Bug 225676

Summary: ConservativeRoots triggers page demand on Speedometer
Product: WebKit Reporter: Geoffrey Garen <ggaren>
Component: New BugsAssignee: Geoffrey Garen <ggaren>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, fpizlo, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 225705    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch none

Description Geoffrey Garen 2021-05-11 15:54:03 PDT 
ConservativeRoots triggers page demand on Speedometer
Comment 1 Geoffrey Garen 2021-05-11 15:57:57 PDT 
Created attachment 428319 [details]
Patch
Comment 2 Geoffrey Garen 2021-05-11 17:21:45 PDT 
Comment on attachment 428319 [details]
Patch

cq+
Comment 3 EWS 2021-05-11 17:52:18 PDT 
Committed r277346 (237604@main): <https://commits.webkit.org/237604@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 428319 [details].
Comment 4 Radar WebKit Bug Importer 2021-05-11 17:53:16 PDT 
<rdar://problem/77872621>
Comment 5 Filip Pizlo 2021-05-12 08:40:18 PDT 
Comment on attachment 428319 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=428319&action=review

> Source/JavaScriptCore/heap/ConservativeRoots.cpp:61
> +            m_roots.append(bitwise_cast<HeapCell*>(p));

Doesn't this code while some threads are thread_suspended?

In that case, I think you just introduced one of my favorite deadlocks:
- The append() calls malloc, which tries to grab some lock.
- Meanwhile some other thread is thread_suspended while holding that lock.

Nothing says that thread_suspend can't stop a thread while it's inside fastMalloc, system malloc, or anything else that holds locks.  I think that's why this code previously used a super janky want of allocating memory -- it was that way so that it didn't have to take locks to allocate.
Comment 6 WebKit Commit Bot 2021-05-12 11:32:35 PDT 
Re-opened since this is blocked by bug 225705
Comment 7 Geoffrey Garen 2021-05-12 12:56:16 PDT 
Created attachment 428405 [details]
Patch
Comment 8 Geoffrey Garen 2021-05-12 13:14:31 PDT 
Comment on attachment 428405 [details]
Patch

cq+
Comment 9 EWS 2021-05-12 14:06:43 PDT 
Committed r277388 (237644@main): <https://commits.webkit.org/237644@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 428405 [details].