257488 – [JSC] Heap allocation during WebAudio rendering

Bug 257488 - [JSC] Heap allocation during WebAudio rendering

Summary: [JSC] Heap allocation during WebAudio rendering

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Audio (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-05-30 08:26 PDT by Philippe Normand
Modified:	2023-06-01 16:29 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philippe Normand 2023-05-30 08:26:48 PDT

(gdb) bt                                                                                                                                                                                                             
#0  0x00007f7c7753790e in WTFCrash() () at /var/home/phil/WebKit/Source/WTF/wtf/Assertions.cpp:327                                                                                                                   
#1  0x00007f7c7523803b in WTFCrashWithInfo(int, char const*, char const*, int) () at WTF/Headers/wtf/Assertions.h:762                                                                                                
#2  0x00007f7c775531ce in WTF::fastMalloc(unsigned long) (size=8) at /var/home/phil/WebKit/Source/WTF/wtf/FastMalloc.cpp:532                                                                                         
#3  0x00007f7c7523d265 in WTF::FastMalloc::malloc(unsigned long) (size=8) at WTF/Headers/wtf/FastMalloc.h:218                                                                                                        
#4  0x00007f7c76f3a031 in WTF::VectorBufferBase<WTF::Ref<JSC::Wasm::Instance, WTF::RawPtrTraits<JSC::Wasm::Instance> >, WTF::FastMalloc>::allocateBuffer<(WTF::FailureAction)0>(unsigned long)                       
    (this=0x7f7ac5ffa120, newCapacity=1) at WTF/Headers/wtf/Vector.h:320                                                                                                                                             
#5  0x00007f7c76f39f55 in WTF::Vector<WTF::Ref<JSC::Wasm::Instance, WTF::RawPtrTraits<JSC::Wasm::Instance> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::reserveInitialCapacity<(WTF::FailureAction)0>(unsign
ed long) (this=0x7f7ac5ffa120, initialCapacity=1) at WTF/Headers/wtf/Vector.h:1320                                                                                                                                   
#6  0x00007f7c76f39dad in WTF::Vector<WTF::Ref<JSC::Wasm::Instance, WTF::RawPtrTraits<JSC::Wasm::Instance> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::reserveInitialCapacity(unsigned long)               
    (this=0x7f7ac5ffa120, initialCapacity=1) at WTF/Headers/wtf/Vector.h:832                                                                                                                                         
#7  0x00007f7c76f23173 in WTF::ThreadSafeWeakHashSet<JSC::Wasm::Instance>::values() (this=0x7f7c0d4d01b8) at WTF/Headers/wtf/ThreadSafeWeakHashSet.h:88                                                              
#8  0x00007f7c76f176d1 in JSC::VM::updateStackLimits() (this=0x7f7c0d4c2000) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/VM.cpp:995                                                                       
#9  0x00007f7c76f17534 in JSC::VM::setStackPointerAtVMEntry(void*) (this=0x7f7c0d4c2000, sp=0x7f7ac5ffa190) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/VM.cpp:920                                        
#10 0x00007f7c76c8d1dc in JSC::JSLock::didAcquireLock() (this=0x7f7c6355c180) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/JSLock.cpp:152                                                                  
#11 0x00007f7c76c8cfdb in JSC::JSLock::lock(long) (this=0x7f7c6355c180, lockCount=1) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/JSLock.cpp:127                                                           
#12 0x00007f7c76c8ccba in JSC::JSLock::lock() (this=0x7f7c6355c180) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/JSLock.cpp:97                                                                             
#13 0x00007f7c76c8cc6a in JSC::JSLockHolder::JSLockHolder(JSC::VM&) (this=0x7f7ad20109e0, vm=...) at /var/home/phil/WebKit/Source/JavaScriptCore/runtime/JSLock.cpp:67                                               
