[Webkit-unassigned] [Bug 154091] New: bmalloc: large aligned allocations will put 1 or 2 free object on free list without coalescing with their neighbors

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=154091

            Bug ID: 154091
           Summary: bmalloc: large aligned allocations will put 1 or 2
                    free object on free list without coalescing with their
                    neighbors
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

In the aligned version of Heap::allocateLarge(), gets a free object from the free list that may or may not be aligned to the requested alignment.  That object is large enough to create an aligned object splitting off an unused objected before and/or an unused object after the aligned object we'll return to the caller.  These unused object need to be merged before putting them back into the free list.

There is a similar issue in the unaligned version of Heap::allocateLarge() in that it might get an object from the free list that is larger than needed.  It splits off an unused object and puts in back on the free list without merging.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160210/3f2ab776/attachment.html>