| Index: Source/platform/heap/Heap.h
|
| diff --git a/Source/platform/heap/Heap.h b/Source/platform/heap/Heap.h
|
| index 597bda7dd5795cb58095375bc93c72672d287e45..465f39248a80f0e81b5115321481cd307cc9d771 100644
|
| --- a/Source/platform/heap/Heap.h
|
| +++ b/Source/platform/heap/Heap.h
|
| @@ -67,23 +67,22 @@ const size_t maxHeapObjectSizeLog2 = 27;
|
| const size_t maxHeapObjectSize = 1 << maxHeapObjectSizeLog2;
|
| const size_t largeObjectSizeThreshold = blinkPageSize / 2;
|
|
|
| -const uint8_t freelistZapValue = 42;
|
| -const uint8_t finalizedZapValue = 24;
|
| +// A zap value used for freed memory that is allowed to be added to the free
|
| +// list in the next addToFreeList().
|
| +const uint8_t reuseAllowedZapValue = 0x2a;
|
| +// A zap value used for freed memory that is forbidden to be added to the free
|
| +// list in the next addToFreeList().
|
| +const uint8_t reuseForbiddenZapValue = 0x2c;
|
| // The orphaned zap value must be zero in the lowest bits to allow for using
|
| // the mark bit when tracing.
|
| const uint8_t orphanedZapValue = 240;
|
| -// A zap value for vtables should be < 4K to ensure it cannot be
|
| -// used for dispatch.
|
| -static const intptr_t zappedVTable = 0xd0d;
|
| -
|
| -#if defined(ADDRESS_SANITIZER)
|
| -const size_t asanMagic = 0xabefeed0;
|
| -const size_t asanDeferMemoryReuseCount = 2;
|
| -const size_t asanDeferMemoryReuseMask = 0x3;
|
| -#endif
|
|
|
| +// In non-production builds, memory is zapped when it's freed. The zapped
|
| +// memory is zeroed out when the memory is reused in Heap::allocateObject().
|
| +// In production builds, memory is not zapped (for performance). The memory
|
| +// is just zeroed out when it is added to the free list.
|
| #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER)
|
| -#define FILL_ZERO_IF_PRODUCTION(address, size) do { } while (false)
|
| +#define FILL_ZERO_IF_PRODUCTION(address, size) FreeList::zapFreedMemory(address, size)
|
| #define FILL_ZERO_IF_NOT_PRODUCTION(address, size) memset((address), 0, (size))
|
| #else
|
| #define FILL_ZERO_IF_PRODUCTION(address, size) memset((address), 0, (size))
|
| @@ -251,11 +250,7 @@ public:
|
| : HeapObjectHeader(size, gcInfoIndexForFreeListHeader)
|
| , m_next(nullptr)
|
| {
|
| -#if ENABLE(ASSERT) && !defined(ADDRESS_SANITIZER)
|
| - // Zap free area with asterisks, aka 0x2a2a2a2a.
|
| - // For ASan don't zap since we keep accounting in the freelist entry.
|
| - for (size_t i = sizeof(*this); i < size; ++i)
|
| - reinterpret_cast<Address>(this)[i] = freelistZapValue;
|
| +#if ENABLE(ASSERT)
|
| ASSERT(size >= sizeof(HeapObjectHeader));
|
| zapMagic();
|
| #endif
|
| @@ -287,27 +282,8 @@ public:
|
| m_next = next;
|
| }
|
|
|
| -#if defined(ADDRESS_SANITIZER)
|
| - NO_SANITIZE_ADDRESS
|
| - bool shouldAddToFreeList()
|
| - {
|
| - // Init if not already magic.
|
| - if ((m_asanMagic & ~asanDeferMemoryReuseMask) != asanMagic) {
|
| - m_asanMagic = asanMagic | asanDeferMemoryReuseCount;
|
| - return false;
|
| - }
|
| - // Decrement if count part of asanMagic > 0.
|
| - if (m_asanMagic & asanDeferMemoryReuseMask)
|
| - m_asanMagic--;
|
| - return !(m_asanMagic & asanDeferMemoryReuseMask);
|
| - }
|
| -#endif
|
| -
|
| private:
|
| FreeListEntry* m_next;
|
| -#if defined(ADDRESS_SANITIZER)
|
| - unsigned m_asanMagic;
|
| -#endif
|
| };
|
|
|
| // Blink heap pages are set up with a guard page before and after the payload.
|
| @@ -670,6 +646,10 @@ public:
|
| void getFreeSizeStats(PerBucketFreeListStats bucketStats[], size_t& totalSize) const;
|
| #endif
|
|
|
| +#if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER)
|
| + static void zapFreedMemory(Address, size_t);
|
| +#endif
|
| +
|
| private:
|
| int m_biggestFreeListIndex;
|
|
|
|
|
Chromium Code Reviews
Issue 1176003002:
Oilpan: Defer reusing freed memory for one GC cycle (Closed)
Base URL: svn://svn.chromium.org/blink/trunk