<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[180861] releases/WebKitGTK/webkit-2.8/Source/bmalloc</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/180861">180861</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-03-01 01:48:44 -0800 (Sun, 01 Mar 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/180797">r180797</a> - bmalloc: Pathological madvise churn on the free(malloc(x)) benchmark
https://bugs.webkit.org/show_bug.cgi?id=142058
Reviewed by Andreas Kling.
The churn was caused by repeatedly splitting an object with physical
pages from an object without, and then merging them back together again.
The merge would conservatively forget that we had physical pages, forcing
a new call to madvise on the next allocation.
This patch more strictly segregates objects in the heap from objects in
the VM heap, with these changes:
(1) Objects in the heap are not allowed to merge with objects in the VM
heap, and vice versa -- since that would erase our precise knowledge of
which physical pages had been allocated.
(2) The VM heap is exclusively responsible for allocating and deallocating
physical pages.
(3) The heap free list must consider entries for objects that are in the
VM heap to be invalid, and vice versa. (This condition can arise
because the free list does not eagerly remove items.)
With these changes, we can know that any valid object in the heap's free
list already has physical pages, and does not need to call madvise.
Note that the VM heap -- as before -- might sometimes contain ranges
or pieces of ranges that have physical pages, since we allow splitting
of ranges at granularities smaller than the VM page size. These ranges
can eventually merge with ranges in the heap during scavenging.
* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/BoundaryTag.h:
(bmalloc::BoundaryTag::owner):
(bmalloc::BoundaryTag::setOwner):
(bmalloc::BoundaryTag::initSentinel):
(bmalloc::BoundaryTag::hasPhysicalPages): Deleted.
(bmalloc::BoundaryTag::setHasPhysicalPages): Deleted. Replaced the concept
of "has physical pages" with a bit indicating which heap owns the large
object. This is a more precise concept, since the old bit was really a
Yes / Maybe bit.
* bmalloc/Deallocator.cpp:
* bmalloc/FreeList.cpp: Adopt
(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):
* bmalloc/FreeList.h:
(bmalloc::FreeList::push): Added API for considering the owner when
deciding if a free list entry is valid.
* bmalloc/Heap.cpp:
(bmalloc::Heap::Heap): Adopt new API.
(bmalloc::Heap::scavengeLargeRanges): Scavenge all ranges with no minimum,
since some ranges might be able to merge with ranges in the VM heap, and
they won't be allowed to until we scavenge them.
(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::allocateMediumPage):
(bmalloc::Heap::allocateLarge): New VM heap API makes this function
simpler, since we always get back physical pages now.
* bmalloc/Heap.h:
* bmalloc/LargeObject.h:
(bmalloc::LargeObject::end):
(bmalloc::LargeObject::owner):
(bmalloc::LargeObject::setOwner):
(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::merge): Do not merge objects across heaps since
that causes madvise churn.
(bmalloc::LargeObject::validateSelf):
(bmalloc::LargeObject::init):
(bmalloc::LargeObject::hasPhysicalPages): Deleted.
(bmalloc::LargeObject::setHasPhysicalPages): Deleted. Propogate the Owner API.
* bmalloc/Owner.h: Added.
* bmalloc/SegregatedFreeList.cpp:
(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):
* bmalloc/SegregatedFreeList.h: Propogate the owner API.
* bmalloc/VMAllocate.h:
(bmalloc::vmDeallocatePhysicalPagesSloppy):
(bmalloc::vmAllocatePhysicalPagesSloppy): Clarified these functions and
removed an edge case.
* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::VMHeap):
* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateMediumPage):
(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateLargeObject): Be sure to give each object
a new chance to merge, since it might have been prohibited from merging
before by virtue of not being in the VM heap.
(bmalloc::VMHeap::allocateLargeRange): Deleted.
(bmalloc::VMHeap::deallocateLargeRange): Deleted.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocChangeLog">releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocBoundaryTagh">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/BoundaryTag.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocDeallocatorcpp">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Deallocator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocFreeListcpp">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocFreeListh">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocHeapcpp">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocHeaph">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocLargeObjecth">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/LargeObject.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocSegregatedFreeListcpp">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocSegregatedFreeListh">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocVMAllocateh">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocVMHeapcpp">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocVMHeaph">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28Sourcebmallocbmallocxcodeprojprojectpbxproj">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit28SourcebmallocbmallocOwnerh">releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Owner.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit28SourcebmallocChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/ChangeLog 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -1,3 +1,126 @@
</span><ins>+2015-02-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ Fixed a typo in the previous commit.
+
+ * bmalloc/BoundaryTag.h:
+ (bmalloc::BoundaryTag::setOwner):
+
+2015-02-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ EFL build fix after r180797.
+
+ * bmalloc/BoundaryTag.h:
+ (bmalloc::BoundaryTag::owner):
+ (bmalloc::BoundaryTag::setOwner):
+
+2015-02-27 Geoffrey Garen <ggaren@apple.com>
+
+ bmalloc: Pathological madvise churn on the free(malloc(x)) benchmark
+ https://bugs.webkit.org/show_bug.cgi?id=142058
+
+ Reviewed by Andreas Kling.
+
+ The churn was caused by repeatedly splitting an object with physical
+ pages from an object without, and then merging them back together again.
+ The merge would conservatively forget that we had physical pages, forcing
+ a new call to madvise on the next allocation.
+
+ This patch more strictly segregates objects in the heap from objects in
+ the VM heap, with these changes:
+
+ (1) Objects in the heap are not allowed to merge with objects in the VM
+ heap, and vice versa -- since that would erase our precise knowledge of
+ which physical pages had been allocated.
+
+ (2) The VM heap is exclusively responsible for allocating and deallocating
+ physical pages.