#14 0x00007f7c7e3a21ad in std::_Construct<JSC::JSLockHolder, JSC::VM&>(JSC::JSLockHolder*, JSC::VM&) (__p=0x7f7ad20109e0, __args=...)                                                                                
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/stl_construct.h:119                                                                                                                
#15 0x00007f7c7e3a2181 in std::_Optional_payload_base<JSC::JSLockHolder>::_M_construct<JSC::VM&>(JSC::VM&) (this=0x7f7ad20109e0, __args=...)                                                                         
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/optional:278                                                                                                                            
#16 0x00007f7c7e3a211d in std::_Optional_base_impl<JSC::JSLockHolder, std::_Optional_base<JSC::JSLockHolder, false, false> >::_M_construct<JSC::VM&>(JSC::VM&) (this=0x7f7ad20109e0, __args=...)                     
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/optional:457                                                                                                                            
#17 0x00007f7c7e39c90a in std::optional<JSC::JSLockHolder>::emplace<JSC::VM&>(JSC::VM&) (this=0x7f7ad20109e0, __args=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/optional:918      
#18 0x00007f7c7e38c560 in WebCore::AudioWorkletGlobalScope::handlePreRenderTasks() (this=0x7f7ad20104b0) at /var/home/phil/WebKit/Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp:188                    
#19 0x00007f7c7e3537d8 in WebCore::AudioDestinationNode::renderQuantum(WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&)                                                                           
    (this=0x7f7ad20103d0, destinationBus=0x7f7c63508200, numberOfFrames=128, outputPosition=...) at /var/home/phil/WebKit/Source/WebCore/Modules/webaudio/AudioDestinationNode.cpp:93                                
#20 0x00007f7c7e3c80d5 in WebCore::DefaultAudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&)                                                       
    (this=0x7f7ad20103d0, destinationBus=0x7f7c63508200, numberOfFrames=128, outputPosition=...) at /var/home/phil/WebKit/Source/WebCore/Modules/webaudio/DefaultAudioDestinationNode.cpp:254                        
#21 0x00007f7c7c486207 in WebCore::AudioDestination::callRenderCallback(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&)                                                      
    (this=0x7f7c6366c120, sourceBus=0x0, destinationBus=0x7f7c63508200, framesToProcess=128, outputPosition=...) at /var/home/phil/WebKit/Source/WebCore/platform/audio/AudioDestination.h:105                       
#22 0x00007f7c7c485312 in webKitWebAudioSrcRenderAndPushFrames(WTF::GRefPtr<_GstElement> const&, WTF::GRefPtr<_GstBuffer>&&) (element=..., buffer=...)                                                               
    at /var/home/phil/WebKit/Source/WebCore/platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:358                                                                                                           
#23 0x00007f7c7c485a5f in webKitWebAudioSrcRenderIteration(_WebKitWebAudioSrc*)::$_0::operator()() (this=0x7f7c63604808)                                                                                             
    at /var/home/phil/WebKit/Source/WebCore/platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:406                                                                                                           
#24 0x00007f7c7c485a19 in WTF::Detail::CallableWrapper<webKitWebAudioSrcRenderIteration(_WebKitWebAudioSrc*)::$_0, void>::call() (this=0x7f7c63604800) at WTF/Headers/wtf/Function.h:53                              
#25 0x00007f7c7b0353b2 in WTF::Function<void ()>::operator()() const (this=0x7f7c636c02b8) at WTF/Headers/wtf/Function.h:82                                                                                          
#26 0x00007f7c7e3ca499 in WebCore::DefaultAudioDestinationNode::dispatchToRenderThreadFunction()::$_0::operator()(WTF::Function<void ()>&&) const::{lambda(WebCore::ScriptExecutionContext&)#1}::operator()(WebCore::
