Bug 233831

Summary: [libpas] Bitfit allocator has a wrong assertion when a page's max_free is enough for the size of an allocation, not enough for that allocation's size class, and the object of that size is not aligned to the currently requested alignment
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: bmallocAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
WRONG PATCH
none
the patch ysuzuki: review+

Description Filip Pizlo 2021-12-03 11:15:42 PST 
What a combination of conditions:

- We just failed bitfit allocation in a page, which gives us some max_free (aka largest_available), and the allocation had nontrivial alignment.
- The max_free is smaller than the size class.
- The max_free is larger than the requested size.
- The max_free object is not aligned to the requested alignment.

The code handles this fine, but has a wrong assertion about it.
Comment 1 Filip Pizlo 2021-12-03 11:17:48 PST 
rdar://86011012
Comment 2 Radar WebKit Bug Importer 2021-12-03 11:18:25 PST 
<rdar://problem/86026710>
Comment 3 Filip Pizlo 2021-12-03 11:20:33 PST 
Created attachment 445878 [details]
WRONG PATCH
Comment 4 Filip Pizlo 2021-12-03 11:20:53 PST 
Created attachment 445879 [details]
the patch
Comment 5 Yusuke Suzuki 2021-12-03 13:15:37 PST 
Comment on attachment 445879 [details]
the patch

r=me
Comment 6 Filip Pizlo 2021-12-03 14:49:21 PST 
Landed in https://trac.webkit.org/changeset/286516/webkit