+
+ (3) The heap free list must consider entries for objects that are in the
+ VM heap to be invalid, and vice versa. (This condition can arise
+ because the free list does not eagerly remove items.)
+
+ With these changes, we can know that any valid object in the heap's free
+ list already has physical pages, and does not need to call madvise.
+
+ Note that the VM heap -- as before -- might sometimes contain ranges
+ or pieces of ranges that have physical pages, since we allow splitting
+ of ranges at granularities smaller than the VM page size. These ranges
+ can eventually merge with ranges in the heap during scavenging.
+
+ * bmalloc.xcodeproj/project.pbxproj:
+
+ * bmalloc/BoundaryTag.h:
+ (bmalloc::BoundaryTag::owner):
+ (bmalloc::BoundaryTag::setOwner):
+ (bmalloc::BoundaryTag::initSentinel):
+ (bmalloc::BoundaryTag::hasPhysicalPages): Deleted.
+ (bmalloc::BoundaryTag::setHasPhysicalPages): Deleted. Replaced the concept
+ of "has physical pages" with a bit indicating which heap owns the large
+ object. This is a more precise concept, since the old bit was really a
+ Yes / Maybe bit.
+
+ * bmalloc/Deallocator.cpp:
+
+ * bmalloc/FreeList.cpp: Adopt
+ (bmalloc::FreeList::takeGreedy):
+ (bmalloc::FreeList::take):
+ (bmalloc::FreeList::removeInvalidAndDuplicateEntries):
+ * bmalloc/FreeList.h:
+ (bmalloc::FreeList::push): Added API for considering the owner when
+ deciding if a free list entry is valid.
+
+ * bmalloc/Heap.cpp:
+ (bmalloc::Heap::Heap): Adopt new API.
+
+ (bmalloc::Heap::scavengeLargeRanges): Scavenge all ranges with no minimum,
+ since some ranges might be able to merge with ranges in the VM heap, and
+ they won't be allowed to until we scavenge them.
+
+ (bmalloc::Heap::allocateSmallPage):
+ (bmalloc::Heap::allocateMediumPage):
+ (bmalloc::Heap::allocateLarge): New VM heap API makes this function
+ simpler, since we always get back physical pages now.
+
+ * bmalloc/Heap.h:
+ * bmalloc/LargeObject.h:
+ (bmalloc::LargeObject::end):
+ (bmalloc::LargeObject::owner):
+ (bmalloc::LargeObject::setOwner):
+ (bmalloc::LargeObject::isValidAndFree):
+ (bmalloc::LargeObject::merge): Do not merge objects across heaps since
+ that causes madvise churn.
+ (bmalloc::LargeObject::validateSelf):
+ (bmalloc::LargeObject::init):
+ (bmalloc::LargeObject::hasPhysicalPages): Deleted.
+ (bmalloc::LargeObject::setHasPhysicalPages): Deleted. Propogate the Owner API.
+
+ * bmalloc/Owner.h: Added.
+
+ * bmalloc/SegregatedFreeList.cpp:
+ (bmalloc::SegregatedFreeList::SegregatedFreeList):
+ (bmalloc::SegregatedFreeList::insert):
+ (bmalloc::SegregatedFreeList::takeGreedy):
+ (bmalloc::SegregatedFreeList::take):
+ * bmalloc/SegregatedFreeList.h: Propogate the owner API.
+
+ * bmalloc/VMAllocate.h:
+ (bmalloc::vmDeallocatePhysicalPagesSloppy):
+ (bmalloc::vmAllocatePhysicalPagesSloppy): Clarified these functions and
+ removed an edge case.
+
+ * bmalloc/VMHeap.cpp:
+ (bmalloc::VMHeap::VMHeap):
+ * bmalloc/VMHeap.h:
+ (bmalloc::VMHeap::allocateSmallPage):
+ (bmalloc::VMHeap::allocateMediumPage):
+ (bmalloc::VMHeap::allocateLargeObject):
+ (bmalloc::VMHeap::deallocateLargeObject): Be sure to give each object
+ a new chance to merge, since it might have been prohibited from merging
+ before by virtue of not being in the VM heap.
+
+ (bmalloc::VMHeap::allocateLargeRange): Deleted.
+ (bmalloc::VMHeap::deallocateLargeRange): Deleted.
