Source/platform/heap/Heap.cpp - Issue 1146393004: Revert of Oilpan: Unpoison orphaned large objects before zapping

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/platform/heap/Heap.cpp

Issue 1146393004: Revert of Oilpan: Unpoison orphaned large objects before zapping (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/platform/heap/Heap.cpp

diff --git a/Source/platform/heap/Heap.cpp b/Source/platform/heap/Heap.cpp

index 9ab3149667b4110977e8d91b913aecf3f02e7699..3fef547f1660fe8dc9a2fddf735d751d6e8f191d 100644

--- a/Source/platform/heap/Heap.cpp

+++ b/Source/platform/heap/Heap.cpp

@@ -544,7 +544,6 @@

Heap::decreaseAllocatedSpace(page->size());

if (page->terminating()) {

- ASSERT(ThreadState::current()->isTerminating());

// The thread is shutting down and this page is being removed as a part

// of the thread local GC. In that case the object could be traced in

// the next global GC if there is a dangling pointer from a live thread

@@ -554,9 +553,7 @@

// crashes instead of causing use-after-frees. After the next global

// GC, the orphaned pages are removed.

Heap::orphanedPagePool()->addOrphanedPage(heapIndex(), page);

- ASSERT(!page->terminating());

} else {

- ASSERT(!ThreadState::current()->isTerminating());

PageMemory* memory = page->storage();

page->~NormalPage();

Heap::freePagePool()->addFreePage(heapIndex(), memory);

@@ -929,7 +926,6 @@

// crashes instead of causing use-after-frees. After the next global

// GC, the orphaned pages are removed.

Heap::orphanedPagePool()->addOrphanedPage(heapIndex(), object);

- ASSERT(!object->terminating());

} else {

ASSERT(!ThreadState::current()->isTerminating());

PageMemory* memory = object->storage();

@@ -1316,24 +1312,16 @@

markPointer(visitor, header);

}

-static void zapOrphanedPage(void* payload, size_t payloadSize)

-#if defined(ADDRESS_SANITIZER)

- // Unpoison memory before memset.

- ASAN_UNPOISON_MEMORY_REGION(payload(), payloadSize());

-#endif

+void NormalPage::markOrphaned()

// Zap the payload with a recognizable value to detect any incorrect

// cross thread pointer usage.

- memset(payload, orphanedZapValue, payloadSize);

#if defined(ADDRESS_SANITIZER)

- // Poison the memory again.

+ // This needs to zap poisoned memory as well.

+ // Force unpoison memory before memset.

ASAN_UNPOISON_MEMORY_REGION(payload(), payloadSize());

#endif

-void NormalPage::markOrphaned()

- zapOrphanedPage(payload(), payloadSize());

+ memset(payload(), orphanedZapValue, payloadSize());

BasePage::markOrphaned();

}

@@ -1497,7 +1485,9 @@

void LargeObjectPage::markOrphaned()

{

- zapOrphanedPage(payload(), payloadSize());

+ // Zap the payload with a recognizable value to detect any incorrect

+ // cross thread pointer usage.

+ memset(payload(), orphanedZapValue, payloadSize());

BasePage::markOrphaned();

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »