Merged third_party/tcmalloc/vendor/src(google-perftools r87) into...

third_party/tcmalloc/chromium/src/debugallocation.cc

 // Copyright (c) 2000, Google Inc.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
@@ skipping 134 matching lines @@
 
 // Define the malloc/free/mallopt/mallinfo implementations
 // we will be working on top of.
 // TODO(csilvers): provide debugallocation on top of libc alloc,
 //                 so this #ifdef might sometimes be false.
 #ifdef TCMALLOC_FOR_DEBUGALLOCATION
 
 // The do_* functions are defined in tcmalloc.cc,
 // which is included before this file
 // when TCMALLOC_FOR_DEBUGALLOCATION is defined.
-#define BASE_MALLOC    do_malloc
-#define BASE_FREE      do_free
-#define BASE_MALLOPT   do_mallopt
-#define BASE_MALLINFO  do_mallinfo
+#define BASE_MALLOC_NEW(size)  cpp_alloc(size, false)
+#define BASE_MALLOC      do_malloc_or_cpp_alloc
+#define BASE_FREE        do_free
+#define BASE_MALLOPT     do_mallopt
+#define BASE_MALLINFO    do_mallinfo
 
 #else
 
 // We are working on top of standard libc's malloc library
-#define BASE_MALLOC    __libc_malloc
-#define BASE_FREE      __libc_free
-#define BASE_MALLOPT   __libc_mallopt
-#define BASE_MALLINFO  __libc_mallinfo
+#define BASE_MALLOC_NEW  __libc_malloc
+#define BASE_MALLOC      __libc_malloc
+#define BASE_FREE        __libc_free
+#define BASE_MALLOPT     __libc_mallopt
+#define BASE_MALLINFO    __libc_mallinfo
 
 #endif
 
 // ========================================================================= //
 
 class MallocBlock;
 
 // A circular buffer to hold freed blocks of memory.  MallocBlock::Deallocate
 // (below) pushes blocks into this queue instead of returning them to the
 // underlying allocator immediately.  See MallocBlock::Deallocate for more
@@ skipping 340 matching lines @@
         // is no point in propagating the error elsewhere.
         RAW_LOG(FATAL, "Out of memory: possibly due to page fence overhead: %s",
                 strerror(errno));
       }
       // Mark the page after the block inaccessible
       if (mprotect(p + (num_pages - 1) * pagesize, pagesize, PROT_NONE)) {
         RAW_LOG(FATAL, "Guard page setup failed: %s", strerror(errno));
       }
       b = (MallocBlock*) (p + (num_pages - 1) * pagesize - sz);
     } else {
-      b = (MallocBlock*) BASE_MALLOC(real_malloced_size(size));
+      b = (MallocBlock*) (type == kMallocType ?
+                          BASE_MALLOC(real_malloced_size(size)) :
+                          BASE_MALLOC_NEW(real_malloced_size(size)));
     }
 #else
-    b = (MallocBlock*) BASE_MALLOC(real_malloced_size(size));
+    b = (MallocBlock*) (type == kMallocType ?
+                        BASE_MALLOC(real_malloced_size(size)) :
+                        BASE_MALLOC_NEW(real_malloced_size(size)));
 #endif
 
     // It would be nice to output a diagnostic on allocation failure
     // here, but logging (other than FATAL) requires allocating
     // memory, which could trigger a nasty recursion. Instead, preserve
     // malloc semantics and return NULL on failure.
     if (b != NULL) {
       b->magic1_ = use_malloc_page_fence ? kMagicMMap : kMagicMalloc;
       b->Initialize(size, type);
     }
@@ skipping 108 matching lines @@
       RAW_LOG(ERROR, "Buffer too large to print corruption.");
     }
 
     const MallocBlock* b = queue_entry.block;
     const size_t size = queue_entry.size;
     if (queue_entry.num_deleter_pcs > 0) {
       TracePrintf(STDERR_FILENO, "Deleted by thread %p\n",
                   reinterpret_cast<void*>(
                       PRINTABLE_PTHREAD(queue_entry.deleter_threadid)));
 