+
</ins><span class="cx"> 2015-02-26 Geoffrey Garen <ggaren@apple.com>
</span><span class="cx">
</span><span class="cx"> bmalloc: Large object free list can grow infinitely
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocBoundaryTagh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/BoundaryTag.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/BoundaryTag.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/BoundaryTag.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #define BoundaryTag_h
</span><span class="cx">
</span><span class="cx"> #include "BAssert.h"
</span><ins>+#include "Owner.h"
</ins><span class="cx"> #include "Range.h"
</span><span class="cx"> #include "Sizes.h"
</span><span class="cx"> #include <cstring>
</span><span class="lines">@@ -49,8 +50,8 @@
</span><span class="cx"> bool isEnd() { return m_isEnd; }
</span><span class="cx"> void setEnd(bool isEnd) { m_isEnd = isEnd; }
</span><span class="cx">
</span><del>- bool hasPhysicalPages() { return m_hasPhysicalPages; }
- void setHasPhysicalPages(bool hasPhysicalPages) { m_hasPhysicalPages = hasPhysicalPages; }
</del><ins>+ Owner owner() { return m_ownerIsHeap ? Owner::Heap : Owner::VMHeap; }
+ void setOwner(Owner owner) { m_ownerIsHeap = (owner == Owner::Heap); }
</ins><span class="cx">
</span><span class="cx"> bool isMarked() { return m_isMarked; }
</span><span class="cx"> void setMarked(bool isMarked) { m_isMarked = isMarked; }
</span><span class="lines">@@ -84,7 +85,7 @@
</span><span class="cx">
</span><span class="cx"> bool m_isFree: 1;
</span><span class="cx"> bool m_isEnd: 1;
</span><del>- bool m_hasPhysicalPages: 1;
</del><ins>+ bool m_ownerIsHeap: 1;
</ins><span class="cx"> bool m_isMarked: 1;
</span><span class="cx"> unsigned m_compactBegin: compactBeginBits;
</span><span class="cx"> unsigned m_size: sizeBits;
</span><span class="lines">@@ -121,6 +122,7 @@
</span><span class="cx"> {
</span><span class="cx"> setRange(Range(nullptr, largeMin));
</span><span class="cx"> setFree(false);
</span><ins>+ setOwner(Owner::VMHeap);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocDeallocatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Deallocator.cpp (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Deallocator.cpp 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Deallocator.cpp 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -24,7 +24,6 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> #include "BAssert.h"
</span><del>-#include "BeginTag.h"
</del><span class="cx"> #include "LargeChunk.h"
</span><span class="cx"> #include "Deallocator.h"
</span><span class="cx"> #include "Heap.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocFreeListcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.cpp (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.cpp 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.cpp 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -23,27 +23,23 @@
</span><span class="cx"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</span><span class="cx"> */
</span><span class="cx">
</span><del>-#include "BeginTag.h"
</del><span class="cx"> #include "LargeChunk.h"
</span><span class="cx"> #include "FreeList.h"
</span><span class="cx"> #include "Vector.h"
</span><span class="cx">
</span><span class="cx"> namespace bmalloc {
</span><span class="cx">
</span><del>-LargeObject FreeList::takeGreedy(size_t size)
</del><ins>+LargeObject FreeList::takeGreedy(Owner owner)
</ins><span class="cx"> {
</span><span class="cx"> for (size_t i = m_vector.size(); i-- > 0; ) {
</span><span class="cx"> // We don't eagerly remove items when we merge and/or split ranges,
</span><span class="cx"> // so we need to validate each free list entry before using it.
</span><span class="cx"> LargeObject largeObject(LargeObject::DoNotValidate, m_vector[i].begin());
</span><del>- if (!largeObject.isValidAndFree(m_vector[i].size())) {
</del><ins>+ if (!largeObject.isValidAndFree(owner, m_vector[i].size())) {
</ins><span class="cx"> m_vector.pop(i);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (largeObject.size() < size)
- continue;
-
</del><span class="cx"> m_vector.pop(i);
</span><span class="cx"> return largeObject;
</span><span class="cx"> }
</span><span class="lines">@@ -51,7 +47,7 @@
</span><span class="cx"> return LargeObject();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-LargeObject FreeList::take(size_t size)
</del><ins>+LargeObject FreeList::take(Owner owner, size_t size)
</ins><span class="cx"> {
</span><span class="cx"> LargeObject first;
</span><span class="cx"> size_t end = m_vector.size() > freeListSearchDepth ? m_vector.size() - freeListSearchDepth : 0;
</span><span class="lines">@@ -59,7 +55,7 @@
</span><span class="cx"> // We don't eagerly remove items when we merge and/or split ranges, so
</span><span class="cx"> // we need to validate each free list entry before using it.
</span><span class="cx"> LargeObject largeObject(LargeObject::DoNotValidate, m_vector[i].begin());
</span><del>- if (!largeObject.isValidAndFree(m_vector[i].size())) {
</del><ins>+ if (!largeObject.isValidAndFree(owner, m_vector[i].size())) {
</ins><span class="cx"> m_vector.pop(i);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="lines">@@ -76,7 +72,7 @@
</span><span class="cx"> return first;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-LargeObject FreeList::take(size_t alignment, size_t size, size_t unalignedSize)
</del><ins>+LargeObject FreeList::take(Owner owner, size_t alignment, size_t size, size_t unalignedSize)
</ins><span class="cx"> {
</span><span class="cx"> BASSERT(isPowerOfTwo(alignment));
</span><span class="cx"> size_t alignmentMask = alignment - 1;
</span><span class="lines">@@ -87,7 +83,7 @@
</span><span class="cx"> // We don't eagerly remove items when we merge and/or split ranges, so
</span><span class="cx"> // we need to validate each free list entry before using it.
</span><span class="cx"> LargeObject largeObject(LargeObject::DoNotValidate, m_vector[i].begin());
</span><del>- if (!largeObject.isValidAndFree(m_vector[i].size())) {
</del><ins>+ if (!largeObject.isValidAndFree(owner, m_vector[i].size())) {
</ins><span class="cx"> m_vector.pop(i);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="lines">@@ -107,11 +103,11 @@
</span><span class="cx"> return first;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void FreeList::removeInvalidAndDuplicateEntries()
</del><ins>+void FreeList::removeInvalidAndDuplicateEntries(Owner owner)
</ins><span class="cx"> {
</span><span class="cx"> for (size_t i = m_vector.size(); i-- > 0; ) {
</span><span class="cx"> LargeObject largeObject(LargeObject::DoNotValidate, m_vector[i].begin());
</span><del>- if (!largeObject.isValidAndFree(m_vector[i].size())) {
</del><ins>+ if (!largeObject.isValidAndFree(owner, m_vector[i].size())) {
</ins><span class="cx"> m_vector.pop(i);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocFreeListh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/FreeList.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -37,14 +37,14 @@
</span><span class="cx"> public:
</span><span class="cx"> FreeList();
</span><span class="cx">
</span><del>- void push(const LargeObject&);
</del><ins>+ void push(Owner, const LargeObject&);
</ins><span class="cx">
</span><del>- LargeObject take(size_t);
- LargeObject take(size_t alignment, size_t, size_t unalignedSize);
</del><ins>+ LargeObject take(Owner, size_t);
+ LargeObject take(Owner, size_t alignment, size_t, size_t unalignedSize);
</ins><span class="cx">
</span><del>- LargeObject takeGreedy(size_t);
</del><ins>+ LargeObject takeGreedy(Owner);
</ins><span class="cx">
</span><del>- void removeInvalidAndDuplicateEntries();
</del><ins>+ void removeInvalidAndDuplicateEntries(Owner);
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> Vector<Range> m_vector;
</span><span class="lines">@@ -57,11 +57,11 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void FreeList::push(const LargeObject& largeObject)
</del><ins>+inline void FreeList::push(Owner owner, const LargeObject& largeObject)
</ins><span class="cx"> {
</span><span class="cx"> BASSERT(largeObject.isFree());
</span><span class="cx"> if (m_vector.size() == m_limit) {
</span><del>- removeInvalidAndDuplicateEntries();
</del><ins>+ removeInvalidAndDuplicateEntries(owner);
</ins><span class="cx"> m_limit = std::max(m_vector.size() * freeListGrowFactor, freeListSearchDepth);
</span><span class="cx"> }
</span><span class="cx"> m_vector.push(largeObject.range());
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocHeapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.cpp 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -46,7 +46,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Heap::Heap(std::lock_guard<StaticMutex>&)
</span><del>- : m_isAllocatingPages(false)
</del><ins>+ : m_largeObjects(Owner::Heap)
+ , m_isAllocatingPages(false)
</ins><span class="cx"> , m_scavenger(*this, &Heap::concurrentScavenge)
</span><span class="cx"> {
</span><span class="cx"> initializeLineMetadata();
</span><span class="lines">@@ -144,10 +145,10 @@
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- LargeObject largeObject = m_largeObjects.takeGreedy(vmPageSize);
</del><ins>+ LargeObject largeObject = m_largeObjects.takeGreedy();
</ins><span class="cx"> if (!largeObject)
</span><span class="cx"> return;
</span><del>- m_vmHeap.deallocateLargeRange(lock, largeObject);
</del><ins>+ m_vmHeap.deallocateLargeObject(lock, largeObject);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -240,10 +241,7 @@
</span><span class="cx"> SmallPage* page = [this, sizeClass]() {
</span><span class="cx"> if (m_smallPages.size())
</span><span class="cx"> return m_smallPages.pop();
</span><del>-
- SmallPage* page = m_vmHeap.allocateSmallPage();
- vmAllocatePhysicalPages(page->begin()->begin(), vmPageSize);
- return page;
</del><ins>+ return m_vmHeap.allocateSmallPage();
</ins><span class="cx"> }();
</span><span class="cx">
</span><span class="cx"> page->setSizeClass(sizeClass);
</span><span class="lines">@@ -265,10 +263,7 @@
</span><span class="cx"> MediumPage* page = [this, sizeClass]() {
</span><span class="cx"> if (m_mediumPages.size())
</span><span class="cx"> return m_mediumPages.pop();
</span><del>-
- MediumPage* page = m_vmHeap.allocateMediumPage();
- vmAllocatePhysicalPages(page->begin()->begin(), vmPageSize);
- return page;
</del><ins>+ return m_vmHeap.allocateMediumPage();
</ins><span class="cx"> }();
</span><span class="cx">
</span><span class="cx"> page->setSizeClass(sizeClass);
</span><span class="lines">@@ -375,12 +370,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> largeObject.setFree(false);
</span><del>-
- if (!largeObject.hasPhysicalPages()) {
- vmAllocatePhysicalPagesSloppy(largeObject.begin(), largeObject.size());
- largeObject.setHasPhysicalPages(true);
- }
-
</del><span class="cx"> return largeObject.begin();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -394,7 +383,7 @@
</span><span class="cx">
</span><span class="cx"> LargeObject largeObject = m_largeObjects.take(size);
</span><span class="cx"> if (!largeObject)
</span><del>- largeObject = m_vmHeap.allocateLargeRange(size);
</del><ins>+ largeObject = m_vmHeap.allocateLargeObject(size);
</ins><span class="cx">
</span><span class="cx"> return allocateLarge(lock, largeObject, size);
</span><span class="cx"> }
</span><span class="lines">@@ -415,21 +404,17 @@
</span><span class="cx">
</span><span class="cx"> LargeObject largeObject = m_largeObjects.take(alignment, size, unalignedSize);
</span><span class="cx"> if (!largeObject)
</span><del>- largeObject = m_vmHeap.allocateLargeRange(alignment, size, unalignedSize);
</del><ins>+ largeObject = m_vmHeap.allocateLargeObject(alignment, size, unalignedSize);
</ins><span class="cx">
</span><span class="cx"> size_t alignmentMask = alignment - 1;
</span><del>- if (!test(largeObject.begin(), alignmentMask))
- return allocateLarge(lock, largeObject, size);
</del><ins>+ if (test(largeObject.begin(), alignmentMask)) {
+ size_t prefixSize = roundUpToMultipleOf(alignment, largeObject.begin() + largeMin) - largeObject.begin();
+ std::pair<LargeObject, LargeObject> pair = largeObject.split(prefixSize);
+ m_largeObjects.insert(pair.first);
+ largeObject = pair.second;
+ }
</ins><span class="cx">
</span><del>- // Because we allocate VM left-to-right, we must explicitly allocate the
- // unaligned space on the left in order to break off the aligned space
- // we want in the middle.
