Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tcmalloc/chromium/src/thread_cache.h

Issue 9528002: Try adding memory corruption check in ThreadCache::Deallocate. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Fix the memory corruption check. Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/tcmalloc/chromium/src/free_list.cc ('K') | « third_party/tcmalloc/chromium/src/free_list.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2008, Google Inc. 1 // Copyright (c) 2008, Google Inc.
2 // All rights reserved. 2 // All rights reserved.
3 // 3 //
4 // Redistribution and use in source and binary forms, with or without 4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are 5 // modification, are permitted provided that the following conditions are
6 // met: 6 // met:
7 // 7 //
8 // * Redistributions of source code must retain the above copyright 8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer. 9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above 10 // * Redistributions in binary form must reproduce the above
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after
207 length_++; 207 length_++;
208 } 208 }
209 209
210 void* Pop() { 210 void* Pop() {
211 ASSERT(list_ != NULL); 211 ASSERT(list_ != NULL);
212 length_--; 212 length_--;
213 if (length_ < lowater_) lowater_ = length_; 213 if (length_ < lowater_) lowater_ = length_;
214 return FL_Pop(&list_); 214 return FL_Pop(&list_);
215 } 215 }
216 216
217 void* Next() {
218 if (list_ == NULL)
219 return NULL;
220 return FL_Next(list_);
221 }
222
217 void PushRange(int N, void *start, void *end) { 223 void PushRange(int N, void *start, void *end) {
218 FL_PushRange(&list_, start, end); 224 FL_PushRange(&list_, start, end);
219 length_ += N; 225 length_ += N;
220 } 226 }
221 227
222 void PopRange(int N, void **start, void **end) { 228 void PopRange(int N, void **start, void **end) {
223 FL_PopRange(&list_, N, start, end); 229 FL_PopRange(&list_, N, start, end);
224 ASSERT(length_ >= N); 230 ASSERT(length_ >= N);
225 length_ -= N; 231 length_ -= N;
226 if (length_ < lowater_) lowater_ = length_; 232 if (length_ < lowater_) lowater_ = length_;
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
359 return FetchFromCentralCache(cl, size); 365 return FetchFromCentralCache(cl, size);
360 } 366 }
361 size_ -= size; 367 size_ -= size;
362 return list->Pop(); 368 return list->Pop();
363 } 369 }
364 370
365 inline void ThreadCache::Deallocate(void* ptr, size_t cl) { 371 inline void ThreadCache::Deallocate(void* ptr, size_t cl) {
366 FreeList* list = &list_[cl]; 372 FreeList* list = &list_[cl];
367 size_ += Static::sizemap()->ByteSizeForClass(cl); 373 size_ += Static::sizemap()->ByteSizeForClass(cl);
368 ssize_t size_headroom = max_size_ - size_ - 1; 374 ssize_t size_headroom = max_size_ - size_ - 1;
375
376 // This catches back-to-back frees of allocs in the same size
377 // class. A more comprehensive (and expensive) test would be to walk
378 // the entire freelist. But this might be enough to find some bugs.
379 ASSERT(ptr != list->Next());
380
369 list->Push(ptr); 381 list->Push(ptr);
370 ssize_t list_headroom = 382 ssize_t list_headroom =
371 static_cast<ssize_t>(list->max_length()) - list->length(); 383 static_cast<ssize_t>(list->max_length()) - list->length();
372 384
373 // There are two relatively uncommon things that require further work. 385 // There are two relatively uncommon things that require further work.
374 // In the common case we're done, and in that case we need a single branch 386 // In the common case we're done, and in that case we need a single branch
375 // because of the bitwise-or trick that follows. 387 // because of the bitwise-or trick that follows.
376 if ((list_headroom | size_headroom) < 0) { 388 if ((list_headroom | size_headroom) < 0) {
377 if (list_headroom < 0) { 389 if (list_headroom < 0) {
378 ListTooLong(list, cl); 390 ListTooLong(list, cl);
(...skipping 27 matching lines...) Expand all
406 // because we may be in the thread destruction code and may have 418 // because we may be in the thread destruction code and may have
407 // already cleaned up the cache for this thread. 419 // already cleaned up the cache for this thread.
408 inline ThreadCache* ThreadCache::GetCacheIfPresent() { 420 inline ThreadCache* ThreadCache::GetCacheIfPresent() {
409 if (!tsd_inited_) return NULL; 421 if (!tsd_inited_) return NULL;
410 return GetThreadHeap(); 422 return GetThreadHeap();
411 } 423 }
412 424
413 } // namespace tcmalloc 425 } // namespace tcmalloc
414 426
415 #endif // TCMALLOC_THREAD_CACHE_H_ 427 #endif // TCMALLOC_THREAD_CACHE_H_
OLDNEW
« third_party/tcmalloc/chromium/src/free_list.cc ('K') | « third_party/tcmalloc/chromium/src/free_list.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698