Commit 646165c0 authored by barraclough@apple.com's avatar barraclough@apple.com

https://bugs.webkit.org/show_bug.cgi?id=53352

Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().

Reviewed by Geoff Garen.

The FixedVMPoolAllocator currently uses a best fix policy -
switch to first fit, this is less prone to external fragmentation.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::AllocationTableSizeClass::AllocationTableSizeClass):
(JSC::AllocationTableSizeClass::blockSize):
(JSC::AllocationTableSizeClass::blockCount):
(JSC::AllocationTableSizeClass::blockAlignment):
(JSC::AllocationTableSizeClass::size):
(JSC::AllocationTableLeaf::AllocationTableLeaf):
(JSC::AllocationTableLeaf::~AllocationTableLeaf):
(JSC::AllocationTableLeaf::allocate):
(JSC::AllocationTableLeaf::free):
(JSC::AllocationTableLeaf::isEmpty):
(JSC::AllocationTableLeaf::isFull):
(JSC::AllocationTableLeaf::size):
(JSC::AllocationTableLeaf::classForSize):
(JSC::AllocationTableLeaf::dump):
(JSC::LazyAllocationTable::LazyAllocationTable):
(JSC::LazyAllocationTable::~LazyAllocationTable):
(JSC::LazyAllocationTable::allocate):
(JSC::LazyAllocationTable::free):
(JSC::LazyAllocationTable::isEmpty):
(JSC::LazyAllocationTable::isFull):
(JSC::LazyAllocationTable::size):
(JSC::LazyAllocationTable::dump):
(JSC::LazyAllocationTable::classForSize):
(JSC::AllocationTableDirectory::AllocationTableDirectory):
(JSC::AllocationTableDirectory::~AllocationTableDirectory):
(JSC::AllocationTableDirectory::allocate):
(JSC::AllocationTableDirectory::free):
(JSC::AllocationTableDirectory::isEmpty):
(JSC::AllocationTableDirectory::isFull):
(JSC::AllocationTableDirectory::size):
(JSC::AllocationTableDirectory::classForSize):
(JSC::AllocationTableDirectory::dump):
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
(JSC::FixedVMPoolAllocator::alloc):
(JSC::FixedVMPoolAllocator::free):
(JSC::FixedVMPoolAllocator::allocated):
(JSC::FixedVMPoolAllocator::isValid):
(JSC::FixedVMPoolAllocator::classForSize):
(JSC::FixedVMPoolAllocator::offsetToPointer):
(JSC::FixedVMPoolAllocator::pointerToOffset):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutablePool::systemAlloc):
(JSC::ExecutablePool::systemRelease):
* wtf/PageReservation.h:
(WTF::PageReservation::PageReservation):
(WTF::PageReservation::commit):
(WTF::PageReservation::decommit):
(WTF::PageReservation::committed):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 07c23a63
2011-01-31 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=53352
Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
The FixedVMPoolAllocator currently uses a best fix policy -
switch to first fit, this is less prone to external fragmentation.
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::AllocationTableSizeClass::AllocationTableSizeClass):
(JSC::AllocationTableSizeClass::blockSize):
(JSC::AllocationTableSizeClass::blockCount):
(JSC::AllocationTableSizeClass::blockAlignment):
(JSC::AllocationTableSizeClass::size):
(JSC::AllocationTableLeaf::AllocationTableLeaf):
(JSC::AllocationTableLeaf::~AllocationTableLeaf):
(JSC::AllocationTableLeaf::allocate):
(JSC::AllocationTableLeaf::free):
(JSC::AllocationTableLeaf::isEmpty):
(JSC::AllocationTableLeaf::isFull):
(JSC::AllocationTableLeaf::size):
(JSC::AllocationTableLeaf::classForSize):
(JSC::AllocationTableLeaf::dump):
(JSC::LazyAllocationTable::LazyAllocationTable):
(JSC::LazyAllocationTable::~LazyAllocationTable):
(JSC::LazyAllocationTable::allocate):
(JSC::LazyAllocationTable::free):
