macOS: Shim all malloc zones.

base/allocator/malloc_zone_aggregator_mac.h

Index: base/allocator/malloc_zone_aggregator_mac.h
diff --git a/base/allocator/malloc_zone_aggregator_mac.h b/base/allocator/malloc_zone_aggregator_mac.h
new file mode 100644
index 0000000000000000000000000000000000000000..a35ed5b2be62699cf4ca903c9c4d0e59b3dc046e
--- /dev/null
+++ b/base/allocator/malloc_zone_aggregator_mac.h
@@ -0,0 +1,122 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_
+#define BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_
+
+#include <malloc/malloc.h>
+#include <stddef.h>
+
+#include "base/base_export.h"
+#include "base/synchronization/lock.h"
+#include "third_party/apple_apsl/malloc.h"
+
+namespace base {
+namespace allocator {
+
+typedef void* (*malloc_type)(struct _malloc_zone_t* zone, size_t size);
+typedef void* (*calloc_type)(struct _malloc_zone_t* zone,
+                             size_t num_items,
+                             size_t size);
+typedef void* (*valloc_type)(struct _malloc_zone_t* zone, size_t size);
+typedef void (*free_type)(struct _malloc_zone_t* zone, void* ptr);
+typedef void* (*realloc_type)(struct _malloc_zone_t* zone,
+                              void* ptr,
+                              size_t size);
+typedef void* (*memalign_type)(struct _malloc_zone_t* zone,
+                               size_t alignment,
+                               size_t size);
+typedef unsigned (*batch_malloc_type)(struct _malloc_zone_t* zone,
+                                      size_t size,
+                                      void** results,
+                                      unsigned num_requested);
+typedef void (*batch_free_type)(struct _malloc_zone_t* zone,
+                                void** to_be_freed,
+                                unsigned num_to_be_freed);
+typedef void (*free_definite_size_type)(struct _malloc_zone_t* zone,
+                                        void* ptr,
+                                        size_t size);
+typedef size_t (*size_fn_type)(struct _malloc_zone_t* zone, const void* ptr);
+
+struct MallocZoneFunctions {

[Primiano Tucci (use gerrit), 2017/02/22 12:25:39]

TIL about the existence of ChromeMallocZone. Now my question is: what is the
rationale of the extra layer of MallocZoneFunctions? It seems to be a copy of
ChromeMallocZone. can't we use just that?

[erikchen, 2017/02/22 21:03:10]

The latter doesn't have a |context| parameter.

+  MallocZoneFunctions();
+  malloc_type malloc = nullptr;
+  calloc_type calloc = nullptr;
+  valloc_type valloc = nullptr;
+  free_type free = nullptr;
+  realloc_type realloc = nullptr;
+  memalign_type memalign = nullptr;
+  batch_malloc_type batch_malloc = nullptr;
+  batch_free_type batch_free = nullptr;
+  free_definite_size_type free_definite_size = nullptr;
+  size_fn_type size = nullptr;
+  ChromeMallocZone* context = nullptr;
+};
+
+void StoreZoneFunctions(ChromeMallocZone* zone, MallocZoneFunctions* functions);
+
+// This class stores all information about malloc zones before they are shimmed.
+// This information needs to be accessed during dispatch back into the zone, and
+// additional zones may be added later in the execution fo the program, so
+// this class needs to be both thread-safe and high-performance.
+//
+// We begin by creating an array of MallocZoneFunctions of fixed size. We will
+// never modify the container, which provides thread-safety to iterators.  When
+// we want to add a MallocZoneFunctions to the container, we:
+//   1. Fill in all the fields.
+//   2. Update the total zone count.
+//   3. Insert a memory barrier.
+//   4. Insert our shim.
+//
+// Each MallocZoneFunctions is uniquely identified by |context|, which is a
+// pointer to the original malloc zone. When we wish to dispatch back to the
+// original malloc zones, we iterate through the array, looking for a matching
+// |context|.
+//
+// Most allocations go through the default allocator. We will ensure that the
+// default allocator is stored as the first MallocZoneFunctions.
+class BASE_EXPORT MallocZoneAggregator {
+ public:
+  static MallocZoneAggregator* GetMallocZoneAggregator();
+
+  MallocZoneAggregator();
+  ~MallocZoneAggregator();
+
+  void* DispatchMallocToZone(void* zone, size_t size);
+  void* DispatchCallocToZone(void* zone, size_t num_items, size_t size);
+  void* DispatchVallocToZone(void* zone, size_t size);
+  void DispatchFreeToZone(void* zone, void* ptr);
+  void* DispatchReallocToZone(void* zone, void* ptr, size_t size);
+  void* DispatchMemalignToZone(void* zone, size_t alignment, size_t size);
+  unsigned DispatchBatchMallocToZone(void* zone,
+                                     size_t size,
+                                     void** results,
+                                     unsigned num_requested);
+  void DispatchBatchFreeToZone(void* zone,
+                               void** to_be_freed,
+                               unsigned num_to_be_freed);
+  void DispatchFreeDefiniteSizeToZone(void* zone, void* ptr, size_t size);
+  size_t DispatchGetSizeEstimateToZone(void* zone, void* ptr);
+
+  void StoreZone(ChromeMallocZone* zone);
+  bool IsZoneAlreadyStored(ChromeMallocZone* zone);
+
+  int GetZoneCount();
+  static constexpr int kMaxZoneCount = 30;
+
+ private:
+  bool IsZoneAlreadyStoredLockAcquired(ChromeMallocZone* zone);
+  MallocZoneFunctions& GetFunctionsForZone(void* zone);
+
+  // All modifications to the MallocZoneAggregator are gated behind this lock.
+  // Dispatch to a malloc zone does not need to acquire this lock.
+  base::Lock lock_;
+  int zone_count_ = 0;
+  MallocZoneFunctions zones_[kMaxZoneCount];
+};
+
+}  // namespace allocator
+}  // namespace base
+
+#endif  // BASE_ALLOCATOR_MALLOC_ZONE_AGGREGATOR_MAC_H_