[webkit-dev] Stability problems involving Javascript GC

Chris Backas chb at infoplusonline.com
Mon Dec 20 09:32:20 PST 2010

On Dec 19, 2010, at 4:24 PM, David Kilzer wrote:

> On Dec 17, 2010, at 12:02 AM, Zoltan Herczeg wrote:
>>>> On 6 December 2010 22:31, Zoltan Herczeg <zherczeg at inf.u- 
>>>> szeged.hu> wrote:
>>>>> Crash in WTF::fastMalloc? Such things only happen if something  
>>>>> overwrites
>>>>> memory areas belongs to the memory manager (i.e overwrites some  
>>>>> bytes
>>>>> before or after a block returned by malloc). Try some valgrind  
>>>>> equivalent
>>>>> on mac to detect those writings into "red zones".
>>>> How can you use valgrind to help on that? We had some symptoms  
>>>> similar
>>>> to this and also came to the conclusion that probably something is
>>>> overwriting the structures used by fast malloc, but couldn't find
>>>> anything with valgrind. Overwriting in an area that has bee  
>>>> reserved
>>>> is not an error vangrind finds, at least not with any options  
>>>> that I
>>>> know.
>> I haven't received your reply before. To capture this bug, you have  
>> to
>> disable fastmalloc, and use the internal (trackable) memory allocator
>> replacement of valgrind.
>> Run "build-webkit --system-malloc"
>> This will redirect all allocations to the system malloc.
> In addition to valgrind, try running the test under guard malloc on  
> Mac OS X with system malloc enabled.   See "man libgmalloc":
> <http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/libgmalloc.3.html%23//apple_ref/doc/man/3/libgmalloc 
> >
> Dave

Thanks for the suggestion. I had tried this with guard malloc, and  
although it took something like 10x longer to run my tests, it didn't  
reveal anything more interesting. In the end, I ran out of time to  
truly solve the problem, and instead isolated the WebKit portion into  
a separate process. That way it can crash all it likes without  
affecting the host application which had a 100% uptime requirement.  
Ironically, it now never crashes at all because I run it once, do what  
needs to be done, and kill the child process. The bug only ever  
crashed on multiple executions.


CONFIDENTIALITY NOTICE: This email (and any related attachments) contains information from InfoPlus (a service of Bristol Capital, Inc.).  It is intended only for the addressee and may contain information that is confidential and/or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or are acting as agent for the intended recipient, any use or disclosure of this communication is prohibited. If you have received this communication in error, please notify me immediately to arrange for the appropriate method of returning or disposing of the communication. If our respective Companies have confidentiality provisions in effect, this email and the materials contained herein are deemed CONFIDENTIAL and should be treated accordingly unless expressly provided otherwise.

More information about the webkit-dev mailing list