (rev 200167)
@@ -43,7 +43,7 @@
size_t offset(void*);
- char* object(size_t offset);
+ char* address(size_t offset);
SmallPage* page(size_t offset);
SmallLine* line(size_t offset);
@@ -68,19 +68,19 @@
{
}
-inline Chunk* Chunk::get(void* object)
+inline Chunk* Chunk::get(void* address)
{
- return static_cast<Chunk*>(mask(object, chunkMask));
+ return static_cast<Chunk*>(mask(address, chunkMask));
}
-inline size_t Chunk::offset(void* object)
+inline size_t Chunk::offset(void* address)
{
- BASSERT(object >= this);
- BASSERT(object < bytes() + chunkSize);
- return static_cast<char*>(object) - bytes();
+ BASSERT(address >= this);
+ BASSERT(address < bytes() + chunkSize);
+ return static_cast<char*>(address) - bytes();
}
-inline char* Chunk::object(size_t offset)
+inline char* Chunk::address(size_t offset)
{
return bytes() + offset;
}
@@ -133,9 +133,9 @@
BASSERT(chunk == Chunk::get(object));
}
-inline char* Object::begin()
+inline char* Object::address()
{
- return m_chunk->object(m_offset);
+ return m_chunk->address(m_offset);
}
inline SmallLine* Object::line()
Modified: trunk/Source/bmalloc/bmalloc/Heap.cpp (200166 => 200167)
--- trunk/Source/bmalloc/bmalloc/Heap.cpp 2016-04-28 01:54:12 UTC (rev 200166)
+++ trunk/Source/bmalloc/bmalloc/Heap.cpp 2016-04-28 02:11:18 UTC (rev 200167)
@@ -265,7 +265,7 @@
};
auto allocateSmallBumpRange = [&](Object& it, Object& end) -> BumpRange {
- char* begin = it.begin();
+ char* begin = it.address();
unsigned short objectCount = 0;
for ( ; it + size <= end; it = it + size) {
if (it.line()->refCount(lock))
Modified: trunk/Source/bmalloc/bmalloc/Object.h (200166 => 200167)
--- trunk/Source/bmalloc/bmalloc/Object.h 2016-04-28 01:54:12 UTC (rev 200166)
+++ trunk/Source/bmalloc/bmalloc/Object.h 2016-04-28 02:11:18 UTC (rev 200167)
@@ -46,7 +46,7 @@
Chunk* chunk() { return m_chunk; }
size_t offset() { return m_offset; }
- char* begin();
+ char* address();
SmallLine* line();
SmallPage* page();
Modified: trunk/Source/bmalloc/bmalloc/VMHeap.cpp (200166 => 200167)
--- trunk/Source/bmalloc/bmalloc/VMHeap.cpp 2016-04-28 01:54:12 UTC (rev 200166)
+++ trunk/Source/bmalloc/bmalloc/VMHeap.cpp 2016-04-28 02:11:18 UTC (rev 200167)
@@ -73,11 +73,13 @@
// Establish guard pages before writing to Chunk memory to work around
// an edge case in the Darwin VM system (<rdar://problem/25910098>).
- vmRevokePermissions(begin.begin(), pageSize);
- vmRevokePermissions(end.begin() - pageSize, pageSize);
+ size_t guardSize = roundUpToMultipleOf(vmPageSize(), pageSize);
+ BASSERT(chunkSize >= 2 * guardSize + pageSize);
+ vmRevokePermissions(begin.address(), guardSize);
+ vmRevokePermissions(end.address() - guardSize, guardSize);
- begin = begin + pageSize;
- end = end - pageSize;
+ begin = begin + guardSize;
+ end = end - guardSize;
new (chunk) Chunk(lock);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
