Bug 233831

Summary: [libpas] Bitfit allocator has a wrong assertion when a page's max_free is enough for the size of an allocation, not enough for that allocation's size class, and the object of that size is not aligned to the currently requested alignment
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: bmallocAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
WRONG PATCH
none
the patch ysuzuki: review+

Filip Pizlo
Reported 2021-12-03 11:15:42 PST
What a combination of conditions: - We just failed bitfit allocation in a page, which gives us some max_free (aka largest_available), and the allocation had nontrivial alignment. - The max_free is smaller than the size class. - The max_free is larger than the requested size. - The max_free object is not aligned to the requested alignment. The code handles this fine, but has a wrong assertion about it.
Attachments
WRONG PATCH (314.04 KB, patch)
2021-12-03 11:20 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (14.33 KB, patch)
2021-12-03 11:20 PST, Filip Pizlo 		ysuzuki: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2021-12-03 11:17:48 PST
rdar://86011012
Radar WebKit Bug Importer
Comment 2 2021-12-03 11:18:25 PST
<rdar://problem/86026710>
Filip Pizlo
Comment 3 2021-12-03 11:20:33 PST
Created attachment 445878 [details] WRONG PATCH
Filip Pizlo
Comment 4 2021-12-03 11:20:53 PST
Created attachment 445879 [details] the patch
Yusuke Suzuki
Comment 5 2021-12-03 13:15:37 PST
Comment on attachment 445879 [details] the patch r=me
Filip Pizlo
Comment 6 2021-12-03 14:49:21 PST
Landed in https://trac.webkit.org/changeset/286516/webkit
Note You need to log in before you can comment on or make changes to this bug.