Opened 17 months ago
Closed 17 months ago
#18111 closed bug (fixed)
haikuwebkit 1.9.0 crashes on DocumentLoader
| Reported by: | madmax | Owned by: | pulkomandy |
|---|---|---|---|
| Priority: | normal | Milestone: | R1/beta4 |
| Component: | Kits/Web Kit | Version: | R1/beta4 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | #18124 | |
| Platform: | x86 |
Description
Only happens in x86 (self build with the size_t coders patch), both with HaikuLauncher and WebPositive, at app start.
Attachments (1)
Change History (17)
by , 17 months ago
| Attachment: | HaikuLauncher-640-debug.report.txt added |
|---|
comment:1 by , 17 months ago
comment:2 by , 17 months ago
It seems WebKit expects system malloc to align everything on 16 bytes since we don't use FastMalloc.
Can you try modifying src/system/libroot/posix/malloc_hoard/heap.h to set ALIGNMENT = 16 in all cases? (it is already set for x86_64 but not for other architectures).
comment:3 by , 17 months ago
| Milestone: | Unscheduled → R1/beta4 |
|---|
comment:4 by , 17 months ago
I thought the POSIX specification expects alignment merely to 2 * sizeof(void*), so I don't know if we should make that change, it could lead to a lot of wasted memory for small allocations.
This does not appear to be JIT'ed code, so why is there an SSE instruction here without an alignment check? Does WebKit specify this buffer will be properly aligned? Is there inline assembly being used? GCC is very good about using the proper instructions for buffer alignment...
comment:5 by , 17 months ago
Tested anyway and got the same error. I also recompiled haikuwebkit, just in case.
ESI points to the DocumentLoader being created. At 0x760 offset (if that's what that means) we have m_loadTiming, which hosts a bunch of MonotonicTime that wraps a double.
comment:6 by , 17 months ago
I fixed malloc in hrev56613 to use max_align_t properly, however it seems that is usually 8 bytes on 32-bit anyway so it likely won't make any difference here.
Where is the code in question? Are there any extra __attribute__s which might be specifying storage alignment somehow?
comment:7 by , 17 months ago
No attributes, but I would probably only see them if they were right there in my face.
m_loadTiming in DocumentLoader. Its type, DocumentLoadTiming. ResourceLoadTiming (base class of DocumentLoadTiming). MonotonicTime (what the Timing things have) and GenericTimeMixin, which is the one with the double.
comment:8 by , 17 months ago
Some of those have macros hanging off them e.g. WTF_MAKE_FAST_ALLOCATED. I glanced at the source for some of them but I didn't see any attributes.
It seems very strange that the DocumentLoader is only aligned on 8 but somehow GCC expects it to be aligned on 16. I suspect the recent disabling of SSE for libwebp is related here, it seems somehow that GCC is making incorrect assumptions about default alignment. Considering max_align_t comes from GCC's own headers, I don't really have any guesses as to how that might have happened.
It should be possible to write some small test applications to prove this is the problem. GCC's compiler specs may be yet again misconfigured.
It would be interesting to see what clang does here. I think GTK WebKit is now built with Clang because it is faster and uses much less memory...
comment:9 by , 17 months ago
Some of those have macros hanging off them e.g. WTF_MAKE_FAST_ALLOCATED. I glanced at the source for some of them but I didn't see any attributes.
These should do nothing in our case, since we don't enable FastMalloc (which would use bmalloc bundled with WebKit). But it's possible this configuration doesn't get much testing in WebKit.
comment:10 by , 17 months ago
It appears there is a GCC/Clang difference here. It appears GCC's headers have alignof(max_align_t) come out to be 16 even on 32-bit Linux, while on the same setup Clang gives 8 (according to the Compiler Explorer.) That sounds like a problem waiting to happen!
comment:11 by , 17 months ago
When building webkit-gtk for 32bit I have the same problem. (Error in DocumentLoader). Solved it by building webkit without using system allocator (enabled built-in bmalloc allocator). Works very well with only minor modifications.
comment:12 by , 17 months ago
I had tried to use bmalloc in haikuwebkit but it will require annotating several classes in Haiku specific code with WTF_MAKE_FAST_ALLOCATED and other macros to get it working. And I also didn't check the impact in terms of performance and memory use.
comment:13 by , 17 months ago
| Blocking: | 18124 added |
|---|
comment:14 by , 17 months ago
| Status: | new → in-progress |
|---|
Trying to build haikuwebkit on my 32bit machine to investigate this over the weekend
comment:16 by , 17 months ago
| Resolution: | → fixed |
|---|---|
| Status: | in-progress → closed |
Fix merged in hrev56636 +beta4.
There is an alignment problem.
The movapd instruction needs the operand to be aligned to 16 bytes and ESI is not in this report (it is aligned to 8 bytes only).
https://www.felixcloutier.com/x86/movapd
ESI is loaded from the stack:
it corresponds to either a local variable or a parameter passed to the function.