- size_t prefixSize = roundUpToMultipleOf(alignment, largeObject.begin() + largeMin) - largeObject.begin();
- std::pair<LargeObject, LargeObject> pair = largeObject.split(prefixSize);
- allocateLarge(lock, pair.first, prefixSize);
- allocateLarge(lock, pair.second, size);
- deallocateLarge(lock, pair.first);
- return pair.second.begin();
</del><ins>+ return allocateLarge(lock, largeObject, size);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::deallocateLarge(std::lock_guard<StaticMutex>&, const LargeObject& largeObject)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocHeaph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Heap.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -86,8 +86,8 @@
</span><span class="cx">
</span><span class="cx"> void splitLarge(BeginTag*, size_t, EndTag*&, Range&);
</span><span class="cx"> void mergeLarge(BeginTag*&, EndTag*&, Range&);
</span><del>- void mergeLargeLeft(EndTag*&, BeginTag*&, Range&, bool& hasPhysicalPages);
- void mergeLargeRight(EndTag*&, BeginTag*&, Range&, bool& hasPhysicalPages);
</del><ins>+ void mergeLargeLeft(EndTag*&, BeginTag*&, Range&, bool& inVMHeap);
+ void mergeLargeRight(EndTag*&, BeginTag*&, Range&, bool& inVMHeap);
</ins><span class="cx">
</span><span class="cx"> void concurrentScavenge();
</span><span class="cx"> void scavengeSmallPages(std::unique_lock<StaticMutex>&, std::chrono::milliseconds);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocLargeObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/LargeObject.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/LargeObject.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/LargeObject.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -46,19 +46,20 @@
</span><span class="cx"> bool operator!() { return !m_object; }
</span><span class="cx">
</span><span class="cx"> char* begin() const { return static_cast<char*>(m_object); }
</span><ins>+ char* end() const { return begin() + size(); }
</ins><span class="cx"> size_t size() const { return m_beginTag->size(); }
</span><span class="cx"> Range range() const { return Range(m_object, size()); }
</span><span class="cx">
</span><span class="cx"> void setFree(bool) const;
</span><span class="cx"> bool isFree() const;
</span><span class="cx">
</span><del>- bool hasPhysicalPages() const;
- void setHasPhysicalPages(bool) const;
</del><ins>+ Owner owner() const;
+ void setOwner(Owner) const;
</ins><span class="cx">
</span><span class="cx"> bool isMarked() const;
</span><span class="cx"> void setMarked(bool) const;
</span><span class="cx">
</span><del>- bool isValidAndFree(size_t) const;
</del><ins>+ bool isValidAndFree(Owner, size_t) const;
</ins><span class="cx">
</span><span class="cx"> LargeObject merge() const;
</span><span class="cx"> std::pair<LargeObject, LargeObject> split(size_t) const;
</span><span class="lines">@@ -116,17 +117,17 @@
</span><span class="cx"> return m_beginTag->isFree();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool LargeObject::hasPhysicalPages() const
</del><ins>+inline Owner LargeObject::owner() const
</ins><span class="cx"> {
</span><span class="cx"> validate();
</span><del>- return m_beginTag->hasPhysicalPages();
</del><ins>+ return m_beginTag->owner();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void LargeObject::setHasPhysicalPages(bool hasPhysicalPages) const
</del><ins>+inline void LargeObject::setOwner(Owner owner) const
</ins><span class="cx"> {
</span><span class="cx"> validate();
</span><del>- m_beginTag->setHasPhysicalPages(hasPhysicalPages);
- m_endTag->setHasPhysicalPages(hasPhysicalPages);
</del><ins>+ m_beginTag->setOwner(owner);
+ m_endTag->setOwner(owner);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool LargeObject::isMarked() const
</span><span class="lines">@@ -142,7 +143,7 @@
</span><span class="cx"> m_endTag->setMarked(isMarked);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool LargeObject::isValidAndFree(size_t expectedSize) const
</del><ins>+inline bool LargeObject::isValidAndFree(Owner expectedOwner, size_t expectedSize) const
</ins><span class="cx"> {
</span><span class="cx"> if (!m_beginTag->isFree())
</span><span class="cx"> return false;
</span><span class="lines">@@ -156,6 +157,9 @@
</span><span class="cx"> if (m_beginTag->compactBegin() != BoundaryTag::compactBegin(m_object))
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ if (m_beginTag->owner() != expectedOwner)
+ return false;
+
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -164,17 +168,15 @@
</span><span class="cx"> validate();
</span><span class="cx"> BASSERT(isFree());
</span><span class="cx">
</span><del>- bool hasPhysicalPages = m_beginTag->hasPhysicalPages();
-
</del><span class="cx"> BeginTag* beginTag = m_beginTag;
</span><span class="cx"> EndTag* endTag = m_endTag;
</span><span class="cx"> Range range = this->range();
</span><ins>+ Owner owner = this->owner();
</ins><span class="cx">
</span><span class="cx"> EndTag* prev = beginTag->prev();
</span><del>- if (prev->isFree()) {
</del><ins>+ if (prev->isFree() && prev->owner() == owner) {
</ins><span class="cx"> Range left(range.begin() - prev->size(), prev->size());
</span><span class="cx"> range = Range(left.begin(), left.size() + range.size());
</span><del>- hasPhysicalPages &= prev->hasPhysicalPages();
</del><span class="cx">
</span><span class="cx"> prev->clear();
</span><span class="cx"> beginTag->clear();
</span><span class="lines">@@ -183,12 +185,10 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> BeginTag* next = endTag->next();
</span><del>- if (next->isFree()) {
</del><ins>+ if (next->isFree() && next->owner() == owner) {
</ins><span class="cx"> Range right(range.end(), next->size());
</span><span class="cx"> range = Range(range.begin(), range.size() + right.size());
</span><span class="cx">
</span><del>- hasPhysicalPages &= next->hasPhysicalPages();
-
</del><span class="cx"> endTag->clear();
</span><span class="cx"> next->clear();
</span><span class="cx">
</span><span class="lines">@@ -197,7 +197,7 @@
