[Webkit-unassigned] [Bug 182923] New: REGRESSION(r227717): Hardcoded page size causing JSC crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 19 03:01:18 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=182923

            Bug ID: 182923
           Summary: REGRESSION(r227717): Hardcoded page size causing JSC
                    crashes
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tpopela at redhat.com
                CC: fpizlo at apple.com

After r227717 the JSC crashes on architectures that do have 64KB page size with:

1   0x7ffff76b4090 WTFCrash
2   0x7ffff776f0e8 WTF::OSAllocator::decommit(void*, unsigned long)
3   0x7ffff6e7493c JSC::IsoAlignedMemoryAllocator::freeAlignedMemory(void*)
4   0x7ffff6ea00a8 JSC::MarkedBlock::Handle::~Handle()
5   0x7ffff6ea3fe8 JSC::MarkedSpace::freeBlock(JSC::MarkedBlock::Handle*)
6   0x7ffff6dfca70
7   0x7ffff6dfe628
8   0x7ffff6dfcb14 JSC::BlockDirectory::shrink()
9   0x7ffff6ea40c0
10  0x7ffff6eac0ac
11  0x7ffff6ea4114 JSC::MarkedSpace::shrink()
12  0x7ffff6e17e48 JSC::Heap::sweepSynchronously()
13  0x7ffff6e181bc JSC::Heap::collectNow(JSC::Synchronousness, JSC::GCRequest)
14  0x1004d184
15  0x7ffff704cfe0 JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)
16  0x7ffff705e29c vmEntryToJavaScript
17  0x7ffff702c720 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
18  0x7ffff7007170 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
19  0x7ffff729b8a8 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20  0x1005bb68
21  0x1005d0b8
22  0x1005e5a0
23  0x1005d1a8 jscmain(int, char**)
24  0x1005a3c4 main
25  0x7ffff3685b90
26  0x7ffff3685db8 __libc_start_main

It's because of

    static constexpr size_t blockSize = 16 * KB;

in MarkedBlock.cpp. Ideally the code should use pageSize() from wtf/PageBlock.h. But the code will need to be changed as the current way (static variable) won't work. And I don't know what sollution the JSC devs will prefer. Also I see that it was hardcoded even before, but the code was not crashing (at least in our PPC64(LE) CI).

Filip (or other JSC devs) can you please look at this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180219/d7b3cff6/attachment.html>


More information about the webkit-unassigned mailing list