[Webkit-unassigned] [Bug 91354] Machine stack marker should not gather values already piled up on the stack before JSC working

Mon Aug 13 23:27:27 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=91354

--- Comment #5 from SangGyu Lee <sg5.lee at samsung.com>  2012-08-13 23:27:56 PST ---
It actually happens on our linux device.

Here are the specific information.

If we run V8 benchmark (http://v8.googlecode.com/svn/data/benchmarks/v7/run.html) 
and Dromaeo DOM (http://dromaeo.com/?dom) in turns repeatedly, in 4 iterations, we always find OOM.

After investigation, we found that pinned blocks are continually increased. it is pinned by MachineStackMarker.

In MachineThreads::gatherFromCurrentThread(), [stackBegin, stackEnd] is [0xbe8833c4, 0xbe884000].

Here are logs in scanning stack range.

StackBegin ---> genericAddSpan: [0xbe8833d4] = 0xfffffffb
                genericAddSpan: [0xbe8833d8] = 0xbe8834b0
                genericAddSpan: [0xbe8833dc] = 0x44e0c478
                genericAddSpan: [0xbe8833e0] = 0x44e0c4f8
                genericAddSpan: [0xbe8833e4] = (nil)

StackPointer                ...
at WebProcess
StartUp*(a)
(0xbe883824)--> genericAddSpan: [0xbe883824] = 0x40093000
                            ...
                genericAddSpan: [0xbe883b40] = 0x53005150, genericAddPointer: 0x53005150 is pinned [ 0] *(b)
                genericAddSpan: [0xbe883bc0] = 0x6f6f723d, genericAddPointer: 0x6f6f723d is pinned [ 1] 
                genericAddSpan: [0xbe883bc4] = 0x554d0074, genericAddPointer: 0x554d0074 is pinned [ 2]
                genericAddSpan: [0xbe883be0] = 0x6e735f6e, genericAddPointer: 0x6e735f6e is pinned [ 3]
                genericAddSpan: [0xbe883c2c] = 0x6d2f746f, genericAddPointer: 0x6d2f746f is pinned [ 4]
                genericAddSpan: [0xbe883c34] = 0x6972706b, genericAddPointer: 0x6972706b is pinned [ 5] 
                genericAddSpan: [0xbe883c70] = 0x653e4955, genericAddPointer: 0x653e4955 is pinned [ 6]
                genericAddSpan: [0xbe883c7c] = 0x7461643a, genericAddPointer: 0x7461643a is pinned [ 7]
                genericAddSpan: [0xbe883c94] = 0x7461643e, genericAddPointer: 0x7461643e is pinned [ 8]
                genericAddSpan: [0xbe883cbc] = 0x52415453, genericAddPointer: 0x52415453 is pinned [ 9]
                genericAddSpan: [0xbe883d1c] = 0x6f6f723d, genericAddPointer: 0x6f6f723d is pinned [10]
                genericAddSpan: [0xbe883d64] = 0x5f00656c, genericAddPointer: 0x5f00656c is pinned [11]
                genericAddSpan: [0xbe883d94] = 0x5750444c, genericAddPointer: 0x5750444c is pinned [12]
                genericAddSpan: [0xbe883dfc] = 0x4f495443, genericAddPointer: 0x4f495443 is pinned [13]
                genericAddSpan: [0xbe883e20] = 0x4f495443, genericAddPointer: 0x4f495443 is pinned [14]
                genericAddSpan: [0xbe883e5c] = 0x555f6e65, genericAddPointer: 0x555f6e65 is pinned [15]
                genericAddSpan: [0xbe883eb0] = 0x52415445, genericAddPointer: 0x52415445 is pinned [16]
                genericAddSpan: [0xbe883f20] = 0x52555341, genericAddPointer: 0x52555341 is pinned [17]
                genericAddSpan: [0xbe883f48] = 0x555f6e65, genericAddPointer: 0x555f6e65 is pinned [18]
                genericAddSpan: [0xbe883f88] = 0x52474d46, genericAddPointer: 0x52474d46 is pinned [19]
                genericAddSpan: [0xbe883f90] = 0x59545f4b, genericAddPointer: 0x59545f4b is pinned [20]
                genericAddSpan: [0xbe883fa0] = 0x52474d46, genericAddPointer: 0x52474d46 is pinned [21]
                           ...
StackEnd   -->
(0xbe884000)

        (a) I showed stack pointer (=0xbe883824) at WebProcess StartUp.
        (b) [ #] means the number of pinned pointer.

In these slots, many slots are not multiple of 4. They seems not to be exact pointers to CopiedBlock's storage.

I think (stackPointerAtWebProcessStartUp, stackEnd) = [0xbe883824, 0xbe884000) cannot contain pointer to JavaScript CopiedBlock. Because it is before constructing and initializing JavaScript Heap and WebProcessMain's main function cannot exit before WebProcess exit.

However current implementation scan these ranges, and like above, some values in these range makes number of pinned object, and finally make OOM.

If I make change to scan only [Stackpointer at WebProcessStartUp, StackBegin]. 
( apply to WebProcess's main thread only, not apply to WebWorker thread ), OOM disappears.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.