</span><span class="cx">
</span><span class="cx"> beginTag->setRange(range);
</span><span class="cx"> beginTag->setFree(true);
</span><del>- beginTag->setHasPhysicalPages(hasPhysicalPages);
</del><ins>+ beginTag->setOwner(owner);
</ins><span class="cx"> endTag->init(beginTag);
</span><span class="cx">
</span><span class="cx"> return LargeObject(beginTag, endTag, range.begin());
</span><span class="lines">@@ -238,7 +238,7 @@
</span><span class="cx">
</span><span class="cx"> BASSERT(m_beginTag->size() == m_endTag->size());
</span><span class="cx"> BASSERT(m_beginTag->isFree() == m_endTag->isFree());
</span><del>- BASSERT(m_beginTag->hasPhysicalPages() == m_endTag->hasPhysicalPages());
</del><ins>+ BASSERT(m_beginTag->owner() == m_endTag->owner());
</ins><span class="cx"> BASSERT(m_beginTag->isMarked() == m_endTag->isMarked());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -264,7 +264,7 @@
</span><span class="cx"> BeginTag* beginTag = LargeChunk::beginTag(range.begin());
</span><span class="cx"> beginTag->setRange(range);
</span><span class="cx"> beginTag->setFree(true);
</span><del>- beginTag->setHasPhysicalPages(false);
</del><ins>+ beginTag->setOwner(Owner::VMHeap);
</ins><span class="cx">
</span><span class="cx"> EndTag* endTag = LargeChunk::endTag(range.begin(), range.size());
</span><span class="cx"> endTag->init(beginTag);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocOwnerhfromrev180860releasesWebKitGTKwebkit28SourcebmallocbmallocVMHeapcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Owner.h (from rev 180860, releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.cpp) (0 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Owner.h (rev 0)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/Owner.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -0,0 +1,38 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Owner_h
+#define Owner_h
+
+namespace bmalloc {
+
+enum class Owner : unsigned {
+ VMHeap,
+ Heap
+};
+
+} // namespace bmalloc
+
+#endif // Owner_h
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocSegregatedFreeListcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.cpp (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.cpp 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.cpp 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -27,21 +27,23 @@
</span><span class="cx">
</span><span class="cx"> namespace bmalloc {
</span><span class="cx">
</span><del>-SegregatedFreeList::SegregatedFreeList()
</del><ins>+SegregatedFreeList::SegregatedFreeList(Owner owner)
+ : m_owner(owner)
</ins><span class="cx"> {
</span><span class="cx"> BASSERT(static_cast<size_t>(&select(largeMax) - m_freeLists.begin()) == m_freeLists.size() - 1);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SegregatedFreeList::insert(const LargeObject& largeObject)
</span><span class="cx"> {
</span><ins>+ BASSERT(largeObject.owner() == m_owner);
</ins><span class="cx"> auto& list = select(largeObject.size());
</span><del>- list.push(largeObject);
</del><ins>+ list.push(m_owner, largeObject);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-LargeObject SegregatedFreeList::takeGreedy(size_t size)
</del><ins>+LargeObject SegregatedFreeList::takeGreedy()
</ins><span class="cx"> {
</span><span class="cx"> for (size_t i = m_freeLists.size(); i-- > 0; ) {
</span><del>- LargeObject largeObject = m_freeLists[i].takeGreedy(size);
</del><ins>+ LargeObject largeObject = m_freeLists[i].takeGreedy(m_owner);
</ins><span class="cx"> if (!largeObject)
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="lines">@@ -53,7 +55,7 @@
</span><span class="cx"> LargeObject SegregatedFreeList::take(size_t size)
</span><span class="cx"> {
</span><span class="cx"> for (auto* list = &select(size); list != m_freeLists.end(); ++list) {
</span><del>- LargeObject largeObject = list->take(size);
</del><ins>+ LargeObject largeObject = list->take(m_owner, size);
</ins><span class="cx"> if (!largeObject)
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="lines">@@ -65,7 +67,7 @@
</span><span class="cx"> LargeObject SegregatedFreeList::take(size_t alignment, size_t size, size_t unalignedSize)
</span><span class="cx"> {
</span><span class="cx"> for (auto* list = &select(size); list != m_freeLists.end(); ++list) {
</span><del>- LargeObject largeObject = list->take(alignment, size, unalignedSize);
</del><ins>+ LargeObject largeObject = list->take(m_owner, alignment, size, unalignedSize);
</ins><span class="cx"> if (!largeObject)
</span><span class="cx"> continue;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocSegregatedFreeListh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/SegregatedFreeList.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -33,7 +33,7 @@
</span><span class="cx">
</span><span class="cx"> class SegregatedFreeList {
</span><span class="cx"> public:
</span><del>- SegregatedFreeList();
</del><ins>+ SegregatedFreeList(Owner);
</ins><span class="cx">
</span><span class="cx"> void insert(const LargeObject&);
</span><span class="cx">
</span><span class="lines">@@ -54,11 +54,12 @@
</span><span class="cx"> // fit is found. Never returns LargeObject() spuriously. Incrementally
</span><span class="cx"> // removes stale items from the free list while searching. Eagerly removes
</span><span class="cx"> // the returned object from the free list.
</span><del>- LargeObject takeGreedy(size_t);
-
</del><ins>+ LargeObject takeGreedy();
+
</ins><span class="cx"> private:
</span><span class="cx"> FreeList& select(size_t);
</span><span class="cx">
</span><ins>+ Owner m_owner;
</ins><span class="cx"> std::array<FreeList, 19> m_freeLists;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocVMAllocateh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMAllocate.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -131,18 +131,16 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// Trims requests that are un-page-aligned. NOTE: size must be at least a page.
</del><ins>+// Trims requests that are un-page-aligned.
