third_party/tcmalloc/chromium/src/free_list.cc - Issue 10944024: Mask freelist entries in tcmalloc

Side by Side Diff: third_party/tcmalloc/chromium/src/free_list.cc

Issue 10944024: Mask freelist entries in tcmalloc (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011, Google Inc.	1 // Copyright (c) 2011, Google Inc.

2 // All rights reserved.	2 // All rights reserved.

3 //	3 //

4 // Redistribution and use in source and binary forms, with or without	4 // Redistribution and use in source and binary forms, with or without

5 // modification, are permitted provided that the following conditions are	5 // modification, are permitted provided that the following conditions are

6 // met:	6 // met:

7 //	7 //

8 // * Redistributions of source code must retain the above copyright	8 // * Redistributions of source code must retain the above copyright

9 // notice, this list of conditions and the following disclaimer.	9 // notice, this list of conditions and the following disclaimer.

10 // * Redistributions in binary form must reproduce the above	10 // * Redistributions in binary form must reproduce the above

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
52 // -In singly linked lists, the \|next\| pointer is stored in the first N	52 // -In singly linked lists, the \|next\| pointer is stored in the first N

53 // bytes of the node.	53 // bytes of the node.

54 //	54 //

55 // For both types of lists: when a pop operation is performed on a non	55 // For both types of lists: when a pop operation is performed on a non

56 // empty list, the new list head becomes that which is pointed to by	56 // empty list, the new list head becomes that which is pointed to by

57 // the former head's \|next\| pointer. If the list is doubly linked, the	57 // the former head's \|next\| pointer. If the list is doubly linked, the

58 // new head \|previous\| pointer gets changed from pointing to the former	58 // new head \|previous\| pointer gets changed from pointing to the former

59 // head to NULL.	59 // head to NULL.

60	60

61	61

	62 #include <limits>

62 #include <stddef.h>	63 #include <stddef.h>

63 #include "free_list.h"	64 #include "free_list.h"

	65 #include "system-alloc.h"

64	66

65 #if defined(TCMALLOC_USE_DOUBLYLINKED_FREELIST)	67 #if defined(TCMALLOC_USE_DOUBLYLINKED_FREELIST)

66	68

67 using tcmalloc::kCrash;	69 using tcmalloc::kCrash;

68	70

69 // TODO(jar): We should use C++ rather than a macro here.	71 // TODO(jar): We should use C++ rather than a macro here.

70 #define MEMORY_CHECK(v1, v2) \	72 #define MEMORY_CHECK(v1, v2) \

71 if (v1 != v2) Log(kCrash, __FILE__, __LINE__, "Memory corruption detected.")	73 if (v1 != v2) Log(kCrash, __FILE__, __LINE__, "Memory corruption detected.")

72	74

73 namespace {	75 namespace {

74 void EnsureNonLoop(void* node, void* next) {	76 void EnsureNonLoop(void* node, void* next) {

75 // We only have time to do minimal checking. We don't traverse the list, but	77 // We only have time to do minimal checking. We don't traverse the list, but

76 // only look for an immediate loop (cycle back to ourself).	78 // only look for an immediate loop (cycle back to ourself).

77 if (node != next) return;	79 if (node != next) return;

78 Log(kCrash, __FILE__, __LINE__, "Circular loop in list detected: ", next);	80 Log(kCrash, __FILE__, __LINE__, "Circular loop in list detected: ", next);

79 }	81 }

80	82

	83 inline void* MaskPtr(void* p) {

	84 // Maximize ASLR entropy and guarantee the result is an invalid address.

	85 const uintptr_t q = ~(reinterpret_cast<intptr_t>(TCMalloc_SystemAlloc) >> 13);

	86 // Do not mask NULL pointers, otherwise we could leak address state.

