Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(369)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/platform/heap/HeapPage.h

Issue 1411603007: [Oilpan] Add use-after-free detector in Member<> Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix test failures Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/platform/heap/Heap.h ('K') | « third_party/WebKit/Source/platform/heap/Heap.cpp ('k') | third_party/WebKit/Source/platform/heap/HeapPage.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/platform/heap/HeapPage.h
diff --git a/third_party/WebKit/Source/platform/heap/HeapPage.h b/third_party/WebKit/Source/platform/heap/HeapPage.h
index e1f17dea22cd8dd78930fcde1bad120963e296f5..f17cfb9eca65a6b2f8184abb161ac1d9736a6095 100644
--- a/third_party/WebKit/Source/platform/heap/HeapPage.h
+++ b/third_party/WebKit/Source/platform/heap/HeapPage.h
@@ -171,7 +171,7 @@ public:
HeapObjectHeader(size_t size, size_t gcInfoIndex)
{
#if ENABLE(ASSERT)
- m_magic = magic;
+ putGcGeneration();
haraken 2015/11/11 10:03:16 Actually this is not quite right. Remember that He
peria 2015/11/12 14:38:42 Done.
#endif
// sizeof(HeapObjectHeader) must be equal to or smaller than
// allocationGranurarity, because HeapObjectHeader is used as a header
@@ -212,22 +212,19 @@ public:
#if ENABLE(ASSERT)
bool checkHeader() const;
- // Zap magic number with a new magic number that means there was once an
- // object allocated here, but it was freed because nobody marked it during
- // GC.
- void zapMagic();
+
+ void putGcGeneration();
haraken 2015/11/11 10:03:16 putGcGeneration => recordGCGeneration
peria 2015/11/12 14:38:42 I removed this method with making gcGeneration a p
+ void clearGcGeneration();
+ uint32_t gcGeneration() const { return m_gcGeneration; }
#endif
void finalize(Address, size_t);
static HeapObjectHeader* fromPayload(const void*);
- static const uint16_t magic = 0xfff1;
- static const uint16_t zappedMagic = 0x4321;
-
private:
uint32_t m_encoded;
#if ENABLE(ASSERT)
- uint16_t m_magic;
+ uint32_t m_gcGeneration;
haraken 2015/11/11 10:03:16 Add a comment. // m_gcGeneration keeps track of t
peria 2015/11/12 14:38:42 Done.
#endif
// In 64 bit architectures, we intentionally add 4 byte padding immediately
@@ -257,7 +254,7 @@ public:
{
#if ENABLE(ASSERT)
ASSERT(size >= sizeof(HeapObjectHeader));
- zapMagic();
+ clearGcGeneration();
#endif
}
@@ -783,7 +780,7 @@ size_t HeapObjectHeader::size() const
NO_SANITIZE_ADDRESS inline
bool HeapObjectHeader::checkHeader() const
{
- return !pageFromObject(this)->orphaned() && m_magic == magic;
+ return !pageFromObject(this)->orphaned() && m_gcGeneration;
}
#endif
« third_party/WebKit/Source/platform/heap/Heap.h ('K') | « third_party/WebKit/Source/platform/heap/Heap.cpp ('k') | third_party/WebKit/Source/platform/heap/HeapPage.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698