Chromium Code Reviews Chromium Code Reviews
Issue 1391933004:
[Tracing] Add hook to PartitionAlloc for heap profiling (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 393 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 404 WTF_EXPORT void partitionPurgeMemory(PartitionRoot*, int); | 404 WTF_EXPORT void partitionPurgeMemory(PartitionRoot*, int); |
| 405 WTF_EXPORT void partitionPurgeMemoryGeneric(PartitionRootGeneric*, int); | 405 WTF_EXPORT void partitionPurgeMemoryGeneric(PartitionRootGeneric*, int); |
| 406 | 406 |
| 407 WTF_EXPORT NEVER_INLINE void* partitionAllocSlowPath(PartitionRootBase*, int, si ze_t, PartitionBucket*); | 407 WTF_EXPORT NEVER_INLINE void* partitionAllocSlowPath(PartitionRootBase*, int, si ze_t, PartitionBucket*); |
| 408 WTF_EXPORT NEVER_INLINE void partitionFreeSlowPath(PartitionPage*); | 408 WTF_EXPORT NEVER_INLINE void partitionFreeSlowPath(PartitionPage*); |
| 409 WTF_EXPORT NEVER_INLINE void* partitionReallocGeneric(PartitionRootGeneric*, voi d*, size_t); | 409 WTF_EXPORT NEVER_INLINE void* partitionReallocGeneric(PartitionRootGeneric*, voi d*, size_t); |
| 410 | 410 |
| 411 WTF_EXPORT void partitionDumpStats(PartitionRoot*, const char* partitionName, bo ol isLightDump, PartitionStatsDumper*); | 411 WTF_EXPORT void partitionDumpStats(PartitionRoot*, const char* partitionName, bo ol isLightDump, PartitionStatsDumper*); |
| 412 WTF_EXPORT void partitionDumpStatsGeneric(PartitionRootGeneric*, const char* par titionName, bool isLightDump, PartitionStatsDumper*); | 412 WTF_EXPORT void partitionDumpStatsGeneric(PartitionRootGeneric*, const char* par titionName, bool isLightDump, PartitionStatsDumper*); |
| 413 | 413 |
| 414 extern WTF_EXPORT void (*partitionAllocHookAlloc)(void* addr, size_t size); | |
|
Primiano Tucci (use gerrit)
2015/10/12 16:36:46
Hmm I think that if you split this into the actual
Ruud van Asseldonk
2015/10/13 10:42:18
Done.
| |
| 415 extern WTF_EXPORT void (*partitionAllocHookFree)(void* addr); | |
| 416 | |
| 414 ALWAYS_INLINE PartitionFreelistEntry* partitionFreelistMask(PartitionFreelistEnt ry* ptr) | 417 ALWAYS_INLINE PartitionFreelistEntry* partitionFreelistMask(PartitionFreelistEnt ry* ptr) |
| 415 { | 418 { |
| 416 // We use bswap on little endian as a fast mask for two reasons: | 419 // We use bswap on little endian as a fast mask for two reasons: |
| 417 // 1) If an object is freed and its vtable used where the attacker doesn't | 420 // 1) If an object is freed and its vtable used where the attacker doesn't |
| 418 // get the chance to run allocations between the free and use, the vtable | 421 // get the chance to run allocations between the free and use, the vtable |
| 419 // dereference is likely to fault. | 422 // dereference is likely to fault. |
| 420 // 2) If the attacker has a linear buffer overflow and elects to try and | 423 // 2) If the attacker has a linear buffer overflow and elects to try and |
| 421 // corrupt a freelist pointer, partial pointer overwrite attacks are | 424 // corrupt a freelist pointer, partial pointer overwrite attacks are |
| 422 // thwarted. | 425 // thwarted. |
| 423 // For big endian, similar guarantees are arrived at with a negation. | 426 // For big endian, similar guarantees are arrived at with a negation. |
| (...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 694 void* result = malloc(size); | 697 void* result = malloc(size); |
| 695 RELEASE_ASSERT(result); | 698 RELEASE_ASSERT(result); |
| 696 return result; | 699 return result; |
| 697 #else | 700 #else |