-      SymbolMap symbolization_table;
+      SymbolTable symbolization_table;
       const int num_symbols = queue_entry.num_deleter_pcs;  // short alias name
       for (int i = 0; i < num_symbols; i++) {
         // Symbolizes the previous address of pc because pc may be in the
         // next function.  This may happen when the function ends with
         // a call to a function annotated noreturn (e.g. CHECK).
-        uintptr_t pc =
-            reinterpret_cast<uintptr_t>(queue_entry.deleter_pcs[i]) - 1;
-        symbolization_table[pc] = "";
+        char* pc =
+            reinterpret_cast<char*>(queue_entry.deleter_pcs[i]) - 1;
+        symbolization_table.Add(pc);
       }
-      int sym_buffer_len = kSymbolSize * num_symbols;
-      char *sym_buffer = new char[sym_buffer_len];
       if (FLAGS_symbolize_stacktrace)
-        Symbolize(sym_buffer, sym_buffer_len, &symbolization_table);
+        symbolization_table.Symbolize();
       for (int i = 0; i < num_symbols; i++) {
-        uintptr_t pc =
-            reinterpret_cast<uintptr_t>(queue_entry.deleter_pcs[i]) - 1;
-        TracePrintf(STDERR_FILENO, "    @ %p %s\n",
-                    pc, symbolization_table[pc]);
+        char *pc =
+            reinterpret_cast<char*>(queue_entry.deleter_pcs[i]) - 1;
+        TracePrintf(STDERR_FILENO, "    @ %"PRIxPTR" %s\n",
+                    reinterpret_cast<uintptr_t>(pc),
+                    symbolization_table.GetSymbol(pc));
       }
     } else {
       RAW_LOG(ERROR,
               "Skipping the printing of the deleter's stack!  Its stack was "
               "not found; either the corruption occurred too early in "
               "execution to obtain a stack trace or --max_free_queue_size was "
               "set to 0.");
     }
 
     RAW_LOG(FATAL,
             "Memory was written to after being freed.  MallocBlock: %p, user "
             "ptr: %p, size: %zd.  If you can't find the source of the error, "
             "try using valgrind or purify, or study the output of the "
             "deleter's stack printed above.", b, b->data_addr(), size);
   }
 
   static MallocBlock* FromRawPointer(void* p) {
     const size_t data_offset = MallocBlock::data_offset();
     // Find the header just before client's memory.
     MallocBlock *mb = reinterpret_cast<MallocBlock *>(
                 reinterpret_cast<char *>(p) - data_offset);
+    // If mb->alloc_type_ is kMagicDeletedInt, we're not an ok pointer.
+    if (mb->alloc_type_ == kMagicDeletedInt) {
+      RAW_LOG(FATAL, "memory allocation bug: object at %p has been already"
+                     " deallocated; or else a word before the object has been"
+                     " corrupted (memory stomping bug)", p);
+    }
     // If mb->offset_ is zero (common case), mb is the real header.  If
     // mb->offset_ is non-zero, this block was allocated by memalign, and
     // mb->offset_ is the distance backwards to the real header from mb,
     // which is a fake header.  The following subtraction works for both zero
     // and non-zero values.
     return reinterpret_cast<MallocBlock *>(
                 reinterpret_cast<char *>(mb) - mb->offset_);
   }
   static const MallocBlock* FromRawPointer(const void* p) {
     // const-safe version: we just cast about
@@ skipping 673 matching lines @@
   void  __libc_cfree(void* ptr)                 { cfree(ptr);                }
   void* __libc_memalign(size_t align, size_t s) { return memalign(align, s); }
   void* __libc_valloc(size_t size)              { return valloc(size);       }
   void* __libc_pvalloc(size_t size)             { return pvalloc(size);      }
   int __posix_memalign(void** r, size_t a, size_t s) {
     return posix_memalign(r, a, s);
   }
 }
 
 #endif  // #ifdef TCMALLOC_FOR_DEBUGALLOCATION