ScriptExecutionContext&) (this=0x7f7c636c02b8) at /var/home/phil/WebKit/Source/WebCore/Modules/webaudio/DefaultAudioDestinationNode.cpp:151                                                                          
#27 0x00007f7c7e3ca471 in WTF::Detail::CallableWrapper<WebCore::DefaultAudioDestinationNode::dispatchToRenderThreadFunction()::$_0::operator()(WTF::Function<void ()>&&) const::{lambda(WebCore::ScriptExecutionConte
xt&)#1}, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) (this=0x7f7c636c02b0, in=...) at WTF/Headers/wtf/Function.h:53                                                              
#28 0x00007f7c7e48370a in WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const (this=0x7f7c63604820, in=...) at WTF/Headers/wtf/Function.h:82                  
#29 0x00007f7c7e48115d in WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) (this=0x7f7c63604820, context=...)                                                                    
    at /var/home/phil/WebKit/Source/WebCore/dom/ScriptExecutionContext.h:219                                                                                                                                         
#30 0x00007f7c80a9cde9 in WebCore::WorkerDedicatedRunLoop::Task::performTask(WebCore::WorkerOrWorkletGlobalScope*) (this=0x7f7c63604820, context=0x7f7ad20104b0)                                                     
    at /var/home/phil/WebKit/Source/WebCore/workers/WorkerRunLoop.cpp:285                                                                                                                                            
#31 0x00007f7c80a9c893 in WebCore::WorkerDedicatedRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&) (this=0x7f7c635fe0a0, context=0x7f7ad20104b0, predicate=...)               
    at /var/home/phil/WebKit/Source/WebCore/workers/WorkerRunLoop.cpp:220                                                                                                                                            
#32 0x00007f7c80a9b415 in WebCore::WorkerDedicatedRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) (this=0x7f7c635fe0a0, context=0x7f7ad20104b0)
#33 0x00007f7c80a9b3b4 in WebCore::WorkerOrWorkletThread::runEventLoop() (this=0x7f7c63612630) at /var/home/phil/WebKit/Source/WebCore/workers/WorkerOrWorkletThread.cpp:122                                         
#34 0x00007f7c80a9b77f in WebCore::WorkerOrWorkletThread::workerOrWorkletThread() (this=0x7f7c63612630) at /var/home/phil/WebKit/Source/WebCore/workers/WorkerOrWorkletThread.cpp:196                                
#35 0x00007f7c7e3998a8 in WebCore::AudioWorkletThread::createThread()::$_0::operator()() const (this=0x7f7c633c2878) at /var/home/phil/WebKit/Source/WebCore/Modules/webaudio/AudioWorkletThread.cpp:68              
#36 0x00007f7c7e399889 in WTF::Detail::CallableWrapper<WebCore::AudioWorkletThread::createThread()::$_0, void>::call() (this=0x7f7c633c2870) at WTF/Headers/wtf/Function.h:53                                        
#37 0x00007f7c75fc49d2 in WTF::Function<void ()>::operator()() const (this=0x7f7ac5ffa9d0) at /var/home/phil/WebKit/Source/WTF/wtf/Function.h:82                                                                     
#38 0x00007f7c777dc7e8 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7f7c6360d850) at /var/home/phil/WebKit/Source/WTF/wtf/Threading.cpp:250                                        
#39 0x00007f7c7788eb65 in WTF::wtfThreadEntryPoint(void*) (context=0x7f7c6360d850) at /var/home/phil/WebKit/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242                                                              
#40 0x00007f7c72463907 in start_thread (arg=<optimized out>) at pthread_create.c:444                                                                                                                                 
#41 0x00007f7c724e9870 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Looks like a regression introduced by 264531@main ... I got this when running a GTK Debug build on the http/wpt tests.

Comment 1 Radar WebKit Bug Importer 2023-05-30 10:21:23 PDT

<rdar://problem/110012510>

Comment 2 Chris Dumez 2023-05-30 15:49:37 PDT

Pull request: https://github.com/WebKit/WebKit/pull/14513

Comment 3 EWS 2023-06-01 16:29:12 PDT

Committed 264816@main (1d11bc8cd5be): <https://commits.webkit.org/264816@main>

Reviewed commits have been landed. Closing PR #14513 and removing active labels.