Bug 233831 - [libpas] Bitfit allocator has a wrong assertion when a page's max_free is enough for the size of an allocation, not enough for that allocation's size class, and the object of that size is not aligned to the currently requested alignment
Summary: [libpas] Bitfit allocator has a wrong assertion when a page's max_free is eno...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: bmalloc (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-12-03 11:15 PST by Filip Pizlo
Modified: 2021-12-03 14:49 PST (History)
3 users (show)

See Also:

Attachments
WRONG PATCH (314.04 KB, patch)
2021-12-03 11:20 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (14.33 KB, patch)
2021-12-03 11:20 PST, Filip Pizlo 		ysuzuki: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2021-12-03 11:15:42 PST 
What a combination of conditions:

- We just failed bitfit allocation in a page, which gives us some max_free (aka largest_available), and the allocation had nontrivial alignment.
- The max_free is smaller than the size class.
- The max_free is larger than the requested size.
- The max_free object is not aligned to the requested alignment.

The code handles this fine, but has a wrong assertion about it.
Comment 1 Filip Pizlo 2021-12-03 11:17:48 PST 
rdar://86011012
Comment 2 Radar WebKit Bug Importer 2021-12-03 11:18:25 PST 
<rdar://problem/86026710>
Comment 3 Filip Pizlo 2021-12-03 11:20:33 PST 
Created attachment 445878 [details]
WRONG PATCH
Comment 4 Filip Pizlo 2021-12-03 11:20:53 PST 
Created attachment 445879 [details]
the patch
Comment 5 Yusuke Suzuki 2021-12-03 13:15:37 PST 
Comment on attachment 445879 [details]
the patch

r=me
Comment 6 Filip Pizlo 2021-12-03 14:49:21 PST 
Landed in https://trac.webkit.org/changeset/286516/webkit