RESOLVED FIXED 212016
[bmalloc] Fix OOM errors on MIPS after r261667 
https://bugs.webkit.org/show_bug.cgi?id=212016
Summary [bmalloc] Fix OOM errors on MIPS after r261667
Paulo Matos
Reported 2020-05-18 04:40:16 PDT
The following tests started to fail around r261680 and skipped on r261808. The following JSC stress test failures have been introduced: jsc-layout-tests.yaml/js/script-tests/stack-overflow-regexp.js.layout jsc-layout-tests.yaml/js/script-tests/stack-overflow-regexp.js.layout-dfg-eager-no-cjit jsc-layout-tests.yaml/js/script-tests/stack-overflow-regexp.js.layout-no-cjit jsc-layout-tests.yaml/js/script-tests/stack-overflow-regexp.js.layout-no-llint stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js.default These should not fail and might be related to recent changes regarding memory management.
Attachments
Patch (7.86 KB, patch)
2020-05-22 06:47 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Patch (8.98 KB, patch)
2020-05-22 12:58 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Patch (8.68 KB, patch)
2020-05-23 07:00 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Caio Lima
Comment 1 2020-05-22 06:47:09 PDT
Created attachment 400042 [details] Patch
Yusuke Suzuki
Comment 2 2020-05-22 11:41:36 PDT
Comment on attachment 400042 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400042&action=review > Source/bmalloc/bmalloc/ObjectTypeTable.cpp:48 > } else if (index < bits->begin()) { Doesn't `if (bits == &sentinelBits) {` case require the underflow check too?
Caio Lima
Comment 3 2020-05-22 12:37:00 PDT
Comment on attachment 400042 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400042&action=review >> Source/bmalloc/bmalloc/ObjectTypeTable.cpp:48 >> } else if (index < bits->begin()) { > > Doesn't `if (bits == &sentinelBits) {` case require the underflow check too? I missed it and I think it does. I'll add those.
Caio Lima
Comment 4 2020-05-22 12:58:25 PDT
Created attachment 400068 [details] Patch
Yusuke Suzuki
Comment 5 2020-05-22 13:41:21 PDT
Comment on attachment 400068 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400068&action=review r=me with comments. > Source/bmalloc/bmalloc/ObjectTypeTable.cpp:47 > + newBegin = index < ObjectTypeTable::Bits::bitCountPerWord * 4 ? 0 : std::min<unsigned>(index, index - ObjectTypeTable::Bits::bitCountPerWord * 4); Can you wrtie it like, constexpr unsigned offsetForInitialAllocation = ObjectTypeTable::Bits::bitCountPerWord * 4; if (index < offsetForInitialAllocation) newBegin = 0; else newBegin = std::min<unsigned>(index, index - offsetForInitialAllocation); > Source/bmalloc/bmalloc/ObjectTypeTable.cpp:56 > + newBegin = bits->begin() < bits->count() ? 0 : std::min<unsigned>(index, bits->begin() - bits->count()); Ditto like this, since it is hard to read. if (bits->begin() < bits->count()) newBegin = 0; else newBegin = std::min<unsigned>(index, bits->begin() - bits->count()); > Source/bmalloc/bmalloc/ObjectTypeTable.cpp:66 > + newEnd = std::numeric_limits<unsigned>::max() - bits->count() < bits->end() ? std::numeric_limits<unsigned>::max() : std::max<unsigned>(index + 1, bits->end() + bits->count()); Ditto.
Caio Lima
Comment 6 2020-05-23 06:57:49 PDT
Comment on attachment 400068 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=400068&action=review >> Source/bmalloc/bmalloc/ObjectTypeTable.cpp:47 >> + newBegin = index < ObjectTypeTable::Bits::bitCountPerWord * 4 ? 0 : std::min<unsigned>(index, index - ObjectTypeTable::Bits::bitCountPerWord * 4); > > Can you wrtie it like, > > constexpr unsigned offsetForInitialAllocation = ObjectTypeTable::Bits::bitCountPerWord * 4; > if (index < offsetForInitialAllocation) > newBegin = 0; > else > newBegin = std::min<unsigned>(index, index - offsetForInitialAllocation); Changed. The only difference I applied was to use `newBegin = index - offsetForInitialAllocation;`, since it is not possible that `index` will ever be lower than `index - offsetForInitialAllocation` when `index >= offsetForInitialAllocation`. >> Source/bmalloc/bmalloc/ObjectTypeTable.cpp:56 >> + newBegin = bits->begin() < bits->count() ? 0 : std::min<unsigned>(index, bits->begin() - bits->count()); > > Ditto like this, since it is hard to read. > > if (bits->begin() < bits->count()) > newBegin = 0; > else > newBegin = std::min<unsigned>(index, bits->begin() - bits->count()); Changed. >> Source/bmalloc/bmalloc/ObjectTypeTable.cpp:66 >> + newEnd = std::numeric_limits<unsigned>::max() - bits->count() < bits->end() ? std::numeric_limits<unsigned>::max() : std::max<unsigned>(index + 1, bits->end() + bits->count()); > > Ditto. Changed.
Caio Lima
Comment 7 2020-05-23 07:00:37 PDT
Created attachment 400120 [details] Patch
Caio Lima
Comment 8 2020-05-23 09:23:21 PDT
Comment on attachment 400120 [details] Patch Thank you very much for the review
EWS
Comment 9 2020-05-23 09:35:33 PDT
Committed r262100: <https://trac.webkit.org/changeset/262100> All reviewed patches have been landed. Closing bug and clearing flags on attachment 400120 [details].
Radar WebKit Bug Importer
Comment 10 2020-05-23 09:36:18 PDT
<rdar://problem/63570045>
Note You need to log in before you can comment on or make changes to this bug.