| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 // list in the next addToFreeList(). | 71 // list in the next addToFreeList(). |
| 72 const uint8_t reuseAllowedZapValue = 0x2a; | 72 const uint8_t reuseAllowedZapValue = 0x2a; |
| 73 // A zap value used for freed memory that is forbidden to be added to the free | 73 // A zap value used for freed memory that is forbidden to be added to the free |
| 74 // list in the next addToFreeList(). | 74 // list in the next addToFreeList(). |
| 75 const uint8_t reuseForbiddenZapValue = 0x2c; | 75 const uint8_t reuseForbiddenZapValue = 0x2c; |
| 76 | 76 |
| 77 // In non-production builds, memory is zapped when it's freed. The zapped | 77 // In non-production builds, memory is zapped when it's freed. The zapped |
| 78 // memory is zeroed out when the memory is reused in Heap::allocateObject(). | 78 // memory is zeroed out when the memory is reused in Heap::allocateObject(). |
| 79 // In production builds, memory is not zapped (for performance). The memory | 79 // In production builds, memory is not zapped (for performance). The memory |
| 80 // is just zeroed out when it is added to the free list. | 80 // is just zeroed out when it is added to the free list. |
| 81 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) | 81 #if defined(MEMORY_SANITIZER) |
| 82 // TODO(kojii): We actually need __msan_poison/unpoison here, but it'll be |
| 83 // added later. |
| 84 #define SET_MEMORY_INACCESSIBLE(address, size) \ |
| 85 FreeList::zapFreedMemory(address, size); |
| 86 #define SET_MEMORY_ACCESSIBLE(address, size) \ |
| 87 memset((address), 0, (size)) |
| 88 #elif ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) |
| 82 #define SET_MEMORY_INACCESSIBLE(address, size) \ | 89 #define SET_MEMORY_INACCESSIBLE(address, size) \ |
| 83 FreeList::zapFreedMemory(address, size); \ | 90 FreeList::zapFreedMemory(address, size); \ |
| 84 ASAN_POISON_MEMORY_REGION(address, size) | 91 ASAN_POISON_MEMORY_REGION(address, size) |
| 85 #define SET_MEMORY_ACCESSIBLE(address, size) \ | 92 #define SET_MEMORY_ACCESSIBLE(address, size) \ |
| 86 ASAN_UNPOISON_MEMORY_REGION(address, size); \ | 93 ASAN_UNPOISON_MEMORY_REGION(address, size); \ |
| 87 memset((address), 0, (size)) | 94 memset((address), 0, (size)) |
| 88 #else | 95 #else |
| 89 #define SET_MEMORY_INACCESSIBLE(address, size) memset((address), 0, (size)) | 96 #define SET_MEMORY_INACCESSIBLE(address, size) memset((address), 0, (size)) |
| 90 #define SET_MEMORY_ACCESSIBLE(address, size) do { } while (false) | 97 #define SET_MEMORY_ACCESSIBLE(address, size) do { } while (false) |
| 91 #endif | 98 #endif |
| (...skipping 549 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 641 struct PerBucketFreeListStats { | 648 struct PerBucketFreeListStats { |
| 642 size_t entryCount; | 649 size_t entryCount; |
| 643 size_t freeSize; | 650 size_t freeSize; |
| 644 | 651 |
| 645 PerBucketFreeListStats() : entryCount(0), freeSize(0) { } | 652 PerBucketFreeListStats() : entryCount(0), freeSize(0) { } |
| 646 }; | 653 }; |
| 647 | 654 |
| 648 void getFreeSizeStats(PerBucketFreeListStats bucketStats[], size_t& totalSiz
e) const; | 655 void getFreeSizeStats(PerBucketFreeListStats bucketStats[], size_t& totalSiz
e) const; |
| 649 #endif | 656 #endif |
| 650 | 657 |
| 651 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) | 658 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) || d
efined(MEMORY_SANITIZER) |
| 652 static void zapFreedMemory(Address, size_t); | 659 static void zapFreedMemory(Address, size_t); |
| 653 #endif | 660 #endif |
| 654 | 661 |
| 655 private: | 662 private: |
| 656 int m_biggestFreeListIndex; | 663 int m_biggestFreeListIndex; |
| 657 | 664 |
| 658 // All FreeListEntries in the nth list have size >= 2^n. | 665 // All FreeListEntries in the nth list have size >= 2^n. |
| 659 FreeListEntry* m_freeLists[blinkPageSizeLog2]; | 666 FreeListEntry* m_freeLists[blinkPageSizeLog2]; |
| 660 | 667 |
| 661 friend class NormalPageHeap; | 668 friend class NormalPageHeap; |
| (...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1388 size_t copySize = previousHeader->payloadSize(); | 1395 size_t copySize = previousHeader->payloadSize(); |
| 1389 if (copySize > size) | 1396 if (copySize > size) |
| 1390 copySize = size; | 1397 copySize = size; |
| 1391 memcpy(address, previous, copySize); | 1398 memcpy(address, previous, copySize); |
| 1392 return address; | 1399 return address; |
| 1393 } | 1400 } |
| 1394 | 1401 |
| 1395 } // namespace blink | 1402 } // namespace blink |
| 1396 | 1403 |
| 1397 #endif // Heap_h | 1404 #endif // Heap_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1260013003:
Reland of Fix FreeList::zapFreedMemory to fail "use-of-uninitialized-value" on MSAN (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master