Bug 223230 - Avoid heap allocation under AudioSummingJunction::updateRenderingState()
Summary: Avoid heap allocation under AudioSummingJunction::updateRenderingState()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Audio (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 223226
  Show dependency treegraph
 
Reported: 2021-03-15 18:05 PDT by Chris Dumez
Modified: 2021-03-16 17:53 PDT (History)
11 users (show)

See Also:

Attachments
Patch (3.45 KB, patch)
2021-03-15 18:08 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (3.57 KB, patch)
2021-03-15 19:03 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (3.43 KB, patch)
2021-03-16 16:59 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-03-15 18:05:14 PDT 
Avoid heap allocation under AudioSummingJunction::updateRenderingState(), since this runs on the audio thread:

Thread 9 Crashed:: offline renderer
0   com.apple.JavaScriptCore            0x00000003d7c3ff4e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.JavaScriptCore            0x00000003d93dc99b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.JavaScriptCore            0x00000003d7c7d607 WTF::fastMalloc(unsigned long) + 215 (FastMalloc.cpp:496)
3   com.apple.WebCore                   0x00000003b88bce75 WTF::FastMalloc::malloc(unsigned long) + 21 (FastMalloc.h:246)
4   com.apple.WebCore                   0x00000003babdcae2 bool WTF::VectorBufferBase<WebCore::AudioNodeOutput*, WTF::FastMalloc>::allocateBuffer<(WTF::FailureAction)0>(unsigned long) + 178 (Vector.h:301)
5   com.apple.WebCore                   0x00000003babdc931 bool WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::reserveCapacity<(WTF::FailureAction)0>(unsigned long) + 113 (Vector.h:1195)
6   com.apple.WebCore                   0x00000003babdc860 bool WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::expandCapacity<(WTF::FailureAction)0>(unsigned long) + 112 (Vector.h:1056)
7   com.apple.WebCore                   0x00000003babca944 WTF::Vector<WebCore::AudioNodeOutput*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::resize(unsigned long) + 148 (Vector.h:1102)
8   com.apple.WebCore                   0x00000003babca798 WebCore::AudioSummingJunction::updateRenderingState() + 280 (AudioSummingJunction.cpp:81)
9   com.apple.WebCore                   0x00000003babf5b97 WebCore::BaseAudioContext::handleDirtyAudioSummingJunctions() + 247 (BaseAudioContext.cpp:852)
10  com.apple.WebCore                   0x00000003babf5a47 WebCore::BaseAudioContext::handlePreRenderTasks(WebCore::AudioIOPosition const&) + 151 (BaseAudioContext.cpp:701)
11  com.apple.WebCore                   0x00000003bab8ddd3 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 307 (AudioDestinationNode.cpp:81)
12  com.apple.WebCore                   0x00000003bac5483d WebCore::OfflineAudioDestinationNode::offlineRender() + 877 (OfflineAudioDestinationNode.cpp:164)
13  com.apple.WebCore                   0x00000003bac74939 WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2::operator()() + 41 (OfflineAudioDestinationNode.cpp:104)
14  com.apple.WebCore                   0x00000003bac7630e WTF::Detail::CallableWrapper<WebCore::OfflineAudioDestinationNode::startRendering(WTF::CompletionHandler<void (WTF::Optional<WebCore::Exception>&&)>&&)::$_2, void>::call() + 30 (Function.h:52)
15  com.apple.JavaScriptCore            0x00000003d7c68552 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
16  com.apple.JavaScriptCore            0x00000003d7d1cba8 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 424 (Threading.cpp:181)
17  com.apple.JavaScriptCore            0x00000003d7d28d48 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241)
18  libsystem_pthread.dylib             0x00007fff20686954 _pthread_start + 224
19  libsystem_pthread.dylib             0x00007fff206824a7 thread_start + 15
Comment 1 Chris Dumez 2021-03-15 18:08:40 PDT 
Created attachment 423275 [details]
Patch
Comment 2 Chris Dumez 2021-03-15 19:03:40 PDT 
Created attachment 423280 [details]
Patch
Comment 3 Darin Adler 2021-03-16 14:24:12 PDT 
Comment on attachment 423280 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423280&action=review

> Source/WebCore/Modules/webaudio/AudioSummingJunction.h:87
> +    Optional<Vector<AudioNodeOutput*>> m_pendingRenderingOutputs;

I don’t see why we have to use Optional here. If we used an empty vector instead, and replaced the checks for null with checks for an empty vector, I think all the code above would still be correct. We could then remove the special case for null/empty from updateRenderingState.
Comment 4 Chris Dumez 2021-03-16 16:59:22 PDT 
Created attachment 423417 [details]
Patch
Comment 5 EWS 2021-03-16 17:52:15 PDT 
Committed r274541: <https://commits.webkit.org/r274541>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 423417 [details].
Comment 6 Radar WebKit Bug Importer 2021-03-16 17:53:15 PDT 
<rdar://problem/75503829>