| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 889 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 900 ASSERT(size >= sizeof(HeapObjectHeader)); | 900 ASSERT(size >= sizeof(HeapObjectHeader)); |
| 901 // Free list encode the size to mark the lost memory as freelist memory. | 901 // Free list encode the size to mark the lost memory as freelist memory. |
| 902 new (NotNull, address) HeapObjectHeader(size, gcInfoIndexForFreeListHead
er); | 902 new (NotNull, address) HeapObjectHeader(size, gcInfoIndexForFreeListHead
er); |
| 903 | 903 |
| 904 ASAN_POISON_MEMORY_REGION(address, size); | 904 ASAN_POISON_MEMORY_REGION(address, size); |
| 905 // This memory gets lost. Sweeping can reclaim it. | 905 // This memory gets lost. Sweeping can reclaim it. |
| 906 return; | 906 return; |
| 907 } | 907 } |
| 908 entry = new (NotNull, address) FreeListEntry(size); | 908 entry = new (NotNull, address) FreeListEntry(size); |
| 909 | 909 |
| 910 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) | 910 #if (ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER)) &&
!defined(MEMORY_SANITIZER) |
| 911 // The following logic delays reusing free lists for (at least) one GC | 911 // The following logic delays reusing free lists for (at least) one GC |
| 912 // cycle or coalescing. This is helpful to detect use-after-free errors | 912 // cycle or coalescing. This is helpful to detect use-after-free errors |
| 913 // that could be caused by lazy sweeping etc. | 913 // that could be caused by lazy sweeping etc. |
| 914 size_t allowedCount = 0; | 914 size_t allowedCount = 0; |
| 915 size_t forbiddenCount = 0; | 915 size_t forbiddenCount = 0; |
| 916 for (size_t i = sizeof(FreeListEntry); i < size; i++) { | 916 for (size_t i = sizeof(FreeListEntry); i < size; i++) { |
| 917 if (address[i] == reuseAllowedZapValue) { | 917 if (address[i] == reuseAllowedZapValue) { |
| 918 allowedCount++; | 918 allowedCount++; |
| 919 } else if (address[i] == reuseForbiddenZapValue) { | 919 } else if (address[i] == reuseForbiddenZapValue) { |
| 920 forbiddenCount++; | 920 forbiddenCount++; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 962 // region to the free list and reuse it for another object. | 962 // region to the free list and reuse it for another object. |
| 963 #endif | 963 #endif |
| 964 ASAN_POISON_MEMORY_REGION(address, size); | 964 ASAN_POISON_MEMORY_REGION(address, size); |
| 965 | 965 |
| 966 int index = bucketIndexForSize(size); | 966 int index = bucketIndexForSize(size); |
| 967 entry->link(&m_freeLists[index]); | 967 entry->link(&m_freeLists[index]); |
| 968 if (index > m_biggestFreeListIndex) | 968 if (index > m_biggestFreeListIndex) |
| 969 m_biggestFreeListIndex = index; | 969 m_biggestFreeListIndex = index; |
| 970 } | 970 } |
| 971 | 971 |
| 972 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER) || d
efined(MEMORY_SANITIZER) | 972 #if (ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER)) &&
!defined(MEMORY_SANITIZER) |
| 973 NO_SANITIZE_ADDRESS | 973 NO_SANITIZE_ADDRESS |
| 974 NO_SANITIZE_MEMORY | |
| 975 void NEVER_INLINE FreeList::zapFreedMemory(Address address, size_t size) | 974 void NEVER_INLINE FreeList::zapFreedMemory(Address address, size_t size) |
| 976 { | 975 { |
| 977 for (size_t i = 0; i < size; i++) { | 976 for (size_t i = 0; i < size; i++) { |
| 978 // See the comment in addToFreeList(). | 977 // See the comment in addToFreeList(). |
| 979 if (address[i] != reuseAllowedZapValue) | 978 if (address[i] != reuseAllowedZapValue) |
| 980 address[i] = reuseForbiddenZapValue; | 979 address[i] = reuseForbiddenZapValue; |
| 981 } | 980 } |
| 982 } | 981 } |
| 983 | 982 |
| 984 void NEVER_INLINE FreeList::checkFreedMemoryIsZapped(Address address, size_t siz
e) | 983 void NEVER_INLINE FreeList::checkFreedMemoryIsZapped(Address address, size_t siz
e) |
| (...skipping 576 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1561 | 1560 |
| 1562 m_hasEntries = true; | 1561 m_hasEntries = true; |
| 1563 size_t index = hash(address); | 1562 size_t index = hash(address); |
| 1564 ASSERT(!(index & 1)); | 1563 ASSERT(!(index & 1)); |
| 1565 Address cachePage = roundToBlinkPageStart(address); | 1564 Address cachePage = roundToBlinkPageStart(address); |
| 1566 m_entries[index + 1] = m_entries[index]; | 1565 m_entries[index + 1] = m_entries[index]; |
| 1567 m_entries[index] = cachePage; | 1566 m_entries[index] = cachePage; |
| 1568 } | 1567 } |
| 1569 | 1568 |
| 1570 } // namespace blink | 1569 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1950603003:
MSan: disable zapping of freelist entries.
Base URL: https://chromium.googlesource.com/chromium/src.git@master