macOS: Shim all malloc zones.

base/allocator/malloc_zone_aggregator_mac.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_
+#define BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_
+
+#include <malloc/malloc.h>
+#include <stddef.h>
+
+#include "base/base_export.h"
+#include "base/synchronization/lock.h"
+#include "third_party/apple_apsl/malloc.h"
+
+namespace base {
+namespace allocator {
+
+using MallocZonePointer = struct _malloc_zone_t*;

[Mark Mentovai, 2017/02/21 22:52:51]

Unused

[erikchen, 2017/02/21 23:44:34]

removed

+typedef void* (*malloc_type)(struct _malloc_zone_t* zone, size_t size);
+typedef void* (*calloc_type)(struct _malloc_zone_t* zone,
+                             size_t num_items,
+                             size_t size);
+typedef void* (*valloc_type)(struct _malloc_zone_t* zone, size_t size);
+typedef void (*free_type)(struct _malloc_zone_t* zone, void* ptr);
+typedef void* (*realloc_type)(struct _malloc_zone_t* zone,
+                              void* ptr,
+                              size_t size);
+typedef void* (*memalign_type)(struct _malloc_zone_t* zone,
+                               size_t alignment,
+                               size_t size);
+typedef unsigned (*batch_malloc_type)(struct _malloc_zone_t* zone,
+                                      size_t size,
+                                      void** results,
+                                      unsigned num_requested);
+typedef void (*batch_free_type)(struct _malloc_zone_t* zone,
+                                void** to_be_freed,
+                                unsigned num_to_be_freed);
+typedef void (*free_definite_size_type)(struct _malloc_zone_t* zone,
+                                        void* ptr,
+                                        size_t size);
+typedef size_t (*size_fn_type)(struct _malloc_zone_t* zone, const void* ptr);
+
+struct MallocZoneFunctions {
+  MallocZoneFunctions();
+  malloc_type malloc = nullptr;
+  calloc_type calloc = nullptr;
+  valloc_type valloc = nullptr;
+  free_type free = nullptr;
+  realloc_type realloc = nullptr;
+  memalign_type memalign = nullptr;
+  batch_malloc_type batch_malloc = nullptr;
+  batch_free_type batch_free = nullptr;
+  free_definite_size_type free_definite_size = nullptr;
+  size_fn_type size = nullptr;
+  void* context = nullptr;

[Mark Mentovai, 2017/02/21 22:52:51]

Is this a _malloc_zone_t* or a ChromeMallocZone*?

[erikchen, 2017/02/21 23:44:34]

ChromeMallocZone*.

+};
+
+void StoreZoneFunctions(ChromeMallocZone* zone, MallocZoneFunctions* functions);
+
+// This class stores all information about malloc zones before they are shimmed.
+// This information needs to be accessed during dispatch back into the zone, and
+// additional zones may be added later in the execution fo the program, so
+// this class needs to be both thread-safe and high-performance.
+//
+// We begin by creating an array of MallocZoneFunctions of fixed size. We will
+// never modify the container, which provides thread-safety to iterators.  When
+// we want to add a MallocZoneFunctions to the container, we:
+//   1. Fill in all the fields.
+//   2. Update the total zone count.
+//   3. Insert a memory barrier.
+//   4. Insert our shim.
+//
+// Each MallocZoneFunctions is uniquely identified by |context|, which is a
+// pointer to the original malloc zone. When we wish to dispatch back to the
+// original malloc zones, we iterate through the array, looking for a matching
+// |context|.
+//
+// Most allocations go through the default allocator. We will ensure that the
+// default allocator is stored as the first MallocZoneFunctions.
+class BASE_EXPORT MallocZoneAggregator {
+ public:
+  MallocZoneAggregator();
+  ~MallocZoneAggregator();
+
+  void* DispatchMallocToZone(void* zone, size_t size);

[Mark Mentovai, 2017/02/21 22:52:51]

and are these zone parameters that type too?

[erikchen, 2017/02/21 23:44:34]

No, we currently pass void* through the allocator shim. I originally did this
because I thought that windows might need some type of context as well [for
shimming HeapAlloc]. Plus malloc_zone_t isn't defined on other platforms
[obviously we could forward declare it, or add ifdef onion soup everywhere], but
using void* just seemed cleaner.

+  void* DispatchCallocToZone(void* zone, size_t num_items, size_t size);
+  void* DispatchVallocToZone(void* zone, size_t size);
+  void DispatchFreeToZone(void* zone, void* ptr);
+  void* DispatchReallocToZone(void* zone, void* ptr, size_t size);
+  void* DispatchMemalignToZone(void* zone, size_t alignment, size_t size);
+  unsigned DispatchBatchMallocToZone(void* zone,
+                                     size_t size,
+                                     void** results,
+                                     unsigned num_requested);
+  void DispatchBatchFreeToZone(void* zone,
+                               void** to_be_freed,
+                               unsigned num_to_be_freed);
+  void DispatchFreeDefiniteSizeToZone(void* zone, void* ptr, size_t size);
+  size_t DispatchGetSizeEstimateToZone(void* zone, void* ptr);
+
+  void StoreZone(ChromeMallocZone* zone);
+  bool IsZoneAlreadyStored(ChromeMallocZone* zone);
+
+  int GetZoneCount();
+  static const int kMaxZoneCount = 30;

[Mark Mentovai, 2017/02/21 22:52:51]

Can be constexpr.

[erikchen, 2017/02/21 23:44:34]

Done.

+
+ private:
+  bool IsZoneAlreadyStoredLockAcquired(ChromeMallocZone* zone);
+
+  // All modifications to the MallocZoneAggregator are gated behind this lock.
+  // Dispatch to a malloc zone does not need to acquire this lock.
+  base::Lock lock_;
+  int zone_count_ = 0;
+  MallocZoneFunctions zones_[kMaxZoneCount];
+};
+
+}  // namespace allocator
+}  // namespace base
+
+#endif  // BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_