</ins><span class="cx"> inline void vmDeallocatePhysicalPagesSloppy(void* p, size_t size)
</span><span class="cx"> {
</span><del>- BASSERT(size >= vmPageSize);
-
</del><span class="cx"> char* begin = roundUpToMultipleOf<vmPageSize>(static_cast<char*>(p));
</span><span class="cx"> char* end = roundDownToMultipleOf<vmPageSize>(static_cast<char*>(p) + size);
</span><span class="cx">
</span><del>- Range range(begin, end - begin);
- if (!range)
</del><ins>+ if (begin >= end)
</ins><span class="cx"> return;
</span><del>- vmDeallocatePhysicalPages(range.begin(), range.size());
</del><ins>+
+ vmDeallocatePhysicalPages(begin, end - begin);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Expands requests that are un-page-aligned. NOTE: Allocation must proceed left-to-right.
</span><span class="lines">@@ -151,10 +149,10 @@
</span><span class="cx"> char* begin = roundUpToMultipleOf<vmPageSize>(static_cast<char*>(p));
</span><span class="cx"> char* end = roundUpToMultipleOf<vmPageSize>(static_cast<char*>(p) + size);
</span><span class="cx">
</span><del>- Range range(begin, end - begin);
- if (!range)
</del><ins>+ if (begin >= end)
</ins><span class="cx"> return;
</span><del>- vmAllocatePhysicalPages(range.begin(), range.size());
</del><ins>+
+ vmAllocatePhysicalPages(begin, end - begin);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocVMHeapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.cpp (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.cpp 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.cpp 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> namespace bmalloc {
</span><span class="cx">
</span><span class="cx"> VMHeap::VMHeap()
</span><ins>+ : m_largeObjects(Owner::VMHeap)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourcebmallocbmallocVMHeaph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.h (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.h 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc/VMHeap.h 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -52,14 +52,15 @@
</span><span class="cx">
</span><span class="cx"> SmallPage* allocateSmallPage();
</span><span class="cx"> MediumPage* allocateMediumPage();
</span><del>- LargeObject allocateLargeRange(size_t);
- LargeObject allocateLargeRange(size_t alignment, size_t, size_t unalignedSize);
</del><ins>+ LargeObject allocateLargeObject(size_t);
+ LargeObject allocateLargeObject(size_t alignment, size_t, size_t unalignedSize);
</ins><span class="cx">
</span><span class="cx"> void deallocateSmallPage(std::unique_lock<StaticMutex>&, SmallPage*);
</span><span class="cx"> void deallocateMediumPage(std::unique_lock<StaticMutex>&, MediumPage*);
</span><del>- void deallocateLargeRange(std::unique_lock<StaticMutex>&, LargeObject&);
</del><ins>+ void deallocateLargeObject(std::unique_lock<StaticMutex>&, LargeObject&);
</ins><span class="cx">
</span><span class="cx"> private:
</span><ins>+ LargeObject allocateLargeObject(LargeObject&, size_t);
</ins><span class="cx"> void grow();
</span><span class="cx">
</span><span class="cx"> Vector<SmallPage*> m_smallPages;
</span><span class="lines">@@ -75,7 +76,9 @@
</span><span class="cx"> if (!m_smallPages.size())
</span><span class="cx"> grow();
</span><span class="cx">
</span><del>- return m_smallPages.pop();
</del><ins>+ SmallPage* page = m_smallPages.pop();
+ vmAllocatePhysicalPages(page->begin()->begin(), vmPageSize);
+ return page;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline MediumPage* VMHeap::allocateMediumPage()
</span><span class="lines">@@ -83,21 +86,39 @@
</span><span class="cx"> if (!m_mediumPages.size())
</span><span class="cx"> grow();
</span><span class="cx">
</span><del>- return m_mediumPages.pop();
</del><ins>+ MediumPage* page = m_mediumPages.pop();
+ vmAllocatePhysicalPages(page->begin()->begin(), vmPageSize);
+ return page;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline LargeObject VMHeap::allocateLargeRange(size_t size)
</del><ins>+inline LargeObject VMHeap::allocateLargeObject(LargeObject& largeObject, size_t size)
</ins><span class="cx"> {
</span><ins>+ BASSERT(largeObject.isFree());
+
+ if (largeObject.size() - size > largeMin) {
+ std::pair<LargeObject, LargeObject> split = largeObject.split(size);
+ largeObject = split.first;
+ m_largeObjects.insert(split.second);
+ }
+
+ vmAllocatePhysicalPagesSloppy(largeObject.begin(), largeObject.size());
+ largeObject.setOwner(Owner::Heap);
+ return largeObject.begin();
+}
+
+inline LargeObject VMHeap::allocateLargeObject(size_t size)
+{
</ins><span class="cx"> LargeObject largeObject = m_largeObjects.take(size);
</span><span class="cx"> if (!largeObject) {
</span><span class="cx"> grow();
</span><span class="cx"> largeObject = m_largeObjects.take(size);
</span><span class="cx"> BASSERT(largeObject);
</span><span class="cx"> }
</span><del>- return largeObject;
</del><ins>+
+ return allocateLargeObject(largeObject, size);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline LargeObject VMHeap::allocateLargeRange(size_t alignment, size_t size, size_t unalignedSize)
</del><ins>+inline LargeObject VMHeap::allocateLargeObject(size_t alignment, size_t size, size_t unalignedSize)
</ins><span class="cx"> {
</span><span class="cx"> LargeObject largeObject = m_largeObjects.take(alignment, size, unalignedSize);
</span><span class="cx"> if (!largeObject) {
</span><span class="lines">@@ -105,7 +126,11 @@
</span><span class="cx"> largeObject = m_largeObjects.take(alignment, size, unalignedSize);
</span><span class="cx"> BASSERT(largeObject);
</span><span class="cx"> }
</span><del>- return largeObject;
</del><ins>+
+ size_t alignmentMask = alignment - 1;
+ if (test(largeObject.begin(), alignmentMask))
+ return allocateLargeObject(largeObject, unalignedSize);
+ return allocateLargeObject(largeObject, size);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline void VMHeap::deallocateSmallPage(std::unique_lock<StaticMutex>& lock, SmallPage* page)
</span><span class="lines">@@ -126,20 +151,25 @@
</span><span class="cx"> m_mediumPages.push(page);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void VMHeap::deallocateLargeRange(std::unique_lock<StaticMutex>& lock, LargeObject& largeObject)
</del><ins>+inline void VMHeap::deallocateLargeObject(std::unique_lock<StaticMutex>& lock, LargeObject& largeObject)
</ins><span class="cx"> {
</span><del>- // Temporarily mark this range as allocated to prevent clients from merging
- // with it and then reallocating it while we're messing with its physical pages.
- largeObject.setFree(false);
</del><ins>+ largeObject.setOwner(Owner::VMHeap);
+
+ // If we couldn't merge with our neighbors before because they were in the
+ // VM heap, we can merge with them now.
+ LargeObject merged = largeObject.merge();
</ins><span class="cx">
</span><ins>+ // Temporarily mark this object as allocated to prevent clients from merging
+ // with it or allocating it while we're messing with its physical pages.
+ merged.setFree(false);
+
</ins><span class="cx"> lock.unlock();
</span><del>- vmDeallocatePhysicalPagesSloppy(largeObject.begin(), largeObject.size());
</del><ins>+ vmDeallocatePhysicalPagesSloppy(merged.begin(), merged.size());
</ins><span class="cx"> lock.lock();
</span><span class="cx">
</span><del>- largeObject.setFree(true);
- largeObject.setHasPhysicalPages(false);
</del><ins>+ merged.setFree(true);
</ins><span class="cx">
</span><del>- m_largeObjects.insert(largeObject);
</del><ins>+ m_largeObjects.insert(merged);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28Sourcebmallocbmallocxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj (180860 => 180861)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2015-03-01 09:43:35 UTC (rev 180860)
+++ releases/WebKitGTK/webkit-2.8/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2015-03-01 09:48:44 UTC (rev 180861)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> 14C6216F1A9A9A6200E72293 /* LargeObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 14C6216E1A9A9A6200E72293 /* LargeObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 14C919C918FCC59F0028DB43 /* BPlatform.h in Headers */ = {isa = PBXBuildFile; fileRef = 14C919C818FCC59F0028DB43 /* BPlatform.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 14CC394C18EA8858004AFE34 /* libbmalloc.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 14F271BE18EA3963008C152F /* libbmalloc.a */; };
</span><ins>+ 14D2CD9B1AA12CFB00770440 /* Owner.h in Headers */ = {isa = PBXBuildFile; fileRef = 14D2CD9A1AA12CFB00770440 /* Owner.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 14DD788C18F48CAE00950702 /* LargeChunk.h in Headers */ = {isa = PBXBuildFile; fileRef = 147AAA8818CD17CE002201E4 /* LargeChunk.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 14DD788D18F48CC600950702 /* BeginTag.h in Headers */ = {isa = PBXBuildFile; fileRef = 1417F64518B54A700076FA3F /* BeginTag.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 14DD788E18F48CCD00950702 /* BoundaryTag.h in Headers */ = {isa = PBXBuildFile; fileRef = 1485655E18A43AF900ED6942 /* BoundaryTag.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -138,6 +139,7 @@
</span><span class="cx"> 14C6216E1A9A9A6200E72293 /* LargeObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LargeObject.h; path = bmalloc/LargeObject.h; sourceTree = "<group>"; };
</span><span class="cx"> 14C919C818FCC59F0028DB43 /* BPlatform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BPlatform.h; path = bmalloc/BPlatform.h; sourceTree = "<group>"; };
</span><span class="cx"> 14CC394418EA8743004AFE34 /* libmbmalloc.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libmbmalloc.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
</span><ins>+ 14D2CD9A1AA12CFB00770440 /* Owner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Owner.h; path = bmalloc/Owner.h; sourceTree = "<group>"; };
</ins><span class="cx"> 14D9DB4517F2447100EAAB79 /* FixedVector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = FixedVector.h; path = bmalloc/FixedVector.h; sourceTree = "<group>"; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; };
</span><span class="cx"> 14DA32071885F9E6007269E0 /* Line.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = Line.h; path = bmalloc/Line.h; sourceTree = "<group>"; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; };
</span><span class="cx"> 14DA320C18875B09007269E0 /* Heap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Heap.h; path = bmalloc/Heap.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -224,6 +226,7 @@
</span><span class="cx"> 143EF9AE1A9FABF6004F5C77 /* FreeList.h */,
</span><span class="cx"> 147AAA8818CD17CE002201E4 /* LargeChunk.h */,
</span><span class="cx"> 14C6216E1A9A9A6200E72293 /* LargeObject.h */,
</span><ins>+ 14D2CD9A1AA12CFB00770440 /* Owner.h */,
</ins><span class="cx"> 146BEE2118C845AE0002D5A2 /* SegregatedFreeList.cpp */,
</span><span class="cx"> 146BEE1E18C841C50002D5A2 /* SegregatedFreeList.h */,
</span><span class="cx"> );
</span><span class="lines">@@ -353,6 +356,7 @@
</span><span class="cx"> 14DD788E18F48CCD00950702 /* BoundaryTag.h in Headers */,
</span><span class="cx"> 14DD78C818F48D7500950702 /* FixedVector.h in Headers */,
</span><span class="cx"> 14DD78B718F48D6B00950702 /* MediumLine.h in Headers */,
</span><ins>+ 14D2CD9B1AA12CFB00770440 /* Owner.h in Headers */,
</ins><span class="cx"> 14DD78B618F48D6B00950702 /* MediumChunk.h in Headers */,
</span><span class="cx"> 14DD78BC18F48D6B00950702 /* SmallLine.h in Headers */,
</span><span class="cx"> 14DD789818F48D4A00950702 /* Allocator.h in Headers */,
</span></span></pre>
</div>
</div>
</body>
</html>