[Tracing] Add hook to PartitionAlloc for heap profiling

third_party/WebKit/Source/wtf/PartitionAlloc.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 393 matching lines @@
 WTF_EXPORT void partitionPurgeMemory(PartitionRoot*, int);
 WTF_EXPORT void partitionPurgeMemoryGeneric(PartitionRootGeneric*, int);
 
 WTF_EXPORT NEVER_INLINE void* partitionAllocSlowPath(PartitionRootBase*, int, size_t, PartitionBucket*);
 WTF_EXPORT NEVER_INLINE void partitionFreeSlowPath(PartitionPage*);
 WTF_EXPORT NEVER_INLINE void* partitionReallocGeneric(PartitionRootGeneric*, void*, size_t);
 
 WTF_EXPORT void partitionDumpStats(PartitionRoot*, const char* partitionName, bool isLightDump, PartitionStatsDumper*);
 WTF_EXPORT void partitionDumpStatsGeneric(PartitionRootGeneric*, const char* partitionName, bool isLightDump, PartitionStatsDumper*);
 
+class WTF_EXPORT PartitionAllocHooks {
+public:
+    typedef void AllocationHook(void* address, size_t);
+    typedef void FreeHook(void* address);
+
+    static void setAllocationHook(AllocationHook* hook) { m_allocationHook = hook; }
+    static void setFreeHook(FreeHook* hook) { m_freeHook = hook; }
+
+    static void maybeInvokeAllocationHook(void* address, size_t size)
+    {
+        AllocationHook* hook = m_allocationHook;
+        if (UNLIKELY(hook != nullptr))
+            hook(address, size);
+    }
+
+    static void maybeInvokeFreeHook(void* address)
+    {
+        FreeHook* hook = m_freeHook;
+        if (UNLIKELY(hook != nullptr))
+            hook(address);
+    }
+
+    static void maybeInvokeReallocationHook(void* oldAddress, void* newAddress, size_t size)
+    {
+        // Report a reallocation as a free followed by an allocation.
+        AllocationHook* allocHook = m_allocationHook;
+        FreeHook* freeHook = m_freeHook;
+        if (UNLIKELY(allocHook && freeHook)) {
+            freeHook(oldAddress);
+            allocHook(newAddress, size);
+        }
+    }
+
+private:
+    // Pointers to hook functions that PartitionAlloc will call on allocation and
+    // free if the pointers are non-null.
+    static AllocationHook* m_allocationHook;
+    static FreeHook* m_freeHook;
+};
+
 ALWAYS_INLINE PartitionFreelistEntry* partitionFreelistMask(PartitionFreelistEntry* ptr)
 {
     // We use bswap on little endian as a fast mask for two reasons:
     // 1) If an object is freed and its vtable used where the attacker doesn't
     // get the chance to run allocations between the free and use, the vtable
     // dereference is likely to fault.
     // 2) If the attacker has a linear buffer overflow and elects to try and
     // corrupt a freelist pointer, partial pointer overwrite attacks are
     // thwarted.
     // For big endian, similar guarantees are arrived at with a negation.
@@ skipping 182 matching lines @@
         slotSize = rawSize;
     }
     size_t noCookieSize = partitionCookieSizeAdjustSubtract(slotSize);
     char* charRet = static_cast<char*>(ret);
     // The value given to the application is actually just after the cookie.
     ret = charRet + kCookieSize;
     memset(ret, kUninitializedByte, noCookieSize);
     partitionCookieWriteValue(charRet);
     partitionCookieWriteValue(charRet + kCookieSize + noCookieSize);
 #endif
+
+    PartitionAllocHooks::maybeInvokeAllocationHook(ret, size);
+
     return ret;
 }
 
 ALWAYS_INLINE void* partitionAlloc(PartitionRoot* root, size_t size)
 {
 #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
     void* result = malloc(size);
     RELEASE_ASSERT(result);
     return result;
 #else
@@ skipping 12 matching lines @@
     // If these asserts fire, you probably corrupted memory.
 #if ENABLE(ASSERT)
     size_t slotSize = page->bucket->slotSize;
     size_t rawSize = partitionPageGetRawSize(page);
     if (rawSize)
         slotSize = rawSize;
     partitionCookieCheckValue(ptr);
     partitionCookieCheckValue(reinterpret_cast<char*>(ptr) + slotSize - kCookieSize);
     memset(ptr, kFreedByte, slotSize);
 #endif
+
+    PartitionAllocHooks::maybeInvokeFreeHook(ptr);
+
     ASSERT(page->numAllocatedSlots);
     PartitionFreelistEntry* freelistHead = page->freelistHead;
     ASSERT(!freelistHead || partitionPointerIsValid(freelistHead));
     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ptr != freelistHead); // Catches an immediate double free.
     ASSERT_WITH_SECURITY_IMPLICATION(!freelistHead || ptr != partitionFreelistMask(freelistHead->next)); // Look for double free one level deeper in debug.
     PartitionFreelistEntry* entry = static_cast<PartitionFreelistEntry*>(ptr);
     entry->next = partitionFreelistMask(freelistHead);
     page->freelistHead = entry;
     --page->numAllocatedSlots;
     if (UNLIKELY(page->numAllocatedSlots <= 0)) {
@@ skipping 156 matching lines @@
 using WTF::partitionAlloc;
 using WTF::partitionFree;
 using WTF::partitionAllocGeneric;
 using WTF::partitionFreeGeneric;
 using WTF::partitionReallocGeneric;
 using WTF::partitionAllocActualSize;
 using WTF::partitionAllocSupportsGetSize;
 using WTF::partitionAllocGetSize;
 
 #endif // WTF_PartitionAlloc_h