m_firstEligible doesn't get set backwards if a page becomes decommitted. So it's possible to enter a pathological case where decommitted memory never gets reused.
<rdar://problem/51186335>
Created attachment 370962 [details] Patch
Attachment 370962 [details] did not pass style-queue: ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:30: Alphabetical sorting problem. [build/include_order] [4] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:112: Consider using CHECK_EQ instead of CHECK(a == b) [readability/check] [2] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:144: Consider using CHECK_GE instead of CHECK(a >= b) [readability/check] [2] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:159: Consider using CHECK_GE instead of CHECK(a >= b) [readability/check] [2] Total errors found: 4 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 370962 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370962&action=review Looks nice. I think this patch needs IsoHeapImpl change too. > Source/bmalloc/bmalloc/IsoDirectoryInlines.h:126 > + m_firstEligibleOrDecommitted = std::min(m_firstEligibleOrDecommitted, index); We need to do the same thing for IsoHeapImpl's m_isInlineDirectoryEligible and m_firstEligibleDirectory :) > Source/bmalloc/bmalloc/ProcessCheck.mm:50 > + || [processName hasPrefix:@"Test"]; Lol, nice!
Created attachment 370963 [details] Patch
Attachment 370963 [details] did not pass style-queue: ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:30: Alphabetical sorting problem. [build/include_order] [4] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:112: Consider using CHECK_EQ instead of CHECK(a == b) [readability/check] [2] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:144: Consider using CHECK_GE instead of CHECK(a >= b) [readability/check] [2] ERROR: Tools/TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:159: Consider using CHECK_GE instead of CHECK(a >= b) [readability/check] [2] Total errors found: 4 in 10 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 370963 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370963&action=review r=me > Source/bmalloc/bmalloc/IsoDirectoryInlines.h:51 > + BASSERT((m_eligible | ~m_committed).findBit(0, true) == pageIndex); Nice! > Source/bmalloc/bmalloc/IsoHeapImpl.h:84 > + void didBecomeEligibleOrDecommited(IsoDirectory<Config, numPagesInInlineDirectory>*); > + void didBecomeEligibleOrDecommited(IsoDirectory<Config, IsoDirectoryPage<Config>::numPages>*); This is nice and cleaner. > Source/bmalloc/bmalloc/IsoHeapImplInlines.h:202 > + Let's drop this blank line.
Created attachment 370969 [details] Patch for landing
Comment on attachment 370969 [details] Patch for landing Rejecting attachment 370969 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'build', '--no-clean', '--no-update', '--build-style=release', '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 5000 characters of output: ssing-prototypes -Wunreachable-code -Wno-non-virtual-dtor -Wno-overloaded-virtual -Wno-exit-time-destructors -Wno-missing-braces -Wparentheses -Wswitch -Wunused-function -Wno-unused-label -Wno-unused-parameter -Wunused-variable -Wunused-value -Wempty-body -Wuninitialized -Wno-unknown-pragmas -Wno-shadow -Wno-four-char-constants -Wno-conversion -Wconstant-conversion -Wint-conversion -Wbool-conversion -Wenum-conversion -Wno-float-conversion -Wnon-literal-null-conversion -Wobjc-literal-conversion -Wno-shorten-64-to-32 -Wno-newline-eof -Wno-c++11-extensions -DNDEBUG -DENABLE_3D_TRANSFORMS -DENABLE_APPLE_PAY -DENABLE_APPLE_PAY_SESSION_V3 -DENABLE_APPLICATION_MANIFEST -DENABLE_ATTACHMENT_ELEMENT -DENABLE_AVF_CAPTIONS -DENABLE_CACHE_PARTITIONING -DENABLE_CHANNEL_MESSAGING -DENABLE_CONTENT_FILTERING -DENABLE_CSS_BOX_DECORATION_BREAK -DENABLE_CSS_COMPOSITING -DENABLE_CSS_PAINTING_API -DENABLE_CSS_SCROLL_SNAP -DENABLE_CSS_SELECTORS_LEVEL4 -DENABLE_CSS_TRAILING_WORD -DENABLE_CSS_TYPED_OM -DENABLE_CURSOR_VISIBILITY -DENABLE_DARK_MODE_CSS -DENABLE_DASHBOARD_SUPPORT -DENABLE_DATACUE_VALUE -DENABLE_DATALIST_ELEMENT -DENABLE_EXPERIMENTAL_FEATURES -DENABLE_FILTERS_LEVEL_2 -DENABLE_FTL_JIT -DENABLE_FULLSCREEN_API -DENABLE_GAMEPAD -DENABLE_GEOLOCATION -DENABLE_ICONDATABASE -DENABLE_INDEXED_DATABASE -DENABLE_INDEXED_DATABASE_IN_WORKERS -DENABLE_INPUT_TYPE_COLOR -DENABLE_INSPECTOR_ALTERNATE_DISPATCHERS -DENABLE_INTERSECTION_OBSERVER -DENABLE_INTL -DENABLE_KEYBOARD_CODE_ATTRIBUTE -DENABLE_KEYBOARD_KEY_ATTRIBUTE -DENABLE_LAYOUT_FORMATTING_CONTEXT -DENABLE_LEGACY_CSS_VENDOR_PREFIXES -DENABLE_LEGACY_CUSTOM_PROTOCOL_MANAGER -DENABLE_LEGACY_ENCRYPTED_MEDIA -DENABLE_MATHML -DENABLE_MEDIA_CONTROLS_SCRIPT -DENABLE_MEDIA_SOURCE -DENABLE_MEDIA_STREAM -DENABLE_MEMORY_SAMPLER -DENABLE_METER_ELEMENT -DENABLE_MOUSE_CURSOR_SCALE -DENABLE_NETWORK_CACHE_SPECULATIVE_REVALIDATION -DENABLE_NOTIFICATIONS -DENABLE_PAYMENT_REQUEST -DENABLE_PDFKIT_PLUGIN -DENABLE_POINTER_EVENTS -DENABLE_POINTER_LOCK -DENABLE_PUBLIC_SUFFIX_LIST -DENABLE_REMOTE_INSPECTOR -DENABLE_RESIZE_OBSERVER -DENABLE_RESOURCE_LOAD_STATISTICS -DENABLE_RESOURCE_USAGE -DENABLE_RUBBER_BANDING -DENABLE_SANDBOX_EXTENSIONS -DENABLE_SERVER_PRECONNECT -DENABLE_SERVICE_CONTROLS -DENABLE_SERVICE_WORKER -DENABLE_SHAREABLE_RESOURCE -DENABLE_SPEECH_SYNTHESIS -DENABLE_STREAMS_API -DENABLE_SVG_FONTS -DENABLE_TELEPHONE_NUMBER_DETECTION -DENABLE_TEXT_AUTOSIZING -DENABLE_USERSELECT_ALL -DENABLE_USER_MESSAGE_HANDLERS -DENABLE_VARIATION_FONTS -DENABLE_VIDEO -DENABLE_VIDEO_PRESENTATION_MODE -DENABLE_VIDEO_TRACK -DENABLE_VIDEO_USES_ELEMENT_FULLSCREEN -DENABLE_WEBDRIVER_MOUSE_INTERACTIONS -DENABLE_WEBDRIVER_KEYBOARD_INTERACTIONS -DENABLE_WEBGL -DENABLE_WEBGL2 -DENABLE_WEBGPU -DENABLE_WEB_AUDIO -DENABLE_WEB_AUTHN -DENABLE_WEB_CRYPTO -DENABLE_WEB_PROCESS_SANDBOX -DENABLE_WEB_RTC -DENABLE_WIRELESS_PLAYBACK_TARGET -DENABLE_XSLT -DU_DISABLE_RENAMING=1 -DU_SHOW_CPLUSPLUS_API=0 -DENABLE_DASHBOARD_SUPPORT -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk -fasm-blocks -fstrict-aliasing -Wno-deprecated-declarations -Winvalid-offsetof -mmacosx-version-min=10.13 -g -fvisibility=hidden -Wno-sign-conversion -Winfinite-recursion -Wmove -Wcomma -Wblock-capture-autoreleasing -Wstrict-prototypes -Wrange-loop-analysis -Wno-semicolon-before-method-body -I/Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/TestWTF.hmap -I/Volumes/Data/EWS/WebKit/WebKitBuild/Release/include -I/Volumes/Data/EWS/WebKit/WebKitBuild/Release/usr/local/include -I/Volumes/Data/EWS/WebKit/WebKitBuild/Release/WebCore.framework/PrivateHeaders/ForwardingHeaders -I/Volumes/Data/EWS/WebKit/WebKitBuild/Release/WebCoreTestSupport -I/Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/DerivedSources/x86_64 -I/Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/DerivedSources -Wall -W -Wno-unused-parameter -F/Volumes/Data/EWS/WebKit/WebKitBuild/Release --system-header-prefix=WebKit/ -iframework /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk/System/Library/PrivateFrameworks -ftemplate-depth=256 -MMD -MT dependencies -MF /Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/Objects-normal/x86_64/Markable.d --serialize-diagnostics /Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/Objects-normal/x86_64/Markable.dia -c /Volumes/Data/EWS/WebKit/Tools/TestWebKitAPI/Tests/WTF/Markable.cpp -o /Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/Objects-normal/x86_64/Markable.o ** BUILD FAILED ** The following build commands failed: CompileC /Volumes/Data/EWS/WebKit/WebKitBuild/TestWebKitAPI.build/Release/TestWTFLibrary.build/Objects-normal/x86_64/IsoHeap.o Tests/WTF/bmalloc/IsoHeap.cpp normal x86_64 c++ com.apple.compilers.llvm.clang.1_0.compiler (1 failure) Full output: https://webkit-queues.webkit.org/results/12331233
Created attachment 370984 [details] Patch for landing
Comment on attachment 370984 [details] Patch for landing Clearing flags on attachment: 370984 Committed r245908: <https://trac.webkit.org/changeset/245908>
All reviewed patches have been landed. Closing bug.