| 698 ASSERT(root->initialized); | 701 ASSERT(root->initialized); |
| 699 size = partitionCookieSizeAdjustAdd(size); | 702 size = partitionCookieSizeAdjustAdd(size); |
| 700 PartitionBucket* bucket = partitionGenericSizeToBucket(root, size); | 703 PartitionBucket* bucket = partitionGenericSizeToBucket(root, size); |
| 701 spinLockLock(&root->lock); | 704 spinLockLock(&root->lock); |
| 702 void* ret = partitionBucketAlloc(root, flags, size, bucket); | 705 void* ret = partitionBucketAlloc(root, flags, size, bucket); |
| 703 spinLockUnlock(&root->lock); | 706 spinLockUnlock(&root->lock); |
| 707 | |
| 708 if (UNLIKELY(partitionAllocHookAlloc != nullptr)) | |
|
Primiano Tucci (use gerrit)
2015/10/12 16:36:46
see my previous comment about locking. I think you
Primiano Tucci (use gerrit)
2015/10/12 16:36:46
Also, if you hook only partitionAllocGeneric you w
Ruud van Asseldonk
2015/10/13 10:42:18
Oooops, should have hooked |partitionBucketAlloc|
| |
| 709 partitionAllocHookAlloc(ret, size); | |
| 710 | |
| 704 return ret; | 711 return ret; |
| 705 #endif | 712 #endif |
| 706 } | 713 } |
| 707 | 714 |
| 708 ALWAYS_INLINE void* partitionAllocGeneric(PartitionRootGeneric* root, size_t siz e) | 715 ALWAYS_INLINE void* partitionAllocGeneric(PartitionRootGeneric* root, size_t siz e) |
| 709 { | 716 { |
| 710 return partitionAllocGenericFlags(root, 0, size); | 717 return partitionAllocGenericFlags(root, 0, size); |
| 711 } | 718 } |
| 712 | 719 |
| 713 ALWAYS_INLINE void partitionFreeGeneric(PartitionRootGeneric* root, void* ptr) | 720 ALWAYS_INLINE void partitionFreeGeneric(PartitionRootGeneric* root, void* ptr) |
| 714 { | 721 { |
| 715 #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR) | 722 #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR) |
| 716 free(ptr); | 723 free(ptr); |
| 717 #else | 724 #else |
| 718 ASSERT(root->initialized); | 725 ASSERT(root->initialized); |
| 719 | 726 |
| 727 if (UNLIKELY(partitionAllocHookFree != nullptr)) | |
|
Primiano Tucci (use gerrit)
2015/10/12 16:36:46
ditto
Ruud van Asseldonk
2015/10/13 10:42:18
Yes.
| |
| 728 partitionAllocHookFree(ptr); | |
| 729 | |
| 720 if (UNLIKELY(!ptr)) | 730 if (UNLIKELY(!ptr)) |
| 721 return; | 731 return; |
| 722 | 732 |
| 723 ptr = partitionCookieFreePointerAdjust(ptr); | 733 ptr = partitionCookieFreePointerAdjust(ptr); |
| 724 ASSERT(partitionPointerIsValid(ptr)); | 734 ASSERT(partitionPointerIsValid(ptr)); |
| 725 PartitionPage* page = partitionPointerToPage(ptr); | 735 PartitionPage* page = partitionPointerToPage(ptr); |
| 726 spinLockLock(&root->lock); | 736 spinLockLock(&root->lock); |
| 727 partitionFreeWithPage(ptr, page); | 737 partitionFreeWithPage(ptr, page); |
| 728 spinLockUnlock(&root->lock); | 738 spinLockUnlock(&root->lock); |
| 729 #endif | 739 #endif |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 814 using WTF::partitionAlloc; | 824 using WTF::partitionAlloc; |
| 815 using WTF::partitionFree; | 825 using WTF::partitionFree; |
| 816 using WTF::partitionAllocGeneric; | 826 using WTF::partitionAllocGeneric; |
| 817 using WTF::partitionFreeGeneric; | 827 using WTF::partitionFreeGeneric; |
| 818 using WTF::partitionReallocGeneric; | 828 using WTF::partitionReallocGeneric; |
| 819 using WTF::partitionAllocActualSize; | 829 using WTF::partitionAllocActualSize; |
| 820 using WTF::partitionAllocSupportsGetSize; | 830 using WTF::partitionAllocSupportsGetSize; |
| 821 using WTF::partitionAllocGetSize; | 831 using WTF::partitionAllocGetSize; |
| 822 | 832 |
| 823 #endif // WTF_PartitionAlloc_h | 833 #endif // WTF_PartitionAlloc_h |
| OLD | NEW |
