[Webkit-unassigned] [Bug 103027] New: [Chromium] fastMalloc has an extra branch on Windows

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 21 23:37:41 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=103027

           Summary: [Chromium] fastMalloc has an extra branch on Windows
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Template Framework
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: abarth at webkit.org
                CC: eric at webkit.org, tony at chromium.org,
                    thakis at chromium.org, jamesr at chromium.org


On Windows, we route WebKit allocations through the USE(SYSTEM_ALLOCATOR) path in FastMalloc.cpp.  That code path checks whether malloc() returns 0 in order to crash when we run out of memory.  However, the crash stacks we get when we really run out of memory on Windows look like the following:

0x5e3a9d97     [chrome.dll]     - process_util_win.cc:109]    base::`anonymous namespace'::OnNoMemory()
0x5de8165f     [chrome.dll]     - allocator_shim.cc:135]    malloc
0x5dec8c18     [chrome.dll]     - fastmalloc.cpp:268]    WTF::fastMalloc(unsigned int)
0x5e0ebff3     [chrome.dll]     - vector.h:903]    WTF::Vector<char,0>::reserveCapacity(unsigned int)
0x5e0ebfc7     [chrome.dll]     - vector.h:820]    WTF::Vector<char,0>::expandCapacity(unsigned int)
0x5e271993     [chrome.dll]     - sharedbuffer.cpp:224]    WebCore::SharedBuffer::buffer()
0x5e85df0d     [chrome.dll]     - cachedrawresource.cpp:53]    WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::SharedBuffer>,bool)
0x5e26cf82     [chrome.dll]     - subresourceloader.cpp:253]    WebCore::SubresourceLoader::sendDataToResource(char const *,int)
0x5e26cba8     [chrome.dll]     - subresourceloader.cpp:227]    WebCore::SubresourceLoader::didReceiveData(char const *,int,__int64,bool)

(See, for example, <https://code.google.com/p/chromium/issues/detail?id=138506>.)

Notice that we actually crash inside malloc rather than in FastMalloc.cpp.  That means that the branch for malloc() returning zero is not needed.  We should remove it so that WebKit can go fast.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list