Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/platform/heap/HeapPage.cpp

Issue 1805343004: (Only) poison unmarked heap objects prior to sweeping. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove dated assert Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/platform/heap/HeapPage.h ('k') | third_party/WebKit/Source/platform/heap/ThreadState.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after
247 { 247 {
248 ASSERT(getThreadState()->isInGC()); 248 ASSERT(getThreadState()->isInGC());
249 ASSERT(!m_firstUnsweptPage); 249 ASSERT(!m_firstUnsweptPage);
250 250
251 // Move all pages to a list of unswept pages. 251 // Move all pages to a list of unswept pages.
252 m_firstUnsweptPage = m_firstPage; 252 m_firstUnsweptPage = m_firstPage;
253 m_firstPage = nullptr; 253 m_firstPage = nullptr;
254 } 254 }
255 255
256 #if defined(ADDRESS_SANITIZER) 256 #if defined(ADDRESS_SANITIZER)
257 void BaseArena::poisonArena(BlinkGC::ObjectsToPoison objectsToPoison, BlinkGC::P oisoning poisoning) 257 void BaseArena::poisonArena()
258 { 258 {
259 // TODO(sof): support complete poisoning of all arenas. 259 for (BasePage* page = m_firstUnsweptPage; page; page = page->next())
260 ASSERT(objectsToPoison != BlinkGC::MarkedAndUnmarked || arenaIndex() == Blin kGC::EagerSweepArenaIndex); 260 page->poisonUnmarkedObjects();
261
262 // This method may either be called to poison (SetPoison) heap
263 // object payloads prior to sweeping, or it may be called at
264 // the completion of a sweep to unpoison (ClearPoison) the
265 // objects remaining in the heap. Those will all be live and unmarked.
266 //
267 // Poisoning may be limited to unmarked objects only, or apply to all.
268 if (poisoning == BlinkGC::SetPoison) {
269 for (BasePage* page = m_firstUnsweptPage; page; page = page->next())
270 page->poisonObjects(objectsToPoison, poisoning);
271 return;
272 }
273 // Support clearing of poisoning after sweeping has completed,
274 // in which case the pages of the live objects are reachable
275 // via m_firstPage.
276 ASSERT(!m_firstUnsweptPage);
277 for (BasePage* page = m_firstPage; page; page = page->next())
278 page->poisonObjects(objectsToPoison, poisoning);
279 } 261 }
280 #endif 262 #endif
281 263
282 Address BaseArena::lazySweep(size_t allocationSize, size_t gcInfoIndex) 264 Address BaseArena::lazySweep(size_t allocationSize, size_t gcInfoIndex)
283 { 265 {
284 // If there are no pages to be swept, return immediately. 266 // If there are no pages to be swept, return immediately.
285 if (!m_firstUnsweptPage) 267 if (!m_firstUnsweptPage)
286 return nullptr; 268 return nullptr;
287 269
288 RELEASE_ASSERT(getThreadState()->isSweepingInProgress()); 270 RELEASE_ASSERT(getThreadState()->isSweepingInProgress());
(...skipping 943 matching lines...) Expand 10 before | Expand all | Expand 10 after
1232 header->unmark(); 1214 header->unmark();
1233 headerAddress += size; 1215 headerAddress += size;
1234 startOfGap = headerAddress; 1216 startOfGap = headerAddress;
1235 ASSERT(headerAddress <= payloadEnd()); 1217 ASSERT(headerAddress <= payloadEnd());
1236 } 1218 }
1237 if (startOfGap != payloadEnd()) 1219 if (startOfGap != payloadEnd())
1238 arenaForNormalPage()->addToFreeList(startOfGap, payloadEnd() - startOfGa p); 1220 arenaForNormalPage()->addToFreeList(startOfGap, payloadEnd() - startOfGa p);
1239 } 1221 }
1240 1222
1241 #if defined(ADDRESS_SANITIZER) 1223 #if defined(ADDRESS_SANITIZER)
1242 void NormalPage::poisonObjects(BlinkGC::ObjectsToPoison objectsToPoison, BlinkGC ::Poisoning poisoning) 1224 void NormalPage::poisonUnmarkedObjects()
1243 { 1225 {
1244 for (Address headerAddress = payload(); headerAddress < payloadEnd();) { 1226 for (Address headerAddress = payload(); headerAddress < payloadEnd();) {
1245 HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAdd ress); 1227 HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAdd ress);
1246 ASSERT(header->size() < blinkPagePayloadSize()); 1228 ASSERT(header->size() < blinkPagePayloadSize());
1247 // Check if a free list entry first since we cannot call 1229 // Check if a free list entry first since we cannot call
1248 // isMarked on a free list entry. 1230 // isMarked on a free list entry.