(JSC::LazyAllocationTable::isEmpty):
(JSC::LazyAllocationTable::isFull):
(JSC::LazyAllocationTable::size):
(JSC::LazyAllocationTable::dump):
(JSC::LazyAllocationTable::classForSize):
(JSC::AllocationTableDirectory::AllocationTableDirectory):
(JSC::AllocationTableDirectory::~AllocationTableDirectory):
(JSC::AllocationTableDirectory::allocate):
(JSC::AllocationTableDirectory::free):
(JSC::AllocationTableDirectory::isEmpty):
(JSC::AllocationTableDirectory::isFull):
(JSC::AllocationTableDirectory::size):
(JSC::AllocationTableDirectory::classForSize):
(JSC::AllocationTableDirectory::dump):
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
(JSC::FixedVMPoolAllocator::alloc):
(JSC::FixedVMPoolAllocator::free):
(JSC::FixedVMPoolAllocator::allocated):
(JSC::FixedVMPoolAllocator::isValid):
(JSC::FixedVMPoolAllocator::classForSize):
(JSC::FixedVMPoolAllocator::offsetToPointer):
(JSC::FixedVMPoolAllocator::pointerToOffset):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutablePool::systemAlloc):
(JSC::ExecutablePool::systemRelease):
* wtf/PageReservation.h:
(WTF::PageReservation::PageReservation):
(WTF::PageReservation::commit):
(WTF::PageReservation::decommit):
(WTF::PageReservation::committed):
2011-01-31 Sheriff Bot <webkit.review.bot@gmail.com> 2011-01-31 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r76969. Unreviewed, rolling out r76969.
......
...@@ -57,11 +57,9 @@ namespace WTF { ...@@ -57,11 +57,9 @@ namespace WTF {
class PageReservation : private PageBlock { class PageReservation : private PageBlock {
public: public:
PageReservation() PageReservation()
: m_writable(false) : m_committed(0)
, m_writable(false)
, m_executable(false) , m_executable(false)
#ifndef NDEBUG
, m_committed(0)
#endif
{ {
} }
...@@ -83,9 +81,7 @@ public: ...@@ -83,9 +81,7 @@ public:
ASSERT(isPageAligned(size)); ASSERT(isPageAligned(size));
ASSERT(contains(start, size)); ASSERT(contains(start, size));
#ifndef NDEBUG
m_committed += size; m_committed += size;
#endif
OSAllocator::commit(start, size, m_writable, m_executable); OSAllocator::commit(start, size, m_writable, m_executable);
} }
...@@ -96,12 +92,15 @@ public: ...@@ -96,12 +92,15 @@ public:
ASSERT(isPageAligned(size)); ASSERT(isPageAligned(size));
ASSERT(contains(start, size)); ASSERT(contains(start, size));
#ifndef NDEBUG
m_committed -= size; m_committed -= size;
#endif
OSAllocator::decommit(start, size); OSAllocator::decommit(start, size);
} }
size_t committed()
{
return m_committed;
}
static PageReservation reserve(size_t size, OSAllocator::Usage usage = OSAllocator::UnknownUsage, bool writable = true, bool executable = false) static PageReservation reserve(size_t size, OSAllocator::Usage usage = OSAllocator::UnknownUsage, bool writable = true, bool executable = false)
{ {
ASSERT(isPageAligned(size)); ASSERT(isPageAligned(size));
...@@ -126,19 +125,15 @@ public: ...@@ -126,19 +125,15 @@ public:
private: private:
PageReservation(void* base, size_t size, bool writable, bool executable) PageReservation(void* base, size_t size, bool writable, bool executable)
: PageBlock(base, size) : PageBlock(base, size)
, m_committed(0)
, m_writable(writable) , m_writable(writable)
, m_executable(executable) , m_executable(executable)
#ifndef NDEBUG
, m_committed(0)
#endif
{ {
} }
size_t m_committed;
bool m_writable; bool m_writable;
bool m_executable; bool m_executable;
#ifndef NDEBUG
size_t m_committed;
#endif
}; };
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment