Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1187)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/platform/heap/HeapPage.cpp

Issue 1411603007: [Oilpan] Add use-after-free detector in Member<> Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/platform/heap/HeapPage.h ('k') | third_party/WebKit/Source/platform/heap/ThreadState.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/platform/heap/HeapPage.cpp
diff --git a/third_party/WebKit/Source/platform/heap/HeapPage.cpp b/third_party/WebKit/Source/platform/heap/HeapPage.cpp
index 10b30f8de75112e2dafff32746ad59ed959836b9..cab5a8625cd1719d07b632cf67c4aa5abeabb71d 100644
--- a/third_party/WebKit/Source/platform/heap/HeapPage.cpp
+++ b/third_party/WebKit/Source/platform/heap/HeapPage.cpp
@@ -88,15 +88,6 @@
namespace blink {
-#if ENABLE(ASSERT)
-NO_SANITIZE_ADDRESS
-void HeapObjectHeader::zapMagic()
-{
- ASSERT(checkHeader());
- m_magic = zappedMagic;
-}
-#endif
-
void HeapObjectHeader::finalize(Address object, size_t objectSize)
{
const GCInfo* gcInfo = Heap::gcInfo(gcInfoIndex());
@@ -623,7 +614,7 @@ bool NormalPageHeap::shrinkObject(HeapObjectHeader* header, size_t newSize)
ASSERT(shrinkSize >= sizeof(HeapObjectHeader));
ASSERT(header->gcInfoIndex() > 0);
Address shrinkAddress = header->payloadEnd() - shrinkSize;
- HeapObjectHeader* freedHeader = new (NotNull, shrinkAddress) HeapObjectHeader(shrinkSize, header->gcInfoIndex());
+ HeapObjectHeader* freedHeader = new (NotNull, shrinkAddress) HeapObjectHeader(shrinkSize, header->gcInfoIndex(), gcGenerationForFreeListEntry);
freedHeader->markPromptlyFreed();
ASSERT(pageFromObject(reinterpret_cast<Address>(header)) == findPageFromAddress(reinterpret_cast<Address>(header)));
m_promptlyFreedSize += shrinkSize;
@@ -777,7 +768,7 @@ Address NormalPageHeap::allocateFromFreeList(size_t allocationSize, size_t gcInf
ASSERT(hasCurrentAllocationArea());
ASSERT(remainingAllocationSize() >= allocationSize);
m_freeList.m_biggestFreeListIndex = index;
- return allocateObject(allocationSize, gcInfoIndex);
+ return allocateObject(allocationSize, gcInfoIndex, Heap::gcGeneration());
}
}
m_freeList.m_biggestFreeListIndex = index;
@@ -830,7 +821,7 @@ Address LargeObjectHeap::doAllocateLargeObjectPage(size_t allocationSize, size_t
ASSERT(!largeObjectAddress[i]);
#endif
ASSERT(gcInfoIndex > 0);
- HeapObjectHeader* header = new (NotNull, headerAddress) HeapObjectHeader(largeObjectSizeInHeader, gcInfoIndex);
+ HeapObjectHeader* header = new (NotNull, headerAddress) HeapObjectHeader(largeObjectSizeInHeader, gcInfoIndex, Heap::gcGeneration());
Address result = headerAddress + sizeof(*header);
ASSERT(!(reinterpret_cast<uintptr_t>(result) & allocationMask));
LargeObjectPage* largeObject = new (largeObjectAddress) LargeObjectPage(pageMemory, this, allocationSize);
@@ -924,7 +915,7 @@ void FreeList::addToFreeList(Address address, size_t size)
// Create a dummy header with only a size and freelist bit set.
ASSERT(size >= sizeof(HeapObjectHeader));
// Free list encode the size to mark the lost memory as freelist memory.
- new (NotNull, address) HeapObjectHeader(size, gcInfoIndexForFreeListHeader);
+ new (NotNull, address) HeapObjectHeader(size, gcInfoIndexForFreeListHeader, gcGenerationForFreeListEntry);
ASAN_POISON_MEMORY_REGION(address, size);
// This memory gets lost. Sweeping can reclaim it.
@@ -1316,6 +1307,24 @@ HeapObjectHeader* NormalPage::findHeaderFromAddress(Address address)
return header;
}
+HeapObjectHeader* NormalPage::findHeaderFromObject(const void* obj)
haraken 2015/11/25 02:38:54 I'm afraid that this method would be super heavy.
+{
+ ASSERT(payload() <= obj && obj <= payloadEnd());
+
+ Address start = payload();
+ for (Address headerAddress = start; headerAddress < payloadEnd();) {
+ HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAddress);
+ Address nextHeaderAddress = headerAddress + header->size();
+ if (header <= obj && obj < nextHeaderAddress)
+ return header;
+ headerAddress = nextHeaderAddress;
+ ASSERT(headerAddress <= payloadEnd());
+ }
+
+ ASSERT_NOT_REACHED();
+ return nullptr;
+}
+
#if ENABLE(ASSERT)
static bool isUninitializedMemory(void* objectPointer, size_t objectSize)
{
« no previous file with comments | « third_party/WebKit/Source/platform/heap/HeapPage.h ('k') | third_party/WebKit/Source/platform/heap/ThreadState.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698