1249 if (header->isFree()) { 1231 if (header->isFree()) {
1250 headerAddress += header->size(); 1232 headerAddress += header->size();
1251 continue; 1233 continue;
1252 } 1234 }
1253 ASSERT(header->checkHeader()); 1235 ASSERT(header->checkHeader());
1254 if (objectsToPoison == BlinkGC::MarkedAndUnmarked || !header->isMarked() ) { 1236 if (!header->isMarked())
1255 if (poisoning == BlinkGC::SetPoison) 1237 ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
1256 ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize ());
1257 else
1258 ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSi ze());
1259 }
1260 headerAddress += header->size(); 1238 headerAddress += header->size();
1261 } 1239 }
1262 } 1240 }
1263 #endif 1241 #endif
1264 1242
1265 void NormalPage::populateObjectStartBitMap() 1243 void NormalPage::populateObjectStartBitMap()
1266 { 1244 {
1267 memset(&m_objectStartBitMap, 0, objectStartBitMapSize); 1245 memset(&m_objectStartBitMap, 0, objectStartBitMapSize);
1268 Address start = payload(); 1246 Address start = payload();
1269 for (Address headerAddress = start; headerAddress < payloadEnd();) { 1247 for (Address headerAddress = start; headerAddress < payloadEnd();) {
(...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after
1481 } 1459 }
1482 1460
1483 void LargeObjectPage::makeConsistentForMutator() 1461 void LargeObjectPage::makeConsistentForMutator()
1484 { 1462 {
1485 HeapObjectHeader* header = heapObjectHeader(); 1463 HeapObjectHeader* header = heapObjectHeader();
1486 if (header->isMarked()) 1464 if (header->isMarked())
1487 header->unmark(); 1465 header->unmark();
1488 } 1466 }
1489 1467
1490 #if defined(ADDRESS_SANITIZER) 1468 #if defined(ADDRESS_SANITIZER)
1491 void LargeObjectPage::poisonObjects(BlinkGC::ObjectsToPoison objectsToPoison, Bl inkGC::Poisoning poisoning) 1469 void LargeObjectPage::poisonUnmarkedObjects()
1492 { 1470 {
1493 HeapObjectHeader* header = heapObjectHeader(); 1471 HeapObjectHeader* header = heapObjectHeader();
1494 if (objectsToPoison == BlinkGC::MarkedAndUnmarked || !header->isMarked()) { 1472 if (!header->isMarked())
1495 if (poisoning == BlinkGC::SetPoison) 1473 ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
1496 ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
1497 else
1498 ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize() );
1499 }
1500 } 1474 }
1501 #endif 1475 #endif
1502 1476
1503 void LargeObjectPage::checkAndMarkPointer(Visitor* visitor, Address address) 1477 void LargeObjectPage::checkAndMarkPointer(Visitor* visitor, Address address)
1504 { 1478 {
1505 ASSERT(contains(address)); 1479 ASSERT(contains(address));
1506 if (!containedInObjectPayload(address) || heapObjectHeader()->isDead()) 1480 if (!containedInObjectPayload(address) || heapObjectHeader()->isDead())
1507 return; 1481 return;
1508 markPointer(visitor, heapObjectHeader()); 1482 markPointer(visitor, heapObjectHeader());
1509 } 1483 }
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
1588 1562
1589 m_hasEntries = true; 1563 m_hasEntries = true;
1590 size_t index = hash(address); 1564 size_t index = hash(address);
1591 ASSERT(!(index & 1)); 1565 ASSERT(!(index & 1));
1592 Address cachePage = roundToBlinkPageStart(address); 1566 Address cachePage = roundToBlinkPageStart(address);
1593 m_entries[index + 1] = m_entries[index]; 1567 m_entries[index + 1] = m_entries[index];
1594 m_entries[index] = cachePage; 1568 m_entries[index] = cachePage;
1595 } 1569 }
1596 1570
1597 } // namespace blink 1571 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/platform/heap/HeapPage.h ('k') | third_party/WebKit/Source/platform/heap/ThreadState.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698