	87 const uintptr_t mask = static_cast<intptr_t>(!p) - 1;
	jar (doing other things) 2012/09/20 17:13:57 Why play these fancy math games? Why not: if (!p) Why play these fancy math games? Why not: if (!p) return p; jschuh 2012/09/20 17:26:14 Because I thought you'd be displeased with me for Show quoted text On 2012/09/20 17:13:57, jar wrote: > Why play these fancy math games? Why not: > > if (!p) > return p; Because I thought you'd be displeased with me for adding a branch. But I'm happy to assume the compiler will do the cleverness instead. jar (doing other things) 2012/09/20 17:33:30 I would never be displeased with you ;-). IF you Show quoted text On 2012/09/20 17:26:14, Justin Schuh wrote: > On 2012/09/20 17:13:57, jar wrote: > > Why play these fancy math games? Why not: > > > > if (!p) > > return p; > > Because I thought you'd be displeased with me for adding a branch. But I'm happy > to assume the compiler will do the cleverness instead. I would never be displeased with you ;-). IF you want to play compiler optimizer, you could hope that we don't hit the end of the lists that often, and optimized for the "fast" case of XOR: if (p) return ... ^ p; return p; I think the compiler optimizes for the if-true case... but I suspect this will not break us (or be any where near measurable, compared with the forward-back pointer stuff we've already landed).
	88 return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ (mask & q));

	89 }

	90

	91 inline void* UnmaskPtr(void* p) {

	92 return MaskPtr(p);

	93 }

	94

81 // Returns value of the \|previous\| pointer w/out running a sanity	95 // Returns value of the \|previous\| pointer w/out running a sanity

82 // check.	96 // check.

83 inline void FL_Previous_No_Check(void t) {	97 inline void FL_Previous_No_Check(void t) {

84 return reinterpret_cast<void**>(t)[1];	98 return UnmaskPtr(reinterpret_cast<void**>(t)[1]);

85 }	99 }

86	100

87 // Returns value of the \|next\| pointer w/out running a sanity check.	101 // Returns value of the \|next\| pointer w/out running a sanity check.

88 inline void FL_Next_No_Check(void t) {	102 inline void FL_Next_No_Check(void t) {

89 return reinterpret_cast<void**>(t)[0];	103 return UnmaskPtr(reinterpret_cast<void**>(t)[0]);

90 }	104 }

91	105

92 void FL_Previous(void t) {	106 void FL_Previous(void t) {

93 void *previous = FL_Previous_No_Check(t);	107 void *previous = FL_Previous_No_Check(t);

94 if (previous) {	108 if (previous) {

95 MEMORY_CHECK(FL_Next_No_Check(previous), t);	109 MEMORY_CHECK(FL_Next_No_Check(previous), t);

96 }	110 }

97 return previous;	111 return previous;

98 }	112 }

99	113

100 inline void FL_SetPrevious(void t, void n) {	114 inline void FL_SetPrevious(void t, void n) {

101 EnsureNonLoop(t, n);	115 EnsureNonLoop(t, n);

102 reinterpret_cast<void**>(t)[1] = n;	116 reinterpret_cast<void**>(t)[1] = MaskPtr(n);

103 }	117 }

104	118

105 inline void FL_SetNext(void t, void n) {	119 inline void FL_SetNext(void t, void n) {

106 EnsureNonLoop(t, n);	120 EnsureNonLoop(t, n);

107 reinterpret_cast<void**>(t)[0] = n;	121 reinterpret_cast<void**>(t)[0] = MaskPtr(n);

108 }	122 }

109	123

110 } // namespace	124 } // namespace

111	125

112 namespace tcmalloc {	126 namespace tcmalloc {

113	127

114 void FL_Next(void t) {	128 void FL_Next(void t) {

115 void *next = FL_Next_No_Check(t);	129 void *next = FL_Next_No_Check(t);

116 if (next) {	130 if (next) {

117 MEMORY_CHECK(FL_Previous_No_Check(next), t);	131 MEMORY_CHECK(FL_Previous_No_Check(next), t);

(...skipping 104 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
222	236

223 namespace {	237 namespace {

224	238

225 inline void FL_SetNext(void t, void n) {	239 inline void FL_SetNext(void t, void n) {

226 tcmalloc::SLL_SetNext(t,n);	240 tcmalloc::SLL_SetNext(t,n);

227 }	241 }

228	242

229 }	243 }

230	244

231 #endif // TCMALLOC_USE_DOUBLYLINKED_FREELIST	245 #endif // TCMALLOC_USE_DOUBLYLINKED_FREELIST

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »